Home » Lantronix Manuals » Electronics Accessories » Lantronix EMG 8500 » Manual Viewer

Lantronix EMG 8500 EMG User Guide - Page 107

EAP TTLS Inner Authentication, EAP-MSCHAPv2, MSCHAPv2

Add to My Manuals
Save this manual to your list of manuals

Page 107 highlights

IEEE 802.1X Parameters, continued 7: Networking PEAP: Protected EAP uses server-side public key certificates to authenticate the EMG with a RADIUS server. PEAP authentication creates an encrypted TLS tunnel between the EMG and the server. The exchange of information is encrypted and stored in the tunnel ensuring the user credentials are kept secure. FAST: Flexible Authentication via Secure Tunneling uses Protected Access Credential (PAC) for verifying clients on the network. Instead of using a certificate to achieve mutual authentication, FAST authenticates by means of a PAC (Protected Access Credential) stored on the EMG, which can be managed dynamically by the authentication server. The PAC can be provisioned (distributed one time) to the client either manually or automatically. Manual provisioning is delivery to the client via disk or a secured network distribution method. Automatic provisioning (used on the EMG) is an in-band distribution. LEAP Configuration: Enter a User Name and Password that can be authenticated by the RADIUS server. The User Name and Password can be up to 63 characters long, and all printable characters are supported. EAP-TLS Configuration: Enter a User Name that can be authenticated by the RADIUS server. The User Name can be up to 63 characters long, and all printable characters are supported. Provide a client side certificate with a Certificate file, Private Key file and Authority Certificate file. The server side certificate can be validated by setting Validate Certificate to Enabled (requires an Authority Certificate); validating server the certificate is highly recommended. Certificate filenames must be unique across all profiles, otherwise certificates for one profile may be overwritten by certificates for another profile. If certificates are used, when saving and restoring configurations, it is recommended that the configuration be saved with SSL Certificates and the configuration be restored with the saved certificates. The Certificate Authority and Certificate are in PEM format (the Certificate Authority may have one or more trusted CA certificates), eg: -----BEGIN CERTIFICATE----(certificate in base64 encoding) -----END CERTIFICATE----- The Key File is in PEM format, eg: -----BEGIN RSA PRIVATE KEY----(private key in base64 encoding) -----END RSA PRIVATE KEY----- EAP-TTLS Configuration: Enter a User Name and Password that can be authenticated by the RADIUS server. The User Name and Password can be up to 63 characters long, and all printable characters are supported. Select the EAP TTLS Inner Authentication used in the TLS tunnel, which can be EAP-MSCHAPv2, MSCHAPv2, MSCHAP, CHAP, PAP or EAP-MD5. EMG™ Edge Management Gateway User Guide 107

Section	Page
EMG™ Edge Management Gateway User Guide	1
EMG 8500	1
EMG 7500	1
Intellectual Property	2
Warranty	2
Contacts	2
Open Source Software	2
Disclaimer & Revisions	3
Revision History	4
Table of Contents	5
List of Figures	16
List of Tables	20
1: About this Guide	21
Purpose and Audience	21
Summary of Chapters	21
Additional Documentation	22
2: Introduction	23
EMG 8500 Overview	23
EMG 7500 Overview	24
Key Features	24
Console Management	24
Performance Monitoring	25
Security	25
Power	25
Integration with Lantronix ConsoleFlow™	25
Applications	25
Protocol Support	26
Configuration Methods	26
Product Information Label	27
EMG 8500 Hardware Components	28
EMG 7500 Hardware Components	29
System Features	30
Access Control	30
Device Port Buffer	30
Console Port Interface	30
Device Port Interfaces	31
I/O Modules	32
Network Connections	32
Connectivity Modules	34
Front Panel LEDs	35
Digital IO Port	35
3: EMG 8500 Installation	37
EMG 8500 Package Contents	37
Order Information	38
User Supplied Items	38
Customize an EMG	38
Hardware Specifications	39
Physical Installation	40
Rack Mount Installation	41
Wall Mount Installation	42
Connecting to a Device Port	44
Modular Expansion for I/O Module Bays	45
Connecting to Network Ports	46
Modular Expansion for Connectivity Module Bays	46
Connecting Terminals	47
Power Input	48
I/O Module Installation	49
Connectivity Module Installation	50
Modem Installation	52
4: EMG 7500 Installation	53
EMG 7500 Package Contents	53
Order Information	53
User Supplied Items	53
Hardware Specifications	54
Physical Installation	55
Rack Mount Installation	56
Wall Mount Installation	57
Connecting to a Device Port	58
Connecting to Network Ports	60
Connecting Terminals	60
Power Input	61
Modem Installation	62
5: Quick Setup	63
Recommendations	63
IP Address	63
Lantronix Provisioning Manager	64
Method #1 Quick Setup on the Web Page	64
Network Settings	66
Date & Time Settings	67
Administrator Settings	67
Method #2 Quick Setup on the Command Line Interface	68
Next Step	71
Limiting Sysadmin User Access	71
6: Web and Command Line Interfaces	72
Web Manager	72
Logging in	74
Logging Out	75
Web Page Help	75
Command Line Interface	75
Logging In	75
Logging Out	76
Command Syntax	76
Command Line Help	76
Tips	76
General CLI Commands	77
7: Networking	79
Requirements	79
Network Port Settings	80
Ethernet Interfaces (Eth1 and Eth2)	83
Hostname & Name Servers	85
DNS Servers	85
DHCP-Acquired DNS Servers	85
TCP Keepalive Parameters	86
Gateway	86
Fail-Over Settings	87
Fail-Over Cellular Gateway Configuration	89
Advanced Cellular Gateway Configuration	90
Fail-Over Cellular Gateway Firmware	91
Load Cellular Gateway Firmware Options	91
Ethernet Counters	92
Network Commands	92
Cellular Modem Settings	93
Cellular Interface	94
Cellular Modem Configuration	94
Cellular Modem Firmware	94
Load Cellular Modem Firmware Options	95
Cellular Status	95
Cellular Modem Commands	96
Wireless Settings	97
Wireless Overview	97
Wireless Firmware	99
Troubleshooting	100
Wireless Client Settings	101
Wireless Access Point Settings	108
IP Filter	111
Viewing IP Filters	111
Mapping Rulesets	111
Enabling IP Filters	112
Configuring IP Filters	113
Rule Parameters	114
Updating an IP Filter	115
Deleting an IP Filter	115
IP Filter Commands	115
Routing	116
Dynamic Routing	116
Static Routing	116
Routing Commands	117
VPN Settings	117
Sample ipsec.conf Files	128
VPN Commands	133
Security	134
Performance Monitoring	137
Performance Monitoring - Add/Edit Probe	140
Performance Monitoring - Results	143
Performance Monitoring Commands	147
FQDN List	147
8: Services	148
System Logging and Other Services	148
SSH/Telnet/Logging	148
System Logging	149
Audit Log	150
SSH	150
Telnet	151
Web SSH/Web Telnet Settings	151
SMTP	151
SSH Commands	152
Logging Commands	152
SNMP	152
v1/v2c Communities	156
Version 3	156
V3 User Read-Only	157
V3 User Read-Write	157
V3 User Trap	157
Version 3 TLS (over TCP)	157
Services Commands	159
NFS and SMB/CIFS	160
SMB/CIFS Share	161
NFS and SMB/CIFS Commands	161
Secure Lantronix Network	162
Browser Issues	164
Troubleshooting Browser Issues	165
Web SSH/Telnet Copy and Paste	167
Secure Lantronix Network Commands	167
Date and Time	168
Date and Time Commands	169
Web Server	170
Admin Web Commands	172
Services - SSL Certificate	172
Services - Web Sessions	175
ConsoleFlow	176
ConsoleFlow Commands	180
9: USB/SD Card Port	181
Set up USB/SD Card Storage	181
Manage Files	184
USB Commands	185
SD Card Commands	185
10: Device Ports	186
Connection Methods	186
Permissions	186
I/O Modules	187
Device Status	188
Device Ports	188
Telnet/SSH/TCP in Port Numbers	190
Device Port Global Commands	190
Device Ports - Settings	191
Device Port Settings	193
IP Settings	195
Data Settings	196
Hardware Signal Triggers	197
Modem Settings (Device Ports)	198
Modem Settings: Text Mode	199
Modem Settings: PPP Mode	200
Port Status and Counters	201
Device Ports - Power Management	201
Device Port - Sensorsoft Device	204
Device Port Commands	206
Device Commands	206
Interacting with a Device Port	207
Device Ports - Logging and Events	208
Local Logging	208
NFS File Logging	208
USB and SD Card Logging	208
Token/Data Detection	209
Syslog Logging	209
Token & Data Detection	210
Local Logging	212
Log Viewing Attributes	212
NFS File Logging	212
USB / SD Card Logging	212
Syslog Logging	212
Logging Commands	213
Console Port	213
Console Port Commands	214
Internal Modem Settings	215
Internal Modem Commands	219
DIO Port	219
DIO Commands	220
Xmodem	221
Xmodem Commands	223
Host Lists	224
Host Parameters	224
Host List Commands	227
Sites	228
Site Commands	230
Modem Dialing States	231
Dial In	231
Dial-back	231
Dial-on-demand	232
Dial-in & Dial-on-demand	232
Dial-back & Dial-on-demand	233
CBCP Server and CBCP Client	234
CBCP Server	234
CBCP Client	234
Key Sequences	235
11: Remote Power Managers	236
Devices - RPMs	236
RPMs - Add Device	239
RPMs - Manage Device	242
RPMs - Outlets	246
RPM Shutdown Procedure	246
Optimizing and Troubleshooting RPM Behavior	248
RPM Commands	249
12: Scripts	250
Script Commands	255
Batch Script Syntax	256
Interface Script Syntax	257
Primary Commands	258
Secondary Commands	259
Control Flow Commands	261
Custom Script Syntax	263
Example Scripts	265
13: Connections	284
Typical Setup Scenarios for the EMG unit	284
Terminal Server	284
Remote Access Server	285
Reverse Terminal Server	285
Multiport Device Server	286
Console Server	286
Connection Configuration	287
Connection Commands	289
14: User Authentication	290
Authentication Commands	292
User Rights	293
Local and Remote User Settings	294
Sysadmin Account Default Login Values	295
Adding, Editing or Deleting a User	296
Shortcut	300
Local Users Commands	300
Remote User Rights Commands	300
NIS	301
NIS Commands	303
LDAP	304
LDAP Commands	308
RADIUS	309
RADIUS Commands	312
User Attributes & Permissions from LDAP Schema or RADIUS VSA	312
Kerberos	314
Kerberos Commands	316
TACACS+	317
TACACS+ Groups	317
TACACS+ Commands	321
Groups	322
Group Commands	325
SSH Keys	326
Overview	326
Imported Keys	326
Exported Keys	326
Create an SSH Key	326
Imported Keys (SSH In)	329
Exported Keys (SSH Out)	329
SSH Server/Host Keys	330
SSH Commands	332
Custom Menus	333
Custom User Menu Commands	335
15: Maintenance	336
Firmware & Configurations	336
Zero Touch Provisioning Configuration Restore	336
Creating a Certificate	337
HTTPS Push Configuration Restore	339
Factory Reset with External Storage Device	340
Internal Temperature	342
Site Information	342
EMG Firmware	342
Boot Banks and Bootloader Settings	343
Load Firmware Via Options	344
Configuration Management	344
Manage Files	346
Administrative Commands	346
System Logs	347
System Log Commands	348
Audit Log	349
Audit Log Commands	349
Email Log	350
Logging Commands	350
Diagnostics	351
Diagnostic Commands	354
Status/Reports	354
View Report	354
Status Commands	356
Emailing Logs and Reports	357
Events	359
Events Commands	361
Banners	361
Administrative Banner Commands	362
System Info	363
16: Application Examples	365
Telnet/SSH to a Remote Device	366
Dial-in (Text Mode) to a Remote Device	368
Local Serial Connection to Network Device via Telnet	370
17: Command Reference	372
Introduction to Commands	372
Command	372
Command Line Help	373
Tips	373
Administrative Commands	374
admin banner login	374
admin banner logout	374
admin banner show	374
admin banner ssh	375
admin banner welcome	375
admin config checksum	375
admin config copy	375
admin config rename\|delete	375
admin config factorydefaults	376
admin config restore	376
admin config save	377
admin config show	377
admin eeprom	377
admin firmware bootbank	378
admin firmware bootcount	378
admin firmware bootlimit	378
admin firmware bootdelay	378
admin firmware highrestimers	379
admin firmware watchdog	379
admin firmware show	379
admin firmware update	379
admin firmware clearlog	379
admin ftp password	380
admin ftp server	380
admin ftp show	380
admin memory show	380
admin memory swap add	380
admin memory swap delete	381
admin quicksetup	381
admin reboot	381
admin shutdown	381
admin site	381
admin sysinfo	382
admin version	382
admin web certificate import	382
admin web certificate reset	382
admin web certificate custom	383
admin web certificate custom	383
admin web certificate show	383
admin web group	383
admin web server	383
admin web sha2	383
admin web timeout	384
admin web terminate	384
admin web show	384
admin web banner	384
admin web iface	384
admin web cipher	385
admin web sha2	385
admin web tlsv10	385
admin web tlsv11	385
admin web tlsv12	385
admin web restart	386
admin chip resetmodem	386
Audit Log Commands	386
show auditlog	386
Authentication Commands	387
set auth	387
show auth	387
show user	387
Kerberos Commands	388
set kerberos	388
show kerberos	388
LDAP Commands	389
set ldap	389
set ldap bindpassword	389
set ldap certificate import	390
set ldap certificate delete	390
show ldap	390
Local Users Commands	390
set localusers add\|edit	390
set localusers allowreuse	391
set local users complexpasswords	391
set localusers state	391
set localusers delete	391
set localusers lifetime	392
set localusers maxloginattempts	392
set localusers password	392
set localusers periodlockout	392
set localusers periodwarning	392
set localusers reusehistory	393
set localusers multipleadminlogins	393
set localusers consoleonlyadmin	393
show localusers	393
set localusers lock	393
set localusers unlock	394
set localusers permissions	394
NIS Commands	394
set nis	394
show nis	395
RADIUS Commands	395
set radius	395
set radius server	396
show radius	396
TACACS+ Commands	396
set tacacs+	396
show tacacs+	397
User Permissions Commands	398
set localusers group	398
set localusers lock	398
set localusers unlock	398
set localusers permissions	398
set <nis\|ldap\|radius\|kerberos\|tacacs+> permissions	399
show user	399
Remote User Commands	399
set remoteusers add\|edit	399
set remoteusers listonlyauth	400
set remoteusers denyaccessnocustomgroup	400
set remoteusers denyaccessnocustomgroup <enable\|disable>	400
set remoteusers lock\|unlock	400
set remoteusers delete	400
show remoteusers	400
set <nis\|ldap\|radius\|kerberos\|tacacs+> group	401
Cellular Modem Commands	401
set cellular	401
set cellular update	401
set cellular	402
show cellular	402
ConsoleFlow Commands	402
set cflow client	402
set cflow statusinterval	402
set cflow fwupdate	402
set cflow rebootafterupdate	403
set cflow connection	403
set cflow devicename	403
set cflow timeoutcli	403
set cflow digitalprobe	404
set cflow id	404
set cflow key	404
show cflow	404
CLI Commands	405
set cli	405
set cli menu	405
show cli	405
show user	406
set history	406
show history	406
Connection Commands	406
connect bidirection	406
connect direct	407
connect global outgoingtimeout	407
connect listen deviceport	408
connect terminate	408
connect unidirection	408
show connections	409
show connections connid	409
Console Port Commands	409
set consoleport	409
show consoleport	410
Custom User Menu Commands	410
set localusers	410
set menu add	410
set menu delete	411
set <nis\|ldap\|radius\|kerberos\|tacacs+> custommenu	411
set remoteusers add\|edit	411

Match case Limit results 1 per page

7: Networking

EMG™ Edge Management Gateway User Guide

107

IEEE 802.1X Parameters,

continued

PEAP:

Protected EAP uses server-side public key certificates to

authenticate the EMG with a RADIUS server. PEAP authentication

creates an encrypted TLS tunnel between the EMG and the server. The

exchange of information is encrypted and stored in the tunnel ensuring

the user credentials are kept secure.

FAST:

Flexible Authentication via Secure Tunneling uses Protected

Access Credential (PAC) for verifying clients on the network. Instead of

using a certificate to achieve mutual authentication, FAST

authenticates by means of a PAC (Protected Access Credential) stored

on the EMG, which can be managed dynamically by the authentication

server. The PAC can be provisioned (distributed one time) to the client

either manually or automatically. Manual provisioning is delivery to the

client via disk or a secured network distribution method. Automatic

provisioning (used on the EMG) is an in-band distribution.

LEAP Configuration:

Enter a

User Name

and

Password

that can be

authenticated by the RADIUS server. The User Name and Password

can be up to 63 characters long, and all printable characters are

supported.

EAP-TLS Configuration:

Enter a

User Name

that can be

authenticated by the RADIUS server. The User Name can be up to 63

characters long, and all printable characters are supported. Provide a

client side certificate with a

Certificate

file,

Private Key

file and

Authority Certificate

file. The server side certificate can be validated

by setting

Validate Certificate

Enabled

(requires an Authority

Certificate); validating server the certificate is highly recommended.

Certificate filenames must be unique across all profiles, otherwise

certificates for one profile may be overwritten by certificates for another

profile. If certificates are used, when saving and restoring

configurations, it is recommended that the configuration be saved with

SSL Certificates and the configuration be restored with the saved

certificates. The Certificate Authority and Certificate are in PEM format

(the Certificate Authority may have one or more trusted CA

certificates), eg:

-----BEGIN CERTIFICATE-----

(certificate in base64 encoding)

-----END CERTIFICATE-----

The Key File is in PEM format, eg:

-----BEGIN RSA PRIVATE KEY-----

(private key in base64 encoding)

-----END RSA PRIVATE KEY-----

EAP-TTLS Configuration:

Enter a

User Name

and

Password

that

can be authenticated by the RADIUS server. The User Name and

Password can be up to 63 characters long, and all printable characters

are supported. Select the

EAP TTLS Inner Authentication

used in the

TLS tunnel, which can be

EAP-MSCHAPv2, MSCHAPv2, MSCHAP,

CHAP, PAP

EAP-MD5