Digi 50M1899 TransPort LR54 User Manual TransPort LR User Guide

Digi International Inc TransPort LR54 TransPort LR User Guide

UserManual.wiki >

50M1899 User Manual

Users Manual_rev 4

TransPort LR User GuideUser Guide

TransPort LR User Guide 3ContentsTransPort LR User Guide 2TransPort LR Family User GuideHardwareTransPort LR54 hardware 9Hardware summary 10Hardware specifications 10Serial connector pinout 15LEDs 16Antenna information 19Regulatory and safety statements 20Certifications 24Management and statusInterfaces 27Ethernet interfaces 28Cellular interfaces 32DSL interface 35Wi-Fi interfaces 39Serial interfaces 44Local Area Networks (LANs) 46Example LAN 46Configure a LAN 47Show LAN status and statistics 49DHCP servers 50Wide Area Networks (WANs) 52Ethernet interfaces 52Cellular interfaces 52DSL interface 52WAN failover 53Configure a WANinterface 54Example WAN failover: DSLto cellular 57

TransPort LR User Guide 4Show WAN status and statistics 59Security 60User management 61Firewalls 64Alarms 65Services and applications 66Auto-run commands 67Python 68SSH server 69Remote management 71Remote Manager 72Simple Network Management Protocol (SNMP) 73Routing 76IP routing 77Virtual Private Networks (VPN) 83System administration and management 94Display and set system information settings 95Set system date and time 96Show system date and time 98Updating firmware 99Managing configuration files 102Back up and restore device configuration settings 109Reboot the device 109Reset the device to factory defaults 109Diagnostics 111Event log 111Use the "ping" command to troubleshoot network connections 112Use the "traceroute" command to diagnose IProuting problems 112Execute a command 113File systemMake a directory 115Display directory contents 116Change the current directory 117Remove a directory 118Display file contents 120Copy a file 121Rename a file 122Delete a file 123Upload and download files 124Upload files using SCP 124Download files using SCP 124Upload files using SFTP 124Download files using SFTP 124TroubleshootingCommon issues 127Cellular issues 127DSL issues 127Wi-Fi issues 127Serial issues 127

TransPort LR User Guide 5Firewall issues 127IPsec issues 127Failover issues 127User and authentication issues 127SNMP issues 127Firmware update issues 127Troubleshooting tools and resources 128Status displays 128Event log 128Display the event log 128Clear the event log 129Use the "ping" command to troubleshoot network connections 129Use the "traceroute" command to diagnose IProuting problems 129Reboot the device 130Reset the device to factory defaults 130Digi support site 131Digi knowledge base 131Need more help? 132Command referenceCommand-line interface basics 134Command-line interface access options 134Log in to the command line interface 134Exit the command line interface 135Display command and parameter help using the ? character 135Revert command elements using the ! character 136Auto-complete commands and parameters 136Enter configuration commands 136Save configuration settings to a file 137Switch between configuration files 137Display status and statistics using "show" commands 138Enter file management commands 138Clear logs and statistics 139Update firmware and other device features 139Command descriptions 140autorun 141cd 142cellular 143clear 145cloud 146copy 147cpu 148date 149del 150dhcp-server 151dir 152dsl 153eth 156firewall 158failover 159ip 161ipsec 162ipsec-failover 166

TransPort LR User Guide 6lan 167mkdir 168more 169ping 170pwd 171reboot 172rename 173rmdir 174route 175save 176serial 177show cellular 178show cloud 180show config 181show dsl 182show eth 186show failover 189show firewall 190show ipsec 191show ipstats 193show lan 195show log 196show route 197show serial 198show system 199show wan 201show wifi 202show wifi5g 203snmp 204snmp-community 205snmp-user 206sntp 207ssh 208system 209update 211user 212wan 213wifi 215wifi5g 216

TransPort LR User Guide 7TransPort LR Family User GuideThe TransPort LRFamily is a family of routers designed for connecting distributed retail terminals(signs, kiosks, vending machines, point-of-care terminals) with business applications. Key features ofTransPort LRrouters include:nDual SIM cellular interfaces, providing redundancynGobi 4G LTE, for flexibilitynLocal command-line and web interfacesnSuperior network performance management through Digi Remote Manager (DRM)nWhat other features do we want to cover here? Easy device setup through a wizard?Programmability?

TransPort LR User Guide 8HardwareThis section provides hardware specifications, reviews key hardware features, and lists regulatorystatements and certifications for TLR Family products.

TransPort LR User Guide 10Hardware summaryFigures, callouts, and descriptions of TLRFamily models to be added here.Hardware specificationsTransPort LR devices have the following hardware specifications:Environmental specificationsSpecification ValueOperatingtemperature-20C to +70C (-4 to 158F)**Note: To limit unintentional contact with HOT SURFACES, installthe device in a Restricted Access Location above +60C.Relative humidity 10% to 90% RH non-condensingStorage andtransporttemperature-40 to 85C (-40 to 185F)Power requirementsSpecification ValuePower inputtypeDCVoltage input 12V +/- 10%Powerconsumption1.5A

TransPort LR54 hardwareTransPort LR User Guide 11Specification ValuePowerconnector4-pin Molex 39301040 connector (Digi part number 2312-0012), or equivalent.Two pins are used for power; the other two pins are no-connect.DimensionsSpecification ValueWidth 20.7 cm (8.15 in)Depth 13.85 cm (5.45 in)Height 3.8 cm (1.5 in)Weight 1.41 kg (3.1 lb)Ethernet specificationsSpecification ValueEthernet ports 4 RJ45 shielded Ethernet portsPhysical layer 10/100 Base-T (Auto-MDIX)Data rate 10Mbps, 100Mbps, 1GbpsMode Full or half duplex (auto-sensing)Ethernet isolation 2250VDC

TransPort LR54 hardwareTransPort LR User Guide 12Cellular specificationsModel Specification ValueTransPort LR54-AA401TransPort LR54-AW401Technology LTE, HSPA+,UMTSDownstream rates 300 Mbps (LTE),42 Mbps (HSPA+)Upstream rates 50 Mbps (LTE),5.76 Mbps(HSPA+)Frequency Bands LTE: 800, 850,900, 1800, 1900,2100 AWS, 2300,2600 MHzHSPA+, UMTS:850, 900, AWS1700, 1900, 2100MHzTransPort LR54-DA301 Technology HSPA+, UMTS,GSM/GPRS/EDGEDownstream rates 21 Mbps (HSPA+),384 Kbps (UMTS),296 Kbps (EDGE)Upstream rates 5.76 Mbps(HSPA+),384 Kbps (UMTS),236.8 Kbps(EDGE)Frequency Bands HSPA+, UMTS:800, 850, 900,1700, 1900, 2100MHzGSM/GPRS/EDGE:850, 900, 1800,1900 MHz

TransPort LR54 hardwareTransPort LR User Guide 13DSL specificationsSpecification ValueDSL ports 1 RJ11DSL portADSL line modes Auto (also known as Multimode)ADSL2+ADSL2G.dmtG.liteSerial specificationsSpecification ValueSerial ports 1 DB9 RS232 DCE serial port, femaleWi-Fi specificationsSpecification Value802.11 a/b/g/n/ac connections, dual band, dual concurrent2.4GHz and 5GHzWi-Fi Modes Wi-Fi access point modeWi-Fi client modeWi-Fi Security WPA2 PersonalMixed WPA/WPA2 PersonalWPA2 EnterpriseMixed WPA/WPA2 EnterpriseWi-Fi transmit power 2.4GHz:US variant: 13dBm (802.11g/n), 16dBm (802.11b)EU variant: 11dBm (802.11g/n), 14dBm (802.11b)5GHz:13dBm for all modesWi-Fi maximum data rates 54Mbps (802.11a)11Mbps (802.11b)54Mbps (802.11g)300Mbps (802.11n)866Mbps (802.11ac)

TransPort LR54 hardwareTransPort LR User Guide 15Serial connector pinoutTransPort LR54 products are DCE devices. The pinout for the DB9 and RJ45 serial connectors is asfollows:Signal nameRS232signalDCE signaldirectionDB9 pinnumberRJ45 pinnumberTransmit Data TxD in 3 6Receive Data RxD out 2 3Ready To Send RTS in 7 1Clear to Send CTS out 8 8Data Set Ready DSR out 6 4Ground GND N/A 5 5Data Carrier Detect DCD out 1 7Data Terminal Ready DTR in 4 2Ring Indicate RI out NotconnectedN/A

TransPort LR54 hardwareTransPort LR User Guide 16LEDsThe TransPort LR54 has LEDs on the top front panel. The number of LEDs varies by model. Duringbootup, the front-panel LEDs light up in sequence to indicate boot progress. For example, here arethe LEDs for a TransPort LR54 Wi-Fi model:There are also several LEDs on the rear WAN/LAN connectors that indicate network link and activity.PowernOff: No power.nBlue: Unit has power.WWAN SignalIndicates strength of cellular signal.4G connectionsnOff: No service.nYellow: Poor / Fair signal.nGreen: Good / Excellent signal.Tips for improving cellular signal strength:If the WWAN Signal LED is yellow or off, try the following things to improve signal strength:nMove the TransPort LR device to another location.nPurchase a Digi Antenna Extender Kit:lAntenna Extender Kit, 1m (76000954)lAntenna Extender Kit, 3m (76000955)3Gand 2G connections onlyFor 3G and 2G cellular connections, the current RSSI value serves as the signal strength indicator,with the following thresholds:n> -70dBm: Excellentn-70dBm to -85dBm: Goodn-86dBm to -100dBm: Fairn< -100dBm: Poorn-110dBm: No serviceWWAN ServiceIndicates the presence and level of cellular service running on the device.

TransPort LR54 hardwareTransPort LR User Guide 17nOff: No service.nBlinking Green: 2G/3G/4G connection is coming up.nSolid Yellow: 2G or 3G connection is up.nSolid Green: 4G connection is up.SIM1Indicates use of the SIM card installed in SIM slot 1.nOff: SIM 1 is not being used.nSolid green: SIM 1 is being used or is coming up.SIM 2Indicates use of the SIM card installed in SIM slot 2.nOff: SIM 2 is not being used.nSolid green: SIM 2 is being used or is coming up.nNote SIM1 and SIM2 are never on both on at the same time.DSL (DSL models only)Indicates state of and activity on the DSL interface.nOff: DSL interface is off.nSlow blinking green: DSL interface is attempting to train up with the DSLAM.nFast blinking green: DSL interface is trained up with the DSLAM, and the PPP interface isbeing brought up.nSolid green: DSL interface is up and can pass IP traffic.Wi-Fi 2.4GHz LED (Wi-Fi models only)Indicates state and activity on the Wi-Fi 2.4GHz interface.nOff: Wi-Fi 2.4GHz interface is disabled.nSolid green: Wi-Fi 2.4GHz interface is enabled.nBlinking green: Indicates Wi-Fi traffic on the interface.Wi-Fi 2.5GHz LED (Wi-Fi models only)Indicates state of and activity on the Wi-Fi 2.5GHz interface.nOff: Wi-Fi 5GHz interface is disabled.nSolid green: Wi-Fi 5GHz interface is enabled.nBlinking green: Indicates Wi-Fi traffic on the interface.Ethernet 1-4 Link and Activity (on rear panel)These LEDs indicate that the Ethernet network interface is up and there is activity on the networkinterface.

TransPort LR54 hardwareTransPort LR User Guide 18nOff: No Ethernet link detected.nSolid green: Ethernet link detected.nBlinking green: Indicates Ethernet traffic.

TransPort LR54 hardwareTransPort LR User Guide 20Regulatory and safety statementsThe following regulatory and safety statements apply to TransPort LR devices.RF exposure statementIn order to comply with RF exposure limits established in the ANSI C95.1 standards, the distancebetween the antenna or antennas and the user should not be less than 20 cm.FCC Part 15 Class BRadio Frequency Interface (RFI) (FCC 15.105)This device has been tested and found to comply with the limits for Class B digital devices pursuantto Part 15 Subpart B, of the FCC rules. These limits are designed to provide reasonable protectionagainst harmful interference in a residential environment. This equipment generates, uses, and canradiate radio frequency energy, and if not installed and used in accordance with the instructionmanual, may cause harmful interference to radio communications. However, there is no guaranteethat interference will not occur in a particular installation. If this equipment does cause harmfulinterference to radio or television reception, which can be determined by turning the equipment offand on, the user is encouraged to try and correct the interference by one or more of the followingmeasures:nReorient or relocate the receiving antenna.nIncrease the separation between the equipment and receiver.nConnect the equipment into an outlet on a circuit different from that to which the receiver isconnected.nConsult the dealer or an experienced radio/TV technician for help.Labeling Requirements (FCC 15.19)This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:(1) this device may not cause harmful interference, and (2) this device must accept any interferencereceived, including interference that may cause undesired operation.If the FCC ID is not visible when installed inside another device, then the outside of the device intowhich the module is installed must also display a label referring to the enclosed module FCC ID.Modifications (FCC 15.21)Changes or modifications to this equipment not expressly approved by Digi may void the user’sauthority to operate this equipment.

TransPort LR54 hardwareTransPort LR User Guide 21European Community - CE Mark Declaration of Conformity (DoC)EU Declaration Of Conformity We, of Manufacturer's Name: Digi International inc. Manufacturer's Address: 11001 Bren Road East Minnetonka, MN 55343 declare under our sole responsibility that the product: Product Name: TransPort LR54 Model Number: 50001899-XX, (X=0~9) to which this declaration relates are in conformity with the essential requirements and other relevant requirements of EU Directive 2014/30/EU (EMC),EU Directive 2014/35/EU (LV) and EU Directive 2011/65/EU (RoHS2) Safety: EN 62368-1:2014 EN 50564:2011 EN 50385:2002 Comm: EN 50585:2014 EMC: EN 300 328 v1.9.1 (2015-02) EN 301 489-1 v1.9.2 (2011-09) EN 301 489-7 v1.3.1 (2005-11) EN 301 489-17 v2.2.1 (2012-09) EN 301 489-24 v1.5.1 (2010-10) EN 55024:2010 EN 55022:2010 + AC:2011, Class B EN 300 386 v1.6.1 (2012-09) EN 61000-3-2:2014, Class A EN 61000-3-3:2013 EN 61000-4-2:2009 EN 61000-4-3:2006 + A1:2008 + A2:2010 EN 61000-4-4:2012 EN 61000-4-5:2014 EN 61000-4-6:2014 EN 61000-4-11:2004 RoHS2: EN 50581:2012 Minnesota, USA, 15th, April 2016 (Place and date of issue) Authorised signature for and on behalf of Digi International Inc. Joel Young,VP,Engineering European Representative: Andreas Burghart Digi International GmbH Lise-Meitner-StraRe 9 85737 lsmani ng Germany Telephone:+49-89-540-428-0 9100XXXX Template 96000759E Page 1 of 1

TransPort LR54 hardwareTransPort LR User Guide 235.10 Ignition of Flammable AtmospheresWarnings for Use of Wireless DevicesObserve all warning notices regarding use of wireless devices.Potentially Hazardous AtmospheresObserve restrictions on the use of radio devices in fuel depots, chemical plants, etc. and areas wherethe air contains chemicals or particles, such as grain, dust, or metal powders, and any other areawhere you would normally be advised to turn off your vehicle engine.Safety in AircraftSwitch off the wireless device when instructed to do so by airport or airline staff. If the device offersa ‘flight mode’ or similar feature, consult airline staff about its use in flight.Safety in HospitalsWireless devices transmit radio frequency energy and may affect medical electrical equipment.Switch off wireless devices wherever requested to do so in hospitals, clinics, or health care facilities.These requests are designed to prevent possible interference with sensitive medical equipment.PacemakersPacemaker manufacturers recommended that a minimum of 15cm (6 inches) be maintainedbetween a handheld wireless device and a pacemaker to avoid potential interference with thepacemaker. These recommendations are consistent with independent research andrecommendations by Wireless Technology Research.Persons with Pacemakers:nShould ALWAYS keep the device more than 15cm (6 inches) from their pacemaker whenturned ON.nShould not carry the device in a breast pocket.nIf you have any reason to suspect that the interference is taking place, turn OFF your device.

TransPort LR54 hardwareTransPort LR User Guide 24CertificationsInternational EMC (Electromagnetic Compatibility) and safety standardsThis product complies with the requirements of following Electromagnetic Compatibility standards.There are no user-serviceable parts inside the product. Contact your Digi representative through forrepair information.Electromagnetic Compatibility (EMC) compliancestandards Safety compliance standardsEN 300 328 v1.8.1EN 301 893 v1.7.2EN 301 489FCC Part 15 Subpart B Class BFCC Part 15 Subpart C certification (Integrated Wi-Fi +Cellular Modules)EN 62368

TransPort LR User Guide 26Management and statusThese topics show how to configure and view status of various TransPort LR device features.

InterfacesTransPort LR User Guide 27InterfacesConfigurable network interfaces available depend on the TransPort LR device model. This sectioncovers configuring network interfaces from the web interface and command line.

InterfacesTransPort LR User Guide 28Ethernet interfacesThe Ethernet interfaces can be used as WAN or LAN interfaces. There is no IP configuration set on theindividual Ethernet interfaces. Instead, the IP configuration is done on the WAN and LAN interfaces.Related topicsConfigure Ethernet interfaces on page 28Show Ethernet status and statistics on page 29For more information on WAN interfaces and their configuration, see Wide Area Networks (WANs) onpage 52For more information on LAN interfaces and their configuration, see Local Area Networks (LANs) onpage 46Related commandseth on page 156show eth on page 186Configure Ethernet interfacesTo configure an Ethernet interface, you must configure the following items:Required configuration itemsnEnable the Ethernet interface. The Ethernet interfaces are all enabled by default.Additional configuration optionsThe following additional configuration settings are not typically configured to get an Ethernetinterface working, but can be configured as needed:nA description of the Ethernet interface.nThe duplex mode of the Ethernet interface. This defines how the Ethernet interfacecommunicates with the device to which it is connected. The duplex mode defaults to auto,which means the TransPort LR device negotiates with the connected device on how tocommunicate.nThe speed of the Ethernet interface. This defines the speed at which the Ethernet interfacecommunicates with the device to which it is connected. The Ethernet speed defaults to auto,which means it negotiates with the connected device as to what speed should be used.From the command line1. Enable the Ethernet interface. By default, all of the Ethernet interfaces are enabled.eth 1 state on2. Optional: Set the description for the Ethernet interface. For example:eth 1 description “Connected to DSL WAN router”

InterfacesTransPort LR User Guide 293. Optional: Set the duplex mode.eth 1 duplex {auto | full | half}4. Optional: Set the speed.eth 1 speed {auto | 1000 | 100 | 10}Related topicsEthernet interfaces on page 28Show Ethernet status and statistics on page 29Related commandseth on page 156show eth on page 186Show Ethernet status and statisticsTo show the status and statistics for the DSLinterface, use the show eth on page 186 command. Fordescriptions of the output fields, see show dsl on page 182. For example:digi.router> show ethEth Status and Statistics Port 1-------------------------------------Description : Factory default configuration for Ethernet 1Admin Status : UpOper Status : UpUp Time : 1 Day, 13 Hours, 30 Minutes, 23 SecondsMAC Address : 00:50:18:21:E2:82DHCP : offIP Address : 10.52.19.242Netmask : 255.255.255.0DNS Server(s) :Link : 1000Base-T Full-DuplexReceived Sent-------- ----Rx Unicast Packet : 6198 Tx Unicast Packet : 651Rx Broadcast Packet : 316403 Tx Broadcast Packet : 2Rx Multicast Packet : 442690 Tx Multicast Packet : 6Rx CRC Error : 0 Tx CRC Error : 0Rx Drop Packet : 0 Tx Drop Packet : 0Rx Pause Packet : 0 Tx Pause Packet : 0Rx Filtering Packet : 1 Tx Collision Event : 0Rx Alignment Error : 0Rx Undersize Error : 0Rx Fragment Error : 0Rx Oversize Error : 0Rx Jabber Error : 0Eth Status and Statistics Port 2-------------------------------------

InterfacesTransPort LR User Guide 30Description :Admin Status : UpOper Status : UpUp Time : 1 Day, 13 Hours, 30 Minutes, 23 SecondsMAC Address : 00:50:18:21:E2:83DHCP : offIP Address : 10.2.4.20Netmask : 255.255.255.0DNS Server(s) :Link : 100Base-T Full-DuplexReceived Sent-------- ----Rx Unicast Packet : 5531 Tx Unicast Packet : 2Rx Broadcast Packet : 316403 Tx Broadcast Packet : 2Rx Multicast Packet : 442694 Tx Multicast Packet : 2Rx CRC Error : 0 Tx CRC Error : 0Rx Drop Packet : 0 Tx Drop Packet : 0Rx Pause Packet : 0 Tx Pause Packet : 0Rx Filtering Packet : 0 Tx Collision Event : 0Rx Alignment Error : 0Rx Undersize Error : 0Rx Fragment Error : 0Rx Oversize Error : 0Rx Jabber Error : 0Eth Status and Statistics Port 3-------------------------------------Description :Admin Status : UpOper Status : UpUp Time : 1 Day, 13 Hours, 30 Minutes, 23 SecondsMAC Address : 00:50:18:21:E2:84DHCP : onIP Address : 82.68.87.20Netmask : 255.255.255.0DNS Server(s) :Link : 100Base-T Full-DuplexReceived Sent-------- ----Rx Unicast Packet : 5530 Tx Unicast Packet : 2Rx Broadcast Packet : 316405 Tx Broadcast Packet : 2Rx Multicast Packet : 442699 Tx Multicast Packet : 4Rx CRC Error : 0 Tx CRC Error : 0Rx Drop Packet : 0 Tx Drop Packet : 0Rx Pause Packet : 0 Tx Pause Packet : 0Rx Filtering Packet : 0 Tx Collision Event : 0Rx Alignment Error : 0Rx Undersize Error : 0Rx Fragment Error : 0Rx Oversize Error : 0Rx Jabber Error : 0Eth Status and Statistics Port 4-------------------------------------

InterfacesTransPort LR User Guide 31Description :Admin Status : UpOper Status : DownUp Time : 0 SecondsMAC Address : 00:50:18:21:E2:85DHCP : onIP Address : Not AssignedNetmask : Not AssignedDNS Server(s) :Link : No connectionReceived Sent-------- ----Rx Unicast Packet : 0 Tx Unicast Packet : 0Rx Broadcast Packet : 0 Tx Broadcast Packet : 0Rx Multicast Packet : 0 Tx Multicast Packet : 0Rx CRC Error : 0 Tx CRC Error : 0Rx Drop Packet : 0 Tx Drop Packet : 0Rx Pause Packet : 0 Tx Pause Packet : 0Rx Filtering Packet : 0 Tx Collision Event : 0Rx Alignment Error : 0Rx Undersize Error : 0Rx Fragment Error : 0Rx Oversize Error : 0Rx Jabber Error : 0digi.router>Related topicsEthernet interfaces on page 28Configure Ethernet interfaces on page 28Related commandseth on page 156show eth on page 186

InterfacesTransPort LR User Guide 32Cellular interfacesThe TransPort LR device has two cellular interfaces, named cellular1 and cellular2. These cellularinterfaces correspond to the physical SIMcard slots SIM1 and SIM2 respectively.Both cellular interfaces cannot be up at the same time. If both cellular interfaces are enabled to on,then cellular1 interface takes precedence.A typical use case would be to have cellular1 (SIM1) configured as the primary cellular interface andcellular2 (SIM2) as a backup cellular interface. If the TransPort LR device cannot connect to thecellular network using SIM1, it will automatically failover to try to connect using SIM2.For the TransPort LR device to automatically configure a default route for the cellular interface whenit is up and for it to be able to failover to and from the cellular interface, it must be assigned to a WANinterface.Related topicsConfigure cellular interfaces on page 32Show cellular status and statistics on page 33For more information on WAN interfaces and their configuration, see Wide Area Networks (WANs) onpage 52.LEDs on page 16 - See the discussion of the WWAN Signal and WWANService LEDsRelated commandscellular on page 143show cellular on page 178Configure cellular interfacesTo configure a cellular interface, you need to configure the following:Required configuration itemsEnable the cellular interface. By default, the cellular interfaces are disabled.nThe Access Point Name (APN). The APN is specific to your cellular service.nDepending on your cellular service, you may need to configure an APN username andpassword. This information is provided by your cellular provider.nAssign the cellular interface to a WAN interface. For more information on the WANconfiguration, see Wide Area Networks (WANs) on page 52.Additional configuration optionsAdditional configuration settings are not typically configured, but you can set them as needed:nPreferred mode. The preferred mode locks the cellular interface to use a particulartechnology, for example, 4G or 3G. Depending on your cellular service and location, the cellularinterface can automatically switch between the different technologies. You may want to lockthe cellular interface to a particular technology to minimize disruptions.nA description of the cellular interface.

InterfacesTransPort LR User Guide 33nConnection attempts. This is the number of attempts the cellular module will attempt toconnect to the cellular network before indicating a failure. It defaults to 20, but you may wantto configure this so that the WAN failover can switch to another interface more quickly.From the command line1. Enable the cellular interface.cellular 1 state on2. Configure an APN.cellular 1 apn your-apn3. If necessary, configure the APN username and password.cellular 1 apn-username your-apn-usernamecellular 1 apn-password your-apn-password4. Optional: Set a preferred mode.cellular 1 preferred-mode 3G5. Optional: Set a description for the cellular interface.cellular 1 description "AT&T Connection"6. Optional: Configure the number of connection attempts. For example, to set the number ofattempts to 10, enter:cellular 1 connection-attempts 10Related topicsConfigure cellular interfaces on page 32Show cellular status and statistics on page 33LEDs on page 16 - See the discussion of the WWAN Signal and WWANService LEDsRelated commandscellular on page 143show cellular on page 178Show cellular status and statisticsTo show the status and statistics for a cellular interface, use the show lan on page 195 command.For a description of the output fields, see the show cellular command.digi.router> show cellularCellular Status and Statistics

InterfacesTransPort LR User Guide 34------------------------------Module : Telit HE910Firmware version : 12.00.026Hardware version : HE910-DIMEI : 351579055202293SIM status : Using SIM1Signal strength : Excellent (-69dBm)Signal quality : Excellent (-5dB)Registration status : RegisteredNetwork provider : AT&T, USATemperature : 32CConnection type : 3GRadio Band : WCDMA 850Channel : 1007APN in use :IP address : 172.20.1.121Mask : 255.255.255.255Gateway : 172.20.1.121DNS servers : 10.10.8.62, 10.10.8.64Received Sent-------- ----Packets 4 5Bytes 58 86digi.router>Related topicsConfigure cellular interfaces on page 32Show cellular status and statistics on page 33LEDs on page 16 - See the discussion of the WWAN Signal and WWANService LEDsRelated commandscellular on page 143show cellular on page 178

InterfacesTransPort LR User Guide 35DSL interfaceThese topics describe configuring and managing the DSL interface.Related topicsConfigure DSL on page 35Show DSL status and statistics on page 37Related commandsdsl on page 153show dsl on page 182Configure DSLTo configure the DSL interface to connect to your DSL network, you need to configure the following:Required configuration itemsnEnable the DSL interface.nVirtual Path Identifier (VPI) and Virtual Circuit Identifier (VCI) parameters. These parametersare specific to each DSL provider and must be configured to match your provider’s settings.nData encapsulation for the DSL interface. This parameter is specific to each DSL provider andmust be configured to match your provider’s settings.nUsername and password. The username and password relate to your account with your DSLprovider. A password is not always needed.Additional configurable optionsThe following additional configuration settings are not typically configured to get the DSL interfaceconnected to the DSL network, but you can set them as needed:nThe technology used on the DSL line, known as the line mode.nThe Maximum Transmission Unit (MTU). The MTU defines the maximum size (in bytes) of apacket that can be sent over the DSL interface.nNetwork Address Translation (NAT).nA description of the DSLinterface.nWhether to delay bringing up the DSL for a specified number of seconds. This delay allows theDSL provider network to propagate network changes after the device has connected to thenetwork, and before packets can be sent and received. This delay prevents the device fromassuming the network is fully operational before it actually is fully operational, which could inturn cause problems with other features, such as interface failover. During this delay, theDSLLED flashes, to indicate the interface is not fully up. Because characteristics can differamong provider networks, use of the delay-up parameter is provider-specific.

InterfacesTransPort LR User Guide 36From the command line1. Enable the DSL interface. By default, the DSL interface is disabled. To enable it, enter:dsl state on2. Configure VPI and VCI:dsl vpi <vpi-number>dsl vci <vci-number>3. Configure encapsulation:dsl encapsulation <encapsulation>4. Set the username and password for the DSL interface:dsl username <username>dsl password <password>5. Optional: Configure line mode. Normally this should be left as auto were the device willnegotiate the mode with the DSL provider. Depending on your DSL line, you may need toconfigure the line mode to a particular technology for the device to connect to the DSLnetwork. To configure line mode, enterdsl mode <mode>6. Optional: Set the MTU. The MTU defaults to 1500 and automatically adjusts for theencapsulation type.dsl mtu <mtu>7. Enable or disable NAT on the DSL interface. NAT is enabled by default, and normally, there isno need to disable it. The command to configure NAT is:dsl nat <on | off>8. Optional: Set the description for the DSLinterface. The description parameter allows you toconfigure a description for the DSL interface to help you identify it. For example:dsl description "HQ Server Room"9. Optional: Set a delay, in seconds, for bringing up the DSL interface. For example, to set a delayof 60 seconds, enter:dsl delay-up 60

InterfacesTransPort LR User Guide 37Related topicsDSL interface on page 35Show DSL status and statistics on page 37LEDs on page 16Related commandsdsl on page 153show dsl on page 182Show DSL status and statisticsTo show the status and statistics for the DSLinterface, use the show dsl on page 182 command. Fordescriptions of the output fields, see show dsl on page 182. For example:digi.router> show dslDSL Status and Statistics-------------------------Description :Admin Status : UpOper Status : UpUp Time : 6 Hours, 2 Minutes, 12 SecondsHW Version : T14.F7_12.0FW Version : 3.22.13.0_A60394System FW ID : 3.6.20.0(Y09.ZZ.5)3.22.13.0 20151216_v035 [Dec 16 2015 16:59:11]Line Status : Up (6 Hours, 2 Minutes, 9 Seconds)Mode : ADSL2+Encapsulation : PPPoE, LLCVPI/VCI : 0/35MTU : 1492Remote Vendor ID : ffb54753504e0010 (GSPN)IP Address : 10.10.10.0Netmask : 255.255.255.255Gateway : 1.2.3.4Received Sent-------- ----Packets 13 27Bytes 746 1934Downstream Upstream---------- --------Speed (kbps) 23919 1213Channel Type Interleaved InterleavedRelative Capacity (%) 100 100Attenuation (dB) 0.4 1.1Noise Margin (dB) 6.2 10.5Output Power (dBm) 20.4 2.5FEC 0 1505CRC 0 0HEC 0 0Errored Seconds in 15 Minutes : 0Errored Seconds in 24 Hours : 1

InterfacesTransPort LR User Guide 38Errored Seconds after Line Up : 1digi.router>Related topicsDSL interface on page 35Configure DSL on page 35Related commandsdsl on page 153show dsl on page 182

InterfacesTransPort LR User Guide 39Wi-Fi interfacesWi-Fi-enabled TransPort LR devices support up to 4 Wi-Fi interfaces on each of the 2.4 GHz and 5 GHzfrequency bands. Each Wi-Fi interface can be configured as an independent Wi-Fi Access Point with itsown security settings.Related topicsConfigure a Wi-Fi access point on page 39Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security on page 41Show Wi-Fi status and statistics on page 42Related commandswifi on page 215wifi5g on page 216show wifi on page 202show wifi5g on page 203Configure a Wi-Fi access pointThis section describes how to configure a Wi-Fi 2.4 GHz Access Point and a Wi-Fi 5 GHz Access Point.Required configuration itemsConfiguring a Wi-Fi Access Point involves configuring the following items:nEnabling the Wi-Fi Access Point.nThe Wi-Fi Access Point’s Service Set Identifier (SSID).You can configure the SSID to use the device's serial number by including %s in the SSID. Forexample, an ssid parameter value of LR54_%s resolves to LR54_LR123456.nThe password for the Wi-Fi interface. The password only needs to be set if WPA2-Personal orWPA-WPA2-Personal security is being used.Additional configuration optionsThe following additional configuration settings are not typically configured to get an Wi-Fi accesspoint working, but can be configured as needed:nThe type of security used on the Wi-Fi interface. The options are as follows. By default, WPA2-Personal security is used.lNone: No security is used on the Wi-Fi network.lWPA2-Personal: a method of securing a Wi-Fi network using WPA2 with the use of theoptional Pre-Shared Key (PSK) authentication. This security method was designed forhome users without an enterprise authentication server.lWPA/WPA2-Personal. This security method is a mixed mode, providing WPA withTemporal Key Integrity Protocol (TKIP) encryption or WPA2 with Advanced EncryptionStandard (AES) encryption supported by the Access Point.

InterfacesTransPort LR User Guide 40lWPA2-Enterprise: This security method is designed for enterprise networks and requiresa RADIUS authentication server. This security method requires a more complicated setup,but provides additional security. Various kinds of the Extensible Authentication Protocol(EAP) are used for authentication.lWPA/WPA2-Enterprise: This security method is designed for enterprise networks andrequires a RADIUS authentication server. This is a mixed mode method, providing WPAwith TKIP encryption or WPA2 with AES encryption supported by the Access Point.nA description of the Wi-Fi Access Point.From the command lineTo configure a Wi-Fi 2.4 GHz Access Point, the command-line command is wifi on page 215.To configure a Wi-Fi 5 GHz Access Point, the command-line command is wifi5g on page 216.The following steps show using the wifi on page 215 command. When configuring a Wi-FI 5GHzAccess Point, use the wifi5g on page 216 command. The parameters are the same.1. Enable the Wi-Fi Access Point.wifi 1 state on2. Enter the SSID for the Wi-Fi Access Point.wifi 1 ssid LR54-AP13. Enter the password for the Wi-Fi Access Point.wifi 1 password your-password4. Optional: Enter the security for the Wi-Fi Access Point.wifi 1 security wpa-wpa2-personal5. Optional: Enter a description for the Wi-Fi Access Point.wifi 1 description “Office AP”Related topicsWi-Fi interfaces on page 39Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security on page 41Show Wi-Fi status and statistics on page 42Related commandswifi on page 215wifi5g on page 216show wifi on page 202show wifi5g on page 203

InterfacesTransPort LR User Guide 41Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise securityThe WPA2-Enterprise and WPA-WPA2-Enterprise security modes allow a Wi-Fi Access Point toauthenticate connecting Wi-Fi clients using a RADIUS server.When the Wi-Fi Access Point receives an connection request from a Wi-Fi client, it will authenticatethe client with the RADIUS server before allowing the client to connect.Using Enterprise security modes allows for each Wi-Fi client to have different username andpassword which are configured in the RADIUS server and not the TransPort LR device.Configuring a Wi-Fi Access Point to use an Enterprise security mode involves configuring the followingitems:Required configuration itemsConfiguring a Wi-Fi Access Point to use an Enterprise security mode involves configuring the followingitems:nEnabling the Wi-Fi Access Point.nThe Wi-Fi Access Point’s Service Set Identifier (SSID).You can configure the SSID to use the device's serial number by including %s in the SSID. Forexample, an ssid parameter value of LR54_%s resolves to LR54_LR123456.nSetting the security mode to either WPA2-Enterprise or WPA-WPA2-Enterprise.nRADIUS server IP address.nRADIUS password.Additional configuration optionsAdditional configuration options include:nRADIUS server port.nA description of the Wi-Fi Access Point.From the command lineTo configure a Wi-Fi 2.4 GHz Access Point, the command-line command is wifi on page 215.To configure a Wi-Fi 5 GHz Access Point, the command-line command is wifi5g on page 216.The following steps show using the wifi on page 215 command. When configuring a Wi-FI 5GHzAccess Point, use the wifi5g on page 216 command. The parameters are the same.1. Enable the Wi-Fi Access Point.wifi 1 state on2. Enter the SSID for the Wi-Fi Access Point.wifi 1 ssid LR54-AP13. Enter the security for the Wi-Fi Access Point.wifi 1 security wpa2-enterprise

InterfacesTransPort LR User Guide 424. Enter the RADIUS server IP address.wifi 1 radius-server 192.168.1.2005. Enter the RADIUS password.wifi 1 radius-password your-radius-password6. Optional: Enter the RADIUS server port.wifi 1 radius-server-port 30017. Optional: Enter a description for the Wi-Fi Access Point.wifi 1 description "Office AP"Related topicsWi-Fi interfaces on page 39Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security on page 41Show Wi-Fi status and statistics on page 42Related commandswifi on page 215wifi5g on page 216show wifi on page 202show wifi5g on page 203Show Wi-Fi status and statisticsTo show the status and statistics for a Wi-Fi 2.4 GHz interface, use the show wifi on page 202command. For example:digi.router> show wifiInterface Status SSID Security-------------------------------------------------------------wifi1 Down WPA2-Personalwifi2 Up digi.router_2.4g_LR000051 WPA2-Personalwifi3 Down WPA2-Personalwifi4 Up digi.router_2.4g Nonedigi.router>To show the status and statistics for a Wi-Fi 5 GHz interface, use the show wifi5g on page 203command. For example:digi.router> show wifi5gInterface Status SSID Security-------------------------------------------------------------wifi5g1 Down WPA2-Personal

InterfacesTransPort LR User Guide 43wifi5g2 Up digi.route_5g_LR000051 Nonewifi5g3 Up digi.route_5g WPA2-Personalwifi5g4 Down WPA2-Personaldigi.router>Related topicsWi-Fi interfaces on page 39Configure a Wi-Fi access point on page 39Configure a Wi-Fi access point with WPA2-Enterprise or WPA-WPA2-Enterprise security on page 41Related commandswifi on page 215wifi5g on page 216show wifi on page 202show wifi5g on page 203

Local Area Networks (LANs)TransPort LR User Guide 46Local Area Networks (LANs)A Local Area Network (LAN) connects networks together, such as Ethernet, DSL, or Wi-Fi, in a logicalLayer-2 network. Networks filter traffic between different segments, thereby reducing the amountof traffic on a LAN, even with many LAN segments.You can configure up to 10 LANs.When an interface joins a LAN, it cannot be directly addressed anymore. This means that an IPaddress configured on the interface can no longer be accessed once the network joins the LAN.Example LANThe diagram shows a LAN connecting the eth2,eth3, and eth4 interfaces for a TransPortLR54 unit.Once the LAN is configured and enabled, the devices connected to the network interfaces cancommunicate with each other, as demonstrated by the ping commands.Related topicsConfigure a LAN on page 47Show LAN status and statistics on page 49Related commandslan on page 167show lan on page 195

Local Area Networks (LANs)TransPort LR User Guide 47Configure a LANConfiguring a Local Area Network (LAN) involves configuring the following items:Required configuration itemsnIdentifying which interfaces are in the LAN.nEnabling the LAN. LANs are disabled by default.nSetting an IPv4 address and subnet mask for the LAN. While it is not strictly necessary for aLAN to have an IP address, if you want to send traffic from other networks to the LAN, youmust configure an IP address.Additional configuration optionsnSetting a name for the LAN.nSetting the Maximum Transmission Unit, or packet size, for packets sent over the LAN.From the command line1. Set the interfaces in the LAN. For example, to include eth2,eth3, and eth4 interfaces in lan1,enter:lan 1 interfaces eth2,eth3,eth42. Enable the LAN. For example, to enable lan1:lan 1 state on3. Optional: Set an IPv4 address for the LAN.lan 1 ip-address 192.10.8.84. Optional: Set a subnet mask for the LAN.lan 1 mask 255.255.255.05. Optional: Give a descriptive name to the LAN.lan 1 description ethlan6. Optional: Set the MTU for the LAN.lan 1 mtu 1500Related topicsLocal Area Networks (LANs) on page 46Show LAN status and statistics on page 49

Local Area Networks (LANs)TransPort LR User Guide 49Show LAN status and statisticsTo show the status and statistics for a LAN, use the show lan on page 195 command. For example,here is show lan output before and after enabling lan1. For a description of the output fields, see theshow lan on page 195 command.digi.router> show lan 1LAN 1 Status and Statistics---------------------------Admin Status : UpOper Status : UpDescription : ethlanInterfaces : eth2,eth3,eth4MTU : 1500IP Address : 192.10.8.8Network Mask : 255.255.255.0Received Sent------------- ------Packets 624 6Bytes 48632 468digi.router>Related topicsLocal Area Networks (LANs) on page 46Configure a LAN on page 47Related commandslan on page 167show lan on page 195

Local Area Networks (LANs)TransPort LR User Guide 50DHCP serversThe DHCP server feature can be enabled in a TransPort LR device to assign IPaddresses and otherIPconfiguration to other hosts on the same local network. Addresses are assigned from a specifiedpool of IPaddresses. For a local network, the device will use the DHCP server that has the IPaddresspool in the same IPsubnet as the local network.You can configure up to 10 DHCP servers.When a host receives an IPconfiguration, the configuration is valid for a particular amount of time,known as the lease time. After this lease time expires, the configuration must be renewed. The hostperforms lease-time renewal automatically.Related topicsConfigure DHCP server settings on page 50Show DHCP server settings on page 51Related commandsdhcp-server on page 151Configure DHCP server settingsTo configure a DHCP server, you need to configure the following:Required configuration itemsnEnable the DHCP server.nThe IPaddress pool: the range of IPaddresses issued by the DHCPserver to clients.nThe IPnetwork mask given to clients.nThe IPgateway address given to clients.nThe IPaddresses of the preferred and alternate Domain Name Server (DNS) given to clients.Additional configuration optionsnLease time: The length, in minutes, of the leases issued by the DHCP server.From the command line1. Enable the DHCP server. By default, the DHCP server is disabled.dhcp-server 1 state on2. Enter the starting address of the IPaddress pool:dhcp-server 1 ip-address-start 10.30.1.1503. Enter the ending address of the IPaddress pool:dhcp-server 1 ip-address-end 10.30.1.195

Local Area Networks (LANs)TransPort LR User Guide 514. Enter the network mask:dhcp-server 1 netmask 255.255.225.05. Enter the IPgateway address given to clients:dhcp-server 1 gateway 10.30.1.16. Enter the preferred DNS server address given to clients:dhcp-server 1 dns1 10.30.1.17. Enter the alternate DNS server address given to clients:dhcp-server 1 dns2 209.183.48.118. Enter the lease time:dhcp-server 1 lease-time 60Related topicsDHCP servers on page 50Show DHCP server settings on page 51Related commandsdhcp-server on page 151Show DHCP server settingsTo be provided when the show DHCPserver command is added to the firmware.

Wide Area Networks (WANs)TransPort LR User Guide 52Wide Area Networks (WANs)A Wide Area Network (WAN) interface can be an Ethernet, DSL, or cellular interface that connects to aremote network, such as the internet.Ethernet interfacesEthernet interfaces can be used as a WAN interface when connecting to a remote network, such asthe internet, through a device such as a cable or DSL modem.By default, the eth1 interface is configured as a WAN interface with both DHCP and NAT enabled. Thismeans you should be able to connect to the internet by connecting the wan/eth1 interface to adevice that already has an internet connection.By default, the eth2,eth3, and eth4 interfaces are configured as a LAN interface. If necessary, youcan assign these interfaces to a WAN. For more information on Ethernet interfaces and theirconfiguration, see Ethernet interfaces on page 28.Cellular interfacesThe LR54 supports two cellular interfaces, cellular1 and cellular2.To use a cellular interface as a WAN interface, it must be configured to connect to the cellularnetwork. For more information on cellular interfaces and their configuration, see Cellular interfaceson page 32.DSL interfaceThe TransPort LR device supports one Asymmetric Digital Subscriber Line (ADSL) interface, dsl.To use the DSL interface as a WAN interface, you must configure it to connect to the DSL network.For more information on the DSL interface and its configuration, see DSL interface on page 35.Related topics

Wide Area Networks (WANs)TransPort LR User Guide 53WAN failoverIf a WAN interface fails for any reason, the TransPort LR device automatically fails over from one WANinterface to use another.For example, if you use an Ethernet interface as your main WAN interface, and have a cellularinterface configured as a backup WAN interface, if the Ethernet interface was to fail (for example, ifthe Ethernet cable is broken), the TransPort LR device automatically starts to use the cellularinterface until the Ethernet interface becomes active again.IP probingSometimes, problems can occur beyond the immediate WAN connection that prevent some IP trafficreaching their destination. Normally this kind of problem does not cause the WAN interface to fail, asthe connection continues to work while the core problem exists somewhere else in the network.IP probing is a way to detect problems in an IP network. IPprobing involves configuring theTransPort LR device to send out regular IP probe packets to a particular destination. If responses tothese probe packets are not received, the TransPort LR device can bring down the WAN interface,and switch to using another WAN interface until the IP network problem is resolved.IP probing involves the following configuration settings:nThe IP address or name of the host to probenThe size of the IP probe packetsnThe rate at which the IP probe packets are sentnThe time, in seconds, after which the IP probe response is considered lostnThe WAN interface timeout, in seconds, if no IP probe responses are received.nThe time, in seconds, after which the WAN interface must receive all IPprobe responsesbefore reactivating the WANinterfacenThe time, in seconds, after which the TransPort LR device attempts to bring up theWANinterfaceAll of the IP probing configuration has default values, except for the IP address or name of the host toprobe. Use of IP probes requires this IPaddress. For the rest of the parameters, the default valuesshould be sufficient, but they can be set to different values as needed to suit your WANfailoverrequirements.Related topicsWide Area Networks (WANs) on page 52Configure Wi-Fi interfacesExample WAN failover: DSLto cellular on page 57Show WAN status and statistics on page 59Related commandswan on page 213

Wide Area Networks (WANs)TransPort LR User Guide 54Configure a WANinterfaceYou can configure up to 10 WAN interfaces.wan1 is the top priority, wan2 is the second priority, and so on.The TransPort LR device automatically adds a default IP route for the WAN interface when it comesup. The metric of the route is based on the priority of the interface. For example, as wan1 is thehighest priority, the default route for wan1 has a metric of 1, and the default route for wan2 has ametric of 2.Required configuration itemsAssign an Ethernet, DSL or Cellular interface to the WAN interface. By default, WAN interfaces areassigned the following interfaces :nFor TransPort LR devices with DSL:lwan1:eth1lwan2:dsllwan3:cellular1lwan4:cellular2nFor TransPort LR devices without DSL:lwan1:eth1lwan2:cellular1lwan3:cellular2Additional configuration optionsThese additional configuration settings are not typically configured, but you can set them as needed:nThe IP configuration. WAN interfaces typically get their IP address configuration from thenetwork, for example, DSL or cellular, to which they connect. However, you can manually setthe IP configuration as needed. The following manual configuration settings are available:lIP address and masklGatewaylPreferred and alternate DNS servernDisable the DHCP client. Ethernet interfaces use DHCP client to get an IP address from aDHCP server, for example, from a cable modem. If you are manually configuring the IPaddress for the Ethernet interface, disable the DHCP client.nNetwork Address Translation (NAT). NAT translates IP addresses from a private LAN networkto a public IP address. By default, NAT is enabled. Unless your LAN has a publicly-addressableIP address range, do not disable NAT.nMaximum Transmission Unit (MTU). The MTU defines the maximum size of a packet sent overthe WAN interface.

Wide Area Networks (WANs)TransPort LR User Guide 55From the command lineConfigure basic WAN settings1. Assign an interface to the WAN interface.wan 1 interface eth12. Optional: Disable DHCP client mode.wan 1 dhcp-client off3. Optional: Configure the IP address, mask, gateway and DNS servers.wan 1 ip-address 10.1.2.2wan 1 mask 255.255.255.252wan 1 gateway 10.1.2.1wan 1 dns1 10.1.2.1wan 1 dns2 8.8.8.84. Optional: Set the speed.eth 1 speed {auto | 1000 | 100 | 10}Configure IP probe settings1. Configure the IP host to probe.wan 1 probe-host 192.168.47.12. Optional: Configure the size of the IP probe packet.wan 1 dhcp-client off3. Optional: Configure the rate, in seconds, at which the IP probe packet is sent.wan 1 probe-interval 204. Optional: Configure the time, in seconds, after which the IP probe response is considered lost.wan 1 probe-timeout 55. Optional: Configure the WAN interface timeout, in seconds, if no IP probe responses arereceived.wan 1 timeout 60

Wide Area Networks (WANs)TransPort LR User Guide 566. Optional: Configure the time in, seconds, after which the WAN interface must receive all IPprobe responses before reactivating the WAN interface.wan 1 activate-after 307. Optional: Configure the time in seconds after which to attempt to bring up the WAN interface.wan 1 try-after 1200Related topicsWide Area Networks (WANs) on page 52WAN failover on page 53Example WAN failover: DSLto cellular on page 57Show WAN status and statistics on page 59Related commandswan on page 213Add the show wan command description link when it is available from firmware builds

Wide Area Networks (WANs)TransPort LR User Guide 57Example WAN failover: DSLto cellularIn this example, WAN, the dsl interface is the primary WAN. cellular1 and cellular2 interfaces serveas backups to dsl.IPprobing is configured over the DSL interface. A probe packet of size 256 bytes is sent every 10seconds to the IP host 43.66.93.111. If no responses are received for 60 seconds, the TransPort LRdevice brings the DSL interface down and starts using the wan2 (cellular1) interface.If the TransPort LR device cannot get a connection on the cellular2 interface, it attempts to use thewan3 (cellular2) interface. It attempts to switch back to the wan2 (cellular1) interface after 30minutes (1800 seconds).The TransPort LR device continues to send probes out of the DSL interface. If it receives proberesponses for 120 seconds, it reactivates the wan1 interface and starts using it again as the WANinterface.To achieve this WAN interface failover from DSLto the cellular interface, the WANfailoverconfiguration commands are:wan 1 interface dslwan 1 probe-host 43.66.93.111wan 1 probe-interval 10wan 1 probe-size 256wan 1 timeout 60wan 1 activate-after 120wan 2 interface cellular1wan 2 try-after 1800wan 3 interface cellular2Related topicsWide Area Networks (WANs) on page 52WAN failover on page 53Configure a WANinterface on page 54Show WAN status and statistics on page 59

Wide Area Networks (WANs)TransPort LR User Guide 59Show WAN status and statisticsTo show the status and statistics for a cellular interface, use the show wan on page 201 command.For a description of the output fields, see the show wan on page 201 command.Here is here is the show wan on page 201 command output when no WANs are configured:digi.router> show wan# WAN Interface Status IP Address-----------------------------------digi.router>Here is the show wan on page 201 command output with eth2 and cellular1 configured as WANinterfaces, where eth2 is upand cellular1 is down.digi.router> show wan# WAN Interface Status IP Address-----------------------------------2 eth2 Up 192.168.0.253 cellular1 Downdigi.router>Here is a show wan on page 201 example with eth2 and cellular1 both up:digi.router> show wan# WAN Interface Status IP Address-----------------------------------2 eth2 Up 192.168.0.253 cellular1 Up 172.20.1.7digi.router>Related topicsWide Area Networks (WANs) on page 52WAN failover on page 53Configure a WANinterface on page 54Example WAN failover: DSLto cellular on page 57Related commandswan on page 213show wan on page 201

SecurityTransPort LR User Guide 60SecurityTransPort LR devices have several device security features. This section covers the configuringsecurity settings from the web interface and command line.

SecurityTransPort LR User Guide 61User managementUser management involves configuring and managing TransPort LR device users, including theirauthentication credentials and access permissions.Related topicsUsers and user access permissions on page 61Configure a user on page 62Related commandsuser on page 212Users and user access permissionsTo manage TransPort LR devices via the command-line interface or web interface, users must log inusing a configured username and password.This topic covers the TransPort LRuser model and access permissions for users.Number of supported usersUp to 10 administrative users are supported. Each user has a unique name, password and accesslevel.Default userBy default, TransPort LR devices have one user preconfigured. This default user is configured as user1. Its default username is admin. Its default password is displayed on the label on the bottom of thedevice, for example:You can change this user 1 configuration to match your requirements.User access permissionsTransPort LR devices support three access levels: super,read-write, and read-only. These accesslevels determine the level of control users have over device features and their settings.

SecurityTransPort LR User Guide 62Access level Permissions allowedsuper The user can manage all features on TransPort LR devices. Devices canhave multiple users with super access level.A user with super access level is required to be present on a device, toallow editing user access levels. If you or any other device user deletesthe only user with super access level, you must restore the defaultuser configuration by resetting the device to factory defaults.read-write The user can manage all device features except security-relatedfeatures, such as configuring user access, configuring firewalls, clearinglogs, etc.read-only The user can monitor device configuration and status, but cannotchange the configuration or status of the TransPort LR device.Related topicsConfigure a user on page 62Delete a user on page 63Reset the device to factory defaults on page 130Related commandsuser on page 212Configure a userTo configure a user, you need to configure the following:Required configuration itemsnUsername.nPassword. For security reasons, passwords are stored in hash form. There is no way get ordisplay passwords in clear-text form.Additional configuration optionsnSetting user access permissions. The access level for users defaults to super. To restrict theaccess of this user to either read-write or read-only, you should configure the access level.From the command lineThe user on page 212 command configures users.1. Configure the username. For example:user 1 name joeuser

SecurityTransPort LR User Guide 632. Configure the password. For example:user 1 password omnivers10313. Optional: Configure the access level. For example:user 1 access read-writeRelated topicsUsers and user access permissions on page 61Delete a user on page 63Related commandsuser on page 212Delete a userTo delete a user:From the command lineEnter the following command:user n name !Configure the password. For example, to delete the user joeuser that was previously assigned touser 1, enter:user 1 name !Related topicsUsers and user access permissions on page 61Configure a user on page 62Related commandsuser on page 212

Remote managementTransPort LR User Guide 71Remote managementThese topics cover using remote management facilities to manage TransPort LRdevices.

Remote managementTransPort LR User Guide 72Remote ManagerDigi Remote Manager is a hosted remote configuration and management system that allows you toremotely manager a large number of devices. Digi Remote Manager has a web-based interface fromwhich you can perform device operations, such as viewing and changing device configurations andperform firmware updates.The Digi Remote Manager servers also provide a data storage facility.Using Digi Remote Manager requires setting up a Digi Remote Manager account. To set up a DigiRemote Manager account and learn more about Digi Remote Manager, go tohttp://www.digi.com/products/cloud/digi-remote-manager.Configure Remote ManagerDelete this text and replace it with your own content.

Remote managementTransPort LR User Guide 73Simple Network Management Protocol (SNMP)Simple Network Management Protocol (SNMP) is a protocol for remotely managing and monitoringnetwork devices. Network administrators can use the SNMP architecture to manage nodes,including servers, workstations, routers, switches, hubs, and other equipment on an IP network,manage network performance, find and solve network problems, and plan for network growth.Supported SNMP versionsTransport LR devices support the SNMP versions SNMPv1,SNMPv2c, and SNMPv3.The device supports up to 10 SNMPv1/SNMPv2c communities. Each community can have read-only orread-write access.The device supports up to 10 SNMPv3 users. You can configure each user's access level as read-onlyor read-write, and configure security settings on an individual-user basis.Supported Management Information Bases (MIBs)Transport LR devices support the following SNMP MIBs for managing the entities in a communicationnetwork:nStandard SNMP MIBsnAn enterprise-specific MIB, specific to the LR54, named transport-lr54.mib. This MIB isavailable for download from Digi Support.Note SNMPv1 cannot be used with the Enterprise MIB, owing to the COUNTER64 types used in theMIB.Related topicsConfigure SNMPv1 and SNMPv2 on page 73Configure SNMPv3 on page 74Related commandssnmp on page 204snmp-community on page 205snmp-user on page 206Configure SNMPv1 and SNMPv2Configuring SNMPv1 or SNMPv2c support involves configuring the following items:nEnabling the desired SNMP versionnWhether to configure SNMPv1/v2c communitiesnIf configuring SNMPv1/v2c communities, the community access levelFrom the command line1. All SNMP versions are disabled by default. Enable support for SNMPv1 or SNMPv2c byentering:snmp v1 onOR

Remote managementTransPort LR User Guide 74snmp v2c on2. If using SNMPv1/v2c communities, configure a name for each community. For example:snmp-community 1 community public3. The community access level defaults to read-only. To set the access level to read-write,enter:snmp-community 1 access read-writeRelated topicsSimple Network Management Protocol (SNMP) on page 73Configure SNMPv3 on page 74Related commandssnmp on page 204snmp-community on page 205snmp-user on page 206Configure SNMPv3Configuring SNMPv3 support involves configuring the following items:nEnabling SNMPv3.nConfiguring the SNMPv3 users. Up to 10 SNMPv3 users can be configured.nConfiguring SNMPv3 user authentication type and password, privacy type and password, anduser access level.From the command line1. All SNMP versions are disabled by default. To enable support for SNMPv3, enter:snmp v3 on2. For each SNMPv3 user, give the user a name of up to 32 characters:snmp-user 1 user joe3. Set the authentication type for the SNMPv3 user (none,md5, or sha1). To use privacy (DES orAES), the authentication type be either md5 or sha1.snmp-user 1 authentication sha14. Set the authentication password for the SNMPv3 user. The password length can be between8 and 64 characters.snmp-user 1 authentication-password authpassword

Remote managementTransPort LR User Guide 755. Set the privacy type for the SNMPv3 user (none,aes, or des):snmp-user 1 authentication des6. Set the privacy password for the SNMPv3 user. The password length can be between 8 and 64characters.snmp-user 1 privacy-password privpassword7. Configure the access level for the SNMPv3 user.snmp-user 1 access read-writeRelated topicsSimple Network Management Protocol (SNMP) on page 73Configure SNMPv3 on page 74Related commandssnmp on page 204snmp-community on page 205snmp-user on page 206

RoutingTransPort LR User Guide 77IP routingThe TransPort LRdevice uses IP routes to decide where to send a packet that it receives for aremote network. The process for deciding on a route to send the packet is as follows:1. The device examines the destination IP address in the IP packet, and looks through the IProuting table to find a match for it.2. If it finds a route for the destination, it forwards the IP packet to the configured IP gateway orinterface.3. If it cannot find a route for the destination, it uses a default route.4. If there are two or more routes to a destination, the device uses the route with the longestmask.5. If there are two or more routes to a destination with the same mask, the device will use theroute with the lowest metric.Configuring and managing IProuting involves the following tasks:

RoutingTransPort LR User Guide 78Configure general IP settingsConfiguring general IPsettings is one of the building blocks of setting up IProuting.Optional configuration settingsnThe IP hostname. This hostname identifies the TLR device on IP networks. It is an unqualifiedhostname. The default setting for the device isLR54-%s which expands to LR54-<serialnumber>.nThe administrative distance settings for connected and static routes. Administrative distancesettings rank the type of routes, from the most to least preferred. When there are two ormore routes to the same destination and mask, the route with the lowest metric is used. Bydefault, routes to connected networks are preferred, with static routes being next. Theadministrative distance for each route type is added to the route’s metric when it is added tothe routing table. Configuring the administrative distance of a particular route type can alterthe order of use for the routes. The two administrative distance settings are:lAdministrative distance for connected network routes. The default value is 0.lAdministrative distance for static routes. The default value is 1.From the command line1. Set the hostname.ip hostname LR54-NewYork2. Set the administrative distance for connected routes.ip admin-conn 33. Set the administrative distance for static routes.ip admin-static 5Related topicsIP routing on page 77Configure a static route on page 79Show the IPv4 routing table on page 81Delete a static route on page 82Related commandsip on page 161

RoutingTransPort LR User Guide 79Configure a static routeA static route is a manually configured routing entry. Information about the route is manuallyentered rather than obtained from dynamic routing traffic. TransPort LR devices supports up to 32static routes. Will this be the same across all product models or will we need multiple statements formultiple models?Required configuration settingsnSetting the destination network and mask.nSetting the gateway IP address for routes using LAN and WAN Ethernet interfaces. Thegateway IP address should be on the same subnet as the IP address of the LAN or WANEthernet interface in use.nSetting the interface name for routes using cellular and DSL interfaces.Optional configuration settingsnSetting the metric for the route. The metric defines the order in which routes should be usedif there are two routes to the same destination. In such a case, the smaller metric is used.From the command lineExample 1To configure a static route to the 192.168.47.0/24 network using the lan1 interface, which has an IPaddress of 192.168.1.1 and a gateway at IP address of 192.168.1.254:1. Set the destination network and mask.route 1 destination 192.168.47.0route 1 mask 255.255.255.02. Set the gateway IPaddress.route 1 gateway 192.168.1.254Example 2To configure a static route to the 44.1.0.0/16 network using the cellular1 interface:1. Set the destination network and mask.route 4 destination 44.1.0.0route 4 mask 255.255.0.02. Set the interface.route 4 interface cellular13. Optional: Set the metric.route 4 metric 5

RoutingTransPort LR User Guide 80Once the static route is configured, it should be shown in the IPv4 routing table.Related topicsIP routing on page 77Configure general IP settings on page 78Show the IPv4 routing table on page 81Delete a static route on page 82Related commandsip on page 161route on page 175show route on page 197

RoutingTransPort LR User Guide 81Show the IPv4 routing tableTo display the IPv4 routing table, use the show route on page 197 command.digi.router> show routeDestination Gateway Metric Protocol Idx Interface Status--------------------------------------------------------------------------------------10.1.2.0/24 192.168.1.254 1 Static 1 lan1 UP192.168.1.0/24 0.0.0.0 0 Connected lan1 UPdefault 0.0.0.0 1 Connected eth1 UPdefault 0.0.0.0 2 Connected cellular1 UPdigi.router>Related topicsIP routing on page 77Configure general IP settings on page 78Configure a static route on page 79Delete a static route on page 82Related commandsip on page 161route on page 175show route on page 197

RoutingTransPort LR User Guide 82Delete a static routeTo remove a static route from the routing table, clear the destination network configuration.From the command lineEnter the route on page 175 command, specifying the interface number, the destination parameterand !to revert the settings for the route destination. For example:route 1 destination !Related topicsIP routing on page 77Configure general IP settings on page 78Configure a static route on page 79Show the IPv4 routing table on page 81Related commandsip on page 161route on page 175show route on page 197

RoutingTransPort LR User Guide 83Virtual Private Networks (VPN)Virtual Private Networks (VPNs) are used to securely connect two private networks together so thatdevices can connect from one network to the other network using secure channels. These topicscover the various network protocols involved in VPNs, and configuring VPNs from the web interfaceand command line.

RoutingTransPort LR User Guide 84IPsecIPsec is a suite of protocols for creating a secure communication link, or IPsec tunnel, between ahost and a remote IP network or between two IP networks across a public network such as theinternet.TransPort LR devices support to up 32 IPsec tunnels.IPsec data protectionIPsec protects the data being sent across a public network by providing the following:Data origin authenticationAuthentication of data to validate the origin of data when it is received.Data integrityAuthentication of data to ensure it has not been modified during transmission.Data confidentialityEncryption of data sent across the IPsec tunnel to ensure that an unauthorized device cannotread the data.Anti-ReplayAuthentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel.IPsec modesIPsec can run in two different modes: Tunnel and Transport.Currently, TransPort LR devices support tunnel mode only.TunnelThe entire IP packet is encrypted and/or authenticated and then encapsulated as the payload ina new IP packet.TransportOnly the payload of the IP packet is encrypted and/or authenticated. The IP header is leftuntouched. This mode has limitations when using an authentication header, because the IPaddresses in the IP header cannot be translated (for example, with Network Address Translation(NAT), as it would invalidate the authentication hash value.Internet Key Exchange (IKE) settingsIKE is a key management protocol is used by IPsec to negotiate the security associations (SAs) thatare used to create the secure IPsec tunnel.SA negotiations are perfomed in two phases, known as phase 1 and phase 2.Phase 1In phase 1, IKE creates a secure authenticated communication channel between the device and thepeer (the remote device which is at the other end of the IPsec tunnel) using the configured pre-shared key and the Diffie-Hellman key exchange. This creates the IKE SAs that are used to encryptfurther IKE communications.There are two modes for the phase 1 negotiation: Main mode and Aggressive mode.Main modeMain mode is the default mode. It is slower that aggressive mode, but more secure, in that allsensitive information sent between the device and its peer is encrypted.Aggressive mode

RoutingTransPort LR User Guide 85Aggressive mode is faster than main mode, but is not as secure as main mode, because thedevice and its peer exchange their IDs and hash information in clear text instead of beingencrypted. Aggressive mode is usually used when one or both of the devices have a dynamicexternal IP address.Phase 2In phase 2, IKE negotiates the SAs for IPsec. This creates two unidirectional SAs, one for eachdirection. Once the phase 2 negotiation is complete, the IPsec tunnel should be fully functional.There are two versions of IKE, IKEv1 and IKEv2. Currently the LR54 only supports IKEv1.IPsec and IKE renegotiationTo reduce the chances of an IPsec tunnel being compromised, the IPsec SAs and IKE SA arerenegotiated at a regular interval. This results in different encryption keys being used in the IPsectunnel.Related topicsRelated commandsipsec on page 162ipsec-failover on page 166show dsl on page 182Configure an IPSec tunnelConfiguring an IPsec tunnel with a remote device involves configuring the following items:Required configuration itemsIPsec tunnel configuration settingsnEnabling the IPsec tunnel.nThe IP address or name of the remote device, also known as the peer, at the other end of theIPsec tunnel.nThe local and remote IDs.nThe local and remote IP networks.nThe authentication protocol to use. This setting must match the authentication protocolconfigured on the remote device. The authentication options are:lSHA1lSHA256The default value is SHA1.nThe encryption protocol to use. This has to match the encryption protocol configured on theremote device. The encryption options are:

RoutingTransPort LR User Guide 86lAES – 128 bitslAES – 192 bitslAES – 256 bitsThe default value is AES – 128 bits.nThe Encapsulating Security Payload (ESP) Diffie-Hellman group for the IPsec tunnel.Thissetting must match the Diffie-Hellman group configured on the remote device. The Diffie-Hellman group options are:lNonelGroup 5 (1536 bits)lGroup 14 (2048 bits)lGroup 15 (3072 bits)lGroup 16 (4096 bits)lGroup 17 (6144 bits)lGroup 18 (8192 bits)The default value is Group14.The larger the number of bits, the more secure the IPsec tunnel. However, a larger bit lengthrequires more computing power, which can slow down the tunnel negotiation andperformance.nThe shared key the device and the remote device use to authenticate each other.IKE configuration settingsnThe IKE mode.lMainlAggressiveThe default option is Main.nThe IKE authentication protocols to use for the IPsec tunnel negotiation. The authenticationoptions are:lSHA1lSHA256The default is SHA1.You can select more than one authentication protocol. IKE negotiates with the remote devicewhich to use. This setting does not need to match the IKE authentication protocols configuredon the remote device, but at least one of the authentication protocols must be configured onthe remote device.nThe IKE encryption protocols to use for the IPsec tunnel negotiation. The encryption optionsare:lAES – 128 bitslAES – 192 bitslAES – 256 bits

RoutingTransPort LR User Guide 87The default is AES – 128 bits.You can select more than one encryption protocol. IKE negotiates with the remote devicewhich encryption protocol to use. This setting does not need to match the IKE encryptionprotocols configured on the remote device, but at least one of the encryption protocols mustbe configured on the remote device.nThe IKE Diffie-Hellman groups to use for the IPsec tunnel negotiation. The Diffie-Hellmangroup options.lGroup 5 (1536 bits)lGroup 14 (2048 bits)lGroup 15 (3072 bits)lGroup 16 (4096 bits)lGroup 17 (6144 bits)lGroup 18 (8192 bits)The default value is Group14.You can select more than one Diffie-Hellman group. IKE negotiates with the remote devicewhich group to use. This setting does not need to match the IKE Diffie-Hellman groupsconfigured on the remote device, but at least of the Diffie-Hellman groups must be configuredon the remote device.Additional configuration itemsThe following additional configuration settings are not typically configured to get an IPsec tunnelworking, but can be configured as needed:Tunnel and key renegotiatingnThe lifetime of the IPsec tunnel before it is renegotiated. This defaults to 1 hour (3600seconds), and does not need to match the setting on the remote device.nThe number of bytes, also known as lifebytes, sent on the IPsec tunnel before it isrenegotiated. By default, this setting is disabled, but can be configured up to 4 GB. Thissetting does not need to match the setting on the remote device.nThe IKE lifetime before the keys are renegotiated. This defaults to 4800 seconds and doesnot need to match the IKE lifetime configured on the remote device.nThe amount of time before the IPsec lifetime expires, the renegotiation should start. Thisdefaults to 540 seconds and does not need to match the setting on the remote device.nThe number of bytes before the IPsec lifebytes limit is reached before the key is isrenegotiated. By default, this is set to 0 and does not need to match the setting on theremote device.

RoutingTransPort LR User Guide 88nA randomizing factor for the number of seconds or bytes margin before the IPsec tunnel isrenegotiated. This defaults to 100% and does not need to match the setting on the remotedevice. This setting would be used if the device has a number of IPsec tunnels configured toensure that the IPsec tunnels are not renegotiated at the same time which could putexcessive load on the device.Other configuration itemsnA description for the IPsec tunnel.nThe number of tries IKE will attempt to negotiate the IPsec tunnel with the remote devicebefore giving up.Example IPsec tunnelSuppose you are configuring the following IPsec tunnel:From the command line1. Enable the IPsec tunnel.ipsec 1 state on2. Enter the IP address or name of the remote device.ipsec 1 peer 47.23.78.323. Enter the local and remote IDs.ipsec 1 local-id LR54-LAipsec 1 remote-id LR54-NY4. Enter the local and remote IP networks.ipsec 1 local-network 192.168.1.0ipsec 1 local-mask 255.255.255.0ipsec 1 remote-network 10.1.2.0ipsec 1 remote-mask 255.255.255.0

RoutingTransPort LR User Guide 895. Enter the pre-shared key.ipsec 1 psk “secret-psk”6. Enter the IPsec authentication, encryption, and Diffie-Hellman settings.ipsec 1 esp-authentication sha256ipsec 1 esp-encryption aes256ipsec 1 esp-diffie-hellman none7. Enter the IKE authentication, encryption, and Diffie-Hellman settings.ipsec 1 ike-authentication sha1,sha256ipsec 1 ike-encryption aes128,aes192,aes256ipsec 1 ike-diffie-hellman group14,group15Related topicsIPsec on page 84IPSec tunnel failover on page 91Example: IPsec tunnel between a TransPort LR54 and TransPort WR44 on page 89Example: IPSec tunnel between a TransPort LR54 and a Cisco routerDebug an IPsec configuration on page 92Show IPsec status and statistics on page 92Related commandsipsec on page 162ipsec-failover on page 166show ipsec on page 191Example: IPsec tunnel between a TransPort LR54 and TransPort WR44Following an example IPsec configuration between an TransPort LR54 and a TransPort WR44.The configuration settings for both devices are as follows:

RoutingTransPort LR User Guide 90TransPort LR54 configuration TransPort WR44 configurationdigi.router> lan 1state ondescription IPsec local netmtu 1500interfaces eth2,eth3,eth4ip-address 192.168.54.1mask 255.255.255.0dns1dns2dhcp-client offdigi.router> lan 2state ondescription Link to WR44mtu 1500interfaces eth1ip-address 10.0.0.54mask 255.255.255.0dns1dns2dhcp-client offdigi.router> ipsec 1state ondescription Tunnel to WR44peer 10.0.0.44local-network 192.168.54.0local-mask 255.255.255.0remote-network 192.168.44.0remote-mask 255.255.255.0esp-authentication sha1esp-encryption aes128esp-diffie-hellman noneauth-by pskpsk <configured>local-id 10.0.0.54remote-id 10.0.0.44lifetime 3600lifebytes 0margintime 540marginbytes 0random 100ike 1ike-mode aggressiveike-encryption aes128ike-authentication sha1ike-diffie-hellman group5ike-lifetime 3600ike-tries 3dpddelay 30dpdtimeout 150# Link to TransPort LR54eth 0 IPaddr "10.0.0.44"eth 0 ipsec 1# IPsec local networketh 1 IPaddr "192.168.44.1"# Route to remote networkroute 0 IPaddr "192.168.54.0"route 0 ll_ent "eth"# IPsec tunnel configurationeroute 0 peerip "10.0.0.54"eroute 0 peerid "10.0.0.54"eroute 0 ourid "10.0.0.44"eroute 0 ouridtype 3eroute 0 locip "192.168.44.0"eroute 0 locmsk"255.255.255.0"eroute 0 remip "192.168.54.0"eroute 0 remmsk"255.255.255.0"eroute 0 ESPauth "sha1"eroute 0 ESPenc "aes"eroute 0 authmeth "preshared"eroute 0 autosa 2# IKE configurationike 0 encalg "aes"ike 0 keybits 128ike 0 authalg "sha1"ike 0 ltime 30000ike 0 aggressive ONike 0 ikegroup 5# Remote ID / Passworduser 1 name "10.0.0.54"user 1 epassword "MDp6Vko=

RoutingTransPort LR User Guide 93Rekeying In : 68 minutesAH Cipher Suite : Not UsedESP Cipher Suite : aes128, sha1Renegotiating In : 42 minutesOutbound ESP SA : 0x9E1325F2Inbound ESP SA : 0x757935D6Bytes In : 0Bytes Out : 0digi.router>Related topicsIPsec on page 84IPSec tunnel failover on page 91Configure an IPSec tunnel on page 85Example: IPsec tunnel between a TransPort LR54 and TransPort WR44 on page 89Example: IPSec tunnel between a TransPort LR54 and a Cisco routerDebug an IPsec configuration on page 92Related commandsipsec on page 162ipsec-failover on page 166show dsl on page 182

System administration and managementTransPort LR User Guide 96Set system date and timeHaving an accurate date and time set on your device is important for a number of reasons, includingvalidating certificates and having accurate timestamps on events in the event log.Methods for setting system date and timeThere are two methods for setting system date and time:nUsing the Simple Network Time Protocol (SNTP). SNTP continually polls an external NTPtimeserver on either a private company network or the internet at a configured interval rate.SNTP usually provides an accuracy of less than a second.nSetting the date and time manually.Set the date and time using SNTPRequired configuration itemsnEnable SNTP.Additional configuration optionsnThe SNTP server. By default, SNTP is configured to use Digi’s SNTPserver,time.devicecloud.com.nThe SNTPupdate interval. This is the interval at which the TLR device checks the SNTP serverfor date and time. By default, SNTP is checked every hour. At bootup, the device attempts tosend an update message to the configured SNTP server every 15 seconds until it receives aresponse. Once it receives a response, it reverts to the configured update interval.From the command lineTo set the date and time using SNTP, use the sntp on page 207 command.1. Enable SNTP.sntp state on2. Optional: Set the SNTP server. For example, to set the server to time.digi.com:sntp server time.digi.com3. Optional: Set the SNTPupdate interval.sntp update-interval 10Set the date and time manuallyFrom the command lineTo set the date and time manually, use the date on page 149 command. The date on page 149command specifies the time in HH:MM:SS format, where seconds are optional, followed by the date,in DD:MM:YYYY format.For example, to manually set the time and date to 14:55:00 on May 3, 2016, enter:

System administration and managementTransPort LR User Guide 97date 14:55:00 03:05:2016Related topicsShow system date and time on page 98Related commandsdate on page 149sntp on page 207

System administration and managementTransPort LR User Guide 98Show system date and timeFrom the command lineTo display the current system date and time, use the date on page 149 command.digi.router> datesystem time: 14:55:06, 03 May 2016digi.router>Related topicsSet system date and time on page 96Related commandsdate on page 149sntp on page 207

System administration and managementTransPort LR User Guide 106Use multiple configuration files to test the configuration on remote devices on page 107Related commandssave on page 176show system on page 199

System administration and managementTransPort LR User Guide 107Use multiple configuration files to test the configuration on remote devicesYou can use multiple configuration files, along with the autorun on page 141 command, to test a newconfiguration on a remote device that might result in the remote device going offline, in which casethe device cannot be remotely accessed.To test the configuration on a remote device, create a new configuration file with desiredconfiguration changes to test. In addition to the desired configuration changes, the file shouldcontain two autorun on page 141 commands:nThe first autorun on page 141 command automatically reverts the device to use the originalconfiguration file.nThe second autorun on page 141 command schedules a reboot after a period of time.Example test configuration fileFor example, suppose you creates a new test configuration file named test.cfgThis test.cfg file changes the cellular 1 apn parameter, and executes two autorun on page 141commands to automatically revert the device back to use the config.da0 configuration file and toreboot in 5minutes. It then saves the configuration to test.cfg and reboots the device.update config test.cfgcellular 1 apn new-apn-to-testautorun 1 command “update config config.da0”autorun 2 command “reboot in 5”save configrebootIf the TransPort LR device does not come back online, the device automatically reverts to the old(working) configuration file, config.da0, and reboots after 5minutes.If the device comes back online after being rebooted with the configuration (that is, the deviceconnected with the new cellular APN), you can cancel the scheduled reboot using the reboot cancelcommand.reboot cancelUsing the copy on page 147 and update on page 211 commands, you can then copy the configurationfile to the final configuration file, and change the configuration file name.copy test.cfg config.da0update config config.da0Related topicsManaging configuration files on page 102Save configuration settings to a file on page 137Switch between configuration files on page 137Related commandsautorun on page 141copy on page 147reboot on page 172save on page 176

TransPort LR User Guide 115Make a directoryTo make a new directory in the TLR filesystem, use the mkdir on page 168 command, specifying thename of the directory.For example:digi.router> mkdir testdigi.router> dirFile Size Last Modified-------------------------------------------------------test Directoryconfig.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17Remaining User Space: 102,457,344 bytesdigi.router>

TransPort LR User Guide 116Display directory contentsTo display directory contents, use the dir on page 152 command. For example:digi.router> dirFile Size Last Modified---------------------------------------------------------test Directoryconfig.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17Remaining User Space: 102,457,344 bytesdigi.router>

TransPort LR User Guide 117Change the current directoryTo change the current directory, use the cd on page 142 command, specifying the directory name.For example:digi.router> dirFile Size Last Modified---------------------------------------------------------test Directoryconfig.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17Remaining User Space: 102,457,344 bytesdigi.router>digi.router> cd testdigi.router> dirFile Size Last Modified---------------------------------------------------------Remaining User Space: 102,457,344 bytesdigi.router>

TransPort LR User Guide 118Remove a directoryTo remove a directory:1. Make sure the directory is empty.2. Use the rmdir on page 174 command, specifying the name of the directory to remove.For example:digi.router> dirFile Size Last Modified---------------------------------------------------------test Directoryconfig.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17Remaining User Space: 102,457,344 bytesdigi.router>digi.router> rmdir testDirectory test is not emptyERRORdigi.router>digi.router> dir testFile Size Last Modified---------------------------------------------------------config.tst 186 Wed Apr 5 07:10:41Remaining User Space: 102,457,344 bytesdigi.router>digi.router> del test/config.tstdigi.router>digi.router> rmdir testdigi.router>digi.router> dirFile Size Last Modified---------------------------------------------------------config.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17Remaining User Space: 102,457,344 bytes

Display file contentsTransPort LR User Guide 120Display file contentsTo display the contents of a file, use the more on page 169 command, specifying the name of the file.For example:digi.router> more config.da0# Last updated by username on Thu Nov 19 14:26:02 2015eth 1 ip-address "192.168.1.1"cellular 1 apn "mobile.o2.co.uk"cellular 1 state "on"user 1 name "username"user 1 password "$1$4WdqUHrv$K.aB78KILuxVpesZtyveG/"digi.router>

Copy a fileTransPort LR User Guide 121Copy a fileTo copy a file, use the copy on page 147 command, specifying the existing file name, followed by thename of the new copy.For example, to copy file config.da0 to a file in the main directory named backup.da0, and then to afile named test.cfg in the test directory, enter the following:digi.router>digi.router> dirFile Size Last Modified---------------------------------------------------------test Directoryconfig.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17Remaining User Space: 102,457,344 bytesdigi.router>digi.router>digi.router> copy config.da0 backup.da0digi.router>digi.router> dirFile Size Last Modified---------------------------------------------------------test Directoryconfig.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17backup.da0 763 Wed Apr 5 07:22:29Remaining User Space: 102,457,344 bytesdigi.router>digi.router>digi.router> copy config.da0 test/test.cfgdigi.router>digi.router> dir testFile Size Last Modified--------------------------------------------------------test.cfg 763 Wed Apr 5 07:24:45Remaining User Space: 102,457,344 bytesdigi.router>

Rename a fileTransPort LR User Guide 122Rename a fileTo rename a file, use the rename on page 173 command, specifying the existing name and the newname.For example:digi.router> dirFile Size Last Modified---------------------------------------------------------test Directoryconfig.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17backup.da0 763 Wed Apr 5 07:22:29Remaining User Space: 102,457,344 bytesdigi.router>digi.router> rename backup.da0 test.da0digi.router>digi.router> dirFile Size Last Modified---------------------------------------------------------test Directorytest.da0 763 Wed Apr 5 07:22:29config.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17Remaining User Space: 102,453,248 bytesdigi.router>

Delete a fileTransPort LR User Guide 123Delete a fileTo delete a file, use the del on page 150 command, specifying the filename to delete.For example, to delete a file named test.cfg in the test directory, enter the following:digi.router>digi.router> dirFile Size Last Modified---------------------------------------------------------test Directorytest.da0 763 Wed Apr 5 07:22:29config.da0 763 Sun Mar 5 12:36:20config.fac 186 Mon Feb 21 03:00:17Remaining User Space: 102,453,248 bytesdigi.router>digi.router> del test.da0digi.router>digi.router> dir testFile Size Last Modified---------------------------------------------------------test.cfg 763 Wed Apr 5 07:24:45Remaining User Space: 102,453,248 bytesdigi.router>digi.router> del test/test.cfgdigi.router> dir testFile Size Last Modified---------------------------------------------------------Remaining User Space: 102,449,152 bytesdigi.router>

Upload and download filesTransPort LR User Guide 124Upload and download filesYou can download and upload files from and to a TLR device, using utilities such as Secure Copy (SCP),SSH File Transfer Protocol (SFTP), or an SFTP application such as FileZilla.Upload files using SCPTo upload a file to a TLRdevice using SCP, the syntax is as follows:scpfilenameusername@ip_address:filenameThis example uploads a file named script.py to TLRdevice 192.168.1.1:$ scp script.py john@192.168.1.1:script.pyPassword:script.py 100%3728 0.3KB/s 00:00Download files using SCPTo download a file from a TLRdevice using SCP, the syntax is as follows:scp username@ip_address:filenamefilenameThis example downloads a file named config.da0 from TLR device 192.168.1.1 using the usernamejohn to the local directory:$ scp john@192.168.1.1:config.da0 config.da0Password:config.da0 100%254 0.3KB/s 00:00Upload files using SFTPThis example uploads a file named lr54-1.0.2.10.bin to TLR device 192.168.1.1 using the usernamejohn:$ sftp john@192.168.1.1Password:Connected to 192.168.1.1sftp> put lr54-1.0.2.10.binUploading lr54-1.0.2.10.bin to lr54-1.0.2.10.binlr54-1.0.2.10.bin 100%24M 830.4KB/s 00:00sftp> exit$Download files using SFTPThis example downloads a file named config.da0 from TLR device 192.168.1.1 using the usernamejohn to the local directory:$ sftp john@192.168.1.1Password:Connected to 192.168.1.1sftp> get config.da0Fetching config.da0 to config.da0

Upload and download filesTransPort LR User Guide 125config.da0 100%254 0.3KB/s 00:00sftp> exit$

TransPort LR User Guide 133Command referenceThese topics describe the command-line interface for TransPort LR devices and the commandsentered through the command-line interface.

Command-line interface basicsTransPort LR User Guide 136digi.router> dsl mode ?Syntax : dsl 1 mode <value>Description : DSL line modeCurrent Value : autoValid Values : auto, adsl2-plus, adsl2, gdmt, gliteDefault value : autodigi.router> dsl modeRevert command elements using the ! characterEntering !reverts an individual command element to its factory default. For example, to revert theprevious setting of interfaces on the lan command, enter:lan 1 interfaces !Auto-complete commands and parametersWhen entering a command and parameter, pressing the Tab key causes the command-line interfaceto auto-complete as much of the command and parameter as possible.Auto-complete applies to these command elements only :nCommand names. For example, entering cell<Tab> auto-completes the command as cellularnParameter names. For example:lping int<Tab> auto-completes the parameter as interfacelsystem loc<Tab>auto-completes the parameter as location.nParameter values, where the value is one of an enumeration or an on|off type; for example,eth 1 duplex auto|full|halfAuto-complete does not function for:nParameter values that are string typesnInteger valuesnFile namesnSelect parameters passed to commands that perform an actionEnter configuration commandsConfiguration commands configure settings for various device features. These commands have thefollowing format:<command> <instance> <parameter> <value>Where <instance> is the index number associated with the feature. For example, this commandconfigures the eth1 Ethernet interface:eth 1 ip-address 10.1.2.3For commands with only one instance, you do not need to enter the instance; for example:system timeout 100

Command-line interface basicsTransPort LR User Guide 138CPU : 3% (min 1%, max 70%, avg 3%)Temperature : Not availableDescription :Location :Contact :digi.router>Change the configuration file name1. Change the name of the configuration file to be used at boot-up and when the configuration issaved.update config <filename>2. If the new configuration file does not exist, enter the save on page 176 command to createand save the configuration file.save configRelated topicsManaging configuration files on page 102Save configuration settings to a file on page 137Use multiple configuration files to test the configuration on remote devices on page 107Related commandssave on page 176show system on page 199Display status and statistics using "show" commandsshow commands display status and statistics for various features. For example:nshow config on page 181 displays all the current configuration settings for the device. This is aparticularly useful during initial device startup after running the Getting Started Wizard, orwhen troubleshooting the device.nshow system on page 199 displays system information and statistics for the device, includingCPU usage.nshow eth on page 186 displays status and statistics for specific or all Ethernet interfaces.nshow dsl on page 182 displays status and statistics for the DSLinterface.nshow cellular on page 178 displays status and statistics for specific or all cellular interfaces.Enter file management commandsThere are commands for managing files in the device's file system, such as copy,del,mkdr,rename,rmdir.For more information, see About the TLRfile system.

Command descriptionsTransPort LR User Guide 140Command descriptionsFollowing are the TLR Family command-line interface commands. Commands are organized bycommand type, in alphabetical order.

$Command descriptionsTransPort LR User Guide 141autorunConfigures commands to be automatically run at boot-up. Auto-run commands can be used for taskssuch as starting a Python program, switching configuration files, or scheduling a reboot. You canconfigure up to 10 auto-run commands.Syntaxautorun <1 - 10> <parameter> <value>ParameterscommandCommand to run.Accepted value is any string up to 100 characters.Examplesnautorun 1 command \"python script.py\"Automatically run a Python program.$

Command descriptionsTransPort LR User Guide 142cdChanges the current directory.Syntaxcd [dir]ParametersdirWhen a directory name is specified, 'cd' changes the current directory to it.

Command descriptionsTransPort LR User Guide 143cellularConfigures a cellular interface.Syntaxcellular <1 - 2> <parameter> <value>ParametersstateEnables or disables the cellular interface, or enables it as an on-demand interface. The 'on-demand'setting allows configuring the cellular interface as an on-demand interface. An on-demand interfaceis brought up as needed if a higher priority goes down.Accepted values can be one of off, on or on-demand. The default value is off.descriptionA description of the cellular interface.Accepted value is any string up to 63 characters.apnThe Access Point Name (APN) for the cellular interface.Accepted value is any string up to 63 characters.apn-usernameThe username for the APN.Accepted value is any string up to 63 characters.apn-passwordThe password for the APN.This element is available to all users.Accepted value is any string up to 128 characters.preferred-modeThe preferred cellular mode for the cellular interface.Accepted values can be one of auto, 4g, 3g or 2g. The default value is auto.connection-attemptsThe number of attempts to establish a cellular connection. After this number of attempts, the cellularmodule is power cycled, and the device attmpts to make a cellular connection again.Accepted value is any integer from 10 to 500. The default value is 20.Examplesncellular 1 state onEnable the Cellular 1 interface.

Command descriptionsTransPort LR User Guide 144ncellular 1 state offDisable the Cellular 1 interface.ncellular 1 state on-demandDisable Cellular 1 interface until the failover task brings it up.ncellular 2 apn broadbandSet the SIM slot 2 APN to 'broadband.'ncellular 1 username my-usernameSet the SIM slot 1 username to 'my-username.'ncellular 1 password my-passwordSet the SIM slot 1 password to 'my-password.'

Command descriptionsTransPort LR User Guide 145clearClears system status and statistics, such as the event log, firewall counters, etc.This command is available to super users only.Syntaxclear firewall | logParametersfirewallClears firewall counters.logClears the event log.Examplesnclear firewallClear the packet and byte counters in all firewall rules.nclear logClear the event log and leaves an entry in the log after clearing.

Command descriptionsTransPort LR User Guide 146cloudConfigures Digi Remote Manager settings.Syntaxcloud <parameter> <value>ParametersstateEnables or disables Digi Remote Manager.Value is either on or off. The default value is off.serverThe name of the Digi Remote Manager server.Value should be a fully qualified domain name. The default value is my.devicecloud.com.reconnectThe time, in seconds, between the device's attempts to connect to Digi Remote Manager.Accepted value is any integer from 0 to 3600. The default value is 30.keepaliveThe interval, in seconds, used to contact the server to validate connectivity over a non-cellularinterface.Accepted value is any integer from 10 to 7200. The default value is 60.keepalive-cellularThe interval, in seconds, used to contact the server to validate connectivity over a cellular interface.Accepted value is any integer from 10 to 7200. The default value is 290.keepalive-countNumber of keepalives missed before the device disconnects from Remote Manager.Accepted value is any integer from 0 to 10. The default value is 3.

Command descriptionsTransPort LR User Guide 147copyCopies a file.This command is available to all users.Syntaxcopy source destParameterssourceThe source file to be copied to the location specified by 'dest.'destThe destination file, or file to which the source file is copied.

Command descriptionsTransPort LR User Guide 148cpuShow CPU usageSyntaxcpuParameters

Command descriptionsTransPort LR User Guide 149dateManually sets and displays the system date and time.Syntaxdate [HH:MM:SS [DD:MM:YYYY]]ParameterstimeSystem time, specified in the 24-hour format HH:MM:SS.dateSystem date, specified in the format DD:MM:YYYY.Examplesndate 14:55:00 03:05:2016Set the system date and time to 14:55:00 on May 3, 2016.

Command descriptionsTransPort LR User Guide 150delDeletes a file.This command is available to all users.Syntaxdel fileParametersfileThe file to be deleted.

Command descriptionsTransPort LR User Guide 151dhcp-serverConfigures Dynamic Host Configuration Protocol (DHCP) server settings.Syntaxdhcp-server <1 - 10> <parameter> <value>ParametersstateEnables or disables this DHCP server.Value is either on or off. The default value is off.ip-address-startThe first IP address in the pool of addresses to assign.Value should be an IPv4 address.ip-address-endThe last IP address in the pool of addresses to assign.Value should be an IPv4 address.maskThe IP network mask given to clients.Value should be an IPv4 address.gatewayThe IP gateway address given to clients.Value should be an IPv4 address.dns1Preferred DNS server address given to clients.Value should be an IPv4 address.dns2Alternate DNS server address given to clients.Value should be an IPv4 address.lease-timeThe length, in minutes, of the leases issued by this DHCP server.Accepted value is any integer from 2 to 10080. The default value is 1440.

Command descriptionsTransPort LR User Guide 152dirDisplays the contents of the current directory.Syntaxdir [file]ParametersfileLists information about the file (by default, the current directory).

Command descriptionsTransPort LR User Guide 153dslConfigures the DSL interface and account information.This group is only supported in LR54, LR54W, LR54D and LR54DWC1 products.Syntaxdsl <parameter> <value>ParametersstateEnables or disables the DSL interface, or enables it as an on-demand interface. The 'on-demand'setting allows configuring the DSL interface as an on-demand interface. An on-demand interface isbrought up as needed if a higher priority goes down.Accepted values can be one of off, on or on-demand. The default value is off.descriptionDescription of the DSL interface.Accepted value is any string up to 63 characters.modeDSL line mode. The default, 'auto,' trains the DSL interface to the best available (highestperformance) mode offered by the DSLAM.Accepted values can be one of auto, adsl2-plus, adsl2, gdmt or glite. The default value is auto.vpiVirtual Path Identifier (VPI) for the DSL interface.Accepted value is any integer from 0 to 255. The default value is 0.vciVirtual Circuit Identifier (VCI) for the DSL interface.Accepted value is any integer from 17 to 65535. The default value is 38.encapsulationData encapsulation to use on the DSL interface.Accepted values can be one of pppoa-vcmux, pppoa-llc, pppoe-vcmux or pppoe-llc. The default value ispppoa-vcmux.ppp-usernamePPP username for this DSL interface.Accepted value is any string up to 63 characters.ppp-passwordPPP password for the DSL interface.This element is available to all users.Accepted value is any string up to 128 characters.

Command descriptionsTransPort LR User Guide 154mtuMaximum Transmission Unit (MTU) for this DSL interface.Accepted value is any integer from 128 to 1500. The default value is 1500.delay-upDelays the DSL interface from coming up for this number of seconds. This delay allows the DSLprovider network to propagate network changes after the device has connected to the network, andbefore packets can be sent and received. This delay prevents the device from assuming the networkis fully operational before it actually is fully operational, which could in turn cause problems withother features, such as interface failover. During this delay, the DSL??LED flashes, to indicate theinterface is not fully up. Because characteristics can differ among provider networks, use of thisparameter is provider-specific.Accepted value is any integer from 0 to 60. The default value is 0.Examplesndsl vpi 0Set the DSL Virtual Path Identifier to 0.ndsl vci 38Set the DSL Virtual Channel Identifier to 38.ndsl encapsulation pppoa-vcmuxSet the DSL encapsulation type to 'PPPoA, VC-Mux.'ndsl ppp-username my-usernameSet the DSL account login username to 'my-username.'ndsl ppp-password my-passwordSet the DSL account login password to 'my-password.'ndsl mode autoAllow the DSL interface to train to any available line mode.ndsl mode gdmtForce the DSL interface to train only in G.dmt mode, or not at all.ndsl state onEnable DSL interface.

Command descriptionsTransPort LR User Guide 155ndsl state offDisable DSL interface.ndsl state on-demandDisable DSL interface until the failover task brings it up.

Command descriptionsTransPort LR User Guide 156ethConfigures an Ethernet interface.Syntaxeth <1 - 4> <parameter> <value>ParametersstateEnables or disables the Ethernet interface, or enables it as an on-demand interface. The 'on-demand'setting allows configuring the Ethernet interface as an on-demand interface. An on-demand interfaceis brought up as needed if a higher priority goes down.Accepted values can be one of off, on or on-demand. The default value is on.descriptionA description of the Ethernet interface.Accepted value is any string up to 63 characters.duplexThe duplex mode the device uses to communicate on the Ethernet network. The keyword 'auto'causes the device to sense the mode used on the network and adjust automatically.Accepted values can be one of auto, full or half. The default value is auto.speedTransmission speed, in Mbps, the device uses on the Ethernet network. The keyword 'auto' causesthe device to sense the Ethernet speed of the network and adjust automatically.Accepted values can be one of auto, 10, 100 or 1000. The default value is auto.mtuThe Maximum Transmission Unit (MTU) transmitted over the Ethernet interface.Accepted value is any integer from 64 to 1500. The default value is 1500.Examplesneth 3 mask 255.255.255.0Set network mask of Ethernet interface 3 to 255.255.255.0.neth 3 state onEnable Ethernet interface 3.neth 3 state offDisable Ethernet interface 3.

Command descriptionsTransPort LR User Guide 157neth 3 state on-demandDisable Ethernet interface 3 until the failover task brings it up.

Command descriptionsTransPort LR User Guide 158firewallConfigures the firewall.This command is available to super users only.Syntaxfirewall ruleParametersruleFirewall rule

Command descriptionsTransPort LR User Guide 159failoverConfigures WAN failover settings.Syntaxfailover <1 - 10> <parameter> <value>ParametersstateEnables or disables this WAN failover configuration.Value is either on or off. The default value is off.fromThe WAN interface to failover from. Also known as the primary WAN interface.Accepted values can be one of none, lan1, lan2, lan3, lan4, lan5, lan6, lan7, lan8, lan9, lan10, dsl,cellular1 or cellular2. The default value is none.toThe interface to failover to. Also known as the backup WAN interface.Accepted values can be one of none, lan1, lan2, lan3, lan4, lan5, lan6, lan7, lan8, lan9, lan10, dsl,cellular1 or cellular2. The default value is none.useThe failover detection method.Accepted values can be one of ping or passive. The default value is passive.timeoutThe number of seconds after which the primary WAN interface should fail over to the backup WANinterface.Accepted value is any integer from 10 to 3600. The default value is 180.probe-hostThe IPv4 device to send probe packets to.Value should be a fully qualified domain name.probe-intervalThe interval, in seconds, between sending probe packets.Accepted value is any integer from 1 to 3600. The default value is 60.probe-sizeThe size, in bytes, of the probe packet.Accepted value is any integer from 64 to 1500. The default value is 64.

Command descriptionsTransPort LR User Guide 160alternate-afterThe time, in seconds, to wait before sending probe packets to an alternate probe when the primaryprobe fails.Accepted value is any integer from 0 to 3600. The default value is 0.alternate-probe-hostWhen alternate-after is non-zero, this IPv4 address is used as an alternate address when probes failon the host configured device.Value should be a fully qualified domain name.switch-primary-upThe primary interface up time, in seconds, to wait before switching back from the from the backupWAN interface to the primary WAN interface.Accepted value is any integer from 0 to 3600. The default value is 0.switch-afterThe failover time, in seconds, to wait before reattempting to return to the primary WAN interface.Accepted value is any integer from 0 to 86400. The default value is 0.probe-timeoutThe timeout period, in seconds, for each probe packet.Accepted value is any integer from 1 to 60. The default value is 1.

Command descriptionsTransPort LR User Guide 161ipConfigures Internet Protocol (IP) settings.Syntaxip <parameter> <value>Parametersadmin-connAdministrative distance value for connected routes. Administrative distance values rank route typesfrom most to least preferred. If there are two routes to the same destination that have the samemask, the device uses a route's 'metric' parameter value to determine which route to use. In such acase, the administrative distances for the routes determine the preferred type of route to use. Theadministrative distance is added to the route's metric to calculate the metric the routing engineuses. Usually, connected interfaces are most preferred, because the device is directly connected tothe networks on such interfaces, followed by static routes.Accepted value is any integer from 0 to 255. The default value is 0.admin-staticAdministrative distance value for static routes. See 'admin-conn' for how routers use administrativedistance.Accepted value is any integer from 0 to 255. The default value is 1.hostnameIP hostname for this device.Accepted value is any string up to 63 characters.

Command descriptionsTransPort LR User Guide 162ipsecConfigures an IPsec tunnel. Up to 32 IPsec tunnels can be configured.Syntaxipsec <1 - 32> <parameter> <value>ParametersstateEnables or disables the IPsec tunnel, or enables it as an on-demand interface. The 'on-demand'setting allows configuring the IPsec tunnel as an on-demand interface. An on-demand interface isbrought up as needed if a higher priority goes down.Accepted values can be one of off, on or on-demand. The default value is off.descriptionA description of this IPsec tunnel.Accepted value is any string up to 255 characters.peerThe remote peer for this IPsec tunnel.Value should be a fully qualified domain name.local-networkThe local network IP address for this IPsec tunnel.Value should be an IPv4 address.local-maskThe local network mask for this IPsec tunnel.Value should be an IPv4 address.remote-networkThe remote network IP address for this IPsec tunnel.Value should be an IPv4 address.remote-maskThe remote network mask for this IPsec tunnel.Value should be an IPv4 address.esp-authenticationThe Encapsulating Security Payload (ESP) authentication type used for the IPsec tunnel.Accepted values can be multiple values of sha1 and sha256. The default value is sha1.esp-encryptionESP encryption type for IPsec tunnelAccepted values can be multiple values of aes128, aes192 and aes256. The default value is aes128.

Command descriptionsTransPort LR User Guide 163esp-diffie-hellmanThe Encapsulating Security Payload (ESP) Diffie Hellman group used for for the IPsec tunnel.Accepted values can be multiple values of none, group5, group14, group15, group16, group17 andgroup18. The default value is group14.auth-byThe authentication type for the IPsec tunnel.Accepted values can be multiple values of psk. The default value is psk.pskThe preshared key for the IPsec tunnel.This element is available to all users.Accepted value is any string up to 128 characters.local-idThe local ID used for this IPsec tunnel.Accepted value is any string up to 31 characters.remote-idThe remote ID used for this IPsec tunnel.Accepted value is any string up to 31 characters.lifetimeNumber of seconds before this IPsec tunnel is renegotiated.Accepted value is any integer from 60 to 86400. The default value is 3600.lifebytesNumber of bytes sent before this IPsec tunnel is renegotiated. A value of 0 means the IPsec tunnelwill not be renegotiated based on the amount of data sent.Accepted value is any integer from 0 to 4000000000. The default value is 0.margintimeThe number of seconds before the 'lifetime' limit to attempt to renegotiate the security association(SA).Accepted value is any integer from 1 to 3600. The default value is 540.marginbytesThe number of bytes before the 'lifebytes' limit to attempt to renegotiate the security association(SA).Accepted value is any integer from 0 to 1000000000. The default value is 0.randomThe percentage of the total renegotiation limits that should be randomized.Accepted value is any integer from 0 to 200. The default value is 100.

Command descriptionsTransPort LR User Guide 164ikeThe Internet Key Exchange (IKE) version to use for this IPsec tunnel.Accepted value is any integer from 1 to 2. The default value is 1.ike-modeThe IKEv1 mode to use for this IPsec tunnel.Accepted values can be one of main or aggressive. The default value is main.ike-encryptionThe IKE encryption type for this IPsec tunnel.Accepted values can be multiple values of aes128, aes192 and aes256. The default value is aes128.ike-authenticationThe IKE authentication type for this IPsec tunnel.Accepted values can be multiple values of sha1 and sha256. The default value is sha1.ike-diffie-hellmanThe IKE Diffie-Hellman group for this IPsec tunnel. Diffie-Hellman is a public-key cryptographyprotocol for establishing a shared secret over an insecure communications channel. Diffie-Hellman isused with Internet Key Exchange (IKE) to establish the session keys that create a secure channel.Accepted values can be multiple values of group5, group14, group15, group16, group17 and group18.The default value is group14.ike-lifetimeThe lifetime for the IKE key, in seconds.Accepted value is any integer from 180 to 4294967295. The default value is 4800.ike-triesThe number of attempts to negotiate this IPsec tunnel before failing.Accepted value is any integer from 0 to 100. The default value is 3.dpddelayDead peer detection transmit delay.Accepted value is any integer from 1 to 3600. The default value is 30.dpdtimeoutTimeout, in seconds, for dead peer detection.Accepted value is any integer from 1 to 3600. The default value is 150.dpdEnables or disables dead peer detection. Dead Peer Detection (DPD) is a method of detecting a deadInternet Key Exchange (IKE) peer. The method uses IPsec traffic patterns to minimize the number ofmessages required to confirm the availability of a peer.Value is either on or off. The default value is off.

Command descriptionsTransPort LR User Guide 165Examplesnipsec 3 state onEnable IPsec tunnel 3.nipsec 3 state offDisable IPsec tunnel 3.nipsec 3 state on-demandDisable IPsec tunnel 3 until the failover task brings it up.nipsec 3 esp-authentication sha256Set ESP authentication for IPsec tunnel 3 to SHA256.nipsec 3 esp-encryption aes256Set ESP encryption for IPsec tunnel 3 to AES 256 bit keys.nipsec 3 esp-diffie-hellman group15Set IPsec tunnel 3 to use ESP Diffie Hellman group 15 for negotiation.

Command descriptionsTransPort LR User Guide 166ipsec-failoverConfigures IPsec tunnel failover.Syntaxipsec-failover <1 - 10> <parameter> <value>ParametersstateEnables or disables the IPsec failover feature.Value is either on or off. The default value is off.fromThe IPsec tunnel to failover from. Also known as the primary IPsec tunnel.Accepted value is any integer from 1 to 32. The default value is 1.toThe IPsec tunnel to failover to. Also known as the backup IPsec tunnel.Accepted value is any integer from 1 to 32. The default value is 1.timeoutThe time, in seconds, once the primary interface has gone down, that the IPsec tunnel failoverfeature should wait before attempting to failover to the backup IPsec tunnel.Accepted value is any integer from 10 to 3600. The default value is 180.probe-hostProbe this IPv4 device.Value should be a fully qualified domain name.probe-intervalThe interval, in seconds, between sending probe packets.Accepted value is any integer from 1 to 3600. The default value is 60.probe-sizeThe size, in bytes, of the probe packet.Accepted value is any integer from 64 to 1500. The default value is 64.probe-timeoutThe time to wait before a response to the probe packet.Accepted value is any integer from 1 to 60. The default value is 1.switch-primary-upThe time, in seconds, to wait after the primary IPsec tunnel comes up before switching back to it.Accepted value is any integer from 0 to 3600. The default value is 0.

Command descriptionsTransPort LR User Guide 167lanConfigures a LAN interface. A LAN interface is a group of Ethernet and Wi-Fi interfaces.Syntaxlan <1 - 10> <parameter> <value>ParametersstateEnables or disables a LAN interface.Value is either on or off. The default value is off.descriptionA descriptive name for the LAN.Accepted value is any string up to 63 characters.mtuMaximum Transmission Unit (MTU) for the LAN.Accepted value is any integer from 128 to 1500. The default value is 1500.interfacesThe member interfaces for the LAN.Accepted values can be multiple values of eth1, eth2, eth3, eth4, wifi1, wifi2, wifi3, wifi4, wifi5g1,wifi5g2, wifi5g3 and wifi5g4.ip-addressIPv4 address for the LAN. While it is not strictly necessary for a LAN interface to have an IP address,an IP address must be configured to send traffic from and to the LAN network.Value should be an IPv4 address.maskIPv4 subnet mask for the LAN.Value should be an IPv4 address. The default value is 255.255.255.0.dns1Preferred DNS server.Value should be an IPv4 address.dns2Alternate DNS server.Value should be an IPv4 address.dhcp-clientEnables or disable the DHCP client for this LAN.Value is either on or off. The default value is off.

Command descriptionsTransPort LR User Guide 168mkdirCreates a directory.This command is available to all users.Syntaxmkdir dirParametersdirThe directory to be created.

Command descriptionsTransPort LR User Guide 169moreDisplays the contents of a file.Syntaxmore [file]ParametersfileFile to be displayed.

Command descriptionsTransPort LR User Guide 170pingSends ICMP echo (ping) packets to the specified destination address.Syntaxping [count n] [interface ifname] [size bytes] destinationParameterscountNumber of pings to send.interfaceThe interface from which pings are sent.sizeThe number of data bytes to send.destinationThe name of the IP host to ping.Examplesnping 8.8.8.8Ping IP address 8.8.8.8 with packets of default size 56 bytesnping count 10 size 8 8.8.8.8Ping IP address 8.8.8.8 for 10 timesnping interface eth2 count 5 8.8.8.8Ping IP address 8.8.8.8 for 5 times via Ethernet interface 2

Command descriptionsTransPort LR User Guide 171pwdDisplays the current directory name.SyntaxpwdParameters

Command descriptionsTransPort LR User Guide 172rebootReboots the device immediately or at a scheduled time. Performing a reboot will not automaticallysave any configuration changes since the configuration was last saved.This command is available to all users.Syntaxreboot [[in M][at HH:MM][cancel]]ParametersinFor a scheduled reboot, the minutes before the device is rebooted.atFor a scheduled reboot, the time to reboot the device, specified in the format HH:MM.cancelCancels a scheduled reboot.

Command descriptionsTransPort LR User Guide 173renameRenames a file.This command is available to all users.Syntaxrename oldName newNameParametersoldNameOld file name.newNameNew file name.

Command descriptionsTransPort LR User Guide 174rmdirDeletes a directory.This command is available to all users.Syntaxrmdir dirParametersdirThe directory to be removed.

Command descriptionsTransPort LR User Guide 175routeConfigures a static route, a manually-configured entry in the routing table.Syntaxroute <1 - 32> <parameter> <value>ParametersdestinationThe destination IP network for the static route.Value should be an IPv4 address.maskThe destination IP netmask for the static route.Value should be an IPv4 address.gatewayThe gateway to use for the static route.Value should be an IPv4 address.metricThe metric for the static route. The metric defines the order in which routes should be used if thereare two routes to the same destination. In such a case, the smaller metric is used.Accepted value is any integer from 0 to 255. The default value is 0.interfaceThe name of the interface to which packets are routed.Accepted values can be one of none, lan1, lan2, lan3, lan4, lan5, lan6, lan7, lan8, lan9, lan10, dsl,cellular1 or cellular2. The default value is none.

Command descriptionsTransPort LR User Guide 176saveSaves the configuration to flash memory. Unless you issue this command, all configuration changessince the configuration was last saved are discarded after a reboot.This command is available to all users.Syntaxsave configParametersconfigSaves all configuration to flash memory.Examplesnsave configSave the current configuration to flash memory.

Command descriptionsTransPort LR User Guide 177serialConfigures a serial interface.Syntaxserial <1 - 4> <parameter> <value>ParametersstateEnables or disables the serial interface.Value is either on or off. The default value is on.descriptionA description of the serial interface.Accepted value is any string up to 63 characters.baudThe data rate in bits per second (baud) for serial transmission.Accepted values can be one of 110, 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200,230400, 460800 or 921600. The default value is 115200.databitsNumber of data bits in each transmitted character.Accepted values can be one of 8 or 7. The default value is 8.paritySets the parity bit. The parity bit is a method of detecting errors in transmission. It is an extra databit sent with each data character, arranged so that the number of 1 bits in each character, includingthe parity bit, is always odd or always even.Accepted values can be one of none, odd or even. The default value is none.stopbitsThe number of stop bits sent at the end of every character.Accepted values can be one of 1 or 2. The default value is 1.flowcontrolThe type of flow control signals to pause and resume data transmission. Available options aresoftware flow control using XON/XOFF characters, hardware flow control using the RS232 RTS andCTS signals, or no flow control signals.Accepted values can be one of none, software or hardware. The default value is none.

Command descriptionsTransPort LR User Guide 178show cellularDisplays cellular interface status and statistics.ParametersdescriptionA description of the cellular interface.moduleManufacturer's model number for the cellular modem.firmware-versionManufacturer's version number for the software running on the cellular modem.hardware-versionManufacturer's version number for the cellular modem hardware.imeiInternational Mobile Station Equipment Identity (IMEI) number for the cellular modem, a uniquenumber assigned to every mobile device.sim-statusWhich SIM slot is currently in use by the device.signal-strengthA measure of the signal level of the cellular network, measured in dB.signal-qualityAn indicator of the quality of the received cellular signal, measured in dB.registration-statusThe status of the cellular modem's connection to a cellular network.network-providerNetwork provider for the cellular network.temperatureCurrent temperature of the cellular modem, as read and reported by the temperature sensor on thecellular module.connection-typeCellular connection type.radio-bandThe radio band on which the cellular modem is operating.

Command descriptionsTransPort LR User Guide 179channelThe radio channel on which the cellular modem is operating.pdp-contextThe current Packet Data Protocol (PDP) connection context. A PDP context contains routinginformation for packet transfer between a mobile station (MS) and a gateway GPRS support node(GGSN) to have access to an external packet-switching network. The PDP context identified by anexclusive MS PDP address (the mobile station's IP address). This means that the mobile station willhave as many PDP addresses as activated PDP contexts.ip-addressIP address for the cellular interface.maskAddress mask for the cellular interface.gatewayIP address of the remote end of the cellular connection.dns-serversIP addresses of the DNS servers in use for the cellular interface.rx-packetsNumber of packets received by the cellular modem during the current data session.tx-packetsNumber of packets transmitted by the cellular modem during the current data session.rx-bytesNumber of bytes received by the cellular modem during the current data session.tx-bytesNumber of bytes transmitted by the cellular modem during the current data session.

Command descriptionsTransPort LR User Guide 180show cloudDisplays Digi Remote Manager connection status and statistics.ParametersstatusStatus of the device connection to the Digi Remote Manager.serverThe URL of the connected Digi Remote Manager.deviceidDevice ID for Digi Remote Manager connection.uptimeAmount of time, in seconds, that the Digi Remote Manager connection has been established.rx-bytesNumber of bytes received from Digi Remote Manager.rx-packetsNumber of packets received from Digi Remote Manager.tx-bytesNumber of bytes transmitted to Digi Remote Manager.tx-packetsNumber of packets transmitted to Digi Remote Manager.

Command descriptionsTransPort LR User Guide 181show configDisplays the current device configuration.ParametersconfigThe current configuration running on the device.

Command descriptionsTransPort LR User Guide 182show dslDisplays the DSL interface status and statistics.This group is only supported in LR54, LR54W, LR54D and LR54DWC1 products.ParametersdescriptionDescription of the DSL interface.admin-statusWhether the DSL interface is sufficiently configured to be brought up.oper-statusWhether the DSL interface is up or down.uptimeAmount of time the DSL interface has been in the Up state.hardware-versionThe hardware version of the DSL modem.firmware-versionThe version of the firmware running on the DSL modem.system-firmware-idAn identifier of the firmware running on the DSL modem.line-statusThe status of the DSL line.line-uptimeDSL line uptime, in secondsline-modeThe operational mode for the DSL interface when it is in the Up state.encapsulationThe data encapsulation type for the DSL interface.vpiVirtual Path Identifier (VPI) for the DSL interface.vciVirtual Circuit Identifier (VCI) for the DSL interface.

Command descriptionsTransPort LR User Guide 183mtuMaximum Transmission Unit (MTU) for the DSL interface.remote-vendor-idThe remote vendor ID of the DSLAM to which the DSL interface is connected.ip-addressIP address of the DSL interface.maskAddress mask of the DSL interface.gatewayGateway address of the DSL interface.rx-packetsNumber of packets received by the DSL interface.tx-packetsNumber of packets transmitted by the DSL interface.rx-bytesNumber of bytes received by the DSL interface.tx-bytesNumber of bytes transmitted by the DSL interface.downstream-speedCurrent speed of the downstream DSL channel, in kbps.upstream-speedCurrent speed of the upstream DSL channel, in kbps.downstream-channel-typeThe channel type being used on the downstream DSL channel, either Fast or Interleaved.upstream-channel-typeThe channel type being used on the upstream DSL channel, either Fast or Interleaved.downstream-relative-capacityThe current relative capacity on the downstream DSL channel. The relative capacity is thepercentage of overall available bandwidth.

Command descriptionsTransPort LR User Guide 184upstream-relative-capacityThe current relative capacity on the upstream DSL channel.downstream-attentuationThe current attenuation, in decibels, on the downstream DSL channel. Attenuation is the measure ofhow much the signal has degraded between the DSLAM and the DSL modem. The lower theattenuation, the better the performance.upstream-attentuationThe current attenuation, in decibels, on the upstream DSL channel.downstream-noise-marginThe current noise margin, in decibels, on the downstream DSL channel. The noise margin (also knownas Signal to Noise Ratio) is the relative strength of the DSL signal to noise. The larger the noisemargin, the better the performance. In some instances, interleaving can help raise the noise margin.upstream-noise-marginThe current noise margin, in decibels, on the upstream DSL channel.downstream-output-powerThe current amount of power, in dBm, that the DSLAM (downstream) is using. The lower the poweroutput, the better the performance.upstream-output-powerThe current amount of power, in dBm, that the DSL modem (upstream) is using. The lower the poweroutput, the better the performance.downstream-fec-errorsThe number of Forward Error Correction (FEC) errors that have occurred downstream.upstream-fec-errorsThe number of FEC errors that have occurred upstream.downstream-crc-errorsThe number of cyclic redundancy check (CRC) errors that have occurred downstream.upstream-crc-errorsThe number of CRC errors that have occurred upstream.downstream-hec-errorsThe number of Header Error Controls (HEC) errors that have occurred downstream.upstream-hec-errorsThe number of HEC errors that have occurred upstream.

Command descriptionsTransPort LR User Guide 185errored-secs-15minThe number of errored seconds in a 15-minute period. An errored second is an interval of a secondduring which any error whatsoever has occurred, regardless of whether that error was a single biterror, or a complete loss of communication for that entire second.errored-secs-24hrThe number of errored seconds in a 24-hour period.errored-secs-lineupThe number of errored seconds after the DSL line comes up.

Command descriptionsTransPort LR User Guide 186show ethDisplays Ethernet interfaces status and statistics.ParametersdescriptionA description of the Ethernet interface.admin-statusWhether the Ethernet interface is sufficiently configured to be brought up.oper-statusWhether the Ethernet interface is up or down.uptimeAmount of time the Ethernet interface has been up.mac-addressThe MAC address, or physical address, of the Ethernet interface.link-statusThe current speed and duplex mode of the Ethernet interface.link-speedThe current speed of the Ethernet interface.link-duplexThe current duplex mode of the Ethernet interface.rx-unicast-packetsThe number of unicast packets transmitted on the Ethernet interface.tx-unicast-packetsThe number of unicast packets transmitted on the Ethernet interface.rx-broadcast-packetsThe number of broadcast packets received on the Ethernet interface.tx-broadcast-packetsThe number of broadcast packets transmitted on the Ethernet interface.rx-multicast-packetsThe number of multicast packets received on the Ethernet interface.

Command descriptionsTransPort LR User Guide 187tx-multicast-packetsThe number of multicast packets transmitted on the Ethernet interface.rx-crc-errorsThe number of received packets that do not contain the proper cyclic redundancy check (CRC), orchecksum value.tx-crc-errorsThe number of transmitted packets that do not contain the proper cyclic redundancy check (CRC), orchecksum value.rx-drop-packetsThe number of received packets that have been dropped on the Ethernet interface.tx-drop-packetsThe number of transmitted packets that have been dropped on the Ethernet interface.rx-pause-packetsThe number of pause packets received on the Ethernet interface. An overwhelmed network node cansend a packet, which halts the transmission of the sender for a specified period of time.tx-pause-packetsThe number of pause packets transmitted on the Ethernet interface.rx-filtering-packetsThe number of received packets that were blocked or dropped through packet filtering.tx-collisionssThe number of collision events detected in transmitted data. Collisions occur when two devicesattempt to place a packet on the network at the same time. Collisions are detected when the signalon the cable is equal to or exceeds the signal produced by two or more transceivers that aretransmitting simultaneously.rx-alignment-errorThe number of received packets that do not end on an 8-bit boundary, known as an alignment error.rx-undersize-errorThe number of received packets that do not end on an 8-bit boundary, known as an alignment error.rx-fragment-errorThe number of received packets that contain fewer than the required minimum of 64 bytes, and havea bad CRC. Fragments are generally caused by collisions.rx-oversize-errorThe number of received packets that are larger than the maximum 1518 bytes and have a good CRC.

Command descriptionsTransPort LR User Guide 188rx-jabber-errorThe number of packets that are greater than 1518 bytes and have a bad CRC. If a transceiver doesnot halt transmission after 1518 bytes, it is considered to be a jabbering transceiver.

Command descriptionsTransPort LR User Guide 189show failoverDisplays WAN failover status and statistics.ParametersdescriptionFailover status and state.statusStatus of the WAN failover feature.primary-interfaceThe primary WAN interface.primary-interface-statusStatus of the primary WAN interface.secondary-interfaceThe secondary WAN interface.secondary-interface-statusStatus of the secondary WAN interface.using-interfaceThe current WAN interface in use.detection-methodWAN failover detection method.last-pingWhen the last probe packet was received.failing-overWhether the WAN interface is failing over.switching-backWhether the WAN interface is switching back.

Command descriptionsTransPort LR User Guide 190show firewallDisplays the firewall status and statistics.ParametersconfigThe current firewall running on the device.

Command descriptionsTransPort LR User Guide 191show ipsecDisplays IPsec tunnel status and statistics.ParametersdescriptionA description for this IPsec tunnel.admin-statusWhether this IPsec tunnel is sufficiently configured to be brought up.oper-statusWhether this IPsec tunnel is up or down.uptimeAmount of time, in seconds, this IPsec tunnel has been up.peer-ipPeer IP address for this IPsec tunnel.local-networkLocal network for this IPsec tunnel.local-maskLocal network mask for this IPsec tunnel.remote-networkRemote network for this IPsec tunnel.remote-maskRemote network mask for this IPsec tunnel.key-negotiationKey negotiation used for this IPsec tunnel.rekeying-inAmount of time before the keys are renegotiated.ah-ciphersAuthentication Header (AH) Ciphers.esp-ciphersEncapsulating Security Payload (ESP) Ciphers.

Command descriptionsTransPort LR User Guide 192renegotiating-inRenegotiating in.outbound-esp-saOutbound ESP Security Association (SA).inbound-esp-saInbound ESP Security Association (SA).rx-bytesNumber of bytes received over the IPsec tunnel.tx-bytesNumber of bytes transmitted over the IPsec tunnel.

Command descriptionsTransPort LR User Guide 193show ipstatsDisplays system-level Internet Protocol (IP) status and statistics.Parametersrx-bytesNumber of bytes received.rx-packetsNumber of packets received.rx-multicast-packetsNumber of multicast packets received.rx-multicast-bytesNumber of multicast bytes received.rx-broadcast-packetsNumber of broadcast packets received.rx-forward-datagramsNumber of forwarded packets received.rx-deliversNumber of received packets delivered.rx-reasm-requiredsNumber of received packets that required reassembly.rx-reasm-oksNumber of received packets that were reassembled without errors.rx-reasm-failsNumber of received packets for which reassembly failed.rx-discardsNumber of received IP packets that have been discarded.rx-no-routesNumber of received packets that have no routing information associated with them.rx-address-errorsNumber of received packets containing IP address errors.

Command descriptionsTransPort LR User Guide 194rx-unknown-protosNumber of received packets where the protocol is unknown.rx-truncated-packetsNumber of received packets where the data was truncated.tx-bytesNumber of bytes transmitted.tx-packetsNumber of packets transmitted.tx-multicast-packetsNumber of multicast packets transmitted.tx-multicast-bytesNumber of multicast bytes transmitted.tx-broadcast-packetsNumber of broadcast packets transmitted.tx-forward-datagramsNumber of forwarded packets transmitted.tx-frag-requiredsTotal number of transmitted IP packets that required fragmenting.tx-frag-oksNumber of transmitted IP packets that were fragmented without errors.tx-frag-failsNumber of transmitted IP packets for which fragmentation failed.tx-frag-createsNumber of IP fragments created.tx-discardsNumber of transmitted IP packets that were discarded.tx-no-routesNumber of transmitted IP packets that had no routing information associated with them.

Command descriptionsTransPort LR User Guide 195show lanDisplays LAN interface status and statistics.Parametersadmin-statusWhether the LAN interface is sufficiently configured to be brought up.oper-statusWhether the LAN interface is up or down.descriptionDescription of the LAN interface.interfacesThe interfaces connected by the LAN.mtuMaximum Transmission Unit for the LAN.ip-addressIP address for the LAN.maskSubnet mask for the LAN.rx-bytesNumber of bytes received by the LAN.rx-packetsNumber of packets received by the LAN.tx-bytesNumber of bytes transmitted by the LAN.tx-packetsNumber of packets transmitted by the LAN.

Command descriptionsTransPort LR User Guide 196show logDisplays the event log.ParameterslogsThe name of the event log to display.

Command descriptionsTransPort LR User Guide 197show routeDisplays all IP routes in the IPv4 routing table.ParametersdestinationDestination of the route.gatewayThe gateway for the route.metricThe metric assigned to the route.protocolThe protocol for the route.idxThe index number for the route.interfaceThe interface for the route.statusStatus of the route.

Command descriptionsTransPort LR User Guide 198show serialDisplays serial interface status and statistics.ParametersdescriptionA description of the serial interface.admin-statusWhether the serial interface is sufficiently configured to be brought up.oper-statusWhether the serial interface is up or down.uptimeAmount of time the serial interface has been up.tx-bytesNumber of bytes transmitted over the serial interface.rx-bytesNumber of bytes received over the serial interface.overrunNumber of times the next data character arrived before the hardware could move the previouscharacter.overflowNumber of times the received buffer was full when additional data was received.line-statusThe current signal detected on the serial line.

Command descriptionsTransPort LR User Guide 199show systemDisplays system status and statistics.ParametersmodelThe model name for the device.part-numberThe part number for the device.serial-numberThe serial number for the device.hardware-versionThe hardware version for the device.bankThe current firmware flash memory bank in use.firmware-versionThe current firmware version running on the device.bootloader-versionThe current bootloader version running on the device.config-fileThe current configuration file loaded on the device.uptimeThe time the device has been up.system-timeThe current time on the device.cpu-usageCurrent CPU usage.cpu-minMinimum CPU usage.cpu-maxMaximum CPU usage.

Command descriptionsTransPort LR User Guide 200cpu-avgAverage CPU usage.temperatureThe current temperature of the device.descriptionDescription for this device.locationLocation details for this device.contactContact information for this device.

Command descriptionsTransPort LR User Guide 201show wanDisplays WAN interface status and statistics.Parametersoper-statusWhether the WAN interface is up or down.interfaceThe interface assigned to the WAN.ip-addressIP address for the WAN.

Command descriptionsTransPort LR User Guide 202show wifiDisplays status and statistics for a Wi-Fi 2.4 GHz interface.This group is only supported in LR54, LR54W, LR54D and LR54DWC1 products.ParametersinterfaceThe name of the Wi-Fi 2.4 GHz interface.oper-statusWhether the Wi-Fi 2.4 GHz interface is up or down.ssidService Set Identifier (SSID) for the Wi-Fi 2.4 GHz interface.securitySecurity for the Wi-Fi 2.4 GHz interface.

Command descriptionsTransPort LR User Guide 203show wifi5gDisplays status and statistics for a Wi-Fi 5 GHz interface.This group is only supported in LR54, LR54W, LR54D and LR54DWC1 products.ParametersinterfaceThe name of the Wi-Fi 5 GHz interface.oper-statusWhether the Wi-Fi 5 GHz interface is up or down.ssidService Set Identifier (SSID) for the Wi-Fi 5 GHz interface.securitySecurity for the Wi-Fi 5 GHz interface.

Command descriptionsTransPort LR User Guide 204snmpConfigures Simple Network Management Protocol (SNMP) management for this device.Syntaxsnmp <parameter> <value>Parametersv1Enables or disables SNMPv1 support.Value is either on or off. The default value is off.v2cEnables or disables SNMPv2c support.Value is either on or off. The default value is off.v3Enables or disables SNMPv3 support.Value is either on or off. The default value is off.portThe port on which the device listens for SNMP packets.Accepted value is any integer from 0 to 65535. The default value is 161.authentication-trapsEnables or disables SNMP authentication traps.Value is either on or off. The default value is off.Examplesnsnmp v1 onEnable SNMPv1 support.nsnmp v2c onEnable SNMPv2c support.nsnmp port 161Set the SNMP listening port to 161.

Command descriptionsTransPort LR User Guide 205snmp-communityConfigures SNMPv1 and SNMPv2c communities.Syntaxsnmp-community <1 - 10> <parameter> <value>ParameterscommunitySNMPv1 or SNMPv2c community name.This element is available to all users.Accepted value is any string up to 128 characters.accessSNMPv1 or SNMPv2c community access level.Accepted values can be one of read-only or read-write. The default value is read-only.Examplesnsnmp-community 1 community publicSet the first SNMPv1 or SNMPv2c community name to 'public.'nsnmp-community 1 access read-writeSet the first SNMPv1 or SNMPv2c community access level to 'read-write.'

Command descriptionsTransPort LR User Guide 206snmp-userConfigures SNMPv3 users.Syntaxsnmp-user <1 - 10> <parameter> <value>ParametersuserSNMPv3 user name.Accepted value is any string up to 32 characters.authenticationSNMPv3 authentication type.Accepted values can be one of none, md5 or sha1. The default value is none.privacySNMPv3 privacy type. To use SNMPv3 privacy (that is, Data Encryption Standard (DES) or AdvancedEncryption Standard (AES)) for the SNMP user, the SNMPv3 authentication type must be set to MD5or SHA1.Accepted values can be one of none, aes or des. The default value is none.accessSNMPv3 user access level.Accepted values can be one of read-only or read-write. The default value is read-only.authentication-passwordSNMPv3 authentication password. The password is stored in encrypted form.This element is available to all users.Accepted value is any string between 8 and 64 characters.privacy-passwordSNMPv3 privacy password. The password is stored in encrypted form.This element is available to all users.Accepted value is any string between 8 and 64 characters.

Command descriptionsTransPort LR User Guide 207sntpConfigures system date and time using Simple Network Time Protocol (SNTP). SNTP continually pollsan external NTP time server on either a private company network or the internet at a configuredinterval rate.Syntaxsntp <parameter> <value>ParametersstateEnables or disables SNTP to set the system date and time.Accepted values can be one of off or on. The default value is off.serverThe SNTP server to use for setting system date and time.Value should be a fully qualified domain name. The default value is time.devicecloud.com.update-intervalThe interval, in minutes, at which the device checks the SNTP server for date and time.Accepted value is any integer from 1 to 10080. The default value is 60.

Command descriptionsTransPort LR User Guide 208sshConfigures Secure Shell (SSH) server settings.Syntaxssh <parameter> <value>ParametersserverEnables or disables the SSH server.Value is either on or off. The default value is on.portThe port number for the SSH Server.Accepted value is any integer from 1 to 65535. The default value is 22.

Command descriptionsTransPort LR User Guide 209systemConfigures system settings.Syntaxsystem <parameter> <value>ParameterspromptThe prompt displayed in the command-line interface. You can configure the system prompt to use thedevice's serial number by including '%s' in the SSID. For example, an 'prompt' parameter value of'LR54_%s' resolves to 'LR54_LR123456.'Accepted value is any string up to 16 characters. The default value is digi.router>.timeoutThe time, in seconds, after which the command-line interface times out if there is no activity.Accepted value is any integer from 60 to 3600. The default value is 180.loglevelThe minimum event level that is logged in the event log.Accepted values can be one of emergency, alert, critical, error, warning, notice, info or debug. Thedefault value is info.nameThe name of this device.Accepted value is any string up to 255 characters.locationThe location of this device.Accepted value is any string up to 255 characters.contactContact information for this device.Accepted value is any string up to 255 characters.pageSets the page size for command-line interface output.Accepted value is any integer from 0 to 100. The default value is 40.device-specific-passwordsEnables or disables device-specific passwords. Encrypted passwords, can be device-specific or not.When encrypted passwords are device-specific, they are more secure, but cannot be copied ontoanother device.Value is either on or off. The default value is off.

Command descriptionsTransPort LR User Guide 210descriptionA description of this device.Accepted value is any string up to 255 characters.passthroughThe TCP port used for passthrough. The value 0 disables passthrough mode. A reboot is required forchanges to this setting to take effect.Accepted value is any integer from 0 to 65535. The default value is 0.

Command descriptionsTransPort LR User Guide 211updatePerforms system updates, such as firmware updates, setting the cellular carrier, and setting theconfiguration file used at bootup and when saving configuration. Firmware update options includespecifying the device firmware, the cellular module firmware, and the DSL modem firmware to loadonto the device.Syntaxupdate [firmware | module | dsl | config configuration-file]ParametersfirmwareUpdates the firmware of the device.moduleUpdates the cellular module firmware.dslUpdates the DSL modem firmware.configSets the configuration filename.Examplesnupdate config config.da1Set the configuration file to 'config.da1.'nupdate firmware filenameInitiate the router firmware update process.nupdate module filenameInitiates the module firmware update process.nupdate dsl filenameInitiates the DSL modem firmware update process.

Command descriptionsTransPort LR User Guide 212userConfigures users and user access privileges.Syntaxuser <1 - 10> <parameter> <value>ParametersnameThe username for the user.Accepted value is any string up to 32 characters.passwordThe password for the user.This element is available to all users.Accepted value is any string up to 128 characters.accessThe user access level for the user. User access levels determine the level of control users have overdevice features and their settings. The 'super' access permission allows the most control overfeatures and settings, and 'read-only' the lowest control over features and settings.Accepted values can be one of read-only, read-write or super. The default value is super.

Command descriptionsTransPort LR User Guide 213wanConfigures WAN interface settings. A WAN interface can be an Ethernet, DSL, or cellular interface thatconnects to a remote network, such as the internet.Syntaxwan <1 - 10> <parameter> <value>ParametersinterfaceThe WAN interface to configure.Accepted values can be one of none, eth1, eth2, eth3, eth4, dsl, cellular1 or cellular2. The defaultvalue is none.natEnables Network Address Translation (NAT) for outgoing packets on the WAN interface. NAT is amechanism that allows sending packets from a private network (for example, 10.x.x.x or 192.168.x.x)over a public network. The device changes the source IP address of the packet to be the address forthe WAN interface, which is a public IP address. This allows the device on the public network to knowhow to send responses.Value is either on or off. The default value is on.timeoutThe time, in seconds, once the primary interface has gone down, that the failover feature should waitbefore attempting to failover to the backup WAN??interface.Accepted value is any integer from 10 to 3600. The default value is 180.probe-hostThe IPv4 or fully qualified domain name (FQDN) of the address of the device itself. The WAN failoverfeature sends probe packets over the WAN interface to the IP??address of this device.Value should be a fully qualified domain name.probe-timeoutTimeout, in seconds, for each probe packet.Accepted value is any integer from 1 to 60. The default value is 1.probe-intervalInterval, in seconds, between sending probe packets.Accepted value is any integer from 1 to 3600. The default value is 60.probe-sizeSize of probe packets sent to detect WAN interface failures.Accepted value is any integer from 64 to 1500. The default value is 64.

Command descriptionsTransPort LR User Guide 214activate-afterThe time, in seconds, that the primary interface needs to be up before switching back to it as theactive interface. If probing is active, no probes are permitted to be lost during this period. Otherwise,the timer is restarted.Accepted value is any integer from 0 to 3600. The default value is 0.try-afterThe time, in seconds, to wait before attempting to return to the primary WAN interface. This timer isprimarily used when failing over between cellular1 and cellular2 interfaces. This is because only oneSIM??card can be active at a time.Accepted value is any integer from 0 to 3600. The default value is 0.dhcpEnables or disables the DHCP client. The DHCP client is used to automatically get an IP address forthe interface from a DHCP server.Value is either on or off. The default value is on.

Command descriptionsTransPort LR User Guide 215wifiConfigures a Wi-Fi 2.4 GHz interface.This group is only supported in LR54, LR54W, LR54D and LR54DWC1 products.Syntaxwifi <1 - 4> <parameter> <value>ParametersstateEnables or disables the Wi-Fi 2.4 GHz interface, or enables it as an on-demand interface. The 'on-demand' setting allows configuring the cellular interface as an on-demand interface. An on-demandinterface is brought up as needed if a higher priority goes down.Accepted values can be one of off, on or on-demand. The default value is off.descriptionA descriptive name for the Wi-Fi 2.4 GHz interface.Accepted value is any string up to 255 characters.ssidService Set Identifier (SSID) for the Wi-Fi 2.4 GHz interface. You can configure the SSID to use thedevice's serial number by including '%s' in the SSID. For example, an 'ssid' parameter value of'LR54_%s' resolves to 'LR54_LR123456.'Accepted value is any string up to 32 characters.securitySecurity for the Wi-Fi 2.4 GHz interface.Accepted values can be one of none, wpa2-personal or wpa-wpa2-personal. The default value iswpa2-personal.passwordPassword for the Wi-Fi 2.4 GHz interface.This element is available to all users.Accepted value is any string between 8 and 64 characters.

Command descriptionsTransPort LR User Guide 216wifi5gConfigures a Wi-Fi 5 GHz interface.This group is only supported in LR54, LR54W, LR54D and LR54DWC1 products.Syntaxwifi5g <1 - 4> <parameter> <value>ParametersstateEnables or disables the Wi-Fi 5 GHz interface, or enables it as an on-demand interface. The 'on-demand' setting allows configuring the cellular interface as an on-demand interface. An on-demandinterface is brought up as needed if a higher priority goes down.Accepted values can be one of off, on or on-demand. The default value is off.descriptionA descriptive name for the Wi-Fi 5 GHz interface.Accepted value is any string up to 255 characters.ssidService Set Identifier (SSID) for the Wi-Fi 5 GHz interface. You can configure the SSID to use thedevice's serial number by including '%s' in the SSID. For example, an 'ssid' parameter value of'LR54_%s' resolves to 'LR54_LR123456.'Accepted value is any string up to 32 characters.securitySecurity for the Wi-Fi 5 GHz interface.Accepted values can be one of none, wpa2-personal or wpa-wpa2-personal. The default value iswpa2-personal.passwordPassword for the Wi-Fi 5 GHz interface.This element is available to all users.Accepted value is any string between 8 and 64 characters.