Line 266: |
Line 266: |
| ---- | | ---- |
| The <b>Access Control</b> page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device. | | The <b>Access Control</b> page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device. |
| + | |
| + | {{#switch:{{{series}}} |
| + | |TAP100|TAP200 = [[File:Networking rutos manual administration access control general tap v1.png|border|class=tlt-border]] |
| + | |#default = [[File:Networking rutos manual administration access control general v1.png|border|class=tlt-border]]}} |
| | | |
| {{#switch:{{{series}}}|TAP100|TAP200=|#default=<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password. | | {{#switch:{{{series}}}|TAP100|TAP200=|#default=<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password. |
Line 271: |
Line 275: |
| <b>SSH</b> | | <b>SSH</b> |
| ----{{#switch:{{{series}}} | | ----{{#switch:{{{series}}} |
− | |TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v2.png|border|class=tlt-border]] | + | |TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v3.png|border|class=tlt-border]] |
− | |#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v2.png|border|class=tlt-border]]}} | + | |#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v3.png|border|class=tlt-border]]}} |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 311: |
Line 315: |
| </table> | | </table> |
| <br> | | <br> |
− | <b>WebUI</b> | + | <b>HTTP</b> |
| ----{{#switch:{{{series}}} | | ----{{#switch:{{{series}}} |
− | |TAP100|TAP200 = [[File:Networking rutos manual administration access control general webui tap100 v2.png|border|class=tlt-border]] | + | |TAP100|TAP200 = [[File:Networking rutos manual administration access control general http tap v1.png|border|class=tlt-border]] |
− | |#default = [[File:Networking_rutos_manual_administration_access_control_general_webui_v2.png|border|class=tlt-border]]}} | + | |#default = [[File:Networking rutos manual administration access control general http v1.png|border|class=tlt-border]]}} |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 326: |
Line 330: |
| <td>off {{!}} on; default: <b>on</b></td> | | <td>off {{!}} on; default: <b>on</b></td> |
| <td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td> | | <td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td> |
| + | </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default= |
| + | <tr> |
| + | <td>Enable remote HTTP access</td> |
| + | <td>off {{!}} on; default: <b>off</b></td> |
| + | <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td> |
| + | </tr>}} |
| + | <tr> |
| + | <td>HTTP Port</td> |
| + | <td>integer [0..65535]; default: <b>80</b></td> |
| + | <td>Selects which port to use for HTTP access.</td> |
| + | </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default= |
| + | <tr> |
| + | <td>Ignore private IPs on public interface</td> |
| + | <td>off {{!}} on; default: <b>on</b></td> |
| + | <td>Prevent access from private (RFC1918) IPs on an interface if it has an public IP address.</td> |
| + | </tr>}} |
| + | </table> |
| + | |
| + | <br> |
| + | <b>HTTPS/b> |
| + | ----{{#switch:{{{series}}} |
| + | |TAP100|TAP200 = [[File:Networking rutos manual administration access control general https tap v1.png|border|class=tlt-border]] |
| + | |#default = [[File:Networking rutos manual administration access control general https v1.png|border|class=tlt-border]]}} |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 336: |
Line 369: |
| <td>off {{!}} on; default: <b>off</b></td> | | <td>off {{!}} on; default: <b>off</b></td> |
| <td>Redirects connection attempts from HTTP to HTTPS.</td> | | <td>Redirects connection attempts from HTTP to HTTPS.</td> |
− | </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
| |
− | <tr>
| |
− | <td>Enable remote HTTP access</td>
| |
− | <td>off {{!}} on; default: <b>off</b></td>
| |
− | <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
| |
− | </tr>}}
| |
− | <tr>
| |
− | <td>Port</td>
| |
− | <td>integer [0..65535]; default: <b>80</b></td>
| |
− | <td>Selects which port to use for HTTP access.</td>
| |
| </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default= | | </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default= |
| <tr> | | <tr> |
Line 353: |
Line 376: |
| </tr>}} | | </tr>}} |
| <tr> | | <tr> |
− | <td>Port</td> | + | <td>HTTPS Port</td> |
| <td>integer [0..65535]; default: <b>443</b></td> | | <td>integer [0..65535]; default: <b>443</b></td> |
| <td>Selects which port to use for HTTPS access.</td> | | <td>Selects which port to use for HTTPS access.</td> |
Line 377: |
Line 400: |
| <td>Server key file.</td> | | <td>Server key file.</td> |
| </tr>}} | | </tr>}} |
| + | <tr> |
| + | <td>Certificate file</td> |
| + | <td>.crt; default: <b>uhttpd.crt</b></td> |
| + | <td>Download certificate file from device. Used for browsers to reach HTTPS connection.</td> |
| + | </tr> |
| </table> | | </table> |
| + | |
| <br> | | <br> |
| <b>CLI</b> | | <b>CLI</b> |
| ----{{#switch:{{{series}}} | | ----{{#switch:{{{series}}} |
− | |TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100.png|border|class=tlt-border]] | + | |TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100_v2.png|border|class=tlt-border]] |
− | |#default = [[File:Networking_rutos_manual_administration_access_control_general_cli.png|border|class=tlt-border]]}} | + | |#default = [[File:Networking_rutos_manual_administration_access_control_general_cli_v2.png|border|class=tlt-border]]}} |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 414: |
Line 443: |
| <b>Telnet</b> | | <b>Telnet</b> |
| ---- | | ---- |
− | [[File:Networking_rutos_manual_administration_access_control_general_telnet.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administration_access_control_general_telnet v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 443: |
Line 472: |
| <b>Note:</b> PAM is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page. | | <b>Note:</b> PAM is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page. |
| | | |
− | [[File:Networking_rutos_manual_administration_access_control_pam_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administration_access_control_pam_v3.png|border|class=tlt-border]] |
| | | |
| ====Modify PAM Auth==== | | ====Modify PAM Auth==== |
| ---- | | ---- |
− | [[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 474: |
Line 503: |
| <td>off {{!}} on; default: <b>off</b></td> | | <td>off {{!}} on; default: <b>off</b></td> |
| <td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td> | | <td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color:red">Radius</span>: Require Message-Authenticator</td> |
| + | <td>off {{!}} on; default: <b>on</b></td> |
| + | <td>Require and validate Message-Authenticator RADIUS attribute on Access-Request replies.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 503: |
Line 537: |
| <b>IP Block Settings</b> | | <b>IP Block Settings</b> |
| ---- | | ---- |
− | [[File:Networking_rutos_manual_administration_access_control_security_v4.png|border|class=tlt-border]] | + | [[File:Networking rutos manual administration access control security settings v1.png|border|class=tlt-border]] |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
| <tr> | | <tr> |
Line 585: |
Line 619: |
| {{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing=== | | {{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing=== |
| ---- | | ---- |
− | [[File:Networking_rutos_manual_administration_access_control_pairing_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administration_access_control_pairing_v3.png|border|class=tlt-border]] |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
| <tr> | | <tr> |