Lantronix EMG 7500 User Manual Download

Page: 98 / 482

7: Networking

EMG™ Edge Management Gateway User Guide

802.1X is an enterprise class access protocol for protecting networks via authentication. There are

three components to 802.1X authentication:



A supplicant, or client, which requires authentication (the EMG).



An authenticator, or access point, which acts as a proxy for the client, and restricts the client's

communication with the authentication server.



An authentication server (usually RADIUS), which decides whether to accept the client's

request for network access.

Extensible Authentication Protocol (EAP) is used to pass the authentication information between

the supplicant (the EMG) and the authentication server. The EAP type handles and defines the

authentication. The access point acting as authenticator is only a proxy to allow the supplicant and

the authentication server to communicate. The EMG supports the following EAP protocols:



LEAP

: Lightweight Extensible Authentication Protocol (LEAP) uses dynamic WEP keys and

mutual authentication with a modified version of MS-CHAP between the EMG and a RADIUS

server.



EAP-TLS:

uses TLS and Public key Infrastructure (PKI) to set up authentication with a

RADIUS server. This method requires the use of a client-side certificate for communicating

with the server.



EAP-TTLS:

uses TTLS (Tunneled Transport Layer Security) and server-side certificates to set

up authentication between the EMG and a RADIUS server. The actual authentication is,

however, performed using passwords.



PEAP:

Protected EAP uses server-side public key certificates to authenticate the EMG with a

RADIUS server. PEAP authentication creates an encrypted TLS tunnel between the EMG and

the server. The exchange of information is encrypted and stored in the tunnel ensuring the

user credentials are kept secure.



FAST:

Flexible Authentication via Secure Tunneling uses Protected Access Credential (PAC)

for verifying clients on the network. Instead of using a certificate to achieve mutual

authentication, FAST authenticates by means of a PAC (Protected Access Credential) stored

on the EMG, which can be managed dynamically by the authentication server. The PAC can

be provisioned (distributed one time) to the client either manually or automatically. Manual

provisioning is delivery to the client via disk or a secured network distribution method.

Automatic provisioning (used on the EMG) is an in-band distribution.

This table summarizes the features of each EAP protocol:

EAP Protocol

Feature

TLS

TTLS

PEAP

FAST

LEAP

Client-side

certificate

required

yes

no (PAC)

Server-side

certificate

required

yes

no (PAC)

WEP key

management

yes

Rogue AP

detection

yes

Summary of Contents for EMG 7500

Page 1: ...Part Number PMD 00008 Revision C April 2020 EMG Edge Management Gateway User Guide EMG 8500 EMG 7500 ...

Page 2: ...current list of our domestic and international sales offices go to the Lantronix web site at https www lantronix com about us contact Open Source Software Some applications are Open Source software licensed under the Berkeley Software Distribution BSD license the GNU General Public License GPL as published by the Free Software Foundation FSF or the Python Software Foundation PFS License Agreement ...

Page 3: ...pense will be required to take whatever measures may be required to correct the interference Note This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates...

Page 4: ...elease 8 3 0 0 It contains the initial release for EMG 7500 and includes the following software changes Added Wi Fi support both WLAN client mode and access point mode Upgraded FIPS support with latest security algorithms and added support for VPN SNMP and Web SSH added in FIPS mode Expanded Zero Touch Provisioning ZTP to support more methods of downloading a configuration to apply to a factory de...

Page 5: ..._____________________________________________24 Performance Monitoring _________________________________________________25 Security ______________________________________________________________25 Power _______________________________________________________________25 Integration with Lantronix ConsoleFlow ___________________________________25 Applications _________________________________________...

Page 6: ...___________________________________50 Modem Installation _____________________________________________________52 4 EMG 7500 Installation 53 EMG 7500 Package Contents ________________________________________________53 Order Information ______________________________________________________53 User Supplied Items ____________________________________________________53 Hardware Specifications _________...

Page 7: ...________________________________83 Hostname Name Servers ______________________________________________85 DNS Servers __________________________________________________________85 DHCP Acquired DNS Servers ____________________________________________85 TCP Keepalive Parameters ______________________________________________86 Gateway _____________________________________________________________86 Fa...

Page 8: ...________________136 Performance Monitoring Add Edit Probe __________________________________139 Performance Monitoring Results ________________________________________142 Performance Monitoring Commands ______________________________________145 FQDN List ______________________________________________________________146 8 Services 147 System Logging and Other Services ______________________________...

Page 9: ...___181 SD Card Commands __________________________________________________181 10 Device Ports 182 Connection Methods ______________________________________________________182 Permissions _____________________________________________________________182 I O Modules _____________________________________________________________183 Device Status _________________________________________________________...

Page 10: ..._______215 DIO Commands ______________________________________________________216 Xmodem _______________________________________________________________217 Xmodem Commands __________________________________________________219 Host Lists ______________________________________________________________220 Host Parameters ______________________________________________________220 Host List Commands ____...

Page 11: ...er _______________________________________________________282 Connection Configuration _______________________________________________283 Connection Commands ________________________________________________285 14 User Authentication 286 Authentication Commands ______________________________________________288 User Rights _____________________________________________________________289 Local and Re...

Page 12: ...__334 Factory Reset with External Storage Device ________________________________335 Internal Temperature __________________________________________________337 Site Information ______________________________________________________337 EMG Firmware _______________________________________________________337 Boot Banks and Bootloader Settings ______________________________________338 Load Firmware Vi...

Page 13: ...____________________________________388 TACACS Commands ____________________________________________________389 User Permissions Commands _______________________________________________390 Remote User Commands __________________________________________________391 Cellular Modem Commands ________________________________________________393 ConsoleFlow Commands _______________________________________...

Page 14: ...________________________________449 USB Modem Commands __________________________________________________452 VPN Commands _________________________________________________________453 WLAN Commands _______________________________________________________455 Temperature Commands __________________________________________________457 Xmodem Commands _____________________________________________________...

Page 15: ...ser Guide 15 Statement __________________________________________________________472 Safety and Hazards ___________________________________________________481 RoHS REACH and WEEE Compliance Statement ___________________________482 ...

Page 16: ...47 Figure 3 11 Power Input ___________________________________________________________48 Figure 4 3 EMG 7500 Rack Mount Configurations _______________________________________56 Figure 4 4 EMG 7500 Rack Mount Screw Placement ____________________________________56 Figure 4 5 Wall Mount Configuration _________________________________________________57 Figure 4 8 EMG 7500 Front Side __________________...

Page 17: ..._____________________________________160 Figure 8 8 Services Secure Lantronix Network Search Options _________________________161 Figure 8 9 Services Date Time _________________________________________________164 Figure 8 10 Services Web Server ________________________________________________166 Figure 8 11 Web Server SSL Certificate_____________________________________________169 Figure 8 12 Web ...

Page 18: ..._______________________281 Figure 13 4 Multiport Device Server _________________________________________________282 Figure 13 5 Console Server _______________________________________________________283 Figure 13 6 Devices Connections _________________________________________________284 Figure 13 7 Current Connections ___________________________________________________285 Figure 14 1 User Authentic...

Page 19: ...nners________________________________________________356 Figure 16 1 EMG Configuration ___________________________________________________358 Figure 16 2 Remote User Connected to a SUN Server via the Console Manager______________359 Figure 16 3 Dial in Text Mode to a Remote Device ____________________________________361 Figure 16 4 Local Serial Connection to Network Device via Telnet _____________...

Page 20: ...ress _________________________________________63 Table 6 3 SCS Commands ________________________________________________________77 Table 6 4 CLI Keyboard Shortcuts ___________________________________________________78 Table 7 16 Error Conditions Detected by Probes ______________________________________144 Table 10 1 Supported I O Module Configurations ______________________________________183 Tabl...

Page 21: ...onnection form factors and power supplies provides instructions for installing the EMG 7500 Chapter 5 Quick Setup Provides instructions for getting your EMG unit up and running and for configuring required settings Chapter 6 Web and Command Line Interfaces Describes the web and command line interfaces available for configuring the EMG The configuration chapters 6 15 provide detailed instructions f...

Page 22: ...igurations to set up and use the EMG unit Chapter 17 Command Reference Lists and describes all of the commands available on the EMG command line interface Appendix A Security Considerations Provides tips for enhancing EMG security Appendix B Safety Information Lists safety precautions for using the EMG Appendix C Adapters and Pinouts Includes adapter and pinout diagrams Appendix D Protocol Glossar...

Page 23: ...connection This chapter provides an introduction to the following EMG models EMG 8500 EMG 7500 Most features are common to both EMG 8500 and EMG 7500 however differences between the two models are noted EMG 8500 Overview The EMG 8500 is a modular edge management gateway that offers serial RJ45 and USB console connectivity with user swappable I O modules and connectivity modules These user swappabl...

Page 24: ...twork connectivity Figure 2 2 EMG 7500 Edge Management Gateway front view Key Features Console Management Enables system administrators to remotely manage devices with serial and or USB console ports with RS 232C now EIA 232 or USB compatible serial consoles in a 1U tall rack space RJ45 RS 232 or USB Type A serial console connections EMG 8500 provides up to 8 serial RJ45 RS 232 or USB Type A conso...

Page 25: ...s performed on the CLI or on device ports Performance Monitoring Performance Monitoring probes to analyze network performance Security Enterprise grade security and secure user access control with local or remote authentication Power An external Universal AC 90W 100 240V 50 60 Hz power supply provides power to the unit DC power port The DC power port supports 9 to 30Vdc Convection cooled silent op...

Page 26: ...ess For brief descriptions of these protocols see Appendix D Protocol Glossary on page 467 Configuration Methods After installation the EMG requires configuration For the unit to operate correctly on a network it must have a unique IP address on the network This IP address references the specific unit For details on how to configure the unit with basic network settings see Chapter 5 Quick Setup Th...

Page 27: ...Code Product Part Number Product Revision Manufacturing Date Code Country of Manufacturing Origin Hardware Address MAC address or serial number Device ID used to connect to ConsoleFlow central management software Figure 2 3 Product Label EMG 8500 shown Product Part Number Product Revision Country of Manufacturing Origin Serial Number Device ID ConsoleFlow Manufacturing Date Code QR Code ...

Page 28: ...tion of the EMG unit will depend upon the type s of I O modules installed in the bays Two I O Module Device Port Bays The EMG supports the use of single mode and multi mode fiber optic SFP transceiver modules SFP modules are purchased separately The appearance and function of the EMG unit will depend upon the type s of connectivity modules installed in the bays Two Connectivity Module Bays Dual Et...

Page 29: ...Port One I O Device Port Module Dual Ethernet Port The appearance and function of the EMG unit will depend upon the type of I O module installed Internal LTE cellular modem Power inlet Micro SD Card Micro SIM Card The appearance and function of the EMG unit will depend upon the model variant that has been purchased Figure 2 7 shows an EMG 7500 unit with an internal cellular modem and a Wi Fi card ...

Page 30: ...ce port The port can save the data log to a file send an email notification of an issue or take no action You can define the path for logged data on a port by port basis configure file size and number of files per port for each logging event and configure the device log to send an email alert message automatically to the appropriate parties indicating a particular error Console Port Interface The ...

Page 31: ... Lantronix adapters The RJ45 ports have software reversible pinouts to switch between digital terminal equipment DTE and digital communications equipment DCE applications RJ45 to DB9 DB25 adapters are available from Lantronix For serial pinout information see Appendix C Adapters and Pinouts on page 464 Table 2 9 Device DCE Reversed DTE Port Pinout Additional device port features RAW TCP Telnet or ...

Page 32: ...ed with two Ethernet and two SFP ports The EMG 7500 is equipped with two Ethernet ports only The EMG network interfaces are 10 100 1000 Base T Ethernet for use with a conventional Ethernet network as shown in Figure 2 10 Use standard RJ45 terminated cables such as a Category 5 or 6 patch cable CAT5E or better cables are recommended for 1000 Base Ethernet Network parameters must be configured befor...

Page 33: ... equipped with two user swappable connectivity slots on the back of the unit One LTE 4G cellular modem may be installed See Connectivity Module Installation on page 50 The EMG 7500 is offered with the option of an internal LTE cellular modem The LTE cellular modem module supports one main antenna one AUX antenna and one GNSS antenna for geolocation The geolocation function is not active in the cur...

Page 34: ...nstalled in either connectivity slot See Connectivity Module Installation on page 50 The EMG 7500 is offered with the option of a pre installed analog dialup modem module Connectivity Modules User replaceable connectivity modules apply to EMG 8500 only Connectivity modules on the EMG 7500 cannot be replaced by the user EMG 8500 provides two slots for user replaceable connectivity modules to be ins...

Page 35: ...ty Status Table 2 13 describes the front panel LED indicators Table 2 13 Front Panel LED Indicators Digital IO Port The DIO port applies to EMG 8500 only The terminal block digital input relay output is located on the front panel of the EMG unit It provides two digital inputs and one relay output terminal block for use with sensors The DIO port requires an adapter which is available and sold separ...

Page 36: ...rt The DIO connector description is provided below Connector Description Relay Output Output supports 1A 24V Inputs Inputs accept voltage 0 to 30 VDC ON Max 30 VDC Min 2 VDC OFF Max 0 7 VDC Min 0 VDC Pin Number Pin Definition 1 Relay Out 2 Relay In 3 Input1 4 Input1 5 Input2 6 Input2 ...

Page 37: ...ce modules are available and sold separately Table 3 2 EMG 8500 Device Modules Additional parts and accessories are available and sold separately For details and purchasing information refer to the next section Order Information External DIO adapter Wall mount kit Rail mount kit Name One EMG 8500 EDGE MANAGEMENT GATEWAY RJ45 to DB9F Adapter RJ45 to RJ45 Cat5 Cable 6 6 ft 2m straight through RJ45 p...

Page 38: ...inouts An available connection to your Ethernet network and an Ethernet cable CAT5E or better cables are recommended for 1000 Base Ethernet A working AC power outlet to power the unit using the included AC 90W 100 240V 50 60 Hz power supply If the LTE cellular modem is installed a network SIM card and data services from a service provider Customize an EMG Build any combination up to 8 managed cons...

Page 39: ...ectable 300 to 921600 baud LEDs Green light ON indicates data transmission activity Yellow light ON indicates data receiving activity Network Interface 2 10 100 1000 Base T RJ45 Ethernet with LED indicators Green light ON indicates a link at 1000 Base T Green light OFF indicates a link at other speeds or no link Yellow light ON indicates a link is established Yellow light blinking indicates activi...

Page 40: ...it securely on a flat vertical surface See Wall Mount Installation on page 42 3 Connect the serial device s to the EMG unit s device ports See Connecting to a Device Port on page 44 4 Choose one of the following options To configure the EMG using the network or to monitor serial devices on the network connect at least one EMG network port to a network See Connecting to Network Ports on page 46 Fro...

Page 41: ...the EMG boots it attempts to get an IP address from DHCP To configure the network settings see Chapter 5 Quick Setup Rack Mount Installation Figure 3 4 shows two possible rack mount configurations Figure 3 4 EMG 8500 Rack Mount Dimensions 1 Attach the brackets on the sides of the EMG unit using a screwdriver and the screws provided with the mounting kit 2 Mount the unit securely in a 19 inch rack ...

Page 42: ...epth of 1 25 inches 32 mm 3 Insert the anchors until they are flush with the surface 4 Thread four pan head top mount screws through the unit mount hole and through the anchor and tighten them 2 Keyhole mount 1 Locate the place where you want to mount the unit and mark two holes using your EMG mount as a guide for the screws See for the location of the screw holes 2 Drill two 3 16 inch 4 8 mm diam...

Page 43: ...ter holes at a depth of 1 25 inches 32 mm 3 Thread four pan head top mount screws through the unit mount hole and tighten them 2 Keyhole mount 1 Locate the place where you want to mount the unit and mark two holes using your EMG mount as a guide for the screws See for the location of the screw holes 2 Drill two 3 16 inch 4 8 mm diameter holes at a depth of 1 25 inches 32 mm 3 Thread two pan head t...

Page 44: ...nect one end of the cable to the device port 2 Connect the other end of the cable to an RJ45 serial console port on the serial device or use a Lantronix serial console adapter to connect it to other port types Notes See Device Port Commands to enable or disable reverse pinouts through the CLI Table 3 6 and Table 3 7 provide additional information on reverse pinouts See Appendix C Adapters and Pino...

Page 45: ...ding or replacing I O modules in the I O module bays When populating the bays Bay 1 and Bay 2 may be populated in any order and one module may be left empty The bays are ordered from left to right Bay 1 is the slot next to the console port and USB port and Bay 2 is the slot to the right of Bay 1 See Figure 3 8 Any changes to the I O modules must be done while the EMG unit is powered off Table 3 9 ...

Page 46: ...network Modular Expansion for Connectivity Module Bays The EMG module configuration can be changed by adding or replacing connectivity modules in the Connectivity module bays Bay 1 and Bay 2 may be populated in any order and one or both bays may be left empty The bays are ordered from left to right Bay 1 is the slot on the left side of the back panel and Bay 2 is the slot to the right of Bay 1 See...

Page 47: ...dapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector The console port is configured as DTE non reversed RJ45 See Appendix C Adapters and Pinouts for more information To connect a terminal 1 Attach the Lantronix adapter to your terminal typically a PN 200 2066A adapter see Figure C 1 or your PC s serial port use PN 200 2070A adapter see Figure C 4 2 Connect the Cat 5 c...

Page 48: ... strong password Power Input The EMG has a DC input jack connector for applying 9 to 30V DC The EMG ships with an external 100 to 200VAC 50 60Hz to 12V DC power supply brick for supplying power to the DC input jack See EMG 8500 Package Contents on page 37 Warning Risk of serious electric shock Disconnect the power cord before servicing the EMG Figure 3 11 Power Input Pin assignments Pin 1 Input vo...

Page 49: ...y of the EMG unit Do not insert any other module on the front of the EMG unit Doing so may damage the EMG unit and will void the manufacturer warranty To install an I O module 1 Disconnect the power cord from the EMG unit and from the wall outlet 2 On the front of the EMG unit locate the module bay where the module will be inserted 3 Unscrew the existing module or faceplate from the module bay wit...

Page 50: ...cing the modules Not powering off the device before changing the module will void the manufacturer warranty Warning Install the connectivity module on the back only of the EMG unit Do not insert any other module on the back of the EMG unit Doing so may damage the EMG unit and will void the manufacturer warranty To install the connectivity module 1 Disconnect the power cord from the EMG unit and fr...

Page 51: ...6 Tighten the screw on the module with your fingers Be careful not to over tighten it 7 Insert and screw in the antennas to the module with your fingers 8 To verify the new module is recognized connect power to the EMG wait for it to boot and log into the web manager The new module will be displayed in the Dashboard ...

Page 52: ...O 26 AWG OR LARGER e g 24 AWG UL LISTED OR CSA CERTIFIED TELECOMMUNICATION LINE CORD Attention POUR RÉDUIRE LES RISQUES D INCENDIE UTILISER UNIQUEMENT DES CONDUCTEURS DE TÉLÉCOMMUNICATIONS 26 AWG AU DE SECTION SUPÉRLEURE Warning RISK OF ELECTRICAL SHOCKS DISCONNECT ALL POWER AND PHONE LINES BEFORE SERVICING Caution DEVICES INSIDE THE EQUIPMENT AND THE MODEM ARE ELECTROSTATIC SENSITIVE DO NOT HANDL...

Page 53: ...t Order Information To view order information part numbers and extended support options go to https www lantronix com products lantronix emg tab order now User Supplied Items To complete your installation you will need the following items Medium size Phillips screwdriver to install the mounting brackets to the EMG unit if applicable One or more serial devices that require network connectivity A se...

Page 54: ...he front and one on the back of the unit HS FS and LS Capable of providing VBUS 5V up to 100 mA per port but not to exceed 400 mA total per 4 port USB I O module May be used with a USB to serial adapter to connect a serial device if needed Please contact Lantronix for the list of tested adapters Caution USB ports are designed for data traffic only They are not designed for charging or powering dev...

Page 55: ...e 60 To configure the EMG unit using a dumb terminal or a computer with terminal emulation connect the terminal or PC to the front panel EMG console port See Connecting Terminals on page 60 4 Connect the power cord to power on the unit See Power Input on page 61 5 Wait approximately one minute for the boot process to complete The first time the EMG boots it attempts to get an IP address from DHCP ...

Page 56: ...onfigurations Figure 4 4 EMG 7500 Rack Mount Screw Placement 1 Attach the brackets on the sides of the EMG unit using a screwdriver and the screws provided with the mounting kit 2 Mount the unit securely in a 19 inch rack Warning Do not block the air vents on the sides of the EMG module If you mount the EMG in an enclosed rack we recommend that the rack have a ventilation fan to provide adequate a...

Page 57: ... diameter holes at a depth of 1 25 inches 32 mm 3 Insert the anchors until they are flush with the surface 4 Thread four pan head top mount screws through the unit mount hole and through the anchor and tighten them 2 Keyhole mount 1 Locate the place where you want to mount the unit and mark two holes using your EMG mount as a guide for the screws See for the location of the screw holes 2 Drill two...

Page 58: ... mounts can go through the screw heads on the wall Connecting to a Device Port You can connect almost any device that has a serial console port to a device port on the EMG unit for remote administration The console port must support the RS 232C interface You may use a CAT5 cable or a crossover cable if the reverse pinout function is not used Note Many servers must either have the serial port enabl...

Page 59: ...igure 4 8 EMG 7500 Front Side To connect to a USB device port 1 Connect the USB type A connector of a USB cable to a device port 2 Connect the other end of the USB cable to a USB console port 4 Ground 5 Ground 6 RXD input 7 DSR input 8 CTS input Pin Number Description 1 CTS input 2 DSR input 3 RXD input 4 Ground 5 Ground 6 TXD output 7 DTR output 8 RTS output Pin Number Description 4 Port RJ45 I O...

Page 60: ...top bit No flow control To connect the console port to a terminal or computer with terminal emulation Lantronix offers optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector The console port is configured as DTE non reversed RJ45 See Appendix C Adapters and Pinouts for more information To connect a terminal 1 Attach the Lantronix adapter to your terminal typic...

Page 61: ...0 VDC The EMG ships with an external AC 90W 100 240V 50 60 Hz 12 VDC power supply See EMG 7500 Package Contents on page 53 Warning Risk of serious electric shock Disconnect the power cord before servicing the EMG Figure 4 9 EMG 7500 Power Input Pin assignments Pin 1 Input voltage 9 30 VDC Pin 2 reserved Pin 3 Ground Pin 4 Earth Ground ...

Page 62: ...O 26 AWG OR LARGER e g 24 AWG UL LISTED OR CSA CERTIFIED TELECOMMUNICATION LINE CORD Attention POUR RÉDUIRE LES RISQUES D INCENDIE UTILISER UNIQUEMENT DES CONDUCTEURS DE TÉLÉCOMMUNICATIONS 26 AWG AU DE SECTION SUPÉRLEURE Warning RISK OF ELECTRICAL SHOCKS DISCONNECT ALL POWER AND PHONE LINES BEFORE SERVICING Caution DEVICES INSIDE THE EQUIPMENT AND THE MODEM ARE ELECTROSTATIC SENSITIVE DO NOT HANDL...

Page 63: ...p IP Address Your EMG must have a unique IP address on your network The system administrator generally provides the IP address and corresponding subnet mask and gateway The IP address must be within a valid range and unique to your network If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the EMG over the network The following ...

Page 64: ...initial setup 3 Locate the EMG in the device list The device s firmware version serial number IP address and MAC address will be shown Additional information can be obtained by clicking the three dot menu and clicking Get Device Info 4 In order to perform operations on the EMG such as upgrading the firmware updating the configuration or uploading to the file system click the checkbox next to the d...

Page 65: ... 2 Quick Setup 4 To accept the defaults select the Accept default Quick Setup settings checkbox on the top portion of the page and click the Apply button at the bottom of the page Otherwise continue with step 5 Note Once you click the Apply button on the Quick Setup page you can continue using the web interface to configure the EMG further 5 Enter the following settings ...

Page 66: ...eading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for the last segment octet Note Currently the EMG does not support configurations with the same IP subnet on multiple interfaces Ethernet or PPP Subnet Mask If specifying an IP address enter the subnet mask for the network on which the EMG unit resides There is no default ...

Page 67: ...it s location Date From the drop down lists select the current month day and year Time From the drop down lists select the current hour and minute Time Zone From the drop down list select the appropriate time zone Administrator Setting Description Sysadmin Password To change the password e g from the default enter a Sysadmin Password of up to 64 characters Note As a security measure we recommend t...

Page 68: ...Quick Setup script 1 Do one of the following With a serial terminal connection power up and when the command line displays press Enter With a network connection use an SSH client or Telnet program if Telnet has been enabled to connect to xx xx xx xx the IP address in dot quad notation and press Enter You should be at the login prompt 2 Enter sysadmin as the user name and press Enter 3 Enter the la...

Page 69: ... not display Enter all IP addresses in dot quad notation Do not use leading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for the last octet Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported Subnet Mask The subnet mask specifies the network segment on which the EMG...

Page 70: ...______________________________________________ The current hostname is emgfcf0 and the current domain is undefined The hostname will be shown in the CLI prompt Specify a hostname emgfcf0 Specify a domain undefined ____Time Zone___________________________________________________________ The current time zone is GMT Enter time zone GMT ____Date Time___________________________________________________...

Page 71: ... user account can be limited to only the front console port of the EMG device These steps will prevent any local users from logging in restrict the default sysadmin local user to the front console port and allow a user with administrative rights to login as long as remote authentication is working To configure limited sysadmin user access 1 Enable the Sysadmin access limited to Console Port option...

Page 72: ...nfigure and manage the EMG using most web browsers Firefox Chrome Safari or Internet Explorer web applications with the latest browser updates The EMG unit provides a secure encrypted web interface over SSL secure sockets layer Note The web server listens for requests on the unencrypted HTTP port port 80 and redirects all requests to the encrypted HTTPS port port 443 The following figure shows a t...

Page 73: ...nd the Configuration option displays the Device Ports Settings 1 of 2 page Cellular connectivity settings for the LTE cellular module if installed See Cellular Modem Settings on page 93 DIO port settings See DIO Port on page 215 USB device flash drive or modem plugged into the front panel USB connector See Chapter 9 USB SD Card Port SD card settings See Chapter 9 USB SD Card Port Internal modem se...

Page 74: ...ormation Configuration site map Status of the EMG Help Button Provides online Help for the specific web page Logging in Only the system administrator or users with web access rights can log into the Web Manager More than one user at a time can log in but the same user cannot log in more than once To log in to the Web Manager 1 Open a web browser 2 In the URL field type https followed by the IP add...

Page 75: ...command set while all other users have access to a reduced command set based on their permissions Logging In To log in to the EMG command line interface 1 Do one of the following With a serial terminal connection power up and when the command line displays press Enter If the EMG already has an IP address assigned previously or assigned by DHCP Telnet if Telnet has been enabled or SSH to xx xx xx x...

Page 76: ...ely For parameter values type the entire value For example you can shorten set network port 1 state static ipaddr 122 3 10 1 mask 255 255 0 0 to se net po 1 st static ip 122 3 10 1 ma 255 255 0 0 Use the Tab key to automatically complete action category or parameter names Type a partial name and press Tab either to complete the name if only one is possible or to display the possible names if more ...

Page 77: ...igure the current command line session set cli scscommands enable disable Allows you to use Lantronix Secure Console Server SCS compatible commands as shortcuts for executing commands Note Settings are retained between CLI sessions for local users and users listed in the remote users list Table 6 3 SCS Commands To set the number of lines displayed by a command set cli terminallines disable Number ...

Page 78: ...mation about user rights see Chapter 14 User Authentication Table 6 4 CLI Keyboard Shortcuts Keyboard Shortcut Description Control a Move to the start of the line Control e Move to the end of the line Control b Move back to the start of the current word Control f Move forward to the end of the next word Control u Erase from cursor to the beginning of the line Control k Erase from cursor to the end...

Page 79: ...ust be within a valid range and unique to your network If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the EMG over the network To configure the unit you need the following information Eth1 IP address ________ ________ ________ ________ Subnet mask ________ ________ ________ ________ Eth2 IP address optional ________ ________...

Page 80: ... link is established Yellow Light Blinking indicates link activity A variety of SFP modules as one of the user selectable active ports on the EMG In the web UI port banner bar these are represented as and in a variety of colors Single mode 1000 BASE LX optical SFPs Multi mode 1000 BASE SX optical SFPs RJ45 1000 BASE T SFPs F1 A port with no SFP module is shown in white A port with an unknown SFP m...

Page 81: ...ports 1 Click the Network tab and select the Network Settings option The Network Network Settings 1 of 2 and Network Network Settings 2 of 2 displays Figure 7 1 Network Network Settings 1 of 2 The SFP NIC Info Diagnostics link brings you to the Network Settings SFP NIC Information Diagnostics page ...

Page 82: ...7 Networking EMG Edge Management Gateway User Guide 82 Figure 7 2 Network Network Settings 2 of 2 ...

Page 83: ...teway Obtain from BOOTP Lets a network node request configuration information from a BOOTP server node If you select this option skip to Gateway Specify Lets you manually assign a static IP address generally provided by the system administrator IP Address if specifying Enter an IP address that will be unique and valid on your network There is no default Enter all IP addresses in dot quad notation ...

Page 84: ...er of bytes that can be used in a packet The minimum MTU size is 108 bytes to conform with RFC 2460 and the maximum size is 1500 bytes Active Port Selects either the RJ45 port or the SFP port as the active Ethernet port Selecting SFP requires that a SFP transceiver module be inserted into the appropriate SFP slot When switching from RJ45 to SFP or vice versa any active network connections may be d...

Page 85: ...t supported Click Back to Network Settings link to return to the Network Settings page Hostname The default host name is emgXXXX where XXXX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit contiguous characters no spaces The host name becomes the prompt in the command line interface Domain If desired specify a domain name for example support lantron...

Page 86: ...twork traffic that does not match Eth1 or Eth2 is sent to the default gateway for routing Note If a fail over gateway is configured the Default Gateway must be configured for fail over and fail back to work properly gateways acquired via DHCP can change or be removed Eth1 Eth2 DHCP Acquired display only Gateway acquired by DHCP for Eth1 or Eth2 WLAN DHCP Acquired display only Gateway acquired by D...

Page 87: ... modem is used as the Fail over Port the Fail over Gateway IP Address should be set to the Remote IP address for the PPP connection When Cellular or WLAN is used as the Fail over Port EMG models only the Fail over Gateway IP Address should be set to the IP address of the cellular or WLAN interface See Fail over Port for specific requirements for configuring each type of port interface If the cellu...

Page 88: ... and establish a PPP connection over the phone line and configure the default gateway so that traffic will be routed over the PPP connection If the Modem Timeout is disabled the PPP connection will remain up the entire time the network is in fail over mode at fail back the PPP connection will be torn down and the dial out will be terminated If the Modem Timeout is enabled the PPP connection remain...

Page 89: ...e APN power cycle the Sierra gateway and allow it to reboot completely The fail over feature requires that both Ethernet ports be configured with a static IP address Using DHCP on one of the Ethernet ports may overwrite the default route interfering with fail over and fail back Note The commands sent to the fail over device to retrieve status and update the configuration are shown in the syslog me...

Page 90: ... new password will also be configured on the Sierra gateway The Sierra gateway login must be set as user Reboot Gateway When Making Changes check box Select this check box if you wish to reboot the selected fail over device when making changes Fail Over Cellular Gateway Status link Clicking the link opens the Fail Over Cellular Gateway status window showing status and statistics about the fail ove...

Page 91: ...actly as it is represented Load Firmware via Select the method to load the firmware from the options in the drop down menu Options are FTP SFTP SCP USB SD Card and HTTPS FTP is the default If you select HTTPS the Upload File link becomes active Select the link to open a popup window that allows you to browse to a firmware update file to upload If you select NFS the mount directory must be specifie...

Page 92: ...ge displays statistics for each of the EMG Ethernet ports since boot up The system automatically updates them Note For Ethernet statistics for a smaller time period use the diag perfstat command Network Commands Go to Network Commands to view CLI commands which correspond to the web page entries described above ...

Page 93: ... EMG unit The Cellular Settings web page allows the user to configure parameters that determine how the EMG cellular modem network behaves and to update the cellular modem firmware To complete the Cellular Settings page 1 Click the Network tab and select the Cellular Modem option The following page displays Figure 7 4 Network Cellular Modem Settings Page ...

Page 94: ...or SIM Card Cellular Network Username and Password The login and password for connecting to the cellular carrier if required The login may have up to 32 characters and the password may have up to 64 characters The Cellular Network Password displays the current password masked Cell Network Auth Specify the type of authentication to be used for connecting to the cellular carrier This is to be config...

Page 95: ...e number of times the modem has been software reset Mode indicates if the modem is online with the cellular network System mode current cellular mode such as LTE PS state the packet service attach status LTE band current band being used by the modem LTE bw current band frequency LTE Rx chan receive channel in use LTE Tx chan transfer channel in use LTE CA state carrier aggregation assignment EMM s...

Page 96: ... 1 FW 2 FW 3 FW 4 Max FW images Active FW image the firmware images that are loaded in the modem and which firmware slot is being used PRI FF the carrier firmware images that are loaded in the modem Current Preferred Images the preferred and current firmware and carrier images Cellular Modem Commands Go to Cellular Modem Commands to view CLI commands which correspond to the web page entries descri...

Page 97: ... initial configuration of the EMG instead of using connections that require a cabled connection The default SSID is Lantronix_EMGxxxx where xxxx is the last 4 characters of the Ethernet port Eth1 MAC address Warning After logging into the EMG you should enable AP security and re associate with new security settings The access point will allow WiFi devices to connect to the EMG and access all funct...

Page 98: ...for communicating with the server EAP TTLS uses TTLS Tunneled Transport Layer Security and server side certificates to set up authentication between the EMG and a RADIUS server The actual authentication is however performed using passwords PEAP Protected EAP uses server side public key certificates to authenticate the EMG with a RADIUS server PEAP authentication creates an encrypted TLS tunnel bet...

Page 99: ...est priority value will be selected for the client connection Profiles can be created manually by entering the SSID and authentication parameters Profiles can also be created with Quick Connect which will scan for wireless networks within range and present a list of networks with service set identifier SSID basic service set identifier BSSI channel number received signal strength indication RSSI a...

Page 100: ...7 Networking EMG Edge Management Gateway User Guide 100 Figure 7 5 Network Wireless Settings ...

Page 101: ...eway can be set as the default gateway for the EMG by configure the gateway precedence in the Network Port Settings DHCP Acquired Primary Secondary DNS read only Displays any DNS servers acquired from the access point the wireless client connects to IPv6 Address Static Enter the IPv6 address for the wireless client This requires that IPv6 be enabled in the Network Port Settings IPv6 Address Link L...

Page 102: ...e for that network needs to exist and be enabled This section describes how to manually to create a profile see also profile Quick Connect The EMG supports up to 4 WLAN profiles with a priority assigned to each profile The matching network with the highest priority value will be selected for the client connection To create a WLAN profile 1 Click on the Configure WLAN Profiles 2 The WLAN Profiles p...

Page 103: ...acters are letters numbers space dash period and underscore _ Network Name SSID Enter the Service Set Identifier or network name for the WLAN network The SSID can contain up to 32 characters the characters and are not allowed State The state of the profile only Enabled profiles can be used to connect to a WLAN network Priority The priority of the profile which is a number from 1 to 4 When choosing...

Page 104: ...arties as a form of authentication if mismatches occur no connection establishes Note Open authentication requires a passphrase this passphrase is used to encrypt the data and is not used for authentication Key Type For WEP Shared authentication select the type of key required for the WLAN network Passphrase for an ASCII password or Hex for a 40 bit or 104 bit hexadecimal key Key Size For WEP Shar...

Page 105: ...on select the type of encryption CCMP preferred TKIP or Any IEEE 802 1X Parameters 802 1X uses enterprise class authentication to grant access to secure networks There are 3 components to 802 1X A supplicant or client which requires authentication the EMG An authenticator or access point which acts as a proxy for the client and restricts the client s communication with the authentication server An...

Page 106: ...er Name that can be authenticated by the RADIUS server The User Name can be up to 63 characters long and all printable characters are supported Provide a client side certificate with a Certificate file Private Key file and Authority Certificate file The server side certificate can be validated by setting Validate Certificate to Enabled requires an Authority Certificate validating server the certif...

Page 107: ...eless device can be used for initial configuration of the EMG instead of using connections that require a cabled connection such as the console port or Ethernet Ports To configure the wireless access point 1 On the Wireless Settings page click Configure Access Point 2 The following page is displayed IEEE 802 1X Parameters continued PEAP Configuration Enter a User Name and Password that can be auth...

Page 108: ... contain up to 32 characters the characters and are not allowed The default SSID is Lantronix_EMGxxxx where xxxx is the last 4 characters of the Ethernet port Eth1 MAC address SSID Broadcast If enabled the EMG will broadcast its SSID in the beacons that are sent out Enabled by default Channel Selection Select the channel through which the access point will operate Auto allows the radio to select a...

Page 109: ...with CBC MAC preferred TKIP for Temporal Key Integrity Protocol or Any for both CCMP and TKIP Passphrase Retype Passphrase If WPA or WPA2 is selected for the Security Suite enter the password to connect to the access point IP Address Specifies the IP address of the access point Subnet Mask Specifies the network segment of the access point DHCP Pool Start End IP Address The access point provides DH...

Page 110: ...lters Warning IP filters configuration is a feature for advanced users Adding and enabling IP filter sets incorrectly can disable access to your EMG unit Viewing IP Filters You can view a list of filters and a table showing how each filter is mapped to an interface To view a list of IP filters 1 Click the Network tab and select the IP Filter option The following page displays Figure 7 8 Network IP...

Page 111: ...enable or disable individual filters To enable IP filters 1 Enter the following Enable IP Filter Select the Enable IP Filter checkbox to enable all filters or clear the checkbox to disable all filters Disabled by default Packets Dropped Displays the number of data packets that the filter ignored did not respond to View only Packets Rejected Displays the number of data packets that the filter sent ...

Page 112: ...twork IP Filter page click the Add Ruleset button The following page displays Figure 7 9 Network IP Filter Ruleset Adding Editing Rulesets Rulesets can be added or updated on this page 2 Enter the following Rule Parameters Ruleset Name Name that identifies a filter may be composed of letters numbers and hyphens only The name cannot start with a hyphen Example FILTER 2 IP Address es Specify a singl...

Page 113: ... select the type of protocol through which the filter will operate The default setting is All Port Range Enter a range of destination TCP or UDP port numbers to be tested An entry is required for TCP TCP New TCP Established and UDP and is not allowed for other protocols Separate multiple ports with commas Separate ranges of ports by colons Examples 22 filter on port 22 only 23 64 80 filter on port...

Page 114: ...urn to the Network IP Filter Ruleset Adding Editing Rulesets page see Figure 7 9 2 Edit the information as desired and click the Apply button Deleting an IP Filter To delete an IP filter rule set 1 On the Network IP Filter page the administrator selects the IP filter rule set to be deleted and clicks the Delete Ruleset button IP Filter Commands Go to IP Filter Commands to view CLI commands which c...

Page 115: ...col RIP to assign routes automatically Disabled by default RIP Version Select the RIP version The default is 2 Enable Static Routing Select to assign the routes manually The system administrator usually provides the routes Disabled by default To add a static route enter the IP Address Subnet Mask and Gateway for the route and click the Add Edit Route button The route displays in the Static Routes ...

Page 116: ...led in a separate table and can be viewed in the detailed VPN status or in the IP Routes table When a tunnel is up the amount of data passed through the tunnel can be viewed in the status with the bytes_i bytes input and bytes_o bytes output counters An example of the VPN status is below the status will vary depending on the authentication subnets and algorithms used For example the status display...

Page 117: ...ion it may be necessary to enable IP Forwarding or to add static routes in some cases traffic may not be passed through the tunnel without enabling IP Forwarding or static routes Refer to the VPN routing table that is displayed with the VPN status A watchdog program is automatically run when the VPN tunnel is enabled This program will detect if the VPN tunnel goes down for reasons other than the u...

Page 118: ...7 Networking EMG Edge Management Gateway User Guide 118 To set up a VPN connection 1 Click the Network tab and select the VPN option The following page displays Figure 7 11 Network VPN 1 of 2 ...

Page 119: ...n reconnects the console manager side of the tunnel should be started first so that it will act as a responder or server If the console manager side of the tunnel is started after the remote peer the console manager will act as a initiator client and may not automatically reconnect when the remote peer disconnects and is brought back up Name The name assigned to the tunnel Required to create a tun...

Page 120: ...will be used in ipsec conf this is the default signifying an address to be filled in by automatic keying during negotiation If the EMG initiates the connection setup the routing table will be queried to determine the correct local IP address In case the EMG is responding to a connection setup then any IP address that is assigned to a local interface will be accepted Local Id How the EMG should be ...

Page 121: ...e accepted values are IKEv1 IKEv2 and Any Default is IKEv2 Any uses IKEv2 when initiating but will accept any protocol version while responding It is recommended that any IKE Encryption or ESP Encryption parameters that are selected be supported by the IKE Version that is used Refer to the list of IKEv1 and IKEv2 cipher suites for more information IKE Encryption The type of encryption 3DES AES AES...

Page 122: ...hing proposal is found tunnel negotiation will proceed Below is an example of no matching proposal in the log messages charon 04 CFG received proposals ESP AES_CBC_128 HMAC_SHA2_256_128 ECP_256 NO_EXT_SEQ charon 04 CFG configured proposals ESP AES_CBC_128 AES_CBC_192 AES_CBC_256 HMAC_SHA2_256_128 HMAC_SHA2_384_192 HMAC_SHA2_512_256 HMAC_SHA1_96 AES_XCBC_96 NO_EXT_SE charon 04 IKE no matching propo...

Page 123: ...displayed and a tunnel will not be initiated It is possible to override this behavior but it is not recommended RSA Public Key for Remote Peer If RSA Public Key is selected for authentication the remote peer s public key can be uploaded or deleted If a public key has been uploaded this field will display key installed The peer RSA public key must be in Privacy Enhanced Mail PEM format e g BEGIN PU...

Page 124: ...1 hour how often the tunnel is rekeyed is calculated as rekeytime minimum 1h 9m 9m 42m rekeytime maximum 1h 9m 0m 51m So the rekeying time will vary between 42 minutes and 51 minutes It is recommended that the SA Lifetime be set greater than 540 seconds any values less than 540 seconds may require adjustments to the margintime and rekeyfuzz values which can be set with a custom ipsec conf file Som...

Page 125: ...ay in seconds between Dead Peer Detection RFC 3706 keepalives R_U_THERE R_U_THERE_ACK that are sent for the tunnel default 30 seconds Dead Peer Detection can also be disabled Dead Peer Detection Timeout Sets the length of time in seconds the EMG will idle without hearing either an R_U_THERE poll from the peer or an R_U_THERE_ACK reply The default is 120 seconds After this period has elapsed with n...

Page 126: ...the custom ipsec conf must be configured through the EMG UIs and must be configured or installed before a tunnel is brought up with an uploaded ipsec conf file When a tunnel is started with a custom ipsec conf file the authentication tokens required for the authby parameter are verified to exist before the tunnel is started For example if authby rsasig the EMG will verify that the EMG RSA public p...

Page 127: ...G IKEv1 This configuration is an example of a remote access connection to a Cisco VPN server responder that uses XAUTH and MODECFG to authenticate and push dynamic IP addresses and DNS servers to a VPN client The use of aggressive mode requires that ike and esp algorithms be specified and exactly match what the Cisco server is expecting Console manager configuration The pre shared key and the XAUT...

Page 128: ...isco configuration Note Main or aggressive mode is determined by the EMG side of the tunnel and does not require any change in the Cisco configuration interface GigabitEthernet0 0 nameif outside security level 0 ip address 192 168 1 130 255 255 255 0 interface GigabitEthernet0 3 nameif inside security level 100 ip address 192 168 3 130 255 255 255 0 object group network local network network objec...

Page 129: ... attributes ikev1 pre shared key Cisco ASA5525x Pre Shared Key IKEv2 This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server responder The aggressive setting can be either yes or no the Cisco ASA will honor the peer configuration Console manager configuration The pre shared key needs to be configured via the console manager UI conn ASA5525 keyexchange ikev2 ike...

Page 130: ...rk access list ASA SLC ACCESS extended permit ip object group local network object group remote network route outside 192 168 0 0 255 255 255 0 192 168 1 204 1 route inside 192 168 3 250 255 255 255 255 192 168 3 250 1 crypto ipsec ikev2 ipsec proposal IPSECv2 protocol esp encryption 3des protocol esp integrity sha 256 crypto ipsec security association pmtu aging infinite crypto map CM 20 match ad...

Page 131: ...24 modeconfig pull right 192 168 1 102 rightsubnet 192 168 2 0 24 dpddelay 0 dpdtimeout 120 dpdaction restart auto start type tunnel Cisco configuration crypto ikev2 proposal PROP encryption aes cbc 128 integrity sha256 group 2 crypto ikev2 policy ikev2policy proposal PROP crypto ikev2 keyring KEYRING peer ALL address 0 0 0 0 0 0 0 0 pre shared key local cisco123 pre shared key remote cisco123 cry...

Page 132: ... transform set ISR esp 3des esp sha384 hmac mode tunnel crypto map CM 10 ipsec isakmp set peer 192 168 1 100 set transform set ISR set ikev2 profile IKEv2_Profile match address VPN TRAFFIC crypto map IPSEC SITE TO SITE 10 ipsec isakmp set peer 192 168 1 100 set transform set ISR set pfs group2 match address VPN TRAFFIC VPN Commands Go to VPN Commands to view CLI commands which correspond to the we...

Page 133: ...s listed below are supported TLS SSL Web Server WebSSH Use only SHA2 and Higher for incoming TLS SSL connections will be enabled by default when booting into FIPS mode this can be disabled if necessary to allow TLS v1 0 and TLS v1 1 connections for more information see FIPS Mode and TLS SSL secure certificates imported for use with the web server must use a RSA public key with 2048 3072 or 4096 bi...

Page 134: ...DP and unencrypted LDAP If any of these protocols functions are enabled prior to enabling FIPS mode they will be automatically disabled The following table shows the algorithms allowed in FIPS mode and how they are used Algorithm Usage Key Sizes AES CBC CCM CFB CTR ECB GCM OFB XTS Symmetric encryption decryption 128 192 256 bit key lengths AES CMAC Generate verify data integrity with CMAC 128 192 ...

Page 135: ...is running in FIPS mode the Security page will display all processes that are running in FIPS mode To disable FIPS 1 Uncheck the Enable FIPS Mode check box on the Networks Security page 2 Click Apply The EMG unit will need to be rebooted for this change to take effect HMAC DRBG Random number generator V 160 224 256 384 512 bits and Key 160 224 256 384 512 bits CTR DRBG AES Random number generator ...

Page 136: ...ternal USB thumb drive or SD 200 operations can be stored per probe Responders The EMG can act as a responder for probes that require a responder to answer packets that are sent from the EMG UDP jitter UDP jitter VoIP UDP Echo and TCP Connect The EMG UDP jitter responder can support packet responses for up to 15 UDP jitter or UDP jitter VoIP probes The UDP Echo and TCP Connect can support packets ...

Page 137: ...kept Local storage a USB thumb drive inserted in the USB Port U1 or the SD card slot The data is stored in individual directories under a directory called perfmon Once probes have been run and operation set files have been generated changing the repository will cause all of the existing files to be moved from the old repository directory to the new repository directory It is recommended that the r...

Page 138: ...umulated statistics for any operation Latest Results Displays the latest raw packet results for the selected probe Latest Accumulated Displays the latest accumulated statistics for the selected probe State Restart Allows the state of a probe to be controlled the user can Restart a completed or running probe When a probe is added it will automatically start running depending on how the probe start ...

Page 139: ... add a new probe or edit an existing probe 1 Click the Network tab and select the Perf Monitoring option The Network Perf Monitoring page displays 2 To add a new probe in the lower section of the page select the Add Probe link To edit an existing probe select a probe by clicking the radio button to the right in the probe s row then select the Edit Probe button In both cases the following page disp...

Page 140: ... send for each probe For DNS Lookup probes this is the number of lookups to perform For HTTP Get probes this is the number of HTTP Gets to perform For TCP Connect probes this is the number of TCP connections to perform The valid range is 1 1000 for the Local repository and 1 2000 for a USB or SD card repository The default is 10 packets Interval between Packets Interval between packets in millisec...

Page 141: ...is only supported for ICMP Echo UDP Echo UDP Jitter and UDP Jitter VoIP probes Timeout How long the EMG will wait for a packet to arrive in milliseconds If the packet arrives after the timeout it will be considered a Late Arrival error see Error Conditions Detected by Probes The valid range is 10 1000 and the default is 200 msec UDP Jitter VoIP Codec For UDP Jitter VoIP probes the codec to simulat...

Page 142: ...mes RTT Probe 1 ICMP operation icmp_190709_154146 dat Pkt Time RT Time Result 1 19 07 09 15 41 46 469 0 717 msec OK 2 19 07 09 15 41 46 972 0 556 msec OK 3 19 07 09 15 41 47 482 0 443 msec OK 4 19 07 09 15 41 47 992 0 423 msec OK 5 19 07 09 15 41 48 501 0 472 msec OK 6 19 07 09 15 41 49 011 0 439 msec OK 7 19 07 09 15 41 49 521 0 444 msec OK 8 19 07 09 15 41 50 031 0 375 msec OK 9 19 07 09 15 41 5...

Page 143: ...d and sum squared of the positive or negative jitter times These numbers give a summary of how much variation there was in latency times and if the variation was small or large Latest Accumulated Statistics Probe 2 UDP Jitter operation udpjitter_190709_154422 dat Operation Type UDP Jitter to 172 19 100 17 60606 10 packets sent 500 ms apart timeout 200 ms Operation Start Time 19 07 09 15 44 22 480 ...

Page 144: ...equence Error A packet response was received with an unexpected sequence number Possible reasons are a duplicate packet was received a response was received after it timed out a corrupted packet was received and was not detected Verify Data Error A response was received for a packet with payload data that does not match the expected data DNS Server Timeout A DNS lookup could not be completed becau...

Page 145: ...Monitoring Commands to view CLI commands which correspond to the web page entries described above Refresh Refreshes the information on the Performance Monitoring Operations page RTT Results Displays the round trip time RTT results for the selected operation in a separate window The results show the time that the packet was sent the total round trip time for non jitter probes or the source to desti...

Page 146: ...N List The following page appears Figure 7 18 FQDN List 2 Enter the following information To add a Host enter the IP address FQDN and click Add Edit Hosts The IP address and hostname displays in the Hosts FQDN List You may add up to 15 hosts To edit a Host entry select the radio button next to the host in the Hosts FQDN List change the IP address or FQDN fields as desired and click Add Edit Hosts ...

Page 147: ...ss to all statistics and configurable items provided by the EMG unit It provides read write access to a select set of functions for controlling the EMG and device ports See the MIB definition file for details Identify a Simple Mail Transfer Protocol SMTP server Configure an audit log View the status of and manage the EMGs on the Secure Lantronix network Set the date and time Configure NFS and CIFS...

Page 148: ...on that may be cause for concern in addition to error messages This is the default for all message types Info Saves informative message in addition to warning and error messages Debug Saves extraneous detail that may be helpful in tracking down a problem in addition to information warning and error messages Network Level Messages concerning the network activity for example about Ethernet and routi...

Page 149: ...ately 500 entries You can set the maximum size of the log from 1 to 500 Kbytes Include CLI Commands Select to cause the audit log to include the CLI commands that have been executed Disabled by default Include In System Log If enabled the contents of the audit log are added to the system log under the General Info category level Disabled by default Server IP address of your network s Simple Mail T...

Page 150: ...tion disabled for security reasons Web Telnet Enables or disables the ability to access the EMG command Iine interface or device ports connect direct through the Web Telnet window Disabled by default Timeout If you enable Telnet logins you can cause an idle connection to disconnect after a specified number of minutes Select Yes and enter a value of from 1 to 30 minutes Timeout Data Direction If id...

Page 151: ...upports both MIB II as defined by RFC 1213 and a private enterprise MIB The private enterprise MIB provides read only access to all statistics and configurable items provided by the console manager It provides read write access to a select set of functions for controlling the console manager and device ports See the MIB definition file for details The console manager MIB definition file and the to...

Page 152: ...agement Gateway User Guide 152 Figure 8 2 Services SNMP 2 Enter the following Enable Agent Enables or disables the Simple Network Management Protocol SNMP agent which allows read only access to the system Disabled by default ...

Page 153: ...eLowHumidity 1 3 6 1 4 1 244 1 1 0 9 slcEventDevicePortDeviceHighHumidity 1 3 6 1 4 1 244 1 1 0 10 slcEventDevicePortDeviceError 1 3 6 1 4 1 244 1 1 0 11 slcEventUSBAction 1 3 6 1 4 1 244 1 1 0 14 slcEventInternalTemp 1 3 6 1 4 1 244 1 1 0 13 slcEventDevicePortError 1 3 6 1 4 1 244 1 1 0 15 slcEventSDCardAction 1 3 6 1 4 1 244 1 1 0 16 slcEventNoDialToneAlarm 1 3 6 1 4 1 244 1 1 0 17 slcEventDevic...

Page 154: ...rite A string that acts like a password for an SNMP manager to access the read only data from the EMG unit SNMP like a password for an SNMP manager to access the read only data the EMG SNMP agent provides and to modify data where permitted The Read Write Community is used for SNMP v1 and v2c The default is private Trap The trap used for outgoing generic and enterprise traps Traps sent with the Eve...

Page 155: ...sword Password for the user with read write authority to use to access SNMP v3 The default is SNMPRWPASS Up to 20 characters Passphrase Retype Passphrase Passphrase associated with the password for a user with read write authority Up to 20 characters If this is not specified it will default to the v3 Read Write Password User Name SNMP v3 is secure and requires user based authorization to access EM...

Page 156: ...o save EMG configurations on the network server Similarly use SMB CIFS Server Message Block Common Internet File System Microsoft s file sharing protocol to export a directory on the EMG as an SMB CIFS share The EMG unit exports a single read write CIFS share called public with a subdirectory called config which contains saved configurations and is read write The share allows users to access the c...

Page 157: ...r save configurations to this directory you must enable this option Mount Select the checkbox to enable the EMG unit to mount the file to the NFS server Disabled by default Mounted Indicates if the EMG was able to successfully mount the NFS share directory Share SMB CIFS directory Select the checkbox to enable the EMG to export an SMB CIFS share called public Disabled by default Network Interfaces...

Page 158: ...e To access Lantronix ITM devices on the local network 1 Click the Services tab and select the Secure Lantronix Network option The following page displays Figure 8 4 Services Secure Lantronix Network 2 Access your device or device port through any of the methods below To directly access the web interface for a secure Lantronix device 3 On the Secure Lantronix Network page click the IP address of a...

Page 159: ...interface that appears and login The CLI interface will indicate when your connection is established 4 To terminate the session use either the host s logoff command or use to terminate a Telnet session or to terminate an SSH session Figure 8 6 SSH or Telnet CLI Session To directly access a specific port on a particular device 1 You have two options Dashboard Make sure the WebSSH DP only radio butt...

Page 160: ...abled port number generates a popup window indicating the port is disabled see Figure 8 7 below Figure 8 7 Disabled Port Number Popup Window 2 Click your mouse into the CLI login interface that appears see Figure 8 6 and login The CLI interface will indicate when your connection is established 3 To terminate the session use either the host s logoff command or use to terminate a Telnet session or t...

Page 161: ... browser error displayed for self signed or untrusted certificates There is a problem with this website s security certificate or Your connection is not private The SSL server that handles Web SSH and Web Telnet sessions is accessible on port 8000 instead of the standard port 443 for SSL connections It is recommended that the EMG be configured to use a SSL certificate from a Certificate Authority ...

Page 162: ... in the browser for the primary EMG website will only accept the certificate for port 443 It will not accept the certificate for port 8000 This may result in a popup being displayed in the Web SSH or Web Telnet window indicating that the browser needs to accept a certificate To accept the self signed certificate for port 8000 go to Firefox Options or Preferences Advanced Certificates View Certific...

Page 163: ...net window provide copy and paste functionality via a right click menu the Copy option will copy what is highlighted in the Web SSH or Web Telnet window into an internal non system clipboard and the contents can be pasted into the Web SSH or Web Telnet window with the Paste command Support for copying and pasting content between the system clipboard and the Web SSH or Web Telnet window will vary f...

Page 164: ...d column shows the current source of synchronization while the st column reveals the stratum t the type u unicast m multicast l local don t know and poll the poll interval in seconds The when column shows the time since the peer was last heard in seconds while the reach column shows the status of the reachability register see RFC 1305 in octal The remaining entries show the latest delay offset and...

Page 165: ...lays the current NTP status if NTP is enabled above Synchronize via Select one of the following Broadcast from NTP Server Enables the EMG unit to accept time information periodically transmitted by the NTP server This is the default if you enable NTP Poll NTP Server Enables the EMG to query the NTP Server for the correct time If you select this option complete one of the following Local Select thi...

Page 166: ...t support any versions of the SSL protocol The Web Server page allows the system administrator to Configure attributes of the web server View and terminate current web sessions Import a site specific SSL certificate To configure the Web Server 1 Click the Services tab and select the Web Server option The following page appears Figure 8 10 Services Web Server ...

Page 167: ...lt the web uses High Medium security 128 bits or higher for the cipher This option can be used to configure the web to also support just High security ciphers 256 bit 168 bit and some 128 bit or FIPS approved ciphers see Security on page 133 Changing this option requires a reboot or restarting the web server with the CLI command admin web restart for the change to take effect Use only SHA2 and Hig...

Page 168: ...ific SSL certificate or generate a custom self signed SSL certificate The custom self signed SSL certificates generated by the EMG use the SHA256 hash algorithm To view reset import or change an SSL Certificate 1 On the Services tab click the Web Server page and click the SSL Certificate link The following page displays the current SSL certificate Run Web Server If enabled the web server will run ...

Page 169: ...e Unselected by default Root Filename Filename of the imported root or intermediate Certificate Authority If HTTPS is selected as the method for import the Upload File link will be selectable to upload a Certificate authority Import SSL Certificate To import your own SSL Certificate select the checkbox Unselected by default Import via From the drop down list select the method of importing the cert...

Page 170: ...our site select the checkbox The SHA256 hashing algorithm will be used to generate the certificate Unselected by default Number of Bits The number of bits to use when generating the certificate 2048 3072 or 4096 Number of Days The number of days that the certificate can be used before it expires up to 7500 days Country Name The two letter country code for the custom certificate e g US or FR State ...

Page 171: ...nt by the server An EMG gateway requires a unique Device ID to communicate with the ConsoleFlow portal The ID is viewable in the ConsoleFlow settings If a device is not already pre configured with the ID the ID must be provisioned using Lantronix Provisioning Manager LPM See the Lantronix Provisioning Manager User Guide at https www lantronix com products lantronix provisioning manager The Console...

Page 172: ...isplay Status with the date and time the status was sent The client also accepts command messages from the ConsoleFlow server to perform actions such as reboot or shutdown Each time a message is received Status of Client will display Message received with the date and time the message was received 4 Firmware and Configuration Updates The client checks for firmware and configuration updates at the ...

Page 173: ... response is received the Device Port status will be set to Disconnected This feature is disabled by default for all device ports and can be enabled for individual device ports via the CLI the frequency that the newline character is sent can be configured Digital probes that are enabled will only run while the ConsoleFlow client is running If a digital probe is enabled for a device that has set DS...

Page 174: ... a connection with the Messaging Host The General log see SSH Telnet Logging on page 147 will contain messages about connections made to the Registration Host and Messaging Host Status of Client displays the last time of actions performed by the client Note that when the client is disabled it may take as long as 30 seconds for the client to terminate depending on what actions the client was perfor...

Page 175: ...soleFlow active connection is Cloud Device Name The device name displayed in the ConsoleFlow server UI Valid characters are alphanumeric characters dash and underscore _ The default is the device type EMG with the last 4 characters of the Eth1 MAC address appended Device Description Long description that is displayed in the ConsoleFlow server UI Device ID The unique device identifier The ID is 32 ...

Page 176: ...ificates with HTTPS is enabled for the Registration Host a certificate authority will be used to validate the HTTPS certificates used for TLS Enabled by default Messaging Services If enabled messaging services are used for status updates and commands Enabled by default Messaging Host Hostname of the server used for messaging services The hostname should start with mqtt Messaging Port The TCP port ...

Page 177: ...e USB port or the SD card slot on the front of the EMG unit You can do this before or after powering up the EMG If the first partition on the storage device is formatted with a file system supported by the EMG unit ext2 FAT16 and FAT32 the card mounts automatically 2 Log into the EMG unit and click Devices 3 Click USB SD Card Figure 9 1 shows the page that displays Your storage device should displ...

Page 178: ...s into the USB port or the SD card slot on the front of the EMG unit 2 Click the USB SD Card tab Figure 9 1 shows the page that displays 3 Click the radio button on the far right of a USB or SD card device storage port 4 Click Configure Figure 9 2 shows the page that displays if a USB storage device is inserted Figure 9 3 shows the page that displays if an SD Card is inserted ...

Page 179: ...9 3 Devices SD Card Configure 5 Enter the following fields Mount Select the checkbox to mount the first partition of the storage device on the EMG unit if not currently mounted Once mounted a USB thumb drive or SD card is used for firmware updates device port logging and saving restoring configurations ...

Page 180: ...nmount the thumb drive or SD card Select the checkbox to unmount it Warning If you eject a thumb drive or SD card from the EMG unit without unmounting it subsequent mounts of a USB thumb drive or SD card in may fail and you will need to reboot the device to restore thumb drive or SD card functionality Format Format will do the following Unmount the USB SD card device if it is mounted Remove all ex...

Page 181: ... 3 To download a file click the Download File button Select the file from the list 4 To rename a file click the check box next to the filename and enter a new name in the New File Name field 5 Click Rename File USB Commands Go to USB Access Commands USB Device Commands USB Storage Commands and Internal Modem Commands to view CLI commands which correspond to the web page entries described above SD ...

Page 182: ...address ssh port number where ssh port number is uniquely assigned for each device port 4 If TCP is enabled for a device port establish a raw TCP connection to Eth1 IP address tcp port number or Eth2 IP address tcp port number where tcp port number is uniquely assigned for each device port 5 If a device port has an IP address assigned to it you can Telnet SSH or establish a raw TCP connection to t...

Page 183: ...ations if any other configuration is detected at boot the EMG unit will still boot disable use of the device ports and provide indications in the boot messages in the CLI and in the web that the I O configuration is invalid When an invalid configuration is corrected by reconfiguring the I O modules into a valid configuration after the EMG module is powered up and booted the valid configuration wil...

Page 184: ...the Devices tab and select the Device Status option The following page displays Figure 10 2 Devices Device Status Device Ports On the Devices Device Ports page you can set up the numbering of Telnet SSH and TCP ports view a summary of current port modes and select individual ports to configure 1 Click the Devices tab and select the Device Ports option The following page displays ...

Page 185: ...e modes include To set up Telnet SSH and TCP port numbering 1 Enter the following Idle The port is not in use The port is in data text mode Note You may set up ports to allow Telnet access using the IP Setting per Device Ports Settings on page 187 An external modem is connected to the port The user may dial into or out of the port Telnet in or SSH in is enabled for the device port The device port ...

Page 186: ...t 2000 ports are automatically assigned numbers 2001 2002 and so on Starting SSH Port Each port is assigned a number for connecting via SSH Enter a number 1025 65528 that represents the first port The default is 3000 plus the port number For example if you enter 3001 port 1 will be 3001 and subsequent 3000 ports are automatically assigned numbers 3001 3002 and so on Starting TCP Port Each port is ...

Page 187: ...open the Device Ports Settings page 1 You have two options Dashboard Make sure the Configuration radio button directly beneath the Dashboard is selected and click the desired port number in the Dashboard The Dashboard is located on the upper right corner of each Web Manager page see Chapter 6 Web Manager Device Ports Page Click the Devices tab and select the Device Ports option Select the port you...

Page 188: ...10 Device Ports EMG Edge Management Gateway User Guide 188 The following page displays Figure 10 4 Device Ports Settings 1 of 2 ...

Page 189: ... speed and a short type description for the USB device The EMG supports up to 8 USB type A Host devices at data rates of HS 480 Mbit s FS 12 Mbit s or LS 1 5 Mbit s Each port has VBUS 5V support of up to 100mA but not to exceed 600mA total per 4 port USB I O module Drawing more than 150 mA on a USB device port will shut down the VBUS 5V USB ports are designed for data traffic only and are not desi...

Page 190: ...ed by the characters space comma or semicolon then any user who logs into the device port must be a member of one of the specified groups otherwise access will be denied Users authenticated via RADIUS may have a group or groups provided by the RADIUS server via the Filter Id attribute that overrides the group defined for a user on the EMG unit A group provided by a remote server must be either a s...

Page 191: ... as Sensorsoft devices If the connected device is an RPM the user can assign an RPM to the device port by either select an existing RPM via the Select dropdown or clicking the Add RPM link to configure a new RPM for the EMG If an RPM is already assigned to the device port the user can click on the Selected RPM link to view status and configuration for the RPM If the connected device is a Sensorsof...

Page 192: ...work that the IP address falls in will be used For Telnet and SSH the default TCP port numbers 22 and 23 respectively are used to connect to the device port For raw TCP the TCP port number defined for TCP In to the device port is used Note If Ethernet Bonding is enabled assigning individual IP Addresses to Device Ports is not supported Note that the IP address will be bound to Eth1 only so if Eth2...

Page 193: ...e 1 command to connect port 1 to a Linux server For example if the user issues the ls command to display a directory on a Linux server then exits the connection the results of the ls will be stored in the buffer When the user then issues another direct connect device 1 the last 24 lines of the ls command is displayed so the user can see what state the server was left in USB Channel Applies to USB ...

Page 194: ...g a straight through Ethernet patch cable without the need for a rolled cable or adapter Enabled by default Note Applies to serial RJ45 device ports only All Lantronix serial adapters are intended to be used with Reverse Pinout disabled USB VBUS For USB Device Ports only If enabled the USB VBUS signal provides power to the USB device attached to a device port Disabling VBUS will power down the dev...

Page 195: ...to the modem user guide Modem Command Modem AT command used to initiate caller ID logging by the modem Note For the AT command refer to the modem user guide Dial Back Number Users with dial back access can dial into the EMG gateway and enter their login and password Once the EMG authenticates them the modem hangs up and dials them back Select the phone number the modem dials back on a fixed number...

Page 196: ...al in dial on demand PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the DOD CHAP Handshake fields authenticate the user DOD CHAP Handshake For DOD Authentication enter the Host User Name for UNIX systems or Secret User Password for Windows systems used for CHAP authentication May have up to 128...

Page 197: ...them to zeros select the Zero port counters checkbox in the IP Settings section of the page Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page Status may display N A if EMG is unable to dynamically determine the connected inserted device Device Ports Power Management In the Device Ports Power Management page c...

Page 198: ...figured while connected to a device port by entering the Power Management Sequence This will display the Power Management and Baud Rate menu which provides an option to set the Baud Rate To configure power management settings for a device port 1 Connect to a specific port on the Devices Device Ports page according to instructions in To open the Device Ports Settings page on page 187 2 Click the Se...

Page 199: ...s Esc P escape key then uppercase P This value is specified as x1bP which is hexadecimal x character 27 1B followed by a P See Key Sequences on page 231 for notes on key sequence precedence and behavior RPM For each managed power supply select a RPM most likely a PDU which has outlets that can be individually controlled and which provides power to the device connected to the device port See Chapte...

Page 200: ...number will be filled in as well as the managed power supply outlet name if a name is listed for the outlet and one has not already been defined for the managed power supply A unique name for the managed power supply name is required this is what will be displayed on the Power Management menu Name For each managed power supply enter the name on the selected RPM As an aid to selecting the name clic...

Page 201: ... for this device in degrees Fahrenheit instead of Celsius which is the default Humidity Current relative humidity on the device the sensor is monitoring Low Humidity Enter the relative humidity permitted on the device the sensor is monitoring below which the sensor sends a trap to the EMG High Humidity Enter the highest relative acceptable humidity permitted on the device above which the sensor se...

Page 202: ...e 10 9 Sensorsoft Status Device Port Commands Go to Device Port Commands to view CLI commands which correspond to the web page entries described above Device Commands Go to Device Commands to view CLI commands which correspond to the web page entries described above ...

Page 203: ...H flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address port TCP Port udp IP Address port UDP Port hostlist Host List Notes To escape from the connect direct command when the endpoint of the command is deviceport tcp or udp and return to the command line interface type the escape sequence assigned to the currently logged in us...

Page 204: ...t of a power loss Data logged to a file on an NFS server does not have these limitations The system administrator can define the directory for saving logged data on a port by port basis and configure file size and number of files per port The directory path must be the local directory for one of the NFS mounts For each logging file once the file size reaches the maximum a new file opens for loggin...

Page 205: ... send a string to the device or control one of the power supplies associated with the device Syslog Logging Data can be logged to the system log If this feature is enabled the data will appear in the Device Ports log under the Info level The log level for the Device Ports log must be set to Info for the data to be saved to the system log See Device Ports Logging and Events on page 204 To set loggi...

Page 206: ... a set of actions that can be enabled if a data trigger occurs The default is disabled Trigger on Select the method of triggering an action Data Byte Count A specific number of bytes of data This is the default Token Character String A specific pattern of characters which you can define by a regular expression Note Token Character String recognition may negatively impact the EMG unit s performance...

Page 207: ... one or more of the device port power supplies can be changed Email to The email address of the message recipient s for an email alert To enter more than one email address separate the addresses with a single space You can enter a total of 128 characters Email Subject A subject text appropriate for your site May have up to 128 characters The email subject line is pre defined for each port with its...

Page 208: ... from an NFS server mounted on the EMG Specify the local directory path for the NFS mount Max Number of Files The maximum number of files to create to contain log data to the port These files keep a history of the data received from the port Once this limit is exceeded the oldest file is overwritten The default is 10 Max Size of Files The maximum allowable file size in bytes The default is 2048 by...

Page 209: ... 1 Click the Devices tab and select Console Port The following page displays Figure 10 11 Devices Console Port 2 Change the following as desired Baud The speed with which the device port exchanges data with the attached serial device From the drop down list select the baud rate Most devices use 9600 for the administration port so the console port defaults to this value Data Bits Number of data bit...

Page 210: ...necting If selected when you connect to the console port with a terminal emulator you will see the last lines output to the console for example the EMG boot messages or the last lines output during a CLI session on the console Group Access If undefined any group can access the console port If one or more groups are specified groups are delimited by the characters space comma or semicolon then any ...

Page 211: ...and the System Configuration report The internal modem provides a subset of the modem functionality available for modems connected to a Device Port and USB modems If the internal modem is installed the Internal Modem web page can be displayed by selecting the Internal Modem option from the main menu or by selecting the MD button in the Sample Dashboards on the upper right corner of the web page No...

Page 212: ...dem 2 Complete or view the following sections Text Mode PPP Mode State Indicates whether the internal modem is enabled When enabling set the modem to dial out dial in dial back and dial on demand Disabled by default For more information on the different dialing types see Modem Dialing States ...

Page 213: ...ovided by a remote server must be either a single group or multiple groups delimited by the characters comma semicolon or equals for example group group1 group2 or group1 group2 group3 Initialization Script Commands sent to configure the modem may have up to 100 characters Consult your modem s documentation for recommended initialization options If you do not specify an initialization script the E...

Page 214: ...ed by a DHCP server select Yes This is the default If the EMG unit or the modem have fixed IP addresses select No and enter the Local IP IP address of the internal modem and Remote IP IP address of the modem Authentication Enables PAP or CHAP authentication for modem logins PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods ...

Page 215: ...energized turned on the relay is closed connecting both relay ports on the I O connector through the relay When the relay is turned off the signal path is open disconnecting the relay ports on the I O connector DIO terminal block in the UIs the ports are designated as Front 1 Front 2 and Front Relay To configure the DIO ports 1 Change the following Front 1 and Front 2 Input port fields Remote Dial...

Page 216: ...are letters numbers dashes periods and underscores _ State view only Displays the current state of the port on or off The Change State check box and Off On selection can be used to change the state of the port Normal State Defines the typical or normal state of the Relay port This setting is used for Events Wake State The initial state of the relay port when the console manager boots Latch Control...

Page 217: ... update bin Sending update bin Bytes Sent 117988 BPS 919 Transfer complete An example of receiving the same file with Zmodem from device port 4 using the CLI emg431d se xmodem receive 4 protocol zmodem xfer binary Starting Zmodem receive of file specified by protocol Receiving update bin 0 Bytes received 117988 117988 BPS 937 Transfer complete Note When performing critical operations such as firmw...

Page 218: ...imum repository size is 25 MB 3 To rename a file select the box to the right of the file in the Xmodem Files Repository list enter the new file name in the New File Name field and click the Rename File button 4 To delete a file select the box to the right of the file in the Xmodem Files Repository list and click the Delete button 5 To send a file select the box to the right of the file in the Xmod...

Page 219: ... file with the same name already exists in the repository and Receive Overwrite is not enabled the transfer will abort without overwriting the existing file Xmodem Commands Go to Xmodem Commands to view CLI commands which correspond to the web page entries described above Protocol Select whether to use the Xmodem Ymodem or Zmodem protocol Xmodem is a very rudimentary protocol that sends files in 1...

Page 220: ...lect the Host Lists option The following page displays Figure 10 13 Devices Host Lists 2 Enter the following Note To clear fields in the lower part of the page click the Clear Host List button 3 To add hosts enter the following Host Parameters Host List Id Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the EMG should attempt ...

Page 221: ... default escape character For Telnet the escape character is either a single character or a two character sequence consisting of followed by one character If the second character is the DEL character is selected Otherwise the second character is converted to a control character and used as the escape character For SSH the escape character is a single character Note When the Device Port Esc Sequenc...

Page 222: ...ollowing 3 View add or update the host parameters Host List Id View only Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the EMG should attempt to retry connecting to the host list Authentication Select to require authentication when the EMG unit connects to a host Host Name or IP address of the host Protocol Protocol for conn...

Page 223: ...1 Select the host list in the Host Lists table 2 Click the Delete Host List button After the process completes a confirmation message is displayed on the page Host List Commands Go to Host List Commands to view CLI commands which correspond to the web page entries described above Escape Sequence The escape character used to get the attention of the SSH or Telnet client It is optional and if not sp...

Page 224: ...ed for a modem To use sites with a modem create one or more sites described below then enable Use Sites for the modem Sites can be used with the following modem states dial in dial back CBCP Server dial on demand dial in dial on demand and dial back dial on demand For more information on how sites are used with each modem state see Modem Dialing States on page 227 To add a site 1 Click the Devices...

Page 225: ...tching site Timeout Logins For text dial in connections the connection can time out after the connection is inactive for a specified number of minutes Negotiate IP Address If the EMG and the remote server should negotiate the IP addresses for each side of the PPP connection select Yes Select No if the address of the EMG unit Local IP and remote server Remote IP need to be specified Static Route IP...

Page 226: ...Dial back Delay For dial back and CBCP Server the number of seconds between the dial in and dial out portions of the dialing sequence Dial back Retries For dial back and CBCP Server the number of times the EMG unit will retry the dial out portion of the dialing sequence if the first attempt to dial out fails Modem Timeout Timeout for dial in and dial on demand PPP connections Select Yes default fo...

Page 227: ... to CHAP and c the Port is set to None or matches the port the modem is on If the remote peer requests PAP or CHAP authentication from the EMG unit the Remote Dial out Login and Remote Dial out Password configured for the modem not the site will be provided as authentication tokens If a matching site is found its Negotiate IP Address NAT and Modem Timeout parameters will be used for the rest of th...

Page 228: ...s setting Dial on demand The EMG unit automatically dial outs and establishes a PPP connection when IP traffic destined for a remote network needs to be sent It will remain connected until no data packets have been sent to the peer for a specified amount of time When this modem state is initiated the EMG searches the site list for all sites that a have a Dial out Number defined b have a Static Rou...

Page 229: ...ly dialing out to establish a PPP connection when IP traffic destined for a remote network needs to be sent When either event occurs an incoming call or IP traffic destined for the remote network the other mode will be disabled For Dial back the user will be authenticated via PAP or CHAP determined by the Authentication setting for the modem For PAP the Local Remote User list will be used to authe...

Page 230: ...with the Authentication setting For PAP the Local Remote list will be used to authenticate the login and password sent by the PPP peer For CHAP the CHAP Handshake Host User Name and Secret User Password will be used to authenticate CHAP Challenge response sent by the PPP peer If the remote peer requests PAP or CHAP authentication from the EMG unit the Remote Dial out Login and Remote Dial out Pass...

Page 231: ...nt key sequences so that the EMG can properly handle each of the functions accessed by the key sequence while connected to a device For example if the View Port Log Sequence is set to the same sequence as the Power Menu Sequence and this sequence is typed while connected to a device port both the Power Menu and the option to display Port Log will be displayed with the Power Menu taking precedence ...

Page 232: ...fic devices see Optimizing and Troubleshooting RPM Behavior on page 244 Devices RPMs To control or view status for an RPM 1 Click the Devices tab and select the RPMs option The RPMs page displays Figure 11 1 Devices RPMs 2 In the RPMs table select the RPM by clicking on the radio button in the far right column The options that are available for that RPM will be displayed as active links above the ...

Page 233: ...or the selected RPM This option is available for all RPMs Outlets Displays the RPMs Outlets page for RPMs that support individual outlet control and status Beeper Enable Mute Disable If the RPM has a beeper than can be controlled these options allow the administrator to Enable Mute or Disable the beeper If you try to use Mute to silence a beeper and the beeper continues to sound the UPS most likel...

Page 234: ...11 Remote Power Managers EMG Edge Management Gateway User Guide 234 Figure 11 3 RPM Notifications Figure 11 4 RPM Raw Data Log ...

Page 235: ...t vendors and nearly 1000 different models that are supported the key to ensuring the EMG can properly manage a PDU or UPS is selecting the right model with its associated driver and any required driver options especially for USB managed devices To add a new managed RPM 1 Click the Devices tab and select the RPMs option The RPMs page displays as shown in Figure 11 1 2 On the Devices RPMs page clic...

Page 236: ...ces RPMs Add Device page with the same functionality can also be accessed through the Device Ports Settings 1 of 2 page by selecting RPM in the Connected dropdown menu Figure 11 7 Devices RPMs Add Device 3 Enter the following Vendor Select the correct vendor from the drop down menu ...

Page 237: ... device these are extra options which may be required to make the driver work The most frequent use of the driver options is for USB devices the vendor and product ID may be required so that the EMG can find the correct device on the USB bus or in the event that the default driver options do not work with the RPM The vendor and product ID may be automatically filled in if a USB Device is selected ...

Page 238: ...hat has reached a low battery state Shutdown all UPSes shutdown all UPSes managed by the EMG Allow battery failure allow the battery to completely fail which may result in the unsafe shutdown of the devices it provides power to Shutdown both EMG UPSes shutdown both UPSes that provide power to the EMG including the UPS with that has reached a low battery state some EMGs have dual power supplies For...

Page 239: ...RPMs provide a model string If the device normally provides the device model and becomes unreachable or does not provide a model string the Model is derived from the supported model list strings of Outlets Specify the number of outlets on the RPM maximum of 120 outlets Outlets On view only The number of outlets that are currently turned on if this information is provided by the RPM F W Version vie...

Page 240: ... life Beeper Status view only For UPS devices only Displays the current state of the UPS beeper Managed via view only Displays the method used to control the RPM device SNMP Network Serial Port USB port IP Address For SNMP and Network Telnet managed RPMs specify the IP address of the RPM Port For network Telnet managed RPMs this is assumed to be port 23 if left blank or it can be filled in with an...

Page 241: ... Indicates the behavior to take when the UPS reaches a low battery state Options are to Shutdown this UPS shutdown only the UPS that has reached a low battery state Shutdown all UPSes shutdown all UPSes managed by the EMG Allow battery failure allow the battery to completely fail which may result in the unsafe shutdown of the devices it provides power to Shutdown both EMG UPSes shutdown both UPSes...

Page 242: ...numbers and their state On or Off If the RPM provides additional information for the outlets the custom name and the current reading in Amperes will also be displayed for each outlet Figure 11 9 RPMs Outlets 3 To change the state of one or more outlets select the outlets and click the Cycle Power Turn On or Turn Off buttons The command will be sent to the RPM and the page will refresh It may take ...

Page 243: ...d in what order The UPS with the low battery will be placed into FSD Forced Shutdown mode The following actions will be performed based on the Low Battery Action setting for the UPS with the failed battery Allow Battery Failure The UPS battery will be allowed to run until it fails completely If the UPS provides power to the EMG and the battery fails the EMG will not be cleanly shutdown In this sce...

Page 244: ...ore adding the device as an RPM otherwise the RPM may experience query errors If the EMG is unable to communicate with an RPM or an RPM is displaying the error driver is not running the following steps can be used to troubleshoot the driver issues Correct Driver The CLI command set rpm driver RPM Id or Name action show can be used to display the current running driver for the RPM Some serially and...

Page 245: ...RPM Id or Name action show should show a driver running with one or more D flags The debug output can be examined or emailed with the set rpm driver RPM Id or Name action viewoutput email Email Address display head tail numlines Number or Lines command To return the driver to its normal non debug state run set rpm driver RPM Id or Name action restart Note that drivers running in debug mode will ge...

Page 246: ...ustom Scripts can be created Each Custom Script run is an operation and the results from each operation can be viewed Up to 50 script result files will be saved locally in the EMG storage Once this maximum is reached and new result files are generated the oldest result files will automatically be deleted to accommodate the new result files A user can create scripts at the web view scripts at the w...

Page 247: ...script details Script Name A unique identifier for the script Type Select Interface for a script that utilizes Expect Tcl to perform pattern detection and action generation on Device Port output Select Batch for a script of CLI commands Select Custom for an Expect Tcl or Python script that can be run against a CLI session or a Device Port either manually or scheduled to run at periodic intervals ...

Page 248: ...fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC devices on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit RPMs Right to view and enter Remote Power Mana...

Page 249: ...name in the New Name field 2 Click the Rename Script button The script will be renamed and the Devices Scripts page redisplays To delete a script 1 In the Scripts table select the script to delete 2 Click the Delete Script button After a confirmation the script will be deleted and the Devices Scripts page redisplays To schedule a custom script 1 In the Scripts table select the script and click the...

Page 250: ... script schedule 1 In the Scripts table select the script to enable or disable 2 Click the Enable button this will resume running of a script at its next scheduled time if it was previously disabled or the Disable button this will suspend running of a script but continue to update the schedule The script s state will be updated and the Scripts page redisplays To view the list of completed operatio...

Page 251: ...This action requires that a EMG user running the connect script command have Device Port Operations do rights and port permissions for the selected device port 2 To run a Batch Script at the CLI with a series of CLI commands or a Custom Script for pattern recognition and action generation use the set script runcli Script Name command This action requires that an EMG user running the runcli command...

Page 252: ...ommand suspends execution of the script puts it to sleep for the specified number of seconds Syntax sleep value The while command allows a loop containing CLI commands to be executed Syntax while Boolean expression CLI command 1 CLI command 2 CLI command n Note The closing left brace must be on a line without any other characters To support a while command the set command variables and secondary c...

Page 253: ...his section Secondary Command One of the secondary commands defined in this section Quoted String A group of characters enclosed by double quote characters A quoted string may include any characters including space characters If a double quote character is to be included in a quoted string it must be preceded escaped by a backslash character Variable Reference A word as defined above preceded by a...

Page 254: ...pr secondary command A value generated via the format secondary command A value generated via the expr timestamp command unset This command removes the definition of a variable within a script Syntax unset variable where variable is a word scan The scan command is analogous to the C language scanf Syntax scan variable format string value 1 value 2 value n where variable a variable reference and fo...

Page 255: ... and attempts to match it against one or more patterns If one of the patterns matches the input the corresponding optional command is executed All expect commands have the same syntax expect string 1 command 1 string 2 command 2 string n command n where string x will either be a quoted string a variable reference or the reserved word timeout The command x is optional but the curly braces and are r...

Page 256: ... of str string index str int Return the character located at position int in str string range str int start int end Return a string consisting of the characters in str between int start and int end string tolower str Convert str to lowercase string toupper str Convert str to uppercase string trim str 1 str 2 Trim str 2 from str 1 string trimleft str 1 str 2 Trim str 2 from the beginning of str 1 s...

Page 257: ...at command is analogous to the C language sprintf The format command will only be used in combination with the set command to produce the value for a variable Syntax format format string value 1 value 2 value n where format string will be a quoted string Each of the value x elements will be a word a quoted string or a variable reference Command Description while The while command executes an assoc...

Page 258: ... or elseif command It executes an associated block of commands if its Boolean expression evaluates to TRUE Each command within the block must be a Primary command Syntax elseif Boolean expression command 1 command 2 command n The else command is used in combination with an if or elseif command to provide a default path of execution If the Boolean expressions for all preceding if and elseif command...

Page 259: ... session Refer to the following spawn command syntax Note For CLI sessions a local user name should be given For Device Port sessions the devicePort variable will be used by the EMG to connect the script to the appropriate Device Port The noecho flag may be passed to spawn command Expect script CLI session spawn clisession U username Expect script Device Port session spawn portsession p devicePort...

Page 260: ...d or write files on the EMG filesystem or interrogate the EMG filesystem The list of commands that are not allowed for Expect scripts includes fork open exp_open exec system log_file pwd 6 For scripts that return an exit code the EMG will interpret an exit code of zero as a successful exit code and any non zero exit code as an error Non zero exit codes are displayed at the CLI or logged for script...

Page 261: ...irectly to a device port by logging into the EMG port gets the device hostname loops a couple of times to get port interface statistics and logs out The following is the script set monPort 7 set monTime 5 set sleepTime 2 set prompt set login sysadmin set pwd PASS Send CR to echo prompt send r sleep sleepTime Log in or check for Command Prompt expect Did not capture login or Command Prompt timeout ...

Page 262: ...t time The following is the screen output emg247 conn script ex4 deviceport 7 login Logging in sysadmin sysadmin Password PASS Welcome to the Lantronix Edge Management Gateway Model Number EMG851101 For a list of commands type help EMG251 show network port 1 host show network port 1 host ___Current Hostname Settings____________________________________________ Hostname EMG251 Domain support int lan...

Page 263: ... 7 Seconds since zeroed 1453634 Bytes input 0 Bytes output 0 Framing errors 0 Flow control errors 0 Overrun errors 0 Parity errors 0 EMG251 Port Counter Monitor Script Ending ________________________________________________________________________ Login Out logout Returning to command line emg247 ...

Page 264: ...terface Scripts______Group Permissions_____________________________ getSLC Adm ad nt sv dt lu ra um dp pc rp rs fc dr sn wb sk po do Test Adm ad nt sv dt lu ra um dp pc rp rs fc dr sn wb sk po do monport Adm none ___Batch Scripts__________Group Permissions_____________________________ cli Adm ad nt sv dt lu ra um dp pc rs fc dr sn wb sk po do rp emg247 emg247 connect script monport deviceport 7 lo...

Page 265: ... EMG251 Current Time 21 25 20 show portcounter deviceport 7 show portcounter deviceport 7 Device Port 7 Seconds since zeroed 1454136 Bytes input 0 Bytes output 0 Framing errors 0 Flow control errors 0 Overrun errors 0 Parity errors 0 EMG251 Port Counter Monitor Script Ending ________________________________________________________________________ Login Out logout Returning to command line emg247 ...

Page 266: ...end_user Error err Terminating session n exit err Are there any command line parameters if argc 0 set location lindex argv 0 set now clock seconds set date clock format now format D R if argc 0 myprint Internal temperature of the location EMG at date else myprint Internal temperature of the EMG at date spawn the CLI session if catch spawn noecho clisession U sysadmin result abortSession 1 set sess...

Page 267: ...t emgPrompt expect_out 1 string Run the temperature command exp_send show temperature n expect timeout myprint Timeout waiting for temperature abortSession 3 re Current Internal Temperature r n set emgTemp expect_out 1 string myprint Temperature emgTemp exp_send logout n wait i sessionId exit 0 This script can be run manually at the CLI emga508 set script runcli cliExample parameters East Data Cen...

Page 268: ...r err Terminating session n exit err set now clock seconds set date clock format now format D R myprint Load of ServerTech PDU outlet B1 at date spawn the port session on a device port if catch spawn noecho portsession p devicePort result abortSession 1 set sessionId spawn_id Handle eof expect_after i sessionId eof myprint Session unexpectedly terminated abortSession 2 set timeout 10 log_user 0 Lo...

Page 269: ...t LOGIN r n expect REMOVE r n expect RESTART r n expect timeout myprint Timeout waiting for prompt abortSession 3 re r n r set pduPrompt expect_out 1 string Run the ostat command exp_send ostat b1 n expect Outlet Power r n expect ID Watts r n expect timeout myprint Timeout waiting for load abortSession 3 re B1 s S s S s S set pduLoad expect_out 1 string myprint Outlet B1 Load pduLoad Amps expect p...

Page 270: ...nating session n exit err if argc 2 myprint Usage script_md_cisco exp TFTP Server Backup File Name abortSession 1 set tftp lindex argv 0 set configFile lindex argv 1 set enablePassword secret set timeout 10 set now clock seconds set date clock format now format D R myprint Backing up Cisco Server to tftp configFile at date spawn the port session on a device port if catch spawn noecho portsession p...

Page 271: ...oggedIn true set passwordPrompt true send enable r set loggedIn true set execMode true Error r n send_user expect_out 0 string abortSession 5 timeout set cnt expr cnt 1 myprint Logged in send copy running config tftp tftp configFile r expect tftp send r expect configFile send r myprint Backup initiated expect myprint Successfully backed up timeout myprint Timeout waiting for backup to complete abo...

Page 272: ...cli_radius py RADIUS server RADIUS secret sys exit 1 print Settings RADIUS server on EMG at end now datetime datetime now print now strftime Y m d H M server sys argv 1 secret sys argv 2 proc subprocess Popen clisession U sysadmin stdin subprocess PIPE stdout subprocess PIPE stderr subprocess PIPE wait for prompt while True output_str proc stdout readline if b list of commands in output_str proc s...

Page 273: ...c stdin close proc terminate proc wait sys exit 1 proc stdin write b set radius state enable n proc stdin flush while True output_str proc stdout readline if b RADIUS settings successfully updated in output_str break elif b set radius not in output_str RADIUS command returned an error s1 str output_str s2 s1 split r 1 print RADIUS command returned s2 split n 0 proc stdin close proc terminate proc ...

Page 274: ...tached to device port 3 and displays this prompt engcisco_cat3560 the name for device port 3 will be set to engcisco_cat3560 3 import pexpect import datetime import time import sys import re now datetime datetime now print Detecting devices on EMG at end print now strftime Y m d H M start the CLI session to get number of device ports p pexpect spawn clisession U sysadmin emgPrompt numPorts 0 logge...

Page 275: ...Ports 8 Loop through device ports connect and try to detect the prompt while devicePort numPorts if skipPorts and devicePort 9 and devicePort 16 devicePort devicePort 1 pList append continue print Scanning device port devicePort port str devicePort p pexpect spawn portsession p port Login if required and wait for the first prompt p sendline gotPrompt False emgDevice False cnt 1 while not gotPrompt...

Page 276: ...Prompt p send n i p expect pexpect TIMEOUT pexpect EOF r n timeout 10 if i 0 or i 1 Timeout or EOF print Timeout waiting for the prompt on DP devicePort p terminate True p wait devicePort devicePort 1 pList append continue if i 2 prompt devPrompt p match group 1 decode utf 8 if devPrompt print Timeout waiting for the prompt on DP devicePort devicePort devicePort 1 pList append continue print Detec...

Page 277: ...ate True sys exit 1 elif i 4 prompt loggedIn True devicePort 1 while devicePort numPorts if skipPorts and devicePort 9 and devicePort 16 devicePort devicePort 1 continue if len pList devicePort 1 0 Detected a prompt set it print Setting name on DP devicePort to pList devicePort 1 s set deviceport port str devicePort name pList devicePort 1 p sendline s i p expect pexpect TIMEOUT Device Port settin...

Page 278: ...now format D R if argc 0 puts Internal temperature of the location EMG at date else puts Internal temperature of the EMG at date set io open clisession U sysadmin r set loggedIn false while loggedIn set len gets io line if string first Invalid local user line 1 puts Invalid local user passed to clisession break if string first For a list of commands line 1 puts io n flush io if string first line 1...

Page 279: ...12 Scripts EMG Edge Management Gateway User Guide 279 set gotTemp true puts Temperature emgTemp puts io logout flush io exit 0 ...

Page 280: ...nections are always re established after reboot At a specified date and time These connections connect after the date and time pass After a specified amount of data or a specified sequence of data passes through the connection Following reboot the connection is not reestablished until the specified data passes through the connection Typical Setup Scenarios for the EMG unit Following are typical co...

Page 281: ...Telnet or SSH into the EMG They could also select text mode where using a terminal emulation program a user could dial into the EMG unit and connect to the command line interface Figure 13 2 Remote Access Server Reverse Terminal Server In this scenario the EMG has one or more device ports connected to one or more serial ports of a mainframe server Users can access a terminal session by establishin...

Page 282: ... ports The device ports on the EMG are connected to the console ports of the equipment To manage a specific piece of equipment the user can Telnet or SSH to a specific port or IP address on the EMG unit and be connected directly to the console port of the end server or device To configure this setup set the Enable Telnet In or Enable SSH In option on the Device Ports Settings 1 of 2 page for the d...

Page 283: ...e are advanced connection settings for specific applications If the EMG is being used as a console or device server it is unlikely that you will need any of the Connection settings described below To create a connection 1 Click the Devices tab and select Connections The Connections page displays as shown in Figure 13 6 ...

Page 284: ...running a loopback test Note To see the current settings for this device port click the Settings link Data Flow Select the arrow showing the direction bidirectional or unidirectional the data will flow in relationship to the device port you are connecting to From the drop down list select a destination for the connection a device port connected to a serial device a device port connected to a modem...

Page 285: ... you select Device Port it must not have command line interface logins enabled or be running a loopback test To view the device port s settings click the Settings link to the right of the port number SSH Out Options Select one of the following optional flags to use for the SSH connection User Login ID to use for authenticating on the remote host Version Version of SSH Select 1 or 2 Command Enter a...

Page 286: ...dministrative access to the EMG via the default sysadmin local user account can be limited to only the front console port of the EMG device See Limiting Sysadmin User Access on page 71 Authentication can occur using all methods in the order of precedence until a successful authentication is obtained or using only the first authentication method that responds in the event that a server is down If y...

Page 287: ...m NFS LDAP Lightweight Directory Access Protocol A set of protocols for accessing information directories specifically X 500 based directory services LDAP runs over TCP IP or other connection oriented transfer services RADIUS Remote Authentication Dial In User Service An authentication and accounting system used by many Internet Service Providers ISPs A client server protocol it enables remote acc...

Page 288: ... unavailable clear the check box Note When limiting accessibility of the sysadmin login to the physical EMG console manager device make sure to uncheck Attempt next method on authentication rejection 6 Click Apply Now that you have enabled one or more authentication methods you must configure them Authentication Commands Go to Authentication Commands to view CLI commands which correspond to the we...

Page 289: ... and Rights You cannot deny a user rights defined for the group but you can add or remove all other rights at any time By default the system assigns new users to the Default Users group but you can change their group membership at any time If you change a user s rights while the user is logged into the web or CLI the results do not take effect until the next time the user logs in User Right Admini...

Page 290: ...ng all local and remote users To enable local and or remote users 1 Enter the following Enable Local Users Select to enable all local users except sysadmin The sysadmin user is always available regardless of how you set the check box Enabled by default Multiple Sysadmin Web Logins Select to allow the sysadmin to have multiple simultaneous logins to the web interface Disabled by default Sysadmin Ac...

Page 291: ... to an EMG custom group allow EMG access if matched Disabled by default Complex Passwords Select to enable the EMG unit to enforce rules concerning the password structure e g alphanumeric requirements number of characters punctuation marks Disabled by default Complexity rules Passwords must be at least eight characters long They must contain one upper case letter A Z one lower case letter a z one ...

Page 292: ...t is recommended that you change the default password on initial setup The password should be recorded and stored in a secure place accessible by at least two authorized system administrators To change the sysadmin password see the next topic Adding Editing or Deleting a User Through this User Authentication Local Remote Users page you can delete a user listed in the table or open a page for addin...

Page 293: ...5 Note The UID must be unique If it is not EMG unit automatically increments it Starting at 101 the EMG finds the next unused UID Listen Ports The device ports that the user may access to view data using the connect listen command Enter the port numbers or the range of port numbers for example 1 5 8 10 15 U1 denotes the USB port on the EMG unit Data Ports The device ports with which the user may i...

Page 294: ... line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B See Key Sequences on page 231 for notes on key sequence precedence and behavior Custom Menu If custom menus have been created you can assign a default...

Page 295: ...editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage Secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete loca...

Page 296: ...n Local Remote Users page select the user and click the Add Edit User button The Local Remote User Settings page displays 2 Click the Delete User button 3 Click the Apply button To change the sysadmin password 1 On the User Authentication Local Remote Users page select sysadmin and click the Add Edit User button The Local Remote User Settings page displays 2 Enter the new password in the Password ...

Page 297: ...does not provide port permissions you can use this page to grant device port access to users who are authenticated through NIS All NIS users are members of a group that has predefined user rights associated with it You can assign additional user rights that are not defined by the group To configure the EMG unit to use NIS to authenticate users 1 Click the User Authentication tab and select the NIS...

Page 298: ...owed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp See Key Sequences on page 231 for notes on key sequence precedence and behavior Break Sequence A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested val...

Page 299: ... SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of ...

Page 300: ...Microsoft Active Directory The LDAP implementation supports LDAP servers that do not allow anonymous queries Users who are authenticated through LDAP are granted device port access through the port permissions on this page All LDAP users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the EM...

Page 301: ...ide 301 Figure 14 6 User Authentication LDAP 2 Enter the following Enable LDAP Displays selected if you enabled this method on the first User Authentication page If you want to set up this authentication method but not enable it immediately clear the checkbox ...

Page 302: ...Objectclass The objectclass used by the LDAP server for groups If nothing is specified for the group filter the EMG will use posixGroup For AD LDAP servers the objectclass for groups is typically Group Group Member Attribute The attribute used by the LDAP server for group membership This attribute may be use to search for a name ie msmith or a Distinguished Name ie uid msmith ou People dc lantroni...

Page 303: ... mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp See Key Seque...

Page 304: ...net logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC devices on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to ...

Page 305: ...henticated through RADIUS are granted device port access through the port permissions on this page All RADIUS users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the EMG unit to use RADIUS to authenticate users 1 Click the User Authentication tab and select RADIUS The following page displa...

Page 306: ...fy an optional port the EMG uses the default RADIUS port 1812 Server 2 Secret Text that serves as a shared secret between a RADIUS client and the server EMG unit The shared secret is used to encrypt a password sent between the client and the server May have up to 128 characters Timeout The number of seconds 1 30 after which the connection attempt times out The default is 30 seconds Use VSA Select ...

Page 307: ... group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Web Access Networking Date Time Reboot Shutdown and Diagnostics Reports Administrators This group has all possible rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Ser...

Page 308: ...me is specified and it matches a current EMG custom group name any rights attribute will be ignored and the custom group s rights permissions will be used instead A group name with spaces cannot be specified escseq Escape sequence The value string specifies the user s escape sequence Use x to specify non printable characters For example x1bA specifies the sequence ESC A brkseq Break sequence The v...

Page 309: ...ttributes VENDOR Lantronix 244 BEGIN VENDOR Lantronix ATTRIBUTE Lantronix User Attributes 1 string END VENDOR Lantronix Once this is complete the users file can be updated to include the Lantronix VSA for any user myuser Auth Type Local User Password myuser_pwd Reply Message Hello u Lantronix User Attributes data 1 4 listen 1 6 clear 1 4 group power ...

Page 310: ...g in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions on this page All Kerberos users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the EMG to use Kerberos to authenticate users 1 Click the...

Page 311: ...s Escape Sequence A single character or a two character sequence that causes the EMG to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect dire...

Page 312: ...t logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the ...

Page 313: ...on request to the TACACS server with the Service and optional Protocol The EMG will wait for an authorization response that will indicate if the user was successfully authorized for the requested service and protocol and also contains a set of attribute value pairs which define the attributes associated with the TACACS user The priv_lvl or priv lvl is the only attribute sent from the TACACS server...

Page 314: ...le TACACS here or on the first User Authentication page If you enable TACACS here it automatically displays at the end of the order of precedence on the User Authentication page TACACS Servers 1 3 IPv4 or IPv6 address or host name of up to three TACACS servers Secret Retype Secret Shared secret for message encryption between the EMG and the TACACS server Enter an alphanumeric secret of up to 127 c...

Page 315: ...ed see Custom User Menu Commands you can assign a default custom menu to TACACS users Escape Sequence A single character or a two character sequence that causes the EMG to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x charact...

Page 316: ...gins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user...

Page 317: ...r for groups that a LDAP user is a member of if any of the LDAP group names match a Custom Group Name the LDAP user will be granted the rights of the custom group A custom group cannot be given the name of one of the pre defined groups Admin Power or Default or any version of these names where the case of the letters is different since these names are used for the EMG pre defined groups Any LDAP g...

Page 318: ...ort on the front of the EMG unit Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Enable for Dial back Select to grant a user Users with dial back access can dial into the EMG unit and enter their login and password Once the EMG authenticates them the modem hangs up and dials them back Disabled by default Dial back Number The phone number the mode...

Page 319: ... the menu at login Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage Secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to...

Page 320: ...e group attributes and permissions will be displayed in the lower section of the page 2 Modify the group attributes and permissions and click the Edit Group button To delete a group 1 Select the group in the Groups table 2 Click the Delete Group button Group Commands Go to Groups Commands to view CLI commands which correspond to the web page entries described above ...

Page 321: ...on into the EMG unit from the designated host user combination uses the SSH key for authentication Exported Keys The EMG can generate SSH keys for SSH connections out of the EMG for any EMG user The EMG retains both the private and public key on the EMG unit and makes the public key available for export via SCP SFTP FTP or copy and paste The name of the key is used to generate the name of the publ...

Page 322: ...and host if this is not included with the key file For example the public key below from a public private key pair generated by PuTTY can be imported into the console manager but will require the user and host associated with the key to be specified BEGIN SSH2 PUBLIC KEY Comment rsa key 20200320 AAAAB3NzaC1yc2EAAAABJQAAAQEAv37tfnOKNcMPLFOA69gPhVk5A1ieKCPywzwK uQsyMGOdCeFabfgtFu5WwnYZG9IzvWR12KTCfO...

Page 323: ... 14 11 User Authentication SSH Keys 2 Enter the following information Imported Keys SSH In Host User Associated with Key These entries are required in the following cases The imported key file does not contain the host that the user will be making an SSH connection from or ...

Page 324: ...loaded via HTTPS or to be copied via SCP SFTP or FTP may contain multiple keys or the public key optionally including user host at the end if Copy Paste is used Host IP address of the remote server from which to SCP SFTP or FTP the public key file Path Optional pathname to the public key file Login User ID to use to SCP SFTP or FTP the file Password Retype Password Password to use to SCP SFTP or F...

Page 325: ...elete button SSH Server Host Keys To view reset or import SSH RSA And DSA host keys 1 On the User Authentication SSH Keys page click the SSH Server Host Keys link at the top right The following page displays the current host keys In the example below the current keys are the defaults Export via Select the method SCP SFTP FTP HTTPS or Copy Paste of exporting the key to the remote server Copy Paste ...

Page 326: ...l checkboxes are unselected by default Import Host Key To import a site specific host key select the checkbox Unselected by default Type From the drop down list select the type of host key to import Import via From the drop down list select the method of importing the host key SCP or SFTP The default is SFTP Public Key Filename Filename of the public host key Private Key Filename Filename of the p...

Page 327: ...To return to the SSH Keys page click the Back to SSH Keys link SSH Commands Go to SSH Key Commands to view CLI commands that correspond to the web page entries described above Path Path of the directory where the host key will be stored Login User ID to use to SCP or SFTP the file Password Retype Password Password to use to SCP or SFTP the file ...

Page 328: ...d Each command can also have a nickname associated with it which can be displayed in the menu instead of the command The commands showmenu Menu Name and returnmenu can be entered to display another menu from a menu or to return to the prior menu The command returncli can be used to break out of a menu and return to the regular CLI To add a custom menu 1 Click the User Authentication tab and select...

Page 329: ...ill replace the currently selected command nickname in the list The Unselect Command Nickname button can be used to unselect the currently selected command nickname in the list 4 To add more commands to the custom menu repeat step 3 5 You also have the following options To edit a command nickname in the custom menu select the command in the Commands Nicknames List box and select the left arrow but...

Page 330: ...r Menu Commands From the current menu a user can display another menu thus allowing menus to be nested The special command showmenu Menu Name displays a specified menu The special command returnmenu redisplays the parent menu if the current menu was displayed from a showmenu command The user with appropriate rights creates and manages custom user menus from the command line interface but can assig...

Page 331: ...onfiguration Restore The Zero Touch Provisioning feature allows a factory defaulted EMG to acquire a default configuration from a DHCP server when it is booted If ZTP will be performed in an untrusted network it is recommended that the Vendor Specific Information option using HTTPS and X 509 certificates be used At boot time before the normal startup process a unit will attempt to acquire network ...

Page 332: ...m client side key file The console manager will search external storage devices in this order upper USB port lower USB port if present and SD card The first external storage device that is found and successfully mounted is expected to be the source for the certificate files if they are not located in the top level directory ZTP will terminate and not attempt to locate a ZTP file with any other met...

Page 333: ...output in the previous step can be copied to the top level directory of the external storage device that will be used for ZTP The certificate can be verified e g view the algorithms validity date and CN etc at anytime with the command openssl x509 noout text in cacert pem 3 Create the server certificate and sign it with the root certificate a Create the server certificate s private key longer bit ...

Page 334: ... can be copied to the top level directory of the external storage device that will be used for ZTP rename client key to key pem and client crt to cert pem The certificate can be verified e g view the root CA algorithms validity date and CN etc at anytime with the command openssl x509 noout text in client crt HTTPS Push Configuration Restore The HTTPS Push Configuration feature allows a saved confi...

Page 335: ...b drive or SD card The file should contain one line with the MAC address of the Eth1 Ethernet port with or without colons case insensitive Insert the storage device into the console manager 2 Boot the console manager After the message Starting model the console manager will attempt to mount an external storage device The console manager will search external storage devices in this order upper USB ...

Page 336: ...15 Maintenance EMG Edge Management Gateway User Guide 336 To configure settings 1 Click the Maintenance tab The following page displays Figure 15 1 Maintenance Firmware Configurations ...

Page 337: ...ng calibration Data Center Rack Row Set these fields to define the rack row the EMG unit is located within a large data center The default for these fields is 1 Data Center Rack Cluster Set these fields to define the rack cluster the EMG is located within a large data center The default for these fields is 1 Data Center Rack Set these fields to define the rack the EMG unit is located within a larg...

Page 338: ...es before booting the EMG Default is 3 seconds range is 3 1800 seconds Boot Limit how many times the EMG will fail to boot before switching to the alternate boot bank After the EMG fails to boot 2 times Boot limit so it has attempted to boot Boot Limit times on each bank the EMG will go into advanced recovery mode which may require support from Technical Support to resolve so that the EMG can be b...

Page 339: ...at instead of the password protected zip file format The Tarball Format is only available for saving a configuration via HTTPS Restore Factory Defaults Restores factory defaults If you select this option the EMG unit reboots after you apply the update Restore Saved Configuration Returns the EMG settings to a previously saved configuration If you select this option the EMG reboots after you apply t...

Page 340: ... FTP Server The FTP server specified in the FTP SFTP TFTP section If you select this option select FTP or SFTP to transfer the configuration file NFS Mounted Directory Local directory of the NFS server for mounting files CIFS Share Saved Configurations If restoring select a saved configuration from the drop down list USB If a USB device is loaded into the USB port of the EMG and properly mounted t...

Page 341: ...plays the name and the time and date the file was saved 2 To rename a file select a file enter the New File Name and click the Rename File button 3 To download a file select a file and click the Download File button 4 To delete files select one multiple files or all files and click the Delete File button A verification message showing files deleted will appear Click Back to Manage Files to return ...

Page 342: ...lays Figure 15 3 Maintenance System Logs 2 Enter the following to define the parameters of the log you would like to view Log Select the type s of log you want to view All Network Services Authentication Device Ports Diagnostics General Software Level Select the alert level you want to view for the selected log Error Warning Info Debug Starting at Select the starting point of the range you want to...

Page 343: ...r to Lantronix Technical Support See Emailing Logs and Reports on page 352 To clear system logs 1 From the Maintenance System Logs page select Maintenance System Logs 2 Click the Clear Log button to clear all log information System Log Commands Go to System Log Commands to view CLI commands which correspond to the web page entries described above Ending at Select the endpoint of the range you want...

Page 344: ... is saved through EMG reboots 1 Click the Maintenance tab and select the Audit Log option The following page displays Figure 15 5 Maintenance Audit Log 2 To select a sort option click the appropriate button To sort by date and time click the sort by Date Time button this is the default To sort by user click the sort by User button To sort by command action click the sort by Command button 3 To ema...

Page 345: ...he Maintenance tab and select the Email Log option The following page displays Figure 15 6 Maintenance Email Log 2 To email this log follow the instructions in Emailing Logs and Reports on page 352 3 To clear the log click the Clear Log button Logging Commands Go to Logging Commands USB Device Commands USB Storage Commands and Internal Modem Commands to view CLI commands which correspond to the we...

Page 346: ... can use equivalent commands on the command line interface 1 Click the Maintenance tab and select the Diagnostics option The following page displays Figure 15 7 Maintenance Diagnostics 2 Select Diagnostics from checklist one or more diagnostic methods you want to run or select All to run them all IPv4 ARP Table The IPv4 Address Resolution Protocol ARP table used to view the IP address to hardware ...

Page 347: ... number of times the string is sent is equal to the number of packets sent For TCP the number of times the string is sent may or may not be equal to the number of packets sent because TCP controls how data is packetized and sent out Enter the following Protocol Select the type of packet to send TCP or UDP Hostname Specify a host name or IPaddress of the host to send the packet to Port Specify a TC...

Page 348: ...n on connect to default 5201 p port n Format to report f format kmgtKMGT Pause n seconds between reports i interval n Bind to a host an interface or multicast address B bind More detailed output V verbose Output in JavaScript Object Notation JSON format J json Note The options below are supported on the client only Set length of buffer to n default 8 KB l length n KMG Use UDP rather than TCP u udp...

Page 349: ...atus and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page 1 Click the Maintenance tab and select the Status Reports option The following page displays Figure 15 9 Maintenance Status Reports The top half of the page displays the status of each port power supply and the internal modem Green indicates that the port connection ...

Page 350: ...outes Displays the routing table Connections Displays all active connections for the EMG unit Telnet SSH TCP UDP device port and modem System Configuration Complete Displays a complete snapshot of the EMG settings System Configuration Basic Displays a snapshot of the EMG unit s basic settings for example network date time routing services console port System Configuration Authentication Displays a...

Page 351: ...ide 351 Figure 15 10 Generated Status Reports 4 To email these report s follow the instructions in Emailing Logs and Reports on page 352 Status Commands Go to Status Commands to view CLI commands which correspond to the web page entries described above ...

Page 352: ...gure 15 10 To email a log to an individual 1 In the Comment field of a particular log or report page enter a comment if desired 2 Select the to field beside the empty field where you then enter the person s email address 3 Press the Email Output button An email is immediately sent and a confirmation appears on the screen Figure 15 11 Emailed Log or Report To view information about the EMG unit and...

Page 353: ...15 Maintenance EMG Edge Management Gateway User Guide 353 Figure 15 12 About EMG ...

Page 354: ... Over Under Limit for Sensorsoft devices Humidity Over Under Limit for Sensorsoft devices Device Port Data Drop No Internal Modem Dial Tone Ping Host Fails RPM Load Over Threshold DIO Port State Change DIO Port State Abnormal Host to Ping When the trigger is set to Ping Host Fails enter the hostname IPv4 address or IPv6 address of the host to ping The host will be pinged every 2 minutes RPM When t...

Page 355: ...state abnormal the selected action will be triggered if the state changes from the Normal state to the opposite state see DIO Port on page 215 for more information Action From the drop down list select the action taken because of the trigger For example the action can be writing an entry into the syslog with details of the event or sending the trap s to the Ethernet or modem connection Syslog Forw...

Page 356: ...ore the user logs in May contain up to 1024 characters Single quote and double quote characters are not supported Welcome to the EMG is the default Note To create more lines use the n character sequence Login Banner The text to display on the command line interface after the user logs in May contain up to 1024 characters Single quote and double quote characters are not supported Default is blank N...

Page 357: ...nds to view CLI commands which correspond to the web page entries described above SSH Banner The text to display when a user logs into the EMG via SSH prior to authentication May contain up to 1024 characters Single quote and double quote characters are not supported Blank by default Note To create more lines use the n character sequence ...

Page 358: ...on an administrator can remotely access any of the connected IT devices using Telnet or SSH Figure 16 1 EMG Configuration This chapter includes three typical scenarios for using the EMG unit The scenarios assume that the EMG is connected to the network and has already been assigned an IP address In the examples we use the command line interface You can do the same things using the web page interfa...

Page 359: ...lnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff IP none Authentication PAP Logins disabled CHAP Host none Break Sequence x1bB CHAP Secret none Check DSR disabled NAT disabled Close DSR disabled Dial out Login none Dial out Password none Dial out Number ...

Page 360: ...om the SUN server console Mar 15 09 09 44 tssf280r sendmail 292 ID 702911 mail info starting daemon 8 12 2 Sun SMTP queueing 00 15 00 Mar 15 09 09 44 tssf280r sendmail 293 ID 702911 mail info starting daemon 8 12 2 Sun queueing 00 15 00 Mar 15 14 44 40 tssf280r sendmail 275 ID 702911 mail info starting daemon 8 12 2 Sun SMTP queueing 00 15 00 Mar 15 14 44 40 tssf280r sendmail 276 ID 702911 mail in...

Page 361: ...t deviceport port 1 initscript AT F K3 C1 D2 C0A Device Port settings successfully updated EMG set deviceport port 1 auth pap Device Port settings successfully updated EMG set deviceport port 1 localsecret password Device Port settings successfully updated EMG set deviceport port 1 modemstate dialin Device Port settings successfully updated EMG 2 Configure the device port that is connected to the ...

Page 362: ...mand EMG connect direct deviceport 2 SunOS 5 7 login frank Password Last login Wed Jul 14 16 07 49 from computer Sun Microsystems Inc SunOS 5 7Generic October 1998 SunOS computer 5 7 Generic_123485 05 sun4m sparc SUNW SPARCstation 20 6 Use the escape sequence to escape from direct mode back to the command line interface ...

Page 363: ...____________ Number 2 Name Port 2 Modem Settings Data Settings IP Settings Modem State disabled Baud Rate 9600 Telnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff IP none Authentication PAP Logins disabled CHAP Host none Break Sequence x1bB CHAP Secret no...

Page 364: ...e a connection between the vt100 terminal connected to device port 2 and an outbound telnet session to the server The IP address of the server is 192 168 1 1 EMG connect bidirection 2 telnet 192 168 1 1 Connection settings successfully updated 4 At the VT100 terminal hit return a couple of times The Telnet prompt from the server displays Trying 192 168 1 1 Connected to 192 168 1 1 Escape character...

Page 365: ... specify one of the values aa or bb separated by a vertical line The values are in all lowercase and must be entered exactly as shown Bold indicates a default value parameter name Value User must specify an appropriate value for example an IP address The parameter values are in mixed case Square brackets indicate optional parameters Action Category set auth cellular cflow cifs cli command consolep...

Page 366: ...isplay the possible names if more than one is possible Following a space after the preceding name Tab displays all possible names Should you make a mistake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port Use the left an...

Page 367: ... line Control b move back to the start of the current word Control f move forward to the end of the next word Control u erase from cursor to the beginning of the line Control k erase from cursor to end of the line Administrative Commands admin banner login Syntax admin banner login Banner Text Description Configures the banner displayed after the user logs in Note To go to the next line type n and...

Page 368: ... config checksum Syntax admin config checksum Description Displays a checksum for the current configuration Can be used to determine if the configuration has changed admin config copy Syntax admin config copy current Config Name location local nfs cifs usb sdcard nfsdir NFS Mounted Directory usbport U1 Description Copies the current configuration or optionally a configuration from another location...

Page 369: ... retain after the config restore or config factorydefaults Description Restores the EMG unit to factory default settings admin config restore Syntax admin config restore Config Name location local ftp sftp nfs cifs usb sdcard intsd nfsdir NFS Mounted Directory usbport U1 savesshkeys enable disable savesslcert enable disable Config Params to Preserve is a comma separated list of current configurati...

Page 370: ...S Mounted Dir usbport U1 Description Lists the configurations saved to a location admin eeprom Syntax admin eeprom slot integer id string slot 0 for first slot 1 for second slot 2 for third slot 3 for fourth slot id 04UBA for 4 Port USB FRU part number 330 0374 00 Rev A 04UBB for 4 Port USB FRU part number 330 0374 01 Rev A 04SPB for 4 Port RJ45 FRU part number 330 0373 00 Rev A 04SPC for 4 Port R...

Page 371: ...enter advanced recovery mode If Boot Count has reached Boot Limit setting this value to 0 will enable the EMG to boot again Default is 0 range is 0 1 admin firmware bootlimit Syntax admin firmware bootlimit 3 20 Description Configures bootlimit parameters that control how many times the EMG will fail to boot before switching to the alternate boot bank After the EMG fails to boot 2 times Boot limit...

Page 372: ...on before forcing a reboot admin firmware show Syntax admin firmware show viewlog enable disable Description Lists the current firmware revision the boot bank status and optionally displays the log containing details about firmware updates admin firmware update Syntax admin firmware update ftp tftp sftp nfs usb sdcard file Firmware File key Checksum Key nfsdir NFS Mounted Dir usbport U1 Descriptio...

Page 373: ... server Syntax admin ftp server IP Address or Hostname login User Login path Directory Description Sets the FTP TFTP SFTP server used for firmware updates and configuration save restore admin ftp show Syntax admin ftp show Description Displays FTP settings admin memory show Syntax admin memory show Description Displays information about EMG memory usage admin memory swap add Syntax admin memory sw...

Page 374: ...quicksetup Syntax admin quicksetup Description Runs the quick setup script admin reboot Syntax admin reboot Description Immediately terminates all connections and reboots the EMG admin shutdown Syntax admin shutdown Description Prepares the EMG to be powered off admin site Syntax admin site row Data Center Rack Row Number admin site cluster Data Center Rack Group Number admin site rack Data Center...

Page 375: ...ftp scp rootfile Cert Authority File certfile Certificate File privfile Private Key File host IP Address or Name login User Login path Path to Files Description Imports an SSL certificate admin web certificate reset Syntax admin web certificate reset Description Resets the web server to the default SSL certificate admin web certificate custom Syntax admin web certificate custom Description Generat...

Page 376: ...r Remote Group Name Description Configures the group that can access the web admin web server Syntax admin web server enable disable Description Enables or disables running the web server TCP ports 80 and 443 admin web sha2 Syntax admin web sha2 enable disable Description Enables using only SHA2 and higher ciphers admin web timeout Syntax admin web timeout disable 5 120 Description Configures the ...

Page 377: ...rent ciphers admin web banner Syntax admin web banner Description Configures the banner displayed on the web home page admin web iface Syntax admin web iface none eth1 eth2 cell wlan ppp Description Defines a list of network interfaces the web is available on admin web cipher Syntax admin web cipher high himed fips Description Note FIPS functionality is not available in the current release Configu...

Page 378: ... or disables TLS v1 0 admin web tlsv11 Syntax admin web tlsv11 enable disable Description Enables or disables TLS v1 1 admin web restart Syntax admin web restart Description Restarts the web server Warning The following admin chip commands should only be used under the direction of Lantronix Technical Support admin chip resetmodem Description Resets the internal modem chip in key system chips Synt...

Page 379: ... Syntax admin chip resetsfp ethport 1 2 Audit Log Commands show auditlog Syntax show auditlog command user clear Description Displays audit log By default shows the audit log sorted by date time You can sort it by user or command or clear the audit log Authentication Commands set auth Syntax set auth one or more parameters Parameters authusenextmethod enable disable kerberos 1 6 ldap 1 6 localuser...

Page 380: ... user Description Displays attributes of the currently logged in user Kerberos Commands set kerberos Syntax set kerberos one or more parameters Parameters allowdialback enable disable clearports Port List custommenu Menu Name dataports Port List dialbacknumber Phone Number breakseq 1 10 Chars escapeseq 1 10 Chars group default power admin ipaddr Key Distribution Center IP Address kdc Key Distribut...

Page 381: ...Commands set ldap Syntax set ldap one or more parameters Parameters state enable disable server1 IP Address or Name server2 IP Address or Name port TCP Port base LDAP Base bindname Bind Name bindwithlogin enable disable useldapschema enable disable adsupport enable disable filteruser User Login Attribute filtergroup Group Objectclass grmemberattr Group Membership Attribute grmembervalue dn name en...

Page 382: ...le port set ldap bindpassword Description Set the LDAP bind password Syntax set ldap bindpassword set ldap certificate import Description To upload X 509 PEM certificate for Start TLS encrypted connections Syntax set ldap certificate import via sftp scp rootfile Cert Auth File certfile Certificate File keyfile Key File host IP Address or Name login User Login path Path to Files set ldap certificat...

Page 383: ... Name uid User Identifier group default power admin Custom Group Name passwordexpires enable disable permissions Permission List Note See User Permissions Commands on page 390 for information on groups and user rights Remove Escape Break Sequences for users making raw binary connections to Device Ports Description Configures local accounts including sysadmin who log in to the EMG by means of the W...

Page 384: ...bles authentication of local users set localusers delete Syntax set localusers delete User Login Description Deletes a local user set localusers lifetime Syntax set localusers lifetime Number of Days Description Sets the number of days the login password may be used The default is 90 days set localusers maxloginattempts Syntax set localusers maxloginattempts Number of Logins Description Sets the m...

Page 385: ...g Number of Days Description Sets the number of days the system warns the user that the password will be expiring The default is 7 days set localusers reusehistory Syntax set localusers reusehistory Number of Passwords Description Sets the number of passwords the user must use before reusing an old password The default is 4 set localusers multipleadminlogins Syntax set localusers multipleadminlogi...

Page 386: ...lusers lock Syntax set localusers lock User Login Description Blocks locks a user s ability to login set localusers unlock Syntax set localusers unlock User Login Description Allows unlocks a user s ability to login set localusers permissions Syntax set localusers add edit user permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rp rs rc dr wb sn ad md...

Page 387: ... group default power admin listenports Port List master IP Address or Hostname permissions Permission List Note See User Permissions Commands on page 390 for information on groups and user rights slave1 IP Address or Hostname slave2 IP Address or Hostname slave3 IP Address or Hostname slave4 IP Address or Hostname slave5 IP Address or Hostname state enable disable Description Configures the EMG to...

Page 388: ...rmission List Note See User Permissions Commands on page 390 for information on groups and user rights timeout enable 1 30 Note Sets the number of seconds after which the connection attempt times out It may be 1 30 seconds Description Configures the EMG to use RADIUS to authenticate users who log in via the Web SSH Telnet or the console port set radius server Syntax set radius server 1 2 host IP A...

Page 389: ...Authorize protocol Protocol for Service timeout 1 10 seconds dataports Port List listenports Port List clearports Port List escapeseq 1 10 Chars breakseq 1 10 Chars custommenu Menu Name allowdialback enable disable dialbacknumber Phone Number group default power admin permissions Permission List Note See User Permissions Commands on page 390 for information on groups and user rights Set the TACACS...

Page 390: ...r admin custom group name Description Adds a local user to a user group or changes the group the user belongs to set localusers lock Syntax set localusers lock User Login Description Blocks locks a user s ability to login set localusers unlock Syntax set local users unlock User Login Description Allows unlocks a user s ability to login set localusers permissions Syntax set localusers add edit user...

Page 391: ...erberos tacacs permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rp rs rc dr wb sn ad md sd Description Sets permissions not already defined by the assigned permissions group show user Syntax show user Description Displays the rights of the currently logged in user Remote User Commands set remoteusers add edit Syntax set remoteusers add edit User Log...

Page 392: ...ethod Access to authenticated remote users whose LDAP group or TACACS priv_lvl map to a EMG custom group set remoteusers listonlyauth Syntax set remoteusers listonlyauth enable disable Description Configure whether remote users who are not part of the remote user list will be authenticated set remoteusers denyaccessnocustomgroup Syntax set remoteusers denyaccessnocustomgroup enable disable Descrip...

Page 393: ...cription Sets a permission group for remotely authorized users Cellular Modem Commands set cellular Syntax set cellular parameters Parameters state dhcp disable apn APN of Mobile Carrier roam enable disable cellauth none pap chap celluser username simlock enable disable Transfer files to initiate a firmware update on the cellular modem set cellular update ftp sftp scp usb sdcard fwfile Firmware Fi...

Page 394: ...efault and can be disabled set cflow statusinterval Syntax set cflow statusinterval 1 60 minutes fwconfiginterval 1 72 hours Description Set interval between status updates and firmware and configuration checks set cflow fwupdate Syntax set cflow fwupdate enable disable configupdate enable disable Description Enable or disable firmware and configuration updates via ConsoleFlow set cflow rebootafte...

Page 395: ... ConsoleFlow Cloud or On Premise settings set cflow devicename Syntax set cflow devicename Device Name description Device Description Description Configure the device name and description used for registration set cflow timeoutcli Syntax set cflow timeoutcli 1 1800 seconds set cflow timeoutdp 1 1800 seconds Description Configure the timeout for the ConsoleFlow Web Terminal sessions set cflow digit...

Page 396: ...low show cflow status show cflow perfmon show cflow scripts show cflow probes Description Show ConsoleFlow settings CLI Commands set cli Syntax set cli scscommands enable disable Parameters set cli scscommands enable disable set cli terminallines disable Number of Lines set cli menu start Menu Name show cli Description Allows you to use SCS compatible commands as shortcuts for executing commands I...

Page 397: ... to run Syntax set cli menu start Menu Name set cli terminallines set cli terminallines disable Number of lines Description Sets the number of lines in the terminal emulation screen for paging through text one screenful at a time if the EMG cannot detect the size of the terminal automatically Note Settings are retained between CLI sessions for local users and users listed in the remote users list ...

Page 398: ...ce Port or Name exclusive enable disable ssh IP Address or Name port TCP Port SSH flags where SSH flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address or Name port TCP Port trigger now datetime chars If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars estab...

Page 399: ...me port TCP Port udp IP Address port UDP Port hostlist Host List Description Connects to a device port to monitor and or interact with it or establishes an outbound network connection connect global outgoingtimeout Syntax connect global outgoingtimeout disable 1 9999 seconds Description Sets the amount of time the EMG will wait for a response sign of life from an SSH Telnet server that it is tryin...

Page 400: ...where SSH flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address or Name port TCP Port trigger now datetime chars If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or characters or a character sequence e...

Page 401: ...tax show connections connid Connection ID email Email Address Description Displays details for a single connection You can optionally email the displayed information Console Port Commands set consoleport Syntax set consoleport one or more parameters Parameters baud 300 921600 databits 7 8 flowcontrol none xon xoff rts cts group Local or Remote Group Name parity none odd even showlines disable 1 50...

Page 402: ...n Assigns a custom user menu to a local user set menu add Syntax set menu add Menu Name command Command Number Description Creates a new custom user menu or adds a command to an existing custom user menu set menu edit Syntax set menu edit Menu Name parameter Parameters command Command Number nickname Command Number redisplaymenu enable disable shownicknames enable disable title Menu Title Descript...

Page 403: ...us kerberos tacacs custommenu Menu Name Description Assigns a custom menu to users who authenticate via NIS LDAP Radius Kerberos or TACACS set remoteusers add edit Syntax set remoteusers add edit User Login custommenu Menu Name Description Sets a default custom menu for remotely authorized users show menu Syntax show menu all Menu Name Description Displays a list of all menu names or all commands ...

Page 404: ...me zone one parameter at a time show datetime Syntax show datetime Description Displays the local date time and time zone set ntp Syntax set ntp one or more ntp parameters Parameters localserver1 IP Address or Hostname localserver2 IP Address or Hostname localserver3 IP Address or Hostname poll local public publicserver IP Address or Hostname state enable disable sync broadcast poll Description Sy...

Page 405: ...umidity permitted for the port sensorsoft degrees celsius fahrenheit Enables or disables temperature settings as celcius or fahrenheit sensorsoft traps enable disable Enables or disables traps when specified conditions are met sensorsoft status Displays the status of the port sensorsoft showall Displays the status for all connected Sensorsoft devices and ignores the device port nlist Note The Sens...

Page 406: ...user cbcpnocallback enable disable chapauth chaphost localusers chaphost CHAP Host or User Name checkdsr enable disable closedsr enable disable connectedmsg enable disable databits 7 8 device none sensorsoft rpm detectname enable disable detecttokens Name Detection Tokens dialbackdelay PPP Dial back Delay dialbacknumber usernumber Phone Number dialbackretries 1 10 dialinlist Host List for Dial in ...

Page 407: ...g enable disable parity none odd even portlogseq 1 10 Chars poweraction on off cycle powermgmtseq 1 10 Chars powersupply Managed Power Supply Name remoteipaddr negotiate IP Address restartdelay PPP Restart Delay reversepinout enable disable sendstring String to Send QUOTEDSTRING sendtermstr enable disable showlines disable 1 50 lines slmlogging enable disable slmnms NMS IP Address slmthreshold Thr...

Page 408: ...odchapsecret Reset a device port terminating and restarting all relevant connections set deviceport port Device Port or List or Name reset Configure up to 4 managed power supplies for device connected to a device port set deviceport port Device Port or Name managepower Reset a device port terminating and restarting all relevant connections set deviceport port Device Port or List or Name reset Note...

Page 409: ...w deviceport names Description Displays a list of all device port names show deviceport port Syntax show deviceport port Device Port List or Name display ip data modem logging device Description Displays the settings for one or more device ports show deviceport types Syntax show deviceport types Description Displays the list of port types RJ45 or USB for all device ports show portcounters Syntax s...

Page 410: ...e or more device ports show portstatus Syntax show portstatus deviceport Device Port List or Name email Email Address Description Displays the modes and states of one or more device port s You can optionally email the displayed information DIO Commands Digital Input Output Port Command Synopsis set dio port Syntax set dio port inf1 inf2 parameters Parameters name DIO Port Name normalstate on off D...

Page 411: ...ble for IPv4 or the Neighbor table for IPv6 for mapping IP Addresses to hardware addresses diag internals Syntax diag internals email Email Address Enable debug printing on the next EMG reboot diag internals printapplication enable disable printconnection enable disable printmanagement enable disable Description Displays information on the internal memory storage and processes of the EMG You can o...

Page 412: ...ber of bytes to transmit instead of t n bytes n KMG Time in seconds to transmit for default 10 secs t time n Set the IPv6 flow label L flowlabel n Use a zero copy method of sending data Z zerocopy Omit the first n seconds O omit n Prefix every output line with this string T title str of blocks packets to transmit instead of t n k blockcount Set the IP type of service 0 255 The usual prefixes for o...

Page 413: ...d for USB device ports diag netstat Syntax diag netstat protocol all tcp udp email Email Address Defaults protocol all Description To display a report of network connections You can optionally email the displayed information diag nettrace Syntax diag nettrace one or more parameters Parameters ethport 1 2 protocol tcp udp icmp esp host IP Address or Name numpackets Number of Packets verbose low med...

Page 414: ... In Bytes ethport 1 2 Defaults count 5 packetsize 64 diag sendpacket host Description Generate and send Ethernet packets Syntax diag sendpacket host IP Address or Name port TCP or UDP Port Number string Packet String protocol tcp udp count Number of Packets diag top Syntax diag top parameters Description Displays CPU usage memory usage and tasks Parameters continuous enable disable count Number of...

Page 415: ...umbers will displayed at the end of the line in square brackets Parameters treedisplay enable disable mapdevice enable disable email Email Address Defaults treedisplay enable diag wlan Synopsis Display boot log messages related to wireless devices diag wlan bootlog Display device capabilities diag wlan capabilities Display available channels diag wlan channels Display country regional information ...

Page 416: ...nomodemdial or templimit response is one of action syslog action emailalert emailaddress destination email address action snmptrap nms SNMP NMS community SNMP Community action diorelayon action fwdalltrapseth fwdseltrapeth ethport 1 2 cell nms SNMP NMS community SNMP Community oid SNMP OID action fwdalltrapsmodem fwdseltrapmodem deviceport Device Port or Name nms SNMP NMS community SNMP Community ...

Page 417: ...dit Event ID parameters Parameters community SNMP Community deviceport Device Port or Name ethport 1 2 host IP Address or Name internal modem nms SNMP NMS oid SNMP Trap OID outlet Outlet rpm RPM Id or Name threshold Load Percentage Current in Amps dioport inf1 inf2 relayf usbport U1 Description Edits event definitions admin events show Syntax admin events show Description Displays event definition...

Page 418: ...isable dialbacknumber Phone Number permissions Permission List Note See help user permissions for information on user rights Rename a group set groups rename Group Name newname New Group Name Delete a group set groups delete Group Name Show one or more groups show groups name Group Name members enable disable Description Configure custom group attributes Host List Commands set hostlist add edit Ho...

Page 419: ... Name protocol ssh telnet tcp port TCP Port escapeseq 1 10 Chars Description Adds a new host entry to a list or edit an existing entry set hostlist edit Host List Name move Syntax set hostlist edit Host List Name move Host Number position Host Number Description Moves a host entry to a new position in the host list set hostlist delete Syntax set hostlist delete Host List entry Host Number Descript...

Page 420: ...CHAP Host or User Name initscript Modem Init Script chapauth chaphost localusers nat enable disable dialbacknumber usernumber Phone Number checkdialtone disable 5 600 min dialbackdelay PPP Dialback Delay dialoutnumber Phone Number dialbackretries 1 10 dialoutlogin Remote User Login Set the modem password and CHAP secret any extra parameters will be ignored set intmodem dialoutpassword set intmodem...

Page 421: ...able usbport U1 state enable ruleset Ruleset Name internal modem state disable internal modem state enable ruleset Ruleset Name Description Maps an IP filter to an interface set ip filter rules Syntax set ipfilter rules parameters Parameters add Ruleset Name delete Ruleset Name edit Ruleset Name Edit Parameters Edit Parameters append insert Rule Number replace Rule Number delete Rule Number Descri...

Page 422: ...tokentrigger bytecnt charstr usblogging enable disable usbmaxfiles Max of Files usbmaxsize Size in Bytes usbport U1 SD INTSD sysloglogging enable disable Description Configures logging settings for one or more device ports Local logging must be enabled for a device port for the locallog commands to be executed To use the set locallog clear command the user must have permission to clear port buffer...

Page 423: ...r port buffers see Chapter 14 User Authentication set log clear modem Syntax set log clear modem Description Clear the modem log the modem log is automatically pruned when it reaches 50K set log modem ppplog Syntax set log modem ppplog enable disable Description Enables PPP activity messages in the modem log set log modem ppplog enable disable Syntax set log modem pppdebug Description Enables PPP ...

Page 424: ... bytes Bytes to Display startbyte Byte Index logfile NFS USB or SD card Log File Defaults bytes 1000 startbyte 1 numlines 40 Lists the NFS USB or SD card log files either for a specific device port or all log files in a USB NFS or SD card location show log files nfs usb sdcard intsd localdir NFS Mount Local Directory usbport U1 deviceport Device Port or name Network Commands set network Syntax set...

Page 425: ...isable Description Configures IPv4 IPv6 lookup precedence set network gateway Syntax set network gateway parameters Parameters default IP Address ipv6default IPv6 Address precedence dhcp default wlan failover IP Address pingip IP Address ethport 1 2 failoverport eth2 cell cell wlan intmodem pingdelay 1 250 seconds failedpings 1 250 faildevice none hspa sierra faildevapn Fail over Device APN of Mob...

Page 426: ...ord any extra parameters will be ignored set network gateway reboot set network gateway faildevpin set network gateway faildevpuk set network gateway faildevpassword Description Set default fail over gateways the fail over gateway is used if an IP address usually accessible through the default gateway fails to return 1 or more pings and configure settings for supported fail over devices set networ...

Page 427: ...bit full mtu Maximum Transmission Unit activeport rj45 sfp set network ipv6 enable disable Description Displays DNS settings show network dns Syntax show network dns Description Displays DNS settings show network gateway Syntax show network gateway Description Displays gateway settings show network host Syntax show network host Description Displays the network host name of the EMG show network por...

Page 428: ...ork sfp Syntax show network sfp Description Displays network port 1 and port 2 SFP diagnostics show network all Syntax show network all Description Displays all network settings NFS and SMB CIFS Commands set nfs mount Syntax set nfs mount one or more parameters Parameters locdir Directory mount enable disable remdir Remote NFS Directory rw enable disable Enables or disables read write access to re...

Page 429: ...Unmounts a remote NFS share set cifs Syntax set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup Description Configures the SMB CIFS share which contains the system and device port logs The admin config command saves EMG configurations on the SMB CIFS share set cifs password Syntax set cifs password Description Changes ...

Page 430: ...Commands show perfmon Syntax show perfmon Parameters show perfmon probe all Probe Id or Name Description Display global settings and all probes or a selected probe show perfmon status Syntax show perfmon status Parameters show perfmon status probe Probe Id or Name Description Display the running status of all probes or a selected probe show perfmon operations Syntax show perfmon operations ...

Page 431: ...il Address Description Display round trip times RTT for last completed operation set or selected set and optionally email the complete results show perfmon accumulated Syntax show perfmon accumulated Parameters show perfmon accumulated Probe Id or Name set Operation Set Number email Email Address Description Display accumulated statistics for last completed operation set or selected set and option...

Page 432: ...set perfmon udpechoresp Syntax set perfmon udpechoresp UDP Port Number disable Description Enable responders for UDP echo set perfmon tcpconnectresp Syntax set perfmon tcpconnectresp TCP Port Number disable Description Enable responders for TCP connect set perfmon add Syntax set perfmon add Probe Name type dns http icmp tcpconnect udpecho udpjitter udpjittervoip Parameters name Probe Name starttim...

Page 433: ...Syntax set perfmon edit Probe Id or Name parameters Parameters name Probe Name starttime now HH MM SS MMDD afterHH MM SS operations Number of Operations to Perform frequency Seconds between Operations packets Number of Packets to Send interval Milliseconds between Packets timeout Milliseconds to Wait for Response host Destination IP Address or Name port Destination Port precision milli micro datas...

Page 434: ... Commands set routing Syntax set routing parameters Parameters rip enable disable route 1 64 ipaddr IP Address mask Netmask gateway IP Address static enable disable version 1 2 both Description Configures static or dynamic routing To delete a static route set the IP address mask and gateway parameters to 0 0 0 0 show routing Syntax show routing resolveip enable disable email Email Address Descript...

Page 435: ...d RPM Id or Name outlet all Outlet or List state on off cyclepower Description Sends a command to control one or more outlets on an RPM Syntax set rpm command RPM Id or Name device reboot shutdown Description Sends a command to control an RPM device Syntax set rpm command RPM Id or Name beeper mute enable disable Description Sends a command to control an RPM beeper set rpm delete Syntax set rpm de...

Page 436: ...te Drivers running in debug mode will generate copious output and for disk space reasons should not be left running in debug mode for long periods of time set rpm edit Syntax set rpm edit RPM Id or Name one or more parameters Parameters name New RPM Name outlets of Outlets ipaddr IP Address port TCP or Device Port login RPM Admin Login rocommunity SNMP Read Only Community rwcommunity SNMP Read Wri...

Page 437: ...ript import Syntax set script import interface batch custom via ftp scp copypaste file Script File name Script Name host IP Address or Name login User Login path Path to Script File filetype expect tcl python Note Interface scripts will be given default do user rights Batch and Custom scripts will be given admin ad user rights The name of the script will be the same as the file name if it is a val...

Page 438: ...pt runcli Script Name parameters Command Line Parameters debug enable disable Description Run a CLI batch or custom script one time script output will be displayed in the current terminal custom script output will be saved in the repository connect script Syntax connect script Script Name deviceport Device Port or Name parameters Command Line Parameters debug enable disable Description Connect an ...

Page 439: ...pecified as hours 4H for 4 hours or days 2D for 2 days show script Syntax show script type interface batch custom name Script Name Description Display list of scripts or view the details and contents of a script show script status Syntax show script status script Script Name Description Display the running status of all custom scripts or a single custom script show script operations Syntax show sc...

Page 440: ...D Card set sdcard format filesystem ext2 fat16 fat32 ntfs Defaults filesystem ext2 Runs a filesystem check on a SD Card recommended if it does not mount set sdcard fsck Displays a directory listing of an internal or external SD Card set sdcard intsd dir subdir Directory Path Renames a file on a SD Card set sdcard rename Filename newfile New Filename Copies a file on a SD Card set sdcard copy Filen...

Page 441: ...le genlog off error warning info debug v1 enable disable syslogserver1 IP Address or Name v2c enable disable syslogserver2 IP Address or Name traps enable disable rpmlogsize 5 40 Kbytes trapversion 1 2 3 otherlogsize 5 400 Kbytes nms1 IP Address or Name telnet enable disable nms2 IP Address or Name timeouttelnet disable 1 30 minutes alarmdelay 1 6000 Seconds telnetdatadir netin netout both locatio...

Page 442: ...et SNMP v3 read only read write and trap password passphrase show services Syntax show services Description Displays current service settings Site Commands Configure a set of site oriented modem parameters that can be activated by various modem related events authentication outbound network traffic for DOD connections etc The site parameters will override any parameters configured for the modem To...

Page 443: ...psecret Site Name Deletes a site set site delete Site Name show site all names Site Name SLC Network Commands Displays all SLC SLB EMG and Spider units on the local network set slcnetwork Syntax set slcnetwork one or more parameters Parameters add IP Address delete IP Address search localsubnet ipaddrlist both Description Detects and displays all EMG or user defined IP addresses on the local netwo...

Page 444: ...sshkey delete one or more parameters Parameters keyhost SSH Key Host keyname SSH Key Name keyuser SSH Key User Description Deletes an ssh key Specify the keyuser and keyhost to delete an imported key specify the keyuser and keyname to delete exported key set sshkey export Syntax set sshkey export ftp sftp scp copypaste one or more parameters Parameters format openssh secsh host IP Address or Name ...

Page 445: ...st IP Address or Name login User Login Description Imports an SSH key set sshkey server import type Syntax set sshkey server import type rsa dsa via sftp scp pubfile Public Key File privfile Private Key File host IP Address or Name login User Login path Path to Key File Description Imports an EMG host key set sshkey server reset Syntax set sshkey server reset type all rsa dsa Description Resets de...

Page 446: ...y User viewkey enable disable Description Displays all keys that have been imported or keys for a specific user IP address or name show sshkey server Syntax show sshkey server type all rsa dsa Description Displays host keys public key only Status Commands show connections Syntax show connections email Email Address Description Displays a list of current connections Optionally emails the displayed ...

Page 447: ...Device Port List or Name email Email Address Description Generates a device port statistics report for one or more ports Optionally emails the displayed information show portstatus Syntax show portstatus deviceport Device Port List or Name email Email Address Description Displays device port modes and states for one or more ports Optionally emails the displayed information show sysconfig Syntax sh...

Page 448: ...log diaglog genlog display head tail numlines Number of Lines starttime MMDDYYhhmm ss endtime MMDDYYhhmm ss Description Displays the system logs containing information and error messages Note The level display and time parameters cannot be used simultaneously show syslog clear Syntax show syslog clear all netlog servlog authlog devlog diaglog genlog Description Clears one or all of the system logs...

Page 449: ...il Address Defaults treedisplay enable Description Displays information about USB buses and the devices connected to them including the mapping between a USB device and the EMG port Note For mapdevice enable the port names will displayed at the end of the line in square brackets To see a list of USB devices with vendor id and product id use treedisplay disable USB Storage Commands set usb storage ...

Page 450: ... flash drive set usb storage mount Syntax set usb storage mount U1 Description Mounts a USB flash drive in the EMG for use as a storage device The USB flash drive must be formatted with an ext2 or FAT file system before you mount it set usb storage unmount Syntax set usb storage unmount U1 Description Unmounts a USB flash drive Enter this command before removing the USB device set usb storage rena...

Page 451: ...n Removes a file on a thumb drive Syntax set usb storage delete U1 file Current Filename show usb storage Description Display product information and settings for any USB thumb drive Syntax show usb storage show usb Description Display currently attached USB devices with product information and settings Syntax show usb show usb modem Description Display product information and settings for any USB...

Page 452: ...ialoutlogin Remote User Login dialoutnumber Phone Number dodauth pap chap dodchaphost CHAP Host or User Name flowcontrol none xon xoff rts cts group Local or Remote Group Name initscript Modem Init Script localipaddr negotiate IP Address modemmode text ppp modemstate disable dialin dialout dialback cbcpserver cbcpclient dialondemand dialin ondemand dialback ondemand dialinhostlist modemtimeout dis...

Page 453: ...nformation and settings for any USB modem Syntax show usb modem VPN Commands set vpn Syntax set vpn parameters Description Configures setting for an IPsec VPN tunnel Parameters Parameters tunnel enable disable name VPN Tunnel Name auth rsa psk x509 remotehost Remote Host IP Address or Name remoteid Authentication Name remotehop IP Address remotesubnet one or more subnets in CIDR notation remotesou...

Page 454: ...a parameters will be ignored set vpn xauthpassword Configure X 509 certificate for remote peer or local peer set vpn certificate local via sftp scp rootfile Cert Authority File certfile Certificate File keyfile Private Key File host IP Address or Name login User Login path Path to Files set vpn certificate remote via sftp scp rootfile Cert Authority File certfile Certificate File host IP Address o...

Page 455: ...e uploaded conf file set vpn confaction delete Display all VPN settings and current status show vpn email Email Address Display detailed VPN status show vpn status email Email Address Display VPN logs show vpn viewlog numlines Number of Lines email Email Address Display X 509 certificate for local peer EMG and remote peer show vpn certificate Display RSA public key of the local peer EMG and remote...

Page 456: ...eap fast leap wpa802username User Name wpa802ttlsauth eap mschapv2 mschapv2 mschap chap pap eap md5 wpa802peapauth eap mschapv2 eap md5 eap tls wpa802fastauth mschapv2 md5 gtc wpa802fastprovision unauth auth both wpa802validatecert enable disable Configure certificate files for a WPA WPA2 802 1X profile set wlan profile edit Profile Name certificate import via sftp scp host IP Address or Name logi...

Page 457: ...JP Japan KCC Korea ETSI Europe without EN 300 440 support EN440 Europe with EN 300 440 support AU Australia and WW World Mode set wlan radio region ww fcc ic etsi en440 kcc jp cn au Warning Each time the region is changed it is programmed into the radio which can be done a maximum of 10 times use care when changing the region show wlan email Email Address show wlan accesspoint display clients deta...

Page 458: ...ancel Note The calibration offset will be applied one hour after setting the value Description Displays the acceptable range and the current reading from the internal temperature sensor show temperature Syntax show temperature Description Shows the temperature Xmodem Commands set xmodem repo Syntax set xmodem repo import Xmodem File via ftp sftp scp host IP Address or Name login User Login path Pa...

Page 459: ...modem xfer binary ascii set xmodem receive Device Port or Name file Xmodem File protocol xmodem ymodem zmodem xfer binary ascii overwrite enable disable Description Send or receive files with Xmodem Ymodem or Zmodem by default receive will not overwrite a file in the repository with the same name show xmodem Syntax show xmodem Description Shows the Xmodem repository files ...

Page 460: ...make about the facility and network infrastructure for example how vulnerable the CAT 5 wiring is to tapping Factors Affecting Security External factors affect the security provided by the EMG unit for example Telnet sends the login exchange as clear text across Ethernet A person snooping on a subnet may read your password A terminal to the EMG may be secure but the path from the EMG to the end de...

Page 461: ...ower source should be unplugged first Always connect the power cord to a properly wired and grounded power source Do not use adapter plugs or remove the grounding prong from the cord When disconnecting the power cable from the socket pull on the plug not the cord Only use a power cord with a voltage and current rating greater than the voltage and current rating marked on the EMG unit The EMG unit ...

Page 462: ...of the equipment is not compromised Mount the equipment in the rack so that a hazardous condition is not achieved due to uneven mechanical loading Maintain reliable earthing of rack mounted equipment Give particular attention to supply connections other than direct connections to the branch circuit e g use of power strips Before operating the EMG make sure the EMG unit is secured to the rack Wall ...

Page 463: ...rts to equipment with serial ports that support EIA 232 formerly RS 232C Only connect the console port to equipment with serial ports that support EIA 232 formerly RS 232C Only connect a telephone line to the MODEM port Caution To reduce the risk of fire use only number 26 AWG or larger e g 24 AWG UL listed or CSA certified telecommunication line cord ...

Page 464: ... many devices These adapters convert the RJ45 connection on the EMG unit to a 9 pin or 25 pin serial connector found on other manufacturers serial devices or re route the serial signals for connections to other devices that use RJ45 serial connectors The console port is wired the same way as the device ports and has the same signal options Note You can view or change the console port settings usin...

Page 465: ...pters and Pinouts EMG Edge Management Gateway User Guide 465 Figure C 2 RJ45 Receptacle to DB25F DCE Adapter for the EMG Unit PN 200 2067A Figure C 3 RJ45 Receptacle to DB9M DCE Adapter for the EMG Unit PN 200 2069A ...

Page 466: ...ts EMG Edge Management Gateway User Guide 466 Figure C 4 RJ45 Receptacle to DB9F DCE Adapter for the EMG Unit PN 200 2070A Use PN 200 2070A adapter with a PC s serial port Figure C 5 RJ45 Receptacle to DB25M DTE Adapter PN 200 2073 ...

Page 467: ...infrastructure PKI to set up authentication with a RADIUS server This method requires the use of a client side certificate for communicating with the server EAP TTLS EAP Tunneled Transport Layer Security An authentication protocol that uses TTLS and server side certificates to set up authentication between the console manager and a RADIUS server The actual authentication is however performed using...

Page 468: ...standard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic This enables a company to shield internal addresses from the public Internet NFS Network File System A protocol that allows file sharing across a network Users can view store and update files on a remote computer You can use NFS to mount all or a portion of a file syst...

Page 469: ...transfer protocol that is similar to SFTP in that it uses SSH encryption and authentication but is slightly faster SFTP SSH File Transfer Protocol Secure file transfer protocol over SSH Commands and data in transit are encrypted SMB CIFS Server Message Block Common Internet File System Microsoft s protocol for allowing all applications as well as Web browsers to share files across the Internet CIF...

Page 470: ...whether the user has access to the network Telnet A terminal protocol that provides an easy to use method of creating terminal connections to a network host TFTP Trivial File Transfer Protocol Simpler version of FTP that doesn t require any type of authentication Xmodem A file transfer protocol that allows file transfer between two computers across the serial port Subsequent modified versions of t...

Page 471: ...pecification USA FCC 47 CFR part 15 Subpart B FCC 47 CFR part 15 Subpart 22H 22E 27 90S FCC 47 CFR Part 15 Subpart E Canada ISED RSS 130 Issue 2 RSS 132 Issue 3 RSS 133 Issue 6 RSS 139 Issue 3 RSS195 Issue 2 RSS 199 RSS 247 Issue 2 RSS GEN Issue 5 EU See Figure E 3 and Figure E 4 EU Declaration of Conformity Australia New Zealand AS NZS CISPR 32 2015 Safety UL EN 60950 1 UL EN 62368 1 CAN CSA C22 ...

Page 472: ...nt from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This transmitter must not be co located or operating in conjunction with any other antenna or transmitter Operations are res...

Page 473: ...tilisé avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps This device is intended only for use under the following conditions 1 The antenna must be installed such that 20 cm is maintained between the antenna and users and 2 The transmitter module may not be co located with any other transmitter or antenna Cet appareil est conçu uniquement pour les intégrateurs OEM d...

Page 474: ...EMG Edge Management Gateway User Guide 474 Figure E 3 EU Declaration of Conformity ...

Page 475: ...EMG Edge Management Gateway User Guide 475 Figure E 4 EU Declaration of Conformity continued ...

Page 476: ...používání Toto zařízení je omezeno pouze na použití uvnitř Nesmí být provozován venku da Dansk Danish Undertegnede Lantronix Inc erklærer herved at følgende udstyr EMG 8500 overholder de væsentlige krav og øvrige relevante krav i direktiv 2014 53 EU Den fulde tekst til EU overensstemmelseserklæringen er tilgængelig på følgende internetadresse https www lantronix com products lantronix emg tab docs...

Page 477: ...door use only It may not be operated outdoors es Español Spanish Por medio de la presente Lantronix Inc declara que el EMG 8500 module cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 2014 53 EU El texto completo de la declaración de conformidad de la UE está disponible en la siguiente dirección de Internet https www lantronix com produ...

Page 478: ...conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 2014 53 EU Il testo completo della dichiarazione di conformità UE è disponibile al seguente indirizzo Internet https www lantronix com products lantronix emg tab docs downloads Avviso di restrizioni d uso dell UE questo dispositivo è limitato esclusivamente all uso in interni Potrebbe non essere utiliz...

Page 479: ...b docs downloads Avviż tal UE dwar Restrizzjonijiet fuq l Użu Dan l apparat huwa limitat għal użu ġewwa biss Ma jistax jitħaddem barra hu Magyar Hungarian Alulírott Lantronix Inc nyilatkozom hogy a EMG 8500 megfelel a vonatkozó alapvetõ követelményeknek és az 2014 53 EU irányelv egyéb elõírásainak Az EU megfelelőségi nyilatkozat teljes szövege a következő internetes címen érhető el https www lantr...

Page 480: ...le esențiale și alte dispoziții relevante din Directiva 2014 53 UE Textul complet al declarației de conformitate a UE este disponibil la următoarea adresă de internet https www lantronix com products lantronix emg tab docs downloads Notificarea UE privind restricțiile de utilizare Acest dispozitiv este limitat numai la uz interior Este posibil să nu funcționeze în aer liber Serbian Овиме Лантроник...

Page 481: ...le spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 2014 53 EU Úplné znenie EÚ vyhlásenia o zhode je k dispozícii na tejto internetovej adrese https www lantronix com products lantronix emg tab docs downloads Oznámenie EÚ o obmedzeniach pri používaní Toto zariadenie je obmedzené iba na použitie v interiéri Nesmie sa používať vonku fi Suomi Finnish Lantronix Inc vakuuttaa täten ett...

Page 482: ...r LTE 1 1920 1980 Mhz 23 dBm 1 dB LTE 2 1850 1920 Mhz 23 dBm 1 dB LTE 3 1710 1785 Mhz 23 dBm 1 dB LTE 4 1710 1755 Mhz 23 dBm 1 dB LTE 5 824 849 Mhz 23 dBm 1 dB LTE 8 880 915 Mhz 23 dBm 1 dB LTE 12 699 716 Mhz 23 dBm 1 dB LTE 13 777 787 Mhz 23 dBm 1 dB LTE 20 832 862 Mhz 23 dBm 1 dB LTE 25 1850 1915 Mhz 23 dBm 1 dB LTE 26 814 849 Mhz 23 dBm 1 dB LTE 7 2500 2570 Mhz 22 dBm 1 dB LTE 41 2496 2690 Mhz ...

Search results

Summary of Contents for EMG 7500

Reviews:

Related manuals for EMG 7500

Brands by name

Popular brands

Lantronix EMG 7500, User Manual

Search results

Summary of Contents for EMG 7500

Reviews:

Related manuals for EMG 7500

Brands by name

Popular brands