manualshive.com logo in svg

MDS Orbit MCR-4G, Техническое руководство

Поделиться
Скачать
MDS Orbit MCR-4G Скачать руководство пользователя страница 76

68

MDS Orbit MCR-4G Technical Manual

MDS 05-6628A01, Rev. B

RADIUS

Understanding

User accounts can be centrally managed with a RADIUS server. RADIUS accounts can be mapped to 
one of the three user roles.

If the RADIUS server is not accessible, users may use the local username/password to “fall back” to 
local authentication if the unit is configured to do so. Many RADIUS servers do not respond to a failed 
login attempt. To the unit, this appears the same as if the server is not there. The consequence of this 
behavior is that after three failed login attempts, the authentication will take place against the local 
user/password database if local fallback is enabled. Refer to the section on “Local User Management” 
for configuring the authentication order.

If more than one RADIUS server is configured, then the unit will attempt each RADIUS server in the 
order that they appear in the configuration until a successful response is received. A RADIUS server 
must be configured to provide the user’s authentication group in its authentication reply via a GE MDS 
vendor attribute. This can be configured in freeradius (an open source RADIUS server) by using the 
following dictionary file:

VENDOR GEMDS 4130
BEGIN-VENDOR    GEMDS
ATTRIBUTE GEMDS-UserAuth-Group 1 integer
VALUE     GEMDS-UserAuth-Group Operator       0
VALUE     GEMDS-UserAuth-Group Technician     1
VALUE     GEMDS-UserAuth-Group Administrator  2
END-VENDOR GEMDS

And configuring users as follows:

admin Cleartext-Password := “admin”
       GEMDS-UserAuth-Group := Administrator

tech Cleartext-Password := “tech”
       GEMDS-UserAuth-Group := Technician

oper Cleartext-Password := “oper”
       GEMDS-UserAuth-Group := Operator

Configuring

The following shows how to configure a RADIUS server:

admin@(none) 02:23:42% set system mds-radius servers server1 address 192.168.1.2 shared-secret 
abcd1234 user-authentication-type radius-CHAP

admin@(none) 00:06:15% show system mds-radius
servers server1 {
    address                  192.168.1.2;
    shared-secret            abcd1234;
    user-authentication-type radius-CHAP;
}
[ok][2012-06-19 00:06:22]

[edit]
admin@(none) 00:06:22%commit

Содержание Orbit MCR-4G

Страница 1: ...Installation and Operation Guide Technical Manual MDS 05 6628A01 Rev B Preliminary AUGUST 2013 MDSTM Orbit MCR 4G Managed Connected Router 4G and WiFi...

Страница 2: ...Quick Start instructions for this product are contained in publication 05 6702A01 Visit our website for downloadable copies of all documentation at www gemds com...

Страница 3: ...10 Accessories and Spares 12 3 0 Device Management 13 3 1 Connecting a PC 13 Differences Between Serial SSH 13 Establishing Communication Serial Interface 13 Setting Basic Parameters First Steps 14 On...

Страница 4: ...reserves its right to correct any errors and omissions in this publi cation RF Safety Notice English and French Concentrated energy from a directional antenna may pose a health hazard to humans Do no...

Страница 5: ...s complies with Canadian ICES 003 Cet appareil num rique de la classe A est conforme la norme NMB 003 du Canada Operational Safety Notices The MDS Orbit MCR 4G may not be used in an environment where...

Страница 6: ...l radio module only is CE marked and compliant with the RTTE directive Other configurations will be added for EU use in future releases Servicing Precautions No user serviceable parts are contained in...

Страница 7: ...are marked with a symbol which may include lettering to indicate cadmium Cd lead Pb or mercury Hg For proper recycling return the battery to your supplier or to a designated collection point For more...

Страница 8: ...use of the transceiver in hazardous locations and may void the approval A power connector with screw type retaining screws as supplied by GE MDS must be used Do not disconnect equipment unless power...

Страница 9: ...communications network to meet geographic and industry specific challenges Information on other GE MDS products can be found by visiting our website at www gemds com 1 1 About This Manual This manual...

Страница 10: ...will be shown with non bolded italicized text contained within the string Such text indicates the need for user supplied parameters such as the name of an item For example set interfaces interface myB...

Страница 11: ...ces provide local connections while a cellular interface provides access to public carrier networks User interface Multiple user interfaces are provided for configuration and monitoring of the unit Th...

Страница 12: ...it s front panel connectors and indicators These items are referenced in the text that follows The unit s LED Indicator Panel is described in Table 4 on Page 8 Figure 3 Connectors and Indicators 2E1S...

Страница 13: ...rts This is a standard RJ 45 jack and features MDIX auto sensing capability allowing straight through or crossover cables to be used Connecting to the unit via SSH supports device management and provi...

Страница 14: ...is hardwired as a DCE device Supported data formats for the COM port are 8N1 8 char bits no parity 1 stop bit Default setting 8N2 8 char bits no parity 2 stop bits 8O1 8 char bits odd parity 1 stop bi...

Страница 15: ...vides for MIMO receive operation diversity with standard for 4G mod ules improving signal quality in many installations In general both antennas should always be used for cellular operation The GE MDS...

Страница 16: ...tatus Indicators The LEDs on the unit provide visual indications of the status of the device as fol lows Figure 6 LED Status Indicators Table 4 Description of LED Status Indicators NOTE In addition to...

Страница 17: ...uilding Bond the protector to the tower ground if possible All grounds and cabling must comply with applicable codes and regulations One source for lightning protection products may be found online at...

Страница 18: ...s obtained when mounting antennas remotely using low loss coaxial cable Antennas mounted in close proximity to each other can couple signals between them and desensitize the RF module When placing the...

Страница 19: ...onfiguration works well for indoor applications in equipment closets for more permanent use Outdoor use case External enclosures If the system is going to be installed in a weather tight enclosure and...

Страница 20: ...ies Ancillary Items Item Description Part Number DC Power Plug 2 pin polarized Mates with power connector on the unit s case Screw terminals are provided for wires threaded locking screws to prevent a...

Страница 21: ...COM port SSH uses an Ethernet PC connection to the radio s ETH port Maximum recommended cable length for a serial connection is 50 feet 15 meters SSH can be connected to the radio from any network po...

Страница 22: ...default password admin and press Otherwise enter the saved password at the Password prompt Before placing the unit in final service it is recommended that the default password be changed to ensure th...

Страница 23: ...st system recovery one time passwords create function selected function A one time password is automatically generated and displayed on the screen Copy this password and save it in the desired locatio...

Страница 24: ...interfaces interface Wi Fi wifi config mode access point 2 set interfaces interface Wi Fi wifi config mode access point ap config ap GEMDS_ SERNUM broad cast ssid true privacy mode wpa2 personal psk c...

Страница 25: ...y using details option on the CLI The show command can be used to view configuration data Notice the information displayed is different depending on which mode the CLI is in Operational or Configuarti...

Страница 26: ...configuration mode private ok 2012 06 20 04 51 07 edit admin none 04 51 07 Step 3 Change the device name by typing in the following followed by enter set system name Device539 admin none 05 31 14 set...

Страница 27: ...nterface myBridge bridge settings members port ETH1 Remove an interface from a bridge delete interfaces interface myBridge bridge settings members port ETH1 View WiFi settings show configuration inter...

Страница 28: ...myssid 5 set interfaces interface myBridge ipv4 address 192 168 1 21 prefix length 24 6 set services dhcp enabled true v4subnet 192 168 1 0 24 domain name gemds range start 192 168 1 10 range end 192...

Страница 29: ...sical interface Wi Fi wifi config mode access point ap config ap myssid 2 set interfaces interface myBridge virtual type bridge 3 set interfaces interface myBridge bridge settings members port ETH1 4...

Страница 30: ...ice via UDP Invisible place holder Figure 13 Example 3 Unit Providing Connectivity to Serial Based SCADA Device via UDP The following commands will configure the MCR 4G 2 for this scenario 1 set inter...

Страница 31: ...2 168 1 21 prefix length 24 4 set interfaces interface Cell physical interface Cell enabled true 5 set services firewall enabled true 6 set services firewall filter IN_UNTRUSTED 7 set services firewal...

Страница 32: ...et services firewall nat source rule set MASQ 16 set services firewall nat source rule set MASQ rule 1 source nat interface 17 set services interfaces interface Cell nat source MASQ 3 4 Operational To...

Страница 33: ...min none 00 04 43 set services serial console serial ports COM1 COM2 ok 2012 06 19 00 04 57 edit admin none 00 04 59 set services serial ports COM2 baud rate b19200 ok 2012 06 19 00 05 28 edit admin n...

Страница 34: ...ribed below in a separate section Static or dynamic IP addressing DHCP for each interface Bridging Firewall Routing VPN Configuring See each individual section for details about configuring the LAN Ce...

Страница 35: ...Entering configuration mode private ok 2012 06 20 06 03 54 admin none 06 04 45 set interfaces interface ETH1 ipv4 address 192 168 1 11 prefix length 24 ok 2012 06 20 06 05 01 edit admin none 06 05 01...

Страница 36: ...0 status counters rx_errors 0 status counters rx_fifo_errors 0 status counters rx_frame_errors 0 status counters rx_length_errors 0 status counters rx_missed_errors 0 status counters rx_packets 8859 s...

Страница 37: ...issuing these commands two bridges are created internally which are background operations hidden from the user In this case the two bridges are br_vlan99 and br_vlan300 When an interface is specified...

Страница 38: ...false keep alive address host name or address interval host name or address Access Point Name APN After MCR has registered on the cellular network it sets up the IP data connection with a specific Pa...

Страница 39: ...e as follows 4G Operation Default programming set interfaces interface Cell cell config service recovery lte recovery true commit 3G Operation Turn off the LTE Recovery Mode to allow continual 3G mode...

Страница 40: ...61 ok 2013 01 18 16 23 38 Determining the Cell Module s IMSI IMEI When provisioning the cell module for network service the cellular provider typically requires the Interna tional Mobile Subscriber Id...

Страница 41: ...d be used only to test connectivity 2 WPA2 CCMP AES Encryption This mode should be used if all client devices support WPA2 CCMP 3 Encryption TKIP Encryption This mode should be used if there is mix of...

Страница 42: ...dmin none 00 19 02 set interfaces interface Wi Fi wifi config ap config privacy mode wpa2 per sonal psk config psk somepassphrase ok 2012 06 19 00 26 51 edit admin none 00 26 51 show interfaces interf...

Страница 43: ...cmp tkip key mgmt wpa psk psk somepassphrase ok 2012 06 19 00 27 01 edit admin none 00 27 01 commit Commit complete Other configuration The following configures the device to broadcast its ssid suppor...

Страница 44: ...k 2012 06 19 00 43 34 edit admin none 00 43 34 commit Commit complete Monitoring Ensure the CLI is in Operational mode Access Point Mode The following shows status with two stations connected Note tha...

Страница 45: ...dmin none 00 52 24 show interfaces interface Wi Fi wifi status wifi status mode Station wifi status ssid somessid wifi status privacy wifi status channel 6 wifi status tx power 15 wifi status bssinfo...

Страница 46: ...WiFi are not directed out the LAN connection and vice versa The bridged network is addressable via bridge interface a virtual interface The interfaces that are in the bridge are called bridged interf...

Страница 47: ...rfaces interface myBridge bridge settings members port ETH1 Adding WiFi interface to the bridge Access Point admin none 00 06 20 set interfaces interface myBridge bridge settings members wifi ap myssi...

Страница 48: ...ounters rx_frame_errors 0 status counters rx_length_errors 0 status counters rx_missed_errors 0 status counters rx_packets 151306 status counters rx_over_errors 0 status counters tx_aborted_errors 0 s...

Страница 49: ...oute 1 dest prefix 0 0 0 0 0 next hop 192 168 1 10 route 2 dest prefix 10 2 3 1 32 next hop 192 168 1 9 ok 2012 06 19 00 05 01 edit admin none 00 05 01 Monitoring Ensure the CLI is in operational mode...

Страница 50: ...erminating at MCR For example device man agement traffic using SSH or NETCONF protocol terminating at local device management process within the MCR unit Invisible place holder Figure 16 Packets Termi...

Страница 51: ...t of one or more rules Each rule consists of two parts Matching criteria that a packet must satisfy for the rule to be applied Matching criteria consists of various parameters like protocol source des...

Страница 52: ...ion on MCR involves following high level steps 1 Create a filter decide on default policy of the filter For example there are usually two ways to organize a filter a Create a restrictive filter i e th...

Страница 53: ...S NTP and IKE to allow IPsec connection setup admin none 19 33 20 set services firewall filter IN_UNTRUSTED rule 2 match protocol udp src port services dns ike ntp admin none 19 33 20 set services fir...

Страница 54: ...all traffic Later on if needed this filter can be enhanced to deny certain traffic from getting out of the cellular interface admin none 19 33 20 set services firewall filter OUT_UNTRUSTED rule 10 ma...

Страница 55: ...ar to have originated from a single IP address the ip address of the public interface of the MCR typically cellular interface from HOST B s point of view To allow return IP traffic for UDP TCP connect...

Страница 56: ...3 Create rule for masquerading admin none 19 33 20 set services firewall nat source rule set MASQ rule 1 source nat interface 4 Apply this source NAT rule set to cellular interface admin none 19 33 2...

Страница 57: ...me rule id match protocol udp tcp src address network prefix dst address network prefix dst port unit16 destination nat address ip address port unit16 interfaces interface name nat destination name De...

Страница 58: ...le set IO_SERVICES 3 Create rule for port forwarding Modbus TCP traffic coming into cellular interface on port 512 to port 5512 on private HOST 1 admin none 19 33 20 set services firewall nat destinat...

Страница 59: ...llows PC 192 168 2 2 to communicate with remote Ethernet device 192 168 1 2 using any TCP UDP IP based protocol and vice versa IPsec Internet Protocol Security is a set of protocols defined by the IET...

Страница 60: ...ifetime This allows for the IPsec connection to be re keyed simply by performing another phase 2 negotiation Configuring VPN VPN Configuration Hierarchy NOTE The configuration parameters shown here ar...

Страница 61: ...and applied to the cellular interface The IN_UNTRUSTED and OUT_UNTRUSTED filters should be applied to incoming and outgoing traffic respectively filter IN_UNTRUSTED rule 1 match protocol udp src port...

Страница 62: ...be included in the proposal during IKE phase 2 4 Configure an IPsec connection specifying IKE peer IPsec policy local and remote private IP subnets NOTE The above configuration parameters should matc...

Страница 63: ...Group DH 14 group 14 modp2048 admin none 19 33 29 set services vpn ike policies policy IKE POLICY 1 ciphersuites ciphersuite AES256_CBC SHA256 DH14 encryption algo aes 256 cbc admin none 19 33 29 set...

Страница 64: ...NN 1 ipsec policy IPSEC POLICY 1 admin none 19 33 29 set services vpn ipsec connections connection VPN GWY CONN 1 local ip subnet 192 168 1 0 24 admin none 19 33 29 set services vpn ipsec connections...

Страница 65: ...vice and PC admin none 20 41 32 ping 192 168 2 1 PING 192 168 1 2 192 168 2 1 56 84 bytes of data 64 bytes from 192 168 2 1 icmp_req 1 ttl 63 time 389 ms 64 bytes from 192 168 2 1 icmp_req 2 ttl 63 ti...

Страница 66: ...nitoring Ensure the CLI is in operational mode Follow the example below to view the state and statistics The ping utility can be used on the CLI when it is in operational mode to verify that DNS is wo...

Страница 67: ...the unit s interfaces eth0 or br0 if eth0 is bridged must be configured with an IP address from this subnet admin none 04 18 26 set services dhcp v4subnet 192 168 0 0 16 domain name gemds range start...

Страница 68: ...dpoint then traffic from the COM port is sent to the remote host at the specified port in UDP packets Likewise traffic sent to the UDP port of the unit is forwarded out the COM port Since UDP is state...

Страница 69: ...perational mode Follow the example below to view the state and statistics admin none 22 03 06 show services serial SERIAL SERIAL SERIAL SERIAL SERIAL IP TX IP TX IP RX IP RX TX TX RX RX PORT PACKETS B...

Страница 70: ...e following shows how to enable iperf service admin none 22 04 32 set services iperf enabled true admin none 22 04 32 commit NOTE If firewall is enabled then it must be configured to permit incoming T...

Страница 71: ...the date and time use the request set current datetime admin none 18 18 58 request system clock set set current datetime current datetime time To use an NTP server an NTP server must be configured on...

Страница 72: ...geographical location of the unit can be configured as shown below admin none 00 50 46 set system geographical location altitude 1 0 latitude 43 117807 longitude 77 611896 ok 2012 06 19 00 56 00 edit...

Страница 73: ...sed encryption The user authentication can be done using locally stored passwords or via RADIUS Configuring The password for each user account can be changed using a request admin none 01 04 19 reques...

Страница 74: ...tice event type console_login status success message user_name oper logging event log 62627 time stamp 2011 12 21T01 23 00 288046 00 00 priority notice event type console_login status failure message...

Страница 75: ...ns that can occur in succession before the unit disables the ability to login for a specified amount of time The amount of time is determined by failed login lockout time which represents the time in...

Страница 76: ...ssful response is received A RADIUS server must be configured to provide the user s authentication group in its authentication reply via a GE MDS vendor attribute This can be configured in freeradius...

Страница 77: ...dles for debugging Configuring The following shows how to add a file server configuration named GE File Server 1 admin none 05 11 42 set file servers GE_file_server_1tftp address 192 168 1 2 admin non...

Страница 78: ...the last SCEP operation initiated delete cacert Delete identified CA certificate delete clientcert Delete identified Client certificate delete firmware cert Delete identified certificate delete priv...

Страница 79: ...manual file server tftp address 192 168 1 2 file name der2048 priv key key identity ex_key_1 is valid true ok 2012 06 19 00 36 27 admin none 00 36 27 show pki KEY KEY IDENTITY LENGTH KEY DATE TIME ex...

Страница 80: ...ration of the Certificate Authority that will be accessed at the above server is setup in a second command in certmgr under ca servers admin none 03 05 56 set pki ca servers ca server ex_ca_serv ca id...

Страница 81: ...ple admin none 06 37 30 config Entering configuration mode private ok 2012 06 23 06 37 32 edit admin none 06 37 32 set pki cert info certificate info my_ca_serv organization x509 GE MDS LLC org unit x...

Страница 82: ...he CA server and an added extension Some of the names that may be added are _ENC encryption file _SGN signing file _ISS issuing file _INT intermediate file The second step is to request a client cert...

Страница 83: ...ed cert it is not necessary to also call out this same key as the self key Here is a renewal request formed accordingly admin none 02 03 49 request pki get clientcert scep cert server name ex_scep_ser...

Страница 84: ...cert delete cert delete firmware certificate delete priv key Here is an example of deleting the private key we have moved beyond when we re keyed the client certificate in the last step admin none 06...

Страница 85: ...tics admin none 01 03 45 show pki KEY KEY IDENTITY LENGTH KEY DATE TIME test_priv_key 1024 2012 06 19T00 05 23Z CACERT IDENTITY test_ca_cert test_ca_cert_INT test_ca_cert_ISS CERT IDENTITY test_client...

Страница 86: ...tions The events generated by the unit are converted to NETCONF notifications NETCONF clients can subscribe to the unit to receive those notifications Syslog The events generated by the unit can be se...

Страница 87: ...ning tool NOTE Any additional signatures added to a firmware package will require the corresponding public certificates to be loaded into the unit for firmware reprogramming to complete successfully S...

Страница 88: ...size 36005116 system firmware reprogramming status bytes transferred 7455744 system firmware reprogramming status percent complete 20 admin none 03 55 43 show system firmware reprogramming status sys...

Страница 89: ...e via cellular interface admin none 22 14 57 request system support generate support package filename debug 2013 01 24 tgz manual file server ftp address 192 168 1 2 username xyz password xyz The MCR...

Страница 90: ...edded LEDs A yellow indi cates a link at 100 Mbps operation A flashing green indicates Ethernet data traffic LED Name LED State Description PWR DC Power Off Solid Green Solid Amber Fast Blink Red 1x s...

Страница 91: ...2MV1 Cell 3229B E362 Specifications subject to change without notice or obligation 4 4 Glossary of Terms Abbreviations If you are new to wireless communications systems some of the terms used in this...

Страница 92: ...Terminal Equipment A device that provides data in the form of digital signals at its output DTE connects to the DCE device ETH Ethernet Fade Margin The greatest tolerable reduction in average received...

Страница 93: ...Enrollment Protocol A scalable protocol for networks based on digital certifi cates which can be requested by users without the need for assistance or manual intervention from a system administrator S...

Страница 94: ...d string rw port uint16 rw timeout uint32 ftp rw ftp rw address string rw username string rw password string rw control port uint16 rw data port uint16 rw timeout uint32 http rw http rw address string...

Страница 95: ...s yang phys address rw mdsif dhcp rw mdsif client identifier string rw mdsif retry interval uint16 ro mdsif current address ip ro mdsif ip inet ipv4 address no zone ro mdsif prefix length uint8 rw ip...

Страница 96: ...i ca cert id string rw mds_wifi ap config rw mds_wifi ap ssid rw mds_wifi ssid string rw mds_wifi broadcast ssid boolean rw mds_wifi station max uint32 rw mds_wifi station timeout uint32 rw mds_wifi b...

Страница 97: ...ds_wifi txbitrate uint16 ro mds_wifi txbytes uint32 ro mds_wifi txpackets uint32 ro mds_wifi txfailed uint32 ro mds_wifi txretries uint32 rw mds_vlan vlan config rw mds_vlan vlan id vlan id rw mds_vla...

Страница 98: ...ll lte recovery boolean rw mds cell lte recovery interval uint16 ro mds cell cell status ro mds cell imsi display string ro mds cell imei display string ro mds cell iccid display string ro mds cell md...

Страница 99: ...t leafref rw fire nat rw fire source leafref rw fire destination leafref rw mdsif physical interface name rw mdsif name string rw mdsif type identityref rw mdsif system name string rw logging rw event...

Страница 100: ...w certmgr servers encrypt algo cm certmgr enc algo rw cert info rw certificate info certificate info identity rw certificate info identity string rw country x509 string rw state x509 string rw locale...

Страница 101: ...utc offset rw timezone utc offset int16 rw mdssys set rw ntp rw use ntp boolean rw ntp server address rw association type enumeration rw address inet host rw enabled boolean rw iburst boolean rw pref...

Страница 102: ...rw mdssys user authentication type identityref rw mdssys options rw mdssys timeout uint8 rw mdssys attempts uint8 rw mdssys firmware ro mdssys versions location ro mdssys location uint8 ro mdssys vers...

Страница 103: ...status status_type ro mdssys date created string ro mdssys date revoked string ro mdssys user string ro mdssys uptime ro mdssys seconds uint32 ro mdssys text string ro processes job_id ro job_id int3...

Страница 104: ...inet ipv4 address rw dhcp domain name servers inet ipv4 address rw dhcp domain name inet domain name rw dhcp ntp servers inet host rw dhcp netbios name servers inet host rw dhcp v6subnet subnet mask r...

Страница 105: ...2 ro serial ip rx packets uint32 ro serial ip rx bytes uint32 ro serial serial tx packets uint32 ro serial serial tx bytes uint32 ro serial serial rx packets uint32 ro serial serial rx bytes uint32 rw...

Страница 106: ...fire nat rw fire source rw fire rule set name rw fire name sec word string rw fire rule id rw fire id uint32 rw fire match rw fire src address inet ipv4 prefix rw fire dst address inet ipv4 prefix rw...

Страница 107: ...rw vpn version ike version rw vpn mode ike v1 mode rw vpn auth method ike auth method rw vpn pre shared key string rw vpn pki rw vpn cert type enumeration rw vpn cert id string rw vpn key id string r...

Страница 108: ...w vpn dpd interval uint16 rw vpn ipsec rw vpn policy name rw vpn name sec word string rw vpn ciphersuite name rw vpn name sec word string rw vpn encryption algo encryption algo rw vpn mac algo mac alg...

Страница 109: ...port inet port number rw web ipv4 bind ips leafref rw web ipv6 bind ips leafref rw web tls certificate string rw web tls priv key string ro watchdog status ro slab uint32 ro slab high watermark uint32...

Страница 110: ...ng will still be pending at that point This gives the user the opportunity to discard the changes or to modify them and then try to commit them again Inputting values The format for each node in the d...

Страница 111: ...ready typed tab completion will display different possible completions When the tab key is pressed and no text has been typed the CLI shows all of the possible commands that can be typed as shown belo...

Страница 112: ...ting Routing parameters services Services which are configurable on this system system System group configuration admin none 01 06 49 set When the tab is key is pressed after the name of a data node t...

Страница 113: ...is mandatory and yet it was not supplied in the initial request admin none 00 09 38 request system firmware reprogram inactive image preconfigured file server configuration_name fs1 Value for filename...

Страница 114: ...ds can be chained to achieve more complex processing admin none 17 20 27 show configuration Possible completions annotation Show only statements whose annotation matches a pattern count Count the numb...

Страница 115: ...supported interfaces bridge true interfaces interface eth0 if index 2 status mac address 1e ed 19 27 1a b3 status mtu 1500 status link up status ipv4 address 192 168 1 10 24 status ipv6 address fe80...

Страница 116: ...d uid 1000 gid 100 uid 1000 gid 100 uid 1000 gid 100 uid 1000 gid 100 Display line numbers The linnum target causes a line number to be displayed at the beginning of each line in the display admin io...

Страница 117: ...ete or Backspace Delete the character following the cursor Ctrl d Delete all characters from the cursor to the end of the line Ctrl k Delete the whole line Ctrl u or Ctrl x Delete the word before the...

Страница 118: ...command Configure private exclusive shared Enter configure mode The default is private Private Edit private copy of running configuration Exclusive Lock and edit candidate configuration Shared Edit ca...

Страница 119: ...stem platform machine armv7l system platform nodename none system clock current datetime 2012 06 19T01 25 05 00 00 system clock boot datetime 2012 06 19T00 00 34 00 00 system support support transfer...

Страница 120: ...s configuration and any nodes that assumed a default value admin none 16 28 52 show configuration interfaces interface ETH1 details type ethernetCsmacd enabled true ipv4 enabled true ip forwarding fa...

Страница 121: ...e compare command Differences will be annotated with removed and added If the brief option is specified then only the differences will be shown tag add statement tag Add a tag to a configuration state...

Страница 122: ...les persist id id If a prior confirming commit operation has been performed with the persist argument then to modify the ongoing confirming commit process the persist id argument needs to be supplied...

Страница 123: ...n mode of the CLI Reverting the changes can be done using the revert command rollback number Return the configuration to a previously committed configuration The system stores a limited number of old...

Страница 124: ...ded into the Integrity Measurement Authority IMA database Typically integrity measurement and attestation happens automatically as part of IPsec VPN data connection establishment using EAP TTLS method...

Страница 125: ...ocal ip subnet 192 168 1 0 24 remote ip subnet 192 168 2 0 16 failure retry interval 1 IMA CONN 1 is used for attestation and VPN GWY CONN 1 is used for VPN data connection If more than one IPsec conn...

Страница 126: ...re reason none last timestamp 2013 01 18T21 24 26 00 00 ima evaluation non compliant major ima recommendation Quarantined ok 2013 01 18 22 13 20 Once it is determined through event logs that the confi...

Страница 127: ...s and field value types used to represent common event data Selected fields and value types become associated with properties of a specific event instance CEE Event Schema defines the structure of an...

Страница 128: ...cond resolution whereas the CEE timestamps have microsecond resolution with full year RFC 5424 4 Syslog messages do include the year and support for microsecond resolution 2 Syslog timestamps reflect...

Страница 129: ...ce_name eth0 profile http gemds com cee_profile 1 0beta1 xsd DHCP Response from server assigning the IP 192 168 2 3 cee host stout pname my_appname time 2012 08 22T11 20 10 559748 04 00 action request...

Страница 130: ...ure the unit with a server to which events will be sent admin none 03 58 13 set logging syslog server my_syslog_server ip 192 168 1 1 port 1999 pro tocol tls version RFC5424 tls options tls ca certifi...

Страница 131: ...of the certificate information to aide lookup of the appropriate public key during signature verification infile The filepath for package file input outfile The filepath for signed package file output...

Страница 132: ...downloaded by users from GE MDS websites ge_pubcert pem is the public certificate provided by GE MDS that is used to verify that the signed packaged is authentic The GE MDS public certificate will ty...

Страница 133: ...MDS 05 6628A01 Rev B MDS Orbit MCR 4G Technical Manual 125 Signature 2 validation was successful Signature 1 validation was successful...

Страница 134: ...of the equipment in which the SIM card will be used The IMEI can be found by logging into the device and entering the following command admin none 00 20 44 show interfaces interface Cell cell status i...

Страница 135: ...EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DAT...

Страница 136: ...1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice...

Страница 137: ...by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com Original SSLeay License Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved Th...

Страница 138: ...edgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMP...

Страница 139: ...ou to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a...

Страница 140: ...arranty protection in exchange for a fee 2 You may modify your copy or copies of the Program or any portion of it thus forming a work based on the Program and copy and distribute such modifications or...

Страница 141: ...nformation you received as to the offer to distribute corresponding source code This alternative is allowed only for noncommercial distribution and only if you received the program in object code or e...

Страница 142: ...if a patent license would not permit royalty free redistribution of the Program by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this...

Страница 143: ...free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR...

Страница 144: ...136 MDS Orbit MCR 4G Technical Manual MDS 05 6628A01 Rev B NOTES...

Страница 145: ...MDS 05 6628A01 Rev B MDS Orbit MCR 4G Technical Manual 137 NOTES...

Страница 146: ...138 MDS Orbit MCR 4G Technical Manual MDS 05 6628A01 Rev B...

Страница 147: ...epaired and returned to you as quickly as possible Please be sure to include the SRO number on the outside of the shipping box and on any corre spondence relating to the repair No equipment will be ac...

Страница 148: ...GE MDS LLC Rochester NY 14620 Telephone 1 585 242 9600 FAX 1 585 242 9620 www gemds com 175 Science Parkway...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды