...
Center |
---|
Parameter | Description |
---|
user [Login] | Assigns a name under which the system administrator enters the router from the console or remotely, using telnet/http. | password [Password] | Sets the system administrator's password. Use the "setpass" command to remove user name and password. | [no]useAAA | Enables/disables device access control using a RADIUS server. To use the authentication the AAA module should be running (see "AAA (access control using RADIUS server)). Remember that the AAA authentication method has the highest priority and local login database is used only in case when the required account is not found on the RADIUS server. If there is no local user account the management interface will be accessible with any login and password even if the AAA authentication is turned on. | [no]useLocalAAA | Changes the authentication priority; the local account is checked first, in case it's not found, authentication is performed via RADIUS. | contact [String] | | guest [guest login] | Specifies a login for entering a guest mode, any password may be used. In the guest mode the router's configuration parameters neither security-related parameters can't be modified. Use the "system noguest" command to remove guest access. | name [System Name] | The device name that will be displayed in the browser tab title while the web interface is used. | prompt [any_word] | Replaces the prompt on the screen with the given word of a maximum length of 16 characters. | location [String] | Describes the system location; for example in SNMP protocol. | mgmtAccount [user:pass@host] | Access details for the software update server via SNMP. | gpsxy XX.XXXXX YY.YYYYY | Sets the geographical coordinates of the device (longitude, latitude). | log {on|off} | {show [offset] | clear}| [no]filter | {ADDR | -} | Manages the system log operation: - "on" – display messages on the current console.
- "off" – stop displaying messages on the console.
- "show" – show the system log (time is expressed in seconds/milliseconds back from the current time).
- "clear" – clear the system log.
- "[no]filter" – removes neighboring identical lines from system log leaving only one copy of each message and counts their recurrence (enabled by default).
- "ADDR" – IP address parameter specifies the UNIX host where the system log is located to which messages are directed under the standard "syslog" protocolprotocol. In the "syslogd" settings set settings of the server set the "facility.level" equal equal to "user.notice" or just a numeric value 15 in order to registrate messages.
- "-" – disable logging on the remote host.
| factorypassword {single|otp} | Sets the access mode on the device with the factory password. Each unit has its unique factory access password that can be obtained via the technical support. Once obtained this password stays the same for each factory login attempt (the "single" mode). Setting the unit to "otp" mode tells it to ask for a new password each time the factory login is given (the unit will provide different sequences, that should be submitted to the technical support in order to obtain a new password). Whenever the unit is set to "single" mode again, its unique factory access password is restored. | search [seconds] | Forces all indication to blink for searching the devices in a group of one type units. By default, this mode turns off after 10 seconds. | [no]indicator | Enables/disables LED indicators on the unit in order to hide the active device. | [no]fastroute | Enables/disables the fast routing mode. In this mode the router becomes invisible for traceroute network tracing procedures, while still performing all routing functions. It is not recommended to enable the fast routing mode simultaneously on several devices connected to the same cable Ethernet segment, because this may produce a IP packets storm. | [no]mintgateway | Позволяет использовать в качестве шлюза по умолчанию (default gateway) ближайший узел MINT, который сконфигурирован с опцией “mint extg”, если такой имеется. | [no]authFailLog | Enables/disables the unsuccessful authentication attempts logging. | [no]sendredirects | Enables/disables sending "icmp redirect" messages for the packets source suppression if routing is incorrectly configured. | [no]dropredirects | Enables/disables receiving "icmp redirect" messages for routing tables updating if routing is incorrectly configured. | OfficialAddress X.X.X.X | 0 | Sets the IP address which will be used as a source IP address in all outgoing connections of the unit. The "0" value removes the current address. | icmplimit N [200] | Sets the limit of the outcoming ICMP packets number per second (0 by default, no limitation applied). It helps to avoid the device reboot while network scanning programs are working. The "0" value removesall limitations. | uptime | Displays the time since the last system's reboot. | cpu | Indicates current CPU load (in percent). | [no]pager | Enables/disables page splits in the console output. | [no]ipforwarding | Enables/disables IP Forwarding. | info [-f] [NAME] | Displays device information: - "-f" – full information.
- "NAME" – information about specified section.
| version | Displays the software version. |
|
...
Center |
---|
Parameter | Description |
---|
Request id | Internal unique id of the request. | Type | Request type, i.e. "AccessRequest". | UserName | The user name sent to the RADIUS server. | UserPassword | The password sent to the RADIUS server.Access-Request". |
|
The RADIUS attributes for Access-Request and Access-Accept requests are shown in the tables below.
Access-Request
Center |
---|
Attribute | Description |
---|
1 - User-Name | The user name | 2 - User-Password | The password | 4 - NAS-IP-Address | IP address of the remote access server | 6 - Service-Type | The Login (1) value is sent | 31 - Calling-Station-Id | IP address of the connecting device | 32 - NAS-Identifier | Base station symbolic name | 61 - NAS-Port-Type | The Virtual (5) value is sent |
|
Simplified, extended support of the RADIUS server for the wireless connections identification is provided:
Center |
---|
Attribute=Value | Description |
---|
1 - User-Name = "00-00-00-00-00-00" | Connecting device MAC address | 2 - User-Password = "dummy" | Dummy predefined value | 6 - Service-Type = Framed (2) | The Framed (2) value is sent | 31 - Calling-Station-Id = "00-00-00-00-00-00" | MAC address of the connecting device | 2 - NAS-Identifier = "Infinet Base 1" | Base station symbolic name | 61 - NAS-Port-Type = Wireless-802.16 (27) | Value Wireless-802.16 (27) |
|
Access-Accept
Center |
---|
Attribute | Description |
---|
Session-Timeout | If the response from the RADIUS server contains the Session-Timeout parameter, then after a specified time (sec.), a new authentication request will be sent to extend or break the existing link. Value: 3600 seconds |
|
license
The "license" command manages operations with a license file on the device.
...
Code Block |
---|
|
gps [options] [command]
Options:
-t=<level> - turn trace level (1, 2 or 0 - turn trace off)
-i=<int> - set integrator time constant in seconds
-a[=(0:1)] - turn the power on the antenna amplifier
-r[=(0:1)] - set reset signal
-p=<port> - set TCP port for service (2323 by default)
-s=<baudrate|0> - set baud rate for GPS NMEA port (0 - set 115200)
Command:
start - start GPS service
stop - stop GPS service
coordinates - show GPS coordinates
console - map GPS NMEA port to stdin/stdout
tcp - map GPS NMEA port to TCP service
stat - show GPS statistics
clear - clear GPS statistics |
Center |
---|
Parameter | Description |
---|
-t=<level> | Service messages logging level: - "2" – logging all NMEA messages received from GPS/GLONASS module.
- "1" – logging information about connection/disconnection to GPS/GLONASS, changing the number of visible satellites or a significant change in coordinates.
- "0" – no logging is perfomed.
| -a[=(0:1)] | Turn on/off the power supply to the antenna amplifier (if any): - "1" – turn on (by default, if value is not specified).
- "2" – turn off.
| start | Starts GPS/GLONASS module. | stop | Stops GPS/GLONASS module. | coordinates | Displays information about current GPS/GLONASS receiver state. Command output: Code Block |
---|
| #1> gps coordinates
Satellites: 8
LAT/LONG: 56.811911/60.547041
Altitude: 275.89
HDOP: 0.92
FIX: 3D, GLONASS
Total GPS time: 17:43:19
Total nonvalid time: 00:00:01(0%)
Number of losses: 0
Now coordinates are valid last 17:43:18
Satellites histogram:
^
|
2.0 +
|
3.0 +
|
4.0 +
|
5.0 +
| <1%
6.0 +
| 1%
7.0 +
|||||||||||||||||||||||||||||||||||||||||||||||||| 99%
v
SATmin= 5 SATmax= 10 |
- "Satellites" – current number of visible satellites.
- "LAT/LONG" – receiver geographic coordinates in degrees:
- "LAT" – latitude -90.0000000° ... +90.0000000°.
- "LONG" – longitude -180.0000000° ... +180.00000°.
- "Altitude" – height above sea level in meters.
- "HDOP" – horizontal plane coordinates accuracy reduction coefficient.
Warning |
---|
| For reliable time synchronization, it is recommended to use less then 1,5 the " HDOP" parameter values. |
The GNSS system can have following values: Statistic data (can also be displayed by "gps stat" command): - "Total GPS time" – total time of GPS service operation.
- "Total nonvalid time" – total time during which the coordinates were nonvalid.
- "Number of losses" – coordinates losses number.
- "Now coordinates are valid last …" – time of GPS service operation since coordinates become valid.
- "Satellites histogram" – visible satellites histogram.
- "SATmin" and "SATmax" – the minimum and maximum number of visible satellites recorded since the last statistics reset.
- "FIX - NO FIX|2D|3D" – coordinate determination current state. Following values are available:
- "NO FIX" – coordinates are not defined.
- "2D" – latitude and longitude are defined.
- "3D" – latitude, longitude and height above sea level are defined.
| stat | Dislays statistic about GPS/GLONASS module operation (without current receiver state). | clear | Clears statistic. |
|
Warning |
---|
|
Note, that "tcp", "console", "-i", "-r", "-p" and "-s" parameters are used for diagnostics and debugging in case of emergency and only by specialists. |
Note |
---|
|
The "gps" command is available in software version with the TDMA technology support. |
tsync
Manages external synchronization source.
Syntax:
Code Block |
---|
|
tsync [command]
Command:
enable [BAUDRATE] - enable external synchronization sources
disable - disable external synchronization sources
[no]trace - turn trace (debug) messages output to syslog
[show] - show statistics
clear - clear statistics |
Center |
---|
Parameter | Description |
---|
enable [BAUDRATE] | Enable synchronization by using external source. | disable | Disable external source. | [no]trace | Enable message output tracing (debugging) in the syslog. | [show] | Displays statistic. | clear | Clears statistic. |
|
Note |
---|
|
The "tsync" command is available in software version with the TDMA technology support. |
SSH protocol
SSH (Secure Shell) protocol allows secure remote management of network devices. Its functionality is similar to Telnet protocol but, as opposed to Telnet, SSH encodes all protocol messages/datagrams including transmitted passwords. For using SSH protocol SSH Server and SSH Client is needed. SSH Server accepts connections from client hosts (SSH Clients), performs their authentification and start serving the authorized clients.
InfiNet Wireless devices has built-in SSH Server and SSH Client functionality.
sshd
Built-in SSH Server (SSH daemon) configuration is performed using "sshd" command. By default, the SSH Server is disabled.
Access to the device via SSH protocol may be limited by using "$ACLOCAL" access control list. When "$ACLOCAL" list is configured on the device SSH Server rejects all connection attempts from SSH Clients with IP address or networks that are not present in the list.
Syntax:
Code Block |
---|
|
sshd -help, -h
sshd -port=PORT
sshd -window=SIZE
sshd -keepalive=TIME
sshd -banner=on | off
sshd -log-level={emerg|alert|crit|error|warning|notice|info|debug|LEVEL} [notice]
sshd -algo-list
sshd -kex-algos[=ALGO-LIST]
sshd -hostkey-algos[=ALGO-LIST]
sshd -cipher-algos[=ALGO-LIST]
sshd -hash-algos[=ALGO-LIST]
sshd -comp-algos[=ALGO-LIST]
sshd -auth-methods[=AUTH-METHODS-LIST]
sshd -none-cipher=on | off
sshd start
sshd stop
sshd newkeys
sshd pub[key] {sh[ow] | cl[ear] | de[lete] N}
sshd pub[key] {in[stall] | im[port] [LOGIN[:PASSWORD]@]HOST/FILE} [COMMENT]
sshd tun[nel] add LOGIN PASSWORD IFNAME
sshd tun[nel] del LOGIN | clear |
Center |
---|
Parameter | Description |
---|
-help, -h | Displays the command syntax. | -port=PORT | SSH Server TCP port number, which is used to receive connections SSH, by default is 22. | -window=SIZE | Allows changing SSH Server internal receiving window size in bytes. SSH Server window size defines maximum allowed bandwidth for "SSH Client - SSH Server" data channel. By default, SSH Server window size is 24576 bytes. | -keepalive=TIME | Sets session activity check duration period in seconds. By default server doesn’t make activity check (“0” value). | -banner=on | off | Shows/hide IW WANFleX SSH information banner after loggin. | -log-level={emerg|alert|crit|error|warning|notice|info|debug|LEVEL} [notice] | Allows choosing logging levels of the SSH Server service information that will be written into the system log, to manage system log please use "sys log" command. Different levels of logging can be chosen by "emerg", "alert", "error", "warning", "notice", "info", "debug" parameters or specified by the number of the needed level (from 0 to 7) using numeric "LEVEL" parameter. By default, "info" (6th level) is chosen. | -algo-list | Shows a list of all available SSH algorithms for key exchange ( kex ), authentification ( host key ), data encoding (cipher), data verification ( hash ) and data compression ( compress ). | -kex-algos[=ALGO-LIST] | Choosing kex algorithms from the list of algorithms (ALGO-LIST), to be used in SSH key exchange process. | -hostkey-algos[=ALGO-LIST] | Choosing host key algorithms from the list of algorithms (ALGO-LIST), to be used in SSH Server-Client authentification process. | -cipher-algos[=ALGO-LIST] | Choosing cipher algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data encoding. | -hash-algos[=ALGO-LIST] | Choosing hash algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data verification. | -comp-algos[=ALGO-LIST] | Choosing compression algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data compression. | -auth-methods[=AUTH-METHODS-LIST] | C hoosing an available authentication method from the (AUTH-METHODS-LIST) list. An "all" value enables all authentication methods (set by default). | -none-cipher=on | off | Enable/disable encoding usage. Used when the simple TCP tunnel is needed, that significantly reduces the CPU load. | start | Starts SSH Server. | stop | Stops SSH Server. | newkeys | Host Keys re-generation. Note |
---|
| When first-time started SSH Server generates DSS and RSA Host Keys to be used for public key based SSH Server authentication. |
| pub[key] {sh[ow] | cl[ear] | de[lete] N} | - "show" – shows SSH Client’s public keys that are registered in the SSH Server list.
- "clear" – deletes all the SSH Client’s public keys from the SSH Server.
- "delete" – deletes a certain SSH Client’s public key from the SSH Server list. Parameter "N" – is an index of the key in the list.
| pub[key] {in[stall] | im[port] [LOGIN[:PASSWORD]@]HOST/FILE} [COMMENT] | Allows enabling public key based authentification of SSH Clients. In the Public key authentication mode SSH Server authorize SSH Client bypassing password login procedure. This mode is enabled automatically once a public key of the SSH Client is cached in SSH Server’s registry: - "install" – sets the SSH client public key in the SSH server registry.
- "import" – imports an SSH client's public key into the SSH server registry from a remote FTP server:
- "HOST" – remote FTP server IP address.
- "FILE" – file containing SSH Client’s RSA/DSS public key in OpenSSH or SSH2 format. If login and password are set on the remote FTP server they should be specified as "LOGIN" and "PASSWORD" parameters.
- "COMMENT" – allows adding a comment to the public key entry in the SSH Server list of clients public keys. By default, a comment with clients IP address or FTP IP address from where the key was obtained is added.
| tun[nel] add LOGIN PASSWORD IFNAME | Sets separate authentication parameters for each tap interface: - "LOGIN" – username.
- "PASSWORD" – password.
- "IFNAME" – tap interface name.
If the values above are not specified, default authentication parameters will be used. | tun[nel] del LOGIN | clear | - "del LOGIN" – deletes specified username from the SSH Tunnel configuration.
- "clear" – deletes all SSH Tunnel users from SSH Server configuration.
|
|
Note |
---|
|
By default SSH Server applies only password authentication. However, this may not be enough to provide the necessary security level. InfiNet Wireless devices have several built-in SSH authentication methods, which are managed by "sshd pubkey" and "sshd -auth-methods" command. At the same time, an SSH Server will keep the connected SSH client public key. |
sshc
Built-in SSH Client configuration is performed using "sshc" command.
Syntax:
Code Block |
---|
|
sshc [options] [LOGIN@]HOST[:PORT] [REMOTE-COMMAND]
options:
-help, -h
-window=SIZE
-keepalive=TIME
-compress, -C
-bind-addr=ADDR, -b ADDR
-pubkey-show
-pubkey-new[=BITS]
-pubkey-clear
-pubkey-export=[LOGIN[:PASSWORD]@]HOST/FILE
-algo-list
-kex-algos[=ALGO-LIST]
-hostkey-algos[=ALGO-LIST]
-cipher-algos[=ALGO-LIST], -c ALGO-LIST
-hash-algos[=ALGO-LIST], -m ALGO-LIST
-comp-algos[=ALGO-LIST] |
Center |
---|
Parameter | Description |
---|
[options] [LOGIN@]HOST[:PORT] [REMOTE-COMMAND] | Connect to the remote SSH Server: - "LOGIN" – username (maybe omitted when default logging name is used on the remote device).
- "HOST" – a remote device IP address.
- "REMOTE-COMAND" – defines a command that should be executed on the SSH Server after successful login.
| -help, -h | Displays the command syntax. | -window=SIZE | Allows changing SSH Server internal receiving window size in bytes. SSH Server window size defines maximum allowed bandwidth for "SSH Client - SSH Server" data channel. By default, SSH Server window size is 24576 bytes. | -keepalive=TIME | Sets a frequency of sending compulsory session activity confirmations to the server. This allows not to loose the session to the server when SSH Client leaved unused for a long time period. By default, SSH Client doesn’t send any special activity confirmations ("0" value). Measured in seconds. | -compress, -C | Enables data compression. | -bind-addr=ADDR, -b ADDR | Sets SSH packets source IP address. This source IP address substitutes the default sending interface's IP address field of the SSH packets. | -pubkey-show | Displays generated public keys. | -pubkey-new[=BITS] | Generates new DSS and RSA SSH Client’s public keys. "BITS" parameter should be specified as a key size in bits, possible values: 512-4096. | -pubkey-clear | Deletes public keys on SSH Client. | -pubkey-export=[LOGIN[:PASSWORD]@]HOST/FILE | Exports public keys from SSH Client to a file on the remote FTP server: - "HOST" – remote FTP Server IP address.
- "FILE" – a file name that will contain SSH Client’s RSA/DSS public keys. If login and password are set on the remote FTP server they should be specified as "LOGIN" and "PASSWORD" parameters.
| -algo-list | Shows a list of all available SSH algorithms for key exchange ( kex ), authentification ( host key ), data encoding (cipher), data verification ( hash ) and data compression ( compress ). | -kex-algos[=ALGO-LIST] | Choosing kex algorithms from the list of algorithms (ALGO-LIST), to be used in SSH key exchange process. | -hostkey-algos[=ALGO-LIST] | Choosing host key algorithms from the list of algorithms (ALGO-LIST), to be used in SSH Server-Client authentification process. | -cipher-algos[=ALGO-LIST], -c ALGO-LIST | Choosing cipher algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data encoding. | -hash-algos[=ALGO-LIST], -m ALGO-LIST | Choosing hash algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data verification. | -comp-algos[=ALGO-LIST] | Choosing compression algorithms from the list of algorithms (ALGO-LIST), to be used in SSH data compression. |
|
Note |
---|
|
For compulsory SSH Client’s session interruption (for example, if SSH Server is not responding to SSH Client’s requests) please use the following key sequence: "Enter~." (on the keyboard, firstly, press "Enter" key, then "~" key, then "." key). |
...