Manuals / Digi / Computer Equipment / Network Router

Digi 90000566_H manual Tunnel options, Name=tunnel name, Newname=tunnel name

Models: 90000566_H

1 278

Download 278 pages 26.72 Kb

Page 233

set vpn

antireplay={onoff}

Specifies whether the antireplay feature is on or off. Antireplay allows the IPsec tunnel receiver to detect and reject packets that have been replayed. It does this by adding information to the packets exchanged between VPN endpoints, to ensure that a third party cannot replay the same information to one of the VPN endpoints at a later time to recreate the secure channel again.

Important: If using manually-keyed tunnels, disable this option.

For negotiations to succeed, both the local and remote sides of the connection must be set to the same value. Set this field to match that at the remote VPN gateway. The default is “on.”

VPN tunnel options

VPN tunnel options are specified in this format:

set vpn tunnel [tunnel options] [manually-keyed options] [isakmp options]

Where:

set vpn tunnel

Specifies that the “set vpn” command is for configuring a VPN tunnel.

[tunnel options]

The VPN tunnel configuration options. The set of options specified depends on whether the method of establishing the VPN tunnel is manually-keyed or ISAKMP.

index={1-2}

The index number for an existing VPN tunnel.

name=tunnel name

A name that describes the VPN tunnel. This may be used to help identify each tunnel with a descriptive and unique name.

newname=tunnel name

The new name for the VPN tunnel.

mode={disabledmanually-keyedisakmp}The method of establishing the VPN tunnel.

disabled

The VPN tunnel is enabled or disabled. Use this option when creating several tunnels, where only one would be used initially. In that case, you would add a disabled tunnel for future use and enable it on a subsequent “set vpn” command.

manually-keyed

The VPN tunnel is established by manually keying in VPN tunnel and security settings. These settings must match the settings of the remote VPN endpoint. Manually-keyed VPNs do not use IKE/ ISAKMP. Manually-keyed VPN keys never expire.

isakmp

The VPN tunnel is established by specifying a list of security policies to negotiate a set of security settings from the remote VPN endpoint.

Chapter 2 Command Descriptions

233

Image 233

Digi 90000566_H manual Tunnel options, Name=tunnel name, Newname=tunnel name

Contents

Digi Connect Family Page Chapter Introduction Chapter Command DescriptionsContents Index 271 Modem Emulation CommandsWho 258 Contents Chapter T r o d u c t i o nFeature/Task Commands Quick Reference for Configuring FeaturesQuick Reference for Configuring Features Guide Feature/Task Commands Access the Command Line Access the Command LineConfigure an IP Address Basic Command Information Escape Processed as Sequence Entering Special Characters in String ValuesEscape Sequences for Special Characters Length Limitations on String ValuesIdentifying the User Model for Your Digi Connect Product User Models and User Permissions in Digi Connect ProductsOne-user Model Two-user ModelIncreasing Security for Digi Device Users Login Suppression FeatureUser Models and User Permissions in Digi Connect Products Verifying Device Support for Commands Verifying Device Support for CommandsFrom=serveripaddressfilename To=serveripaddressfilenameLoad file BootHost ip address See also ExamplesConnection number Session Type Default Escape KeysClose Serial port Ip address DhcpserverDisplay Dhcp server status Assigned expired Assigned activeReserved active Reserved inactiveReleased Offered pre-leaseUnavailable Address Set dhcpserver onDisplay Buffers Options AccesscontrolArp Ddns DeviceGpio MemorySerial SwitchesSockets SpdDisplay Virtual Private Network VPN status information Display device informationState OutputIp address Primary dns addrReset status No service Last reset reasonAdministrative Non-administrativeSession successes Lcp echo requestsSession failures Session consecutive failuresTotal bypasses Total link down requestsTail=number Display buffersTftp=serverfilename ServerDisplay port buffering information on the screen Set buffer onOutput buffering information to a Tftp server Output multi-port buffering information to a Tftp serverExit Displaying Online Help on Help and ? help and ?Icmp InfoEthernet Statistics, see Output on Displays statistics from the wireless Ethernet wlan tableDisplays statistics from the TCP table Displays statistics from the UDP tableIcmp statistics Statistic DescriptionEthernet statistics IP statistics Serial statistics UDP statistics TCP statisticsWireless Wlan statistics Display Icmp statistics Connection id KillRange Crmod=onoff OptionsBinary=onoff Name=string NewpassId=number Count=0n IpaddressInterval=milliseconds Size=bytesProvision Enter phone numbers as numbers only with no dashes Given youDisplay current provisioning parameters Manually provision the module for a SIP-only networkNai=network access id Spc=service programming code MSLMdn=mobile directory number Min=mobile ID numberPriha=primary host agent IP address Ha=home addressSecha=secondary host agent IP address Hass=host agent shared secretOtaspnumber= Otasp number for example, *228 Type=iotaType=otasp Program args Tftp server ipfilenameQuit =serial port s=session Auth command. The revert auth command revert authentication Revert multiple settingsRevert TimeOptions all AlarmAuth Autoconnect port=rangeEkahau LoginForwarding HostPmodem port=range ServicePppoutbound port=range Profile port=rangePhase1 Vpn allglobaltunnelphase1phase2Phase2 WirelessUser=user name -luser name Options EscSend Options Enabled=onoff Set accesscontrolOff Autoaddsubnets=onoffNetmask 255.255.255.0 to access this device server Subnets will be allowed to access this device serverSubnip1-32=ipaddress Subnmask1-32= maskConfigure alarms with general options applies to all alarms Set alarmConfigure alarms for a range set multiple alarms Devices supported Purpose Required permissions SyntaxConfigure alarms based on mobile signal strength GSM Configure alarms based on data pattern matchingConfigure alarms based on signal strength Cdma Configure alarms based on mobile temperatureMailserverip=ipaddress State= onoffFrom=string Cwm=onoffCc=string To=string Lowpins=list of lowpins Pins=list of pinsHighpins=list of highpins Reminderinterval=seconds Reminder=onoffTriggerinterval=seconds Mode=matchTime=max time Celldata=byte count thresholdMode=mobiletemp Mode=configchangeMode=1xevdounavail Mode=mobileunavailSet alarm #1 mode to Gpio mode Error conditions triggering alarmsSet alarm #1 to designate which pins trigger alarm Enable alarm #1Set snmp on Set alarm Turn alarm #10 onGpio input, Gpio output, or standard serial Set autoconnect Rlogin Service=rawrloginssltelnetState=onoff Trigger=alwaysdatadcddsrstringDescription=string Nodelay=onoffIpaddress=ipaddress Ipport=ipportSet network on Network IP destination when data arrives on the serial portSet serial on Set tcpserial onSet bsc Serialmode=bisync3270bisync3275 State=disabledenabledBaudrate=baud rateexternalclock Baud rateTextconversion=onoff Codeset=asciiebcdicPollingaddress=0x followed by 2 hex digits Selectionaddress=0x followed by 2 hex digitsRxtimeout=milliseconds Txretries option Poweronmessage=0x followed by up to 64 hex digitsNoresponsemessage=0x followed by up to 64 hex digits Size Options ClearPort Data will not be buffered and all data will be cleared from On mode and the buffer size to 64 kilobytesBuffer PauseRegistered with that service Update requests will be rejectedFor a user to display Dynamic DNS settings set permissions Ddnsupdater=readDisabled Service=disableddyndnsorgAction=updatenowclearstatus UpdatenowStandardhttp Ddpassword=passwordAlternatehttp SecurehttpDisplay on Dynamic DNS serviceNochg Command. See dhcpserver on User interface’s Network Configuration settingsFor a user to display Dhcp server settings set permissions Set dhcpserver set dhcpserverAction=setrevert Item=scopeSet RevertStartip=ip address Offerdelay=0-5000Endip=ip address Leasetime=timeinfiniteRange=1-16all Item=reservationIp=ip address Clientid=client MAC addressFirst address in the exclusion block Item=exclusionRange=1-4all Disable all reservations that were previously added Using the web UIIP address, which is the purpose of a reservation Is, reservations override exclusions102 Command Descriptions Dhcp terminology and managing Dhcp server operation Web user interface, the online help for Network SettingsDhcpserver on Set ekahau set ekahau Wireless deviceDigi Connect Wi-EM only Proprietary hardware componentsName=device name Id=device idServer=hostnameip address Set identifiers Enable Ekahau ClientOptions Duplex Set ethernetHalf Full100 SpeedPrivileges Set forwardingStaticrouteindex=1-8 Options ipforwarding=onoffAction=addchangedelete AddMask=subnet mask Net=destination ip addressGateway=ip address Metric=1-16Set nat on Settings under Network ConfigurationRouting information Devices supported Purpose Set gpioOptions Range=1-n Mode=serialinputoutputSignals Pin Number Default Serial Signal Signal DirectionMessages or Snmp traps when Gpio pins change Default serial signal settings for Gpio pinsOptions Add Set groupRemove Id=rangeDefaultaccess=nonecommandlinemenu Commandline=onoffCommandline Name= stringPermissions Examples DefaultOptions Name=name Device supportSet ia Configure network-based masters set ia master Configure serial-port connected devices set ia serialSerial settings, which include Instead of a set ia command with no optionsSerial= range Serial optionsChartimeout=3-99999 ms applies to master or slave Slavetimeout=10-99999 ms applies to slave onlyIdletimeout=0=disabled1-99000 seconds Table=1..8 applies to master onlyMedium Priority=highmediumlowModbus options Chartimeout=3-99000 ms Modbusrtu Modbusascii Modbustcp Messagetimeout=100-99000 msMaster=range Type=tcpudp126 Command Descriptions Addroute=route index Table optionsMoveroute=fromrouteindex,torouteindex Route optionsPort=serial port Mapto=protocol address Configuration settings in the Web user interface Settings for the Digi Connect WAN IARevert on page 61. The revert ia command options revert any Existing IA configuration settingsOptions Suppress=onoff Set loginQuitkey=key Previouskey=key Quitlabel=stringPreviouslabel=string Presskeylabel=stringSortby=nonekeylabel Title=string subtitle=stringKey LabelHorizontal Direction=horizontalverticalVertical Item=1-32Submenu=string Command=stringMenu displayed to the user upon selecting the menu item Contains spaces, enclose it in double quotesSet mgmtconnection Timedperiod=period Lkaupdateenabled=onoffTimedoffset=immediateoneperiodrandomtime ImmediateRetry timeout interval feature Clntreconntimeout=nonetimeoutDisplay current connection settings Set values for the client connectionSet mgmtglobal Settings set permissions s-mgmtglobal=rwSet permissions s-mgmtglobal=read Options Deviceid=hex stringTcpkeepalivesenabled=onoff Rcicompressionenabled=onoffTcpnodelayenabled=onoff Revertdeviceid Connidletimeout=nonetimeout valueOptions Networktype=modempppethernet802.11 Set mgmtnetworkModemppp 802.11Proxypassword=string Proxylogin=stringConnectionmethod=autononemtmdhproxy MdhMdhrxkeepalive=time Mtwaitcount=countMdhtxkeepalive=time Mdhwaitcount=countSettings set permissions s-router=rw Protocol forwarding settingsSet nat set nat Supported arePoenabled1-64=onoff Prenabled1-4=onoffMaxentries=64-1024 Prnumber1-4=greespPocount=1-64=number of ports in range, minimum Poproto1-64=tcpudpPoexternal1-64=number of ports in range, minimum Pointernal1-64=number of ports in range, minimumSet network Setting user permissions for commandsNetwork level WhereIp=device ip address Ip address optionsGateway=gateway ip Submask=device submaskTCP retransmit options TCP keepalive optionsGarp=30-3600 seconds ARP optionsArpttl=1-20 minutes Set passthrough Remote Device Management and IP Pass-through Using Pinholes to Manage the Digi Cellular Family DeviceHttp=passterminate Options State=enableddisabledHttps=passterminate Telnet=passterminatePing=passterminate Connectware=passterminateSurelink=passterminate On page 14 for more information Set permissionsHelp Permission descriptionsSet permissions Boot=noneexecute Backup=noneexecuteExecute SelfAccesscontrol=nonereadrw Rlogin=noneexecuteConnect=noneexecute Dhcpserver=noneexecuteDdnsupdater=nonereadrw Alarm=nonereadrwLogin=nonereadrw Autoconnect=noner-selfreadrw-selfw-self-rrwPermissions=nonereadrw Service=nonereadrwPmodem=noner-selfreadrw-selfw-self-rrw Ppp=nonereadrwVpn=nonereadrw User=nonereadrwWlan=nonereadrw Status=nonereadrwDisables modem emulation Enables modem emulationConfigure modem emulation Display modem-emulation settingsDisables Telnet processing Enables Telnet processingModem Emulation Commands for descriptions of Digi Specific commands for modem-emulation configurationsSet pppoutbound Pap Authmethod=nonePAPCHAPbothChap BothAddressmask=ip address mask Defaultgateway=yesnoProtocolcompression=onoff Addresscompression=onoffLcpkaquiettime=10-86400 seconds Lcpkeepalive=onoffAsyncmap=hex string 000A0000N1-4=phonenumber Ipcpdnsenabled=onoff Loginscript=chat scriptDisplay pppstats command displays the current status of PPP Dialscript=chat scriptPort as a console to access the command line interface Or displays the current port-profile settingsSet profile set profile Option’s descriptionOptions Port=port LocalconfigProfile=profile ConsolemanagementUdpsockets TcpsocketsTunneling For it to process Displays current terminal-emulation settingsSet putty Height=10-60 Width=80132Hostport=/com/0/com/1/vcom/0 Keyboardport=/com/0/com/1No KeyboardBlock Cursortype=noneblockunderlineverticalUnderline Blinkcursor=onoffCharacterset=host charset Character Set name Description Set putty Complete list of allowed character sets isKey mapping terminal emulation options Keymaprange=1-32 Deletekeymaprange=1-32Inseq=00-FF Outseq=00-FFWould enter Emulation settingsNow, to delete the first 2 entries One enterOptions Range=1 Command=filenameSet python Options State Exclusive=onoff Set realportOptions Keepalive=onoff Probecount, probeinterval, garbagebyte, and overridedhcp Set service keepalive=onoff, or clients such as autoconnectSet rtstoggle Postdelay=delay Predelay=delayAltpin=onoff Set serialCsize=5678 Baudrate=bpsFlowcontrol=hardwaresoftwarenone HardwareIpport=network port Set serviceOptions Range= range Delayedack=0-1000 Base network port number + serial port number Port Number Service Services Provided NetworkCommand Descriptions 195 Index numbers and changing default port numbers Set surelink on Service tableDevice is configured for IP passthrough Options Trapdestip=ipaddress Setsenabled=onoffPubliccommunity=string Privatecommunity=stringAuthfailtrap=onoff Logintrap=onoffColdstarttrap=onoff Linkuptrap=onoffDisplay current socket tunnel settings Configure a socket tunnelSet sockettunnel End initiated the tunnelToport=port number Fromport=port numberSet surelink set surelink Connection-failure settings can be disabled as wellPing Test TCP Connection TestSystemresetconnectfailures=1-2550=off Moduleresetconnectfailures=1-2550=offDisplay current SureLink settings Options for Hardware reset thresholdsPing Test=pingtcpdnsInterval DnsTrigger=intervalidle Ipport=1-65535 Interval=10-65535Dnsfqdn1=dns fqdn Dnsfqdn2=dns fqdnStatistics on page 35 for descriptions of these statistics Display pppstats command displays connection and activityConfigure MEI settings Set switches set switchesDisplay current MEI settings UsedOptions Range=range Wires=twofourMode=232485 232Current switch settings Display on page 27. The display switches command displaysRevert on page 61. The revert switches command reverts Set switches configurationOptions Description=string Set systemLocation=string Contact=stringThis command affects the following TCP serial connections Serial settingsConnections made using the autoconnect feature For a user to display the TCP serial settings for any lineSidstring=socketid string Endpattern=string Sendtime=01-65535msStrippattern=onoff Revert on Show onConfigure terminal settings Command line of the deviceDisplay current terminal settings Set termFor a user to display the UDP serial settings for any line Another service, the data will be sent to the serial portConnect WAN and ConnectPort Display Are logged in set permissions s-udpserial=r-selfSendtime=0 time Port= rangeSendcount= bytes Range=1-64 Sidstring=stringClostime=time UDP port of the destination to which data is sent UDP serial settingsIdentifies the range of UDP destinations to be displayed Data to be sent on to the network destinationDisplay user configuration attributes Change user configuration attributesFor a user to display user configuration attributes For a user to display and set user configuration attributesAssociate Maximum of 32 users can be definedTwo groups DisassociateUser cannot use group access rights Default is off Groupaccess=onoffUser is not allowed to access the custom menu interface Gid=numberDefaultgroup=nonegidgname Defaultaccess=nonecommandlinemenugroupGroup GidTftphost Publickey=tftphostfilenameclearTftphostfilename Splashtime=0-30 seconds Set videoPort=vnc server network port Password=vnc server passwordServer=vnc server ipaddrdns name Remote Access VNC Client Settings Configured globallyServer services are enabled and disabled by the set service VPN Settings and VPN Tunnel Settings Security associations SAs Display current VPN settingsDisplay current VPN settings Set IKE/ISAKMP SA Phase 1 OptionsSet IKE/ISAKMP SA Phase 2 Options Identity=fqdnuser fqdnip address Pfs=onoff Identity=ip-addressDhgroup=125 Newname=tunnel name Tunnel optionsName=tunnel name Manually-keyed options Remotevpnendpoint=fqdnip addressMode=manually-keyed Inboundspi=256Md5 Inboundauthentication=nonemd5sha1Sha1 Inboundauthkey=ascii keyhex keyInboundenckey=ascii keyhex key Outboundauthentication=nonemd5sha1Outboundspi=256 Outboundauthkey=ascii keyhex keyIsakmp options Encryption Authentication SA LifetimeMode=isakmp Sharedkey=ascii keyhex keyAuthentication=md5sha1 Set vpn phase1Authmethod=sharedkeydssrsa SharedkeySalifetime=10-232 Set vpn phase2Salifetimedata=0-232 Tunnel=1-2Encryption=nonedes3desaes Authentication=nonemd5sha1Salifetime=60-232 Salifetimedata=0 232 kilobytesSet wlan ConfiguringSettings PSK Authentication methods and associated data fieldsInner and outer protocols Configure wireless settingsSsid=string Open Authentication=Wepauth WpapskWep Encryption=open,wep,tkip,ccmp,anyTkip CcmpGtc Password=stringMschapv2 OtpWepkeyN=hex string Psk=stringUser permissions for commands Issued to the deviceSettings... column to go to the command descriptions ShowShow Command Descriptions 251 Display settings for a particular user Configuration table entry or range of entriesDisplay network configuration settings Command Descriptions 253 Session number Tcp port TelnetIp addr Disconnect Options StatusconnectdisconnectConnect Set vpn on page 228. The set vpn command configures VPN This command enables the tunnel at index 1 to be usedThis command Connections Management page in the Web user interface fromWho who To set permissions who=execute to use this command. SeeDisplays active connections to and from the device None at this timeModem Emulation Cable Signals What Is Modem Emulation?What Is Modem Emulation? Modes of OperationCommon User Scenarios for Modem Emulation User Scenario Diagram aUser Scenario Diagram B Outgoing Modem Emulation Connection Connection Scenarios for Modem EmulationIncoming Modem Emulation Connection Modem Emulation PoolingAccepted But Ignored AT Commands About the Commands in this ChapterFunction Result Command Code Modem Emulation AT Command SetEmulation configuration scenario Modem Emulation Commands 265 Function Result CommandRegister Definitions Register Function Range Units DefaultRegister Function Range Units Default Short Long Form Emulation commandsResult Codes 270 Modem Emulation Commands D e ESP GRE PSK Self user permission 198 Snmp