Digi IX20-WAG4 User manual
IX20
User Guide
Firmware version 21.8
Revision history—90002381
IX20 User Guide 2
Revision Date Description
C September 2020 Release of Digi IX20 firmware version 20.8:
nSupport for NEMO/DMNR virtual private networks.
nSupport for serial Modbus Gateway.
nSupport for Ethernet network bonding.
nSupport for VRRP+, an extension to the VRRP standard
that uses network probing to monitor connections
through VRRP-enabled devices.
nCloud service enhancements:
lReduced data usage for reporting health metrics to
Digi Remote Manager.
Added Monitoring >Device Health >Only report
changed values to Digi Remote Manager option
to control sending metrics to Digi Remote Manager
on the basis of whether the values have changed
since they were last reported.
lAdded Monitoring >Device Health >Data point
tuning configuration options to fine tune what
datapoints are uploaded as health metrics to Digi
Remote Manager.
lAdded the ability to select Digi aView as the cloud
service.
nAdded the ability to duplicate firmware to copy the
active firmware to the secondary firmware partition.
nMoved the update firmware CLI command to system
firmware update.
nAdded new Authoritative option under TACACS+,
RADIUS, and LDAP user authentication methods to
prevent falling back to additional authentication
methods.
nCisco Umbrella content filtering.
nWi-Fi enhancements:
lAdded new options under Network >Wi-Fi to
control Tx Power of the Wi-Fi module.
lAdded support for multiple RADIUS servers for
WPA2 Enterprise.
nAdded options under System >Log >Server list to
allow users to specify the TCP/UDP protocol and port of
the remote syslog server.
nSerial port enhancements:
lAdded configuration option under Serial >TCP
connection to specify encrypted connection types.
lAdded configuration option under Serial >
IX20 User Guide 3
Revision Date Description
TCP/Telnet/SSH connections to enable/disable
TCP keep-alive messages and nodelay.
nEnhanced SMS support:
lAdded System >Scheduled tasks >Allow
scheduled scripts parameter to allow custom
python scripts to handle sending/receiving SMS
messages
lAdded the digidevice.sms python module for
sending/receiving SMS messages in a custom
python script.
nMQTT client support via Paho Python module.
nAdded a random unprivileged port for performing ntp
time syncs if standard port 123 fails.
nScripting enhancements:
lAdded a Status >Scripts page in the web UI and
show scripts command to the Admin CLI to view
custom scripts and applications configured in the
device, along with their status.
Added the system scripts stop command to the
Admin CLI to stop a custom script or application.
IX20 User Guide 4
Revision Date Description
D December 2020 Release of Digi IX20 firmware version 20.11:
nModem firmware update commands added to the
Admin CLI.
nNetwork bridging enhanced to use the MAC address of
the first active device listed in Network >Bridges >
Bridge name >Devices as the MAC address for the
bridged interface.
nIPsec enhancements:
lSupport for full IPsec IPv6 tunnels: IPv6-over-IPv4,
or IPv4-over-IPv6 tunnels.
lIPsec tunnels are now treated like network
interfaces, which allows tunnels to be selected for
routing and routing priority and access control lists.
lIPSec tunnels now wait for Surelink tests, if
configured, to pass prior to initiating outbound
tunnels.
nModbus gateway enhancements:
lStatus >Modbus gateway page in the Web UI
displays information about modbus clients and
servers connected to the gateway.
lshow modbus command displays information
about the the Modbus gateway service.
nSerial port enhancements:
lSerial port logging options added for starting,
stopping, and viewing serial port activity.
lOption added to the System >Serial configuration
page to copy serial port settings.
nPolicy-based routing enhancements:
lAdded a DSCP option to match the routing rule by
the type of DSCP field in the packet.
lAdded a Defaultroute option for matching policy-
based routes to the device's active default route.
nPython pip support for installing external modules and
libraries.
nService >Location added to enable location services.
Requires either GPS from the cellular modem, or an
external GNSS module connected via serial to the
device.
nLink speed and duplex options added to Ethernet port
configuration.
nssh and telnet commands added to Admin CLI.
IX20 User Guide 5
Revision Date Description
nServices >Ping responder allows you to control the
interfaces and firewall zones on which the DAL device
will respond to ICMP requests.
nEnhanced policy-based routing:
lAdded a DSCP option to match the routing rule by
the type of DSCP field in the packet.
lAdded a Defaultroute option for matching policy-
based routes to the device's active default route.
nAdded a link to User Guide under the User menu in the
Web UI.
IX20 User Guide 6
Revision Date Description
EMarch 2021 Release of Digi IX20 firmware version 21.2:
nLocation services added, including:
lThe ability to define a static latitude and longitude
as a location for the device.
lGNSSsupport through the cellular modem (requires
the CM07 COREmodem).
lReporting location information as health metrics to
Digi Remote Manager.
lGeo-fencing: Allow you to define one or more
circular or polygonal geo-fence areas and then
perform a set of actions when the device enters or
leaves that area.
lPython support for location information through
the digidevice.location python module.
nCellular modem carrier scanning and locking:
lNew modem scan CLI command for listing available
carriers for the current modem and SIM.
lManual carrier selection option to allow you to lock
the SIM to a specific carrier.
nEnhanced serial support:
lCertificate management control for TCP and
autoconnect serial port setups.
lAutoconnect.
nEnhanced Wi-Fi support:
lSupport 5GHz DFS Wi-Fi channels in client mode.
Only available for devices with 5GHz Wi-Fi radio
support.
lAdded 5GHz frequencies to the list of channels that
can be scanned for client-mode Wi-Fi background
scanning.
nLocal RESTAPI for automated configuration of the
device.
nSupport for remote CLI commands through Digi Remote
Manager.
nSupport for automatically checking for device and
modem firmware updates.
IX20 User Guide 7
Revision Date Description
FJune 2021 Release of Digi IX20 firmware version 21.5:
nWi-Fi enhancements:
lAdded support for WPA3 Wi-Fi encryption:
oWPA2/WPA3 Personal
oWPA3 Enhanced Open
oWPA3 Personal
lAdded support for WPA and WPA/WPA2 mised
mode with TKIP.
nCellular enhancements:
lAdded support for modem firmware update to the
Admin CLI.
lAdded support for over-the-air (OTA) modem
firmware update to check, list, and update to new
modem firmware from the Digi firmware server.
lAdded the ability to scan for cellular carriers on the
Modem status page and the ability select a
particular PLMN/network to use.
nAdded commands for over-the-air (OTA) system
firmware update to check, list, and update to new
firmware from the Digi firmware server.
nAdded a show dns command to the Admin CLI to
display active DNS servers and their associated
interface.
nAdded a show ntp command to the Admin CLI to
display the status of the NTP service.
nExpanded Port forwarding option to support a range of
ports, including one-to-one and many-to-one port
mappings.
nAdded options to control packet filtering for the
network analyzer.
nVPN enhancements:
lIPsec enhancements:
oAdded support for multiple remote endpoints
and the ability to use round-robin or to randomly
select an endpoint to establish a tunnel to.
oAdded configurable options to control IKE
transmit interval, tunnel retry interval, and
tunnel retry timeout.
lLDAP enhancements:
oAdded a login attribute to provide the ability to
match the attribute set on an Active Directory
IX20 User Guide 8
Revision Date Description
server.
nSureLink enhancements
lAdded the ability to configure how many times a
SureLink test must run, and must fail, before the
interface is restarted or the device is rebooted.
lAdded the ability to configure how many times a
SureLink test must pass before an interface is
considered to be working.
lAdded the ability to test another interface's status.
nSNMPv2 supported added.
nSimple Certificate Enrollment Protocol (SCEP)
supported added.
nUpdated python to version 3.6.13.
nAdded the default digi.device local domain.
IX20 User Guide 9
Revision Date Description
GSeptember 2021 Release of Digi IX20 firmware version 21.8:
nAdded LXC container support for running localized
containers on the device.
nAdded support for maintenance windows triggers to
control when a device is available for Digi Remote
Manager maintenance activity.
nWi-Fi enhancements:
lRemoved requirement to set a Wi-Fi SSID and
passphrase to initially configure the device.
lAdded support for 40Mhz channel bandwidth on
2.4GHz.
nVPNenhancements:
lAdded support for L2TPv3 tunneling.
lNew option to enable, disable, or force IPsec IKE
fragmentation.
nImproved options for creating a custom default
configuration:
lsystem backup CLI commands for generating a
custom default config file based on the active
config settings on the device.
lNew section on the File System page of the Web UI
for loading a configuration backup file as the
custom default config
lNew persistent files folder accessible through Digi
Remote Manager where users can upload a
configuration backup.
lAdded ability to clear a custom default
configuration by performing by pressing the ERASE
button, waiting for the device to reboot, then
pressing the ERASE again.
nAdded ability to override or edit SSH server options.
nAdded options for filtering Wi-Fi scanner results based
off of MAC addresses or RSSI signal strength.
nAdded options for sending local device event logs to
Digi Remote Manager.
nNew system time CLI command for manually setting
the local date and time.
nNew firewall packet filter options to allow/deny packets
based off of a range of source or destination MAC
addresses.
nNew monitoring metrics upload CLI command to send
on-demand health metrics to Digi Remote Manager.
IX20 User Guide 10
Revision Date Description
nAdded support for the configuration of custom scripts
that will be run manually, and a new system script
start CLI command to run manual scripts.
nNew "Find me" feature that flashes cellular-related
LEDs to help locate the device onsite and a new system
find-me command.
nAdded datapoint.upload_multiple function to
digidevice python module for uploading multiple
datapoints to DigiRM at once.
nAdded clear dhcp-lease command to remove all
dynamic DHCP leases or certain DHCP leases based on
MAC address or IP address.
nAdded speedtest command for performing on-demand
iPerf or nuttcp speedtests.
nLocal users are now required to be assigned to an
authentication group.
nNew Network → Advanced → Sequential DHCP address
allocation configuration setting for controlling if DHCP
addresses are assigned sequentially or randomly
(disabled by default).
nAdded ability to control if DHCP addresses are assigned
sequentially or randomly (disabled by default).
nAdded 802.1x port-based network access control,
configurable per network interface.
Trademarks and copyright
Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States
and other countries worldwide. All other trademarks mentioned in this document are the property of
their respective owners.
© 2021 Digi International Inc. All rights reserved.
Disclaimers
Information in this document is subject to change without notice and does not represent a
commitment on the part of Digi International. Digi provides this document “as is,” without warranty of
any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or
merchantability for a particular purpose. Digi may make improvements and/or changes in this manual
or in the product(s) and/or the program(s) described in this manual at any time.
Warranty
To view product warranty information, go to the following website:
www.digi.com/howtobuy/terms
IX20 User Guide 11
Customer support
Gather support information: Before contacting Digi technical support for help, gather the following
information:
Product name and model
Product serial number (s)
Firmware version
Operating system/browser (if applicable)
Logs (from time of reported issue)
Trace (if possible)
Description of issue
Steps to reproduce
Contact Digi technical support: Digi offers multiple technical support plans and service packages.
Contact us at +1 952.912.3444 or visit us at www.digi.com/support.
Feedback
To provide feedback on this document, email your comments to
Include the document title and part number (IX20 User Guide, 90002381 G) in the subject line of your
email.
IX20 User Guide 12
Contents
Revision history—90002381 2
What's new in Digi IX20 version 21.8
Digi IX20 Quick Start
Step 1: Connect your device 25
Step 2: Connect DC power 27
Step 3: Set up access to Digi Remote Manager 27
Step 4: Register your device 28
Step 5: Complete setup 28
Step 6: Configure cellular APN 28
Digi IX20 hardware reference
Digi IX20 features and specifications 29
IX20 accessories 29
IX20 front view 29
IX20 LEDs 30
Power 31
INT 31
Wi-Fi Service (IX20W model only) 31
SIM1 31
SIM2 31
LTE 32
Signal quality indicators 32
Ethernet Link and Activity 33
Signal quality bars explained 33
IX20 power supply requirements 34
Digi IX20 serial connector pinout 34
Configuration for extreme thermal conditions 35
Hardware setup
Install SIM cards in the Plug-in LTE modem 39
Tips for improving cellular signal strength 40
Connect data cables 40
Mount the IX20 device 40
Attach to a mounting surface by using the mounting tabs 41
Attach to DIN rail with clip 41
IX20 User Guide 13
IX20 User Guide 14
Attach to DIN rail with bracket 42
Configuration and management
Review IX20 default settings 44
Local WebUI 44
Digi Remote Manager 44
Default interface configuration 44
Other default configuration settings 45
Change the default password for the admin user 46
Reset default SSID and pre-shared key for the preconfigured Wi-Fi access point 47
Configuration methods 49
Using Digi Remote Manager 50
Access Digi Remote Manager 50
Using the web interface 50
Log out of the web interface 51
Using the command line 52
Access the command line interface 52
Log in to the command line interface 52
Exit the command line interface 53
Interfaces
Wide Area Networks (WANs) 55
Wide Area Networks (WANs) and Wireless Wide Area Networks (WWANs) 56
Configure WAN/WWAN priority and default route metrics 56
WAN/WWAN failover 59
Configure SureLink active recovery to detect WAN/WWAN failures 60
Configure the device to reboot when a failure is detected 68
Disable SureLink 76
Example: Use a ping test for WAN failover from Ethernet to cellular 80
Using Ethernet devices in a WAN 83
Using cellular modems in a Wireless WAN (WWAN) 83
Configure a Wide Area Network (WAN) 107
Configure a Wireless Wide Area Network (WWAN) 114
Show WAN and WWAN status and statistics 125
Delete a WAN or WWAN 126
Default outbound WAN/WWAN ports 128
Local Area Networks (LANs) 129
About Local Area Networks (LANs) 130
Configure a LAN 130
Show LAN status and statistics 137
Delete a LAN 139
DHCP servers 140
Create a Virtual LAN (VLAN) route 156
Default services listening on LANports 158
Bridging 159
Edit the preconfigured ETH2 bridge 160
Configure a bridge 163
Serial port
Configure the serial port 167
IX20 User Guide 15
Configure UDP serial mode 179
Show serial status and statistics 182
Log serial port messages 182
Wi-Fi
Wi-Fi configuration 185
Default access point SSID and password 185
Default Wi-Fi configuration 185
Configure the Wi-Fi radio's channel 187
Configure the Wi-Fi radio to support DFS channels in client mode 189
Required configuration items 189
Configure the Wi-Fi radio's band and protocol 190
Configure the Wi-Fi radio's transmit power 192
Configure an open Wi-Fi access point 194
Configure a Wi-Fi access point with personal security 199
Configure a Wi-Fi access point with enterprise security 206
Isolate Wi-Fi clients 213
Isolate clients connected to the same access point 213
Isolate clients connected to different access points 214
Configure a Wi-Fi client and add client networks 220
Show Wi-Fi access point status and statistics 226
Show Wi-Fi client status and statistics 228
Routing
IP routing 231
Configure a static route 232
Delete a static route 235
Policy-based routing 237
Configure a routing policy 237
Example: Dual WAN policy-based routing 245
Example: Route traffic to a specific WAN interface based on the client MACaddress 248
Routing services 253
Configure routing services 254
Show the routing table 256
Dynamic DNS 258
Configure dynamic DNS 258
Virtual Router Redundancy Protocol (VRRP) 263
VRRP+ 264
Configure VRRP 264
Configure VRRP+ 268
Example: VRRP/VRRP+ configuration 275
Configure device one (master device) 276
Configure device two (backup device) 280
Show VRRP status and statistics 286
Virtual Private Networks (VPN)
IPsec 289
IPsec data protection 289
IPsec modes 289
Internet Key Exchange (IKE) settings 289
IX20 User Guide 16
Authentication 290
Configure an IPsec tunnel 290
Configure IPsec failover 315
Configure SureLink active recovery for IPsec 318
Show IPsec status and statistics 325
Debug an IPsec configuration 326
Configure a Simple Certificate Enrollment Protocol client 327
Example: SCEP client configuration with Fortinet SCEP server 331
OpenVPN 337
Configure an OpenVPN server 338
Configure an OpenVPN Authentication Group and User 347
Configure an OpenVPN client by using an .ovpn file 351
Configure an OpenVPN client without using an .ovpn file 354
Configure SureLink active recovery for OpenVPN 358
Show OpenVPN server status and statistics 365
Show OpenVPN client status and statistics 366
Generic Routing Encapsulation (GRE) 368
Configuring a GREtunnel 368
Show GRE tunnels 373
Example: GRE tunnel over an IPSec tunnel 374
NEMO 389
Configure a NEMO tunnel 389
Show NEMO status 395
L2TPv3 396
Configure an L2TPv3 tunnel 396
Show L2TPV3 tunnel status 401
Services
Allow remote access for web administration and SSH 404
Configure the web administration service 407
Configure SSHaccess 417
Use SSH with key authentication 424
Generating SSH key pairs 424
Configure telnet access 427
Configure DNS 432
Show DNS server 438
Simple Network Management Protocol (SNMP) 439
SNMP Security 439
Configure Simple Network Management Protocol (SNMP) 439
Download MIBs 444
Location information 445
Configure the location service 446
Enable or disable modem GNSSsupport 448
Configure the device to use a user-defined static location 450
Configure the device to accept location messages from external sources 452
Forward location information to a remote host 456
Configure geofencing 461
Show location information 474
Modbus gateway 475
Configure the Modbus gateway 476
Show Modbus gateway status and statistics 489
System time 492
Configure the system time 492
Manually set the system date and time 496
IX20 User Guide 17
Network Time Protocol 496
Configure the device as an NTP server 497
Show status and statistics of the NTP server 502
Configure a multicast route 503
Ethernet network bonding 505
Enable service discovery (mDNS) 508
Use the iPerf service 512
Example performance test using iPerf3 516
Configure the ping responder service 516
Example performance test using iPerf3 520
Applications
Configure scripts to run automatically 522
Task one: Upload the application 522
Task two: Configure the application to run automatically 524
Configure scripts to run manually 528
Task one: Upload the application 529
Task two: Configure the application to run automatically 530
Start a manual script 533
Stop a script that is currently running 534
Show script information 535
Run a Python application at the shell prompt 536
Start an interactive Python session 538
Digidevice module 540
Use digidevice.cli to execute CLI commands 541
Use digidevice.datapoint to upload custom datapoints to Digi Remote Manager 542
Use digidevice.config for device configuration 545
Use Python to respond to Digi Remote Manager SCI requests 547
Use digidevice runtime to access the runtime database 556
Use Python to upload the device name to Digi Remote Manager 558
Use Python to access the device location data 560
Use Python to set the maintenance window 564
Use Python to send and receive SMS messages 566
Use Python to access serial ports 568
Use the Paho MQTTpython library 569
Use the local RESTAPI to configure the IX20 device 572
Use the GETmethod to return device configuration information 573
Use the POST method to modify device configuration parameters and list arrays 575
Use the DELETE method to remove items from a list array 575
User authentication
IX20 user authentication 578
User authentication methods 578
Add a new authentication method 580
Delete an authentication method 582
Rearrange the position of authentication methods 584
Authentication groups 585
Change the access rights for a predefined group 587
Add an authentication group 589
Delete an authentication group 593
Local users 595
Change a local user's password 596
IX20 User Guide 18
Configure a local user 598
Delete a local user 605
Terminal Access Controller Access-Control System Plus (TACACS+) 607
TACACS+ user configuration 608
TACACS+ server failover and fallback to local authentication 609
Configure your IX20 device to use a TACACS+ server 609
Remote Authentication Dial-In User Service (RADIUS) 613
RADIUS user configuration 614
RADIUS server failover and fallback to local configuration 614
Configure your IX20 device to use a RADIUS server 615
LDAP 618
LDAP user configuration 620
LDAP server failover and fallback to local configuration 621
Configure your IX20 device to use an LDAP server 621
Configure serial authentication 626
Disable shell access 628
Set the idle timeout for IX20 users 630
Example user configuration 632
Example 1: Administrator user with local authentication 632
Example 2: RADIUS, TACACS+, and local authentication for one user 634
Firewall
Firewall configuration 642
Create a custom firewall zone 642
Configure the firewall zone for a network interface 644
Delete a custom firewall zone 645
Port forwarding rules 647
Configure port forwarding 647
Delete a port forwarding rule 652
Packet filtering 654
Configure packet filtering 654
Enable or disable a packet filtering rule 658
Delete a packet filtering rule 660
Configure custom firewall rules 661
Configure Quality of Service options 663
Containers
Upload a newLXCcontainer 674
Configure a container 675
Starting and stopping the container 678
Starting the container 678
Stopping the container 679
View the status of containers 679
Schedule a script to run in the container 680
Create a custom container 683
Create the custom container file 683
Test the custom container file 684
System administration
Review device status 686
IX20 User Guide 19
Configure system information 687
Update system firmware 689
Manage firmware updates using Digi Remote Manager 689
Certificate management for firmware images 690
Downgrading 690
Dual boot behavior 693
Update cellular module firmware 695
Update modem firmware over the air (OTA) 695
Update modem firmware by using a local firmware file 697
Reboot your IX20 device 698
Reboot your device immediately 698
Schedule reboots of your device 699
Erase device configuration and reset to factory defaults 701
Configure the IX20 device to use custom factory default settings 704
Locate the device by using the Find Me feature 706
Configuration files 708
Save configuration changes 708
Save configuration to a file 709
Restore the device configuration 710
Schedule system maintenance tasks 713
Disable device encryption 718
Re-enable cryptography after it has been disabled. 718
Configure the speed of your Ethernet ports 720
Monitoring
intelliFlow 724
Enable intelliFlow 724
Use intelliFlow to display average CPU and RAMusage 727
Use intelliFlow to display top data usage information 728
Use intelliFlow to display data usage by host over time 730
Configure NetFlow Probe 731
Central management
Digi Remote Manager support 737
Configure Digi Remote Manager 737
Collect device health data and set the sample interval 744
Enable event log upload to Digi Remote Manager 747
Log into Digi Remote Manager 748
Use Digi Remote Manager to view and manage your device 750
Add a device to Digi Remote Manager 751
View Digi Remote Manager connection status 751
Configure multiple devices using profiles 752
Learn more 753
File system
The IX20 local file system 755
Display directory contents 755
Create a directory 756
Display file contents 757
Copy a file or directory 757
IX20 User Guide 20
Move or rename a file or directory 758
Delete a file or directory 759
Upload and download files 760
Upload and download files by using the WebUI 760
Upload and download files by using the Secure Copy command 761
Upload and download files using SFTP 762
Diagnostics
Perform a speedtest 765
Generate a support report 765
View system and event logs 767
View System Logs 767
View Event Logs 769
Configure syslog servers 771
Configure options for the event and system logs 773
Analyze network traffic 778
Configure packet capture for the network analyzer 779
Example filters for capturing data traffic 788
Capture packets from the command line 789
Stop capturing packets 790
Show captured traffic data 791
Save captured data traffic to a file 792
Download captured data to your PC 793
Clear captured data 794
Use the ping command to troubleshoot network connections 796
Ping to check internet connection 796
Stop ping commands 796
Use the traceroute command to diagnose IProuting problems 796
Digi IX20 regulatory and safety statements
RF exposure statement 798
Federal Communication (FCC) Part 15 Class B 798
Radio Frequency Interference (RFI) (FCC 15.105) 798
European Community - CE Mark Declaration of Conformity (DoC) 799
Maximum transmit power for radio frequencies 800
Innovation, Science, and Economic Development Canada (IC) certifications 800
RoHS compliance statement 801
Special safety notes for wireless routers 801
Product disposal instructions 802
Safety warnings
English 804
Bulgarian--б ъ л га р с ки 805
Croatian--Hrvatski 806
French--Français 807
Greek--Ε λληνικά 808
Hungarian--Magyar 809
Italian--Italiano 810
Latvian--Latvietis 811
Lithuanian--Lietuvis 812
This manual suits for next models
1
Table of contents
Other Digi Network Router manuals
Digi
Digi 6330-MX User manual
Digi
Digi TransPort WR11 User manual
Digi
Digi Connect Series User guide
Digi
Digi TransPort WR41 User manual
Digi
Digi IX10-00G4 User manual
Digi
Digi IX14 User manual
Digi
Digi EX40 User manual
Digi
Digi Connect EZ 4 User manual
Digi
Digi TransPort WR44 RR User manual
Digi
Digi Connect WAN Sync Edge 10 User manual
Digi
Digi TransPort LR54-AA401 User manual
Digi
Digi IX14 User manual
Digi
Digi TransPort WR44 v2 User manual
Digi
Digi ConnectPort X4 IA User manual
Digi
Digi XPressWireless User manual
Digi
Digi TransPort WR41 User manual
Digi
Digi DR6410 User manual
Digi
Digi IR4420 User manual
Digi
Digi TX40 User manual
Digi
Digi ConnectPort X4 User manual
