Digi TransPort User’s Guide 90001019_K 14th April 2013
Contents Introduction ......................................................................................................... 11 Typographical Conventions ................................................................................... 12 Warnings .............................................................................................................. 13 Radio Equipment - Canadian Warning Statements ................................................... 13 OEM Responsibilities .......................
DHCP Server ..................................................................................................... 151 DHCP Server for Ethernet n .............................................................................. 152 Logical Ethernet Interfaces ............................................................................... 155 DHCP Options ................................................................................................. 155 Static Lease Reservations................................
FTP Relay ......................................................................................................... 234 FTP Relay n .................................................................................................... 234 Advanced....................................................................................................... 237 IP Passthrough .................................................................................................. 237 UDP Echo.................................
SMTP Account ................................................................................................... 318 Systems Configuration ....................................................................................... 321 Device Identity .................................................................................................. 321 Date and Time ................................................................................................... 322 General ....................................
Mobile ........................................................................................................... 369 DSL .............................................................................................................. 373 GRE .............................................................................................................. 375 ISDN ............................................................................................................. 376 Serial > Serial n ..................
File Editor ......................................................................................................... 416 X.509 Certificate Management Administration ................................................... 417 Certificate Authorities (CAs) ................................................................................ 417 IPsec/SSH/HTTPS Certificates .............................................................................. 418 Key Generation ................................................
X.509 Certificates .............................................................................................. 469 FIREWALL SCRIPTS ............................................................................................ 471 Introduction ...................................................................................................... 471 Firewall Script Syntax ......................................................................................... 471 Specifying IP Addresses and Ranges ........
S12 Escape Delay .............................................................................................. 506 S15 Data Forwarding Timer ................................................................................. 506 S23 Parity ......................................................................................................... 506 S31 ASY Interface Speed .................................................................................... 506 S33 DTR Dialling .................................
MR4110, ER4110, HR4110, GR4110 & TR4110 ....................................................... 545 RS-232 (V.24) Serial Cable Wiring ........................................................................ 548 Configuring X.21 on Older Models ......................................................................... 551 EMAIL TEMPLATES ............................................................................................. 552 Template Structure .........................................................
Introduction Thank you for choosing a data communications product from Digi International. Digi products are extremely versatile and may be used in a wide variety of applications. It would not be possible to describe in detail all such applications in a single guide. Consequently, this guide has been written for use by technically competent personnel with a good understanding of the communications technologies used in the product, and of the requirements for their specific application.
Typographical Conventions Throughout this manual certain typographical conventions are used as follows: Text Type Meaning Text like this Note: Text like this ... ... is standard text. indicates points that are of particular importance. Text like this ... indicates commands entered by the user at the command line. Text like this ... indicates responses from the unit to commands you enter at the command line. Configuration – Network > Interfaces refers to the unit’s web-based menu system.
Warnings Radio Equipment - Canadian Warning Statements This device complies with Industry Canada licence-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
End Product Labeling The WR44v2 Module is labeled with its own IC Certification Number. If the IC Certification Number is not visible when the module is installed inside another device, then the outside of the device into which the module is installed must also display a label referring to the enclosed module.
Attribute Property VSWR 1.92 max Return Loss -10dB max Gain 1.8 dBi Polarization Linear Radiation Pattern Near omni-directional in the horizontal plane Admitted Power 1W Electrical 1/2 λ Dipole NOTE: This module obtained its complete certificatipon by using the antenna described here. End users in North America should use an antenna that matches these specifications to maintain the module’s certification. Antennas of the same type but operating with a lower gain may be used.
Obtaining Technical Support Technical support for your Digi Transport router is readily available using the following methods. Self help Visit the Technical Support section of the Digi website at www.digi.com From here, you can gain access to FAQs, knowledge base articles, application guides, quick setup guides, installation guides, software applications, firmware upgrades, product literature, warrantyregistration & a support forum.
Email Email support is available from 2 locations: UK uksupport@digi.com USA support.wizards@digi.com Remember to attach the debug.txt zip file to your email! Telephone Telephone support is available from 2 locations: UK Telephone support is available 09:00 - 17:30 GMT. From within the UK: 0870 350 0035 International: +44 1943 605 055 USA Telephone support is available 07:00 - 17:30 CST (GMT -6 Hours).
Using the Web Interface To access the built-in web pages using a web browser (e.g. Internet Explorer), there are two options. To access the LAN port follow the instructions below. To access the web interface over a serial connection,see Web Access via Serial Connection. Access Via a LAN Port By default, the Digi Transport has a static IP address of 192.168.1.1 with DHCP server enabled. To acess the unit using a web browser (e.g.
Using the Command Line Interface Using a Web browser to modify text box or table values in the configuration pages is the simplest way to configure the unit and this process is described in the next chapter. However, if you do not have access to a Web browser, the unit can be configured using text commands. These commands may be entered directly at one of the serial ports or via a Telnet session. Remote configuration is also possible using Telnet or X.25.
If you have local command echo enabled on your terminal, you may see the AT command displayed as “AATT”. If this happens you may use the “ATE0” command (which will appear as “AATTEE00”), to prevent the unit from providing command echo. After this command has been entered, further commands will be displayed without the echo. The “AT” command prefix and the commands that follow it can be entered in upper or lower case.
Take note that because of the space between ‘Local’ and ‘LAN’, the wording is enclosed in double quotes. To set an IP address on 192.168.1.1 on Ethernet 0: eth 0 ipaddr 192.168.1.1 To set an IP address of 172.16.0.1 on Ethernet 1: eth 1 ipaddr 172.16.0.
The “ATV0” command can be used to select numeric codes if required. The results from the text based commands can be numeric or verbose. A full list of the Result codes is provided in the following table: Numeric code Verbose code Meaning 0 OK Command line executed correctly 1 CONNECT ISDN connection established 2 RING Incoming ring signal detected 3 NO CARRIER X.
Digi application commands (referred to just as text commands or CLI commands throughout the remainder of this guide), can be entered in upper or lower case but unlike “AT” commands, only one command may be entered on a line. After each successful command, the “OK” result code will be issued. An invalid command will cause the “ERROR” result code to be issued.
The Reboot Command The reboot command is used to reboot the unit after altering the configuration. It has three modes of operation: reboot - will reboot the unit after any FLASH write operations have been completed.
Configuring your TransPort router This section describes the various configuration parameters for the unit and how to set or change them using the built-in web pages or the text commands. Configuration using the Web pages is achieved by entering the required values into text boxes or tables on the page, or by turning features on or off using checkboxes. The same results can be achieved entering the appropriate text commands via one of the serial ports.
Logging In To configure the unit via the Web interface, either establish a DUN connection to it and then open your web browser and enter 1.2.3.4 for the web address, or enter the unit’s Ethernet IP address (192.168.1.1) into your web browser after configuring your PC to have an address on the same subnet. You will be presented with a login page similar to the following: The default Username and Password are “username” and “password” respectively.
Clicking on the Click to load Applet graphics! button will display a representation of the front panel of your unit that will be updated every few seconds to show the actual status of the LED indicators. The model number of your unit will be shown at the top of the screen. The unit’s serial number and ID are shown below the front panel representation. Down the left side of the page you will see, the main menu with subsections which further expand when clicking on them.
Configuring and Testing W-WAN Models Refer to the Configuration - Network > Interfaces > Mobile section of this guide to configure your router for the correct APN and PIN code (if any). You can now power up your unit and test connection to the wireless network. If you have correctly configured everything, the W-WAN SIM indicator on the front panel should illuminate green to show that a W-WAN enabled SIM card is present.
Signal Strength Indicators On units equipped with W-WAN modules, there are three LEDs on the front panel that will indicate the strength of the signal, as shown in the table below. LEDs lit Signal Strength None Under -113 dBm (effectively no signal) 1 -112 dBm to -87 dBm (weak signal) 2 -86 dBm to -71 dBm (medium strength signal) 3 -70 dBm to -51 dBm (strong signal) The minimum recommended strength indication is 2 LEDs.
Wizards This page contains wizards that simplify common configuration tasks. These wizards will change the minimum number of parameters to complete the required configuration task. However, due to the generic nature of the wizards they may not be suitable for all circumstances. Quick Start Wizard The Quick Start Wizard will display the options required for basic configuration of the Eth 0, WLAN and WWAN interfaces.
Configuration Page Configuration page offers the following options: • Network Configuration • Alarms Configuration • Systems Configuration • Remote Management Configuration • Security Configuration • Positions Configuration 31
Network Configuration The Configuration - Network page has the following options: Interfaces Configuration – Network> Interfaces The Configuration – Network> Interfaces menu offers the following options: • Ethernet • Mobile • GRE • Serial • Advanced Ethernet Configuration – Network> Interfaces> Ethernet Underneath the Ethernet sub menus, there are configuration parameters for: • Physical Ethernet interfaces (ETHn) • Logical Ethernet Interfaces • MAC Filtering • MAC Bridging • Spanning Tr
On units with only one Ethernet port, if more than one Ethernet instance exist these are treated as logical Ethernet ports. These instances can be used to assign more than one Ethernet IP address to a router. On units with more than one physical Ethernet port, the Ethernet instances refer to the different physical Ethernet ports. These units can be configured for either “HUB” mode or “Port Isolate” mode. In HUB mode all the Ethernet ports are linked together and behave like an Ethernet hub or switch.
If the IP address, Mask, Gateway, DNS server or Secondary DNS server parameters are specified manually, but the option to use a DHCP server is later selected, any existing manually specified parameters will override the DHCP supplied parameters. To change from manual configuration to DHCP, be sure to remove all manually specified parameters first.
If the router is running in Hub mode, the following will be displayed, with an option to switch to Port Isolate mode. Ethernet Hub group On units with a built-in hub/switch, the Ethernet Hub Group parameter for each port is normally set to 0. This means that all ports “belong” to the same hub. If required however, the Hub Group parameter may be used to isolate specific ports to create separate hubs.
On models with multiple Ethernet interfaces, this parameter may be used to specify a maximum data rate in kbps that the unit will transmit on this interface. This may be useful in applications where separate Ethernet interfaces are allocated to separate LANs and it is necessary to prioritize traffic from one LAN over another. TCP transmit buffer size When set to a non-zero value, this parameter sets the TCP buffer size of transmitted packets in bytes.
Enable IPsec on this interface This parameter is used to enable or disable IPSec security features for this Ethernet interface. Use interface x,y for the source IP address of IPsec packets By default, the source IP address for an IPsec Eroute will be the IP address of the interface on which IPSec was enabled. By setting this parameter to either PPP or Ethernet and the relevant interface number, the source address used by IPSec will match that of the Ethernet or PPP interface specified.
This parameter is used to enable or disable the Internet Group Management Protocol for this Ethernet interface. Enable Bridge on this interface Bridge mode only applies to models with built in Wi-Fi. If Wi-Fi is enabled, bridge mode must be enabled on the Eth 0. This will create an Ethernet bridge between the Wi-Fi access point and the physical Ethernet interface. Generate Heartbeats on this interface Enabling this option will display the parameters for Heartbeat packets.
and not just with the remote device not responding. n specifies the number pings that need to fail before the 2nd IP address is checked. The extra IP address check is only enabled if this parameter is set to something other than 0. Only send Pings when this Ethernet interface is "In Service" If this parameter is enabled, ICMP echo requests will only be sent from this interface when it is in service.
Entity Instance Parameter Values Equivalent Web Parameter address of IPsec packets x = Interface type eth n ipsecadd 0 - 255 Use interface x,y for the source IP address of IPsec packets y = interface number eth n firewall 0,1 Enable the firewall on this interface eth n nocfg 0,1,2,3 Remote management access 0 = No restrictions 1 = Disable management 2 = Disable return RST 3 = Disable management and return RST eth n mhome 0 - 255 Multihome additional consecutive addresses eth n arp
Entity Instance Parameter Values Equivalent Web Parameter eth n pingint 0 - 86400 Send n byte pings to IP host a.b.c.d every h hrs m mins s seconds This CLI value is entered in seconds only. eth n pingint2 0 - 86400 No PING response request interval (s). eth n pingip2 IP address Switch to sending pings to IP host a.b.c.d after n failures eth n ip2count 0 - 255 Switch to sending pings to IP host a.b.c.
Entity Instance Parameter Values Equivalent Web Parameter qos n linkkbps Integer Link speed n kbps qos n q0prof 0 - 11 Queue 0 Profile Queue 0 Priority qos n q0prio 0–4 0 = Very high 1 = High 2 = Medium 3 = Low 4 = Very Low qos n q1prof 0 – 11 Queue 1 Profile qos n q1prio 0–4 Queue 1 Priority qos n q2prof 0 - 11 Queue 2 Profile qos n q2prio 0–4 Queue 2 Priority qos n q3prof 0 - 11 Queue 3 Profile qos n q3prio 0–4 Queue 3 Priority qos n q4prof 0 - 11 Queu
VRRP (Virtual Router Redundancy Protocol) allows multiple physical routers to appear as a single gateway for IP communications in order to provide back-up WAN communications in the event that the primary router in the group fails in some way. It works by allowing multiple routers to monitor data on the same IP address. One router is designated as the “Master” of the address and under normal circumstances it will route data as usual.
every n seconds when in Backup state The interval between successive probe attempts when the interface is in Backup state. every n seconds when in Master state The interval between successive probe attempts when the interface is in Master state. Adjust priority n dir after x probe failures These parameter control by how much and in which direction the VRRP priority is adjusted when the specified number of probes have failed.
Entity Instance Parameter Values Equivalent Web Parameter eth n vprobesuccesscnt 0 - 255 Reset probe failure count after n probe successes eth n vprobeent Auto, ETH, PPP Use interface x,y over which to send probe eth n vprobeadd Integer Use interface x,y over which to send probe eth n vprobeipent Auto, ETH, PPP Get the source IP address from interface x,y eth n vprobeipadd Integer Get the source IP address from interface x,y Logical Ethernet Interfaces Configuration – Network>
MAC Bridging Configuration – Network> Interfaces> MAC Bridging The Ethernet MAC bridge function will create an Ethernet bridge between two physically separate Ethernet networks. It is possible to allow bridging over DSL, W-Wan, ISDN and PSTN connections but note that the only restriction on the traffic sent across the link is done via MAC address filtering and that all Ethernet traffic will be bridged, no firewall restrictions are applied to this traffic.
RSTP will not be enabled if the router is in "Port Isolate" mode. If an Ethernet interface is configured with a hub group, RSTP will be disabled on that interface. Enable RSTP Enables RSTP on the router. Priority Sets the RSTP priority. Group Sets the RSTP group that the router is in.
Listening The port is sending and receiving BPDU's and participates in the election process of the root bridge. Ethernet frames are discarded. Learning The port does not yet forward frames but it does learn source addresses from frames received and adds them to the MAC address table. Forwarding The port receiving and sending data, normal operation. STP still monitors incoming BPDU’s that would indicate it should return to the blocking state to prevent a loop.
IP Address The destination IP address. This parameter is optional. If configured, only packets destined for this IP address will have VLAN tagging applied. Mask The destination IP subnet mask. This parameter is optional. If configured, only packets destined for this IP subnet mask will have VLAN tagging applied. Source IP Address The source IP address. This parameter is optional. If configured, only packets from this IP address will have VLAN tagging applied. Source Mask The source IP subnet mask.
Due to national restrictions on the channels available for use, the correct country should be selected from the drop down list to restrict the channels that are legal to use by the router. If required, a specific channel can be selected to over-ride the auto selection. Country Selecting a country from the drop down list will restrict the channels that the router will use. See table for more info on licensed channels. Network Mode Select your chosen mode of operation from the drop down list.
Costa Rica Kuwait Switzerland Croatia Latvia Syria Cyprus Lebanon Taiwan Czech Republic Libya Thailand Denmark Liechtenstein Trinidad and Tobago Dominican Republic Lithuania Tunisia Ecuador Luxembourg Turkey Egypt Macau U.A.E.
Click the checkbox to enable Wi-Fi Hotspot support on a particular Wi-Fi node. Splashscreen filename This selects an ASP web file that will be presented to the client’s internet browser when they connect for the first time. Each client can connect for h hrs m mins The amount of time that a Wi-Fi client can use the Wi-Fi hotspot before having to reauthenticate. Hotspot Exceptions It is possible to configure a number of web locations for which authentication is not required.
Entity Instance Parameter Values e.g. 112233445566 Equivalent Web Parameter Wi-Fi n Configuration – Network> Interfaces> Wi-Fi> Wi-Fi n When a Wi-Fi interface is configured to be an Access Point, an SSID must be configured in order for a Wi-Fi interface to operate. In order to forward packets to and from a Wi-Fi interface, it must be bridged to a configured Ethernet interface. The Wi-Fi interface and Ethernet interface must be in the same Bridge instance.
Hide SSID When enabled, the SSID will not be included in the beacon messages transmitted by the WiFi interface when in Access Point mode. This means that Wi-Fi clients will not be able to auto-detect the Access Point. Isolation When enabled, connected Wi-Fi clients will not be able to communicate with other Wi-Fi clients or Ethernet hosts connected to this AP.
• • • • • • None WEP WPA-PSK WPA2-PSK WPA-RADIUS WPA2-RADIUS (also (also (also (also known known known known as as as as “WPA Personal”) “WPA2 Personal”) “WPA Enterprise”) “WPA2 Enterprise”) WEP Settings The various WEP security settings for both Access Point and Client modes. WEP Key size The key size to use. WEP Key index The WEP key index number. This needs to match the index selected on the connecting Wi-Fi clients or Access Points that this router wishes to connect to.
Entity Instance Parameter Values wpa2psk Equivalent Web Parameter wparadius wpa2radius wifinode 0 weptype open, sharedkey Not available on the WEB.
Network Authentication Data Encryption CLI Commands wifinode 0 wpatype tkip wifinode 0 radiuscfg 1 wifinode 0 security wpapsk WPA-PSK wifinode 0 wpatype tkip TKIP wifinode 0 sharedkey <8..63 char key> wifinode 0 security wpa2psk WPA2-PSK wifinode 0 wpatype tkip TKIP wifinode 0 sharedkey <8..
Entity Instance Parameter Values Equivalent Web Parameter macrogue n mac MAC address with no separators MAC Address e.g. 112233445566 Mobile Configuration – Network > Interfaces > Mobile The Configuration – Network > Interfaces > Mobile page has the following options: • Mobile Settings • SIM Selection • Advanced Wireless WAN functionality is only available on models that are fitted with a wireless WAN module ,such as CDMA, GPRS, 3G, HSPA etc.
Mobile Settings Configuration – Network > Interfaces > Mobile> Mobile Settings Select the service plan and connection settings used in connecting to the mobile network. Mobile Service Provider Settings The Configuration – Network > Interfaces > Mobile > Mobile Settings option opens to show the following parameters:Service Plan / APN: Enter the APN (Access Point Name) given by the service provider. Use backup APN Tick to enable this option then enter the backup APN in the free text field e.g. “your.
SIM 2 (PPP 1) Entity Instance Parameter Values Equivalent Web Parameter modemcc 0 Apn_2 Free text field Service Plan / APN: modemcc 0 Usebuapn_2 on/off Checkbox (Use Backup APN) modemcc 0 Buapn_2 Free text field Use backup APN modemcc 0 Pin_2 SIM PIN number SIM PIN:/Confirm SIM PIN ppp 1 username Free text field Username: ppp 1 password Free text field Password:/Confirm Password Mobile Connection Settings Re-establish connection when no data is received for a period of tim
By default, the source IP address for an IPSec Eroute will be the IP address of the interface on which IPSec was enabled. By setting this parameter to either a PPP or Ethernet interface, the source IP address used by IPSec will match that of the Ethernet or PPP interface specified. Enable the firewall on this interface The Firewall parameter is used to enable or disable the Firewall script processing for the mobile interface.
an NAI password Once these details have been obtained, it is possible to provision the CDMA module by inserting those details into the ‘Automatic Provisioning’ section of this web page and clicking on the Start button. See Quick Note 25 – “CDMA Provisioning on a Digi TransPort Router” for example configuration. Automatic Provisioning If required, enter the MSL/PTN/MSID parameters before clicking Start MSL: Master subsidy lock (MSL) code. Obtain this from the mobile operator. PTN: Personal Telephone Number.
Mobile IP profile number: Enter the Mobile IP profile number Network Access ID (NAI): Enter the Network Access ID MIP Home Address: Enter the MIP Home Address Primary Home Agent: Enter the Primary Home Agent Secondary Home Agent: Enter the Secondary Home Agent HA shared secret: 0xn (Hex strings must start 0x) Enter the HA shared secret AAA shared secret: 0xn (Hex strings must start 0x) Enter the AAA shared secret HA SPI: Enter the HA SPI AAA SPI: Enter the AAA SPI Enable Reverse tunnelling: Enable Reverse t
Note: With the exception of older Sierra Wireless modules, PRL update on both the Verizon and Sprint networks is carried out over the air (OTA). Manual PRL update using a PRL file is not available. To initiate automatic over the air PRL update, click the Start button. Please note that PRL update is normally carried out as part of automatic provisioning on both Sprint and Verizon.
Wait n seconds between attachment attempts The number of seconds between network attachment attempts, some networks require 60 seconds between attempts to attach to the wireless network. Reset the module after n unsuccessful connection attempts The router will normally make multiple attempts to connect to the wireless network in the event that the signal is lost.
Entity Instance Parameter Values Equivalent Web Parameter hanging up and allowing another call modemcc 0 att_interval 0 - 2147483647 Wait n seconds between attachment attempts modemcc 0 link_retries 0 - 2147483647 Reset the module after n unsuccessful connection attempts modemcc 0 stat_retries 0 - 2147483647 Reset the module after n unsuccessful status retrieval attempts modemcc 0 ss_interval 0 - 2147483647 Create a signal strength event every n minutes If registration is lost for 5
Entity Instance Parameter Values modemcc 0 ss_interval_2 0 - 2147483647 Equivalent Web Parameter attempts Create a signal strength event every n minutes If registration is lost for 5 minutes 0 = do not reset the module modemcc 0 check_reg_2 0,1,2 1 = reset the module if the GSM registration is lost 2 = reset the module if the GPRS registration is lost Preferred System modemcc 0 Psys_ 0,1,2 0 = Auto 1 = GSM 2 = WCDMA Mobile Network Settings Metric: This parameter specifies the connected me
This checkbox opens to show the following parameters:Send n byte pings to IP host a.b.c.d every h hrs m mins s secs If this parameter is set, the router will automatically generate a “ping” of n size to the IP host specified (IP address or hostname) at the interval specified. Deleting the IP host value disables the monitoring ping facility.
Enabling this parameter causes the unit to use the IP address of ETH0 (instead of the current IP address of the mobile interface), as the source address for the auto PING packets. Note: This parameter is useful if you want to send the monitoring pings down a VPN tunnel where the source IP address needs to match the LAN. Defer sending pings if IP traffic is being received When enabled, the timer configured in the “Send n byte pings to IP host a.b.c.
Entity Instance Parameter Values Equivalent Web Parameter ppp 1 ip2count number Switch to sending pings to IP host a.b.c.
priority is greater than 0 and an event of this priority or higher occurs. SMS alarms may be configured using the Configuration - Alarms > Event Settings > SMS web page If no number is specified it is possible that the unit will operate using the default message centre for the GSM service to which you have subscribed. SMS access level: The access level for SMS commands. The access level set here will need to match the level required by the command sent by SMS for the command to be accepted.
Entity Instance modemcc 0 modemcc 0 Parameter Values sms_callerid Mobile telephone number sms_callerid_1 to 9 Mobile telephone number Equivalent Web Parameter Allow CLI commands from the following SMS numbers. (First SMS number) Allow CLI commands from the following SMS numbers.
Configuration – Network > Interfaces > DSL The Configuration – Network > Interfaces > DSL page has the following options: • PVC Configuration • DSL Network Settings • PVC Traffic Shaping • Advanced Router models incorporating a DSL broadband interface will include a configuration page having the title shown above. By default, the configuration in this section will be suitable for the majority of ADSL service providers in the UK. However, advanced users or users outside of the U.K.
Option Description ATM Routed IP LLC RFC 1483 LLC encapsulated routed IP over ATM To use PPPoA or PPPoE encapsulation, one of the available PPP instances must first be configured to use this APVC instance as its Layer 1 interface on the associated Configuration – Interfaces > PPP > PPP n > Advanced page. VPI This parameter is used to set the Virtual Path Identifier for this APVC in the range 0 255. VCI This parameter is used to set the Virtual Channel Identifier for this APVC in the range 0 65535.
IP address Enable standard Network Address Translation (NAT). When a private IP host sends a UDP or TCP packet to an Internet IP address, the router will change the source address of the packet from the private host IP to the router’s public IP address before forwarding the packet onto the Internet host. Additionally it will create an entry in a “NAT table” containing the private IP source address, the private IP port number, the public IP destination address and the destination port number.
On W-WAN networks (where charging is based on the amount of data transferred as opposed to time spent on-line), this parameter may be used to specify a data limit after which the unit will create an entry in the event log to indicate that this amount of data has been transferred. For example, if your monthly tariff includes up to 5Mb of data before you are charged an “excess”, you might set the Data limit warning level to 4000.
Entity Instance Parameter Values Equivalent Web Parameter interface ppp 1 dlwarnkb Kbytes/Mbytes/GB ytes Issue a warning event after ppp 1 dlstopkb Kbytes/Mbytes/GB ytes Stop data from being transmitted after x Bytes data ppp 1 dlrstday 1-28 Reset the data limit on the nth day of the month PVC Traffic Shaping Configuration – Network > Interfaces > DSL> PVC Traffic Shaping Service category Each ATM PVC may now be configured with a service category: UBR (unspecified bit rate, the default)
Entity Instance Parameter Values Equivalent Web Parameter apvc 0 scr n Sustained cell rate (cells/sec) apvc 0 mbs n Maximum burst size (cells) Advanced Configuration – Network > Interfaces > DSL> Advanced Operational mode This parameter is used to specify the connection mode for the DSL link. The following options are available (default is Multi mode). Values Equivalent Web Parameter Multi-mode For Annex A models (i.e. PSTN / POTS) this option provides automatic selection between G.
Entity Instance Parameter Values apvc 0 oammanage ON/OFF Equivalent Web Parameter Manage this PVC using ATM OAM cells Additional CLI commands The following command is not available from the web interface: adsl 0 debug {0|1} Where 0 is off and 1 causes debugging information to be sent to the CLI. GRE Configuration – Network > Interfaces > GRE Generic Routing Encapsulation (GRE) is a means of transporting IP packets from one device to another through an unencrypted point-to-point IP tunnel.
Configuration – Network > Interfaces > GRE> Tunnel Description: This parameter allows you to enter a name for this GRE instance, to make it easier to identify it. IP address: This is the IP address of the virtual interface that will be used by the tunnel. This parameter is used in conjunction with the mask parameter below. This parameter MUST be entered for the tunnel to work. Mask: Used with the IP address parameter to clarify the subnet in use on the virtual interface.
This option is normally used in conjunction with IPSec. This parameter should not be used if the interface is selected as the source using the “Use Interface” options above. Destination IP Address or Hostname: This is the FQDN or IP address of the remote end of the tunnel. This could also be the virtual host IP address for the remote end of the tunnel, configured for routing purposes. e.g. 2.2.2.2 Enable keepalives on this GRE tunnel Selecting this checkbox will display the GRE keepalive parameters.
Entity Instance Parameter Values Equivalent Web Parameter tun n kaactrq On,off Bring this GRE interface up to send keepalives Advanced Configuration – Network > Interfaces > GRE> Tunnel> Advanced Metric: This parameter specifies the connected metric of an interface. The default metric of a connected interface is 1. By allowing the interface to have a higher value (lower priority), static routes can take preference to interfaces. For normal operation, leave this value unchanged.
NHRP holding time This is the NHRP hold time in seconds. This is used in the NHRP registration process and advices the server how long our registration information should be held for. The NHRP client will repeatedly register whilst the tunnel is up so that a small time can be considered.
• LAPD ISDN Answering Configuration - Network > Interfaces > ISDN> ISDN Answering This page allows you to configure the ISDN interface to receive incoming calls. Button:- Load answering defaults Clicking this button resets the default answering PPP interface (PPP 0) to the factory answering defaults. Description: This parameter allows you to enter a name for this PPP instance, to make it easier to identify it.
This is the range of IP addresses supplied to incoming callers. This parameter may require alteration if the default value “10.10.10.0” to “10.10.10.4” does not suit the remote network configuration. Mask: This specifies the IP netmask for the Remote network. This can be used to create a dynamic route to the remote network whenever the ISDN interface is active. Primary DNS server: The answering ISDN interface would normally supply its own PPP IP address to the peer for DNS requests.
Entity Instance Parameter Values Equivalent Web Parameter ppp 0 cingnb number ending with ppp 0 msn number with ISDN MSN ending with ppp 0 sub number with ISDN sub-address ending with ppp 0 ipaddr IP address Local IP Address: ppp 0 mask Network mask Mask: ppp 0 ipmin IP address Assign remote IP addresses from a.b.c.d to a.b.c.d ppp 0 iprange 1 - 255 Assign remote IP addresses from a.b.c.d to a.b.c.
When an "Always On" route becomes "In Service", wait n seconds before using it parameter. On and return to service immediately As above “On” but the unit will try and connect immediately and without delay. Put this interface "Out of Service" when an always-on connection attempt fails Usually, always-on interfaces will not go out of service unless they have connected at least once. When this option is turned “On”, the interface will go out of service even if the first connection attempt fails.
Alternative idle timer for static routes s seconds The value in this text box specifies an alternative inactivity timeout for use in conjunction with the “Make PPP n interface use the alternative idle timeout when this route becomes available” parameter on the Configuration – Network > IP Routing/Forwarding > Static Routes > Routes n > Advanced web page. This timeout will only be used until the PPP instance next deactivates. After that the normal timeout value is used.
Entity Instance Parameter Values Equivalent Web Parameter Service” when an always-on connection attempt fails ppp n aodi_dly 0 – 2147483647 Attempt to reconnect after s seconds ppp n aodi_dly2 0 – 2147483647 If an inhibited PPP interface is connected, attempt to reconnect after s seconds ppp n pwr_dly 0 – 2147483647 Wait s seconds after power-up before activating this interface ppp n tband 0-4 Control when this interface can connect using Time Band n ppp n minup 0 – 2147483647 K
This section of the web interface appears when the router is fitted with an optional internal ISDN MODEM card. When first powered up, navigating to the Configuration – Network > Interfaces > ISDN page will show a message indicating that the MODEM card does not have a PPP instance associated with it. Follow the link on the page and select an unassigned PPP interface to the MODEM.
common practice for the DNS server to be assigned automatically by the ISP when making a connection. Secondary DNS server The value in this text box specifies the IP address of the secondary DNS server to use if one is not automatically assigned by the remote peer. Attempt to assign the following IP configuration to remote devices When checked, this check box will reveal the following four configuration parameters which control how the PPP instance assigns an IP address to a connecting remote peer.
When checked, this checkbox applies the firewall rules to traffic using this interface.
Entity Instance Parameter Values Equivalent Web Parameter ppp n cingnb up to 25 digits Only allow calling numbers ending with n Enable NAT on this interface IP address/IP address and Port ppp n do_nat 0,1,2 0 = Disabled 1 = IP address 2 = IP address and port ppp n nat_ip Valid IP address a.b.c.d NAT Source IP address a.b.c.
Control when this interface can connect using Time band n These two controls, the check box and drop-down list determine whether the Time Band function should be applied to this interface. Checking the checkbox enables the functionality and the desired time band instance is selected from the drop-down list. Time Band functionality is explained in the Configuration – Network > Interfaces > Timebands section of this manual.
This would cause the router to create a warning entry in the event log once 4MB of data had been transferred. This event could then be used to trigger an email alert, SNMP trap or SMS alert message. Stop data from being transmitted after n units The value in this text box specifies the total amount of data that may be transmitted by this PPP instance before the link is blocked for further traffic, and the value in the dropdown list specifies the units which are; KBytes, MBytes, GBytes.
Entity Instance Parameter Values Equivalent Web Parameter ppp n maxneg 0 – 2147483648 if the negotiation is not complete in s seconds ppp n uplogmins 0 – 2147483647 Generate an event after this interface has been up for m mins ppp n dlwarnkb 0 – 2147483647 Issue a warning after n units ppp n dlstopkb 0 – 2147483647 Stop data from being transmitted after n units ppp n dlrstday 0 – 255 Reset the data limit on the n day of the month LAPD > LAPDn Configuration - Network > Interface
Each ISDN terminal device connected to your ISDN basic rate outlet must be assigned a unique Terminal Endpoint Identifier (TEI). In most cases, this is negotiated automatically. In some cases however, it may be necessary to assign a fixed TEI. When TEI is set to 255, the TEI is negotiated with the ISDN network. To use a fixed TEI set the TEI parameter to the appropriate value as specified by your service provider. D-channel X.25 Tx Window Size This specifies the transmit window size when using D-channel X.
Do not deactivate the LAPD session This parameter ensures the unit will not deactivate the LAPD session when an X.25 PAD session is terminated. Enable D64S Mode D64S mode is a mode in which ISDN B-channel(s) may be used without the need to use any D channel protocol. It is sometimes referred to as “nailed up” ISDN. To enable this mode for this LAPD instance, Tick the D64S mode parameter checkbox and ensure that the TEI parameter is set to 255. This means that for any application that uses ISDN (e.g.
PSTN Configuration – Network > Interfaces > PSTN This section of the web interface appears when the router is fitted with an optional internal PSTN MODEM card. When first powered up, navigating to the Configuration – Network > Interfaces > PSTN page will show a message indicating that the MODEM card does not have a PPP instance associated with it. Follow the link on the page and select an unassigned PPP interface to the MODEM.
If it is essential that the PPP interface has a specific IP address, this radio button should be selected and the IP address entered into the text box. Use the following DNS servers if not negotiated Primary DNS server The value in this text box is the IP address of the primary DNS server to use if a DNS server is not assigned as part of the PPP negotiation and connection process. It is fairly common practice for the DNS server to be assigned automatically by the ISP when making a connection.
Use interface x,y for the source IP address of IPsec packets If it is required to use another interface (i.e. not the interface currently being configured) as the source address for IPsec packets, this may be achieved by selecting the desired interface from the drop-down list and typing the desired interface instance number into the adjacent text box. Enable the firewall on this interface When checked, this checkbox applies the firewall rules to traffic using this interface.
Entity Instance Parameter Values a.b.c.d Equivalent Web Parameter ppp n sectransDNS Valid IP address a.b.c.d Secondary DNS server a.b.c.d ppp n ans OFF,ON Allow this PPP interface to answer incoming calls ppp n cingnb up to 25 digits Only allow calling numbers ending with n Enable NAT on this interface IP address/IP address and Port ppp n do_nat 0,1,2 0 = Disabled 1 = IP address 2 = IP address and port ppp n nat_ip Valid IP address a.b.c.d NAT Source IP address a.b.c.
typically be used to reduce the connection retry rate when a lower priority PPP instance is connected. Wait s seconds after power-up before activating this interface The value in this text box is the initial delay that the router will apply before activating the PPP instance after power-up. After the initial power-up delay the normal always-on activation timers apply. When set to zero, no delay will be applied.
Issue a warning event after n units The value in this text box is the amount of traffic which will cause a warning event to be generated in the event log stating that the specified amount of data has been transferred. The units are specified by a drop-down list, having the following options; KBytes, MBytes, GBytes. For example, if the monthly tariff includes up to 5MB of data before excess useage charges are levied, it would be useful to set this threshold to 4MB.
Entity Instance Parameter Values Equivalent Web Parameter seconds ppp n timeout2 0 – 2147483648 Alternative idle timer for static routes s seconds ppp n rxtimeout 0 – 2147483648 if the link has not received any packets for s seconds ppp n maxneg 0 – 2147483648 if the negotiation is not complete in s seconds ppp n uplogmins 0 – 2147483647 Generate an event after this interface has been up for m mins ppp n dlwarnkb 0 – 2147483647 Issue a warning after n units ppp n dlstopkb 0
DialServ Network Settings Configuration – Network > Interfaces > DialServ> DialServ Network Settings The DialServ card may be configured to use PPP as the protocol to connect to the remote peer and as such should be assigned a free PPP instance to use as part of the configuration. If no PPP instance has been assigned and the module has been configured to use PPP, a link to the PPP mappings page and message appear.
Secondary DNS server The value in this text box specifies the IP address of the secondary DNS server to use if one is not automatically assigned by the remote peer. Attempt to assign the following IP configuration to remote devices When checked, this check box will reveal the following four configuration parameters which control how the PPP instance assigns an IP address to a connecting remote peer.
Entity Instance Parameter Values Equivalent Web Parameter ppp n name Up to 25 characters Description ppp n phonenum up to 25 digits Dial out using numbers ppp n ph2 “ Dial out using numbers ppp n ph3 “ Dial out using numbers ppp n ph4 “ Dial out using numbers ppp n prefix 0 – 9999999999 Prefix ppp n username Up to 60 characters Username ppp n password Up to 40 characters Password ppp n IPaddr 0.0.0.
Entity Instance Parameter Values Equivalent Web Parameter ppp n natip Valid IP address a.b.c.d NAT Source IP address a.b.c.
The value in this textbox specifies the minimum period that the PPP interface should remain available. This means that even if the link becomes inactive before this period expires, the connection will remain open. Close this interface after s seconds The value in this text box specifies the maximum time that the link will remain active in any one session. After this time, the link will be deactivated.
Reset the data limit on the n day of the month The value in this text box defined the day of the month on which the data limit is reset to zero.
Entity Instance Parameter Values Equivalent Web Parameter transmitted after n units ppp n dlrstday 0 – 255 Reset the data limit on the n day of the month pots 0 connect_secs x Number of seconds maximum to wait for the modem to connect Serial Configuration – Network > Interfaces > Serial Digi routers support a variety of serial interfaces, either inbuilt or as optional add-on modules. Each asynchronous serial (ASY) port may be configured to operate at different speed, data format etc.
Data Bits / Parity This drop-down selection box selects the required data format for the interface, 8 data bits, no parity being a very common configuration. Note: When the serial port is not in 8-bit parity mode (i.e. it is in either 8-bit no parity, or 7-bit with parity), the router will continually check for parity when receiving AT commands and adjust and match accordingly.
Advanced Configuration – Network > Interfaces > Serial> Serial Port n> Advanced The configuration parameters in this section are changed less frequently than those in the basic section and so are given a separate page in order to reduce screen clutter. Answer V.120 calls after n rings (0 = Don’t answer) This parameter controls the answering of incoming V.120 calls. When set to zero, V.120 answering is disabled, otherwise V.120 answering is enabled on this interface.
This parameter determines the character used in the escape sequence. The default is the “+” symbol (ASCII value 43, 0x2b). Changing this value has the same effect as changing the “S2” register. Escape Delay s x 20 milliseconds This parameter defines the required minimum length of the pause (in multiples of 20ms) in the escape sequence. The default is 50 x 20ms which means that the escape sequence becomes “+++”, a pause of 1 second and then “AT” in order to drop back to AT command mode.
Entity Instance Parameter S3=n n/a n/a Values 0 - 255 Equivalent Web Parameter Where n = ASCII value Break Transmit Escape Character Profiles Each serial port can have two profiles which can be configured differently. Which profile is in force when the router powers-up is selected here. Power-up profile n Select “0” from the drop-down selection box to choose profile 0 to be active when the router powers-up. Select “1” from the selection box to make profile 1 the active profile.
Invert RX clock When checked, this checkbox will cause the router to invert the voltage level of the receive clock signal. Invert TX clock When checked, this checkbox will cause the router to invert the voltage level of the transmit clock signal. Encoding NRZ / NRZI These two radio buttons select between non-return to zero (NRZ) and non-return to zero (inverted) (NRZI) signal encodings.
Enable TCP rate adaption Check this checkbox to enable the use of rate adaptation when using a TCP connection rather than an ISDN line. When enabled, the following controls become enabled: Connect to IP Address a.b.c.d Port n When using a TCP connection, these text entry boxes allow the user to specify the IP address and port number that the protocol should use. Listen on Port This text entry box contains the port number that the router is listening on when in socket mode.
Note: If either string contains spaces, the entire string must be enclosed within double quotation marks. When substituting a command, upper case characters are considered the same as the corresponding lower case characters.
bind ? Command line examples: bind pad 0 asy 0 binds PAD 0 to serial port 0. bind v120 0 asy 3 binds V.120 instance 0 to asynchronous serial port 3. To access the Internet using PPP via a terminal connected to serial interface 2, enter the command: bind ppp 1 asy 2 Currently it is only possible to bind a TANS instance to an ADAPT instance using the bind command.
Escape char c The parameter in this text entry box is the ASCII character used as the escape character which is by default “+”. Entering this escape character three times followed by a pause of at least the “Escape delay” parameter below and then an “AT” command will cause the router to switch back to command mode from online mode. This is equivalent to the “S2” register setting.
Digi devices use the patented RealPort COM/TTY port redirection for Microsoft Windows. RealPort software provides a virtual connection to serial devices, no matter where they reside on the network. The software is installed directly on the host PC and allows applications to talk to devices across a network as though the devices were directly attached to the host. Actually, the devices are connected to a Digi device somewhere on the network.
This configures the interval at which TCP Keep-Alives are sent over the RealPort connection. A value of 0 means that Keep-Alives are not sent. Send RealPort Keep-Alives every s seconds This configures the interval at which RealPort Keep-Alives are sent over the RealPort connection. A value of 0 means that Keep-Alives are not sent. Enable exclusive mode Selecting this option enables exclusive mode. Exclusive mode allows a single connection from any one RealPort client ID to be connected only.
Entity Instance Parameter rport 0 debug rport 0 dcddiscards rport 0 duplex Values trace information in the analyser trace. 2: print the trace information out of the debug port. 3: place information in the trace 0, 1,2,3 0: Off 1: place the debug information in the analyser trace. 2: printf the debug information out of the debug port. 3: print out the debug port.
Enable Multitx Checking this checkbox displays the MultiTX settings in the GUI and enables the MultiTX function on the router. Serial Port This field specifies the serial interface to use. Data received on this serial will be forwarded to all configured remote hosts. Protocol This field specifies whether TCP or UDP will be used as the transport method. Socket Inactivity Timeout If there is no data transmitted for the specified number of seconds, the socket will be closed. 0 = no timeout.
When this parameter is enabled, the text in the ‘Match String’ field will be removed before the data is forwarded to the remote host. Remote host Up to five remote hosts can be specified in these fields. Host Enter the hostname or IP address of the remote host in this field. Port Enter the TCP or UDP port number that the remote host is listening on. Add Click this button to add the remote host.
Since data is transferred across IP networks in synchronous format, the router supports asynchronous to synchronous PPP conversion. This allows asynchronous terminals connected to the units to communicate with remote synchronous PPP devices. Normally, this is carried out using a single ISDN B-channel so that data can be transferred at speeds up to 64kbps. This is known as ASYNC to SYNC PPP operation and is supported as standard by most terminal adaptors.
ASY Port This is the physical ASY port for the external modem. W-WAN mode Checking the check box enables W-WAN mode Initialisation string n These parameters (Initialisation string 1, Initialisation string 2, Initialisation string 3) allow you to specify a number of command strings that are sent to the wireless module each time a wireless connection is attempted. These can be used to set non-standard wireless operating modes.
Listening init string This is the listening initialisation string parameter for external modems. Listening init interval (secs) The listening init string is sent at intervals specified by a listening init interval parameter. Maximum RING count before answering incoming call The count of the maximum number of rings before answering incoming call can be set in this field. The default value is 0.
The value in this textbox defines the Asynchronous Control Character Map (ACCM). The default value of 0x00000000 should work in most cases. Changing this value is for advanced users only. Desired remote ACCM c The value in this textbox defines the ACCM for the remote peer. As above, the default value of 0xffffffff should work in most cases and should only be changed if it is known that other characters should be used.
When “Always On” mode is enabled, these two textboxes specify the data rate and duration for which the data rate must be sustained before the B-channel is activated. Drop the first ISDN B-channel When the data rate is less than n bytes/sec for s seconds When “Always On” mode is enabled, these two textboxes specify the data rate below the traffic must fall and the duration for which it is below the threshold before the B-channel is deactivated.
This section contains those parameters which may need to be adjusted when setting up a PPP connection but in general can be left at their default values. The Configuration – Network > Interfaces > Advanced> PPPn submenu has the following sub-menu options: • Mobile • Advanced • PPP Negotiation • QoS • Sub-Configs Load answering defaults Clicking this button will cause the router to read the default PPP answering default parameters from a default configuration stored in memory.
The following three radio buttons control how the IP address for the router is assigned. Allow the remote device to assign a local IP address to this router When this radio button is selected, the remote peer will assign this PPP interface an IP address. Try to negotiate a.b.c.
Close the PPP connection after s seconds The value in this textbox specifies the maximum time that the link will remain active in any one session. After this time, the link will be deactivated. if it has been up for m minutes in a day The router will deactivate the PPP instance after it has been active for the value specified in this text box.
is NOT checked, as incorrect firewall rules will prevent a connection from passing network traffic. If the connection works when the firewall is turned off but fails when turned on, a good place to start checking parameters would be in the firewall settings page, Configuration – Security > Firewall.
Entity Instance Parameter Values Equivalent Web Parameter ppp n cingnb up to 25 digits Only allow numbers ending with n ppp n msn up to 9 digits with ISDN MSN ending with n ppp n sub up to 17 digits with ISDN sub-address ending with n ppp n maxup 0 – 2147483648 Close the PPP connection after s seconds ppp n maxuptime 0 – 2147483647 if it has been up for m minutes in a day ppp n timeout Default 300s (5 minutes) if it has been idle for h, m, s ppp n timeout2 0 – 214748364
Detach W-WAN if the link fails When checked, this checkbox will cause the router to issue the command to detach the mobile telephone module from the wireless network if it detects that the link has failed. Link failure is detected by a PPP ping response timer or by a firewall request. Detach W-WAN between connection attempts This checkbox controls whether or not the module stays attached to the network if multiple connection attempts are required to establish a connection.
These two radio buttons enable the “always-on” functionality and additionally the facility to return to the in-service state after a disconnect event. Put this interface “Out of Service” when an always-on connection attempt fails Normally, always-on interfaces will not go out of service unless they have connected at least once. When checked, this checkbox causes the router to put the interface out of service even if the first connection attempt fails.
Disconnect the link after n failed echo requests The value in this text box set the number of consecutive failed echo requests that are allowed before the router terminates the link. When set to zero, this functionality is disabled, i.e. the router will not terminate the link if the LCP echo requests do not elicit a response from the remote. Generate Heartbeats on this interface When checked, this checkbox reveals the configuration options that control how the router sends heartbeat packets.
secondary host is tried. This is to ensure that should the primary host become unavailable for any reason and stops responding to the ICMP echo requests, the router will check an alternative IP address before initiating the failover procedure. The value in the second text box is the number of pings that should be allowed to fail before checking the secondary IP address.
had been transferred. This event could then be used to trigger an email alert, SNMP trap or SMS alert message. Stop data from being transmitted after n Kbytes/Mbytes/GBytes The value in this text box specifies the total amount of data that may be transmitted by this PPP instance before the link is blocked for further traffic, and the value in the dropdown list specifies the units which are; KBytes, MBytes, GBytes.
This option causes the interface to become activated but rather than using the idle timer associated with the interface, specify the idle timeout. Inhibit other PPP interface if this PPP interface is disconnected but operational When checked, this checkbox enables this PPP instance to inhibit other PPP instances if it is operational but not currently active.
Entity Instance Parameter Values Equivalent Web Parameter ppp n settledly 0 - 200 Allow this PPP interface to settle for s seconds after the connection has come up Enable “Always On” mode of this interface, On, On and return to service immediately ppp n aodion 0–2 0 = disabled 1 = enabled 2 = On and return to service immediately ppp n immoos ON, OFF Put this interface “Out of Service” when an always-on connection attempt fails ppp n aodi_dly 0 – 2147483647 Attempt to reconnect after s
Entity Instance Parameter Values ppp n hbipadd Valid interface number 0 - 2147483648 Equivalent Web Parameter Use interface x,y for the source IP address ppp n hbiproute OFF, ON Select transmit interface using the routing table ppp n hbimsi OFF, ON Include IMSI information in the Heartbeat message ppp n hbgps OFF, ON Include GPS information in the Heartbeat message ppp n pingsiz 0 - 2147483648 Send n byte ping to IP host a.b.c.
Entity Instance Parameter Values Equivalent Web Parameter ppp n dlrstday 0 – 255 Reset the data limit on the n day of the month 0 - 2147483648 Reset this interface if n packets are transmitted and the connection has been up for at least s seconds ppp n sscnt ppp n sssecs 0 - 2147483648 Reset this interface if n packets are transmitted and the connection has been up for at least s seconds ppp n lscnt 0 - 2147483648 Reboot the router after n consecutive resets ppp n rebootfails 0 -
Entity Instance Parameter Values Equivalent Web Parameter s seconds ppp n deflate 0,1 0 = Off 1 = On Attempt to negotiate DEFLATE compression on this interface ppp n mppebits 0, 40, 56, 128 0 = Auto MPPE key size ppp n mppeless OFF, ON Enable MPPE stateless mode ppp n tcptxbuf 0 - 2147483648 TCP transmit buffer size n bytes PPP Negotiation Configuration – Network > Interfaces > Advanced> PPP n> PPP Negotiation When PPP starts up, the devices at both ends of the link negotiate the li
When checked, this checkbox causes the router to authenticate itself with the remote device using PAP. If this parameter is set, the connection will fail if authentication is not successful. Generally, this parameter is disabled. Request local CHAP authentication When checked, this checkbox causes the router to use the Challenge Handshake Authentication Protocol (CHAP) for local authentication. As with PAP, this parameter is generally enabled for incoming connections and disabled for outgoing connections.
Selecting enabled from the drop-down menu will allow the router to authenticate logins using version 2 of Microsoft’s proprietary MS-CHAP algorithm. Allow a remote unit to authenticate using CHAP-MD5 When checked, this checkbox will allow the router to authenticate with a remote unit using the CHAP-MD5 algorithm. MS-CHAP When checked, this checkbox will allow the router to authenticate with a remote unit using Microsoft’s MS-CHAP algorithm.
Entity Instance Parameter Values Equivalent Web Parameter ppp n l_bacp OFF, ON Request BACP ppp n l_callb OFF, ON Request callback r_callb 0–2 0 = Off 1 = Desired 2 = Required Allow remote end to request callback Allow this unit to authenticate using CHAP-MD5 ppp n ppp n l_md5 0-2 0 = Disabled 1 = Enabled 2 = Preferred ppp n r_md5 0,1 0 = Off 1 = On Allow remote unit to authenticate using CHAP-MD5 Allow this unit to authenticate using MS-CHAP ppp n l_ms1 0,1 0 = Disabled 1 =
Below this column heading, is a list of ten queue instances. Each instance is associated with the profile and priority on the same row. Profile n This column contains the profile to be associated with the queue. There are twelve available, 0 – 11, which are selected from the drop-down list boxes. Priority This column contains drop-down menu boxes which are used to assign a priority to the selected queue. The priorities available are: “Very High”, “High”, “Medium”, “Low”, and “Very Low”.
Sub-Configs Configuration – Network > Interfaces > Advanced> PPP n > Sub-Configs PPP sub-configs can be used as an alternative to using an entire PPP instance if only a few parameters are different to those in an existing PPP instance. Using PPP sub-configs saves on system memory. Up to 50 sub-configs may be defined. Nb This is the instance number for a sub-config. Description The text in this text box is used as a name to easily identify the sub-config.
• Logical Ethernet Interfaces • DHCP Options • Static Lease Reservations DHCP Server for Ethernet n Configuration – Network > DHCP Server> DHCP Server for Ethernet n Enable DHCP Server When checked, this checkbox opens up the page to reveal the following parameters: IP Addresses a.b.c.d to a.b.c.d There are six text boxes in this part of the page; three rows of two. The values in these specify the starting and ending addresses for the range of IP addresses that will be handed out by the DHCP server.
When checked, this checkbox causes the router to only send DHCP offers to Wi-Fi clients. This is useful if the router is being used as an access point and there is a separate DHCP server on the Ethernet LAN. DHCP Relay Forward DHCP requests to a.b.c.d The values in these two text boxes specify the IP addresses of the two supported DHCP relay agents.
Entity Instance Parameter Values Equivalent Web Parameter dhcp n fwdip2 Valid IP address a.b.c.d Forward DHCP requests to a.b.c.d Advanced Configuration – Network > DHCP Server> DHCP Server for Ethernet n> Advanced Next Bootstrap Server a.b.c.d The value in this text box specifies the IP address of a secondary configuration server. This server does not have to be on the same logical subnet as the client.
FTP Root Dir (for WYSE Terminals) The value in this text box specifies the root directory for FTP transfers. This is also a custom option for use with WYSE terminals. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter dhcp n NBNS Valid IP address a.b.c.d NetBIOS Name Server a.b.c.d dhcp n NBNS2 Valid IP address a.b.c.d Secondary NetBIOS Name Server a.b.c.d dhcp n tftp Valid IP address a.b.c.d TFTP Server Address a.b.c.d dhcp n ftp Valid IP address a.b.c.
Entity Instance Parameter Values i4 = 4 byte value ipv4 = IPv4 address string = string hex = hexadecimal Equivalent Web Parameter dhcpopt n value Up to 127 octets Value Command line examples To set the option number to “9” for LPR Server, the command is: dhcpopt 0 optnb 9 Static Lease Reservations Configuration – Network > DHCP Server> Static Lease Reservation The table on this web page controls the configuration of MAC address to IP address mappings and is used to assign a specific IP address t
The web page described here collects together a number of services that are provided by the router into one section to enable the user to quickly enable or disable these services without having to navigate to multiple sections of the menu. Detailed configuration is performed within the specific section. Enable Network Management Protocol (SNMP) Click on this checkbox to enable and disable remote management of the router using SNMP.
server. If security is not such an issue, selecting this option allows the simpler and slightly more convenient web server to be used. Enable Secure Web Server (HTTPS) Select this radio button to disable the insecure HTTP protocol and enable the HTTPS service.
When using this feature, it is recommended that the last DNS server selection hostname pattern is set to “*” to match all other DNS lookups. This ensures that all the DNS lookup configuration is kept together for ease of troubleshooting. If this is not done, the lookups will use the DNS server configured on the interface of the default route. DNS Server a.b.c.d The value in this text box specifies the IP address of the DNS server to use when a DNS request matches the hostname pattern.
“Dynamic DNS” is supported in accordance with RFC2136 and RFC2485. This allows units to update specified DNS servers with their IP addresses when they first connect to the Internet and at regular intervals thereafter. The parameters in this section control how the router updates a specified DNS server with its IP address when it first connects to the Internet and at regular intervals thereafter. This is not to be confused with the popular dynamic DNS service dyndns.
Confirm DNS Server Password The password should be entered into this text box to confirm it. Local time offset from GMT Auto detect The two radio buttons here control whether or not the offset of the local time from GMT should be auto-detected or specified. This feature is required since a GMT timestamp must be included as part of the authentication message. When set to auto-detect the router will automatically apply the correction.
Entity Instance Parameter Values Equivalent Web Parameter dnsupd 0 tzone –2147483648 2147483647 (hours) Local time offset from GMT n dnsupd 0 fudge 0 – 2157483648 (seconds) Required Time Accuracy s seconds dnsupd 0 ttl 0 – 2157483648 (seconds) Allow DNS clients to cache this entry for s seconds Dynamic DNS Configuration – Network > Dynamic DNS The Dynamic DNS client (DynDNS) is used to update DNS hostnames with the current IP address of a particular interface.
The value selected from this drop-down list is used to identify the dynamic DNS system containing the hostnames to be updated. The available options are: • Dynamic DNS • Static DNS • Custom DNS. When default route/interface x,y becomes active, send DDNS update The radio buttons select whether or not the router should use the default interface or the interface specified from the drop-down list.
Entity Instance Parameter Values Equivalent Web Parameter dyndns 0 ifent Blank,ETH,PPP When default route/interface x,y becomes active, send DDNS update dyndns 0 ifadd 0 -2147483647 When default route/interface x,y becomes active, send DDNS update Use Wildcards [Decription: User specified service provider] dyndns 0 wildcard 0,1,2 0 = Disable wildcards 1 = Enable wildcards 2 = No change to service settings dyndns 0 provider_hostname Up to 40 characters Advanced Configuration – Networ
Entity Instance Parameter Values Equivalent Web Parameter dyndns 0 debug OFF,ON Enable debug IP Routing / Forwarding - An introduction to TransPort routing Configuration – Network > IP Routing/Forwarding The Configuration – Network > IP Routing/Forwarding menu has the following submenu options: • IP Routing • Static Routes • RIP • OSPF • BGP • IP Port Forwarding / Static NAT Mappings • Multicast Routes The TransPort’s routing table can be viewed by navigating to Management - Network
If a static route is “pointing” at an Ethernet interface then optionally a gateway IP address can be added. If a gateway IP address is not added then the gateway IP address configured for the Ethernet interface itself will be used automatically. Default Routes Default routes can be added by configuring a route in Configuration - Network > IP Routing/Forwarding > Static Routes > Default Route n (where n is an instance number).
If multiple routes match the destination and have the same prefix length, the index number of the routes in the routing table is used to determine the route. CLI command: ip 0 cidr on Route Metrics Route Metric settings can be set to override the order in which the routes are searched. Routes with lower metric numbers will always be used in preference to routes with higher metric numbers even if the routes with higher metric numbers appear first in the routing table.
The value in this text box defines the maximum value for the routing metric. The default value is 16. Route directed IP broadcasts When checked, this checkbox causes the router to route directed broadcasts. The default state for this parameter is “Off”. A directed broadcast is an IP packet with a destination address that is a valid broadcast address for a subnet but does not originate from that subnet. Directed IP broadcasts are used to send a broadcast from one interface to the subnet of another.
Entity Instance Parameter Values Equivalent Web Parameter ip 0 routeup_dly 02147483647 When an “Always On” route becomes “In Service”, wait s seconds before using it Static Routes Configuration – Network > IP Routing/Forwarding> Static Routes The static routing web pages and command line parameters described below control the static routing table used by the router. These allow the setting up of static IP routes for particular IP subnets, networks or addresses.
Each route may be assigned a “connected metric” and a “disconnected metric”. The connected metric parameter is used to specify the metric for a route whose interface is active. The disconnected metric is used to specify the metric for a route whose interface is inactive. Normally both values should be the same but in some advanced routing scenarios necessary to use different values.
Make PPP n interface use the alternative idle timeout when this route becomes available When checked, this check box, in conjunction with the PPP interface instance number in the text box will cause the router to use the alternative inactivity timeout specified for that interface when this route comes back into service. This feature is useful when it is preferable to close down a backup route quickly when a primary route comes back into service.
Keep this route in service for s seconds after OOS state is cleared When this checkbox is checked, the following text box is enabled (i.e. it is no longer “greyed out”), allowing a value to be entered. The value specifies the period that the interface specified above will remain in service even though it is actually unable to pass traffic immediately.
Entity Instance Parameter Values Equivalent Web Parameter waiting for the interface to connect route n deact_ent Blank,PPP When this route becomes available, deactivate the following interfaces x,y route n deact_add 0 – 2147483647 When this route becomes available, deactivate the following interfaces x,y route n deact_ent2 Blank,PPP When this route becomes available, deactivate the following interfaces x,y route n deact_add2 0 – 2147483647 When this route becomes available, deactivat
Entity Instance Parameter Values Equivalent Web Parameter def_route n ll_ent Blank,PPP,ETH,TUN Interface x,y def_route n ll_add 0 – 2147483647 Interface x,y def_route n upmetric 1 - 16 Metric Advanced Configuration – Network > IP Routing/Forwarding> Static Routes> Default Route n> Advanced Use metric n when the interface is not active As per equivalent parameter in Routes n. Use this route only if the source IP address of the packet matches As per equivalent parameter in Routes n.
As per equivalent parameter in Routes n. Assign this route to recovery group n As per equivalent parameter in Routes n. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter def_route n metric 0 – 2147483647 Use metric n when the interface is not active def_route n srcip Valid IP address a.b.c.d IP Address a.b.c.d def_route n srcmask Valid netmask a.b.c.d Mask a.b.c.
Entity Instance Parameter Values Equivalent Web Parameter def_route n deact_ent2 Blank,PPP When this route becomes available, deactivate the following interfaces x,y def_route n deact_add2 0 – 2147483647 When this route becomes available, deactivate the following interfaces x,y def_route n unoos_secs 0 – 2147483647 Keep this route in service for s seconds after OOS state is cleared def_route n rgroup 0 - 255 Assign this route to recovery group n RIP Configuration – Network > IP Rout
Entity Instance Parameter Values Equivalent Web Parameter rip n enable on,off Enable RIP rip n interval 0 - 2147483647 Send RIP advertisement every s seconds rip n ripto 0 - 2147483647 Mark routes as unusable if we don’t get advertisement for s seconds rip n riplingerto 0 - 2147483647 Delete routes after another s seconds rip n updatestatic on,off Allow RIP to update static routes rip n poisonreverse on,off Enable Poison Reverse Access Lists Configuration – Network > IP Ro
Re-enter the new key into this text box to allow the router to check that the two are identical. Key ID (MD5 only) The value in this text box is the ID for the key. The ID is inserted into the RIP packet when using RIP v2 MD5 authentication and is used to look up the correct key for received packets. The valid range is 0 – 255. Valid from now/dd,mm,yy These two radio buttons select, between having the validity period for the key starting immediately of allowing a start date to be defined.
Use RIP: Select from the values ‘v1’, ‘v2’ and ‘v1 Compatible’ in the dropdown list. When RIP version is set to ‘V1’ or ‘V2’, the unit will transmit RIP version 1 or 2 packets respectively (version 2 packets are sent to the “all routers” multicast address 224.0.0.9). When RIP Version is set to “V1 Compat”, the unit will transmit RIP version 2 packets to the subnet broadcast address. This allows ‘V1’ capable routers to act upon these packets.
Use Triggered RIP on this interface: Enable triggered RIP (RFC2091). When triggered RIP is enabled, RIP timers are disabled. Include this interface in Rip advertisements: Select to cause the subnet configured on this interface to not be advertised by RIP. Related CLI Commands Entity Instance Parameter Values tun n rip 0,1 tun n ripip Valid IP address a.b.c.
When this button is clicked, the router attempts to load the file specified in the file selection list box into the edit window below the button. The text in the window can be edited as required. Save Config File When this button is clicked, the text in the edit window will be saved to the filename specified in the drop-down list above. These three controls allow an OSPF configuration file to be loaded, edited and saved.
Configuration – Network > IP Routing / Forwarding > BGP The Border Gateway Protocol (BGP) routing protocol is supported by TransPort routers. This page contains the configuration parameters used to control the behaviour of BGP. Most of the configuration is controlled by a configuration file (raw text) named bgp.cnf. This file would normally be created in a text editor on a computer and loaded onto the router. The router contains a simple editor that can be used to modify the file.
IP Port Forwarding / Static NAT Mappings Configuration – Network > IP Routing / Forwarding > IP Routing /Static NAT Mappings The router supports Network Address Translation (NAT) and Network Address and Port Translation (NAPT). NAT or NAPT may be enabled on a particular interface such as a PPP instance. When operating with NAT enabled, this interface has a single externally visible IP address.
To set the IP address for entry 0 in the table to 10.1.2.10 enter the command: nat 0 IPaddr 10.1.2.10 Multicast Routes Configuration – Network > IP Routing / Forwarding > Multicast Routes Digi TransPort routers support multicast routes, allowing them to route packets to multicast group addresses. Up to 20 different static multicast routes may be configured. Static multicast routes must be used in conjunction with the IGMP parameter on the outbound interface.
Virtual Private Networking (VPN) Configuration – Network > Virtual Private Network (VPN) The Configuration – Network > VPN menu has the following sub-menu options: • IPsec • L2TP • PPTP • OpenVPN IPsec Configuration – Network > Virtual Private Network (VPN)> IPsec IPsec (Internet Protocol security) refers to a group of protocols and standards that may be used to protect data during transmission over the internet (which is inherently insecure).
The first stage in establishing a secure link between two endpoints on an IP network is for those two points to securely exchange a little information about each other. This enables the endpoint responding to the request to decide whether it wishes to enter a secure dialogue with the endpoint requesting it. To achieve this, the two endpoints commonly identify themselves and verify the identity of the other party.
Once this initial association exists the two devices can “talk” securely about and exchange information on what kind of security protocols they would like to use to establish a secure data link, i.e. what sort of encryption and/or authentication they can use and what sources/destinations they will accept.
Use this IP mask for the remote LAN subnet. The mask sets the range of IP addresses that will be allowed to use the IPsec tunnel. Remote Subnet ID Normally used with L2TP/IPsec VPNs. When the router is in server mode and negotiating IPsec from behind a NAT box, this parameter should be configured to the ID sent by the remote Windows client (this is usually the computer name). Use the following security on this tunnel These define the security identities used on the IPsec tunnel.
This parameter can be used to override the private key filename in the IKE configuration. It is only used when RSA Signatures (Certificates) are being used for the authentication stage of the IKE negotiation. Use enc encryption on this tunnel The ESP encryption protocol to use with this IPsec tunnel. The options are: • • • • • • • No (None) Null DES 3DES AES (128 bit keys) AES (192 bit keys) AES (256 bit keys) If the dropdown options only display None and Null, the router will need Encryption enabling.
Bring this tunnel down if it is idle for h hrs m mins s secs This parameter is used when the IPsec tunnel is configured to come up on demand and defines how long the IPsec tunnel should remain up if there is no traffic is being sent on the tunnel. Renew the tunnel after Defines the constraints of when the IPsec tunnel SA has to be renewed. h hrs m mins s secs Re-new the IPsec SA after the specified amount of time.
Entity Instance Parameter Values Equivalent Web Parameter eroute n espenc off, null, des, 3des, aes Use enc encryption on this tunnel eroute n enckeybits 128, 192, 256 Use enc encryption on this tunnel eroute n espauth off, md5, sha1 Use auth authentication on this tunnel eroute n dhgroup 0, 1, 2, 3 Use Diffie Hellman group eroute n ikever 1, 2 Use IKE n to negotiate this tunnel eroute n ikecfg 0, 1 Use IKE configuration 0 = On Demand eroute n autosa 1 = When a route to
The alternative IP mask to negotiate. Virtual IP Request Used when the remote peer is a Cisco device using MODECFG to assign a specific IP address to this router during SA setup negotiations. This is commonly seen in Remote Access (RA) type VPNs and EasyVPN solutions. The mode to use will depend on the configuration of the Cisco, seek advice from the Cisco administrator to determine which mode to use. XAuth ID Extended Authentication ID for use with Cisco XAUTH.
Go out of service after n consecutive auto-negotiation failures The router will take the IPsec tunnel out of service if the auto-negotiation fails for the specified consecutive number of times rather than continually retrying. This tunnel can only use apn When enabled, this parameter allows you to choose between using the main APN or the backup APN, as defined in the Configuration – Network > Serial > W-WAN Port page.
IP packets with ToS values n must use this tunnel Packets with matching ToS fields will only be tunnelled through this IPsec tunnel and no others. The usual traffic selector matching still takes place as normal. Packets that don’t have matching ToS values will get tunnelled as normal. The ToS values should be entered as a comma separated list. E.g. 2,4 Only tunnel IP packets with This restricts the IP packets that will be tunnelled to those with matching TCP/UDP port numbers.
Entity Instance Parameter Values list of Integers Equivalent Web Parameter IPsec tunnels n are up eroute n requireno Integer Inhibit this IPsec tunnel unless IPsec tunnel n is up eroute n usesecip on, off IKE negotiation source IP address is taken from the Secondary IP Address eroute n ipent blank, ETH, PPP IKE negotiation source IP address is taken from the Interface x,y x = Interface type eroute n ipadd Integer IKE negotiation source IP address is taken from the Interface x,y y = I
Example To setup multiple users in this way, first set up the Our ID parameter on the host unit to a suitable name, e.g. “Host1”. Then set the Peer ID parameter to “Remote*” for example. In addition, an entry would be made in the user table with “Remote*” for the Username and a suitable Password value, e.g. “mysecret”. Each of the remote units that required access to the host would then have to be configured with an Our ID parameter of “Remote01”, “Remote02”, etc.
IPsec Default Action Configuration – Network > Virtual Private Network (VPN)>IPsec> IPsec Default Action Like a normal IP routing set-up, IPSec Tunnels have a default configuration that is applied if no specific tunnel can be found. This is useful when, for instance, you wish to have a number of remote users connect via a secure channel (perhaps to access company financial information) but also still allow general remote access to other specific servers on your network or the Internet.
Basic Concept The router with the IPsec Group/MySQL configuration will be the VPN Concentrator. The remote sites will normally not require an IPsec group configuration as they will normally only need to connect to a single peer, the VPN Concentrator. The VPN Concentrator will normally need only a single IPsec group configured. The local and remote subnet parameters need to be set up wide enough to encompass all the local and remote networks. The VPN Concentrator can act as an initiator and/or a responder.
VPN Concentrator acting as a responder to a session initiated from the remote site When a remote site needs to create an IPsec SA with the VPN Concentrator it will send an IKE request to the VPN Concentrator. The VPN Concentrator needs to be able to confirm that the remote device is authorised to create an IPsec tunnel. The remote site will supply its ID to the host during the IKE negotiations.
All other fields should be configured as usual. It is possible to set up other IPsec groups linked with other IPsec tunnels. This would be done if there is a second group of remote sites that have a different set of local and remote subnets, or perhaps different encryption requirements. The only real requirement is that this second group uses peer IDs that do not match up with those in use by the first IPsec group.
The name of the table when the remote site information is stored. Remote subnet IP The name of the field in the table where the ‘remip’ data is stored. Remote subnet Mask The name of the field in the table where the ‘remmsk’ data is stored. Peer IP Address The name of the field in the table where the ‘peerip’ data is stored. Backup Peer IP Address The name of the field in the table where the ‘bakpeerip” data is stored. Peer ID The name of the field in the table where the ‘peerid’ data is stored.
Dead Peer Detection Configuration – Network > Virtual Private Network (VPN)>IPsec> Dead Peer Detection When Dead Peer Detection (DPD) is enabled on an IPsec tunnel, the router will send an IKE DPD request at regular intervals. If no response is received to the DPD request, the IPsec tunnel is considered as suspect and the requests are sent at a shorter interval until either the maximum number of outstanding requests allowed is reached or a response is received.
IKE Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKE The Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKE folder opens to list configuration pages for IKE 0 and IKE 1 with a separate page for IKE Responder. The IKE 0 instance can be used as an IKE “initiator” or as an IKE “responder” whereas IKE 1 can only be used as an initiator. The IKE 0 and IKE 1 pages are therefore used to set up the IKE 0 and IKE 1 initiator parameters as required.
Entity Instance Parameter Values Equivalent Web Parameter ike 0 debug on, off Forward debug to port IKE n Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKE> IKE n Use the following settings for negotiation Defines the settings used during the IKE negotiation Encryption Defines the encryption algorithm used. The options are: • • • • • • None DES 3DES AES (128 bit keys) AES (192 bit keys) AES (256 bit keys) Authentication Defines the authentication algorithm used.
certificates. This is because the ID of the remote unit (it’s public key) can be retrieved from the certificate file. MODP Group for Phase 1 Sets the key length used in the IKE Diffie-Hellman exchange to768 bits (group 1) or 1024 bits (group 2). Normally this option is set to group 1 and this is sufficient for normal use. For particularly sensitive applications, you can improve security by selecting group 2 to enable a 1024 bit key length.
Stop IKE negotiation after n retransmissions The maximum number of times that IKE will retransmit a negotiation frame as part of the exchange before failing. Stop IKE negotiation if no packet received for n seconds The period of time in seconds after which the unit will stop the IKE negotiation when no response to a negotiation packet has been received. Enable Dead Peer Detection Enables Dead Peer Detection. For more information, refer to the Configuration – Network > IPsec > Dead Peer Detection (DPD) page.
Entity Instance Parameter Values Equivalent Web Parameter ike n dpd on, off Enable Dead Peer Detection ike n natt on, off Enable NAT-Traversal ike n initialcontact on, off Send INITIAL-CONTACT notifications ike n keepph1 on, off Retain phase 1 SA after failed phase 2 negotiation ike n privrsakey Filename RSA private key file 0 = Normal ike n delmode 1 = Remove IKE SA when last IPsec SA removed 2 = Remove IPsec SAs when IKE SA remove SA Removal Mode 3 = Both ike n opensw
Entity Instance Parameter Values Equivalent Web Parameter des, 3des, aes ike 0 rencalgs ike 0 keybits Multiple algorithms can specified in a comma separated list 0, 128, 192, 256 Encryption Encryption (Minimum AES Key length) md5, sha1 Multiple algorithms can specified in a comma separated list ike 0 rauthalgs ike 0 rdhmingroup 1, 2, 5 MODP Group between x and y ike 0 rdhmaxgroup 1, 2, 5 MODP Group between x and y ike 0 ltime 1 - 28800 Authentication Renegotiate after h hrs
The name of a X.509 certificate file holding the router’s private part of the public/private key pair used in certificate exchanges. See ‘X.509 Certificates’ in the ‘IPsec and VPNs’ section for further explanation. SA Removal Mode Determines how IPsec and IKE SAs are removed. ‘Normal’ operation will not delete the IKE SA when all the IPsec SAs that were created by it are removed and will not remove IPsec SAs when the IKE SA that was used to create them is deleted.
If the unit receives packets from a local interface that need to be routed through the tunnel, it performs address translation so that the source address matches the assigned IP address before encrypting using the negotiated SA. Some state information is retained so that packets coming in the opposite direction with matching addresses/ports can have their destination address set to the source address of the original packet (in the same way as standard NAT).
Encryption Defines the encryption algorithm used. The options are: • • • • • • None DES 3DES AES (128 bit keys) AES (192 bit keys) AES (256 bit keys) Authentication Defines the authentication algorithm used. The options are: • • • None MD5 SHA1 PRF Algorithm Defines the PRF (Pseudo Random Function) algorithm used. The options are: • • MD5 SHA1 MODP Group for Phase 1 Sets the key length used in the IKE Diffie-Hellman exchange to768 bits (group 1) or 1024 bits (group 2).
Entity Instance Parameter Values ike2 n rekeyltime 1 - 28800 Equivalent Web Parameter only. Rekey after h hrs m mins s secs This CLI value is entered in seconds only. Advanced Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKEv2> Advanced Retransmit a frame if no response after n seconds The amount of time in seconds that IKEv2 will wait for a response from the remote unit before transmitting the negotiation frame.
Entity Instance Parameter Values Equivalent Web Parameter ike2 n privrsakey Filename RSA private key file IKEv2 Responder Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKEv2> IKEv2 Responder This page displays the various parameters for IKEv2 0 when used in Responder mode. Enable IKEv2 Responder Allows the router to respond to incoming IKE requests.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ike2 0 rencalgs des, 3des, aes Encryption ike2 0 renckeybits 128, 192, 256 Encryption (Minimum AES key length) ike2 0 rauthalgs md5, sha1 Authentication ike2 0 rprfalgs md5, sha1 PRF Algorithm ike2 0 rdhmingroup 1, 2, 5 MODP Group between x and y ike2 0 rdhmaxgroup 1, 2, 5 MODP Group between x and y ike2 0 ltime 1 – 28800 Renegotiate after h hrs m mins s secs This CLI value is entered in sec
Entity Instance Parameter Values Equivalent Web Parameter ike2 0 natt on, off Enable NAT-Traversal ike2 0 natkaint Integer NAT traversal keep-alive interval n seconds ike2 0 privrsakey Filename RSA private key file L2TP Configuration - Network > Virtual Private Networking (VPN) > L2TP The Layer 2 Tunnelling Protocol (L2TP) provides a means for terminating a logical PPP connection on a device other than the one which terminates the physical connection.
When checked, this checkbox causes the router to NOT actively attempt to establish an L2TP tunnel. In this mode it will only use L2TP if the remote host requests it. When unchecked, the router will actively try to establish an L2TP connection with the remote host. Enable Server mode When checked, this checkbox causes the router to act as a L2TP server. Initiate connections to a.b.c.d The value in this text box specifies the IP address of the remote host, i.e.
Entity Instance Parameter Values a.b.c.
Sub-address The value in this text box specifies the ISDN sub-address filter to use in conjunction with the ISDN answering function. When answering is set to On and there is a valid sub-address in this text box, the router will only answer calls where the trailing digits of the calling subaddress match this sub-address. For example, setting the sub-address value to 123 will prevent the router from answering calls where the sub-address does not end in 123.
Accept incoming PPTP connections When checked, this checkbox allow the router to act as a PPTP server and accept incoming VPN connections. Enable Server mode When checked, this checkbox causes the router to send call_out call requests to the remote device. In the default state which is unchecked, the router will send a call_in request to the remote device.
OpenVPN can be used for connecting to the router for secure management as well as access to services on the LAN side of the TransPort router, such as corporate messaging services, file servers and print servers for example.
Link socket interface x,y If configured, OpenVPN sockets will only be allowed to/from this interface and the routing table will be ignored. When set to Auto, the OpenVPN sockets will use the routing table to identify the best interface to use.
This allows the OpenVPN instance to use an extra level of security by having a TLS password configured. Use file for TLS Auth Key Select this when TLS Authoorization key is a file. TLS password filename Select the filename of the OpenVPN TLS authentication key from this drop-down list. TLS Auth Key direction Select the authentication key direction for usage of different tx and rx authentication key files. This is enabled when TLS Authoorization key is a file.
OpenVPN RX ping timeout (seconds) The number of seconds, after which no OpenVPN ping has been received, the VPN will be marked as down. Include IV Enabling this option on includes an IV at the head of an encrypted packet. If one peer prepends this IV and the other isn’t expecting it, packet decryption will fail. Key negotiation timeout (seconds) Maximum time in seconds to allow for a data channel key negotiation. Key renegotiation interval (seconds) Interval between key re-negotiations.
Entity Instance Parameter Values Equivalent Web Parameter ovpn n mtu 0 - 2147483647 MTU ovpn n metric 0 - 2147483647 Metric NAT mode ovpn n do_nat 0,1,2 0 = Off 1 = Address only 2= Address and port ovpn n ipanon OFF,ON IP analysis ovpn n firewall OFF,ON Firewall ovpn n igmp OFF,ON IGMP ovpn n inrip OFF,ON Include in RIP advertisements ovpn n autoup OFF,ON Automatically connect interface ovpn n server OFF,ON Server mode (listener) ovpn n port 0 - 65535 Li
Entity Instance Parameter Values Equivalent Web Parameter ovpn n puship3 Valid subnet a.b.c.d Push IP address #3 a.b.c.d ovpn n pushmask3 Valid netmask a.b.c.d Push mask #3 a.b.c.d ovpn n pushdns Valid IP address a.b.c.d Push DNS server address #1 a.b.c.d ovpn n pushdns2 Valid IP address a.b.c.d Push DNS server address #2 a.b.c.
Cipher values Digest values AES-128-CBC ssl3-sha1 AES192 ssl3-md5 AES-192-CBC SHA1 DES-EDE3-CBC MD2 AES-256-CBC RSA-MD2 AES-256 md5WithRSAEncryption DES3 RSA-SHA1 Blowfish RSA-SHA1-2 RSA-MD5 SHA256 SSL Configuration – Network > SSL The secure socket layer (SSL) that provides a secure transport mechanism is supported by Digi’s TransPort routers. The configuration of the client-side and server (Configuration – Network > SSL webpage) are described in the following pages.
digest algorithm and SSLv3 represents all SSL v3 algorithms. Lists of cipher suites can be combined in a single cipher string using the “+” character. This forms the logical AND operation. For example, SHA1+DES represents all cipher suites containing SHA1 and DES algorithms. If left empty, the cipher list is not used. For more information see: http://www.openssl.org/docs/apps/ciphers.
• • SSLv3 only SSLv2 only. Cipher List The list of ciphers is the same as described above for the client-side configuration table. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter sslsvr 0 certfile Up to 12 characters (DOS 8.3 format) Server Certificate Filename Server Private Key Filename sslsvr 0 keyfile Up to 12 characters (DOS 8.
DEFLATE compression is also supported. If this is enabled and negotiated, SSH packets are first compressed before being encrypted and delivered to the remote unit via the TCP socket. Note: The SSH server supports the SCP file copy protocol but does NOT support filename wildcards. Enable SSH Servers When checked, this checkbox enables the SSH servers on the router.
When checked, this checkbox enables the router to accept traffic on ports other than 23. This functionality is for use with SSH client applications (such as PuTTY) that has port forwarding capability. For example, one the SSH connection is active, traffic for the HTTP port 80 can be sent to the router securely. Command Session IP Address a.b.c.
The following four configuration options allocate preferences to the authentication methods that should be used. As above, a value of zero disables the particular authentication method and lower values indicated greater preference than higher values. So, for example if MAC SHA1-96 was the preferred method for authentication, this option would be given the value 1 and the other options given a value of 2 or greater.
Entity Instance Parameter Values 0 = Disabled Equivalent Web Parameter ssh 0-7 encaes128cbc 0 - 2147483647 AES (128 bits) ssh 0-7 encaes192cbc 0 - 2147483647 AES (192 bits) ssh 0-7 encaes256cbc 0 - 2147483647 AES (256 bits) ssh 0-7 macmd5 0 - 2147483647 MAC MD5 ssh 0-7 macmd596 0 - 2147483647 MAC MD5-96 ssh 0-7 macsha1 0 - 2147483647 MAC SHA1 ssh 0-7 macsha196 0 - 2147483647 MAC SHA1-96 ssh 0-7 debug 0,1 0 = Off 1 = On Enable Debug Configuring SSH In order to ful
Configuration using the command line interface Generate the SSH V1 private key using the genkey command as follows: genkey -ssh1 where is one of the following values; 384, 512, 768, 1024, 1536 or 2048 and is the name for the file, e.g. “privssh1.pem” as described for the web version of this procedure. Generate the SSH V2 private key using the genkey command as per step 1 but this time omit the –ssh1 switch. For example: genkey 1024 privssh2.pem.
The value in the left-hand text box is the name of the local user and should be one of the usernames assigned in the Configuration – Security > Users web page. This name is then used as the FTP login username when the local device needs to relay a file. The value in the right-hand text box is the name of the FTP host to which the files from the locally attached device are to be relayed. Server Username The value in this text box is the username required to log in to the specified FTP host.
The configuration options following this checkbox are normally disabled (they should appear “greyed out” in the browser). When this checkbox is checked, the parameters are enabled and data can be entered into the text boxes. Use Email Template File The value in this text box contains the name of the template file that will be used to form the basis of any email messages generated by the FTP Relay Agent. This would normally be the standard “EVENT.
Entity Instance Parameter frelay n smtp_subject Values characters Equivalent Web Parameter Up to 40 characters Subject Advanced Configuration – Network > FTP Relay> Advanced Tx Buffer Size n bytes The value in this text box specifies the size of the Tx socket buffer.
Telnet When checked, this checkbox excludes Telnet from passthrough. Telnet over SSL When checked, this checkbox excludes SSL from passthrough. SSH/SFTP When checked, this checkbox excludes SSH/SFTP from passthrough. SNMP When checked, this checkbox excludes SNMP from passthrough. Device Cloud When checked, this checkbox excludes the device cloud protocol from passthrough. Note: This option only appears on models that support the device cloud remote management functionality.
Entity Instance Parameter Values Equivalent Web Parameter passthru 0 ports Comma-separated list of ports Other Ports passthru 0 protos Comma-separated list of protocols Other Protocols UDP Echo Configuration – Network > UDP Echo When enabled, the UDP echo client generates UDP packets that contain the router’s serial number and ID and transmits them to the IP address specified by the configuration.
Entity Instance Parameter Values Equivalent Web Parameter udpecho n dstip Valid hostname Send a UDP packet to IP address a.b.c.d port n every s seconds udpecho n dstport 0 - 65535 Send a UDP packet to IP address a.b.c.d port n every s seconds udpecho n interval 0 - 2147483647 Send a UDP packet to IP address a.b.c.
QoS is a complex subject and can have a significant impact on the performance of the router. For detailed background information on QoS, refer to RFC2472 (Definition of the Differentiated Services Field). In Digi TransPort routers, the classification of incoming IP packets for the purposes of QoS takes place within the firewall. The firewall allows the system administrator to assign a DSCP code to a packet with any combination of source/destination IP address/port and protocol.
Entity Instance Parameter Values Default 4 Equivalent Web Parameter Example command line commands. To display a DSCP mapping from the command line, type the following: dscp ? Where is a valid DSCP code from 0 to 63, or 64 (but see note below). To change the value of a parameter, use the following command: dscp q Where is a valid DSCP code and is from 0 to 9.
WRED Maximum Threshold The value in this text box specifies the maximum queue length threshold for using the WRED algorithm to drop packets. Once the queue length exceeds this value, the WRED algorithm will cause all packets to be dropped. WRED Maximum Drop Probability (%) The value in this text box sets the maximum percentage probability used by the WRED algorithm to determine whether or not a packet should be dropped when the queue length is approaching the WRED maximum threshold value.
qprof To set the maximum throughput for queue profile 5 to 10kbps, enter the following command: qprof 5 maxkbps 10 Timebands Configuration – Network > Timebands Digi TransPort routers support “Time Bands” which are used to determine periods of time during which PPP interfaces allowed or prevented from activating. For example, a router in an office could be configured so that the ADSL PPP interface is only raised on weekdays. Time Bands may only be applied to PPP instances.
Time The value in this text box is the transition time. This is specified in 24-hour format with a colon separator between the hours and minutes. State This drop-down list selects the routing state which can be On or Off. (For convenience, the state of this parameter toggles for each new addition so if an on transition is configured, the default state for the next addition will be Off). The following screenshot shows a PPP instance configured so that routing is allowed on weekday from 09:00 to 17:00.
tband 0 days 0 mf tband 0 time0 9 tband 0 state0 on tband 0 days1 mf tband 0 time1 5:30 tband 0 state1 off Advanced Network Settings Configuration – Network > Advanced Network Settings The settings described in this web page are “advanced” in the sense that in the vast majority of configurations and implementations they should not require changing. Secondary IP Address a.b.c.d The value in this text box assigns an additional IP address to the router that is not associated with any particular interface.
Entity Instance Parameter Values 0–3 0 = Auto sockopt n sslver ip o maxdnscache 1 = TLSv1 2 = SSLv2 3 = SSLv3 Seconds (Default 300) Equivalent Web Parameter bytes Default SSL version for outgoing connections Maximum DNS response cache time Socket Settings Default source IP address interface x,y The values in these two text boxes define the interface (None,PPP,ETH) and the instance number of the interface to use as a source address for IP when not using the interface that the socket was created
Entity Instance Parameter Values Equivalent Web Parameter sockopt n sock_connto 02147483648 Connect Timeout s seconds sockopt n sock_inact 02147483648 TCP socket inactivity timer s seconds sockopt n sock_keepact 02147483648 TCP socket keep-alive s seconds XOT Settings Default source IP address interface x,y The values in these two text boxes specify the interface (None,PPP,ETH) and instance number of that interface that IP address that XOT sockets should use instead of the interface that
Backup IP Addresses This page contains a table that is used to specify alternative IP addresses to use when the router fails in an attempt to open a socket. These addresses are used only for socket connections that originate from the router and are typically used to provide back-up for XOT connections, TANS (TPAD answering) connections or any application in which the unit is making outgoing socket connections.
that is unavailable, the router will try its backup IP address and so on. To make this example more concrete, say the original IP address is 192.168.0.1 with a backup IP address of 192.168.0.2, then setting the IP address in the next row to 192.168.0.2 with a backup IP address of 192.168.0.3 will cause the router to try all these IP addresses in succession.
SNA uses Synchronous Data Link Control (SDLC) which is an unbalanced mode in which there is one master station and 1 or more secondary stations. Each secondary station owns a station address and can only respond when this address has just been polled by the master. A typical scenario is shown in the diagram below: SNAIP 0 Configuration – Network > Legacy protocol> SNA over IP> SNAIP 0 Description This parameter allows you to enter a name for this SNAIP instance, to make it easier to identify.
The SNAIP parameter "Priority" is used to select the SNAIP instance to use when more than one is available; the highest number being given preference. As an example consider that 4 SNAIP instances to all share sync port 0. To do this, configure SNAIP 0 in the usual way on "PORT 0" and then configure SNAIP instances 1,2 & 3 to use "SharedPort" and “Sync Port from SNAIP 0” Use protocol This parameter sets the appropriate protocol for the interface.
Enable this parameter if this unit is to be the Master in an unbalanced link, or “Off” if the unit is to be a secondary station. Polling Response Time The poll time in milliseconds (if the unit is the master in an unbalanced link). Polling Stations Addresses This parameter lists the station addresses on the data link as a comma-separated list of hex values (e.g. “c1,d1” for station addresses 0xc1 & 0xd1). This parameter is only applicable in SNA mode.
backup hang-up timer thus saving ISDN call charges. When LAPB is being used on a synchronous port, this parameter should normally be set to 0. SSP (WAN) Parameters Configuration – Network > Legacy protocol> SNA over IP> SNAIP 0> SSP (WAN) Parameters Virtual MAC Address Virtual MAC address. The host uses MAC addresses and SAP values as the addressing values to discriminate between circuits (in much the same way as an IP address & TCP port define an addressing point for a TCP socket).
Include MAC Exclusivity Capability On or Off. Set this parameter to “On” in order to include the MAC exclusivity value in the capabilities exchange message. MAC Exclusivity Value See above. Ignore unsolicited response frames When this parameter is enabled, the unit will ignore unsolicited response frames. Wait for Contact before progressing to CONNECT PENDING state During the DLSw negotiation phase and when XID messages are being exchanged this parameter controls which end sends the “CONTACT” message.
Entity Instance Parameter Values snaip x master 1 = enabled, 0 = disabled snaip x pollresp 0 - 2147483647 snaip x stations text Polling Stations Addresses snaip x saps text SAPs snaip x dsaps text DSAPs(blank=default) snaip x send_xid_null 1 = enabled, 0 = disabled Send Null XID (XID with no Data) snaip x xid_data text Send XID with Data snaip x turntxtim 0 - 2147483647 Tx Turn Around Time snaip x dtemode 1 = DTE, 0 = DCD Mode snaip x n400 0 - 255 N400 coun
Entity Instance Parameter Values Equivalent Web Parameter snaip x iunsolresp 1 = enabled, 0 = disabled Ignore unsolicited response frames snaip x waitforcontact 1 = enabled, 0 = disabled Wait for Contact before progressing to CONNECT PENDING state snaip x con_attempts 0 - 2147483647 Make immediate connection attempts before backing off snaip x con_boff_time 0 - 2147483647 Backoff for x seconds before attempting to connect again Forcing SNAIP to use a specific instance If several SNA
ISDN B channel if two calls are attempted to the same ISDN number at the same time. (All services that the POS terminals may dial must support multiple SVCs if using the setting 254.) Use backup interface This section is used to specify a backup interface that will be used automatically if the call to the primary interface fails. Note that the primary interface will be tried first for every new call attempt.
Default X.25 Packet Size This parameter specifies the default X.25 packet size to be used for TPAD transactions. Use NUA This parameter specifies the X.25 Network User Address to be used for outgoing X.25 calls if no NUA is specified in the call string. Use NUI This specifies the X.25 Network User Identifier to be used for outgoing X.25 calls if no NUI is specified in the call string. LCN The unit supports up to eight logical X.25/TPAD channels.
Allow consecutive transactions Multiple transactions are allowed per X.25 call, but not until a response has been received from the host. Allow concurrent transactions Multiple transactions per X.25 call are allowed irrespective of whether a response has been received from the host. Use ASCII character x as the delimiter character This parameter specifies the character used to separate a main NUA from a backup NUA, and a main NUI from a backup NUI in an ATD command.
This parameter specifies the terminal ID to associate with this TPAD instance when answering an incoming APACS 50 polling call. Use merchant Number This parameter can be used to insert a merchant number into the APACS 30 string when the locally connected equipment does not transmit a merchant number. Use Connect String This parameter specifies a string to be sent to the user’s terminal when an outgoing TPAD call has been connected, instead of the normal ENQ character.
Ticking this check box will cause the unit to retransmit the APACS 30 string to the terminal if an error is detected. (e.g. no ACK received from terminal) STX/ETX removal Enabling “Del STX&ETX” will cause the unit to strip off the STX and ETX characters that normally surround the APACS 30 string before sending it to the host. Enabling “Del STX only” will cause it to strip of the STX character only.
When this parameter is enabled the TPAD instance will look at responses coming from the host and remove any trailing space characters from the end of the packet before relaying the data to the terminal. This may be necessary if the host system “pads out” responses with unnecessary spaces which can cause abnormal behaviour in some terminals. Acknowledge TPAD data packets This parameter causes the unit to acknowledge TPAD data packets from the terminal. This parameter should normally be enabled.
Entity Instance Parameter Values Equivalent Web Parameter tpad n ipmode 0=XOT, 1=raw TCP Use TPAD over interface tpad n bakl2iface lapb, lapd, tcp, ssl, vxn Use backup interface tpad n bakl2nb 0 - 255 Use backup interface tpad n bnumber text (valid ISDN number) Use number x to make outgoing ISDN calls tpad n prefix text (numeric) Use prefix x tpad n prefix_rem text (numeric) Remove prefix x from number in ATD command tpad n suffix text (numeric) Use suffix x 0 - 10000
Equivalent Web Parameter milliseconds Entity Instance Parameter Values tpad n trig_str text Create an event when reply from X.
Entity Instance Parameter Values Equivalent Web Parameter tpad n tenqdel 0 - 5000 Delay sending ENQ characters to TPAD terminal for x milliseconds when a call has been connected tpad n tackdel 0 – 10000 Wait for x milliseconds for an ACK before retransmitting the data tpad n dsync 1 = enabled, 0 = disabled Transmit TPAD transactions directly in a Synchronous frame tpad n inclrc 1 = enabled, 0 = disabled Include LRC tpad n incllrc 1 = enabled, 0 = disabled Include LRC line tpad
Entity Instance Parameter Values Equivalent Web Parameter use PANS context x X.25 Configuration – Network > Legacy Protocol > X.25 The Configuration – Network > Legacy Protocol > X.25 menu has the following submenu options: • General • LAPB • NUI Mappings • NUA / NUI Interface Mappings • Calls Macros • IP to X.25 Calls • PADS n • X.25 Settings • IP Settings • PADs • X.25 PVCs General Configuration – Network > Legacy Protocol > X.25> General This section contains some global X.
By default it is “Off”, in which case the length of the header is NOT included in the value. For example, say we had one byte of data of value 67 to encode. Then “00 01 67” is the encoding if this parameter is set to “Off” as the length (00 01) is 1 because the length does not include the length of the header. When set to “On” the length of the IP header is included in the value, i.e. “00 03 67” is the encoding as the header bytes are included.
N400 Counter x This is the standard LAPB retry counter. The default value is 3 and it should not normally be necessary to change this. RR Timer x milliseconds This is a standard LAPB “Receiver Ready” timer. The default value is 10,000ms (10 seconds) and it should not normally be necessary to change this. T1 Timer x milliseconds This is a standard LAPB timer. The default value is 1000 milliseconds (1 second) and under normal circumstances, it should not be necessary to change it.
cause the unit to answer incoming ISDN calls only where the trailing digits of the sub address called match the Sub-address value. For example, setting the Sub-address to 123 will prevent the unit from answering any calls where the sub-address called does not end in 123. Keep ISDN LAPB link activated when user sends a DISC or X.
Entity Instance Parameter Values Equivalent Web Parameter lapb n l1iface port, isdn (use “isdn” for ISDN) Use: ISDN DTE/DCE mode: lapb n dtemode 0=DTE Mode DTE or DCE 1=DCE lapb n N400 1 - 255 N400 Counter x lapb n tnoact 1000 - 60000 RR Timer x milliseconds lapb n t1time 1 - 60000 T1 Timer x milliseconds lapb n t200 1 - 60000 T200 Timer x milliseconds lapb n Window 1-7 X.25 Window Size lapb n tinactx25 0 - 3000 Disconnect link if there has been no X.
When a TPAD call is taking place the attached terminal sometimes only specifies an “NUI” (Network User ID) to call. If the X.25 network requires an NUA instead of an NUI to determine the destination of a call then the NUI Mappings table can be used to convert an NUI to an NUA. If a TPAD call specifies a call in which the NUI matches an entry the call actually placed on the network will contain the respective NUA and no NUI.
Protocol Identifier IP address IP address IP Port IP port number Interface Primary interface Backup Interface Backup interface Note that this table is duplicated in the Configuration - Network > Protocol Switch > NUA to Interface Mappings section as it can also be used by the Protocol Switch. Not all of the fields are visible in the Protocol Switch section as they do not all apply to the Protocol Switch.
Parameter Value Interface Type 13 LAPB 2 PVC 14 VXN 15 SSL Calls Macros Configuration – Network > Legacy Protocol > X.25> Calls Macros This page allows you to define up to 64 X.25 CALL “macros” that can be used to initiate ISDN and/or X.25 layer 3 calls. These simple English-like names are mapped to full command strings.
This page contains a table that allows you to enter a series of IP Port numbers and X.25 Call strings as shown below. It is used to configure the unit so that IP data can be switched over X.25. For example data that is received on a TCP connection can be answered by a PAD as if it is an X.25 call. This table is duplicated in the Configuration - Network > Protocol Switch > IP Sockets to Protocol Switch section as it is also used by the protocol switch.
RFC 1086 specifies a mode of operation in which the IP socket answers and then with a simple protocol in the socket identifies the X.25 address and other X.25 call setup parameters to be used. Then when the X.25 call parameters have been identified the X.25 call is made and if successful then data is then switched between the X.25 call and the IP socket. The protocol will select whether incoming or outgoing support is required.
Entity Instance Parameter Values 2=8583 Ascii 4 byte Equivalent Web Parameter PADS n Configuration – Network > Legacy Protocol > X.25> PADS n PAD which stands for Packet Assembler Dissembler is used to interface between a character based serial connection and an X.25 synchronous packet switched network. There are two main elements to the configuration procedure for accessing X.25 networks: General and service related parameters PAD parameters (X.3) Each X.
LCN The unit supports up to eight logical X.25 channels. In practice, the operational limit is determined by the particular service to which you subscribe (usually 4). Each logical channel must be assigned a valid Logical Channel Number (LCN). The LCN parameter is the value of the first LCN that will be assigned for outgoing X.25 CALLs. The default is 1027. For incoming calls, the unit accepts the LCN specified by the caller. LCN Direction This parameter determines whether the LCN used for outgoing X.
This field indicates the destination host that will answer the XOT, TCP, SSL, UDP call if a connection via the primary interface has failed and the PAD is configured to backup to a secondary interface that is using an IP based protocol. IP Stream port This is the TCP or UDP port number to use for IP (but not XoT) connections. IP length header When set to “On”, and in IP Stream mode, the length of a data sequence is inserted before the data.
This parameter specifies the length of time in seconds after which the PAD will terminate an X.25 call if there has been no data transmission. Disconnect the layer 2 call if there is no layer 3 call in progress for x seconds This parameter specifies the length of time in seconds after which the unit will disconnect a layer 2 link if there are no layer 3 calls in progress. For LAPB sessions this will also terminate the ISDN call.
Entity Instance Parameter Values Equivalent Web Parameter pad n iphdr 0=Off, 1=On, 2=8583 Ascii 4 byte IP length header pad n prompt text PAD prompt pad n padmode 0 = Normal, 1 = Prompt Always On PAD mode pad n profile 1-4, 50, 51,90,91 Use PAD Profile pad n strip_tspaces 1 = enabled, 0 = disabled Strip Trailing Spaces pad n llmode 1 = enabled, 0 = disabled Enable Leased Line Mode pad n enqcon 1 = enabled, 0 = disabled Send ENQ on Connect pad n stxmode 1 = enabled,
stoppads 1 and to re-enable PAD 1: gopads 1 PADs 0-9 > PAD 0 > Configuration – Network > Legacy Protocol > X.25> PADS 0 – 9> Pads 0 X3 Parameters Configuration – Network > Legacy Protocol > X.25> PADS 0 – 9> Pads 0> X3 Parameters Each PAD configuration page has an attached sub-page that allows you to edit the X.3 PAD parameters.
3 Data Forwarding Characters This parameter defines which characters cause data to be assembled into a packet and forwarded to the network. Option Description 0 No data forwarding character 1 Alphanumeric characters (A-Z, a-z, 0-9) 2 CR 4 ESC, BEL, ENQ, ACK 8 DEL, CAN, DC2 16 EXT, EOT 32 HT, LF, VT, FF 64 Characters of decimal value less than 32 Combinations of the above sets of characters are possible by adding the respective values together.
Option Description 4 PAD prompt enabled, signals disabled 5 PAD prompt enabled, signals disabled 7 Action on Break (from DTE) This parameter determines the action taken by the PAD on receipt of a break signal from the DTE. Option Description 0 No action 1 Send an X.25 interrupt packet 2 Send an X.25 reset packet to the remote system 4 Send an X.
Controls the automatic generation of a [CR],[LF] sequence after a certain line width has been reached. Option Description 0 No line folding 1 - 255 Width of line before the PAD generates [CR],[LF] 11 Port Speed This is a “read only” parameter, set automatically by the PAD and accessed by the remote system. Option Description 15 19,200 bps 14 9,600 bps 12 2,400 bps 3 2,400 bps 12 Flow Control of PAD (by DTE) Determines the flow control setting of the PAD by the DTE in the on-line data state.
Enables (1) or disables (0) local editing of data input fields by the PAD before data is sent. The three basic editing functions provided are character delete, line delete and line redisplay. The editing characters are defined by parameters 16, 17 and 18. In addition, parameter 19 determines which messages are issued to the DTE during editing. When editing is enabled, the idle timer delay (parameter 4) is disabled and parameter 3 must be used to select the desired data forwarding condition.
Option Description 0 No parity generation or checking 1 Parity checking on 2 Parity generation on 3 Parity checking and generation on 22 Page Wait This parameter determines how many line feeds are sent to the terminal before output is halted on a page wait condition. In other words, it defines the page length for paged mode output. A page wait condition is cleared when the PAD receives a character from the terminal.
X.25 PVCs Configuration – Network > Legacy Protocol > X.25> X.25 PVCs A Permanent Virtual Circuit (PVC) provides the X.25 equivalent of a leased line service. With a PVC there is no call setup or disconnect process; you can just start sending and receiving X.25 data on a specified LCN. For each X.25 service connection you may setup up multiple PVCs each of which uses a different LCN (or a mixture of PVCs and SVCs). Digi routers support up to four PVCs numbered 0-3. X.
This parameter may be set to the name of the interface to which a PVC initiator is connected, e.g. Serial 2.
MODBUS Gateway Configuration – Network > Legacy Protocol > MODBUS Gateway Digi TransPort routers support conversion from MODBUS serial to MODBUS TCP. When converting from MODBUS serial to MODBUS TCP over a WAN link it is necessary to have intelligence in the gateway\router to minimise the effect of the higher latency. Digi TransPort supports being a MODBUS server only. Clients (e.g.
Duplex Mode Sets the duplex mode to half or full. Full would be for 4-wire installations otherwise half is required. Operation mode This parameter sets the operation mode to master or slave. Idle Gap When receiving an modbus response from a station when this idle gap (pause with no reception of characters) is detected the message (currently received from the station) is at that staged forwarded on as the complete response. Fix slave address The address of the slave is fixed at this value.
Entity Instance Parameter Values Equivalent Web Parameter modbus n rawmode1 1 = enabled, 0 = disabled Raw Mode (row 2) modbus n bcasts_on OFF, ON Broadcast support. MODBUS Slaves Configuration – Network > Legacy Protocol > MODBUS Gateway> MODBUS Slaves This page defines access for the following MODBUS slaves when operating as "act-as-slave". Up to 32 slave definitions may be defined. Slave addresses/unit ids This field specifies the address of the slave unit.
Protocol Switch Configuration – Network > Protocol Switch The Protocol Switch software available on some models provides X.25 call switching between the various protocols and interfaces that may be available including: Interface / Protocol Description Off/None Data will not be switched from / backed-up to this protocol LAPD Data will be switched from / backed-up to LAPD using the X.25 service. LAPD X As above but the actual LAPD instance used will be determined by the NUA.
When this optional feature is included, the unit may be configured to pass X.25 calls or data received in a TCP connection to another protocol or interface. In addition, it is possible to specify a backup protocol or interface so that if an outgoing call on one interface fails, then the backup interface is automatically tried. LAPB can be used to switch to either ISDN or X.25 over serial depending on the configuration of the LAPB instance chosen.
• IP Sockets to Protocol Switch • NUA to Interface Mappings • NUA Mappings 295
Parameters TCP or XoT This parameter controls the switching of incoming X.25 calls received via TCP or XOT. Select the interface to which data should be switched from the drop down list, or select “Off” and the protocol switch will not respond to any incoming XOT or TCP connections. LAPD This parameter controls the switching of incoming X.25 calls received via ISDN LAPD.
LAPB X backup to interface If any of the Switch from parameters has been set to LAPB X, and LAPB X is unavailable, this parameter may be used to specify an alternative interface to switch the X.25 call to. Any of the other interfaces may be chosen, or “None”. If “None” is chosen, then no backup call will be attempted. VXN backup to interface If any of the Switch from parameters has been set to VXN, and VXN is unavailable, this parameter may be used to specify an alternative interface to switch the X.
Enable ENQ Char: When this parameter is set to “On”, when an incoming call on LAPB is switched and the unit connects to it, the X.25 switch sends a data packet on the LAPB X.25 SVC containing the ENQ character. LAPB 0 Default Packet Size: 128 256 512 1024 This is the default packet size for calls being switched onto LAPB 0. The default packet size is 128, other possible values are 256, 512 or 1024 bytes.
However, this means that if you are routing traffic from the local subnet across a VPN tunnel you would have to set up two Eroutes; one to match the local subnet address and one to match the XOT source address (i.e. the address of the PPP interface associated with to the wireless network). By setting this parameter to “Ethernet” the unit will use the IP address of the Ethernet port instead of that of the PPP interface so that you need only set up on Eroute. X.
Entity Instance Parameter Values Equivalent Web Parameter X25sw 0 swfrlapb2 0-10,13-15 (see below) Switch from LAPB 2 to X25sw 0 swfrlapb2pvc 0-10,12, 14, 15 (see below) Switch from LAPB 2 PVC to X25sw 0 swfrlapd 0, 2-10,12-15 (see below) Switch from LAPD to X25sw 0 swfrxot 0-3,5-10,12-15 (see below) Switch from XOT (TCP) to X25sw 0 swfrxotpvc 0-7,9,10,12-15 (see below) Switch from XOT PVC to X25sw 0 callprefix Calling Prefix X25sw 0 dlcn 0-65535 D-Channel LCN X
Entity Instance Parameter Values Equivalent Web Parameter LAPB 2 Default Packet Size X25sw 0 lapb2ppar 7,8,9,10 7=128 8=256 9=512 10=1024 X25sw 0 lapb2wpar 1-7 LAPB 2 Default Window Size X25sw 0 ipaddr IP address IP Stream or XOT Remote IP Address X25sw 0 buipaddr IP address IP Stream or XOT Backup IP Address X25sw 0 ip_port 0-65535 IP Stream Port IP Length Header X25sw 0 iphdr 0,1,2 0=Off 1=On 2=8583 Ascii 4 byte X25sw 0 srcipadd Interface number 0-65535 Source IP addr
Parameter value Interface type 10 UDP stream 12 LAPB 2 13 LAPB 2 PVC 14 VXN 15 SSL CUD Mappings Configuration - Network > Protocol Switch > CUD Mappings Protocol Switch CUD mappings allow you to map an incoming call’s CUD (call user data) from one value to another. The PID (protocol identifier) portion of the CUD (if present) is maintained from input to output and is not involved in the comparison.
IP Sockets to Protocol Switch Configuration - Network > Protocol Switch > IP Sockets to Protocol Switch This page contains a table that allows you to enter a series of IP Port numbers and X.25 Call strings as shown below. It is used to configure the unit so that IP data can be switched to any of the protocols support by the protocol switch includingX.25. For example data that is received on a TCP connection can be forwarded over SSL, XoT or a UDP stream.
fails and so may be useful in backup scenarios. In addition it will ensure that no data is sent into a “black hole”. (When this setting is not enabled data that is sent on the inbound TCP connection before the outbound connection has been successful can be lost.) RFC 1086 Mode: RFC 1086 specifies a mode of operation in which the IP socket answers and then with a simple protocol in the socket identifies the X.25 address and other X.25 call setup parameters to be used. Then when the X.
Entity Instance Parameter Values Equivalent Web Parameter 0=Off ipx25 n iphdr 1=On IP length header 2=8583 Ascii 4 byte NUA to Interface Mappings Configuration - Network > Protocol Switch > NUA to Interface Mappings This page contains a table that allows you to enter a series of X.25 NUA or NUI values along with IP addresses/Ports to which they should be mapped if you need to override the default settings in the Configuration - Network > Legacy Protocols > X.25 > NUA/NUI Interface Mappings page.
Entity Instance Parameter nuaip 0-255 buswto Values (see table below) 0-10, 12-15 (see table below) Interfaces are coded as follows: Parameter Value Equivalent Web Parameter Backup Interface Interface Type 0 Default 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD X (actual instance determined by NUA) 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP stream 10 UDP stream 12 LAPB 2 13 LAPB 2 PVC 14 VXN 15 SSL NUA Mappings Configuration - Network > Protocol Switch > NUA Mappings Protocol
This page displays a table with four columns in which you can specify the NUA In values, corresponding NUA Out values, to which interfaces the mappings should be applied, and whether the mapping should apply if the unit is making the call, receiving the call, or both.
Alarms Configuration Configuration -Alarms The Configuration -Alarms page has the following menu options: Event Settings Event Logcodes SMTP Account Event Settings Configuration - Alarms > Event Settings The router maintains a log of events in the “LOGCODES.TXT” pseudo file. When an event of a specified (or lower priority) level occurs, a syslog message, an email alert or SMS alert (on W-WAN models) can be sent to a pre-defined address.
Entity Instance Parameter Values Equivalent Web Parameter event n ev_filter Comma separated list of event numbers Do not log the following events event n action_dly Number of seconds (e.g.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter event n etrig 0–9 0 disables sending alerts Send an email notification when the event priority is at least n event n emax 0 – 255 Send a maximum of n emails per day event n etemp The name of a template file. Default is EVENT.EML Use email template file event n to A valid email address, e.g. Email To you@yourdomain.
Entity Instance Parameter Values Equivalent Web Parameter event n trap_max 0 – 255 Send a maximum of n SNMP traps per day SMS Messages Configuration > Alarms > Event Settings> SMS Messages Note: This option is only available on routers with W-WAN capability. This section has three identical rows, each of which controls the setting of the SMS alert messages. Send SMS messages to This field should contain the destination telephone number (MSISDN) for SMS alert messages.
Entity Instance Parameter Values file stored in the compressed .web file) event n sms_max 0 – 255 Equivalent Web Parameter Send a maximum of n SMS messages per day Local Logging Configuration > Alarms > Event Settings> Local Logging A secondary log file can be created on a USB flash drive and events will be appended to this log file. This facility is useful if an extended logging period is required where, the normal eventlog.
Send Syslog messages When this checkbox is checked, the following options are displayed: Send a Syslog message when the event priority is at least n This is the lowest priority event that will generate a syslog message. For example, if this value is set to 6, only events with a priority of 6 or lower (7,8 or 9) will trigger an automated syslog message. To disable syslog messages, set this value to 0.
Interface x,y If the routing table is not to be used, an interface type (PPP or Ethernet) may be selected from the drop-down selection box and the interface instance number may be typed into the adjoining text entry box. The route is then determined by that interface. Priority The checkboxes listed in this section select the event priorities that should cause the event to be logged. Facility The checkboxes listed in this section select which of the router facilities should be logged.
This is not a configurable parameter; it is simply the event number, displayed for information only. This is the number to refer to when filtering events in the event log settings Configuration – Alarms > Event Settings. Description This field is a description of the event code. Clicking on a link in this field brings up the configuration page associated with that event. Filter This parameter is for information only. If event filtering is applied to an event, the associated filter is shown as “On”.
This drop-down selection box contains a list of the system entities. All Selecting this radio button causes all of the system entities Instance Selecting this radio button enable a text entry box that allows the user to enter the instance of the selected entity. Priority only applies to This configuration section comprises a set of checkboxes, each checkbox controlling whether the priority is applied to that interface instance.
Configuring Reasons The page invoked by selecting a reason link in the event logcodes table is very similar to the Configuring Events page but with the following differences. There is no “Do not log this event” checkbox. There is the following additional parameter: Inherit alarm priority from event Selecting this checkbox causes the following “Alarm Priority” parameter to be disabled and cause the priority to be the same as the event that triggered it.
This parameter specifies the text to be used as the “MAIL FROM” parameter which forms part of the protocol when connecting to the email server. Most SMTP servers will accept an empty string whereas others require that this parameter is present. It may be necessary to consult with the SMTP server administrator (or ISP) to determine whether or not this parameter is required.
Entity Instance Parameter Values Equivalent Web Parameter smtp n mail_from Free text field Display “Email From” as smtp n att_lim 0 – 65535 Attachment size limit This CLI value is entered in Kilobytes only.
Systems Configuration The Configuration – Systems menu has the following sub-menu options: • • • Device Identity Date and Time General Device Identity Configuration – Systems > Device Identity This configuration section describes how to configure the identity of the router. Description This free-form text input field is for entering a description of the router that can be used to uniquely identify it.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter snmp n Name Free text field Description snmp n Contact Free text field Contact snmp n Location Free text field Location cmd n Unitid Free text field Router Identity cmd n Hostname Free text field Hostname cmd n sec_hostname Free text field Secondary Hostname Date and Time Configuration – Systems> Date and Time The router keeps track of calendar time using an internal real time clock (RTC) device
Autoset Date and Time Do not auto-set the system time This is the system default and this radio button will appear filled in when the unit is new unless a different default configuration has been supplied. Click this radio button to close the SNTP or NTP configuration pages. Auto-set the system time Selecting this radio button expands the page to include the SNTP settings. These are described below. SNTP server The hostname or IP address of the desired SNTP server is entered here.
Hour Use this drop-down selection box to select the desired hour at which to switch back to GMT. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter sntp n server Valid hostname or IP address sntp.timeserve.
Note: If SNTP is used the accuracy of around 1 second is achieved. If NTP is used 200 microsecond accuracy can be achieved. Not all models support NTP – this option will only appear for models that do. Initial Drift Compensation n ppm NTP incorporates compensation for clock drift. If this parameter is known, it can be entered here. Otherwise, the router will calculate this value over a period of time. Once calculated, the value will be displayed in the text box.
Entity Instance Parameter Values Equivalent Web Parameter y = interface number ntp n server Valid IP address or hostname, e.g. ntp1@timeserver.
Entity Instance Parameter Values Equivalent Web Parameter ntp n maxpoll 3 - 14 Poll Interval s1, s2 See ‘minpoll’ for values ntp n burstint3 0 – 255 Startup burst Interval s seconds ntp n server4 Valid IP address or hostname, e.g. ntp4.timeserver.
This parameter is the CLI command to run on start-up. In the above example, this field would be set to the string “bas sample.bas”. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter cmd n autocmd Valid CLI command Autorun Commands Web / Command Line Interface The router may be configured using several different methods. This section describes how to configure the web GUI and CLI (Command Line Interface) options.
Entity cmd Instance n Parameter Values Equivalent Web Parameter tremto 0 – 86400 seconds Automatically log user out if idle for h hrs m mins s seconds This CLI value is entered in seconds only. local n access 0–4 Use access level 0 = Super 1 = High 2 = Medium 3 = Low 4 = None 8 = Read only local n tlocto Free text field Never, h hrs, m mins, s secs cmd n noremecho 0,1 Enable Remote command echo 0 = Off (default) 1 = On cmd n prebanner Valid filename e.g. “welcome1.
that the router should monitor for the FTP “PORT” and ”PASV” commands. These commands contain information relating to IP addresses and Ports which should be modified during the NAT process. The NAT modifications may result in different sized packets being generated that then require that the TCP sequence numbers be modified to allow for the changes.
Entity Instance Parameter Values 331 Equivalent Web Parameter 2 = W-WAN signal strength
Remote Management Configuration The Configuration – Remote Management page has the following menu options: • • Device Cloud SNMP Device Cloud Configuration – Remote Management > Device Cloud The Configuration – Remote Management > Device Cloud menu has the following submenu options: • • • Connection Settings Advanced SMS Settings Connection Settings Configuration – Remote Management > Device Cloud > Connection Settings Device Cloud is a hosted remote configuration and management system that has been des
Entity Instance cloud Parameter Values server Valid IP address e.g. 1.2.3.4 or domain name e.g. login.etherios.com Server Address n Equivalent Web Parameter 1 = On cloud n reconnect 0,1 Automatically reconnect the server after being disconnected 0 = Off 1 = On cloud n reconnectsecs 0 – 86400 Reconnect after h, m, s This CLI value is entered in seconds only.
Ethernet Settings Receive Interval s seconds This is the time between keep-alive packets that the router should wait before considering that the connection may be lost. Transmit Interval s seconds This is the interval between transmission of keep-alive packets. Assume connection is lost after n timeouts Occasional packet loss is to be expected, this parameter will allow for a specified number of lost keep-alive packets before the connection is deemed to have failed.
The second MIB is the “Monitor MIB” which is a standard MIB that gives access to various Digi TransPort proprietary objects. The OIDs in this MIB do not change with every release although it is possible for new objects to be added to it. This MIB is available from the Technical Support team.
Entity Instance Parameter Values snmp n port 0 - 65535 snmp n engineid String Equivalent Web Parameter 1 = On Use UDP Port Default = 161 SNMPv3 Engine ID SNMP User > SNMP User n Configuration – Remote Management > SNMP> SNMP User> SNMP User n This page controls the configuration of the SNMP users. SNMPv1 / SNMPv2c Community The text in this text entry box specifies the community string for Version 1 and Version 2c SNMP packets.
Entity Instance Parameter Values Equivalent Web Parameter snmpuser n name user_dave Username snmpuser n auth Off,MD5,SHA1 Authentication, None, MD5, SHA1 snmpuser n authPassword my_password Authentication Password snmpuser n priv Off,DES,AES Encryption, None, DES, AES snmpuser n privPassword my_password Encryption Password SNMP Filters Configuration – Remote Management > SNMP> SNMP Filters SNMP filters allow the system administrator to control access to the router MIBs via SNMP
SNMP specifies several generic traps (Cold Start, Warm Start, Link Down, Link Up etc). When this checkbox is ticked, generic traps are generated. Generate Authentication Failure traps This checkbox enables the generation of authentication failure traps. Generate VRRP traps Checking this checkbox enables the generation of VRRP traps. See the VRRP section in this manual for the configuration of VRRP.
The maximum number of times an Inform Request message will be retransmitted. If no acknowledgement is received after the maximum number of retransmissions, an event is logged. Community Enter the desired community string into this text entry box. Confirm Community Entering the community string again here enables verification of the string since the string is not displayed.
Security Configuration The Configuration – Security page has the following menu options: • System • Users • Firewall • RADIUS • TACACS+ • Command Filters • Calling Numbers • GPS Users Configuration – Security> Users The Configuration – Security> Users menu has the following sub-menu options: • • User n Advanced User n Configuration – Security> Users> User n These pages allow you to configure a number of authorised users.
Low Allows user to access low level commands which tend to be status and statistics commands. Read Only Read only access of the configuration. None User is not allowed to login via Web, FTP, SSH and Telnet.
configured on a PPP interface. When this parameter is configured, the IP address negotiated on the PPP link will be this one, not an address from the regular IP address pool. Remote Peer IP subnet In the event that multiple PPP interfaces are enabled for answering and that multiple remote routers can dial into the local router, static routes cannot always be used to ensure that packets which should be routed to the remote network are sent through the correct PPP interface.
The rules governing the operation of the firewall are contained in a pseudo-file called “fw.txt”. This file can be created either by using the controls in the web page described below or by using a text editor on a PC and then loading the resulting file onto the router using FTP or XMODEM. Digi Routers are shipped with a default fw.txt file that can be used as the starting point for a custom firewall configuration. Configuration of the firewall is carried out by using the table described below.
Check the checkbox next to the interface(s) that the firewall should operate on in order to enable the firewall for that interface. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter fw n/a logclr - Reset Hit Counters fw n/a save - Save fw n/a - - Restore The firewall rule hits may be viewed from the command line console by using the command: type fwstat.
Other protocols s seconds If a stateful inspection rule is created from a packet type other than TCP, UDP or ICMP, a rule timeout should be created for it. The parameter in this text box specifies the length of time such a rule persists. The timer is restarted each time a packet is processed by the rule.
The RADIUS client may be configured with up to two Network Access Servers (NAS). It may also have local authentication turned on or off depending on system requirements. When a user is authenticated, the configured RADIUS servers are contacted first. If a valid ACCEPT or REJECT message is received from the server, the user is allowed or denied access respectively. If no response is received from the first server, the second server is tried (if configured).
Confirm Password Type the above password into this text box so that the router may determine if the two are identical. Secondary Authorization Server IP Address a.b.c.d The value in this text box is the IP address of the secondary authorisation NAS server. NAS ID The value in this text box is an identifier which is passed to the secondary authorisation NAS and is used to identify the RADIUS client. The appropriate value will be supplied by the secondary authorisation NAS administrator.
The value in this text box is the password that is supplied by the secondary accounting NAS administrator and is used in conjunction with the secondary accounting NAS ID to authenticate RADIUS packets. Confirm Password Type the above password into this text box to enable the router to check that they are identical. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter radcli 0,1 server Valid IP Address a.b.c.
If required an alternative source interface and instance may be selected here. Select the required interface from the drop-down list and enter the instance of that interface into the adjacent text box.
Retransmit the request after s seconds The value in this text box specifies the interval between retransmissions of RADIUS packets. Stop the negotiation after n retransmissions The value in this text box specifies the maximum number of times RADIUS data should be transmitted to the NAS before the negotiation is deemed to have failed.
When the user has been authenticated and access has been authorised, the login is allowed. If the connection is via telnet or SSH a welcome message will be displayed that shows the access level and the method of authentication. If the access level was assigned locally the following message will be displayed: Welcome. Your access level is SUPER If the access level was assigned by the TACACS+ server, the following message will be displayed: Welcome.
Enable local authentication if there is no response from the server(s) When checked, this checkbox will allow local authentication if TACACS+ authentication fails. Enable TACACS+ Authentication When checked, this checkbox enables authentication. When authentication is enabled, user authentication takes place on the TACACS+ server. When disabled, user authentication takes place locally on the router.
If required, due to the TACACS+ server being accessed via a VPN tunnel, an alternative source interface and instance may be selected here. Select the required interface from the drop-down list and enter the instance of that interface into the adjacent text box. The available interface options are • Auto • PPP • Ethernet.
Entity Instance Parameter Values Equivalent Web Parameter cfilter n cmd Valid command line command Command cmd n cfilton 0,1 0 = Off 1 = On n/a cfilterr 0,1 0 = Off – OK 1 = On – ERROR n/a cmd n Command filtering is enabled from the command line for any particular instance of the command interpreter with the following command cmd cfilton 1 The default action is to respond with the “OK” response.
Entity Instance Parameter Values Equivalent Web Parameter rejlst n ans OFF,ON Mode Answer,Reject rejlst n code 0 – 255 code Command line examples: To display an entry in the calling numbers list enter the command: rejlst ? where is 0 – 9. e.g.
Position Configuration The Configuration – Position page has GPS sub-menu item. GPS Configuration – Position > GPS One of the options available on some models is the ability to connect a GPS receiver which enables the router access to geographical position information. The module may be internal or external. In either situation, an internal asynchronous serial (ASY) port will be used for the connection.
All other messages The above messages are the most common and useful NMEA sentences. Many GPS modules support additional messages. Checking this checkbox causes the modules to output any other supported messages. IP Connection 1 GPS data may be sent to up to two IP destinations. These are specified in the following two sections of the web page. Send GPS messages to IP address a.b.c.d This text entry box holds the IP address that the GPS data should be sent to.
Entity Instance Parameter Values connected to Equivalent Web Parameter gps 0 gpson On, Off Enable local monitoring gps 0 init_str Valid command for GPS receiver GPS Module Initialization string gps 0 gga_on 0,1 0 = Off 1 = On Fix data (GGA) gps 0 gll_on 0,1 0 = Off 1 = On Position (GLL) gps 0 gsa_on 0,1 0 = Off 1 = On Active Satellites (GSA) gps 0 gsv_on 0,1 0 = Off 1 = On Satellites in view (GSV) gps 0 rmc_on 0,1 0 = Off 1 = On Position and time (RMC) gps 0 vtg_on
Entity Instance Parameter Values Equivalent Web Parameter gps 0 udpmode2 0,1 0 = TCP 1 = UDP Use TCP/UDP gps 0 IPprefix2 Free text Prefix the message with gps 0 IPsuffix2 Free text Suffix the message with The following CLI parameters are not available on the web interface: Entity Instance Parameter Values Equivalent Web Parameter gps 0 gga_int s seconds 0 – 255 n/a gps 0 gll_int s seconds 0 - 255 n/a gps 0 gsa_int s seconds 0 – 255 n/a gps 0 gsv_int s seconds 0 – 2
Applications Page The Configuration – Application page has the following menu options: • Basic • Python Basic Applications Configuration – Application > Basic ScriptBasic Configuration – Application > Basic > ScriptBasic In order to allow end users to extend and enhance the functionality of the TransPort routers, scripting support is provided. ScriptBasic is a scripting language supported by Digi TransPort routers. This section describes how to run simple ScriptBasic scripts.
Entity Instance Parameter Values ScriptBasic script Equivalent Web Parameter Examples To set User parameter 1 to IPv4 address 10.1.1.1, enter the command: basic 0 string1 10.1.1.1 To execute a script from the CLI, enter the command: bas
The following additional command line informational / debugging commands may be helpful when developing Python scripts. “pycfg files” which displays the status of any Python files. “pycfg mem” which shows the memory useage for the router. “pycfg scripts” which shows the status of any scripts and change count.
Management Page The Management page has the following webpage options: • Network Configuration • Connections • Position • Analyser • Top Talkers 363
Network Status Management The Management-Network Status webpage has the following menu options: • Interfaces • IP Statistics • IP Routing Table • IP Hash Table • Port Forwarding Table • Firewall • Firewall Trace • DHCP Status • DNS Status • QoS Interfaces Management-Network Status> Interfaces The Management-Network Status> Interfaces menu has the following sub-menu options: • • • • • • • • Ethernet Wi-Fi Mobile DSL GRE ISDN Serial Advanced Ethernet >ETH n Management-Network Status> Int
MAC Address The Ethernet interface’s MAC address. Speed The current speed of the Ethernet interface. Duplex The current duplex mode of the Ethernet interface. Bytes Received The number of bytes that have been received on the Ethernet interface. Bytes Sent The number of bytes that have been sent on the Ethernet interface. Packets Received The number of packets that have been received on the Ethernet interface. Packets Sent The number of packets that have been sent on the Ethernet interface.
The number of Ethernet packets that have been received but had an invalid FCS. Tx Deferred The Ethernet packets successfully transmitted after being initially deferred. Long Frames The number of Ethernet packets that have been received which are too long. Carrier Sense Error The number of carrier sense errors that have occurred. These occur when the router attempts to transmit an Ethernet packet but cannot detect the carrier sense condition on the Ethernet network.
Packets Received The number of packets that have been received on the Wi-Fi interface. Packets Sent The number of packets that have been sent on the Wi-Fi interface. Receive Errors The number of receives errors have occurred on the Wi-Fi interface. Transmit Errors The number of transmit errors have occurred on the Wi-Fi interface. Received Packets Dropped The number of received packets have been dropped on the Wi-Fi interface.
Access Point The name and MAC address of the Wi-Fi Access Point that the router is connected to. Wi-Fi Node The Wi-Fi node that has been used to connect to the Access Point. RSSI The signal strength experienced by the router when connected to the Wi-Fi Access Point. Flags The state information for the Wi-Fi Access Point connection. Power Save The current power saving state of the router. The possible values are “Awake” and “Sleep”. Neg.
Mobile Management-Network Status> Interfaces> Mobile The Mobile status page displays the current mobile connection, network and module information.
The GSM registration status of the mobile module with respect to the GSM network. It may be one of the following • Not Registered, not searching • Not registered, searching • Registered, home network • Registered, roaming • Registration denied • Unknown • ERROR The registration status may sometimes be followed by additional information about the Location Area Code (LAC) and the Cell Identifier (CI). Signal Strength The signal strength in dBm being received by the mobile module.
Model The model of the mobile module. IMEI The International Mobile Equipment Identification (IMEI) of the mobile module. ESN The Electronic Serial Number (ESN) of the mobile module. MEID The Mobile Equipment Identifier (MEID) of the mobile module. IMSI The International Mobile Subscriber Identity (IMSI) of the mobile module. ICCID This field specifies Integrated Circuit Card Identifier (ICCID) of the SIM card. Firmware This specifies firmware running on mobile module.
The signal strength in dBm being received by the mobile module from EVDO networks. Manufacturer The manufacturer of the mobile module. Model The model of the mobile module. MDN The Mobile Directory Number (MDN) of the mobile module. MIN The Mobile Identification Number (MIN) of the mobile module. ESN The Electronic Serial Number (ESN) of the mobile module. MEID The Mobile Equipment Identifier (MEID) of the mobile module. Firmware The firmware running on mobile module.
Command Option Equivalent Web Parameter at\mibclr=ppp. n.stats n Clears the current interface statistics DSL Management-Network Status> Interfaces > DSL This page displays the current status and statistics of the DSL interface. Modem Status The current status of the DSL modem. On the DR64 platform, the values can be one of the following • Idle • Activating • Ghs • Training • Up Link Uptime The amount of time the modem has been in the Up state.
• • • • • ETSI G.dmt G.lite ADSL2 ADSL2+ Remote Vendor ID The remote vendor ID of the DSLAM that the DSL interface connected to. Speed The current speed the downstream and upstream DSL channels in Kbps. Channel The channel type being used. It can be either “Fast” or “Interleaved”. Relative Capacity The current relative capacity on the downstream and upstream DSL channels. The relative capacity is the percentage of your overall available bandwidth used to obtain your ATM service rate.
The number of blocks that have been received and could not be corrected by the forward error correction (FEC) code. Overrun Cells The number of cells lost because of overrun errors. Idle Cells The number of idle cells received. Related CLI Commands Command Instance Equivalent Web Parameter adslst n/a Displays the current DSL interface status. at\mibs=adsl.0.stats n/a Displays the current DSL interface statistics. at\mibclr=adsl.0.stats n/a Clears the current DSL interface statistics.
The configured destination IP address or domain name of the GRE interface. Further information on particular GRE interfaces can be obtained by selecting the appropriate GRE interface submenu underneath the GRE summary table. As well as the above information, the following statistics are also displayed. Bytes Received The number of bytes that have been received on the GRE interface. Bytes Sent The number of bytes that have been sent on the GRE interface.
The status information is presented as a simple table having three or four columns as described below: Channel There are three supported channels; the D-channel, B1 and B2 channels that appear in this column. Each channel row has an associated status, protocol and (for data channels) action. The Action column will only appear when the associated channel becomes active. Status The status of each channel is shown in this column. The status is either ON or OFF.
IPCP Packets Received This value is the number of IP Control Protocol (IPCP) packets received by the interface. IPCP Packets Sent This value is the number of IPCP packets sent by the interface. Receive Errors This value indicates the number of frames received that contain an error (CRC etc). Transmit Errors This value indicates the number of frames that the interface attempted to transmit, but were found to contain an error.
The number of times data that has been received on the serial interface has been dropped because of a lack of system buffers. Message Shortages The number of times data that has been received on the serial interface has been dropped because of a lack of system messages. Related CLI Commands Command Instance Parameter Equivalent Web Parameter at\mibs=asy.n n/a n/a Displays the statistics for serial interface n. at\mibclr=asy.n n/a n/a Clears the statistics for serial interface n.
Advanced > PPP > PPP n Management-Network Status> Interfaces> Advanced > PPP > PPP n This page displays the current status and statistics of the selected PPP interface.
Name The name assigned to the PPP interface. Uptime The amount of time the PPP interface has been up. MRU The maximum receive unit (MRU) that has been negotiated by each peer on the PPP connection. ACCM The Asynchronous Control Character Map (ACCM) that has been negotiated by each peer on the PPP connection. VJ Compression The Van Jacobson (VJ) compression that has been negotiated by each peer on the PPP connection. Link with Active Entity The entity that this PPP interface is using for connectivity.
IPCP Packets Received The number of IP Control Protocol (IPCP) packets that have been received on the PPP interface. IPCP Packets Sent The number of IP Control Protocol (IPCP) packets that have been sent on the PPP interface. BACP Packets Received The number of Bandwidth Allocation Control Protocol (BACP) packets that have been received on the PPP interface. BACP Packets Sent The number of Bandwidth Allocation Control Protocol (BACP) packets that have been sent on the PPP interface.
Route OOS Count The number of Route “Out Of Service” messages sent by the firewall to the routing code. These messages put routes out of service for a period of time and are sent when enough failed PPP transactions have occurred. Related CLI Commands Command Instance Parameter Equivalent Web Parameter ppp n status Displays the current status of PPP interface n. at\mibs=ppp.n.stats n/a n/a Displays the statistics for PPP interface n. at\mibclr=ppp.n.
Local Remote Static Static/RIP RIP IBGP EBGP OSPF The The The The The The The The route route route route route route route route is is is is is is is is for a network connected directly to the router. for a remote network accessed via a PPP connection. a static route. a static route that has been updated by RIP. a RIP route. an interior BGP route. an exterior BGP route. an OSPF route. Idx This parameter is only used for static routes and it defines the index of the configured static route.
Src IP Address The source IP address of the routed IP packet. Src Port The source TCP/UDP port of the routed IP packet. If the IP protocol is not TCP or UDP, then this field is “0”. Destination IP Address The destination IP address of the routed IP packet. Dest Port The destination TCP/UDP port of the routed IP packet. If the IP protocol is not TCP or UDP, then this field is “0”. Next Hop The next hop gateway to which the routed IP packet was sent to.
Port Forwarding Table Management-Network Status> Port Forwarding Table This page displays the Port Forwarding / NAT table. The Port Forwarding table is used by the router to keep track of IP packets that have been modified via NAT or NAPT in to order to be routed over a particular network. When the router receives a response to a previously modified IP packet, it will look up the matching entry in the Port Forwarding table in order to correctly modify the response IP packet.
Firewall Management-Network Status> Firewall This page displays the current Firewall statistics and the Firewall Stateful Inspection table. Passed Packets The number of packets the firewall has passed. Blocked Packets The number of packets the firewall has blocked. Logged Packets The number of packets the firewall has logged. Stateful Packets The number of packets that have matched a stateful rule. Undersized Packets The number of packets received by the firewall that are too small.
Hits The number of times an IP packet has been matched against the firewall rule. Direction The direction of the IP packets that match the firewall rule. Src IP Addr The source IP address of the IP packets that match the firewall rule. Src Port The source TCP/UDP port of the IP packets that match the firewall rule. Dest IP Addr The destination IP address of the IP packets that match the firewall rule. Dest Port The destination TCP/UDP port of the IP packets that match the firewall rule. Trans.
----- 5-10-2009 23:12:08 -----FW LOG Dir: IN Line: 37 Hits: 4730 IFACE: ETH 3 Source IP: 222.45.112.59 Dest IP: 217.34.133.21 ID: 256 TTL: 106 PROTO: TCP (6) Src Port: 12200 Dst Port: 8118 block log break end -------------- 5-10-2009 23:13:15 -----FW LOG Dir: IN Line: 37 Hits: 4731 IFACE: ETH 3 Source IP: 218.61.22.42 Dest IP: 217.34.133.21 ID: 35372 TTL: 136 PROTO: TCP (6) Src Port: FTP CTL (21) Dst Port: 16794 block log break end ---------2 example logged packets are shown.
DHCP Status Management-Network Status> DHCP Status This page displays the current DHCP status table. IP Address The IP address assigned to the hostname. Hostname The hostname to which the IP address has been assigned. Lease time left (mins) The length of time in minutes the IP address lease is valid for. After this time, the DHCP client will need to renew its IP address.
The time to live in seconds for the DNS entry. When the TTL reaches zero, the entry is deleted. Related CLI Commands Entity Instance Parameter Equivalent Web Parameter dns 0 status Displays the current status of the DNS table. dns 0 clear Deletes all the entries in the DNS table. QoS Management-Network Status> QoS This page displays the current QoS status table for a particular interface. Priority Q The priority queue in the table. TX rate (kbps) The current transmit rate in kbps of the queue.
Connections Management The Management- Connections webpage has the following menu options: • • • IP Connections PPP Connections Virtual Private Networking (VPN) IP Connections Management- Connections > IP Connections This page displays the current status of the TCP sockets on the router. The router has two types of sockets TCP Sockets Reserved for WEB and FTP connections. General Purpose Sockets Can be used by any application for TCP connections. TCP Sockets ID The TCP socket identifier.
Remote Port The TCP port being used by the connected remote device. SYNs Waiting The number of TCP SYN packets that are currently being processed by the router.s Free SYN entries The number of entries available to process an incoming TCP SYN packet. Related CLI Commands Command Options socks Description Displays the current status of the TCP sockets.
The ID of the general purpose socket. Owner The software task that created the socket. Protocol The protocol being used by the socket. Mode The mode of operation of the socket. State The current state of the socket. Local Port The port of the router that is being used by the socket. Remote IP Addr The IP address of the remote device that has a TCP connection with the socket. Remote Port The TCP port being used by the remote device. Inactivity Timeout The socket’s inactivity timeout (in seconds).
Virtual Private Networking (VPN) Management Management-Connections> VPN The Management-Connections> VPN menu has the following sub-menu options: • • IPsec OVPN IPsec Management- Connections> VPN> IPsec The Management- Connections> VPN> IPsec sub-menu has the following sub-menu options: • • • IPsec Tunnels IPsec peers IKE SAs IPsec Tunnels This page displays the current status of the IPsec tunnels. # IPsec tunnel number.
AH The AH algorithm in use, if any. ESP Auth The ESP authentication algorithm in use, if any. ESP Enc The ESP encryption algorithm in use, if any. IPComp The data compression algorithm in use, if any. KBytes Delivered The total amount of data that has been transferred (in both directions) over this IPsec tunnel. KBytes Left The amount of data left to be transferred over the IPsec tunnel before the data duration limit is reached. The data duration is negotiated between the router and the remote device.
The IP address of the remote device. Our ID The ID of the router. Peer ID The ID of the remote device. Dead Peer Detection (DPD) The DPD status and the time until the next DPD request. NATT Local Port The local NAT-Traversal port. NATT Remote Port The remote NAT-Traversal port. IKE SAs This page displays the current status of the IKE Security Associations (SA). Our ID The ID of the router. Peer ID The ID of the remote device with which the IKE SA has been negotiated.
Position Management The Management- Position webpage has GPS menu. GPS Management- Position > GPS This page displays a summary of the most recent information received from the GPS module (if fitted) and the status of the IP connections. Longitude The current longitude contained in the last GGA, GLL or RMC message from the GPS module. Latitude The current latitude contained in the last GGA, GLL or RMC message from the GPS module.
The current data integrity as indicated in the last RMC message from the GPS module. It can be either “Valid” or “Not Valid”. IP Connections The current IP address, port number, connection type and status of the IP connections. Related CLI Commands Command at\mibs=gps.0.stats Options Description Displays the current status of the GPS receiver.
Event Log Management The Management – Event Log page displays the current contents of the event log on the router. The event log is stored in a pseudo-file called “eventlog.txt”. It acts as a circular buffer so that when there is no space available for new entries, the oldest entries are overwritten. Each entry in the log normally consists of a single line containing the date, time and a brief description of the event.
Analyser Management Management-Analyser The router can be configured to capture a trace of the data being transmitted and received on the various interfaces. It is able to capture the layer 1, 2 and 3 protocol data and present it in an easily read format. The Management-Analyser page has the following menu options: • • • Settings Trace PCAP (e.g. Wireshark) traces Settings Management-Analyser > Settings Enable Analyser This checkbox is used to enable or disable the analyser.
Serial Interfaces The checkboxes shown under this heading are used to select the serial interfaces over which packets will be captured and included in the analyser trace. The list of available interfaces will include the physical serial interfaces, internal virtual serial interfaces (if present) and interfaces used by built-in WWAN and/or PSTN modems.
IP Addresses This parameter is used to filter out IP packets with particular source or destination IP addresses. The format of this parameter is a comma-separated list of IP addresses. For example, you may wish to exclude the capture of traffic from IP hosts 10.1.2.3 and 10.2.2.2. This can be done by entering “10.1.2.3,10.2.2.2” for this parameter. Conversely, you may wish to only capture traffic to and from particular IP hosts. To do this, use a tilde (~) symbol before the list of IP addresses.
Entity Instance Parameter Values separated list Equivalent Web Parameter Protocols ana 0 discipaddfilt Comma separated list Discarded IP Packet Filters / IP Addresses eth n ethanon on, off Ethernet Interfaces eth n ipanon on, off IP Sources ovpn n ipanon on, off IP Sources ppp n ipanon on, off IP Sources ppp n pppanon on, off PPP Interfaces tun n ipanon on, off GRE IP Sources tun n tunanon on, off GRE Tunnel Interfaces Related CLI Commands not available via the W
Entity Instance ana 0 Parameter Values logsizek Description which the analyser trace will be stored once the file indicated by “logfile” is reaches its max size as specified by “logsizek”. The maximum size in Kbytes of the file on the alternate drive. Value in Kbytes When set to 0, the file size is only limited by the flash device.
Interface Value Serial 10 1024 Serial 11 2048 Serial 12 4096 To enable the analyser on multiple serial interfaces, add the appropriate values together. For example, to enable the analyser on serial interfaces 2 and 3, the value should 12 (4 + 8). The number of Serial interfaces can vary on different depending on which hardware and software options are available.
Related CLI Commands Command Options Description type ana.txt Displays the contents of the event log. ana 0 anaclr Clears the contents of the event log. PCAP (e.g. Wireshark) traces Management-Analyser> PCAP (e.g Wireshark) traces The traffic captured by the Analyser is also available in PCAP format. This format can be read by a network protocol analyser such as Wireshark. This powerful feature gives a network engineer the ability to diagnose network protocol issues with relative ease.
Top Talkers Management The router can be configured to monitor the data being transmitted and received on the various interfaces. It is able to report which IP hosts are generating the most traffic over a period of one minute and 30 minutes. Top Talkers also allows you to block particular IP traffic flows to stop them from using bandwidth.
Trace Management-Top Talkers > Trace This displays the current top talkers trace.
Administration Page The Administration page has following options: • System Information • File Management • X.
System Information Administration The Administration – System Information page gives an overview of the status of the router. Model This describes the model of the router. Part Number This describes the Digi part number of the router. Ethernet 0 MAC Address This describes the MAC address of the Ethernet 0 interface. Firmware Version This describes the firmware version that is currently running on the router. SBIOS Version This describes the SBIOS firmware version that is currently running on the router.
Up Time This describes the amount of time since the router booted up. Date and Time This describes the current date and time on the router. Total Memory This describes the total amount of RAM that is fitted on the router. Used Memory This describes the amount of RAM that is currently being used on the router. Free Memory This describes the amount of RAM that is currently free on the router. Mobile Module This describes which mobile module is fitted on the router.
File Management Administration The Administration – File Management page has the following menu options: • FLASH Directory • WEB Directory • File Editor FLASH Directory Administration – File Management > FLASH Directory This page displays the contents of the router’s flash file system. The unit has its own FLASH memory fling system that uses DOS-like filenames of up to 12 characters long (8 characters followed by the “.” separator and a 3-character extension).
The date and time of when the file was last modified. Delete Selected Files This button is used to delete the selected files.
Related CLI Commands Command Options dir Equivalent Web Parameter Displays the entire contents of the router’s flash file system. Displays a filtered view of the router’s flash file system. The filter can contain wildcards using the *. dir e.g. dir *.pem to display all the files ending in “.pem”. dir u: Displays the contents of an USB flash stick if inserted into the USB port of the router.
File The name of the file in web file. Size (Bytes) The size of the file in bytes. Compressed Size (Bytes) The compressed size of the file in bytes. File Editor The file editor allows the user to edit text files on the router. Filename The name of the file to edit. It is possible to create a new file by typing in the filename and clicking on the “Save File” button. Load File Load the file specified in “Filename” into the editor box. Save File Save the file to the flash file system.
X.509 Certificate Management Administration The X.509 Certificate Management pages are for loading and managing X.509 certificates and public/private host key pairs that are public key infrastructure (PKI) based security. The Administration -> X.509 Certificate Management Page has the following menu options: • Certificate Authorities (CAs) • IPsec/SSH/HTTPS Certificates • Key Generation Certificate Authorities (CAs) Administration -> X.
Path The path on the server to the SCEP application. The path can either be entered manually if known or select from cgi-bin or Microsoft SCEP from the drop-down list. Application The SCEP application running on the server. CA identifier The identifier for the CA server. The CA identifier to use to identify a particular CA when multiple CAs might be running on the server.
The following parameters allow the user to create a certificate request, enroll them and to install the certificates on the router. SCEP Server IP address The IP address of the SCEP server / CA server. Port The port on which SCEP server is listening. If the port is 0, the default port of 80 will be used. Path The path on the server to the SCEP application. You can either enter your own path or select from cgi-bin or Microsoft SCEP from the drop-down list.
Before you can create a certificate request you must first obtain a challenge password from the Certificate Authority Server. This password is generally obtained from the SCEP CA server by way of a WEB server or a phone call to the CA Server Administrator. For the Microsoft® SCEP server, you browse to a web interface. If the server requires a challenge password, it will be displayed on the page along with the CA certificate fingerprint.
Entity Instance Parameter Values Equivalent Web Parameter creq 0 commonname String Common Name (CN) creq 0 country String Country Code (C) creq 0 state String State or Province (ST) creq 0 locality String Locality (L) creq 0 orgname String Organisation (O) creq 0 org_unit String Organisational Unit (OU) creq 0 email Email Address E-Mail creq 0 unstructname String Unstructured Name creq 0 digest MD5 or SHA1 Digest Algorithm The creq command can also be used t
The larger the key, the more secure the connection, but also the larger the key, the slower the connection. Save in SSHv1 format If this checkbox is checked the private key will be generated in SSH version 1 format. If it is cleared the private key will be generated in SSH version 2 format. Related CLI Commands The genkey command can be used to generate a private key file. To generate a private key, enter the command genkey 0 <-ssh1> where is the size of the key in bits.
Update Firmware The Administration –Update Firmware page allows the user to update the router’s firmware. The router will download a zip file onto the router, uncompress it, validate each file within the zip file and then update the files in its flash file system. The zip file containing the latest firmware version is available from the Digi website (http://transport.digi.com/digi/firmware/ftp/). The zip file should be downloaded to your PC before starting the firmware update.
Factory Default Settings The Administration – Factory Default Settings page allows you to reset the router’s configuration back to the factory defaults. The router must be rebooted before the configuration changes take effect. Keep network settings Selecting this option will mean that certain network settings will be preserved and not reverted back to the factory defaults.
Execute a command The Administration –Execute a Command page allows CLI commands to be entered via the web browser. Almost all of the CLI commands detailed in this reference guide can be entered via this page. The corresponding output will be shown when the ‘Execute’ button is pressed.
Save configuration Administration – Save configuration Once you have configured the router, your chosen settings must be saved to non-volatile memory to avoid losing them when the power is removed. Save current configuration to Config n This parameter can be used to set the configuration file to which the current configuration will be saved when the “Save” button is clicked. There are 2 options, profile 0 and profile 1. The default power up profile is profile 0.
Reboot The Administration - Reboot page is used to reboot the router immediately or at a scheduled time. A reboot will be performed after any FLASH write operations have been completed. Also, one second each is allowed for the following operations to be completed before reboot will take place: • IPSec SA delete notifications have been created and sent • TCP sockets have been closed • PPP interfaces have been disconnected Immediately Selecting this option will cause the router to reboot after a few seconds.
Logout Clicking the Logout link in the menu on the left will log out the current user and return to the login page 428
Filing system & system files The dir command described below is used to display a list of the currently stored files. A typical file directory will include the following files: Filename Description ana.txt Pseudo file for Protocol Analyser output config.da0 Data file containing Config.0 settings direct File directory eventlog.txt Pseudo file for Event Log output fw.txt Firewall script file fwstat.txt Firewall script status file image Main system image *.
You may select which of the two config files is loaded when the unit is powered-up or rebooted by setting the parameter Configuration - System > General > Miscellaneous > Use Config n when the router powers up as required (or by using the config n powerup CLI command). Note: The CONFIG files only contain details of settings that have been changed from the default values. SREGS.DAT A combined set of AT command and S register settings are referred to as a “profile”.
DEL Delete File The del command is used to delete files from the filing system. The format is: del where is the name of an existing file. You can also use wild cards in the filename in order to delete several files at once. The * character can represent one or more characters in the filename. For example, del fw*.txt will delete fw.txt and fwstat.txt. The del command returns OK if files have been deleted, or ERROR if no matching files have been found.
REN Rename File The ren command is used to rename files in the filing system. The format is: ren SCAN/SCANR Scan File System The scan command performs a diagnostic check on the file system and reports any errors that are found. For example: scan Please wait... direct ....ok sbios ....ok mirror ....ok image ....ok, data ok sregs.dat ....ok x3prof ....ok CAcert.cer ....
After entering the xmodem command the unit will wait for your terminal program to start transmitting the file. When the upload is complete and the file has been saved, the unit will respond with the OK result code. A remote XMODEM upload can also be initiated by establishing a Telnet session over ISDN, and then issuing the xmodem command from the remote terminal.
If the USB storage device is empty, you will get the following message: No files If no USB device is present, the following message is displayed: No USB flash directory Example 2: To copy a file called “image” from the main flash memory onto the USB device, you would enter the command: copy image u:image To copy a file called “Logcodes.TXT” from the USB device to the main flash memory, you would enter the command: copy u:Logcodes.TXT Logcodes.TXT or copy u:Logcodes.
Copy the .all file to a USB storage device and insert the device into the TransPort router. Issue the command “dir u:” to confirm the TransPort can access the USB device. To copy the .all file onto the TransPort router, from the command line enter “copy u:mr4110.all t.all” (replacing mr4110.all with the correct .all file name and the t.all destination name can be anything). Please note that the source file (mr4110.all in this example) must adhere to the 8.
Where DRIVER = "MSD" for Mass Storage Device. "SERIAL" for serial devices, or "HUB" for hub devices. To disable a Flash Stick on the top port only... usbcon 0 dislist usb-2-2.MSD Wildcards are also possible so to disable flash devices entirely. For example: usbcon 0 dislist usb-*.MSD This will match on ALL MSD devices even if in another HUB. To disable both external USB ports on a DR64x0 the following commands can be used...
• • • • • The complete model, for example: DR6410-H0A The platform build string, for example: 8W The type of DSL, for example: DSL2, 2+ The type of WWAN module detected, for example: E (Edge), C (CDMA) The complete WWAN module string, for example: MOTO_G24, SIEMENS_GPRS, SIEMENS_MC75, NOVATEL_3G, SIERRA_3G, OPTION_3G, NOVATEL_CDMA, CMOTECH_CDMA, SIERRA_CDMA PSTN or ISDN module, for example: PSTN, ISDN Tags must be used within angle brackets and the configuration sections must be opened AND closed with the
#Start of Option specific config modemcc 0 asy_add 7 modemcc 0 info_asy_add 9 #End of Option specific config #Start of Sierra specific config modemcc 0 asy_add 7 modemcc 0 info_asy_add 10 #End of Sierra specific config #End of DR6410-H0A config #Start of DR6410-E0A config modemcc 0 asy_add 7 modemcc 0 info_asy_add 11 #End of DR6410-E0A config #Rest of generic config goes below here modemcc 0 apn internet” eth 0 ipaddr
Web GUI Access via Serial Connection To access the web interface through one of the unit’s serial ports (using Windows dial-up networking) follow the steps below. Note: To use Dial-up Networking you must have the TCP/IP > Dial-up adapter installed in the Network Configuration for Windows. Check this by selecting Settings > Control Panel > Network > Configuration. Installing the Driver File You will need to install the “Digi_MULTI_PORT.
3. Check the Don’t detect my modem, I will select it from a list option before clicking Next > to display the following dialog screen: This screen lists the manufacturers and models of modem currently available on your system. 4. Insert the CD supplied into the CD drive and click on Have Disk….
Use the Browse button to locate the Digi_MULTI_PORT.INF file on the driver CD supplied with your unit or downloaded from the Digi support website. This will be in the appropriate Windows version sub-directory of the drives folder, e.g. win95-98. A list of routers will appear in the Models list: Each entry in the list is the same driver, set up for a different COM port. 5. Choose the entry corresponding to the COM port your router is connected to, and click Next >.
Click on the OK button if you are satisfied with the installation. Note: During the installation you may receive a warning that the driver is not digitally signed. Click on Continue Installation to install the driver. Creating A New Dial-Up Network Connection You now need to create a new DUN connection through which you can access your unit. If you are planning to connect the unit directly to your PC for configuration purposes, connect it to the appropriate COM port now using a suitable serial cable.
2. Select the Connect to the network at my workplace radio-button then click on Next >: 3.
4. From the Select a Device dialog, select the unit you have just installed and make sure that any other devices in the list are unchecked. Click Next >. 5. You must now enter a name for the connection. It is helpful to choose a name that you will easily remember such as “My Digi Router” or “DR64 - Bristol Office”. Click Next >.
If the connection is being created for direct local access using a COM port, you should set the phone number to 123. This number will be intercepted by the unit and recognized as an attempt to connect locally. If the connection is being created for remote access, enter the correct ISDN telephone number (including the area code) for the remote unit. When you have done this click Next >.
2. Click on the Properties button to display the properties dialog for the connection: 3. On the General tab, click the Configure… button to display the Modem Configuration dialog: Make sure that the Maximum speed (bps): value is set to 115200 and that the Enable hardware flow control box is checked. Click OK when you have finished to return to the main properties dialog. 4.
Make sure that the Type of dial-up server I am calling is set to PPP: Windows 95/98/NT/2000, Internet and click on Settings: Make sure that all three options are unchecked before clicking OK to return to the Networking tab. In the This connection uses the following items list, Internet Protocol (TCP/IP) should be the only item that is checked. Make sure that this is the case and then click OK to return to the main dialog. You are now ready to initiate a connection.
Note: When you type the password it will appear as a series of dots to ensure privacy. Once you have entered these, initiate a connection to your unit by clicking the Dial button. During the dialling and connection process, you may see a series of status dialog boxes and, if the connection is successful, the final dialog box will indicate that the PPP login has been authenticated.
SQL commands When IPSec Egroups are used with a SQL database for dynamic Eroute configuration, there are CLI commands that will help with configuration and troubleshooting on the Digi router. Local Database commands As well as using an external SQL database, the Digi can cache the SQL table entries it learns from the SQL server in RAM so if the SQL server goes offline for any reason, the database entries are still available to renew existing IPSec SA’s.
Learning mode - Saving entries When learning mode is used, the dynamic backup database is stored in RAM. This database will be lost if the Digi router is power cycled. The database in RAM can be saved to flash to over-write the dbfile with the one in RAM that includes the learnt entries or it can be saved to a new file. To save the dbfile to flash from RAM, use the following command. sqlsave 0 Where is the name of the destination file.
For example, to configure and use a local backup database when the main SQL database at 192.168.0.50 is offline, the configuration may look similar to this: egroup 0 dbhost "192.168.0.50" sql 0 dbsrvmem 200 sql 0 dbfile "sardb.csv" sql 0 dbname "sarvpns" sql 0 learn ON sqlsave 0 backup.csv ipbu 0 IPaddr "192.168.0.50" ipbu 0 BUIPaddr "127.0.0.1" ipbu 0 retrysec 30 ipbu 0 donext ON Memory info smem Displays the amount of memory allocated, in use and available for use by the MySQL server on the Digi.
To enable the SQL debug: sql 0 debug_opts 3 To view the debug data via the ASY 0 port: debug 0 To view the debug data via telnet: debug t To disable the SQL debug: sql 0 debug_opts 0 debug off 452
Answering V.120 Calls V.120 is a protocol designed to provide high-speed point-to-point communication over ISDN. It provides rate adaptation and can optionally provide error control. Both the calling and called units must be configured to use V.120 before data can be transferred. Similarly, if one unit is configured to use the error control facility, the other must be configured in the same way. Initial Set Up Before using V.120 you must first bind one of the two available V.
Finally, you must ensure that there are no conflicts with other protocols configured to answer on other ASY ports. This can be done by disabling answering for the other ports/protocols or by using the MSN and/or Sub-address parameters to selectively answer calls to different telephone numbers using different protocols. For example, if you have subscribed to the ISDN MSN facility, you may have been allocated say four telephone numbers ending in 4, 5, 6 and 7.
ANSWERING ISDN CALLS Digi routers are capable of answering incoming B-channel ISDN calls with 3 main protocols. Usually several instances of these protocols exist. This section explains how answering priorities work for the different protocols. Protocol Entities The following protocol instances are capable of answering an incoming ISDN call: Adapt Adapt instances provide rate adaptation protocols such as V.120 or V.110. LAPB LAPB instances allow the unit to answer incoming X.25 calls over ISDN.
A protocol entity’s MSN parameter can be used to: • cause a protocol instance not to answer an incoming ISDN call (if the trailing digits of the ISDN number called do not match the entry in this field). • increase the answering priority of an instance (if more than one protocol instance is configured to answer and the trailing digits of the ISDN number called match the value of the MSN parameter for a particular protocol instance).
X.25 PACKET SWITCHING Introduction X.25 is a data communications protocol that is used throughout the world for wide area networking across Packet Switched Data Networks (PSDNs). The X.25 standard defines the way in which terminal equipment establishes, maintains and clears Switched Virtual Circuits (SVCs), across X.25 networks to other devices operating in packet mode on these networks. The protocols used in X.25 operate at the lower three layers of the ISO model.
X.28 Commands Once an X.25 session layer has been established the unit switches to “PAD” mode. In this mode operation of the PAD is controlled using the standard X.28 PAD commands listed in the following table: Command Description CALL Make an X.25 call CLR Clear an X.25 call ICLR Invitation to CLR INPAR? List X.3 parameters of specified PAD instance INPROF Load or save specified PAD profile INSET Set X.
Example CALL R,G12,NMYNUI-56512120DHello places a call to address 56512120 using reverse charging and specifying Closed User Group 12. The string “MYNUI” is your Network User Identity and the string “Hello” appears in the user data field of the call packet. Note: The particular facilities that are available will vary between X.25 service providers.
Network User Identity (NUI) The N facility code allows you to include your Network User Identity in the call packet. For security reasons the PAD echoes each character as an asterisk (*) during the entry of an NUI. Some X.25 services use the NUI field to pass both a username and password for validation.
Code Verbose message 3 No route to destination 4 Channel unacceptable 6 Channel unacceptable 7 Call awarded and being delivered in an established channel 16 Normal call clearing 17 User busy 18 No user responding 19 No answer from user (user alerted) 21 Call rejected 22 Number changed 26 Non-selected user clearing 27 Destination out of order 28 Invalid number format 29 Facility rejected 30 Response to STATUS ENQUIRY 31 Normal, unspecified 34 No circuit/channel available 3
Code Verbose message 82 Identified channel does not exist 83 A suspended call exists, but this call identity does not 84 Call identity in use 85 No call suspended 86 Call having the requested call identity has been cleared 88 Incompatible destination 90 Destination address missing or incomplete 91 Invalid transit network selection 95 Invalid message, unspecified 96 Mandatory information element is missing 97 Message type non-existent or not implemented 98 Message not compatible with
The clear down reason codes supported by the unit are listed in the following table: Reason Code Numeric Code Text DTE 0 by remote device OOC 1 number busy INV 3 invalid facility requested NC 5 temporary network problem DER 9 number out of order NA 11 access to this number is barred NP 13 number not assigned RPE 17 remote procedure error ERR 19 local procedure error ROO 21 cannot be routed as requested RNA 25 reverse charging not allowed ID 33 incompatible destination FNA
PROF &nn where “nn” is the number of the User PAD profile to be stored, e.g. 03. Alternatively, you may use the web interface to edit the parameters directly (Configuration - Network > Legacy Protocols > X.25 > PADs n-n > PAD n > PAD Settings).
When used in the format: prof nn the PROF command loads the stored profile specified by “nn”. RESET Send Reset Packet RESET is used to issue a reset for the current call to the network. It does NOT clear the call but it does return the network level interface to a known state by re-initialising all Level 3 network control variables. All data in transit will be lost. RPAR? Read Remote X.3 Parameters RPAR? lists the current X.3 parameter settings for the remote system. RSET Set Remote X.
PPP OVER ETHERNET PPP over Ethernet (PPPoE) is a means of establishing a PPP connection over the top of an Ethernet connection. The implementation provided is compliant with RFC 2516, “A Method for Transmitting PPP Over Ethernet”. A typical application would be to allow non-PPPoE enabled devices to access Internet services where the connection to the Internet is provided by an ADSL bridge device.
IPSEC AND VPNS What is IPSec? One inherent problem with the TCP protocol used to carry data over the vast majority of LANs and the Internet is that it provides virtually no security features. This lack of security, and recent publicity about “hackers” and “viruses”, prevent many people from even considering using the Internet for any sensitive business application. IPSec provides a remedy for these weaknesses adding a comprehensive security “layer” to protect data carried over IP links.
DES (64-bit key) This well-known and established protocol has historically been used extensively in the banking and financial world. It is relatively “processor intensive”, i.e. to run efficiently at high data rates a powerful processor is required. It is generally considered very difficult for casual hackers to attack but may be susceptible to determined attack by well-equipped and knowledgeable parties.
X.509 Certificates In the previous section, security between two points was achieved by using a “pre-shared secret” or password. Certificates provide this sort of mechanism but without the need to manually enter or distribute secret keys. This is a complex area but put simply a user’s certificate acts a little like a passport providing proof that the user is who they say they are and enclosing details of how to use that certificate to decrypt data encoded with it.
The unit maintains two lists of certificate files. The first is a list of “Certificate Authorities” or CAs. Files in this list are used to validate public certificates sent by remote users. Public certificates must be signed by one of the certificates in the CA list before the unit can validate them. Certificates with the filename CA*.PEM and CA*.DER are loaded into this list at start-up time. In the absence of any CA certificates, a public certificate cannot be validated.
FIREWALL SCRIPTS Introduction A “firewall” is a protection system designed to prevent access to your local area network by unauthorised “external” parties, i.e. other users of the internet or another wide area network. It may also limit the degree of access local users have to external network resources. A firewall does not provide a complete security solution; it provides only one element of a fully secure system. Consideration should also be given to the use of user authentication and data encryption.
Filter Rules The syntax for a filter rule is: [action] [in-out] [options] [tos] [proto] [dnslist] [ip-range] [inspect-state] When the firewall is active, the script is processed one line at a time as each packet is received or transmitted. Even when a packet matches a filter-rule, processing still continues and all the other filter rules are checked until the end of the script is reached. The action taken with respect to a particular packet is that specified by the last matching rule.
ICMP type value ICMP type 15 routersol The optional [icmp-code] field can also be a decimal number representing the ICMP code of the return ICMP packet but if the [icmp-type] is [unreach] then the code can also be one of the following pre-defined text codes: ICMP code Meaning net-unr Network unreachable host-unr Host unreachable proto-unr Protocol unrecognised port-unr Port unreachable needfrag Needs fragmentation srcfail Source route fail For example: block return-icmp unreach in break end
The vdscp action is very similar to the dscp action as described above in that it adjusts the DSCP value in a packet. The difference however is that this is a virtual change only which means that the actual packet is not changed, and that the packet is processed as if it had the DSCP value as indicated. Like the dscp action, a decimal or hex number must follow. [in-out] The [in-out] field can be in or out and is used to specify whether the action applies to inbound or outbound packets.
Example: break ppp_label on ppp 0 # insert rule processing here for packets that are not on ppp 0 break end ppp_label # insert rule processing here for packets that are on ppp 0 on The on option is used to specify the interface to which the rule applies and must be followed by a valid interface name. For example, if you were only interested in applying a particular rule to packets being transmitted or received by PPP 0, you would include on ppp 0 in the rule.
Identifier Meaning ftp FTP packets regardless of port number icmp ICMP packet decimal number decimal number matched to protocol type in IP header The [proto] field is also important when “stateful” inspection is enabled for a rule (using the [inspect-state] field), as it describes the protocol to inspect (see [inspect-state] below). [dnslist] The [dnslist] field is used to match packets that contain DNS names that are in a given dnslist.
port-range = “port” port-num “<>” | “><” port-num ip-addr = IP address in format nnn.nnn.nnn.
Address/Port Translation One further option that may be used when specifying addresses is to use address translation. The syntax for this is: srcdst = “all | fromto [-> [ip-object] “to” object] I.e. directly after the IP addresses and port are specified an optional “->” can follow indicating that the addresses/ports should be translated. The first source object is optional and is unlikely to be used as it is more normal to translate the destination address.
Keyword Std. Port Service telnet 23 Telnet server port smtp 25 SMTP server port http 80 Web server port pop3 110 Mail server port sntp 123 NTP server port ike 500 Source/destination port for IKE key xot 1998 Destination port for XOT packets Note: The above service keywords are pre-defined based on “standard” port numbers. It is possible that these may have been defined differently on your system in which case you should use the port numbers explicitly (not the defined names).
As a further example, let us say we want to allow outward connections from a machine on 10.1.2.33 to a Telnet server. We have to define a filter rule to pass outbound connections and the inbound response packets. Because this is an outbound Telnet service we can make use of the fact that all incoming packets will have their ACK bits set. Only the first packet establishing the connection will have the ACK bit off. The filter rules to do this would look like this: pass out break end from 10.1.2.
The following two rules are therefore equivalent: pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-type 0 pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-type echorep Both of these rules allow echo replies to come in from interface ppp 0 if they are addressed to our example local network address (10.1.2.*). In addition to having a type, ICMP packets also include an ICMP code field.
The field can be used on its own or with an optional oos (Out Of Service) parameter. To understand this better let us look at a simple example in which we want to set up a filter to allow all machines on a local network with addresses in the range 10.1.2.*, to access the Internet on port 80. We will need one rule to filter the outgoing packets and another to filter the responses: pass out break end on ppp 0 from 10.1.2.0/24 to any port=80 pass in break end on ppp 0 from any port=80 to 10.1.2.
The potential for a security breach has now been virtually eliminated because even if a hacker could time his attack perfectly he would still have to forge a response packet using the correct source address and port (which was randomly created by the sender of the HTTP request) and also has to target the specific IP address that opened the connection. Another advantage of “inspect-state” rules is that they are scalable, i.e. many machines can use the rule simultaneously.
The inspect-state option can be used with the following ICMP packet types: ICMP Type Matching ICMP Type Echo Echo reply Timest Timestrep Inforeq Inforep Maskreq Maskrep Using [inspect-state] with the Out Of Service Option The inspect-state field can be used with an optional oos parameter. This parameter allows the stateful inspect engine to mark as “out of service” any routes that are associated with the specified interface and also to control how and the interfaces are returned to service.
The third rule is more complex. What it does is to configure the stateful inspection engine to watch for UDP packets (with any source address) being routed via the PPP 1 interface to any address that begins with 156.15 on port 1234. If a hit occurs on this rule but the unit does not detect a reply within 10 seconds (as specified by the t= parameter), it will increment an internal counter.
The FWLOG.TXT File When the log option is specified within a firewall script rule, an entry is created in the FWLOG.TXT pseudo-file each time an IP packet matches the rule. Each log entry will in turn contain the following information: Parameter Description Timestamp The time when the log entry is created. Short Description Usually “FW LOG” but could be “FW DEBUG” for packets that hit rules with the “debug” action set. Dir Either “IN” or “OUT”. Indicates the direction the packet is travelling.
block return-icmp echorep log body break end proto icmp icmp-type echo From REM TO LOCIFACE: ETH 0 45 IP Ver: 4 Hdr Len: 20 00 TOS: Routine Delay: Normal Throughput: Normal Reliability: Normal 00 3C Length: 60 9C CC ID: 40140 00 00 Frag Offset: 0 Congestion: Normal May Fragment Last Fragment 80 TTL: 128 01 Proto: ICMP 0C E1 Checksum: 3297 64 64 64 19 Src IP: 100.100.100.25 64 64 64 32 Dst IP: 100.100.100.
Dest Port: 23 TCP Flags: S Further [inspect-state] Examples Here is a basic inspect-state rule with no OOS options: pass out break end on PPP 2 proto TCP from 10.1.1.1 to 10.1.2.1 port=telnet flags S!A inspect-state This rule will allow TCP packets from 10.1.1.1 to 10.1.2.1 port 23 with the SYN flag set to pass out on PPP 2. Because the inspect-state option is used, a stateful rule will also be set up which allows other packets for that TCP socket to also pass.
Keeping a route out of service and using recovery It may be that the user wants to keep the interface OOS until he is sure that a future connection will work. To help achieve this, one or more recovery options may be specified. These options get the unit to test connectivity between the unit and the destination IP address of the packet that established the stateful rule. The recovery can be in the form of a PING or a TCP socket connection. An interval between recovery checks must also be specified.
Keeping a route out of service and using recovery with a list of addresses This expands on the functionality above and gives the ability to check connectivity to a range of addresses using a ping. It is possible to specify an address list that the recovery mechanism will ping in turn to see if any respond.
REMOTE MANAGEMENT Digi products equipped with ISDN BRIs can be accessed and controlled remotely via the ISDN network by using: • • • • a V.120 connection to access the text command interface PPP to access the Web Interface PPP to access the text command interface using Telnet the X.25 remote command channel Remote access via any one of these methods can be used to reconfigure the unit, upload/download files or upgrade the software, examine the event log or protocol analyser traces or to view statistics.
Using FTP TransPort routers incorporate an FTP server. FTP allows users to log on to remote hosts for the purpose of inspecting file directories, retrieving or uploading files, etc. For PC users, MSDOS includes FTP support and there are a number of Windows-based specialist FTP client programs such as CuteFTP™ and Ws_ftp™. Many browsers also incorporate FTP support. To initiate remote access to a unit using FTP, first establish a PPP DUN connection to the unit and then run your FTP software.
Using X.25 Remote access to your unit may also be carried out over an X.25 connection. The remote unit must first have the parameter Allow CLI access from X.25 address set to an appropriate value (see Configuration - System > General). If the unit then receives an incoming X.25 call where the trailing digits of the NUA match the specified sub-address, the calling user will receive the standard login prompt.
AT COMMANDS D Dial The ATD command causes the unit to initiate an ISDN call. The format of the command depends on the mode of operation. When using the unit to make data calls on one of the ISDN B-channels, enter the ATD command followed by the telephone number. For example, to dial 01234 567890 enter the command: atd01234567890 Spaces in the number are ignored. If the call is successful the unit will issue the CONNECT result code and switch to on-line mode.
&C DCD Control The AT&C command is used to configure the way in which the unit controls the DCD signal to the terminal. There are three options: &C0 DCD is always On &C1 DCD is On only when an ISDN connection has been established (Layer 2 is UP) &C2 DCD is always Off &C3 DCD is normally On but pulses low for a time in 10 msec units determined by S register 10. &F Load Factory Settings The AT&F command is used to load a pre-defined default set of S-register and AT command settings (the default profile).
The AT&W command may be immediately followed by a profile number, either 0 or 1, to store the settings in the specified profile, for example: at&w1 would store the current settings as profile 1. If no profile number is specified, profile 0 is assumed. All S register values and the following command settings are written by AT&W: e, &c, &d, &k &Y Set Default Profile The AT&Y command is used to select the power-up profile (0 or 1).
\AT Ignore Invalid AT Commands This command is a work-around for use with terminals that generate large amounts of extraneous text. If not ignored, this text can cause many error messages to be generated by the router, and may result in a communications failure. To turn on this feature, type the following command: at\at=1 To turn off the feature, type the following command: at\at=0 When this feature is turned on, the ASY port ignores all commands except real AT commands.
\smib Commands The at\smib command allows you to view a single standard MIB variable. To view the variable use the at\smib= command, where is the variable to be displayed. The variables are sorted according to the hierarchy shown below.
System The System hierarchy consists of the following: at\smib=mib-2.system.sysdescr This variable shows the software version information (equivalent to what is shown on the ‘ati5’ CLI command output). mib-2.system.sysdescr = Software Build Ver5121. Jan 31 2011 12:26:04 9W at\smib=mib-2.system.sysobjectid The authoritative identification of the network management subsystem. The Digi does not support outputting OID variables. Instead, “oid” is output. mib-2.system.sysobjectid = oid at\smib=mib-2.system.
For the Digi, this value is always 7 (Physical layer (21-1) + Data Link layer (22-1) + Network layer (23-1)). Interfaces The Interfaces hierarchy consists of the ifnumber variable and the iftable node: at\smib=mib-2.interfaces.ifnumber The total number of interfaces on the unit. This includes Ethernet, PPP and virtual interfaces (i.e. IPSec tunnels) and SYNC ports. mib-2.interfaces.ifnumber = 52 at\smib=mib-2.interfaces.iftable The iftable node contains ifentry nodes for each interface.
at\smib=mib-2.interfaces.iftable.ifentry.ifspeed This variable displays an estimate of the interface’s current bandwidth in bits per second. SNAIP and SYNC ports will always return 0. PPP ports will always return 64000. For example: mib-2.interfaces.iftable.ifentry.ifspeed.1 = 64000 at\smib=mib-2.interfaces.iftable.ifentry.ifphysaddress The interface’s address at the protocol layer immediately below the network layer in the protocol stack.
at\smib=mib-2.ip.ipforwarding This variable indicates whether the unit is acting as an IP gateway in respect to the forwarding of datagrams received by, but not addressed to, the unit. IP gateways forward datagrams, IP hosts do not. For the Digi, this value is always 1. at\smib=mib-2.ip.ipaddrtable The ipaddrtable node contains ipaddrentry nodes for each IP address assigned to each interface of the unit.
at\smib=mib-2.ip.iproutetable.iprouteentry.iproutemask The netmask for the route.
“S” REGISTERS In addition to the AT commands there are a number of Special (“S”) registers. These registers contain numeric values that may represent time intervals, ASCII characters or operational flags. To display the contents of a particular “S” register, the ATS command is used in the form ATSn? where n is the number of the register whose contents are to be shown.
S1 Ring count Units: Rings Default: n/a Range: n/a When ADAPT detects an incoming ISDN call on an ASY port, it will print “RING” to the ASY port at 2 second intervals. It also increments the S1 register, counting how many times “RING” is printed. S2 Escape Character Units: ASCII Default: 43 Range: 0-255 The value stored in S2 defines which ASCII character is used as the Escape character, which by default is the “+” symbol.
Register S31 is used to set the speed and data format for the ASY port to which you are currently connected. The default value for ASY 0 is 0, i.e. the port speed/data format is not set to a specific value, it is determined automatically from the AT commands that you enter. The default value for ASY 1, 2 and 3 is 3, i.e. the ports will only accept AT commands at 115,200bps (8 data bits, no parity and 1 stop bit).
GENERAL SYSTEM COMMANDS The application commands described in this section are basic configuration commands that do not relate to specific types of application or network. CONFIG Show/Save Configuration The config command is used for the following purposes to show current or stored configuration settings, to save the current configuration or to specify which configuration is to be used when the unit is powered up or rebooted.
REBOOT Reboot Unit The reboot command causes the unit to execute a complete hardware reset, loading and running the main image file from cold. It has three modes of operation: reboot - will reboot the unit after any FLASH write operations have been completed.
Clearing the Analyser Trace and Event Log To clear the analyser trace, the CLI command is ana 0 anaclr To clear the event log, the CLI command is clear_ev Activate and Deactivate interfaces To manually activate (or raise) an interface, the following CLI command can be used as an activation request. act_rq To manually deactivate (or lower) an interface, the following CLI command can be used as an activation request.
The syntax of the command is as follows: Usage: gpio [inout ON|OFF|input|output] With no parameters, the command will display the current status of the ports.
The following image shows the pins and the corresponding numbers: For more information on wiring and other details, refer to Digi Transport 4-pin DC Power Cord User Guide. GOBI Image Load Selection For the qdl command, it is used to specify which image to load onto a GOBI cellular module. The syntax of the command is: qdl 0 fw where n can be 0 .. 14. The default value is 0.
TCPPERM AND TCPDIAL This section describes the operation of the tcpperm and tcpdial commands which are available only as application commands and have no equivalent web pages. TCPPERM The tcpperm command is used to establish a permanent “serial to IP” connection between one of the ASY ports and a remote IP host. After the command has been executed, the unit will automatically open a socket connection to the remote peer whenever data is received from a terminal attached to the specified ASY port.
Parameter Description -i The inactivity timeout (s) after which the socket will be closed -k Keep alive packet timer (s) -l Listening port - allows the user to set a new TCP port number to listen on rather than the default value of 4000+ASY port # -m Multihome additional consecutive addresses index -ok Open socket in ’quiet mode’, i.e. there is no ’OK’ response to the TCPPERM command. -s Source port number -ssl Use SSL mode -t Use Telnet mode.
SERIAL PORT CONNECTIONS Depending upon the model, the asynchronous serial ports on may be presented as DB 25 sockets, DB 9 sockets or 8-pin RJ45 sockets. On some models, a combination of the above may be used. The following tables list the pin designations of each type of connector for each Digi model. The RS-232 port pin-outs are suitable for both Async and Sync port connections. When used in Async mode the pins for TxC, RxC & ETC are not required, these are needed for Sync mode only.
DR6410, DR6420, DR6460, DR64x0W & WR41 516
WR44 519
TA2020 521
ER2110, IR2110 & MR2110 522
IR2140 & GR2140 523
GR2130 524
IR2140 527
IR2420 530
TA2020B & IR2110B 533
DR4410, DR4410i & DR4410p 536
MW3410, MW3520 & VC5100 539
ER4420, ER4420d, ER4420i, ER4420p, HR4420, HR4420d, HR4420i, HR4420p & IR4420 542
MR4110, ER4110, HR4110, GR4110 & TR4110 545
RS-232 (V.
Configuring X.21 on Older Models Some older Sarian legacy units require an X.21 daughter card to be fitted to enable X.21 operation. There are two versions of the X.21 daughter card. One version is compatible with GR2130, IR2140 and IR2420 routers, and one version is compatible with MW3520, MW3410 and VC5100 routers. The X.21 daughter card compatible with GR2130, IR2140 and IR2420 routers has three internal jumpers that determine the clock mode.
EMAIL TEMPLATES One of the principal features provided by the event log function is the ability to configure the unit to automatically generate and send an email alert message each time an event of up to a specified priority occurs. The format of the message is determined by the email template specified in the Use email template file parameter (normally EVENT.EML) in the Configuration - Alarms > Event Settings > Email Notifications web page. If the standard EVENT.
If this field is present in the header, the unit will insert the current date and time into the header. The date and time are values local to the unit and do not contain any time zone information. Body Section The body section may include any text. This text is parsed for any function calls that may be present. Function calls must be enclosed between “<%” and “%>”. These sequences are substituted by text resulting from the function call.
e.g. <%run_cmd("ati5");%> <%run_cmd("bufs");%> <%run_cmd("msgs");%> An example template adding CLI commands would be: TO: fred@anyco.com, jane@anyco.co.uk FROM: MyRouter SUBJECT: automatic email MIME-Version: 1.0 Unit: <%smtpid();%> Event: <%email_event();%> This event had sufficient priority to cause the transmission of this email. Please check the attached logs and review.
Certifications FCC Part 68 Declarations (for Transport DR models only) This equipment complies with Part 68 of the FCC rules and the requirements adopted by the ACTA. On the underside of this equipment is a label that contains, among other information, a product identifier in the format US:AAAEQ##TXXXX. If requested, this number must be provided to the telephone company.
OEM Advisory For OEM use, the mounting of the Transport DR in the final assembly must be made so that the Transport DR is isolated from exposure to any hazardous voltages within the assembly. Adequate separation and restraint of cables and cords must be provided. The circuitry from the Transport DR to the telephone line must be provided in wiring that carries no other circuitry (such as PC or PR leads) unless specifically allowed by the rules.
GLOSSARY 0-9 3DES Triple Data Encryption Standard A ACCM Asynchronous Communication Channel Multiplexer ACFC Address Control Field Compression ADSL Asymmetric Digital Subscriber Line AES Advanced Encryption Standard AFE Analogue Front End AH Authentication Header AIS Alarm Indication Signal AODI Always On Dynamic ISDN APACS Association of Payment Clearing Services, the UK payments association APN Access Point Name ATM Asynchronous Transfer Mode or Automatic Teller Machine ARFCN Abso
DHCP Dynamic Host Configuration Protocol DLSw Data-Link Switching DNS Domain Name Server DPD Dead Peer Detection DSCP Differentiated Services Code Point DSL Digital Subscriber Line DTE Data Terminal Equipment DUN Dial-Up Networking E EDGE Enhanced Data GSM Environment ESP Encapsulating Security Payload protocol F FCS Frame Check Sequence FEC Forward Error Correction FIFO First In First Out FQDN Fully Qualified Domain Name FTP File Transfer Protocol G GPRS General Packet Radio
IMSI International Mobile Subscriber Identity IP Internet Protocol IPCP Internet Protocol Control Protocol IPSec Internet Protocol Security ISAKMP Internet Security Association and Key Management Protocol ISDN Integrated Services Digital Network L L2TP Layer 2 Tunnelling Protocol LAC Location Area Code LAI Location Area Identity LAN Local Area Network LAPB Link Access Procedure Balanced LAPD Link Access Protocol D-channel LCN Logical Channel Number LCP Link Control Protocol LRC
NOM Network Operation Mode NUA Network User Address NUI Network User Identifier O OAM Operation, Administration and Maintenance OOS Out Of Service OPNS Online PUK Negotiation Service OSPF Open Shortest Path First P PANS Polling Answering Service PAD Packet Assembler/Disassembler PAP Password Authentication Protocol PAT Priority Access Threshold PBCCH Packet Broadcast Control Channel PEM Privacy Enhanced MIME PFC Protocol Field Compression PFS Perfect Forwarding Security PID Pr
R RAC Routing Area Code RACH Random Access Channel RADIUS Remote Authentication Dial-In User Service RAT Radio Access Technology RDI Remote Defect Indication RIP Routing Information Protocol RSSI Received Signal Strength Indication RTS Request To Send S SA Security Association SABM Set Asynchronous Balanced Mode SABME Set Asynchronous Balanced Mode Extended SCEP Simple Certificate Enrolment Protocol SDLC Synchronous Data Link Control SHA-1 Secure Hash Algorithm 1 SMS Short Messa
U UBR Unspecified Bit Rate UDP User Datagram Protocol UMTS Universal Mobile Telecommunications System USB Universal Serial Bus V VLAN Virtual Local Area Network VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol W WAN Wide Area Network WCDMA Wide-band Code-Division Multiple Access WRED Weighted Random Early Dropping W-WAN Wireless Wide Area Network X XOT X.
ACKNOWLEDGEMENTS Copyright Digi International Limited 1999-2011, all rights reserved. In addition we would like to thank all those who have contributed to open software which has done so much to improve and expand knowledge of IP protocols and the Internet generally. Notably software in this product contains portions of code from the OpenBSD project under the following copyrights: Copyright (c) 2003, 2004 Henning Brauer Copyright (c) 2004 Esben Norby
