TransPort LR User Guide
User Guide
TransPort LR User Guide
90001461
Revision Date Description
A April 2016 Initial revision.
Trademarks and copyright
Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United
States and other countries worldwide. All other trademarks mentioned in this document are the
property of their respective owners.
© 2016 Digi International Inc. All rights reserved.
Disclaimers
Information in this document is subject to change without notice and does not represent a
commitment on the part of Digi International. Digi provides this document “as is,” without warranty
of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or
merchantability for a particular purpose. Digi may make improvements and/or changes in this
manual or in the product(s) and/or the program(s) described in this manual at any time.
Warranty
To view product warranty information, go to the following website:
http://www.digi.com/howtobuy/terms
Send comments
To provide feedback on this document, send your comments to techcomm@digi.com.
Customer support
Digi Technical Support: Digi offers multiple technical support plans and service packages to help our
customers get the most out of their Digi product. For information on Technical Support plans and
pricing, contact us at 877.912.3444 or visit us at www.digi.com/support.
Online: www.digi.com/support/eservice
TransPort LR User Guide 2
Contents
TransPort LR User Guide 2
TransPort LR Family User Guide
Hardware
TransPort LR54 hardware 9
Hardware summary 10
Hardware specifications 10
Serial connector pinout 15
LEDs 16
Antenna information 19
Regulatory and safety statements 20
Certifications 24
Management and status
Interfaces 27
Ethernet interfaces 28
Cellular interfaces 32
DSL interface 35
Wi-Fi interfaces 39
Serial interfaces 44
Local Area Networks (LANs) 46
Example LAN 46
Configure a LAN 47
Show LAN status and statistics 49
DHCP servers 50
Wide Area Networks (WANs) 52
Ethernet interfaces 52
Cellular interfaces 52
DSL interface 52
WAN failover 53
Configure a WANinterface 54
Example WAN failover: DSLto cellular 57
TransPort LR User Guide 3
Show WAN status and statistics 59
Security 60
User management 61
Firewalls 64
Alarms 65
Services and applications 66
Auto-run commands 67
Python 68
SSH server 69
Remote management 71
Remote Manager 72
Simple Network Management Protocol (SNMP) 73
Routing 76
IP routing 77
Virtual Private Networks (VPN) 83
System administration and management 94
Display and set system information settings 95
Set system date and time 96
Show system date and time 98
Updating firmware 99
Managing configuration files 102
Back up and restore device configuration settings 109
Reboot the device 109
Reset the device to factory defaults 109
Diagnostics 111
Event log 111
Use the "ping" command to troubleshoot network connections 112
Use the "traceroute" command to diagnose IProuting problems 112
Execute a command 113
File system
Make a directory 115
Display directory contents 116
Change the current directory 117
Remove a directory 118
Display file contents 120
Copy a file 121
Rename a file 122
Delete a file 123
Upload and download files 124
Upload files using SCP 124
Download files using SCP 124
Upload files using SFTP 124
Download files using SFTP 124
Troubleshooting
Common issues 127
Cellular issues 127
DSL issues 127
Wi-Fi issues 127
Serial issues 127
TransPort LR User Guide 4
Firewall issues 127
IPsec issues 127
Failover issues 127
User and authentication issues 127
SNMP issues 127
Firmware update issues 127
Troubleshooting tools and resources 128
Status displays 128
Event log 128
Display the event log 128
Clear the event log 129
Use the "ping" command to troubleshoot network connections 129
Use the "traceroute" command to diagnose IProuting problems 129
Reboot the device 130
Reset the device to factory defaults 130
Digi support site 131
Digi knowledge base 131
Need more help? 132
Command reference
Command-line interface basics 134
Command-line interface access options 134
Log in to the command line interface 134
Exit the command line interface 135
Display command and parameter help using the ? character 135
Revert command elements using the ! character 136
Auto-complete commands and parameters 136
Enter configuration commands 136
Save configuration settings to a file 137
Switch between configuration files 137
Display status and statistics using "show" commands 138
Enter file management commands 138
Clear logs and statistics 139
Update firmware and other device features 139
Command descriptions 140
autorun 141
cd 142
cellular 143
clear 145
cloud 146
copy 147
cpu 148
date 149
del 150
dhcp-server 151
dir 152
dsl 153
eth 156
firewall 158
failover 159
ip 161
ipsec 162
ipsec-failover 166
TransPort LR User Guide 5
lan 167
mkdir 168
more 169
ping 170
pwd 171
reboot 172
rename 173
rmdir 174
route 175
save 176
serial 177
show cellular 178
show cloud 180
show config 181
show dsl 182
show eth 186
show failover 189
show firewall 190
show ipsec 191
show ipstats 193
show lan 195
show log 196
show route 197
show serial 198
show system 199
show wan 201
show wifi 202
show wifi5g 203
snmp 204
snmp-community 205
snmp-user 206
sntp 207
ssh 208
system 209
update 211
user 212
wan 213
wifi 215
wifi5g 216
TransPort LR User Guide 6
TransPort LR Family User Guide
The TransPort LRFamily is a family of routers designed for connecting distributed retail terminals
(signs, kiosks, vending machines, point-of-care terminals) with business applications. Key features of
TransPort LRrouters include:
n Dual SIM cellular interfaces, providing redundancy
n Gobi 4G LTE, for flexibility
n Local command-line and web interfaces
n Superior network performance management through Digi Remote Manager (DRM)
n What other features do we want to cover here? Easy device setup through a wizard?
Programmability?
TransPort LR User Guide 7
Hardware
This section provides hardware specifications, reviews key hardware features, and lists regulatory
statements and certifications for TLR Family products.
TransPort LR User Guide 8
Hardware summary
Figures, callouts, and descriptions of TLRFamily models to be added here.
Hardware specifications
TransPort LR devices have the following hardware specifications:
Environmental specifications
Specification Value
Operating
temperature
Relative humidity 10% to 90% RH non-condensing
Storage and
transport
temperature
Power requirements
Specification Value
Power input
type
Voltage input 12V +/- 10%
Power
consumption
-20C to +70C (-4 to 158F)*
*Note: To limit unintentional contact with HOT SURFACES, install
the device in a Restricted Access Location above +60C.
-40 to 85C (-40 to 185F)
DC
1.5A
TransPort LR User Guide 10
Specification Value
TransPort LR54 hardware
Power
connector
4-pin Molex 39301040 connector (Digi part number 2312-0012), or equivalent.
Two pins are used for power; the other two pins are no-connect.
Dimensions
Specification Value
Width 20.7 cm (8.15 in)
Depth 13.85 cm (5.45 in)
Height 3.8 cm (1.5 in)
Weight 1.41 kg (3.1 lb)
Ethernet specifications
Specification Value
Ethernet ports 4 RJ45 shielded Ethernet ports
Physical layer 10/100 Base-T (Auto-MDIX)
Data rate 10Mbps, 100Mbps, 1Gbps
Mode Full or half duplex (auto-sensing)
Ethernet isolation 2250VDC
TransPort LR User Guide 11
TransPort LR54 hardware
Cellular specifications
Model Specification Value
TransPort LR54-AA401
TransPort LR54-AW401
Technology LTE, HSPA+,
UMTS
Downstream rates 300 Mbps (LTE),
42 Mbps (HSPA+)
Upstream rates 50 Mbps (LTE),
5.76 Mbps
(HSPA+)
Frequency Bands
LTE: 800, 850,
900, 1800, 1900,
2100 AWS, 2300,
2600 MHz
HSPA+, UMTS:
850, 900, AWS
1700, 1900, 2100
MHz
TransPort LR54-DA301 Technology HSPA+, UMTS,
GSM/GPRS/EDGE
Downstream rates 21 Mbps (HSPA+),
384 Kbps (UMTS),
296 Kbps (EDGE)
Upstream rates 5.76 Mbps
(HSPA+),
384 Kbps (UMTS),
236.8 Kbps
(EDGE)
Frequency Bands
HSPA+, UMTS:
800, 850, 900,
1700, 1900, 2100
MHz
GSM/GPRS/EDGE:
850, 900, 1800,
1900 MHz
TransPort LR User Guide 12
DSL specifications
Specification Value
DSL ports 1 RJ11DSL port
TransPort LR54 hardware
ADSL line modes
Auto (also known as Multimode)
ADSL2+
ADSL2
G.dmt
G.lite
Serial specifications
Specification Value
Serial ports
1 DB9 RS232 DCE serial port, female
Wi-Fi specifications
Specification Value
802.11 a/b/g/n/ac connections, dual band, dual concurrent
2.4GHz and 5GHz
Wi-Fi Modes
Wi-Fi access point mode
Wi-Fi client mode
Wi-Fi Security
Wi-Fi transmit power
Wi-Fi maximum data rates
WPA2 Personal
Mixed WPA/WPA2 Personal
WPA2 Enterprise
Mixed WPA/WPA2 Enterprise
2.4GHz
:
US variant: 13dBm (802.11g/n), 16dBm (802.11b)
EU variant: 11dBm (802.11g/n), 14dBm (802.11b)
5GHz
:
13dBm for all modes
54Mbps (802.11a)
11Mbps (802.11b)
54Mbps (802.11g)
300Mbps (802.11n)
866Mbps (802.11ac)
TransPort LR User Guide 13
TransPort LR54 hardware
Serial connector pinout
TransPort LR54 products are DCE devices. The pinout for the DB9 and RJ45 serial connectors is as
follows:
RS232
Signal name
Transmit Data TxD in 3 6
Receive Data RxD out 2 3
Ready To Send RTS in 7 1
Clear to Send CTS out 8 8
Data Set Ready DSR out 6
Ground GND N/A 5 5
Data Carrier Detect DCD out 1
Data Terminal Ready DTR in 4 2
Ring Indicate
signal
RI out Not
DCE signal
direction
DB9 pin
number
connected
RJ45 pin
number
4
7
N/A
TransPort LR User Guide 15
TransPort LR54 hardware
LEDs
The TransPort LR54 has LEDs on the top front panel. The number of LEDs varies by model. During
bootup, the front-panel LEDs light up in sequence to indicate boot progress. For example, here are
the LEDs for a TransPort LR54 Wi-Fi model:
There are also several LEDs on the rear WAN/LAN connectors that indicate network link and activity.
Power
n Off: No power.
n Blue: Unit has power.
WWAN Signal
Indicates strength of cellular signal.
4G connections
n Off: No service.
n Yellow: Poor / Fair signal.
n Green: Good / Excellent signal.
Tips for improving cellular signal strength:
If the WWAN Signal LED is yellow or off, try the following things to improve signal strength:
n Move the TransPort LR device to another location.
n Purchase a Digi Antenna Extender Kit:
l Antenna Extender Kit, 1m (76000954)
l Antenna Extender Kit, 3m (76000955)
3Gand 2G connections only
For 3G and 2G cellular connections, the current RSSI value serves as the signal strength indicator,
with the following thresholds:
n > -70dBm: Excellent
n -70dBm to -85dBm: Good
n -86dBm to -100dBm: Fair
n < -100dBm: Poor
n -110dBm: No service
WWAN Service
Indicates the presence and level of cellular service running on the device.
TransPort LR User Guide 16
n Off: No service.
n Blinking Green: 2G/3G/4G connection is coming up.
n Solid Yellow: 2G or 3G connection is up.
n Solid Green: 4G connection is up.
SIM1
Indicates use of the SIM card installed in SIM slot 1.
n Off: SIM 1 is not being used.
n Solid green: SIM 1 is being used or is coming up.
SIM 2
Indicates use of the SIM card installed in SIM slot 2.
n Off: SIM 2 is not being used.
n Solid green: SIM 2 is being used or is coming up.
n
Note SIM1 and SIM2 are never on both on at the same time.
DSL (DSL models only)
Indicates state of and activity on the DSL interface.
n Off: DSL interface is off.
TransPort LR54 hardware
n Slow blinking green: DSL interface is attempting to train up with the DSLAM.
n Fast blinking green: DSL interface is trained up with the DSLAM, and the PPP interface is
being brought up.
n Solid green: DSL interface is up and can pass IP traffic.
Wi-Fi 2.4GHz LED (Wi-Fi models only)
Indicates state and activity on the Wi-Fi 2.4GHz interface.
n Off: Wi-Fi 2.4GHz interface is disabled.
n Solid green: Wi-Fi 2.4GHz interface is enabled.
n Blinking green: Indicates Wi-Fi traffic on the interface.
Wi-Fi 2.5GHz LED (Wi-Fi models only)
Indicates state of and activity on the Wi-Fi 2.5GHz interface.
n Off: Wi-Fi 5GHz interface is disabled.
n Solid green: Wi-Fi 5GHz interface is enabled.
n Blinking green: Indicates Wi-Fi traffic on the interface.
Ethernet 1-4 Link and Activity (on rear panel)
These LEDs indicate that the Ethernet network interface is up and there is activity on the network
interface.
TransPort LR User Guide 17
n Off: No Ethernet link detected.
n Solid green: Ethernet link detected.
n Blinking green: Indicates Ethernet traffic.
TransPort LR54 hardware
TransPort LR User Guide 18
TransPort LR54 hardware
Regulatory and safety statements
The following regulatory and safety statements apply to TransPort LR devices.
RF exposure statement
In order to comply with RF exposure limits established in the ANSI C95.1 standards, the distance
between the antenna or antennas and the user should not be less than 20 cm.
FCC Part 15 Class B
Radio Frequency Interface (RFI) (FCC 15.105)
This device has been tested and found to comply with the limits for Class B digital devices pursuant
to Part 15 Subpart B, of the FCC rules. These limits are designed to provide reasonable protection
against harmful interference in a residential environment. This equipment generates, uses, and can
radiate radio frequency energy, and if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. However, there is no guarantee
that interference will not occur in a particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try and correct the interference by one or more of the following
measures:
n Reorient or relocate the receiving antenna.
n Increase the separation between the equipment and receiver.
n Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
n Consult the dealer or an experienced radio/TV technician for help.
Labeling Requirements (FCC 15.19)
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
(1) this device may not cause harmful interference, and (2) this device must accept any interference
received, including interference that may cause undesired operation.
If the FCC ID is not visible when installed inside another device, then the outside of the device into
which the module is installed must also display a label referring to the enclosed module FCC ID.
Modifications (FCC 15.21)
Changes or modifications to this equipment not expressly approved by Digi may void the user’s
authority to operate this equipment.
TransPort LR User Guide 20
EU Declaration Of Conformity
We, of
Manufacturer's Name: Digi International inc.
Manufacturer's Address: 11001 Bren Road East
Minnetonka, MN 55343
declare under our sole responsibility that the product:
Product Name: TransPort LR54
Model Number: 50001899-XX, (X=0~9)
to which this declaration relates are in conformity with the essential requirements and other
relevant requirements of EU Directive 2014/30/EU (EMC),EU Directive 2014/35/EU (LV) and
EU Directive 2011/65/EU (RoHS2)
Safety: EN 62368-1:2014
EN 50564:2011
EN 50385:2002
Comm: EN 50585:2014
EMC: EN 300 328 v1.9.1 (2015-02)
EN 301 489-1 v1.9.2 (2011-09)
EN 301 489-7 v1.3.1 (2005-11)
EN 301 489-17 v2.2.1 (2012-09)
EN 301 489-24 v1.5.1 (2010-10)
EN 55024:2010
EN 55022:2010 + AC:2011, Class B
EN 300 386 v1.6.1 (2012-09)
EN 61000-3-2:2014, Class A
EN 61000-3-3:2013
EN 61000-4-2:2009
EN 61000-4-3:2006 + A1:2008 + A2:2010
EN 61000-4-4:2012
EN 61000-4-5:2014
EN 61000-4-6:2014
EN 61000-4-11:2004
RoHS2: EN 50581:2012
Minnesota, USA, 15
th
, April 2016
(Place and date of issue) Authorised signature for and on
behalf of Digi International Inc.
Joel Young,VP,Engineering
European
Representative
:
Andreas Burghart
Digi International
GmbH Lise-Meitner-
StraRe 9 85737 lsmani
ng Germany
Telephone:+49-89-540-428-0
9100XXXX
Template 96000759E
Page 1 of 1
European Community - CE Mark Declaration of Conformity (DoC)
TransPort LR54 hardware
TransPort LR User Guide 21
TransPort LR54 hardware
5.10 Ignition of Flammable Atmospheres
Warnings for Use of Wireless Devices
Observe all warning notices regarding use of wireless devices.
Potentially Hazardous Atmospheres
Observe restrictions on the use of radio devices in fuel depots, chemical plants, etc. and areas where
the air contains chemicals or particles, such as grain, dust, or metal powders, and any other area
where you would normally be advised to turn off your vehicle engine.
Safety in Aircraft
Switch off the wireless device when instructed to do so by airport or airline staff. If the device offers
a ‘flight mode’ or similar feature, consult airline staff about its use in flight.
Safety in Hospitals
Wireless devices transmit radio frequency energy and may affect medical electrical equipment.
Switch off wireless devices wherever requested to do so in hospitals, clinics, or health care facilities.
These requests are designed to prevent possible interference with sensitive medical equipment.
Pacemakers
Pacemaker manufacturers recommended that a minimum of 15cm (6 inches) be maintained
between a handheld wireless device and a pacemaker to avoid potential interference with the
pacemaker. These recommendations are consistent with independent research and
recommendations by Wireless Technology Research.
Persons with Pacemakers:
n Should ALWAYS keep the device more than 15cm (6 inches) from their pacemaker when
turned ON.
n Should not carry the device in a breast pocket.
n If you have any reason to suspect that the interference is taking place, turn OFF your device.
TransPort LR User Guide 23
TransPort LR54 hardware
Certifications
International EMC (Electromagnetic Compatibility) and safety standards
This product complies with the requirements of following Electromagnetic Compatibility standards.
There are no user-serviceable parts inside the product. Contact your Digi representative through for
repair information.
Electromagnetic Compatibility (EMC) compliance
standards Safety compliance standards
EN 300 328 v1.8.1
EN 301 893 v1.7.2
EN 301 489
FCC Part 15 Subpart B Class B
FCC Part 15 Subpart C certification (Integrated Wi-Fi +
Cellular Modules)
EN 62368
TransPort LR User Guide 24
Management and status
These topics show how to configure and view status of various TransPort LR device features.
TransPort LR User Guide 26
Interfaces
Configurable network interfaces available depend on the TransPort LR device model. This section
covers configuring network interfaces from the web interface and command line.
Interfaces
TransPort LR User Guide 27
Interfaces
Ethernet interfaces
The Ethernet interfaces can be used as WAN or LAN interfaces. There is no IP configuration set on the
individual Ethernet interfaces. Instead, the IP configuration is done on the WAN and LAN interfaces.
Related topics
Configure Ethernet interfaces on page 28
Show Ethernet status and statistics on page 29
For more information on WAN interfaces and their configuration, see Wide Area Networks (WANs) on
page 52
For more information on LAN interfaces and their configuration, see Local Area Networks (LANs) on
page 46
Related commands
eth on page 156
show eth on page 186
Configure Ethernet interfaces
To configure an Ethernet interface, you must configure the following items:
Required configuration items
n Enable the Ethernet interface. The Ethernet interfaces are all enabled by default.
Additional configuration options
The following additional configuration settings are not typically configured to get an Ethernet
interface working, but can be configured as needed:
n A description of the Ethernet interface.
n The duplex mode of the Ethernet interface. This defines how the Ethernet interface
communicates with the device to which it is connected. The duplex mode defaults to auto,
which means the TransPort LR device negotiates with the connected device on how to
communicate.
n The speed of the Ethernet interface. This defines the speed at which the Ethernet interface
communicates with the device to which it is connected. The Ethernet speed defaults to auto,
which means it negotiates with the connected device as to what speed should be used.
From the command line
1. Enable the Ethernet interface. By default, all of the Ethernet interfaces are enabled.
eth 1 state on
2. Optional: Set the description for the Ethernet interface. For example:
eth 1 description “Connected to DSL WAN router”
TransPort LR User Guide 28
Interfaces
3. Optional: Set the duplex mode.
eth 1 duplex {auto | full | half}
4. Optional: Set the speed.
eth 1 speed {auto | 1000 | 100 | 10}
Related topics
Ethernet interfaces on page 28
Show Ethernet status and statistics on page 29
Related commands
eth on page 156
show eth on page 186
Show Ethernet status and statistics
To show the status and statistics for the DSLinterface, use the show eth on page 186 command. For
descriptions of the output fields, see show dsl on page 182. For example:
digi.router> show eth
Eth Status and Statistics Port 1
------------------------------------Description : Factory default configuration for Ethernet 1
Admin Status : Up
Oper Status : Up
Up Time : 1 Day, 13 Hours, 30 Minutes, 23 Seconds
MAC Address : 00:50:18:21:E2:82
DHCP : off
IP Address : 10.52.19.242
Netmask : 255.255.255.0
DNS Server(s) :
Link : 1000Base-T Full-Duplex
Received Sent
-------- ---Rx Unicast Packet : 6198 Tx Unicast Packet : 651
Rx Broadcast Packet : 316403 Tx Broadcast Packet : 2
Rx Multicast Packet : 442690 Tx Multicast Packet : 6
Rx CRC Error : 0 Tx CRC Error : 0
Rx Drop Packet : 0 Tx Drop Packet : 0
Rx Pause Packet : 0 Tx Pause Packet : 0
Rx Filtering Packet : 1 Tx Collision Event : 0
Rx Alignment Error : 0
Rx Undersize Error : 0
Rx Fragment Error : 0
Rx Oversize Error : 0
Rx Jabber Error : 0
Eth Status and Statistics Port 2
-------------------------------------
TransPort LR User Guide 29
Description :
Admin Status : Up
Oper Status : Up
Up Time : 1 Day, 13 Hours, 30 Minutes, 23 Seconds
MAC Address : 00:50:18:21:E2:83
DHCP : off
IP Address : 10.2.4.20
Netmask : 255.255.255.0
DNS Server(s) :
Link : 100Base-T Full-Duplex
Received Sent
-------- ---Rx Unicast Packet : 5531 Tx Unicast Packet : 2
Rx Broadcast Packet : 316403 Tx Broadcast Packet : 2
Rx Multicast Packet : 442694 Tx Multicast Packet : 2
Rx CRC Error : 0 Tx CRC Error : 0
Rx Drop Packet : 0 Tx Drop Packet : 0
Rx Pause Packet : 0 Tx Pause Packet : 0
Rx Filtering Packet : 0 Tx Collision Event : 0
Rx Alignment Error : 0
Rx Undersize Error : 0
Rx Fragment Error : 0
Rx Oversize Error : 0
Rx Jabber Error : 0
Interfaces
Eth Status and Statistics Port 3
------------------------------------Description :
Admin Status : Up
Oper Status : Up
Up Time : 1 Day, 13 Hours, 30 Minutes, 23 Seconds
MAC Address : 00:50:18:21:E2:84
DHCP : on
IP Address : 82.68.87.20
Netmask : 255.255.255.0
DNS Server(s) :
Link : 100Base-T Full-Duplex
Received Sent
-------- ---Rx Unicast Packet : 5530 Tx Unicast Packet : 2
Rx Broadcast Packet : 316405 Tx Broadcast Packet : 2
Rx Multicast Packet : 442699 Tx Multicast Packet : 4
Rx CRC Error : 0 Tx CRC Error : 0
Rx Drop Packet : 0 Tx Drop Packet : 0
Rx Pause Packet : 0 Tx Pause Packet : 0
Rx Filtering Packet : 0 Tx Collision Event : 0
Rx Alignment Error : 0
Rx Undersize Error : 0
Rx Fragment Error : 0
Rx Oversize Error : 0
Rx Jabber Error : 0
Eth Status and Statistics Port 4
-------------------------------------
TransPort LR User Guide 30
Description :
Admin Status : Up
Oper Status : Down
Up Time : 0 Seconds
MAC Address : 00:50:18:21:E2:85
DHCP : on
IP Address : Not Assigned
Netmask : Not Assigned
DNS Server(s) :
Link : No connection
Received Sent
-------- ---Rx Unicast Packet : 0 Tx Unicast Packet : 0
Rx Broadcast Packet : 0 Tx Broadcast Packet : 0
Rx Multicast Packet : 0 Tx Multicast Packet : 0
Rx CRC Error : 0 Tx CRC Error : 0
Rx Drop Packet : 0 Tx Drop Packet : 0
Rx Pause Packet : 0 Tx Pause Packet : 0
Rx Filtering Packet : 0 Tx Collision Event : 0
Rx Alignment Error : 0
Rx Undersize Error : 0
Rx Fragment Error : 0
Rx Oversize Error : 0
Rx Jabber Error : 0
digi.router>
Interfaces
Related topics
Ethernet interfaces on page 28
Configure Ethernet interfaces on page 28
Related commands
eth on page 156
show eth on page 186
TransPort LR User Guide 31
Interfaces
Cellular interfaces
The TransPort LR device has two cellular interfaces, named cellular1 and cellular2. These cellular
interfaces correspond to the physical SIMcard slots SIM1 and SIM2 respectively.
Both cellular interfaces cannot be up at the same time. If both cellular interfaces are enabled to on,
then cellular1 interface takes precedence.
A typical use case would be to have cellular1 (SIM1) configured as the primary cellular interface and
cellular2 (SIM2) as a backup cellular interface. If the TransPort LR device cannot connect to the
cellular network using SIM1, it will automatically failover to try to connect using SIM2.
For the TransPort LR device to automatically configure a default route for the cellular interface when
it is up and for it to be able to failover to and from the cellular interface, it must be assigned to a WAN
interface.
Related topics
Configure cellular interfaces on page 32
Show cellular status and statistics on page 33
For more information on WAN interfaces and their configuration, see Wide Area Networks (WANs) on
page 52.
LEDs on page 16 - See the discussion of the WWAN Signal and WWAN Service LEDs
Related commands
cellular on page 143
show cellular on page 178
Configure cellular interfaces
To configure a cellular interface, you need to configure the following:
Required configuration items
Enable the cellular interface. By default, the cellular interfaces are disabled.
n The Access Point Name (APN). The APN is specific to your cellular service.
n Depending on your cellular service, you may need to configure an APN username and
password. This information is provided by your cellular provider.
n Assign the cellular interface to a WAN interface. For more information on the WAN
configuration, see Wide Area Networks (WANs) on page 52.
Additional configuration options
Additional configuration settings are not typically configured, but you can set them as needed:
n Preferred mode. The preferred mode locks the cellular interface to use a particular
technology, for example, 4G or 3G. Depending on your cellular service and location, the cellular
interface can automatically switch between the different technologies. You may want to lock
the cellular interface to a particular technology to minimize disruptions.
n A description of the cellular interface.
TransPort LR User Guide 32
n Connection attempts. This is the number of attempts the cellular module will attempt to
connect to the cellular network before indicating a failure. It defaults to 20, but you may want
to configure this so that the WAN failover can switch to another interface more quickly.
From the command line
1. Enable the cellular interface.
cellular 1 state on
2. Configure an APN.
cellular 1 apn your-apn
3. If necessary, configure the APN username and password.
cellular 1 apn-username your-apn-username
cellular 1 apn-password your-apn-password
4. Optional: Set a preferred mode.
Interfaces
cellular 1 preferred-mode 3G
5. Optional: Set a description for the cellular interface.
cellular 1 description "AT&T Connection"
6. Optional: Configure the number of connection attempts. For example, to set the number of
attempts to 10, enter:
cellular 1 connection-attempts 10
Related topics
Configure cellular interfaces on page 32
Show cellular status and statistics on page 33
LEDs on page 16 - See the discussion of the WWAN Signal and WWAN Service LEDs
Related commands
cellular on page 143
show cellular on page 178
Show cellular status and statistics
To show the status and statistics for a cellular interface, use the show lan on page 195 command.
For a description of the output fields, see the show cellular command.
digi.router> show cellular
Cellular Status and Statistics
TransPort LR User Guide 33
------------------------------
Module : Telit HE910
Firmware version : 12.00.026
Hardware version : HE910-D
IMEI : 351579055202293
SIM status : Using SIM1
Signal strength : Excellent (-69dBm)
Signal quality : Excellent (-5dB)
Registration status : Registered
Network provider : AT&T, USA
Temperature : 32C
Connection type : 3G
Radio Band : WCDMA 850
Channel : 1007
APN in use :
Interfaces
IP address : 172.20.1.121
Mask : 255.255.255.255
Gateway : 172.20.1.121
DNS servers : 10.10.8.62, 10.10.8.64
Received Sent
-------- ----
Packets 4 5
Bytes 58 86
digi.router>
Related topics
Configure cellular interfaces on page 32
Show cellular status and statistics on page 33
LEDs on page 16 - See the discussion of the WWAN Signal and WWAN Service LEDs
Related commands
cellular on page 143
show cellular on page 178
TransPort LR User Guide 34
Interfaces
DSL interface
These topics describe configuring and managing the DSL interface.
Related topics
Configure DSL on page 35
Show DSL status and statistics on page 37
Related commands
dsl on page 153
show dsl on page 182
Configure DSL
To configure the DSL interface to connect to your DSL network, you need to configure the following:
Required configuration items
n Enable the DSL interface.
n Virtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI) parameters. These parameters
are specific to each DSL provider and must be configured to match your provider’s settings.
n Data encapsulation for the DSL interface. This parameter is specific to each DSL provider and
must be configured to match your provider’s settings.
n Username and password. The username and password relate to your account with your DSL
provider. A password is not always needed.
Additional configurable options
The following additional configuration settings are not typically configured to get the DSL interface
connected to the DSL network, but you can set them as needed:
n The technology used on the DSL line, known as the line mode.
n The Maximum Transmission Unit (MTU). The MTU defines the maximum size (in bytes) of a
packet that can be sent over the DSL interface.
n Network Address Translation (NAT).
n A description of the DSLinterface.
n Whether to delay bringing up the DSL for a specified number of seconds. This delay allows the
DSL provider network to propagate network changes after the device has connected to the
network, and before packets can be sent and received. This delay prevents the device from
assuming the network is fully operational before it actually is fully operational, which could in
turn cause problems with other features, such as interface failover. During this delay, the
DSLLED flashes, to indicate the interface is not fully up. Because characteristics can differ
among provider networks, use of the delay-up parameter is provider-specific.
TransPort LR User Guide 35
From the command line
1. Enable the DSL interface. By default, the DSL interface is disabled. To enable it, enter:
dsl state on
2. Configure VPI and VCI:
dsl vpi <vpi-number>
dsl vci <vci-number>
3. Configure encapsulation:
dsl encapsulation <encapsulation>
4. Set the username and password for the DSL interface:
dsl username <username>
dsl password <password>
5. Optional: Configure line mode. Normally this should be left as auto were the device will
negotiate the mode with the DSL provider. Depending on your DSL line, you may need to
configure the line mode to a particular technology for the device to connect to the DSL
network. To configure line mode, enter
Interfaces
dsl mode <mode>
6. Optional: Set the MTU. The MTU defaults to 1500 and automatically adjusts for the
encapsulation type.
dsl mtu <mtu>
7. Enable or disable NAT on the DSL interface. NAT is enabled by default, and normally, there is
no need to disable it. The command to configure NAT is:
dsl nat <on | off>
8. Optional: Set the description for the DSLinterface. The description parameter allows you to
configure a description for the DSL interface to help you identify it. For example:
dsl description "HQ Server Room"
9. Optional: Set a delay, in seconds, for bringing up the DSL interface. For example, to set a delay
of 60 seconds, enter:
dsl delay-up 60
TransPort LR User Guide 36
Interfaces
Related topics
DSL interface on page 35
Show DSL status and statistics on page 37
LEDs on page 16
Related commands
dsl on page 153
show dsl on page 182
Show DSL status and statistics
To show the status and statistics for the DSLinterface, use the show dsl on page 182 command. For
descriptions of the output fields, see show dsl on page 182. For example:
digi.router> show dsl
DSL Status and Statistics
-------------------------
Description :
Admin Status : Up
Oper Status : Up
Up Time : 6 Hours, 2 Minutes, 12 Seconds
HW Version : T14.F7_12.0
FW Version : 3.22.13.0_A60394
System FW ID : 3.6.20.0(Y09.ZZ.5)3.22.13.0 20151216_v035 [Dec 16 2015 16:59:11]
Line Status : Up (6 Hours, 2 Minutes, 9 Seconds)
Mode : ADSL2+
Encapsulation : PPPoE, LLC
VPI/VCI : 0/35
MTU : 1492
Remote Vendor ID : ffb54753504e0010 (GSPN)
IP Address : 10.10.10.0
Netmask : 255.255.255.255
Gateway : 1.2.3.4
Received Sent
-------- ---Packets 13 27
Bytes 746 1934
Downstream Upstream
---------- -------Speed (kbps) 23919 1213
Channel Type Interleaved Interleaved
Relative Capacity (%) 100 100
Attenuation (dB) 0.4 1.1
Noise Margin (dB) 6.2 10.5
Output Power (dBm) 20.4 2.5
FEC 0 1505
CRC 0 0
HEC 0 0
Errored Seconds in 15 Minutes : 0
Errored Seconds in 24 Hours : 1
TransPort LR User Guide 37
Errored Seconds after Line Up : 1
digi.router>
Related topics
DSL interface on page 35
Configure DSL on page 35
Related commands
dsl on page 153
show dsl on page 182
Interfaces
TransPort LR User Guide 38
Interfaces
Wi-Fi interfaces
Wi-Fi-enabled TransPort LR devices support up to 4 Wi-Fi interfaces on each of the 2.4 GHz and 5 GHz
frequency bands. Each Wi-Fi interface can be configured as an independent Wi-Fi Access Point with its
own security settings.
Related topics
Configure a Wi-Fi access point on page 39
Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security on page 41
Show Wi-Fi status and statistics on page 42
Related commands
wifi on page 215
wifi5g on page 216
show wifi on page 202
show wifi5g on page 203
Configure a Wi-Fi access point
This section describes how to configure a Wi-Fi 2.4 GHz Access Point and a Wi-Fi 5 GHz Access Point.
Required configuration items
Configuring a Wi-Fi Access Point involves configuring the following items:
n Enabling the Wi-Fi Access Point.
n The Wi-Fi Access Point’s Service Set Identifier (SSID).
You can configure the SSID to use the device's serial number by including %s in the SSID. For
example, an ssid parameter value of LR54_%s resolves to LR54_LR123456.
n The password for the Wi-Fi interface. The password only needs to be set if WPA2-Personal or
WPA-WPA2-Personal security is being used.
Additional configuration options
The following additional configuration settings are not typically configured to get an Wi-Fi access
point working, but can be configured as needed:
n The type of security used on the Wi-Fi interface. The options are as follows. By default, WPA2-
Personal security is used.
l None: No security is used on the Wi-Fi network.
l WPA2-Personal: a method of securing a Wi-Fi network using WPA2 with the use of the
optional Pre-Shared Key (PSK) authentication. This security method was designed for
home users without an enterprise authentication server.
l WPA/WPA2-Personal. This security method is a mixed mode, providing WPA with
Temporal Key Integrity Protocol (TKIP) encryption or WPA2 with Advanced Encryption
Standard (AES) encryption supported by the Access Point.
TransPort LR User Guide 39
l WPA2-Enterprise: This security method is designed for enterprise networks and requires
a RADIUS authentication server. This security method requires a more complicated setup,
but provides additional security. Various kinds of the Extensible Authentication Protocol
(EAP) are used for authentication.
l WPA/WPA2-Enterprise: This security method is designed for enterprise networks and
requires a RADIUS authentication server. This is a mixed mode method, providing WPA
with TKIP encryption or WPA2 with AES encryption supported by the Access Point.
n A description of the Wi-Fi Access Point.
From the command line
To configure a Wi-Fi 2.4 GHz Access Point, the command-line command is wifi on page 215.
To configure a Wi-Fi 5 GHz Access Point, the command-line command is wifi5g on page 216.
The following steps show using the wifi on page 215 command. When configuring a Wi-FI 5GHz
Access Point, use the wifi5g on page 216 command. The parameters are the same.
1. Enable the Wi-Fi Access Point.
wifi 1 state on
Interfaces
2. Enter the SSID for the Wi-Fi Access Point.
wifi 1 ssid LR54-AP1
3. Enter the password for the Wi-Fi Access Point.
wifi 1 password your-password
4. Optional: Enter the security for the Wi-Fi Access Point.
wifi 1 security wpa-wpa2-personal
5. Optional: Enter a description for the Wi-Fi Access Point.
wifi 1 description “Office AP”
Related topics
Wi-Fi interfaces on page 39
Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security on page 41
Show Wi-Fi status and statistics on page 42
Related commands
wifi on page 215
wifi5g on page 216
show wifi on page 202
show wifi5g on page 203
TransPort LR User Guide 40
Interfaces
Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security
The WPA2-Enterprise and WPA-WPA2-Enterprise security modes allow a Wi-Fi Access Point to
authenticate connecting Wi-Fi clients using a RADIUS server.
When the Wi-Fi Access Point receives an connection request from a Wi-Fi client, it will authenticate
the client with the RADIUS server before allowing the client to connect.
Using Enterprise security modes allows for each Wi-Fi client to have different username and
password which are configured in the RADIUS server and not the TransPort LR device.
Configuring a Wi-Fi Access Point to use an Enterprise security mode involves configuring the following
items:
Required configuration items
Configuring a Wi-Fi Access Point to use an Enterprise security mode involves configuring the following
items:
n Enabling the Wi-Fi Access Point.
n The Wi-Fi Access Point’s Service Set Identifier (SSID).
You can configure the SSID to use the device's serial number by including %s in the SSID. For
example, an ssid parameter value of LR54_%s resolves to LR54_LR123456.
n Setting the security mode to either WPA2-Enterprise or WPA-WPA2-Enterprise.
n RADIUS server IP address.
n RADIUS password.
Additional configuration options
Additional configuration options include:
n RADIUS server port.
n A description of the Wi-Fi Access Point.
From the command line
To configure a Wi-Fi 2.4 GHz Access Point, the command-line command is wifi on page 215.
To configure a Wi-Fi 5 GHz Access Point, the command-line command is wifi5g on page 216.
The following steps show using the wifi on page 215 command. When configuring a Wi-FI 5GHz
Access Point, use the wifi5g on page 216 command. The parameters are the same.
1. Enable the Wi-Fi Access Point.
wifi 1 state on
2. Enter the SSID for the Wi-Fi Access Point.
wifi 1 ssid LR54-AP1
3. Enter the security for the Wi-Fi Access Point.
wifi 1 security wpa2-enterprise
TransPort LR User Guide 41
4. Enter the RADIUS server IP address.
wifi 1 radius-server 192.168.1.200
5. Enter the RADIUS password.
wifi 1 radius-password your-radius-password
6. Optional: Enter the RADIUS server port.
wifi 1 radius-server-port 3001
7. Optional: Enter a description for the Wi-Fi Access Point.
wifi 1 description "Office AP"
Related topics
Wi-Fi interfaces on page 39
Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security on page 41
Show Wi-Fi status and statistics on page 42
Interfaces
Related commands
wifi on page 215
wifi5g on page 216
show wifi on page 202
show wifi5g on page 203
Show Wi-Fi status and statistics
To show the status and statistics for a Wi-Fi 2.4 GHz interface, use the show wifi on page 202
command. For example:
digi.router> show wifi
Interface Status SSID Security
------------------------------------------------------------wifi1 Down WPA2-Personal
wifi2 Up digi.router_2.4g_LR000051 WPA2-Personal
wifi3 Down WPA2-Personal
wifi4 Up digi.router_2.4g None
digi.router>
To show the status and statistics for a Wi-Fi 5 GHz interface, use the show wifi5g on page 203
command. For example:
digi.router> show wifi5g
Interface Status SSID Security
------------------------------------------------------------wifi5g1 Down WPA2-Personal
TransPort LR User Guide 42
wifi5g2 Up digi.route_5g_LR000051 None
wifi5g3 Up digi.route_5g WPA2-Personal
wifi5g4 Down WPA2-Personal
digi.router>
Related topics
Wi-Fi interfaces on page 39
Configure a Wi-Fi access point on page 39
Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security on page 41
Related commands
wifi on page 215
wifi5g on page 216
show wifi on page 202
show wifi5g on page 203
Interfaces
TransPort LR User Guide 43
Local Area Networks (LANs)
Local Area Networks (LANs)
A Local Area Network (LAN) connects networks together, such as Ethernet, DSL, or Wi-Fi, in a logical
Layer-2 network. Networks filter traffic between different segments, thereby reducing the amount
of traffic on a LAN, even with many LAN segments.
You can configure up to 10 LANs.
When an interface joins a LAN, it cannot be directly addressed anymore. This means that an IP
address configured on the interface can no longer be accessed once the network joins the LAN.
Example LAN
The diagram shows a LAN connecting the eth2, eth3, and eth4 interfaces for a TransPortLR54 unit.
Once the LAN is configured and enabled, the devices connected to the network interfaces can
communicate with each other, as demonstrated by the ping commands.
Related topics
Configure a LAN on page 47
Show LAN status and statistics on page 49
Related commands
lan on page 167
show lan on page 195
TransPort LR User Guide 46
Local Area Networks (LANs)
Configure a LAN
Configuring a Local Area Network (LAN) involves configuring the following items:
Required configuration items
n Identifying which interfaces are in the LAN.
n Enabling the LAN. LANs are disabled by default.
n Setting an IPv4 address and subnet mask for the LAN. While it is not strictly necessary for a
LAN to have an IP address, if you want to send traffic from other networks to the LAN, you
must configure an IP address.
Additional configuration options
n Setting a name for the LAN.
n Setting the Maximum Transmission Unit, or packet size, for packets sent over the LAN.
From the command line
1. Set the interfaces in the LAN. For example, to include eth2, eth3, and eth4 interfaces in lan1,
enter:
lan 1 interfaces eth2,eth3,eth4
2. Enable the LAN. For example, to enable lan1:
lan 1 state on
3. Optional: Set an IPv4 address for the LAN.
lan 1 ip-address 192.10.8.8
4. Optional: Set a subnet mask for the LAN.
lan 1 mask 255.255.255.0
5. Optional: Give a descriptive name to the LAN.
lan 1 description ethlan
6. Optional: Set the MTU for the LAN.
lan 1 mtu 1500
Related topics
Local Area Networks (LANs) on page 46
Show LAN status and statistics on page 49
TransPort LR User Guide 47
Local Area Networks (LANs)
Show LAN status and statistics
To show the status and statistics for a LAN, use the show lan on page 195 command. For example,
here is show lan output before and after enabling lan1. For a description of the output fields, see the
show lan on page 195 command.
digi.router> show lan 1
LAN 1 Status and Statistics
--------------------------Admin Status : Up
Oper Status : Up
Description : ethlan
Interfaces : eth2,eth3,eth4
MTU : 1500
IP Address : 192.10.8.8
Network Mask : 255.255.255.0
Received Sent
------------- -----Packets 624 6
Bytes 48632 468
digi.router>
Related topics
Local Area Networks (LANs) on page 46
Configure a LAN on page 47
Related commands
lan on page 167
show lan on page 195
TransPort LR User Guide 49
Local Area Networks (LANs)
DHCP servers
The DHCP server feature can be enabled in a TransPort LR device to assign IPaddresses and other
IPconfiguration to other hosts on the same local network. Addresses are assigned from a specified
pool of IPaddresses. For a local network, the device will use the DHCP server that has the IPaddress
pool in the same IPsubnet as the local network.
You can configure up to 10 DHCP servers.
When a host receives an IPconfiguration, the configuration is valid for a particular amount of time,
known as the lease time. After this lease time expires, the configuration must be renewed. The host
performs lease-time renewal automatically.
Related topics
Configure DHCP server settings on page 50
Show DHCP server settings on page 51
Related commands
dhcp-server on page 151
Configure DHCP server settings
To configure a DHCP server, you need to configure the following:
Required configuration items
n Enable the DHCP server.
n The IPaddress pool: the range of IPaddresses issued by the DHCPserver to clients.
n The IPnetwork mask given to clients.
n The IPgateway address given to clients.
n The IPaddresses of the preferred and alternate Domain Name Server (DNS) given to clients.
Additional configuration options
n Lease time: The length, in minutes, of the leases issued by the DHCP server.
From the command line
1. Enable the DHCP server. By default, the DHCP server is disabled.
dhcp-server 1 state on
2. Enter the starting address of the IPaddress pool:
dhcp-server 1 ip-address-start 10.30.1.150
3. Enter the ending address of the IPaddress pool:
dhcp-server 1 ip-address-end 10.30.1.195
TransPort LR User Guide 50
4. Enter the network mask:
dhcp-server 1 netmask 255.255.225.0
5. Enter the IPgateway address given to clients:
dhcp-server 1 gateway 10.30.1.1
6. Enter the preferred DNS server address given to clients:
dhcp-server 1 dns1 10.30.1.1
7. Enter the alternate DNS server address given to clients:
dhcp-server 1 dns2 209.183.48.11
8. Enter the lease time:
dhcp-server 1 lease-time 60
Local Area Networks (LANs)
Related topics
DHCP servers on page 50
Show DHCP server settings on page 51
Related commands
dhcp-server on page 151
Show DHCP server settings
To be provided when the show DHCPserver command is added to the firmware.
TransPort LR User Guide 51
Wide Area Networks (WANs)
Wide Area Networks (WANs)
A Wide Area Network (WAN) interface can be an Ethernet, DSL, or cellular interface that connects to a
remote network, such as the internet.
Ethernet interfaces
Ethernet interfaces can be used as a WAN interface when connecting to a remote network, such as
the internet, through a device such as a cable or DSL modem.
By default, the eth1 interface is configured as a WAN interface with both DHCP and NAT enabled. This
means you should be able to connect to the internet by connecting the wan/eth1 interface to a
device that already has an internet connection.
By default, the eth2, eth3, and eth4 interfaces are configured as a LAN interface. If necessary, you
can assign these interfaces to a WAN. For more information on Ethernet interfaces and their
configuration, see Ethernet interfaces on page 28.
Cellular interfaces
The LR54 supports two cellular interfaces, cellular1 and cellular2.
To use a cellular interface as a WAN interface, it must be configured to connect to the cellular
network. For more information on cellular interfaces and their configuration, see Cellular interfaces
on page 32.
DSL interface
The TransPort LR device supports one Asymmetric Digital Subscriber Line (ADSL) interface, dsl.
To use the DSL interface as a WAN interface, you must configure it to connect to the DSL network.
For more information on the DSL interface and its configuration, see DSL interface on page 35.
Related topics
TransPort LR User Guide 52
Wide Area Networks (WANs)
WAN failover
If a WAN interface fails for any reason, the TransPort LR device automatically fails over from one WAN
interface to use another.
For example, if you use an Ethernet interface as your main WAN interface, and have a cellular
interface configured as a backup WAN interface, if the Ethernet interface was to fail (for example, if
the Ethernet cable is broken), the TransPort LR device automatically starts to use the cellular
interface until the Ethernet interface becomes active again.
IP probing
Sometimes, problems can occur beyond the immediate WAN connection that prevent some IP traffic
reaching their destination. Normally this kind of problem does not cause the WAN interface to fail, as
the connection continues to work while the core problem exists somewhere else in the network.
IP probing is a way to detect problems in an IP network. IPprobing involves configuring the
TransPort LR device to send out regular IP probe packets to a particular destination. If responses to
these probe packets are not received, the TransPort LR device can bring down the WAN interface,
and switch to using another WAN interface until the IP network problem is resolved.
IP probing involves the following configuration settings:
n The IP address or name of the host to probe
n The size of the IP probe packets
n The rate at which the IP probe packets are sent
n The time, in seconds, after which the IP probe response is considered lost
n The WAN interface timeout, in seconds, if no IP probe responses are received.
n The time, in seconds, after which the WAN interface must receive all IPprobe responses
before reactivating the WANinterface
n The time, in seconds, after which the TransPort LR device attempts to bring up the
WANinterface
All of the IP probing configuration has default values, except for the IP address or name of the host to
probe. Use of IP probes requires this IPaddress. For the rest of the parameters, the default values
should be sufficient, but they can be set to different values as needed to suit your WANfailover
requirements.
Related topics
Wide Area Networks (WANs) on page 52
Configure Wi-Fi interfaces
Example WAN failover: DSLto cellular on page 57
Show WAN status and statistics on page 59
Related commands
wan on page 213
TransPort LR User Guide 53
Wide Area Networks (WANs)
Configure a WANinterface
You can configure up to 10 WAN interfaces.
wan1 is the top priority, wan2 is the second priority, and so on.
The TransPort LR device automatically adds a default IP route for the WAN interface when it comes
up. The metric of the route is based on the priority of the interface. For example, as wan1 is the
highest priority, the default route for wan1 has a metric of 1, and the default route for wan2 has a
metric of 2.
Required configuration items
Assign an Ethernet, DSL or Cellular interface to the WAN interface. By default, WAN interfaces are
assigned the following interfaces :
n For TransPort LR devices with DSL:
l wan1: eth1
l wan2: dsl
l wan3: cellular1
l wan4: cellular2
n For TransPort LR devices without DSL:
l wan1: eth1
l wan2: cellular1
l wan3: cellular2
Additional configuration options
These additional configuration settings are not typically configured, but you can set them as needed:
n The IP configuration. WAN interfaces typically get their IP address configuration from the
network, for example, DSL or cellular, to which they connect. However, you can manually set
the IP configuration as needed. The following manual configuration settings are available:
l IP address and mask
l Gateway
l Preferred and alternate DNS server
n Disable the DHCP client. Ethernet interfaces use DHCP client to get an IP address from a
DHCP server, for example, from a cable modem. If you are manually configuring the IP
address for the Ethernet interface, disable the DHCP client.
n Network Address Translation (NAT). NAT translates IP addresses from a private LAN network
to a public IP address. By default, NAT is enabled. Unless your LAN has a publicly-addressable
IP address range, do not disable NAT.
n Maximum Transmission Unit (MTU). The MTU defines the maximum size of a packet sent over
the WAN interface.
TransPort LR User Guide 54
From the command line
Configure basic WAN settings
1. Assign an interface to the WAN interface.
wan 1 interface eth1
2. Optional: Disable DHCP client mode.
wan 1 dhcp-client off
3. Optional: Configure the IP address, mask, gateway and DNS servers.
wan 1 ip-address 10.1.2.2
wan 1 mask 255.255.255.252
wan 1 gateway 10.1.2.1
wan 1 dns1 10.1.2.1
wan 1 dns2 8.8.8.8
Wide Area Networks (WANs)
4. Optional: Set the speed.
eth 1 speed {auto | 1000 | 100 | 10}
Configure IP probe settings
1. Configure the IP host to probe.
wan 1 probe-host 192.168.47.1
2. Optional: Configure the size of the IP probe packet.
wan 1 dhcp-client off
3. Optional: Configure the rate, in seconds, at which the IP probe packet is sent.
wan 1 probe-interval 20
4. Optional: Configure the time, in seconds, after which the IP probe response is considered lost.
wan 1 probe-timeout 5
5. Optional: Configure the WAN interface timeout, in seconds, if no IP probe responses are
received.
wan 1 timeout 60
TransPort LR User Guide 55
Wide Area Networks (WANs)
6. Optional: Configure the time in, seconds, after which the WAN interface must receive all IP
probe responses before reactivating the WAN interface.
wan 1 activate-after 30
7. Optional: Configure the time in seconds after which to attempt to bring up the WAN interface.
wan 1 try-after 1200
Related topics
Wide Area Networks (WANs) on page 52
WAN failover on page 53
Example WAN failover: DSLto cellular on page 57
Show WAN status and statistics on page 59
Related commands
wan on page 213
Add the show wan command description link when it is available from firmware builds
TransPort LR User Guide 56
Wide Area Networks (WANs)
Example WAN failover: DSLto cellular
In this example, WAN, the dsl interface is the primary WAN. cellular1 and cellular2 interfaces serve
as backups to dsl.
IPprobing is configured over the DSL interface. A probe packet of size 256 bytes is sent every 10
seconds to the IP host 43.66.93.111. If no responses are received for 60 seconds, the TransPort LR
device brings the DSL interface down and starts using the wan2 (cellular1) interface.
If the TransPort LR device cannot get a connection on the cellular2 interface, it attempts to use the
wan3 (cellular2) interface. It attempts to switch back to the wan2 (cellular1) interface after 30
minutes (1800 seconds).
The TransPort LR device continues to send probes out of the DSL interface. If it receives probe
responses for 120 seconds, it reactivates the wan1 interface and starts using it again as the WAN
interface.
To achieve this WAN interface failover from DSLto the cellular interface, the WANfailover
configuration commands are:
wan 1 interface dsl
wan 1 probe-host 43.66.93.111
wan 1 probe-interval 10
wan 1 probe-size 256
wan 1 timeout 60
wan 1 activate-after 120
wan 2 interface cellular1
wan 2 try-after 1800
wan 3 interface cellular2
Related topics
Wide Area Networks (WANs) on page 52
WAN failover on page 53
Configure a WANinterface on page 54
Show WAN status and statistics on page 59
TransPort LR User Guide 57
Wide Area Networks (WANs)
Show WAN status and statistics
To show the status and statistics for a cellular interface, use the show wan on page 201 command.
For a description of the output fields, see the show wan on page 201 command.
Here is here is the show wan on page 201 command output when no WANs are configured:
digi.router> show wan
# WAN Interface Status IP Address
-----------------------------------
digi.router>
Here is the show wan on page 201 command output with eth2 and cellular1 configured as WAN
interfaces, where eth2 is upand cellular1 is down.
digi.router> show wan
# WAN Interface Status IP Address
----------------------------------2 eth2 Up 192.168.0.25
3 cellular1 Down
digi.router>
Here is a show wan on page 201 example with eth2 and cellular1 both up:
digi.router> show wan
# WAN Interface Status IP Address
----------------------------------2 eth2 Up 192.168.0.25
3 cellular1 Up 172.20.1.7
digi.router>
Related topics
Wide Area Networks (WANs) on page 52
WAN failover on page 53
Configure a WANinterface on page 54
Example WAN failover: DSLto cellular on page 57
Related commands
wan on page 213
show wan on page 201
TransPort LR User Guide 59
Security
TransPort LR devices have several device security features. This section covers the configuring
security settings from the web interface and command line.
Security
TransPort LR User Guide 60
User management
User management involves configuring and managing TransPort LR device users, including their
authentication credentials and access permissions.
Related topics
Users and user access permissions on page 61
Configure a user on page 62
Related commands
user on page 212
Users and user access permissions
To manage TransPort LR devices via the command-line interface or web interface, users must log in
using a configured username and password.
This topic covers the TransPort LRuser model and access permissions for users.
Number of supported users
Up to 10 administrative users are supported. Each user has a unique name, password and access
level.
Security
Default user
By default, TransPort LR devices have one user preconfigured. This default user is configured as user
1. Its default username is admin. Its default password is displayed on the label on the bottom of the
device, for example:
You can change this user 1 configuration to match your requirements.
User access permissions
TransPort LR devices support three access levels: super, read-write, and read-only. These access
levels determine the level of control users have over device features and their settings.
TransPort LR User Guide 61
Access level Permissions allowed
super The user can manage all features on TransPort LR devices. Devices can
have multiple users with super access level.
A user with super access level is required to be present on a device, to
allow editing user access levels. If you or any other device user deletes
the only user with super access level, you must restore the default
user configuration by resetting the device to factory defaults.
read-write The user can manage all device features except security-related
features, such as configuring user access, configuring firewalls, clearing
logs, etc.
read-only The user can monitor device configuration and status, but cannot
change the configuration or status of the TransPort LR device.
Related topics
Configure a user on page 62
Delete a user on page 63
Reset the device to factory defaults on page 130
Security
Related commands
user on page 212
Configure a user
To configure a user, you need to configure the following:
Required configuration items
n Username.
n Password. For security reasons, passwords are stored in hash form. There is no way get or
display passwords in clear-text form.
Additional configuration options
n Setting user access permissions. The access level for users defaults to super. To restrict the
access of this user to either read-write or read-only, you should configure the access level.
From the command line
The user on page 212 command configures users.
1. Configure the username. For example:
user 1 name joeuser
TransPort LR User Guide 62
2. Configure the password. For example:
user 1 password omnivers1031
3. Optional: Configure the access level. For example:
user 1 access read-write
Related topics
Users and user access permissions on page 61
Delete a user on page 63
Related commands
user on page 212
Delete a user
To delete a user:
From the command line
Enter the following command:
Security
user n name !
Configure the password. For example, to delete the user joeuser that was previously assigned to
user 1, enter:
user 1 name !
Related topics
Users and user access permissions on page 61
Configure a user on page 62
Related commands
user on page 212
TransPort LR User Guide 63
Remote management
Remote management
These topics cover using remote management facilities to manage TransPort LRdevices.
TransPort LR User Guide 71
Remote management
Remote Manager
Digi Remote Manager is a hosted remote configuration and management system that allows you to
remotely manager a large number of devices. Digi Remote Manager has a web-based interface from
which you can perform device operations, such as viewing and changing device configurations and
perform firmware updates.
The Digi Remote Manager servers also provide a data storage facility.
Using Digi Remote Manager requires setting up a Digi Remote Manager account. To set up a Digi
Remote Manager account and learn more about Digi Remote Manager, go to
http://www.digi.com/products/cloud/digi-remote-manager.
Configure Remote Manager
Delete this text and replace it with your own content.
TransPort LR User Guide 72
Remote management
Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP) is a protocol for remotely managing and monitoring
network devices. Network administrators can use the SNMP architecture to manage nodes,
including servers, workstations, routers, switches, hubs, and other equipment on an IP network,
manage network performance, find and solve network problems, and plan for network growth.
Supported SNMP versions
Transport LR devices support the SNMP versions SNMPv1, SNMPv2c, and SNMPv3.
The device supports up to 10 SNMPv1/SNMPv2c communities. Each community can have read-only or
read-write access.
The device supports up to 10 SNMPv3 users. You can configure each user's access level as read-only
or read-write, and configure security settings on an individual-user basis.
Supported Management Information Bases (MIBs)
Transport LR devices support the following SNMP MIBs for managing the entities in a communication
network:
n Standard SNMP MIBs
n An enterprise-specific MIB, specific to the LR54, named transport-lr54.mib. This MIB is
available for download from Digi Support.
Note SNMPv1 cannot be used with the Enterprise MIB, owing to the COUNTER64 types used in the
MIB.
Related topics
Configure SNMPv1 and SNMPv2 on page 73
Configure SNMPv3 on page 74
Related commands
snmp on page 204
snmp-community on page 205
snmp-user on page 206
Configure SNMPv1 and SNMPv2
Configuring SNMPv1 or SNMPv2c support involves configuring the following items:
n Enabling the desired SNMP version
n Whether to configure SNMPv1/v2c communities
n If configuring SNMPv1/v2c communities, the community access level
From the command line
1. All SNMP versions are disabled by default. Enable support for SNMPv1 or SNMPv2c by
entering:
snmp v1 on
OR
TransPort LR User Guide 73
Remote management
snmp v2c on
2. If using SNMPv1/v2c communities, configure a name for each community. For example:
snmp-community 1 community public
3. The community access level defaults to read-only. To set the access level to read-write,
enter:
snmp-community 1 access read-write
Related topics
Simple Network Management Protocol (SNMP) on page 73
Configure SNMPv3 on page 74
Related commands
snmp on page 204
snmp-community on page 205
snmp-user on page 206
Configure SNMPv3
Configuring SNMPv3 support involves configuring the following items:
n Enabling SNMPv3.
n Configuring the SNMPv3 users. Up to 10 SNMPv3 users can be configured.
n Configuring SNMPv3 user authentication type and password, privacy type and password, and
user access level.
From the command line
1. All SNMP versions are disabled by default. To enable support for SNMPv3, enter:
snmp v3 on
2. For each SNMPv3 user, give the user a name of up to 32 characters:
snmp-user 1 user joe
3. Set the authentication type for the SNMPv3 user (none, md5, or sha1). To use privacy (DES or
AES), the authentication type be either md5 or sha1.
snmp-user 1 authentication sha1
4. Set the authentication password for the SNMPv3 user. The password length can be between
8 and 64 characters.
snmp-user 1 authentication-password authpassword
TransPort LR User Guide 74
Remote management
5. Set the privacy type for the SNMPv3 user (none, aes, or des):
snmp-user 1 authentication des
6. Set the privacy password for the SNMPv3 user. The password length can be between 8 and 64
characters.
snmp-user 1 privacy-password privpassword
7. Configure the access level for the SNMPv3 user.
snmp-user 1 access read-write
Related topics
Simple Network Management Protocol (SNMP) on page 73
Configure SNMPv3 on page 74
Related commands
snmp on page 204
snmp-community on page 205
snmp-user on page 206
TransPort LR User Guide 75
IP routing
The TransPort LRdevice uses IP routes to decide where to send a packet that it receives for a
remote network. The process for deciding on a route to send the packet is as follows:
1. The device examines the destination IP address in the IP packet, and looks through the IP
routing table to find a match for it.
2. If it finds a route for the destination, it forwards the IP packet to the configured IP gateway or
interface.
3. If it cannot find a route for the destination, it uses a default route.
4. If there are two or more routes to a destination, the device uses the route with the longest
mask.
5. If there are two or more routes to a destination with the same mask, the device will use the
route with the lowest metric.
Configuring and managing IProuting involves the following tasks:
Routing
TransPort LR User Guide 77
Configure general IP settings
Configuring general IPsettings is one of the building blocks of setting up IProuting.
Optional configuration settings
n The IP hostname. This hostname identifies the TLR device on IP networks. It is an unqualified
hostname. The default setting for the device isLR54-%s which expands to LR54-<serial
number>.
n The administrative distance settings for connected and static routes. Administrative distance
settings rank the type of routes, from the most to least preferred. When there are two or
more routes to the same destination and mask, the route with the lowest metric is used. By
default, routes to connected networks are preferred, with static routes being next. The
administrative distance for each route type is added to the route’s metric when it is added to
the routing table. Configuring the administrative distance of a particular route type can alter
the order of use for the routes. The two administrative distance settings are:
l Administrative distance for connected network routes. The default value is 0.
l Administrative distance for static routes. The default value is 1.
Routing
From the command line
1. Set the hostname.
ip hostname LR54-NewYork
2. Set the administrative distance for connected routes.
ip admin-conn 3
3. Set the administrative distance for static routes.
ip admin-static 5
Related topics
IP routing on page 77
Configure a static route on page 79
Show the IPv4 routing table on page 81
Delete a static route on page 82
Related commands
ip on page 161
TransPort LR User Guide 78
Configure a static route
A static route is a manually configured routing entry. Information about the route is manually
entered rather than obtained from dynamic routing traffic. TransPort LR devices supports up to 32
static routes. Will this be the same across all product models or will we need multiple statements for
multiple models?
Required configuration settings
n Setting the destination network and mask.
n Setting the gateway IP address for routes using LAN and WAN Ethernet interfaces. The
gateway IP address should be on the same subnet as the IP address of the LAN or WAN
Ethernet interface in use.
n Setting the interface name for routes using cellular and DSL interfaces.
Optional configuration settings
n Setting the metric for the route. The metric defines the order in which routes should be used
if there are two routes to the same destination. In such a case, the smaller metric is used.
Routing
From the command line
Example 1
To configure a static route to the 192.168.47.0/24 network using the lan1 interface, which has an IP
address of 192.168.1.1 and a gateway at IP address of 192.168.1.254:
1. Set the destination network and mask.
route 1 destination 192.168.47.0
route 1 mask 255.255.255.0
2. Set the gateway IPaddress.
route 1 gateway 192.168.1.254
Example 2
To configure a static route to the 44.1.0.0/16 network using the cellular1 interface:
1. Set the destination network and mask.
route 4 destination 44.1.0.0
route 4 mask 255.255.0.0
2. Set the interface.
route 4 interface cellular1
3. Optional: Set the metric.
route 4 metric 5
TransPort LR User Guide 79
Once the static route is configured, it should be shown in the IPv4 routing table.
Related topics
IP routing on page 77
Configure general IP settings on page 78
Show the IPv4 routing table on page 81
Delete a static route on page 82
Related commands
ip on page 161
route on page 175
show route on page 197
Routing
TransPort LR User Guide 80
Show the IPv4 routing table
To display the IPv4 routing table, use the show route on page 197 command.
digi.router> show route
Destination Gateway Metric Protocol Idx Interface Status
--------------------------------------------------------------------------------------
10.1.2.0/24 192.168.1.254 1 Static 1 lan1 UP
192.168.1.0/24 0.0.0.0 0 Connected lan1 UP
default 0.0.0.0 1 Connected eth1 UP
default 0.0.0.0 2 Connected cellular1 UP
digi.router>
Related topics
IP routing on page 77
Configure general IP settings on page 78
Configure a static route on page 79
Delete a static route on page 82
Routing
Related commands
ip on page 161
route on page 175
show route on page 197
TransPort LR User Guide 81
Delete a static route
To remove a static route from the routing table, clear the destination network configuration.
From the command line
Enter the route on page 175 command, specifying the interface number, the destination parameter
and ! to revert the settings for the route destination. For example:
route 1 destination !
Related topics
IP routing on page 77
Configure general IP settings on page 78
Configure a static route on page 79
Show the IPv4 routing table on page 81
Related commands
ip on page 161
route on page 175
show route on page 197
Routing
TransPort LR User Guide 82
Virtual Private Networks (VPN)
Virtual Private Networks (VPNs) are used to securely connect two private networks together so that
devices can connect from one network to the other network using secure channels. These topics
cover the various network protocols involved in VPNs, and configuring VPNs from the web interface
and command line.
Routing
TransPort LR User Guide 83
IPsec
IPsec is a suite of protocols for creating a secure communication link, or IPsec tunnel, between a
host and a remote IP network or between two IP networks across a public network such as the
internet.
TransPort LR devices support to up 32 IPsec tunnels.
IPsec data protection
IPsec protects the data being sent across a public network by providing the following:
Data origin authentication
Authentication of data to validate the origin of data when it is received.
Data integrity
Authentication of data to ensure it has not been modified during transmission.
Data confidentiality
Encryption of data sent across the IPsec tunnel to ensure that an unauthorized device cannot
read the data.
Anti-Replay
Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel.
Routing
IPsec modes
IPsec can run in two different modes: Tunnel and Transport.
Currently, TransPort LR devices support tunnel mode only.
Tunnel
The entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in
a new IP packet.
Transport
Only the payload of the IP packet is encrypted and/or authenticated. The IP header is left
untouched. This mode has limitations when using an authentication header, because the IP
addresses in the IP header cannot be translated (for example, with Network Address Translation
(NAT), as it would invalidate the authentication hash value.
Internet Key Exchange (IKE) settings
IKE is a key management protocol is used by IPsec to negotiate the security associations (SAs) that
are used to create the secure IPsec tunnel.
SA negotiations are perfomed in two phases, known as phase 1 and phase 2.
Phase 1
In phase 1, IKE creates a secure authenticated communication channel between the device and the
peer (the remote device which is at the other end of the IPsec tunnel) using the configured preshared key and the Diffie-Hellman key exchange. This creates the IKE SAs that are used to encrypt
further IKE communications.
There are two modes for the phase 1 negotiation: Main mode and Aggressive mode.
Main mode
Main mode is the default mode. It is slower that aggressive mode, but more secure, in that all
sensitive information sent between the device and its peer is encrypted.
Aggressive mode
TransPort LR User Guide 84
Aggressive mode is faster than main mode, but is not as secure as main mode, because the
device and its peer exchange their IDs and hash information in clear text instead of being
encrypted. Aggressive mode is usually used when one or both of the devices have a dynamic
external IP address.
Phase 2
In phase 2, IKE negotiates the SAs for IPsec. This creates two unidirectional SAs, one for each
direction. Once the phase 2 negotiation is complete, the IPsec tunnel should be fully functional.
There are two versions of IKE, IKEv1 and IKEv2. Currently the LR54 only supports IKEv1.
IPsec and IKE renegotiation
To reduce the chances of an IPsec tunnel being compromised, the IPsec SAs and IKE SA are
renegotiated at a regular interval. This results in different encryption keys being used in the IPsec
tunnel.
Related topics
Routing
Related commands
ipsec on page 162
ipsec-failover on page 166
show dsl on page 182
Configure an IPSec tunnel
Configuring an IPsec tunnel with a remote device involves configuring the following items:
Required configuration items
IPsec tunnel configuration settings
n Enabling the IPsec tunnel.
n The IP address or name of the remote device, also known as the peer, at the other end of the
IPsec tunnel.
n The local and remote IDs.
n The local and remote IP networks.
n The authentication protocol to use. This setting must match the authentication protocol
configured on the remote device. The authentication options are:
l SHA1
l SHA256
The default value is SHA1.
n The encryption protocol to use. This has to match the encryption protocol configured on the
remote device. The encryption options are:
TransPort LR User Guide 85
l AES – 128 bits
l AES – 192 bits
l AES – 256 bits
The default value is AES – 128 bits.
n The Encapsulating Security Payload (ESP) Diffie-Hellman group for the IPsec tunnel.This
setting must match the Diffie-Hellman group configured on the remote device. The Diffie-
Hellman group options are:
l None
l Group 5 (1536 bits)
l Group 14 (2048 bits)
l Group 15 (3072 bits)
l Group 16 (4096 bits)
l Group 17 (6144 bits)
l Group 18 (8192 bits)
The default value is Group14.
The larger the number of bits, the more secure the IPsec tunnel. However, a larger bit length
requires more computing power, which can slow down the tunnel negotiation and
performance.
n The shared key the device and the remote device use to authenticate each other.
Routing
IKE configuration settings
n The IKE mode.
l Main
l Aggressive
The default option is Main.
n The IKE authentication protocols to use for the IPsec tunnel negotiation. The authentication
options are:
l SHA1
l SHA256
The default is SHA1.
You can select more than one authentication protocol. IKE negotiates with the remote device
which to use. This setting does not need to match the IKE authentication protocols configured
on the remote device, but at least one of the authentication protocols must be configured on
the remote device.
n The IKE encryption protocols to use for the IPsec tunnel negotiation. The encryption options
are:
l AES – 128 bits
l AES – 192 bits
l AES – 256 bits
TransPort LR User Guide 86
The default is AES – 128 bits.
You can select more than one encryption protocol. IKE negotiates with the remote device
which encryption protocol to use. This setting does not need to match the IKE encryption
protocols configured on the remote device, but at least one of the encryption protocols must
be configured on the remote device.
n The IKE Diffie-Hellman groups to use for the IPsec tunnel negotiation. The Diffie-Hellman
group options.
l Group 5 (1536 bits)
l Group 14 (2048 bits)
l Group 15 (3072 bits)
l Group 16 (4096 bits)
l Group 17 (6144 bits)
l Group 18 (8192 bits)
The default value is Group14.
You can select more than one Diffie-Hellman group. IKE negotiates with the remote device
which group to use. This setting does not need to match the IKE Diffie-Hellman groups
configured on the remote device, but at least of the Diffie-Hellman groups must be configured
on the remote device.
Routing
Additional configuration items
The following additional configuration settings are not typically configured to get an IPsec tunnel
working, but can be configured as needed:
Tunnel and key renegotiating
n The lifetime of the IPsec tunnel before it is renegotiated. This defaults to 1 hour (3600
seconds), and does not need to match the setting on the remote device.
n The number of bytes, also known as lifebytes, sent on the IPsec tunnel before it is
renegotiated. By default, this setting is disabled, but can be configured up to 4 GB. This
setting does not need to match the setting on the remote device.
n The IKE lifetime before the keys are renegotiated. This defaults to 4800 seconds and does
not need to match the IKE lifetime configured on the remote device.
n The amount of time before the IPsec lifetime expires, the renegotiation should start. This
defaults to 540 seconds and does not need to match the setting on the remote device.
n The number of bytes before the IPsec lifebytes limit is reached before the key is is
renegotiated. By default, this is set to 0 and does not need to match the setting on the
remote device.
TransPort LR User Guide 87
n A randomizing factor for the number of seconds or bytes margin before the IPsec tunnel is
renegotiated. This defaults to 100% and does not need to match the setting on the remote
device. This setting would be used if the device has a number of IPsec tunnels configured to
ensure that the IPsec tunnels are not renegotiated at the same time which could put
excessive load on the device.
Other configuration items
n A description for the IPsec tunnel.
n The number of tries IKE will attempt to negotiate the IPsec tunnel with the remote device
before giving up.
Example IPsec tunnel
Suppose you are configuring the following IPsec tunnel:
Routing
From the command line
1. Enable the IPsec tunnel.
ipsec 1 state on
2. Enter the IP address or name of the remote device.
ipsec 1 peer 47.23.78.32
3. Enter the local and remote IDs.
ipsec 1 local-id LR54-LA
ipsec 1 remote-id LR54-NY
4. Enter the local and remote IP networks.
ipsec 1 local-network 192.168.1.0
ipsec 1 local-mask 255.255.255.0
ipsec 1 remote-network 10.1.2.0
ipsec 1 remote-mask 255.255.255.0
TransPort LR User Guide 88
5. Enter the pre-shared key.
ipsec 1 psk “secret-psk”
6. Enter the IPsec authentication, encryption, and Diffie-Hellman settings.
ipsec 1 esp-authentication sha256
ipsec 1 esp-encryption aes256
ipsec 1 esp-diffie-hellman none
7. Enter the IKE authentication, encryption, and Diffie-Hellman settings.
ipsec 1 ike-authentication sha1,sha256
ipsec 1 ike-encryption aes128,aes192,aes256
ipsec 1 ike-diffie-hellman group14,group15
Related topics
IPsec on page 84
IPSec tunnel failover on page 91
Example: IPsec tunnel between a TransPort LR54 and TransPort WR44 on page 89
Example: IPSec tunnel between a TransPort LR54 and a Cisco router
Debug an IPsec configuration on page 92
Show IPsec status and statistics on page 92
Routing
Related commands
ipsec on page 162
ipsec-failover on page 166
show ipsec on page 191
Example: IPsec tunnel between a TransPort LR54 and TransPort WR44
Following an example IPsec configuration between an TransPort LR54 and a TransPort WR44.
The configuration settings for both devices are as follows:
TransPort LR User Guide 89
TransPort LR54 configuration TransPort WR44 configuration
Routing
digi.router> lan 1
state on
description IPsec local net
mtu 1500
interfaces eth2,eth3,eth4
ip-address 192.168.54.1
mask 255.255.255.0
dns1
dns2
dhcp-client off
digi.router> lan 2
state on
description Link to WR44
mtu 1500
interfaces eth1
ip-address 10.0.0.54
mask 255.255.255.0
dns1
dns2
dhcp-client off
digi.router> ipsec 1
state on
description Tunnel to WR44
peer 10.0.0.44
local-network 192.168.54.0
local-mask 255.255.255.0
remote-network 192.168.44.0
remote-mask 255.255.255.0
esp-authentication sha1
esp-encryption aes128
esp-diffie-hellman none
auth-by psk
psk <configured>
local-id 10.0.0.54
remote-id 10.0.0.44
lifetime 3600
lifebytes 0
margintime 540
marginbytes 0
random 100
ike 1
ike-mode aggressive
ike-encryption aes128
ike-authentication sha1
ike-diffie-hellman group5
ike-lifetime 3600
ike-tries 3
dpddelay 30
dpdtimeout 150
# Link to TransPort LR54
eth 0 IPaddr "10.0.0.44"
eth 0 ipsec 1
# IPsec local network
eth 1 IPaddr "192.168.44.1"
# Route to remote network
route 0 IPaddr "192.168.54.0"
route 0 ll_ent "eth"
# IPsec tunnel configuration
eroute 0 peerip "10.0.0.54"
eroute 0 peerid "10.0.0.54"
eroute 0 ourid "10.0.0.44"
eroute 0 ouridtype 3
eroute 0 locip "192.168.44.0"
eroute 0 locmsk
"255.255.255.0"
eroute 0 remip "192.168.54.0"
eroute 0 remmsk
"255.255.255.0"
eroute 0 ESPauth "sha1"
eroute 0 ESPenc "aes"
eroute 0 authmeth "preshared"
eroute 0 autosa 2
# IKE configuration
ike 0 encalg "aes"
ike 0 keybits 128
ike 0 authalg "sha1"
ike 0 ltime 30000
ike 0 aggressive ON
ike 0 ikegroup 5
# Remote ID / Password
user 1 name "10.0.0.54"
user 1 epassword "MDp6Vko=
TransPort LR User Guide 90
Rekeying In : 68 minutes
AH Cipher Suite : Not Used
ESP Cipher Suite : aes128, sha1
Renegotiating In : 42 minutes
Outbound ESP SA : 0x9E1325F2
Inbound ESP SA : 0x757935D6
Bytes In : 0
Bytes Out : 0
digi.router>
Related topics
IPsec on page 84
IPSec tunnel failover on page 91
Configure an IPSec tunnel on page 85
Example: IPsec tunnel between a TransPort LR54 and TransPort WR44 on page 89
Example: IPSec tunnel between a TransPort LR54 and a Cisco router
Debug an IPsec configuration on page 92
Routing
Related commands
ipsec on page 162
ipsec-failover on page 166
show dsl on page 182
TransPort LR User Guide 93
System administration and management
Set system date and time
Having an accurate date and time set on your device is important for a number of reasons, including
validating certificates and having accurate timestamps on events in the event log.
Methods for setting system date and time
There are two methods for setting system date and time:
n Using the Simple Network Time Protocol (SNTP). SNTP continually polls an external NTPtime
server on either a private company network or the internet at a configured interval rate.
SNTP usually provides an accuracy of less than a second.
n Setting the date and time manually.
Set the date and time using SNTP
Required configuration items
n Enable SNTP.
Additional configuration options
n The SNTP server. By default, SNTP is configured to use Digi’s SNTPserver,
time.devicecloud.com.
n The SNTPupdate interval. This is the interval at which the TLR device checks the SNTP server
for date and time. By default, SNTP is checked every hour. At bootup, the device attempts to
send an update message to the configured SNTP server every 15 seconds until it receives a
response. Once it receives a response, it reverts to the configured update interval.
From the command line
To set the date and time using SNTP, use the sntp on page 207 command.
1. Enable SNTP.
sntp state on
2. Optional: Set the SNTP server. For example, to set the server to time.digi.com:
sntp server time.digi.com
3. Optional: Set the SNTPupdate interval.
sntp update-interval 10
Set the date and time manually
From the command line
To set the date and time manually, use the date on page 149 command. The date on page 149
command specifies the time in HH:MM:SS format, where seconds are optional, followed by the date,
in DD:MM:YYYY format.
For example, to manually set the time and date to 14:55:00 on May 3, 2016, enter:
TransPort LR User Guide 96
date 14:55:00 03:05:2016
Related topics
Show system date and time on page 98
Related commands
date on page 149
sntp on page 207
System administration and management
TransPort LR User Guide 97
System administration and management
Show system date and time
From the command line
To display the current system date and time, use the date on page 149 command.
digi.router> date
system time: 14:55:06, 03 May 2016
digi.router>
Related topics
Set system date and time on page 96
Related commands
date on page 149
sntp on page 207
TransPort LR User Guide 98
System administration and management
Use multiple configuration files to test the configuration on remote devices on page 107
Related commands
save on page 176
show system on page 199
TransPort LR User Guide 106
System administration and management
Use multiple configuration files to test the configuration on remote devices
You can use multiple configuration files, along with the autorun on page 141 command, to test a new
configuration on a remote device that might result in the remote device going offline, in which case
the device cannot be remotely accessed.
To test the configuration on a remote device, create a new configuration file with desired
configuration changes to test. In addition to the desired configuration changes, the file should
contain two autorun on page 141 commands:
n The first autorun on page 141 command automatically reverts the device to use the original
configuration file.
n The second autorun on page 141 command schedules a reboot after a period of time.
Example test configuration file
For example, suppose you creates a new test configuration file named test.cfg
This test.cfg file changes the cellular 1 apn parameter, and executes two autorun on page 141
commands to automatically revert the device back to use the config.da0 configuration file and to
reboot in 5 minutes. It then saves the configuration to test.cfg and reboots the device.
update config test.cfg
cellular 1 apn new-apn-to-test
autorun 1 command “update config config.da0”
autorun 2 command “reboot in 5”
save config
reboot
If the TransPort LR device does not come back online, the device automatically reverts to the old
(working) configuration file, config.da0, and reboots after 5 minutes.
If the device comes back online after being rebooted with the configuration (that is, the device
connected with the new cellular APN), you can cancel the scheduled reboot using the reboot cancel
command.
reboot cancel
Using the copy on page 147 and update on page 211 commands, you can then copy the configuration
file to the final configuration file, and change the configuration file name.
copy test.cfg config.da0
update config config.da0
Related topics
Managing configuration files on page 102
Save configuration settings to a file on page 137
Switch between configuration files on page 137
Related commands
autorun on page 141
copy on page 147
reboot on page 172
save on page 176
TransPort LR User Guide 107
Make a directory
To make a new directory in the TLR filesystem, use the mkdir on page 168 command, specifying the
name of the directory.
For example:
digi.router> mkdir test
digi.router> dir
File Size Last Modified
------------------------------------------------------test Directory
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
Remaining User Space: 102,457,344 bytes
digi.router>
TransPort LR User Guide 115
Display directory contents
To display directory contents, use the dir on page 152 command. For example:
digi.router> dir
File Size Last Modified
--------------------------------------------------------test Directory
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
Remaining User Space: 102,457,344 bytes
digi.router>
TransPort LR User Guide 116
Change the current directory
To change the current directory, use the cd on page 142 command, specifying the directory name.
For example:
digi.router> dir
File Size Last Modified
--------------------------------------------------------test Directory
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
Remaining User Space: 102,457,344 bytes
digi.router>
digi.router> cd test
digi.router> dir
File Size Last Modified
---------------------------------------------------------
Remaining User Space: 102,457,344 bytes
digi.router>
TransPort LR User Guide 117
Remove a directory
To remove a directory:
1. Make sure the directory is empty.
2. Use the rmdir on page 174 command, specifying the name of the directory to remove.
For example:
digi.router> dir
File Size Last Modified
--------------------------------------------------------test Directory
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
Remaining User Space: 102,457,344 bytes
digi.router>
digi.router> rmdir test
Directory test is not empty
ERROR
digi.router>
digi.router> dir test
File Size Last Modified
--------------------------------------------------------config.tst 186 Wed Apr 5 07:10:41
Remaining User Space: 102,457,344 bytes
digi.router>
digi.router> del test/config.tst
digi.router>
digi.router> rmdir test
digi.router>
digi.router> dir
File Size Last Modified
--------------------------------------------------------config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
Remaining User Space: 102,457,344 bytes
TransPort LR User Guide 118
Display file contents
Display file contents
To display the contents of a file, use the more on page 169 command, specifying the name of the file.
For example:
digi.router> more config.da0
# Last updated by username on Thu Nov 19 14:26:02 2015
eth 1 ip-address "192.168.1.1"
cellular 1 apn "mobile.o2.co.uk"
cellular 1 state "on"
user 1 name "username"
user 1 password "$1$4WdqUHrv$K.aB78KILuxVpesZtyveG/"
digi.router>
TransPort LR User Guide 120
Copy a file
Copy a file
To copy a file, use the copy on page 147 command, specifying the existing file name, followed by the
name of the new copy.
For example, to copy file config.da0 to a file in the main directory named backup.da0, and then to a
file named test.cfg in the test directory, enter the following:
digi.router>
digi.router> dir
File Size Last Modified
--------------------------------------------------------test Directory
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
Remaining User Space: 102,457,344 bytes
digi.router>
digi.router>
digi.router> copy config.da0 backup.da0
digi.router>
digi.router> dir
File Size Last Modified
--------------------------------------------------------test Directory
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
backup.da0 763 Wed Apr 5 07:22:29
Remaining User Space: 102,457,344 bytes
digi.router>
digi.router>digi.router> copy config.da0 test/test.cfg
digi.router>
digi.router> dir test
File Size Last Modified
-------------------------------------------------------test.cfg 763 Wed Apr 5 07:24:45
Remaining User Space: 102,457,344 bytes
digi.router>
TransPort LR User Guide 121
Rename a file
Rename a file
To rename a file, use the rename on page 173 command, specifying the existing name and the new
name.
For example:
digi.router> dir
File Size Last Modified
--------------------------------------------------------test Directory
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
backup.da0 763 Wed Apr 5 07:22:29
Remaining User Space: 102,457,344 bytes
digi.router>
digi.router> rename backup.da0 test.da0
digi.router>
digi.router> dir
File Size Last Modified
--------------------------------------------------------test Directory
test.da0 763 Wed Apr 5 07:22:29
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
Remaining User Space: 102,453,248 bytes
digi.router>
TransPort LR User Guide 122
Delete a file
To delete a file, use the del on page 150 command, specifying the filename to delete.
For example, to delete a file named test.cfg in the test directory, enter the following:
digi.router>
digi.router> dir
File Size Last Modified
--------------------------------------------------------test Directory
test.da0 763 Wed Apr 5 07:22:29
config.da0 763 Sun Mar 5 12:36:20
config.fac 186 Mon Feb 21 03:00:17
Remaining User Space: 102,453,248 bytes
digi.router>
digi.router> del test.da0
digi.router>
digi.router> dir test
File Size Last Modified
--------------------------------------------------------test.cfg 763 Wed Apr 5 07:24:45
Delete a file
Remaining User Space: 102,453,248 bytes
digi.router>
digi.router> del test/test.cfg
digi.router> dir test
File Size Last Modified
--------------------------------------------------------Remaining User Space: 102,449,152 bytes
digi.router>
TransPort LR User Guide 123
Upload and download files
Upload and download files
You can download and upload files from and to a TLR device, using utilities such as Secure Copy (SCP),
SSH File Transfer Protocol (SFTP), or an SFTP application such as FileZilla.
Upload files using SCP
To upload a file to a TLRdevice using SCP, the syntax is as follows:
scp
filename
This example uploads a file named script.py to TLRdevice 192.168.1.1:
$ scp script.py john@192.168.1.1:script.py
Password:
script.py 100%
3728 0.3KB/s 00:00
Download files using SCP
To download a file from a TLRdevice using SCP, the syntax is as follows:
username@
ip_address
:filename
scp username@
ip_address:filename
filename
This example downloads a file named config.da0 from TLR device 192.168.1.1 using the username
john to the local directory:
$ scp john@192.168.1.1:config.da0 config.da0
Password:
config.da0 100%
254 0.3KB/s 00:00
Upload files using SFTP
This example uploads a file named lr54-1.0.2.10.bin to TLR device 192.168.1.1 using the username
john:
$ sftp john@192.168.1.1
Password:
Connected to 192.168.1.1
sftp> put lr54-1.0.2.10.bin
Uploading lr54-1.0.2.10.bin to lr54-1.0.2.10.bin
lr54-1.0.2.10.bin 100%
24M 830.4KB/s 00:00
sftp> exit
$
Download files using SFTP
This example downloads a file named config.da0 from TLR device 192.168.1.1 using the username
john to the local directory:
$ sftp john@192.168.1.1
Password:
Connected to 192.168.1.1
sftp> get config.da0
Fetching config.da0 to config.da0
TransPort LR User Guide 124
Upload and download files
config.da0 100%
254 0.3KB/s 00:00
sftp> exit
$
TransPort LR User Guide 125
Command reference
These topics describe the command-line interface for TransPort LR devices and the commands
entered through the command-line interface.
TransPort LR User Guide 133
Command-line interface basics
digi.router> dsl mode ?
Syntax : dsl 1 mode <value>
Description : DSL line mode
Current Value : auto
Valid Values : auto, adsl2-plus, adsl2, gdmt, glite
Default value : auto
digi.router> dsl mode
Revert command elements using the ! character
Entering ! reverts an individual command element to its factory default. For example, to revert the
previous setting of interfaces on the lan command, enter:
lan 1 interfaces !
Auto-complete commands and parameters
When entering a command and parameter, pressing the Tab key causes the command-line interface
to auto-complete as much of the command and parameter as possible.
Auto-complete applies to these command elements only :
n Command names. For example, entering cell<Tab> auto-completes the command as cellular
n Parameter names. For example:
l ping int<Tab> auto-completes the parameter as interface
l system loc<Tab>auto-completes the parameter as location.
n Parameter values, where the value is one of an enumeration or an on|off type; for example,
eth 1 duplex auto|full|half
Auto-complete does not function for:
n Parameter values that are string types
n Integer values
n File names
n Select parameters passed to commands that perform an action
Enter configuration commands
Configuration commands configure settings for various device features. These commands have the
following format:
<command> <instance> <parameter> <value>
Where <instance> is the index number associated with the feature. For example, this command
configures the eth1 Ethernet interface:
eth 1 ip-address 10.1.2.3
For commands with only one instance, you do not need to enter the instance; for example:
system timeout 100
TransPort LR User Guide 136
Command-line interface basics
CPU : 3% (min 1%, max 70%, avg 3%)
Temperature : Not available
Description :
Location :
Contact :
digi.router>
Change the configuration file name
1. Change the name of the configuration file to be used at boot-up and when the configuration is
saved.
update config <filename>
2. If the new configuration file does not exist, enter the save on page 176 command to create
and save the configuration file.
save config
Related topics
Managing configuration files on page 102
Save configuration settings to a file on page 137
Use multiple configuration files to test the configuration on remote devices on page 107
Related commands
save on page 176
show system on page 199
Display status and statistics using "show" commands
show commands display status and statistics for various features. For example:
n show config on page 181 displays all the current configuration settings for the device. This is a
particularly useful during initial device startup after running the Getting Started Wizard, or
when troubleshooting the device.
n show system on page 199 displays system information and statistics for the device, including
CPU usage.
n show eth on page 186 displays status and statistics for specific or all Ethernet interfaces.
n show dsl on page 182 displays status and statistics for the DSLinterface.
n show cellular on page 178 displays status and statistics for specific or all cellular interfaces.
Enter file management commands
There are commands for managing files in the device's file system, such as copy, del, mkdr, rename,
rmdir.
For more information, see About the TLRfile system.
TransPort LR User Guide 138
Command descriptions
Command descriptions
Following are the TLR Family command-line interface commands. Commands are organized by
command type, in alphabetical order.
TransPort LR User Guide 140
Command descriptions
autorun
Configures commands to be automatically run at boot-up. Auto-run commands can be used for tasks
such as starting a Python program, switching configuration files, or scheduling a reboot. You can
configure up to 10 auto-run commands.
Syntax
autorun <1 - 10> <parameter> <value>
Parameters
command
Command to run.
Accepted value is any string up to 100 characters.
Examples
n
autorun 1 command \"python script.py\"
Automatically run a Python program.
TransPort LR User Guide 141
cd
Changes the current directory.
Syntax
cd [dir]
Parameters
dir
When a directory name is specified, 'cd' changes the current directory to it.
Command descriptions
TransPort LR User Guide 142
Command descriptions
cellular
Configures a cellular interface.
Syntax
cellular <1 - 2> <parameter> <value>
Parameters
state
Enables or disables the cellular interface, or enables it as an on-demand interface. The 'on-demand'
setting allows configuring the cellular interface as an on-demand interface. An on-demand interface
is brought up as needed if a higher priority goes down.
Accepted values can be one of off, on or on-demand. The default value is off.
description
A description of the cellular interface.
Accepted value is any string up to 63 characters.
apn
The Access Point Name (APN) for the cellular interface.
Accepted value is any string up to 63 characters.
apn-username
The username for the APN.
Accepted value is any string up to 63 characters.
apn-password
The password for the APN.
This element is available to all users.
Accepted value is any string up to 128 characters.
preferred-mode
The preferred cellular mode for the cellular interface.
Accepted values can be one of auto, 4g, 3g or 2g. The default value is auto.
connection-attempts
The number of attempts to establish a cellular connection. After this number of attempts, the cellular
module is power cycled, and the device attmpts to make a cellular connection again.
Accepted value is any integer from 10 to 500. The default value is 20.
Examples
n
cellular 1 state on
Enable the Cellular 1 interface.
TransPort LR User Guide 143
n
cellular 1 state off
Disable the Cellular 1 interface.
n
cellular 1 state on-demand
Disable Cellular 1 interface until the failover task brings it up.
n
cellular 2 apn broadband
Set the SIM slot 2 APN to 'broadband.'
n
cellular 1 username my-username
Set the SIM slot 1 username to 'my-username.'
n
cellular 1 password my-password
Set the SIM slot 1 password to 'my-password.'
Command descriptions
TransPort LR User Guide 144
clear
Clears system status and statistics, such as the event log, firewall counters, etc.
This command is available to super users only.
Syntax
clear firewall | log
Parameters
firewall
Clears firewall counters.
log
Clears the event log.
Examples
n
clear firewall
Clear the packet and byte counters in all firewall rules.
Command descriptions
n
clear log
Clear the event log and leaves an entry in the log after clearing.
TransPort LR User Guide 145
Command descriptions
cloud
Configures Digi Remote Manager settings.
Syntax
cloud <parameter> <value>
Parameters
state
Enables or disables Digi Remote Manager.
Value is either on or off. The default value is off.
server
The name of the Digi Remote Manager server.
Value should be a fully qualified domain name. The default value is my.devicecloud.com.
reconnect
The time, in seconds, between the device's attempts to connect to Digi Remote Manager.
Accepted value is any integer from 0 to 3600. The default value is 30.
keepalive
The interval, in seconds, used to contact the server to validate connectivity over a non-cellular
interface.
Accepted value is any integer from 10 to 7200. The default value is 60.
keepalive-cellular
The interval, in seconds, used to contact the server to validate connectivity over a cellular interface.
Accepted value is any integer from 10 to 7200. The default value is 290.
keepalive-count
Number of keepalives missed before the device disconnects from Remote Manager.
Accepted value is any integer from 0 to 10. The default value is 3.
TransPort LR User Guide 146
copy
Copies a file.
This command is available to all users.
Syntax
copy source dest
Parameters
source
The source file to be copied to the location specified by 'dest.'
dest
The destination file, or file to which the source file is copied.
Command descriptions
TransPort LR User Guide 147
Loading...