Lantronix EMG 8500 User Manual Download

Page: 91 / 416

6: Networking

EMG™ Edge Management Gateway User Guide

Authentication

The type of authentication used by the host on each side of the VPN tunnel

to verify the identity of the other host.



For

RSA Public Key

, each host generates a RSA public-private key pair,

and shares its public key with the remote host. The RSA Public Key for

the EMG (which has 4096 bits) can be viewed at either the web or CLI.



For

Pre-Shared Key

, each host enters the same passphrase to be used

for authentication.



For

X.509 Certificate

, each host is configured with a Certificate Authority

certificate along with a X.509 certificate with a corresponding private key,

and shares the X.509 certificate with the remote host.

Before using RSA Public Key authentication, select

Generate EMG RSA

Key

to generate the EMG’s RSA public/private key pair. This RSA key can

be regenerated at any time.

Note:

strongSwan does not support IKEv1 aggressive mode with Pre-

Shared Key authorization without XAUTH enabled. If a tunnel is initiated

with this configuration the log message

Aggressive Mode PSK

disabled for security reasons

will be displayed, and a tunnel

will not be initiated. It is possible to override this behavior, but it is not

recommended.

RSA Public Key for

Remote Peer

RSA Public Key

is selected for authentication, the remote peer's public

key can be uploaded or deleted. If a public key has been uploaded this field

will display key installed. The peer RSA public key must be in Privacy

Enhanced Mail (PEM) format, e.g.:

-----BEGIN PUBLIC KEY-----
(certificate in base64 encoding)
-----END PUBLIC KEY-----

Pre-Shared Key

is selected for authentication, enter the key.

Retype Pre-Shared Key

Pre-Shared Key

is selected for authentication, re-enter the key.

Certificate Authority for

Remote Peer

A certificate can be uploaded to the EMG unit for peer authentication. The

certificate for the remote peer is used to authenticate the EMG to the remote

peer, and at a minimum contains the public certificate file of the remote

peer. The certificate may also contain a Certificate Authority file; if the

Certificate Authority file is omitted, the EMG may display "issuer cacert not

found" and "X.509 certificate rejected" messages, but still authenticate. The

Certificate Authority file and public certificate File must be in PEM format,

e.g.:

-----BEGIN CERTIFICATE-----
(certificate in base64 encoding)
-----END CERTIFICATE-----

Certificate File for Remote

Peer

Summary of Contents for EMG 8500

Page 1: ...Part Number PMD 00008 Revision A October 2019 EMG Edge Management Gateway User Guide EMG 8500 ...

Page 2: ...current list of our domestic and international sales offices go to the Lantronix web site at https www lantronix com about us contact Open Source Software Some applications are Open Source software licensed under the Berkeley Software Distribution BSD license the GNU General Public License GPL as published by the Free Software Foundation FSF or the Python Software Foundation PFS License Agreement ...

Page 3: ...pense will be required to take whatever measures may be required to correct the interference Note This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates...

Page 4: ...EMG Edge Management Gateway User Guide 4 Revision History Date Rev Comments October 2019 A Initial release for EMG 8500 ...

Page 5: ..._______22 Performance Monitoring _________________________________________________23 Security ______________________________________________________________23 Power _______________________________________________________________23 Integration with Lantronix ConsoleFlow ___________________________________23 Applications ______________________________________________________________23 Protocol Suppo...

Page 6: ...________________50 IP Address _______________________________________________________________50 Lantronix Provisioning Manager ______________________________________________51 Method 1 Quick Setup on the Web Page ______________________________________51 Network Settings ______________________________________________________53 Date Time Settings ___________________________________________________54...

Page 7: ...ands ______________________________________________78 IP Filter _________________________________________________________________79 Viewing IP Filters ______________________________________________________79 Mapping Rulesets ______________________________________________________79 Enabling IP Filters _____________________________________________________80 Configuring IP Filters ___________________...

Page 8: ...S and SMB CIFS ______________________________________________________122 SMB CIFS Share _____________________________________________________124 NFS and SMB CIFS Commands _________________________________________124 Secure Lantronix Network __________________________________________________125 Browser Issues _______________________________________________________127 Troubleshooting Browser Issues ...

Page 9: ...mmands ____________________________________________________168 Interacting with a Device Port _______________________________________________168 Device Ports Logging and Events ___________________________________________169 Local Logging ________________________________________________________169 NFS File Logging _____________________________________________________169 USB and SD Card Logging ____...

Page 10: ..._________________________202 RPM Shutdown Procedure _________________________________________________202 Optimizing and Troubleshooting RPM Behavior _________________________________204 RPM Commands _____________________________________________________205 11 Scripts 206 Script Commands _____________________________________________________211 Batch Script Syntax ____________________________________...

Page 11: ...____________267 TACACS Commands _________________________________________________270 Groups ________________________________________________________________271 Group Commands ____________________________________________________274 SSH Keys ______________________________________________________________274 Imported Keys _______________________________________________________274 Exported Keys _______...

Page 12: ...net SSH to a Remote Device _____________________________________________308 Dial in Text Mode to a Remote Device _______________________________________309 Local Serial Connection to Network Device via Telnet ____________________________311 16 Command Reference 313 Introduction to Commands _________________________________________________313 Command ________________________________________________...

Page 13: ...___________________________________________382 Script Commands ________________________________________________________384 SD Card Commands ______________________________________________________387 Security Commands ______________________________________________________388 Services Commands ______________________________________________________388 Site Commands ____________________________________...

Page 14: ...ing ___________________________________________________________407 Rack Mounting _______________________________________________________407 Wall Mounting ________________________________________________________407 Port Connections _____________________________________________________408 Appendix C Adapters and Pinouts 409 Appendix D Protocol Glossary 412 Appendix E Compliance Information 415 RoHS ...

Page 15: ...__52 Figure 4 3 Quick Setup Completed in Web Manager _____________________________________54 Figure 4 4 Home _________________________________________________________________55 Figure 4 5 Beginning of Quick Setup Script ____________________________________________55 Figure 4 6 Quick Setup Completed in CLI _____________________________________________57 Figure 5 1 Web Page Layout __________________...

Page 16: ...________________________________147 Figure 9 2 Devices Device Status _________________________________________________150 Figure 9 3 Devices Device Ports __________________________________________________151 Figure 9 4 Device Ports Settings 1 of 2 ____________________________________________154 Figure 9 5 Device Ports Settings 2 of 2 ____________________________________________155 Figure 9 7 Devic...

Page 17: ...s___________________________________________264 Figure 13 9 User Authentication TACACS __________________________________________268 Figure 13 10 User Authentication Groups ___________________________________________272 Figure 13 11 User Authentication SSH Keys_________________________________________275 Figure 13 12 Current Host Keys ____________________________________________________278 Figure ...

Page 18: ...Telnet _________________________311 Figure C 1 RJ45 Receptacle to DB25M DCE Adapter for the EMG Unit PN 200 2066A ________409 Figure C 2 RJ45 Receptacle to DB25F DCE Adapter for the EMG Unit PN 200 2067A ________410 Figure C 3 RJ45 Receptacle to DB9M DCE Adapter for the EMG Unit PN 200 2069A _________410 Figure C 4 RJ45 Receptacle to DB9F DCE Adapter for the EMG Unit PN 200 2070A _________411 Figu...

Page 19: ... Table 4 1 Methods of Assigning an IP Address _________________________________________50 Table 5 3 SCS Commands ________________________________________________________64 Table 5 4 CLI Keyboard Shortcuts ___________________________________________________65 Table 6 13 Error Conditions Detected by Probes ______________________________________111 Table 9 1 Supported I O Module Configurations ______...

Page 20: ...ired settings Chapter 5 Web and Command Line Interfaces Describes the web and command line interfaces available for configuring the EMG The configuration chapters 6 15 provide detailed instructions for using the web interface and include equivalent command line interface commands Chapter 6 Networking Provides instructions for configuring network ports firewall and routing settings and VPN Chapter ...

Page 21: ...d describes all of the commands available on the EMG command line interface Appendix A Security Considerations Provides tips for enhancing EMG security Appendix B Safety Information Lists safety precautions for using the EMG Appendix C Adapters and Pinouts Includes adapter and pinout diagrams Appendix D Protocol Glossary Lists the protocols supported by the EMG unit with brief descriptions Appendi...

Page 22: ...0 Overview The EMG 8500 is a modular edge management gateway that offers serial RJ45 and USB console connectivity with user swappable I O modules and connectivity modules The EMG unit can accommodate up to two user swappable I O modules 4 port serial RJ45 and or 4 port serial USB For connectivity the EMG provides dual Ethernet or dual small form factor pluggable SFP network ports and up to two use...

Page 23: ...nalyze network performance Security Enterprise grade security and secure user access control with local or remote authentication Power An external Universal AC 90W 100 240V 50 60 Hz power supply provides power to the unit DC power port The DC power port supports 9 to 30Vdc Convection cooled silent operation low power consumption Integration with Lantronix ConsoleFlow Compatible with Lantronix Cons...

Page 24: ...ess For brief descriptions of these protocols see Appendix D Protocol Glossary on page 412 Configuration Methods After installation the EMG requires configuration For the unit to operate correctly on a network it must have a unique IP address on the network This IP address references the specific unit For details on how to configure the unit with basic network settings see Chapter 4 Quick Setup Th...

Page 25: ...ar Code Product Part Number Product Revision Manufacturing Date Code Country of Manufacturing Origin Hardware Address MAC address or serial number Device ID used to connect to ConsoleFlow central management software Figure 2 2 EMG 8500 Product Label Product Part Number Product Revision Country of Manufacturing Origin Serial Number Device ID ConsoleFlow Manufacturing Date Code Bar Code ...

Page 26: ...n a network environment and where different can be converted using Lantronix adapters The RJ45 ports have software reversible pinouts to switch between digital terminal equipment DTE and digital communications equipment DCE applications See Appendix C Adapters and Pinouts on page 409 for more information on serial adapters and pin outs Up to two 4 port USB I O modules can be installed to provide a...

Page 27: ... port I F card Ethernet ports are referred to as Eth1 and Eth2 in the user interface and this user guide Network Interface Dual 1 Gigabit capable SFP port I F card to support single or multi mode fiber optic SFP transceiver modules SFP transceiver modules are referred to as SFP1 and SFP2 in the user interface and this user guide Note EMG will recognize two network connections Either Eth1 or SFP1 i...

Page 28: ...thentication methods such as Radius TACACS NIS and LDAP Groups are supported in LDAP RADIUS using VSA and TACACS using priv_lvl Device Port Buffer The EMG unit supports real time data logging for each device port The port can save the data log to a file send an email notification of an issue or take no action You can define the path for logged data on a port by port basis configure file size and n...

Page 29: ...l console ports See Figure 2 7 and Table 2 8 The RJ45 ports have software reversible pinouts to switch between DTE and DCE applications Note RJ45 to DB9 DB25 adapters are available from Lantronix For serial pinout information see the Appendix C Adapters and Pinouts on page 409 Additional device port features RAW TCP Telnet or SSH to a serial port by IP address per port or by IP address and TCP por...

Page 30: ... containing one 4 port USB I O module in Bay 1 and one 4 port RJ45 I O module in Bay 2 for a total of 8 device ports Note When installing the I O modules they can be populated or swapped in any order One but not both of the slots can be empty The I O modules must only be installed on the front of the unit never in the connectivity slots on the back Figure 2 7 I O Modules Bay 1 Bay 2 Table 2 8 Devi...

Page 31: ...transceivers Fiber optic 1 Gigabit SFP transceiver modules may be used See Figure 2 10 Note EMG will recognize two network connections Either Eth1 or SFP1 is active but not both Either Eth2 or SFP2 is active but not both One possible use for the two Ethernet ports is to have one port on a private secure network and the other on a public unsecured network The EMG can also be equipped with a factory...

Page 32: ...cellular modem may be installed in either connectivity slot The LTE cellular modem may be configured to function as the failover interface with Eth1 as the primary link The LTE cellular modem module supports one main antenna one AUX antenna and one GPS antenna for geolocation The geolocation function is not active in the current release The LTE cellular modem module supports one external SIM card ...

Page 33: ...ch is available and sold separately Figure 2 13 shows the DIO adapter installed on the EMG 8500 with the DIO port pin order and pin definition Indicator LED 1 Ethernet port LED 2 Connectivity Solid Green At least one of the Ethernet ports has a link or both Ethernet ports are disabled Indicates one of the following conditions There are no connectivity modules installed An LTE modem module is insta...

Page 34: ...rt The DIO connector description is provided below Connector Description Relay Output Output supports 1A 24V Inputs Inputs accept voltage 0 to 30 VDC ON Max 30 VDC Min 2 VDC OFF Max 0 7 VDC Min 0 VDC Pin Number Pin Definition 1 Relay Out 2 Relay In 3 Input1 4 Input1 5 Input2 6 Input2 ...

Page 35: ...ice modules are available and sold separately Table 3 2 EMG 8500 Device Modules Additional parts and accessories are available and sold separately For details and purchasing information refer to the next section Order Information External DIO adapter Wall mount kit Rail mount kit Name One EMG8500 EDGE MANAGEMENT GATEWAY RJ45 to DB9F Adapter RJ45 to RJ45 Cat5 Cable 6 6 ft 2m straight through RJ45 p...

Page 36: ...ports use a cable with a USB Type A connector For information about Lantronix adapters see Appendix C Adapters and Pinouts An available connection to your Ethernet network and an Ethernet cable CAT5E or better cables are recommended for 1000 Base Ethernet A working AC power outlet to power the unit using the included AC 90W 100 240V 50 60 Hz power supply If the LTE cellular modem is installed a ne...

Page 37: ... serial adapter to connect a serial device if needed Please contact Lantronix for the list of tested adapters Caution USB ports are designed for data traffic only They are not designed for charging or powering devices Over current conditions on VBUS 5V may disrupt operations Serial Interface Console 1 RJ45 type 8 pin connector DTE Speed software selectable 300 to 921600 baud LEDs Green light ON in...

Page 38: ...ernal AC 90W 100 240V 50 60 Hz power supply shipped with unit Dimensions L x W x H 212 6mm 8 37 x 167 68mm 6 60 x 43 21mm 1 70 1U Weight 1 406 kg 3 10 lbs Temperature Operating 0 to 50 C 32 to 122 F Storage 20 to 80 C 4 to 176 F Heat flow rate TBD BTU per hour Relative Humidity Operating 10 to 90 non condensing Storage 10 to 90 non condensing Front USB Port 1 port type A host USB 2 0 HS FS LS Fron...

Page 39: ...o provide adequate airflow through the EMG unit 4 Connect the serial device s to the EMG unit s device ports See Connecting to a Device Port on page 41 5 Choose one of the following options To configure the EMG using the network or to monitor serial devices on the network connect at least one EMG network port to a network See Connecting to Network Ports on page 44 To configure the EMG unit using a...

Page 40: ... 25 inches 32 mm 3 Insert the anchors until they are flush with the surface 4 Thread four pan head top mount screws through the unit mount hole and through the anchor and tighten them 2 Keyhole mount 1 Locate the place where you want to mount the unit and mark two holes using your EMG mount as a guide for the screws See Figure 3 5 for the location of the screw holes 2 Drill two 3 16 inch 4 8 mm di...

Page 41: ...unit mount hole and reserve 0 08 to 0 12 2 3 mm clearance to the wall surface 4 Hang the EMG unit where both keyholes of wall mounts can go through the screw heads on the wall Figure 3 5 Wall Mount Dimensions Connecting to a Device Port You can connect almost any device that has a serial console port to a device port on the EMG unit for remote administration The console port must support the RS 23...

Page 42: ...led Default To connect to a USB device port 1 Connect the USB type A connector of a USB cable to a device port 2 Connect the other end of the USB cable to a USB console port Figure 3 8 shows a sample I O module installation with one 4 port RJ45 I O module and one 4 port USB I O module and how the device ports correspond to the buttons on the Web Manager Dashboard Pin Number Description 1 RTS outpu...

Page 43: ...rom left to right Bay 1 is the slot next to the console port and USB port and Bay 2 is the slot to the right of Bay 1 See Figure 3 8 Any changes to the I O modules must be done while the EMG unit is powered off Table 3 9 shows the available I O module configurations To install an I O module refer to I O Module Installation on page 47 Warning The I O module slots on the front of the EMG unit may on...

Page 44: ...g connectivity modules in the Connectivity module bays Bay 1 and Bay 2 may be populated in any order and one or both bays may be left empty The bays are ordered from left to right Bay 1 is the slot on the left side of the back panel and Bay 2 is the slot to the right of Bay 1 See Figure 3 10 Any changes to the connectivity modules must be done while the EMG unit is powered off Figure 3 10 shows a ...

Page 45: ... console port is configured as DTE non reversed RJ45 See Appendix C Adapters and Pinouts for more information To connect a terminal 1 Attach the Lantronix adapter to your terminal typically a PN 200 2066A adapter see Figure C 1 or your PC s serial port use PN 200 adapter see Figure C 4 2 Connect the Cat 5 cable to the adapter and connect the other end to the EMG console port 3 Turn on the terminal...

Page 46: ...l 100 to 200VAC 50 60Hz to 12V DC power supply brick for supplying power to the DC input jack See Package Contents on page 35 Warning Risk of serious electric shock Disconnect the power cord before servicing the EMG Figure 3 11 Power Input Pin assignments Pin 1 Input voltage 9 30 VDC Pin 2 Power supply fault power fail active low Pin 3 Ground Pin 4 Earth Ground ...

Page 47: ...t and from the wall outlet The EMG must be powered off when installing or replacing the modules 2 On the front of the EMG unit locate the module bay where the module will be inserted 3 Unscrew the existing module or faceplate from the module bay with your fingers and carefully remove it from the module bay 4 Insert the module into the module bay making sure the module sits completely and securely ...

Page 48: ...all the connectivity module 1 Disconnect the power cord from the EMG unit and from the wall outlet The EMG must be powered off when installing or replacing the modules 2 On the back of the EMG unit locate the module bay where the module will be inserted 3 Unscrew the existing module or faceplate from the module bay with your fingers and carefully remove it from the module bay 4 Insert the module i...

Page 49: ...tion EMG Edge Management Gateway User Guide 49 8 To verify the new module is recognized connect power to the EMG wait for it to boot and log into the web manager The new module will be displayed in the Dashboard ...

Page 50: ...p IP Address Your EMG must have a unique IP address on your network The system administrator generally provides the IP address and corresponding subnet mask and gateway The IP address must be within a valid range and unique to your network If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the EMG over the network The following ...

Page 51: ...eed to proceed through an initial setup 3 Locate the EMG in the device list The device s firmware version serial number IP address and MAC address will be shown Additional information can be obtained by clicking the three dot menu and clicking Get Device Info 4 In order to perform operations on the EMG such as upgrading the firmware updating the configuration or uploading to the file system click ...

Page 52: ...cept default Quick Setup settings checkbox on the top portion of the page and click the Apply button at the bottom of the page Otherwise continue with step 5 Note Once you click the Apply button on the Quick Setup page you can continue using the web interface to configure the EMG further 5 Enter the following settings ...

Page 53: ...eading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for the last segment octet Note Currently the EMG does not support configurations with the same IP subnet on multiple interfaces Ethernet or PPP Subnet Mask If specifying an IP address enter the subnet mask for the network on which the EMG unit resides There is no default ...

Page 54: ...it s location Date From the drop down lists select the current month day and year Time From the drop down lists select the current hour and minute Time Zone From the drop down list select the appropriate time zone Administrator Setting Description Sysadmin Password To change the password e g from the default enter a Sysadmin Password of up to 64 characters Note As a security measure we recommend t...

Page 55: ...g on page 115 To complete the command line interface Quick Setup script 1 Do one of the following With a serial terminal connection power up and when the command line displays press Enter With a network connection use an SSH client or Telnet program if Telnet has been enabled to connect to xx xx xx xx the IP address in dot quad notation and press Enter You should be at the login prompt 2 Enter sys...

Page 56: ...IP address is 172 19 201 28 do not enter 028 for the last octet Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported Subnet Mask The subnet mask specifies the network segment on which the EMG resides There is no default If you selected DHCP or BOOTP this prompt does not display Default Gateway IP address of the router for this network There...

Page 57: ...ter gateway IP Address none ____Hostname____________________________________________________________ The current hostname is emgfcf0 and the current domain is undefined The hostname will be shown in the CLI prompt Specify a hostname emgfcf0 Specify a domain undefined ____Time Zone___________________________________________________________ The current time zone is GMT Enter time zone GMT ____Date T...

Page 58: ...imited to only the front console port of the EMG device These steps will prevent any local users from logging in restrict the default sysadmin local user to the front console port and allow a user with administrative rights to login as long as remote authentication is working To configure limited sysadmin user access 1 Enable the Sysadmin access limited to Console Port option on the Local Remote U...

Page 59: ...nfigure and manage the EMG using most web browsers Firefox Chrome Safari or Internet Explorer web applications with the latest browser updates The EMG unit provides a secure encrypted web interface over SSL secure sockets layer Note The web server listens for requests on the unencrypted HTTP port port 80 and redirects all requests to the encrypted HTTPS port port 443 The following figure shows a t...

Page 60: ...WebSSH option displays the WebSSH window for the device port if Web SSH is enabled and if SSH is enabled for the device port Select a port and the Connected Device option allows access to supported devices such as remote power managers RPMs and or SensorSoft temperature and humidity probes connected to the device port Cellular connectivity settings for the LTE cellular module if installed See Chap...

Page 61: ...than one user at a time can log in but the same user cannot log in more than once To log in to the Web Manager 1 Open a web browser 2 In the URL field type https followed by the IP address of your EMG 3 To configure the EMG unit use sysadmin as the user name and PASS as the password These are the default values Note The system administrator may have changed the password using one of the Quick Setu...

Page 62: ... displays press Enter If the EMG already has an IP address assigned previously or assigned by DHCP Telnet if Telnet has been enabled or SSH to xx xx xx xx the IP address in dot quad notation and press Enter The login prompt displays 2 To log in as the system administrator for setup and configuration enter sysadmin as the user name and press Enter 3 Enter PASS as the password and press Enter The fi...

Page 63: ...s Should you make a mistake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port Use the left and right arrow keys to move within a command Use the up and down arrows to scroll through previously entered commands If desired ...

Page 64: ...d set cli terminallines disable Number of lines Sets the number of lines in the terminal emulation screen for paging through text one screenful at a time if the EMG unit cannot detect the size of the terminal automatically To show current CLI settings show cli To view the last 100 commands entered in the session show history To clear the command history set history clear To view the rights of the ...

Page 65: ...Table 5 4 CLI Keyboard Shortcuts Keyboard Shortcut Description Control a Move to the start of the line Control e Move to the end of the line Control b Move back to the start of the current word Control f Move forward to the end of the next word Control u Erase from cursor to the beginning of the line Control k Erase from cursor to the end of the line ...

Page 66: ...thin a valid range and unique to your network If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the EMG over the network To configure the unit you need the following information Eth1 IP address ________ ________ ________ ________ Subnet mask ________ ________ ________ ________ Eth2 IP address optional ________ ________ ________...

Page 67: ... link is established Yellow Light Blinking indicates link activity A variety of SFP modules as one of the user selectable active ports on the EMG In the web UI port banner bar these are represented as and in a variety of colors Single mode 1000 BASE LX optical SFPs Multi mode 1000 BASE SX optical SFPs RJ45 1000 BASE T SFPs F1 A port with no SFP module is shown in white A port with an unknown SFP m...

Page 68: ...ports 1 Click the Network tab and select the Network Settings option The Network Network Settings 1 of 2 and Network Network Settings 2 of 2 displays Figure 6 1 Network Network Settings 1 of 2 The SFP NIC Info Diagnostics link brings you to the Network Settings SFP NIC Information Diagnostics page ...

Page 69: ...6 Networking EMG Edge Management Gateway User Guide 69 Figure 6 2 Network Network Settings 2 of 2 ...

Page 70: ...ateway Obtain from BOOTP Lets a network node request configuration information from a BOOTP server node If you select this option skip to Gateway Specify Lets you manually assign a static IP address generally provided by the system administrator IP Address if specifying Enter an IP address that will be unique and valid on your network There is no default Enter all IP addresses in dot quad notation...

Page 71: ...er of bytes that can be used in a packet The minimum MTU size is 108 bytes to conform with RFC 2460 and the maximum size is 1500 bytes Active Port Selects either the RJ45 port or the SFP port as the active Ethernet port Selecting SFP requires that a SFP transceiver module be inserted into the appropriate SFP slot When switching from RJ45 to SFP or vice versa any active network connections may be d...

Page 72: ...t supported Click Back to Network Settings link to return to the Network Settings page Hostname The default host name is emgXXXX where XXXX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit contiguous characters no spaces The host name becomes the prompt in the command line interface Domain If desired specify a domain name for example support lantron...

Page 73: ...f the DHCP Gateway is selected and both Eth1 and Eth2 are configured for DHCP the EMG unit gives precedence to the Eth1 gateway IPv6 Default Indicates the IP address of the IPv6 router for this network Fail over Gateway IP Address The fail over gateway is a backup default gateway used when it is determined through a fail over trigger that the primary default gateway is no longer a viable route A f...

Page 74: ... the Ethernet ports may overwrite the default route interfering with fail over and fail back Note The commands sent to the fail over device to retrieve status and update the configuration are shown in the syslog messages may be displayed under Network syslog at the Debug level If there are errors retrieving status or updating the configuration check messages in the Network syslog the device admini...

Page 75: ... box For the HSPA and Sierra gateways enable a lock so that the SIM card used by the gateway cannot be used by anyone who does not have the PIN Pin for SIM Card Retype For the HSPA and Sierra gateways the PIN number for the SIM card used by the gateway May have up to 8 characters SIM PUK Retype For the HSPA gateway the SIM Personal Unblocking Key PUK May have up to 16 characters The Sierra gateway...

Page 76: ...FTP SFTP SCP USB SD Card and HTTPS FTP is the default If you select HTTPS the Upload File link becomes active Select the link to open a popup window that allows you to browse to a firmware update file to upload If you select NFS the mount directory must be specified Note Connections available depend on the model of the EMG unit USB Port The USB Port selection becomes active when you choose to Load...

Page 77: ... EMG unit The Cellular Settings web page allows the user to configure parameters that determine how the EMG cellular modem network behaves and to update the cellular modem firmware To complete the Cellular Settings page 1 Click the Network tab and select the Cellular Modem option The following page displays Figure 6 4 Network Cellular Modem Settings Page ...

Page 78: ...llular carrier if required The login may have up to 32 characters and the password may have up to 64 characters The Cellular Network Password displays the current password masked Cell Network Auth Specify the type of authentication to be used for connecting to the cellular carrier This is to be configured only if your carrier has setup the APN with a user name and password The authentication type ...

Page 79: ...ters Warning IP filters configuration is a feature for advanced users Adding and enabling IP filter sets incorrectly can disable access to your EMG unit Viewing IP Filters You can view a list of filters and a table showing how each filter is mapped to an interface To view a list of IP filters 1 Click the Network tab and select the IP Filter option The following page displays Figure 6 5 Network IP ...

Page 80: ...nable or disable individual filters To enable IP filters 1 Enter the following Enable IP Filter Select the Enable IP Filter checkbox to enable all filters or clear the checkbox to disable all filters Disabled by default Packets Dropped Displays the number of data packets that the filter ignored did not respond to View only Packets Rejected Displays the number of data packets that the filter sent a...

Page 81: ...See Mapping Rulesets on page 79 To add an IP filter 1 On the Network IP Filter page click the Add Ruleset button The following page displays Figure 6 6 Network IP Filter Ruleset Adding Editing Rulesets Rulesets can be added or updated on this page 2 Enter the following Ruleset Name Name that identifies a filter may be composed of letters numbers and hyphens only The name cannot start with a hyphen...

Page 82: ...e MAC address to act as a filter Example 10 7d 1a 33 5c e1 Protocol From the drop down list select the type of protocol through which the filter will operate The default setting is All Port Range Enter a range of destination TCP or UDP port numbers to be tested An entry is required for TCP TCP New TCP Established and UDP and is not allowed for other protocols Separate multiple ports with commas Se...

Page 83: ...the Network IP Filter page the administrator selects the IP filter rule set to be deleted and clicks the Delete Ruleset button IP Filter Commands Go to IP Filter Commands to view CLI commands which correspond to the web page entries described above Routing The EMG allows you to define static routes and for networks using Routing Information Protocol RIP capable routes to enable the RIP protocol to...

Page 84: ... available on the strongSwan Wiki NAT Traversal is handled automatically without any special configuration VPN related routes are installed in a separate table and can be viewed in the detailed VPN status or in the IP Routes table When a tunnel is up the amount of data passed through the tunnel can be viewed in the status with the bytes_i bytes input and bytes_o bytes output counters An example of...

Page 85: ...0 81 101 0 24 10 81 102 0 24 10 81 103 0 24 The EMG loads a subset of the available strongSwan plugins If an option is given in a custom ipsec config file that requires a plugin that is not loaded by the EMG this may cause an error during tunnel negotiation The loaded plugins can be viewed in the VPN Status when the VPN tunnel is enabled Sample ipsec conf files are provided in the EMG online help ...

Page 86: ...uration during both fail over and fail back VPN tunnels over an console manager Ethernet interfaces that is configured with an MTU less than 256 may experience issues traffic loss etc To set up a VPN connection 1 Click the Network tab and select the VPN option The following page displays Figure 6 8 Network VPN 1 of 2 ...

Page 87: ... reconnects the console manager side of the tunnel should be started first so that it will act as a responder or server If the console manager side of the tunnel is started after the remote peer the console manager will act as a initiator client and may not automatically reconnect when the remote peer disconnects and is brought back up Name The name assigned to the tunnel Required to create a tunn...

Page 88: ...will be used in ipsec conf this is the default signifying an address to be filled in by automatic keying during negotiation If the EMG initiates the connection setup the routing table will be queried to determine the correct local IP address In case the EMG is responding to a connection setup then any IP address that is assigned to a local interface will be accepted Local Id How the EMG should be ...

Page 89: ... accepted values are IKEv1 IKEv2 and Any Default is IKEv2 Any uses IKEv2 when initiating but will accept any protocol version while responding It is recommended that any IKE Encryption or ESP Encryption parameters that are selected be supported by the IKE Version that is used Refer to the list of IKEv1 and IKEv2 cipher suites for more information IKE Encryption The type of encryption 3DES AES AES1...

Page 90: ...hing proposal is found tunnel negotiation will proceed Below is an example of no matching proposal in the log messages charon 04 CFG received proposals ESP AES_CBC_128 HMAC_SHA2_256_128 ECP_256 NO_EXT_SEQ charon 04 CFG configured proposals ESP AES_CBC_128 AES_CBC_192 AES_CBC_256 HMAC_SHA2_256_128 HMAC_SHA2_384_192 HMAC_SHA2_512_256 HMAC_SHA1_96 AES_XCBC_96 NO_EXT_SE charon 04 IKE no matching propo...

Page 91: ...isplayed and a tunnel will not be initiated It is possible to override this behavior but it is not recommended RSA Public Key for Remote Peer If RSA Public Key is selected for authentication the remote peer s public key can be uploaded or deleted If a public key has been uploaded this field will display key installed The peer RSA public key must be in Privacy Enhanced Mail PEM format e g BEGIN PUB...

Page 92: ... hour how often the tunnel is rekeyed is calculated as rekeytime minimum 1h 9m 9m 42m rekeytime maximum 1h 9m 0m 51m So the rekeying time will vary between 42 minutes and 51 minutes It is recommended that the SA Lifetime be set greater than 540 seconds any values less than 540 seconds may require adjustments to the margintime and rekeyfuzz values which can be set with a custom ipsec conf file Some...

Page 93: ...ay in seconds between Dead Peer Detection RFC 3706 keepalives R_U_THERE R_U_THERE_ACK that are sent for the tunnel default 30 seconds Dead Peer Detection can also be disabled Dead Peer Detection Timeout Sets the length of time in seconds the EMG will idle without hearing either an R_U_THERE poll from the peer or an R_U_THERE_ACK reply The default is 120 seconds After this period has elapsed with n...

Page 94: ...thentication tokens pre shared keys RSA keys X 509 certificates required by the custom ipsec conf must be configured through the EMG UIs and must be configured or installed before a tunnel is brought up with an uploaded ipsec conf file When a tunnel is started with a custom ipsec conf file the authentication tokens required for the authby parameter are verified to exist before the tunnel is starte...

Page 95: ...cess connection to a Cisco VPN server responder that uses XAUTH and MODECFG to authenticate and push dynamic IP addresses and DNS servers to a VPN client The use of aggressive mode requires that ike and esp algorithms be specified and exactly match what the Cisco server is expecting Console manager configuration The pre shared key and the XAUTH password need to be configured via the console manage...

Page 96: ...isco configuration Note Main or aggressive mode is determined by the EMG side of the tunnel and does not require any change in the Cisco configuration interface GigabitEthernet0 0 nameif outside security level 0 ip address 192 168 1 130 255 255 255 0 interface GigabitEthernet0 3 nameif inside security level 100 ip address 192 168 3 130 255 255 255 0 object group network local network network objec...

Page 97: ...attributes ikev1 pre shared key Cisco ASA5525x Pre Shared Key IKEv2 This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server responder The aggressive setting can be either yes or no the Cisco ASA will honor the peer configuration Console manager configuration The pre shared key needs to be configured via the console manager UI conn ASA5525 keyexchange ikev2 ike ...

Page 98: ...k access list ASA SLC ACCESS extended permit ip object group local network object group remote network route outside 192 168 0 0 255 255 255 0 192 168 1 204 1 route inside 192 168 3 250 255 255 255 255 192 168 3 250 1 crypto ipsec ikev2 ipsec proposal IPSECv2 protocol esp encryption 3des protocol esp integrity sha 256 crypto ipsec security association pmtu aging infinite crypto map CM 20 match add...

Page 99: ...4 modeconfig pull right 192 168 1 102 rightsubnet 192 168 2 0 24 dpddelay 0 dpdtimeout 120 dpdaction restart auto start type tunnel Cisco configuration crypto ikev2 proposal PROP encryption aes cbc 128 integrity sha256 group 2 crypto ikev2 policy ikev2policy proposal PROP crypto ikev2 keyring KEYRING peer ALL address 0 0 0 0 0 0 0 0 pre shared key local cisco123 pre shared key remote cisco123 cryp...

Page 100: ... transform set ISR esp 3des esp sha384 hmac mode tunnel crypto map CM 10 ipsec isakmp set peer 192 168 1 100 set transform set ISR set ikev2 profile IKEv2_Profile match address VPN TRAFFIC crypto map IPSEC SITE TO SITE 10 ipsec isakmp set peer 192 168 1 100 set transform set ISR set pfs group2 match address VPN TRAFFIC VPN Commands Go to VPN Commands to view CLI commands which correspond to the we...

Page 101: ...to non FIPS mode When the EMG unit is running in FIPS mode the following protocols are supported TLS 1 0 TLS 1 1 TLS 1 2 and SSH v2 TLS 1 0 and TLS 1 1 are disabled by default for security reasons For SSL the EMG unit will support the following cipher suites AES128 SHA AES128 SHA256 AES128 GCM SHA256 AES256 SHA AES256 SHA256 AES256 GCM SHA384 AES signifies Advanced Encryption Scheme SSL secure cer...

Page 102: ...tication type is not supported while the EMG unit is in FIPS mode 1 Check the Enable FIPS Mode check box on the Networks Security page 2 Click Apply The EMG unit will need to be rebooted to initiate FIPS mode Once the EMG module is running in FIPS mode the Security page will display all processes that are running in FIPS mode To disable FIPS 1 Uncheck the Enable FIPS Mode check box on the Networks...

Page 103: ...ternal USB thumb drive or SD 200 operations can be stored per probe Responders The EMG can act as a responder for probes that require a responder to answer packets that are sent from the EMG UDP jitter UDP jitter VoIP UDP Echo and TCP Connect The EMG UDP jitter responder can support packet responses for up to 15 UDP jitter or UDP jitter VoIP probes The UDP Echo and TCP Connect can support packets ...

Page 104: ...kept Local storage a USB thumb drive inserted in the USB Port U1 or the SD card slot The data is stored in individual directories under a directory called perfmon Once probes have been run and operation set files have been generated changing the repository will cause all of the existing files to be moved from the old repository directory to the new repository directory It is recommended that the r...

Page 105: ...umulated statistics for any operation Latest Results Displays the latest raw packet results for the selected probe Latest Accumulated Displays the latest accumulated statistics for the selected probe State Restart Allows the state of a probe to be controlled the user can Restart a completed or running probe When a probe is added it will automatically start running depending on how the probe start ...

Page 106: ... add a new probe or edit an existing probe 1 Click the Network tab and select the Perf Monitoring option The Network Perf Monitoring page displays 2 To add a new probe in the lower section of the page select the Add Probe link To edit an existing probe select a probe by clicking the radio button to the right in the probe s row then select the Edit Probe button In both cases the following page disp...

Page 107: ... send for each probe For DNS Lookup probes this is the number of lookups to perform For HTTP Get probes this is the number of HTTP Gets to perform For TCP Connect probes this is the number of TCP connections to perform The valid range is 1 1000 for the Local repository and 1 2000 for a USB or SD card repository The default is 10 packets Interval between Packets Interval between packets in millisec...

Page 108: ...is only supported for ICMP Echo UDP Echo UDP Jitter and UDP Jitter VoIP probes Timeout How long the EMG will wait for a packet to arrive in milliseconds If the packet arrives after the timeout it will be considered a Late Arrival error see Error Conditions Detected by Probes The valid range is 10 1000 and the default is 200 msec UDP Jitter VoIP Codec For UDP Jitter VoIP probes the codec to simulat...

Page 109: ...mes RTT Probe 1 ICMP operation icmp_190709_154146 dat Pkt Time RT Time Result 1 19 07 09 15 41 46 469 0 717 msec OK 2 19 07 09 15 41 46 972 0 556 msec OK 3 19 07 09 15 41 47 482 0 443 msec OK 4 19 07 09 15 41 47 992 0 423 msec OK 5 19 07 09 15 41 48 501 0 472 msec OK 6 19 07 09 15 41 49 011 0 439 msec OK 7 19 07 09 15 41 49 521 0 444 msec OK 8 19 07 09 15 41 50 031 0 375 msec OK 9 19 07 09 15 41 5...

Page 110: ...d and sum squared of the positive or negative jitter times These numbers give a summary of how much variation there was in latency times and if the variation was small or large Latest Accumulated Statistics Probe 2 UDP Jitter operation udpjitter_190709_154422 dat Operation Type UDP Jitter to 172 19 100 17 60606 10 packets sent 500 ms apart timeout 200 ms Operation Start Time 19 07 09 15 44 22 480 ...

Page 111: ...equence Error A packet response was received with an unexpected sequence number Possible reasons are a duplicate packet was received a response was received after it timed out a corrupted packet was received and was not detected Verify Data Error A response was received for a packet with payload data that does not match the expected data DNS Server Timeout A DNS lookup could not be completed becau...

Page 112: ...Monitoring Commands to view CLI commands which correspond to the web page entries described above Refresh Refreshes the information on the Performance Monitoring Operations page RTT Results Displays the round trip time RTT results for the selected operation in a separate window The results show the time that the packet was sent the total round trip time for non jitter probes or the source to desti...

Page 113: ...N List The following page appears Figure 6 15 FQDN List 2 Enter the following information To add a Host enter the IP address FQDN and click Add Edit Hosts The IP address and hostname displays in the Hosts FQDN List You may add up to 15 hosts To edit a Host entry select the radio button next to the host in the Hosts FQDN List change the IP address or FQDN fields as desired and click Add Edit Hosts ...

Page 114: ...ss to all statistics and configurable items provided by the EMG unit It provides read write access to a select set of functions for controlling the EMG and device ports See the MIB definition file for details Identify a Simple Mail Transfer Protocol SMTP server Configure an audit log View the status of and manage the EMGs on the Secure Lantronix network Set the date and time Configure NFS and CIFS...

Page 115: ...on that may be cause for concern in addition to error messages This is the default for all message types Info Saves informative message in addition to warning and error messages Debug Saves extraneous detail that may be helpful in tracking down a problem in addition to information warning and error messages Network Level Messages concerning the network activity for example about Ethernet and routi...

Page 116: ...ately 500 entries You can set the maximum size of the log from 1 to 500 Kbytes Include CLI Commands Select to cause the audit log to include the CLI commands that have been executed Disabled by default Include In System Log If enabled the contents of the audit log are added to the system log under the General Info category level Disabled by default Server IP address of your network s Simple Mail T...

Page 117: ...tion disabled for security reasons Web Telnet Enables or disables the ability to access the EMG command Iine interface or device ports connect direct through the Web Telnet window Disabled by default Timeout If you enable Telnet logins you can cause an idle connection to disconnect after a specified number of minutes Select Yes and enter a value of from 1 to 30 minutes Timeout Data Direction If id...

Page 118: ... defines the set of manageable objects in the device The EMG unit supports both MIB II as defined by RFC 1213 and a private enterprise MIB The private enterprise MIB provides read only access to all statistics and configurable items provided by the EMG unit It provides read write access to a select set of functions for controlling the EMG unit and device ports See the MIB definition file for detai...

Page 119: ...agement Gateway User Guide 119 Figure 7 2 Services SNMP 2 Enter the following Enable Agent Enables or disables the Simple Network Management Protocol SNMP agent which allows read only access to the system Disabled by default ...

Page 120: ...ePortDeviceLowHumidity 1 3 6 1 4 1 244 1 1 0 9 slcEventDevicePortDeviceHighHumidity 1 3 6 1 4 1 244 1 1 0 10 slcEventDevicePortDeviceError 1 3 6 1 4 1 244 1 1 0 11 slcEventUSBAction 1 3 6 1 4 1 244 1 1 0 14 slcEventInternalTemp 1 3 6 1 4 1 244 1 1 0 13 slcEventDevicePortError 1 3 6 1 4 1 244 1 1 0 15 slcEventSDCardAction 1 3 6 1 4 1 244 1 1 0 16 slcEventNoDialToneAlarm 1 3 6 1 4 1 244 1 1 0 17 slc...

Page 121: ...ess the read only data the EMG SNMP agent provides and to modify data where permitted The Read Write Community is used for SNMP v1 and v2c The default is private Trap The trap used for outgoing generic and enterprise traps Traps sent with the Event trigger mechanism still use the trap community specified with the Event action The default is public Security Levels of security available with SNMP v ...

Page 122: ...rations and is read write The share allows users to access the contents of the directory or map the directory onto a Windows computer Users can also access the device port local buffers from the CIFS share User Name SNMP v3 is secure and requires user based authorization to access EMG MIB objects Enter a user ID for users with read write authority The default is snmprwuser Up to 20 characters Pass...

Page 123: ...name or ipaddr exported path Local Directory The local directory on the EMG on which to mount the remote directory The EMG unit creates the local directory automatically Read Write If enabled indicates that the EMG can write files to the remote directory If you plan to log port data or save configurations to this directory you must enable this option Mount Select the checkbox to enable the EMG uni...

Page 124: ... EMG to export an SMB CIFS share called public Disabled by default Network Interfaces Select the network ports from which the share can be seen The default is for the share to be visible on both network ports CIFS User Password Retype Password Only one user special username cifsuser can access the CIFS share Enter the CIFS user password in both password fields The default user password is CIFSPASS...

Page 125: ...e To access Lantronix ITM devices on the local network 1 Click the Services tab and select the Secure Lantronix Network option The following page displays Figure 7 4 Services Secure Lantronix Network 2 Access your device or device port through any of the methods below To directly access the web interface for a secure Lantronix device 3 On the Secure Lantronix Network page click the IP address of a...

Page 126: ...interface that appears and login The CLI interface will indicate when your connection is established 4 To terminate the session use either the host s logoff command or use to terminate a Telnet session or to terminate an SSH session Figure 7 6 SSH or Telnet CLI Session To directly access a specific port on a particular device 1 You have two options Dashboard Make sure the WebSSH DP only radio butt...

Page 127: ...abled port number generates a popup window indicating the port is disabled see Figure 7 7 below Figure 7 7 Disabled Port Number Popup Window 2 Click your mouse into the CLI login interface that appears see Figure 7 6 and login The CLI interface will indicate when your connection is established 3 To terminate the session use either the host s logoff command or use to terminate a Telnet session or t...

Page 128: ... browser error displayed for self signed or untrusted certificates There is a problem with this website s security certificate or Your connection is not private The SSL server that handles Web SSH and Web Telnet sessions is accessible on port 8000 instead of the standard port 443 for SSL connections It is recommended that the EMG be configured to use a SSL certificate from a Certificate Authority ...

Page 129: ... in the browser for the primary EMG website will only accept the certificate for port 443 It will not accept the certificate for port 8000 This may result in a popup being displayed in the Web SSH or Web Telnet window indicating that the browser needs to accept a certificate To accept the self signed certificate for port 8000 go to Firefox Options or Preferences Advanced Certificates View Certific...

Page 130: ...net window provide copy and paste functionality via a right click menu the Copy option will copy what is highlighted in the Web SSH or Web Telnet window into an internal non system clipboard and the contents can be pasted into the Web SSH or Web Telnet window with the Paste command Support for copying and pasting content between the system clipboard and the Web SSH or Web Telnet window will vary f...

Page 131: ...refid column shows the current source of synchronization while the st column reveals the stratum t the type u unicast m multicast l local don t know and poll the poll interval in seconds The when column shows the time since the peer was last heard in seconds while the reach column shows the status of the reachability register see RFC 1305 in octal The remaining entries show the latest delay offset...

Page 132: ...lays the current NTP status if NTP is enabled above Synchronize via Select one of the following Broadcast from NTP Server Enables the EMG unit to accept time information periodically transmitted by the NTP server This is the default if you enable NTP Poll NTP Server Enables the EMG to query the NTP Server for the correct time If you select this option complete one of the following Local Select thi...

Page 133: ...t support any versions of the SSL protocol The Web Server page allows the system administrator to Configure attributes of the web server View and terminate current web sessions Import a site specific SSL certificate To configure the Web Server 1 Click the Services tab and select the Web Server option The following page appears Figure 7 10 Services Web Server ...

Page 134: ...uires a reboot or restarting the web server with the CLI command admin web restart for the change to take effect Use only SHA2 and Higher Ciphers By default the web supports SHA1 as well as SHA2 and higher ciphers Check this option to support only SHA2 and higher ciphers Changing this option requires a reboot or restarting the web server with the CLI command admin web restart for the change to tak...

Page 135: ...cate information The SSL certificate consisting of a public private key pair used to encrypt HTTP data is associated with the web server You can import a site specific SSL certificate or generate a custom self signed SSL certificate The custom self signed SSL certificates generated by the EMG use the SHA256 hash algorithm To view reset import or change an SSL Certificate 1 On the Services tab clic...

Page 136: ...e Unselected by default Root Filename Filename of the imported root or intermediate Certificate Authority If HTTPS is selected as the method for import the Upload File link will be selectable to upload a Certificate authority Import SSL Certificate To import your own SSL Certificate select the checkbox Unselected by default Import via From the drop down list select the method of importing the cert...

Page 137: ...our site select the checkbox The SHA256 hashing algorithm will be used to generate the certificate Unselected by default Number of Bits The number of bits to use when generating the certificate 2048 3072 or 4096 Number of Days The number of days that the certificate can be used before it expires up to 7500 days Country Name The two letter country code for the custom certificate e g US or FR State ...

Page 138: ...nt by the server An EMG gateway requires a unique Device ID to communicate with the ConsoleFlow portal The ID is viewable in the ConsoleFlow settings If a device is not already pre configured with the ID the ID must be provisioned using Lantronix Provisioning Manager LPM See the Lantronix Provisioning Manager User Guide at https www lantronix com products lantronix provisioning manager The Console...

Page 139: ...publish status updates If the connection fails the client will wait 5 seconds and retry The connection may fail if the Messaging Host name cannot be resolved or the Messaging Host is not reachable Once the connection is successful Status of Client will display Messaging connected with the date and time the connection was established The client publishes status update messages changes to device att...

Page 140: ...ervices EMG Edge Management Gateway User Guide 140 To configure ConsoleFlow settings 1 Click the Services tab and select the ConsoleFlow option The following page displays Figure 7 13 Services ConsoleFlow ...

Page 141: ...ates via ConsoleFlow If enabled configuration updates can be initiated by ConsoleFlow for the EMG The device will check for updates per the frequency defined by Interval between FW and Config Checks and if a configuration update is found the update will be downloaded to the device and applied to the current boot bank and the EMG will be immediately rebooted Enabled by default Reboot after Firmware...

Page 142: ...ging services are used for status updates and commands Enabled by default Messaging Host Hostname of the server used for messaging services The hostname should start with mqtt Messaging Port The TCP port on the Messaging Host Defaults to 443 Messaging Services Security If enabled TLS is used for messaging If Validate certificates with HTTPS is enabled for the Registration Host a certificate author...

Page 143: ...e USB port or the SD card slot on the front of the EMG unit You can do this before or after powering up the EMG If the first partition on the storage device is formatted with a file system supported by the EMG unit ext2 FAT16 and FAT32 the card mounts automatically 2 Log into the EMG unit and click Devices 3 Click USB SD Card Figure 8 1 shows the page that displays Your storage device should displ...

Page 144: ...s into the USB port or the SD card slot on the front of the EMG unit 2 Click the USB SD Card tab Figure 8 1 shows the page that displays 3 Click the radio button on the far right of a USB or SD card device storage port 4 Click Configure Figure 8 2 shows the page that displays if a USB storage device is inserted Figure 8 3 shows the page that displays if an SD Card is inserted ...

Page 145: ...8 3 Devices SD Card Configure 5 Enter the following fields Mount Select the checkbox to mount the first partition of the storage device on the EMG unit if not currently mounted Once mounted a USB thumb drive or SD card is used for firmware updates device port logging and saving restoring configurations ...

Page 146: ...nmount the thumb drive or SD card Select the checkbox to unmount it Warning If you eject a thumb drive or SD card from the EMG unit without unmounting it subsequent mounts of a USB thumb drive or SD card in may fail and you will need to reboot the device to restore thumb drive or SD card functionality Format Format will do the following Unmount the USB SD card device if it is mounted Remove all ex...

Page 147: ... 3 To download a file click the Download File button Select the file from the list 4 To rename a file click the check box next to the filename and enter a new name in the New File Name field 5 Click Rename File USB Commands Go to USB Access Commands USB Device Commands USB Storage Commands and Internal Modem Commands to view CLI commands which correspond to the web page entries described above SD ...

Page 148: ...ddress ssh port number where ssh port number is uniquely assigned for each device port 4 If TCP is enabled for a device port establish a raw TCP connection to Eth1 IP address tcp port number or Eth2 IP address tcp port number where tcp port number is uniquely assigned for each device port 5 If a device port has an IP address assigned to it you can Telnet SSH or establish a raw TCP connection to th...

Page 149: ...rations if any other configuration is detected at boot the EMG unit will still boot disable use of the device ports and provide indications in the boot messages in the CLI and in the web that the I O configuration is invalid When an invalid configuration is corrected by reconfiguring the I O modules into a valid configuration after the EMG module is powered up and booted the valid configuration wi...

Page 150: ...the Devices tab and select the Device Status option The following page displays Figure 9 2 Devices Device Status Device Ports On the Devices Device Ports page you can set up the numbering of Telnet SSH and TCP ports view a summary of current port modes and select individual ports to configure 1 Click the Devices tab and select the Device Ports option The following page displays ...

Page 151: ... modes include To set up Telnet SSH and TCP port numbering 1 Enter the following Idle The port is not in use The port is in data text mode Note You may set up ports to allow Telnet access using the IP Setting per Device Ports Settings on page 152 An external modem is connected to the port The user may dial into or out of the port Telnet in or SSH in is enabled for the device port The device port i...

Page 152: ...esents the first port The default is 2000 plus the port number For example if you enter 2001 port 1 will be 2001 and subsequent 2000 ports are automatically assigned numbers 2001 2002 and so on Starting SSH Port Each port is assigned a number for connecting via SSH Enter a number 1025 65528 that represents the first port The default is 3000 plus the port number For example if you enter 3001 port 1...

Page 153: ...the Dashboard is selected and click the desired port number in the Dashboard The Dashboard is located on the upper right corner of each Web Manager page see Chapter 5 Web Manager Device Ports Page Click the Devices tab and select the Device Ports option Select the port you want to configure and then click the Configure button ...

Page 154: ...9 Device Ports EMG Edge Management Gateway User Guide 154 The following page displays Figure 9 4 Device Ports Settings 1 of 2 ...

Page 155: ...speed and a short type description for the USB device The EMG supports up to 8 USB type A Host devices at data rates of HS 480 Mbit s FS 12 Mbit s or LS 1 5 Mbit s Each port has VBUS 5V support of up to 100mA but not to exceed 600mA total per 4 port USB I O module Drawing more than 150 mA on a USB device port will shut down the VBUS 5V USB ports are designed for data traffic only and are not desig...

Page 156: ...d by the characters space comma or semicolon then any user who logs into the device port must be a member of one of the specified groups otherwise access will be denied Users authenticated via RADIUS may have a group or groups provided by the RADIUS server via the Filter Id attribute that overrides the group defined for a user on the EMG unit A group provided by a remote server must be either a si...

Page 157: ...as Sensorsoft devices If the connected device is an RPM the user can assign an RPM to the device port by either select an existing RPM via the Select dropdown or clicking the Add RPM link to configure a new RPM for the EMG If an RPM is already assigned to the device port the user can click on the Selected RPM link to view status and configuration for the RPM If the connected device is a Sensorsoft...

Page 158: ...work that the IP address falls in will be used For Telnet and SSH the default TCP port numbers 22 and 23 respectively are used to connect to the device port For raw TCP the TCP port number defined for TCP In to the device port is used Note If Ethernet Bonding is enabled assigning individual IP Addresses to Device Ports is not supported Note that the IP address will be bound to Eth1 only so if Eth2...

Page 159: ...e 1 command to connect port 1 to a Linux server For example if the user issues the ls command to display a directory on a Linux server then exits the connection the results of the ls will be stored in the buffer When the user then issues another direct connect device 1 the last 24 lines of the ls command is displayed so the user can see what state the server was left in USB Channel Applies to USB ...

Page 160: ... a straight through Ethernet patch cable without the need for a rolled cable or adapter Enabled by default Note Applies to serial RJ45 device ports only All Lantronix serial adapters are intended to be used with Reverse Pinout disabled USB VBUS For USB Device Ports only If enabled the USB VBUS signal provides power to the USB device attached to a device port Disabling VBUS will power down the devi...

Page 161: ...to the modem user guide Modem Command Modem AT command used to initiate caller ID logging by the modem Note For the AT command refer to the modem user guide Dial Back Number Users with dial back access can dial into the EMG gateway and enter their login and password Once the EMG authenticates them the modem hangs up and dials them back Select the phone number the modem dials back on a fixed number...

Page 162: ...al in dial on demand PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the DOD CHAP Handshake fields authenticate the user DOD CHAP Handshake For DOD Authentication enter the Host User Name for UNIX systems or Secret User Password for Windows systems used for CHAP authentication May have up to 128...

Page 163: ...them to zeros select the Zero port counters checkbox in the IP Settings section of the page Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page Status may display N A if EMG is unable to dynamically determine the connected inserted device Device Ports Power Management In the Device Ports Power Management page c...

Page 164: ...figured while connected to a device port by entering the Power Management Sequence This will display the Power Management and Baud Rate menu which provides an option to set the Baud Rate To configure power management settings for a device port 1 Connect to a specific port on the Devices Device Ports page according to instructions in To open the Device Ports Settings page on page 152 2 Click the Se...

Page 165: ... Esc P escape key then uppercase P This value is specified as x1bP which is hexidecimal x character 27 1B followed by a P See Key Sequences on page 191 for notes on key sequence precedence and behavior RPM For each managed power supply select a RPM most likely a PDU which has outlets that can be individually controlled and which provides power to the device connected to the device port See Chapter...

Page 166: ...umber will be filled in as well as the managed power supply outlet name if a name is listed for the outlet and one has not already been defined for the managed power supply A unique name for the managed power supply name is required this is what will be displayed on the Power Management menu Name For each managed power supply enter the name on the selected RPM As an aid to selecting the name click...

Page 167: ...for this device in degrees Fahrenheit instead of Celsius which is the default Humidity Current relative humidity on the device the sensor is monitoring Low Humidity Enter the relative humidity permitted on the device the sensor is monitoring below which the sensor sends a trap to the EMG High Humidity Enter the highest relative acceptable humidity permitted on the device above which the sensor sen...

Page 168: ...s the console port of an external server the data received over the device port can be monitored at the command line interface with the connect listen command as follows To connect to a device port to monitor it connect listen deviceport Port or Name In addition you can send data out the device port for example commands issued to an external server with the connect direct command as follows To con...

Page 169: ...f logging local NFS file token and data detection SD card or USB port at a time The buffer containing device port data is cleared when any type of logging is enabled Local Logging If local logging is enabled each device port stores 256 Kbytes approximately 400 screens of I O data in a true first in first out FIFO buffer You may view this data in ASCII format at the CLI with the show locallog comma...

Page 170: ...Port Name _ File number log Examples 02_Port 2_1 log 02_Port 2_2 log 02_Port 2_3 log 02_Port 2_4 log 02_Port 2_5 log Token Data Detection The system administrator can configure the device log to detect when a user defined string or number of characters is received from the device and automatically perform one or more actions send a message to the system log send an SNMP trap send an email alert se...

Page 171: ...a set of actions that can be enabled if a data trigger occurs The default is disabled Trigger on Select the method of triggering an action Data Byte Count A specific number of bytes of data This is the default Token Character String A specific pattern of characters which you can define by a regular expression Note Token Character String recognition may negatively impact the EMG unit s performance ...

Page 172: ... one or more of the device port power supplies can be changed Email to The email address of the message recipient s for an email alert To enter more than one email address separate the addresses with a single space You can enter a total of 128 characters Email Subject A subject text appropriate for your site May have up to 128 characters The email subject line is pre defined for each port with its...

Page 173: ... from an NFS server mounted on the EMG Specify the local directory path for the NFS mount Max Number of Files The maximum number of files to create to contain log data to the port These files keep a history of the data received from the port Once this limit is exceeded the oldest file is overwritten The default is 10 Max Size of Files The maximum allowable file size in bytes The default is 2048 by...

Page 174: ... 1 Click the Devices tab and select Console Port The following page displays Figure 9 11 Devices Console Port 2 Change the following as desired Baud The speed with which the device port exchanges data with the attached serial device From the drop down list select the baud rate Most devices use 9600 for the administration port so the console port defaults to this value Data Bits Number of data bits...

Page 175: ...ect the parity The default is none Flow Control A method of preventing buffer overflow and loss of data The available methods include none xon xoff software and rts cts hardware The default is none Timeout The number of minutes 1 30 after which an idle session on the console is automatically logged out Disabled by default Show Lines on Connecting If selected when you connect to the console port wi...

Page 176: ...the current state of the port on or off Normal State Defines the typical or normal state of the DIO Input port This setting is used for Events Name The name of the port Valid characters are letters numbers dashes periods and underscores _ State view only Displays the current state of the port on or off The Change State check box and Off On selection can be used to change the state of the port Norm...

Page 177: ...from device port 4 using the CLI emg431d se xmodem receive 4 protocol zmodem xfer binary Starting Zmodem receive of file specified by protocol Receiving update bin 0 Bytes received 117988 117988 BPS 937 Transfer complete Note When performing critical operations such as firmware update over a serial connection with Xmodem Ymodem or Zmodem it is recommended to use the CLI to send and receive files i...

Page 178: ...of the file in the Xmodem Files Repository list enter the new file name in the New File Name field and click the Rename File button 4 To delete a file select the box to the right of the file in the Xmodem Files Repository list and click the Delete button 5 To send a file select the box to the right of the file in the Xmodem Files Repository list and complete the following fields 6 Click the Send F...

Page 179: ...repository and Receive Overwrite is not enabled the transfer will abort without overwriting the existing file Xmodem Commands Go to Xmodem Commands to view CLI commands which correspond to the web page entries described above Protocol Select whether to use the Xmodem Ymodem or Zmodem protocol Xmodem is a very rudimentary protocol that sends files in 128 byte blocks padding the resulting file if ne...

Page 180: ...lect the Host Lists option The following page displays Figure 9 12 Devices Host Lists 2 Enter the following Note To clear fields in the lower part of the page click the Clear Host List button 3 To add hosts enter the following Host Parameters Host List Id Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the EMG should attempt t...

Page 181: ...default escape character For Telnet the escape character is either a single character or a two character sequence consisting of followed by one character If the second character is the DEL character is selected Otherwise the second character is converted to a control character and used as the escape character For SSH the escape character is a single character Note When the Device Port Esc Sequence...

Page 182: ...llowing 3 View add or update the host parameters Host List Id View only Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the EMG should attempt to retry connecting to the host list Authentication Select to require authentication when the EMG unit connects to a host Host Name or IP address of the host Protocol Protocol for conne...

Page 183: ...odem parameters or modem profile that can be activated by various modem related events authentication on dial in outbound network traffic for a dial on demand connection etc The site parameters will override parameters that are configured for a modem To use sites with a modem create one or more sites described below then enable Use Sites for the modem Sites can be used with the following modem sta...

Page 184: ... the following Note To clear fields in the lower part of the page click the Reset Site button Site Id view only Displays after a site is created Site Name Enter a name for the site Port Select the port None Internal Modem Device Port or USB Port U1 the site is assigned to For dial on demand sites a port must be selected For any other sites the port selection can be set to None See Modem Dialing St...

Page 185: ...utomatically dial out and establish a PPP connection when IP traffic destined for the network specified by the static route needs to be sent Note Static Routing must be enabled on the Network Routing page for dial on demand connections Static Route Subnet Mask The subnet mask for a dial on demand connection Static Route Gateway The gateway for a dial on demand connection Dial out Number The dial o...

Page 186: ...e Login CHAP Host matches the name that was authenticated b Authentication is set to PAP and c the Port is set to None or matches the port the modem is on If a matching site is found the Timeout Logins parameter configured for the site will be used for the rest of the dial in connection instead of the Timeout Logins parameter configured for the modem Once authenticated a CLI session will be initia...

Page 187: ...thods Local Users NIS LDAP etc The site list will be searched for a site that a the Login CHAP Host matches the name that was authenticated b Authentication is set to PAP and c the Port is set to None or matches the port the modem is on If a matching site is found its Timeout Logins Dial back Number Allow Dial back and Dial back Delay parameters will be used for the rest of the dial back connectio...

Page 188: ...IP traffic destined for a remote network needs to be sent When either event occurs an incoming call or IP traffic destined for the remote network the other mode will be disabled For Dial in the user will be authenticated via PAP or CHAP determined by the Authentication setting for the modem For PAP the Local Remote User list will be used to authenticate the login and password sent by the PPP peer ...

Page 189: ...f the parameters configured for the modem Once the remote server is authenticated if Allow Dial back is enabled for the site and a Dial back Number is defined the EMG will hang up and wait Dial back Delay seconds before initiating the dial back The EMG unit will dial and if the remote peer requests PAP or CHAP authentication provide the Dial out Login and Dial out Password as authentication tokens...

Page 190: ...ously authenticated remote peer and if the remote peer requests PAP or CHAP authentication provide the Remote Dial out Login and Remote Dial out Password as authentication tokens Once authenticated a PPP session will be established using either negotiated IP addresses or specific IP addresses determined by the Negotiate IP Address setting CBCP Client The EMG unit will dial out to a CBCP server est...

Page 191: ...equences not share a significant amount of overlap other than the first character For example if the View Port Log Sequence is set to ABCD and the Power Management Sequence is set to ABCE the first three characters of both sequences are the same this is not recommended When any portion of key sequences overlap typing a complete escape sequence for one of the sequences will reset recognition of the...

Page 192: ...fic devices see Optimizing and Troubleshooting RPM Behavior on page 204 Devices RPMs To control or view status for an RPM 1 Click the Devices tab and select the RPMs option The RPMs page displays Figure 10 1 Devices RPMs 2 In the RPMs table select the RPM by clicking on the radio button in the far right column The options that are available for that RPM will be displayed as active links above the ...

Page 193: ...or the selected RPM This option is available for all RPMs Outlets Displays the RPMs Outlets page for RPMs that support individual outlet control and status Beeper Enable Mute Disable If the RPM has a beeper than can be controlled these options allow the administrator to Enable Mute or Disable the beeper If you try to use Mute to silence a beeper and the beeper continues to sound the UPS most likel...

Page 194: ...10 Remote Power Managers EMG Edge Management Gateway User Guide 194 Figure 10 3 RPM Notifications Figure 10 4 RPM Raw Data Log ...

Page 195: ...t vendors and nearly 1000 different models that are supported the key to ensuring the EMG can properly manage a PDU or UPS is selecting the right model with its associated driver and any required driver options especially for USB managed devices To add a new managed RPM 1 Click the Devices tab and select the RPMs option The RPMs page displays as shown in Figure 10 1 2 On the Devices RPMs page clic...

Page 196: ...ces RPMs Add Device page with the same functionality can also be accessed through the Device Ports Settings 1 of 2 page by selecting RPM in the Connected dropdown menu Figure 10 7 Devices RPMs Add Device 3 Enter the following Vendor Select the correct vendor from the drop down menu ...

Page 197: ... device these are extra options which may be required to make the driver work The most frequent use of the driver options is for USB devices the vendor and product ID may be required so that the EMG can find the correct device on the USB bus or in the event that the default driver options do not work with the RPM The vendor and product ID may be automatically filled in if a USB Device is selected ...

Page 198: ...hat has reached a low battery state Shutdown all UPSes shutdown all UPSes managed by the EMG Allow battery failure allow the battery to completely fail which may result in the unsafe shutdown of the devices it provides power to Shutdown both EMG UPSes shutdown both UPSes that provide power to the EMG including the UPS with that has reached a low battery state some EMGs have dual power supplies For...

Page 199: ...RPMs provide a model string If the device normally provides the device model and becomes unreachable or does not provide a model string the Model is derived from the supported model list strings of Outlets Specify the number of outlets on the RPM maximum of 120 outlets Outlets On view only The number of outlets that are currently turned on if this information is provided by the RPM F W Version vie...

Page 200: ... life Beeper Status view only For UPS devices only Displays the current state of the UPS beeper Managed via view only Displays the method used to control the RPM device SNMP Network Serial Port USB port IP Address For SNMP and Network Telnet managed RPMs specify the IP address of the RPM Port For network Telnet managed RPMs this is assumed to be port 23 if left blank or it can be filled in with an...

Page 201: ... Indicates the behavior to take when the UPS reaches a low battery state Options are to Shutdown this UPS shutdown only the UPS that has reached a low battery state Shutdown all UPSes shutdown all UPSes managed by the EMG Allow battery failure allow the battery to completely fail which may result in the unsafe shutdown of the devices it provides power to Shutdown both EMG UPSes shutdown both UPSes...

Page 202: ...numbers and their state On or Off If the RPM provides additional information for the outlets the custom name and the current reading in Amperes will also be displayed for each outlet Figure 10 9 RPMs Outlets 3 To change the state of one or more outlets select the outlets and click the Cycle Power Turn On or Turn Off buttons The command will be sent to the RPM and the page will refresh It may take ...

Page 203: ...d in what order The UPS with the low battery will be placed into FSD Forced Shutdown mode The following actions will be performed based on the Low Battery Action setting for the UPS with the failed battery Allow Battery Failure The UPS battery will be allowed to run until it fails completely If the UPS provides power to the EMG and the battery fails the EMG will not be cleanly shutdown In this sce...

Page 204: ...ore adding the device as an RPM otherwise the RPM may experience query errors If the EMG is unable to communicate with an RPM or an RPM is displaying the error driver is not running the following steps can be used to troubleshoot the driver issues Correct Driver The CLI command set rpm driver RPM Id or Name action show can be used to display the current running driver for the RPM Some serially and...

Page 205: ...RPM Id or Name action show should show a driver running with one or more D flags The debug output can be examined or emailed with the set rpm driver RPM Id or Name action viewoutput email Email Address display head tail numlines Number or Lines command To return the driver to its normal non debug state run set rpm driver RPM Id or Name action restart Note that drivers running in debug mode will ge...

Page 206: ...ustom Scripts can be created Each Custom Script run is an operation and the results from each operation can be viewed Up to 50 script result files will be saved locally in the EMG storage Once this maximum is reached and new result files are generated the oldest result files will automatically be deleted to accommodate the new result files A user can create scripts at the web view scripts at the w...

Page 207: ...script details Script Name A unique identifier for the script Type Select Interface for a script that utilizes Expect Tcl to perform pattern detection and action generation on Device Port output Select Batch for a script of CLI commands Select Custom for an Expect Tcl or Python script that can be run against a CLI session or a Device Port either manually or scheduled to run at periodic intervals ...

Page 208: ...fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC devices on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit RPMs Right to view and enter Remote Power Mana...

Page 209: ...name in the New Name field 2 Click the Rename Script button The script will be renamed and the Devices Scripts page redisplays To delete a script 1 In the Scripts table select the script to delete 2 Click the Delete Script button After a confirmation the script will be deleted and the Devices Scripts page redisplays To schedule a custom script 1 In the Scripts table select the script and click the...

Page 210: ... script schedule 1 In the Scripts table select the script to enable or disable 2 Click the Enable button this will resume running of a script at its next scheduled time if it was previously disabled or the Disable button this will suspend running of a script but continue to update the schedule The script s state will be updated and the Scripts page redisplays To view the list of completed operatio...

Page 211: ...es of CLI commands or a Custom Script for pattern recognition and action generation use the set script runcli Script Name command This action requires that an EMG user running the runcli command belong to a group that is the same or greater than the group assigned to the script e g if the script is assigned to the Power group the user running the runcli command must belong to the Power or Admin gr...

Page 212: ...execution of other commands based on the results of the evaluation of a Boolean expression Table 11 4 Interface Script Syntax Definitions Term Definition Word A contiguous group of characters delimited on either side by spaces Not enclosed by double quotes Primary Command One of the primary commands listed in this section Secondary Command One of the secondary commands defined in this section Quot...

Page 213: ...erands and evaluates to TRUE or FALSE The following Boolean operators are valid less than greater than less than or equal to greater than or equal to equal to not equal to Command Description set The set command assigns a value to a variable Syntax set variable value where variable is a word and value can be defined in one of the following ways A quoted string A word A variable reference A value g...

Page 214: ...ss The send_user command sends output to the standard output Both commands have the same syntax send string send_user string where string can be either a quoted string or a variable reference expect expect_user expect_before expect_after expect_background The expect command waits for input and attempts to match it against one or more patterns If one of the patterns matches the input the correspond...

Page 215: ... of str string index str int Return the character located at position int in str string range str int start int end Return a string consisting of the characters in str between int start and int end string tolower str Convert str to lowercase string toupper str Convert str to uppercase string trim str 1 str 2 Trim str 2 from str 1 string trimleft str 1 str 2 Trim str 2 from the beginning of str 1 s...

Page 216: ...at command is analogous to the C language sprintf The format command will only be used in combination with the set command to produce the value for a variable Syntax format format string value 1 value 2 value n where format string will be a quoted string Each of the value x elements will be a word a quoted string or a variable reference Command Description while The while command executes an assoc...

Page 217: ... or elseif command It executes an associated block of commands if its Boolean expression evaluates to TRUE Each command within the block must be a Primary command Syntax elseif Boolean expression command 1 command 2 command n The else command is used in combination with an if or elseif command to provide a default path of execution If the Boolean expressions for all preceding if and elseif command...

Page 218: ...ession or an EMG Device Port session Refer to the following spawn command syntax Note For CLI sessions a local user name should be given For Device Port sessions the devicePort variable will be used by the EMG to connect the script to the appropriate Device Port The noecho flag may be passed to spawn command Expect script CLI session spawn clisession U username Expect script Device Port session sp...

Page 219: ...e EMG port gets the device hostname loops a couple of times to get port interface statistics and logs out The following is the script set monPort 7 set monTime 5 set sleepTime 2 set prompt set login sysadmin set pwd PASS Send CR to echo prompt send r sleep sleepTime Log in or check for Command Prompt expect Did not capture login or Command Prompt timeout send_user Time out login r n return Got log...

Page 220: ...script ex4 deviceport 7 login Logging in sysadmin sysadmin Password PASS Welcome to the Lantronix Edge Management Gateway Model Number EMG851101 For a list of commands type help EMG251 show network port 1 host show network port 1 host ___Current Hostname Settings____________________________________________ Hostname EMG251 Domain support int lantronix com EMG251 Device HOSTNAME EMG251 _____________...

Page 221: ...tings____________________________________________ Hostname emg247 Domain none emg247 emg247 show deviceport names ___Current Device Port Names____________________________________________ 01 SCS_ALIAS_Test 05 Port 5 02 Port 2 06 Port 6 03 Port 3 07 EMG251 04 Port 4 08 Port 8 emg247 emg247 show script ___Interface Scripts______Group Permissions_____________________________ getSLC Adm ad nt sv dt lu ...

Page 222: ...1 25 20 show portcounter deviceport 7 show portcounter deviceport 7 Device Port 7 Seconds since zeroed 1454136 Bytes input 0 Bytes output 0 Framing errors 0 Flow control errors 0 Overrun errors 0 Parity errors 0 EMG251 Port Counter Monitor Script Ending ________________________________________________________________________ Login Out logout Returning to command line emg247 Expect Custom Script EM...

Page 223: ..._id Handle eof expect_after i sessionId eof myprint Session unexpectedly terminated abortSession 2 set timeout 10 log_user 0 Wait for the first prompt set loggedIn false while loggedIn expect timeout myprint Timeout waiting to login abortSession 3 Need to specify username myprint Need to specify U abortSession 4 set loggedIn true exp_send n expect timeout myprint Timeout waiting for CLI prompt abo...

Page 224: ...t that interacts with a EMG Device Port in this example a ServerTech PDU is connected to a Device Port expect Script to get the load of a ServerTech PDU outlet set pduPrompt set pduLoad unknown proc myprint str send_user str n proc abortSession err send_user Error err Terminating session n exit err set now clock seconds set date clock format now format D R myprint Load of ServerTech PDU outlet B1 ...

Page 225: ...int Timeout waiting to login abortSession 3 CDU set loggedIn true Detect the prompt exp_send n expect are r n expect LOGIN r n expect REMOVE r n expect RESTART r n expect timeout myprint Timeout waiting for prompt abortSession 3 re r n r set pduPrompt expect_out 1 string Run the ostat command exp_send ostat b1 n expect Outlet Power r n expect ID Watts r n expect timeout myprint Timeout waiting for...

Page 226: ... err Terminating session n exit err if argc 2 myprint Usage script_md_cisco exp TFTP Server Backup File Name abortSession 1 set tftp lindex argv 0 set configFile lindex argv 1 set enablePassword secret set timeout 10 set now clock seconds set date clock format now format D R myprint Backing up Cisco Server to tftp configFile at date spawn the port session on a device port if catch spawn noecho por...

Page 227: ...int Logged in send copy running config tftp tftp configFile r expect tftp send r expect configFile send r myprint Backup initiated expect myprint Successfully backed up timeout myprint Timeout waiting for backup to complete abortSession 6 send exit r sleep 5 close exit 0 Python Custom Script EMG CLI Session An example of a Python Custom Script that interacts with a CLI session python Script to set...

Page 228: ...r proc stdout readline if b list of commands in output_str proc stdin write b n proc stdin flush if b in output_str break if b Invalid local user in output_str print Invalid local user passed to clisession proc stdin close proc terminate proc wait sys exit 1 Run the RADIUS command s set radius server 1 host server secret secret n b bytearray s encode proc stdin write b proc stdin flush while True ...

Page 229: ...o interact with the CLI session and the device ports to detect the prompt on any devices connected to the EMG and set the device port name to be the same as the device prompt python Script to detect the prompt on a device connected to an EMG device port and set the device port name to the prompt Punctuation characters are removed and the device port number is appended to the name Prompts ending in...

Page 230: ...l elif i 3 SLB882 model number numPorts 8 elif i 4 prompt loggedIn True slcPrompt p match group 1 decode utf 8 if numPorts 0 print Cannot determine number of device ports p terminate True sys exit 1 print Number of device ports numPorts Terminate the CLI session p sendline logout time sleep 500 p wait skipPorts False devicePort 1 pList if numPorts 24 or numPorts 40 Adjust port numbering for SLC802...

Page 231: ...eak may need to send a CR to get prompt p send r elif i 1 EOF print portsession on DP devicePort unexpectedly terminated break elif i 2 login prompt p sendline sysadmin p expect Password p sendline PASS emgDevice True gotPrompt True elif i 3 error from portsession print p match group 1 decode utf 8 p terminate True p wait break elif i 4 prompt gotPrompt True end if while not gotPrompt if not gotPr...

Page 232: ...devicePort devicePort 1 end of while devicePort numPorts Connect to the EMG CLI and set the device port names p pexpect spawn clisession U sysadmin loggedIn False while not loggedIn i p expect pexpect TIMEOUT pexpect EOF Model Number SLC80 d r n Model Number SLB882 r n timeout 10 if i 0 Timeout print Timeout waiting to login p terminate True sys exit 1 elif i 1 EOF print Session unexpectedly termi...

Page 233: ...s with a CLI session tcl Script to get the current internal temperature of the EMG Accepts one optional command line parameter for location set emgTemp unknown set location Are there any command line parameters if argc 0 set location lindex argv 0 set now clock seconds set date clock format now format D R if argc 0 puts Internal temperature of the location EMG at date else puts Internal temperatur...

Page 234: ...n true if loggedIn exit 1 puts io show temp flush io set gotTemp false while gotTemp set len gets io line if string first Current Internal Temperature line 1 set emgTemp string range line expr string first line 1 end set gotTemp true puts Temperature emgTemp puts io logout flush io exit 0 ...

Page 235: ...nections are always re established after reboot At a specified date and time These connections connect after the date and time pass After a specified amount of data or a specified sequence of data passes through the connection Following reboot the connection is not reestablished until the specified data passes through the connection Typical Setup Scenarios for the EMG unit Following are typical co...

Page 236: ...Telnet or SSH into the EMG They could also select text mode where using a terminal emulation program a user could dial into the EMG unit and connect to the command line interface Figure 12 2 Remote Access Server Reverse Terminal Server In this scenario the EMG has one or more device ports connected to one or more serial ports of a mainframe server Users can access a terminal session by establishin...

Page 237: ... ports The device ports on the EMG are connected to the console ports of the equipment To manage a specific piece of equipment the user can Telnet or SSH to a specific port or IP address on the EMG unit and be connected directly to the console port of the end server or device To configure this setup set the Enable Telnet In or Enable SSH In option on the Device Ports Settings 1 of 2 page for the d...

Page 238: ...e are advanced connection settings for specific applications If the EMG is being used as a console or device server it is unlikely that you will need any of the Connection settings described below To create a connection 1 Click the Devices tab and select Connections The Connections page displays as shown in Figure 12 6 ...

Page 239: ...running a loopback test Note To see the current settings for this device port click the Settings link Data Flow Select the arrow showing the direction bidirectional or unidirectional the data will flow in relationship to the device port you are connecting to From the drop down list select a destination for the connection a device port connected to a serial device a device port connected to a modem...

Page 240: ... you select Device Port it must not have command line interface logins enabled or be running a loopback test To view the device port s settings click the Settings link to the right of the port number SSH Out Options Select one of the following optional flags to use for the SSH connection User Login ID to use for authenticating on the remote host Version Version of SSH Select 1 or 2 Command Enter a...

Page 241: ...dministrative access to the EMG via the default sysadmin local user account can be limited to only the front console port of the EMG device See Limiting Sysadmin User Access on page 58 Authentication can occur using all methods in the order of precedence until a successful authentication is obtained or using only the first authentication method that responds in the event that a server is down If y...

Page 242: ...m NFS LDAP Lightweight Directory Access Protocol A set of protocols for accessing information directories specifically X 500 based directory services LDAP runs over TCP IP or other connection oriented transfer services RADIUS Remote Authentication Dial In User Service An authentication and accounting system used by many Internet Service Providers ISPs A client server protocol it enables remote acc...

Page 243: ...e or more authentication methods you must configure them Authentication Commands Go to Authentication Commands to view CLI commands which correspond to the web page entries described above User Rights The EMG has three user groups Administrators Power Users and Default Users Each has a predefined set of rights users inherit rights from the user group to which they belong These rights are in additi...

Page 244: ... you change a user s rights while the user is logged into the web or CLI the results do not take effect until the next time the user logs in User Right Administrator Power Users Default Users Full Administrative Rights X Networking X X Services X Date Time X X Local Users X Remote Authentication X SSH Keys X User Menus X Device Port Operations X Device Port Configuration X USB X Reboot Shutdown X ...

Page 245: ...ng all local and remote users To enable local and or remote users 1 Enter the following Enable Local Users Select to enable all local users except sysadmin The sysadmin user is always available regardless of how you set the check box Enabled by default Multiple Sysadmin Web Logins Select to allow the sysadmin to have multiple simultaneous logins to the web interface Disabled by default Sysadmin Ac...

Page 246: ...numeric requirements number of characters punctuation marks Disabled by default Complexity rules Passwords must be at least eight characters long They must contain one upper case letter A Z one lower case letter a z one digit 0 9 and one punctuation character _ Allow Reuse Select to enable users to continue to reuse old passwords If you disable the check box they cannot use any of the Reuse Histor...

Page 247: ...5 Note The UID must be unique If it is not EMG unit automatically increments it Starting at 101 the EMG finds the next unused UID Listen Ports The device ports that the user may access to view data using the connect listen command Enter the port numbers or the range of port numbers for example 1 5 8 10 15 U1 denotes the USB port on the EMG unit Data Ports The device ports with which the user may i...

Page 248: ... line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B See Key Sequences on page 191 for notes on key sequence precedence and behavior Custom Menu If custom menus have been created you can assign a default...

Page 249: ...editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage Secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete loca...

Page 250: ...n Local Remote Users page select the user and click the Add Edit User button The Local Remote User Settings page displays 2 Click the Delete User button 3 Click the Apply button To change the sysadmin password 1 On the User Authentication Local Remote Users page select sysadmin and click the Add Edit User button The Local Remote User Settings page displays 2 Enter the new password in the Password ...

Page 251: ...does not provide port permissions you can use this page to grant device port access to users who are authenticated through NIS All NIS users are members of a group that has predefined user rights associated with it You can assign additional user rights that are not defined by the group To configure the EMG unit to use NIS to authenticate users 1 Click the User Authentication tab and select the NIS...

Page 252: ...mmand is deviceport tcp or udp See Key Sequences on page 191 for notes on key sequence precedence and behavior Break Sequence A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal ...

Page 253: ...t down and reboot the EMG unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI Web Access Right to access Web Manager Diagnostics Reports Right to obtain diagnostic i...

Page 254: ...Microsoft Active Directory The LDAP implementation supports LDAP servers that do not allow anonymous queries Users who are authenticated through LDAP are granted device port access through the port permissions on this page All LDAP users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the EM...

Page 255: ...ide 255 Figure 13 6 User Authentication LDAP 2 Enter the following Enable LDAP Displays selected if you enabled this method on the first User Authentication page If you want to set up this authentication method but not enable it immediately clear the checkbox ...

Page 256: ...Objectclass The objectclass used by the LDAP server for groups If nothing is specified for the group filter the EMG will use posixGroup For AD LDAP servers the objectclass for groups is typically Group Group Member Attribute The attribute used by the LDAP server for group membership This attribute may be use to search for a name ie msmith or a Distinguished Name ie uid msmith ou People dc lantroni...

Page 257: ... mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp See Key Seque...

Page 258: ...net logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC devices on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to ...

Page 259: ...henticated through RADIUS are granted device port access through the port permissions on this page All RADIUS users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the EMG unit to use RADIUS to authenticate users 1 Click the User Authentication tab and select RADIUS The following page displa...

Page 260: ...fy an optional port the EMG uses the default RADIUS port 1812 Server 2 Secret Text that serves as a shared secret between a RADIUS client and the server EMG unit The shared secret is used to encrypt a password sent between the client and the server May have up to 128 characters Timeout The number of seconds 1 30 after which the connection attempt times out The default is 30 seconds Use VSA Select ...

Page 261: ... group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Web Access Networking Date Time Reboot Shutdown and Diagnostics Reports Administrators This group has all possible rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Ser...

Page 262: ...me is specified and it matches a current EMG custom group name any rights attribute will be ignored and the custom group s rights permissions will be used instead A group name with spaces cannot be specified escseq Escape sequence The value string specifies the user s escape sequence Use x to specify non printable characters For example x1bA specifies the sequence ESC A brkseq Break sequence The v...

Page 263: ...is a network authentication protocol that provides strong authentication for client server applications by using secret key cryptography The system administrator can configure the EMG to use Kerberos to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions on this...

Page 264: ... of the order of precedence on the User Authentication page Realm Enter the name of the logical network served by a single Kerberos database and a set of Key Distribution Centers Usually realm names are all uppercase letters to differentiate the realm from the Internet domain Realm is similar in concept to an NT domain KDC A key distribution center KDC is a server that issues Kerberos tickets A ti...

Page 265: ...y but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Enable for Dial back Select to grant a user dial back access Users with dial back access can dial into the EMG and enter their login and password Once the EMG unit authenticates them the modem hangs up and dials them back Disabled by default Dial back Number The phone number the mod...

Page 266: ...t defined by the group Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the...

Page 267: ...iated with the TACACS user The priv_lvl or priv lvl is the only attribute sent from the TACACS server that the EMG will recognize and utilize The privilege level number will be used to map to a EMG custom user group by finding a group with a name that ends in the same number as the priv_lvl For example a EMG group called admin15 will map to any TACACS users with priv_lvl equal to 15 a EMG group ca...

Page 268: ...le TACACS here or on the first User Authentication page If you enable TACACS here it automatically displays at the end of the order of precedence on the User Authentication page TACACS Servers 1 3 IPv4 or IPv6 address or host name of up to three TACACS servers Secret Retype Secret Shared secret for message encryption between the EMG and the TACACS server Enter an alphanumeric secret of up to 127 c...

Page 269: ...ed see Custom User Menu Commands you can assign a default custom menu to TACACS users Escape Sequence A single character or a two character sequence that causes the EMG to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x charact...

Page 270: ...gins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the EMG unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user...

Page 271: ...r for groups that a LDAP user is a member of if any of the LDAP group names match a Custom Group Name the LDAP user will be granted the rights of the custom group A custom group cannot be given the name of one of the pre defined groups Admin Power or Default or any version of these names where the case of the letters is different since these names are used for the EMG pre defined groups Any LDAP g...

Page 272: ...ort on the front of the EMG unit Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Enable for Dial back Select to grant a user Users with dial back access can dial into the EMG unit and enter their login and password Once the EMG authenticates them the modem hangs up and dials them back Disabled by default Dial back Number The phone number the mode...

Page 273: ... the menu at login Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage Secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to...

Page 274: ...the EMG configuration and the administrator has the option of retaining the SSH keys during a reset to factory defaults The EMG unit can also update the SSH RSA and DSA host keys that the SSH server uses with site specific host keys or reset them to the default values Imported Keys Imported SSH keys must be associated with an EMG local user The key can be generated on host MyHost for user MyUser a...

Page 275: ...Edge Management Gateway User Guide 275 To configure the EMG unit to use SSH keys to authenticate users 1 From the main menu select User Authentication SSH Keys The following page displays Figure 13 11 User Authentication SSH Keys ...

Page 276: ...the EMG from any host not just the host associated with the key User The User ID of the user being given secure access to the EMG unit Import via Select SCP SFTP FTP HTTPS or Copy Paste as the method for importing the SSH keys SCP is the default If SCP SFTP or FTP are selected the Filename Host Path Login and Password fields are filled in If HTTPS is selected the Upload File link will become activ...

Page 277: ...either the RSA or the DSA encryption standard RSA is the default Number of Bits Select the number of bits in the key 1024 2048 3072 or 4096 The default is 2048 Passphrase Retype Passphrase Optionally enter a passphrase associated with the key The passphrase may have up to 50 characters The passphrase is an optional password that can be associated with an SSH key It is unique to each user and to ea...

Page 278: ...l checkboxes are unselected by default Import Host Key To import a site specific host key select the checkbox Unselected by default Type From the drop down list select the type of host key to import Import via From the drop down list select the method of importing the host key SCP or SFTP The default is SFTP Public Key Filename Filename of the public host key Private Key Filename Filename of the p...

Page 279: ...command Instead of typing each command the user enters the number associated with the command Each command can also have a nickname associated with it which can be displayed in the menu instead of the command The commands showmenu Menu Name and returnmenu can be entered to display another menu from a menu or to return to the prior menu The command returncli can be used to break out of a menu and r...

Page 280: ...he Add Custom Menu button To add menu commands select the QuickEdit Mode box This will move the cursor from Menu Name Enter a name for the custom menu Title Enter an optional title which will be displayed about the menu at the CLI Nicknames Select to enable nicknames to be displayed in the menu instead of the commands If the custom menu will have nicknames this should also be selected prior to ent...

Page 281: ...3 5 You also have the following options To edit a command nickname in the custom menu select the command in the Commands Nicknames List box and select the left arrow button Change the command and or the nickname and with the same command still selected in the list select the right arrow button To remove a command nickname from the custom menu select the command in the Commands Nicknames List box a...

Page 282: ... rights creates and manages custom user menus from the command line interface but can assign a custom user menu to a user from either the command line or the web interface When creating a custom user menu note the following limitations Maximum of 20 custom user menus Maximum of 50 commands per custom user menu logout is always the last command Maximum of 15 characters for menu names Maximum of fiv...

Page 283: ... Restore The HTTPS Push Configuration feature allows a saved configuration to be pushed to a EMG via a command line tool such as curl that includes the configuration to upload curl insecure request POST form file home users admin current emgcfg tgz https myemg company com cfgupdate htm login sysadmin password PASS config all comment FirmwareUp date The arguments that are passed with the URL are lo...

Page 284: ...sed s 20 g If an HTTPS Push Config command is accepted and initiated by the EMG the EMG will respond with Configuration restore initiated EMG will reboot the restore will be performed a message will be logged to the audit log and the system log and the EMG will reboot Any errors in the process will result in an error message being displayed ...

Page 285: ...14 Maintenance EMG Edge Management Gateway User Guide 285 To configure settings 1 Click the Maintenance tab The following page displays Figure 14 1 Maintenance Firmware Configurations ...

Page 286: ...ng calibration Data Center Rack Row Set these fields to define the rack row the EMG unit is located within a large data center The default for these fields is 1 Data Center Rack Cluster Set these fields to define the rack cluster the EMG is located within a large data center The default for these fields is 1 Data Center Rack Set these fields to define the rack the EMG unit is located within a larg...

Page 287: ...es before booting the EMG Default is 3 seconds range is 3 1800 seconds Boot Limit how many times the EMG will fail to boot before switching to the alternate boot bank After the EMG fails to boot 2 times Boot limit so it has attempted to boot Boot Limit times on each bank the EMG will go into advanced recovery mode which may require support from Technical Support to resolve so that the EMG can be b...

Page 288: ...can be backed up to a location that is not on the EMG If Tarball Format is checked the configuration will be saved in the old insecure compressed tar file format instead of the password protected zip file format Restore Factory Defaults Restores factory defaults If you select this option the EMG unit reboots after you apply the update Restore Saved Configuration Returns the EMG settings to a previ...

Page 289: ... FTP Server The FTP server specified in the FTP SFTP TFTP section If you select this option select FTP or SFTP to transfer the configuration file NFS Mounted Directory Local directory of the NFS server for mounting files CIFS Share Saved Configurations If restoring select a saved configuration from the drop down list USB If a USB device is loaded into the USB port of the EMG and properly mounted t...

Page 290: ...plays the name and the time and date the file was saved 2 To rename a file select a file enter the New File Name and click the Rename File button 3 To download a file select a file and click the Download File button 4 To delete files select one multiple files or all files and click the Delete File button A verification message showing files deleted will appear Click Back to Manage Files to return ...

Page 291: ...lays Figure 14 3 Maintenance System Logs 2 Enter the following to define the parameters of the log you would like to view Log Select the type s of log you want to view All Network Services Authentication Device Ports Diagnostics General Software Level Select the alert level you want to view for the selected log Error Warning Info Debug Starting at Select the starting point of the range you want to...

Page 292: ...r to Lantronix Technical Support See Emailing Logs and Reports on page 300 To clear system logs 1 From the Maintenance System Logs page select Maintenance System Logs 2 Click the Clear Log button to clear all log information System Log Commands Go to System Log Commands to view CLI commands which correspond to the web page entries described above Ending at Select the endpoint of the range you want...

Page 293: ... and sort the log by date time user and command The audit log is saved through EMG reboots 1 Click the Maintenance tab and select the Audit Log option The following page displays Figure 14 5 Maintenance Audit Log 2 To select a sort option click the appropriate button To sort by date and time click the sort by Date Time button this is the default To sort by user click the sort by User button To sor...

Page 294: ...rom here The email log is saved through EMG reboots 1 Click the Maintenance tab and select the Email Log option The following page displays Figure 14 6 Maintenance Email Log 2 To email this log follow the instructions in Emailing Logs and Reports on page 300 3 To clear the log click the Clear Log button Logging Commands Go to Logging Commands USB Device Commands USB Storage Commands and Internal M...

Page 295: ... can use equivalent commands on the command line interface 1 Click the Maintenance tab and select the Diagnostics option The following page displays Figure 14 7 Maintenance Diagnostics 2 Select Diagnostics from checklist one or more diagnostic methods you want to run or select All to run them all IPv4 ARP Table The IPv4 Address Resolution Protocol ARP table used to view the IP address to hardware ...

Page 296: ... number of times the string is sent is equal to the number of packets sent For TCP the number of times the string is sent may or may not be equal to the number of packets sent because TCP controls how data is packetized and sent out Enter the following Protocol Select the type of packet to send TCP or UDP Hostname Specify a host name or IPaddress of the host to send the packet to Port Specify a TC...

Page 297: ...n on connect to default 5201 p port n Format to report f format kmgtKMGT Pause n seconds between reports i interval n Bind to a host an interface or multicast address B bind More detailed output V verbose Output in JavaScript Object Notation JSON format J json Note The options below are supported on the client only Set length of buffer to n default 8 KB l length n KMG Use UDP rather than TCP u udp...

Page 298: ...atus and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page 1 Click the Maintenance tab and select the Status Reports option The following page displays Figure 14 9 Maintenance Status Reports The top half of the page displays the status of each port power supply and the internal modem Green indicates that the port connection ...

Page 299: ...outes Displays the routing table Connections Displays all active connections for the EMG unit Telnet SSH TCP UDP device port and modem System Configuration Complete Displays a complete snapshot of the EMG settings System Configuration Basic Displays a snapshot of the EMG unit s basic settings for example network date time routing services console port System Configuration Authentication Displays a...

Page 300: ...Reports on page 300 Status Commands Go to Status Commands to view CLI commands which correspond to the web page entries described above Emailing Logs and Reports The following logs and reports can be directly emailed to a specific individual or to Lantronix Technical Support directly from the log page System Log Figure 14 4 Audit Log Figure 14 5 Email Log Figure 14 6 ...

Page 301: ...if desired 2 Select the to field beside the empty field where you then enter the person s email address 3 Press the Email Output button An email is immediately sent and a confirmation appears on the screen Figure 14 11 Emailed Log or Report To view information about the EMG unit and contact information for Lantronix 1 Click the button on the upper right portion of any web page to access the About ...

Page 302: ...14 Maintenance EMG Edge Management Gateway User Guide 302 Figure 14 12 About EMG ...

Page 303: ... Over Under Limit for Sensorsoft devices Humidity Over Under Limit for Sensorsoft devices Device Port Data Drop No Internal Modem Dial Tone Ping Host Fails RPM Load Over Threshold DIO Port State Change DIO Port State Abnormal Host to Ping When the trigger is set to Ping Host Fails enter the hostname IPv4 address or IPv6 address of the host to ping The host will be pinged every 2 minutes RPM When t...

Page 304: ...state abnormal the selected action will be triggered if the state changes from the Normal state to the opposite state see DIO Port on page 175 for more information Action From the drop down list select the action taken because of the trigger For example the action can be writing an entry into the syslog with details of the event or sending the trap s to the Ethernet or modem connection Syslog Forw...

Page 305: ...ore the user logs in May contain up to 1024 characters Single quote and double quote characters are not supported Welcome to the EMG is the default Note To create more lines use the n character sequence Login Banner The text to display on the command line interface after the user logs in May contain up to 1024 characters Single quote and double quote characters are not supported Default is blank N...

Page 306: ...nds to view CLI commands which correspond to the web page entries described above SSH Banner The text to display when a user logs into the EMG via SSH prior to authentication May contain up to 1024 characters Single quote and double quote characters are not supported Blank by default Note To create more lines use the n character sequence ...

Page 307: ...on an administrator can remotely access any of the connected IT devices using Telnet or SSH Figure 15 1 EMG Configuration This chapter includes three typical scenarios for using the EMG unit The scenarios assume that the EMG is connected to the network and has already been assigned an IP address In the examples we use the command line interface You can do the same things using the web page interfa...

Page 308: ...lnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff IP none Authentication PAP Logins disabled CHAP Host none Break Sequence x1bB CHAP Secret none Check DSR disabled NAT disabled Close DSR disabled Dial out Login none Dial out Password none Dial out Number ...

Page 309: ...ing daemon 8 12 2 Sun queueing 00 15 00 Mar 15 14 44 40 tssf280r sendmail 275 ID 702911 mail info starting daemon 8 12 2 Sun SMTP queueing 00 15 00 Mar 15 14 44 40 tssf280r sendmail 276 ID 702911 mail info starting daemon 8 12 2 Sun queueing 00 15 00 5 Reboot the SUN server Reboot shutdown messages from SUN 6 Use the escape sequence to escape from direct mode back to the command line interface Dia...

Page 310: ...onnected to the console port of the Sun UNIX server EMG set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated 3 Dial into the EMG via the modem using a terminal emulation program on a remote PC A command line prompt displays 4 Log into the EMG unit CONNECT 57600 Welcome to the EMG login sysadmin Password Welcome to the EMG Console Manager Model Number EMG85100...

Page 311: ...____________ Number 2 Name Port 2 Modem Settings Data Settings IP Settings Modem State disabled Baud Rate 9600 Telnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff IP none Authentication PAP Logins disabled CHAP Host none Break Sequence x1bB CHAP Secret no...

Page 312: ...e a connection between the vt100 terminal connected to device port 2 and an outbound telnet session to the server The IP address of the server is 192 168 1 1 EMG connect bidirection 2 telnet 192 168 1 1 Connection settings successfully updated 4 At the VT100 terminal hit return a couple of times The Telnet prompt from the server displays Trying 192 168 1 1 Connected to 192 168 1 1 Escape character...

Page 313: ... must specify one of the values aa or bb separated by a vertical line The values are in all lowercase and must be entered exactly as shown Bold indicates a default value parameter name Value User must specify an appropriate value for example an IP address The parameter values are in mixed case Square brackets indicate optional parameters Action Category set auth cellular cflow cifs cli command con...

Page 314: ...r to display the possible names if more than one is possible Following a space after the preceding name Tab displays all possible names Should you make a mistake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port Use the l...

Page 315: ... line Control b move back to the start of the current word Control f move forward to the end of the next word Control u erase from cursor to the beginning of the line Control k erase from cursor to end of the line Administrative Commands admin banner login Syntax admin banner login Banner Text Description Configures the banner displayed after the user logs in Note To go to the next line type n and...

Page 316: ... config checksum Syntax admin config checksum Description Displays a checksum for the current configuration Can be used to determine if the configuration has changed admin config copy Syntax admin config copy current Config Name location local nfs cifs usb sdcard nfsdir NFS Mounted Directory usbport U1 Description Copies the current configuration or optionally a configuration from another location...

Page 317: ... retain after the config restore or config factorydefaults Description Restores the EMG unit to factory default settings admin config restore Syntax admin config restore Config Name location local ftp sftp nfs cifs usb sdcard intsd nfsdir NFS Mounted Directory usbport U1 savesshkeys enable disable savesslcert enable disable Config Params to Preserve is a comma separated list of current configurati...

Page 318: ... to a location admin firmware bootbank Syntax admin firmware bootbank 1 2 Description Sets the boot bank to be used at the next EMG reboot admin firmware bootcount Syntax admin firmware bootcount 0 1 Description Configures bootcount parameter that control how many times the EMG has failed to boot If this value reaches Boot Limit the EMG will switch to the alternate boot bank The EMG will switch to...

Page 319: ...re bootdelay Syntax admin firmware bootdelay 3 1800 Description Configures bootcount parameters that control how seconds the bootloader pauses before booting the EMG The default is 3 seconds and the range is between 3 and 1800 seconds admin firmware highrestimers Syntax admin firmware highrestimers enable disable Description Enables high resolution timers required for Performance Monitoring or dis...

Page 320: ...You should be able to access the firmware file using the settings admin ftp show displays if FTP TFTP or SFTP are used to load the firmware file The EMG automatically reboots after successful update admin firmware clearlog Syntax admin firmware clearlog Description Clears the firmware update log admin ftp password Syntax admin ftp password Description Sets the FTP server password and prevent it fr...

Page 321: ...isplays information about EMG memory usage admin memory swap add Syntax admin memory swap add Size of Swap in MB usbport U1 Description Creates a swap space from an external storage device admin memory swap delete Syntax admin memory swap delete Description Deletes the swap space from an external storage device admin quicksetup Syntax admin quicksetup Description Runs the quick setup script ...

Page 322: ...ite cluster Data Center Rack Group Number admin site rack Data Center Rack Number admin site tag Site Description admin site show Description Configures information about the site where the EMG is located admin version Syntax admin version Description Displays current hardware and firmware information admin web certificate import Syntax admin web certificate import via sftp scp rootfile Cert Autho...

Page 323: ...om Syntax admin web certificate custom Description Generates a custom self signed SSL certificate The SHA256 hashing algorithm will be used to generate the certificate admin web certificate show Syntax admin web certificate show Description Displays the web server SSL certificate admin web group Syntax admin web group Local or Remote Group Name Description Configures the group that can access the ...

Page 324: ... timeout Syntax admin web timeout disable 5 120 Description Configures the timeout for web sessions admin web terminate Syntax admin web terminate Session ID Description Terminates a web session admin web show Syntax admin web show viewcipherlist enable disable Description Displays the current sessions with optional extra sessions or current ciphers admin web banner Syntax admin web banner Descrip...

Page 325: ...FIPS functionality is not available in the current release Configures the strength of the cipher used by the web server high is 256 168 and some 128 bit medium is 128 bit admin web sha2 Syntax admin web sha2 enable disable Description Enable using only SHA2 and higher ciphers admin web tlsv10 Syntax admin web tlsv10 enable disable Description Enables or disables TLS v1 0 admin web tlsv11 Syntax ad...

Page 326: ...x Technical Support admin chip resetmodem Description Resets the internal modem chip in key system chips Syntax admin chip resetmodem admin chip reseti2cmux Description Resets the I2C Mux chip in key system chips Syntax admin chip reseti2cmux admin chip resetsfp ethport 1 2 Description Resets the SFP chip in key system chips Syntax admin chip resetsfp ethport 1 2 Audit Log Commands show auditlog S...

Page 327: ...meters Parameters authusenextmethod enable disable kerberos 1 6 ldap 1 6 localusers 1 6 nis 1 6 radius 1 6 tacacs 1 6 Description Sets ordering of authentication methods Local Users authentication is always the first method used Any methods omitted from the command are disabled show auth Syntax show auth Description Displays authentication methods and their order of precedence show user Syntax sho...

Page 328: ...wer admin ipaddr Key Distribution Center IP Address kdc Key Distribution Center listenports Port List permissions Permission List Note See User Permissions Commands on page 338 for information on groups and user rights port Key Distribution Center TCP Port realm Kerberos Realm state enable disable useldapforlookup enable disable Description Configures the EMG to use Kerberos to authenticate users ...

Page 329: ...ttr Group Membership Attribute grmembervalue dn name encrypt starttls ssl disable dataports Port List listenports Port List clearports Port List escapeseq 1 10 Chars breakseq 1 10 Chars custommenu Menu Name allowdialback enable disable dialbacknumber Phone Number group default power admin permissions Permission List Note See User Permissions Commands on page 338 for information on groups and user ...

Page 330: ...th Path to Files set ldap certificate delete Description To delete an LDAP certificate Syntax set ldap certificate delete show ldap Syntax show ldap Description Displays LDAP settings Local Users Commands set localusers add edit Syntax set localusers add edit User Login one or more parameters Parameters allowdialback enable disable breakseq 1 10 Chars changenextlogin enable disable changepassword ...

Page 331: ...o log in to the EMG by means of the Web SSH Telnet or the console port set localusers allowreuse Syntax set localusers allowreuse enable disable Description Sets whether a login password can be reused set local users complexpasswords Syntax set localusers complexpasswords enable disable Description Sets whether a complex login password is required Complex passwords require at least one uppercase c...

Page 332: ...tempts Number of Logins Description Sets the maximum number of login attempts before the account is locked Disabled by default set localusers password Syntax set localusers password User Login Description Sets a login password for the local user set localusers periodlockout Syntax set localusers periodlockout Number of Minutes Description Sets the number of minutes after a lockout before the user ...

Page 333: ...pleadminlogins Syntax set localusers multipleadminlogins enable disable Description Allows multiple admin logins among local users to the web server set localusers consoleonlyadmin Syntax set localusers consoleonlyadmin enable disable Description Sets local users to console only admin setting If enabled the admin user can only log into the EMG via the console and will be prevented from logging in ...

Page 334: ... of nt sv dt lu ra sk um dp do ub rp rs rc dr wb sn ad md sd To remove a permission type a minus sign before the two letter abbreviation for a user permission Description Sets a local user s permissions not defined by the user group NIS Commands set nis Syntax set nis one or more parameters Parameters allowdialback enable disable broadcast enable disable clearports Port List custommenu Menu Name d...

Page 335: ...ss or Hostname state enable disable Description Configures the EMG to use NIS to authenticate users who log in via the Web SSH Telnet or the console port show nis Syntax show nis Description Displays NIS settings RADIUS Commands set radius Syntax set radius one or more parameters Parameters state enable disable allowdialback enable disable clearports Port List custommenu Menu Name dataports Port L...

Page 336: ...o log in via the Web SSH Telnet or the console port set radius server Syntax set radius server 1 2 host IP Address or Hostname secret Secret port TCP Port Description Identifies the RADIUS server s the text secret and the number of the TCP port on the RADIUS server Note The default port is 1812 show radius Syntax show radius Description Displays RADIUS settings TACACS Commands set tacacs Syntax se...

Page 337: ...min permissions Permission List Note See User Permissions Commands on page 338 for information on groups and user rights Set the TACACS secret any extra parameters will be ignored set tacacs secret Description Configures the EMG to use TACACS to authenticate users who log in via the Web SSH Telnet or the console port show tacacs Syntax show tacacs Description Displays TACACS settings User Permissi...

Page 338: ...n List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rp rs rc dr wb sn ad md sd To remove a permission type a minus sign before the two letter abbreviation for a user permission Description Sets a local user s permissions not defined by the user group set nis ldap radius kerberos tacacs permissions Syntax set nis ldap radius kerberos tacacs permissions Permission List where...

Page 339: ...ble disable dialbacknumber Phone Number group default power admin Custom Group Name permissions Permissions List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rp rs rc dr wb sn ad md sd To remove a permission type a minus sign before the two letter abbreviation for a user right Note See help user permissions for information on groups and user rights Description Sets attribu...

Page 340: ...P group or TACACS priv_lvl map to a EMG custom group set remoteusers lock unlock Syntax set remoteusers lock unlock User Login Description Allow unlock or block lock a user s ability to login set remoteusers delete Syntax set remoteusers delete User Login Description Removes a remote user show remoteusers Syntax show remoteusers display brief extended user User Login Description Displays settings ...

Page 341: ...to initiate a firmware update on the cellular modem set cellular update ftp sftp scp usb sdcard fwfile Firmware File prifile carrier PRI File host IP Address or Name login User Login path File Path set cellular simpin set cellular reboot set cellular cellpass show cellular config status Description Configure cellular modem settings ConsoleFlow Commands set cflow client Syntax set cflow client enab...

Page 342: ... and configuration updates via ConsoleFlow set cflow rebootafterupdate Syntax set cflow rebootafterupdate enable disable Description Enable or disable reboots after firmware or configuration updates set cflow connection Syntax set cflow connection cloud onpremise one or more parameters Parameters host IP Address or Name port TCP Port secureport enable disable validatecerts enable disable mqttstate...

Page 343: ...li 1 1800 seconds set cflow timeoutdp 1 1800 seconds Description Configure the timeout for the ConsoleFlow Web Terminal sessions set cflow digitalprobe Syntax set cflow digitalprobe Device Port or List or Name frequency disable 15 3600 seconds Description Configures the device port digital probe for determining managed device connection status set cflow id Syntax set cflow id Description Set the d...

Page 344: ...rt Menu Name show cli Description Allows you to use SCS compatible commands as shortcuts for executing commands It is disabled by default Note Settings are retained between CLI sessions for local users and users listed in the remote users list set cli menu Description If a menu is associated with the current user and the menu was not displayed at login start will run the menu Users with full admin...

Page 345: ... between CLI sessions for local users and users listed in the remote users list show cli Syntax show cli Description Displays current CLI settings show user Syntax show user Description Displays attributes of the currently logged in user set history Syntax set history clear Description Clears the commands that have been entered during the command line interface session show history Syntax show his...

Page 346: ...s or Name port TCP Port trigger now datetime chars If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or characters or a character sequence enter the charxfer parameter and either the charcount or the charseq parameter udp IP Address port UDP Port Description Connects a devi...

Page 347: ...utgoingtimeout disable 1 9999 seconds Description Sets the amount of time the EMG will wait for a response sign of life from an SSH Telnet server that it is trying to connect to Note This is not a TCP timeout connect listen deviceport Syntax connect listen deviceport Device Port or Name Description Monitors a device port connect terminate Syntax connect terminate Connection ID Description Terminat...

Page 348: ...d number or characters or a character sequence enter either the charcount or the charseq parameter udp IP Address port UDP Port Description Connects a device port to another device port or an outbound network connection data flows in one direction show connections Syntax show connections email Email Address Description Displays connections and their IDs You can optionally email the displayed infor...

Page 349: ... Description Configures console port settings show consoleport Syntax show consoleport Description Displays console port settings Custom User Menu Commands When creating a custom user menu note the following limitations Maximum of 20 custom user menus Maximum of 50 commands per custom user menu logout is always the last command Maximum of 15 characters for menu names Maximum of five nested menus c...

Page 350: ...e disable shownicknames enable disable title Menu Title Description Changes a command within an existing custom user menu Changes a nickname within an existing custom user menu Enables or disables the redisplay of the menu before each prompt Enables or disables the display of command nicknames instead of commands Sets the optional title for a menu set menu delete Syntax set menu delete Menu Name c...

Page 351: ...d users show menu Syntax show menu all Menu Name Description Displays a list of all menu names or all commands for a specific menu Date and Time Commands set datetime Syntax set datetime one parameter Parameters date MMDDYYhhmm ss timezone Time Zone Note If you do not know a valid Time Zone enter timezone invalid time zone and you will be guided through selecting one from the available time zones ...

Page 352: ...ver IP Address or Hostname state enable disable sync broadcast poll Description Synchronizes the EMG with a remote time server using NTP show ntp Syntax show ntp Description Displays NTP settings Device Commands set command Syntax set command Device Port or Name or List one or more parameters Parameters sensorsoft lowtemp Low Temperature Sets the lowest temperature permitted for the port sensorsof...

Page 353: ...the device port nlist Note The Sensorsoft lowtemp and hightemp settings are given in the scale specified by the degrees setting Description Sends commands to or control a device connected to an EMG device port over the serial port Note Currently the only devices supported for this type of interaction are Sensorsoft devices Device Port Commands set deviceport port Description Sets the dialout passw...

Page 354: ...t emailto Email Address flowcontrol none xon xoff rts cts group Local or Remote Group Name idletimeoutmsg enable disable initscript Modem Initialization Script ipaddr IP Address Mask Bits locallogging enable disable maxdirect 1 15 Note We recommend preceding the initscript with AT and include E1 V1 x4 Q0 so that the EMG may properly control the modem localipaddr negotiate IP Address logins enable ...

Page 355: ...adir netin netout both telnetin enable disable telnetport TCP Port telnetsoftiac enable disable telnettimeout disable 1 3600 sec termstr Termination String timeoutlogins disable or 1 30 minutes tokenaction List of none log trap email string power tokendatadetect enable disable tokenstring Regex String tokentrigger bytecnt charstr usbchannel 1 2 usblogging enable disable usbmaxfiles Max of Files us...

Page 356: ...for Device Ports connected to raw binary connections The logging level for the Device Ports log must be set to Info to view Syslog entries for Device Port logging It is recommended that the initscript be prepended with AT and include E1 V1 x4 Q0 so that the EMG may properly control the modem set deviceport global Syntax set deviceport global one or more parameters Parameters sshport TCP Port telne...

Page 357: ...port types RJ45 or USB for all device ports show portcounters Syntax show portcounters deviceport Device Port List or Name email Email Address Description Displays device port statistics and errors for one or more ports You can optionally email the displayed information show portcounters zerocounters Syntax show portcounters zerocounters Device Port List or Name Description Zeros the port counters...

Page 358: ...ommand Synopsis set dio port Syntax set dio port inf1 inf2 parameters Parameters name DIO Port Name normalstate on off Description Configure the DIO input ports 1 or 2 on the front of the EMG set dio port relayf Syntax set dio port relayf parameters Parameters name DIO Port Name wakeup on off state on off normalstate on off latch enable disable Description Configure the DIO relay output port on th...

Page 359: ... You can optionally email the displayed information diag iperf Syntax diag iperf mode server client host iPerf Server IP Address or Name options iPerf options email Email Address Options iPerf Options enclose all options in quotes Set server port to listen on connect to default 5201 p port n Format to report f format kmgtKMGT Pause n seconds between reports i interval n Bind to a host an interface...

Page 360: ...k throughput You can optionally email the output The EMG uses iPerf version 3 X which is incompatible with older versions 2 x diag lookup Syntax diag lookup Name email Email Address Description Resolves a host name into an IP address You can optionally email the displayed information diag loopback Syntax diag loopback Device Port Number or Name parameters Parameters test internal external xferdata...

Page 361: ...file File Name location usb sdcard usbport U1 Description Displays all network traffic applying optional filters the output can be saved to a Wireshark pcap file on external storage This command is available in the CLI but not the web diag perfstat Description Display performance statistics for an Ethernet Port or Device Port averaged over the last 5 seconds Must specify an Ethernet Port or Device...

Page 362: ...g protocol tcp udp count Number of Packets diag top Syntax diag top parameters Description Displays CPU usage memory usage and tasks Parameters continuous enable disable count Number of Iterations to Display delay Delay in Seconds numlines Number of Lines to Display Defaults count 1 delay 5 seconds diag traceroute Syntax diag traceroute IP Address or Hostname Description Displays the route that pa...

Page 363: ...umidlimit pingfails receivetrap dioportchange dioportabnormal rpmload or templimit response is one of action syslog action emailalert emailaddress destination email address action snmptrap nms SNMP NMS community SNMP Community action diorelayon action fwdalltrapseth fwdseltrapeth ethport 1 2 cell nms SNMP NMS community SNMP Community oid SNMP OID action fwdalltrapsmodem fwdseltrapmodem deviceport ...

Page 364: ...dit Event ID parameters Parameters community SNMP Community deviceport Device Port or Name ethport 1 2 host IP Address or Name internal modem nms SNMP NMS oid SNMP Trap OID outlet Outlet rpm RPM Id or Name threshold Load Percentage Current in Amps dioport inf1 inf2 relayf usbport U1 Description Edits event definitions admin events show Syntax admin events show Description Displays event definition...

Page 365: ...isable dialbacknumber Phone Number permissions Permission List Note See help user permissions for information on user rights Rename a group set groups rename Group Name newname New Group Name Delete a group set groups delete Group Name Show one or more groups show groups name Group Name members enable disable Description Configure custom group attributes Host List Commands set hostlist add edit Ho...

Page 366: ... Name protocol ssh telnet tcp port TCP Port escapeseq 1 10 Chars Description Adds a new host entry to a list or edit an existing entry set hostlist edit Host List Name move Syntax set hostlist edit Host List Name move Host Number position Host Number Description Moves a host entry to a new position in the host list set hostlist delete Syntax set hostlist delete Host List entry Host Number Descript...

Page 367: ...ost or User Name initscript Modem Init Script chapauth chaphost localusers nat enable disable dialbacknumber usernumber Phone Number checkdialtone disable 5 600 min dialbackdelay PPP Dialback Delay dialoutnumber Phone Number dialbackretries 1 10 dialoutlogin Remote User Login Set the modem password and CHAP secret any extra parameters will be ignored set intmodem dialoutpassword set intmodem chaps...

Page 368: ...U1 state enable ruleset Ruleset Name internal modem state disable internal modem state enable ruleset Ruleset Name Description Maps an IP filter to an interface set ip filter rules Syntax set ipfilter rules parameters Parameters add Ruleset Name delete Ruleset Name edit Ruleset Name Edit Parameters Edit Parameters append insert Rule Number replace Rule Number delete Rule Number Description Sets IP...

Page 369: ...tokentrigger bytecnt charstr usblogging enable disable usbmaxfiles Max of Files usbmaxsize Size in Bytes usbport U1 SD INTSD sysloglogging enable disable Description Configures logging settings for one or more device ports Local logging must be enabled for a device port for the locallog commands to be executed To use the set locallog clear command the user must have permission to clear port buffer...

Page 370: ...r port buffers see Chapter 13 User Authentication set log clear modem Syntax set log clear modem Description Clear the modem log the modem log is automatically pruned when it reaches 50K set log modem ppplog Syntax set log modem ppplog enable disable Description Enables PPP activity messages in the modem log set log modem ppplog enable disable Syntax set log modem pppdebug Description Enables PPP ...

Page 371: ... bytes Bytes to Display startbyte Byte Index logfile NFS USB or SD card Log File Defaults bytes 1000 startbyte 1 numlines 40 Lists the NFS USB or SD card log files either for a specific device port or all log files in a USB NFS or SD card location show log files nfs usb sdcard intsd localdir NFS Mount Local Directory usbport U1 deviceport Device Port or name Network Commands set network Syntax set...

Page 372: ...prec enable disable Description Configures IPv4 IPv6 lookup precedence set network gateway Syntax set network gateway parameters Parameters default IP Address ipv6default IPv6 Address precedence dhcp default failover IP Address pingip IP Address ethport 1 2 failoverport 2 cell pingdelay 1 250 seconds failedpings 1 250 faildevice none hspa sierra faildevapn Fail over Device APN of Mobile Carrier fa...

Page 373: ...ord any extra parameters will be ignored set network gateway reboot set network gateway faildevpin set network gateway faildevpuk set network gateway faildevpassword Description Set default fail over gateways the fail over gateway is used if an IP address usually accessible through the default gateway fails to return 1 or more pings and configure settings for supported fail over devices set networ...

Page 374: ...bit full mtu Maximum Transmission Unit activeport rj45 sfp set network ipv6 enable disable Description Displays DNS settings show network dns Syntax show network dns Description Displays DNS settings show network gateway Syntax show network gateway Description Displays gateway settings show network host Syntax show network host Description Displays the network host name of the EMG show network por...

Page 375: ...ork sfp Syntax show network sfp Description Displays network port 1 and port 2 SFP diagnostics show network all Syntax show network all Description Displays all network settings NFS and SMB CIFS Commands set nfs mount Syntax set nfs mount one or more parameters Parameters locdir Directory mount enable disable remdir Remote NFS Directory rw enable disable Enables or disables read write access to re...

Page 376: ...Unmounts a remote NFS share set cifs Syntax set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup Description Configures the SMB CIFS share which contains the system and device port logs The admin config command saves EMG configurations on the SMB CIFS share set cifs password Syntax set cifs password Description Changes ...

Page 377: ...Commands show perfmon Syntax show perfmon Parameters show perfmon probe all Probe Id or Name Description Display global settings and all probes or a selected probe show perfmon status Syntax show perfmon status Parameters show perfmon status probe Probe Id or Name Description Display the running status of all probes or a selected probe show perfmon operations Syntax show perfmon operations ...

Page 378: ...il Address Description Display round trip times RTT for last completed operation set or selected set and optionally email the complete results show perfmon accumulated Syntax show perfmon accumulated Parameters show perfmon accumulated Probe Id or Name set Operation Set Number email Email Address Description Display accumulated statistics for last completed operation set or selected set and option...

Page 379: ...set perfmon udpechoresp Syntax set perfmon udpechoresp UDP Port Number disable Description Enable responders for UDP echo set perfmon tcpconnectresp Syntax set perfmon tcpconnectresp TCP Port Number disable Description Enable responders for TCP connect set perfmon add Syntax set perfmon add Probe Name type dns http icmp tcpconnect udpecho udpjitter udpjittervoip Parameters name Probe Name starttim...

Page 380: ... set perfmon edit Probe Id or Name parameters Parameters name Probe Name starttime now HH MM SS MMDD afterHH MM SS operations Number of Operations to Perform frequency Seconds between Operations packets Number of Packets to Send interval Milliseconds between Packets timeout Milliseconds to Wait for Response host Destination IP Address or Name port Destination Port precision milli micro datasize Pa...

Page 381: ... Commands set routing Syntax set routing parameters Parameters rip enable disable route 1 64 ipaddr IP Address mask Netmask gateway IP Address static enable disable version 1 2 both Description Configures static or dynamic routing To delete a static route set the IP address mask and gateway parameters to 0 0 0 0 show routing Syntax show routing resolveip enable disable email Email Address Descript...

Page 382: ...d RPM Id or Name outlet all Outlet or List state on off cyclepower Description Sends a command to control one or more outlets on an RPM Syntax set rpm command RPM Id or Name device reboot shutdown Description Sends a command to control an RPM device Syntax set rpm command RPM Id or Name beeper mute enable disable Description Sends a command to control an RPM beeper set rpm delete Syntax set rpm de...

Page 383: ...te Drivers running in debug mode will generate copious output and for disk space reasons should not be left running in debug mode for long periods of time set rpm edit Syntax set rpm edit RPM Id or Name one or more parameters Parameters name New RPM Name outlets of Outlets ipaddr IP Address port TCP or Device Port login RPM Admin Login rocommunity SNMP Read Only Community rwcommunity SNMP Read Wri...

Page 384: ...ript import Syntax set script import interface batch custom via ftp scp copypaste file Script File name Script Name host IP Address or Name login User Login path Path to Script File filetype expect tcl python Note Interface scripts will be given default do user rights Batch and Custom scripts will be given admin ad user rights The name of the script will be the same as the file name if it is a val...

Page 385: ...pt runcli Script Name parameters Command Line Parameters debug enable disable Description Run a CLI batch or custom script one time script output will be displayed in the current terminal custom script output will be saved in the repository connect script Syntax connect script Script Name deviceport Device Port or Name parameters Command Line Parameters debug enable disable Description Connect an ...

Page 386: ...pecified as hours 4H for 4 hours or days 2D for 2 days show script Syntax show script type interface batch custom name Script Name Description Display list of scripts or view the details and contents of a script show script status Syntax show script status script Script Name Description Display the running status of all custom scripts or a single custom script show script operations Syntax show sc...

Page 387: ...D Card set sdcard format filesystem ext2 fat16 fat32 ntfs Defaults filesystem ext2 Runs a filesystem check on a SD Card recommended if it does not mount set sdcard fsck Displays a directory listing of an internal or external SD Card set sdcard intsd dir subdir Directory Path Renames a file on a SD Card set sdcard rename Filename newfile New Filename Copies a file on a SD Card set sdcard copy Filen...

Page 388: ...le genlog off error warning info debug v1 enable disable syslogserver1 IP Address or Name v2c enable disable syslogserver2 IP Address or Name traps enable disable rpmlogsize 5 40 Kbytes trapversion 1 2 3 otherlogsize 5 400 Kbytes nms1 IP Address or Name telnet enable disable nms2 IP Address or Name timeouttelnet disable 1 30 minutes alarmdelay 1 6000 Seconds telnetdatadir netin netout both locatio...

Page 389: ...et SNMP v3 read only read write and trap password passphrase show services Syntax show services Description Displays current service settings Site Commands Configure a set of site oriented modem parameters that can be activated by various modem related events authentication outbound network traffic for DOD connections etc The site parameters will override any parameters configured for the modem To...

Page 390: ...psecret Site Name Deletes a site set site delete Site Name show site all names Site Name SLC Network Commands Displays all SLC SLB EMG and Spider units on the local network set slcnetwork Syntax set slcnetwork one or more parameters Parameters add IP Address delete IP Address search localsubnet ipaddrlist both Description Detects and displays all EMG or user defined IP addresses on the local netwo...

Page 391: ...sshkey delete one or more parameters Parameters keyhost SSH Key Host keyname SSH Key Name keyuser SSH Key User Description Deletes an ssh key Specify the keyuser and keyhost to delete an imported key specify the keyuser and keyname to delete exported key set sshkey export Syntax set sshkey export ftp sftp scp copypaste one or more parameters Parameters format openssh secsh host IP Address or Name ...

Page 392: ...st IP Address or Name login User Login Description Imports an SSH key set sshkey server import type Syntax set sshkey server import type rsa dsa via sftp scp pubfile Public Key File privfile Private Key File host IP Address or Name login User Login path Path to Key File Description Imports an EMG host key set sshkey server reset Syntax set sshkey server reset type all rsa dsa Description Resets de...

Page 393: ...y User viewkey enable disable Description Displays all keys that have been imported or keys for a specific user IP address or name show sshkey server Syntax show sshkey server type all rsa dsa Description Displays host keys public key only Status Commands show connections Syntax show connections email Email Address Description Displays a list of current connections Optionally emails the displayed ...

Page 394: ...Device Port List or Name email Email Address Description Generates a device port statistics report for one or more ports Optionally emails the displayed information show portstatus Syntax show portstatus deviceport Device Port List or Name email Email Address Description Displays device port modes and states for one or more ports Optionally emails the displayed information show sysconfig Syntax sh...

Page 395: ...log diaglog genlog display head tail numlines Number of Lines starttime MMDDYYhhmm ss endtime MMDDYYhhmm ss Description Displays the system logs containing information and error messages Note The level display and time parameters cannot be used simultaneously show syslog clear Syntax show syslog clear all netlog servlog authlog devlog diaglog genlog Description Clears one or all of the system logs...

Page 396: ...il Address Defaults treedisplay enable Description Displays information about USB buses and the devices connected to them including the mapping between a USB device and the EMG port Note For mapdevice enable the port names will displayed at the end of the line in square brackets To see a list of USB devices with vendor id and product id use treedisplay disable USB Storage Commands set usb storage ...

Page 397: ... flash drive set usb storage mount Syntax set usb storage mount U1 Description Mounts a USB flash drive in the EMG for use as a storage device The USB flash drive must be formatted with an ext2 or FAT file system before you mount it set usb storage unmount Syntax set usb storage unmount U1 Description Unmounts a USB flash drive Enter this command before removing the USB device set usb storage rena...

Page 398: ...n Removes a file on a thumb drive Syntax set usb storage delete U1 file Current Filename show usb storage Description Display product information and settings for any USB thumb drive Syntax show usb storage show usb Description Display currently attached USB devices with product information and settings Syntax show usb show usb modem Description Display product information and settings for any USB...

Page 399: ...ialoutlogin Remote User Login dialoutnumber Phone Number dodauth pap chap dodchaphost CHAP Host or User Name flowcontrol none xon xoff rts cts group Local or Remote Group Name initscript Modem Init Script localipaddr negotiate IP Address modemmode text ppp modemstate disable dialin dialout dialback cbcpserver cbcpclient dialondemand dialin ondemand dialback ondemand dialinhostlist modemtimeout dis...

Page 400: ...nformation and settings for any USB modem Syntax show usb modem VPN Commands set vpn Syntax set vpn parameters Description Configures setting for an IPsec VPN tunnel Parameters Parameters tunnel enable disable name VPN Tunnel Name auth rsa psk x509 remotehost Remote Host IP Address or Name remoteid Authentication Name remotehop IP Address remotesubnet one or more subnets in CIDR notation remotesou...

Page 401: ...a parameters will be ignored set vpn xauthpassword Configure X 509 certificate for remote peer or local peer set vpn certificate local via sftp scp rootfile Cert Authority File certfile Certificate File keyfile Private Key File host IP Address or Name login User Login path Path to Files set vpn certificate remote via sftp scp rootfile Cert Authority File certfile Certificate File host IP Address o...

Page 402: ...uploaded conf file set vpn confaction delete Display all VPN settings and current status show vpn email Email Address Display detailed VPN status show vpn status email Email Address Display VPN logs show vpn viewlog numlines Number of Lines email Email Address Display X 509 certificate for local peer EMG and remote peer show vpn certificate Display RSA public key of the local peer EMG and remote p...

Page 403: ...Commands set xmodem repo Syntax set xmodem repo import Xmodem File via ftp sftp scp host IP Address or Name login User Login path Path to Xmodem File set xmodem repo rename Xmodem File newfile New Filename set xmodem repo delete Xmodem File Description Manages a repository of files that can be sent to or received from a device port with Xmodem Ymodem or Zmodem The maximum file size is 20 MB and th...

Page 404: ...ateway User Guide 404 Description Send or receive files with Xmodem Ymodem or Zmodem by default receive will not overwrite a file in the repository with the same name show xmodem Syntax show xmodem Description Shows the Xmodem repository files ...

Page 405: ...make about the facility and network infrastructure for example how vulnerable the CAT 5 wiring is to tapping Factors Affecting Security External factors affect the security provided by the EMG unit for example Telnet sends the login exchange as clear text across Ethernet A person snooping on a subnet may read your password A terminal to the EMG may be secure but the path from the EMG to the end de...

Page 406: ...aкого же типа и c такой же хaрактериcтикой Cover Do not remove the cover of the chassis There are no user serviceable parts inside Opening or removing the cover may expose you to dangerous voltage that could cause fire or electric shock Refer all servicing to Lantronix Power Plug Connect the power plug in the following order 1 Connect the DC plug to the EMG first 2 Connect the AC cable to the exte...

Page 407: ...bient temperature less than the maximum operating temperature of the EMG unit See Hardware Specifications on page 37 Install the equipment in a rack in such a way that the amount of airflow required for safe operation of the equipment is not compromised Mount the equipment in the rack so that a hazardous condition is not achieved due to uneven mechanical loading Maintain reliable earthing of rack ...

Page 408: ...ect the network port to an Ethernet network that supports 10 100 1000 Base T Only connect device ports to equipment with serial ports that support EIA 232 formerly RS 232C Only connect the console port to equipment with serial ports that support EIA 232 formerly RS 232C Only connect a telephone line to the MODEM port Caution To reduce the risk of fire use only number 26 AWG or larger e g 24 AWG UL...

Page 409: ... many devices These adapters convert the RJ45 connection on the EMG unit to a 9 pin or 25 pin serial connector found on other manufacturers serial devices or re route the serial signals for connections to other devices that use RJ45 serial connectors The console port is wired the same way as the device ports and has the same signal options Note You can view or change the console port settings usin...

Page 410: ...pters and Pinouts EMG Edge Management Gateway User Guide 410 Figure C 2 RJ45 Receptacle to DB25F DCE Adapter for the EMG Unit PN 200 2067A Figure C 3 RJ45 Receptacle to DB9M DCE Adapter for the EMG Unit PN 200 2069A ...

Page 411: ...ts EMG Edge Management Gateway User Guide 411 Figure C 4 RJ45 Receptacle to DB9F DCE Adapter for the EMG Unit PN 200 2070A Use PN 200 2070A adapter with a PC s serial port Figure C 5 RJ45 Receptacle to DB25M DTE Adapter PN 200 2073 ...

Page 412: ... IKEv1 and IKEv2 Internet Key Exchange A protocol used to set up a security association in the IPsec protocol suite that allows two parties to send data securely IPsec A protocol suite for securing Internet Protocol IP communications by authenticating and encrypting each IP packet of a communication session Kerberos A network authentication protocol that provides strong authentication for client s...

Page 413: ... creating and running IP and other network protocols over a serial link RADIUS Remote Authentication Dial In User Service An authentication and accounting protocol Enables remote access servers to communicate with a central server to authenticate dial in users and their access permissions A company stores user profiles in a central database that all remote servers can share SCP Secure Copy Protoco...

Page 414: ...ystem A method of authentication used in UNIX networks It allows a remote access server to communicate with an authentication server to determine whether the user has access to the network Telnet A terminal protocol that provides an easy to use method of creating terminal connections to a network host TFTP Trivial File Transfer Protocol Simpler version of FTP taht doesn t require any type of authe...

Page 415: ...Test EN 61000 4 3 2010 Radiated Immunity Field Test EN 61000 4 4 2012 Electrical Fast Transient Test EN 61000 4 5 2014 Power Supply Surge Test EN 61000 4 6 2013 Conducted Immunity Test EN 61000 4 8 2009 Magnetic Field Test EN 61000 4 11 2004 Voltage Dips Interrupts Supplementary Information This Class A digital apparatus complies with Canadian ICES 003 CSA and has been verified as being compliant ...

Page 416: ...ge Management Gateway User Guide 416 Emissions EN 55022 EN 55032 Class A Immunity EN 55024 RoHS REACH and WEEE Compliance Statement Please visit http www lantronix com legal rohs for Lantronix s statement about RoHS REACH and WEEE compliance ...

Search results

Summary of Contents for EMG 8500

Reviews:

Related manuals for EMG 8500

Brands by name

Popular brands

Lantronix EMG 8500, User Manual

Search results

Summary of Contents for EMG 8500

Reviews:

Related manuals for EMG 8500

Brands by name

Popular brands