Home » Lantronix Manuals » Electronics Accessories » Lantronix EMG 8500 » Manual Viewer

Lantronix EMG 8500 EMG User Guide - Page 234

CBCP Server and CBCP Client, CBCP Server, CBCP Client, CBCP Server Allow No Callback

Add to My Manuals
Save this manual to your list of manuals

Page 234 highlights

10: Device Ports demand connection will be started for each, waiting for IP traffic destined for a remote network. When IP traffic needs to be sent, the EMG unit dials the appropriate Dial-out Number for the site, and if the remote peer requests PAP or CHAP authentication, provides the Dial-out Login and Dial-out Password as authentication tokens. Once authenticated, a PPP session will be established using either negotiated IP addresses or specific IP addresses (determined by the Negotiate IP Address setting). The PPP connection will stay active until no IP traffic is sent for Modem Timeout seconds. Once the timeout has expired, the PPP connection will be terminated and will not be reestablished for at least Restart Delay seconds. CBCP Server and CBCP Client Callback Control Protocol (CBCP) is a PPP option that negotiates the use of callback where the server, after authenticating the client, terminates the connection and calls the client back at a phone number that is determined by the CBCP handshake. For more information on CBCP, see http://technet.microsoft.com/en-us/library/cc957979.aspx. CBCP is used primarily by Microsoft PPP peers. CBCP supports two options for determining the number to dial on callback: the client can specify a user-defined number for the server to dial on callback, or the client can request the server use an administrator-defined number to dial on callback. Optionally, some servers may also allow "no callback" as an option. CBCP Server The EMG waits for a client to call the EMG unit, establishes a PPP connection, authenticates the user, and negotiates a dial-back number with the client using CBCP. If the EMG is able to determine a dial-back number to use, it hangs up and calls the dial-back number. When a call is received, a PPP connection is established, and the user will be authenticated via PAP or CHAP (configured with the Authentication setting). For PAP, the Local/Remote list will be used to authenticate the login and password sent by the PPP peer. For CHAP, the CHAP Handshake Host/User Name and Secret/User Password will be used to authenticate CHAP Challenge response sent by the PPP peer. If the remote peer requests PAP or CHAP authentication from the EMG unit, the Remote/Dial-out Login and Remote/Dial-out Password will be provided as authentication tokens. Once authenticated, the CBCP handshake with the client determines the number to use for dial-back. The EMG unit will present the client with the available options: if the authenticated user is a Local/Remote User with Allow Dial-back enabled and a Dial-back Number defined, the administrator-defined option is allowed; if this is not the case, the user-defined number is allowed. Additionally, if CBCP Server Allow No Callback is enabled, the client can also select no callback (the PPP connection established at dial-in will remain up). The client will select from the available callback options. If the EMG unit can determine a dial-back number to use, it will hang up and wait Dial-back Delay seconds before initiating the dial-back (if the dial-back fails, the EMG will try Dial-back Retries times to dial-back). The EMG unit will call back the previously authenticated remote peer, and if the remote peer requests PAP or CHAP authentication, provide the Remote/Dial-out Login and Remote/Dial-out Password as authentication tokens. Once authenticated, a PPP session will be established using either negotiated IP addresses or specific IP addresses (determined by the Negotiate IP Address setting). CBCP Client The EMG unit will dial out to a CBCP server, establish a PPP connection, negotiate a callback number with the server using CBCP, terminate the connection, and wait for the server to call back. The EMG unit dials the Dial-out Number, and if the remote peer requests PAP or CHAP authentication, provides the Remote/Dial-out Login and Remote/Dial-out Password as authentication tokens. Once authenticated, the CBCP handshake with the server determines the EMG™ Edge Management Gateway User Guide 234

Section	Page
EMG™ Edge Management Gateway User Guide	1
EMG 8500	1
EMG 7500	1
Intellectual Property	2
Warranty	2
Contacts	2
Open Source Software	2
Disclaimer & Revisions	3
Revision History	4
Table of Contents	5
List of Figures	16
List of Tables	20
1: About this Guide	21
Purpose and Audience	21
Summary of Chapters	21
Additional Documentation	22
2: Introduction	23
EMG 8500 Overview	23
EMG 7500 Overview	24
Key Features	24
Console Management	24
Performance Monitoring	25
Security	25
Power	25
Integration with Lantronix ConsoleFlow™	25
Applications	25
Protocol Support	26
Configuration Methods	26
Product Information Label	27
EMG 8500 Hardware Components	28
EMG 7500 Hardware Components	29
System Features	30
Access Control	30
Device Port Buffer	30
Console Port Interface	30
Device Port Interfaces	31
I/O Modules	32
Network Connections	32
Connectivity Modules	34
Front Panel LEDs	35
Digital IO Port	35
3: EMG 8500 Installation	37
EMG 8500 Package Contents	37
Order Information	38
User Supplied Items	38
Customize an EMG	38
Hardware Specifications	39
Physical Installation	40
Rack Mount Installation	41
Wall Mount Installation	42
Connecting to a Device Port	44
Modular Expansion for I/O Module Bays	45
Connecting to Network Ports	46
Modular Expansion for Connectivity Module Bays	46
Connecting Terminals	47
Power Input	48
I/O Module Installation	49
Connectivity Module Installation	50
Modem Installation	52
4: EMG 7500 Installation	53
EMG 7500 Package Contents	53
Order Information	53
User Supplied Items	53
Hardware Specifications	54
Physical Installation	55
Rack Mount Installation	56
Wall Mount Installation	57
Connecting to a Device Port	58
Connecting to Network Ports	60
Connecting Terminals	60
Power Input	61
Modem Installation	62
5: Quick Setup	63
Recommendations	63
IP Address	63
Lantronix Provisioning Manager	64
Method #1 Quick Setup on the Web Page	64
Network Settings	66
Date & Time Settings	67
Administrator Settings	67
Method #2 Quick Setup on the Command Line Interface	68
Next Step	71
Limiting Sysadmin User Access	71
6: Web and Command Line Interfaces	72
Web Manager	72
Logging in	74
Logging Out	75
Web Page Help	75
Command Line Interface	75
Logging In	75
Logging Out	76
Command Syntax	76
Command Line Help	76
Tips	76
General CLI Commands	77
7: Networking	79
Requirements	79
Network Port Settings	80
Ethernet Interfaces (Eth1 and Eth2)	83
Hostname & Name Servers	85
DNS Servers	85
DHCP-Acquired DNS Servers	85
TCP Keepalive Parameters	86
Gateway	86
Fail-Over Settings	87
Fail-Over Cellular Gateway Configuration	89
Advanced Cellular Gateway Configuration	90
Fail-Over Cellular Gateway Firmware	91
Load Cellular Gateway Firmware Options	91
Ethernet Counters	92
Network Commands	92
Cellular Modem Settings	93
Cellular Interface	94
Cellular Modem Configuration	94
Cellular Modem Firmware	94
Load Cellular Modem Firmware Options	95
Cellular Status	95
Cellular Modem Commands	96
Wireless Settings	97
Wireless Overview	97
Wireless Firmware	99
Troubleshooting	100
Wireless Client Settings	101
Wireless Access Point Settings	108
IP Filter	111
Viewing IP Filters	111
Mapping Rulesets	111
Enabling IP Filters	112
Configuring IP Filters	113
Rule Parameters	114
Updating an IP Filter	115
Deleting an IP Filter	115
IP Filter Commands	115
Routing	116
Dynamic Routing	116
Static Routing	116
Routing Commands	117
VPN Settings	117
Sample ipsec.conf Files	128
VPN Commands	133
Security	134
Performance Monitoring	137
Performance Monitoring - Add/Edit Probe	140
Performance Monitoring - Results	143
Performance Monitoring Commands	147
FQDN List	147
8: Services	148
System Logging and Other Services	148
SSH/Telnet/Logging	148
System Logging	149
Audit Log	150
SSH	150
Telnet	151
Web SSH/Web Telnet Settings	151
SMTP	151
SSH Commands	152
Logging Commands	152
SNMP	152
v1/v2c Communities	156
Version 3	156
V3 User Read-Only	157
V3 User Read-Write	157
V3 User Trap	157
Version 3 TLS (over TCP)	157
Services Commands	159
NFS and SMB/CIFS	160
SMB/CIFS Share	161
NFS and SMB/CIFS Commands	161
Secure Lantronix Network	162
Browser Issues	164
Troubleshooting Browser Issues	165
Web SSH/Telnet Copy and Paste	167
Secure Lantronix Network Commands	167
Date and Time	168
Date and Time Commands	169
Web Server	170
Admin Web Commands	172
Services - SSL Certificate	172
Services - Web Sessions	175
ConsoleFlow	176
ConsoleFlow Commands	180
9: USB/SD Card Port	181
Set up USB/SD Card Storage	181
Manage Files	184
USB Commands	185
SD Card Commands	185
10: Device Ports	186
Connection Methods	186
Permissions	186
I/O Modules	187
Device Status	188
Device Ports	188
Telnet/SSH/TCP in Port Numbers	190
Device Port Global Commands	190
Device Ports - Settings	191
Device Port Settings	193
IP Settings	195
Data Settings	196
Hardware Signal Triggers	197
Modem Settings (Device Ports)	198
Modem Settings: Text Mode	199
Modem Settings: PPP Mode	200
Port Status and Counters	201
Device Ports - Power Management	201
Device Port - Sensorsoft Device	204
Device Port Commands	206
Device Commands	206
Interacting with a Device Port	207
Device Ports - Logging and Events	208
Local Logging	208
NFS File Logging	208
USB and SD Card Logging	208
Token/Data Detection	209
Syslog Logging	209
Token & Data Detection	210
Local Logging	212
Log Viewing Attributes	212
NFS File Logging	212
USB / SD Card Logging	212
Syslog Logging	212
Logging Commands	213
Console Port	213
Console Port Commands	214
Internal Modem Settings	215
Internal Modem Commands	219
DIO Port	219
DIO Commands	220
Xmodem	221
Xmodem Commands	223
Host Lists	224
Host Parameters	224
Host List Commands	227
Sites	228
Site Commands	230
Modem Dialing States	231
Dial In	231
Dial-back	231
Dial-on-demand	232
Dial-in & Dial-on-demand	232
Dial-back & Dial-on-demand	233
CBCP Server and CBCP Client	234
CBCP Server	234
CBCP Client	234
Key Sequences	235
11: Remote Power Managers	236
Devices - RPMs	236
RPMs - Add Device	239
RPMs - Manage Device	242
RPMs - Outlets	246
RPM Shutdown Procedure	246
Optimizing and Troubleshooting RPM Behavior	248
RPM Commands	249
12: Scripts	250
Script Commands	255
Batch Script Syntax	256
Interface Script Syntax	257
Primary Commands	258
Secondary Commands	259
Control Flow Commands	261
Custom Script Syntax	263
Example Scripts	265
13: Connections	284
Typical Setup Scenarios for the EMG unit	284
Terminal Server	284
Remote Access Server	285
Reverse Terminal Server	285
Multiport Device Server	286
Console Server	286
Connection Configuration	287
Connection Commands	289
14: User Authentication	290
Authentication Commands	292
User Rights	293
Local and Remote User Settings	294
Sysadmin Account Default Login Values	295
Adding, Editing or Deleting a User	296
Shortcut	300
Local Users Commands	300
Remote User Rights Commands	300
NIS	301
NIS Commands	303
LDAP	304
LDAP Commands	308
RADIUS	309
RADIUS Commands	312
User Attributes & Permissions from LDAP Schema or RADIUS VSA	312
Kerberos	314
Kerberos Commands	316
TACACS+	317
TACACS+ Groups	317
TACACS+ Commands	321
Groups	322
Group Commands	325
SSH Keys	326
Overview	326
Imported Keys	326
Exported Keys	326
Create an SSH Key	326
Imported Keys (SSH In)	329
Exported Keys (SSH Out)	329
SSH Server/Host Keys	330
SSH Commands	332
Custom Menus	333
Custom User Menu Commands	335
15: Maintenance	336
Firmware & Configurations	336
Zero Touch Provisioning Configuration Restore	336
Creating a Certificate	337
HTTPS Push Configuration Restore	339
Factory Reset with External Storage Device	340
Internal Temperature	342
Site Information	342
EMG Firmware	342
Boot Banks and Bootloader Settings	343
Load Firmware Via Options	344
Configuration Management	344
Manage Files	346
Administrative Commands	346
System Logs	347
System Log Commands	348
Audit Log	349
Audit Log Commands	349
Email Log	350
Logging Commands	350
Diagnostics	351
Diagnostic Commands	354
Status/Reports	354
View Report	354
Status Commands	356
Emailing Logs and Reports	357
Events	359
Events Commands	361
Banners	361
Administrative Banner Commands	362
System Info	363
16: Application Examples	365
Telnet/SSH to a Remote Device	366
Dial-in (Text Mode) to a Remote Device	368
Local Serial Connection to Network Device via Telnet	370
17: Command Reference	372
Introduction to Commands	372
Command	372
Command Line Help	373
Tips	373
Administrative Commands	374
admin banner login	374
admin banner logout	374
admin banner show	374
admin banner ssh	375
admin banner welcome	375
admin config checksum	375
admin config copy	375
admin config rename\|delete	375
admin config factorydefaults	376
admin config restore	376
admin config save	377
admin config show	377
admin eeprom	377
admin firmware bootbank	378
admin firmware bootcount	378
admin firmware bootlimit	378
admin firmware bootdelay	378
admin firmware highrestimers	379
admin firmware watchdog	379
admin firmware show	379
admin firmware update	379
admin firmware clearlog	379
admin ftp password	380
admin ftp server	380
admin ftp show	380
admin memory show	380
admin memory swap add	380
admin memory swap delete	381
admin quicksetup	381
admin reboot	381
admin shutdown	381
admin site	381
admin sysinfo	382
admin version	382
admin web certificate import	382
admin web certificate reset	382
admin web certificate custom	383
admin web certificate custom	383
admin web certificate show	383
admin web group	383
admin web server	383
admin web sha2	383
admin web timeout	384
admin web terminate	384
admin web show	384
admin web banner	384
admin web iface	384
admin web cipher	385
admin web sha2	385
admin web tlsv10	385
admin web tlsv11	385
admin web tlsv12	385
admin web restart	386
admin chip resetmodem	386
Audit Log Commands	386
show auditlog	386
Authentication Commands	387
set auth	387
show auth	387
show user	387
Kerberos Commands	388
set kerberos	388
show kerberos	388
LDAP Commands	389
set ldap	389
set ldap bindpassword	389
set ldap certificate import	390
set ldap certificate delete	390
show ldap	390
Local Users Commands	390
set localusers add\|edit	390
set localusers allowreuse	391
set local users complexpasswords	391
set localusers state	391
set localusers delete	391
set localusers lifetime	392
set localusers maxloginattempts	392
set localusers password	392
set localusers periodlockout	392
set localusers periodwarning	392
set localusers reusehistory	393
set localusers multipleadminlogins	393
set localusers consoleonlyadmin	393
show localusers	393
set localusers lock	393
set localusers unlock	394
set localusers permissions	394
NIS Commands	394
set nis	394
show nis	395
RADIUS Commands	395
set radius	395
set radius server	396
show radius	396
TACACS+ Commands	396
set tacacs+	396
show tacacs+	397
User Permissions Commands	398
set localusers group	398
set localusers lock	398
set localusers unlock	398
set localusers permissions	398
set <nis\|ldap\|radius\|kerberos\|tacacs+> permissions	399
show user	399
Remote User Commands	399
set remoteusers add\|edit	399
set remoteusers listonlyauth	400
set remoteusers denyaccessnocustomgroup	400
set remoteusers denyaccessnocustomgroup <enable\|disable>	400
set remoteusers lock\|unlock	400
set remoteusers delete	400
show remoteusers	400
set <nis\|ldap\|radius\|kerberos\|tacacs+> group	401
Cellular Modem Commands	401
set cellular	401
set cellular update	401
set cellular	402
show cellular	402
ConsoleFlow Commands	402
set cflow client	402
set cflow statusinterval	402
set cflow fwupdate	402
set cflow rebootafterupdate	403
set cflow connection	403
set cflow devicename	403
set cflow timeoutcli	403
set cflow digitalprobe	404
set cflow id	404
set cflow key	404
show cflow	404
CLI Commands	405
set cli	405
set cli menu	405
show cli	405
show user	406
set history	406
show history	406
Connection Commands	406
connect bidirection	406
connect direct	407
connect global outgoingtimeout	407
connect listen deviceport	408
connect terminate	408
connect unidirection	408
show connections	409
show connections connid	409
Console Port Commands	409
set consoleport	409
show consoleport	410
Custom User Menu Commands	410
set localusers	410
set menu add	410
set menu delete	411
set <nis\|ldap\|radius\|kerberos\|tacacs+> custommenu	411
set remoteusers add\|edit	411

Match case Limit results 1 per page

10: Device Ports

EMG™ Edge Management Gateway User Guide

234

demand connection will be started for each, waiting for IP traffic destined for a remote

network.

When IP traffic needs to be sent, the EMG unit dials the appropriate

Dial-out Number

for the

site, and if the remote peer requests PAP or CHAP authentication, provides the

Dial-out

and

Dial-out Password

as authentication tokens. Once authenticated, a PPP session

will be established using either negotiated IP addresses or specific IP addresses (determined

by the

Negotiate IP Address

setting). The PPP connection will stay active until no IP traffic is

sent for

Modem Timeout

seconds. Once the timeout has expired, the PPP connection will be

terminated and will not be reestablished for at least

Restart Delay

seconds.

CBCP Server and CBCP Client

Callback Control Protocol (CBCP) is a PPP option that negotiates the use of callback where the

server, after authenticating the client, terminates the connection and calls the client back at a

phone number that is determined by the CBCP handshake. For more information on CBCP, see

http://technet.microsoft.com/en-us/library/cc957979.aspx

. CBCP is used primarily by Microsoft

PPP peers. CBCP supports two options for determining the number to dial on callback: the client

can specify a user-defined number for the server to dial on callback, or the client can request the

server use an administrator-defined number to dial on callback. Optionally, some servers may also

allow "no callback" as an option.

CBCP Server

The EMG waits for a client to call the EMG unit, establishes a PPP connection, authenticates the

user, and negotiates a dial-back number with the client using CBCP. If the EMG is able to

determine a dial-back number to use, it hangs up and calls the dial-back number.

When a call is received, a PPP connection is established, and the user will be authenticated via

PAP or CHAP (configured with the

Authentication

setting). For PAP, the Local/Remote list will be

used to authenticate the login and password sent by the PPP peer. For CHAP, the

CHAP

Handshake Host/User Name

and

Secret/User Password

will be used to authenticate CHAP

Challenge response sent by the PPP peer. If the remote peer requests PAP or CHAP

authentication from the EMG unit, the

Remote/Dial-out Login

and

Remote/Dial-out Password

will be provided as authentication tokens. Once authenticated, the CBCP handshake with the

client determines the number to use for dial-back. The EMG unit will present the client with the

available options: if the authenticated user is a Local/Remote User with

Allow Dial-back

enabled

and a Dial-back Number defined, the administrator-defined option is allowed; if this is not the case,

the user-defined number is allowed. Additionally, if

CBCP Server Allow No Callback

is enabled,

the client can also select no callback (the PPP connection established at dial-in will remain up).

The client will select from the available callback options. If the EMG unit can determine a dial-back

number to use, it will hang up and wait

Dial-back Delay

seconds before initiating the dial-back (if

the dial-back fails, the EMG will try

Dial-back Retries

times to dial-back). The EMG unit will call

back the previously authenticated remote peer, and if the remote peer requests PAP or CHAP

authentication, provide the

Remote/Dial-out Login

and

Remote/Dial-out Password

authentication tokens. Once authenticated, a PPP session will be established using either

negotiated IP addresses or specific IP addresses (determined by the

Negotiate IP Address

setting).

CBCP Client

The EMG unit will dial out to a CBCP server, establish a PPP connection, negotiate a callback

number with the server using CBCP, terminate the connection, and wait for the server to call back.

The EMG unit dials the

Dial-out Number

, and if the remote peer requests PAP or CHAP

authentication, provides the

Remote/Dial-out Login

and

Remote/Dial-out Password

authentication tokens. Once authenticated, the CBCP handshake with the server determines the