Digi WAN VPN, WAN, WAN IA, WAN 3G, WAN 3G IA User Manual

Digi Cellular Family

User’s Guide

Digi Cellular Family Products

Connect WAN Family:

®

Digi Connect

Digi Connect WAN GPRS

Digi Connect WAN GSM-R

Digi Connect WAN VPN

Digi Connect WAN IA

Digi Connect WAN 3G

Digi Connect WAN 3G IA

ConnectPort

ConnectPort WAN VPN

ConnectPort WAN Wi

ConnectPort WAN GPS

WAN

™

WAN Family:

90000753_E

©Digi International Inc. 2010. All Rights Reserved.
The Digi logo, Digi Connect, iDigi, ConnectPort, Digi SureLink, Digi Dialserv are trademarks or

registered trademarks of Digi International, Inc.
All other trademarks mentioned in this document are the property of their respective owners.
Information in this document is subject to change without notice and does not represent a

commitment on the part of Digi International.
Digi provides this document “as is,” without warranty of any kind, either expressed or implied,

including, but not limited to, the implied warranties of fitness or merchantability for a particular
purpose. Digi may make improvements and/or changes in this manual or in the product(s) and/or
the program(s) described in this manual at any time.

This product could include technical inaccuracies or typographical errors. Changes are periodically
made to the information herein; these changes may be incorporated in new editions of the
publication.

2

Contents

Contents........................................................................................................................................................................................ 3

About this guide...........................................................................................................................................................................6

Purpose................................................................................................................................................................................6

Audience..............................................................................................................................................................................6

Scope...................................................................................................................................................................................6

Where to find more information..........................................................................................................................................6

Digi contact information .....................................................................................................................................................7

Chapter 1: Introduction............................................................................................................................................................8

Important Safety Information..............................................................................................................................................8

Digi Cellular Family products.............................................................................................................................................9

Digi Connect™ WAN...............................................................................................................................................9

Digi Connect™ WAN VPN......................................................................................................................................9

Digi Connect™ WAN IA

Digi Connect WAN 3G IA......................................................................................................................................10

Digi Connect WAN 3G...........................................................................................................................................10

ConnectPort™ WAN VPN .....................................................................................................................................11

Wireless carrier certifications............................................................................................................................................11

Features .............................................................................................................................................................................12

User interfaces.........................................................................................................................................................12

Quick reference for configuring features ................................................................................................................13

Hardware features ...................................................................................................................................................18

Network interface features ......................................................................................................................................18

Configurable network services................................................................................................................................18

IP protocol support..................................................................................................................................................19

Mobile/Cellular features and protocol support........................................................................................................23

RealPort software....................................................................................................................................................24

Alarms.....................................................................................................................................................................24

Modem emulation ...................................................................................................................................................25

Security features......................................................................................................................................................25

Configuration management.....................................................................................................................................26

Customization capabilities ............................................................................................... .......................................26

Supported connections and data paths in Digi devices .....................................................................................................27

Interfaces for configuring, monitoring, and administering Digi devices.........................................................

Configuration capabilities .......................................................................................................................................30

Configuration interfaces..........................................................................................................................................30

Monitoring capabilities and interfaces....................................................................................................................36

Device administration .............................................................................................................................................37

.................30

3

Chapter 2: Configure Digi devices.........................................................................................................................................38

Default IP address and methods for assigning an IP address............................................................................................39

Configure an IP address using DHCP.....................................................................................................................39

Configure an IP address using Auto-IP...................................................................................................................39

Configure an IP address from the command-line interface......................................... ............................................40

IP addresses and the iDigi Platform........................................................................................................................40

Test the IP address configuration..................................... .......................................................................................40

Configuration through the iDigi Platform.........................................................................................................................41

Create an Account on iDigi.com...................................... .......................................................................................41

Add the Digi device to the idigi.com Device List...................................................................................................42

iDigi Platform views for configuring and managing Digi devices .........................................................................44

Configuration through the web interface..........................................................................................................................47

Open the web interface.............................................................. ..............................................................................47

Organization of the web interface...........................................................................................................................49

Change the IP address from the web interface, as needed ......................................................................................52

Network configuration settings ...............................................................................................................................53

Mobile (cellular) settings ........................................................................................................................................97

Serial port settings................................................................................................................................................110

Camera settings.....................................................................................................................................................119

Alarms...................................................................................................................................................................121

System settings......................................................................................................................................................125

Remote management settings................................................................................................................................131

Security settings ....................................................................................................................................................136

Position (GPS support)..........................................................................................................................................140

Applications ..........................................................................................................................................................142

Configuration through the command line .......................................................................................................................147

Access the command line........................... ...........................................................................................................147

Verify device support of commands .....................................................................................................................147

Configuration through Simple Network Management Protocol (SNMP)................................................................

.......150

Batch capabilities for configuring multiple devices........................................................................................................150

Chapter 3: Monitor and manage Digi devices....................................................................................................................151

Monitoring capabilities from the iDigi Platform.............................................................................................................152

Monitoring capabilities in the web interface...................................................................................................................153

Display system information ..................................................................................................................................153

Manage connections and services.........................................................................................................................168

Monitoring capabilities from the command line .............................................................................................................171

Commands for displaying device information and statistics ................................................................................171

Commands for managing connections and sessions ............................................................................................. 173

Monitoring Capabilities from SNMP.............................. ................................................................................................174

4

Chapter 4: Digi device administration ................................................................................................................................175

Administration from the web interface ...........................................................................................................................175

File management...................................................................................................................................................176

X.509 Certificate/Key Management .....................................................................................................................177

Backup/restore device configurations...................................................................................................................180

Update firmware and Boot/POST Code................................................................................................................181

Restore a device configuration to factory defaults................................................................................................182

Display system information ..................................................................................................................................184

Reboot the Digi device..........................................................................................................................................184

Enable/disable access to network services............................................................................................................184

Administration from the command-line interface...........................................................................................................185

Chapter 5: Specifications and certifications.......................................................................................................................186

Hardware specifications..................................................................................................................................................187

Digi Connect WAN product specifications...........................................................................................................187

ConnectPort WAN product specifications ............................................................................................................189

Digi Connect WAN 3G specifications..................................................................................................................190

Digi Connect WAN 3G IA specifications.............................................................................................................191

Wireless networking features..........................................................................................................................................192

Regulatory information and certifications.......................................................................................................................194

RF exposure statement ................................................................. .........................................................................194

FCC certifications and regulatory information (USA only)..................................................................................194

Industry Canada (IC) certifications.......................................................................................................................195

Safety statements...................................................................................................................................................196

International EMC (Electromagnetic Emissions/Immunity/Safety) standards.....................................................198

Chapter 6: Troubleshooting.................................................................................................................................................199

Troubleshooting Resources.............................................................................................................................................199

System status LEDs.........................................................................................................................................................200

Connect WAN Family LEDs and buttons.............................................................................................................200

ConnectPort WAN Family LEDs and buttons......................................................................................................203

Glossary....................................................................................................................................................................................205

5

Purpose

Audience

Scope

About this guide

This guide describes and shows how to provision, configure, monitor, and administer Digi devices.

This guide is intended for those responsible for setting up Digi devices. It assumes some
familiarity with networking concepts and protocols. A glossary is provided with definitions for
networking terms and features discussed in the content.

This guide focuses on configuration, monitoring, and administration of Digi devices. It does not
cover hardware details beyond a certain level, application development, or customization of Digi
devices.

Where to find more information

In addition to this guide, find additional product and feature information in the these documents:

 Online help and tutorials in the web interface for the Digi device
 Quick Start Guides
 RealPort
 Cellular 101 Tut orial
 Digi Connect Family Customization and Integration Guide
 iDigi tutorials and user’s guides
 Release Notes
 Cabling Guides
 Product information available on the Digi website, www.digi.com, and Digi's support

site at www.digi.com/support, including, Support Forums, Knowledge Base, Data
sheets/product briefs, application/solution guid es, and carrie r-specific documents

®

Installation Guide

 Python developer Wiki

6

Digi contact information

For more information about Digi products, or for customer service and technical support, contact
Digi International.

To Contact Digi International

Use:

by:

Mail Digi International

11001 Bren Road East
Minnetonka, MN 55343
U.S.A.

World Wide Web: http://www.digi.com/support/

email http://www.digi.com/contactus/email.jsp/

Telephone (U.S.) (952) 912-3444 or (877) 912-3444

Telephone (other locations) +1 (952) 912-3444 or (877) 912-3444

7

Introduction

CHAPTER 1

This chapter introduces Digi devices and their product families, types of connections and data
paths in which Digi devices can be used, and the interface options available for configuring,
monitoring, and administering Digi devices.

Important Safety Information

To avoid contact with electrical current:

Introduction

 Never install electrical wiring during an electrical storm.
 Never install an Ethernet connection in wet locations unless that connector is

specifically designed for wet locations.

 Use caution when installing or modifying lines.
 Use a screwdriver and other tools with insulated handles .
 Wear safety glasses or goggles.
 Do not place Ethernet wiring or connections in any conduit, outlet or junction box

containing electrical wiring.

 Installation of inside wire may bring you close to electrical wire, conduit, terminals and

other electrical facilities. Extreme caution must be used to avoid electrical shock from
such facilities. Avoid contact with all such facilities.

 Ethernet wiring must be at least 6 feet from bare power wiring or lightning rods and

associated wires, and at least 6 inches from other wire (antenna wires, doorbell wires,
wires from transformers to neon signs), steam or hot water pipes, and heating ducts.

 Do not place an Ethernet connection where it would allow a person to use an Ethernet

device while in a bathtub, shower, swimming pool, or similar hazardous location.

 Protectors and grounding wire placed by the service provider must not be connected to,

removed, or modified by the customer.

 Do not touch uninsulated Ethernet wiring if lightning is likely!
 External Wiring: Any external communications wiring installed needs to be constructed

to all relevant electrical codes. In the United States this is the National Electrical Code
Article 800. Contact a licensed electrician for details.

8

Digi Cellular Family products

In the Digi Cellular Family, there are two groups of products: Digi Connect WAN products and
ConnectPort WAN products.

Digi Connect™ WAN

Digi Connect W AN is a wireless WAN gateway . It provides high-performance Ethernet-to-wireless
communications through cellular GSM (Global System for Mobile communication) or CDMA
(Code Division Multiple Access) networks for primary and backup connectivity to remote
locations. It uses General Packet Radio Service (GPRS)/Enhanced Data Rates for GSM Evolution
(EDGE) to offer an easy and cost-effective means of connecting v irtually any remote location into
the corporate IP network. It is ideal for use where wired networks (for example, leased line/frame
relay, CSU/DSU, fractional T1) are not feasible or where alternative network connections are
required.

Benefits of wireless communications through Digi Connect WAN include instant deployment,
elimination of wiring costs and problems due to wire breaks, the ability to traverse firewalls, and
the ability to move the connection virtually anywhere.

Introduction

Digi Connect™ WAN VPN

The Digi Connect WAN VPN (Virtual Private Network) is a small cellular-enabled router that
securely connects remote subnets using the Encapsulati ng Security Pa yload (ESP) version of IPsec
(IP security) VPN technology. IPsec ESP uses IP protocol 50 and requires each VPN endpoint be
able to reach the other, which usually means each end has a public IP address. Authenticati on
Header (AH) is not currently supported.

The Digi Connect WAN VPN handles the routing between networks. Devices within the Digi
Connect WAN VPN’s private network can connect directly to devices on the other private network
with which the VPN tunnel is established. Configuring VPN tunnels using security settings and
methods ensures that the networks are secure.

The Digi Connect WAN VPN is based on the same feature set as Digi Connect WAN, plus VPN
capability.

9

Digi Connect™ WAN IA
Digi Connect WAN 3G IA

Digi Connect WAN IA is a full-featured serial-to-cellular or Ethernet-to-cellular router designed
for Industrial Automation applications. It features a DIN rail mount kit, terminal blocks for 9-30
VDC power input, Modbus to Modbus TCP conversion support, Class 1, Division 2 certification
and hardened temperature specifications.

Digi Connect WAN 3G IA is an industrial-grade 2.5 to 3G Wireless WAN GSM/GPRS/EDGE/
HSUPA, CDMA/EV-DO router/gateway.

These products offer all of the all of the functionality of the Digi Connect WAN VPN plus an
industrial-grade feature set, including a Modbus bridge for multi-master access and mixing of
protocols such as Modbus/TCP, Modbus/UDP, Modbus/RTU, and Modbus/ASCII. ModbusPlus
requires dedicated hardware and is not supported.

These products provide an alternative to traditional wired TCP/IP Wide Area Networks (W ANs),
using global wireless Cellular, and IPSec VPN technology to create secure primary and backup
network connectivity. It offers an easy, cost-effective means of securely connecting virtually any
remote location or device into the corporate IP network.

The Modbus Bridge functionality enables remote Masters to connect through both the Cellular IP
network and the local Ethernet. It supports these prot ocols:

Introduction

 Modbus/TCP transported by TCP/IP or UDP/IP
 Modbus/RTU transported by serial, TCP/IP, or UDP/IP
 Modbus/ASCII transported by serial, TCP/IP, or UDP/IP

The factory default settings for these products provide y ou wi th a ba se con figurat ion for In dustria l
Automation that you can modify from the device’s Telnet command-line interface. These factory
defaults should be sufficient for most Industrial Automation applications. Should you need to
change the settings from the factory defaults, use the “set ia” command, described in the Digi
Connect Family Command Reference. By default, these products use a a specialized set of serial
port configuration settings for Industrial Automation, or port profile, that you can associate with
serial ports during device configuration (See "About port profiles" on page 110).

For more details on the Modbus Bridge, see the Digi document Remote Cellular TCP/IP Access to
Modbus Ethernet and Serial Devices, P/N 90000773.

Digi Connect WAN 3G

Digi Connect WAN 3G is a 3G high-speed upgradeable HSUPA/EV-DO Rev A Wireless WAN
cellular router with integrated VPN. It provides primary and backup connectivity to remote sites
and devices.

10

ConnectPort™ WAN VPN

ConnectPort WAN VPN is a hardened, upgradeable 3G cellular router that provides secure high­speed wireless connectivity to remote sites and devices. It can be used for primary wireless
broadband network connectivity to equipment at remote locations, as well as for a backup to
existing landline communications. The ConnectPort WAN VPN is ideal for use where wired
networks (for example, leased line/frame relay, ISDN, DSL) are not feasible, or where alternative
network connections are required.

The flexible design of the ConnectPort WAN VPN ensures easy upgrading throug h supported Type
2 PCMCIA Card slots or PCI Express modules. With an upgradeable wire less network platform,
you can quickly migrate to future 3G platfo rms and beyond . ConnectPort WAN VPN also includes
two RS-232 serial ports for connecting legacy COM devices and a built-in four-port 10/100
Ethernet switch for connecting additional TCP/IP network devices.

Benefits of the ConnectPort WAN VPN include instant deployment, elimination of wiring costs,
elimination of problems due to wire breaks, and the flexibility to move the con ne cti on virtu all y
anywhere.

Applications include utilities, industrial a utomation, POS/retail, finan cial (ATMs), traffic, medical,
video surveillance and more. For applications requiring secure connections, ConnectPort WAN
VPN offers an available integrated IPsec VPN client/server for true end to end data protection.

Introduction

Wireless carrier certifications

Digi devices are being certified around the world with major carriers supporting these
technologies. For a current list of carrier certifi cations for your Digi product, go to dig i.com and go
the product pages for your product. Click the Specs tab of the product pages. Carrier certifications
are listed under Mobile Certifications or Carrier Certifications.

11

Features

User interfaces

Introduction

This is an overview of key features in Digi devices. Software features are covered in more detail in
the next three chapters. Hardware specifications and are covered in Chapter 5, "Specifications and
certifications".

There are several user interfaces for configuring and monitoring Digi devi ces, in clu di ng the
following. Some of these user interfaces can be cu stomized.

 The iDigi Platform

 A web-based interface for configuring, monitoring, and administering Digi devices. For

Digi devices that ship with a default IP address, simply connecting a laptop computer to
the Ethernet port of these products allows direct access to the web interface for
configuration.

 A command-line interface available via local serial port, telnet or SSH.
 Simple Network Management Protocol (SNMP).

12

Quick reference for configuring features

This guide primarily focuses on configuring, monitoring, and administ erin g D igi device s from the
web interface. This table provides a quick reference for configuring features and performing
device tasks, and where to find the features and settings in the web interface and this guide. Click
the page number in the Page column to jump to instructions on configuring or using the feature.
Some features are configurable from the command line interface only. In those cases, the
commands that configure the feature are noted. The command descriptions are in the Digi Conn ect
Family Command Reference.

Feature/task Path to feature in the web interface See page

Administration/Configuration management:

Introduction

File management: uploading and

downloading files, such as applet
files, and custom splash screens.

Python program file

management.

Backup/restore a configuration

from a TFTP server on the
network

Update firmware

Reset configuration to factory

defaults

System information, including

device identifiers and statistics

Reboot the Digi device

Certificate and key management,

including X.509, VPN, SSL,
SSH

Administration > File Management

176

See also the Digi Connect Family Customization and Integration Guide for
information on uploading and downloading files used to customized a Digi
device’s look-and-feel.

Applications > Python 142

Administration > Backup/Restore 180

Administration > Update Firmware 181

Administration > Factory Default Settings 182

Administration > System Information 184

Administration > Reboot 184

Administration > X.509 Certificate and Key Management 177

Alarms Configuration > Alarms 121

Autoconnection: automatically
connect a user to a server or network

Configuration > Serial Ports > port > Profile Settings > TCP Sockets >
Automatically establish TCP connections

device

Connection management:

Manage serial port connections

Management > Serial Ports 168

112

13

Introduction

Feature/task Path to feature in the web interface See page

Manage Virtual Private Network

Management > Connections > Virtual Private Network (VPN) Settings 168

(VPN) connections

Manage active system

Management > Connections > Active System Connections 168

connections

Manage network services

Management > Network Services

169

(Currently only DHCP server settings managed from here)

Domain Name System (DNS):

DNS Client

Dynamic DNS (DDNS) update

Dynamic Host Configuration Protocol
(DHCP) server

Configuration > Network > Advanced Network Settings 92

Configuration > Network > Dynamic DNS Update Settings 67

To configure a DHCP server:

60

Configuration > Network > DHCP Server Settings

To start and stop and show status of a DHCP server:

Management > Network Services > DHCP Server Management

Ethernet settings Configuration > Network > Advanced Network Settings 92

Event logging for the Digi device Management > Event Logging 168

Help on configuring features Help button on each page.

Host name for a device Configuration > Network > Advanced Network Settings > Host Name 92

Industrial Automation (IA) Configuration > Serial Ports > Select Port Profile > Industrial

146

Automation

The Industrial Automation port profile should address most configuration
scenarios. To fine-tune your IA settings, use the “set ia” command from the
command line. See the set ia command description in the Digi Connect
Family Command Reference.

For additional information on configuring Industrial Automation, see this
web site:
http://www.digi.com/support/ia

IP address settings Configuration > Network > IP Settings

39, 55, 60, 92

Configuration > Network > Advanced Settings

IP filtering / access control Configuration > Network > IP Filtering Settings 70

IP forwarding: Network Address

Configuration > Network > IP Forwarding Settings 71

Translation (NAT) and port
forwarding configuration/static routes

IP pass-through Configuration > Network > IP Pa ss-through 79

14

Feature/task Path to feature in the web interface See page

Mobile (cellular) settings:

Introduction

Provisioning the cellular

modules

Configuration > Mobile

For Digi Cellular product that have a cellular module, provisioning must be
performed once.

To launch a wizard for provisioning the module, go to
Configuration > Mobile. Under Mobile Service Provider Settings, click
the Provision Device button.

Provisioning can also be performed from the command line:

To provision the CDMA module: provision
To display existing provisioning parameters: displayprovisioning

Mobile service provider and

connection settings

SureLink™ Settings

Configuration > Mobile

Settings displayed vary by mobile service provider.

Configuration > Mobile > SureLink Settings.105

Modem emulation Configuration > Serial Ports > Port Profile Settings >

Modem Emulation

See the Connect Family Command Reference for modem emulation
commands.

Port logging: enabling port buffering
and displaying contents of a port
buffer

To enable port logging:

Configuration > Serial Ports > Advanced Serial Settings

To display the contents of a port buffer:
Management > Serial Ports > Port Logs

99

98, 105

114

116

Port profiles: sets of preconfigured

Configuration > Serial Ports > Port Profile Settings 110

serial-port settings for a particular
connection and use scenario

Python support: loading and running
custom programs authored in the
Python programming language.

RealPort (COM port redirection)
configuration

Applications > Python

For more information on writing and running Python programs, see the
Digi Python Programming Guide.

Configuration > Serial Ports > port > Port Pr ofile Settings > RealPort

See also the RealPort Installation Guide.

142

111

Remote device management Configuration > Remote Management 131

Reverting configuration settings Administration > Factory Default Settings 182

15

Feature/task Path to feature in the web interface See page

Security/access control features:

Introduction

Control access to inbound ports

Secure Shell Server (SSH)

Establish/change user name for a

user

Issue a new/cha nged password to

a user

Serial port configuration:

Basic serial port settings

Advanced serial port settings

Port profiles: associate a serial

port with a set of preconfigured
port settings for a specific use

Configuration > Serial Ports > port > Port Profile Settings >

110

TCP Sockets or UDP Sockets or Custom port profile

Configuration > Security > Enable SSH public key authentication

139, 65

Network > Network Services > Enable Secure Shell Server (SSH)

Configuration > Security 136

Configuration > Security 136

Configuration > Serial Ports > Basic Serial Settings 115

Configuration > Serial Ports > Advanced Serial Settings 116

Configuration > Serial Ports > Port Profile Settings 110

RCI over serial mode

RTS Toggle

TCP serial connections

UDP serial characteristics

Configuration > Serial Ports > Advanced Serial Settings 116

Configuration > Serial Ports > Advanced Serial Settings 116

Configuration > Serial Ports > port > Port Profile Settings >

112

TCP Sockets port profile

Configuration > Serial Ports > port > Port Profile Settings > UDP

113

Sockets port profile

16

Feature/task Path to feature in the web interface See page

Simple Network Management Protocol (SNMP):

Introduction

Configure SNMP through the

web interface

Enable/disable SNMP service

Enable/disable SNMP alarm

traps

Use SNMP as primary

configuration interface

Configuration > System > Simple Network Management Protocol
(SNMP) Settings

Configuration > Network > Network Services 64

Configuration > Alarms > alarm > Send SNMP trap to following
destination when alarm occurs

Basic network and serial settings configurable through standard and Digi­specific Management Information Blocks (MIBs).

128

123, 124

35, 150

More advanced settings must be set through the web or command-line user
interfaces, and sending alarms as SNMP traps must be configured through
the web interface, on the pages listed above.

System information: assign system-

Configuration > System > Device Identity Settings 125

identifying information to a device

Socket Tunnel Settings Configuration > Network > Socket Tunnel Settings 78

Statistics for Digi devices Administration > System Information 153

Status of Digi devices Management > Serial Ports, Connections, Network Services 168

VPN (Virtual Private Network) To configure VPN:

79

Configuration > Network > Virtual Private Network (VPN) Settings

To manage VPN:

Management > Connections > Virtual Private Network (V PN)
Connections

Wi-Fi (wireless LAN) devices:

Wireless LAN Settings Configuration > Network > WiFi LAN Settings 56

Wireless Security Settings Configuration > Network > WiFi Security Settings 57

Wireless 802.1x Authentication

Configuration > Network > WiFi 802.1x Settings 59

Settings

17

Hardware features

A summary of hardware features, including power-supply information, is in "Hardware
specifications" on page 187.

Network interface features

A detailed list of network interface features is in Chapter 5, "Specifications and certifications". Se e
also the data sheet for your Digi product.

Configurable network services

Access to network services can be enabled and disabled. This means that a device’s use of network
services can be restricted to those strictly needed by the device. To improve device security, non­secure services, such as Telnet, can be disabled.

Network services that can be enabled or disabled include:

 Advanced Digi Discovery Protocol (ADDP): can enable or disable ADDP, but cannot

change its network port number.

Introduction

 RealPort
 Encrypted RealPort
 HTTP/HTTPS
 Line Printer Daemon (LPD)
 Remote Login (rlogin)
 Remote Shell (rsh)
 Simple Network Management Protocol (SNMP)
 Telnet

In the web interface, access to network services is enabled and disabled on the Network Services
page of Network Configuration. For more information, see "Network services settings" on page 64.
In the command-line interface, network services are enabled and disabled through the set service
command. See the Digi Connect Family Command Reference for the set service command
description.

18

IP protocol support

All Digi devices include a Robust on-board TCP/IP stack with a built-in web server. Supported
protocols include, unless otherwise noted:

 Transmission Control Protocol (TCP)
 User Datagram Protocol (UDP)
 Dynamic Host Configuration Protocol (DHCP)
 Simple Network Management Protocol (SNMP)
 Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
 T e lnet Com Port Control Option (Telnet) including support of RFC 2217 (ability to

 Remote Login (rlogin)
 Line Printer Daemon (LPD)
 HyperText Transfer Protocol (HTTP)/HyperText Transfer Protocol over Secure Socket

Introduction

control serial port through Telnet). See "Serial data communication over TCP and UDP"
on page 20 for additional information.

Layer (HTTPS)

 Simple Mail Transfer Protocol (SMTP)
 Internet Control Message Protocol (ICMP)
 Internet Group Management Protocol (IGMP)
 Address Resolution Protocol (ARP)
 Advanced Digi Discovery Protocol (ADDP)
 Point to Point Protocol (PPP)
 Network Address Translation (NAT)/Port Forwarding
 Secure Shell (SSHv2)
 Generic Routing Encapsulation (GRE) Passthrough
 IPSec Encapsulating Security Payload (ESP) on most models
 ESP Passthrough

Following is an overview of some of the services provided by these protocols.

19

Introduction

Serial data communication over TCP and UDP

Digi devices support serial data communication over TCP and UDP. Key features include:

 Serial data communication over TCP, also known as autoconnect and tcpserial can

automatically perform the following functions:
– Establish bidirectional TCP connections, known as autoconnections, between the serial

device and a server or other network device. Autoconnections can be made based on

data and or serial hardware signals.
– Control forwarding characteristics based on size, time, and pattern
– Allow incoming raw, Telnet, and SSL/TLS (secure-socket) connections
– Support RFC 2217, an extension of the Telnet protocol

 Serial data communication over UDP, also known as udpserial, can automatically

perform the following functions:
– Digi Connect products can automatically send serial data to one or more devices or

systems on the network using UDP sockets. Options for sending data include whether

specific data is on the serial line, a specific time period ha s elapsed, or after the specified

number of bytes has been received on the serial port.
– Control forwarding characteristics based on size, time, and patterns.
– Support incoming datagrams from multiple destinations.
– Support outgoing datagrams sent to multiple destinations.

 TCP/UDP forwarding characteristics.
 Extended communication control on TCP/UDP data paths.

–Timeout
–Hangup
– User-configurable Socket ID string (text string identifier on autoconnect only)

Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) can be used to automatically assign IP addresses,
deliver TCP/IP stack configuration parameters such as the subnet mask and default router, and
provide other configuration information. For furt her details, see "Configure an IP address using
DHCP" on page 39.

Auto-IP

Auto-IP is a protocol that will automatical ly assign an IP address from a reserved pool of standard
Auto-IP addresses to the computer on which it is installed. For Di gi dev ice s ar e set to ob tai n it s IP
address automatically from a DHCP server and the DHCP server is unavailable or nonexistent,
Auto-IP will assign the device an I P address. For further details, see "Configure an IP address
using Auto-IP" on page 39.

20

Introduction

Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP) is a protocol for managing and monitoring
network devices. SNMP architecture enables a network administrator to manage nodes--servers,
workstations, routers, switches, hubs, etc.--on an IP network; manage network performance, find
and solve network problems, and plan for network growth. Digi devices support SNMP Versions 1
and 2. For more information on SNMP as a device-management interface, see "Simple Network
Management Protocol (SNMP)" on page 35. For a list SNMP-related of supported Request for
Comments (RFCs) and Management Information Bases (MIBs), see page 128.

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) are used to provide authentication
and encryption for Digi devices. For more information, see "Security features" on page 25.

Telnet

Digi devices support the following types of Telnet connections:

 Telnet Client
 Telnet Server
 Reverse Telnet, often used for console management or device management
 Telnet Autoconnect
 RFC 2217, Telnet Com Port Control Option, an extension of the Telnet protocol

For more information on these connections, see "Supported connections and data paths in Digi
devices" on page 27. Access to Telnet network services can be enabled or disabled.

Remote Login (rlogin)

Users can perform logins to remote systems (rlogin). Access to rlogin service can be enabled or
disabled.

Line Printer Daemon (LPD)

The Line Printer Daemon (LPD) allows network printing over a serial port. Each serial port has a
dedicated LPD server that is independently configurable. Access to LPD service can be enabled or
disabled.

HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol over Secure Socket Layer (HTTPS)

Digi devices provide web pages for configuration that can be secured by requ iring a user login.

Internet Control Message Protocol (ICMP)

ICMP statistics can be displayed, including the number of messages received, bad messages
received, and destination unreachable messages received.

21

Introduction

Point-to-Point Protocol (PPP)

The Point-to-Point Protocol (PPP) transports multi-prot ocol packet s over point-to -point links. PPP
encapsulates the data packet, allows the server to inform the dial-up client of its IP address (or
client to request the IP address), authenticates the exchange, negotiates multiple protocols, and
reassembles the data packet for network communication. Digi Cellular Family devices support
PPP as the connection protocol from the Digi device to the cellu lar IP network with NAT (Network
Address Technology).

Network Address Translation (NAT)/Port Forwarding

Network Address Translation (NAT) reduces the need for a large amount of publicly known IP
addresses by creating a separation between publicly known and privately known IP addresses.

Advanced Digi Discovery Protocol (ADDP)

The Advanced Digi Discovery Protocol (ADD P) runs o n an y o pe r ati ng sy ste m c ap abl e o f se nd ing
multicast IP packets on a network. ADDP allows the system to identify all ADDP-enabled Digi
devices attached to a network by sending out a multicast packet. The Digi devices respond to the
multicast packet and identify themselves to the client sending the multicast.

ADDP communicates with the TCP/IP stack using UDP. The TCP/IP stack should be able to
receive multicast packets and transmit datagrams on a network.

Not all Digi devices support ADDP. Access to ADDP service can be enabled or disabled, but the
network port number for ADDP cannot be changed from its default.

Generic Routing Encapsulation (GRE) Passthrough
Encapsulating Security Payload (ESP)
ESP Passthrough

Generic Routing Encapsulation (GRE) and Encapsulating Security Payload (ESP) are routing
protocols that are used to route (tunnel) various types of information between networks.

GRE applies to the encapsulation of IP datagrams tunnelled through the internet. The
encapsulation includes security , typically in the form o f IPSec (IP security), and i s most commonly
found in VPN (Virtual Private Network) implementation. RFC (Request For Comment) 1701 and
1702 define these standards.Similarly, ESP is used in conjunction with IPsec as a possible way of
carrying IP packets for a Virtual Private Network (VPN) setup. ESP is defined in RFC 2406.

In ESP Passthrough and GRE Passthrough, inbound IPsec ESP or GSP protocol traffic is
forwarded from to a VPN device connected to the Digi device’s Ethernet port.

Note: If an Auto-key Internet Key Exchange (IKE)-based VPN is used, UDP port 500 must also be
forwarded.

22

Mobile/Cellular features and protocol support

Key cellular features in cellular-enabled Digi devices include:

 Cellular network bandwidth
 GSM: GPRS, EDGE, UMTS, HSPA

 CDMA: 1xRTT, Ev-DO (Revs 0 and A)
 Antenna connector:
 3-5 Vol t SIM card
 Transmit power:
 Provisioning made easy through a wizard (Mobile Device Provisioning Wizard)
 IPSec ESP / IKE
 IP Pass-through, also known as bridge mode

Provisioning wizard

For Digi devices equipped with a Code-Division Multiple Access (CDMA)-based cellular modem,
a wizard is available in the web interface to properly configure the Digi device with the required
configuration used to access the mobile network. The wizard allows for bo th automatic and manual
provisioning for a variety of mobile service providers.

Introduction

Digi SureLink™

Digi Connect Family, Digi Cellular Family, and ConnectPort X Family products support the Digi
SureLink™ feature. Digi SureLink provides an “always-on” mobile network connection to ensure
that a Digi device is in a state where it can connect to the network. It does this through hardware
reset thresholds and periodic tests of the connection.

Mobile/Cellular protocols

Mobile/cellular protocols supported in clu de, unless otherwise noted:

 Global System for Mobile communication (GSM)
 General Packet Radio Service (G PRS)
 Enhanced Data Rates for GSM Evolution (EDGE)
 Universal Mobile Telecommunications Service (UMTS)
 High Speed Packet Access (HSPA)
 Code-Division Multiple Access (CDMA)
 Evolution-Data Optimized (EV-DO, EVDO, or 1xEV-DO)

23

RealPort software

Introduction

Digi devices use the patented RealPort COM/TTY port redirection for Microsoft Windows.
RealPort software provides a virtual connection to serial devices, no matter where they reside on
the network. The software is installed directly on the host PC and allows applications to talk to
devices across a network as though the devices were directly attached to the host. Actually, the
devices are connected to a Digi device somewhere on the network.

RealPort is unique among COM port re-directors be cause it is th e only implementa tion that allows
multiple connections to multiple ports over a single TCP/IP connection. Other implementations
require a separate TCP/IP connection for each serial port. Unique features also include full
hardware and software flow control, as well as tunable latency and throughput.

Access to RealPort services can be enabled or disabled.

Encrypted RealPort

Digi devices also support RealPort software with encryption. Encrypted RealPort offers a secure
Ethernet connection between the COM or TTY port and a device server or terminal server.
Encryption prevents internal and external snooping of data across the network by encapsulating the
TCP/IP packets in a Secure Sockets Layer (SSL) connection and encrypting the data using
Advanced Encryption Standard (AES), one of the latest, most effi cient security algo rithms. Access
to Encrypted RealPort services can be enabled or disabled.

Alarms

Digi’s RealPort with encryption driver has earned Microsoft’s Windows Hardware Quality Lab
(WHQL) certification. Drivers are available for a wide range of operating systems, including
Microsoft Windows Server 2003, Windows XP, Windows 2000, Windows NT, Windows 98,
Windows ME; SCO Open Server; Linux; AIX; Sun Solaris SPARC; Intel; and HP-UX. It is ideal
for financial, retail/point-of-sale, government or any application requiring enhanced security to
protect sensitive information.

Digi devices can be configured to issue alarms, in the form of email message or SNMP traps, when
certain device events occur. These events include certain data patterns being detected in the data
stream, and cellular alarms for signal strength and amount of cellular traffic for a given period of
time. Receiving alarms about these conditions provides the advantage of notifications being issued
when events occur, rather than having to monitor the device on an ongoing basis to determine
whether these events have occurred. Alarms can also be forwarded to the iDigi platform for display
and management in that platform. For more information on configuring alarms, see "Alarms" on
page 121.

24

Modem emulation

Security features

Introduction

Digi devices include a configuration profile that allows the device to emulate a modem. Modem
emulation sends and receives modem responses to a serial de vice over TCP/IP (in clud ing Ethe rnet
and Cellular) instead of Public Switched Telephone Network (PSTN). The modem emulation
profile allows maintaining a current software application but using it over the less expensive
Ethernet network. In addition, Telnet processing can be enabled or disabled on the incoming and
outgoing modem-emulation connections.The modem-emulation commands supported in Digi
devices are documented in the Digi Connect Family Command Refe rence.

Security-related features in Digi devices include:

Secure access and authentication

 One password, one permission level.
 Can issue passwords to device users.
 Can selectively enable and disable network services such as ADDP, RealPort,

Encrypted RealPort, HTTP/HTTPS, LPD, Remote Login, Remote Shell, SNMP, and
Telnet.

 Can control access to inbound ports.
 Secure sites for configuration: HTML pages for configuration have appropriate security.
 Can control access to specific devices, IP addresses, or networks through IP filtering.

Encryption

 Strong Secure Sockets Layer (SSL) V3.0/ Transport Layer Security (TLS) V1.0-based

encryption: DES (64-bit), 3DES (192-bit), AES (128-/192-/256-bit), IPsec ESP: DES,
3DES, AES.

 Encrypted RealPort offers encryption for the Ethernet connection between the COM/

TTY port and the Digi device. Encryption prevents internal and external snooping of
data across the network by encapsul ati ng the TCP/IP pa cket s in a Secure Sockets Layer
(SSL) connection and encrypting the data using the Advanced Encryption Standard
(AES) security algorithm.

SNMP security

 Authorization: Changing public and private community names is recommended to

prevent unauthorized access to the device.

 SNMP “set” commands can be disabled to make use of SNMP read-only.

25

Configuration management

Once a Digi device is configured and running, configur ation-management tasks need to be
periodically performed, such as:

 Upgrading firmware
 Copying configurations to and from a remote host
 Software and factory resets
 Rebooting the device
 Memory management
 File management

For more information on these configuration-management tasks, see Chapter 4, "Digi device
administration".

Customization capabilities

Several aspects of using Digi devices can be customized. For example:

Introduction

 The look-and-feel of the device inte rface can be customized , to use a dif ferent company

logo or screen colors.

 Custom applications written in Python can be executed.
 Custom factory defaults to which devices can be reverted can be defined.

The Digi Connect Family Customization and Integration Guide (Part Number 90000734; available
with the Digi Connect Integration Kit) describes c ustomization and integration tools and processes.
Contact Digi International for more information on the Digi Connect Integration Kit cust omization
tools and resources and for assistance with customization efforts.

26

Supported connections and data paths in Digi devices

Digi devices allow for several kinds of connections and pat hs for data flow between the Digi
device and other entities. These connections can be grouped into two main categories:

 Network services, in which a remote entity initiates a connection to a Digi device.
 Network/serial clients, in which a Digi device initiates a network connection or op ens a

serial port for communication.

This discussion of connections and data paths may be helpful in understanding the effects of
enabling certain features and choosing certain settings when configuring Digi products.

Network services

A network service connection is one in which a remote entity initiates a connection to a Digi
device. There are several categories of network services:

 Network services associated with specific serial ports
 Network services associated with serial ports in general
 Network services associated with the command-line interface (CLI)

Introduction

Network services associated with specific serial ports

 Reverse Telnet: A telnet connection is made to a Digi device, in which data is passed

transparently between the telnet connection and a named serial port.

 Reverse raw socket: A raw TCP socket connection is made to a Digi device, in which

data is passed transparently between the socket and a named serial port.

 Reverse TLS socket: An encrypted raw TCP socket is made to a Digi device, in which

data is passed transparently to and from a named serial port.

 LPD: A TCP connection is made to a named serial port, in which the Digi device

interprets the LPD protocol and sends a print job out of the serial port.

 Modem emulation, also known as Pseudo-modem (pmodem): A TCP connection is

made to a named serial port, and the connection will be “interpreted” as an incoming
call to the pseudo-modem.

27

Introduction

Network services associated with serial ports in general

 RealPort: A single TCP connection manages (potentially) multiple serial ports.
 Modem emulation, also known as pseudo-modem (pool): A TCP connection to the

“pool” port is interpreted as an incoming call to an available pseudo-modem in the
“pool” of available port numbers.

 rsh: Digi devices support a limited implementation of the Remote shell (rsh) protocol, in

that a single service listens to connections and allows a command to be executed. Only
one class of commands is allowed: a single integer that specifies which serial port to
connect to. Otherwise, the resulting connection is somewhat similar to a reverse telnet
or reverse socket connection.

 DialServ: Connecting a DialServ device to the serial port. DialServ simulates a public

switched telephone network (PSTN) to a modem and forwards the data to th e serial port.
The Digi device sends and receives the data over an IP network.

Network services associated with the command-line interface

 Telnet: A user can Telnet directly to a Digi device’s command-line interface.
 rlogin: A user can perform a remote login (rlogin) to a Digi device’s command-line

interface.

Network/serial clients

A network/serial client connection is one in which a Digi device initiates a network connection or
opens a serial port for communication. There are several categories of network/serial client
connections:

 Autoconnect behavior client connections
 Command-line interface (CLI)-based clients
 Modem emulation (pseudo-modem) client connections

Autoconnect behavior client connections

In client connections that involve autoconnect behaviors, a Digi device initiates a network
connection based on timing, serial activity, or serial modem signals. Autoconnect-related client
connections include:

 Raw TCP connection: The Digi device initiates a raw TCP socket connection to a

remote entity.

 T eln et connec tion: The Digi dev ice initi ates a TCP co nnectio n using th e Telnet protocol

to a remote entity.

 Raw TLS encrypted connection: Th e Di gi devi ce init iates an encrypted raw TCP socket

connection to a remote entity.

 Rlogin connection: The Digi device initiates a TCP connection using the rlogin protocol

to a remote entity.

28

Introduction

Command-line interface (CLI)-based client connections

Command-line interface based client connections are available for use once a user has established
a session with the Digi device’s CLI. CLI-based client connections include:

 telnet: A connection is made to a remote entity using the Telnet protocol.
 rlogin: A connection is made to a remote entity using the Rlogin protocol .
 connect: Begin communicating with a local serial port.

Modem emulation (pseudo-modem) client connections

When a port is in the modem-emulation or pseudo-modem mode, it can initiate network
connections based on AT command strings received on the serial port.The AT commands for
modem emulation are documented in the Digi Connect Family Command Reference.

29

Introduction

Interfaces for configuring, monitoring, and administering Digi devices

There are several interfaces for configuring, monitoring, and administering Digi devices. These
interfaces are covered in more detail later in this guide.

Configuration capabilities

Device configuration involves setting values and enabling features for such areas as:

 Network configuration: Specifying the device’s IP address settings, network-service

settings, and advanced network settings.

 Mobile (cellular) configuration: Specifying the mobile service provider and mobile

connection settings for the device.

 Serial port configuration: Specifying the serial port characteristics for the device.
 Alarms: Defining whether alarms should be issued, the conditions that trigger alarms,

and how the alarms should be delivered.

 Security/Users configuration: Configuring security features, such as whether password

authentication is required for device users.

 System configuration: Specifying system-identifying information, such as a device

description, contact person, and physical location.

Configuration interfaces

Several interfaces are available for configuring Digi devices, including:

 The Digi Device Discovery Utility, which locates Digi devices on a network, and allows

opening the web interface for the devices.

 The iDigi platform, a configuration interface to fine-tune or monitor devices. The iDigi

Platform cannot assign an IP address but it can change one.

 A web-based interface embedded with the product, providing device configuration

profiles for quick serial-port configuration and other settings.

 A command-line interface (CLI).
 Remote Command-line Interface (RCI) protocol
 Simple Network Management Protocol (SNMP).

30