background image

7: Networking

EMG™ Edge Management Gateway User Guide

90

Advanced Cellular Gateway Configuration

Admin Login and 

Password/Retype

For the selected 

Fail-over Device

, the administrator login and password used to 

retrieve status from the device and send configuration updates to the device. The 

login may have up to 32 characters, and the password may have up to 64 

characters. The 

Admin Password

 displays the current password masked.

Default login credentials of the Lantronix PW HSPA+:

Admin login name: admin
Admin password: PASS

Default login credentials of the Sierra Wireless ES450:

Admin login name: user
Admin password: 12345

Change Admin 

Password (check 

box)

Select this check box if you wish to update the admin password for the selected 

gateway 

Fail-over Device

.

New Admin 

Password/Retype

For the selected 

Fail-over Device

, the administrator password can be changed on 

the gateway. The password may have up to 64 characters. 
To change the Admin Password, click the Change Admin Password checkbox and 

enter the new password in the New Admin Password and Retype fields. Changing 

the HSPA+ Admin password will save the password on the EMG for status and 

configuration queries to the HSPA+ gateway. The password must match what is 

stored on the HSPA+ gateway. Changing the Sierra Admin password will save the 

password on the EMG for status and configuration queries to the Sierra gateway. 

The new password will also be configured on the Sierra gateway. The Sierra 

gateway login must be set as ‘user’. 

Reboot Gateway 

When Making 

Changes (check 

box)

Select this check box if you wish to reboot the selected fail-over device when 

making changes. 

Fail-Over Cellular 

Gateway Status 

(link)

Clicking the link opens the Fail-Over Cellular Gateway status window, showing 

status and statistics about the fail-over gateway. 
Click Back to Network Settings to return to the Network Settings page. 

SIM Card PIN Lock 

(check box)

For the HSPA+ and Sierra gateways, enable a lock so that the SIM card used by the 

gateway cannot be used by anyone who does not have the PIN.

Pin # for SIM Card/

Retype

For the HSPA+ and Sierra gateways, the PIN number for the SIM card used by the 

gateway. May have up to 8 characters.

SIM PUK/Retype

For the HSPA+ gateway, the SIM Personal Unblocking Key (PUK). May have up to 

16 characters. The Sierra gateway does not have this feature.

SIM Username

For the HSPA+ gateway, enter the username for dial up to the cellular carrier, if 

required. May have up to 64 characters. The Sierra gateway does not have this 

feature.

SIM Password

For the HSPA+ gateway, enter the password for dial up to the cellular carrier, if 

required. May have up to 64 characters. The Sierra gateway does not have this 

feature.

Dial-up String

For the HSPA+ gateway, enter the modem string used for making a connection to 

the carrier. May have up to 64 characters. The Sierra gateway does not have this 

feature.

Roaming

For the HSPA+ gateway, enable or disable network roaming. The Sierra gateway 

does not have this feature.

Summary of Contents for EMG Series

Page 1: ...Part Number PMD 00008 Revision C April 2020 EMG Edge Management Gateway User Guide EMG 8500 EMG 7500...

Page 2: ...urrent list of our domestic and international sales offices go to the Lantronix web site at https www lantronix com about us contact Open Source Software Some applications are Open Source software lic...

Page 3: ...ense will be required to take whatever measures may be required to correct the interference Note This equipment has been tested and found to comply with the limits for Class A digital device pursuant...

Page 4: ...lease 8 3 0 0 It contains the initial release for EMG 7500 and includes the following software changes Added Wi Fi support both WLAN client mode and access point mode Upgraded FIPS support with latest...

Page 5: ...____________________________________________24 Performance Monitoring _________________________________________________25 Security ______________________________________________________________25 Powe...

Page 6: ...__________________________________50 Modem Installation _____________________________________________________52 4 EMG 7500 Installation 53 EMG 7500 Package Contents ___________________________________...

Page 7: ..._______________________________83 Hostname Name Servers ______________________________________________85 DNS Servers __________________________________________________________85 DHCP Acquired DNS Serv...

Page 8: ..._______________136 Performance Monitoring Add Edit Probe __________________________________139 Performance Monitoring Results ________________________________________142 Performance Monitoring Command...

Page 9: ...__181 SD Card Commands __________________________________________________181 10 Device Ports 182 Connection Methods ______________________________________________________182 Permissions ______________...

Page 10: ...______215 DIO Commands ______________________________________________________216 Xmodem _______________________________________________________________217 Xmodem Commands _____________________________...

Page 11: ...r _______________________________________________________282 Connection Configuration _______________________________________________283 Connection Commands ___________________________________________...

Page 12: ..._334 Factory Reset with External Storage Device ________________________________335 Internal Temperature __________________________________________________337 Site Information ________________________...

Page 13: ...___________________________________388 TACACS Commands ____________________________________________________389 User Permissions Commands _______________________________________________390 Remote User...

Page 14: ..._______________________________449 USB Modem Commands __________________________________________________452 VPN Commands _________________________________________________________453 WLAN Commands ____...

Page 15: ...er Guide 15 Statement __________________________________________________________472 Safety and Hazards ___________________________________________________481 RoHS REACH and WEEE Compliance Statement _...

Page 16: ...7 Figure 3 11 Power Input ___________________________________________________________48 Figure 4 3 EMG 7500 Rack Mount Configurations _______________________________________56 Figure 4 4 EMG 7500 Rack...

Page 17: ...____________________________________160 Figure 8 8 Services Secure Lantronix Network Search Options _________________________161 Figure 8 9 Services Date Time _________________________________________...

Page 18: ...______________________281 Figure 13 4 Multiport Device Server _________________________________________________282 Figure 13 5 Console Server _______________________________________________________283...

Page 19: ...ners________________________________________________356 Figure 16 1 EMG Configuration ___________________________________________________358 Figure 16 2 Remote User Connected to a SUN Server via the C...

Page 20: ...ess _________________________________________63 Table 6 3 SCS Commands ________________________________________________________77 Table 6 4 CLI Keyboard Shortcuts _____________________________________...

Page 21: ...nnection form factors and power supplies provides instructions for installing the EMG 7500 Chapter 5 Quick Setup Provides instructions for getting your EMG unit up and running and for configuring requ...

Page 22: ...gurations to set up and use the EMG unit Chapter 17 Command Reference Lists and describes all of the commands available on the EMG command line interface Appendix A Security Considerations Provides ti...

Page 23: ...onnection This chapter provides an introduction to the following EMG models EMG 8500 EMG 7500 Most features are common to both EMG 8500 and EMG 7500 however differences between the two models are note...

Page 24: ...work connectivity Figure 2 2 EMG 7500 Edge Management Gateway front view Key Features Console Management Enables system administrators to remotely manage devices with serial and or USB console ports w...

Page 25: ...performed on the CLI or on device ports Performance Monitoring Performance Monitoring probes to analyze network performance Security Enterprise grade security and secure user access control with loca...

Page 26: ...ss For brief descriptions of these protocols see Appendix D Protocol Glossary on page 467 Configuration Methods After installation the EMG requires configuration For the unit to operate correctly on a...

Page 27: ...ode Product Part Number Product Revision Manufacturing Date Code Country of Manufacturing Origin Hardware Address MAC address or serial number Device ID used to connect to ConsoleFlow central manageme...

Page 28: ...ion of the EMG unit will depend upon the type s of I O modules installed in the bays Two I O Module Device Port Bays The EMG supports the use of single mode and multi mode fiber optic SFP transceiver...

Page 29: ...ort One I O Device Port Module Dual Ethernet Port The appearance and function of the EMG unit will depend upon the type of I O module installed Internal LTE cellular modem Power inlet Micro SD Card Mi...

Page 30: ...e port The port can save the data log to a file send an email notification of an issue or take no action You can define the path for logged data on a port by port basis configure file size and number...

Page 31: ...Lantronix adapters The RJ45 ports have software reversible pinouts to switch between digital terminal equipment DTE and digital communications equipment DCE applications RJ45 to DB9 DB25 adapters are...

Page 32: ...d with two Ethernet and two SFP ports The EMG 7500 is equipped with two Ethernet ports only The EMG network interfaces are 10 100 1000 Base T Ethernet for use with a conventional Ethernet network as s...

Page 33: ...equipped with two user swappable connectivity slots on the back of the unit One LTE 4G cellular modem may be installed See Connectivity Module Installation on page 50 The EMG 7500 is offered with the...

Page 34: ...stalled in either connectivity slot See Connectivity Module Installation on page 50 The EMG 7500 is offered with the option of a pre installed analog dialup modem module Connectivity Modules User repl...

Page 35: ...y Status Table 2 13 describes the front panel LED indicators Table 2 13 Front Panel LED Indicators Digital IO Port The DIO port applies to EMG 8500 only The terminal block digital input relay output i...

Page 36: ...t The DIO connector description is provided below Connector Description Relay Output Output supports 1A 24V Inputs Inputs accept voltage 0 to 30 VDC ON Max 30 VDC Min 2 VDC OFF Max 0 7 VDC Min 0 VDC P...

Page 37: ...e modules are available and sold separately Table 3 2 EMG 8500 Device Modules Additional parts and accessories are available and sold separately For details and purchasing information refer to the nex...

Page 38: ...nouts An available connection to your Ethernet network and an Ethernet cable CAT5E or better cables are recommended for 1000 Base Ethernet A working AC power outlet to power the unit using the include...

Page 39: ...ctable 300 to 921600 baud LEDs Green light ON indicates data transmission activity Yellow light ON indicates data receiving activity Network Interface 2 10 100 1000 Base T RJ45 Ethernet with LED indic...

Page 40: ...t securely on a flat vertical surface See Wall Mount Installation on page 42 3 Connect the serial device s to the EMG unit s device ports See Connecting to a Device Port on page 44 4 Choose one of the...

Page 41: ...he EMG boots it attempts to get an IP address from DHCP To configure the network settings see Chapter 5 Quick Setup Rack Mount Installation Figure 3 4 shows two possible rack mount configurations Figu...

Page 42: ...pth of 1 25 inches 32 mm 3 Insert the anchors until they are flush with the surface 4 Thread four pan head top mount screws through the unit mount hole and through the anchor and tighten them 2 Keyhol...

Page 43: ...er holes at a depth of 1 25 inches 32 mm 3 Thread four pan head top mount screws through the unit mount hole and tighten them 2 Keyhole mount 1 Locate the place where you want to mount the unit and ma...

Page 44: ...ect one end of the cable to the device port 2 Connect the other end of the cable to an RJ45 serial console port on the serial device or use a Lantronix serial console adapter to connect it to other po...

Page 45: ...ing or replacing I O modules in the I O module bays When populating the bays Bay 1 and Bay 2 may be populated in any order and one module may be left empty The bays are ordered from left to right Bay...

Page 46: ...etwork Modular Expansion for Connectivity Module Bays The EMG module configuration can be changed by adding or replacing connectivity modules in the Connectivity module bays Bay 1 and Bay 2 may be pop...

Page 47: ...apters that provide a connection between an RJ45 jack and a DB9 or DB25 connector The console port is configured as DTE non reversed RJ45 See Appendix C Adapters and Pinouts for more information To co...

Page 48: ...strong password Power Input The EMG has a DC input jack connector for applying 9 to 30V DC The EMG ships with an external 100 to 200VAC 50 60Hz to 12V DC power supply brick for supplying power to the...

Page 49: ...of the EMG unit Do not insert any other module on the front of the EMG unit Doing so may damage the EMG unit and will void the manufacturer warranty To install an I O module 1 Disconnect the power co...

Page 50: ...ing the modules Not powering off the device before changing the module will void the manufacturer warranty Warning Install the connectivity module on the back only of the EMG unit Do not insert any ot...

Page 51: ...Tighten the screw on the module with your fingers Be careful not to over tighten it 7 Insert and screw in the antennas to the module with your fingers 8 To verify the new module is recognized connect...

Page 52: ...26 AWG OR LARGER e g 24 AWG UL LISTED OR CSA CERTIFIED TELECOMMUNICATION LINE CORD Attention POUR R DUIRE LES RISQUES D INCENDIE UTILISER UNIQUEMENT DES CONDUCTEURS DE T L COMMUNICATIONS 26 AWG AU DE...

Page 53: ...Order Information To view order information part numbers and extended support options go to https www lantronix com products lantronix emg tab order now User Supplied Items To complete your installat...

Page 54: ...e front and one on the back of the unit HS FS and LS Capable of providing VBUS 5V up to 100 mA per port but not to exceed 400 mA total per 4 port USB I O module May be used with a USB to serial adapte...

Page 55: ...60 To configure the EMG unit using a dumb terminal or a computer with terminal emulation connect the terminal or PC to the front panel EMG console port See Connecting Terminals on page 60 4 Connect t...

Page 56: ...nfigurations Figure 4 4 EMG 7500 Rack Mount Screw Placement 1 Attach the brackets on the sides of the EMG unit using a screwdriver and the screws provided with the mounting kit 2 Mount the unit secure...

Page 57: ...diameter holes at a depth of 1 25 inches 32 mm 3 Insert the anchors until they are flush with the surface 4 Thread four pan head top mount screws through the unit mount hole and through the anchor and...

Page 58: ...mounts can go through the screw heads on the wall Connecting to a Device Port You can connect almost any device that has a serial console port to a device port on the EMG unit for remote administratio...

Page 59: ...gure 4 8 EMG 7500 Front Side To connect to a USB device port 1 Connect the USB type A connector of a USB cable to a device port 2 Connect the other end of the USB cable to a USB console port 4 Ground...

Page 60: ...op bit No flow control To connect the console port to a terminal or computer with terminal emulation Lantronix offers optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25...

Page 61: ...VDC The EMG ships with an external AC 90W 100 240V 50 60 Hz 12 VDC power supply See EMG 7500 Package Contents on page 53 Warning Risk of serious electric shock Disconnect the power cord before servic...

Page 62: ...26 AWG OR LARGER e g 24 AWG UL LISTED OR CSA CERTIFIED TELECOMMUNICATION LINE CORD Attention POUR R DUIRE LES RISQUES D INCENDIE UTILISER UNIQUEMENT DES CONDUCTEURS DE T L COMMUNICATIONS 26 AWG AU DE...

Page 63: ...IP Address Your EMG must have a unique IP address on your network The system administrator generally provides the IP address and corresponding subnet mask and gateway The IP address must be within a...

Page 64: ...nitial setup 3 Locate the EMG in the device list The device s firmware version serial number IP address and MAC address will be shown Additional information can be obtained by clicking the three dot m...

Page 65: ...2 Quick Setup 4 To accept the defaults select the Accept default Quick Setup settings checkbox on the top portion of the page and click the Apply button at the bottom of the page Otherwise continue wi...

Page 66: ...ading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for the last segment octet Note Currently the EMG does not support configu...

Page 67: ...t s location Date From the drop down lists select the current month day and year Time From the drop down lists select the current hour and minute Time Zone From the drop down list select the appropria...

Page 68: ...uick Setup script 1 Do one of the following With a serial terminal connection power up and when the command line displays press Enter With a network connection use an SSH client or Telnet program if T...

Page 69: ...not display Enter all IP addresses in dot quad notation Do not use leading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for t...

Page 70: ..._____________________________________________ The current hostname is emgfcf0 and the current domain is undefined The hostname will be shown in the CLI prompt Specify a hostname emgfcf0 Specify a doma...

Page 71: ...user account can be limited to only the front console port of the EMG device These steps will prevent any local users from logging in restrict the default sysadmin local user to the front console port...

Page 72: ...figure and manage the EMG using most web browsers Firefox Chrome Safari or Internet Explorer web applications with the latest browser updates The EMG unit provides a secure encrypted web interface ove...

Page 73: ...d the Configuration option displays the Device Ports Settings 1 of 2 page Cellular connectivity settings for the LTE cellular module if installed See Cellular Modem Settings on page 93 DIO port settin...

Page 74: ...rmation Configuration site map Status of the EMG Help Button Provides online Help for the specific web page Logging in Only the system administrator or users with web access rights can log into the We...

Page 75: ...ommand set while all other users have access to a reduced command set based on their permissions Logging In To log in to the EMG command line interface 1 Do one of the following With a serial terminal...

Page 76: ...ly For parameter values type the entire value For example you can shorten set network port 1 state static ipaddr 122 3 10 1 mask 255 255 0 0 to se net po 1 st static ip 122 3 10 1 ma 255 255 0 0 Use t...

Page 77: ...gure the current command line session set cli scscommands enable disable Allows you to use Lantronix Secure Console Server SCS compatible commands as shortcuts for executing commands Note Settings are...

Page 78: ...ation about user rights see Chapter 14 User Authentication Table 6 4 CLI Keyboard Shortcuts Keyboard Shortcut Description Control a Move to the start of the line Control e Move to the end of the line...

Page 79: ...st be within a valid range and unique to your network If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the EMG over the network...

Page 80: ...link is established Yellow Light Blinking indicates link activity A variety of SFP modules as one of the user selectable active ports on the EMG In the web UI port banner bar these are represented as...

Page 81: ...orts 1 Click the Network tab and select the Network Settings option The Network Network Settings 1 of 2 and Network Network Settings 2 of 2 displays Figure 7 1 Network Network Settings 1 of 2 The SFP...

Page 82: ...7 Networking EMG Edge Management Gateway User Guide 82 Figure 7 2 Network Network Settings 2 of 2...

Page 83: ...eway Obtain from BOOTP Lets a network node request configuration information from a BOOTP server node If you select this option skip to Gateway Specify Lets you manually assign a static IP address gen...

Page 84: ...r of bytes that can be used in a packet The minimum MTU size is 108 bytes to conform with RFC 2460 and the maximum size is 1500 bytes Active Port Selects either the RJ45 port or the SFP port as the ac...

Page 85: ...supported Click Back to Network Settings link to return to the Network Settings page Hostname The default host name is emgXXXX where XXXX is the last 4 characters of the hardware address of Ethernet...

Page 86: ...work traffic that does not match Eth1 or Eth2 is sent to the default gateway for routing Note If a fail over gateway is configured the Default Gateway must be configured for fail over and fail back to...

Page 87: ...modem is used as the Fail over Port the Fail over Gateway IP Address should be set to the Remote IP address for the PPP connection When Cellular or WLAN is used as the Fail over Port EMG models only t...

Page 88: ...and establish a PPP connection over the phone line and configure the default gateway so that traffic will be routed over the PPP connection If the Modem Timeout is disabled the PPP connection will rem...

Page 89: ...APN power cycle the Sierra gateway and allow it to reboot completely The fail over feature requires that both Ethernet ports be configured with a static IP address Using DHCP on one of the Ethernet p...

Page 90: ...new password will also be configured on the Sierra gateway The Sierra gateway login must be set as user Reboot Gateway When Making Changes check box Select this check box if you wish to reboot the sel...

Page 91: ...ctly as it is represented Load Firmware via Select the method to load the firmware from the options in the drop down menu Options are FTP SFTP SCP USB SD Card and HTTPS FTP is the default If you selec...

Page 92: ...e displays statistics for each of the EMG Ethernet ports since boot up The system automatically updates them Note For Ethernet statistics for a smaller time period use the diag perfstat command Networ...

Page 93: ...EMG unit The Cellular Settings web page allows the user to configure parameters that determine how the EMG cellular modem network behaves and to update the cellular modem firmware To complete the Cell...

Page 94: ...r SIM Card Cellular Network Username and Password The login and password for connecting to the cellular carrier if required The login may have up to 32 characters and the password may have up to 64 ch...

Page 95: ...number of times the modem has been software reset Mode indicates if the modem is online with the cellular network System mode current cellular mode such as LTE PS state the packet service attach stat...

Page 96: ...1 FW 2 FW 3 FW 4 Max FW images Active FW image the firmware images that are loaded in the modem and which firmware slot is being used PRI FF the carrier firmware images that are loaded in the modem Cu...

Page 97: ...initial configuration of the EMG instead of using connections that require a cabled connection The default SSID is Lantronix_EMGxxxx where xxxx is the last 4 characters of the Ethernet port Eth1 MAC a...

Page 98: ...or communicating with the server EAP TTLS uses TTLS Tunneled Transport Layer Security and server side certificates to set up authentication between the EMG and a RADIUS server The actual authenticatio...

Page 99: ...st priority value will be selected for the client connection Profiles can be created manually by entering the SSID and authentication parameters Profiles can also be created with Quick Connect which w...

Page 100: ...7 Networking EMG Edge Management Gateway User Guide 100 Figure 7 5 Network Wireless Settings...

Page 101: ...way can be set as the default gateway for the EMG by configure the gateway precedence in the Network Port Settings DHCP Acquired Primary Secondary DNS read only Displays any DNS servers acquired from...

Page 102: ...for that network needs to exist and be enabled This section describes how to manually to create a profile see also profile Quick Connect The EMG supports up to 4 WLAN profiles with a priority assigne...

Page 103: ...cters are letters numbers space dash period and underscore _ Network Name SSID Enter the Service Set Identifier or network name for the WLAN network The SSID can contain up to 32 characters the charac...

Page 104: ...rties as a form of authentication if mismatches occur no connection establishes Note Open authentication requires a passphrase this passphrase is used to encrypt the data and is not used for authentic...

Page 105: ...n select the type of encryption CCMP preferred TKIP or Any IEEE 802 1X Parameters 802 1X uses enterprise class authentication to grant access to secure networks There are 3 components to 802 1X A supp...

Page 106: ...r Name that can be authenticated by the RADIUS server The User Name can be up to 63 characters long and all printable characters are supported Provide a client side certificate with a Certificate file...

Page 107: ...less device can be used for initial configuration of the EMG instead of using connections that require a cabled connection such as the console port or Ethernet Ports To configure the wireless access p...

Page 108: ...contain up to 32 characters the characters and are not allowed The default SSID is Lantronix_EMGxxxx where xxxx is the last 4 characters of the Ethernet port Eth1 MAC address SSID Broadcast If enabled...

Page 109: ...ith CBC MAC preferred TKIP for Temporal Key Integrity Protocol or Any for both CCMP and TKIP Passphrase Retype Passphrase If WPA or WPA2 is selected for the Security Suite enter the password to connec...

Page 110: ...ters Warning IP filters configuration is a feature for advanced users Adding and enabling IP filter sets incorrectly can disable access to your EMG unit Viewing IP Filters You can view a list of filte...

Page 111: ...nable or disable individual filters To enable IP filters 1 Enter the following Enable IP Filter Select the Enable IP Filter checkbox to enable all filters or clear the checkbox to disable all filters...

Page 112: ...work IP Filter page click the Add Ruleset button The following page displays Figure 7 9 Network IP Filter Ruleset Adding Editing Rulesets Rulesets can be added or updated on this page 2 Enter the foll...

Page 113: ...select the type of protocol through which the filter will operate The default setting is All Port Range Enter a range of destination TCP or UDP port numbers to be tested An entry is required for TCP T...

Page 114: ...rn to the Network IP Filter Ruleset Adding Editing Rulesets page see Figure 7 9 2 Edit the information as desired and click the Apply button Deleting an IP Filter To delete an IP filter rule set 1 On...

Page 115: ...ol RIP to assign routes automatically Disabled by default RIP Version Select the RIP version The default is 2 Enable Static Routing Select to assign the routes manually The system administrator usuall...

Page 116: ...ed in a separate table and can be viewed in the detailed VPN status or in the IP Routes table When a tunnel is up the amount of data passed through the tunnel can be viewed in the status with the byte...

Page 117: ...on it may be necessary to enable IP Forwarding or to add static routes in some cases traffic may not be passed through the tunnel without enabling IP Forwarding or static routes Refer to the VPN routi...

Page 118: ...7 Networking EMG Edge Management Gateway User Guide 118 To set up a VPN connection 1 Click the Network tab and select the VPN option The following page displays Figure 7 11 Network VPN 1 of 2...

Page 119: ...reconnects the console manager side of the tunnel should be started first so that it will act as a responder or server If the console manager side of the tunnel is started after the remote peer the c...

Page 120: ...ill be used in ipsec conf this is the default signifying an address to be filled in by automatic keying during negotiation If the EMG initiates the connection setup the routing table will be queried t...

Page 121: ...accepted values are IKEv1 IKEv2 and Any Default is IKEv2 Any uses IKEv2 when initiating but will accept any protocol version while responding It is recommended that any IKE Encryption or ESP Encrypti...

Page 122: ...ing proposal is found tunnel negotiation will proceed Below is an example of no matching proposal in the log messages charon 04 CFG received proposals ESP AES_CBC_128 HMAC_SHA2_256_128 ECP_256 NO_EXT_...

Page 123: ...isplayed and a tunnel will not be initiated It is possible to override this behavior but it is not recommended RSA Public Key for Remote Peer If RSA Public Key is selected for authentication the remot...

Page 124: ...hour how often the tunnel is rekeyed is calculated as rekeytime minimum 1h 9m 9m 42m rekeytime maximum 1h 9m 0m 51m So the rekeying time will vary between 42 minutes and 51 minutes It is recommended...

Page 125: ...y in seconds between Dead Peer Detection RFC 3706 keepalives R_U_THERE R_U_THERE_ACK that are sent for the tunnel default 30 seconds Dead Peer Detection can also be disabled Dead Peer Detection Timeou...

Page 126: ...he custom ipsec conf must be configured through the EMG UIs and must be configured or installed before a tunnel is brought up with an uploaded ipsec conf file When a tunnel is started with a custom ip...

Page 127: ...IKEv1 This configuration is an example of a remote access connection to a Cisco VPN server responder that uses XAUTH and MODECFG to authenticate and push dynamic IP addresses and DNS servers to a VPN...

Page 128: ...sco configuration Note Main or aggressive mode is determined by the EMG side of the tunnel and does not require any change in the Cisco configuration interface GigabitEthernet0 0 nameif outside securi...

Page 129: ...attributes ikev1 pre shared key Cisco ASA5525x Pre Shared Key IKEv2 This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server responder The aggressive setting can be...

Page 130: ...k access list ASA SLC ACCESS extended permit ip object group local network object group remote network route outside 192 168 0 0 255 255 255 0 192 168 1 204 1 route inside 192 168 3 250 255 255 255 25...

Page 131: ...4 modeconfig pull right 192 168 1 102 rightsubnet 192 168 2 0 24 dpddelay 0 dpdtimeout 120 dpdaction restart auto start type tunnel Cisco configuration crypto ikev2 proposal PROP encryption aes cbc 12...

Page 132: ...transform set ISR esp 3des esp sha384 hmac mode tunnel crypto map CM 10 ipsec isakmp set peer 192 168 1 100 set transform set ISR set ikev2 profile IKEv2_Profile match address VPN TRAFFIC crypto map I...

Page 133: ...listed below are supported TLS SSL Web Server WebSSH Use only SHA2 and Higher for incoming TLS SSL connections will be enabled by default when booting into FIPS mode this can be disabled if necessary...

Page 134: ...P and unencrypted LDAP If any of these protocols functions are enabled prior to enabling FIPS mode they will be automatically disabled The following table shows the algorithms allowed in FIPS mode and...

Page 135: ...s running in FIPS mode the Security page will display all processes that are running in FIPS mode To disable FIPS 1 Uncheck the Enable FIPS Mode check box on the Networks Security page 2 Click Apply T...

Page 136: ...ernal USB thumb drive or SD 200 operations can be stored per probe Responders The EMG can act as a responder for probes that require a responder to answer packets that are sent from the EMG UDP jitter...

Page 137: ...ept Local storage a USB thumb drive inserted in the USB Port U1 or the SD card slot The data is stored in individual directories under a directory called perfmon Once probes have been run and operatio...

Page 138: ...mulated statistics for any operation Latest Results Displays the latest raw packet results for the selected probe Latest Accumulated Displays the latest accumulated statistics for the selected probe S...

Page 139: ...add a new probe or edit an existing probe 1 Click the Network tab and select the Perf Monitoring option The Network Perf Monitoring page displays 2 To add a new probe in the lower section of the page...

Page 140: ...send for each probe For DNS Lookup probes this is the number of lookups to perform For HTTP Get probes this is the number of HTTP Gets to perform For TCP Connect probes this is the number of TCP conne...

Page 141: ...s only supported for ICMP Echo UDP Echo UDP Jitter and UDP Jitter VoIP probes Timeout How long the EMG will wait for a packet to arrive in milliseconds If the packet arrives after the timeout it will...

Page 142: ...es RTT Probe 1 ICMP operation icmp_190709_154146 dat Pkt Time RT Time Result 1 19 07 09 15 41 46 469 0 717 msec OK 2 19 07 09 15 41 46 972 0 556 msec OK 3 19 07 09 15 41 47 482 0 443 msec OK 4 19 07 0...

Page 143: ...and sum squared of the positive or negative jitter times These numbers give a summary of how much variation there was in latency times and if the variation was small or large Latest Accumulated Stati...

Page 144: ...quence Error A packet response was received with an unexpected sequence number Possible reasons are a duplicate packet was received a response was received after it timed out a corrupted packet was re...

Page 145: ...onitoring Commands to view CLI commands which correspond to the web page entries described above Refresh Refreshes the information on the Performance Monitoring Operations page RTT Results Displays th...

Page 146: ...List The following page appears Figure 7 18 FQDN List 2 Enter the following information To add a Host enter the IP address FQDN and click Add Edit Hosts The IP address and hostname displays in the Ho...

Page 147: ...s to all statistics and configurable items provided by the EMG unit It provides read write access to a select set of functions for controlling the EMG and device ports See the MIB definition file for...

Page 148: ...n that may be cause for concern in addition to error messages This is the default for all message types Info Saves informative message in addition to warning and error messages Debug Saves extraneous...

Page 149: ...tely 500 entries You can set the maximum size of the log from 1 to 500 Kbytes Include CLI Commands Select to cause the audit log to include the CLI commands that have been executed Disabled by default...

Page 150: ...ion disabled for security reasons Web Telnet Enables or disables the ability to access the EMG command Iine interface or device ports connect direct through the Web Telnet window Disabled by default T...

Page 151: ...pports both MIB II as defined by RFC 1213 and a private enterprise MIB The private enterprise MIB provides read only access to all statistics and configurable items provided by the console manager It...

Page 152: ...gement Gateway User Guide 152 Figure 8 2 Services SNMP 2 Enter the following Enable Agent Enables or disables the Simple Network Management Protocol SNMP agent which allows read only access to the sys...

Page 153: ...LowHumidity 1 3 6 1 4 1 244 1 1 0 9 slcEventDevicePortDeviceHighHumidity 1 3 6 1 4 1 244 1 1 0 10 slcEventDevicePortDeviceError 1 3 6 1 4 1 244 1 1 0 11 slcEventUSBAction 1 3 6 1 4 1 244 1 1 0 14 slcE...

Page 154: ...ite A string that acts like a password for an SNMP manager to access the read only data from the EMG unit SNMP like a password for an SNMP manager to access the read only data the EMG SNMP agent provi...

Page 155: ...word Password for the user with read write authority to use to access SNMP v3 The default is SNMPRWPASS Up to 20 characters Passphrase Retype Passphrase Passphrase associated with the password for a u...

Page 156: ...save EMG configurations on the network server Similarly use SMB CIFS Server Message Block Common Internet File System Microsoft s file sharing protocol to export a directory on the EMG as an SMB CIFS...

Page 157: ...save configurations to this directory you must enable this option Mount Select the checkbox to enable the EMG unit to mount the file to the NFS server Disabled by default Mounted Indicates if the EMG...

Page 158: ...To access Lantronix ITM devices on the local network 1 Click the Services tab and select the Secure Lantronix Network option The following page displays Figure 8 4 Services Secure Lantronix Network 2...

Page 159: ...nterface that appears and login The CLI interface will indicate when your connection is established 4 To terminate the session use either the host s logoff command or use to terminate a Telnet session...

Page 160: ...bled port number generates a popup window indicating the port is disabled see Figure 8 7 below Figure 8 7 Disabled Port Number Popup Window 2 Click your mouse into the CLI login interface that appears...

Page 161: ...browser error displayed for self signed or untrusted certificates There is a problem with this website s security certificate or Your connection is not private The SSL server that handles Web SSH and...

Page 162: ...in the browser for the primary EMG website will only accept the certificate for port 443 It will not accept the certificate for port 8000 This may result in a popup being displayed in the Web SSH or W...

Page 163: ...et window provide copy and paste functionality via a right click menu the Copy option will copy what is highlighted in the Web SSH or Web Telnet window into an internal non system clipboard and the co...

Page 164: ...column shows the current source of synchronization while the st column reveals the stratum t the type u unicast m multicast l local don t know and poll the poll interval in seconds The when column sh...

Page 165: ...ays the current NTP status if NTP is enabled above Synchronize via Select one of the following Broadcast from NTP Server Enables the EMG unit to accept time information periodically transmitted by the...

Page 166: ...support any versions of the SSL protocol The Web Server page allows the system administrator to Configure attributes of the web server View and terminate current web sessions Import a site specific S...

Page 167: ...t the web uses High Medium security 128 bits or higher for the cipher This option can be used to configure the web to also support just High security ciphers 256 bit 168 bit and some 128 bit or FIPS a...

Page 168: ...fic SSL certificate or generate a custom self signed SSL certificate The custom self signed SSL certificates generated by the EMG use the SHA256 hash algorithm To view reset import or change an SSL Ce...

Page 169: ...Unselected by default Root Filename Filename of the imported root or intermediate Certificate Authority If HTTPS is selected as the method for import the Upload File link will be selectable to upload...

Page 170: ...ur site select the checkbox The SHA256 hashing algorithm will be used to generate the certificate Unselected by default Number of Bits The number of bits to use when generating the certificate 2048 30...

Page 171: ...t by the server An EMG gateway requires a unique Device ID to communicate with the ConsoleFlow portal The ID is viewable in the ConsoleFlow settings If a device is not already pre configured with the...

Page 172: ...splay Status with the date and time the status was sent The client also accepts command messages from the ConsoleFlow server to perform actions such as reboot or shutdown Each time a message is receiv...

Page 173: ...response is received the Device Port status will be set to Disconnected This feature is disabled by default for all device ports and can be enabled for individual device ports via the CLI the frequenc...

Page 174: ...a connection with the Messaging Host The General log see SSH Telnet Logging on page 147 will contain messages about connections made to the Registration Host and Messaging Host Status of Client displa...

Page 175: ...oleFlow active connection is Cloud Device Name The device name displayed in the ConsoleFlow server UI Valid characters are alphanumeric characters dash and underscore _ The default is the device type...

Page 176: ...ficates with HTTPS is enabled for the Registration Host a certificate authority will be used to validate the HTTPS certificates used for TLS Enabled by default Messaging Services If enabled messaging...

Page 177: ...USB port or the SD card slot on the front of the EMG unit You can do this before or after powering up the EMG If the first partition on the storage device is formatted with a file system supported by...

Page 178: ...into the USB port or the SD card slot on the front of the EMG unit 2 Click the USB SD Card tab Figure 9 1 shows the page that displays 3 Click the radio button on the far right of a USB or SD card de...

Page 179: ...3 Devices SD Card Configure 5 Enter the following fields Mount Select the checkbox to mount the first partition of the storage device on the EMG unit if not currently mounted Once mounted a USB thumb...

Page 180: ...mount the thumb drive or SD card Select the checkbox to unmount it Warning If you eject a thumb drive or SD card from the EMG unit without unmounting it subsequent mounts of a USB thumb drive or SD ca...

Page 181: ...3 To download a file click the Download File button Select the file from the list 4 To rename a file click the check box next to the filename and enter a new name in the New File Name field 5 Click Re...

Page 182: ...ddress ssh port number where ssh port number is uniquely assigned for each device port 4 If TCP is enabled for a device port establish a raw TCP connection to Eth1 IP address tcp port number or Eth2 I...

Page 183: ...tions if any other configuration is detected at boot the EMG unit will still boot disable use of the device ports and provide indications in the boot messages in the CLI and in the web that the I O co...

Page 184: ...he Devices tab and select the Device Status option The following page displays Figure 10 2 Devices Device Status Device Ports On the Devices Device Ports page you can set up the numbering of Telnet SS...

Page 185: ...modes include To set up Telnet SSH and TCP port numbering 1 Enter the following Idle The port is not in use The port is in data text mode Note You may set up ports to allow Telnet access using the IP...

Page 186: ...2000 ports are automatically assigned numbers 2001 2002 and so on Starting SSH Port Each port is assigned a number for connecting via SSH Enter a number 1025 65528 that represents the first port The...

Page 187: ...pen the Device Ports Settings page 1 You have two options Dashboard Make sure the Configuration radio button directly beneath the Dashboard is selected and click the desired port number in the Dashboa...

Page 188: ...10 Device Ports EMG Edge Management Gateway User Guide 188 The following page displays Figure 10 4 Device Ports Settings 1 of 2...

Page 189: ...speed and a short type description for the USB device The EMG supports up to 8 USB type A Host devices at data rates of HS 480 Mbit s FS 12 Mbit s or LS 1 5 Mbit s Each port has VBUS 5V support of up...

Page 190: ...d by the characters space comma or semicolon then any user who logs into the device port must be a member of one of the specified groups otherwise access will be denied Users authenticated via RADIUS...

Page 191: ...as Sensorsoft devices If the connected device is an RPM the user can assign an RPM to the device port by either select an existing RPM via the Select dropdown or clicking the Add RPM link to configure...

Page 192: ...ork that the IP address falls in will be used For Telnet and SSH the default TCP port numbers 22 and 23 respectively are used to connect to the device port For raw TCP the TCP port number defined for...

Page 193: ...1 command to connect port 1 to a Linux server For example if the user issues the ls command to display a directory on a Linux server then exits the connection the results of the ls will be stored in...

Page 194: ...a straight through Ethernet patch cable without the need for a rolled cable or adapter Enabled by default Note Applies to serial RJ45 device ports only All Lantronix serial adapters are intended to b...

Page 195: ...o the modem user guide Modem Command Modem AT command used to initiate caller ID logging by the modem Note For the AT command refer to the modem user guide Dial Back Number Users with dial back access...

Page 196: ...l in dial on demand PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the DOD CHAP Handshake field...

Page 197: ...hem to zeros select the Zero port counters checkbox in the IP Settings section of the page Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent dat...

Page 198: ...igured while connected to a device port by entering the Power Management Sequence This will display the Power Management and Baud Rate menu which provides an option to set the Baud Rate To configure p...

Page 199: ...Esc P escape key then uppercase P This value is specified as x1bP which is hexadecimal x character 27 1B followed by a P See Key Sequences on page 231 for notes on key sequence precedence and behavio...

Page 200: ...umber will be filled in as well as the managed power supply outlet name if a name is listed for the outlet and one has not already been defined for the managed power supply A unique name for the manag...

Page 201: ...for this device in degrees Fahrenheit instead of Celsius which is the default Humidity Current relative humidity on the device the sensor is monitoring Low Humidity Enter the relative humidity permitt...

Page 202: ...10 9 Sensorsoft Status Device Port Commands Go to Device Port Commands to view CLI commands which correspond to the web page entries described above Device Commands Go to Device Commands to view CLI...

Page 203: ...flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address port TCP Port udp IP Address port UDP Port hostlist Host List Notes To es...

Page 204: ...of a power loss Data logged to a file on an NFS server does not have these limitations The system administrator can define the directory for saving logged data on a port by port basis and configure f...

Page 205: ...send a string to the device or control one of the power supplies associated with the device Syslog Logging Data can be logged to the system log If this feature is enabled the data will appear in the D...

Page 206: ...a set of actions that can be enabled if a data trigger occurs The default is disabled Trigger on Select the method of triggering an action Data Byte Count A specific number of bytes of data This is th...

Page 207: ...one or more of the device port power supplies can be changed Email to The email address of the message recipient s for an email alert To enter more than one email address separate the addresses with a...

Page 208: ...from an NFS server mounted on the EMG Specify the local directory path for the NFS mount Max Number of Files The maximum number of files to create to contain log data to the port These files keep a hi...

Page 209: ...1 Click the Devices tab and select Console Port The following page displays Figure 10 11 Devices Console Port 2 Change the following as desired Baud The speed with which the device port exchanges data...

Page 210: ...ecting If selected when you connect to the console port with a terminal emulator you will see the last lines output to the console for example the EMG boot messages or the last lines output during a C...

Page 211: ...nd the System Configuration report The internal modem provides a subset of the modem functionality available for modems connected to a Device Port and USB modems If the internal modem is installed the...

Page 212: ...em 2 Complete or view the following sections Text Mode PPP Mode State Indicates whether the internal modem is enabled When enabling set the modem to dial out dial in dial back and dial on demand Disab...

Page 213: ...vided by a remote server must be either a single group or multiple groups delimited by the characters comma semicolon or equals for example group group1 group2 or group1 group2 group3 Initialization S...

Page 214: ...d by a DHCP server select Yes This is the default If the EMG unit or the modem have fixed IP addresses select No and enter the Local IP IP address of the internal modem and Remote IP IP address of the...

Page 215: ...nergized turned on the relay is closed connecting both relay ports on the I O connector through the relay When the relay is turned off the signal path is open disconnecting the relay ports on the I O...

Page 216: ...re letters numbers dashes periods and underscores _ State view only Displays the current state of the port on or off The Change State check box and Off On selection can be used to change the state of...

Page 217: ...update bin Sending update bin Bytes Sent 117988 BPS 919 Transfer complete An example of receiving the same file with Zmodem from device port 4 using the CLI emg431d se xmodem receive 4 protocol zmodem...

Page 218: ...mum repository size is 25 MB 3 To rename a file select the box to the right of the file in the Xmodem Files Repository list enter the new file name in the New File Name field and click the Rename File...

Page 219: ...file with the same name already exists in the repository and Receive Overwrite is not enabled the transfer will abort without overwriting the existing file Xmodem Commands Go to Xmodem Commands to vie...

Page 220: ...ect the Host Lists option The following page displays Figure 10 13 Devices Host Lists 2 Enter the following Note To clear fields in the lower part of the page click the Clear Host List button 3 To add...

Page 221: ...default escape character For Telnet the escape character is either a single character or a two character sequence consisting of followed by one character If the second character is the DEL character i...

Page 222: ...llowing 3 View add or update the host parameters Host List Id View only Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the EMG...

Page 223: ...Select the host list in the Host Lists table 2 Click the Delete Host List button After the process completes a confirmation message is displayed on the page Host List Commands Go to Host List Command...

Page 224: ...d for a modem To use sites with a modem create one or more sites described below then enable Use Sites for the modem Sites can be used with the following modem states dial in dial back CBCP Server dia...

Page 225: ...ching site Timeout Logins For text dial in connections the connection can time out after the connection is inactive for a specified number of minutes Negotiate IP Address If the EMG and the remote ser...

Page 226: ...ial back Delay For dial back and CBCP Server the number of seconds between the dial in and dial out portions of the dialing sequence Dial back Retries For dial back and CBCP Server the number of times...

Page 227: ...to CHAP and c the Port is set to None or matches the port the modem is on If the remote peer requests PAP or CHAP authentication from the EMG unit the Remote Dial out Login and Remote Dial out Passwor...

Page 228: ...setting Dial on demand The EMG unit automatically dial outs and establishes a PPP connection when IP traffic destined for a remote network needs to be sent It will remain connected until no data pack...

Page 229: ...y dialing out to establish a PPP connection when IP traffic destined for a remote network needs to be sent When either event occurs an incoming call or IP traffic destined for the remote network the o...

Page 230: ...ith the Authentication setting For PAP the Local Remote list will be used to authenticate the login and password sent by the PPP peer For CHAP the CHAP Handshake Host User Name and Secret User Passwor...

Page 231: ...t key sequences so that the EMG can properly handle each of the functions accessed by the key sequence while connected to a device For example if the View Port Log Sequence is set to the same sequence...

Page 232: ...ic devices see Optimizing and Troubleshooting RPM Behavior on page 244 Devices RPMs To control or view status for an RPM 1 Click the Devices tab and select the RPMs option The RPMs page displays Figur...

Page 233: ...r the selected RPM This option is available for all RPMs Outlets Displays the RPMs Outlets page for RPMs that support individual outlet control and status Beeper Enable Mute Disable If the RPM has a b...

Page 234: ...11 Remote Power Managers EMG Edge Management Gateway User Guide 234 Figure 11 3 RPM Notifications Figure 11 4 RPM Raw Data Log...

Page 235: ...vendors and nearly 1000 different models that are supported the key to ensuring the EMG can properly manage a PDU or UPS is selecting the right model with its associated driver and any required drive...

Page 236: ...es RPMs Add Device page with the same functionality can also be accessed through the Device Ports Settings 1 of 2 page by selecting RPM in the Connected dropdown menu Figure 11 7 Devices RPMs Add Devi...

Page 237: ...device these are extra options which may be required to make the driver work The most frequent use of the driver options is for USB devices the vendor and product ID may be required so that the EMG ca...

Page 238: ...at has reached a low battery state Shutdown all UPSes shutdown all UPSes managed by the EMG Allow battery failure allow the battery to completely fail which may result in the unsafe shutdown of the de...

Page 239: ...PMs provide a model string If the device normally provides the device model and becomes unreachable or does not provide a model string the Model is derived from the supported model list strings of Out...

Page 240: ...life Beeper Status view only For UPS devices only Displays the current state of the UPS beeper Managed via view only Displays the method used to control the RPM device SNMP Network Serial Port USB por...

Page 241: ...Indicates the behavior to take when the UPS reaches a low battery state Options are to Shutdown this UPS shutdown only the UPS that has reached a low battery state Shutdown all UPSes shutdown all UPSe...

Page 242: ...umbers and their state On or Off If the RPM provides additional information for the outlets the custom name and the current reading in Amperes will also be displayed for each outlet Figure 11 9 RPMs O...

Page 243: ...in what order The UPS with the low battery will be placed into FSD Forced Shutdown mode The following actions will be performed based on the Low Battery Action setting for the UPS with the failed bat...

Page 244: ...re adding the device as an RPM otherwise the RPM may experience query errors If the EMG is unable to communicate with an RPM or an RPM is displaying the error driver is not running the following steps...

Page 245: ...PM Id or Name action show should show a driver running with one or more D flags The debug output can be examined or emailed with the set rpm driver RPM Id or Name action viewoutput email Email Address...

Page 246: ...stom Scripts can be created Each Custom Script run is an operation and the results from each operation can be viewed Up to 50 script result files will be saved locally in the EMG storage Once this max...

Page 247: ...cript details Script Name A unique identifier for the script Type Select Interface for a script that utilizes Expect Tcl to perform pattern detection and action generation on Device Port output Select...

Page 248: ...ields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantro...

Page 249: ...ame in the New Name field 2 Click the Rename Script button The script will be renamed and the Devices Scripts page redisplays To delete a script 1 In the Scripts table select the script to delete 2 Cl...

Page 250: ...script schedule 1 In the Scripts table select the script to enable or disable 2 Click the Enable button this will resume running of a script at its next scheduled time if it was previously disabled or...

Page 251: ...his action requires that a EMG user running the connect script command have Device Port Operations do rights and port permissions for the selected device port 2 To run a Batch Script at the CLI with a...

Page 252: ...mmand suspends execution of the script puts it to sleep for the specified number of seconds Syntax sleep value The while command allows a loop containing CLI commands to be executed Syntax while Boole...

Page 253: ...is section Secondary Command One of the secondary commands defined in this section Quoted String A group of characters enclosed by double quote characters A quoted string may include any characters in...

Page 254: ...r secondary command A value generated via the format secondary command A value generated via the expr timestamp command unset This command removes the definition of a variable within a script Syntax u...

Page 255: ...and attempts to match it against one or more patterns If one of the patterns matches the input the corresponding optional command is executed All expect commands have the same syntax expect string 1 c...

Page 256: ...of str string index str int Return the character located at position int in str string range str int start int end Return a string consisting of the characters in str between int start and int end str...

Page 257: ...t command is analogous to the C language sprintf The format command will only be used in combination with the set command to produce the value for a variable Syntax format format string value 1 value...

Page 258: ...or elseif command It executes an associated block of commands if its Boolean expression evaluates to TRUE Each command within the block must be a Primary command Syntax elseif Boolean expression comma...

Page 259: ...session Refer to the following spawn command syntax Note For CLI sessions a local user name should be given For Device Port sessions the devicePort variable will be used by the EMG to connect the scri...

Page 260: ...or write files on the EMG filesystem or interrogate the EMG filesystem The list of commands that are not allowed for Expect scripts includes fork open exp_open exec system log_file pwd 6 For scripts...

Page 261: ...rectly to a device port by logging into the EMG port gets the device hostname loops a couple of times to get port interface statistics and logs out The following is the script set monPort 7 set monTim...

Page 262: ...time The following is the screen output emg247 conn script ex4 deviceport 7 login Logging in sysadmin sysadmin Password PASS Welcome to the Lantronix Edge Management Gateway Model Number EMG851101 Fo...

Page 263: ...7 Seconds since zeroed 1453634 Bytes input 0 Bytes output 0 Framing errors 0 Flow control errors 0 Overrun errors 0 Parity errors 0 EMG251 Port Counter Monitor Script Ending __________________________...

Page 264: ...erface Scripts______Group Permissions_____________________________ getSLC Adm ad nt sv dt lu ra um dp pc rp rs fc dr sn wb sk po do Test Adm ad nt sv dt lu ra um dp pc rp rs fc dr sn wb sk po do monpo...

Page 265: ...EMG251 Current Time 21 25 20 show portcounter deviceport 7 show portcounter deviceport 7 Device Port 7 Seconds since zeroed 1454136 Bytes input 0 Bytes output 0 Framing errors 0 Flow control errors 0...

Page 266: ...nd_user Error err Terminating session n exit err Are there any command line parameters if argc 0 set location lindex argv 0 set now clock seconds set date clock format now format D R if argc 0 myprint...

Page 267: ...emgPrompt expect_out 1 string Run the temperature command exp_send show temperature n expect timeout myprint Timeout waiting for temperature abortSession 3 re Current Internal Temperature r n set emg...

Page 268: ...err Terminating session n exit err set now clock seconds set date clock format now format D R myprint Load of ServerTech PDU outlet B1 at date spawn the port session on a device port if catch spawn n...

Page 269: ...LOGIN r n expect REMOVE r n expect RESTART r n expect timeout myprint Timeout waiting for prompt abortSession 3 re r n r set pduPrompt expect_out 1 string Run the ostat command exp_send ostat b1 n ex...

Page 270: ...ating session n exit err if argc 2 myprint Usage script_md_cisco exp TFTP Server Backup File Name abortSession 1 set tftp lindex argv 0 set configFile lindex argv 1 set enablePassword secret set timeo...

Page 271: ...ggedIn true set passwordPrompt true send enable r set loggedIn true set execMode true Error r n send_user expect_out 0 string abortSession 5 timeout set cnt expr cnt 1 myprint Logged in send copy runn...

Page 272: ...li_radius py RADIUS server RADIUS secret sys exit 1 print Settings RADIUS server on EMG at end now datetime datetime now print now strftime Y m d H M server sys argv 1 secret sys argv 2 proc subproces...

Page 273: ...stdin close proc terminate proc wait sys exit 1 proc stdin write b set radius state enable n proc stdin flush while True output_str proc stdout readline if b RADIUS settings successfully updated in o...

Page 274: ...ached to device port 3 and displays this prompt engcisco_cat3560 the name for device port 3 will be set to engcisco_cat3560 3 import pexpect import datetime import time import sys import re now dateti...

Page 275: ...orts 8 Loop through device ports connect and try to detect the prompt while devicePort numPorts if skipPorts and devicePort 9 and devicePort 16 devicePort devicePort 1 pList append continue print Scan...

Page 276: ...rompt p send n i p expect pexpect TIMEOUT pexpect EOF r n timeout 10 if i 0 or i 1 Timeout or EOF print Timeout waiting for the prompt on DP devicePort p terminate True p wait devicePort devicePort 1...

Page 277: ...te True sys exit 1 elif i 4 prompt loggedIn True devicePort 1 while devicePort numPorts if skipPorts and devicePort 9 and devicePort 16 devicePort devicePort 1 continue if len pList devicePort 1 0 Det...

Page 278: ...ow format D R if argc 0 puts Internal temperature of the location EMG at date else puts Internal temperature of the EMG at date set io open clisession U sysadmin r set loggedIn false while loggedIn se...

Page 279: ...12 Scripts EMG Edge Management Gateway User Guide 279 set gotTemp true puts Temperature emgTemp puts io logout flush io exit 0...

Page 280: ...ections are always re established after reboot At a specified date and time These connections connect after the date and time pass After a specified amount of data or a specified sequence of data pass...

Page 281: ...elnet or SSH into the EMG They could also select text mode where using a terminal emulation program a user could dial into the EMG unit and connect to the command line interface Figure 13 2 Remote Acc...

Page 282: ...ports The device ports on the EMG are connected to the console ports of the equipment To manage a specific piece of equipment the user can Telnet or SSH to a specific port or IP address on the EMG uni...

Page 283: ...are advanced connection settings for specific applications If the EMG is being used as a console or device server it is unlikely that you will need any of the Connection settings described below To c...

Page 284: ...unning a loopback test Note To see the current settings for this device port click the Settings link Data Flow Select the arrow showing the direction bidirectional or unidirectional the data will flow...

Page 285: ...you select Device Port it must not have command line interface logins enabled or be running a loopback test To view the device port s settings click the Settings link to the right of the port number S...

Page 286: ...ministrative access to the EMG via the default sysadmin local user account can be limited to only the front console port of the EMG device See Limiting Sysadmin User Access on page 71 Authentication c...

Page 287: ...NFS LDAP Lightweight Directory Access Protocol A set of protocols for accessing information directories specifically X 500 based directory services LDAP runs over TCP IP or other connection oriented...

Page 288: ...unavailable clear the check box Note When limiting accessibility of the sysadmin login to the physical EMG console manager device make sure to uncheck Attempt next method on authentication rejection 6...

Page 289: ...and Rights You cannot deny a user rights defined for the group but you can add or remove all other rights at any time By default the system assigns new users to the Default Users group but you can cha...

Page 290: ...g all local and remote users To enable local and or remote users 1 Enter the following Enable Local Users Select to enable all local users except sysadmin The sysadmin user is always available regardl...

Page 291: ...to an EMG custom group allow EMG access if matched Disabled by default Complex Passwords Select to enable the EMG unit to enforce rules concerning the password structure e g alphanumeric requirements...

Page 292: ...is recommended that you change the default password on initial setup The password should be recorded and stored in a secure place accessible by at least two authorized system administrators To change...

Page 293: ...Note The UID must be unique If it is not EMG unit automatically increments it Starting at 101 the EMG finds the next unused UID Listen Ports The device ports that the user may access to view data usi...

Page 294: ...line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which...

Page 295: ...ditable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage Secu...

Page 296: ...Local Remote Users page select the user and click the Add Edit User button The Local Remote User Settings page displays 2 Click the Delete User button 3 Click the Apply button To change the sysadmin...

Page 297: ...oes not provide port permissions you can use this page to grant device port access to users who are authenticated through NIS All NIS users are members of a group that has predefined user rights assoc...

Page 298: ...wed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp See Key Sequences on page 231 f...

Page 299: ...SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Sh...

Page 300: ...icrosoft Active Directory The LDAP implementation supports LDAP servers that do not allow anonymous queries Users who are authenticated through LDAP are granted device port access through the port per...

Page 301: ...de 301 Figure 14 6 User Authentication LDAP 2 Enter the following Enable LDAP Displays selected if you enabled this method on the first User Authentication page If you want to set up this authenticati...

Page 302: ...bjectclass The objectclass used by the LDAP server for groups If nothing is specified for the group filter the EMG will use posixGroup For AD LDAP servers the objectclass for groups is typically Group...

Page 303: ...mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x char...

Page 304: ...et logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC devices on the local subnet Date Time Right to set the date and time Reboot Shutdown Rig...

Page 305: ...enticated through RADIUS are granted device port access through the port permissions on this page All RADIUS users are members of a group that has predefined user rights associated with it You can add...

Page 306: ...y an optional port the EMG uses the default RADIUS port 1812 Server 2 Secret Text that serves as a shared secret between a RADIUS client and the server EMG unit The shared secret is used to encrypt a...

Page 307: ...group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Web Access Networking Date Time Reboot S...

Page 308: ...e is specified and it matches a current EMG custom group name any rights attribute will be ignored and the custom group s rights permissions will be used instead A group name with spaces cannot be spe...

Page 309: ...tributes VENDOR Lantronix 244 BEGIN VENDOR Lantronix ATTRIBUTE Lantronix User Attributes 1 string END VENDOR Lantronix Once this is complete the users file can be updated to include the Lantronix VSA...

Page 310: ...in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions on this page All Kerberos users are members of...

Page 311: ...Escape Sequence A single character or a two character sequence that causes the EMG to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then upper...

Page 312: ...logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right t...

Page 313: ...n request to the TACACS server with the Service and optional Protocol The EMG will wait for an authorization response that will indicate if the user was successfully authorized for the requested servi...

Page 314: ...e TACACS here or on the first User Authentication page If you enable TACACS here it automatically displays at the end of the order of precedence on the User Authentication page TACACS Servers 1 3 IPv4...

Page 315: ...d see Custom User Menu Commands you can assign a default custom menu to TACACS users Escape Sequence A single character or a two character sequence that causes the EMG to leave direct interactive mode...

Page 316: ...ins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g EMG or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to sh...

Page 317: ...for groups that a LDAP user is a member of if any of the LDAP group names match a Custom Group Name the LDAP user will be granted the rights of the custom group A custom group cannot be given the nam...

Page 318: ...rt on the front of the EMG unit Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Enable for Dial back Select to grant a user Users with dial back acc...

Page 319: ...the menu at login Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet l...

Page 320: ...group attributes and permissions will be displayed in the lower section of the page 2 Modify the group attributes and permissions and click the Edit Group button To delete a group 1 Select the group...

Page 321: ...n into the EMG unit from the designated host user combination uses the SSH key for authentication Exported Keys The EMG can generate SSH keys for SSH connections out of the EMG for any EMG user The EM...

Page 322: ...nd host if this is not included with the key file For example the public key below from a public private key pair generated by PuTTY can be imported into the console manager but will require the user...

Page 323: ...14 11 User Authentication SSH Keys 2 Enter the following information Imported Keys SSH In Host User Associated with Key These entries are required in the following cases The imported key file does not...

Page 324: ...oaded via HTTPS or to be copied via SCP SFTP or FTP may contain multiple keys or the public key optionally including user host at the end if Copy Paste is used Host IP address of the remote server fro...

Page 325: ...lete button SSH Server Host Keys To view reset or import SSH RSA And DSA host keys 1 On the User Authentication SSH Keys page click the SSH Server Host Keys link at the top right The following page di...

Page 326: ...checkboxes are unselected by default Import Host Key To import a site specific host key select the checkbox Unselected by default Type From the drop down list select the type of host key to import Im...

Page 327: ...o return to the SSH Keys page click the Back to SSH Keys link SSH Commands Go to SSH Key Commands to view CLI commands that correspond to the web page entries described above Path Path of the director...

Page 328: ...Each command can also have a nickname associated with it which can be displayed in the menu instead of the command The commands showmenu Menu Name and returnmenu can be entered to display another men...

Page 329: ...ll replace the currently selected command nickname in the list The Unselect Command Nickname button can be used to unselect the currently selected command nickname in the list 4 To add more commands t...

Page 330: ...Menu Commands From the current menu a user can display another menu thus allowing menus to be nested The special command showmenu Menu Name displays a specified menu The special command returnmenu re...

Page 331: ...nfiguration Restore The Zero Touch Provisioning feature allows a factory defaulted EMG to acquire a default configuration from a DHCP server when it is booted If ZTP will be performed in an untrusted...

Page 332: ...client side key file The console manager will search external storage devices in this order upper USB port lower USB port if present and SD card The first external storage device that is found and su...

Page 333: ...utput in the previous step can be copied to the top level directory of the external storage device that will be used for ZTP The certificate can be verified e g view the algorithms validity date and C...

Page 334: ...can be copied to the top level directory of the external storage device that will be used for ZTP rename client key to key pem and client crt to cert pem The certificate can be verified e g view the r...

Page 335: ...drive or SD card The file should contain one line with the MAC address of the Eth1 Ethernet port with or without colons case insensitive Insert the storage device into the console manager 2 Boot the...

Page 336: ...15 Maintenance EMG Edge Management Gateway User Guide 336 To configure settings 1 Click the Maintenance tab The following page displays Figure 15 1 Maintenance Firmware Configurations...

Page 337: ...g calibration Data Center Rack Row Set these fields to define the rack row the EMG unit is located within a large data center The default for these fields is 1 Data Center Rack Cluster Set these field...

Page 338: ...s before booting the EMG Default is 3 seconds range is 3 1800 seconds Boot Limit how many times the EMG will fail to boot before switching to the alternate boot bank After the EMG fails to boot 2 time...

Page 339: ...t instead of the password protected zip file format The Tarball Format is only available for saving a configuration via HTTPS Restore Factory Defaults Restores factory defaults If you select this opti...

Page 340: ...FTP Server The FTP server specified in the FTP SFTP TFTP section If you select this option select FTP or SFTP to transfer the configuration file NFS Mounted Directory Local directory of the NFS server...

Page 341: ...lays the name and the time and date the file was saved 2 To rename a file select a file enter the New File Name and click the Rename File button 3 To download a file select a file and click the Downlo...

Page 342: ...ays Figure 15 3 Maintenance System Logs 2 Enter the following to define the parameters of the log you would like to view Log Select the type s of log you want to view All Network Services Authenticati...

Page 343: ...to Lantronix Technical Support See Emailing Logs and Reports on page 352 To clear system logs 1 From the Maintenance System Logs page select Maintenance System Logs 2 Click the Clear Log button to cl...

Page 344: ...is saved through EMG reboots 1 Click the Maintenance tab and select the Audit Log option The following page displays Figure 15 5 Maintenance Audit Log 2 To select a sort option click the appropriate b...

Page 345: ...e Maintenance tab and select the Email Log option The following page displays Figure 15 6 Maintenance Email Log 2 To email this log follow the instructions in Emailing Logs and Reports on page 352 3 T...

Page 346: ...can use equivalent commands on the command line interface 1 Click the Maintenance tab and select the Diagnostics option The following page displays Figure 15 7 Maintenance Diagnostics 2 Select Diagnos...

Page 347: ...number of times the string is sent is equal to the number of packets sent For TCP the number of times the string is sent may or may not be equal to the number of packets sent because TCP controls how...

Page 348: ...on connect to default 5201 p port n Format to report f format kmgtKMGT Pause n seconds between reports i interval n Bind to a host an interface or multicast address B bind More detailed output V verb...

Page 349: ...tus and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page 1 Click the Maintenance tab and select the Status Reports option The...

Page 350: ...utes Displays the routing table Connections Displays all active connections for the EMG unit Telnet SSH TCP UDP device port and modem System Configuration Complete Displays a complete snapshot of the...

Page 351: ...de 351 Figure 15 10 Generated Status Reports 4 To email these report s follow the instructions in Emailing Logs and Reports on page 352 Status Commands Go to Status Commands to view CLI commands which...

Page 352: ...ure 15 10 To email a log to an individual 1 In the Comment field of a particular log or report page enter a comment if desired 2 Select the to field beside the empty field where you then enter the per...

Page 353: ...15 Maintenance EMG Edge Management Gateway User Guide 353 Figure 15 12 About EMG...

Page 354: ...Over Under Limit for Sensorsoft devices Humidity Over Under Limit for Sensorsoft devices Device Port Data Drop No Internal Modem Dial Tone Ping Host Fails RPM Load Over Threshold DIO Port State Change...

Page 355: ...tate abnormal the selected action will be triggered if the state changes from the Normal state to the opposite state see DIO Port on page 215 for more information Action From the drop down list select...

Page 356: ...re the user logs in May contain up to 1024 characters Single quote and double quote characters are not supported Welcome to the EMG is the default Note To create more lines use the n character sequenc...

Page 357: ...ds to view CLI commands which correspond to the web page entries described above SSH Banner The text to display when a user logs into the EMG via SSH prior to authentication May contain up to 1024 cha...

Page 358: ...n an administrator can remotely access any of the connected IT devices using Telnet or SSH Figure 16 1 EMG Configuration This chapter includes three typical scenarios for using the EMG unit The scenar...

Page 359: ...net disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff IP non...

Page 360: ...m the SUN server console Mar 15 09 09 44 tssf280r sendmail 292 ID 702911 mail info starting daemon 8 12 2 Sun SMTP queueing 00 15 00 Mar 15 09 09 44 tssf280r sendmail 293 ID 702911 mail info starting...

Page 361: ...deviceport port 1 initscript AT F K3 C1 D2 C0A Device Port settings successfully updated EMG set deviceport port 1 auth pap Device Port settings successfully updated EMG set deviceport port 1 localse...

Page 362: ...and EMG connect direct deviceport 2 SunOS 5 7 login frank Password Last login Wed Jul 14 16 07 49 from computer Sun Microsystems Inc SunOS 5 7Generic October 1998 SunOS computer 5 7 Generic_123485 05...

Page 363: ...___________ Number 2 Name Port 2 Modem Settings Data Settings IP Settings Modem State disabled Baud Rate 9600 Telnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop...

Page 364: ...a connection between the vt100 terminal connected to device port 2 and an outbound telnet session to the server The IP address of the server is 192 168 1 1 EMG connect bidirection 2 telnet 192 168 1...

Page 365: ...specify one of the values aa or bb separated by a vertical line The values are in all lowercase and must be entered exactly as shown Bold indicates a default value parameter name Value User must speci...

Page 366: ...splay the possible names if more than one is possible Following a space after the preceding name Tab displays all possible names Should you make a mistake while typing backspace by pressing the Backsp...

Page 367: ...line Control b move back to the start of the current word Control f move forward to the end of the next word Control u erase from cursor to the beginning of the line Control k erase from cursor to end...

Page 368: ...config checksum Syntax admin config checksum Description Displays a checksum for the current configuration Can be used to determine if the configuration has changed admin config copy Syntax admin conf...

Page 369: ...retain after the config restore or config factorydefaults Description Restores the EMG unit to factory default settings admin config restore Syntax admin config restore Config Name location local ftp...

Page 370: ...Mounted Dir usbport U1 Description Lists the configurations saved to a location admin eeprom Syntax admin eeprom slot integer id string slot 0 for first slot 1 for second slot 2 for third slot 3 for...

Page 371: ...nter advanced recovery mode If Boot Count has reached Boot Limit setting this value to 0 will enable the EMG to boot again Default is 0 range is 0 1 admin firmware bootlimit Syntax admin firmware boot...

Page 372: ...n before forcing a reboot admin firmware show Syntax admin firmware show viewlog enable disable Description Lists the current firmware revision the boot bank status and optionally displays the log con...

Page 373: ...server Syntax admin ftp server IP Address or Hostname login User Login path Directory Description Sets the FTP TFTP SFTP server used for firmware updates and configuration save restore admin ftp show...

Page 374: ...uicksetup Syntax admin quicksetup Description Runs the quick setup script admin reboot Syntax admin reboot Description Immediately terminates all connections and reboots the EMG admin shutdown Syntax...

Page 375: ...tp scp rootfile Cert Authority File certfile Certificate File privfile Private Key File host IP Address or Name login User Login path Path to Files Description Imports an SSL certificate admin web cer...

Page 376: ...Remote Group Name Description Configures the group that can access the web admin web server Syntax admin web server enable disable Description Enables or disables running the web server TCP ports 80...

Page 377: ...ent ciphers admin web banner Syntax admin web banner Description Configures the banner displayed on the web home page admin web iface Syntax admin web iface none eth1 eth2 cell wlan ppp Description De...

Page 378: ...or disables TLS v1 0 admin web tlsv11 Syntax admin web tlsv11 enable disable Description Enables or disables TLS v1 1 admin web restart Syntax admin web restart Description Restarts the web server War...

Page 379: ...Syntax admin chip resetsfp ethport 1 2 Audit Log Commands show auditlog Syntax show auditlog command user clear Description Displays audit log By default shows the audit log sorted by date time You ca...

Page 380: ...user Description Displays attributes of the currently logged in user Kerberos Commands set kerberos Syntax set kerberos one or more parameters Parameters allowdialback enable disable clearports Port L...

Page 381: ...ommands set ldap Syntax set ldap one or more parameters Parameters state enable disable server1 IP Address or Name server2 IP Address or Name port TCP Port base LDAP Base bindname Bind Name bindwithlo...

Page 382: ...e port set ldap bindpassword Description Set the LDAP bind password Syntax set ldap bindpassword set ldap certificate import Description To upload X 509 PEM certificate for Start TLS encrypted connect...

Page 383: ...Name uid User Identifier group default power admin Custom Group Name passwordexpires enable disable permissions Permission List Note See User Permissions Commands on page 390 for information on groups...

Page 384: ...les authentication of local users set localusers delete Syntax set localusers delete User Login Description Deletes a local user set localusers lifetime Syntax set localusers lifetime Number of Days D...

Page 385: ...Number of Days Description Sets the number of days the system warns the user that the password will be expiring The default is 7 days set localusers reusehistory Syntax set localusers reusehistory Nu...

Page 386: ...users lock Syntax set localusers lock User Login Description Blocks locks a user s ability to login set localusers unlock Syntax set localusers unlock User Login Description Allows unlocks a user s ab...

Page 387: ...group default power admin listenports Port List master IP Address or Hostname permissions Permission List Note See User Permissions Commands on page 390 for information on groups and user rights slave...

Page 388: ...mission List Note See User Permissions Commands on page 390 for information on groups and user rights timeout enable 1 30 Note Sets the number of seconds after which the connection attempt times out I...

Page 389: ...uthorize protocol Protocol for Service timeout 1 10 seconds dataports Port List listenports Port List clearports Port List escapeseq 1 10 Chars breakseq 1 10 Chars custommenu Menu Name allowdialback e...

Page 390: ...admin custom group name Description Adds a local user to a user group or changes the group the user belongs to set localusers lock Syntax set localusers lock User Login Description Blocks locks a use...

Page 391: ...rberos tacacs permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rp rs rc dr wb sn ad md sd Description Sets permissions not already defined by the assig...

Page 392: ...thod Access to authenticated remote users whose LDAP group or TACACS priv_lvl map to a EMG custom group set remoteusers listonlyauth Syntax set remoteusers listonlyauth enable disable Description Conf...

Page 393: ...ription Sets a permission group for remotely authorized users Cellular Modem Commands set cellular Syntax set cellular parameters Parameters state dhcp disable apn APN of Mobile Carrier roam enable di...

Page 394: ...fault and can be disabled set cflow statusinterval Syntax set cflow statusinterval 1 60 minutes fwconfiginterval 1 72 hours Description Set interval between status updates and firmware and configurati...

Page 395: ...ConsoleFlow Cloud or On Premise settings set cflow devicename Syntax set cflow devicename Device Name description Device Description Description Configure the device name and description used for regi...

Page 396: ...ow show cflow status show cflow perfmon show cflow scripts show cflow probes Description Show ConsoleFlow settings CLI Commands set cli Syntax set cli scscommands enable disable Parameters set cli scs...

Page 397: ...to run Syntax set cli menu start Menu Name set cli terminallines set cli terminallines disable Number of lines Description Sets the number of lines in the terminal emulation screen for paging through...

Page 398: ...e Port or Name exclusive enable disable ssh IP Address or Name port TCP Port SSH flags where SSH flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP...

Page 399: ...e port TCP Port udp IP Address port UDP Port hostlist Host List Description Connects to a device port to monitor and or interact with it or establishes an outbound network connection connect global ou...

Page 400: ...here SSH flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address or Name port TCP Port trigger now datetime chars If the trigger i...

Page 401: ...ax show connections connid Connection ID email Email Address Description Displays details for a single connection You can optionally email the displayed information Console Port Commands set consolepo...

Page 402: ...Assigns a custom user menu to a local user set menu add Syntax set menu add Menu Name command Command Number Description Creates a new custom user menu or adds a command to an existing custom user me...

Page 403: ...s kerberos tacacs custommenu Menu Name Description Assigns a custom menu to users who authenticate via NIS LDAP Radius Kerberos or TACACS set remoteusers add edit Syntax set remoteusers add edit User...

Page 404: ...e zone one parameter at a time show datetime Syntax show datetime Description Displays the local date time and time zone set ntp Syntax set ntp one or more ntp parameters Parameters localserver1 IP Ad...

Page 405: ...midity permitted for the port sensorsoft degrees celsius fahrenheit Enables or disables temperature settings as celcius or fahrenheit sensorsoft traps enable disable Enables or disables traps when spe...

Page 406: ...ser cbcpnocallback enable disable chapauth chaphost localusers chaphost CHAP Host or User Name checkdsr enable disable closedsr enable disable connectedmsg enable disable databits 7 8 device none sens...

Page 407: ...enable disable parity none odd even portlogseq 1 10 Chars poweraction on off cycle powermgmtseq 1 10 Chars powersupply Managed Power Supply Name remoteipaddr negotiate IP Address restartdelay PPP Res...

Page 408: ...dchapsecret Reset a device port terminating and restarting all relevant connections set deviceport port Device Port or List or Name reset Configure up to 4 managed power supplies for device connected...

Page 409: ...deviceport names Description Displays a list of all device port names show deviceport port Syntax show deviceport port Device Port List or Name display ip data modem logging device Description Displa...

Page 410: ...or more device ports show portstatus Syntax show portstatus deviceport Device Port List or Name email Email Address Description Displays the modes and states of one or more device port s You can opti...

Page 411: ...le for IPv4 or the Neighbor table for IPv6 for mapping IP Addresses to hardware addresses diag internals Syntax diag internals email Email Address Enable debug printing on the next EMG reboot diag int...

Page 412: ...er of bytes to transmit instead of t n bytes n KMG Time in seconds to transmit for default 10 secs t time n Set the IPv6 flow label L flowlabel n Use a zero copy method of sending data Z zerocopy Omit...

Page 413: ...for USB device ports diag netstat Syntax diag netstat protocol all tcp udp email Email Address Defaults protocol all Description To display a report of network connections You can optionally email th...

Page 414: ...In Bytes ethport 1 2 Defaults count 5 packetsize 64 diag sendpacket host Description Generate and send Ethernet packets Syntax diag sendpacket host IP Address or Name port TCP or UDP Port Number strin...

Page 415: ...mbers will displayed at the end of the line in square brackets Parameters treedisplay enable disable mapdevice enable disable email Email Address Defaults treedisplay enable diag wlan Synopsis Display...

Page 416: ...omodemdial or templimit response is one of action syslog action emailalert emailaddress destination email address action snmptrap nms SNMP NMS community SNMP Community action diorelayon action fwdallt...

Page 417: ...it Event ID parameters Parameters community SNMP Community deviceport Device Port or Name ethport 1 2 host IP Address or Name internal modem nms SNMP NMS oid SNMP Trap OID outlet Outlet rpm RPM Id or...

Page 418: ...sable dialbacknumber Phone Number permissions Permission List Note See help user permissions for information on user rights Rename a group set groups rename Group Name newname New Group Name Delete a...

Page 419: ...Name protocol ssh telnet tcp port TCP Port escapeseq 1 10 Chars Description Adds a new host entry to a list or edit an existing entry set hostlist edit Host List Name move Syntax set hostlist edit Hos...

Page 420: ...HAP Host or User Name initscript Modem Init Script chapauth chaphost localusers nat enable disable dialbacknumber usernumber Phone Number checkdialtone disable 5 600 min dialbackdelay PPP Dialback Del...

Page 421: ...ble usbport U1 state enable ruleset Ruleset Name internal modem state disable internal modem state enable ruleset Ruleset Name Description Maps an IP filter to an interface set ip filter rules Syntax...

Page 422: ...okentrigger bytecnt charstr usblogging enable disable usbmaxfiles Max of Files usbmaxsize Size in Bytes usbport U1 SD INTSD sysloglogging enable disable Description Configures logging settings for one...

Page 423: ...port buffers see Chapter 14 User Authentication set log clear modem Syntax set log clear modem Description Clear the modem log the modem log is automatically pruned when it reaches 50K set log modem...

Page 424: ...bytes Bytes to Display startbyte Byte Index logfile NFS USB or SD card Log File Defaults bytes 1000 startbyte 1 numlines 40 Lists the NFS USB or SD card log files either for a specific device port or...

Page 425: ...sable Description Configures IPv4 IPv6 lookup precedence set network gateway Syntax set network gateway parameters Parameters default IP Address ipv6default IPv6 Address precedence dhcp default wlan f...

Page 426: ...rd any extra parameters will be ignored set network gateway reboot set network gateway faildevpin set network gateway faildevpuk set network gateway faildevpassword Description Set default fail over g...

Page 427: ...it full mtu Maximum Transmission Unit activeport rj45 sfp set network ipv6 enable disable Description Displays DNS settings show network dns Syntax show network dns Description Displays DNS settings s...

Page 428: ...rk sfp Syntax show network sfp Description Displays network port 1 and port 2 SFP diagnostics show network all Syntax show network all Description Displays all network settings NFS and SMB CIFS Comman...

Page 429: ...nmounts a remote NFS share set cifs Syntax set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup Description Configures th...

Page 430: ...ommands show perfmon Syntax show perfmon Parameters show perfmon probe all Probe Id or Name Description Display global settings and all probes or a selected probe show perfmon status Syntax show perfm...

Page 431: ...l Address Description Display round trip times RTT for last completed operation set or selected set and optionally email the complete results show perfmon accumulated Syntax show perfmon accumulated P...

Page 432: ...et perfmon udpechoresp Syntax set perfmon udpechoresp UDP Port Number disable Description Enable responders for UDP echo set perfmon tcpconnectresp Syntax set perfmon tcpconnectresp TCP Port Number di...

Page 433: ...yntax set perfmon edit Probe Id or Name parameters Parameters name Probe Name starttime now HH MM SS MMDD afterHH MM SS operations Number of Operations to Perform frequency Seconds between Operations...

Page 434: ...Commands set routing Syntax set routing parameters Parameters rip enable disable route 1 64 ipaddr IP Address mask Netmask gateway IP Address static enable disable version 1 2 both Description Configu...

Page 435: ...RPM Id or Name outlet all Outlet or List state on off cyclepower Description Sends a command to control one or more outlets on an RPM Syntax set rpm command RPM Id or Name device reboot shutdown Desc...

Page 436: ...e Drivers running in debug mode will generate copious output and for disk space reasons should not be left running in debug mode for long periods of time set rpm edit Syntax set rpm edit RPM Id or Nam...

Page 437: ...ipt import Syntax set script import interface batch custom via ftp scp copypaste file Script File name Script Name host IP Address or Name login User Login path Path to Script File filetype expect tcl...

Page 438: ...t runcli Script Name parameters Command Line Parameters debug enable disable Description Run a CLI batch or custom script one time script output will be displayed in the current terminal custom script...

Page 439: ...ecified as hours 4H for 4 hours or days 2D for 2 days show script Syntax show script type interface batch custom name Script Name Description Display list of scripts or view the details and contents o...

Page 440: ...Card set sdcard format filesystem ext2 fat16 fat32 ntfs Defaults filesystem ext2 Runs a filesystem check on a SD Card recommended if it does not mount set sdcard fsck Displays a directory listing of...

Page 441: ...e genlog off error warning info debug v1 enable disable syslogserver1 IP Address or Name v2c enable disable syslogserver2 IP Address or Name traps enable disable rpmlogsize 5 40 Kbytes trapversion 1 2...

Page 442: ...t SNMP v3 read only read write and trap password passphrase show services Syntax show services Description Displays current service settings Site Commands Configure a set of site oriented modem parame...

Page 443: ...secret Site Name Deletes a site set site delete Site Name show site all names Site Name SLC Network Commands Displays all SLC SLB EMG and Spider units on the local network set slcnetwork Syntax set sl...

Page 444: ...shkey delete one or more parameters Parameters keyhost SSH Key Host keyname SSH Key Name keyuser SSH Key User Description Deletes an ssh key Specify the keyuser and keyhost to delete an imported key s...

Page 445: ...t IP Address or Name login User Login Description Imports an SSH key set sshkey server import type Syntax set sshkey server import type rsa dsa via sftp scp pubfile Public Key File privfile Private Ke...

Page 446: ...User viewkey enable disable Description Displays all keys that have been imported or keys for a specific user IP address or name show sshkey server Syntax show sshkey server type all rsa dsa Descript...

Page 447: ...evice Port List or Name email Email Address Description Generates a device port statistics report for one or more ports Optionally emails the displayed information show portstatus Syntax show portstat...

Page 448: ...og diaglog genlog display head tail numlines Number of Lines starttime MMDDYYhhmm ss endtime MMDDYYhhmm ss Description Displays the system logs containing information and error messages Note The level...

Page 449: ...l Address Defaults treedisplay enable Description Displays information about USB buses and the devices connected to them including the mapping between a USB device and the EMG port Note For mapdevice...

Page 450: ...flash drive set usb storage mount Syntax set usb storage mount U1 Description Mounts a USB flash drive in the EMG for use as a storage device The USB flash drive must be formatted with an ext2 or FAT...

Page 451: ...Removes a file on a thumb drive Syntax set usb storage delete U1 file Current Filename show usb storage Description Display product information and settings for any USB thumb drive Syntax show usb st...

Page 452: ...aloutlogin Remote User Login dialoutnumber Phone Number dodauth pap chap dodchaphost CHAP Host or User Name flowcontrol none xon xoff rts cts group Local or Remote Group Name initscript Modem Init Scr...

Page 453: ...formation and settings for any USB modem Syntax show usb modem VPN Commands set vpn Syntax set vpn parameters Description Configures setting for an IPsec VPN tunnel Parameters Parameters tunnel enable...

Page 454: ...parameters will be ignored set vpn xauthpassword Configure X 509 certificate for remote peer or local peer set vpn certificate local via sftp scp rootfile Cert Authority File certfile Certificate Fil...

Page 455: ...uploaded conf file set vpn confaction delete Display all VPN settings and current status show vpn email Email Address Display detailed VPN status show vpn status email Email Address Display VPN logs...

Page 456: ...ap fast leap wpa802username User Name wpa802ttlsauth eap mschapv2 mschapv2 mschap chap pap eap md5 wpa802peapauth eap mschapv2 eap md5 eap tls wpa802fastauth mschapv2 md5 gtc wpa802fastprovision unaut...

Page 457: ...P Japan KCC Korea ETSI Europe without EN 300 440 support EN440 Europe with EN 300 440 support AU Australia and WW World Mode set wlan radio region ww fcc ic etsi en440 kcc jp cn au Warning Each time t...

Page 458: ...ncel Note The calibration offset will be applied one hour after setting the value Description Displays the acceptable range and the current reading from the internal temperature sensor show temperatur...

Page 459: ...odem xfer binary ascii set xmodem receive Device Port or Name file Xmodem File protocol xmodem ymodem zmodem xfer binary ascii overwrite enable disable Description Send or receive files with Xmodem Ym...

Page 460: ...ake about the facility and network infrastructure for example how vulnerable the CAT 5 wiring is to tapping Factors Affecting Security External factors affect the security provided by the EMG unit for...

Page 461: ...wer source should be unplugged first Always connect the power cord to a properly wired and grounded power source Do not use adapter plugs or remove the grounding prong from the cord When disconnecting...

Page 462: ...f the equipment is not compromised Mount the equipment in the rack so that a hazardous condition is not achieved due to uneven mechanical loading Maintain reliable earthing of rack mounted equipment G...

Page 463: ...ts to equipment with serial ports that support EIA 232 formerly RS 232C Only connect the console port to equipment with serial ports that support EIA 232 formerly RS 232C Only connect a telephone line...

Page 464: ...many devices These adapters convert the RJ45 connection on the EMG unit to a 9 pin or 25 pin serial connector found on other manufacturers serial devices or re route the serial signals for connections...

Page 465: ...ters and Pinouts EMG Edge Management Gateway User Guide 465 Figure C 2 RJ45 Receptacle to DB25F DCE Adapter for the EMG Unit PN 200 2067A Figure C 3 RJ45 Receptacle to DB9M DCE Adapter for the EMG Uni...

Page 466: ...s EMG Edge Management Gateway User Guide 466 Figure C 4 RJ45 Receptacle to DB9F DCE Adapter for the EMG Unit PN 200 2070A Use PN 200 2070A adapter with a PC s serial port Figure C 5 RJ45 Receptacle to...

Page 467: ...nfrastructure PKI to set up authentication with a RADIUS server This method requires the use of a client side certificate for communicating with the server EAP TTLS EAP Tunneled Transport Layer Securi...

Page 468: ...tandard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic This enables a company to shield internal addresses from the public In...

Page 469: ...ransfer protocol that is similar to SFTP in that it uses SSH encryption and authentication but is slightly faster SFTP SSH File Transfer Protocol Secure file transfer protocol over SSH Commands and da...

Page 470: ...hether the user has access to the network Telnet A terminal protocol that provides an easy to use method of creating terminal connections to a network host TFTP Trivial File Transfer Protocol Simpler...

Page 471: ...ecification USA FCC 47 CFR part 15 Subpart B FCC 47 CFR part 15 Subpart 22H 22E 27 90S FCC 47 CFR Part 15 Subpart E Canada ISED RSS 130 Issue 2 RSS 132 Issue 3 RSS 133 Issue 6 RSS 139 Issue 3 RSS195 I...

Page 472: ...nt from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsib...

Page 473: ...ilis avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps This device is intended only for use under the following conditions 1 The antenna must be installed such that 20...

Page 474: ...EMG Edge Management Gateway User Guide 474 Figure E 3 EU Declaration of Conformity...

Page 475: ...EMG Edge Management Gateway User Guide 475 Figure E 4 EU Declaration of Conformity continued...

Page 476: ...8500 overholder de v sentlige krav og vrige relevante krav i direktiv 2014 53 EU Den fulde tekst til EU overensstemmelseserkl ringen er tilg ngelig p f lgende internetadresse https www lantronix com...

Page 477: ...conformity is available at the following internet address https www lantronix com products lantronix emg tab docs downloads EU Notice of Restrictions on Use This device is limited to indoor use only...

Page 478: ...i requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 2014 53 EU Il testo completo della dichiarazione di conformit UE disponibile al seguente indirizzo Internet https...

Page 479: ...g tab docs downloads Avvi tal UE dwar Restrizzjonijiet fuq l U u Dan l apparat huwa limitat g al u u ewwa biss Ma jistax jit addem barra hu Magyar Hungarian Alul rott Lantronix Inc nyilatkozom hogy a...

Page 480: ...te dispositivo est limitado apenas ao uso interno N o pode ser operado ao ar livre Romanian Prin prezenta Lantronix Inc declar c acest EMG 8500 respect cerin ele esen iale i alte dispozi ii relevante...

Page 481: ...Fi IoT module sp a z kladn po iadavky a v etky pr slu n ustanovenia Smernice 2014 53 EU pln znenie E vyhl senia o zhode je k dispoz cii na tejto internetovej adrese https www lantronix com products la...

Page 482: ...LTE 1 1920 1980 Mhz 23 dBm 1 dB LTE 2 1850 1920 Mhz 23 dBm 1 dB LTE 3 1710 1785 Mhz 23 dBm 1 dB LTE 4 1710 1755 Mhz 23 dBm 1 dB LTE 5 824 849 Mhz 23 dBm 1 dB LTE 8 880 915 Mhz 23 dBm 1 dB LTE 12 699...

Reviews: