Manuals / Digi / Computer Equipment / Network Router

Digi 90000566_H manual Authentication=nonemd5sha1, Encryption=nonedes3desaes, Salifetime=60-232

Models: 90000566_H

1 278

Download 278 pages 26.72 Kb

Page 240

set vpn
	authentication={nonemd5sha1}
	The authentication algorithm used in authenticating clients.
	none
	No authentication. No authentication can be used to save time and
	CPU cycles. It is not as secure, but the peers were authenticated in
	phase 1.
	md5
	MD5 authentication, which uses 128-bit keys.
	sha1
	SHA1 authentication, which uses 160-bit keys.
	encryption={nonedes3desaes}
	The encryption algorithm used for encrypting data.
	none
	No encryption is used. One use of IPsec is to tie to private networks
	together. If security is not a major concern, encryption can be
	disabled to save on processing and overhead.
	des
	DES encryption, which uses 64-bit keys.
	3des
	3-DES encryption, which uses 192-bit keys.
	aes
	AES encryption, which uses either 128-bit, 192-bit, or 256-bit keys
	depending on the negotiated security settings.
	sa_lifetime=60-2^32
	Determines how long a Security Association (SA) policy is active, in
	seconds. After the SA has been negotiated, the SA lifetime begins.
	Once the lifetime has completed, a new set of SA policies are
	negotiated with the remote VPN endpoint.
	sa_lifetime_data=(0 - 2^32) (kilobytes)
	The amount of data, in bytes or kilobytes, that is sent and received until
	the SA is renegotiated. This value is analogous to the SA lifetime. Also
	known as SA life size.
See also	• "display" on page 27. The “display sadb,” “display sp,” and “display vpn”
	commands display VPN-related connection and status information.
	• "revert" on page 61. The “revert vpn” options revert groups of VPN
	settings, or all VPN settings.
	• "show" on page 249.
	• "vpn" on page 256. The “vpn” command is used to manage and display
	the status of VPN tunnels.
	• The VPN settings in the Web user interface (Network > Virtual Private
	Network (VPN) Settings) and the online help for these settings.
	• The Digi Cellular Family User’s Guide section titled “Virtual Private
	Network (VPN) Settings.”

240	Chapter 2 Command Descriptions

Image 240

Digi 90000566_H Authentication=nonemd5sha1, Encryption=nonedes3desaes, Salifetime=60-232, Salifetimedata=0 232 kilobytes

Contents

Digi Connect Family Page Chapter Command Descriptions Chapter IntroductionContents Modem Emulation Commands Who 258Index 271 Contents T r o d u c t i o n ChapterQuick Reference for Configuring Features Quick Reference for Configuring FeaturesFeature/Task Commands Guide Feature/Task Commands Access the Command Line Configure an IP AddressAccess the Command Line Basic Command Information Entering Special Characters in String Values Escape Processed as SequenceEscape Sequences for Special Characters Length Limitations on String ValuesUser Models and User Permissions in Digi Connect Products Identifying the User Model for Your Digi Connect ProductOne-user Model Two-user ModelLogin Suppression Feature Increasing Security for Digi Device UsersUser Models and User Permissions in Digi Connect Products Verifying Device Support for Commands Verifying Device Support for CommandsTo=serveripaddressfilename From=serveripaddressfilenameBoot Host ip addressLoad file Examples See alsoSession Type Default Escape Keys CloseConnection number Serial port Dhcpserver Ip addressDisplay Dhcp server status Assigned active Assigned expiredReserved active Reserved inactiveOffered pre-lease ReleasedUnavailable Address Set dhcpserver onDisplay Options Accesscontrol ArpBuffers Device DdnsGpio MemorySwitches SerialSockets SpdDisplay device information Display Virtual Private Network VPN status informationOutput StateIp address Primary dns addrReset status Last reset reason No serviceAdministrative Non-administrativeLcp echo requests Session successesSession failures Session consecutive failuresTotal link down requests Total bypassesDisplay buffers Tail=numberTftp=serverfilename ServerSet buffer on Display port buffering information on the screenOutput buffering information to a Tftp server Output multi-port buffering information to a Tftp serverExit Help and ? help and ? Displaying Online Help onInfo EthernetIcmp Displays statistics from the wireless Ethernet wlan table Statistics, see Output onDisplays statistics from the TCP table Displays statistics from the UDP tableStatistic Description Ethernet statisticsIcmp statistics IP statistics Serial statistics TCP statistics UDP statisticsWireless Wlan statistics Display Icmp statistics Kill RangeConnection id Options Binary=onoffCrmod=onoff Newpass Id=numberName=string Ipaddress Count=0nInterval=milliseconds Size=bytesProvision Given you Enter phone numbers as numbers only with no dashesDisplay current provisioning parameters Manually provision the module for a SIP-only networkSpc=service programming code MSL Nai=network access idMdn=mobile directory number Min=mobile ID numberHa=home address Priha=primary host agent IP addressSecha=secondary host agent IP address Hass=host agent shared secretType=iota Type=otaspOtaspnumber= Otasp number for example, *228 Tftp server ipfilename Program argsQuit =serial port s=session Revert multiple settings Auth command. The revert auth command revert authenticationRevert TimeAlarm Options allAuth Autoconnect port=rangeLogin EkahauForwarding HostService Pmodem port=rangePppoutbound port=range Profile port=rangeVpn allglobaltunnelphase1phase2 Phase1Phase2 WirelessOptions Esc User=user name -luser nameSend Set accesscontrol Options Enabled=onoffOff Autoaddsubnets=onoffSubnets will be allowed to access this device server Netmask 255.255.255.0 to access this device serverSubnip1-32=ipaddress Subnmask1-32= maskSet alarm Configure alarms with general options applies to all alarmsConfigure alarms for a range set multiple alarms Devices supported Purpose Required permissions SyntaxConfigure alarms based on data pattern matching Configure alarms based on mobile signal strength GSMConfigure alarms based on signal strength Cdma Configure alarms based on mobile temperatureState= onoff Mailserverip=ipaddressFrom=string Cwm=onoffCc=string To=string Pins=list of pins Highpins=list of highpinsLowpins=list of lowpins Reminder=onoff Reminderinterval=secondsTriggerinterval=seconds Mode=matchCelldata=byte count threshold Time=max timeMode=configchange Mode=mobiletempMode=1xevdounavail Mode=mobileunavailError conditions triggering alarms Set alarm #1 mode to Gpio modeSet alarm #1 to designate which pins trigger alarm Enable alarm #1Set alarm Turn alarm #10 on Gpio input, Gpio output, or standard serialSet snmp on Set autoconnect Service=rawrloginssltelnet RloginState=onoff Trigger=alwaysdatadcddsrstringNodelay=onoff Description=stringIpaddress=ipaddress Ipport=ipportNetwork IP destination when data arrives on the serial port Set network onSet serial on Set tcpserial onSet bsc State=disabledenabled Serialmode=bisync3270bisync3275Baudrate=baud rateexternalclock Baud rateCodeset=asciiebcdic Textconversion=onoffPollingaddress=0x followed by 2 hex digits Selectionaddress=0x followed by 2 hex digitsRxtimeout=milliseconds Poweronmessage=0x followed by up to 64 hex digits Noresponsemessage=0x followed by up to 64 hex digitsTxretries option Options Clear PortSize On mode and the buffer size to 64 kilobytes Data will not be buffered and all data will be cleared fromBuffer PauseUpdate requests will be rejected Registered with that serviceFor a user to display Dynamic DNS settings set permissions Ddnsupdater=readService=disableddyndnsorg DisabledAction=updatenowclearstatus UpdatenowDdpassword=password StandardhttpAlternatehttp SecurehttpDynamic DNS service NochgDisplay on User interface’s Network Configuration settings Command. See dhcpserver onFor a user to display Dhcp server settings set permissions Set dhcpserver set dhcpserverItem=scope Action=setrevertSet RevertOfferdelay=0-5000 Startip=ip addressEndip=ip address Leasetime=timeinfiniteItem=reservation Range=1-16allIp=ip address Clientid=client MAC addressItem=exclusion Range=1-4allFirst address in the exclusion block Using the web UI Disable all reservations that were previously addedIP address, which is the purpose of a reservation Is, reservations override exclusions102 Command Descriptions Web user interface, the online help for Network Settings Dhcpserver onDhcp terminology and managing Dhcp server operation Wireless device Set ekahau set ekahauDigi Connect Wi-EM only Proprietary hardware componentsId=device id Server=hostnameip addressName=device name Enable Ekahau Client Set identifiersSet ethernet Options DuplexHalf FullSpeed 100Set forwarding PrivilegesOptions ipforwarding=onoff Staticrouteindex=1-8Action=addchangedelete AddNet=destination ip address Mask=subnet maskGateway=ip address Metric=1-16Settings under Network Configuration Routing informationSet nat on Set gpio Devices supported PurposeOptions Range=1-n Mode=serialinputoutputPin Number Default Serial Signal Signal Direction SignalsMessages or Snmp traps when Gpio pins change Default serial signal settings for Gpio pinsSet group Options AddRemove Id=rangeCommandline=onoff Defaultaccess=nonecommandlinemenuCommandline Name= stringDefault Permissions ExamplesDevice support Options Name=nameSet ia Configure serial-port connected devices set ia serial Configure network-based masters set ia masterInstead of a set ia command with no options Serial settings, which includeSerial= range Serial optionsSlavetimeout=10-99999 ms applies to slave only Chartimeout=3-99999 ms applies to master or slaveIdletimeout=0=disabled1-99000 seconds Table=1..8 applies to master onlyPriority=highmediumlow MediumModbus options Modbusrtu Modbusascii Modbustcp Messagetimeout=100-99000 ms Chartimeout=3-99000 msMaster=range Type=tcpudp126 Command Descriptions Table options Addroute=route indexMoveroute=fromrouteindex,torouteindex Route optionsPort=serial port Mapto=protocol address Settings for the Digi Connect WAN IA Configuration settings in the Web user interfaceRevert on page 61. The revert ia command options revert any Existing IA configuration settingsSet login Options Suppress=onoffQuitkey=key Quitlabel=string Previouskey=keyPreviouslabel=string Presskeylabel=stringTitle=string subtitle=string Sortby=nonekeylabelKey LabelDirection=horizontalvertical HorizontalVertical Item=1-32Command=string Submenu=stringMenu displayed to the user upon selecting the menu item Contains spaces, enclose it in double quotesSet mgmtconnection Lkaupdateenabled=onoff Timedperiod=periodTimedoffset=immediateoneperiodrandomtime ImmediateClntreconntimeout=nonetimeout Retry timeout interval featureDisplay current connection settings Set values for the client connectionSettings set permissions s-mgmtglobal=rw Set mgmtglobalSet permissions s-mgmtglobal=read Options Deviceid=hex stringRcicompressionenabled=onoff Tcpnodelayenabled=onoffTcpkeepalivesenabled=onoff Connidletimeout=nonetimeout value RevertdeviceidSet mgmtnetwork Options Networktype=modempppethernet802.11Modemppp 802.11Proxylogin=string Proxypassword=stringConnectionmethod=autononemtmdhproxy MdhMtwaitcount=count Mdhrxkeepalive=timeMdhtxkeepalive=time Mdhwaitcount=countProtocol forwarding settings Settings set permissions s-router=rwSet nat set nat Supported arePrenabled1-4=onoff Poenabled1-64=onoffMaxentries=64-1024 Prnumber1-4=greespPoproto1-64=tcpudp Pocount=1-64=number of ports in range, minimumPoexternal1-64=number of ports in range, minimum Pointernal1-64=number of ports in range, minimumSetting user permissions for commands Set networkNetwork level WhereIp address options Ip=device ip addressGateway=gateway ip Submask=device submaskTCP keepalive options TCP retransmit optionsARP options Arpttl=1-20 minutesGarp=30-3600 seconds Set passthrough Using Pinholes to Manage the Digi Cellular Family Device Remote Device Management and IP Pass-throughOptions State=enableddisabled Http=passterminateHttps=passterminate Telnet=passterminateConnectware=passterminate Surelink=passterminatePing=passterminate Set permissions On page 14 for more informationHelp Permission descriptionsSet permissions Backup=noneexecute Boot=noneexecuteExecute SelfRlogin=noneexecute Accesscontrol=nonereadrwConnect=noneexecute Dhcpserver=noneexecuteAlarm=nonereadrw Ddnsupdater=nonereadrwLogin=nonereadrw Autoconnect=noner-selfreadrw-selfw-self-rrwService=nonereadrw Permissions=nonereadrwPmodem=noner-selfreadrw-selfw-self-rrw Ppp=nonereadrwUser=nonereadrw Vpn=nonereadrwWlan=nonereadrw Status=nonereadrwEnables modem emulation Disables modem emulationConfigure modem emulation Display modem-emulation settingsEnables Telnet processing Disables Telnet processingModem Emulation Commands for descriptions of Digi Specific commands for modem-emulation configurationsSet pppoutbound Authmethod=nonePAPCHAPboth PapChap BothDefaultgateway=yesno Addressmask=ip address maskProtocolcompression=onoff Addresscompression=onoffLcpkeepalive=onoff Lcpkaquiettime=10-86400 secondsAsyncmap=hex string 000A0000N1-4=phonenumber Loginscript=chat script Ipcpdnsenabled=onoffDisplay pppstats command displays the current status of PPP Dialscript=chat scriptOr displays the current port-profile settings Port as a console to access the command line interfaceSet profile set profile Option’s descriptionLocalconfig Options Port=portProfile=profile ConsolemanagementTcpsockets TunnelingUdpsockets Displays current terminal-emulation settings Set puttyFor it to process Width=80132 Height=10-60Hostport=/com/0/com/1/vcom/0 Keyboardport=/com/0/com/1No KeyboardCursortype=noneblockunderlinevertical BlockUnderline Blinkcursor=onoffCharacterset=host charset Set putty Complete list of allowed character sets is Character Set name DescriptionKey mapping terminal emulation options Deletekeymaprange=1-32 Keymaprange=1-32Inseq=00-FF Outseq=00-FFEmulation settings Would enterNow, to delete the first 2 entries One enterCommand=filename Set pythonOptions Range=1 Options State Set realport Options Keepalive=onoffExclusive=onoff Set service keepalive=onoff, or clients such as autoconnect Probecount, probeinterval, garbagebyte, and overridedhcpSet rtstoggle Predelay=delay Postdelay=delaySet serial Altpin=onoffBaudrate=bps Csize=5678Flowcontrol=hardwaresoftwarenone HardwareSet service Options Range= rangeIpport=network port Delayedack=0-1000 Base network port number + serial port number Service Services Provided Network Port NumberCommand Descriptions 195 Index numbers and changing default port numbers Service table Device is configured for IP passthroughSet surelink on Setsenabled=onoff Options Trapdestip=ipaddressPubliccommunity=string Privatecommunity=stringLogintrap=onoff Authfailtrap=onoffColdstarttrap=onoff Linkuptrap=onoffConfigure a socket tunnel Display current socket tunnel settingsSet sockettunnel End initiated the tunnelFromport=port number Toport=port numberConnection-failure settings can be disabled as well Set surelink set surelinkPing Test TCP Connection TestModuleresetconnectfailures=1-2550=off Systemresetconnectfailures=1-2550=offDisplay current SureLink settings Options for Hardware reset thresholdsTest=pingtcpdns PingDns Trigger=intervalidleInterval Interval=10-65535 Ipport=1-65535Dnsfqdn1=dns fqdn Dnsfqdn2=dns fqdnDisplay pppstats command displays connection and activity Statistics on page 35 for descriptions of these statisticsSet switches set switches Configure MEI settingsDisplay current MEI settings UsedWires=twofour Options Range=rangeMode=232485 232Display on page 27. The display switches command displays Current switch settingsRevert on page 61. The revert switches command reverts Set switches configurationSet system Options Description=stringLocation=string Contact=stringSerial settings This command affects the following TCP serial connectionsConnections made using the autoconnect feature For a user to display the TCP serial settings for any lineSidstring=socketid string Sendtime=01-65535ms Endpattern=stringStrippattern=onoff Revert on Show onCommand line of the device Configure terminal settingsDisplay current terminal settings Set termAnother service, the data will be sent to the serial port For a user to display the UDP serial settings for any lineConnect WAN and ConnectPort Display Are logged in set permissions s-udpserial=r-selfPort= range Sendcount= bytesSendtime=0 time Sidstring=string Clostime=timeRange=1-64 UDP serial settings UDP port of the destination to which data is sentIdentifies the range of UDP destinations to be displayed Data to be sent on to the network destinationChange user configuration attributes Display user configuration attributesFor a user to display user configuration attributes For a user to display and set user configuration attributesMaximum of 32 users can be defined AssociateTwo groups DisassociateGroupaccess=onoff User cannot use group access rights Default is offUser is not allowed to access the custom menu interface Gid=numberDefaultaccess=nonecommandlinemenugroup Defaultgroup=nonegidgnameGroup GidPublickey=tftphostfilenameclear TftphostfilenameTftphost Set video Splashtime=0-30 secondsPassword=vnc server password Server=vnc server ipaddrdns namePort=vnc server network port Configured globally Server services are enabled and disabled by the set serviceRemote Access VNC Client Settings VPN Settings and VPN Tunnel Settings Display current VPN settings Security associations SAsSet IKE/ISAKMP SA Phase 1 Options Set IKE/ISAKMP SA Phase 2 OptionsDisplay current VPN settings Identity=fqdnuser fqdnip address Identity=ip-address Dhgroup=125Pfs=onoff Tunnel options Name=tunnel nameNewname=tunnel name Remotevpnendpoint=fqdnip address Manually-keyed optionsMode=manually-keyed Inboundspi=256Inboundauthentication=nonemd5sha1 Md5Sha1 Inboundauthkey=ascii keyhex keyOutboundauthentication=nonemd5sha1 Inboundenckey=ascii keyhex keyOutboundspi=256 Outboundauthkey=ascii keyhex keyEncryption Authentication SA Lifetime Isakmp optionsMode=isakmp Sharedkey=ascii keyhex keySet vpn phase1 Authentication=md5sha1Authmethod=sharedkeydssrsa SharedkeySet vpn phase2 Salifetime=10-232Salifetimedata=0-232 Tunnel=1-2Authentication=nonemd5sha1 Encryption=nonedes3desaesSalifetime=60-232 Salifetimedata=0 232 kilobytesConfiguring SettingsSet wlan Authentication methods and associated data fields PSKConfigure wireless settings Inner and outer protocolsSsid=string Authentication= OpenWepauth WpapskEncryption=open,wep,tkip,ccmp,any WepTkip CcmpPassword=string GtcMschapv2 OtpPsk=string WepkeyN=hex stringIssued to the device User permissions for commandsSettings... column to go to the command descriptions ShowShow Command Descriptions 251 Configuration table entry or range of entries Display network configuration settingsDisplay settings for a particular user Command Descriptions 253 Session number Telnet Ip addrTcp port Options Statusconnectdisconnect ConnectDisconnect This command enables the tunnel at index 1 to be used Set vpn on page 228. The set vpn command configures VPNThis command Connections Management page in the Web user interface fromTo set permissions who=execute to use this command. See Who whoDisplays active connections to and from the device None at this timeWhat Is Modem Emulation? Modem Emulation Cable SignalsWhat Is Modem Emulation? Modes of OperationUser Scenario Diagram a Common User Scenarios for Modem EmulationUser Scenario Diagram B Connection Scenarios for Modem Emulation Outgoing Modem Emulation ConnectionIncoming Modem Emulation Connection Modem Emulation PoolingAbout the Commands in this Chapter Accepted But Ignored AT CommandsModem Emulation AT Command Set Emulation configuration scenarioFunction Result Command Code Modem Emulation Commands 265 Command Function ResultRegister Function Range Units Default Register DefinitionsRegister Function Range Units Default Emulation commands Result CodesShort Long Form 270 Modem Emulation Commands D e ESP GRE PSK Self user permission 198 Snmp