Digi ConnectPort X Family
User Guide
�Revision history—90000832
Revision
Date
Description
N
September
2018
Added regulatory information for Brazil.
P
September
2019
Added information about how to open and close the device.
R
December
2019
Added information for unique password for web interface.
S
April 2022
Added translated Safety instructions.
T
October
2022
Added .ota and .otb extensions to the XBee firmware filename
conventions section. See XBee firmware filename conventions.
Added .ota and .otb extensions to accepted filename. See Update
firmware over the air for XBee network modules.
Trademarks and copyright
Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United
States and other countries worldwide. All other trademarks mentioned in this document are the
property of their respective owners.
© 2022 Digi International Inc. All rights reserved.
Disclaimers
Information in this document is subject to change without notice and does not represent a
commitment on the part of Digi International. Digi provides this document “as is,” without warranty of
any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or
merchantability for a particular purpose. Digi may make improvements and/or changes in this manual
or in the product(s) and/or the program(s) described in this manual at any time.
Warranty
To view product warranty information, go to the following website:
www.digi.com/howtobuy/terms
Send comments
Documentation feedback: To provide feedback on this document, send your comments to
techcomm@digi.com.
Customer support
Digi Technical Support: Digi offers multiple technical support plans and service packages to help our
customers get the most out of their Digi product. For information on Technical Support plans and
pricing, contact us at +1 952.912.3444 or visit us at www.digi.com/support.
Digi ConnectPort X Family
2
�Contents
About this guide
Where to find information
Safety instructions
Safety instructions
Инструкции за безопасност
Sigurnosne upute
Bezpečnostní instrukce
Sikkerhedsinstruktioner
Veiligheidsinstructies
Ohutusjuhised
Turvallisuusohjeet
Consignes de sécurité
Sicherheitshinweise
Οδηγίες ασφαλείας
Biztonsági utasítások
Istruzioni di sicurezza
Drošības instrukcijas
Saugos instrukcijos
Sikkerhetsinstruksjoner
Instrukcje bezpieczeństwa
Instruções de segurança
Instructiuni de siguranta
Bezpečnostné inštrukcie
Varnostna navodila
Las instrucciones de seguridad
Säkerhets instruktioner
Safety statements
8
9
9
9
10
11
12
12
13
14
14
15
16
17
17
18
19
20
20
21
22
22
23
24
25
25
Introduction
Digi ConnectPort X Family features
ConnectPort X products
User interfaces
Network services
IP protocol support
Serial data communication over TCP and UDP
Mobile/cellular features and protocol support
RealPort software
Alarms
Modem emulation
Digi ConnectPort X Family
28
28
28
28
29
30
33
33
34
34
3
�Security features in Digi devices
Configuration management
Customization capabilities
Network connections and data paths
Network services
Network/serial clients
34
36
36
36
36
38
Get started with Digi ConnectPort X Family products
Verify product components
Included equipment
Install the SIM card
Attach the Ethernet cable
Connect the hardware and power on the device
Assign an IP address
Default IP address and DHCP settings
Configure IP addresses
Test the IP address assignment
Sign in to the web interface
Use a web browser to sign in to the web interface
Use Digi Device Discovery utility to sign in to the web interface
Complete device set up
40
40
41
41
42
42
42
42
44
44
44
45
46
Hardware
Open and close the device enclosure
Open the enclosure
Close the enclosure
Hardware installation for ConnectPort X4 H
Connector pinouts
Cable fittings
Antenna options and connectors
SIM card slots
SIM card activation
Configuration settings and status information
Power cable fitting
Class 1, Div 2 units
Non-Class 1, Div 2 units
Optional Ethernet hub feature
48
48
48
48
48
52
53
53
54
54
54
54
54
55
Overview: Configuration, monitoring, and administration
Configuration capabilities
Digi Device Discovery utility
Remote Manager interface
Configuration through Digi Remote Manager
Remote Manager monitoring capabilities
IPv6 support
Web interface
Accessing the command-line interface
Remote Command Interface (RCI)
SNMP
Supported standard MIBs
Digi ConnectPort X Family
57
57
57
58
58
59
59
60
60
61
61
4
�Supported Digi enterprise MIBS
Download a Digi MIB
Additional SNMP resources
Monitoring capabilities and interfaces
Remote manager
Web interface
Command-line interface
SNMP
62
63
63
63
63
63
64
64
Using the Digi ConnectPort X Family web interface
Home page
Menu
Getting started
System summary
Configuration pages
Applications pages
Apply and save changes
Cancel changes
Online help
Configure the device using the web interface
Network configuration
Serial ports configuration
Camera
System Configuration
Alarms Configuration
Batch configuration capabilities
Management
Web interface
Manage connections and services
Event logging
Manage network services
Administration
File Management
X.509 Certificate/Key Management
Backup/Restore
Update the firmware and boot/POST code
Factory default settings
System information
Reboot
Enable/disable access to network services
66
66
66
66
66
66
67
67
67
67
67
149
162
163
199
201
202
202
202
203
203
205
206
206
216
216
217
219
234
234
Configure and manage the device using the Digi ConnectPort X
Family command line interface
Configuration through the command line
Access the command-line interface
Basics for using the command-line interface
Management through the command line interface
close
connect
dhcp
display
Digi ConnectPort X Family
236
236
236
236
238
238
238
238
5
�display mesh
display mobile (cellular)
display provisioning
display wimax
exit and quit
info
info zigbee_sockets
newpass
ping
reconnect
rlogin
send
send mode
set accesscontrol
set alarm
set autoconnect
set buffer and display buffers
set forward
set host
set mesh
set mgmtconnection
set mgmtglobal
set mgmtnetwork
set mobile
set nat
set network
set pmodem
set pppoutbound
set ppp
set profiles
set realport
set rtstoggle
set serial
set service
set snmp
set system
set tcpserial
set user
set wlan
set wimax
set wlan
set xbee
status
show
telnet
vpn
xbee
who and kill
Administration
239
239
239
239
239
239
240
240
241
241
241
241
241
241
241
241
241
241
241
242
242
242
242
242
242
242
242
242
242
242
242
243
243
243
243
243
243
243
243
243
243
243
244
244
244
244
244
244
244
Specifications and certifications
Hardware specifications
ConnectPort X2 specifications
ConnectPort X4 specifications
Digi ConnectPort X Family
247
247
249
6
�ConnectPort X4 H specifications
Wireless networking features
Digi ConnectPort X Family regulatory information and certifications
FCC certifications and regulatory information (USA only)
Industry Canada (IC) certifications
International EMC (Electromagnetic Emissions/Immunity/Safety) standards
Europe
Declaration of Conformity (DoC)
Maximum power and frequency specifications
Brazil
System status LEDs
ConnectPort X2 LEDs and buttons
ConnectPort X4 LEDs and buttons
ConnectPort X4 H LEDs
251
252
253
254
254
255
255
256
256
257
258
258
259
261
Troubleshooting
Replace Connect ES time-lag fuses
Troubleshooting resources
Digi ConnectPort X Family
264
265
7
�About this guide
This guide describes how to install, provision, configure, monitor, and administer Digi ConnectPort X
Family devices. The guide covers the following products:
n Digi ConnectPort X2
n
Digi ConnectPort X2 XTend®/XStream® variants
n
Digi ConnectPort X4
n
Digi ConnectPort X4 H
Note For information about ConnectPort X2e SE products, see the Smart Energy Gateway User Guide.
Where to find information
In addition to this guide, you can find additional product and feature information in these documents:
n RealPort® Installation Guide
For product support resources visit the following support pages:
n Digi ConnectPort X2 product support
n
Digi ConnectPort X4 product support
For additional information, see the following resources:
n Online help and tutorials in the web interface for the Digi device
n
Digi Wiki for Developers
n
Product information available on the Digi website, www.digi.com, and the Digi support site,
including:
l
Support forum
l
Knowledge Base
l
Datasheets/product briefs
l
Application/solution guides
l
Carrier-specific documents
Digi ConnectPort X Family
8
�About this guide
Safety instructions
Safety instructions
Safety instructions
XBee adapter, gateways, and routers
n
The XBee Adapter, Gateway, or Router products cannot be guaranteed operation due to the
radio link and so should not be used for interlocks in safety critical devices such as machines or
automotive applications.
n
The XBee Adapter, Gateway, or Router products have not been approved for use in (this list is
not exhaustive):
n
l
medical devices
l
nuclear applications
l
explosive or flammable atmospheres
There are no user serviceable components inside the XBee Adapter, Gateway, or Router
product. Do not remove the product covers or modify the Gateway or Router in any way.
Modifications may exclude the product from any warranty and can cause the gateway or router
to operate outside of regulatory compliance for a given country, leading to the possible illegal
operation of the product.
n
Use industry standard ESD protection when handling the XBee Adapter, Gateway, or Router
product.
n
Take care while handling to avoid electrical damage to the PCB and components.
n
Do not expose the XBee Adapter, Gateway, or Router products to water or moisture.
n
Use this product with the antennas specified in the XBee Adapter, Gateway, or Router product
user guides.
n
The end user must be told how to remove power from the XBee Adapter, Gateway, or Router
product or to locate the antennas 20 cm from humans or animals.
Инструкции за безопасност
XBee адаптер, шлюзове и рутери
n
Продуктите XBee Adapter, Gateway или Router не могат да бъдат гарантирани за работа
поради радиовръзката и затова не трябва да се използват за блокировки в устройства,
които са важни за безопасността, като машини или автомобилни приложения.
Digi ConnectPort X Family
9
�About this guide
n
Safety instructions
Продуктите XBee Adapter, Gateway или Router не са одобрени за използване в (този
списък не е изчерпателен):
n
l
медицински изделия
l
ядрени приложения
l
експлозивна или запалима атмосфера
В продукта XBee Adapter, Gateway или Router няма компоненти, които могат да бъдат
обслужвани от потребителя. Не сваляйте капаците на продукта и не модифицирайте по
никакъв начин шлюза или рутера. Модификациите могат да изключат продукта от
гаранция и могат да доведат до работа на шлюза или рутера извън регулаторното
съответствие за дадена държава, което води до възможна незаконна работа на продукта.
n
Използвайте стандартна ESD защита, когато работите с XBee адаптер, шлюз или рутер.
n
Внимавайте, докато боравите, за да избегнете електрически повреди на печатната
платка и компонентите.
n
Не излагайте продуктите XBee Adapter, Gateway или Router на вода или влага.
n
Използвайте този продукт с антените, посочени в ръководствата за потребителя на XBee
Adapter, Gateway или Router.
n
Крайният потребител трябва да бъде казано как да премахне захранването от XBee
Adapter, Gateway или Router продукта или да разположи антените на 20 см от хора или
животни.
Sigurnosne upute
XBee adapter, pristupnici i usmjerivači
n
Ne može se jamčiti rad proizvoda XBee Adapter, Gateway ili Router zbog radio veze i stoga se
ne bi trebali koristiti za blokade u sigurnosnim kritičnim uređajima kao što su strojevi ili
automobilske aplikacije.
n
XBee Adapter, Gateway ili Router proizvodi nisu odobreni za upotrebu u (ovaj popis nije
konačan):
n
l
medicinskih uređaja
l
nuklearne primjene
l
eksplozivne ili zapaljive atmosfere
Unutar proizvoda XBee Adapter, Gateway ili Router nema komponenti koje može servisirati
korisnik. Nemojte skidati poklopce proizvoda niti na bilo koji način mijenjati pristupnik ili
usmjerivač. Izmjene mogu isključiti proizvod iz bilo kakvog jamstva i mogu uzrokovati rad
pristupnika ili usmjerivača izvan usklađenosti s propisima za određenu zemlju, što može
dovesti do mogućeg nezakonitog rada proizvoda.
n
Koristite standardnu ESD zaštitu pri rukovanju proizvodom XBee Adapter, Gateway ili Router.
Digi ConnectPort X Family
10
�About this guide
Safety instructions
n
Budite oprezni tijekom rukovanja kako biste izbjegli električna oštećenja PCB-a i komponenti.
n
Ne izlažite XBee Adapter, Gateway ili Router proizvode vodi ili vlazi.
n
Koristite ovaj proizvod s antenama navedenim u korisničkim vodičima proizvoda XBee Adapter,
Gateway ili Router.
n
Krajnjem korisniku se mora reći kako da isključi napajanje iz XBee adaptera, Gatewaya ili
Routera proizvoda ili da locira antene 20 cm od ljudi ili životinja.
Bezpečnostní instrukce
XBee adaptér, brány a routery
n
U produktů XBee Adapter, Gateway nebo Router nelze zaručit provoz kvůli rádiovému spojení,
a proto by neměly být používány pro blokování v zařízeních kritických z hlediska bezpečnosti,
jako jsou stroje nebo automobilové aplikace.
n
Produkty XBee Adapter, Gateway nebo Router nebyly schváleny pro použití v (tento seznam
není vyčerpávající):
n
l
zdravotnické prostředky
l
jaderné aplikace
l
výbušné nebo hořlavé atmosféry
Uvnitř produktu XBee Adapter, Gateway nebo Router nejsou žádné uživatelsky opravitelné
součásti. Neodstraňujte kryty produktu ani žádným způsobem neupravujte bránu nebo
směrovač. Úpravy mohou vyjmout produkt z jakékoli záruky a mohou způsobit, že brána nebo
router bude fungovat mimo zákonnou shodu pro danou zemi, což povede k možnému
nezákonnému provozu produktu.
n
Při manipulaci s produktem XBee Adapter, Gateway nebo Router používejte standardní
ochranu ESD.
n
Při manipulaci buďte opatrní, aby nedošlo k elektrickému poškození desky plošných spojů a
součástí.
n
Nevystavujte produkty XBee Adapter, Gateway nebo Router vodě nebo vlhkosti.
n
Používejte tento produkt s anténami uvedenými v uživatelské příručce produktu XBee Adapter,
Gateway nebo Router.
n
Koncový uživatel musí být informován, jak odpojit napájení XBee adaptéru, brány nebo routeru
nebo jak umístit antény 20 cm od lidí nebo zvířat.
Digi ConnectPort X Family
11
�About this guide
Safety instructions
Sikkerhedsinstruktioner
XBee-adapter, gateways og routere
n
XBee Adapter-, Gateway- eller Router-produkterne kan ikke garanteres drift på grund af
radioforbindelsen og bør derfor ikke bruges til aflåsninger i sikkerhedskritiske enheder såsom
maskiner eller bilapplikationer.
n
XBee Adapter, Gateway eller Router-produkter er ikke blevet godkendt til brug i (denne liste er
ikke udtømmende):
n
l
medicinsk udstyr
l
nukleare applikationer
l
eksplosive eller brandfarlige atmosfærer
Der er ingen komponenter, der kan repareres af brugeren, inde i XBee Adapter-, Gateway- eller
Router-produktet. Fjern ikke produktdækslerne, og modificer ikke gatewayen eller routeren på
nogen måde. Ændringer kan udelukke produktet fra enhver garanti og kan få gatewayen eller
routeren til at fungere uden for lovgivningsoverholdelse for et givet land, hvilket kan føre til en
mulig ulovlig drift af produktet.
n
Brug industristandard ESD-beskyttelse, når du håndterer XBee Adapter-, Gateway- eller
Router-produktet.
n
Vær forsigtig under håndteringen for at undgå elektrisk beskadigelse af printet og
komponenterne.
n
Udsæt ikke XBee Adapter, Gateway eller Router-produkter for vand eller fugt.
n
Brug dette produkt med de antenner, der er specificeret i brugervejledningerne til XBee
Adapter, Gateway eller Router.
n
Slutbrugeren skal fortælles, hvordan man fjerner strømmen fra XBee Adapter-, Gateway- eller
Router-produktet eller placerer antennerne 20 cm fra mennesker eller dyr.
Veiligheidsinstructies
XBee-adapter, gateways en routers
n
De werking van de XBee-adapter-, gateway- of routerproducten kan niet worden
gegarandeerd vanwege de radioverbinding en mogen daarom niet worden gebruikt voor
vergrendelingen in veiligheidskritieke apparaten zoals machines of autotoepassingen.
n
De XBee Adapter-, Gateway- of Router-producten zijn niet goedgekeurd voor gebruik in (deze
lijst is niet uitputtend):
l
medische apparaten
l
nucleaire toepassingen
l
explosieve of ontvlambare atmosferen
Digi ConnectPort X Family
12
�About this guide
n
Safety instructions
Er zijn geen door de gebruiker te onderhouden componenten in het XBee Adapter-, Gateway- of
Routerproduct. Verwijder de productkappen niet en wijzig de gateway of router op geen
enkele manier. Wijzigingen kunnen het product uitsluiten van elke garantie en kunnen ertoe
leiden dat de gateway of router buiten de regelgeving voor een bepaald land werkt, wat kan
leiden tot de mogelijke illegale werking van het product.
n
Gebruik industriestandaard ESD-bescherming bij het hanteren van het XBee Adapter-,
Gateway- of Routerproduct.
n
Wees voorzichtig bij het hanteren om elektrische schade aan de printplaat en componenten te
voorkomen.
n
Stel de XBee Adapter-, Gateway- of Routerproducten niet bloot aan water of vocht.
n
Gebruik dit product met de antennes die zijn gespecificeerd in de gebruikershandleidingen van
de XBee Adapter, Gateway of Router.
n
De eindgebruiker moet worden verteld hoe de voeding van de XBee Adapter, Gateway of
Router moet worden uitgeschakeld of hoe de antennes op 20 cm van mensen of dieren moeten
worden geplaatst.
Ohutusjuhised
XBee adapter, lüüsid ja ruuterid
n
XBee adapteri, lüüsi või ruuteri toodete toimimist ei saa raadiolingi tõttu tagada ja seetõttu ei
tohiks neid kasutada ohutuse seisukohalt oluliste seadmete (nt masinad või autorakendused)
blokeerimiseks.
n
XBee adapteri, lüüsi või ruuteri tooteid ei ole heaks kiidetud kasutamiseks järgmistes riikides
(see loend ei ole ammendav):
n
l
meditsiiniseadmed
l
tuumarakendused
l
plahvatusohtlik või tuleohtlik keskkond
XBee adapteris, lüüsis või ruuteris ei ole kasutaja poolt hooldatavaid komponente. Ärge
eemaldage toote katet ega muutke lüüsi ega ruuterit mingil viisil. Muudatused võivad toote
garantiist välja jätta ja põhjustada lüüsi või ruuteri toimimise väljaspool antud riigi regulatiivset
vastavust, mis võib viia toote ebaseadusliku kasutamiseni.
n
Kasutage XBee adapteri, lüüsi või ruuteri toote käsitsemisel tööstusharu standardset ESDkaitset.
n
Olge käsitsemisel ettevaatlik, et vältida PCB ja komponentide elektrikahjustusi.
n
Ärge jätke XBee adapteri, lüüsi või ruuteri tooteid vee või niiskuse kätte.
n
Kasutage seda toodet XBee adapteri, lüüsi või ruuteri toote kasutusjuhendis kirjeldatud
antennidega.
Digi ConnectPort X Family
13
�About this guide
n
Safety instructions
Lõppkasutajale tuleb öelda, kuidas eemaldada XBee adapteri, lüüsi või ruuteri toide või leida
antennid inimestest või loomadest 20 cm kaugusel.
Turvallisuusohjeet
XBee-sovitin, yhdyskäytävät ja reitittimet
n
XBee-sovitin-, yhdyskäytävä- tai reititintuotteiden toimintaa ei voida taata radiolinkin vuoksi,
joten niitä ei tule käyttää turvallisuuden kannalta kriittisten laitteiden, kuten koneiden tai
autosovelluksien, lukitsemiseen.
n
XBee-sovitin-, yhdyskäytävä- tai reititintuotteita ei ole hyväksytty käytettäväksi (tämä luettelo
ei ole tyhjentävä):
n
l
lääketieteelliset laitteet
l
ydinvoimasovellukset
l
räjähdysvaarallisiin tai syttyviin tiloihin
XBee-sovittimen, yhdyskäytävän tai reitittimen sisällä ei ole käyttäjän huollettavia osia. Älä
poista tuotteen kansia tai muokkaa yhdyskäytävää tai reititintä millään tavalla. Muutokset
voivat sulkea tuotteen takuun ulkopuolelle ja saada yhdyskäytävän tai reitittimen toimimaan
tietyn maan säännöstenmukaisuuden ulkopuolella, mikä voi johtaa tuotteen laittomaan
käyttöön.
n
Käytä alan standardia ESD-suojausta käsitellessäsi XBee-sovitinta, yhdyskäytävää tai
reititintuotetta.
n
Ole varovainen käsitellessäsi, jotta vältät piirilevyn ja komponenttien sähkövauriot.
n
Älä altista XBee-sovitin-, yhdyskäytävä- tai reititintuotteita vedelle tai kosteudelle.
n
Käytä tätä tuotetta XBee-sovittimen, yhdyskäytävän tai reitittimen tuotteen käyttöoppaissa
määritettyjen antennien kanssa.
n
Loppukäyttäjälle on kerrottava, kuinka XBee-sovittimen, yhdyskäytävän tai reitittimen virta
katkaistaan tai antennit sijoitetaan 20 cm:n etäisyydelle ihmisistä tai eläimistä.
Consignes de sécurité
Adaptateur XBee, passerelles et routeurs
n
Le fonctionnement des produits XBee Adapter, Gateway ou Router ne peut pas être garanti en
raison de la liaison radio et ne doit donc pas être utilisé pour les verrouillages dans des
dispositifs critiques pour la sécurité tels que des machines ou des applications automobiles.
Digi ConnectPort X Family
14
�About this guide
n
Safety instructions
Les produits XBee Adapter, Gateway ou Router n'ont pas été approuvés pour une utilisation
dans (cette liste n'est pas exhaustive) :
n
l
dispositifs médicaux
l
applications nucléaires
l
atmosphères explosives ou inflammables
Il n'y a aucun composant réparable par l'utilisateur à l'intérieur du produit XBee Adapter,
Gateway ou Router. Ne retirez pas les capots du produit et ne modifiez en aucune façon la
passerelle ou le routeur. Les modifications peuvent exclure le produit de toute garantie et
peuvent entraîner le fonctionnement de la passerelle ou du routeur en dehors de la conformité
réglementaire pour un pays donné, conduisant à un éventuel fonctionnement illégal du produit.
n
Utilisez la protection ESD standard de l'industrie lors de la manipulation de l'adaptateur, de la
passerelle ou du routeur XBee.
n
Soyez prudent lors de la manipulation afin d'éviter des dommages électriques au circuit
imprimé et aux composants.
n
N'exposez pas les produits XBee Adapter, Gateway ou Router à l'eau ou à l'humidité.
n
Utilisez ce produit avec les antennes spécifiées dans les guides d'utilisation des adaptateurs,
passerelles ou routeurs XBee.
n
L'utilisateur final doit savoir comment couper l'alimentation de l'adaptateur, de la passerelle
ou du routeur XBee ou comment placer les antennes à 20 cm des humains ou des animaux.
Sicherheitshinweise
XBee-Adapter, Gateways und Router
n
Der Betrieb der XBee Adapter-, Gateway- oder Router-Produkte kann aufgrund der
Funkverbindung nicht garantiert werden und sollte daher nicht für Verriegelungen in
sicherheitskritischen Geräten wie Maschinen oder Automobilanwendungen verwendet werden.
n
Die XBee Adapter-, Gateway- oder Router-Produkte wurden nicht für die Verwendung
zugelassen in (diese Liste ist nicht vollständig):
n
l
Medizinprodukte
l
nukleare Anwendungen
l
explosive oder brennbare Atmosphären
Es gibt keine vom Benutzer zu wartenden Komponenten innerhalb des XBee Adapter-,
Gateway- oder Router-Produkts. Entfernen Sie nicht die Produktabdeckungen und modifizieren
Sie das Gateway oder den Router nicht in irgendeiner Weise. Modifikationen können das
Produkt von jeglicher Garantie ausschließen und dazu führen, dass das Gateway oder der
Router außerhalb der gesetzlichen Vorschriften für ein bestimmtes Land betrieben wird, was
zu einem möglicherweise illegalen Betrieb des Produkts führen kann.
Digi ConnectPort X Family
15
�About this guide
n
Safety instructions
Verwenden Sie bei der Handhabung des XBee Adapter-, Gateway- oder Router-Produkts ESDSchutz nach Industriestandard.
n
Seien Sie vorsichtig bei der Handhabung, um elektrische Schäden an der Leiterplatte und den
Komponenten zu vermeiden.
n
Setzen Sie die Produkte XBee Adapter, Gateway oder Router weder Wasser noch Feuchtigkeit
aus.
n
Verwenden Sie dieses Produkt mit den Antennen, die in den Produktbenutzerhandbüchern für
XBee-Adapter, -Gateways oder -Router angegeben sind.
n
Dem Endbenutzer muss mitgeteilt werden, wie er die Stromversorgung des XBee-Adapters,
Gateways oder Router-Produkts unterbricht oder die Antennen 20 cm von Menschen oder
Tieren entfernt aufstellt.
Οδηγίες ασφαλείας
Προσαρμογέας XBee, πύλες και δρομολογητές
n
Τα προϊόντα XBee Adapter, Gateway ή Router δεν είναι εγγυημένα για τη λειτουργία τους λόγω
της ραδιοζεύξης και επομένως δεν πρέπει να χρησιμοποιούνται για ασφάλειες σε κρίσιμες για την
ασφάλεια συσκευές, όπως μηχανήματα ή εφαρμογές αυτοκινήτου.
n
Τα προϊόντα XBee Adapter, Gateway ή Router δεν έχουν εγκριθεί για χρήση σε (αυτή η λίστα δεν
είναι εξαντλητική):
n
l
ιατροτεχνολογικά προϊόντα
l
πυρηνικές εφαρμογές
l
εκρηκτικές ή εύφλεκτες ατμόσφαιρες
Δεν υπάρχουν εξαρτήματα που να μπορούν να επισκευαστούν από το χρήστη μέσα στο προϊόν
XBee Adapter, Gateway ή Router. Μην αφαιρείτε τα καλύμματα του προϊόντος και μην
τροποποιείτε την πύλη ή το δρομολογητή με κανέναν τρόπο. Οι τροποποιήσεις ενδέχεται να
αποκλείουν το προϊόν από οποιαδήποτε εγγύηση και μπορεί να προκαλέσουν τη λειτουργία της
πύλης ή του δρομολογητή εκτός της συμμόρφωσης με τους κανονισμούς για μια δεδομένη χώρα,
οδηγώντας σε πιθανή παράνομη λειτουργία του προϊόντος.
n
Χρησιμοποιήστε βιομηχανική προστασία ESD όταν χειρίζεστε το προϊόν XBee Adapter, Gateway
ή Router.
n
Προσέχετε κατά το χειρισμό για να αποφύγετε ηλεκτρική βλάβη στο PCB και στα εξαρτήματα.
n
Μην εκθέτετε τα προϊόντα XBee Adapter, Gateway ή Router σε νερό ή υγρασία.
n
Χρησιμοποιήστε αυτό το προϊόν με τις κεραίες που καθορίζονται στους οδηγούς χρήσης του
XBee Adapter, Gateway ή Router.
Digi ConnectPort X Family
16
�About this guide
n
Safety instructions
Πρέπει να ενημερωθεί ο τελικός χρήστης πώς να αφαιρέσει το ρεύμα από τον προσαρμογέα
XBee, το Gateway ή το προϊόν του δρομολογητή ή να εντοπίσει τις κεραίες σε απόσταση 20 cm
από ανθρώπους ή ζώα.
Biztonsági utasítások
XBee adapter, átjárók és útválasztók
n
Az XBee Adapter, Gateway vagy Router termékek működése nem garantálható a
rádiókapcsolat miatt, ezért nem használhatók biztonsági szempontból kritikus eszközök,
például gépek vagy autóipari alkalmazások reteszelésére.
n
Az XBee Adapter, Gateway vagy Router termékek nem engedélyezettek a következő
országokban való használatra (ez a lista nem teljes):
n
l
orvosi eszközök
l
nukleáris alkalmazások
l
robbanásveszélyes vagy gyúlékony légkör
Az XBee Adapter, Gateway vagy Router termékben nincsenek felhasználó által javítható
alkatrészek. Ne távolítsa el a termék fedelét, és semmilyen módon ne módosítsa az átjárót
vagy az útválasztót. A módosítások kizárhatják a termékre a jótállást, és az átjáró vagy az
útválasztó az adott ország szabályozási megfelelőségén kívüli működését okozhatják, ami a
termék esetleges illegális működéséhez vezethet.
n
Az XBee Adapter, Gateway vagy Router termékek kezelésekor használjon ipari szabvány ESD
védelmet.
n
A kezelés során ügyeljen arra, hogy elkerülje a PCB és az alkatrészek elektromos károsodását.
n
Ne tegye ki az XBee Adapter-, Gateway- vagy Router-termékeket víznek vagy nedvességnek.
n
Használja ezt a terméket az XBee Adapter, Gateway vagy Router termék használati
útmutatójában meghatározott antennákkal.
n
A végfelhasználót tájékoztatni kell arról, hogyan távolítsa el az XBee Adapter, Gateway vagy
Router termék áramellátását, vagy hogyan helyezze el az antennákat az emberektől vagy
állatoktól 20 cm-re.
Istruzioni di sicurezza
Adattatore, gateway e router XBee
n
Non è possibile garantire il funzionamento dei prodotti XBee Adapter, Gateway o Router a
causa del collegamento radio e pertanto non devono essere utilizzati per gli interblocchi in
dispositivi critici per la sicurezza come macchine o applicazioni automobilistiche.
Digi ConnectPort X Family
17
�About this guide
n
Safety instructions
I prodotti XBee Adapter, Gateway o Router non sono stati approvati per l'uso in (questo elenco
non è esaustivo):
n
l
dispositivi medici
l
applicazioni nucleari
l
atmosfere esplosive o infiammabili
Non ci sono componenti riparabili dall'utente all'interno del prodotto XBee Adapter, Gateway o
Router. Non rimuovere i coperchi del prodotto né modificare in alcun modo il Gateway o il
Router. Le modifiche possono escludere il prodotto da qualsiasi garanzia e possono causare il
funzionamento del gateway o del router al di fuori della conformità normativa per un
determinato paese, portando al possibile funzionamento illegale del prodotto.
n
Utilizzare la protezione ESD standard del settore quando si maneggia l'adattatore XBee, il
gateway o il prodotto router.
n
Prestare attenzione durante la manipolazione per evitare danni elettrici al PCB e ai
componenti.
n
Non esporre i prodotti XBee Adapter, Gateway o Router ad acqua o umidità.
n
Utilizzare questo prodotto con le antenne specificate nelle guide per l'utente del prodotto
XBee Adapter, Gateway o Router.
n
L'utente finale deve essere informato su come rimuovere l'alimentazione dal prodotto XBee
Adapter, Gateway o Router o come posizionare le antenne a 20 cm da esseri umani o animali.
Drošības instrukcijas
XBee adapteris, vārtejas un maršrutētāji
n
XBee adaptera, vārtejas vai maršrutētāja izstrādājumu darbība nevar tikt garantēta radio
saites dēļ, tāpēc tos nevajadzētu izmantot bloķēšanai tādās drošībai svarīgās ierīcēs kā
mašīnas vai automobiļu lietojumprogrammas.
n
XBee adaptera, vārtejas vai maršrutētāja produkti nav apstiprināti lietošanai (šis saraksts nav
pilnīgs):
n
l
medicīniskās ierīces
l
kodolprogrammas
l
sprādzienbīstamā vai uzliesmojošā vidē
XBee adaptera, vārtejas vai maršrutētāja izstrādājumā nav neviena komponenta, ko lietotājs
varētu apkalpot. Nenoņemiet izstrādājuma vākus un nekādā veidā nepārveidojiet vārteju vai
maršrutētāju. Izmaiņas var izslēgt uz izstrādājumu no jebkādas garantijas un var izraisīt
vārtejas vai maršrutētāja darbību, kas neatbilst noteiktās valsts normatīvajiem aktiem,
izraisot iespējamu produkta nelikumīgu darbību.
Digi ConnectPort X Family
18
�About this guide
n
Safety instructions
Strādājot ar XBee adaptera, vārtejas vai maršrutētāja izstrādājumu, izmantojiet nozares
standarta ESD aizsardzību.
n
Rīkojoties, rīkojieties uzmanīgi, lai izvairītos no PCB un komponentu elektriskiem bojājumiem.
n
Nepakļaujiet XBee adaptera, vārtejas vai maršrutētāja izstrādājumus ūdens vai mitruma
iedarbībai.
n
Izmantojiet šo izstrādājumu ar antenām, kas norādītas XBee adaptera, vārtejas vai
maršrutētāja izstrādājuma lietotāja rokasgrāmatās.
n
Galalietotājam ir jāinformē, kā atvienot strāvu no XBee adaptera, vārtejas vai maršrutētāja
izstrādājuma vai atrast antenas 20 cm attālumā no cilvēkiem vai dzīvniekiem.
Saugos instrukcijos
XBee adapteris, šliuzai ir maršrutizatoriai
n
„XBee“ adapterio, šliuzo ar maršrutizatoriaus gaminių veikimas negali būti garantuotas dėl
radijo ryšio, todėl jie neturėtų būti naudojami blokuojant saugai svarbius įrenginius, pvz.,
mašinas ar automobilius.
n
XBee adapterio, šliuzo ar maršrutizatoriaus produktai nebuvo patvirtinti naudoti (šis sąrašas
nėra baigtinis):
n
l
medicinos prietaisai
l
branduolinės programos
l
sprogioje ar degioje aplinkoje
XBee Adapter, Gateway arba Router gaminyje nėra komponentų, kuriuos vartotojas galėtų
taisyti. Jokiu būdu nenuimkite gaminio dangtelių ir nekeiskite šliuzo ar maršrutizatoriaus. Dėl
modifikacijų gaminiui gali būti netaikoma jokia garantija, o šliuzas arba maršruto parinktuvas
gali veikti nesilaikant tam tikros šalies teisės aktų reikalavimų, o tai gali sukelti neteisėtą
gaminio veikimą.
n
Dirbdami su XBee adapteriu, šliuzu ar maršrutizatoriumi naudokite pramonės standartinę ESD
apsaugą.
n
Dirbdami būkite atsargūs, kad nepažeistumėte PCB ir komponentų.
n
Saugokite XBee adapterį, šliuzą ar maršrutizatorių nuo vandens ar drėgmės.
n
Naudokite šį gaminį su antenomis, nurodytomis XBee adapterio, šliuzo ar maršrutizatoriaus
gaminio vartotojo vadove.
n
Galutiniam vartotojui turi būti paaiškinta, kaip atjungti maitinimą iš XBee adapterio, šliuzo ar
maršrutizatoriaus gaminio arba nustatyti antenas 20 cm atstumu nuo žmonių ar gyvūnų.
Digi ConnectPort X Family
19
�About this guide
Safety instructions
Sikkerhetsinstruksjoner
XBee-adapter, gatewayer og rutere
n
XBee Adapter-, Gateway- eller Router-produktene kan ikke garanteres drift på grunn av
radiolinken og bør derfor ikke brukes til forriglinger i sikkerhetskritiske enheter som maskiner
eller bilapplikasjoner.
n
XBee Adapter, Gateway eller Router-produktene er ikke godkjent for bruk i (denne listen er
ikke uttømmende):
n
l
medisinsk utstyr
l
kjernefysiske applikasjoner
l
eksplosive eller brennbare atmosfærer
Det er ingen komponenter som kan repareres av brukeren inne i XBee Adapter-, Gateway- eller
Router-produktet. Ikke fjern produktdekslene eller modifiser gatewayen eller ruteren på noen
måte. Endringer kan ekskludere produktet fra enhver garanti og kan føre til at gatewayen eller
ruteren fungerer utenfor regelverket for et gitt land, noe som kan føre til ulovlig drift av
produktet.
n
Bruk industristandard ESD-beskyttelse når du håndterer XBee Adapter-, Gateway- eller Routerproduktet.
n
Vær forsiktig ved håndtering for å unngå elektrisk skade på PCB og komponenter.
n
Ikke utsett XBee Adapter-, Gateway- eller Router-produktene for vann eller fuktighet.
n
Bruk dette produktet med antennene som er spesifisert i brukerveiledningene for XBee
Adapter, Gateway eller Router.
n
Sluttbrukeren må bli fortalt hvordan man fjerner strømmen fra XBee Adapter-, Gateway- eller
Router-produktet eller plasserer antennene 20 cm fra mennesker eller dyr.
Instrukcje bezpieczeństwa
Adapter, bramy i routery XBee
n
Produkty XBee Adapter, Gateway lub Router nie mogą zagwarantować działania ze względu na
łącze radiowe, dlatego nie należy ich używać do blokad w urządzeniach o krytycznym znaczeniu
dla bezpieczeństwa, takich jak maszyny lub aplikacje motoryzacyjne.
n
Produkty XBee Adapter, Gateway lub Router nie zostały zatwierdzone do użytku w (lista ta nie
jest wyczerpująca):
l
wyroby medyczne
l
zastosowania nuklearne
l
atmosferach wybuchowych lub łatwopalnych
Digi ConnectPort X Family
20
�About this guide
n
Safety instructions
Wewnątrz adaptera, bramy lub routera XBee nie ma żadnych elementów, które mogłyby być
serwisowane przez użytkownika. Nie zdejmuj osłon produktu ani nie modyfikuj w żaden sposób
bramki lub routera. Modyfikacje mogą wyłączyć produkt z jakiejkolwiek gwarancji i
spowodować, że brama lub router będzie działać niezgodnie z przepisami w danym kraju, co
może prowadzić do nielegalnego działania produktu.
n
Używaj standardowej ochrony ESD podczas obsługi produktów XBee Adapter, Gateway lub
Router.
n
Podczas obsługi należy zachować ostrożność, aby uniknąć uszkodzeń elektrycznych PCB i
komponentów.
n
Nie wystawiaj adaptera, bramki lub routera XBee na działanie wody lub wilgoci.
n
Używaj tego produktu z antenami określonymi w instrukcji obsługi adaptera, bramki lub
routera XBee.
n
Użytkownik końcowy musi zostać poinformowany, jak odłączyć zasilanie od adaptera, bramki
lub routera XBee lub jak zlokalizować anteny w odległości 20 cm od ludzi lub zwierząt.
Instruções de segurança
Adaptador, gateways e roteadores XBee
n
Os produtos XBee Adapter, Gateway ou Router não podem ter operação garantida devido ao
link de rádio e, portanto, não devem ser usados para intertravamentos em dispositivos críticos
de segurança, como máquinas ou aplicações automotivas.
n
Os produtos XBee Adapter, Gateway ou Router não foram aprovados para uso em (esta lista
não é exaustiva):
n
l
dispositivos médicos
l
aplicações nucleares
l
atmosferas explosivas ou inflamáveis
Não há componentes que possam ser reparados pelo usuário dentro do produto XBee Adapter,
Gateway ou Router. Não remova as tampas do produto nem modifique o Gateway ou o
Roteador de forma alguma. As modificações podem excluir o produto de qualquer garantia e
fazer com que o gateway ou roteador opere fora da conformidade regulatória de um
determinado país, levando à possível operação ilegal do produto.
n
Use a proteção ESD padrão do setor ao manusear o produto Adaptador, Gateway ou Roteador
XBee.
n
Tome cuidado ao manusear para evitar danos elétricos à PCB e aos componentes.
n
Não exponha os produtos XBee Adapter, Gateway ou Router à água ou umidade.
n
Use este produto com as antenas especificadas nos guias do usuário do produto Adaptador,
Gateway ou Roteador XBee.
Digi ConnectPort X Family
21
�About this guide
n
Safety instructions
O usuário final deve ser informado sobre como remover a energia do produto Adaptador,
Gateway ou Roteador XBee ou localizar as antenas a 20 cm de humanos ou animais.
Instructiuni de siguranta
Adaptor XBee, gateway-uri și routere
n
Nu se poate garanta funcționarea produselor XBee Adapter, Gateway sau Router din cauza
conexiunii radio și, prin urmare, nu trebuie utilizate pentru interblocări în dispozitive critice
pentru siguranță, cum ar fi mașinile sau aplicațiile auto.
n
Produsele XBee Adapter, Gateway sau Router nu au fost aprobate pentru utilizare în (aceasta
listă nu este exhaustivă):
n
l
dispozitive medicale
l
aplicații nucleare
l
atmosfere explozive sau inflamabile
Nu există componente care să poată fi reparate de utilizator în interiorul produsului XBee
Adapter, Gateway sau Router. Nu îndepărtați capacele produsului și nu modificați Gateway-ul
sau Routerul în niciun fel. Modificările pot exclude produsul din orice garanție și pot face ca
gateway-ul sau routerul să funcționeze în afara conformității cu reglementările pentru o
anumită țară, ceea ce duce la o posibilă funcționare ilegală a produsului.
n
Folosiți protecția ESD standard în industrie când manipulați produsul XBee Adapter, Gateway
sau Router.
n
Aveți grijă în timpul manipulării pentru a evita deteriorarea electrică a PCB-ului și a
componentelor.
n
Nu expuneți produsele XBee Adapter, Gateway sau Router la apă sau umiditate.
n
Utilizați acest produs cu antenele specificate în ghidurile de utilizare ale produsului XBee
Adapter, Gateway sau Router.
n
Utilizatorului final trebuie să i se spună cum să scoată alimentarea de la adaptorul, gateway-ul
sau routerul XBee sau să găsească antenele la 20 cm de oameni sau anima
Bezpečnostné inštrukcie
XBee adaptér, brány a smerovače
n
Produkty XBee Adapter, Gateway alebo Router nemožno zaručiť kvôli rádiovému spojeniu, a
preto by sa nemali používať na blokovanie v zariadeniach kritických z hľadiska bezpečnosti, ako
sú stroje alebo automobilové aplikácie.
Digi ConnectPort X Family
22
�About this guide
n
Safety instructions
Produkty XBee Adapter, Gateway alebo Router neboli schválené na použitie v (tento zoznam
nie je úplný):
n
l
zdravotnícke pomôcky
l
jadrové aplikácie
l
výbušné alebo horľavé atmosféry
Vo vnútri produktu XBee Adapter, Gateway alebo Router sa nenachádzajú žiadne užívateľsky
opraviteľné komponenty. Neodstraňujte kryty produktu ani žiadnym spôsobom neupravujte
bránu ani smerovač. Úpravy môžu vyňať produkt zo záruky a môžu spôsobiť, že brána alebo
smerovač bude fungovať mimo zákonných predpisov pre danú krajinu, čo môže viesť k možnej
nezákonnej prevádzke produktu.
n
Pri manipulácii s produktom XBee Adapter, Gateway alebo Router používajte štandardnú
ochranu ESD.
n
Pri manipulácii buďte opatrní, aby ste predišli elektrickému poškodeniu dosky plošných spojov
a komponentov.
n
Produkty XBee Adapter, Gateway alebo Router nevystavujte vode ani vlhkosti.
n
Tento produkt používajte s anténami špecifikovanými v používateľských príručkách produktu
XBee Adapter, Gateway alebo Router.
n
Koncový používateľ musí byť informovaný o tom, ako odpojiť napájanie XBee adaptéra, brány
alebo smerovača alebo ako umiestniť antény 20 cm od ľudí alebo zvierat.
Varnostna navodila
Adapter, prehodi in usmerjevalniki XBee
n
Izdelkom XBee Adapter, Gateway ali Router ni mogoče zagotoviti delovanja zaradi radijske
povezave in se zato ne smejo uporabljati za zaklepanje v varnostno kritičnih napravah, kot so
stroji ali avtomobilske aplikacije.
n
n
Izdelki XBee Adapter, Gateway ali Router niso bili odobreni za uporabo v (ta seznam ni izčrpen):
l
medicinskih pripomočkov
l
jedrske aplikacije
l
eksplozivne ali vnetljive atmosfere
V izdelku XBee Adapter, Gateway ali Usmerjevalnik ni komponent, ki bi jih lahko popravil
uporabnik. Ne odstranjujte pokrovov izdelka in na noben način ne spreminjajte prehoda ali
usmerjevalnika. Spremembe lahko izključijo izdelek iz kakršne koli garancije in lahko
povzročijo, da prehod ali usmerjevalnik deluje zunaj zakonske skladnosti za dano državo, kar
vodi do možnega nezakonitega delovanja izdelka.
n
Pri ravnanju z izdelkom XBee Adapter, Gateway ali Usmerjevalnik uporabljajte industrijsko
standardno zaščito pred ESD.
Digi ConnectPort X Family
23
�About this guide
Safety instructions
n
Pri rokovanju pazite, da se izognete električnim poškodbam tiskanega vezja in komponent.
n
Izdelkov XBee Adapter, Gateway ali Usmerjevalnik ne izpostavljajte vodi ali vlagi.
n
Ta izdelek uporabljajte z antenami, navedenimi v uporabniških priročnikih izdelka XBee
Adapter, Gateway ali Router.
n
Končnemu uporabniku je treba povedati, kako odstraniti napajanje iz izdelka XBee Adapter,
Gateway ali Usmerjevalnik ali naj locira antene 20 cm od ljudi ali živali.
Las instrucciones de seguridad
Adaptador XBee, puertas de enlace y enrutadores
n
No se puede garantizar el funcionamiento de los productos del adaptador, puerta de enlace o
enrutador XBee debido al enlace de radio y, por lo tanto, no deben usarse para enclavamientos
en dispositivos críticos para la seguridad, como máquinas o aplicaciones automotrices.
n
Los productos XBee Adapter, Gateway o Router no han sido aprobados para su uso en (esta
lista no es exhaustiva):
n
l
dispositivos médicos
l
aplicaciones nucleares
l
atmósferas explosivas o inflamables
No hay componentes reparables por el usuario dentro del adaptador XBee, la puerta de enlace
o el enrutador. No retire las cubiertas del producto ni modifique la puerta de enlace o el
enrutador de ninguna manera. Las modificaciones pueden excluir el producto de cualquier
garantía y pueden hacer que la puerta de enlace o el enrutador funcionen fuera del
cumplimiento normativo de un país determinado, lo que puede conducir a la operación ilegal
del producto.
n
Utilice la protección ESD estándar de la industria cuando manipule el adaptador, la puerta de
enlace o el enrutador XBee.
n
Tenga cuidado al manipularlo para evitar daños eléctricos en la PCB y los componentes.
n
No exponga los productos XBee Adapter, Gateway o Router al agua o la humedad.
n
Utilice este producto con las antenas especificadas en las guías de usuario del producto XBee
Adapter, Gateway o Router.
n
Se debe indicar al usuario final cómo desconectar la alimentación del adaptador, la puerta de
enlace o el enrutador XBee o cómo ubicar las antenas a 20 cm de personas o animales.
Digi ConnectPort X Family
24
�About this guide
Safety statements
Säkerhets instruktioner
XBee-adapter, gateways och routrar
n
XBee Adapter, Gateway eller Router-produkter kan inte garanteras funktion på grund av
radiolänken och bör därför inte användas för förreglingar i säkerhetskritiska enheter som
maskiner eller biltillämpningar.
n
XBee Adapter, Gateway eller Router-produkter har inte godkänts för användning i (denna lista
är inte uttömmande):
n
l
medicinsk utrustning
l
kärnkraftstillämpningar
l
explosiv eller brandfarlig atmosfär
Det finns inga komponenter som användaren kan reparera inuti XBee Adapter-, Gateway- eller
Routerprodukten. Ta inte bort produkthöljena eller modifiera gatewayen eller routern på
något sätt. Ändringar kan utesluta produkten från alla garantier och kan göra att gatewayen
eller routern fungerar utanför regelverket för ett visst land, vilket kan leda till olaglig
användning av produkten.
n
Använd industristandard ESD-skydd när du hanterar XBee Adapter, Gateway eller Routerprodukten.
n
Var försiktig vid hanteringen för att undvika elektriska skador på kretskortet och
komponenterna.
n
Utsätt inte XBee Adapter, Gateway eller Router-produkter för vatten eller fukt.
n
Använd den här produkten med de antenner som specificeras i användarhandböckerna för
XBee Adapter, Gateway eller Router.
n
Slutanvändaren måste informeras om hur man kopplar bort strömmen från XBee Adapter,
Gateway eller Router-produkten eller hur man placerar antennerna 20 cm från människor eller
djur.
Safety statements
5.10 Ignition of Flammable Atmospheres
Warnings for Use of Wireless Devices
CAUTION! Observe all warning notices regarding use of wireless devices.
Potentially Hazardous Atmospheres
Observe restrictions on the use of radio devices in fuel depots, chemical plants, and areas where the
air contains chemicals or particles, such as grain, dust, or metal powders, and any other area where
you would normally be advised to turn off your vehicle engine.
Digi ConnectPort X Family
25
�About this guide
Safety statements
Safety in Aircraft
Switch off the wireless device when instructed to do so by airport or airline staff. If the device offers a
”flight mode” or similar feature, consult airline staff about its use in flight.
Safety in Hospitals
Wireless devices transmit radio frequency energy and may affect medical electrical equipment. Switch
off wireless devices wherever requested to do so in hospitals, clinics, or healthcare facilities. These
requests are designed to prevent possible interference with sensitive medical equipment.
Pacemakers
Pacemaker manufacturers recommended that a minimum of 15cm (6 inches) be maintained between
a handheld wireless device and a pacemaker to avoid potential interference with the pacemaker.
These recommendations are consistent with independent research and recommendations by Wireless
Technology Research.
Persons with Pacemakers
n ALWAYS keep the device more than 15cm (6 inches) from their pacemaker when turned ON.
n
Do not carry the device in a breast pocket.
n
If you have any reason to suspect that the interference is taking place, turn OFF your device.
Class I Division 2, Groups A,B,C,D Hazardous Location
The following models are suitable for use in Class I, Division 2, Groups A, B, C and D or
Non-hazardous locations only.
n
ConnectPort X4 S2 2G Term
n
ConnectPort X4 H
Warning: Explosion Hazard - Substitution of components may impair suitability for Class I, Division 2.
Avertissement: Risque d’Exlposion - La substitution de composants peut rendre ce matérial
inacceptable pour les emplacements de Classe I, Division 2.
Warning: Explosion Hazard - Do not replace power supply unless power has been switched off or the
area is known to be non-hazardous.
Avertissement: Risque d’Exlposion - Ne remplace power supply pas d’alimentation eletrique á moins
que le pouvoir n’ait été éteint ou on connu que la région soit non-hasardeuse.
Warning: Explosion Hazard - Do not disconnect equipment unless power has been switched off or the
area is know to be non-hazardous.
Avertissement: Risque d’Exlposion - Avant de déconnecter l’equipment, couper le courant ou s’assurer
que l’emplacement est désigné non dangereux.
Digi ConnectPort X Family
26
�Introduction
This section introduces Digi devices and product families, types of connections and data paths in which
you can use Digi devices, and the interface options available for configuring, monitoring, and
administering devices.
Digi ConnectPort X Family features
Network connections and data paths
Digi ConnectPort X Family
28
36
27
�Introduction
Digi ConnectPort X Family features
Digi ConnectPort X Family features
This section provides an overview of Digi ConnectPort X Family features.
ConnectPort X products
The Digi ConnectPort X Family of products provides gateway functionality between various network
technologies such as Ethernet, cellular, Wi-Fi, and XBee. In addition to providing IP network
connectivity between cellular, Wi-Fi and Ethernet networks and devices; Digi International Inc.
products provide remote connectivity to XBee networks as well as other devices connected to local
ports: USB, 1-Wire, RabbitNet, and asynchronous serial. Digi ConnectPort X Family products act as a
coordinator for a mesh network. As with the Connect and Cellular product families, Digi Remote
Manager® supports Digi ConnectPort X Family products, which you can use to remotely manage
gateway devices and mesh networks.
Key features of ConnectPort X Family include:
n Network flexibility: gateway functionality for a variety of networks
n
XBee-PRO radio
n
Currently Freescale-based, primarily 802.15.4
n
Ember-250/XBee-based
n
Commercial/Industrial Grade
n
Device Manager™: High-level and detailed views of XBee networks and nodes
n
Personal Area Network (PAN) connectivity and management
n
Support of Python™ programming language, for creating a variety of embedded programs and
applications
n
Remote help desk support through a WatchPort® Camera connection to a USB host port
n
Security
n
For some models, an internal GPS
User interfaces
You can use the following user interfaces to configure, monitor, and administer Digi devices:
n Digi Remote Manager
n
Web-based interface
For Digi devices that ship with a default IP address, connecting a laptop computer to the
Ethernet port of these products allows direct access to the web interface for configuration.
n
Command-line interface available via local serial port, telnet or SSH
n
Simple Network Management Protocol (SNMP)
Network services
You can enable or disable access to network services. This means that you can restrict a device’s use
of network services to those strictly needed by the device. To improve device security, you can disable
non-secure services. You can enable or disable the following network services:
Digi ConnectPort X Family
28
�Introduction
Digi ConnectPort X Family features
n
Advanced Digi Discovery Protocol (ADDP)
n
RealPort
n
Encrypted RealPort
n
HTTP/HTTPS
n
Line Printer Daemon (LPD)
n
Remote login (rlogin)
n
Remote shell (rsh)
n
SNMP
n
Telnet
You can enable or disable access to network services from the Network Services Settings page in the
web interface. For more information, see Network Services Settings.
You can use the set service command to enable and disable network services from the command-line
interface. See the Digi Connect® Family Command Reference on www.digi.com for a description of the
set service command.
IP protocol support
All Digi ConnectPort X Family devices include an on-board TCP/IP stack with a built-in web server.
Supported protocols vary by specific product and include, unless otherwise noted:
n Transmission Control Protocol (TCP)
n
User Datagram Protocol (UDP)
n
Dynamic Host Configuration Protocol (DHCP)
n
Simple Network Management Protocol (SNMP)
n
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
n
Remote login (rlogin)
n
Line Printer Daemon (LPD)
n
HyperText Transfer Protocol (HTTP)/HyperText Transfer Protocol over Secure Socket Layer
(HTTPS)
n
Simple Mail Transfer Protocol (SMTP)
n
Internet Control Message Protocol (ICMP)
n
Internet Group Management Protocol (IGMP)
n
Address Resolution Protocol (ARP)
n
Advanced Digi Discovery Protocol (ADDP)
n
Point-to-Point Protocol (PPP)
n
Network Address Translation (NAT)/Port Forwarding (only some products have NAT)
n
Secure Shell (SSHv2)
n
Generic Routing Encapsulation (GRE) passthrough
n
IPsec Encapsulating Security Payload (ESP) on most models
n
ESP passthrough
Digi ConnectPort X Family
29
�Introduction
Digi ConnectPort X Family features
Serial data communication over TCP and UDP
Digi ConnectPort X products support serial data communication over TCP and UDP. The key features
include:
n Serial data communication over TCP can automatically perform the following functions:
l
Establish bi-directional TCP connections, known as autoconnections, between the serial
device and a server or other network device. Autoconnections are based on data and/or
serial hardware signals.
n
l
Control forwarding characteristics based on size, time, and pattern.
l
Allow incoming raw, telnet, and SSL/TLS (secure-socket) connections.
l
Support RFC 2217, an extension of the telnet protocol.
Serial data communication over UDP can automatically perform the following functions:
l
Digi Connect products can automatically send serial data to one or more devices or
systems on the network using UDP sockets. Options for sending data include whether
specific data is on the serial line, a specific time period has elapsed, or after the specified
number of bytes has been received on the serial port.
l
Control forwarding characteristics based on size, time, and patterns.
l
Support incoming datagrams from multiple destinations.
l
Support outgoing datagrams sent to multiple destinations.
n
TCP/UDP forwarding characteristics.
n
Extended communication control on TCP/UDP data paths.
l
Timeout
l
Hangup
l
User-configurable Socket ID string (text string identifier on autoconnect only)
Dynamic Host Configuration Protocol (DHCP)
You can use Dynamic Host Configuration Protocol (DHCP) to automatically assign IP addresses, deliver
IP stack configuration parameters such as the subnet mask and default router, and provide other
configuration information. For more details, see Assign an IP address using DHCP.
Auto IP
The Auto-IP protocol automatically assigns an IP address from a reserved pool of standard Auto-IP
addresses to the computer on which it is installed. Digi devices automatically obtain their IP
addresses from a DHCP server. If the DHCP server is unavailable or nonexistent, Auto-IP assigns the
device an IP address. For more details, see Assign an IP address using Auto-IP.
Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP) manages and monitors network Digi ConnectPort X
Family devices. The SNMP architecture enables a network administrator to manage:
n Nodes—servers, workstations, routers, switches, and hubs—on an IP network.
n
Network performance, such as finding and solving network problems, and planning for network
growth.
Digi ConnectPort X Family
30
�Introduction
Digi ConnectPort X Family features
Digi devices support SNMP Versions 1 and 2.
For a list of SNMP-related of supported Request for Comments (RFCs) and Management Information
Bases (MIBs), see Supported RFCs and MIBs.
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) provides authentication and encryption for
Digi ConnectPort X Family products. For more information, see Security features in Digi devices.
Telnet
Digi ConnectPort X devices support the following types of telnet connections:
n Telnet client
n
Telnet server
n
Reverse telnet, often used for console management or device management
n
Telnet autoconnect
n
RFC 2217, Telnet Com Port Control Option, an extension of the telnet protocol
For more information on these connections, see Network connections and data paths. You can enable
or disable access to telnet network services.
Remote login (rlogin)
You can enable or disable access to rlogin service. When enabled, users can use rlogin to remotely sign
in to systems.
Line Printer Daemon (LPD)
The Line Printer Daemon (LPD) allows network printing over a serial port. Each serial port has a
dedicated LPD server that is independently configurable. You can enable or disable access to LPD
service.
HyperText Transfer Protocol (HTTP)/HyperText Transfer Protocol over Secure
Socket Layer (HTTPS)
Digi provides web pages that you can use to configure the Digi ConnectPort X Family product. You can
secure these web pages by requiring a user login.
Internet Control Message Protocol (ICMP)
You can display ICMP statistics, including the number of:
n Messages received
n
Bad messages received
n
Destination unreachable messages received
Point-to-Point Protocol (PPP)
The Point-to-Point Protocol (PPP) transports multi-protocol packets over point-to-point links. PPP is
responsible for:
Digi ConnectPort X Family
31
�Introduction
Digi ConnectPort X Family features
n
Encapsulating the data packet
n
Allowing the server to inform the dial-up client of its IP address (or client to request the IP
address)
n
Authenticating the exchange
n
Negotiating multiple protocols
n
Reassembling the data packet for network communication
Digi ConnectPort X devices support PPP as the connection protocol from the Digi device to the cellular
IP network with NAT (Network Address Technology).
Network Address Translation (NAT)/port forwarding
Network Address Translation (NAT) reduces the need for a large amount of publicly known IP
addresses by creating a separation between publicly known and privately known IP addresses.
Advanced Digi Discovery Protocol (ADDP)
The ADDP runs on any operating system capable of sending multicast IP packets on a network. ADDP
allows the system to identify all ADDP-enabled Digi ConnectPort X Family products attached to a
network by sending out a multicast packet. The Digi ConnectPort X Family products respond to the
multicast packet and identify themselves to the client sending the multicast.
ADDP communicates with the IP stack using UDP. The IP stack can receive multicast packets and
transmit datagrams on a network.
You can enable or disable access to ADDP service, but you cannot change the network port number for
ADDP from its default.
Secure Shell (SSH)
Digi ConnectPort X Family products support Secure Shell (SSH) as a connection method and the
following types of SSH connections: Reverse SSH and SSH Autoconnect. Limited use of SSH via SSH
client is available from the Linux command line/bash shell. For more information on these connections,
see Network connections and data paths. You can enable or disable access to Secure Shell network
services.
Generic Routing Encapuslation (GRE passthrough/Encapsulating Security Payload
(ESP) passthrough
GRE and ESP are routing protocols that route (tunnel) various types of information between networks.
GRE applies to the encapsulation of IP datagrams tunneled through the Internet. The encapsulation
includes security, typically in the form of IPsec (IP security), and is most commonly found in VPN
(Virtual Private Network) implementation. RFC (Request For Comment) 1701 and 1702 define these
standards. Similarly, you can use ESP in conjunction with IPsec as a possible way of carrying IP
packets for a Virtual Private Network (VPN) setup. ESP is defined in RFC 2406.
In ESP passthrough and GRE passthrough, inbound IPsec ESP or GSP protocol traffic is forwarded to a
VPN device connected to the Digi device’s Ethernet port.
Note If you are using an Auto-key Internet Key Exchange (IKE)-based VPN, UDP port 500 must also be
forwarded.
Digi ConnectPort X Family
32
�Introduction
Digi ConnectPort X Family features
Mobile/cellular features and protocol support
Key cellular features in cellular-enabled Digi devices include:
n GSM: GPRS, EDGE, UMTS, HSPA, SMS
n
CDMA: 1xRTT, EV-DO (Revs 0 and A)
n
IPsec ESP / IKE
n
IP passthrough, also known as bridge mode
n
3-5 volt SIM card
n
Signal-strength LEDs
Provisioning wizard
For Digi devices equipped with a Code-Division Multiple Access (CDMA)-based cellular modem, the
Mobile Device Provisioning Wizard is available in the web interface to properly configure the Digi
device with the required configuration used to access the mobile network. The wizard allows for both
automatic and manual provisioning for a variety of mobile service providers.
Digi SureLink™
Digi ConnectPort X Family support the Digi SureLink feature. Digi SureLink provides an “always-on”
mobile network connection to ensure that a Digi device is in a state where it can connect to the
network. It does this through hardware reset thresholds and periodic tests of the connection.
Mobile/cellular protocols
Mobile/cellular protocols supported include, unless otherwise noted:
n Global System for Mobile communication (GSM).
n
General Packet Radio Service (GPRS).
n
Enhanced Data Rates for GSM Evolution (EDGE).
n
Universal Mobile Telecommunications Service (UMTS).
n
High Speed Packet Access (HSPA).
n
Code-Division Multiple Access (CDMA).
n
Evolution-Data Optimized (EV-DO, EVDO, or 1xEV-DO).
n
Short Message Service (SMS), currently for GSM cellular products only. Digi cellular gateways
implement an SMS-based protocol that allows managing devices by sending SMS commands
from anywhere SMS messages can be sent. See Short Message Service (SMS) settings.
n
Wi-MAX.
RealPort software
Digi’s RealPort software leverages the TCP/IP network infrastructure to provide a virtual connection
to serial devices. The software is installed directly on the server and allows applications to talk to
devices via a Digi device server or terminal server over a network.
RealPort software is a COM port redirector that allows multiple connections to multiple ports over a
single TCP/IP connection. This means RealPort supports the maximum number of remote devices. The
number is restricted only by the operating system and server processing power.
Digi ConnectPort X Family
33
�Introduction
Digi ConnectPort X Family features
Other unique features include full hardware and software flow control, as well as tunable latency and
throughput. With these, RealPort ensures optimum performance since data transfer is adjusted
according to specific application requirements. It also provides connection recovery—after a network
interruption RealPort automatically reconnects the device to the COM port without the application
knowing there was a failure.
Encrypted RealPort
Digi ConnectPort X Family devices also support RealPort software with encryption. Encrypted
RealPort offers a secure Ethernet connection between the COM or TTY port and a device server or
terminal server. Encryption prevents internal and external snooping of data across the network by
encapsulating the TCP/IP packets in an SSL connection and encrypting the data using Advanced
Encryption Standard (AES).
Digi’s RealPort with encryption driver has earned Microsoft’s Windows Hardware Quality Lab (WHQL)
certification.
Drivers are available for a wide range of operating systems, including Microsoft Windows and Linux x32
and x64 based operating systems, as well as other versions of Unix. See the RealPort Compatibility OS
List in the Digi Knowledge Base for a detailed list of supported operating systems. It is ideal for
financial, retail/point-of-sale, government, or any application requiring enhanced security to protect
sensitive information.
Alarms
You can configure Digi ConnectPort X Family products to issue alarms, in the form of email messages
or SNMP traps, when certain device events occur, including:
n Data patterns detected in the data stream
n
Cellular alarms for signal strength and amount of cellular traffic for a given period of time
Configuring Digi devices to issue alarms allows you to know when events occur. For more information
on configuring alarms, see Alarms Configuration.
Modem emulation
Digi ConnectPort X Family devices include a configuration profile that allows the device to emulate a
modem. Modem emulation sends and receives modem responses to a serial device over TCP/IP
(including Ethernet and cellular) instead of Public Switched Telephone Network (PSTN). The modem
emulation profile allows you to maintain a current software application but using it over the less
expensive Ethernet network. In addition, you can enable or disable telnet processing on the incoming
and outgoing modem-emulation connections. For information on the modem-emulation commands
that Digi ConnectPort X Family products support, see the Digi Connect® Family Command Reference.
See Select Port Profile for more information.
Security features in Digi devices
This section covers Digi ConnectPort X Family security features.
Secure access and authentication
Security features include the following:
n Provide customized permissions controls to locally defined users. The local definitions apply
irrespective of whether Radius is used for authentication.
n
Unique default password for each device.
Digi ConnectPort X Family
34
�Introduction
Digi ConnectPort X Family features
n
Issue passwords for device users.
n
Selectively enable/disable network services such as ADDP, RealPort, Encrypted RealPort,
HTTP/HTTPS, LPD, remote login, remote shell, SNMP, and telnet.
n
Control access to inbound ports.
n
Control access to specific devices, IP addresses, or networks through IP filtering.
n
Secure sites for configuration: HTML pages for configuration have appropriate security.
Encryption
Encrypted RealPort offers encryption for the Ethernet connection between the COM/TTY port and the
Digi ConnectPort X Family product. Encryption prevents internal and external snooping of data across
the network by encapsulating the TCP/IP packets in an SSL connection and encrypting the data using
the Advanced Encryption Standard (AES) security algorithm.
Encryption methods are as follows:
n
n
Strong TLS V1.0-based encryption:
l
DES (64-bit)
l
3DES (192-bit)
l
AES (128/192/256-bit)
l
IPsec ESP: DES, 3DES, AES
Wireless Digi Connect products provide Wi-Fi Protected Access (WPA/WPA2—/802.11i) and
Wired Equivalent Privacy (WEP) encryption (64-/128-bit). Supported WPA/WPA2—/802.11i
authentication methods include:
Supported WPA authentication methods
EAP-TLS
PEAP
EAP/TTLS
LEAP
EAP-PEAP/MSCHAPv2 (both PEAPv0 and
EAP-TTLS/EAP-MD5-
(WEP only)
PEAPv1)
Challenge
EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
EAP-TTLS/EAP-GTC
EAP-TTLS/EAP-OTP
EAP-PEAP/MD5-Challenge (both PEAPv0 and
PEAPv1)
EAP-TTLS/EAP-MSCHAPv2
EAP-TTLS/EAP-TLS
EAP-TTLS/MSCHAPv2
EAP-TTLS/MSCHAP
EAP-TTLS/PAP
EAP-TTLS/CHAP
Digi ConnectPort X Family
35
�Introduction
Network connections and data paths
SNMP security
You can configure SNMP set commands to use SNMP read-only. Digi recommends changing the public
and private community names to prevent unauthorized access to the Digi device.
Network Port Scan Cloaking
The Network Port Scan Cloaking feature allows you to configure this Digi device to ignore (discard)
received packets for services that are hidden or not enabled and network ports that are not open. You
can use this feature to protect your Digi device from malicious software or denial of service attacks.
For more information, see Network Port Scan Cloaking.
Configuration management
Once a Digi ConnectPort X device is configured and running, you may need to periodically perform the
following configuration-management tasks:
n Copy configurations to and from a remote host
n
Perform the following on the Digi device:
l
Update the firmware
l
Reset the factory settings
l
Manage the device files and memory
l
Reboot the device
For more information on these configuration-management tasks, see Administration.
Customization capabilities
You can customize several aspects of Digi devices. For example, you can:
n Customize the appearance of the device interface by changing the company logo or screen
colors.
n
Run custom Python applications.
n
Define the custom factory defaults that the devices use to restore factory default settings.
Network connections and data paths
Digi ConnectPort X Family devices allow for several kinds of connections and paths for data flow
between Digi ConnectPort X Family devices and other entities. You can group these connections into
two main categories:
n Network services, in which a remote entity initiates a connection to a Digi device.
n
Network/serial clients, in which a Digi device initiates a network connection or opens a serial
port for communication.
The following topics describe the effects of enabling features and selecting settings when configuring
Digi ConnectPort X Family devices.
Network services
A network service connection occurs when a remote entity initiates a connection to a Digi device.
There are several categories of network services:
Digi ConnectPort X Family
36
�Introduction
Network connections and data paths
n
Network services associated with specific ports
n
Network services associated with serial ports in general
n
Network services associated with the command-line interface
Network services associated with specific ports
The following list details network services associated with specific ports.
n Reverse telnet: A remote entity establishes a telnet connection to a Digi serial port. Data
passes transparently between the telnet connection and a named serial port.
n
Reverse raw socket: A remote entity establishes a raw TCP socket connection to a Digi serial
port. Data passes transparently between the socket and a named serial port.
n
Reverse TLS socket: A remote entity establishes an encrypted raw TCP socket connection to a
Digi serial port. Data passes transparently to and from a named serial port.
n
LPD: A remote entity establishes a TCP connection to a named serial port. The Digi device
interprets the LPD protocol and sends a print job out of the serial port.
n
Modem emulation, also known as pseudo-modem (pmodem): A remote entity establishes a
TCP connection to a named serial port. This connection is “interpreted” as an incoming call to
the pseudo-modem.
Network services associated with serial ports in general
The following list details network services associated with serial ports in general.
n RealPort: A single TCP connection manages (potentially) multiple serial ports.
n
Modem emulation, also known as pseudo-modem (pool): A TCP connection to the “pool” port
is interpreted as an incoming call to an available pseudo-modem in the “pool” of available port
numbers.
n
rsh: Digi ConnectPort X Family products support a limited implementation of the remote shell
(rsh) protocol, in that a single service listens to connections and allows a command to be
executed. Only one class of commands is allowed: a single integer that specifies which serial
port to connect to. Otherwise, the resulting connection is somewhat similar to a reverse telnet
or reverse socket connection.
n
DialServ: Connecting a DialServ device to the serial port. DialServ simulates a public switched
telephone network (PSTN) to a modem and forwards the data to the serial port. The Digi
device sends and receives the data over an IP network.
n
Reverse SSH: An encrypted TCP socket is available for each port that provides a direct
connection to the designated serial port.
Network services associated with the command-line interface
The following list details network services associated with the command line interface (CLI).
n Telnet: Use telnet to directly access a Digi ConnectPort X command-line interface.
n
Rlogin: Perform a remote login (rlogin) to a Digi ConnectPort X command-line interface.
Digi ConnectPort X Family
37
�Introduction
Network connections and data paths
Network/serial clients
A network/serial client connection occurs when a Digi ConnectPort X product initiates a network
connection or opens a serial port for communication. There are several categories of network/serial
client connections:
n Autoconnect behavior client connections
n
Command-line interface (CLI)-based client connections
n
Modem emulation (pseudo-modem) client connections
Autoconnect behavior client connections
In client connections that involve autoconnect behaviors, a Digi ConnectPort X Family product initiates
a network connection based on timing, serial activity, or serial modem signals. Autoconnect-related
client connections include:
n Raw TCP connection: The Digi ConnectPort X Family initiates a raw TCP socket connection to
a remote entity.
n
Telnet connection: The Digi ConnectPort X Family initiates a TCP connection using the telnet
protocol to a remote entity.
n
Raw TLS encrypted connection: The Digi ConnectPort X Family initiates an encrypted raw
TCP socket connection to a remote entity.
n
Rlogin connection: The Digi ConnectPort X Family initiates a TCP connection using the rlogin
protocol to a remote entity.
Command-line interface (CLI)-based client connections
CLI-based client connections are available for use when you establish a session with the Digi
ConnectPort X Family product’s CLI. CLI-based client connections include:
n ssh: Allows you to connect to a remote entity using the ssh protocol.
n
telnet: Allows you to connect to a remote entity using the telnet protocol.
n
rlogin: Allows you to connect to remote entity using the rlogin protocol (bash only).
n
scp: Allows you to transfer files (bash only).
n
connect: Begin communicating with a local serial port.
Note Additional communication methods include using a bash shell such as scp, tftp, nc, or using
Python.
Modem emulation (pseudo-modem) client connections
When a port is in the modem-emulation or pseudo-modem mode, it can initiate network connections
based on AT command strings received on the serial port. See the Digi Connect® Family Command
Reference on www.digi.com for modem emulation AT commands.
Digi ConnectPort X Family
38
�Get started with Digi ConnectPort X Family products
This section walks you through configuring an IP address and signing in to your Digi ConnectPort X
device.
Verify product components
Install the SIM card
Attach the Ethernet cable
Connect the hardware and power on the device
Assign an IP address
Sign in to the web interface
Complete device set up
Digi ConnectPort X Family
40
41
41
42
42
44
46
39
�Get started with Digi ConnectPort X Family products
Verify product components
Verify product components
Verify that you have the following included equipment.
Note A loose label sticker that includes the unique device password is included in the box. Retain this
label sticker with your hardware records. This default password will be needed if the device is factory
reset.
Included equipment
Equipment
Description
Connect Port X4 H
Cellular/WiMax antenna
Ethernet cable
Digi ConnectPort X Family
40
�Get started with Digi ConnectPort X Family products
Equipment
Install the SIM card
Description
Wire whip antenna
Install the SIM card
You must install a SIM card if you want to use a cellular connection. There are two SIM card slots on
the circuit board. The primary slot is the slot closest to the lid, and the secondary slot is the slot
farthest from the lid.
Note If your device does not use a SIM card, you can skip this step.
There are two SIM card slots on the circuit board. If you are only using one SIM, insert it into the
primary SIM slot, which is the slot closer to the top of the product.
1. Open the device.
2. Insert the SIM card(s). If you are only using one SIM card, insert it into the primary SIM slot.
a. Insert the primary SIM card in the primary SIM slot, which is the slot closest to the
lid. You must insert the chamfered edge of the SIM card first with the contacts face
down. When properly inserted, the SIM card clicks into place.
b. Insert the secondary SIM card in the secondary SIM slot, which is the slot furthest
from the lid. You must insert the chamfered edge of the SIM card first with the
contacts face up. When properly inserted, the SIM card clicks into place.
3. Close the device. If you are going on to connect an Ethernet cable, you can leave the lid open.
Note If you do close the device, Digi recommends that you use 2.5 inches per pound of torque
when tightening the screws. You should tighten the screws in a criss-cross pattern to ensure
that the cover is not bent or skewed during this process.
Attach the Ethernet cable
You can attach an Ethernet cable to the device so that you configure your device using the local web
user interface. The Ethernet cable is attached inside the device.
Note You can also route an Ethernet cable outside the device enclosure. See Cable fittings.
Digi ConnectPort X Family
41
�Get started with Digi ConnectPort X Family products
Connect the hardware and power on the device
1. Open the device if it is not already open.
2. Connect one end of the Ethernet cable to the ConnectPort X4 H.
3. Connect the other end of the Ethernet cable to your PC.
4. Close the device.
Note Digi recommends that you use 2.5 inches per pound of torque when tightening the
screws. You should tighten the screws in a criss-cross pattern to ensure that the cover is not
bent or skewed during this process.
Connect the hardware and power on the device
You can connect the antennas.
1. Connect the wire whip antenna.
2. Connect the cellular antenna.
3. Connect the AC power cord to a proper power source and power up the device.
4. After you have connected all the hardware, you must configure the unit. For configuration
information, see the ConnectPort X4 Getting Started Guide, which you can download from
www.digi.com/support/ConnectPortX4.
Assign an IP address
This section describes how to assign an IP address to Digi ConnectPort X products and manage that
IP address.
Default IP address and DHCP settings
All products that have a cellular (WAN) interface ship with a static IP address for the Ethernet port of
192.168.1.1 and DHCP server enabled by default. Therefore, simply connecting a laptop computer to
the Ethernet port of these products allows direct access to the web interface for configuration.
Configure the Ethernet port on the laptop to automatically receive an IP address and DNS server
address.
All products that only have an Ethernet or Wi-Fi (LAN) interface ship with DHCP client enabled by
default. Accessing the web interface on these products is most easily done by connecting it to a LAN
that has a DHCP server.
To discover the IP address assigned to the device, use the Device Discovery Utility for Windows. See
Use Digi Device Discovery utility to sign in to the web interface for more information.
Configure IP addresses
You can use any of the following methods to assign an IP address to a Digi device:
n Use Dynamic Host Configuration Protocol (DHCP) from the web interface.
n
Use the command-line interface.
n
Use Automatic Private IP Addressing (APIPA), also known as Auto-IP.
Digi ConnectPort X Family devices have two IP addresses: one for Ethernet and one for cellular. The
pre-defined default Ethernet Port IP address is 192.168.1.1.
Digi ConnectPort X Family
42
�Get started with Digi ConnectPort X Family products
Assign an IP address
Assign an IP address using DHCP
You can assign an IP address using Dynamic Host Configuration Protocol (DHCP). DHCP is an Internet
protocol for automating the configuration of computers that use IP. You can use DHCP to
automatically assign IP addresses and deliver IP stack configuration parameters.
All products that have a cellular (WAN) interface ship with static IP address for the Ethernet port of
192.168.1.1 and DHCP server enabled by default. All products that only have an Ethernet or Wi-Fi (LAN)
interface ship with DHCP client enabled by default.
If desired, set up a permanent entry for the Digi device device on a DHCP server. While this is not
necessary to obtain an IP address via DHCP, setting up a permanent entry saves the IP address when
the device is rebooted.
For more information on DHCP server configuration, see DHCP server settings.
Assign an IP address using Auto-IP
The standard Automatic Private IP Addressing (APIPA or Auto-IP) protocol automatically assigns the
IP address from a group of reserved IP addresses to the device on which Auto-IP is installed. Use Digi
Device Discovery or ADDP to find the Digi device and assign it a new IP address that is compatible with
your network. When you plug in the device, Auto-IP automatically assigns the IP address. Auto-IP
addresses are typically in the 169.254.x.x address range. See Use Digi Device Discovery utility to sign in
to the web interface for instructions on using Digi Device Discovery.
Assign an IP address from the command-line interface
Use the set network command to configure an IP address from the command line. The set network
command includes the following parameters:
n ip=device ip: The IP address for the device.
n
gateway=gateway: The network gateway IP address.
n
garp=seconds: The frequency of Gratuitous ARP (GARP) announcements, in seconds, which are
a broadcast announcement to the network of a device’s MAC address and the IP address.
n
submask=device submask: The device subnet mask for the IPaddress.
n
dhcp=off: Turns off use of the Dynamic Host Configuration Protocol (DHCP), so that the IP
address assigned is permanent.
n
static=on: Specifies that the IP address is static, and will remain as the specified IP address,
gateway, and submask.
For example:
set network ip=10.0.0.100 gateway=10.0.0.1 submask=255.255.255.0 dhcp=off static=on
Assign an IP address from the web interface
Normally, you assign IP addresses to Digi ConnectPort X Family devices through DHCP. This procedure
assumes that the Digi ConnectPort X Family device already has an IP address and you simply want to
change it.
To change the IP address from the web interface:
1. Open a web browser and type the current IP address of the device in the address bar. A login
dialog displays.
Digi ConnectPort X Family
43
�Get started with Digi ConnectPort X Family products
Sign in to the web interface
2. Enter the default user name and password for the device.
n
User name: The default user name is root.
n
Password: The unique default password is printed on the device label. If the password is
not on the device label, the default password is dbps. If neither of the defaults work,
the password may have been updated. Contact your system administrator.
Note If this is the first time you have logged into the web interface, you are required to change
the password.
3. Click Network to access the Network Configuration page.
4. On the IP Settings page, select Use the following IP address.
5. Type the IP address, subnet mask, and gateway settings.
6. Click Apply to save the configuration.
IP addresses and Remote Manager
From the Remote Manager interface, you can only change the Ethernet/LAN address for a Digi device;
you cannot assign an address. The mobile/cellular device is typically provided by the mobile service
provider; check with your mobile service provider on how they handle addresses. To change the IP
address, open the web interface for based on the IP address the device has and go
Configuration > Network > IP Settings. On the IP Settings page, type the new IP address, subnet
mask, and gateway.
Test the IP address assignment
To verify the IP address works as configured:
1. Access the command line of a computer or other networked device.
2. Issue the following command:
ping ip-address
where ip-address is the IP address assigned to the Digi device. For example:
ping 192.168.2.2
Sign in to the web interface
After you successfully assign an IP address to your device, you can sign in to the device's web interface
using either of the following:
n Web browser
n
Digi Device Discovery utility
Use a web browser to sign in to the web interface
To access the web interface for a Digi device using a browser:
Digi ConnectPort X Family
44
�Get started with Digi ConnectPort X Family products
Sign in to the web interface
1. Open a web browser and type the current IP address of the Digi ConnectPort X Family device in
the address bar. A login dialog displays.
2. Enter the default user name and password for the device.
n
User name: The default user name is root.
n
Password: The unique default password is printed on the device label. If the password is
not on the device label, the default password is dbps. If neither of the defaults work,
the password may have been updated. Contact your system administrator.
Note If this is the first time you have logged into the web interface, you are required to change
the password.
3. The Home page appears. See Home page for an overview of the Home page and other linked
pages.
Note If password authentication is enabled, the idle timeout automatically logs users out of
the web interface after 5 minutes of inactivity.
Use Digi Device Discovery utility to sign in to the web interface
To discover the Digi device and open the web interface:
1. Go to your product's support page:
n
Digi ConnectPort X2
n
Digi ConnectPort X4
n
Digi Connect SP
n
Digi Connect ES
n
Digi ConnectPort TS
2. Click the Support tab.
3. Scroll down and click All Support Resources.
4. Under Resources & Utilities, click Device Discovery Utility for Windows - Standalone
version or Device Discovery Utility for Windows - Installable version.
The standalone version runs the utility immediately after the download is complete. The
installable version installs the utility on your computer and adds it to a program group in the
Start menu named Digi > Digi Device Discovery.
5. Click Run on the two dialogs. The standalone version of the utility starts immediately.
For the installable version, an installation wizard appears. Follow the prompts to complete the
installation. To start the utility, select Start > All Programs > Digi > Digi Device Discovery >
Digi Device Discovery.
Digi ConnectPort X Family
45
�Get started with Digi ConnectPort X Family products
Complete device set up
6. From the Digi Device Discovery utility, locate the Digi device in the list of devices, and choose
one of the following options:
n
Double-click the Digi device to open the web interface.
n
Select the Digi device from the list and select Open web interface in the Device Tasks
list.
7. A login dialog displays. Enter the default user name and password for the device.
n
User name: The default user name is root.
n
Password: The unique default password is printed on the device label. If the password is
not on the device label, the default password is dbps. If neither of the defaults work,
the password may have been updated. Contact your system administrator.
Note If this is the first time you have logged into the web interface, you are required to change
the password.
Complete device set up
1. Remove power from the unit by disconnecting the power source.
2. Remove the Ethernet cable.
3. Close the device.
a. Close the lid. The lid is hinged to the base on the power cord side.
b. Replace the screws that were removed when you opened the lid.
Note Digi recommends that you use 2.5 inches per pound of torque when tightening
the screws. You should tighten the screws in a criss-cross pattern to ensure that
the cover is not bent or skewed during this process.
4. Restore power to the unit by reconnecting the power source. The unit is now ready to use.
Digi ConnectPort X Family
46
�Hardware
This section details requirements and recommendations for Digi ConnectPort X Family hardware. See
also Specifications and certifications and System status LEDs.
Open and close the device enclosure
Hardware installation for ConnectPort X4 H
SIM card slots
Power cable fitting
Optional Ethernet hub feature
Digi ConnectPort X Family
48
48
53
54
55
47
�Hardware
Open and close the device enclosure
Open and close the device enclosure
You will need a screwdriver to open and close the device enclosure.
Open the enclosure
1. Remove the six screws on the lid.
2. Open the lid. The lid is hinged to the base on the power cord side.
Close the enclosure
1. Close the lid. The lid is hinged to the base on the power cord side.
2. Replace the screws that were removed when you opened the lid.
Note Digi recommends that you use 2.5 inches per pound of torque when tightening the
screws. You should tighten the screws in a criss-cross pattern to ensure that the cover is not
bent or skewed during this process.
Hardware installation for ConnectPort X4 H
This section provides information for connector pinouts, cable fittings, and antenna options.
Connector pinouts
The ConnectPort X4 H has three connectors
n The 2-pin power connector is properly wired before shipping.
n
The 9-pin RS-232, RS-422, and RS-485 connector must be wired by the customer according to
the wiring diagram and pinout table.
Digi ConnectPort X Family
48
�Hardware
Hardware installation for ConnectPort X4 H
n
The 14-pin input/output connector must also be wired by the customer according to the wiring
diagram and pinout table. If you have purchased a 2-analog 2-digital input version of this
product, Input/Output 1 and Input/Output 2 are the two analog inputs, and Input/Output 3 and
Input/Output 4 are the two digital inputs. Pins 13 and 14 provide power and ground for an
optional Ethernet hub.
2-pin power connector pinouts
Pin
Function
1
+9 to 30 VDC N
2
GND
9-pin RS-232, RS-422, and RS-485-connector-pinouts
RS-232
RS-422
RS-485
Pin
Function
Pin
Function
Pin
Function
1
CD
1
CTS(-)
1
CTS(-)
2
RXD
2
RXD(+)
2
485(+)
3
TXD
3
TXD(+)
3
N/A
4
DTR
4
RTS(-)
4
RTS(-)
5
GND
5
GND
5
GND
6
DSR
6
RXD(-)
6
485(-)
7
RTS
7
RTS(+)
7
RTS(+)
8
CTS
8
CTS(+)
8
CTS(+)
9
RI
9
TXD(-)
9
N/A
14-pin input/output connector pinouts
Pin
Function
1
+24VDC sensor power
Digi ConnectPort X Family
49
�Hardware
Hardware installation for ConnectPort X4 H
Pin
Function
2
GND
3
Analog/Digital Input/Output 1
4
+24VDC sensor power
5
GND
6
Analog/Digital Input/Output 2
7
+24VDC sensor power
8
GND
9
Analog/Digital Input/Output 3
10
+24VDC sensor power
11
GND
12
Analog/Digital Input/Output 4
13
+24VDC for auxiliary power
14
GND for auxiliary power
Maximum power usage on sensor power lines
You can share a maximum of 300mA between all 5 24V power taps on the 14-pin connector.
Analog and digital I/O specifications
The number of analog and digital input/output ports varies among ConnectPort X4 H models. There
are three basic variants:
4 analog I/O
4 digital I/O
2 analog I/O / 2 digital I/O
Specifications for the analog and digital I/O follow.
Analog input/output specifications
Specifications for analog input and output on ConnectPort X4 H models are as follows:
Digi ConnectPort X Family
50
�Hardware
Hardware installation for ConnectPort X4 H
Analog Mode
Specification
Value
0-10 volt mode
Minimum input
0 VDC
Maximum input
+10.25 VDC
Minimum safe input
Current Loop (4 mA to 20 mA)
mode
All modes
Maximum safe input
+11 VDC
Input impedance
Differs by XBee RF protocol:
XBee ZB: 28200 ohms
XBee 802.15.4: 43600 ohms
XBee 868, XBee DigiMesh 900:
43600 ohms
Minimum input
0 mA
Maximum input
23.5 mA
Minimum safe input
-.5 VDC
Maximum safe input
40 mA
Input impedance
Differs by XBee RF protocol:
XBee ZB: 51.1 ohms
XBee 802.15.4:, XBee 868, XBee
DigiMesh 900: 120 ohms
Resolution
10 bits
Accuracy
Differs by XBee RF protocol:
XBee ZB, XBee 802.15.4: 0.2%
XBee 868, XBee DigiMesh 900:
0.4%
CAUTION! Exceeding the maximum or minimum safe values will result in damage to the
unit.
Digital input/output specifications
Specifications for digital input and output on ConnectPort X4 H models are as follows:
Digi ConnectPort X Family
51
�Hardware
Hardware installation for ConnectPort X4 H
Digital mode
Specification
Value
Digital Input
Input type
Non-inverting Schmitt trigger
gate
Positive-going switching
threshold
~1.6 VDC
Negative-going switching
threshold
~1.0 VDC
Minimum input
0 VDC
Maximum input:
+30 VDC
Minimum safe input
-0.5 VDC
Maximum safe input
+31 VDC
Input impedance
1.5 Megaohms
Default level when no input
applied
Low
Output type
Open collector sinking driver
Maximum sink current
1.8 ADC
Minimum output voltage
0 VDC
Maximum output voltage
+30 VDC
Minimum safe output
-0.5 VDC
Maximum safe output
+31 VDC
Resistor pullups
10K ohms pulled up to 3VDC;
switch-selectable
Digital Output
CAUTION! Exceeding the maximum or minimum safe input values will result in damage
to the unit.
Cable fittings
To route serial, Ethernet or sensor cables outside the enclosure, and maintain IP66 rating, you can
replace the three hole plugs with cable fittings, available in different diameters. You can purchase
these cable fittings separately from Digi.
To wire sensors through cable fittings:
1. If you are routing an Ethernet cable, connect one end of the Ethernet cable to the Ethernet
port on the device.
2. Locate cord grip to attach sensor. Different diameter cord grips are available for different
sensors, please contact Digi for purchase.
Digi ConnectPort X Family
52
�Hardware
SIM card slots
3. Wire sensor to the 14-pin connector plug using the pinout guide provided in the enclosure or in
Connector pinouts. You can wire up to 4 sensors into the 14-pin connector.
Note Ensure that all cable fittings are tightened and all empty holes are plugged before use to
maintain environmental rating.
Antenna options and connectors
ConnectPort X4 H has two antenna connectors, one for cellular networks and the other for XBee
networks. Connect the antennas that come with the unit you purchased.
SIM card slots
There are two SIM card slots on the circuit board. If you are only using one SIM, insert it into the
primary SIM slot (the slot closer to the top of the product) as shown.
Note For ConnectPort X4 H, the SIM cards slots are on the underside of NEMA enclosure cover. When
the cover is opened to insert the SIM card, the primary SIM card slot is the lower of the two slots, and
may be difficult to access for inserting the card. Consider using the secondary card slot.
The metal contacts on the SIM card should face down. Insert the chamfered edge first. When properly
inserted, the SIM card clicks into place. SIM cards ensure cellular connectivity throughout the lifetime
of the product.
Digi ConnectPort X Family
53
�Hardware
Power cable fitting
SIM card activation
The SIM card must be activated for cellular service. Contact your mobile service provider and see
Mobile (Cellular) Settings.
Configuration settings and status information
There are several firmware settings for SIM cards, for selecting between dual SIM cards, designating
primary and secondary SIM cards, setting ID and phone numbers, and viewing status. See SIM card
selection and settings.
Power cable fitting
Class 1, Div 2 units
WARNING! Do not plug in or apply power to the unit until all connections are made to
the unit in the following steps.
For customers who have purchased a C1D2-approved unit with cable and conduit to wire into the
main power supply:
1. Ensure that the mains power to the junction box where the cable is to be wired into is off.
2. Wire the exposed end of the cable into the junction box using approved C1D2 wiring regulations
per National Electrical Code Article 501 (if located in the United States) and other regulations
applicable to the locality where it is installed.
See the following table for information on wiring this cable to the junction box. The mains
voltage for this unit needs to be between 100VAC and 240VAC, 50Hz to 60 Hz, and be able to
supply a minimum of 24 Watts.
Power Supply Phoenix Connector Pin
Function
Cable Wire Color
Number
Frame Ground (FG)
Green
1
Neutral (N)
White
2
Line (L)
Black
3
Use the blue reset button inside the unit to disconnect/reconnect power for units that are
hard-wired to power.
Non-Class 1, Div 2 units
For customers who have purchased a non-C1D2 approved unit with a standard power cord with a plug
on the end:
Digi ConnectPort X Family
54
�Hardware
Optional Ethernet hub feature
You c an plug the unit into a standard matching wall outlet that has an output between 100VAC to
240VAC, 50Hz to 60Hz, and capable of supplying at least 24 Watts.
There are three power-cord options available: U.S.A 120V, European 240V, and U.K. 240V.
Optional Ethernet hub feature
The Ethernet hub for the ConnectPort X4 H is pre-wired to pins 13 and 14 of the 14-pin Phoenix sensor
connector for power and ground. It also comes with an Ethernet cable connecting one of the five
Ethernet ports to the Ethernet connector in the main board (you can use any port). You can use the
remaining four ports as desired.
Digi ConnectPort X Family
55
�Overview: Configuration, monitoring, and
administration
This section provides an overview for configuring, monitoring, and administering Digi devices.
Configuration capabilities
Digi Device Discovery utility
Remote Manager interface
Web interface
Accessing the command-line interface
Remote Command Interface (RCI)
SNMP
Monitoring capabilities and interfaces
Digi ConnectPort X Family
57
57
57
59
60
60
61
63
56
�Overview: Configuration, monitoring, and administration
Configuration capabilities
Configuration capabilities
Configuration options provide settings for the following features:
n Network Configuration: Specifies IP address settings, network service settings, and advanced
network settings.
n
Mobile (Cellular) Configuration: Specifies the mobile service provider and mobile connection
settings for the device.
n
Serial Ports Configuration: Specifies serial port characteristics for the device.
n
Alarms: Defines conditions that trigger alarms and notifications for alarms.
n
System Configuration: Provides system-identifying information, such as a device description,
device location, and contact information.
n
Security/Users: Configures security features, such as enabling password authentication for
device users.
Digi Device Discovery utility
The Digi Device Discovery utility:
n Locates Digi devices on a network
n
Allows you to open the web interface for discovered devices
n
Allows you to configure network settings and reboot the device
Download the Digi Device Discovery utility.
In addition to quickly locating devices, the utility also lists device information, such as the device
address, firmware version, and whether it has been configured. It runs on any operating system that
can send multicast IP packets to a network. It sends out a User Datagram Protocol (UDP) multicast
packet to all Digi devices on the network. Digi devices that support ADDP reply to the UDP multicast
with their configuration information. Even Digi devices that do not yet have an assigned IP address or
are misconfigured for the subnet can reply to the UDP multicast packet and appear in the device
discovery results.
Note Personal firewalls, Virtual Private Network (VPN) software, and certain network equipment can
block device discovery. Firewalls block UDP ports 2362 and 2363 that ADDP uses to discover devices.
You can enable or disable access to the ADDP service, but you cannot change the network port
number for ADDP.
See Use Digi Device Discovery utility to sign in to the web interface for instructions on using the utility
to sign in to the Digi ConnectPort X Family web interface.
Remote Manager interface
Digi Remote Manager is a software-as-a-service platform that empower IT, network operations and
customer support organizations to manage the vast array of equipment in their device networks. As a
network grows, the complexity of effectively managing the network assets grows exponentially.
Remote Manager provides functionality that helps to manage the universal problems of a dynamic
device network:
n Centralized control over large numbers of devices
n
Reducing service complexity
Digi ConnectPort X Family
57
�Overview: Configuration, monitoring, and administration
n
Maintaining high levels of security
n
Provisioning and decommissioning of equipment
n
Adding functionality to device networks
Remote Manager interface
Additionally, you can group devices together, schedule various operations, and set alarm notifications.
For example, you can set an alarm to send a notification if a device disconnects or remains connected
longer than a specified period.
Some things to note about using Remote Manager:
n Devices must be registered in a Remote Manager account before you can access them.
n
To minimize network traffic, Remote Manager uses caching. As a result, device settings can be
out-of-sync between the device and the settings viewed on the console.
n
Device information refreshes on demand when the device is connected, and refreshes
automatically when a device connects.
For more information on Remote Manager as a remote device network management solution, see
these resources:
n Remote Manager User Guide
n
Remote Manager Programmer Guide
n
Remote Manager tutorials and other documents available on Digi's Knowledge Base
Configuration through Digi Remote Manager
Remote Manager is an on-demand service. After creating a Remote Manager account, you can
connect to Remote Manager. There are no infrastructure requirements. Remote devices and
enterprise business applications connect to Remote Manager via standards-based Web Services.
See the Remote Manager User Guide for details on:
n Using Remote Manager as a management interface
n
Creating a Remote Manager account
n
Adding your Digi ConnectPort X Family device to the Remote Manager device list so you can
manage it from that interface
Remote Manager monitoring capabilities
You can monitor and manage Digi ConnectPort X Family products from Remote Manager. For
example, you can:
n Display detailed state information and statistics about a device, such as device up time,
amount of used and free memory, network settings, XBee network overview and detailed
information on network nodes.
n
Manage mobile settings.
n
Monitor the state of the device’s connection and see a connection report and connection
history statistics.
n
Redirect devices to a to a different destination.
n
Disconnect devices.
n
Remove devices from the network.
Digi ConnectPort X Family
58
�Overview: Configuration, monitoring, and administration
Web interface
IPv6 support
Select Digi products support Internet Protocol version 6 (IPv6), electronic devices use this network
layer standard to exchange data across a packet-switched network. IPv6 is provides more addresses
for networked devices than IPv4.
The primary change from IPv4 to IPv6 is the length of network addresses. IPv4 address are 32 bits
long. In contrast, IPv6 addresses are 128 bits long and are typically composed of two logical parts: a
64-bit network prefix and a 64-bit host part, which is either automatically generated from the
interface’s MAC address or assigned sequentially.
IPv6 addresses are normally written as eight groups of four hexadecimal digits. For example:
3002:0ff2:63a5:0db8:42ae:0040:02de:3560. You can omit leading zeros in a group. If a four-digit group
is 0000, the zeros may be omitted, and that part of the address shortened to two consecutive colons,
provided you use only one double colon in the address. You can write a sequence of four bytes at the
end of an IPv6 address in decimal, using dots as separators.
IPv6 networks are written using CIDR notation.
An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a
power of two; the initial bits of addresses which are identical for all hosts in the network are called
the network's prefix.
A network is denoted by the first address in the network and the size in bits of the prefix, separated
with a slash. For example, 2001:1234:5678:9ABC::/64 stands for the network with addresses
2001:1234:5678:9ABC:: through 2001:1234:5678:9ABC:FFFF:FFFF:FFFF:FFFF.
Because you can see a single host as a network with a 128-bit prefix, you will sometimes see host
addresses written followed with /128.
Implementation of IPv6 in Digi products means that there are more ways in which you can express
addresses for devices and destinations:
n As an IPv4 address, for example 10.8.118.3.
n
As an IPv6 address in any of its accepted notation formats, including address notation with
special meanings, for example, 3002:0ff2:63a5:0db8:42ae:0040:02de:3560,
n
As a Fully Qualified Domain Name (FQDN), for example www.myhost.com or remote3.digi.com.
Use of an FQDN assumes there is a DNS server somewhere to resolve the name. For a DNS
server, it does not make sense to talk about a Fully Qualified Domain Name for it, since the
server itself is doing the resolving of names.
Digi’s implementation of IPv6 supports a dual stack. That is, each Digi device will have an IPv4 address
and potentially several IPv6 addresses:
n Link-local address: similar to AutoIP.
n
Site-local address: router-assigned.
Important Digi’s IPv6 implementation does not allow assignment of static IPv6 addresses. A Digi
device gets either a link-local or site-local address.
Web interface
Digi ConnectPort X Family devices provide a web interface for configuring and monitoring devices. See
Using the Digi ConnectPort X Family web interface.
You are required to log in to the web interface.
Digi ConnectPort X Family
59
�Overview: Configuration, monitoring, and administration
Accessing the command-line interface
n
User name: The default user name is root.
n
Password: The unique default password is printed on the device label. If the password is not on
the device label, the default password is dbps.
If the default user name and password does not work, they may have been updated. Contact your
system administrator. You are required to change the password from the default the first time you log
into the web interface.
Note Not all configuration options provided by the command-line interface (CLI) appears in the web
interface. If you need to configure more advanced options, see the Accessing the command-line
interface for instructions on accessing the CLI.
Accessing the command-line interface
You can configure Digi devices by issuing commands from the command line. The command-line
interface allows direct communication with a Digi device.
To access the command line from the Digi Device Discovery utility, click Telnet to command line.
For example, here is a command issued from the command line to assign the IP address to the
Ethernet interface:
#> set network ip=192.168.1.1
The command-line interface provides flexibility for making precise changes to device configuration
settings and operation. It requires you to have experience issuing commands and access to command
documentation.
You can access the command line through telnet or SSH TCP/IP connections or through a serial port
using terminal emulation software such as Hyperterminal. Access to the command line from serial
ports depends on the port profile in use by the port. By default, serial port command-line access is
allowed.
See Configure and manage the device using the Digi ConnectPort X Family command line interface for
more information on this interface. See the Digi Connect® Family Command Reference on www.digi.com
for command descriptions and examples of entering configuration commands from the command-line
interface. In addition, you can access online help for the commands by issuing the help and ?
commands.
Remote Command Interface (RCI)
The Remote Command Interface (RCI) is a programmatic interface for configuring and controlling Digi
devices. RCI is an XML-based request/response protocol that allows a caller to query and modify
device configurations, access statistics, reboot the device, and reset the device to factory defaults.
Unlike other configuration interfaces that are designed for a user, such as the command-line or web
interfaces, a program can use RCI. RCI access consists of program calls. For example, a custom
application running on a computer that monitors and controls an installation of many Digi devices.
You can use RCI to create a custom configuration user interface, or utilities that configure or initialize
devices through external programs or scripts.
RCI uses HTTP as the underlying transport protocol. Depending on the network configuration, use of
HTTP as a transport protocol could be blocked by some firewalls.
RCI is quite complex to use, requiring users to phrase configuration requests in Extensible Markup
Language (XML) format. It is a “power-user” option, intended for users who develop their own user
Digi ConnectPort X Family
60
�Overview: Configuration, monitoring, and administration
SNMP
interfaces, or implement embedded control (and thus potentially using RCI over serial) than for endusers with limited knowledge of device programming.
Not all actions in the web interface have direct equivalents in RCI.
For more details on RCI, see the Digi Connect Integration Kit and the Remote Command Interface (RCI)
Specification.
SNMP
Use SNMP to manage and monitor network devices. SNMP architecture allows you to:
n Manage nodes on an IP network, including servers, workstations, routers, switches and hubs
n
Manage network performance, find and solve network problems, and plan for network growth
SNMP is easy to implement in extensive networks. You can program new variables and drop in new
devices in a network. SNMP is widely used. It is a standard interface that integrates well with network
management stations in an enterprise environment.
However, because device communication is UDP-based, the communication is not secure. If you
require more secure communications with a device, use an alternate device interface. SNMP does not
allow you to perform certain tasks from the web interface, such as file management, uploading
firmware, or backing up and restoring configurations. Compared to the web or command-line
interfaces, SNMP is limited in its ability to set specific parameters, such as set port profile, is not
possible.
Accessing the SNMP interface requires a tool, such as a network management station. The
management station relies on an agent at a device to retrieve or update the information at the
device, including device configuration, status, and statistical information. This information is viewed as
a logical database, called a Management Information Base (MIB). MIB modules describe MIB variables
for a variety of device types and computer hardware and software components.
A variety of resources about SNMP are available, including reference books, overviews, and other files
on the Internet. For an overview of the SNMP interface and the components of MIB-II, go to
http://www.rfc-editor.org/search/rfc_search.php, and search for MIB-II. From the results, locate the
text file describing the SNMP interface, titled Management Information Base for Network
Management of TCP/IP-based Internets: MIB-II. You can also display the text of the Digi enterprise
MIBs. The product page for each product on the Digi website provides a link to the Digi-provided MIBs
for that product. See Simple Network Management Protocol (SNMP) for a list of supported MIBs.
For more information about using SNMP as a device monitoring interface, see SNMP device
monitoring capabilities.
Supported standard MIBs
The standard MIBs supported in Digi ConnectPort X Family are as follows:
n MIB-II (RFC 1213) This is a MIB for managing a TCP/IP network. It is an update of the original
MIB, now called MIB-I. MIB-II contains variable definitions that describe the most basic
information needed to manage a TCP/IP network. These variable definitions are organized into
several groups, such as groups for managing the system, network interfaces, address
translation, transmission media, and various protocols, including IP, ICMP, TCP, UDP, EGP, and
SNMP.
n
CHARACTER-MIB (RFC 1658).
n
RS-232-MIB (RFC 1659).
n
Digi-SMI MIB (Structure of Management Information).
Digi ConnectPort X Family
61
�Overview: Configuration, monitoring, and administration
SNMP
Supported Digi enterprise MIBS
In addition to the standard MIBs, the Digi ConnectPort X Family devices use several Digi enterprise
MIBs, including:
n Digi Connect Mobile Information MIB—A Digi enterprise MIB for handling and displaying device
information for mobile devices.
n
Digi Connect Wireless LAN MIB—A Digi enterprise MIB for handling and displaying basic device
information for wireless devices.
n
DIGI SERIAL ALARM TRAPS MIB—A Digi enterprise MIB for sending alarms as SNMP traps.
n
Digi Login Traps MIB—A Digi enterprise MIB that indicates when users attempt to sign into the
device, and whether the attempt was successful.
n
Digi Structures of Management MIB—A Digi enterprise MIB that provides data structures for
managing hosts and gateways on a network.
n
Digi Connect Mobile Traps MIB—A Digi enterprise MIB for sending alarms as SNMP traps for
mobile devices.
n
Digi Connectware Notifications MIB—This Digi enterprise MIB may be required by some SNMP
import facilities, as other MIBs may refer to it.
Digi ConnectPort X Family
62
�Overview: Configuration, monitoring, and administration
Monitoring capabilities and interfaces
Download a Digi MIB
To download a Digi MIB:
1. Locate the support page for your product:
n
DigiConnectPort X2
n
DigiConnectPort X4
2. Under Product Support, click the Utilities tab.
3. Locate the MIB you want to view under General Diagnostics, Utilities, and MIBs.
Additional SNMP resources
A variety of resources about SNMP are available, including reference books, overviews, and other files
on the Internet.
Monitoring capabilities and interfaces
Monitoring Digi devices includes the following tasks:
n Checking device status
n
Checking runtime state
n
Viewing serial port operations
n
Reviewing network statistics
n
Managing connections
As with device configuration, there are several interfaces available for monitoring Digi devices,
including:
n Web interface embedded with the product
n
SNMP
n
Command-line interface
n
Device Manager
Remote manager
In Remote Manager, you can sort monitoring capabilities by the server and the devices managed by
the server. The information is available in logs, which you can generate into reports. When available,
the reports post linked totals that you can drill back to the original devices that make up the activity
of the report.
Remote Manager is well-suited to managing ConnectPort X Family devices and the networks in which
the devices reside. Advantages include:
n Ability to view an entire network
n
Multiple networks at once
n
Ease in viewing signal strength, link quality, and alarms
Web interface
The web interface has the following screens for monitoring Digi devices:
Digi ConnectPort X Family
63
�Overview: Configuration, monitoring, and administration
n
Network Status
n
Mobile connection status
n
Serial Port Management:
l
Each port
l
Port description
l
Current profile
l
Current serial configuration
Monitoring capabilities and interfaces
n
Connections Management: A display of all active system connections.
n
System Information:
l
General device information
l
Serial port information for each port, including the port’s description, current profile, and
current serial configuration (the same information displayed by choosing Serial Port
Management)
l
Network statistics
Command-line interface
You can issue many of the commands from the command line to monitor devices. For a review of
these commands and what they can provide from a device-monitoring perspective, see Management
through the command line interface.
SNMP
Monitoring capabilities of SNMP include the following:
n Managing network performance
n
Gathering device statistics
n
Locating and solving network problems
Digi ConnectPort X Family
64
�Using the Digi ConnectPort X Family web interface
This section describes how to configure and manage a Digi ConnectPort X Family device using the web
interface.
Home page
Configuration pages
Applications pages
Apply and save changes
Cancel changes
Online help
Configure the device using the web interface
Management
Administration
Digi ConnectPort X Family
66
66
66
67
67
67
67
202
205
65
�Using the Digi ConnectPort X Family web interface
Home page
Home page
When you access the web interface, the Home page appears. The Home page provides a tutorial and a
system summary.
Menu
The left side of the web interface displays a menu. Use the menu to:
n Configure the Digi device, peripheral devices, and applications
n
Manage serial ports and connections
n
Administer the Digi device
Getting started
The Getting Started section displays a link to a tutorial on configuring and managing Digi devices.
System summary
The System Summary page displays the details for this Digi ConnectPort X.
n Model: The model type for this Digi ConnectPort X Family product.
n
IPv6 Address (Link): The IPv6 address (link) associated with this Digi device.
n
IPv6 Address (Global): The IPv6 address (global) associated with this Digi device.
n
IPv4 Address: The IPv4 address associated with this Digi device.
n
MAC Address: The MAC address associated with this Digi device.
n
Description: A description of this Digi device.
n
Contact: Contact information for the Digi device.
n
Location: The location of this Digi device.
n
Device ID: The serial number associated with this Digi device. The serial number appears on a
label on the Digi device.
Configuration pages
The selections in the Configuration menu display pages for configuring settings for various features,
such as network settings, and serial port settings. Some of the configuration settings are organized
on sets of linked screens. For example, the Network Configuration screen initially displays the IP
Settings, and provides links to Network Services Settings, Advanced Settings, and other network
settings appropriate to the Digi device.
Applications pages
Most Digi devices support additional configurable applications. Use the options under Application to
configure applications. The application options vary depending on the Digi device.
n Python: For loading and running custom programs authored in the Python programming
language onto Connect and ConnectPort devices that support Python.
Digi ConnectPort X Family
66
�Using the Digi ConnectPort X Family web interface
n
Apply and save changes
Ekahau Client: For Digi Connect wireless devices, configures Ekahau Client™ device-location
software. See Ekahau Client™.
n
RealPort: Configures RealPort settings. See RealPort configuration for more information.
n
Industrial Automation: Configures the Digi device for use in industrial automation
applications.
Apply and save changes
The web interface runs locally on the Digi device, which means that the interface always maintains
and displays the current settings in the Digi device. When you change the configuration settings, click
Apply to save your changes to the Digi device.
Cancel changes
To cancel changes to configuration settings, click the Refresh or Reload button on the web browser.
The browser reloads the page. Any changes made since the last time you clicked Apply are reset to
their original values.
Online help
The web interface provides online help for all pages. The Home page provides a tutorial.
Configure the device using the web interface
Use the options under Configuration to configure settings for various features, such as network
settings and serial port settings.
Network configuration
The Network Configuration page includes:
n IP settings: For viewing IP address settings and changing as needed. See IP Settings for more
information.
n
WiFI IP settings: Configure the IP address used for wireless LAN communication. See Wi-Fi IP
settings for more information.
n
WiFI LAN settings: Configure basic settings for wireless LAN devices such as network name
and network connection options. See Wi-Fi LAN settings for more information.
n
WiFi Security settings: Configure authentication and encryption settings for wireless LAN
devices. See Wi-Fi security settings for more information.
n
WiFi 802.1x Authentication settings: Configure IEEE 802.1x authentication settings for
wireless LAN devices. See Wi-Fi 802.1x authentication settings for more information.
n
DHCP Server settings: Configure a DHCP server to allow other devices or hosts on this
network to be assigned dynamic IP addresses. See DHCP server settings for more information.
Digi ConnectPort X Family
67
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Network Services settings: Configure access to various network services, such as ADDP,
RealPort and Encrypted RealPort, telnet,HTTP/HTTPS, and other services. See Network
Services Settings for more information.
n
Dynamic DNS Update settings: Configure a Dynamic DNS (DDNS) service that allows a user
whose IP address is dynamically assigned to be located by a host or domain name. See
Dynamic DNS update settings for more information.
n
IP Filtering settings: Configure the IP settings for a Digi ConnectPort X Family device to only
accept connections from specific and known IP addresses or networks. See IP filtering settings
for more information.
n
IP Forwarding settings:
l
Configure the IP forwarding settings for a Digi ConnectPort X Family device to forward
certain connections to other devices. This is also known as Network Address Translation
(NAT) or Port Forwarding.
l
Configure the built-in firewall functionality to limit IP traffic to and from certain networks,
TCP or UDP ports, and interfaces. This feature is based on Linux tool iptables. See IP
filtering settings for more information.
n
IP Network Failover settings: Provides a dynamic method for selecting and configuring the
default gateway for the Digi device using a set of rules and link tests to determine whether you
can use a particular network interface to communicate with a specified destination. See IP
Network Failover settings for more information.
n
Socket Tunnel settings: Configure a socket tunnel used to connect two network devices: one
on the Digi ConnectPort X Family device’s local network and the other on the remote network.
See Socket tunnel settings for more information.
n
Virtual Private Network (VPN) settings: Configure the Virtual Private Network that securely
connect two private networks together so that devices may connect from one network to the
other network using secure channels. See Virtual Private Network (VPN) settings for more
information.
n
IP Pass-through settings: Configure a Digi ConnectPort X Family device to pass its mobile IP
address directly through and to the Ethernet device (router or computer) to which it is
connected through the Ethernet port. The Digi ConnectPort X Family device becomes
transparent (similar to the behavior of a cable or DSL modem) to provide a bridge from the
mobile network directly to the end device attached to the Digi ConnectPort X Family device.
See IP Pass-through settings for more information.
n
Host List settings: Add or remove entries from the host list. For DialServ, the host list provides
a means to map a phone number (in the local name field) to a network destination, (in the
“resolves_to” field). See Host List Settings for more information.
n
Virtual Router Redundancy Protocol (VRRP) settings: Configure a number of routers to
represent a virtual router, which simplifies configuration of hosts on a network.
Digi ConnectPort X Family
68
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Advanced Network Settings: Configure the Ethernet Interface speed and mode, IP settings,
TCP keepalive settings, and DHCP settings. See Advanced Network Settings for more
information.
IP Settings
The IP Settings page allows you to configure how to obtain the IP address of the Digi ConnectPort X
Family device. You can use one of the following methods to obtain the IP address:
n DHCP
n
Static IP address
n
Subnet mask
n
Default gateway
For more information on how to assign and use these settings in your organization, contact your
network administrator.
IP settings
n Obtain an IP address automatically using DHCP: When the Digi device is rebooted, it will
obtain new network settings.
n
Use the following IP Address: Choose this option to supply static settings. An IP address and
Subnet mask must be entered. Other items are not mandatory, but may be needed for some
functions (such as talking to other networks).
n
IP Address: An IP address is like a telephone number for a computer. Other network devices
talk to this Digi device using this ID.
The IP address is a 4-part ID assigned to network devices. IP addresses are in the form of
192.168.2.2, where each number is between 0 and 255.
n
Subnet Mask: The Subnet Mask is combined with the IP address to determine which network
this Digi device is part of. A common subnet mask is 255.255.255.0.
n
Default Gateway: IP address of the computer that enables this Digi device to access other
networks, such as the Internet.
n
Enable AutoIP address assignment: With AutoIP enabled, the Digi device will automatically
self-configure an IP address when an address is not available from other methods, for example,
when the Digi device is configured for DHCP and a DHCP server is not currently available.
Wi-Fi IP settings
Use the Wi-Fi IP Settings page to configure how to obtain the IP address of a Wi-Fi-enabled Digi device.
It has the same settings as the IP Settings page.
Wi-Fi LAN settings
Digi devices with Wi-Fi (wireless LAN) capability contain a wireless network interface that you may find
useful to communicate to wireless networks using 802.11b technology. Contact your administrator or
consult wireless access point documentation for the settings required to setup the wireless LAN
configuration. Different devices and firmware settings may not support all of the settings and options
listed below. Settings include:
Digi ConnectPort X Family
69
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Network name: The name of the wireless network to which the wireless device should
connect. In situations with multiple wireless networks, this setting allows the device to
connect to and associate with a specific network. The network name is the SSID (service set
identifier). If the network name remains blank, the device will search for wireless networks
and connect to the first available network. This is useful when you do not need use a specific
network name as the device will select the first available network.
n
Connection method: The type of connection method this device uses to communicate on
wireless networks. Choose from:
l
Connect to any available wireless network: Use this setting to allow the device to
access any network. The device can either access point networks or peer-to-peer wireless
networks.
l
Connect to access point (infrastructure) networks only: Use this setting if the wireless
network that this device needs to connect to is composed of wireless access points. This is
typically the most popular method for connecting to wireless networks.
l
Connect to peer-to-peer (ad-hoc) networks only: Use this setting if all devices on the
wireless network connect to and communicate with each other. This is known as peer-topeer in that there is no central server or access point. Each system communicates directly
with each other system.
n
Country: The country where this wireless device resides. The channel settings are restricted
to the legal set for the selected country.
n
Channel: The frequency channel that the wireless radio will use. Select Auto-Scan to have the
device scan all frequencies until it finds one with an available access point or wireless network
it can join.
n
Transmit Power: The transmit power level in dBm.
n
Enable Short Preamble: Enables transmission of wireless frames using short preambles. If
Short Preamble is supported in the wireless network, enabling it can boost overall throughput.
Wi-Fi security settings
Use the Wi-Fi Security Settings page to specify the wireless security settings that the wireless
network uses. Multiple security and authentication modes may be chosen depending on the
configuration of the access point or wireless network. The wireless device will automatically select
and determine the authentication and encryption methods to use while associating to the wireless
network. If the wireless network does not use security and uses an Open Network architecture, these
settings do not need to be modified.
Note that WPA settings require that the device communicate to Access Points and is not valid when
the Connection Method is set to Connect to wireless systems using peer-to-peer (ad-hoc). Also,
WPA pre-shared key (WPA-PSK) security is only valid when you use a specific Network Name or SSID.
Digi ConnectPort X Family
70
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Network Authentication: The authentication method or methods used for wireless
communications.
l
Use any available authentication method: Enables all of the methods. The capabilities of
the wireless network determines the actual method used.
l
Use the following selected method(s): Selects one or more authentication methods for
wireless communications.
l
Open System: Uses IEEE 802.11 open system authentication to establish a connection.
l
Shared Key: Uses IEEE 802.11 shared key authentication to establish a connection. At
least one WEP key must be specified in order to use shared key authentication.
l
WEP with 802.1x authentication: Uses IEEE 802.1x authentication (EAP) to establish a
connection with an authentication server or access point. Wired Equivalent Privacy (WEP)
keys are dynamically generated to encrypt data over the wireless network.
l
WPA with pre-shared key (WPA-PSK): Uses the Wi-Fi Protected Access (WPA) protocol
with a pre-shared key (PSK). The PSK is calculated using a passphrase and the network
SSID.
l
WPA with 802.1x authentication: Uses the WPA protocol and IEEE 802.1x authentication
(EAP) to establish a connection with an authentication server or access point. Encryption
keys are dynamically generated to encrypt data over the wireless link.
l
Cisco LEAP: Uses Lightweight Extensible Authentication Protocol (LEAP) to establish a
connection with an authentication server or access point. Wired Equivalent Privacy (WEP)
keys are dynamically generated to encrypt data over the wireless link. A user name and
password must be specified to use LEAP.
n
Data Encryption: You an select multiple encryption methods.
l
Use any available encryption method: Enables all of the methods. The capabilities of the
wireless network determines the actual method used.
l
Use the following selected method(s): Selects one or more encryption methods.
l
Open System: Does not use encryption over the wireless link. Open System encryption is
valid only with Open System and Shared Key authentication.
l
WEP: Uses Wired Equivalent Privacy (WEP) encryption over the wireless link. You can use
WEP encryption with any of the above authentication methods.
l
TKIP: Uses Temporal Key Integrity Protocol (TKIP) encryption over the wireless link. You
can use TKIP encryption with WPA-PSK and WPA with 802.1x authentication.
l
CCMP: Uses CCMP (AES) encryption over the wireless link. You can use CCMP WPA-PSK and
WPA with 802.1x authentication.
Digi ConnectPort X Family
71
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
WEP Keys
l
Transmit Key: Specify the corresponding key of the encryption key used when
communicating with wireless networks using WEP security.
This device allows up to four wireless keys to be set of either 64-bit or 128-bit encryption.
These keys allow the wireless network to traverse different wireless networks without
having to change the wireless key. Instead, only the transmit key setting has to be
changed to specify which wireless key to send.
l
Encryption Keys: Specify 1 to 4 encryption keys to use when communicating with wireless
networks using WEP security.
The encryption keys is a set of 10 (64-bit) or 26 (128-bit) hexadecimal characters. The
encryption key only contains the characters A-F, a-f, or 0-9. Optionally, you can use
separator characters, such as '-', '_', or '.' to separate the set of characters.
n
WPA PSK (Pre-Shared Key) Passphrase/Confirm: The passphrase that the Wi-Fi network
uses with WPA pre-shared keys. The pre-shared key is calculated using the passphrase and the
SSID. Therefore, a valid network name must have been previously specified. In the Confirm
field, reenter the passphrase.
n
Username/Password/Confirm: The user name and password combination used to
authenticate on the network when using these authentication methods: WEP with 802.1x
authentication, WPA with 802.1x authentication, or LEAP. In the Confirm field, reenter the
password.
Wi-Fi 802.1x authentication settings
These settings are not required based on the current Wi-Fi authentication settings. They are only
configurable when WEP with 802.1x authentication or WPA with 802.1x authentication are
enabled on the WiFi Security Settings tab.
n EAP Methods: These are the types of Extensible Authentication Protocols (EAP) or outer
protocols that are allowed to establish the initial connection with an authentication server or
access point. These are used with WEP with 802.1x authentication and WPA with 802.1x
authentication.
l
PEAP: Stands for “Protected Extensible Authentication Protocol.” A user name and
password must be specified to use PEAP.
l
TLS: Stands for “Transport Layer Security.” A client certificate and private key must be
installed in order to use TLS.
l
TTLS: Stands for “Tunneled Transport Layer Security.” A user name and password must be
specified to use TTLS.
Digi ConnectPort X Family
72
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
PEAP/TTLS Tunneled Authentication Protocols: These are the types of inner protocols that
you can use within the encrypted connection established by PEAP or TTLS.
You can use these Extensible Authentication Protocols (EAP) with PEAP or TTLS.
l
GTC: Generic Token Card.
l
MD5: Message Digest Algorithm.
l
MSCHAPv2: Microsoft Challenge response Protocol version 2.
l
OTP: One Time Password.
You can use these non-EAP protocols that with TTLS.
n
l
CHAP: Challenge Response Protocol.
l
MSCHAP: Microsoft Challenge response Protocol.
l
TTLS MSCHAPv2: TTLS Microsoft Challenge. response Protocol version 2.
l
PAP: Password Authentication Protocol.
Client Certificate Use: When the TLS is protocol is enabled, a client certificate and private key
must be installed on the Digi device.
l
Certificate: Click Browse to select a client certificate file. Then click the next Browse to
select a private key file.
l
n
Private Key File: If the private key file is encrypted, a password must be specified.
Trusted Certificates: Adds and lists trusted certificates.
l
Verify server certificates: Enable to verify that certificates received from an
authentication server or access point are signed by a trusted certificate authority (CA).
Standard CAs are built in. Additional trusted certificates may be added.
l
Trusted Certificate File: To add additional trusted certificates, click Browse to select a
certificate file to upload to the Digi device, then click Upload.
n
Installed Certificates: Shows which client certificates have been added and are in use.
DHCP server settings
You can enable the DHCP server feature in a Digi device to allow other devices or hosts on this
network to be assigned dynamic IP addresses. This DHCP server supports a single subnetwork scope.
For the DHCP server to operate, the Digi device must be configured to use a static IP address. For
information on how to configure static IP settings, see IP Settings.
DHCP terminology
Some key terms involved in configuring a DHCP server include:
scope
A scope is the full consecutive range of possible IP addresses for a network and typically defines a
single physical subnet on your network, where DHCP services are offered. A scope is the primary way
for the DHCP server to manage distribution and assignment of IP addresses and related configuration
parameters to its clients on the network.
exclusion range
Digi ConnectPort X Family
73
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
An exclusion range is a limited sequence of IP addresses within a scope, excluded from DHCP service
offerings. Exclusion ranges assure that any addresses in these ranges are not offered by the server to
DHCP clients on your network.
address pool
After the scope is defined and exclusion ranges are applied, the remaining addresses form the
available address pool within the scope. The addresses in this pool are available for dynamic
assignment by the server to DHCP clients on your network.
lease
A lease is the length of time that the DHCP server specifies, during which a client host can use an
assigned IP address. When the DHCP server grants a lease to a client, the lease is active.
Before the lease expires, the client typically needs to renew its address lease assignment with the
DHCP server. A lease becomes inactive when it expires or it is deleted at the server, or if the client
actively releases the lease. The duration of a lease determines when it will expire and how often the
client needs to renew it with the DHCP server in order to retain the lease.
A DHCP server never grants a lease to its own address. There is no need for its own address to be in
the exclusion range; the DHCP server simply protects its address from being offered.
grace period
When a DHCP client actively releases a lease, or when the lease expires without being renewed by the
client, the DHCP server does not immediately delete the lease record and return the associated IP
address to the available address pool. A grace period is the interval of time for which the lease record
is retained before the DHCP server automatically deletes the record from its lease list, thereby
making the IP address available for lease assignment to another client. The grace period is not a
configurable value.
For more about the grace period and what it means when the DHCP server is running, see View and
manage the current DHCP leases.
reservation
You may use a reservation to create a permanent address lease assignment by the DHCP server.
Reservations assure that a specified hardware device on the subnet can always use the same IP
address. Address lease reservations associate a specific IP address with a specific client's Ethernet
MAC address.
options
Options are other client configuration parameters that the DHCP server can assign when serving
leases to DHCP clients. Most options are defined in RFC 2132. The DHCP server in the Digi device
supports a limited set of options:
n Option 3: Routers on Subnet
n
Option 6: DNS Servers
Addresses in the DHCP server settings
The IP address and subnet mask of the DHCP server's scope are the static IP configuration settings
for the Digi ConnectPort X itself.
The default gateway (router) provided to a client with the lease information is the IP address of the
Digi device.
The DNS servers provided to a client with the lease information are the DNS server addresses
configured in the Digi device. These addresses include any DNS server addresses that the Digi device
acquires when it connects to the mobile network.
Digi ConnectPort X Family
74
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
DHCP server configuration settings
Here are the configuration settings for the DHCP server. Typically, you can modify these settings
without restarting the DHCP server for the changes to become effective on the running server.
n Enable Dynamic Host Configuration Protocol (DHCP) Server: Enables the DHCP server
feature on this Digi device. Note that for the DHCP server to operate, the Digi device must be
configured to use a static IP address. For information on how to configure static IP settings,
see IP Settings.
l
Scope Name: The name of the physical network interface associated with the subnet being
served by the DHCP server. Most Digi device models have a single network interface, so
there is no choice for the scope name. For models that have multiple network interfaces,
such as an Ethernet interface and a Wi-Fi (802.11) interface, this DHCP Server may be
configured to provide services on either of those interfaces.
l
IP Addresses: The starting and ending IP addresses for the scope being served by this
DHCP server. These addresses must be in the same subnet as the Digi device itself.
l
Lease Duration: The length of the leases for the scope being served by this DHCP server.
The default lease duration is 24 hours. A DHCP client may request a lease duration other
than this setting, and the DHCP server will grant that request if possible.
n
Wait specified delay before sending DHCP offer reply: The interval of time in milliseconds
to delay before offering a lease to a new client. The default delay is 500ms, and the range is 0
to 5000ms. Use of this delay permits this Digi device to reside on a network with other DHCP
servers, yet not offer leases to new clients unless the other DHCP servers do not make such an
offer. This provides a measure of protection against inadvertently connecting a Digi device to a
network that is running its own DHCP server(s), and offering leases to clients in a manner
inconsistent with that network.
n
Check that an IP address is not in use before offering it: When a DHCP client requests a
new IP address lease, before offering an IP address to that client, use “ping” to test whether
that IP address is already in use by another host on the network but is unknown to the DHCP
server. If an IP address is determined to be in use, it is marked as Unavailable for a period of
time, and it will not be offered to any client while in this state. Enabling this test adds
approximately one second of delay before the IP address is offered to the client, since the
“ping” test must not receive a valid reply for that test to successfully determine that the IP
address is not already in use. This option is off (disabled) by default. This option does not apply
to Static Lease Reservations, since the “ping” test is not used for them.
Digi ConnectPort X Family
75
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Send the DHCP Server IP address as a DNS Proxy Server: This option configures the DHCP
Server to send its IP address to a DHCP client as the first DNS server in its lease information.
This Digi device supports a DNS Proxy feature that will relay DNS requests and responses
between DNS clients and servers. The DNS Proxy is not a feature of the DHCP Server itself, but
rather it is managed elsewhere in the configuration settings for this Digi device. For
DHCP client to use DNS Proxy effectively, you must enable DNS proxy in the DHCP server
configuration and the DNS Proxy settings. For more information, see the description of the
Enable DNS Proxy Service setting in Advanced Network Settings. This option is on (enabled) by
default.
n
Static Lease Reservations: A static lease reservation is a specific IP address paired with a
client's MAC address, which reserves the IP address for that client's use only. This assures that
a client always receives a lease for the same IP address and that no other client obtains a
lease for that address.
To add a reservation, type the IP address and MAC Address values, select or clear the Enable
check box, and then press the Add button.
After adding a reservation, you may click the IP address or MAC address of that entry in the
table, permitting you to specify or modify the lease duration for this reservation.
The Enable check box for the entry permits a reservation to be disabled without actually
removing the entry, then enabled again at a later time.
Use the Remove link to permanently remove a reservation from the DHCP server
configuration.
Use the Remove All link to permanently remove all reservations from the DHCP server
configuration.
n
Address Exclusions: A specific set of IP addresses to exclude from the scope. The DHCP server
will not grant leases to clients for any IP address in the exclusion range.
To add an exclusion, type the starting and ending IP addresses, select or clear the Enable
check box, and then press the Add button.
The Enable check box for the entry permits an exclusion to be disabled without actually
removing the entry, then enabled again at a later time.
Use the Remove link to permanently remove an exclusion from the DHCP server configuration.
Use the Remove All link to permanently remove all exclusions from the DHCP server
configuration.
n
Apply button: You must click Apply to save changes you make to the DHCP server settings. If
you leave this page without applying the changes, those changes will be discarded.
Manage the DHCP server
To manage the DHCP server and view/manage the lease status, go to
Management > Network Services. See Manage DHCP server operation for more information.
Digi ConnectPort X Family
76
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Network Services Settings
The Network Services Settings page shows a set of common network services that are available for
Digi ConnectPort X Family products, and the network port on which the service is running.
You can enable and disable common network services and configure the TCP/UDP port on which the
network service listens. You can disable services as needed for security purposes. That is, you can
disable certain services so the device runs only those services specifically needed. To improve device
security, you can disable non-secure services such as telnet.
Best practice Use the default network port numbers for basic network services because the port
numbers are used by most applications.
Several services have a setting that allows network services to send TCP keep-alives. You can
configure TCP keep-alives in more detail on the Advanced Network Settings page.
CAUTION! Exercise caution when enabling and disabling network services, particularly
disabling them. Changing certain settings can render a Digi Connect device inaccessible.
For example, disabling Advanced Digi Discovery Protocol (ADDP) prevents a network
from discovering the device, even if it is actually connected. Disabling HTTP and HTTPS
disables access to the web interface. Disabling basic services such as telnet, rlogin, and
so on makes the Command-Line interface inaccessible.
Supported basic network services and their default port numbers
For Digi devices with multiple serial ports, the network port number defaults for various services are
set based on the following formula:
base network port number + serial port number
The assumed default base is 2000. For example, the telnet passthrough service is set to network port
2001 for serial port 1, 2002 for serial port 2, and 2003 for serial port 3, and so on.
If you change a network port for a particular service, that is the only network port number that
changes. That change does not carry over to the other network ports. For example, if you change the
network port number for telnet passthrough from 2001 to 3001, that does not mean that the other
network ports changes to 3002, 3003, and so on.
There are two types of network services available:
n Basic services: You can access these services by connecting to a particular well-known
network port.
n
Passthrough services: You can set up a specific type of service for a specific serial port. To use
the service, you must use the correct protocol and specify the correct network port. For
example, assuming default service ports and using a Linux host, here is how a user would
access the SSH and telnet passthrough services on port 1:
#> ssh -l fred digi16 -p 2501
#> telnet digi16 2101
The following table shows the network services, services provided, and the default network port
number for each service.
Digi ConnectPort X Family
77
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Service
Services provided
Device Discovery, also
known as Advanced Digi
Discovery Protocol (ADDP)
Discovery of Digi devices on a network. Disabling
this service disables use of the Digi Device
Discovery utility to locate the device. You cannot
change the network port number for ADDP from
its default.
Default network
port number
2362
Encrypted (Secure) RealPort Secure Ethernet connections between COM or
1027
TTY ports and device servers or terminal servers.
RealPort
A virtual connection to serial devices no matter
where they reside on the network.
771
Line Printer Daemon (LPD)
Allows network printing over a serial port.
515
Modem Emulation Pool
(pmodem)
Allows the Digi device to emulate a modem.
Modem emulation sends and receives modem
responses to the serial device over the Ethernet
instead of Public Switched Telephone Network
(PSTN). You can enable or disable telnet
processing on the incoming and outgoing
modem-emulation connections. The pmodem
service is for connecting to whatever serial port
will answer.
50000
Modem Emulation
Passthrough
Allows the Digi device to emulate a modem. This
service is for dialing in to a particular serial port
that has been set up for modem emulation.
50001
Remote login (rlogin)
Allows users to sign in to the Digi device and
access the command-line interface through
rlogin.
513
Remote shell (Rsh)
Allows users to sign in to the Digi device and
access the command-line interface through Rsh.
514
Secure Shell Server (SSH)
Allows users secure access to sign in to the Digi
device and access the command-line interface.
22
Secure Shell (SSH)
Passthrough
Accessing a specific serial port set up for SSH.
2501
Secure Socket Service
Authentication and encryption for Digi devices.
2601
Simple Network
Management Protocol
(SNMP)
Managing and monitoring the Digi device. To run 161
SNMP in a more secure manner, SNMP allows for
set commands to be disabled. This securing is
done in SNMP itself, not through Network
Services settings. If disabled, SNMP services
such as traps and device information are not
used.
Digi ConnectPort X Family
78
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Default network
port number
Service
Services provided
Telnet Server
Allows users an interactive telnet session to the
Digi device’s command-line interface. If disabled,
users cannot telnet to the device.
23
Telnet Passthrough
Allows a telnet connection directly to the serial
port, often called reverse telnet.
The format for this port number is as follows:
2001
20
Replace with the Digi serial
port number. For example, 2001 applies to serial
port 1, 2010 applies to serial port 10, and 2016
applies to serial port 16.
Transmission Control
Protocol (TCP) Echo
Used for testing the ability to send and receive
over a TCP connection, similar to a ping.
7
Transmission Control
Protocol (TCP) Passthrough
Allows a raw socket connection directly to the
serial port, often called reverse sockets.
The format for this port number is as follows:
2101
21
Replace with the Digi serial
port number. For example, 2101 applies to serial
port 1, 2110 applies to serial port 10, and 2116
applies to serial port 16.
User Datagram Protocol
(UDP) Echo
Used for testing the ability to send and receive
over a UDP connection, similar to a ping.
7
User Datagram Protocol
(UDP) Passthrough
Allows raw data to be passed between the serial 2101
port and UDP datagrams on the network.
The format for this port number is as follows:
21
Replace with the Digi serial
port number. For example, 2101 applies to serial
port 1, 2110 applies to serial port 10, and 2116
applies to serial port 16.
Web Server, also known as
You can establish secure access to configuration
HyperText Transfer Protocol web pages by requiring a user to sign in. HTTP
(HTTP)
and HTTPS are also called Web Server or Secure
Web Server. These services control the use of
the web interface. If HTTP and HTTPS are
disabled, device users cannot use the web
interface to configure, monitor, and administer
the device.
Digi ConnectPort X Family
80
79
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Service
Services provided
Secure Web Server, also
known as HyperText
Transfer Protocol over
Secure Socket Layer
(HTTPS)
You can secure access to configuration web
pages by requiring a user to sign in with
encryption for greater security.
Default network
port number
443
Network services and IP passthrough
The IP pass-through feature (Configuration > Network > IP Pass-through) causes the Digi device to
be bridged transparently between Ethernet and mobile data links. Enabling IP Pass-through disables
many device features, including many network services. To provide access to the device for
configuration and management purposes, you can configure a subset of network services to
terminate at the Digi device instead a connected device such as a router. In the IP pass-through
feature, these network services are called pinholes. Services that you can configured as pinholes
include HTTP, HTTPS, telnet, SSH, and SNMP. See IP Pass-through settings for more information.
Dynamic DNS update settings
A Dynamic DNS (DDNS) service allows a user whose IP address is dynamically assigned to be located
by a host or domain name. Before a DDNS service may be used, you must create an account with the
DDNS service provider. The provider will give you account information such as user name and
password. You will use this account information to register your IP address and update it as it
changes.
A DDNS service provider typically supports the registration of only public IP addresses. When using
such a service provider, if your Digi device has a private IP address (such as 192.168.x.x or 10.x.x.x),
your update requests will be rejected.
The Digi device monitors the IP address it is assigned. It will typically update the DDNS service or
server automatically, but only when its IP address has changed from the IP address it previously
registered with that service.
DDNS service providers may consider frequent updates to be an abuse of their service. In such a
circumstance, the service provider may act by blocking updates from the abusive host for some period
of time, or until the customer contacts the provider. Please observe the requirements of the DDNS
service provider to ensure compliance with possible abuse guidelines.
The Dynamic DNS Update Settings page includes both settings and status information.
Digi ConnectPort X Family
80
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Settings
n Current IP address: The IP address of the Digi device.
n
Use the following dynamic DNS service: Disables DDNS updates, or selects the DDNS service
provider to use to register the IP address of this Digi device. When you select a specific DDNS
service provider, you must also provide the related account information for that service
provider.
To force an update request to be sent to a particular DDNS service.
1. Select None to disable DDNS updates, and then click Apply to save that change.
2. Select the DDNS service you wish to update.
3. Click Apply to save that change.
An update request will be sent to that service after you configure and validate the
settings for the selected DDNS service.
Digi ConnectPort X Family
81
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
DynDNS.org DDNS Service: You must create your account at DynDNS.org before you can
successfully register the IP address of your Digi device with their service. Please familiarize
yourself with their service options and requirements, in order to most effectively use this
feature of your Digi device.
This DDNS service supports only public IP addresses. If you have a private IP address (such as
192.168.x.x or 10.x.x.x), your update requests will be rejected.
l
Host and Domain Name: The fully qualified host and domain name you have registered
with your service provide (for example: myhost.dyndns.net).
l
DynDNS User Name: The user name of the account you that you created with your service
provider.
l
DynDNS Password: The password for the account you that you created with your service
provider.
l
DynDNS DDNS System: The system for the account you that you created with your service
provider. DynDNS.org supports a number of different services, which vary by the system
you select. The available choices are:
l
o
Dynamic DNS
o
Static DNS
o
Custom DNS
Use Wildcards: Enables/disables wildcards for this host. The options are as follows:
o
Disable wildcards
o
Enable wildcards
o
No change to service setting
According to wildcard documentation at DynDNS.org: “The wildcard aliases
*.yourhost.ourdomain.tld to the same address as yourhost.ourdomain.tld.”
Using this option in the settings for your Digi device has the same effect as selecting the
wildcard option on the DynDNS.org website. To leave the wildcard option unchanged from
the current selection on their web site, use the “no change” option in the device settings.
Note that DynDNS.org support for this option may vary according to the DynDNS system
you are registered to use.
l
Connection Method: The connection method to try when connecting to your service
provider to register your IP address. DynDNS.org supports three methods to connect. The
options are as follows:
o
Standard HTTP port 80
o
Alternate HTTP port 8245
o
Secure HTTPS port 443
Status and history information
The following settings show status and history information for the DDNS service.
Digi ConnectPort X Family
82
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Most Recent DDNS Service Update Status: This section provides the status of the most
recent attempt to update a DDNS service or server. The displayed information confirms the
success of an update request, or it may offer information as to the reason an update request
was rejected by the service or server.
A number of status appear. Some of them are specific to the updated DDNS service. Use this
information when trying to resolve update failures with the DDNS service provider.
l
Service: The name of the updated DDNS service provider or server.
l
Reported: The IP address of your Digi device that is registered with the DDNS service
provider or server.
l
Update Status: A simple indication of success or failure for this last update request.
l
Result Information: A DDNS service-specific status message, helpful when consulting
technical support.
l
Raw Result Data: DDNS service-specific update result data returned by the service
provider, helpful when consulting technical support.
n
Last Logged Action or Result: The last attempted, logged action or result for the DDNS
feature, helpful for troubleshooting possible problems with DDNS updates. This information
helps identify problems with settings, network connection failures, and other issues that
prevent a DDNS update from completing successfully. Successful results also are reported
here.
IP filtering settings
Some Digi devices support built-in firewall functionality to limit TCP/IP traffic to and from certain
networks, TCP ports, and interfaces. The functionality implemented is based on the iptables tool.
You can restrict your Digi device on the network by only allowing certain devices or networks to
connect. This is better known as IP Filtering or Access Control Lists (ACL). By enabling IP filtering, you
are telling the Digi device to only accept connections from specific and known IP addresses or
networks. You can filter devices on a single IP address or restrict device to a group of devices using a
subnet mask that only allows specific networks to access to the device.
CAUTION! Plan and review your IP filtering settings before applying them. If the settings
are incorrect, the Digi device will be inaccessible from the network.
The settings for IP Filtering Settings include:
Digi ConnectPort X Family
83
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Only allow access from the following devices and networks: Enables IP filtering so that
only the specified devices or networks are allowed to connect to and access the device. Note
that if you enable this feature and the system from which you are connecting to the Digi device
is not included in the list of allowed devices or networks, then you will instantly no longer be
able to communicate or configure the device from this system.
l
Automatically allow access from all devices on the local subnet: Specifies that all
systems and devices on the same local subnet or network of the device are allowed to
connect to the device.
l
Allow access from the following devices: A list of IP addresses of systems or devices
that are allowed to connect to this device.
l
Allow access from the following networks: A list of networks based on an IP address and
matching subnet mask that are allowed to connect to this device. This option allows
grouping several devices that exist on a particular subnet or network to connect to the
device without having to manually specific each individual IP address.
IP forwarding settings
When a Digi device acts as a router and communicates on both a private and public network with
different interfaces, it is sometimes necessary to forward certain connections to other devices. This is
also known as Network Address Translation (NAT) or Port Forwarding.
When an incoming connection is made to the device on the private network, the IP port is searched for
in the table of port forwarding entries. If the IP port is found, that connection is forwarded to another
specific device on the public network. The options and features described in this section are only
supported on some products and some firmware versions.
Port Forwarding/NAT is useful when external devices cannot communicate directly to devices on the
public network of the Digi device. For example, this may occur because the device is behind a firewall.
By using port forwarding, the connections can pass through the networks transparently. Also, Port
Forwarding/NAT allows multiple devices on the private network to communicate to devices on the
public network by using a shared private IP address that is controlled by Port Forwarding/NAT.
Use port forwarding to connect from a Digi device to a RealPort device. For this type of connection to
occur, your mobile wireless provider must be mobile-terminated.
IP Forwarding settings include:
n Enable IP Routing: Enables or disables IP forwarding.
n
Apply the following static routes to the IP routing table: You can configure the Digi device
with permanent static routes. These routes are added to the IP routing table when this device
boots, or afterward when network interfaces become active or changes are made to this list of
static routes. Use static routes to route IP datagrams to a network that is not a local network
or accessible through the default route.
Digi ConnectPort X Family
84
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Network Address Translation (NAT) Settings: A list of instances of NAT settings appears. For
each instance, the settings are:
l
Enable Network Address Translation (NAT): Permit the translation and routing of IP
packets between private (internal) and public (external) networks. Refer to NAT
configuration options below. Some Digi device models permit the configuration of NAT
instances for more than one network interface.
l
NAT Public Interface: The name of the network interface for which NAT will perform
address and port translations. The list of interfaces available for NAT configuration varies
according to the capabilities of your Digi device model.
l
NAT Table Size Maximum: The maximum number of entries that you can add to the NAT
table. These entries include the configured port and protocol forwarding rules (see
Forward TCP/UDP/FTP Connections and Forward Protocol Connections below), the DMZ
Forwarding rule (see Enable DMZ Forwarding to this IP address below), as well as dynamic
rules for connections that are created and removed during the normal operation of NAT.
You can configure the NAT table size maximum value for any value in the range 64 through
1024, with the default value of 256 entries. Note that this setting does not control the
maximum number of port or protocol forwarding rules that you can configure in their
respective settings.
Digi ConnectPort X Family
85
�Using the Digi ConnectPort X Family web interface
l
Configure the device using the web interface
Enable DMZ Forwarding to this IP address: DMZ Forwarding allows you to specify a
single host (DMZ Server) on the private (internal) network that is available to anyone with
access to the NAT Public Interface IP address, for any TCP- and UDP-based services that
haven't been configured. Services enabled directly on the Digi device take precedence over
(are not overridden by) DMZ Forwarding. Similarly, TCP and UDP port forwarding rules take
precedence over DMZ Forwarding (please see Forward TCP/UDP/FTP Connections
below). DMZ Forwarding is effectively a lowest priority default port forwarding rule that
doesn't permit the same remapping of port numbers between the public and private
networks, as is possible if you use explicit port forwarding rules.
If enabled, the incoming TCP and UDP packets from the public (external) network uses the
DMZ Forwarding rule, for which there is no other rule. These other rules include explicit
port forwarding rules or existing dynamic rules that were created for previous
communications, be those outbound (private to public) or inbound (public to private). Also,
the DMZ Forwarding rule is not used if there is a local port on the Digi device to which the
packet may be delivered. This includes TCP service listener ports as well as UDP ports that
are open for various services and clients. DMZ forwarding does not interfere with
established TCP or UDP connections, either to local ports or through configured or dynamic
NAT rules. Outbound communications (private to public) from the DMZ Server are handled
in the same manner as the outbound communications from other hosts on that same
private network.
WARNING! DMZ Forwarding presents security risks for the DMZ Server.
Configure the DMZ Forwarding option only if you understand and are willing
to accept the risks associated with providing open access to this server and
your private network.
n
Forward protocol connections from external networks to the following internal devices:
Enables protocol forwarding to the specified internal devices. Currently, the only IP protocols
for which protocol forwarding is supported are:
l
Generic Routing Encapsulation (GRE, IP protocol 47).
l
Encapsulating Security Payload (ESP, IP protocol 50, tunnel mode only).
These are routing protocols that route (tunnel) various types of information between
networks. If your network needs to use the GRE or ESP protocol between the public and
private networks, enable this feature accordingly.
Digi ConnectPort X Family
86
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Forward TCP/UDP/FTP connections from external networks to the following internal
devices: Specifies a list of connections based on a specific IP port and where those
connections should be forwarded to. Typically the connecting devices come from the public side
of the network and are redirected to a device on the private side of the network.
You can forward a single port or a range of ports. To forward a range of ports, specify the
number of ports in the range, in the Range Port Count field for the port forwarding entry.
When a range is configured, the first port in the range is specified, and the full range is
indicated in the displayed entry information.
Note that FTP connections require special handling by NAT. This is because the FTP commands
and replies are character-based, and some of them contain port numbers in this message text.
Those embedded port numbers potentially need to be translated by NAT as messages pass
between the private and public sides of the network. For this reason, you should select FTP as
the protocol type when configuring a rule for FTP connection forwarding to an FTP server on
the private network side. If you use TCP, FTP communications may not work correctly. Note
also that TCP port 21 is the standard port number for FTP. Finally, using port ranges for FTP
forwarding is not supported; a port count of 1 is required.
IP forwarding example
For example, to enable port forwarding of RealPort data (network port 771) on a Digi Connect WAN
VPN to a Digi Connect SP with an IP address of 10.8.128.10, you would do the following:
1. Select the Enable IP Routing check box.
2. In the Forward TCP/UDP connections from external networks to the following internal
devices section, type the port forwarding information as follows, and click Add.
IP Network Failover settings
The IP Network Failover feature provides a dynamic method for selecting and configuring the default
gateway for the Digi device. Failover uses of a set of rules and link tests to determine whether you can
use a particular network interface to communicate with a specified destination. The user configures
these rules, link tests and the priority order of the interfaces.
Failover maintains a network interface list, ordered by the configured Failover Interface Priority, and
containing information on the state of the network interface and recent success or failure of the link
tests for that interface. The failover status for a network interface is one of the following:
n 1 - Responding: The interface is Up and configured in the system. It is currently responding to
the link tests. This interface is suitable for use as the default gateway.
n
2 - Up: The interface is Up and configured in the system. Its status has not been determined
by the link tests, or no link tests are configured. This interface may be suitable for use as the
default gateway.
Digi ConnectPort X Family
87
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
3 - Not Responding: The interface is Up and configured in the system. However, it is not
currently responding to the link tests, and the number of consecutive test failures has reached
the threshold number configured in the Network Failover settings. This interface may be
suitable for use as the default gateway.
n
4 - Down: The interface is Down or not configured in the system. However, it is not currently
responding to the link tests. This interface is not suitable for use as the default gateway.
n
5 - Unknown: The interface is Unknown (does not exist) in the system. This interface is not
suitable for use as the default gateway.
The number shown above for each status value, indicates the priority of that status, failover uses in
selecting the interface to use as the default gateway. Status priority 1 is the most suitable for use,
with lower priorities considered suitable if there are no interfaces at the highest priority.
When any network interface changes status, the interface list is examined for the interface that has
the highest status priority, nearest the start of the list. The default gateway is the highest priority
interface with a Responding status. If no interface is marked Responding then the default gateway is
highest Up interface.
When Network Failover performs a link test, it adds a temporary static host route to the destination
IP address for the link test, using the network interface that the link test is configured to test. The
static host route is removed when the link test completes. Avoid manually configuring static host
routes to any of the failover link test destinations, as such host routes may interfere with failover's
link testing. Static IP routes are configured on the IP Forwarding Settings page. For additional
information, see IP forwarding settings.
In the Advanced Network Settings, the Gateway Priority selection provides a simpler method for
selecting the default gateway. However, if failover is properly configured and enabled, it overrides the
Gateway Priority selection in the Advanced Network Settings. For a description of this non-failover
Gateway Priority selection and information on how to configure it, see Advanced Network Settings.
For IP Network Failover status and statistics, see IP Network Failover statistics.
Network Failover general settings
n Enable IP Network Failover: Enable the Network Failover feature in the Digi device. Click the
check box to turn failover on or off.
n
Enable fallback to the non-failover default gateway priority method: The Network
Failover uses the fallback option if it cannot configure a default gateway. Failure to configure a
default gateway could occur if one or more interfaces are not enabled (On) for Network
Failover use, or if the enabled interfaces are not Up or do not have a gateway associated with
them. Click the check box to turn fallback on or off.
Digi ConnectPort X Family
88
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Failover Interface Priority: Failover uses the list of available network interfaces in priority
order to determine the default gateway. The default gateway routes IP packets to an outside
network, unless controlled by another route.
A network interface may have a static gateway configured for it, or it may obtain a gateway
from DHCP or other means when the interface is configured. The first interface in this list that
supplies a gateway will be used as the default gateway. The default gateway may change as
interfaces connect and disconnect, and as failover link tests determine that an interface is
providing the desired IP packet routing to a remote network destination.
To change the interface priority order, select an item from the list and click the up or down
arrow.
Digi ConnectPort X Family
89
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Link Test Settings for each of the network interfaces: The options that follow configure the
link tests for the network interfaces. Each network interface has its own set of options.
Failover can support Ethernet, Wi-Fi and Mobile (cellular) network interfaces. The available
interfaces vary among different Digi products.
l
Enable IP Network Failover for the XXX Interface: Enable use of the XXX interface for
failover, where XXX is Ethernet, Wi-Fi, or Mobile. Click the check box to turn failover on or
off. If a network interface is not enabled for use by failover, it will not be considered by
failover for use in selecting the default gateway.
l
No Test: Click the radio button to select no link tests will be used for this interface. Since
no link tests are run, failover will only be aware of the Up or Down status of the interface.
l
Ping Test: Click the radio button to select the Ping Test as the link test to use for this
interface. The Ping Test sends ICMP Echo Request packets to the configured destination IP
address. If you receive an ICMP Echo Reply (ping reply), the link test successfully
demonstrated that you can use the network interface to communicate with the specified
destination.
l
Primary Destination (Ping Test): The primary, or first, destination to ping. The destination
must be a valid IPv4 address. If the destination is remains empty, no Primary Destination
link test will be attempted.
l
Secondary Destination (Ping Test): The secondary, or second, destination to ping. The
destination must be a valid IPv4 address. If the destination is remains empty, no Secondary
Destination link test will be attempted.
l
Send Count (Ping Test): The maximum number of ping requests to send for a ping link test.
When a reply is received, the ping test ends successfully and does not continue to send ping
requests. If no ping reply is received after Send Count ping requests have been sent, the
link test ends in failure.
l
Send Interval (Ping Test): The time interval in seconds between sending ping requests
during a ping link test. The ping tests sends a ping request. If no ping reply is received
before the Send Interval expires, another ping request is sent.
l
TCP Connection Test: Click the radio button to select the TCP Connection Test as the link
test to use for this interface. The TCP Connection Test tries to establish a TCP connection
to the configured destination IP address and port number. If a connection is successfully
established, or if the remote host actively rejects (resets) the connection attempt, the link
test successfully demonstrated that you can use the network interface communicate with
the specified destination. If a TCP connection is successfully established, it is immediately
closed.
l
Primary TCP Port (TCP Connection Test): The destination TCP port to use to connect to
the Primary Destination address.
Digi ConnectPort X Family
90
�Using the Digi ConnectPort X Family web interface
l
Configure the device using the web interface
Primary Destination (TCP Connection Test): The primary, or first, destination used to
establish a TCP connection. The Primary Destination uses the Primary TCP Port when
testing the connection to the Primary Destination. The destination must be a valid IPv4
address. If the destination is empty, no Primary Destination link test will be attempted.
l
Secondary TCP Port (TCP Connection Test): The destination TCP port to use to connect to
the Secondary Destination address.
l
Secondary Destination (TCP Connection Test): The secondary, or second, destination used
establish a TCP connection. The Secondary Destination uses the Secondary TCP Port when
testing the connection to the Secondary Destination. The destination must be a valid IPv4
address. If the destination is empty, no Secondary Destination link test will be attempted.
l
Connection Timeout (TCP Connection Test): The time in seconds to wait for a TCP
connection to be established or rejected by the destination host.
The following four Link Test options are used if the Ping or TCP Connection Link Test is selected.
n
Repeat the test every: N seconds: The time interval (N) in seconds between the end of a
successful link test and the start of the next link test for the network interface. This interval
occurs only after a successful test.
Shorter intervals verify the link more often, but they also increase the packet traffic over the
network interface during the text. Consider the frequency of tests carefully for network
connections such as Mobile (cellular) connections, which may be expensive, depending on the
service plan in effect with your mobile service provider.
n
On test failure, retry every: N seconds: The time interval (N) in seconds between the end of
a failed link test and the start of the next link test for the network interface. This interval
occurs after a failed test and continues until the “Not Responding” (consecutive failures)
threshold has been reached.
A possible strategy is to configure a shorter Retry interval than the Success interval, to more
quickly test the network connection to determine whether it is truly not working or there was
just a transient test failure. Determining the validity of the link helps failover determine
whether it is necessary to reconfigure the default gateway.
n
Report Not Responding after: N consecutive failures: The threshold (N) in consecutive link
test failures at which time the network interface is reported to failover as “Not Responding”.
Upon receiving such a report, failover may determine that the default gateway must be
reconfigured. The count of consecutive failures is reset to zero when a successful link test
completes, or when the network interface is reconfigured or its connection is restarted (such
as a mobile PPP connection).
n
When Not Responding, retry every: N seconds: The time interval (N) in seconds between the
end of a failed link test and the start of the next link test for the network interface. This
interval occurs after a failed test, but only after the “Not Responding” (consecutive failures)
threshold has been reached.
Digi ConnectPort X Family
91
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Socket tunnel settings
You can use a socket tunnel to connect two network devices: one on the Digi ConnectPort X Family
product’s local network and the other on the remote network. This is especially useful for providing
SSL data protection when the local devices do not support the SSL protocol.
One of the endpoint devices is configured to initiate the socket tunnel. The tunnel is initiated when
that device opens a TCP socket to the Digi ConnectPort X Family product on the configured port
number. The Digi ConnectPort X Family product then opens a separate connection to the specified
destination host. Once the tunnel is established, the Digi ConnectPort X Family product acts as a proxy
for bi-directional data between the remote network socket and the local network socket, regardless
of which end initiated the tunnel.
Socket tunnel settings include:
n Enable: Enables or disables the configured socket tunnel.
n
Timeout (seconds): The timeout, specified in seconds, controls how long the tunnel will
remain connected when there is no tunnel traffic. If the timeout value is zero, then no timeout
is in effect and the tunnel will stay up until some other event causes it to close.
n
Initiating Host: The hostname or IP address of the network device which will initiate the
tunnel. This field is optional.
n
Initiating Port: Specify the port number that the Digi device product will use to listen for the
initial tunnel connection.
n
Initiating Protocol: The protocol used between the device that initiates the tunnel and the
Digi device server. Currently, TCP and SSL are the two supported protocols.
n
Destination Host: The hostname or IP address of the destination network device.
n
Destination Port: The port number that the Digi device will use to make a connection to the
destination device.
n
Destination Protocol: The protocol used between Digi device and the destination device.
Currently, TCP and SSL are the two supported protocols. This protocol does not need to be the
same for both connections.
Virtual Private Network (VPN) settings
Use a Virtual Private Networks (VPN) to securely connect two private networks together so that
devices may connect from one network to the other network using secure channels. VPN uses IP
Security (IPsec) technology to protect the transferring of data over the Internet. All Digi ConnectPort
X Family products except Digi Connect WAN support VPNs.
The Digi device is responsible for handling the routing between networks. Devices within the local
private network served by the Digi device can connect to devices on the remote network as if they are
in the local network. The VPN tunnels are configured using various security settings and methods to
ensure the networks are secured.
Uses for a VPN-enabled Digi device
VPN-enabled Digi devices, such as Digi Connect WAN VPN, are cellular-enabled routers that securely
connect remote subnets using IPsec VPN technology. Devices in the Digi device’s private network can
connect directly to devices on the other private network with which the VPN tunnel is established. You
configure VPN tunnels using security settings and methods to ensure the networks are secured.
Digi ConnectPort X Family
92
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Use the Digi device for primary or backup remote site connectivity. The Digi device routes secured
IPsec VPN traffic over the cellular IP network and a VPN appliance terminates it at the host end.
You can use a VPN-enabled Digi device in several scenarios; for example:
n As the primary router where the remote site does not use another WAN router.
n
As a backup router where the remote site has a primary WAN connection through DSL, Frame
Relay, or other means.
n
To provide secure access to remote serial and/or Ethernet devices.
This section describes using a Digi device as a primary remote site router using IPsec Encapsulated
Security Payload (ESP) and Internet Key Exchange (IKE)/Internet Security Association and Key
Management Protocol (ISAKMP) pre-shared key methods.
VPN global settings
n General Security Settings
l
Enable Antireplay: Antireplay allows the IPsec tunnel receiver to detect and reject
packets that have been replayed. Set this field to match that at the remote VPN gateway.
The default is Enabled.
Important Disable Antireplay if you use manual keyed tunnels.
n
Miscellaneous Settings
l
Suppress SA lifetime during IKE Phase 1: In most cases, clear this check box. Some VPN
equipment do not negotiate the ISAKMP Phase 1 lifetimes. Such equipment may refuse to
negotiate with the Digi device if it includes lifetime values in Phase 1 negotiation
messages. If the Digi device must communicate with such equipment, enable this option to
prevent the Phase 1 lifetimes from being included in the ISAKMP Phase 1 messages.
l
Suppress Delete Phase 1 SA Message For PFS: In most cases clear this check box. VPN
devices usually send a delete notification for any phase 2 SAs that are left over from
previous sessions when they start to negotiate quick mode. However, some devices do not
handle this notification correctly and will terminate the connection when they receive it. If
you have trouble connecting to the remote VPN device, select this check box to suppress
sending this message.
l
IP addresses of remote VPN peers may change on the fly (Dynamic DNS): Enable when
you are specifying the address of the remote VPN device with a DNS name, and that device
uses dynamic DNS because its public IP address can change. Selecting this check box will
cause the Digi device to poll the DNS server once a minute to see if the remote VPN
device’s IP address has changed. The IPsec software will be restarted with the new IP
address if it does change. Selecting this check box increases network traffic since the unit
will be polling the DNS server once a minute.
Digi ConnectPort X Family
93
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
VPN tunnel configuration settings
n Description: Type a short, one-line description of the VPN tunnel.
n
VPN Tunnel: Displays settings for encryption and authentication keys. Selecting ISAKMP is
recommended; almost all VPN devices use this standard protocol. ISAKMP is more secure than
manually setting the keys The only time to set the keys manually is when connecting with an
old VPN device that does not support ISAKMP, in which case you should replace the obsolete
box with one that does.
n
Local Endpoint Type:
Select Local endpoint is a subnet to allow devices on the remote network to see devices on
the local network. This is the standard way IPsec works and the correct choice in most cases.
Select Local endpoint is an internal interface to not allow devices on the remote network
to see devices on the local network. This causes the Digi device to create a virtual endpoint and
assign it the IP address specified later in the settings on this page. Devices on the remote
network will only see the IP address of this endpoint, and cannot see the IP addresses of any
devices on the local private network. This feature must be used in combination with NAT. If you
select it, then you must update the NAT settings on the Network >IP Forwarding page. You
must enable NAT translation for the VPN interface that corresponds to the tunnel. Tunnel 1
uses interface vpn0, tunnel 2 uses vpn1, and so on.
n
VPN Mode:
If a single remote VPN device will be used for this VPN tunnel, select
Initiate client connections to and accept connections from the remote VPN device at and
type the remote device’s IP address or DNS name in the field below. If the Digi device should
accept connections from any remote VPN device for this tunnel, select the Accept connections
from any VPN device option.
Digi ConnectPort X Family
94
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Identity settings
l
Network Interface: mobile|0eth0: Select the network interface used to communicate
with the remote VPN device. The mobile0 device is the one with the cellular modem. In
most cases, this is the correct device to use to communicate with a remote VPN device on
the Internet.
l
Negotiate tunnel as soon as interface comes up: Check if the Digi device should establish
the VPN tunnel as soon as the selected network interface is ready to use. Clear this check
box if the Digi device should wait until a device on the local private network tries to
communicate with a device on the remote network before establishing the VPN tunnel.
l
Use the following as the identity: Use this option to control how the Digi device
identifies itself to the remote VPN device. The Digi device must identify itself to the remote
VPN device when it negotiates the tunnel. You must ensure both devices agree on what the
identification is. Select the Use the following as the identity option to enter a string such
as a DNS name or an FQDN. Select the Use the interface IP address if the Digi device
should send the IP address of the interface you selected above as its identity. Select Use
the identify certificate X.509… to use a PKI certificate. If using a PKI certificate,
remember to load it in the Administration >X.509 Certificate/Key Management web
page.
n
Local Endpoint:
If you set the Local Endpoint Type to Local endpoint is an internal interface, the following
prompts appear:
l
Host address for tunnel's internal VPN interface: In the IP Address field, type the IP
address for the virtual network interface. This is the IP address which will be visible to
devices on the remote private network.
l
Discard packets sent to the remote subnet unless they come from this local subnet: Select
this option if the Digi device should discard IP packets transmitted from a device on the
local network and addressed to the remote network which do not come from the subnet
you specify below.
IP Address: Type the IP address of the subnet.
Subnet Mask: Type the mask for the subnet.
l
As indicated on the settings page, use the local endpoint as an internal interface in
combination with NAT. Click here to configure the Network Address Translation (NAT)
settings. Select the interface name of vpn0 to configure NAT for this tunnel.
If you set the Local Endpoint Type to Local endpoint is a subnet, prompts for entering the
network address and mask for the private network appear. Both the Digi unit and the remote
VPN device must be configured to use the same values.
l
IP Address: Type the IP address of the local private network.
l
Subnet Mask: Type the mask for the local private network.
Digi ConnectPort X Family
95
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Remote Endpoint: Type the IP address and subnet mask of the remote network. Both the Digi
device and the remote VPN device must be configured to use the same values.
l
Tunnel Network Traffic to the following Remote Network:
IP Address: Type the IP address of the remote network.
Subnet Mask: Type the subnet mask of the remote network.
Digi devices support a mode of VPN tunnel operation called VPN tunnel all mode, where all
traffic that is not directed to the local subnet is sent across a VPN tunnel to a remote
network. This mode is different from the normal mode of VPN tunnel operation, where the
range of the remote subnet is explicitly set VPN tunnel all mode is supported when the Digi
device is the initiator of the VPN connection. It is not supported when the Digi device is the
server.
For example, in the normal mode of operation, a user might set up a VPN tunnel between
the local subnet at 192.168.1.0/24 to a remote subnet at 172.16.1.0/24. In this case, the
remote subnet range is the subnet at 172.16.1.x. In VPN tunnel all mode, the remote
subnet is any address that is not on the local subnet, or in this case, anything not in the
subnet 192.16.1.x.
The local subnet must be defined as a specific range, for example 192.168.1.0/24. This is
specified in the VPN settings by setting the IP address of the local subnet to 192.168.1.0,
and the subnet mask to 255.255.255.0. VPN tunnel all mode is specified by setting the
remote IP address to 0.0.0.0, and the remote subnet mask to 0.0.0.0.
With the configuration described above, any frames sent from the 192.168.1.x network to
any IP address not in the 192.168.1.x subnet will be set over the VPN tunnel to the remote
subnet.
When configuring a Digi device for VPN tunnel all mode and the device allows for setting the
gateway priority, set the gateway priority. The gateway priority is set on the
Configuration > Network > Advanced Network Settings page in the Gateway Priority
setting. Set the gateway priority to Ethernet for Ethernet-enabled Digi devices, or WiFi for
a wireless Digi devices. If the Digi device’s IP address on the Ethernet (or wireless)
interface is statically configured, specify the address for the gateway on that interface. The
gateway address is set in the Configuration > Network > Ethernet IP Settings page.
Digi ConnectPort X Family
96
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Pre-Shared Key Settings:
If you select the pre-shared key authentication method in one or more of your ISAKMP Phase 1
Policies, then you will be prompted to supply the ID of the VPN device and the preshared key
used for authentication.
l
Use the following IP address, FQDN, or username for the remote VPN’s ID: Type the
remote VPN device’s ID in this field. Ensure the remote VPN device is configured to send
this ID.
l
Use the following pre-shared key to negotiate IKE security settings: Type the
preshared key in this field. This value must match exactly with the preshared key set on
the remote VPN device.
Digi ConnectPort X Family
97
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
ISAKMP Phase 1 Settings:
l
General Security Settings for Phase 1
Connection Mode: Main|Aggressive: Set the connection mode to match that configured
on the remote VPN device. If aggressive mode is selected, then the VPN device will try
aggressive mode first, and then try main mode if aggressive mode fails.
Enable Perfect Forward Secrecy (PFS): Set this option to enable PFS. PFS guarantees that
if one key is broken by an attacker, that does not help him to break another key. PFS is
more secure, but slows down the negotiation process. Both the Digi device and the remote
VPN device must be configured the same way.
l
NAT-T Settings
Enable NAT Traversal (NAT-T): Set this option if there is a NAT firewall between the two
VPN devices.
Keep Alive Interval: The amount of time in seconds between NAT keep alive messages.
Once a connection is established through a firewall, the VPN devices have to send keep
alive messages to prevent the NAT firewall from timing out the connection. Set the interval
to a value less than the connection timeout of the NAT firewall.
l
ISAKMP Phase 1 Policies:
Keys are negotiated in two phases. The first phase negotiates the keys and authentication
method used to establish the initial ISAKMP connection. During this phase, the two VPN
devices verify each other’s identity and create a security association (encrypted
connection). Phase 2 uses the encrypted connection. The encryption and authentication
settings you specify determine the level of security in the connection the two VPN devices
used to communicate with each other.
Select the policies to use during phase 1 of the ISAKMP negotiation. Ensure that the Digi
device and the remote VPN device use the same policies. If more than one policy is
specified, the VPN devices will use the most secure policy that they both have been
configured to support.
Pre-shared Key: Using DSS and RSA signatures is more secure than using a pre-shared
key.
Encryption: The encryption type and the length of the key. The longer the key the more
secure it is.
Integrity: The authentication algorithm. The SHA1 algorithm is more secure than MD5.
SA Lifetime: The maximum length of the phase 1 security association.
Diffie-Hellman: The Diffie-Hellman group to use for key generation. The larger the group
the more secure it is.
Digi ConnectPort X Family
98
�Using the Digi ConnectPort X Family web interface
l
Configure the device using the web interface
ISAKMP Phase 2 Settings:
The SAs used for bulk data transfer are created during phase 2. The phase 2 settings you
specify will determine the level of security used when devices on the local private network
communicate with devices on the remote private network. As with the other settings, the
both the Digi device and the remote VPN device must be configured to use the same
values. If more than one policy is specified, the VPN devices will use the most secure policy
that they both have been configured to support.
l
General Security Settings for Phase 2:
Diffie-Hellman: Select the Diffie-Hellman group used to generate keys. Larger groups are
more secure.
l
ISAKMP Phase 2 Policies:
Encryption: The encryption algorithm used for encrypting data and the length of the key.
The longer the key the more secure it is. There are three supported encryption algorithms
including DES, 3-DES, and AES. DES encryption uses 64-bit keys, 3-DES encryption uses 192bit keys, and AES encryption uses 256-bit keys.
Authentication: The authentication algorithm used in authenticating clients. There are
two supported authentication algorithms including MD5 and SHA1. MD5 authentication
uses 128-bit keys and SHA1 uses 160-bit keys. The SHA1 algorithm is more secure than
MD5.
SA Lifetime: The maximum length of the Phase 2 security association (SA), in seconds.
After the SA has been negotiated, the SA lifetime begins. Once the lifetime has completed,
a new set of SA policies are negotiated with the remote VPN endpoint.
Example VPN configuration
The diagram shows a Digi Connect WAN VPN used as a primary remote site router:
How VPN tunnels work
The Digi device’s Ethernet port usually connects to a switch or hub, which then connects to other
Ethernet devices. The mobile/cellular carrier provides only one IP address to the mobile interface. The
Digi ConnectPort X Family
99
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Digi device uses Network Address Translation (NAT), where only the mobile IP address is visible to the
outside. Private IP addresses are typically used on the remote site LAN connected to the Digi device’s
Ethernet port. All outgoing traffic, except the tunneled VPN traffic, uses the mobile IP address of the
Digi device. Using the example network above, the process for initiating VPN tunnels works like this:
1. Typically, a host or device on the remote subnet (in this case, 172.17.1.0) requests information
from a host on the main site (HQ) subnet (172.16.5.0). For example, a computer at 172.17.1.20
needs a file from 172.16.5.100.
2. The Digi device sees the request is on the HQ subnet and verifies a VPN tunnel exists between
the two sites.
3. If no tunnel exists, the Digi device initiates a VPN tunnel request to its peer — the VPN
concentrator at HQ. The VPN policy settings are compared, and if they match, an IPsec tunnel
is created between the Digi device and the VPN concentrator. Traffic is encrypted as defined in
the VPN policies.
VPN tunnel requirements
To establish an IPsec VPN tunnel, the IP address of the mobile interface must be publicly accessible.
You can specify either a static or dynamic IP address depending on the requirements of your VPN end
point. However, the you cannot specify an IP address a private range of addresses (for example,
10.0.0.0, 172.16.0.0 or 192.168.0.0). If the mobile IP address is within one of the private IP address
ranges, the mobile carrier is using a NAT (Network Address Translation) server between your mobile
IP address and the Internet.
GSM-GPRS/EDGE APN type requirements
If the VPN end points require static (persistent) IP addresses, you may need a custom access point
name (APN). An Internet APN can work in these cases:
n The main site (HQ) VPN appliance can support Dynamic DNS names.
n
Use another form of authentication (for example, FQDN).
Be aware that these APNs are based on AT&T; other carrier APNs may have similar requirements.
CDMA carrier requirements
The CDMA (Code-Division Multiple Access) carrier requirements are similar to GSM in that static IP
addresses may be required depending on the host site concentrator VPN implementation. In both
cases, the Digi device’s mobile IP address will likely need to support mobile terminated data; that is,
the ability to accept incoming data connections.
HQ router / VPN appliance configuration
For supported protocols, see the IPsec specifications your Digi device. Security policies on the HQ VPN
device must match those on the Digi device. The HQ VPN appliance’s peer address is the Digi device’s
mobile IP address.
Console port
You can configure the Digi device’s console port for Console Management to provide SSH or telnet
access. You can connect the Digi device’s console port to the router or VPN appliance’s console port to
provide true diverse out-of-band console access.
Configuring and managing VPN settings from the command line
In the command-line interface, the set vpn command configures VPN connections, and the vpn
command manages them. These commands are described in the Digi ConnectPort X Family Command
Digi ConnectPort X Family
100
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Reference. Generally, configuring VPN connections from the web interface is simpler. Review the
settings descriptions in this procedure (also available in the online help) to determine whether you
need to gather any information before you start setting up the VPN.
IP Pass-through settings
There are many application scenarios where you can use a router to decide upon alternative routes
using a primary and a secondary (or backup) interface. In many of these configurations require a
router to use a public IP address as assigned by the network over which it communicates. This
requirement is mostly owing to the router needing to establish a VPN tunnel over that interface and
using the public IP address as part of the VPN authentication. (For more on VPN tunnels, see How VPN
tunnels work.)
The IP pass-through feature allows a Digi device to provide bridging functionality similar to that of a
cable or DSL modem, where the Digi device becomes “transparent” to the router or connected device.
In this case; the router’s WAN interface believes it is connected directly to the mobile network and has
no knowledge that the Digi device is the mechanism providing that connectivity.
How IP pass-through works
A Digi device configured for IP pass-through, such as a ConnectPort WAN or Digi Connect WAN, passes
its mobile IP address directly through and to the Ethernet device (router or computer) to which it is
connected through the Ethernet port. From the perspective of the connected device, the Digi device
essentially becomes transparent (similar to the behavior of a cable or DSL modem) to provide a bridge
from the mobile network directly to the end device attached to the Digi device.
Since the mobile network address is effectively “passed-through” to the local device connected to the
Ethernet port of the Digi device, all network access to it is bypassed, with some specific exceptions.
Here is an example of a Digi device configured for IP pass-through in a network with a third-party
router.
Digi ConnectPort X Family
101
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
If the third-party router’s WAN interface is attached to the Digi device’s Ethernet port, and the Digi
device’s mobile interface receives the IP address 166.213.2.215, the router’s WAN port is assigned the
same IP address 166.213.2.215. If the router is receiving the IP address dynamically; the DNS server
addresses, subnet mask, and default gateway information will be filled in automatically. If you
configured the router manually; you need to obtain the DNS information from the mobile service
provider and enter that manually. The subnet mask is 255.255.255.0 and the default gateway is the
same as the mobile IP address with “.1” for the last octet. In other words: if the mobile IP address is
166.213.2.215, the default gateway is 166.213.2.1.
Effect of IP pass-through on network access to Digi device
When IP pass-through is enabled, the Digi device effectively disables all router and IP service
functionality. Services that are disabled are:
n NAT
n
Port forwarding
n
VPN
n
DDNS updates
n
Socket tunnel
n
Network Services configuration
The Digi device is effectively transparent to all IP activity and network access by other devices, with
these exceptions:
n You can access it via the serial port for configuration using the command line interface.
n
It accepts TCP/IP connections for purposes of configuration by means of a “pinhole” on the
mobile interface.
n
Other devices can access it on the local Ethernet segment via the default IP address of
192.168.1.1.
Using pinholes to manage the Digi device
IP pass-through uses a concept called pinholes. You can configure a Digi device to listen on specific TCP
ports, and terminate those connections at the Digi device for purposes of managing it. Those ports are
called pinholes, and they are not passed on to the device connected to the Ethernet port of the Digi
device. You can configure network services and ports as pinholes include (see Network Services
Settings to configure these settings):
n HTTP: for accessing the device through HTTP and the web interface.
n
HTTPS: for accessing to the device through HTTPS and the web interface.
n
Telnet: for accessing the device through a telnet login and the command-line.
n
SSH: for accessing the device through a Secure Shell (SSH) login and the command-line.
n
SNMP: for monitoring and managing the device through SNMP.
n
Ping: for accessing the device through ICMP echo (ping) requests.
Remote Manager and Digi SureLink ports are automatically set up as pinholes so that they continue to
work with the Digi device. In addition, the Digi device uses a private address on the Ethernet interface
strictly for use in configuration or local access. This allows a user on the local network to gain access
to the web interface or a telnet session in order to make configuration changes.
Digi ConnectPort X Family
102
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Remote device management and IP pass-through
As illustrated above, the Digi device allows you to enable pinholes for specific ports to allow remote
users to manage the Digi device from the mobile network or open Internet. The Digi device retains its
remote management capabilities using Remote Manager. The necessary pinholes are automatically
defined when the Digi device is configured for IP Pass-through. This provides administrators with the
same remote-management capabilities that exist in Digi remote devices.
Configuring IP pass-through
To configure IP Pass-through from the web interface for your Digi device:
Note Ensure you have completed at least the first three steps.
1. Set a static IP address for the Digi device. Go to Configuration > Network > IP Settings.
2. Set up the DHCP server. Go to Configuration > Network > DHCP Server Settings. See DHCP
server settings and the online help for DHCP Server Settings.
3. Turn on the DHCP server. Go to Management > Network Services. In
DHCP Server Management, click the Start button.
4. Configure IP pass-through settings. Go to Configuration > Network > IP Pass-through.
IP pass-through settings include:
n
Enable IP Pass-through: Enables or disables IP Pass-through.
n
Pinhole Configuration: Specifies whether specific network services/ports are
configured as pinholes for purposes of managing the Digi device.
5. Click Apply.
Host List Settings
Use the Host List Settings page to add or remove entries from the host list. For Digi devices using the
DialServ feature, the host list provides a means to map a phone number to a network destination.
The Host List settings are:
n Local Name: A phone number.
n
Resolves To: a network destination.
n
Add button: Adds the entry to the host list.
When accessing a device by name, the Digi device tries to locate the name within the host list. When it
finds a match, it maps the host name to the alias. Typically, you can use this as a first means of
locating the destination address before using the domain name system (DNS).
Each host list entry consists of a local name string which is mapped to an resolves to destination. You
can specify a destination that is either an IP Address or Fully Qualified Domain Name (FQDN). By
creating several entries, the host list will allow a many-to-one mapping of multiple host names to a
single destination, as well as a one-to-many mapping of a host name to multiple destinations. The
one-to-many mapping allows a fail-over option; that is, a connection to the IP address first tries to
resolve to the first name in the host list. If that connection attempt fails, then it tries to resolve to the
next name in the host list.
Virtual Router Redundancy Protocol VRRP settings
Virtual Router Redundancy Protocol (VRRP) is a redundancy protocol for routers. VRRP allows several
routers on a subnet to use the same virtual IP address, with the physical routers representing a
Digi ConnectPort X Family
103
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
“virtual router.” Two or more physical routers are configured to stand for the virtual router, with only
one doing the actual routing at any given time. The virtual router has a unique You can share IP
address and MAC address with all routers in a VRRP group. Using a virtual router redundancy protocol
allows you to configure systems with a single default gateway, rather than running an active routing
protocol.
There are two roles in VRRP: master, and backup. The master represents the virtual router and
forwards IP traffic. The physical router that is currently routing the data is known as the Master. If the
Master router fails, another Backup router automatically replaces it. Backup routers monitor the
health of the master router, and in the event that the master stops sending advertisements, backup
routers stage an election to determine which one will be the next master, and take over the virtual
router IP address. The time required to make the determination that the master is down and hold
elections depends on configuration, but typically occurs in about 3 seconds.
You can configure a number of VRRP groups (up to 255) on a LAN. A router may participate in multiple
groups. All routers must be within one hop of each other (does not route).
VRRP settings include:
n Virtual Router Identifier (VRID): The virtual router ID. All routers in the same VRID
communicate with each other. Specify a VRID value between 1 and 255. All routers that are to
communicate must have the same VRID.
n
Priority: Determines which router is the master. The router with the highest priority is the
master. The default priority is 100.
n
Advertisement Interval: The amount of time in milliseconds between VRRP master
advertisements. Set all routers in the virtual routing group to the same value. 3000 msec (3
seconds) is typically used.
n
Enable Preempt: This settings controls whether a higher priority Backup router preempts a
lower priority Master. Select the check box to enable preemption; clear the check box to
prohibit preemption. The default setting is enabled.
n
IP Address: The IP Address of the virtual router. All routers in the same VRID should use the
same virtual IP address. Configure clients to use this value as their default gateway.
Advanced Network Settings
The Advanced Network Settings define the network interface. These settings rarely need to be
changed. Contact your network administrator for more information about these settings.
IP settings
Use the IP settings to manage IP address configuration.
Digi ConnectPort X Family
104
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Host Name: The host name to be placed in the DHCP Option 12 field. This is an optional setting
which is only used when DHCP is enabled.
The host name is validated and must contain only specific characters. These restrictions are as
defined in RFCs 952, 1035, 1123 and 2132. The following characters are permitted:
l
Alphabetic: upper and lower case letters A through Z and a through z
l
Numeric: digits 0 through 9
l
Hyphen (dash): -
l
Period (dot): .
You can specify the host name value as a single name or a fully qualified domain name, whose
parts are separated with a period character. Each part must follow the following rules:
l
Must begin with a letter or digit
l
Must end with a letter or digit
l
Interior characters may be a letter, digit or hyphen
l
Each part of the name may be from 1 to 63 characters in length, and the full host name
may be up to 127 characters in length. An IP address is not permitted for use in this host
name setting.
n
Static Primary DNS
Static Secondary DNS: The IP address of Domain Name Servers (DNS) used to resolve
computer host names to IP addresses. Static DNS servers are specified independently of any
network interface and its connection state. An IP address of 0.0.0.0 indicates no server is
specified.
n
DNS Priority: A list of DNS servers in priority order used to resolve computer host names. Each
type of server is tried, starting with the first in the list. For each server type, the primary server
is tried first. If no response is received, then the secondary server is tried. If neither server can
be contacted, the next server type in the list is tried.
A network interface may obtain a DNS server from DHCP or other means when it is connected.
If an interface does not obtain a DNS server, it will be skipped and the next server in the
priority list will be tried.
To change the priority order, select an item from the list and press the up or down arrow.
Digi ConnectPort X Family
105
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Gateway Priority: List of network interfaces in priority order used to determine the default
gateway. Use the default gateway to route IP packets to an outside network, unless controlled
by another route.
A network interface may have a static gateway configured, or obtain a gateway from DHCP or
other means when it is connected. The first interface in this list that supplies a gateway will be
used as the default gateway. The default gateway may change as interfaces connect and
disconnect.
To change the priority order, select an item from the list and press the up or down arrow.
The IP Network Failover feature provides a dynamic method for selecting the default gateway.
If failover is properly configured and enabled, it overrides the Gateway Priority selection in the
Advanced Network Settings. For a description of the failover feature and information on how to
configure it, please see IP Network Failover settings.
Digi ConnectPort X Family
106
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
DNS proxy settings
n
Enable DNS Proxy Service: Enables the DNS Proxy feature on this Digi device. DNS Proxy
permits DNS client hosts to communicate with this Digi device as if it were a DNS Server. It
forwards the DNS client's request to one of the DNS servers configured in its network settings.
The response from the actual DNS server will be relayed to the requesting client when it is
received by the DNS Proxy. The DNS Proxy does not cache the actual detailed client requests
nor the responses received from the DNS servers. Rather, it acts as a request/response relay
agent between the DNS clients and servers.
The DNS Proxy will cycle through the DNS servers that are configured in the Digi device. DNS
client requests are identified by the client's IP address and the unique Query ID in the DNS
request message. For each new DNS client request (new Query ID), the DNS Proxy uses the
first DNS server in its list of DNS servers. If the client retries the same request (same Query ID),
the DNS Proxy will recognize that retry message and will either send the retry request to the
same DNS server as the previous request for this client, or it will move to the next DNS server
in its list of DNS servers. The DNS Proxy feature determines when to retry the same DNS
server, or move to the next DNS server, according to the DNS Proxy: Request Retries Per
DNS Server configuration setting (see below). The DNS Proxy itself does not perform
unsolicited retries of DNS client requests.
Note The DHCP Server feature on the Digi device may be configured to use the DNS Proxy
feature. For more information, see DHCP server settings. The DNS server list may be dynamic
in its content. For example, when DNS server IP addresses are received from a mobile service
provider's network, they are added to the DNS server list of this Digi device. Those DNS server
IP addresses may or may not be configured when the DHCP Server offers a lease to a DHCP
client. As a result, the DHCP client may have no DNS servers provided to it in the lease, and
domain name resolution may fail for that client. A significant benefit of the DNS Proxy feature is
that the DHCP Server can offer its own IP address as a DNS server in the client lease, and the
DNS Proxy will forward DNS requests and responses as stated above. Since the DHCP protocol
does not allow a DHCP Server to force an unsolicited DNS server list update to its clients, the
DNS Proxy feature provides an indirect method by which such updates may be made effective
for the client.
n
Request Cache Size Maximum: Specifies the maximum number of DNS client request records
that the DNS Proxy will maintain concurrently in its cache. A large cache consumes more
system resources than does a small cache. However, if the maximum cache size is too small,
new DNS client requests may be quietly discarded until the cache has room to add new client
request records, or existing cache entries may be replaced by the new requests. If a large
number of concurrent DNS client lookups is anticipated, configuring a larger maximum cache
size is recommended. See also the setting For new client requests received when the
request cache is full below.
Digi ConnectPort X Family
107
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Request Idle Time-To-Live: Specifies the period of time, in seconds, that a DNS client request
will remain in the DNS Proxy cache, before it is deleted. This is a period of idle time, during
which neither a DNS client request retry is received by the DNS Proxy, nor a DNS server
response is received by the DNS Proxy, for a specific DNS client request. A shorter Idle TTL
results in the DNS Proxy using resources more efficiently, since the client request cache is
reduced in size and the request buffers are released more quickly for future use for other DNS
client requests.
n
Request Retries Per DNS Server: Specifies the number of retries using the same DNS server,
for a specific DNS client request that is retried (retransmitted) by the DNS client. There is
always one “try” but the number of retries is configurable.
For new client requests received when the request cache is full:
Specifies how to handle new client requests when the maximum number of client request
entries is already being serviced (the request cache is full). There are two choices for this
option:
Replace the Least Recently Used (LRU) client request with the new request: Remove the
least recently used entry from the cache, and add an entry for the new client request.
Discard (ignore) new requests until some existing requests have expired:
Silently discard the new client request, and do this for all future new requests until one or more
entries have expired and been removed from the request cache.
Network Port Scan Cloaking
The Network Port Scan Cloaking feature allows you to configure this Digi device to ignore (discard)
received packets for services that are hidden or not enabled and network ports that are not open.
Malicious software on the Internet may scan IP addresses, protocols, and ports to try to gain access
to hosts. You can use the Network Port Scan Cloaking feature to prevent sending responses to the
originator for ping and for TCP and UDP ports that do not have an associated service. The default
operation is that, when a TCP connection request is received for a port that is not open/bound, the
Digi device will send a TCP reset reply to inform the originator that the service is not available.
Similarly, the default operation when a UDP datagram is received for a port that is not open/bound,
the Digi device will send an ICMP port unreachable packet to inform the originator that the service is
not available. For the DNS Proxy feature, you can configure specific network interfaces to ignore
(discard) requests that are received from that interface, without otherwise acting on them.
These actions, which are common behaviors in accordance with established protocol standards,
effectively inform the originator that it has found a valid IP destination. The originator may continue to
probe other ports to gain access to the Digi device. In addition, such reply packets may have a
monetary cost for mobile network services such as cellular or WiMAX. Enabling the cloaking feature
can help manage both the port scanning threat and reduce overall data costs.
You can configure your Digi device to activate cloaking on a global basis, as well as for individual
network interfaces that are available on your Digi device. By enabling the cloak for individual protocols
and interfaces, you prevent the possibility of sending reply packets to the originator under the
conditions described above.
Digi ConnectPort X Family
108
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Note If you enable cloaking on a global basis for a particular protocol, that selection overrides the
selections for the interface-specific settings. For example, enabling cloaking for ping in the global
group, overrides a disabled selection for the eth0 (Ethernet) interface.
n
Enable Network Port Scan Cloaking: Enables the Network Port Scan Cloaking feature on this
Digi device.
n
Scan Cloaking: Ping: Enables/disables cloaking for ping requests. Replies will not be sent for
received ping requests.
n
Scan Cloaking: TCP: Enables/disables cloaking for TCP connection requests for which no
service is available.
n
Scan Cloaking: UDP: Enables/disables cloaking for UDP packets for which no service is
available.
n
Scan Cloaking: DNS Proxy: Enable/disable cloaking for DNS Proxy requests for a specific
network interface.
Note There is no global cloaking selection for DNS Proxy. To cloak the DNS Proxy feature altogether,
simply disable it.
Ethernet interface
n
Speed: The Ethernet speed the Digi device uses on the Ethernet network.
l
10: The device operates at 10 megabits per second (Mbps) only.
l
100: The device operates at 100 Mbps only.
l
auto: The device senses the Ethernet speed of the network and adjusts automatically.
The default is auto. If one side of the Ethernet connection is using auto (negotiating), the other
side can set the Ethernet speed to whatever value is desired. Or, if the other side is set for 100
Mbps, this side must use 100 Mbps.
n
Duplex Mode: The mode the Digi device uses to communicate on the Ethernet network.
Specify one of the following:
l
half: The device communicates in half-duplex mode.
l
full: The device communicates in full-duplex mode.
l
auto: The device senses the mode used on the network and adjusts automatically.
The default is half. If one side of the Ethernet connection is using auto, the other side can set
the duplex value to whatever is desired. If one side uses a fixed value (for example, half-duplex),
the other side has to use the same.
Digi ConnectPort X Family
109
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
MDI: The connection mode for the Ethernet cable.
Auto: Enables Auto-MDIX mode, where the required cable connection type (straight through or
crossover) is automatically detected. The connection is configured appropriately without the
need for crossover cables to interconnect switches or connecting PCs peer-to-peer. When it is
enabled, you can use either type of cable and the interface automatically corrects any incorrect
cabling. For this automatic detection to operate correctly, the “speed” and “duplex” options
must both be set to “auto.”
MDI: The connection is wired as a Media Dependent Interface (MDI), the standard wiring for
end stations.
MDIX: The connection is wired as a Media Dependent Interface with Crossover (MDIX), the
standard wiring for hubs and switches.
TCP keepalive settings
The DHCP server assigns these network settings, unless they are manually set here.
n Idle Timeout: The period of time that a TCP connection has to be idle before a keep-alive is
sent.
n
Probe Interval: The time in seconds between each keep-alive probe.
n
Probe Count: The number of times TCP probes the connection to determine if it is alive after
the keep-alive option has been activated. The connection is assumed to be lost after sending
this number of keep-alive probes.
WiFi Interface settings
Digi products with Wi-Fi capability display this setting:
n Maximum transmission rate: The maximum transmission rate that the device will use, in
megabits per second. The complete range of transmission rates is available on all devices
except the ConnectPort X2 - XBee® to Wi-Fi model. For that model, the allowed transmission
rates are: 1, 2, 5.5, 11.
Mobile (Cellular) Settings
The Mobile Settings pages configure how to connect to mobile (cellular) networks using the mobile
connection, including the service provider, service plan, and connection settings used in connecting to
the mobile network. If your Digi device has not already been provisioned for use in the mobile
network, you can launch a wizard to provision it from these pages. In addition, you can configure
settings for Digi SureLink, a feature that provides an “always-on” mobile network connection to
ensure rapid on-demand communication. The SureLink configuration settings allow you to customize
how SureLink detects when a connection has been lost, in order to re-establish the link. These
settings also load a preferred roaming list (PRL) into the cellular module.
Information required from your mobile service provider
To connect to the mobile network, you must get a set of network settings from the mobile service
provider including service plan and authentication details. For more information, consult the
documentation that came with your mobile service provider's information.
Digi ConnectPort X Family
110
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Different processes used for CDMA and GSM provisioning
The process for provisioning your Digi device and the settings displayed on the Mobile Configuration
page vary according to whether the mobile service provider network used with your Digi ConnectPort
X Family product is based on CDMA (Code-Division Multiple Access) or GSM (Global System for Mobile
communication).
CDMA-based mobile service providers
Device provisioning for a CDMA-based mobile service provider consists of selecting the service
provider from a list and either automatically or manually entering mobile settings provided by the
mobile service provider Examples of CDMA-based mobile service providers include Sprint or Verizon.
GSM-based mobile services providers
Device provisioning for a GSM-based mobile service provider involves inserting a Subscriber Identity
Module (SIM) card into the Digi device, which makes subscription data available in the cellular
network. Examples of GSM-based mobile service providers include AT&T and T-Mobile.
Set mobile configuration settings to factory defaults
The Set to Defaults button on the Mobile Configuration page sets all the mobile settings to factory
defaults and sets the Service Provider selection back to deselected.
SIM card selection and settings
The Digi device may be equipped with one or two Subscriber Identity Module (SIM) cards. A SIM card
contains the account information associated with a particular mobile service provider.
All of the settings available on the Mobile Configuration page are stored individually for each SIM card.
SIM card settings include:
n SIM: Select the SIM card identified by the slot number.
n
Set as Primary: Click to make this the preferred SIM to use to establish mobile connections.
n
IMSI: The International Mobile Subscriber Identity (IMSI) number that uniquely identifies the
SIM card.
n
Phone Number: The phone number associated with the mobile account, if available.
Note that the IMSI and phone number may not be available until the SIM attempts a
connection.
n
Status: The configuration status of the SIM. It may be one of these values:
l
Not configured: A mobile service provider has not been configured. Select a provider from
the list under Mobile Service Provider Settings.
l
Disabled: The SIM will not be used to establish a mobile connection. To enable, click Apply
under Mobile Settings.
l
Not installed: The SIM card is not plugged into the Digi device server.
l
Primary: This is the preferred SIM to use to establish mobile connections.
l
Secondary: If you cannot establish a connection the primary SIM, a connection will be
established with the secondary SIM.
Digi ConnectPort X Family
111
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Mobile settings
Mobile service provider settings
The Mobile Service Provider settings identify the service provider to use in connecting to the mobile
network. Information displayed varies by product and whether the remote service provider is GSM- or
CDMA-based. Settings that may be displayed on this screen include:
n Service Provider: For GSM-based mobile service providers, this is the service provider to use in
connecting to the mobile network. The service provider must match the provider that supplied
the SIM card. This must match the provider that supplied the SIM card. (Not displayed for CDMA
products.)
n
Service Plan: For GSM-based mobile service providers, this is the service plan to use in
connecting to the mobile network. This setting must match the plan that the service provider
has supplied to you. This is also sometimes known as the APN (Access Point Name).
n
Username and Password: For GSM-based mobile service providers, these settings are the user
name and password of the mobile connection needed to access the mobile network.
n
Device provisioning state: For CDMA-based mobile service providers, the text below the
Service Provider selection list states whether the device has already been provisioned. If the
device has not yet been provisioned, clicking the Provision Device button launches a wizard
for provisioning the device. Mobile device provisioning is described next.
If the device has been provisioned, text similar to the following appears: “This device has been
properly provisioned. No further settings are necessary to communicate on the network. To reprovision this device for any reason (please use caution), click here”.
Provisioning a mobile device
Mobile device provisioning is needed to properly configure the Digi device with the required
information used to access the mobile network. The device must be provisioned before you will be
able to create a data connection to the mobile network. The device only needs to be provisioned once.
This type of provisioning applies only to Digi devices that have a CDMA cellular module.
For Digi devices, provisioning is done through the Mobile Device Provisioning Wizard, which is launched
from the Mobile Configuration page.
Automatic versus manual provisioning
There are different types of provisioning methods depending upon your mobile provider. The Mobile
Device Provisioning Wizard will provide the appropriate choices based on the mobile provider selected.
Two main provisioning methods are:
Digi ConnectPort X Family
112
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Automatic Provisioning: Typically, an automatic provisioning process called IOTA (IP-Based
Over the Air) provisions the device. Note that automatic provisioning requires the modem
device to communicate over the mobile network and requires a good signal to ensure proper
provisioning.
n
Manual Provisioning: Alternatively, you can use a manual provisioning method to manually
specify the required fields needed to access the mobile network. The manual provisioning
method is an advanced configuration normally used only for custom network access or
providers. This method is not available for all mobile providers, and will not be available in the
Mobile Device Provisioning Wizard if your mobile provider does not support it.
Launch the Mobile Device Provisioning Wizard
Below the Service Provider selection list is a line of text that states whether or not the device has
already been provisioned or needs to be provisioned. If a device has not yet been provisioned, the
Mobile Configuration page displays a message, as shown below. Click the Provision Device button to
launch the Mobile Device Provisioning Wizard. For example, here is how the Mobile Settings page
looks when a device has not yet been provisioned.
Example: provisioning a Digi device for Sprint PCS
The sequence of Mobile Device Provisioning Wizard screens displayed and the settings on them vary by
product and mobile service provider.
The following example shows how to provision a Digi device when Sprint PCS is the mobile service
provider.
Digi ConnectPort X Family
113
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
1. Select a mobile service provider from the list.
2. Select automatic or manual provisioning.
The main difference between automatic and manual provisioning is that manual provisioning
involves entering more information. You will have received all of this information from your
mobile service provider during account setup.
Digi ConnectPort X Family
114
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
3. As needed, enter device provisioning information provided by your mobile service provider.
On some modules, the provisioning information is already obtained and automatically entered.
If the following screen appears, enter the provisioning information.
4. Device provisioning in progress...
5. Provisioning complete.
Upon successful completion of provisioning, a screen appears stating that the provisioning was
successful. Click Finish.
If provisioning fails:
The first screen of the provisioning wizard appears again. Instead, you must perform manual
provisioning.
6. Click Apply on the Mobile Configuration page to complete the provisioning.
Digi ConnectPort X Family
115
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Reprovision a Digi device
To reprovision a Digi device, simply run the Mobile Device Provisioning Wizard again.
Mobile connection settings
Mobile connection settings configure how the mobile connection is established and maintained.
Re-establish connection when no data is received for a period of time:
Inactivity timeout: Whether the mobile connection will be disconnected and re-established after no
data has been received over the link for the specified amount of time, in seconds.
SIM Selection Settings
The following options control how the Digi device chooses a SIM card to establish mobile connections.
The primary SIM will used first to try to establish a connection. If the connection is unsuccessful, the
secondary SIM will be used instead. If it is also unsuccessful, the primary and then secondary SIMs will
be tried again repeatedly.
Stop using this SIM and switch to the next SIM
These settings determine when a connection attempt is unsuccessful, at which point the Digi device
should switch to the next SIM card to establish mobile connections.
n If this SIM is not registered after n seconds: The SIM has not registered with the mobile
service provider after a specified number of seconds.
n
If roaming with this SIM: The SIM is registered, but is roaming to another service provider.
Your provider may apply additional connection charges when roaming.
n
After n connection failures: A connection could not be established after the specified number
of attempts.
Disconnect this SIM and return to the primary SIM
Once a connection has been successfully established with this SIM, these settings determine when to
end the connection and return to using the primary SIM.
n When the connection is dropped: The connection has ended for any reason.
n
If the connection is idle for n seconds: No data has been received over the mobile link for
the specified number of seconds.
n
After a maximum of n seconds: The connection has been established for the specified
number of seconds.
GPS settings
The following options configure the Global Positioning System (GPS) receiver that is integrated into
the mobile module of the Digi device server. These settings do not affect dedicated or external GPS
devices.
Digi ConnectPort X Family
116
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Integrated GPS receiver is: Enables or disables the GPS receiver. The possible values for this
setting are as follows:
l
Disabled: The GPS receiver is not active.
l
Always Enabled: The GPS receiver is always active.
l
Enabled only while mobile is connected: The GPS receiver is active while a mobile data
connection is established. Use this setting if the GPS receiver is interfering with making
data connections.
n
Position determination method: Selects the method used to determine a position fix. It may
be one of these values:
l
Standalone: The GPS receiver determines a position without any assistance from the
mobile network. It must obtain all necessary information from GPS satellites.
l
Mobile-based (network assisted): The GPS receiver obtains satellite almanac and
ephemeris data from the mobile network. This may reduce the time to determine the first
position fix.
l
Mobile-assisted (network calculated): The GPS receiver may send raw satellite data to
the mobile network. The network calculates the position of the mobile device, using
additional information available to the base station. This may increase the accuracy of
position fixes.
Your provider may apply additional connection charges when you use network assistance
or a calculation.
n
Number of position fixes: The GPS receiver can provide continuous position fixes, or stop
after the specified number of fixes.
n
Time allowed per fix: The maximum amount of time allowed to determine a position fix.
n
Interval between fixes: The time between the start of one position fix to the start of the
subsequent fix.
n
Desired accuracy of fix: The preferred accuracy of a position fix. If this accuracy is not
available in the time allowed, the best available position is provided.
Advanced settings
The following options configure advanced settings to manage the mobile PPP connection established
by the Digi device. Unless otherwise stated, the mobile PPP connection is not restarted with the new
settings when the changes are applied (saved). The changes are applied the next time the mobile PPP
connection is restarted. Settings vary between CDMA and GSM cellular modems.
Digi ConnectPort X Family
117
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
CDMA cellular modem advanced settings
n
Mobile Technology Settings: Selects the CDMA technology to use for the mobile service
connection. The available service depends on the mobile service provider and the geographic
location of the Digi device server.
Note The mobile PPP connection is not automatically restarted when a technology selection is
configured.
l
Automatic: Enables automatic selection of a technology for the mobile service connection,
whichever service is available. The modem will look for EvDO (3G) or 1xRTT (2G) service,
whichever is available in that location.
n
l
1xRTT: Restrict the modem to find 1xRTT (2G) service only.
l
EvDO: Restrict the modem to find EvDO (3G) service only.
Mobile Antenna Settings: Selects the mobile antenna configuration.
l
Antenna diversity (two antennas): Automatically receive on either the main or auxiliary
antenna, depending on which antenna has a better signal. Use this setting if two antennas
are connected.
l
Primary antenna only: Always receive on the main antenna. Use this setting if only one
antenna is connected.
GSM cellular modem advanced settings
n
Mobile Band Settings: Select the mobile service frequency bands that you want to configure
in the modem.
Note The mobile PPP connection is not automatically restarted when a band selection is
configured.
l
Automatic: Enables automatic service band selection by the modem. Automatic is the
default value. Digi recommends using the default setting unless there is a reason to
configure specific bands.
l
2G Only
l
3G Only
l
Manual: Selects the individual service bands that you want to configure. Improper
selection or combinations may result in a failure to establish a mobile connection. Select
one or more of these values: 850 MHz, 900 MHz, 1800 MHz, 1900 MHz.
Digi ConnectPort X Family
118
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Mobile Carrier Settings: Mobile carrier selection allows you to configure the mobile device to
use a specific mobile service only. The recommended and normal operation is for the mobile
device to automatically find service with an available carrier. However, you can configure a
manual selection to use a specific carrier. Please be aware that use of a manual carrier
selection can result in a significantly longer time interval for the unit to find service on the
specified network. Both the mobile network and the mobile device (modem) may influence this
behavior. Therefore it is recommended that the Automatic selection be used wherever
possible.
WARNING! The scan for available carriers requires that you terminate the mobile
PPP connection before you perform the scan. You cannot perform and complete a
successful scan if it is initiated over the mobile connection, since the scan
procedure requires user interaction that is not possible after the mobile PPP
connection has been terminated.
l
Automatic: Enables automatic selection of a carrier for the mobile service connection. The
mobile PPP connection is not automatically restarted if automatic carrier selection is
configured.
l
Manual: Enables manual selection of the Network ID of a carrier for the mobile service
connection. The carrier selection is the concatenation of the Mobile Country Code (MCC)
and Mobile Network Code (MNC) value for a carrier. The MCC is always a three-digit
decimal value, and the MNC is either a two- or three-digit decimal value. A properly entered
Network ID is composed of five or six decimal digits, with no other characters in that value.
The Scan available carriers... link initiates a wizard that instructs the modem to scan for
available carriers and display a list from which the desired carrier may be selected. The
scan may take as little as 20 seconds or up to two minutes to complete. Scanning for
carriers requires that the mobile PPP connection be terminated so the scan may be
performed. Upon completion of the wizard, the mobile PPP connection is restarted using
the selected carrier.
Note If the Mobile Band Settings selection in use by the modem is other than Automatic,
the list of carriers returned by the scan may include only a subset of the carriers available
in the area.
You can manually enter the Network ID from a carrier selection from the list. However, the
mobile PPP connection does not automatically restart if you are using the manual entry
method.
Digi SureLink settings
Use the Mobile Connection Settings to configure Digi SureLink settings for a Digi device. SureLink can
ensure that a Digi device is in a state where it can connect to the mobile network, and you can use
them to monitor the integrity of the established mobile connection.
There are two groups of SureLink settings:
Digi ConnectPort X Family
119
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Hardware Reset Thresholds: You can configure these settings to clear any error states that
were resident in the Digi device’s cellular module, so the device can once again connect to the
network, if the connection is lost. It does this by first resetting the cellular module after a
default or specified number of consecutive failed connection attempts, and then resetting the
Digi device after a default or specified number of failed consecutive connection attempts. You
can also disable each of these connection-failure settings.
n
Link Integrity Monitoring settings: You can configure these settings to perform a selected
test that examines the functional integrity of the network connection, and take action to
recover the connection in the event that it is lost.
Hardware reset thresholds
n Hard reset the modem module after the following number of consecutive failed
connections: Enables or disables a hard reset of the cellular modem module after the specified
number of failed connection attempts. Specify a value between 1 and 255. The default is 3.
n
Power-cycle the device after the following number of consecutive failed connections:
Enables or disables a power-cycle of the Digi device after the specified number of failed
connection attempts. Specify a value between 1 and 255. The default is 0, or off.
Link integrity monitoring settings
n
Enable Link Integrity Monitoring using the test method selected below: Enables or
disables the link integrity monitoring tests. If this setting is enabled, the other Link Integrity
Monitoring settings may be configured and verify the functional integrity of the mobile
connection. The default is off (disabled).
There are three tests available:
l
Ping Test
l
TCP Connection Test
l
DNS Lookup Test
You can use these tests to demonstrate that two-way communication is working over the
mobile connection. Several tests are provided because different mobile networks or firewalls
may allow or block Internet packets for various services. Select the appropriate test may be
selected according to mobile network constraints and your preferences.
The link integrity tests are performed only while the mobile connection is established. If the
mobile connection is disconnected, the link integrity tests are suspended until the connection
is established again.
For the link integrity tests to provide meaningful results, the remote or target hosts must be
accessible over the mobile connection and not through the LAN interface of the device (if it has
one). That is, the configure the settings to guarantee that the mobile connection is actually
tested.
The link integrity test settings may be modified at any time. The changes are used at the start
of the next test interval.
Digi ConnectPort X Family
120
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Ping Test: Enables or disables the ability to use “ping” (ICMP) as a test to verify the integrity of
the mobile connection. The test is successful if a valid ping reply is received in response to the
ping request sent. The ping test actually sends up to three ping requests, at three second
intervals, to test the link. When a valid reply is received, the test completes successfully and
immediately. If a reply is received for the first request sent, there is no need to send the other
two requests.
Two destination hosts may be configured for this test. If the first host fails to reply to all three
ping requests, the same test is attempted to the second host. If neither host replies to any of
the ping requests sent, the test fails. The primary and secondary addresses may be either IP
addresses or fully qualified domain names.
n
l
Primary Address: First host to test.
l
Secondary Address: Second host to test (if the first host fails).
TCP Connection Test: Enables or disables the creation of a new TCP connection as a test to
verify the integrity of the mobile connection. The test is successful if a TCP connection is
established to a specified remote host and port number. If the remote host actively refuses the
connection request, the test is also considered to be successful, since that demonstrates
successful two-way communication over the mobile connection. The TCP connection test waits
up to 30 seconds for the connection to be established or refused. When the TCP connection is
established, the test completes successfully, and the TCP connection is closed immediately.
Two destination hosts may be configured for this test. If the first host fails to establish (or
refuse) the TCP connection, the same test is attempted to the second host. If neither host
successfully establishes (or refuses) the TCP connection, the test fails. The primary and
secondary addresses may be either IP addresses or fully qualified domain names.
l
TCP Port: The TCP port number to connect to on the remote host (default 80).
l
Primary Address: The address of the first host to test.
l
Secondary Address: The address of the second host to test (if the first host fails).
Digi ConnectPort X Family
121
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
DNS Lookup Test: Enables or disables the ability to use a Domain Name Server (DNS) lookup
as a test to verify the integrity of the mobile connection. The test is successful if a valid reply is
received from a DNS server. Typically, this means the hostname is successfully “resolved” to an
IP address by a DNS server. But even a reply such as “not found” or “name does not exist” is
acceptable as a successful test result, since that demonstrates successful two-way
communication over the mobile connection. When a valid reply is received, the test completes
successfully and immediately.
The DNS servers used in this test for the hostname lookup, are the primary and secondary DNS
servers obtained from the mobile network when the mobile PPP connection is first
established. You can view these addresses by going to Administration > System Information
> Mobile.
Note that this DNS test is independent of the normal DNS client configuration and lookup
cache, which is used for other hostname lookups. This test specifically requires communication
over the mobile connection for each lookup, and to avoid being “short-circuited” by previously
cached information. Also, this test does not interfere in any way with the normal DNS client
configuration of this device.
Two hostnames may be configured for this test. If the first hostname fails to get a reply, the
same test is attempted for the second hostname. If no reply is received for either hostname,
the test fails. The primary and secondary DNS names must be fully qualified domain names.
Note that the reverse lookup of an IP address is possible, but that is usually unlikely to succeed
in returning a name. Still, you can use a reverse lookup to demonstrate the integrity of the
mobile connection.
n
l
Primary DNS Name: The first hostname to look up.
l
Secondary DNS Name: The second hostname to look up (if the first hostname fails).
Repeat the selected link integrity test every N seconds: Specifies the interval, in seconds,
at which the selected test is initiated (repeated). A new test will be started every N seconds
while the mobile connection is established. This value must be between 10 and 65535. The
default is 240.
If the configured interval is less time than it takes a test to complete, the next test will not be
initiated until the previous (current) test has completed.
n
Test only when idle: Initiate the selected link integrity test only after no data has been
received for the specified interval of time. This changes the behavior of the test in that the test
interval varies according to the presence of other data received from the mobile connection.
Although using this idle option may result in less data exchanged over the mobile connection, it
also prevents the link integrity tests from running as often to verify the true bi-directional
state of that connection.
Digi ConnectPort X Family
122
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Reset the link after the following number of consecutive link integrity test failures:
Disconnects and reestablishes the mobile connection after the configured number of
consecutive link integrity test failures. This value must be between 1 and 255. The default is 3.
When the mobile connection is reestablished, the “consecutive failures” counter is reset to
zero.
If the mobile connection is disconnected for any reason (including not as a result of a link
integrity test failure), the consecutive failures count is reset to zero when the mobile
connection is reestablished.
Status and statistical information for mobile connections
Once the mobile settings have been configured, you can monitor the status of mobile connections by
going to Administration > System Information > Mobile. See Mobile Information and Statistics.
From the command line, this mobile information appears when you issue the display mobile and
display pppstats commands.
Update PRL settings
Note These settings apply to Digi cellular-enabled products that use the Sierra Wireless MC57xx series
CDMA/EVDO modules.
The Update PRL page is for loading a preferred roaming list (PRL) into the cellular module on the Digi
device. A PRL is a database that resides in a mobile device that contains information used during the
system selection and acquisition process. It is built by the mobile service provider, and is normally not
accessible to users. The PRL indicates which bands, sub bands and service provider identifiers will be
scanned and in what priority order. Without a PRL, a mobile device may not be able to roam, or obtain
service outside of the home area. There may be cases where missing or corrupt PRLs can lead to not
having service at all.
On many networks, regularly updating the PRL is advised if the subscriber uses the device outside the
home area frequently, particularly if they do so in multiple different areas. This allows the mobile
device to choose the best roaming carriers, particularly “roaming partners” with whom the home
carrier has a cost-saving roaming agreement, rather than using non-affiliated carriers. You can use
the PRL files to identify home networks along with roaming partners, thus making the PRL an actual
list that determines the total coverage of the subscriber, both home and roaming coverage.
To load a PRL, fill in values for these settings:
n PRL File: The location and name of the PRL file to be loaded into the cellular module. Type the
PRL file’s pathname or click the Browse button and use the browse dialog to select the file.
n
MSL/OTSL: The master subsidy lock (MSL) or a one-time subsidy lock (OTSL) associated with
the module. This value is a six-digit activation or unlock code supplied by the mobile service
provider.
Click the Upload button to upload the PRL file to the cellular module.
If the PRL loading/updating operation was successful, the status message PRL update successful
appears in a blue box above the settings.
If an error occurs, a red box with a message describing the error appears above the settings.
You can update PRL over the air by dialing the over-the-air (OTA) feature code *228.
Digi ConnectPort X Family
123
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Short Message Service (SMS) settings
The following options configure the cellular Short Message Service (SMS) capabilities of the mobile
module of the Digi device.
Important Notes:
n To determine whether the cellular modem in a Digi device supports SMS, telnet to the
command line and type the show smscell command. If an error message is returned (error:
show option not found), then SMS is not supported for that Digi device.
n
SMS is a feature that may be available as part of your mobile service agreement. However,
sending and receiving short messages (or “text messages”) may have additional costs. Before
using the SMS capabilities of your Digi device, verify with your mobile service provider that your
agreement includes SMS as part of your service plan. Understand the costs of SMS before you
enable the SMS features on this Digi device.
n
Please read Supported character set.
n
You can configure Digi devices to be managed by Remote Manager via SMS commands. These
configuration settings are on the Configuration > Remote Manager > Remote Manager SMS
Settings page and described in Short Messaging/Remote Manager SMS settings. This Remote
Manager SMS functionality must be enabled through the Global SMS settings, described below.
Global SMS settings
n Enable cellular Short Message Service (SMS) capabilities: Enable SMS features on this Digi
device. When this option is enabled, the remaining SMS options may be configured. This option
is disabled (off) by default.
n
Send ACK reply via SMS when command is accepted: When a command message is
received via SMS, send an acknowledgment (ACK) message via SMS to the originator of the
command message, indicating that the command has been accepted and will be processed.
This option is disabled (off) by default.
n
Send NAK reply via SMS if password validation fails: When a command message is received
via SMS, and a required password is either missing or incorrect, send a negative
acknowledgment (NAK) message via SMS to the originator of the command message,
indicating that the command has been rejected due to password validation failure. This option
is disabled (off) by default.
n
Global SMS Command Password: When a command message is received via SMS, and a global
password is specified in these settings, that password must be provided by the originator of
the command message or the message will be rejected by the Digi device. If a commandspecific password is configured, that command-specific password must be provided instead of
this global command password. Specifically, a command-specific password overrides the global
password, and the global password is not considered if a command-specific password is
configured in the settings. This option is disabled (no global password required) by default. To
remove the password, simply clear the password field on the settings page.
Digi ConnectPort X Family
124
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Default Message Receiver: When Default Message Receiver receives a message via SMS, the
Default Message Receiver determines which SMS “user” will receive the message and
process it. This handling pertains to messages that are not enabled commands for which
command processing is performed. The choices for this option are:
l
Log Only: The received message is logged but otherwise not processed (default option).
l
Python: The received message is passed to the standard Python receiver. Further
processing of the message text is the responsibility of the Python program that is
implemented to receive SMS messages. Note that these messages are logged when they
are placed on the Python read queue.
n
Enable extended detail for SMS event logging (verbose): The SMS feature normally records
limited, relevant activities to the system event log. These log entries identify SMS initialization,
reconfiguration, and message send/receive activities. For troubleshooting purposes, you can
enable this option to record the message send and receive activity logging in greater detail.
However, this can result in filling the event log with more SMS activity records than are useful
for normal operation. Digi recommends enabling this option only when detail is required for a
limited period of time. This option is disabled (off) by default.
Python settings
Python-related settings for the SMS feature include:
n Enable SMS support for Python: Enable SMS features for Python on this Digi device. When
this option is enabled, the remaining Python-specific SMS options may be configured. This
option is enabled (on) by default.
n
Received Message Queue Maximum: The number of received messages that may be placed
on the dedicated Python SMS message read queue awaiting processing by Python. Once this
limit is reached, new received messages are logged but discarded until the read queue falls
below this configured maximum message count. The default value for this setting is 100
messages.
n
Received Message Hold Time Maximum: The maximum amount of time in seconds that a
received message will be held on the dedicated Python SMS message read queue while waiting
for Python SMS message processing to be brought into service. This setting allows messages
to be received and queued for Python before the Python program that processes them is ready
to receive such messages, thereby eliminating loss of messages that are received before the
Python program is ready to handle them. The default value for this setting is 600 seconds (10
minutes).
Digi ConnectPort X Family
125
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Python SMS Password: Although this use is not typical, a message may be directed for deliver
to Python by sending “#python” as a command to this Digi device. In such a case, this Python
password may be configured to validate the acceptance of such a command message before it
is accepted and placed on the dedicated Python SMS message read queue for further
processing. When Python is configured as the Default Message Receiver, it is not necessary to
use the Digi device command message syntax, since all otherwise unhandled messages will be
delivered to the Python read queue. However, password validation is not performed for noncommand messages. This option is disabled (no Python password required) by default. To
remove the password, simply clear the password field on the settings page.
Built-in command settings
Several built-in commands are supported for execution via SMS messages sent to your Digi device.
Descriptions of built-in command-related settings for the SMS feature follow. Full detailed descriptions
of the SMS command syntax and supported command options is available on the Digi support web
site.
Supported commands
The following table displays the supported commands.
Built-in command
Description
#help (alias #?)
The Digi device replies to the sender via SMS with a message that
specifies the command syntax and a list of the supported, available
commands that may be sent to this device. You may obtain further
help for a specific command by sending that command as a
parameter. For example, send #help ping to request a help reply
for the #ping built-in command.
#cli
Request that a CLI command be run on the Digi device. The output
from the CLI command is returned to the sender via SMS, with a
limit of around 2000 characters for the number of CLI output
characters returned in the reply.
#idigi
(alias #cwm)
Manage or obtain status for a device connection to a Remote
Manager server. The Digi device replies to the sender via SMS with a
message that contains the status or result of the requested action.
#ping
Request that the Digi device reply to the sender via SMS to verify
two-way SMS communication between the sender and the Digi
device.
Command options
For each built-in command, the following options are supported:
Digi ConnectPort X Family
126
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
n
Enable: Enable the command for use via SMS. All commands are enabled by default.
n
Password: Specify required password for the command message. The command message
requires this password in order to be accepted for further processing. If you configure a
command-specific password, you must provide that command-specific password instead of the
global command password (if one is configured (see Global SMS settings for more information).
A command-specific password overrides the global password and the global password will not
be use if you configure a command-specific password in the settings. This option is disabled (no
command password required) by default. To remove the password, simply clear the password
field on the settings page.
Sender Control List (SCL) settings
The SCL allows you to select the addresses (or phone numbers) from which SMS messages will be
accepted. This is in effect a “Caller ID” capability in which the Digi device screens message senders
and either processes or discards the message according to the configured SCL rules.
Following are descriptions of the SCL-related settings for the SMS feature.
n Enable SMS Sender Control List: Enable the SCL capabilities on this Digi device. When you
enable this option, you can configure the remaining SCL-specific SMS options. This option is
disabled (off) by default.
n
Send NAK reply via SMS if received message is rejected by SCL: Sends a negative
acknowledgment (NAK) message via SMS to the originator of the command message indicating
that the original message was rejected due to the configured SCL rules. This occurs when the
Digi device receives a message via SMS from a sender who was blocked by the SCL rules. This
option is disabled (off) by default.
For each SCL rule, you can configure the following options:
n Enable: Enables the rule for use by SMS. You can enable and disable rules without removing
them from the SCL. Digi device ignores disabled rules when examining received messages.
n
Sender Address (Phone Number): The address (phone number) of the sender for which this
rule applies. If the sender's address matches this configured address, the Digi device accepts
the SMS message for further processing. If the sender's address does not match any of the
enabled SCL rule addresses, the Digi device rejects it and no further processing is performed.
To remove the address, simply clear the address field on the settings page.
Digi ConnectPort X Family
127
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Match Type: Specifies the type of address match test to perform for this rule. The supported
match types are as follows:
l
Exact: The sender's address must exactly match the address configured for this rule.
l
Right: The sender's address must match the address configured for this rule when
comparing the rightmost characters to the shorter of the two strings (sender address, rule
address). For example, “5551212” matches “13125551212” since the rightmost characters
match to the length of the shorter string, “5551212”. This is the default match type.
l
Left: The sender's address must match the address configured for this rule when
comparing the leftmost characters to the shorter of the two strings (sender address, rule
address). For example, “1312555” matches “13125551212” since the leftmost characters
match to the length of the shorter string, “1312555”.
l
Partial: The sender's address must match the address configured for this rule when
comparing the consecutive characters to the shorter of the two strings (sender address,
rule address). For example, “312555” matches “13125551212” since the shorter string
“312555” is a substring of the longer string “13125551212”.
Supported character set
For SMS via GSM service, the Digi device has to translate between the GSM 03.38 7-bit alphabet and
ASCII. ASCII is the native character set for the Digi device and is the character set used in the CLI and
web UI.
The ASCII and GSM 03.38 characters do not map one-to-one, and in fact some ASCII characters must
be represented in GSM 03.38 as multi-character escape sequences (per extensions to the original GSM
03.38 alphabet). In the following table, such characters are shown as “0x1Bhh” under the “GSM 03.38
Code” column. This notation indicates a two-character sequence, where “hh” is a pair of hexadecimal
digits.
In the reverse translation (from GSM 03.38 to ASCII), some of the GSM 03.38 characters have no ASCII
counterpart. These are replaced with ASCII space characters. One exception is the INVERTED
QUESTION MARK (0x60 in GSM 03.38) which is replaced with an ASCII QUESTION MARK (0x3F)
character.
The following table documents the supported characters and the mapping used between these two
alphabets. Note that “unknown” characters are replaced with space characters during the
translation. In the table below, such characters appear as “0x20 *” under the “GSM 03.38 Code”
column.
Notes for the table:
n The GRAVE ACCENT character (0x60) in ASCII has no counterpart in GSM 03.38. The Digi device
substitutes the GRAVE ACCENT with the APOSTROPHE (0x27).
n
The characters marked with * indicate a substitution since the ASCII characters have no
counterpart in GSM 03.38. The Digi device replaces these characters with the SPACE (0x20)
character. As such, the Digi ConnectPort X product does not support these characters in GSM
short messages.
The following table displays the supported character set:
Digi ConnectPort X Family
128
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
ASCII
Code
GSM 03.38
Code
ASCII
Character
Description
0x00
0x20 *
NUL
NULL
0x01
0x20 *
SOH
START OF HEADING
0x02
0x20 *
STX
START OF TEXT
0x03
0x20 *
ETX
END OF TEXT
0x04
0x20 *
EOT
END OF TRANSMISSION
0x05
0x20 *
ENQ
ENQUIRY
0x06
0x20 *
ACK
ACKNOWLEDGE
0x07
0x20 *
BEL
BELL
0x00
0x20 *
NUL
NULL
0x01
0x20 *
SOH
START OF HEADING
0x08
0x20 *
BS
BACKSPACE
0x09
0x20 *
HT
HORIZONTAL TABULATION
0x0A
0x0A
LF
LINE FEED
0x0B
0x20 *
VT
VERTICAL TABULATION
0x0C
0x1B0A
FF
FORM FEED
0x0D
0x0D
CR
CARRIAGE RETURN
0x0E
0x20 *
SO
SHIFT OUT
0x0F
0x20 *
SI
SHIFT IN
0x10
0x20 *
DLE
DATA LINK ESCAPE
0x11
0x20 *
XON
DEVICE CONTROL ONE
0x12
0x20 *
DC2
DEVICE CONTROL TWO
0x13
0x20 *
XOFF
DEVICE CONTROL THREE
0x14
0x20 *
DC4
DEVICE CONTROL FOUR
0x15
0x20 *
NAK
NEGATIVE ACKNOWLEDGE
0x16
0x20 *
SYN
SYNCHRONOUS IDLE
0x17
0x20 *
ETB
END OF TRANSMISSION BLOCK
0x18
0x20 *
CAN
CANCEL
0x19
0x20 *
EM
END OF MEDIUM
0x1A
0x20 *
SUB
SUBSTITUTE
Digi ConnectPort X Family
129
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
ASCII
Code
GSM 03.38
Code
ASCII
Character
Description
0x1B
0x20 *
ESC
ESCAPE
0x1C
0x20 *
FS
FILE SEPARATOR
0x1D
0x20 *
GS
GROUP SEPARATOR
0x1E
0x20 *
RS
RECORD SEPARATOR
0x1F
0x20 *
US
UNIT SEPARATOR
0x20
0x20
SP
SPACE
0x21
0x21
!
EXCLAMATION MARK
0x22
0x22
"
QUOTATION MARK
0x23
0x23
#
NUMBER SIGN
0x24
0x02
$
DOLLAR SIGN
0x25
0x25
%
PERCENT SIGN
0x26
0x26
&
AMPERSAND
0x27
0x27
'
APOSTROPHE
0x28
0x28
(
LEFT PARENTHESIS
0x29
0x29
)
RIGHT PARENTHESIS
0x2A
0x2A
*
ASTERISK
0x2B
0x2B
+
PLUS SIGN
0x2C
0x2C
,
COMMA
0x2D
0x2D
-
HYPHEN-MINUS
0x2E
0x2E
.
FULL STOP (PERIOD)
0x2F
0x2F
/
SOLIDUS (SLASH)
0x30
0x30
0
DIGIT ZERO
0x31
0x31
1
DIGIT ONE
0x32
0x32
2
DIGIT TWO
0x33
0x33
3
DIGIT THREE
0x34
0x34
4
DIGIT FOUR
0x35
0x35
5
DIGIT FIVE
0x36
0x36
6
DIGIT SIX
0x37
0x37
7
DIGIT SEVEN
Digi ConnectPort X Family
130
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
ASCII
Code
GSM 03.38
Code
ASCII
Character
Description
0x38
0x38
8
DIGIT EIGHT
0x39
0x39
9
DIGIT NINE
0x3A
0x3A
:
COLON
0x3B
0x3B
;
SEMICOLON
0x3C
0x3C
<
LESS-THAN SIGN
0x3D
0x3D
=
EQUALS SIGN
0x3E
0x3E
>
GREATER-THAN SIGN
0x3F
0x3F
?
QUESTION MARK
0x40
0x00
@
COMMERCIAL AT
0x41
0x41
A
LATIN CAPITAL LETTER A
0x42
0x42
B
LATIN CAPITAL LETTER B
0x43
0x43
C
LATIN CAPITAL LETTER C
0x44
0x44
D
LATIN CAPITAL LETTER D
0x45
0x45
E
LATIN CAPITAL LETTER E
0x46
0x46
F
LATIN CAPITAL LETTER F
0x47
0x47
G
LATIN CAPITAL LETTER G
0x48
0x48
H
LATIN CAPITAL LETTER H
0x49
0x49
I
LATIN CAPITAL LETTER I
0x4A
0x4A
J
LATIN CAPITAL LETTER J
0x4B
0x4B
K
LATIN CAPITAL LETTER K
0x4C
0x4C
L
LATIN CAPITAL LETTER L
0x4D
0x4D
M
LATIN CAPITAL LETTER M
0x4E
0x4E
N
LATIN CAPITAL LETTER N
0x4F
0x4F
O
LATIN CAPITAL LETTER O
0x50
0x50
P
LATIN CAPITAL LETTER P
0x51
0x51
Q
LATIN CAPITAL LETTER Q
0x52
0x52
R
LATIN CAPITAL LETTER R
0x53
0x53
S
LATIN CAPITAL LETTER S
0x54
0x54
T
LATIN CAPITAL LETTER T
Digi ConnectPort X Family
131
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
ASCII
Code
GSM 03.38
Code
ASCII
Character
Description
0x55
0x55
U
LATIN CAPITAL LETTER U
0x56
0x56
V
LATIN CAPITAL LETTER V
0x57
0x57
W
LATIN CAPITAL LETTER W
0x58
0x58
X
LATIN CAPITAL LETTER X
0x59
0x59
Y
LATIN CAPITAL LETTER Y
0x5A
0x5A
Z
LATIN CAPITAL LETTER Z
0x5B
0x1B3C
[
LEFT SQUARE BRACKET
0x5C
0x1B2F
\
REVERSE SOLIDUS (BACKSLASH)
0x5D
0x1B3E
]
RIGHT SQUARE BRACKET
0x5E
0x1B14
^
CIRCUMFLEX ACCENT
0x5F
0x11
_
LOW LINE (UNDERSCORE)
0x60
0x27 (1)
`
GRAVE ACCENT
0x61
0x61
a
LATIN SMALL LETTER A
0x62
0x62
b
LATIN SMALL LETTER B
0x63
0x63
c
LATIN SMALL LETTER C
0x64
0x64
d
LATIN SMALL LETTER D
0x65
0x65
e
LATIN SMALL LETTER E
0x66
0x66
f
LATIN SMALL LETTER F
0x67
0x67
g
LATIN SMALL LETTER G
0x68
0x68
h
LATIN SMALL LETTER H
0x69
0x69
i
LATIN SMALL LETTER I
0x6A
0x6A
j
LATIN SMALL LETTER J
0x6B
0x6B
k
LATIN SMALL LETTER K
0x6C
0x6C
l
LATIN SMALL LETTER L
0x6D
0x6D
m
LATIN SMALL LETTER M
0x6E
0x6E
n
LATIN SMALL LETTER N
0x6F
0x6F
o
LATIN SMALL LETTER O
0x70
0x70
p
LATIN SMALL LETTER P
0x71
0x71
q
LATIN SMALL LETTER Q
Digi ConnectPort X Family
132
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
ASCII
Code
GSM 03.38
Code
ASCII
Character
Description
0x72
0x72
r
LATIN SMALL LETTER R
0x73
0x73
s
LATIN SMALL LETTER S
0x74
0x74
t
LATIN SMALL LETTER T
0x75
0x75
u
LATIN SMALL LETTER U
0x76
0x76
v
LATIN SMALL LETTER V
0x77
0x77
w
LATIN SMALL LETTER W
0x78
0x78
x
LATIN SMALL LETTER X
0x79
0x79
y
LATIN SMALL LETTER Y
0x7A
0x20
z
LATIN SMALL LETTER Z
0x7B
0x1B28
{
LEFT CURLY BRACKET
0x7C
0x1B40
|
VERTICAL LINE (PIPE)
0x7D
0x1B29
}
RIGHT CURLY BRACKET
0x7E
0x1B3D
~
TILDE
0x7F
0x20 *
DEL
DELETE
WiMAX settings
For Digi devices equipped with WiMAX radios, the WiMAX settings configure the WiMAX radio and how it
connects to a network.
Radio settings
These settings control the current state of the WiMAX radio, and its behavior when you start the Digi
device.
n Enable the WiMAX radio: Turn on the radio, scan for available networks, and be ready to
connect. If the radio is disabled, it will not transmit or receive over the air.
n
Automatically connect to the selected subscription: Establish a connection when the Digi
device server starts, and re-establish a connection if it is lost. Select an entry from the
subscription list to automatically connect.
Digi ConnectPort X Family
133
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
WiMAX Subscriptions: A list of configured subscriptions or accounts. The service provider
establishes these subscriptions when you sign up for network service.
l
Operator: The name of the network service provider (NSP) company that provides the
network services and accounting.
l
Name: The name of the subscription or account with the network service provider.
l
NSP-ID: The identifier of the network service provider.
l
Activated: When activated, enables full service for a subscription. If not activated, you may
need to establish service with the provider, usually by visiting their web site. If service has
already been established, connect to the subscription to update the activation status.
n
Authentication: log in to the network with the specified authentication and user credentials. If
your service provider gave you account login information, select the authentication type and
type the user name, password, and realm values.
If you have a login of the form of username@realm, type the user name and realm in separate
fields, without the @ sign.
Network connection
You can use these options to explicitly control which subscription and network is connected.
n Connect with automatic network selection: Select the subscription you want to use from the
subscription list. The Digi device chooses the best available network automatically.
n
Connect to a specific network: Select the subscription you want to use from the subscription
list. Also select the network to which you want to connect from the network list.
Note Some networks may not allow a connection with the selected subscription.
Digi ConnectPort X Family
134
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
WiMAX Networks: A list of networks that are available for connections. The radio discovers
these networks over the air during the scanning process. While connected, this list shows the
networks found prior to connecting and will not be updated.
l
Name: The name of the network access provider (NAP) that provides network connectivity.
l
Type: The relationship to the subscribed network service provider. The possible
relationship types are as follows:
o
Home: The network service provider operates the network.
o
Partner: A partner of the network service provider operates this network.
o
Roaming: The network provides roaming access for the network service provider.
o
Unknown: The network may not allow connections for the network service provider.
l
NAP-ID: The identifier of the network access provider.
l
RSSI: Received signal strength indicator. A measure of the signal level of the network.
l
CINR: Carrier to interference and noise ratio. A measure of the signal quality of the
network.
l
Refresh: Update the list of available networks. Use this to see latest results of the
scanning process.
l
Scan: Perform a wide-area scan for additional networks. Use scan to find unused networks
on channels in the subscriptions list. The current network will be disconnected.
The scan takes a few minutes to complete. During this time, you can update the list of
networks by clicking Refresh and you can restart a connection by clicking Connect.
l
Connect: Click to connect to the selected subscription and network. The connection
process takes a few seconds to complete. If a connection cannot be made, the Digi device
will try to connect repeatedly until a it establishes a connection or you click Disconnect.
l
Disconnect: Click to disconnect from the Digi device from the current network. The radio
will scan for available networks while not connected.
Additional WiMAX configuration information
For additional information on configuring and activating WiMAX settings, see Digi Quick Note: Digi
Connect WAN 4G and ConnectPort Sprint/CLEAR 4G Configuration, available on the Digi support site.
XBee Network Settings
A Digi Digi ConnectPort X gateway provides a gateway between an IP network and a network of
various wireless devices containing XBee RF modules. Typically, these XBee devices are small sensors
and controllers.
The XBee Configuration settings (Configuration > XBee Network) displays a view of XBee network
devices, including the ConnectPort X gateway and any nodes that have been discovered by the XBee
module in the ConnectPort X gateway.
In the Node Type column, the descriptors for the nodes can vary by the firmware type running in the
nodes. For example, the following image shows an XBee network running XBee ZB firmware. The
ConnectPort X4 gateway serves as the coordinator. There is one other node in the network, an XBee
Digital I/O Adapter. In this network, the adapter is a router. You can also display nodes as end
devices, and gateways can also serve as routers.
Digi ConnectPort X Family
135
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Use the Clear list before discovery check box to clear the discovery list of previously discovered
nodes before performing another discovery operation.
XBee 802.15.4 series products show all nodes as end nodes by default. You can set one node in the
network as coordinator, as in the following example:
To sort the node list, click any column heading.
To display the configuration settings for the XBee RF module in the ConnectPort X gateway, click a
node's Network Address or Extended Address. There are several pages of configuration settings:
including basic and advanced settings for the XBee RF module. The settings displayed vary depending
on the XBee RF protocol running in the XBee modules. The settings shown in the following example
are for an XBee ZB module.
Digi ConnectPort X Family
136
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Basic and advanced settings
The Basic Settings control basic operation of the XBee module in an XBee network. Advanced radio
settings control behavior of the XBee module at a more detailed level. Generally, you can use the
default settings. For complete settings and their descriptions, see the Product Manual for the XBee or
XBee-PRO RF module in your product. You can view and change configuration settings as needed. To
apply configuration changes, click Apply.
CAUTION! Changing the PAN ID may make the XBee module inaccessible from the rest
of the XBee network.
If you assign a Node Identifier, go to Configuration > XBee Network and click Refresh
to view the Node Identifier. The new name appears in the Node Identifier field.
Device Status
The Device Status page displays status information for a node. The parameters displayed vary based
on the capabilities supported by the node's XBee module. Common parameters include the PAN ID,
firmware and hardware versions, and the device type identifier. The following example shows the
Device Status page. See the user guide for the XBee or XBee-PRO RF module in your product for
parameter descriptions.
Digi ConnectPort X Family
137
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Device Operations
Use the Device Operations page to perform several tasks on nodes. The operations displayed depend
on the network type and node type. The possible operations are as follows:
n Identify Device: The operation appears for XBee ZB, XBee Smart Energy, and XBee DigiMesh
nodes, but not for XBee 802.15.4 nodes. This operation triggers the node to flash its
association LED for a specified amount of time. Use this operation to locate a node among a
large array of nodes. Specify the amount of time and click Identify Device.
Digi ConnectPort X Family
138
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Reset Device: This operation appears all node types except a gateway. The available reset
device operations are as follows:
l
Software Reset: A software reset resets the device without using the hardware reset
button/function. If you modified the scan channels or PAN ID since the last reset, the
software reset also performs a network reset. (You can perform this operation on the XBee
module by executing the AT command FR.)
l
Network Reset: A network reset resets the device's network configuration information
and rejoins a network. A network reset operation appears for XBee ZB, XBee Smart Energy,
and XBee DigiMesh nodes, but not for XBee 802.15.4 nodes. (You can perform this on the
XBee module by executing the AT command NR=0.)
CAUTION! A node may no longer be accessible from this gateway when you issue
a network reset.
n
Backup and Restore Configuration: You can save the XBee RF module configuration settings
for nodes to a backup file and use the backup file to restore the configuration settings if the
need ever arises.
The Backup operation saves the node’s XBee RF module configuration settings to a file. The
resulting backup file is a .pro file that is compatible with the XCTU configuration tool. This
means that you can save or load backup files from the XBee RF module using X-CTU as well as
the gateway’s command line or web interfaces.
The Restore operation sets the node’s XBee RF module configuration settings to those in the
specified .pro file.
CAUTION! A restore operation may cause the device to reset its network
information, reset, and rejoin a network. It may no longer be accessible from this
gateway.
Firmware updates for XBee modules
You can update the XBee RF modules with new firmware over the XBee network. You can download
XBee firmware updates from the Digi Support site. There are two kinds of XBee firmware updates:
n A gateway firmware update is an update of the XBee firmware in the Digi device serving as a
gateway for an XBee network.
n
An OTA (Over the Air) firmware update is an update of the XBee firmware in the XBee network
nodes. As XBee networks can involve a large number of nodes, Digi provides a way to schedule
automatic XBee firmware updates and manage firmware files.
XBee firmware updates require:
n The XBee firmware version must be compatible with the XBee module’s hardware and the
ConnectPort X gateway firmware.
Digi ConnectPort X Family
139
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
The XBee firmware must also be over-the-air compatible with other nodes. Generally, this
means that the gateway and nodes must be of the same network type (for example, ZB, or
802.15.4) and have the same or similar firmware version.
n
XBee firmware files follow a set of naming conventions that identify the firmware by network,
radio, node, file type, and revision level. Understanding these conventions before you locate
and download the appropriate firmware files from Digi. See XBee firmware filename
conventions.
If you enabled the gateway, the firmware update preserves most XBee module settings on the
gateway. Some settings, such as encryption keys, may not be preserved on the gateway during the
firmware update. You must reenter the settings that are not preserved on the gateway after a
firmware update.
Note You can disable the gateway by using the set xbee state=off command. The gateway is
automatically disabled if it cannot communicate with its XBee module. The most likely cause of this
state is unsupported firmware on the XBee module. You can still update XBee module’s when the
gateway is disabled.
Update the XBee firmware on a gateway
To update the XBee firmware on a gateway:
1. Download the appropriate firmware file from the Digi Support site.
2. From the web interface, select Configuration > XBee Network > XBee Configuration and
then click the Gateway Firmware Update link.
The Gateway Firmware Update page shows the type of XBee radio in the gateway and the
current firmware level.
3. Type or browse to the filename containing the firmware update for the gateway’s XBee
module. The file extension on the firmware files varies based on node type. For example:
n
Firmware files for ZigBee nodes (ZNet, ZB, SE) have an .ebl extension.
n
Firmware files for all other nodes have an .oem extension.
Note You cannot use files ending with .zip or .ehx on this page.
For more information on firmware filename conventions see XBee firmware filename
conventions.
4. Click the Update button. After the firmware loads successfully, the XBee module will be
restarted.
Settings preserved during gateway firmware updates
If you enable the gateway, most XBee module settings are preserved during the firmware update.
Some settings, such as encryption keys, may not be preserved and must be entered again.
Note You can disable the gateway using the set xbee state=off command. The gateway is also
disabled if it cannot communicate with its XBee module. The probable cause of this state is
unsupported firmware on the XBee module. The XBee module’s firmware can still be updated when
the gateway is disabled.
Digi ConnectPort X Family
140
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
OTA firmware updates for XBee network nodes
OTA XBee firmware updates update the firmware for XBee network nodes. These firmware updates
are supported for XBee ZB modules only.
Update firmware over the air for XBee network modules
To perform OTA firmware updates for XBee network modules:
1. Download the appropriate firmware file from the Digi Support site.
2. On the gateway, upload the latest firmware files from the
Configuration > XBee Network > OTA Firmware Update Setup page. The files must have the
extension .ebl. On gateways supporting XBee 3 OTA updates, files with the extensions .ota and
.otb are allowed.
You can upload multiple files, each containing a different firmware type needed by nodes on the
network.
3. Schedule and monitor updates of individual nodes on the OTA Firmware Update Status page.
Scheduled updates are performed in the background, one node at a time. When updating a
remote node, the remote note is not accessible from the XBee network. When updating the
XBee module in the gateway, the XBee network is not accessible from the gateway.
OTA Firmware Update Setup page
The OTA Firmware Update Setup page allows you to set up automatic firmware updates, upload
XBee firmware image files, and manage XBee firmware files. Several groups of settings on this page
control how gateway XBee firmware updates are performed:
n Update Settings:
l
Enable over the air firmware updates: Enable firmware updates on remote nodes over
the XBee network. Firmware updates use a background process to query remote nodes for
their current firmware version, and update their firmware from files stored on the
gateway. You can disable this process if you want to suspend firmware updates, or if the
update process interferes with applications using the network.
l
Automatically update nodes to the latest firmware version: When a node reports its
firmware version and a newer version of firmware is available on the gateway, schedule a
firmware update without user action. Select this option if you want to automatically
update nodes as they join the network. If you do not select this option, you can manually
schedule firmware updates from the Firmware Update Status page.
l
Stop automatic updates if an update error occurs: If an error occurs while updating a
node, suspend further updates of other nodes. You can resume updates by clicking Apply
on this page.
n
Upload Files: Use this section to upload XBee firmware files to the gateway. These files
contain the firmware image used to update nodes on the XBee network. You can upload
multiple files, each containing a different firmware type and version. Firmware files must end
with an .ebl extension. Click Browse to select a firmware file and then click Upload.
Digi ConnectPort X Family
141
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Manage Files : This section lists all firmware files that uploaded to the Digi device, along with
their type and version number. After you update all of the nodes, you can remove these files
from the gateway. Select the files you want to remove and click Delete.
OTA Firmware Update Status page
The OTA Firmware Update Status page displays the status of XBee firmware updates for nodes, and
allows you to update selected nodes with a specified firmware file. This page lists all nodes on the
XBee network, along with their current firmware update status.
In the nodes list, click a value in the table to select all nodes with that value. For example, click a
firmware version to select all nodes with the same version.
Fields on this page are as follows:
n Check box: Select this box to select the node for a firmware update. To select a range of
nodes, click the starting check box, then hold down the Shift key and click the ending check
box.
n
Node ID: The user assigned identifier of the node.
n
Extended Address: The unique 64-bit MAC address of the node.
n
HW: The hardware type and version of the node.
n
l
XBP indicates that the node is an XBee-PRO module.
l
S2B indicates an XBee-PRO S2B node.
l
S2C indicates an XBee S2C node.
l
S2CP indicates an XBee PRO S2C node.
FW: The current firmware version of the node.
Digi ConnectPort X Family
142
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Status: The firmware update status of the node. The possible status values are as follows:
l
Unknown: The current firmware version is not known. The firmware version either has not
yet been read from the node or cannot be read from the node.
l
Up to date: The node is running the latest firmware version available on the gateway.
l
Available: A newer version of firmware is available on the gateway. Select the node and
click Update to schedule an update. Schedule an update by issuing the xbee fw_update
command or from the Configuration > XBee Network > OTA Firmware Update Status
page in the web interface.
l
Scheduled: A firmware update is scheduled to be performed on this node.
l
Updating: A firmware update is now being performed on this node.
l
Updated: A successful firmware update has been performed on this node.
l
Complete: The node has rejoined the network after a successful firmware update.
l
Canceled: A user canceled firmware update for this node. Select the node and click Update
to restart the update.
l
Error: A firmware update on this node has failed. Select the node and click Update to
restart the update. You can schedule an update issuing the xbee fw_update command or
from the Configuration > XBee Network > OTA Firmware Update Status page on the
web interface.
n
Update File: The firmware file used to update the node.
n
Refresh: Display the latest firmware update status.
n
Update selected nodes with firmware file: To use the file listed in the table for each node,
choose Update File. To use a different file, choose a firmware file from the list Firmware files
are uploaded on the Firmware Update Setup page.
n
Use this router node as the updater: The updater node is a router within radio range of the
node being updated. The updater sends the firmware image directly to the node during the
update process. Choose Automatic to use the best available updater node. Choose a router
from the list to use a specific updater node.
n
Update: Schedule a firmware update of the selected nodes.
n
Cancel Update: Cancel a scheduled firmware update of the selected nodes.
For additional information on XBee modules and networks, access the XBee Network page under
Administration > System Information > XBee Network. The XBee Network page
displays more detailed information about XBee network devices, including counters related to any
applications that are exercising the devices. See XBee Network.
For detailed information about XBee module settings and operation, see the Product Manual for the
XBee RF module, available from the Digi Support site.
XBee firmware filename conventions
XBee firmware files use the following filename convention:
X_ ABCDE_ Y.EXT
Digi ConnectPort X Family
143
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
X is the radio hardware and network type. The possible radio hardware and network type
values are follows:
X value in filename
Radio hardware and network type
XB24_15_4
XBee 802.15.4
XBP24_15_4
XBee PRO 802.15.4
xb24-dm
XBee DigiMesh 2.4 GHz
xbp24-dm
XBee PRO DigiMesh 2.4 GHz
XB24-B_ZigBee
XBee ZNet 2.5
XBP24-B_ZigBee
XBee PRO ZNet 2.5
XB24-ZB
XBee ZB
XBP24-ZB
XBee PRO ZB
XB24-SE
XBee Smart Energy
XB3-
XBee3
XBP24-SE
XBee PRO Smart Energy
XBP08-DP
XBee PRO 868 MHz
XBP09-DP
XBee PRO 900 MHz
XBP09-DM
XBee PRO DigiMesh 900 MHz
xb24c-zb
XBee ZB on S2C
xbp24c-zb
XBee PRO ZB on S2C
xb24c-se
XBee Smart Energy on S2C
xbp24c-se
XBee PRO Smart Energy on S2C
Digi ConnectPort X Family
144
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
ABCDE is the full version number in hexadecimal.
l
l
A is the region. A is 0 if only 4 digits are present. The possible region values are follows:
A value in filename
Region
0
US, World, or ETSI
1
Japan high power 2.4 GHz
2
Australia 900 MHz
B is the network type. The possible network type values are follows:
B value in filename
Network type
1
802.15.4, ZNet 2.5, 868 MHz, or 900 MHz
2
ZB
3
Smart Energy
4
ZB on S2C
5
Smart Energy on S2C
8
DigiMesh
Digi ConnectPort X Family
145
�Using the Digi ConnectPort X Family web interface
l
Configure the device using the web interface
C is the node type.
In the following table, API mode is a frame-based interface mode that extends the level to
which a host application can interact with the networking capabilities of the module. When
in API mode, all data entering and leaving the module is contained in frames that define
operations or events within the module. Gateways typically use XBee firmware for
coordinator API mode. More information about API mode is in the user manuals for the
XBee RF modules.
AT mode is a state in which incoming serial characters are interpreted as XBee AT
commands. More information about AT mode is in the Product Manuals for the XBee RF
modules.
ZigBee nodes use different firmware for AT and API mode. Standard nodes support both AT
and API modes.
The gateway radio must be ZigBee type 1 or 3, or non-ZigBee type 0.
Remote nodes can use any node type.
The possible node type values are follows:
C value in filename
Node type
For ZigBee radios (ZNet, ZB, SE):
0
Coordinator AT command mode
1
Coordinator API mode
2
Router AT mode
3
Router API mode
4
Router/End Device Sensor Adapter
5
End Device Power Harvester Adapter
6
Router/End Device Analog I/O Adapter
7
Router/End Device Digital I/O Adapter
8
End Device AT command mode
9
End Device API mode
x
Multiple node types in a zip file
Node type values for other radios:
Digi ConnectPort X Family
146
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
C value in filename
Node type
0
Standard node
1
XBee RS-232 Adapter
2
XBee Sensor Adapter (also known as One-wire Sensor)
3
XBee RS-485 Adapter
4
XBee USB Adapter
5
RS-232 Power Harvester Adapter
6
Analog I/O Adapter
7
Digital I/O Adapter
x
Multiple node types in a zip file
l
D is the major revision number.
l
E is the minor revision number.
Y is the radio type modifier. _Y indicates a variation of X and may not be present. The possible
radio type modifier values are follows:
Y value in filename
Radio type modifier value
S2B
XBee PRO S2B
Digi ConnectPort X Family
147
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
EXT is the filename extension, designating the file type. The extension .ebl is for ZigBee nodes
(ZNet, ZB, or SE). The extension .oem is for all other node types.
.EXT value in filename
File type
ebl
ZigBee radio firmware (ZNet, ZB, or SE)
oem
XBee module firmware for all other XBee module types
hex
Hexadecimal-encoded firmware
ehx
Encrypted hexadecimal firmware
mxi
XBee module parameter information
zip
Archive of above files
ota
XBee3 radio firmware
otb
XBee3 radio firmware
You can update the gateway radio with .ebl or .oem files.
You can update ZB remote nodes over the air with .ebl files. On gateways supporting XBee 3
OTA updates, files with the extensions .ota and .otb are allowed.
XCTU uses .hex, .ehx, .mxi, and .zip files.
XCTU can create .oem files from .ehx files.
For example, file XBP24-ZB_2164.ebl is the XBee-PRO ZB coordinator API firmware. You can use this
firmware file to update the XBee RF module in the gateway. Details about the conventions follow.
Currently, ConnectPort X gateways support these XBee firmware versions:
XBee module model type in gateway
Supported firmware versions
XBee ZB
Version 2x21 or greater
XBee 802.15.4
Version 1080 or greater
XBee DigiMesh 900 MHz
Any firmware version
XBee DigiMesh 2.4
Version 8040 or greater
XBee Smart Energy (SE)
Any firmware version
XBee DigiMesh 868 MHz
Any firmware version
XBee ZB on S2C
Any firmware version
XBee Smart Energy on S2C
Any firmware version
Digi ConnectPort X Family
148
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Direct Access communication with the XBee RF module on ConnectPort X2 gateways
On ConnectPort X2 gateways, you can directly communicate with the XBee RF module. You must
disable the XBee driver software on gateway. Once disabled, other services can use the port used by
the XBee driver to directly access the XBee RF module, including RealPort, TCP Sockets, and use of
open Python sockets. To enable Direct Access communication with the XBee RF module, on the
XBee Configuration window, the Gateway Access, an select the Enable serial access to the
gateway radio check box.
Serial ports configuration
Use the Serial Ports Configuration page to establish a port profile for each serial port on the Digi
ConnectPort X product. The Serial Ports Configuration page includes the currently selected port
profile for the serial port, detailed configuration settings for the serial port, dependent on the port
profile selected, and links to basic and advanced serial settings.
The Serial Port Configuration page includes the Port Settings pane that lists the available ports and
allows you to configure or copy selected ports.
Select Port Profile
The Select Port Profile page appears when you click Change Profile on the Port Profile Settings
pane.
A port profile allows you to easily configure a serial port based on how you intend to use that port. By
selecting one of the pre-defined profiles, the configuration options are focused only on the settings
required for that particular profile.
The Digi ConnectPort X supports the following port profiles:
n
Console Management: Manage a serial device's console port over a network connection. The
Console Management profile allows you to access a Digi device's console port over a network
connection. Most network devices such as routers, switches, and servers offer one or more
serial ports for management. Instead of connecting a terminal to the console port, cable the
console port to the serial port of the Digi ConnectPort X Family product. Then using TCP/IP
utilities like reverse telnet, network administrators can access these consoled serial ports
from the LAN.
See Assign a profile to a serial port for more information.
n
Custom: The Custom profile is an advanced option to allow full configuration of the serial port.
Use the Custom profile only if the serial port does not fit into any of the predefined port
profiles. For example, when network connections involve a mix of TCP and UDP sockets. See
Assign a profile to a serial port for more information.
Digi ConnectPort X Family
149
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
GPS: The GPS profile allows the Digi device to make use of an NMEA-0183 compliant GPS data
stream for location and geofencing.
n
Local Configuration: The Local Configuration profile allows you to sign in and access the
command line interface when connecting directly to a serial port on a Digi device. This profile
provides a login from the Digi device. See Assign a profile to a serial port for more information.
n
Modem Emulation: The Modem Emulation profile allows you to configure the serial port to act
as a modem. The Digi device server emulates modem responses to a serial device and
seamlessly sends and receives data over an Ethernet network instead of a PSTN (Public
Switched Telephone Network). This allows you to retain legacy software applications without
modification and use a less expensive Ethernet network in place of public telephone lines. See
Assign a profile to a serial port for more information.
n
RealPort: Use RealPort to map a COM or TTY port to this serial port of your Digi device. The
COM/TTY port appears and behaves as a local port to the PC or server. RealPort is also known
as COM Port Redirection. See Assign a profile to a serial port for more information. Refer to
Install RealPort software for basic RealPort installation instructions. Refer to RealPort
Installation User's Guide for more detailed instructions on installing and configuring the RealPort
driver on your PC or server.
When you configure a RealPort profile, the Digi ConnectPort X Family product relinquishes
control of the serial port to the host that has the RealPort driver installed. The computer
applications send data to this virtual COM or TTY port and the RealPort driver sends the data
across the network to the corresponding serial port on the Digi ConnectPort X Family product.
The network is transparent to both the application and the serial device.
Important Install and configure the RealPort software on each computer that uses RealPort
ports. See Assign a profile to a serial port for installation instructions. You need to configure the
RealPort software with the IP address of the Digi ConnectPort X Family product.
Digi ConnectPort X Family
150
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Serial Bridge: The Serial Bridge Profile configures one side of a serial bridge. A bridge connects
two serial devices over the network as if they were connected with a serial cable. This is also
referred to as serial tunneling. Each serial device is connected to the serial port of a Digi device
server. You must configure one Digi device as the client and the other Digi device as the server.
This profile configures each side of the bridge separately.
See Assign a profile to a serial port for more information.
n
TCP Sockets: Auto-Connect (TCP client) to another host on the network or allow incoming
connections on this serial port (TCP server). The TCP Sockets profile allows serial devices to
communicate over a TCP network. The TCP server allows other network devices to initiate a
TCP connection to the serial device attached to the serial port of the Digi ConnectPort X Family
product. The TCP client will establish a TCP connection to a defined IP address and port
number.
For more information about the TCP Sockets, see the following:
l
Automatic TCP connections (Automatic Connection)
l
TCP and UDP network port numbering conventions
See Assign a profile to a serial port for more information about assigning a profile.
Digi ConnectPort X Family
151
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
UDP Sockets: Allows the automatic distribution of serial data from one host to many devices at
the same time. The UDP Sockets profile allows serial devices to communicate using UDP. The
UDP Server configuration allows the serial port to receive data from one or more systems or
devices on the network. See Assign a profile to a serial port for more information.
The UDP Client configuration allows the automatic distribution of serial data from one host to
many devices at the same time using UDP sockets.
The port numbering conventions shown in the TCP Sockets Profile also apply to UDP sockets.
Not all port profiles are supported in all products. Supported port profiles varies by Digi ConnectPort X
Family model. If a profile listed in this description is not available on the page, it is not supported in the
Digi ConnectPort X Family product.
If you selected a port profile, the port number associated with the port profile appears at the top of
the page. You can change or retain the profile and adjust individual settings.
Everything displayed on the Serial Ports Configuration page between Port Profile Settings and the
links to the Basic Serial Settings and Advanced Serial Settings depends on the selected port profile.
Assign a profile to a serial port
To assign a profile to a serial port:
1. Select Configuration > Serial Ports.
2. Click a port number from the Port column.
3. Click Change Profile.
4. On the Select Port Profile page, select a port profile option and then click Apply.
Digi ConnectPort X Family
152
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
5. Complete the steps based on the selected profile option:
n
Console Management: Most network devices such as routers, switches, and servers
offer one or more serial ports for management. Instead of connecting a terminal to the
console port, cable the console port to the serial port of your Digi device server. Then
using TCP/IP utilities like reverse telnet, network administrators can access these
consoled serial ports from the LAN.
a. Record the TCP (or SSH) port number listed under TCP Server Settings. You
will need the TCP port number when configuring an application or device
that accesses the serial port from the network.
b. To log inbound serial data, click Advanced Serial Settings, select Enable
port logging, and then click Apply.
c. Click Basic Serial Settings, complete the fields to match the settings of the
attached serial device, and then click Apply.
Note Configure the application or device that initiates communication to the serial port
from the network with the following information:
n
l
IP address of this Digi device server.
l
TCP or (SSH) port number for the serial port recorded above in Step a.
Local Configuration (Console Port): Click Basic Serial Settings, complete the fields to
match the settings of the attached serial device or terminal, and then click Apply.
n
Custom: Complete the fields under Serial Port Configuration and then click Apply.
n
Modem Emulation: Click Basic Serial Settings, complete the fields to match the
settings of the attached serial device and then click Apply.
Modem emulation enables a system administrator to configure the serial port to act as
a modem. The Digi device server emulates modem responses to a serial device and
seamlessly sends and receives data over an Ethernet network instead of a PSTN (Public
Switched Telephone Network). The advantage for a user is the ability to retain legacy
software applications without modification and use a less expensive Ethernet network
in place of public telephone lines.
Digi ConnectPort X Family
153
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
RealPort: COM port redirection is provided with the RealPort software installed on your
network-based computer. RealPort creates a virtual COM port on your computer. When
your computer applications send data to this virtual COM or TTY port, RealPort sends
the data across the network to the Digi device server. The Digi device server routes the
data to the serial device connected to its serial port. The network is transparent to both
the application and the serial device.
Prerequisite RealPort software must be installed on each computer that you want to
connect to. See Install RealPort software for more information.
RealPort will set the serial port settings as directed by the computer application, so
there is no need to modify the Basic Serial Port Settings.
n
Serial Bridge: A bridge connects two serial devices over the network as if they were
connected with a serial cable. This is also referred to as serial tunneling. Each serial
device is connected to the serial port of a Digi device server. Configure one Digi device
as the TCP server and the other Digi device as the TCP client. Once you establish a
connection between the two Digi devices the communication is bi-directional.
To assign a Serial Bridge (Serial Tunneling) to a serial port on a Digi device acting as the
TCP client (which initiates the connection to the TCP server):
a. Select Initiate serial bridge to the following device and provide the
following information:
l
Type the IP Address of the other Digi device server.
l
In the TCP Port field, type the Raw TCP port number for the destination
serial port. If the serial port is the first or only port on the device server,
the value is 2101.
b. Click Apply to save the configuration.
c. Click Basic Serial Settings, complete the fields to match the settings of the
attached serial device and then click Apply.
Follow the same steps to configure the Digi device server on the other side of the
bridge, with the following exceptions:
l
Select Allow other devices to initiate serial bridge. The default TCP Port rarely
needs to be changed.
l
Digi ConnectPort X Family
Clear the Initiate serial bridge to the following device check box.
154
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
TCP Sockets for TCP client (Automatic Connection): In a TCP client configuration, the
Digi device server automatically establishes a TCP connection to an application or
network device. See Automatic TCP connections (Automatic Connection) for more
information.
To assign a TCP Client (Automatic Connection) profile to a serial port:
a. Under TCP Client Settings, select the Automatically establish
TCP connections check box.
b. Select the Connect option that describes when the TCP connection will be
initiated.
c. Type the IP address or DNS name of the destination server in the Server
(name or IP) field.
d. Select one of the following options from the Service drop-down list:
Digi ConnectPort X Family
l
Raw TCP
l
Rlogin
l
Secure Sockets
l
Telnet
l
SSH
155
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
e. Specify the destination TCP port number in the TCP Port field. The port
number depends on the conventions used on the remote server or device.
The following table provides the common TCP port number conventions.
Connection Service
Common TCP Port Number
Telnet
23
Rlogin
513
Reverse Telnet to the port of the
2001
Digi device server
The format for this port number is
as follows:
20
Replace with
the Digi serial port number. For
example, 2001 applies to serial port
1, 2010 applies to serial port 10, and
2016 applies to serial port 16.
Raw connection to the port of the
2101
Digi device server
The format for this port number is
as follows:
21
Replace with
the Digi serial port number. For
example, 2101 applies to serial port
1, 2110 applies to serial port 10, and
2116 applies to serial port 16.
f. Click Apply to save the configuration.
g. Click Basic Serial Settings, complete the fields to match the settings of the
attached serial device or terminal, and then click Apply.
Digi ConnectPort X Family
156
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
TCP Sockets for TCP server: A TCP Server configuration allows other network devices
to initiate a TCP connection to the serial device attached to a serial port of the Digi
device server. This is also referred to as reverse telnet, console management or device
management.
a. Record the TCP (or SSH) port number listed under TCP Server Settings. You
will need the TCP port number when configuring an application or device
that accesses the serial port from the network.
b. Click Basic Serial Settings, complete the fields to match the settings of the
attached serial device or terminal, and then click Apply.
Note Configure the application or device that initiates communication to the serial port
from the network with the following information:
n
l
IP address of this Digi device server.
l
TCP or (SSH) port number for the serial port recorded above in Step a.
UDP Sockets for UDP client (data distribution): UDP client configuration allows the
automatic distribution of serial data from one host to many devices at the same time
using UDP sockets. This is also referred to this as UDP Multicast.
a. Under UDP Client Settings, provide the following information for each UDP
destination:
l
A description of the destination.
l
The destination IP Address or DNS name.
l
The destination UDP port.
When finished, click Add.
b. Select the options that define when to send data and click Apply.
c. Click Basic Serial Settings, complete the fields to match the settings of the
attached serial device or terminal, and then click Apply.
n
UDP Sockets for a UDP server:
a. Record the UDP port number listed under UDP Server Settings. You will
need the UDP port number when configuring an application or device that
accesses the serial port from the network.
b. Click Basic Serial Settings, complete the fields to match the settings of the
attached serial device, and then click Apply.
Note Configure the application or device that initiates communication to the serial port
from the network with the following information:
l
IP address of this Digi device server.
l
UDP port number for the serial port recorded previously in Step a.
Digi ConnectPort X Family
157
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Automatic TCP connections (Automatic Connection)
The TCP Client allows the Digi ConnectPort X Family product to automatically establish a TCP
connection to an application or a network, known as autoconnection. You can enable autoconnection
through the TCP Sockets profile’s setting labeled Automatically establish TCP connections. When
you set the TCP Sockets profile, the DTR flow-control signal indicates when a TCP socket connection
has been established. You can use this information when monitoring the serial line. You can use it as a
flow-control mechanism to determine when the Digi device connects to a remote device establishes
communication. You can combine this mechanism with the DCD signal to close the connection and the
DSR signal to do RCI over serial. Together, you can use these signals to the Digi device to auto connect
to many devices, deterministically, on the network.
TCP and UDP network port numbering conventions
Digi devices use the following conventions for TCP and UDP network port numbering:
For this connection type...
Use this Port
Telnet to the serial port
The format for this port number is as follows:
2001 (TCP only)
20
Replace with the Digi serial
port number. For example, 2001 applies to serial
port 1, 2010 applies to serial port 10, and 2016
applies to serial port 16.
Raw connection to the serial port
The format for this port number is as follows:
2101 (TCP and UDP)
21
Replace with the Digi serial
port number. For example, 2101 applies to serial
port 1, 2110 applies to serial port 10, and 2116
applies to serial port 16.
The application or Digi ConnectPort X Family device that initiates communication must use these
network ports numbers. If you cannot configure the application or Digi ConnectPort X Family product
to use these network port numbers, change the network port on the Digi ConnectPort X Family
product.
RFC 2217
Use the RFC 2217 protocol to access serial devices over the network. RFC 2217 implementations
enable applications to set the parameters of remote serial ports (for example, baud rate or flow
control), detect line signal changes, as well as receive and transmit data. The configuration
information provided in this section applies to Digi device functioning as RFC 2217 servers. If using the
RFC 2217 protocol, do not modify the port settings from the defaults. If the port settings have been
changed, restore the factory default settings (see Factory default settings). No additional
configuration is required.
Digi ConnectPort X Family
158
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Industrial automation profile
This port profile is available in Digi devices that support Industrial Automation (IA) and the Modbus
protocol. It has serial port settings appropriate for the Digi Connect WAN IA’s use in IA applications. It
allows you to control and monitor various IA devices and PLCs. Serial ports for Digi Connect WAN IA
devices are set to use this port profile by default. The default settings for the Digi Connect WAN IA and
in this port profile is sufficient for most IA applications. If you need to change the settings from the
defaults, use the “set ia” command, documented in the Digi Connect® Family Command Reference.
Basic serial settings
The basic serial port settings must match the serial settings of the connected device. If you do not
know these settings consult the documentation that came with your serial device. These serial
settings may be documented as 9600 8N1, which means that the device is using a baud rate of 9600
bits per second, 8 data bits, no parity, and 1 stop bit.
When using RealPort (COM port redirection) these settings are supplied by applications running on the
PC or server, and the default values on your Digi device server do not need to be changed.
The possible settings are as follows:
n Description: Specifies an optional character string for the port which can be used to identify
the device connected to the port.
n
Baud Rate: Select the baud rate value for the serial device.
n
Data Bits: Select the data bits value for the serial device.
n
Parity: Select the parity for the serial device.
n
Stop Bits: Select the stop bit value for the serial device.
n
Flow Control: Select the flow control value for the serial device.
Advanced serial settings
Use Advanced Serial Settings to configure the serial interface and the access to the serial interface.
The default settings work in most situations.
Serial settings
n Enable Port Logging: Port logging allows you to save serial data to the memory of the Digi
device server. Once enabled, the port log can be viewed by selecting Port Logs on the Serial
Port Management page (Management > Serial Ports). Port Logging is enabled in the CLI via
the set buffer command.
n
Log Size: The size in kilobytes of the memory buffer used to save serial data when port logging
is enabled.
n
Automatic backup: The port data is stored to specified location automatically.
n
Unlimited automatic backup size: When enabled, the automatic backup size is not limited.
n
Automatic backup size: This option defines the amount of the log to backup at a time.
n
Enable SYSLOG service: The port data can be stored to the SYSLOG server in addition to the
port log storage location at the same time.
n
Enable RTS Toggle: When enabled, the Digi device asserts RTS (Request To Send) when
sending data on the serial port.
Digi ConnectPort X Family
159
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Enable RCI over Serial (DSR): This choice allows configure the Digi Connect device through
the serial port using the RCI protocol. See the RCI specification in the Digi Connect Integration
Kit for further details.
RCI over Serial uses the DSR (Data Set Ready) serial signal. Verify that the serial port is not
configured for autoconnect, modem emulation, or any other application which is dependent on
DSR state changes.
n
Enable alternate pinout (altpin): Enables or disables the altpin option, which swaps DCD
with DSR so that you can use eight-wire RJ-45 cables with modems. By default, the altpin is
disabled.
TCP Settings
These TCP Settings are available only when you configure the current port with the Console
Management, Custom, or TCP Sockets profile.
n
Send Socket ID: Include an optional identifier string with the data sent over the network.
The Socket ID can be 1 to 256 ASCII characters. Enter non-printable characters as
follows:
n
Character
Key
Sequence
backspace
\b
formfeed
\f
tab
\t
line feed
\n
return
\r
backslash
\\
hexadecimal
values
\xhh
Send data only under any of the following conditions: Enable if you need to specify the
conditions when the Digi device server will send the data read from the serial port to the TCP
destination.
Digi ConnectPort X Family
160
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Send when data is present on the serial line: Send the data to the network destinations
when a string of characters is detected in the serial data. To enter non-printable characters,
use these key sequences:
Key
Character
Sequence
hexadecimal
\xhh
values
n
tab
\t
line feed
\n
backslash
\\
Match string: A 1 to 4 character string. This is usually the newline character sequence but can
also be a custom string of 1 to 4 characters.
n
Strip match string before sending: Search for the string specified in the Match String field
before sending the data and strip the string from the string from the data before it is sent to
the destination.
n
Send after the following number of idle milliseconds: Send the data after the specified
number of milliseconds have passed with no data received on the serial port.
n
Send after the following number of bytes: Send the data after the specified number of
bytes have been received on the serial ports.
n
Close connection after the following number of idle seconds: Enable to close an idle
connection. Use the Timeout field to enter the number of seconds that the connection will be
idle before it is closed. This can be 1 to 65000 seconds.
n
Close connection when DCD goes low: When selected, the connection will be closed when the
DCD (Data Carrier Detected) signal goes low.
Note If you are using 8-wire cabling, you must apply the altpin for DCD functionality.
n
Close connection when DSR goes low: When selected, the connection will be closed when the
DSR (Data Set Ready) signal goes low.
UDP settings
These UDP Settings are available only when the current port is configured with the Console
management, the UDP Sockets, or the Custom Profile.
n
Send Socket ID: Include an optional identifier string with the data sent over the network.
The Socket ID can be 1 to 256 ASCII characters. Enter non-printable characters as
follows:
Digi ConnectPort X Family
161
�Using the Digi ConnectPort X Family web interface
Character
Key
Sequence
backspace
\b
formfeed
\f
tab
\t
line feed
\n
return
\r
backslash
\\
hexadecimal
values
\xhh
Configure the device using the web interface
Display current serial port settings
To display the current serial port settings for a Digi device, type display techsupport from the
command line interface.
Camera
Digi ConnectPort X products support connecting a WatchPort® Camera to one of its USB host ports.
One Digi WatchPort V2 USB camera is supported.
Camera settings
Use the following settings to configure the camera operation and handling of images captured by the
camera.
n Enable Camera Enables and disables camera. When disabled, all camera activity stops and all
used memory is freed.
n
Resolution: The resolution level for images.
n
Frame Delay: The minimum time between frames in milliseconds. The actual delay time
between frames will be this number or greater. The camera automatically increases this value
as needed, such as in low light conditions. This delay time is the inverse of frames per second.
For instance, if you want to set the camera to process at a maximum of 5 frames per second,
the frame delay is set to 200 (1/5 = 0.2 second = 200 ms).
n
Quality: Image quality. Choose a quality from 0 to 100; with 0 being the lowest quality and
smallest image size and 100 being the best image quality and largest image size. Digi
recommends a quality range from 30 to 80. Quality above 80 results in larger images, which
result in lower overall performance and increased memory use.
Digi ConnectPort X Family
162
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Send Images to TCP Server: Enables sending camera images to a TCP server. The TCP server
application must conform to the protocol sent by this device, which is: on connect, the TCP
client sends a protocol id of four bytes: 0x85ce4a71, followed by a protocol version of 4 bytes:
0x00000010. After this, images are sent repeatedly in the form of 4 bytes containing the length
of the JPEG image to follow, and the JPEG image.
n
l
TCP Server: Name of the server to receive image data.
l
TCP Port: Type the TCP port number. The default port is 22222.
Current Image: Displays a snapshot of the current camera image. Click the image to display a
new window with the full-size image. If No Camera Available appears, the camera is disabled,
no camera is attached to the Digi device, or some other problem is causing the camera to work
incorrectly. You can access the current snapshot by typing the following URL in any web
browser:
http://device-ip/FS/dev/camera/0
where device-ip is the IP address for the Digi device.
n
Advanced Settings: All settings from Automatic Gain Control on are advanced camera
settings. Digi recommends using the default camera settings listed under Advanced Settings.
Advanced users can modify them as needed, but most users do not need to modify them.
Camera operation
Once you connect and configure the camera, the current snapshot image from the camera is available
directly from the device at the following URL:
http://device-ip/FS/dev/camera/0
where device-ip is the IP address for the Digi device.
You can view video from the camera by streaming the camera data to a TCP server application. To
stream camera data over a TCP server application, complete the configuration settings under Send
Images to TCP Server. For more information, see the installation guide for your Watchport Camera.
System Configuration
Use the System Configuration page to configure device identity and description information, date and
time settings, and settings for Simple Network Management Protocol (SNMP).
Device Identity Settings
Use the Device Identity Settings page to create a description of the Digi ConnectPort X Family
product’s name, contact, and location. You can use this information to identify a specific Digi device
product when working with a large number of devices in multiple locations.
n Description: The network name assigned to the Digi device.
n
Contact: The SNMP contact person (often the network administrator).
n
Location: A text description of the physical location of the Digi device.
n
Device ID: A text description of the device ID used to identify the device (for example, MAC or
IP address).
Digi ConnectPort X Family
163
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Date and Time Settings
Use the Date and Time Settings page to set the Coordinated Universal Time (UTC) and/or system
time and date on a device, or set the offset from UTC for the Digi device's system time.
Set the date and time
To set the date and time, click the Set button to configure the hours, minutes, seconds, month, day,
and year on the device.
If offset is set to 00:00, the device's system time and UTC are the same. Setting time and date with an
offset of 00:00 results in both UTC and system time being set to the specified value. If offset is not
00:00, setting time sets the system time to the specified value and UTC is adjusted accordingly.
Offset from UTC
Specifies the offset from UTC for this device. Offset can range from -12 hours to 14 hours. Very rarely,
a time zone can also have an offset in minutes (15, 30, or 45). You can use this value to modify the time
and date (generally expected to be UTC) to compensate for time zones and daylight savings time.
Wikipedia provides a list of time zone offsets at: https://en.wikipedia.org/wiki/Lists_of_time_zones
On a device with no real-time clock (RTC) and no configured time source, time and date are
completely local to the device and have limited usefulness since they are not persistent over
reboots/power-cycles.
On a device with a real-time clock and no configured clock source, time and date are also local to the
device but they are meaningful because they are persistent. The offset option could be useful in
adjusting for daylight savings time. Setting the date and time to standard time and setting offset to 1
whenever daylight savings time is in effect would serve that purpose.
On a device with a configured clock source, time and date received from a clock source is expected to
be UTC. For users with several devices in different time zones, keeping offset=00:00 might be useful
for comparing logs or traces from different devices, since all would be using UTC.
Time source settings
The time source settings configure access to up to five external time sources that you can use to set
and maintain time on the device.
n Type: Specifies the type of time source for this entry.
l
sntp server: The device uses its SNTP client to poll the NTP/SNTP server, specified by the
FQDN, for time.
l
n
cellular: The device polls the cellular service for time.
Interval: Specifies the interval in seconds between polls of a time source. Interval can range
from 1 second to 31536000 seconds. If more than one time source is specified, time sources
with shorter intervals have greater influence on the device's time than do sources with longer
intervals.
n
FQDN: Specifies the fully-qualified domain name or IP address for the time source. Use FQDN
only if the time source is SNTP.
The only time source that is guaranteed to be present on all products at all times is the system clock.
It counts uptime and displays system time as the Unix Epoch (00:00:00 on January 1, 1970) plus
uptime. Any source that is not the system clock is considered an external source. This includes the
RTC.
Devices which have an RTC but have no external time sources configured will display system time as
the Unix Epoch plus the time since power was initially applied to the device until system time is set
manually. You can manually set system time via the CLI, Web UI, and so on. Once system time is set
Digi ConnectPort X Family
164
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
manually, the RTC will continue to maintain system time but, due to variations in the accuracy of the
RTC, system time can diverge from external time.
Specifying an external time source allows the device to compare its system time to the time reported
by the configured time sources and appropriate adjustments to system time. This allows system time
to stay consistent over long durations.
The polling interval for an external source establishes its priority relative to other sources; the more
samples taken from a time source, the greater influence that time source has on system time.
Any time adjustment will update the RTC automatically. All time sources are assumed to be UTC.
Time Source Global settings
Use the Time Source Global settings to configure the global settings that control time source
management.
n
Time Adjustment Threshold: A value in seconds that defines a range around the current time
value maintained by the device. If the Digi device receives a time update from a best (smallest
value) ranking time source and the new time is within that range, the Digi device's time is not
changed. However, if the new time falls outside the defined threshold range, the Digi device's
time is updated immediately using the new time value.
The Time Adjustment Threshold value can range from 0 to 300 seconds. For example, if the
configured threshold is 60 seconds, the Digi device's time will be updated using a new time
value that is 60 seconds or more different than the Digi device's current time value. If the new
time value differs from the Digi device's current time by less than 60 seconds, the Digi device's
time is not updated using that new time.
n
Enable Lost Time Source Recovery: If multiple external time sources are available and
configured in the Time Source Settings, normally only the best-ranking (smallest value) source
(s) will be used to maintain the Digi device's time. If the best-ranking source stops reporting
new time values, it is considered “lost”.
Enabling Lost Time Source Recovery allows the Digi device to consult one or more worseranking (higher value) time sources in an effort to obtain a fresh time value. This prevents the
best-ranking configured time source from blocking time updates if that source stops providing
acceptable time samples.
The interval of time that must pass for Lost Time Source Recovery to begin varies according to
the best ranking time source that is reporting a value. For a time source of type “sntp server”,
the missing sample update interval is three NTP/SNTP intervals configured for that time
source, plus one minute. For a time source other than “sntp server”, the missing sample
update interval is 61 minutes. You cannot configure these interval values.
Use the Time Adjustment Threshold to limit the amount of drift that will be tolerated before the Digi
device's time is updated using a new sample. You should select an appropriate value with
consideration for the reliability of the time sample sources.
In the case of NTP/SNTP server sources, you should also consider the latency, round-trip timing, and
reliability of the network connection (between the Digi device and the server).
If the communications path between the Digi device and server involves a cellular network
connection, you should consider the performance and behavior characteristics of the cellular network.
In a cellular network, intermittent packet delays are possible in either the transmit or receive
Digi ConnectPort X Family
165
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
direction (or both). Frequently these delays are asymmetric, such that the delay is greater in one
direction than in the other.
In such conditions, the round-trip timing (of the request/reply) skews the time sample adjustment to
determine the time value to use for the device. Therefore configuring an aggressively small (short)
threshold value may cause the device to adjust its time frequently and unnecessarily, such that the
time value “jumps” forward or backward as a consequence of asymmetric packet delays.
Simple Network Management Protocol (SNMP)
Use the Simple Network Management Protocol (SNMP) Settings page to manage and monitor
network devices. You can configure Digi ConnectPort X Family devices to use SNMP features, or you
can disable SNMP for security reasons. For additional information, see Simple Network Management
Protocol (SNMP).
SNMP configuration
You can configure basic network and serial configurations for Digi ConnectPort X devices through
SNMP:
n Use a subset of standard MIBs for network and serial configuration. See Supported RFCs and
MIBs for more information on supported MIBS.
n
Use Digi enterprise MIBs for device identification, alarm handling, and Digi ConnectPort X
Family-specific configurations.
To use the MIBS, you must load MIBs into a network management station (NMS).
Note that some SNMP configuration settings can be configured only from the web or command line
interfaces. For example, to send alarms as SNMP traps:
n In the web interface, use the Configuration > Alarms > alarm > Alarm Destinations > Send
SNMP trap to following destination when alarm occurs option. See Alarms Configuration.
n
In the command-line interface, use the set alarm option typescript. See the set alarm
command description in the Digi Connect® Family Command Reference on www.digi.com.
Note You cannot configure all network and serial configurations using SNMP. For more advanced
configuration settings, use the web or command-line interfaces.
Supported RFCs and MIBs
Digi ConnectPort X Family supports the following SNMP-related Request for Comments (RFCs) and
Management Information Bases (MIBs):
Digi ConnectPort X Family
166
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Standard RFCs and MIBs
l
RFC 1213—Management Information Base (MIB) II manages a TCP/IP network. MIB-II
contains variable definitions that describe the most basic information needed to manage a
TCP/IP network. Variable definitions are organized into several groups, such as groups for
managing the system, network interfaces, address translation, transmission media, and
various protocols, including IP, ICMP, TCP, UDP, EGP, and SNMP. See
www.ietf.org/rfc/rfc1213.txt for more information.
l
RFC 1215—Generic Traps (coldStart, linkUp, authenticationFailure, login only). See
www.ietf.org/rfc/rfc1215.txt for more information.
n
l
RFC 1316—Character MIB. See tools.ietf.org/html/rfc1316 for more information.
l
RFC 1317—RS-232 MIB. See tools.ietf.org/html/rfc1317 for more information.
DIGI enterprise MIBs
l
DIGI CONNECT DEVICE INFO MIB—A Digi enterprise MIB for handling and displaying basic
device information, such as firmware revisions in use, device name, IP network
information, memory use, and CPU statistics.
l
Digi Connect Mobile Information MIB—A Digi enterprise MIB for handling and displaying
device information for mobile devices.
l
Digi Connect Wireless LAN MIB—A Digi enterprise MIB for handling and displaying basic
device information for wireless devices.
l
DIGI SERIAL ALARM TRAPS MIB—A Digi enterprise MIB for sending alarms as SNMP traps.
l
Digi Login Traps MIB—A Digi enterprise MIB that indicates when users attempt to sign into
the device, and whether the attempt was successful.
l
Digi Structures of Management MIB—A Digi enterprise MIB that provides data structures
for managing hosts and gateways on a network.
l
Digi Connect Mobile Traps MIB—A Digi enterprise MIB for sending alarms as SNMP traps for
mobile devices.
l
Digi Connectware Notifications MIB—This Digi enterprise MIB may be required by some
SNMP import facilities, as other MIBs may refer to it.
See Download a Digi MIB for instructions on downloading a Digi MIB from the Digi website.
Supported SNMP traps
You can enable or disable SNMP traps. Supported SNMP traps include:
n Authentication failure
n
Login
n
Cold start
n
Link up
n
Alarms issued in the form of SNMP traps
A large set of MIBs define these various trap types (unsolicited status message from the device).
All products support MIBs for serial alarms/login traps/RFC 1215.
Digi ConnectPort X Family
167
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Products with the geofencing/GPS feature support MIBs for geofencing.
Products with mobile/cellular capability support MIBs for mobile alarms.
From the web interface, you can enable/disable traps at Configuration > System > SNMP >
Enable Simple Network Management Protocol (SNMP) traps.
You can configure alarms at Configuration > Alarms > Alarm Conditions > Alarm n >
Alarm Destinations > Send SNMP trap to following destination when alarm occurs.
Simple Network Management Protocol (SNMP) Settings
Use the Simple Network Management Protocol (SNMP) Settings page to manage and monitor
network devices. You can configure Digi ConnectPort X Family devices to use SNMP features, or you
can disable SNMP for security reasons. For additional information, see Simple Network Management
Protocol (SNMP).
n Enable Simple Network Management Protocol (SNMP): This check box enables or disables
use of SNMP.
l
The Public community and Private community fields specify passwords required to get
or set SNMP-managed objects. Changing public and private community names from their
defaults is recommended to prevent unauthorized access to the device.
l
Public community: The password required to get SNMP-managed objects. The default is
public.
l
Private community: The password required to set SNMP-managed objects. The default is
private.
l
Allow SNMP clients to set device settings through SNMP: This check box enables or
disables the capability for users to issue SNMP set commands uses use of SNMP read-only
for the Digi device.
n
Enable Simple Network Management Protocol (SNMP) traps: Enables or disables the
generation of SNMP traps.
l
Trap Destinations: Provide the IP address or fully qualified domain name (FQDN) of the
system where the SNMP agent sends traps. The primary destination is required. The
secondary destination is optional.
l
Primary/Secondary: The IP address of the system to which the SNMP agent sends traps.
To enable any of the traps, you must specify a non-zero value. The primary destination is
required. The secondary destination is optional. If your Digi devices supports alarms, you
must complete this field in order to send alarms in the form of SNMP traps. See Alarms
Configuration.
You can use the following SNMP trap check boxes:
l
Generate authentication failure traps: The SNMP agent will send SNMP authentication
traps when there are authentication failures.
l
Generate login traps: The SNMP agent sends SNMP login traps on login attempts.
l
Generate cold start traps: The SNMP agent sends traps on cold starts of the Digi device.
l
Generate link up traps: The SNMP agent sends link up traps when network connections
are established.
Digi ConnectPort X Family
168
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Remote Manager settings
The Remote Manager configuration page sets up the connection to the Device Management remote
management server so the Digi device can connect to the server. Device Management allows you to
configure and manage Remote Manager-registered devices from remote locations.
In this discussion:
n Remote Manager refers to the Digi machine-to-machine cloud-based network operating
platform.
n
Device Management refers to a web based device management application that allows a user
to manage their inventory of devices.
n
Remote Manager-registered device is Digi device that connects to the Remote Manager platform
which implements the EDP protocol in order to establish and maintain this connection.
For more information about Remote Manager, these terms, and how to remotely configure and
manage this device, please visit the Remote Manager product page and see the Remote Manager User
Guide.
Device ID requirement for the Digi device
When configuring a Digi device to be a Remote Manager-registered device, you must create a Device
ID for the Digi device. The Device ID allows the Digi device to communicate with Remote Manager.
By default, the Device ID is created from the MAC address of the device. The default setting is the
recommended setting for the Device ID. You can configure the Device ID from the Configuration >
System > Device Identity Settings page on the Digi device's web interface. See System Configuration
for more information.
After you configure the device’s Device ID, you must sign in to Remote Manager and configure the
settings on the following pages:
n Connection Settings
n
Short Messaging
n
Advanced Settings
Connection settings
The Connection settings configure how the Remote Manager-registered device connects to Remote
Manager. These settings allow the Remote Manager-registered device and Remote Manager to
communicates with each other.
About Remote Manager connections
You can choose how your Remote Manager-registered device connects to and communicates with
Remote Manager: through a device-initiated Remote Manager connection or a (device-initiated) timed
connection.If you enable Short Message Service (SMS) capabilities on your Remote Managerregistered device, a device-initiated connection may be requested through a paged connection. To
illustrate how these types of connections work, the following image shows a configuration scenario
featuring Remote Manager-registered devices communicating over a cellular network.
Digi ConnectPort X Family
169
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
You can specify addresses for Remote Manager-registered devices that are publicly known, or private
and dynamic, or handled through Network Address Translation (NAT). NAT reduces the need for a
large amount of publicly known IP addresses by creating a separation between publicly known and
privately known IP addresses. NAT allows a single device, such as a router, to act as an agent
between a public network, such as the Internet or a wireless network, and a private, or local,
network. This means that only one unique IP address is needed to represent an entire group of
computers. Addresses handled through NAT can access the rest of “the world,” but “the world”
cannot access them.
In a device-initiated Remote Manager connection, the Remote Manager-registered device connects to
the network, and tries to establish a connection to Remote Manager. To maintain the connection, the
Remote Manager-registered device sends keep-alive messages over the connection. You can configure
the frequency in which keep-alive messages are sent. You can use device—initiated Remote Manager
connections in any cellular network, whether using public or private IP addresses, or even if using NAT.
Note that your cellular/mobile provider may charge you, depending on your cellular/mobile service
plan, when the Remote Manager-registered device sends keep-alives messages.
A server-initiated Remote Manager connection works the opposite way. Remote Manager opens a TCP
connection, and the Remote Manager-registered device must be listening for the connection from
Remote Manager to occur. An advantage of server-initiated Remote Manager connections is that you
are not charged for sending the keep-alive bytes that are used in device-initiated connections. A
disadvantage is that there is no way of knowing whether the devices displayed in the Remote
Manager-registered device list are offline or connected. The device list shows all the devices as
disconnected until Remote Manager does something to interact with them. In addition, you cannot
use Remote Manager connections for devices that use private IP addresses and are behind a NAT.
(Server-initiated connections are not supported.)
A timed connection is another form of a device-initiated connection. For a timed connection, the
Remote Manager-registered device tries to connect to the Remote Manager Server at a configured,
regular interval (period). If a connection to an Remote Manager Server is already established, the
timed connection will not be attempted. The next attempt for a timed connection will occur at the
next scheduled interval.
A paged connection is another form of a device-initiated connection. An on-demand request, such as a
Short Message (SM) received via a cellular modem from a mobile service provider, initiates this type of
connection. The request message may specify the Remote Manager platform with which the Remote
Manager-registered device should connect, or it may simply request that the device connect to the
Remote Manager platform configured in the Paged Remote Manager Connection settings. Paged
Remote Manager Connections require both the global SMS configuration (Configuration > Mobile >
Short Message Service Settings > Enable cellular Short Message Service (SMS) capabilities to be
enabled, and the Configuration > Remote Manager > Short Messaging > Remote Manager SMS
Settings > Enable Remote Manager SMS settings, along with the current Phone Number and Service
ID settings.
Digi ConnectPort X Family
170
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Device IP address updates
Changes to the IP address for an Remote Manager-registered device present a challenge in Remote
Manager server-initiated connections, because Remote Manager needs to locate the Remote
Manager-registered device by its new IP address. Remote Manager devices handle address changes
by sending a device IP address update to Remote Manager. An IP address update permits Remote
Manager to connect to the Remote Manager-registered device, or to dynamically update a DNS with
the IP address of the Remote Manager-registered device.
Device-Initiated Remote Manager Connection settings
n Enable Device-Initiated Remote Manager Connection: When enabled, the Remote Managerregistered device initiates the connection to the Remote Manager.
n
Remote Manager Server Address: The IP address or hostname of the Remote Manager
platform.
n
Automatically reconnect to Remote Manager after being disconnected
Reconnect after: When enabled, the Remote Manager-registered device automatically
reconnects to Remote Manager after being disconnected and waiting for the specified amount
of time.
Server-Initiated Remote Manager Connection settings
Enable Server-Initiated Remote Manager Connection: Configures the connection to the Remote
Manager server to be initiated by Remote Manager.
Enable Device IP Address updates to the following server: Enables or disables a connection to
Remote Manager to inform Remote Manager of the IP address of the Remote Manager-registered
device, known as a device IP address update. This permits Remote Manager to connect back to the
Remote Manager-registered device, or to dynamically update a DNS with the IP address of the
Remote Manager-registered device.
Remote Manager Server Address: The IP address or hostname of the Remote Manager platform.
Retry if the IP address update fails:
Retry after: These options specify whether another IP address update attempt should be made after
a previous attempt failed, and how often the retry attempts should occur.
Timed Remote Manager connection
n Enable Timed Remote Manager Connection: When enabled, this Digi device initiates the
connection to the Remote Manager Server at the configured interval (period). A timed
connection defers to (will not disrupt) an established Remote Manager connection. If a timed
connection defers to an existing Remote Manager connection, or if the Digi device server
cannot successfully establish the timed connection, the Digi device server will try again at the
next interval.
n
Remote Manager Server Address: The IP address or hostname of the Remote Manager
Server.
n
Connect every: H hrs M mins: The interval (period) in hours and minutes in which the Digi
device server attempts a timed connection to the specified Remote Manager Server.
Digi ConnectPort X Family
171
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
After boot, wait before first timed connection: When the Digi device server boots (starts
up), you may observe a delay before the first timed connection is attempted. Choose one of the
following options on how to handle the delay:
l
Immediate: Attempt first timed connection immediately.
l
One Interval: Attempt the first timed connection after one configured interval (period) has
elapsed.
l
Random Delay: Attempt the first timed connection after a random interval of time
between zero (immediate) and the configured interval (period). Choose this option when
you have a number of Digi device deployed in a single location and you want to distribute
the first Remote Manager timed connection attempt for each Digi device over time when
power is restored after an outage.
Paged Remote Manager Connection settings
n
Enable Paged Remote Manager Connection: When enabled, the Remote Manager-registered
device initiates a paged connection to Remote Manager when requested to do so from an
external communication, such as a Short Message received via a mobile service provider. The
external communication may specify the Remote Manager platform with which the Remote
Manager-registered device should connect, or it may simply request that the Remote Managerregistered device connect to the Remote Manager platform that is configured in the
Paged Remote Manager Connection settings.
Paged Remote Manager connections provide emergency access to your Remote Managerregistered device that directs it to connect to Remote Manager so that you can perform
management or application operations.
You can configure a paged Remote Manager connection to disconnect an established
connection to Remote Manager and establish a connection to the Paged Remote Manager
connection, or you can configure it to defer to an established Remote Manager connection.
If you do not enable paged Remote Manager connections, the Remote Manager-registered
device refuses to receive paged connection requests via external communication. This setting
fully controls whether or not paged Remote Manager connections are allowed.
n
Remote Manager Server Address: The IP address or hostname of the Remote Manager
platform. For a paged Remote Manager connection, you do not have to provide the Remote
Manager address in the configuration settings. You can specify the Remote Manager address in
the external communication that requests the paged connection. The external communication
can override this configuration option with its own Remote Manager address selection. This
allows you to use a paged Device connection to support emergency Remote Manager device
management.
Digi ConnectPort X Family
172
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Disconnect the current Remote Manager connection before making a paged connection:
When enabled, the Remote Manager-registered device terminates an established connection
to Remote Manager, and then it connects to the Remote Manager platform specified in the
Paged Remote Manager Connection settings or specified in the external communication (such
as a Short Message). The external communication can disconnect an established Remote
Manager connection, thereby overriding this configuration option. This allows you to use a
paged Device connection to support emergency Remote Manager device management.
Short Messaging/Remote Manager SMS settings
Use the Remote Manager SMS Settings page to configure the Remote Manager-registered device to
be managed by Remote Manager via Short Message Service (SMS) messages.
For these Remote Manager SMS settings to work, you must enable the global SMS settings under
Mobile SMS settings. See Global SMS settings.
n Enable Remote Manager SMS: Select this option to enable Remote Manager SMS support.
n
Phone Number: The phone number or short code of the Remote Manager platform. For more
information about the Remote Manager SMS Phone Number and Service ID fields, contact your
Digi sales Representative, or use the Remote Manager Provision command.
n
Service Identifier: The Service Identifier (prefix) for Remote Manager. This field is an optional
setting that you can use when you are using a shared short code. Redirecting the message to a
specific service under that short code requires an identifier (prefix).
n
Adjust Device SMS Settings to Remote Manager recommended values: This setting applies
several Global SMS configuration options (as described in Global SMS settings) that are
required by the Remote Manager SMS feature.
n
Restrict Sender: Only process inbound messages for Remote Manager from the number
specified in the Phone Number setting. Messages from other phone numbers will be passed
on to other SMS Services on the device.
Advanced Remote Manager settings
The default settings for Remote Manager remote management work for most situations. The
advanced settings allow you to configure the idle timeout for the connection between the Remote
Manager-registered device and Remote Manager, and the keep-alive settings of the various interfaces
(TCP and HTTP for mobile and Ethernet network connections). You should only change the advanced
settings when the defaults do not properly work.
Digi ConnectPort X Family
173
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Connection Settings: These settings configure the idle timeout for the connection between
the Remote Manager-registered device and Remote Manager.
l
Disconnect when the Remote Manager Connection is idle
Idle Timeout: Enables or disables the idle timeout for the connection. When enabled, an
idle connection ends after the amount of time specified in the Idle Timeout setting.
l
Authenticate to Remote Manager with a password
Password: These fields are only applicable when your Remote Manager account was
configured to expect a password from the Remote Manager-registered device. Typically,
you can set this option through Remote Manager, since you need to configure the Remote
Manager-registered device and Remote Manager identically.
Digi ConnectPort X Family
174
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Mobile (Cellular) Settings
Ethernet Settings
WiFi Settings: These settings apply to device-initiated Remote Manager connections over
mobile/cellular, Ethernet, and Wi-Fi networks. Each network type has these settings:
l
Remote Manager Connection Keep-Alive settings: These settings control how often to
send keep-alive packets over the device-initiated connection to Remote Manager, and
whether the Remote Manager-registered device waits before dropping the connection.
Keep-alives for the Remote Manager connection serve three basic purposes:
o
Keep the Remote Manager connection alive through network infrastructure such as
routers, NATs and firewalls.
o
Inform the other (remote) side of the Remote Manager connection that its peer is still
active.
o
Test the Remote Manager connection to detect whether it has stopped responding and
should be abandoned. Recovery actions are taken as configured in other settings.
The Remote Manager-registered device and Remote Manager each perform their own
independent monitoring of the Remote Manager connection state (active, idle and missed
keep-alives). If Remote Manager protocol messages or data other than keep-alives is
exchanged over the Remote Manager connection, the idle timers that trigger keep-alives
are reset, and the consecutive missed keep-alive counts are cleared to zero.
The interval settings are used with the Assume connection is lost after n timeouts setting
to signal when the connection has been lost.
l
Device Send Interval: Specifies how frequently the device sends a keep-alive packet to
Remote Manager if the Remote Manager connection is idle. Remote Manager expects to
receive either Remote Manager protocol messages or keep-alive packets from the device
at this interval.
l
Server Send Interval: Specifies how frequently the Remote Manager-registered device
sends a keep-alive packet to Remote Manager if the Remote Manager connection is idle.
Remote Manager expects to receive either Remote Manager protocol messages or keepalive packets from the Remote Manager-registered device at this interval.
Important Digi recommends that you set this interval value as long as your application can
tolerate to reduce the amount of data traffic.
l
Assume the connection is lost after n timeouts (Wait Count): After the number of
consecutive expected keep-alives specified by this setting are missed according to the
configured intervals, the connection is considered lost and is closed by the device and
Remote Manager.
Digi ConnectPort X Family
175
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Connection Method: Specifies the method by which the associated interface connects to
Remote Manager.
l
TCP: Connect using TCP. This is the default connection method, and is typically good
enough for most connections. It is the most efficient method for connecting to Remote
Manager in terms of speed and transmitted data bytes.
l
Automatic: Automatically detect the connection method. This connection method is less
efficient than TCP, but it is useful in situations where a firewall or proxy may prevent direct
connection via TCP. This option tries each connection option until a connection is made.
This connection method requires that you specify HTTP over Proxy Settings.
l
None: This value has the same effect as selecting TCP.
l
HTTP: Connect using HTTP.
l
HTTP over Proxy: Connect using HTTP.
l
HTTP over Proxy Settings: The settings required to communicate over a proxy network
using HTTP. These settings apply when you select when Automatic or HTTP over Proxy
connection methods.
l
Hostname: The name of the proxy host.
l
TCP Port: The network port number for the TCP network service on the proxy host.
l
Username:
Password: The user name and password used to sign in to the proxy host.
l
Enable persistent proxy connections: Specifies whether the Remote Manager-registered
device should use HTTP persistent connections. Not all HTTP proxies correctly handle HTTP
persistent connections. Using persistent connections can improve performance when
exchanging messages between the Remote Manager-registered device and Remote
Manager using the HTTP/proxy connection. You can reuse the same HTTP connection for
multiple consecutive HTTP requests and replies, eliminating the overhead of establishing a
new TCP connection for each individual HTTP request/reply, then closing that connection
when the request is complete.
Configure a Remote Manager-registered device to connect to Remote Manager
To manually configure the Device Management service for your Remote Manager-registered device to
connect to Remote Manager:
1. Open the web interface.
2. Select Configuration > Remote Manager.
3. On the Remote Manager Configuration settings page, type the URL of the Remote
Manager platform. For example, type remotemanager.digi.com in the Remote Manager
Server Address field under Device -Initiated Management Connection.
4. Select the
Automatically reconnect to Remote Manager after being disconnected check box.
5. Click Apply.
Digi ConnectPort X Family
176
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Manage alarms through Remote Manager
You can configure the alarms sent to Remote Manager. You can also view and manage alarms from
the Remote Manager interface. See Alarms Configuration for more information.
Users
User settings involve several areas:
n User authentication: Whether authentication is required for users accessing the Digi
ConnectPort X device and the information required to access it. You specify whether the user
authentication is a user name and password or an SSH public key. Depending on the Digi
device, you can define multiple users and their authentication information. User authentication
settings are on the Users settings page.
n
User access settings: Device interfaces that a user can access, such as the command line or
web interface.
n
User permissions settings: Permissions a user has for accessing and configuring the device.
n
Network configuration settings to further secure your device: Digi devices with cellular
capability present additional security considerations, mainly involving securing the border
between the Digi device and the cellular network. Several settings on the Network
Configuration pages are available to further secure the Digi ConnectPort X product. For
example, you can disable unused network services on the Network Services page. On the IP
Filtering page, you can allow access from a specified devices and networks, and drop all other
connection attempts.
About user models and user permissions
For Digi devices that have a one-user model:
n The default name for user 1 is root. This user is also known as the administrative user.
n
User 1 has permissions that enables it to do all commands. You cannot change these
permissions.
The Digi ConnectPort X Family products provides the following user models:
n Two-user model
n
More than two-user model
To determine which user model to implement:
In the web interface, if the menu includes Users, the Digi Connect device uses either the two-user
model or the more than two users model.
In the command-line interface, issue a show user or set user command. In the command output, note
how many user IDs are defined: one, two, or more than two. Or, issue a set user ? command and note
the range for the id=range option. If the id=range is not listed, there is only one user. Otherwise, the
range for user IDs appears. These commands are described in the Digi Connect® Family Command
Reference.
Two-user model
n User 1 has a default name of root. This user is also known as the administrative user.
n
User 1 has default permissions that enables it to issue all commands.
n
You can change permissions for User 1 to be less than the default root permissions.
Digi ConnectPort X Family
177
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
n
User 2 is undefined. That is, the user does not exist by default, but you can define User 2.
n
Use the User Permissions settings in the web interface or the set permissions command in
the command-line interface (see the Digi Connect® Family Command Reference for command
description) to configure the permissions for User 2.
n
You can change permissions for User 2 to be either greater than or less than its default.
More-than-two-user model
User definitions are exactly the same as the two-user model, with the addition of user groups and
more users. The set group command defines user groups; see the Digi Connect® Family Command
Reference for command description. Currently, there is no web interface page for defining user groups.
Password authentication
By default, password authentication is enabled for Digi ConnectPort X Family devices. When you
access the Digi device by opening the web interface or issuing a telnet command, a login prompt
appears. The default user name is root and the unique default password is printed on the device label.
If the password is not on the device label, the default password is dbps. If neither of the defaults
work, the password may have been updated. Contact your system administrator.
Enable password authentication
To enable password authentication from the web interface:
1. Select Configuration > Security.
2. On the Security Configuration page, select the Enable password authentication check box.
3. Type the new password in the New Password and Confirm Password edit boxes.
4. Click Apply.
5. A prompt appears to immediately log back in to the web interface using the new values.
To enable password authentication for a Digi device that uses the one-user model from the command
line:
n Issue a newpass command with a password length of one or more characters.
Disable password authentication
You can disable password authentication as needed.
To change a password from the web interface:
1. Select Configuration > Users.
2. On the Users Configuration page, select the Enable password authentication check box.
3. Click Apply.
To change a password from the command line:
n Issue a newpass command with a zero-length password.
Change the password for an administrative user
To increase security, change the administrative user's password from its default. The default
administrative password is root.
Note Record the new password. If you lose this password, you must reset the Digi ConnectPort X
Family product to the default firmware settings.
Digi ConnectPort X Family
178
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
In Digi device with a single-user model, changing the root password also changes the password for
ADDP. In Digi device with the multi-user model, changing the root password has no effect on ADDP. To
change the ADDP password, type newpass name=addp from the command line.
To change the administrative password from the web interface:
1. Select Configuration > Security.
2. Select the Enable password authentication check box.
3. Type the new password in the New Password and Confirm Password fields. You can specify a
case-sensitive password from 4 to 16 characters long.
4. Click Apply. You are immediately logged off. Sign in to the web interface using the new values.
5. Sign in to the web interface using the administrative password.
To change the administrative password from the command line:
n Issue a newpass command.
Upload and SSH public key
You can configure SSH to sign in to servers without having to provide a password. This is called “public
key authentication” and is more secure than using a normal password.
You can generate a public/private key using a program called ssh-keygen, and store a copy of the
public key on the server(s) that you wish to use for authentication. When you sign in, the server sends
you a message encrypted with your public key. Your machine decrypts it and sends back the original
message, proving your identity.
To upload an SSH public key:
1. On the Main menu, click Security.
2. On the Security Configuration page, select the Enable SSH public key authentication
check box.
3. Type or paste the SSH public key in the edit box.
4. Click Apply.
Add a user
Digi ConnectPort X Family devices allow you to define multiple users. For those products, the Users
Configuration page shows the currently defined users and allows you to add users.
To add a user:
1. Select Configuration > Users.
2. Click New user.
3. On the Add New User page, complete the user authentication fields.
n
User Name: The user's login name.
n
New Password/Confirm Password: The user's login password. The password is casesensitive and must be 4 to 16 characters long.
4. Click Apply. The changes take effect immediately. No logout/login is necessary.
Change user access settings
For Digi ConnectPort X products with the two-user or more-than-two-users model, you can configure
user access to the device interfaces. For example, the administrative user can access both the
command line and web interface, but you can restrict other users to the web interface only.
Digi ConnectPort X Family
179
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
CAUTION! Take care in changing access settings. If you sign in as the administrative
user and disable the web interface, you will not be able to sign in to the Digi ConnectPort
X device on your next attempt, and there is no way to raise your user permissions to
enable the web interface again. You must reset the device to factory defaults to enable
the web interface access.
To set access settings:
1. Select Configuration > Users.
2. Click a user under User Name.
3. Click User Access.
4. Enable or disable the device interface access as desired:
n
Allow command line access: Enables or disables access to the command line.
n
Allow web interface access: Enables or disables access to the web interface.
5. Click Apply. The changes take effect immediately. No logout/login is necessary.
User permissions settings
Use the User Permissions page to define whether and how users can use services and configuration
settings for the Digi ConnectPort X product. For example, you can disable a user’s access to certain
parts of the web interface, or allow them to display settings only but not change them.
The list of services and the user permissions available for them vary by Digi ConnectPort X product
and the features supported in the product. There are several groups of services, such as Network
Configuration, Serial Configuration, System Configuration, Command Line Applications, and System
Administration, with user permissions for various features.
User permissions and effects
Permission Setting
Effect
None
The user does not have permission to execute this setting.
Read Self
The user can display their own settings, but cannot display settings for
other users.
Read
The user can read the settings for all users, but does not have permission
to modify or write the settings.
Read/Write Self
The user can read and write their own settings, but does not have
permission to modify or write the settings for other users.
Read All/Write Self
The user can read the settings for all users and can modify their own
settings.
Read/Write
The user has full permission to read and write the settings for all users.
Execute
The user has full permission to execute the settings.
Restrictions on setting user permissions
A user cannot set another user's permission level higher than their own permission level, nor can a
user raise their own permission level.
Digi ConnectPort X Family
180
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Set user permissions
To set user permissions, choose one of the following options:
n
Set user permissions from the web interface:
1. Select Configuration > Users.
2. Click a user under User Name.
3. Click User Permissions.
4. A list of feature groupings and the user permissions for them appears. Customize these
settings as needed.
5. Click Apply.
n
Set user permissions from the command-line interface:
Use the set permissions command to set permissions from the command-line interface. See
the Digi Connect® Family Command Reference for the command description.
Control user access
This section provides information about additional methods for controlling user access.
Disable unused and non-secure network services
Depending on your mobile service provider, other users can access your Digi ConnectPort X Family
product over the Internet, through various network services enabled on your Digi ConnectPort X
Family product. To further secure the Digi ConnectPort X Family product, you can disable network
services that are not required for the Digi device. You can disable non-secure or un-encrypted network
services such as Telnet. See Network Services Settings.
Use IP filtering
You can restrict your Digi device on the network by only allowing certain devices or networks to
connect to it. This is known as IP filtering or Access Control Lists (ACL). IP filtering allows you to
configures a Digi device to accept connections from specific and known IP addresses or networks only,
and silently drop other connections. You can filter the Digi devices on a single IP address or restricted
as a group of Digi devices using a subnet mask that only allows specific networks to access to the Digi
device. IP Filtering settings are a part of the Network configuration settings. See IP filtering settings.
Important Plan and review your IP filtering settings before applying them. If you apply the settings
incorrectly the Digi device will be inaccessible from the network.
Use the Network Port Scan Cloaking feature
The Network Port Scan Cloaking feature allows you to configure this Digi device to ignore (discard)
received packets for services that are hidden or not enabled and network ports that are not open. You
can use this feature to protect your Digi device from malicious software or denial of service attacks.
For more information, see Network Port Scan Cloaking.
Position and GPS support
Certain Digi devices have native GPS support with a geofence application. There are two groups of
position settings. Static position settings define the latitude and longitude coordinates for the Digi
device. GPS geofence settings define perimeters around a point. If the Digi device moves into, out of,
or is outside of the perimeter is reported to the Digi device’s event log, an SNMP server, or reported
via e-mail. You must configure a supported GPS receiver use by the Digi device.
Digi ConnectPort X Family
181
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
A GPS drive allows GPS data to be read from devices providing an NMEA-0183-compliant serial stream
via serial or USB. Python, the web interface, command line, Remote Manager, and the geofencing
application can use this data.
Static position settings
The static position settings define latitude and longitude coordinates for the Digi device. You can query
these parameters with the RCI protocol and applications, such as the Remote Manager, can use this
information.
n Latitude: The static latitude of the device, in degrees (-90.0 - 90.0).
n
Longitude: The static longitude of the device, in degrees (-180.0 - 180.0).
Geofence settings
You can define up to 16 geofences. To add a geofence, click the Add button. The configuration settings
for the geofence appear.
General settings
n Name: A name to reference this geofence. This name will appear in the event log, SNMP trap,
and/or e-mail report.
n
Latitude: Latitude of the center of the geofence, in degrees (-90.0 - 90.0).
n
Longitude: Longitude of the center of the geofence, in degrees (-180.0 - 180.0).
n
Maximum HDOP: This is the maximum tolerated horizontal dilution of precision that is allowed
for reporting a geofence event. When the reported HDOP is greater than this value, fence
event log reports, SNMP traps, and e-mail reports will not be sent. HDOP tolerances vary by
receiver.
n
Entry Radius: The entry radius, in meters, is the distance from the center of the fence for
entry. That is, if the device is less than this distance from the defined center, an entry event
has occurred.
n
Exit Radius: The exit radius, in meters, is the distance from the center of the fence for exit.
That is, if the device is more than this distance from the defined center, an exit event has
occurred. This is also the distance used to determine if the device is outside of the fence for
update events.
n
Location Update Interval: The location update interval, in seconds, specifies the amount of
time to wait between reporting that the device is outside of the geofence. This applies to event
log, SNMP, and e-mail reports.
Email settings
n Notify on Fence Entry: An email will be sent to the defined recipients via the configured SMTP
servers when the device has entered the geofence defined by the geofence center and entry
radius.
n
Notify on Fence Exit: An email will be sent to the defined recipients via the configured SMTP
servers when the device has left the geofence defined by the geofence center and exit radius.
Digi ConnectPort X Family
182
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Send Location Update Notifications When Outside Fence: An email will be sent to the
defined recipients via the configured SMTP servers when the device is outside of the geofence
defined by the geofence center, and exit radius. Emails will be sent at the interval defined by
the location update interval parameter.
l
Primary SMTP Server Address: The IPv4 address of the primary SMTP email server.
l
Secondary SMTP Server Address: The IPv4 address of the secondary SMTP email server.
l
Recipient: The email address of the recipient of the geofence report email.
l
CC: Recipient: The email address of the carbon copy (CC:) recipient of the geofence report
email .
n
l
From: The email (return) address of the originator of the geofence report email .
l
Subject: The subject line that will appear on the geofence report email.
l
Priority: The priority of the email . You can specify normal and high priority.
Include Location Data in Body: Selecting this check box indicates that the current location of
the device is included in the geofence email .
l
Body Text: This parameter specifies the body text for the email .
SNMP settings
n Trap on Fence Entry: An SNMP trap will be sent to the defined SNMP servers when device has
entered the geofence defined by the geofence center, and entry radius.
n
Trap on Fence Exit: An SNMP trap will be sent to the defined SNMP servers when the device
has left the geofence defined by the geofence center, and exit radius.
n
Send Location Update Traps When Outside Fence: An SNMP trap will be sent to the defined
SNMP servers when the device is outside of the geofence defined by the geofence center, and
exit radius. SNMP traps will be sent at the interval defined by the location update interval
parameter.
Event log settings
n Send Fence Entry Events to Event Log: A log entry will be written when device has entered
the geofence defined by the geofence center, and entry radius.
n
Send Fence Exit Events to Event Log: A log entry will be written when the device has left the
geofence defined by the geofence center, and exit radius.
n
Send Location Update to the Event Log When Outside of the Fence: A log entry will be
written when the device is outside of the geofence defined by the geofence center, and exit
radius. Log entries will be written at the interval defined by the location update interval
parameter.
Applications pages
Most Digi devices support additional configurable applications. Use the options under Application to
configure applications. The application options vary depending on the Digi device.
Digi ConnectPort X Family
183
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Python: For loading and running custom programs authored in the Python programming
language onto Connect and ConnectPort devices that support Python.
n
Ekahau Client: For Digi Connect wireless devices, configures Ekahau Client™ device-location
software. See Ekahau Client™.
n
RealPort: Configures RealPort settings. See RealPort configuration for more information.
n
Industrial Automation: Configures the Digi device for use in industrial automation
applications.
Python Configuration
If you have a Python-enabled Digi ConnectPort X device, you can manage Python files using the
Application > Python menu options. Python options include:
n Uploading Python program files to the Digi ConnectPort X device
n
Deleting a Python program file from the device
n
Configuring which Python programs to execute when the Digi ConnectPort X device boots (also
known as auto-start programs)
Python Files
The Python Files page allows you to upload and manage Python programs on a Digi ConnectPort X
device.
n Upload Files: Click Choose File to select a file to upload and click Upload.
n
Manage Files: Select any files to remove from the Digi ConnectPort X device and click Delete.
Auto-start settings
Use the Auto-start Settings page to configure Python programs to execute when the Digi
ConnectPort X device boots. You can configure up to four auto-start entries.
n Enable: When selected, the program specified in the Auto-start command line field runs when
the device boots.
n
Auto-start command line: Specify the name of a Python program file to be executed and any
arguments to pass to the program using the following syntax:
filename [arg1 arg2...]
Manually execute uploaded Python programs
To manually execute an uploaded Python program on a Digi ConnectPort X device:
n
Access the Digi device command-line interface and type the following command:
python filename [arg1arg2...]
View and manage Python programs
To view Python threads running on the Digi ConnectPort X device:
n Access the Digi device command-line interface and type the who command.
Digi ConnectPort X Family
184
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Python program management and programming resources
Digi incorporates a Python development environment into Digi ConnectPort X Family devices. Digi
integration of the universal Python programming language allows customers an open standard for
complete control of connections to devices, the manipulation of data, and event-based actions.
Recommended distribution of Python interpreter
The current version of the Python interpreter embedded in Digi devices is 2.4.3. Use modules known
to be compatible with this version of the Python language only.
Digi Python Programmer's Guide
The Digi Python Programmer's Guide introduces the Python programming language by showing how to
create and run a simple Python program. It reviews Python modules, particularly those with Digispecific behavior, and describes how to load and run Python programs onto Digi devices, and run
sample Python programs.
Digi Wiki for Developers
Digi Wiki for Developers is where you can learn how to develop solutions using Digi's communications
products, software and services. The wiki includes how-to's, example code, and M2M information to
speed application development. Digi encourages an active developer community and welcomes your
contributions.
www.digi.com/wiki/developer/index.php/Main_Page
Digi Python Custom Development Environment page
Use Python functions to obtain data from attached and integrated sensors on Digi products that have
embedded XBee RF modules. See the Digi Python wiki for more information.
www.digi.com/wiki/developer/index.php/Python_Wiki
Python support forum on www.digi.com
Find answers to common questions and exchange ideas and examples with other members of the Digi
Python development community at:
www.digi.com/support/forum/categories/python
Device Integration Application (DIA)
The Remote Manager Device Integration Application (DIA) is software that simplifies connecting
devices (for example, sensors or PLCs) to communication gateways. DIA includes a comprehensive
library of plug-ins that work out-of-the-box with common device types and you can extend it to include
new devices. Its unique architecture allows the user to add most devices in under a day.
The DIA architecture provides the core functions of remote device data acquisition, control and
presentation between devices and information platforms. It collects data from any device that can
communicate with a Digi gateway, and is supported over any gateway physical interface. DIA presents
this data to upstream applications in fully customizable formats, significantly reducing a customer’s
time to market.
Written in the Python programming language for use on Digi devices, you can also execute DIA on a
computer for prototyping purposes when a suitable Python interpreter is installed.
DIA is targeted for applications that need to gather samples of data from a set of devices (for
example, ZigBee® sensors, wired industrial equipment, or GPS devices). It is an integral component of
the Remote Manager platform, which customers can deploy with DIA software to build flexible, robust
solutions with unprecedented speed.
Digi ConnectPort X Family
185
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Remote Manager and the device management service
Remote Manager allows for device management and access to device data within Remote Manager.
Designed as an on-demand solution, Remote Manager customers pay only for services consumed,
conserving capital and requiring no infrastructure. Remote Manager feature include:
n Device connector software that simplifies remote device connectivity and integration.
n
Management application (configure, upgrade, monitor, alarm, analyze) for Digi connectivity
products including ZigBee nodes.
n
Application messaging engine with broadcast and receipt notification for application-to device
interaction.
n
Cache and permanent storage options for generation-based storage and ad hoc access to
historical device samples.
n
Application-focused bundles with ready-to-use illustrative applications
You can monitor and manage Digi devices from Remote Manager. For example:
n Displaying detailed state information and statistics about a device, such as device up time,
amount of used and free memory, network settings, XBee network overview and detailed
information on network nodes.
n
Displaying and modifying mobile settings.
n
Monitoring the state of the device’s connection and see a connection report and connection
history statistics.
n
Redirecting devices to a to a different destination.
n
Disconnecting devices.
n
Removing devices from the network.
n
Alarms and Notifications feature that fires an alarm and sends an email notification should a
specified event occur.
To learn more about the Remote Manager and the services it provides, see the Remote Manager User
Guide or go to www.digi.com/products/cloud/digi-remote-manager.
RealPort configuration
Install and configure RealPort software on each computer that uses the RealPort ports on the Digi
device. The RealPort software is available for downloading from the Digi Support site. For complete
information on installing and using RealPort software, see RealPort Installation Guide on the Digi
Support site.
Install RealPort software
To install RealPort software from the Digi Support site:
1. Go to your product's support page:
n
Digi ConnectPort X2
n
Digi ConnectPort X4
n
Digi Connect SP
n
Digi Connect ES
n
Digi ConnectPort TS
Digi ConnectPort X Family
186
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
2. Click the Support tab.
3. Scroll down and click All Support Resources.
4. Under Drivers & Patches, click RealPort Driver.
5. From the options in the list box, select your operating system. A list of available downloads and
release notes for your operating system appears.
6. Click the link for the RealPort zip file and save it to your computer.
7. Extract the files from the RealPort zip file and run the RealPort setup wizard.
RealPort Settings
Use the RealPort Configuration page to configuring the RealPort application. The available settings
are as follows:
n RealPort Settings:
l
Enable Keep-Alives: Enables the sending of RealPort keep-alives. RealPort protocol sends
keep-alive messages approximately every 10 seconds to connected devices indicating the
connection is still alive. RealPort keep-alives are different from TCP keep-alives, which are
done at the TCP layer.
Note that RealPort keep-alives generate additional traffic which may be undesirable in
situations where traffic is measured for billing purposes.
l
Enable Exclusive Mode: Exclusive mode allows a single connection from any one RealPort
client ID. If you enable this setting and a subsequent connection occurs that has the same
source IP as an existing connection, the existing connection is forcibly reset under the
assumption that it is stale.
n
Device Initiated RealPort Settings:
l
Index: An empty list means there are no configured device-initiated RealPort connections.
l
Host or IP Address: The IP address or DNS name of the client to connect to.
l
Port: The network port to connect to on the client. The default port for VNC servers is
8771.
l
Retry Time: The amount of time in seconds to wait before reattempting a failed
connection to the client.
Ekahau Client™
Use the Ekahau Client page to configure Ekahau Client device-location software for a Digi devices
with Wi-Fi capability.
The Ekahau Client feature provides integrated support for Ekahau's Wi-Fi device-location solution,
called the Ekahau Positioning Engine, on the Digi Connect Wi-ME, Digi Connect Wi-EM, and Digi Connect
Wi-SP products. Ekahau offers a complete access point vendor-independent real-time location system
for wireless LAN devices that is capable of pinpointing wireless LAN devices such as the Digi Connect
products, laptops, PDAs, or other intelligent Wi-Fi enabled devices. The solution provides floor-, roomand door-level accuracy of up to 3.5 feet (1 m). The patented Ekahau positioning technology is based
on simple signal-strength calibration maps, and enables customers to fully leverage an existing
wireless LAN infrastructure without any need for proprietary hardware components.
Digi ConnectPort X Family
187
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Visit www.ekahau.com for additional information, including free evaluation licenses for the Ekahau
Positioning Engine and Ekahau Site Survey software products.
Ekahau Client configuration settings include:
n Enable Ekahau Positioning Engine Client™: Enables or disables the Ekahau Positioning
Engine Client feature.
l
Ekahau Server Settings: Configures how the Ekahau Positioning Engine Client
communicates with the server.
l
Server Hostname: The hostname or IP address of the Ekahau Positioning Engine. The
maximum length of this option is 50 characters. The default is 8548.
l
Connection Protocol: Specifies whether to use TCP or UDP as the network transport. The
default is TCP.
l
Server Port: The network port used for communication. In the default Ekahau
configuration, port 8548 uses TCP, and port 8549 uses UDP.
l
Poll Rate: The time in seconds between each scan or wireless access points and
communication with the server. When the Ekahau Client is enabled, every time the Digi
device scans the network it is essentially disassociated with the access point (AP) providing
its network connectivity. In addition, during the time or scanning interval set by the poll
rate, it does not receiving or transmitting wireless packets. This could lead to packet loss.
Set the poll rate as slow as acceptable in the application that uses the Digi device. The
default is five seconds.
l
Password: The password used to authenticate with the server. The maximum length of
this password is 50 characters. The default for Digi and the Ekahau Positioning Engine is
Llama.
Digi ConnectPort X Family
188
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Device Descriptors:
l
Device ID: A numeric identifier for the Digi device, used internally by the Ekahau Positioning
Engine for device tracking over time. Each Digi device located on the network requires a
unique identifier.
l
Device Name: A descriptive name to identify the Digi device to users. The maximum length
of this device name is 50 characters.
Industrial Automation-Modbus-Bridge
Industrial Automation is supported in the following Digi devices:
n ConnectPort X2 (non-Python version) and ConnectPort X4
Currently, from the web interface, it is only possible to select a different port profile than
Industrial Automation, or change the serial port settings, such as baud rate and parity. If changes
are needed from the settings established by the Industrial Automation port profile, use the set ia
command from the command-line interface.
For more information on Industrial Automation, see the set ia command description in the Digi
Connect® Family Command Reference and the application note Remote Cellular TCP/IP Access to Modbus
Ethernet and Serial Devices available on the Digi Support site.
Known limitations
n You can use Digi RealPort only when the Modbus Bridge function is disabled. You cannot use
RealPort with Modbus/RTU or ASCII to access the Modbus Bridge function.
n
The outgoing slave idle time used for remote Modbus IP-based slaves does not always close
idle sockets predictably.
n
While the Modbus bridge is active, do not attempt to “Port Forward” TCP 502 or UDP 502 to
local Modbus/TCP servers while the Modbus Bridge is active. This causes neither function to
work. Disable the Modbus Bridge if you want traditional Router/NAT function for Modbus/TCP
port 502.
Enable or disable Modbus Bridge
To enable or disable Modbus Bridge, choose one of the following options:
n To disable the Modbus Bridge, select a different port profile than Industrial Automation.
n
To enable Modbus Bridge, reselect the Industrial Automation port profile.
Note Any specialized settings configured using the set ia commands are lost when you disable
the Modbus bridge. You must reconfigure these settings when you re-enable the Industrial
Automation port profile.
PPP (Point-to-Point Protocol)
PPP (Point-to-Point Protocol) provides TCP/IP communication over a modem connected to a serial
port on your Digi ConnectPort X server. PPP allows you to connect a device to a network using a
telephone line and the device has access to the resources of the network as if it were directly
connected to the network. Use the PPP (Point-to-Point Protocol) page to connect incoming clients or
serial devices to an external network using modems and telephony to maintain the connection.
Digi ConnectPort X Family
189
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Basic PPP Settings
Use Basic PPP Settings to configure the most commonly used settings for incoming and outgoing PPP
connections. You should configure these settings before creating any incoming or outgoing
connections.
You can use Basic PPP Settings to enable or disable the Dynamic IP Address Pool. The Dynamic IP
Address Pool is a set of reserved IP addresses unique to the network that are assigned to the
incoming connections. You can set the first IP address to use and the number of sequential addresses
(plus one) to be reserved for assignment.
Configure basic PPP settings
To automatically assign an IP address for an incoming PPP client:
1. Select Application > PPP.
2. Click Basic PPP Settings.
3. Select Enable Dynamic IP Address Pool for Incoming Connections.
4. Type the IP address for the incoming PPP client in the First IP Address field.
5. Type the number of addresses in the Number of Addresses field.
Digi ConnectPort X Family
190
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
6. Incoming PPP Connections: Use this section to make and maintain rules for incoming PPP
connections. To make a new rule for incoming PPP connections.
a. Click New connection.
b. On the Serial Port section of the Incoming connection page, select the serial ports
for this connection rule.
c. On the Authentication Configuration section, type the User Name and Password
to use for PPP authentication such as NONE/PAP/CHAP/BOTH.
Note To use the Local authentication method for serial port authentication, you
must enter the User Name and Password of an existing system user.
If you are going to use the None method for serial port authentication, you can add
any user, including users not in the local database of system users, and you can
select a user name from the PPP User menu on the Authentication page of the
serial port.
d. Select the authentication method from one of following methods:
NONE: The remote user does not require PPP authentication.
PAP: Password Authentication Protocol (PAP) authentication is
required.
CHAP: Challenge Handshake Authentication Protocol (CHAP)
authentication is required.
BOTH: Both CHAP and PAP authentication are required.
e. In the Peer Configuration section, select one of the following options for assigning
the IP address of the incoming PPP client:
Automatically assign remote IP address from IP address pool: If
you select this option, the IP address for the incoming PPP client will
be automatically assigned from the IP address pool set on the Basic
PPP Settings page.
Allow remote peer to specify remote IP address: If you select this
option, the incoming PPP client will specify the IP address used for
the PPP connection.
Assign static remote IP address: If you select this option, the IP
address for incoming PPP client will be assigned as specified by the
Remote IP address.
Digi ConnectPort X Family
191
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
f. In the Peer Configuration section, select Allow client access to local network
via PPP connection if you want the incoming PPP client to be able to access the
Digi ConnectPort X or other devices on the network through the Digi ConnectPort X
Family PPP interface. Once you enable this option, you can select one of the
following options for assigning the IP address of the local PPP interface:
Automatically assign local IP address from IP address pool: The
IP address for the local PPP interface is automatically assigned from
the IP address pool set on the Basic PPP Settings page.
Assign static local IP address: The IP address for the local PPP
interface is assigned as specified by the local IP address.
g. In the Advanced Configuration section, select Enable idle timeout if you want to
close the PPP connection when there is no activity from the incoming PPP client
during the time specified by Timeout.
7. Advanced PPP Settings: If you want the incoming PPP client to be able to access the local
network where the Digi ConnectPort X is connected, select the Process ARP Requests (Proxy
ARP) option.
Note Use Advanced PPP Settings when IP addresses assigned to the PPP link are on the
same local network subnet as the local LAN.
Incoming PPP Connections
Incoming PPP connections are connections where you can dial in to the Digi ConnectPort X device. You
can connect to the Digi ConnectPort X device using a modem to dial the phone number of the modem
connected to the serial port. For example, you can use a modem to access the network associated
with the Digi device server or use modems to create a network bridge by connecting two separate
networks.
Digi ConnectPort X Family
192
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Authentication Configuration:
l
User Name: Specifies the user name for this connection. The user provides the user name
and password when connecting to the device. This user name must be unique to the device
so that no other incoming PPP connection, outgoing PPP connection, or system user uses
it.
l
Password/Confirm Password: Specifies the password for this connection. This is the
password that the user specifies when connecting and logging into the device.
l
Authentication: Specifies the type of authentication required by this PPP connection. You
must supply the same type of authentication for your dial-up connection as specified here
in order to successfully connect.
NONE: No authentication is required. This is the recommended default for authentication.
CHAP: CHAP (Challenge Handshake Authentication Protocol) provides secure encrypted
authentication. CHAP periodically verifies the identity of the peer using a 3-way handshake.
This is done upon initial link establishment and may be repeated anytime after the link has
been established. (See RFC 1334 for further details.) CHAP authentication will work
between two Digi ConnectPort X devices.
Note Digi ConnectPort X does not support MS-CHAP (Microsoft specific implementation of
CHAP).
PAP: Many ISPs and corporate PPP servers use PAP (Password Authentication Protocol).
PAP provides a simple method for the peer to establish its identity using a 2-way
handshake. This is done only upon link establishment. (See RFC 1334 for further details.)
BOTH: CHAP authentication will work between two Digi ConnectPort X products. CHAP will
be negotiated to PAP for all other connections.
Digi ConnectPort X Family
193
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Peer Configuration: Specifies how to assign the remote IP address that is supplied to the
client.
l
Automatically assign remote IP address from IP address pool: Automatically assigns
the remote IP address with a unique address from the IP address pool (as configured in
Basic PPP Settings). The assigned address will not conflict with any other PPP connection
using the Dynamic IP Address Pool.
Note The Dynamic IP Address Pool must be enabled.
l
Allow remote peer to specify remote IP address: The remote peer automatically assigns
the remote IP address.
l
Assign static remote IP address: Assigns the IP address entered in the Remote IP
Address field to the remote IP address. This connection will always be assigned this same
IP address. Use this option if the client needs to have the same IP address if it is running as
a server.
l
Remote IP Address: Specifies the static remote IP address.
l
Allow client access to local network via PPP connection: Specifies whether the remote
client should have access to the local Ethernet network when they dial in to the PPP
connection. This option requires the Digi ConnectPort X device to have a unique local IP
address for each PPP connection to handle the routing between the PPP connection and
the local network.
l
Automatically assign local IP address from IP address pool: Automatically assigns the
local IP address with a unique address from the IP address pool (as configured in Basic PPP
Settings). The assigned address will not conflict with any other PPP connection using the
Dynamic IP Address Pool.
Note The Dynamic IP Address Pool must be enabled.
l
Assign static local IP address: Assigns the IP address entered in the Local IP
Address field to the local IP address. This connection will always be assigned this same IP
address. Use this option if the client needs to have the same IP address if it is running as a
server.
l
Local IP Address: Specifies the local IP address to use for the PPP connection. This IP
address must be unique on the network and must not be the same as the remote IP
address or any address in the Dynamic IP Address Pool. Digi recommends that this address
should reside on a different subnet than the Ethernet IP address.
Digi ConnectPort X Family
194
�Using the Digi ConnectPort X Family web interface
n
Configure the device using the web interface
Advanced configuration: Specifies how to assign the remote IP address supplied to the client.
Enable Idle Timeout: When selected, enables idle timeout for this connection. The idle time is
the elapsed time after receiving the last byte from this connection. If you clear this check box,
the connection can remain idle for any amount of time. If you select this check box, the
connection closes after the connection has been idle for specified number of seconds in the
Timeout field.
n
Timeout: The maximum allowed time (in seconds) a connection can remain idle before it is
closed.
Configure incoming PPP connections
To configure the rules for incoming PPP connections:
1. Select Application > PPP.
2. Click Incoming PPP Connections.
3. Choose one of the following options:
n
To create a new rule, click New Connection.
n
To modify an existing rule, click a user name under the Username column.
4. Under Serial Ports, select the serial ports to which you want the connection rule to apply.
5. Under Authentication Configuration, complete the following fields:
n
User Name: Type the user name.
n
Password/Confirm Password: Type the password.
n
Associate with "ANYBODY": Enable when you want the user name and password
associated with any PPP user.
n
Authentication: Choose one of the following authentication methods:
l
NONE: The remote user does not require PPP authentication.
l
CHAP: Challenge Handshake Authentication Protocol (CHAP) authentication is
required.
l
PAP: Password Authentication Protocol (PAP) authentication is required.
l
BOTH: Both CHAP and PAP authentication are required.
PPP authentication uses this information.
Note To use the Local authentication method for serial port authentication, you need to enter
the user name and password of an existing system user. If not, the PPP connection will fail
because you cannot specify a PPP user on the Authentication page of the serial port
separately.
If you choose the None authentication method for serial port authentication, you can add any
user even if the user is not in the local database as a system user; you can select a user name
from the PPP User menu on the Authentication page for the serial port.
Digi ConnectPort X Family
195
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
6. Under Peer Configuration, select one of the following options for assigning the IP address of
an incoming PPP client:
n
Automatically assign remote IP address from IP address pool: Select this option if
you want to automatically assign the IP address for the incoming PPP client from the IP
address pool set on the Basic PPP Settings page. If you want the IP address to be
assigned dynamically, you must first configure a pool of IP addresses on the Basic PPP
Settings page. See Basic PPP Settings for more information.
n
Allow remote peer to specify remote IP address: Select this option if you want the
incoming PPP client to specify the IP address to use for the PPP connection.
n
Assign static remote IP address: Select this option if you want to assign the IP
address for incoming PPP client as specified by the Remote IP address.
7. Under Peer Configuration, select Allow client access to local network via PPP connection
if you want the incoming PPP client to access the Digi ConnectPort X or other devices on the
network through the Digi ConnectPort X PPP interface. If you enable this option, select one of
the following options for assigning the IP address of the local PPP interface.
n
Automatically assign local IP address from IP address pool: Automatically assign
the IP address for the local PPP interface from the IP address pool set on the Basic PPP
Settings page. If you choose this option, type the IP address in the Remote IP Address
field.
n
Assign static local IP address: Assign the IP address for the local PPP interface is as
specified in the Local IP Address field. If you choose this option, type the IP address in
the Local IP Address field.
8. Under Advanced Configuration, select Enable idle timeout if you want to close the PPP
connection when there is no activity from the incoming PPP client after a specified number of
seconds and type the number of seconds in the Timeout secs field.
Setting up incoming PPP connections
To correctly configure the settings for incoming PPP connections:
1. Select Application > PPP.
2. Configure the PPP settings.
3. Select Configuration > Serial Ports.
4. Configure the serial port settings.
Outgoing PPP Connections
Use Outgoing PPP Connections to configure outgoing PPP connections.
The Digi ConnectPort X device uses the outgoing PPP connections to connect to an external modem
or ISP. Outgoing PPP connections typically automatically connect the Digi device server to an external
modem or ISP network when the main Ethernet network goes down. This allows the device to
continue communication on the network or allow connections from the network when the main
Ethernet network is down.
Digi ConnectPort X Family
196
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
n
Username: The username for this connection.
n
Phone Number 1: The phone number used to connect to the remote system.
n
Phone Number 2: Alternate phone number used to connect to the remote system.
n
Action: Lists the available actions per user. The Remove action allows you to remove the user.
Configure outgoing PPP connections
To create or modify the rules for outgoing PPP connections:
1. Select Application > PPP.
2. Click Outgoing PPP Connections.
3. Choose one of the following options:
n
To create a new rule, click New Connection.
n
To modify an existing rule, click a user name under the Username column.
4. Under Serial Ports, select the serial ports to which you want the connection rule to apply.
5. Under Authentication Configuration, complete the following fields:
n
User Name: Type the user name.
n
Password/Confirm Password: Type the password.
n
Phone Number 1: Specifies the phone number used to connect to the remote system.
n
Phone Number 2: Specifies the alternate phone number used to connect to the remote
system.
n
Authentication: Choose one of the following authentication methods:
l
NONE: The remote user does not require PPP authentication.
l
CHAP: Challenge Handshake Authentication Protocol (CHAP) authentication
provides secure encrypted authentication. CHAP periodically verifies the identity of
the peer using a 3-way handshake. This is done upon initial link establishment and
may be repeated anytime after the link has been established. (See RFC 1334 for
details.) CHAP authentication will work between two Digi ConnectPort X devices.
Note MS-CHAP (Microsoft specific implementation of CHAP) is not supported.
l
PAP: Password Authentication Protocol (PAP) authentication is required. PAP
provides a simple method for the peer to establish its identity using a 2-way
handshake. This is done only upon link establishment. (See RFC 1334 for further
details.)
l
n
BOTH: Both CHAP and PAP authentication are required (recommended).
Use login script: Enable when you want to use a login script and type the path to the
login script in the Dial chat script field.
PPP authentication uses this information.
Digi ConnectPort X Family
197
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
6. Under Peer Configuration, select one of the following options for assigning the IP address of
an incoming PPP client:
n
Automatically obtain remote IP address remote peer: Select this option if you want
to automatically assign the IP address supplied by the remote peer.
n
Request specific address: Select this option if you want to request the specified IP
Address from the remote peer. There is no guarantee this IP address is assigned to this
connection. The address is only requested. Some service providers do not allow you to
request IP addresses and others only allow you to assign a certain range of addresses.
Ask the service provider of the system you want to connect to if you can request an IP
address.
Advanced PPP Settings
The Digi ConnectPort X product uses advanced PPP settings to enable the routing table to use and
process ARP requests received by this device. Process ARP requests are also known as Proxy ARP.
ARP requests inform devices how and where to connect to a specific device. PPP connections use this
setting. The setting is disabled by default.
Configure advanced PPP settings
To enable or disable Proxy ARP:
1. Select Application > PPP.
2. Click Advance PPP Connections.
3. Select or clear the Process ARP Requests (Proxy ARP) check box to enable or disable Proxy
ARP.
4. Click Apply to save your changes.
Configure settings on serial ports
To configure the settings on serial ports:
1. Select a port from Configuration > Serial ports > Ports Settings.
2. Click Change Profile and change the port profile to modem.
3. In the Port Profile Settings > Modem Settings section, select Incoming Connections.
4. Select Enable PPP connections on this modem if you want to establish a PPP connection.
5. Set configurations on Basic Serial Settings and Advanced Serial Settings sections according
to your environment.
6. Select the authentication method of the serial port in the Authentication Settings section. If
the port profile is set to modem, you can only select None or Local authentication method.
Digi ConnectPort X Family
198
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
7. Select PPP User from the list if you set authentication method to None.
If you select the Local authentication method, you cannot select a PPP user separately. To
make the correct PPP connection with the Local serial port authentication method, you need
to have the PPP connection configuration with the same user name and password as in the
local system user database set on Configuration > Users. (See Configure incoming PPP
connections.)
Note If your serial port uses local authentication with a user in the local database, you must
use the Show Terminal window on your PPP client. When the terminal window opens, log in to
the serial port and then close the terminal window. PPP negotiation will start once you close
the terminal window.
Alarms Configuration
Use the Alarms Configuration page to configure device alarms and displaying alarm settings. Device
alarms send email messages or SNMP traps when certain device events occur. These device events
include data patterns detected in the data stream, alarms for signal strength and amount of cellular
traffic for a given period of time.
Alarm notification settings
Use the Alarm Notification Settings page to configure the following:
n Enable alarm notifications: Enables or disables all alarm processing for the Digi device.
n
Send all alarms to the Remote Management server: enables or disables sending of alarm
notifications to a server that handles remote management of devices, such as Remote
Manager.
Enabling this setting sends all alarm notifications to Remote Manager. Enable this option if the
Digi device is managed by a remote management server, such as Remote Manager. Enabling
this option is useful because it allows all alarms to be monitored from one location. Enabling
this option also allows Digi devices to send alarms to clients that would otherwise be
unreachable from the Digi device, either because the Digi device is behind a firewall or not on
the same network as the alarm destination.
When you disable this setting alarm notifications are not sent to Remote Manager. Disable this
setting if devices are not managed by a Remote Manager server or if alarms are sent from the
device. For example, an SNMP trap destination is local to the device, not Remote Manager.
n
Mail Server Address (SMTP): Specifies the IP address of the SMTP mail server. Ask your
network administrator for this IP address.
n
From: Specifies the text that used in the “From:” field for all alarms that are sent as emails.
Alarm list and status
The Alarm Conditions page lists all of the alarms. You can configure up to 32 alarms for a Digi device,
and you can individually enable and disable these alarms.
The alarm list displays the current status of each alarm. You can use this list to view alarm status at a
glance, then view more details for each alarm as needed.
Digi ConnectPort X Family
199
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
n
Enable: The check box indicates whether the alarm is currently enabled or disabled.
n
Alarm: The number of the alarm.
n
Status: The current status of the alarm, which is either enabled or disabled.
n
Type: The basis for the alarm.
n
Trigger: The conditions that trigger the alarm.
n
SNMP Trap: Indicates whether the alarm is sent as an SNMP trap.
l
If the SNMP Trap field is disabled, and the Send To field has a value, the alarm is sent as an
email message only.
l
If the SNMP Trap field is enabled and the Send To field is blank, the alarm is sent as an
SNMP trap only.
l
If the SNMP Trap field is enabled, and a value is specified in the Send To field, that means
the alarm is sent both as an email and as an SNMP trap.
n
Send To: The email address to which the alarm is sent.
n
Email Subject: Text to include in the Subject line of alarms sent as email messages.
Alarm Conditions
Use the Alarm Conditions page to specify the conditions on which the alarm is based, such as serial
data pattern matching, signal strength (RSSI), or data usage. Alarm conditions include:
n
Send alarms based on serial data pattern matching: Click this radio button to specify that
this alarm is sent when the specified serial data pattern is detected. Then specify the following:
l
Serial Port: The serial port to monitor for the data pattern. This field appears for devices
where more than one serial port is available.
l
Pattern: When the serial port receives this data pattern it sends an alarm. You can include
special characters such as carriage return carriage return (\r) and new line (\n) in the data
pattern.
n
Send alarms based on average RSSI level below threshold for amount of time: Send
alarms based on the average signal strength falling below a specified threshold for a specified
amount of time.
l
RSSI: The threshold signal strength, measured in dB (typically -120 dB to -40 dB).
l
Time: The amount of time, in minutes, that the signal strength falls below the threshold.
Note The set alarms command has an option, optimal_alarms_enabled={yes|no} that, when
enabled, causes an optimal alarm to be sent when the signal strength returns to a value above
the specified threshold. This feature is only available through the command line. The default is
no; it must be explicitly enabled if desired.
n
Send alarms based on cellular data exchanged in an amount of time:
l
Data: The number of bytes of cellular data.
l
Time: The number of minutes.
l
Cell Data Type: Type of cellular data exchanged: receive data, transmit data, total data.
Digi ConnectPort X Family
200
�Using the Digi ConnectPort X Family web interface
Configure the device using the web interface
Alarm Destinations
Use the Alarm Destinations page to define how alarm notifications are sent, either as an email
message or an SNMP trap, or both, and where the alarm notification is sent.
n Send E-mail to the following recipients when alarm occurs: Enable sending the alarm as an
email message. Then specify the following information:
l
To: The email address to which this alarm notification email message will be sent.
l
CC: The email address to which a copy of this alarm notification email message will be sent
(optional).
n
l
Priority: The priority of the alarm notification email message.
l
Subject: The text to be included in the Subject: line of the alarm-notification email.
Send SNMP trap to the following destination when alarm occurs: Specifies whether to
send the alarm as an SNMP trap. To send alarms as SNMP traps, you must set the Alarm Type
to snmptrap and specify the IP address of the destination for the SNMP traps in the SNMP
settings (Configuration > System > Simple Network Management Protocol). See Simple
Network Management Protocol (SNMP) Settings. That destination IP address appears below
the “Send alarm to SNMP destination” check box. You can also specify a secondary or backup
SNMP destination.
To configure an alarm notification to be sent as both an email message and an SNMP trap:
1. Select both Send E-Mail and Send SNMP trap check boxes.
2. Click Apply to apply changes to alarm settings and return to the Alarms Configuration page.
Configure alarm conditions
To configure an alarm:
1. Select Configuration > Alarms.
2. To enable or disable an alarm, select or clear the Enable check box next to the alarm.
3. Click the alarm under the Alarm column that you want to configure.
4. Configure the fields in the following sections:
n
Alarm Conditions: These condition specify the conditions on which the alarm is based,
such as serial data pattern matching or data usage.
n
Alarm Destinations: These conditions specify how the alarm is sent, either as an email
message or an SNMP trap, or both, and where the alarm is sent.
5. Click Apply to save your changes.
Batch configuration capabilities
If you need configure multiple Digi devices, use the batch configuration capabilities to upload
configuration files through the Digi Connect Programmer utility. The Digi Connect Programmer utility
is a command-line-based interface to Digi devices. Use this utility to upload firmware, files,
configuration settings and factory defaults to a Digi device. You can run it from the command line on a
computer that uses the Microsoft Windows operating system.
Digi ConnectPort X Family
201
�Using the Digi ConnectPort X Family web interface
Management
Management
Use the Management menu to view and manage connections and services for the Digi ConnectPort X
product.
You can monitor the port, device, system, and network activities of Digi ConnectPort X devices from a
variety of interfaces. Changes in data flow may indicate problems or activities that may require
immediate attention.
This chapter discusses monitoring and connection-management capabilities and tasks in Digi
ConnectPort X products.
Web interface
The web interface has several screens for monitoring Digi ConnectPort X Family devices:
n Network status
n
Mobile connection status
n
Serial Port Management: for each port, the port’s description, current profile, port logs (if
activated), and current serial configuration.
n
Connections Management: A display of all active system connections.
n
System Information:
l
General device information.
l
Serial port information: for each port, including the port’s description, current profile, and
current serial configuration. The same information appears when you choose Serial Port
Management.
l
Network statistics: statistics for IP, TCP, UDP, and ICMP.
Manage connections and services
Use the Management menu to view and manage connections and services for the Digi ConnectPort X
product.
Serial Port Management
The Serial Port Management page (Management > Serial Ports) provides an overview of the serial
ports and their connections. Click Connections to display the active connections for a serial port. You
can refresh the view to see new serial-port connections, and you can disconnect serial-port
connections as needed.
Port Connections Management
The Port Connections Management page (Management > Serial Ports > Connections) displays active
Virtual Private Network (VPN) and system connections.
Manage Virtual Private Network (VPN) connections
To monitor a VPN connection from the web interface, select Management > Connections. The VPN
settings appear.
Note that the Connect and Disconnect functions do not work if VPN the uses a Pre-Shared Key (PSK).
Digi ConnectPort X Family
202
�Using the Digi ConnectPort X Family web interface
Management
Manage active system connections
The Active System Connections list provides an overview of connections associated with various
interfaces, such as:
n User connections to the device’s web interface
n
Connections to the command line through the local shell
n
Python threads currently running
n
Protocols used for the connections
n
The number of active sessions for each connection
Use this list to determine which connections are no longer needed. You can disconnect connections
that are no longer needed.
Event logging
Management > Event Logging displays the event log for the Digi device. This log records events
throughout the Digi device’s system, such as starting or resetting the Digi device, configuring features,
actions performed by various interfaces and subsystems, or starting applications. The event log is
always enabled and is not user-configurable. When the Digi device operates in an unexpected manner,
you can send the log entries to Digi for analysis by Technical Support and Engineers. You cannot
disable the event log. Digi uses the event log to get an accurate view of all operational aspects of the
device.
The event log is maintained in RAM, and there is no history across reboots of the device. When the log
“overflows” the oldest entries are overwritten with new ones, so the history is incomplete.
The Clear button clears the event log.
Manage network services
Management > Network Services displays information about active network services. Currently, the
only network-service management task possible from this page is managing the DHCP server.
Manage DHCP server operation
DHCP server management operations include:
n View DHCP server status.
n
Start/stop/restart the DHCP server.
n
View and manage current DHCP leases.
Start, stop, and restart the DHCP server
The DHCP Server Management page shows the current status of the DHCP server. Depending on the
current status, there are buttons to start, stop, or restart the DHCP server. Click the appropriate
button to perform your request.
Note Stopping, restarting, or rebooting the DHCP server causes all information on IP address leases
to be lost. All leased addresses except for reservations will be returned to the available address pool
and may be served in a new lease to a DHCP client.
View and manage the current DHCP leases
The DHCP server maintains a current list of its leases, reservations and unavailable addresses. The
displayed lease list may contain entries that report a variety of status descriptions. The Lease Status
Digi ConnectPort X Family
203
�Using the Digi ConnectPort X Family web interface
Management
types are identified and described below.
Even after a lease has expired or is released by a DHCP client, the associated IP address is not
immediately returned to the available address pool. Rather, there is a non-configurable grace period
during which the lease record is retained by the DHCP server. At the end of that grace period, the
lease record is automatically deleted and the associated IP address is returned to the available
address pool. Where a grace period is observed, this is indicated in the Lease Status descriptions
below.
The grace period is incorporated in the DHCP server to increase the consistency of offering the same
IP address to a DHCP client, even if that client is rebooted or off the network for a period of time that
does not exceed the grace period.
You can move leases from the DHCP server while the server is running. To remove a lease, select the
check box to the left of the lease information in the table of leases, then click the Remove button
below the lease table. To remove all leases, select the check box to the left of the descriptive
headings at the top of the table, then click the Remove button below the lease table.
Note Removing a lease will cause the associated IP address to be returned immediately to the
available address pool. Any IP address in this available address pool may be served in a new lease to a
DHCP client. Static lease reservations will always display in the lease list. These reservation leases
may be removed, but a new lease will be created immediately. To disable or permanently remove a
reservation, use the DHCP Server Settings page in the Network Configuration area.
Lease status types
Here are the Lease Status values that are displayed in the lease list, including how long a lease table
entry will remain in each state. Note that after a lease is deleted, the associated IP address is
returned to the available address pool.
n Assigned (active): A lease is currently assigned and active for the given client. The client may
renew the lease, in which case the lease remains in this state.
n
Assigned (expired): A lease has expired and is no longer active for the given client. A lease in
this state will remain for a 4-hour grace period, after which it is deleted. If the same client
requests an IP address before the lease is deleted, it will be given the same IP address
previously served to it.
n
Reserved (active): A lease for an address reservation is currently active for the given client. A
reservation lease will remain indefinitely, although the status may alternate between active
and inactive.
n
Reserved (inactive): A lease for an address reservation is currently inactive for the given
client. A reservation lease will remain indefinitely, although the status may alternate between
active and inactive.
n
Reserved (unavail): A lease for an address reservation was offered to a client, but that client
actively declined to use the IP address. Typically this is because the client determined that
another host on the same subnetwork is already using that IP address. Upon receiving the
client's decline message, the DHCP server will mark the address as unavailable. The lease will
remain in this state for 4 hours, after which it is reverts to the Reserved (inactive) status.
Digi ConnectPort X Family
204
�Using the Digi ConnectPort X Family web interface
n
Administration
Offered (pre-lease): A lease has been offered to the given client, but that client has not yet
requested that the lease be acknowledged. It may be that the client also received an offer
from another DHCP server, in which case this offer will expire in approximately 2 minutes. If
the client requests this lease before that 2-minute interval elapses, this lease will change
status to Assigned. If the 2-minute interval expires, the offer record is deleted and the
associated IP address is returned immediately to the available address pool.
n
Released: A lease was previously assigned to the given client, but that client has proactively
released it. A lease in this state will remain for a 1-hour grace period, after which it is deleted.
If the same client requests an IP address before the lease is deleted, it will be given the same
IP address previously served to it.
n
Unavailable Address: A lease was offered to a client, but that client actively declined to use
the IP address. Typically this is because the client determined that another host on the same
subnetwork is already using that IP address. Upon receiving the client's decline message, the
DHCP server will mark the address as unavailable. The lease will remain in this state for a 4hour grace period, after which it is deleted. This status may also occur if the DHCP server
determines that the IP address is in use before it offers the address to a client (see the DHCP
server setting Check that an IP address is not in use before offering it).
Administration
You can periodically perform administration tasks on Digi ConnectPort X Family products, such as:
n File management
n
Changing the password used for logging onto the device
n
Backing up and restoring device configurations
n
Updating firmware and Boot/POST code
n
Restoring the device configuration to factory defaults
n
Rebooting the device
The Administration section in the web interface provides the following options:
n X.509 Certificate/Key Management: Load and manage X.509 certificates and public/private
host key pairs that are public key infrastructure (PKI) based security. See X.509 Certificate/Key
Management for more information.
n
File Management: Upload and manage files, such as custom web pages, applet files, and
initialization files. See File Management for more information.
n
Python Program File Management: Upload custom programs in the Python programming
language to Digi devices and configuring the programs to execute automatically at startup. See
Python Configuration for more information.
n
Backup/Restore: Back up or restore device configuration settings. See Backup/Restore for
more information.
Digi ConnectPort X Family
205
�Using the Digi ConnectPort X Family web interface
n
Administration
Update Firmware: Update the firmware, including Boot and POST code. See Update the
firmware and boot/POST code for more information.
n
Factory Default Settings: Restore a device to factory default settings. See Factory default
settings for more information.
n
System Information: Display general system information for the device and device statistics.
See System information for more information.
n
Reboot: Reboot the device. See Reboot for more information.
These administrative tasks are organized elsewhere in the web interface:
n Enable and disable network services. See Reboot for more information.
n
Enable password authentication for the Digi ConnectPort X device. See Users for more
information.
File Management
Use the File Management page to upload custom files to a Digi ConnectPort X Family product, such
as an image file containing your company logo. You can use custom applets and HTML files to alter the
interface either by adding a different company logo, changing colors, or moving information to
different locations.
If you upload an index.htm or index.html file, that file automatically loads when you sign in to a Digi
device from the web browser.
Upload files
To upload files to a device:
1. Select Administration > File Management.
2. Click Choose File to locate and select the file.
3. Click Upload.
Delete files
To delete files from a device:
1. Select Administration > File Management.
2. Select the Action check boxes next to files that you want to delete.
3. Click Delete.
Factory reset does not delete custom files
A factory reset does not delete files uploaded to the File Management page. When you restore the Digi
device to factory defaults or press the Reset button on the device (see Factory default settings), the
uploaded files remain. This allows you to retain custom applets and custom factory defaults. If you
want to remove custom files you must manually delete them (see Delete files).
X.509 Certificate/Key Management
Use the X.509 Certificate/Key Management page to upload and manage entries in the database of
certificate and private key data. This feature supports displaying, loading, saving, removing, certificate
Digi ConnectPort X Family
206
�Using the Digi ConnectPort X Family web interface
Administration
database entries, and importing a private key for the Digi device into the database. Certificates and
public/private host key pairs are an integral part of public key infrastructure (PKI) based security.
Supported security implementations
The X.509 Certificate/Key Management manages several kinds of certificate databases and security
implementations, including:
n X.509 Certificate Authority/Certificate Revocation—A trusted third party issues digital
certificates for use by other parties.
n
Simple Certificate Enrollment Protocol (SCEP)—Use SCEP to obtain certificates used in
Virtual Private Networking (VPN) security. Large enterprises use SCEP. SCEP allows for
provisioning from the field.
n
VPN—Use the IPsec protocol in VPN to securely connect a device to a network, connect two
networks together, and allow a device to perform proxy VPN.
n
Secure Socket Layer (SSL)/Transport Layer Security (TLS)—Use SSL and TLS security to
secure access to web pages for configuration purposes, secure serial port connections, and SSL
autoconnect, an automatic connection (autoconnection) between a serial port on the device
and a remote network destination.
n
Secure Shell (SSHv2)—Use SSHv2 to secure access to a device’s console and serial ports for
configuration purposes.
Benefits of certificates
You gain the following benefits when you use certificates to manage security:
n Certificates are more secure than Digi self-signed certificates.
n
Certificate management allows you to push your own certificates out to Digi device.
n
The key sizes are more flexible.
n
When you manage certificates through the web interface, it creates a repository of certificates
that other applications and processes can use.
Additional information on certificate management
Implementing certificate management requires selecting a security type and understanding its
technical details and key operations. If you are tasked with certificate management for your
organization and need more background information, a good place to start is Wikipedia articles for the
security types (X.509 CA/CRL, SCEP, VPN, SSL/TLS), and SSH). These articles reference resources such
as standards, Request For Comments pages (RFCs), and articles that provide more technical detail.
Tables managed by the X.509 Certificate/Key Management feature
Certificate and key management information is stored in the following database tables:
Digi ConnectPort X Family
207
�Using the Digi ConnectPort X Family web interface
Administration
Security type
Table
Used to load
X.509 Certificate
Authority/Certificate
Revocation
CA (Certificate
Authority)
Certificate authority digital certificates. A
certificate authority (CA) is a trusted third party
that issues digital certificates for use by other
parties. Digital certificates issued by the CA
contain a public key. The certificate contains
information about the individual or organization
to which the public key belongs. A CA verifies
digital certificate applicants' credentials. The CA
certificate allows verification of digital
certificates, and the information contained
therein, issued by that CA.
CRL (Certificate
Revocation List)
Certificate revocation lists for loaded CAs. A
certificate revocation list (CRL) is a file that
contains the serial numbers of digital certificates
issued by a CA which have been revoked, and
should no longer be trusted. Like CAs, CRLs are a
vital part of a public key infrastructure (PKI). You
must install the digital certificate of the
corresponding CA before you load the CRL.
SCEP CA
(Certificate
Authority)
SCEP certificate authority digital certificates
that have been approved and issued. Tables are
populated using SCEP commands and data is
obtained from a SCEP server, rather than
populated by a user.
SCEP Pending
Enrollment
Requests
SCEP certificate requests that are pending
approval.
VPN Identity
VPN identity certificates. Identity certificates
and keys allow for IPsec authentication and
secure key exchange with ISAKMP/IKE using RSA
or DSA signatures. The VPN identity certificate
must be issued by a CA trusted by the peer.
VPN Identity Keys
VPN RSA or DSA identity private keys.
SSL Identity
SSL/TLS identity certificates. A default key is
generated automatically but can be overridden
by a user. Note that this default key is not
secure.
SSL Identity Keys
SSL/TLS identity private keys.
SSL Peer
SSL/TLS peer certificates.
SSL Revoked
Verbatim revoked SSL/TLS certificates.
Simple Certificate
Enrollment Protocol (SCEP)
Virtual Private Networking
(VPN)
Secure Sockets Layer (SSL)
and Transport Layer
Security (TLS)
Digi ConnectPort X Family
208
�Using the Digi ConnectPort X Family web interface
Administration
Security type
Table
Used to load
Secure Shell (SSHv2)
SSH Host Keys
Table
SSHv2 identity private keys. Used for
authentication with SSHv2 clients and secure
key exchange. A default 1024-bit DSA key is
generated automatically if none exists when the
device boots. There is no certificate for SSHv2,
just private key data.
Behavior of SSH/SSL private keys on Digi device
Digi devices generate their SSH/SSL self-signed private keys automatically. While this automatic
generation is convenient for device users, as they are not required perform any actions regarding the
private keys, it presents some security loopholes.
n With self-signed private keys, you must establish trust in a secure environment. That is, if you
cannot guarantee that the environment is secure, you must pull the private keys off the Digi
device.
n
You must know about the certificate before you connect, as opposed to third-party signed
certificates, where you only need the third-party certificate.
n
The length of a Digi device’s self-signed private keys is 1024 bits. While this length is adequate
for 99.9% of all applications, some people or applications prefer a shorter or longer key.
Using TFTP to load and store certificate information
Use TFTP to load and store PEM-formatted certificates into the certificate and private key
management tables.
Using HTTP/HTTPS to transfer certificate and key data
You can use HTTP or HTTPS to transfer certificate and private key data on a web browser.
Data retained after factory reset
When you reset a Digi device to factory defaults, it retains certificates and private key data loaded
onto it.
Certificate management settings
There are separate pages of settings for the certificate databases and key management for
certificates and key data for the different types of security implementations.
Certificate Authorities (CAs) / Certificate Revocation Lists (CRLs)
Upload CAs and CRLs
Use this section to upload and manage certificate authority (CA) certificates, or certificate revocation
list (CRL) files. You can install up to 8 CA certificates and up to 8 CA revocations. You can also obtain CA
certificates from a SCEP server. You can install up to 8 SCEP CA certificates.
You an use files in ASN.1 DER or PEM Base64 encoded formats. Click Choose File and type or browse to
the name of the file to upload. Click the Upload button to upload the file.
Digi ConnectPort X Family
209
�Using the Digi ConnectPort X Family web interface
Administration
About Simple Certificate Enrollment Protocol (SCEP) CA certificates
Managing Simple Certificate Enrollment Protocol (SCEP) CA certificates involves two types of
certificates and settings on several pages:
n The SCEP CA certificate. This is the globally trusted certificate.
n
The VPN identity certificate; that is, the certificate that identifies the particular device.
The process for managing these two types of certificates is as follows:
Location in X.509 Certificate and Key Management
settings
Step
1. Get the SCEP CA certificate.
Certificate Authorities (CAs) / Certificate Revocation Lists
(CRLs) > Obtain CA certificates from a SCEP Server fields
and Get CA button
See Obtain CA certificates from a SCEP Server.
2. Accept the SCEP CA certificates.
Certificate Authorities (CAs) / Certificate Revocation Lists
(CRLs) >
Installed SCEP Certificate Authority Certificates
See Installed Certificate Authority Certificates.
3. Enroll the VPN identity
certificate.
Virtual Private Network (VPN) Identities >
Key Generation / Enrollment fields and Enroll button
This step moves the VPN identity certificate into the pending
enrollment database, which is the database that indicates
which certificate enrollment requests are outstanding.
See Key generation / enrollment.
4. Verify enrollment of the VPN
identity certificate.
Virtual Private Network (VPN) Identities >
Installed VPN Identity Certificates
The VPN identity certificate is automatically added when it
comes back from the SCEP server. Verify that it is in the table.
See Installed VPN identity certificates.
Installed Certificate Authority Certificates
The table lists any certificate authority certificates that are loaded in the Certificate Authority
database.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Subject: The entity that received the certificate. This is expressed as the value entered in a
browser’s URL field; typically a Fully Qualified Domain Name (FDQN) if using DNS or an IP
address.
n
Issuer: The entity that issued the certificate.
n
Expiration: The expiration date of the certificate.
n
Delete button: Click to delete the CA certificates selected in the Action column from the
database.
Digi ConnectPort X Family
210
�Using the Digi ConnectPort X Family web interface
Administration
Installed Certificate Authority Certificate Revocation Lists
The table lists any certificate authority certificate revocation lists that are loaded in the Certificate
Revocation List database.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Issuer: The entity that issued the certificate.
n
Last Update: The last date and time the certificate revocation list was issued.
n
Next Update: The effective or expiration date and time of the certificate revocation list. At this
date, a new one must be obtained.
n
Delete button: Click to delete the CA certificate revocation lists selected in the Action column
from the database.
Obtain CA certificates from a SCEP Server
This section performs step 1 of the process for managing SCEP CA certificates. It involves specifying
the SCEP server where you can obtain CA certificates.
Note You must accept CA Certificates before you can use it for any purpose.
n
SCEP Server URL: The URL of the SCEP server from which to get the CA certificate.
n
CA Identifier: The ID of the CA certificate to be obtained from the SCEP server. Get this value
from the SCEP administrator.
n
Get CA button: Click to get the specified CA certificate from the specified SCEP server URL.
Installed SCEP Certificate Authority Certificates
This section performs step 2 of the process for managing SCEP CA certificates. It lists any installed
Simple Certificate Enrollment Protocol (SCEP) CA certificates. To enter any new certificates, obtain
the certificate information from the SCEP administrator. Click the Accept button to accept
SCEP CA certificates in the list.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Subject: A text description of the SCEP CA.
n
Issuer: The entity that issued the certificate.
n
Expiration: The expiration date of the certificate.
n
Fingerprint: The fingerprint of the received CA certificate. This fingerprint is in the form of a
hash code consisting of several hexadecimal bytes that allow the SCEP administrator to verify
the CA certificate.
n
Delete button: Deletes all the SCEP CA certificates selected in the Action column from the
database.
n
Accept button: Accepts the SCEP CA certificates selected in the Action column into the
database. This action moves the CA certificate from the SCEP CA to the X.509 CA table.
Digi ConnectPort X Family
211
�Using the Digi ConnectPort X Family web interface
Administration
Virtual Private Network (VPN) identities
Upload VPN identity keys and certificates
Use this section to upload VPN RSA or DSA identity keys and certificates. You can install up to 5 VPN
identity certificates. You can install up to 5 VPN identity keys.
You can use identity certificate and key files in ASN.1 DER or PEM Base64 encoded formats.
Enter or browse to the name of the file to upload in the Upload File field. A password is required in
the Password field only if the host key file is encrypted. Click the Upload button to upload the file.
Installed VPN identity certificates
This table lists any VPN identity certificates that are loaded in the VPN Identities database.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Subject: The entity that received the certificate.
n
Issuer: The entity that issued the certificate.
n
Expiration: The expiration date of the certificate.
n
Delete button: Deletes all certificates selected in the Action column from the database.
Installed VPN identity keys
Lists any VPN identity keys that are in the VPN Identities database.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Type: The type of encryption of the VPN identity key: RSA (public key cryptography algorithm)
or DSA (digital signature algorithm).
n
Matching Key: The private key associated with the certificate, if any exists.
n
Delete button: Deletes all the keys selected in the Action column from the database.
Key generation / enrollment
Use this section to set parameters for handling SCEP enrollment requests. A SCEP enrollment request
creates a private key and sends a request to the SCEP server to generate a SCEP CA certificate. You
can install up to 4 pending SCEP enrollment requests.
Enrollment request parameters are as follows:
n SCEP Enrollment Server URL: The URL for the SCEP server.
n
CA Certificate: The name of the CA certificate to be obtained from the SCEP server.
n
Encryption Certificate
Signing Certificate: There are roles in a certificate enrollment request: The CA that signs the
enrollment request, and the CA that encrypts the request. These two options are indices into
the CAs in the Digi device’s certificate database, and both sign and encrypt the request. This
information is typically downloaded from the SCEP CA table.
n
RSA Key Length (bits): The number of characters in the key.
Digi ConnectPort X Family
212
�Using the Digi ConnectPort X Family web interface
n
Administration
Enrollment Password: A one-time, short-lived password used for the SCEP enrollment
process. Get this password from the SCEP administrator.
n
Common Name (CN): A name that identifies the device associated with the SCEP CA
certificate; for example, the device name or a FQDN.
n
Country Code (C): A two-letter abbreviation for the country in which the device associated
with the SCEP CA certificate resides; for example, US for United States.
n
State or Province (ST): The state or province abbreviation for the physical location of the
device associated with the SCEP CA certificate.
n
Locality (L): The city or town for the physical location of the device associated with the SCEP
CA certificate.
n
Organization (O): Company or organizational name for the device associated with the SCEP
CA certificate.
n
Organizational Unit (OU): Organizational sub-descriptor for the device associated with the
SCEP CA certificate; for example “Engineering” or “IT.”
n
E-mail (SubjectAltName): Email address for the device associated with the SCEP CA
certificate.
n
FQDN (SubjectAltName): Fully Qualified Domain Name (FQDN) for the device associated with
the SCEP CA certificate.
n
Enroll button: Sends the enrollment request to the SCEP server.
Pending SCEP Enrollment Requests
This table lists SCEP enrollment requests that are pending approval. These are requests that have
saved at the SCEP server console but not yet approved. If the SCEP administrator does not approve
these requests, they will remain in this pending state forever until deleted.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
URL: This value must be the same as the SCEP Enrollment Server URL in the SCEP enrollment
request.
n
Issuer: The entity that issued the certificate.
n
Delete button: Deletes all SCEP enrollment requests selected in the Action column from the
database.
Secure Socket Layer (SSL) / Transport Layer Security (TLS) Certificates
Use the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Certificates page to load
host certificates and keys, as well as peer certificates and revocations.
Identity certificates and keys
You can install up to two SSL/TLS identity certificates. You can also install up to 2 SSL/TLS identity
keys.
Digi ConnectPort X Family
213
�Using the Digi ConnectPort X Family web interface
Administration
Upload SSL/TLS Identity Keys and Certificates
Use this section to upload SSL/TLS RSA or DSA identity keys and certificates.
You can use identity certificate and key files in ASN.1 DER or PEM Base64 encoded formats.
Enter or browse to the name of the file to upload in the Upload File field. A password is required in
the Password field only if the host key file is encrypted. Click the Upload button to upload the file.
Installed SSL and TLS Identity Certificates
This table lists the identity certificates that are installed in the SSL and TLS databases.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Subject: The entity that received the certificate.
n
Issuer: The entity that issued the certificate.
n
Expiration: The expiration date of the certificate.
n
Matching Key: The private key associated with the certificate, if any exists.
n
Delete button: Deletes all certificates selected in the Action column from the database.
Installed SSL/TLS identity keys
This table lists the identity keys that are installed in the SSL and TLS databases.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Type: The type of encryption of the identity key: RSA (public key cryptography algorithm) or
DSA (digital signature algorithm).
n
Matching Certificate: The certificate associated with the private key, if any exists.
n
Delete button: Deletes all keys selected in the Action column from the database.
Trusted peer certificate
Use this section to upload and manage SSL and TLS trusted peer certificates.
Upload SSL/TLS trusted peer certificates
Use this section to upload SSL/TLS trusted peer certificates. Certificate files can be in ASN.1 DER or
PEM Base64 encoded formats. Enter or browse to the name of the file to upload in the Upload File
field. Click the Upload button to upload the file.
Installed SSL/TLS trusted peer certificates
This table lists the installed SSL and TLS trusted peer certificates. You can install up to 8 SSL/TLS
trusted peer certificates.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Subject: The entity that received the certificate.
n
Issuer: The entity that issued the certificate.
n
Expiration: The expiration date of the certificate.
n
Delete button: Deletes all certificates selected in the Action column from the database.
Digi ConnectPort X Family
214
�Using the Digi ConnectPort X Family web interface
Administration
Untrusted revoked certificate
Use this section to upload and manage SSL/TLS untrusted revoked certificates. You can install up to 8
SSL/TLS untrusted revoked certificates.
Upload SSL/TLS untrusted revoked certificates
Use this section to upload SSL/TLS untrusted revoked certificates. Certificate files can be in ASN.1 DER
or PEM Base64 encoded formats. Enter or browse to the name of the file to upload in the Upload File
field. Click the Upload button to upload the file.
Installed SSL/TLS untrusted revoked certificates
The table lists the installed SSL and TLS untrusted revoked certificates.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Subject: The entity that received the certificate.
n
Issuer: The entity that issued the certificate.
n
Expiration: The expiration date of the certificate.
n
Delete button: Deletes all certificates selected in the Action column from the database.
Secure Shell (SSH) Host Keys
Use the Secure Shell (SSH) Host Keys page to upload and manage SSH host keys.
Upload SSH Host Keys
Use this section to upload SSH RSA or DSA hostkeys. Key files can be in ASN.1 DER or PEM Base64
encoded formats. Enter or browse to the name of the file to upload in the Upload File field. A
password is required in the Password field only if the host key file is encrypted. Click the Upload
button to upload the file.
Installed SSH host keys
The table lists the installed SSH host keys. You can install up to 2 SSH host keys.
n
Action: Select to perform allowable actions on the entry. The only allowable action is to delete
the entry.
n
Type: The type of encryption of the identity key: RSA (public key cryptography algorithm) or
DSA (digital signature algorithm).
n
Fingerprint: The fingerprint of the SSH host key. This fingerprint is in the form of a hash code
consisting of several hexadecimal bytes to identify the SSH host key.
n
Delete button: Deletes the selected SSH host keys in the Action column from the database.
Secure Shell (SSH) hostkeys
Use the Secure Shell (SSHv2) Hostkeys database to load host private keys. You can use SSHv2 host
keys for authentication with SSHv2 clients and secure key exchange. The Digi device automatically
generates a default 1024-bit DSA key if none exists when the Digi device boots.
n Upload SSH Host Keys: Use this section to upload SSH RSA or DSA hostkeys. Key files may be
in ASN.1 DER or PEM Base64 encoded formats. If the host key file is encrypted, a password is
Digi ConnectPort X Family
215
�Using the Digi ConnectPort X Family web interface
Administration
required.
n
Installed SSH Host Keys: Lists the host keys loaded into the SSH Hostkeys database.
Backup/Restore
After you configure a Digi ConnectPort X device, back up the configuration settings. You can restore
the backup configuration settings if a problem occurs when updating the firmware or adding
hardware. If you need to configure multiple devices, you can use the backup/restore feature to load
the backup configuration settings from the first device onto the other devices.
Back up or restore a device configuration from the web interface
You can back up or restore a device configuration to a server from the web-interface and download a
configuration from a server to a file or TFTP.
Note If you are using TFTP, ensure that the TFTP program is running on a server.
To backup a device configuration:
1. Click Administration > Backup/Restore. The Backup/Restore page appears.
2. Select the storage location type.
3. Click Backup.
To restore a device configuration:
1. Click Administration > Backup/Restore. The Backup/Restore page appears.
2. Select the storage location type.
3. Select the file to restore from the Restore From File field or click Choose File to locate and
select the file.
4. Click Restore.
Update the firmware and boot/POST code
You can update the firmware and/or boot/POST code for a Digi device from a file on a computer or
through TFTP. The recommended method is to download the firmware to a local hard drive. TFTP is
supported for those using Unix systems. Both the firmware and the boot/POST code are updated
using the same set of steps. The Digi device automatically determines the type of image to upload.
Important Read the Release Notes supplied with the firmware to see if the boot/POST code must be
updated before updating the firmware or the boot/POST code.
Update the firmware from a file on a computer
To update the firmware from a file on a computer:
1. Select Administration > Update Firmware. The Update Firmware page appears.
2. Type the name of the firmware or POST file in the Select Firmware field, or click Browse to
locate and select the firmware or POST file.
Digi ConnectPort X Family
216
�Using the Digi ConnectPort X Family web interface
Administration
3. Click Update.
Important: DO NOT close the browser until the update completes and a reboot prompt
appears.
Update the firmware from a TFTP Server
You can update firmware from a TFTP server through the command-line interface using the boot
command. You cannot update the firmware from the web interface. For details, see Administration.
Factory default settings
Restoring a Digi ConnectPort X device to its factory default settings clears all current configuration
settings with some exceptions. See the following topics for more information:
n Settings cleared and retained during a factory reset
n
File Management
There are several ways to reset the device configuration of a Digi ConnectPort X product to the
factory default settings:
n
From the web interface using the Restore Factory Defaults operation
This method is the best way to reset the configuration, because you can back up the settings
using the Backup/Restore operation. The Backup/Restore operation provides a means to
restore the configuration after the configuration issues have been resolved. See Reset the
factory settings on a Digi ConnectPort X product from the web interface for more information.
n
From the command-line interface, using the boot command
The boot action=factory command clears all current configuration settings, except the IP
address settings, host key settings, and password for the administrative/root user; restores
the settings to the factory defaults; then reboots the device. If a Digi device has custom factory
default settings, the settings will revert to those custom defaults instead.
#> boot action=factory
There are several other options for using the boot command to load configuration settings.
See the boot command description in the Digi Connect® Family Command Reference.
n
Using the reset button on the Digi ConnectPort X device
Use this method if you cannot access the device from a web browser. The location of the reset
button may vary. See Reset the factory settings on a Digi ConnectPort X product using the
Reset button for more information.
Settings cleared and retained during a factory reset
A factory reset does not delete files uploaded to the File Management page. See Factory reset does
not delete custom files for more information.
If a Digi device has custom default settings, the settings revert to those custom defaults instead of
the factory defaults.
Digi ConnectPort X Family
217
�Using the Digi ConnectPort X Family web interface
Administration
Reset the factory settings on a Digi ConnectPort X product from the web interface
To reset the factory settings on the Digi ConnectPort X device from the web interface:
1. Create a backup copy of the configuration using the Backup/Restore operation. See
Backup/Restore for more information.
2. Select Administration > Factory Default Settings. The Factory Default Settings page appears.
3. To keep the network settings for the device, such as the IP address, select the Keep network
settings check box.
4. Click Restore.
Reset the factory settings on a Digi ConnectPort X product using the Reset button
To reset the factory settings on a Digi ConnectPort X product using the Reset button:
1. Power off the Digi ConnectPort X device.
2. Locate the Reset button or pin on your Digi device. ConnectPort X2 and ConnectPort X4 models
have the reset button on the side panel.
Digi ConnectPort X Family
218
�Using the Digi ConnectPort X Family web interface
Administration
For ConnectPort X4 H, the Reset button is located inside the NEMA enclosure on the printed
circuit board, and is named SW1. The figure shows the location of SW1.
3. Hold the Reset button down gently with a non-conductive, small diameter tool (such as wood
or plastic) with a blunt end (NOT SHARP or the button could be damaged). Power on the device
while holding the Reset button down. On some models, after a few seconds you may see the
Status LED blink a 1-1-1 pattern once.
4. After 30 seconds, release the Reset button. At this point, on some models, the Status LED will
blink a 1-5-1 pattern. Wait for the device to boot up. At this time, the configuration is returned
to factory defaults. Now, if desired, power off the device, though this is not necessary.
Note Powering off the device before releasing the Reset button guarantees the configuration
will NOT be reverted. Powering off the device just after releasing the Reset button will result in
an unknown configuration, possibly having some or all settings reverted to defaults.
System information
The System Information page displays general system information about the Digi ConnectPort X
Family device. Technical support uses this information to troubleshoot problems. To display these
Digi ConnectPort X Family
219
�Using the Digi ConnectPort X Family web interface
Administration
pages, go to Administration > System Information.
General
The General page displays the following general system information:
n Model: The model of the Digi ConnectPort X Family product.
n
MAC Address: A unique network identifier required for all network devices. The MAC address
appears on a sticker on the Digi device and consists of 12 hexadecimal digits, usually starting
with 00:40:9D.
n
Firmware Version: The current firmware version running in the Digi device. Use this
information to locate and download new firmware. You can download firmware updates from
the Digi Support site.
n
Boot Version: The current boot code version running in the Digi device.
n
POST Version: The current Power-On Self Test (POST) code version running in the Digi device.
n
CPU Utilization: The amount of CPU resources the Digi device uses.
Important: 100% CPU utilization may indicate encryption key generation is in-progress. On
initial boot, the Digi device generates some encryption key material: an RSA key for SSL/TLS
operations, and a DSA key for SSH operations. This key-generation process can take as long as
40 minutes. Until the RSA or DSA key is generated, the Digi device will be unable to initiate or
accept that type of encrypted connection. The Digi device reports itself as 100% busy, but since
key generation occurs at a low priority, the device will still function normally. On subsequent
reboots, the Digi device will use its existing keys and not need to generate another unless a
reset to factory defaults is done, which will cause a new key to be generated on the next
reboot.
n
Up Time: The amount of time the Digi device has been running since it was last powered on or
rebooted.
n
Total/Used/Free Memory: The amount of memory (RAM) available, currently in use, and
currently not being used.
Serial
The Serial page under Administration > System Information lists the serial ports and their
configuration status. Click a port to view detailed serial port information on the Serial Port
Diagnostics page.
Note The ConnectPort LTS serial ports behave like DTE ports.
n Outputs from the device: TxD (in 422/485 Full duplex TxD+ and TxD-), RTS, and DTR
n
Inputs to the device: RxD (in 422/485 Full duplex RxD+ and RxD-), CTS, DSR, and DCD
For pin-out information, see ConnectPort® LTS 8/16/32 Quick Start Guide.
Digi ConnectPort X Family
220
�Using the Digi ConnectPort X Family web interface
Administration
Serial Port Diagnostics
The Serial Port Diagnostics page displays information on the current state of a serial port on your Digi
device.
n
Configuration: The Configuration page displays the electrical interface (Port Type) and basic
serial settings.
n
Signals: The Signals pane shows the state of serial port signals. The serial port signals are
green when asserted (on) and gray when not asserted (off). These signals are defined as
follows:
l
RTS: Request To Send.
l
CTS: Clear To Send.
l
DTR: Data Terminal Ready.
l
DSR: Data Set Ready.
l
DCD: Data Carrier Detected.
l
OFC: Output Flow Control. Indicates that flow control is enabled on the remote side of the
serial-port connection, and that the Digi device should stop sending data.
l
IFC: Input Flow Control. Indicates that the Digi device is operating as if flow control is
enabled for incoming data sent from the remote side of the serial-port connection. This
signal is more of an indication that flow control is intended or expected rather than true
state information. If the remote side has a flow-control mechanism enabled, the Digi device
will use it.
n
Serial Statistics: The Statistics section includes data counters and error tracking that will help
determine the quality of data that is being sent or received. If the error counters are
accumulating, you may have a problem with your Digi device server.
l
Total Data In: Total number of data bytes received.
l
Total Data Out: Total number of data bytes transmitted.
l
Overrun Errors: Number of overrun errors—the next data character arrived before the
hardware could move the previous character.
l
Framing Errors: Number of framing errors received—the received data did not have a valid
stop bit.
l
Parity Errors: Number of parity errors—the received data did not have the correct parity
setting.
l
Breaks: Number of break signals received.
Network statistics
Network pane provide details about network and protocol activity that may aid in troubleshooting
network communication problems. Statistics displayed are those gathered since the unit was last
rebooted. If an error counter accumulates at an unexpected rate for that type of counter, there may
be a problem in the Digi ConnectPort X product.
Digi ConnectPort X Family
221
�Using the Digi ConnectPort X Family web interface
Administration
Ethernet Connection Statistics
n Speed: Ethernet link speed: 10 or 100 Mbps. N/A if link integrity is not detected. For example,
the cable is disconnected.
n
Duplex: Ethernet link mode: half or full duplex. N/A if link integrity is not detected. For example,
the cable is disconnected.
n
Bytes Received/Bytes Sent: Number of bytes received or sent.
n
Unicast Packets Received: Number of unicast packets received and delivered to a higherlayer protocol. A unicast packet is directed to an Ethernet MAC address.
n
Non-Unicast Packets Received: Number of non-unicast packets received and delivered to a
higher-layer protocol. A non-unicast packet is directed to either an Ethernet broadcast address
or a multicast address.
n
Non-Unicast Packets Sent: Number of non-unicast packets requested to be sent by a higherlayer protocol. A non-unicast packet is directed to either an Ethernet broadcast address or a
multicast address.
n
Unknown Protocol Packets Received: Number of received packets discarded because of an
unknown or unsupported protocol.
IP statistics
n Datagrams Received/Datagrams Forwarded: Number of received or forwarded datagrams.
n
Forwarding: Displays whether forwarding is enabled or disabled.
n
No Routes: Number of outgoing datagrams for which no route to the destination IP can be
found.
n
Routing Discards: Number of discarded outgoing datagrams.
n
Default Time-To-Live: Number of routers an IP packet can pass through before it is discarded.
TCP Statistics
n Segments Received/Segments Sent: Number of received or sent segments.
n
Active Opens: Number of active opens. In an active open, the Digi ConnectPort X product
initiates a connection request with a server.
n
Passive Opens: Number of passive opens. In a passive open, the Digi ConnectPort X listens for
a connection request from a client.
n
Bad Segments Received: Number of segments received with errors.
n
Attempt Fails: Number of failed connection attempts.
n
Segments Retransmitted: Number of retransmitted segments. Segments are retransmitted
when the server does not respond to a packet sent by the client. A retransmit limits the
number of lost and discarded packets.
n
Established Resets: Number of established connections that have been reset.
Digi ConnectPort X Family
222
�Using the Digi ConnectPort X Family web interface
Administration
UDP Statistics
n Datagrams Received/Datagrams Sent: Number of datagrams received or sent.
n
Bad Datagrams Received: Number of bad datagrams received. This number does not include
the value contained by No Ports.
n
No Ports: Number of received datagrams that were discarded because the specified port was
invalid.
ICMP Statistics
n Messages Received: Number of messages received.
n
Bad Messages Received: Number of received messages with errors.
n
Destination Unreachable Messages Received: Number of destination unreachable messages
received. A destination unreachable message is sent to the originator when a datagram fails to
reach its intended destination.
Wi-Fi LAN Statistics
n
Status: The current status of the wireless Digi device, which may include:
l
Not Connected: not associated or connected w/ any access point, perhaps because the
wireless device has not fully initialized, is out of range, or the wireless interface is
disconnected because the Ethernet interface is enabled.
l
Searching for Network: searching for a wireless network or access point for connection.
l
Associated with Network: successfully associated with the network w/ the proper
network settings and encryption.
l
Authenticated with Network: successfully authenticated a user name and password with
the network when WPA is enabled.
l
Joined Ad Hoc Network: successfully connected to and joined an ad-hoc network.
l
Started Ad Hoc Network: successfully created, started, and joined an ad-hoc network.
n
Network Name: The name of the wireless network to which the Digi device is connected.
n
Network ID: The ID of the wireless network to which the Digi device is connected and
communicating.
n
Channel: The frequency channel that the wireless LAN radio uses for the Digi device.
n
Transmit Rate: The current transmission rate for the wireless LAN radio.
n
Signal Strength: The current receive signal strength as reported by the wireless LAN radio.
Ranges are from 0 to 100.
Mobile Information and Statistics
The Mobile Information and Statistics Page displays detailed mobile statistics that may aid in
troubleshooting network communication problems with your mobile network. The statistics displayed
depend on whether your mobile service provider is GSM- or CDMA-based.
Digi ConnectPort X Family
223
�Using the Digi ConnectPort X Family web interface
Administration
SIM Information
n Slot: The number of the socket containing the SIM card.
n
IMSI:The International Mobile Subscriber Identity (IMSI) number that uniquely identifies the
SIM card.
n
Phone Number: The phone number associated with the mobile account, if available.
n
Status: The configuration status of the SIM. It may be one of these values:
l
Not configured: A mobile service provider has not been configured. Select a provider on
the Mobile Configuration page.
l
Disabled: The SIM will not be used to establish a mobile connection. To enable, click Apply
on the Mobile Configuration page.
l
Not installed: The SIM card is not plugged into the Digi device server.
l
Primary: This is the preferred SIM to use to establish mobile connections.
l
Secondary: If a mobile connection cannot establish connection with the primary SIM, the
mobile connection will establish a connection with the secondary SIM.
n
PIN Status: The status of the PIN code that may be needed to use the SIM. It may be one of
these values:
l
Ready: The PIN is correct, or no PIN is required.
l
Waiting for PIN: A PIN is required, but has not been configured. Type a PIN on the Mobile
Configuration page.
l
PIN incorrect: The PIN is not correct. It will not be tried again to prevent locking the SIM.
Type a new PIN on the Mobile Configuration page.
l
Waiting for PUK
Waiting for PIN2
Waiting for PUK2: An unlock code is required. This SIM must be unlocked before you can
use it in the Digi device server.
n
Active: The SIM used to establish a mobile connection.
Mobile Connection Statistics
n
n
Registration Status: The status of the modem's connection to the cellular network:
l
Not Registered: Digi device is not currently searching a new operator to register to.
l
Registered: Home network.
l
Not Registered: Digi device is currently searching a new operator to register to.
l
Registration Denied.
l
Unknown.
l
Registered - Roaming.
Location Area Code (aka “LAC”): The modem reports this value as a 4-hex-digit string. In the
mobile statistics it appears both as hex and decimal representations. For example “00C3
(195).”
Digi ConnectPort X Family
224
�Using the Digi ConnectPort X Family web interface
Administration
n
Cell ID: The modem’s identifier in hexadecimal and decimal, for example: “00C3 (195).”
n
Signal Strength (RSSI): The relative signal strength, displayed as signal strength LEDs.
l
0 LEDs: Unacceptable; Signal strength is not known or not detectable.
l
1 LED: Weak.
l
2 LEDs: Moderate.
l
3 LEDs: Good.
l
4: LEDs: Excellent.
Mobile Statistics
Mobile statistics include the interface status, bytes received and sent, baud rate, modem resets, and
inactivity timer.
n IP Address: The IP address of the PPP connection provided by the mobile service.
n
Primary DNS Address/Secondary DNS Address: The IP addresses of the DNS nameservers.
The nameserver specified on “dns1” performs the name lookups first, and if that fails, the
nameserver specified on “dns2” performs the name lookups.
n
Data Received: Total number of data bytes received.
n
Data Sent: Total number of data bytes sent.
n
Idle Resets: The number of times the modem has been reset because no data was received for
a period of time.
n
Inactivity Timer: The time, in seconds, after which if no data has received over the link, the
mobile connection will be disconnected and re-established.
Mobile Information
The Mobile Information section items are specific to a cellular modem or service provider account.
These vary in the information reported from modem to modem and also differ between CDMA and
GSM services. You will find this information useful when troubleshooting an issue and contacting
technical support. Some of the common information items include (but are not limited to):
n Mobile Version: Version number of the cellular modem.
n
IMSI: International Mobile Subscriber Identifier (IMSI), a unique 15-digit number which
designates the subscriber. This ID is the subscriber's code to access the cellular network. The
network uses this code for provisioning and to admit the device/user to its provisioned
services.
n
Phone Number: The phone number used to call the modem module. Two numbers are
displayed: the Mobile Directory Number (MDN) and the Mobile Identification Number (MIN).
n
Modem Manufacturer: The manufacturer of the modem module.
n
Model: The model name of the modem module.
n
Modem Serial Number: The serial number of the modem module.
n
Modem Revision: The firmware revision in the modem module.
n
Other Mobile Information: Depending on your mobile service provider, other mobile
information and settings may be provided after the modem revision.
Digi ConnectPort X Family
225
�Using the Digi ConnectPort X Family web interface
Administration
WiMAX Information and Statistics
For Digi devices equipped with WiMAX radios, the WiMAX page shows detailed information that may aid
in troubleshooting network communication problems with your WiMAX network.
n Connection Information: These items indicate the connection state of the radio and network.
n
Radio Status: The status and connection state of the radio, which may be one of the following:
l
No WiMAX device available: The radio may not be installed or functional.
l
Initializing: The radio is in the process of starting.
l
Disabled: The radio has been disabled. You can enable the radio on the WiMAX
Configuration page.
l
Ready: The radio is enabled and ready to scan or connect.
l
Scanning: The radio is searching for available networks.
l
Connecting: The radio is connecting to a network. The connection phase is also indicated.
l
Connected: The radio is connected to a network.
n
Connection Duration: The amount of time the current connection has been established.
n
Disconnect Reason: The reason the previous connection failed or was disconnected:
l
Connection Failed: Unable to connect to the network. Poor signal strength or no service
available can result in a connection failure.
l
Authentication Failed: The provider did not allow access to the network. Verify your user
credentials on the WiMAX Configuration page.
l
User Requested: A user or application requested the network to be disconnected.
l
Network Disconnect: Conditions on the network caused it to be disconnected. Poor signal
strength or no service available can result in a network disconnect.
l
Radio Reset: An error condition triggered the radio to restart.
n
Subscription Name: The name of the connected subscription or account.
n
Network Type: The relationship of the connected network to the service provider:
l
Home: The network is operated by the network service provider.
l
Partner: The network is operated by a partner of the network service provider.
l
Roaming: The network provides roaming access for the network service provider.
l
Unknown: The network may not allow connections for the network service provider.
n
NAP-ID: The identifier of the network access provider.
n
RSSI: Received signal strength indicator. A measure of the signal level of the network.
n
CINR: Carrier to interference and noise ratio. A measure of the signal quality of the network.
n
Signal Quality: A graphical indication of the signal quality. This value is determined from the
carrier to interference and noise ratio.
n
Network Information: These items report information on the network data connection. The
WiMAX interface and gateway IP addresses assigned by the service provider. The IP addresses
of the primary and secondary DNS servers assigned by the service provider.
Digi ConnectPort X Family
226
�Using the Digi ConnectPort X Family web interface
n
Administration
Radio Module Information: These items report information on the radio module. You will find
this information useful when troubleshooting issue and contacting technical support. The
information includes:
n
l
Radio module manufacturer, model, and MAC address
l
Software, firmware, and hardware version numbers
Networks Available: A list of networks that are available for connections. These networks are
discovered over the air by the radio during the scanning process. While connected, this list
shows the networks found prior to connecting and will not be updated.
IP Network Failover statistics
The IP Network Failover page displays detailed IP Network Failover status and statistics that may
aid in troubleshooting network communication problems. The IP Network Failover feature provides a
dynamic method for selecting the default gateway. If IP Network Failover is properly configured and
enabled, it overrides the Gateway Priority setting in the Advanced Network Settings. If failover is
off/disabled, the non-failover gateway configuration is enabled. To configure IP Network Failover, use
the Network > IP Network Failover page; see IP Network Failover settings. To configure the nonfailover default gateway priority list, use the Configuration > Network > Advanced Network
Settings page; see Advanced Network Settings.
Field
Description
Current Default Gateway
Status
The current status of the default gateway, including the interface
name, default gateway IP address, and how the default gateway was
configured (Failover or Non-Failover).
Digi ConnectPort X Family
227
�Using the Digi ConnectPort X Family web interface
Administration
Field
Description
Current Network Failover
Status
The current status of the Network Failover feature's management of
the default gateway.
Failover State: The current configured state of IP Network Failover
(On or Off).
Fallback to Non-Failover: The current configured state of the IP
Network Failover option to fall back to Non-Failover (On or Off). When
an IP Network Failover cannot configure a default gateway, it uses
the fallback option. Failure to configure a default gateway could
occur if one or more interfaces are not enabled (On) for IP Network
Failover use, or if those enabled interfaces are not Up or do not have
a gateway associated with them.
Interface Table: The current status of all available IP network
interfaces. The table is displayed in order of the interface priority
configured in the IP Network Failover settings. For each network
interface, the following information is displayed:
Priority: The interface priority that Network Failover uses. The
highest priority is 1, which is the first interface in the configured
Failover Interface Priority list.
Interface: The name of the network interface.
Status: The current failover status of this network interface. Status
values include:
n 1 - Responding: The interface is up and configured in the
system. It is currently responding to the link tests. This
interface is suitable for use as the default gateway.
n
2 - Up: The interface is up and configured in the system. Its
status has not been determined by the link tests, or no link
tests are configured. This interface may be suitable for use as
the default gateway.
n
3 - Not Responding: The interface is up and configured in the
system. However, it is not currently responding to the link
tests, and the number of consecutive test failures has reached
the threshold number configured in the IP Network Failover
settings. This interface may be suitable for use as the default
gateway.
n
4 - Down: The interface is down or not configured in the
system. However, it is not currently responding to the link
tests. This interface is not suitable for use as the default
gateway.
n
5 - Unknown: The interface is unknown (does not exist) in the
system. This interface is not suitable for use as the default
gateway.
Digi ConnectPort X Family
228
�Using the Digi ConnectPort X Family web interface
Field
Administration
Description
The number displayed for each status value indicates the priority of
that status. Failover uses this value to select the interface for the
default gateway. Status priority 1 is the most suitable for use, with
lower priorities considered suitable if there are no interfaces at the
highest priority.
The interface list is maintained in the interface priority order
configured in the Network Failover settings. When any interface
changes status, the interface list is examined for the interface that
has the highest status priority, nearest the start of the list. The
highest priority interface with a Responding status becomes the
default gateway. If there is no interface marked as Responding then
the highest Up interface becomes the default gateway.
Gateway: The gateway IP address associated with the interface, or
0.0.0.0 if the interface does not have an associated gateway. An
interface with no gateway is not suitable for use as the default
gateway.
State: The Network Failover enabled state (On or Off) for this
interface. The On state means failover is monitoring this interface,
and the Off state means failover is not using this interface for failover
purposes.
Tests: The number of Link Tests (0, 1 or 2) that are configured for this
interface.
Digi ConnectPort X Family
229
�Using the Digi ConnectPort X Family web interface
Administration
Field
Description
Current Network Gateway
Status (Non-Failover)
This information reports the status of the non-failover management
of the default gateway. If Network Failover is enabled (On) and can
successfully configure a default gateway, failover always overrides
the non-failover Gateway Priority configuration.
Interface Table: The current status of all available IP network
interfaces. The table is displayed in order of the interface priority
configured in the Advanced Network Settings. For each network
interface, the following information is displayed:
Priority: The priority of the interface configured in the Advanced
Network Settings. The highest priority is 1, which is the first interface
in the configured Advanced Network Settings Interface Priority list.
Interface: The name of the network interface.
Status: The current status of this network interface. Possible status
values and their meanings:
n 1 - Up: The interface is up and configured in the system. This
interface is suitable for use as the default gateway.
n
0 - Down: The interface is down or not configured in the
system. This interface is not suitable for use as the default
gateway.
The Interface Priority order configured in the Advanced Network
Settings maintains the interface list. When any interface changes
status, the interface list is examined for the interface that has the
highest status priority, nearest the start of the list. The highest
priority interface with an Up status becomes the default gateway.
Gateway: The gateway IP address associated with the interface, or
0.0.0.0 if the interface does not have an associated gateway. An
interface with no gateway is not suitable for use as the default
gateway.
Digi ConnectPort X Family
230
�Using the Digi ConnectPort X Family web interface
Administration
Field
Description
Current Failover Link Test
Statistics
These statistics indicate the successes and failures of the configured
link tests. The Network Failover feature uses these statistics to
manage the default gateway. For each network interface, the
following counters are maintained and reported. The values indicate
the total number for each interface and category, since the Digi
device was last powered on or rebooted.
Test Success: The total number of successful link tests. A link test is
successful if either of the configured tests (primary or secondary
destination) succeeds. When a link test succeeds, the interface is
reported as “Responding”.
Test Failure: The total number of failed link tests. A link test fails if
both of the configured tests (primary or secondary destination) fail,
or if only one link test is configured and it fails. If two link tests are
configured, and both of them fail, that is counted as a single link test
failure for the purpose of counting failures.
Bypass Test: The total number of bypassed link tests that did not run
for a number of possible reasons. A link test is bypassed if no
destinations are configured, if the interface has no associated
gateway, if the interface goes down while a test is in progress, or if
failover is disabled (turned off) while a test is running (disabled as a
feature or for the interface being tested).
Consecutive Failures: The current number of consecutive link test
failures for the interface. When the number of consecutive failures
reaches the threshold configured in the Network Failover settings,
the interface is reported as “Not Responding” and the default
gateway may be changed as a result. When a link test is successful,
or when the interface goes down and comes back up, the consecutive
failures counter is reset to zero.
Link Not Responding: The total number of link test failures that
occurred for the interface after it has been reported as “Not
Responding”. This counter allows you to determine how much time
an interface is in the “Not Responding” state.
Remote Manager status
Use the Remote Manager status section to view the connection status for the Remote Manager
service.
Position/GPS statistics
The Position statistics show information gathered from attached NMEA-0183 compliant GPS receivers
attached to the Digi device, and statically configured position parameters.
XBee Network
Use this section to view XBee module activity and detailed statistics. This information may aid in
troubleshooting network communication problems with your XBee network.
Digi provides several avenues for managing XBee networks and the devices in them:
n From a Digi device’s web interface. This section focuses on this interface.
n
From a Digi device’s command-line interface. See .
n
From Remote Manager’s XBee Networks view. See Management.
Digi ConnectPort X Family
231
�Using the Digi ConnectPort X Family web interface
Administration
Manage XBee networks from the web interface
To display information about XBee networks and devices within them from the web interface, select
Administration > System Information > XBee Network. The XBee Network statistics may aid in
troubleshooting network communication problems with an XBee network.
Field
Description
XBee sockets
statistics
This section includes data counters that are specific to XBee sockets
implemented using a Python application.
Frames Sent: The number of frames sent from local XBee device sockets.
Frames Received: The number of frames received by local XBee device sockets.
Bytes Sent: The total number of bytes sent from local XBee device sockets.
Bytes Received: The total number of bytes received from local XBee device
sockets.
XBee sockets
errors
This section includes error counters that are specific to XBee sockets
implemented using a Python application. Use these values to determine the
quality of sent or received data.
Transmit Frame Errors: The total number of frames not sent to the XBee driver
from the XBee device socket because of an internal error.
Receive Frame Errors: The total number of frames not received by the XBee
device socket because of an internal error.
Transmit Bytes Dropped: The total number of bytes dropped by XBee device
sockets because of an internal error on transmission.
XBee sockets
errReceive Bytes
Dropped by User
The total number of bytes dropped by the user because of an insufficiently sized
receive buffer.
Receive Bytes Dropped by Stack: The total number of bytes dropped internally
by XBee sockets because of insufficient internal buffers.
XBee network
statistics
This section includes data counters for all activity on the XBee network.
Frames received: The total number of frames received.
Bytes received: The total number of bytes received.
Frames transmitted: The total number of frames transmitted.
Bytes transmitted: The total number of bytes transmitted.
Remote commands: The number of frames that were commands to remote
nodes.
Address discoveries: The number of frames that required the discovery of the
network address of a remote node.
Route discoveries: The number of frames that required the discovery of the
route to a remote node.
Transmission retries: The number of frames that were retransmitted because
of they were not acknowledged by the remote node.
Digi ConnectPort X Family
232
�Using the Digi ConnectPort X Family web interface
Administration
Field
Description
XBee network
errors
This section includes error counts for all activity on the XBee network. Use
these values to determine the quality of sent or received data.
Removed from queue: The number of frames not transmitted due to a time
limit set by an application.
Unable to transmit: The number of frames not transmitted due to a
transmission error. This includes duty cycle limits and CCA and PHY errors.
Address not found: The number of transmitted frames for which the network
address of a remote node could not be found.
Route not found: The number of transmitted frames for which the route to a
remote node could not be found.
Not acknowledged: The number of transmitted frames not acknowledged by
the remote node.
No response or status: The number of transmitted frames for which no
indication of success or failure was received from the local radio.
XBee device status page
Configuration > Network > XBee > Device Status displays detailed information on the state of Digi
device and its role as a gateway device in the XBee network. The parameters displayed vary based on
the capabilities supported by the node's XBee module. See Device Status.
SureLink statistics
Digi SureLink provides an “always-on” mobile network connection to ensure that a Digi device is in a
state where it can connect to the network. The statistics displayed for Digi SureLink pertain to the
periodic tests, known as Link Integrity Monitoring tests, that run over the established PPP connection
to ensure that end-to-end communication is possible. There are three Link Integrity Monitoring tests
available: Ping Test, TCP Connection Test, and DNS Lookup Test. For descriptions of these tests, see
Link integrity monitoring settings. In these SureLink statistics, a “session” is a PPP session. The
session statistics are reset to zero at the start of a new PPP connection. The “total” statistics are the
accumulated totals for all sessions since the device booted. The “tests” are the SureLink Link Integrity
Monitoring tests that you configured to be run when establishing the mobile network connection.
n Session Successes: The number of times a configured test ran and succeeded in the current
PPP session.
n
Session Failures: The number of times a configured test ran and failed in the current PPP
session.
n
Session Consecutive Failures: The number of consecutive failures for a test, with no success.
When a test is successful, the consecutive failures counter resets to zero. The consecutive
failures counter indicates a device's “progress” toward the configured maximum number of
consecutive failures, after which the PPP link goes down (and restarts).
n
Session Bypasses: SureLink testing bypasses a test when a configuration parameter is bad.
This means the test was not run. If the PPP connection goes down while a test is in progress,
the SureLink testing classifies the test as bypassed, since it could not be run. (Note that the
PPP link may go down for many reasons, independent of SureLink testing.)
n
Total Successes: The total number of times a configured test ran and succeeded since you
started the Digi device.
Digi ConnectPort X Family
233
�Using the Digi ConnectPort X Family web interface
n
Administration
Total Failures: The total number of times a configured test ran and failed since your started
the Digi device.
n
Total Link Down Requests: The number of times the SureLink feature failed consecutively, the
configured number of failures and, as a result, requested that PPP shut down and restart its
connection. This statistic counts such occurrences during the current device boot. SureLink
itself does do the PPP stop/start; it sends a message to PPP asking it to do so, owing to a
SureLink test failure.
n
Total Bypasses: The total number of test bypasses (see “session bypasses”) since you started
the Digi device.
Diagnostics
Use the ping utility on the Diagnostics page to determine whether the Digi device can access remote
devices over the network. Type the host name of the remote device you want to access, and click
Ping.
Reboot
Changes to some device settings require saving the changes and rebooting the Digi ConnectPort X.
Use the Reboot page to reboot the Digi ConnectPort X. To reboot a Digi ConnectPort X from the web
interface.
Note The user must have permission to execute a reboot. See User Configuration.
1. Select Administration > Reboot.
2. Click the Reboot button. Wait approximately one minute for the reboot to complete.
Enable/disable access to network services
You can enable and disable access to various network services, such as ADDP, RealPort, SNMP, and
telnet. For example, you can disable access to all network services that are not required for running or
interfacing with the Digi ConnectPort X product for performance and security reasons. From the web
interface, you can enable and disable network services on the Network Services Settings page for a
Digi ConnectPort X product. See Network Services Settings.
Digi ConnectPort X Family
234
�Configure and manage the device using the Digi
ConnectPort X Family command line interface
You can issue commands from the command line to configure, manage, and monitor Digi ConnectPort
X Family devices. For a description of the complete command set, see Digi Connect® Family Command
Reference.
This section gives some basics for using the command line interface, as well as listing some commonly
used commands by function.
Configuration through the command line
Management through the command line interface
Administration
Digi ConnectPort X Family
236
236
244
235
�Configure and manage the device using the Digi ConnectPort X Family
command line interface
Configuration through the
command line
Configuration through the command line
You can configure the Digi ConnectPort X product by entering a series of command to set values
through the command-line interface.
Access the command-line interface
To access the command-line interface and send configuration commands to the Digi ConnectPort X
device:
1. Launch the command-line interface by using the telnet command.
2. To launch the CLI via telnet, issue the following telnet command from a command prompt on
another networked device, such as a server:
#> telnet ip-address
Replace ip-address with the IP address of the Digi ConnectPort X device. For example:
#> telnet 192.3.23.5
If security is enabled for the Digi ConnectPort X device, a login prompt appears for telnet
access. If you do not know the user name and password for the device, contact the system
administrator who originally configured the device.
Basics for using the command-line interface
The Digi ConnectPort X offers online help for CLI commands. Use the following command examples to
get help for using commands.
n help displays all supported commands for a device.
n
? displays all supported commands for a device.
n
set ? displays the syntax and options for the set command. Use this command to determine
whether the device includes a particular set command variant to configure various features.
n
help set displays syntax and options for the set command.
n
set serial ? displays the syntax and options for the set serial command.
n
help set serial displays the syntax and options for the set serial command.
Management through the command line interface
This section provides information on some key commands available from the command line interface.
For more information, see the Digi Connect Family Command Reference on www.digi.com.
Use the following commands to display information and statistics:
n display
n
flashdrv
n
info
n
set alarm
n
set buffer and display buffer
Digi ConnectPort X Family
236
�Configure and manage the device using the Digi ConnectPort X Family
command line interface
n
set snmp
n
show
Management through the command
line interface
Use the following commands to manage connections and sessions:
n close
n
connect
n
dhcp
n
exit and quit
n
ping
n
reconnect
n
rlogin
n
send
n
status
n
telnet
n
vpn
n
who and kill
Use the following commands to configure the product:
n display mobile (cellular)
n
display provisioning
n
display wimax
n
newpass
n
send mode
n
set accesscontrol
n
set alarm
n
set autoconnect
n
set buffer and display buffer
n
set forward
n
set host
n
set mgmtconnection
n
set mgmtglobal
n
set mgmtnetwork
n
set mobile
n
set nat
n
set network
n
set pmodem
n
set pppoutbound
n
set profiles
Digi ConnectPort X Family
237
�Configure and manage the device using the Digi ConnectPort X Family
command line interface
n
set realport
n
set rtstoggle
n
set serial
n
set service
n
set snmp
n
set system
n
set tcpserial
n
set user
n
set wimax
n
set wlan
n
set xbee
Management through the command
line interface
Use the following commands to manage XBee networks and nodes:
n display mesh
n
info zigbee_sockets
n
set mesh
n
xbee
close
Use the close command to close active sessions that were opened by connect, rlogin, and telnet
commands.
connect
Use the connect command to establish a connection with a serial port.
dhcp
The dhcp command manages DHCP server operation.
display
Use the display commands to display real-time information about a device, such as:
n General product information, including the product name, MAC address, boot, post, and
firmware versions, memory usage, utilization, and uptime, or the amount of time since the
device was booted (display device).
n
Active interfaces on the system. These include the web interface, command line interface,
Point-to-Point Protocol (PPP), and Ethernet interface, and their status, such as Closed or
Connected (display netdevice).
n
Logged serial data (display logging/).
n
Memory usage information (display memory).
n
Serial modem signals (display serial).
Digi ConnectPort X Family
238
�Configure and manage the device using the Digi ConnectPort X Family
command line interface
Management through the command
line interface
n
Mobile connection information and statistics (display mobile).
n
Network Address Translation (NAT) information (display nat).
n
General status of the sockets resource (display sockets).
n
Active TCP sessions and active TCP listeners (display tcp).
n
Current UDP listeners (display udp).
n
Point-to-Point Protocol (PPP) information, including results of Link Integrity Monitoring tests
by Digi SureLink (display pppstats).
n
Provisioning information currently in the Digi device device’s CDMA module (display
provisioning).
n
Uptime information (display uptime).
n
Virtual Private Network (VPN) connection information (display vpn).
display mesh
Use the display meshcommand to refresh the display of XBee network devices, and displays specific
information about XBee network devices. Displayed information includes the node address and ID list,
as well as individual node status.
display mobile (cellular)
Use the display mobile command to display mobile (cellular) statistics.
display provisioning
Use the display provisioning command to provision CDMA cellular modules.
display wimax
Use the display wimax command to display Wi-MAX information and statistics.
exit and quit
Use the exit and quit commands to terminate a currently active session.
info
Use the info commands to display statistical information about a device over time. The statistics
displayed are those gathered since the tables containing the statistics were last cleared. The type of
statistics include:
n Device statistics. The info device command displays such details as product, MAC address,
boot, POST, and firmware versions, memory usage, utilization, and uptime.
Digi ConnectPort X Family
239
�Configure and manage the device using the Digi ConnectPort X Family
command line interface
n
Management through the command
line interface
Ethernet statistics. The info ethernet command displays statistics regarding the Ethernet
interface, including:
n
l
The number of bytes and packets sent and received
l
The number of incoming and outgoing bytes that were discarded or that contained errors
l
The number of Rx overruns
l
The number of times the transmitter was reset
l
The number of incoming bytes when the protocol was unknown
ICMP statistics. The info icmp command displays the number of messages, bad messages, and
destination unreachable messages received.
n
n
n
Serial statistics. The info serial command displays the following information:
l
Number of bytes received and transmitted
l
Signal changes
l
FIFO and buffer overruns
l
Framing and parity errors
l
Breaks detected
TCP statistics. The info tcp command displays the following information:
l
The number of segments received or sent
l
The number of active and passive opens
l
The number of bad segments received
l
The number of failed connection attempts
l
The number of segments retransmitted
l
The number of established connections that were reset
UDP statistics. The info udp command displays the following information:
l
The number of datagrams received or sent
l
The number of bad datagrams received
l
The number of received datagrams that were discarded because the specified port was
invalid
n
To display mobile statistics, use the display mobile command instead of the info command.
info zigbee_sockets
Use the info zigbee_sockets command to display statistics about XBee device sockets and data
communications activity on an XBee network. These statistics show what is happening on the XBee
network from the ConnectPort X gateway’s perspective; essentially data from the XBee module’s
perspective as interpreted by the XBee driver in the gateway.
newpass
Use the newpass command to issue a new password to a user.
Digi ConnectPort X Family
240
�Configure and manage the device using the Digi ConnectPort X Family
command line interface
Management through the command
line interface
ping
Use the ping command to test whether a host or other device is active and reachable.
reconnect
Use the reconnect command to reestablish a connection opened by a connect, rlogin, or telnet
command. By default, the reconnect command reestablishes the connection to the last active
session.
rlogin
Use the rlogin command to sign in to a remote system.
send
Use the send command to send a telnet control command, such as break, abort output, are you there,
escape, or interrupt process, to the last active telnet session.
send mode
Use the send mode command to configure the telnet control commands. For example, send telnet
control command to last active telnet session or set telnet operating options.
set accesscontrol
Use the set accesscontrol command to limit network access (IP filtering) to the Digi device.
set alarm
Use the set alarm command to display alarm settings, including conditions that trigger alarms, and
how alarms are sent. You can configure alarms to be sent as either an email message, an SNMP trap,
or both. You can configure the alarms as needed.
set autoconnect
Use the set autoconnect command to configure the autoconnection behaviors for serial port
connections.
set buffer and display buffers
Use the set buffer command to configure buffering parameters on a port and display the current port
buffer configuration. The display buffers command displays the contents of a port buffer, or
transfers the port-buffer contents to a server running Trivial File Transfer Protocol (TFTP).
set forward
Use the set forward command to configure IP forwarding.
set host
Use the set host command to configure the host name for the Digi device.
Digi ConnectPort X Family
241
�Configure and manage the device using the Digi ConnectPort X Family
command line interface
Management through the command
line interface
set mesh
Use the set meshcommand to configure XBee network settings for a ConnectPort X gateway. It also
displays current configuration parameters on the gateway mesh node or of remote nodes in the mesh
(specified by the address option).
set mgmtconnection
Use the set mgmtnetwork command to configure the Remote Manager connection settings.
set mgmtglobal
Use the set mgmtglobal command to configure the Remote Manager global settings.
set mgmtnetwork
Use the set mgmtnetwork command to configure the Remote Manager network settings.
set mobile
Use the set mobile command to configure the cellular communication settings.
set nat
Use the set nat command to configure the router and Network Address Translation (NAT) settings.
set network
Use the set network command to configure the network options.
set pmodem
Use the set pmodem command to configure the modem emulation.
set pppoutbound
Use the set pppoutbound command to configure the PPP outbound connections.
set ppp
Use the set ppp command to configure PPP connections.
set profiles
Use the set profiles command to configure the port profile for a serial port.
set realport
Use the set realport command to configure RealPort.
Digi ConnectPort X Family
242
�Configure and manage the device using the Digi ConnectPort X Family
command line interface
Management through the command
line interface
set rtstoggle
Use the set rtstoggle command to configure the RTS toggle.
set serial
Use the set serial command to configure the serial port options.
set service
Use the set service command to configure the network services.
set snmp
Use the set snmp command to configure SNMP, including SNMP traps, such as:
n Authentication failure
n
Cold start
n
Link up
n
Login traps
The set snmp command also displays current SNMP settings.
set system
Use the set system command to configure the system identifying information.
set tcpserial
Use the set tcpserial command to configure serial TCP.
set user
Use the set user command to configure a user.
set wlan
Use the set wlan command to configure wireless devices.
set wimax
Use the set wimax command to configure the Wi-MAX communication settings.
set wlan
Use the set wlan command to configure wireless devices.
set xbee
Use the set xbee command to configure the XBee network settings, including ZB, 802.15.4, and other
XB RF protocols.
Digi ConnectPort X Family
243
�Configure and manage the device using the Digi ConnectPort X Family command line interface
Administration
status
Use the status command to display a list of sessions or outgoing connections made by the connect,
rlogin, or telnet commands for a Digi device. Use the status command to determine which of the
current sessions to close.
show
Use the show commands to display current settings on a Digi device.
telnet
Use the telnet command to establish an outgoing telnet connection, also known as a session.
vpn
Use the vpn command to manage Virtual Private Network (VPN) connections.
xbee
The xbee command executes an XBee utility or displays the status of actions performed by the XBee
utilities. Actions include displaying information about the XBee network setup, sending loopback data,
displaying the status of XBee firmware, and scheduling XBee firmware updates.
who and kill
Use the who command to display a global list of connections. The list of connections includes those
associated with a serial port or the command-line interface.
Use the kill command to terminate active connections based on the ID number returned from the
who results.
Use the who command to determine any connections that are no longer needed, and end the
connections by issuing a kill command.
Administration
You can issue commands from the command-line interface to administer Digi ConnectPort X Family
products. The following table displays several administration tasks and the commands used to
perform them. See the Digi Connect® Family Command Reference for more complete command
descriptions.
Administrative task
Command
Backup/restore a configuration from a backup
TFTP server on the network
Digi ConnectPort X Family
244
�Configure and manage the device using the Digi ConnectPort X Family command line interface
Administration
Administrative task
Command
Update firmware
boot
To update the firmware:
1. Telnet to the Digi device command-line interface
using a telnet application or hyperterm.
2. A login prompt appears. The default user name is
root and the unique default password is printed on
the device label. If the password is not on the device
label, the default password is dbps. If neither of the
defaults work, the password may have been
updated. Contact your system administrator.
3. If you are at the bash shell, type configshell to get
to the config shell.
4. Issue the boot load command:
#> boot load=tftp-server-ip:filename
Replace tftp-server-ip with the IP address of the
TFTP server that contains the firmware, and
replace filename with the name of the file to upload.
Note The user must have permission to execute a reboot.
See User Configuration.
Reset configuration to factory defaults revert
or
boot action=factory
Display system information and
statistics
info
Reboot the device
boot
Enable/disable network services
set service
Digi ConnectPort X Family
245
�Specifications and certifications
This chapter provides hardware specifications, additional feature detail, and regulatory statements
and certifications for Digi devices.
Hardware specifications
Wireless networking features
Digi ConnectPort X Family regulatory information and certifications
International EMC (Electromagnetic Emissions/Immunity/Safety) standards
Europe
System status LEDs
Digi ConnectPort X Family
247
252
253
255
255
258
246
�Specifications and certifications
Hardware specifications
Hardware specifications
This section provides the hardware specifications for all products in the Digi ConnectPort X Family.
ConnectPort X2 specifications
Specification
Environmental
Digi ConnectPort X Family
Value
Ambient temperature
-40 to 85 C (-40 to 185F)
Relative humidity
Relative humidity not to exceed 95% non-condensing
over the temperature range from 4C to 45C. Above
45C, constant absolute humidity shall be maintained.
Storage and transport
temperature
-40 to 85C (-40 to 185F)
Altitude
2000 meters (6560 feet)
Ethernet isolation
1500VAC min per IEEE802.3/ANSI X3.263
247
�Specifications and certifications
Specification
Power
requirements
Hardware specifications
Value
DC power input
ConnectPort X2 Industrial (metal enclosure):
n 9-30VDC
n
Power consumption: Idle: 0.6 W; Max: 1.8 W
For ConnectPort X2 XTend/XStream variants:
Idle: 0.2 W;
Max: 9.9 W
n
Connector: 2.35mm x 5.7mm, locking barrel,
center pin positive
n
ConnectPort X2 Commercial (plastic enclosure)
n
5VDC
n
Power consumption: Idle: 0.6 W; Max: 1.8 W
n
Connector: 2.35mm x 5.7mm, barrel, center pin
positive
AC power supply
(domestic SKUs)
Can be powered by an external power supply.
n Certifications: UL /c-UL Listed ITE (LPS) or
Class II power supply
n
Input voltage: 120 VAC +/- 10%
n
Input frequency: 60 Hz
n
Output voltage: 12 VDC +/- 5%
n
Max output current: 500 mA
n
Temperature range: +32 to 104F (0 to 40C)
n
Connector: 2.1mm x 5.5mm, locking barrel,
center pin positive
AC power supply
(international SKUs)
n
Certifications: CE/UL /c-UL Listed ITE or Class
II power supply
n
Input voltage: 100 VAC to 240 VAC
n
Input frequency: 50-60 Hz
n
Output voltage: 12 VDC +/- 5%
n
Max output current: 1.66 A
n
Temperature range: +32 to 104F (0 to 40C)
n
Connector: 2.1mm x 5.5mm, locking barrel,
center pin positive
Digi ConnectPort X Family
248
�Specifications and certifications
Specification
Dimensions
Hardware specifications
Value
Length
n
11.4 cm (4.5 in)
n
For ConnectPort X2 XTend/XStream variants:
15.75 cm (6.2 in)
Width
7.0 cm (2.75 in)
Height
2.9 cm (1.125 in)
Weight
0.20 kg (0.44 lb)
ConnectPort X4 specifications
Specification
Environmental
Value
Ambient temperature
0 to +40C (+32F to 104F)
n The ambient temperature of the unit may
be further limited by the ambient
temperature limits of the internal
modules.
n
The ambient temperature of the internal
modules must not be exceeded for proper
operation. Refer to the installed module's
specifications.
Digi ConnectPort X Family
Relative humidity
Relative humidity not to exceed 95% noncondensing over the temperature range from 4C
to 45C. Above 45C, constant absolute humidity
shall be maintained.
Storage and transport
temperature
-40 to 85C (-40 to 185F)
Altitude
2000 meters (6560 feet)
Ethernet isolation
1500VAC min per IEEE802.3/ANSI X3.263
249
�Specifications and certifications
Specification
Power
requirements
Hardware specifications
Value
DC power input
n
Voltage input: 6-30VDC
n
Power consumption: Idle: 1.5W Max:
10.4W
n
Connector: 2.35mm x 5.7mm, locking
barrel, center pin positive
AC power supply
n
Certifications: CE/UL /c-UL Listed ITE
(LPS) or Class II power supply
n
Input voltage: 100 VAC to 240 VAC
n
Input frequency: 50-60 Hz
n
Output voltage: 12 VDC +/- 5%
n
Max output current: 1.66 A
n
Temperature range: +32 to 104F (0 to
40C)
n
Connector: 2.1mm x 5.5mm, locking
barrel, center pin positive
Dimensions
Memory
Digi ConnectPort X Family
Length
13.3 cm (5.25 in)
Width
8.5 cm (3.35 in)
Depth
2.5 cm (0.97 in)
Weight
1.18 kg (2.60 lb)
Maximum size of external
flash drive
4 GB
250
�Specifications and certifications
Hardware specifications
ConnectPort X4 H specifications
Specification
Environmental
Power
requirements
Value
Ambient temperature
-40C to +60C (-40F to 140F)
Relative humidity
Relative humidity not to exceed 95% noncondensing over the temperature range from 4C
to 45C. Above 45C, constant absolute humidity
shall be maintained.
Storage and transport
temperature
-40C to 85C (-40F to 185F)
Altitude
2000 meters (6560 feet)
Ethernet isolation
1500VAC min per IEEE802.3/ANSI X3.263
IP rating
IP66
DC power input
n
Voltage input: 6-30VDC
n
Power consumption: Idle: 1.5W Max:
10.4W
n
Connector: 2.35mm x 5.7mm, locking
barrel, center pin positive
AC power supply
n
Certifications: CE/UL /c-UL Listed ITE
(LPS) or Class II power supply
n
Input voltage: 100 VAC to 240 VAC
n
Input frequency: 47-63 Hz
n
Max input watts: 25W max
n
Power: US power cord or European cord
option
Dimensions
Memory
Mounting
orientation
Digi ConnectPort X Family
Length
24.13 cm (9.5 in)
Width
15.88 cm (6.25 in)
Depth
8.89 cm (3.5 in)
Weight
1.45 kg (3.2 pounds)
Maximum size of external
flash drive
4 GB
Mount the ConnectPort X4 H on a flat, secure
surface with the cable strain release facing
downward.
251
�Specifications and certifications
Wireless networking features
Wireless networking features
The following table shows key wireless-networking features that you can configure in Wi-Fi-enabled
Digi device. For more details and up-to-date information on support of these features, see the readme
file for your Digi device.
Wireless feature
Specification
Standard
802.11bg
Frequency
2.4 GHz
Data Rates
Up to 54 Mbps with automatic rate fallback
Modulation
DBPSK (1 Mbps), DQPSK (2 Mbps), CCK (11, 5.5 Mbps), BPSK (6, 9
Mbps), QPSK (12,18 Mbps), 16-QAM (24, 36 Mbps), 64-QAM (48, 54
Mbps)
Country Code
Specifies the country where the product resides.
Network Mode
n
Open
n
Infrastructure mode
n
Ad-Hoc mode
Channel
Can use automatic channel search-and-select or a user-configurable
channel number.
Service Set Identifier (SSID)
A user-configurable SSID string or auto-connect option.
Wireless Security
Authentication Options
802.1x
(WPA2—/802.11i)
Authentication
n
Wi-Fi Protected Access (WPA/WPA2/802.11i)
n
Wired Equivalent Privacy (WEP)
n
Open
n
Shared
n
Wi-Fi Protected Access (WPA2—/802.11i)
n
WPA/WPA2 with pre-shared key (WPA-PSK)
n
LEAP (WEP), PEAP, TTLS, TLS, EAP-FAST
n
GTC, MD5, OTP, PAP, CHAP, MSCHAP, MSCHAPv2, TTLSMSCHAPv2
Encryption
n
Temporal Key Integrity Protocol (TKIP)
n
Counter mode CBC MAC Protocol (CCMP)
n
Wired Equivalent Privacy (WEP)
n
Use of encryption can be disabled
Network Key
A shared key (ASCII or Hexadecimal) for WEP or WPA-PSK.
Username
Specify the user name to use for 802.1x -based authentication (WPA).
Digi ConnectPort X Family
252
�Specifications and certifications
Digi ConnectPort X Family regulatory information and certifications
Wireless feature
Specification
Password
Specify the password to use for 802.1x based authentication (WPA).
Ekahau Client
Provides integrated support for Ekahau's Wi-Fi device-location
solution. Ekahau offers a complete access point vendor-independent
real-time location system for wireless LAN devices that is capable of
pinpointing wireless LAN devices such as the Digi Connect products,
laptops, PDAs, or other intelligent Wi-Fi enabled devices. The solution
provides floor-, room- and door-level accuracy of up to 3.5 feet (1 m).
The patented Ekahau positioning technology is based on simple
signal-strength calibration maps, and enables customers to fully
leverage an existing wireless LAN infrastructure without any need for
proprietary hardware components.
Wireless Networking Status
Features
The following status information can be displayed for Wireless Digi
devices.
For more detailed descriptions, see Wi-Fi LAN Statistics.
Connection Status
The status of the wireless network connection.
Network Mode
The network mode currently in use:
n Infrastructure mode
n
Ad-Hoc mode
Data Transfer Rate
The data transfer rate of the current connection.
Channel
The wireless network channel currently in use.
SSID
The selected SSID of the wireless network.
Wireless Security: Wi-Fi
Protected Access
(WPA/WPA2/802.11i), Wired
Equivalent Privacy (WEP)
security and encryption
The status of the WEP/WPA/WPA2 security features, including the
Authentication Method currently in use and whether authentication is
enabled or disabled.
Signal Strength
A statistic that indicates the strength of the radio signal between 0
and 100 percent.
Digi ConnectPort X Family regulatory information and
certifications
This section documents Digi ConnectPort X Family regulatory information and certifications.
Digi ConnectPort X Family
253
�Specifications and certifications
Digi ConnectPort X Family regulatory information and certifications
FCC certifications and regulatory information (USA only)
n
FCC Part 15 Class B
n
Radio Frequency Interface (RFI) (FCC 15.105)
n
Labeling Requirements FCC (15.19)
FCC Part 15 Class B
These devices comply with the standards cited in this section:
n ConnectPort X2
n
ConnectPort X4
Radio Frequency Interface (RFI) (FCC 15.105)
This device has been tested and found to comply with the limits for Class B digital devices pursuant to
Part 15 Subpart B, of the FCC rules. These limits are designed to provide reasonable protection
against harmful interference in a residential environment. This equipment generates, uses, and can
radiate radio frequency energy, and if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. However, there is no guarantee
that interference will not occur in a particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try and correct the interference by one or more of the following
measures:
n Reorient or relocate the receiving antenna.
n
Increase the separation between the equipment and receiver.
n
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
n
Consult the dealer or an experienced radio/TV technician for help.
Labeling Requirements FCC (15.19)
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: (1)
this device may not cause harmful interference, and (2) this device must accept any interference
received, including interference that may cause undesired operation.
If the FCC ID is not visible when installed inside another device, then the outside of the device into
which the module is installed must also display a label referring to the enclosed module FCC ID.
Modifications (FCC 15.21)
Changes or modifications to this equipment not expressly approved by Digi may void the user’s
authority to operate this equipment.
Industry Canada (IC) certifications
This digital apparatus does not exceed the Class B limits for radio noise emissions from digital
apparatus set out in the Radio Interference Regulations of the Canadian Department of
Communications.
Le present appareil numerique n’emet pas de bruits radioelectriques depassant les limites applicables
aux appareils numeriques de la class B prescrites dans le Reglement sur le brouillage radioelectrique
edicte par le ministere des Communications du Canada.
Digi ConnectPort X Family
254
�Specifications and certifications
International EMC (Electromagnetic Emissions/Immunity/Safety) standards
International EMC (Electromagnetic Emissions/Immunity/Safety)
standards
These products comply with the requirements of following Electromagnetic
Emissions/Immunity/Safety standards.
Product
Emissions
Immunity
Safety
ConnectPort X2
EN55022
CISPR22
AN/NZS CISPR22
FCC Part 15 Subpart
B Class B
ICES-003
EN55024
IEC/EN60950-1
ConnectPort X4
EN55022:2006
AS/NZS CISPR
22:2006
ICES-003
FCC Part 15 Subpart
B Class B
EN55024:1998+A1:2001+
A2:2003
IEC/EN60950-1
UL 60950-1
CSA C22.2 No. 609501-03
ConnectPort X4 H
EN55022:2006
AS/NZS CISPR
22:2006
ICES-003
FCC Part 15 Subpart
B Class B
EN55024:1998+A1:2001+
A2:2003
EN61000-6-2:2005;
radiated immunity tested
to 10V
IEC/EN60950-1
UL 60950-22 (outdoor
version)
CSA C22.2 No. 609501-03
UL1604, Class 1 Div 2
Haz Loc
ConnectPort TS 4
n
CE
n
FCC Part 15
EN55024
n
UL 60950-1
n
CSA 22.2 No.
subpart B,
Class A
n
60950
n
EN60950
EN55022,
Class A
Europe
The Digi ConnectPort X is certified for use in several European countries. For information, visit
www.digi.com/resources/certifications.
If the Digi ConnectPort X is incorporated into a product, the manufacturer must ensure compliance of
the final product with articles 3.1a and 3.1b of the RE Directive (Radio Equipment Directive). A
Declaration of Conformity must be issued for each of these standards and kept on file as described in
the RE Directive (Radio Equipment Directive).
Furthermore, the manufacturer must maintain a copy of the Digi ConnectPort X user manual
documentation and ensure the final product does not exceed the specified power ratings, antenna
specifications, and/or installation requirements as specified in the user manual. If any of these
specifications are exceeded in the final product, a submission must be made to a notified body for
compliance testing to all required standards.
Digi ConnectPort X Family
255
�Specifications and certifications
Europe
OEM labeling requirements
The 'CE' marking must be affixed to a visible location on the OEM product.
CE labeling requirements
The CE mark shall consist of the initials “CE” taking the following form:
n If the CE marking is reduced or enlarged, the proportions given in the above graduated
drawing must be respected.
n
The CE marking must have a height of at least 5mm except where this is not possible on
account of the nature of the apparatus.
n
The CE marking must be affixed visibly, legibly, and indelibly.
Declaration of Conformity (DoC)
Digi has issued Declarations of Conformity for the Digi ConnectPort X concerning emissions, EMC, and
safety. For more information, see www.digi.com/resources/certifications.
Important note
Digi customers assume full responsibility for learning and meeting the required guidelines for each
country in their distribution market. Refer to the radio regulatory agency in the desired countries of
operation for more information.
Maximum power and frequency specifications
ConnectPort X2 - XBee (802.15.4)
Maximum power
Frequencies
11.16 mW
5 MHz channel spacing, beginning at 2405 MHz and ending at 2480 MHz.
Digi ConnectPort X Family
256
�Specifications and certifications
Europe
ConnectPort X2 - XBee (Zigbee)
Maximum power
Frequencies
6.3 mW
5 MHz channel spacing, beginning at 2405 MHz and ending at 2480 MHz.
ConnectPort X4 XBee (Digi Mesh)
Maximum power
Frequencies
11.16 mW
5 MHz channel spacing, beginning at 2405 MHz and ending at 2480 MHz.
2W
Cellular 850 and 900 MHz Bands.
1W
Cellular 1800 and 1900 MHz Bands.
ConnectPort X4 XBee (Zigbee)
Maximum power
Frequencies
11.16 mW
5 MHz channel spacing, beginning at 2405 MHz and ending at 2480 MHz.
2W
Cellular 850 and 900 MHz Bands.
1W
Cellular 1800 and 1900 MHz Bands.
ConnectPort X4H
Maximum power
Frequencies
11.16 mW
5 MHz channel spacing, beginning at 2405 MHz and ending at 2480 MHz.
2W
Cellular 850 and 900 MHz Bands.
1W
Cellular 1800 and 1900 MHz Bands.
Brazil
Model ConnectPort X2
For the ConnectPort X2 product using XBee Pro S3B module, the operating frequencies are 902 MHz
to 907.5 MHz and 915 MHz to 928 MHz.
Este equipamento opera em caráter secundário, isto é, não tem direito à proteção contra
interferência prejudicial mesmo de estações do mesmo tipo e não pode causar interferência a
sistemas operando em caráter primário.
Digi ConnectPort X Family
257
�Specifications and certifications
System status LEDs
System status LEDs
Digi devices have several LEDs that indicate system status, link activity, port activity, and diagnostics.
ConnectPort X2 LEDs and buttons
LED/button
Color and Light
Pattern
XBee Activity LEDs
Digi ConnectPort X Family
Description
Indicate network communications activity for
the XBee RF module in the gateway. For more
information on the states indicated by these
LEDs, see the description of the D5 (DIO5
Configuration) parameter in the product manual
for the XBee RF module.
Yellow (top LED)
Serial Data Out (to host)
Green (middle)
Serial Data In (from host)
Red (bottom)
Associate/Power Indicator. Indicates both power
to the interface board and the network
association status for the RF module in the
interface board.
Solid red
RF module powered and not associated to a
ZigBee network.
Blinking red
RF module has associated to a ZigBee network.
258
�Specifications and certifications
LED/button
Cellular Signal Strength
LEDs
System status LEDs
Color and Light
Pattern
Green
Description
Relative signal strength indicator (RSSI), shown
as a number of LEDs.
n 0: signal strength unknown or
unacceptable
n
1: signal strength low/weak
n
3: signal strength high/excellent
You can find specific dB values for the signal via
the web interface; go to Administration >
System Information > Mobile. Under Mobile
Connection, the signal strength appears in bars
and dBm. Or, from the command line, type the
display mobile command.
Ethernet Link LED
Solid yellow
Ethernet link is up.
Ethernet Activity LED
Blinking green
Ethernet traffic is on the link.
Reset button
Single press: Performs equivalent of a powercycle.
Press and hold: Resets device configuration
settings to factory defaults (factory reset).
ConnectPort X4 LEDs and buttons
Note For more detailed information about ConnectPort X4 LEDs, see ConnectPort X4 H LEDs.
Digi ConnectPort X Family
259
�Specifications and certifications
Digi ConnectPort X Family
System status LEDs
260
�Specifications and certifications
System status LEDs
ConnectPort X4 H LEDs
LED/button
Color and Light Pattern
Description
Power LED
Green
Power on.
Not illuminated
Power off.
Digi ConnectPort X Family
261
�Specifications and certifications
System status LEDs
LED/button
Color and Light Pattern
Description
Status LED
Yellow
Blinks during product initialization and factory
reset, using the light patterns below. During
normal device operation, after initialization, and
factory reset, this LED is off and should never
blink. If it blinks constantly, contact Digi
Technical Support.
1-1-1 blinking yellow
Initializing firmware.
1-5-1 blinking yellow
Device configuration has been restored to its
factory defaults.
Other blinking yellow
Contact Digi Technical Support.
Cellular Link LED
Solid yellow
Cellular link is up.
Cellular Activity
LEDs
Blinking green
Cellular traffic is on the link.
Cellular Signal
Strength LEDs
Amber or green depending
on cellular signal type
Relative signal strength indicator (RSSI), shown
as a number of LEDs.
n 0: signal strength unknown or
unacceptable
n
1: signal strength low/weak
n
5:: signal strength high/excellent
You can find specific dB values for the signal via
the web interface; go to Administration >
System Information > Mobile. Under Mobile
Connection, the signal strength appears in bars
and dBm. Or, from the command line, type the
display mobile command.
ConnectPort X4 models have a feature where
the signal strength LEDs change colors to
indicate which type of cellular signal is detected.
Amber = 2G network
Green = 3G network
Digi ConnectPort X Family
262
�Specifications and certifications
System status LEDs
LED/button
Color and Light Pattern
Description
XBee Link LED
Green
Indicates that the XBee RF module in the
gateway has associated with an XBee network.
For more information on the states indicated by
this LED, see the description of the D5 (DIO5
Configuration) parameter in the product manual
for the XBee RF module.
Solid green
XBee module in gateway is associated (or
coordinator is started).
Fast blinking (20 Hz) green
An Ident (identify) button has been pressed on a
remote node.
Slow (1 Hz) blinking green
XBee module in gateway is not associated.
Off
XBee module in gateway is disabled or not
recognized.
XBee Activity LED
Yellow
On for 25 ms when data is sent or received from
the XBee module in the gateway.
Ethernet Link LED
Solid yellow
Ethernet link is up.
Ethernet Activity
LED
Blinking green
Ethernet traffic is on the link.
Reset button
(ConnectPort X4
model only)
N/A
Single press: Performs equivalent of a powercycle.
Press and hold: Resets device configuration
settings to factory defaults (factory reset).
There is no reset button on the ConnectPort X4
H.
Digi ConnectPort X Family
263
�Troubleshooting
This section provides information on resources and processes available for troubleshooting your Digi
device.
Replace Connect ES time-lag fuses
The Connect ES product family implements an AC inlet receptacle with replaceable mains fusing. When
the product is used at locations with high AC mains voltages (220 Vac and above), there is a potential
for large in-rush currents, large enough to trip one or both of the mains fuses. Therefore, Digi
international is upgrading the fuse type to one that better resists these in-rush current conditions.
For replacement instructions, see Replace Connect ES time-lag fuses.
Digi ConnectPort X Family
264
�Troubleshooting
Troubleshooting resources
Troubleshooting resources
Use the troubleshooting information in this section to resolve your issue with your Digi device. If you
cannot resolve the issue using the information in this section, there are several resources you can use
to resolve your issue on the Digi Support site.
To resolve a problem from the Digi Support site:
1. Visit Digi’s Knowledge Base at www.digi.com/support/knowledge-base and search for articles
related to your situation.
2. Visit our support forums at www.digi.com/support/forum/ and search for posts from other
users with similar situations.
3. Complete a support ticket via email to tech.support@digi.com.
You will need to create a user account if one is not already set up.
4. To obtain direct assistance for your issue within a four hour time period, log in to your paid
support account (or create one) at www.digi.com/support, and submit a support ticket.
Digi ConnectPort X Family
265
�
工商网监
湘ICP备2023018690号
