9,305
edits
Changes
Template:Networking rutos manual administration (view source)
Revision as of 14:31, 1 September 2022
, 14:31, 1 September 2022no edit summary
<!--- {{{series}}}, {{{name}}} --->
<!--- {{{series}}}, {{{name}}} --->
{{Template:Networking_rutos_manual_fw_disclosure
{{Template: Networking_rutos_manual_fw_disclosure
| fw_version = {{{series}}}_R_00.02.04.1
| fw_version ={{Template: Networking_rutos_manual_latest_fw
| series = {{{series}}}
| series = {{{series}}}
| name = {{{name}}}
}}
}}
}}
{{#ifeq: {{{series}}} | RUT9 |<br><i><b>Note</b>: <b>[[{{{name}}} Administration (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_rutos_manual_latest_fw | series = RUT9XX}} and earlier) user manual page.</i>|}}
{{#ifeq: {{{series}}} | RUT2 |<br><i><b>Note</b>: <b>[[{{{name}}} Administration (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_rutos_manual_latest_fw | series = RUT2XX}} and earlier) user manual page.</i>|}}
==Summary==
==Summary==
The <b>General</b> section is used to set up some of device managerial parameters, such as changing device name. For more information on the General section, refer to figure and table below.
The <b>General</b> section is used to set up some of device managerial parameters, such as changing device name. For more information on the General section, refer to figure and table below.
{{#switch:{{{series}}}
{{#switch:{{{series}}}
| RUTX = [[File:Networking_rutx_manual_administration_general_v2.png|border|class=tlt-border]]
| TCR1=[[File:Networking_rutos_manual_administration_general_tcr_v1.png|border|class=tlt-border]]
| TRB2 = [[File:Networking_trb2_manual_administration_general_v2.png|border|class=tlt-border]]
| TRB1|TRB2|TRB5=[[File:Networking_rutos_manual_administration_general_trb_v1.png|border|class=tlt-border]]
| TRB14X = [[File:Networking_trb1_manual_administration_general_v2.png|border|class=tlt-border]]
| #default=[[File:Networking_rutos_manual_administration_general_rut_v1.png|border|class=tlt-border]]
}}
}}
<table class="nd-mantable">
<table class="nd-mantable">
<tr>
<tr>
<th>Value</th>
<th>Value</th>
<th>Description</th>
<th>Description</th>
</tr>
<tr>
<th>General Settings</th>
<th></th>
<th></th>
</tr>
<tr>
<td>Configuration Mode</td>
<td>Basic {{!}} Advanced; default: <b>Basic</b></td>
<td>Mode determines what options and configurations are shown. In Basic mode only the essential configurations are shown. In Advanced mode there is greater freedom to configure and access more options.</td>
</tr>
<tr>
<th>Device name and hostname</th>
<th></th>
<th></th>
</tr>
</tr>
<tr>
<tr>
</tr>
</tr>
<tr>
<tr>
<td>Mode</td>
<th>LED Indication</th>
<th></th>
<th></th>
</tr>
<tr>
<td>Enable</td>
<td>off {{!}} on; default: <b>on</b></td>
<td>Manages signal strength{{#ifeq:{{{series}}}|RUTX||, LAN}} and connection status indication LEDs.</td>
</tr>
<tr>
<th>Reset Button Configuration</th>
<th></th>
<th></th>
</tr>
</tr>
<tr>
<tr>
<td>integer [1..60]; default: <b>none</b></td>
<td>integer [1..60]; default: <b>none</b></td>
<td>Maximum time (in seconds) the button can be held to perform an action, after which no action will be performed.</td>
<td>Maximum time (in seconds) the button can be held to perform an action, after which no action will be performed.</td>
</tr>
</tr>
</table>
</table>
==Access Control==
==Access Control==
===General===
===General===
----
The <b>Access Control</b> page is used to manage remote and local access to device.
The <b>Access Control</b> page is used to manage remote and local access to device.
<b>SSH</b>
<b>SSH</b>
----
----
[[File:Networking_rutx_manual_administration_access_control_general_ssh_v1.png]]
[[File:Networking_rutos_manual_administration_access_control_general_ssh_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<td>integer [0..65535]; default: <b>22</b></td>
<td>integer [0..65535]; default: <b>22</b></td>
<td>Selects which port to use for SSH access.</td>
<td>Selects which port to use for SSH access.</td>
</tr>
<tr>
<td>Enable key-based authentication</td>
<td>off | on; default: <b>off</b></td>
<td>Use public keys for authentication.</td>
</tr>
</tr>
</table>
</table>
<b>WebUI</b>
<b>WebUI</b>
----
----
[[File:Networking_rutx_manual_administration_access_control_general_webui_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_access_control_general_webui_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<td>integer [0..65535]; default: <b>443</b></td>
<td>integer [0..65535]; default: <b>443</b></td>
<td>Selects which port to use for HTTPS access.</td>
<td>Selects which port to use for HTTPS access.</td>
</tr>
<tr>
<td>Ignore private IPs on public interface</td>
<td>off | on; default: <b>on</b></td>
<td>Prevent access from private (RFC1918) IPs on an interface if it has an public IP address.</td>
</tr>
<tr>
<td>Certificate files from device</td>
<td>off | on; default: <b>on</b></td>
<td>Choose this option if you want to select certificate files from device. Certificate files can be generated in [[{{{name}}} Administration#Certificates|Certificates]] section.</td>
</tr>
<tr>
<td>Server certificate</td>
<td>.crt; default: <b>uhttpd.crt</b></td>
<td>Server certificate file.</td>
</tr>
<tr>
<td>Server key</td>
<td>.key; default: <b>uhttpd.key</b></td>
<td>Server key file.</td>
</tr>
</tr>
</table>
</table>
<b>CLI</b>
<b>CLI</b>
----
----
[[File:Networking_rutx_manual_administration_access_control_general_cli_v1.png]]
[[File:Networking_rutos_manual_administration_access_control_general_cli.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
</tr>
</tr>
</table>
</table>
<br>
<b>Telnet</b>
----
----
[[File:Networking_rutx_manual_administration_access_control_security_v1.png]]
[[File:Networking_rutos_manual_administration_access_control_general_telnet.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
</tr>
</tr>
<tr>
<tr>
<td>Fail count</td>
<td>Enable Telnet access</td>
<td>integer; default: <b>10</b></td>
<td>off | on; default: <b>on</b></td>
<td>An amount of times IP address can try to access SSH or WebUI before being blocked.</td>
<td>Turns Telnet access from the local network (LAN) on or off.</td>
</tr>
</tr>
<tr>
<tr>
<td>Blocked address</td>
<td>Enable remote Telnet access</td>
<td>ip</td>
<td>off | on; default: <b>off</b></td>
<td>IP address which was blocked due to reaching fail count limit.</td>
<td>Turns Telnet access from remote networks (WAN) on or off.</td>
</tr>
</tr>
<tr>
<tr>
<td>Failed attempts</td>
<td>Port range</td>
<td>integer</td>
<td>integer [0..65535]; default: <b>23</b></td>
<td>Amount of times IP address tried to access SSH or WebUI after getting blocked.</td>
<td>Selects which port to use for Telnet access.</td>
</tr>
</tr>
</table>
</table>
==Troubleshoot==
===Security===
----
[[File:Networking_rutos_manual_administration_access_control_security_v1.png|border|class=tlt-border]]
[[File:Networking_rutx_manual_administration_troubleshoot_v1.png]]
<table class="nd-mantable">
<table class="nd-mantable">
</tr>
</tr>
<tr>
<tr>
<td>System log</td>
<td>Enable</td>
<td>- (interactive button)</td>
<td>off | on; default: <b>on</b></td>
<td>Displays the contents of the device system log file. The system log contains records of various system related events, such as starts/stops of various services, errors, reboots, etc.</td>
<td>Enable or disable blocking IP's if they have reached the set amount of failed times.</td>
</tr>
</tr>
<tr>
<tr>
<td>Kernel log</td>
<td>Fail count</td>
<td>- (interactive button)</td>
<td>integer; default: <b>10</b></td>
<td>An amount of times IP address can try to access SSH or WebUI before being blocked.</td>
<td>Turns TCP dump packets capture on or off.</td>
</tr>
</tr>
</table>
</table>
==Recipients==
The <b>Recipients</b> section is used to configure{{#ifeq:{{{mobile}}}|0| | phone groups and }}email
users, which can later be used along with{{#ifeq:{{{mobile}}}|0| | SMS or }}email related
services{{#ifeq:{{{events_reporting}}}|0|.|, such as [[{{{name}}} Events Reporting|Events Reporting]].}}
{{#ifeq:{{{mobile}}}|0||
===TCP dump===
===Phone Groups===
----
----
<b>TCP dump</b> is a program used to capture packets moving through network interfaces. By default, the device does not store TCP dump information. You must enable TCP dump and save the changes before you can download the file.
A <b>Phone Group</b> is a collection of phone numbers that can be used as the recipient in SMS & call related services instead of specifying every number individually. The phone group list is empty by default thus, you must first add at least one new group before you can add phone numbers to it. To create and begin editing a phone group, follow these steps:
<ol>
<li>Enter a custom name for the phone group into the 'Name' field.</li>
<li>Click the 'Add' button.</li>
<li>Click the 'Edit' button next to the newly added phone group.</li>
</ol>
[[File:Networking_rutos_manual_administration_recipients_phone_groups_add_button_edit_button.png|border|class=tlt-border]]
After clicking 'Edit' you should be redirected to that phone group's configuration page where you can start adding phone numbers to it.
[[File:Networking_rutx_manual_administration_troubleshoot_tcp_dump_v3.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_recipients_phone_groups_modify_phone_group.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
</tr>
</tr>
<tr>
<tr>
<td>Group name</td>
<td>string; default: <b>none</b></td>
<td>Name of this phone numbers group.</td>
</tr>
</tr>
<tr>
<tr>
<td>Phone number</td>
<td>string; default: <b>none</b></td>
<td>A phone number entry for this group. Numbers that consist of <i>0-9*+#</i> characters are accepted. Click the plus symbol to add more entries.</td>
</tr>
</tr>
</table>
</table>
}}
===Diagnostics===
===Email Accounts===
----
----
When email related services{{#ifeq:{{{events_reporting}}}|0| | (such as [[{{{name}}} Events Reporting|Events Reporting]]) }}are used, the device logs in to the specified email account and reads the inbox (e.g., Email to SMS) or sends out a message (e.g., SMS to Email) depending on the configured service. In this context, an <b>Email Account</b> is an configuration instance that contains the necessary data required in order to log into an email account.
The email accounts list is empty by default thus, you must first add at least one new account before you can configure it. To create and begin editing an email account, follow these steps:
<ol>
<li>Enter a custom name for the email account into the 'Name' field.</li>
<li>Click the 'Add' button.</li>
<li>Click the 'Edit' button next to the newly added email account.</li>
</ol>
[[File:Networking_rutos_manual_administration_recipients_email_accounts_groups_add_button_edit_button.png|border|class=tlt-border]]
After clicking 'Edit' you should be redirected to that email account's settings page where you can start configuring the account.
[[File:Networking_rutx_manual_administration_diagnostics_v3.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_recipients_email_accounts_modify_email_account_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
</tr>
</tr>
<tr>
<tr>
<td>Method</td>
<td>Secure connection</td>
<td>Ping | Traceroute | Nslookup; default: <b>Ping</b></td>
<td>off <nowiki>|</nowiki> on; default: <b>off</b></td>
<td>Selects diagnostic method.
<td>Use if your SMTP server supports TLS or SSL encryption.</td>
</tr>
<tr>
<td>SMTP server</td>
<td>string; default: <b>none</b></td>
<td>Name of the email service provider's SMTP server.</td>
</tr>
<tr>
<td>SMTP server port</td>
<td>integer [0..65535]; default: <b>none</b></td>
<td>Port of the email service provider's SMTP server.</td>
</tr>
<tr>
<td>Credentials</td>
<td>off {{!}} on; default: <b>off</b></td>
<td>This options allows you to set username and password of email account.</td>
</tr>
</tr>
<tr>
<tr>
<td>Protocol</td>
<td>Username</td>
<td>IPv4 | IPv6; default: <b>IPv4</b></td>
<td>string; default: <b>none</b></td>
<td>Selects IP address family for diagnostic test.</td>
<td>Username used to authenticate to the email service.</td>
</tr>
</tr>
<tr>
<tr>
<td>Address</td>
<td>Password</td>
<td>ip | host; default: <b>none</b></td>
<td>string; default: <b>none</b></td>
<td>IP address or hostname on which the diagnostic test will be performed.</td>
<td>Password used to authenticate to the email service..</td>
</tr>
</tr>
<tr>
<tr>
<td>Sender's email address</td>
<td>-(interactive button)</td>
<td>string; default: <b>none</b></td>
<td>Performs diagnostic test when clicked.</td>
<td>Configured SMTP server user's email address.</td>
</tr>
</tr>
</table>
</table>
==Certificates==
==Certificates==
The <b>Certificates</b> page is used for convenient TLS certificate and key generation and management. Generated files can be exported and used on other machines or locally on this device with functions that use TLS/SSL, such as [[{{{name}}} MQTT|MQTT]], [[{{{name}}} VPN#OpenVPN|OpenVPN]], [[{{{name}}} VPN#IPsec|IPsec]] and others.
The <b>Certificates</b> page is used for convenient TLS certificate and key generation and management. Generated files can be exported and used on other machines or locally on this device with functions that use TLS/SSL, such as {{#ifeq:{{{mqtt}}}|0||[[{{{name}}} MQTT|MQTT]], }}[[{{{name}}} VPN#OpenVPN|OpenVPN]], [[{{{name}}} VPN#IPsec|IPsec]] and others.
===Certificate Generation===
===Certificate Generation===
The <b>Certificate Signing</b> section is used to validate (sign) unsigned certificates.
The <b>Certificate Signing</b> section is used to validate (sign) unsigned certificates.
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_certificate_signing_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_certificate_signing_v2.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<tr>
<tr>
<td>Signed Certificate Name</td>
<td>Signed Certificate Name</td>
<td>string; default: <b>cert</b></td>
<td>string; default: <b>none</b></td>
<td>Name of the signed certificate.</td>
<td>Name of the signed certificate.</td>
</tr>
</tr>
<tr>
<tr>
<td>Days Valid</td>
<td>Days Valid</td>
<td>integer; default: <b>3650</b></td>
<td>integer; default: <b>none</b></td>
<td>Length of the signature's validity.</td>
<td>Length of the signature's validity.</td>
</tr>
</tr>
====Certificate Import====
====Certificate Import====
----
----
The <b>Certificate Import</b> section provides the possibility to import certificates and files generated on another machine. To upload such a file simply click 'Browse', locate the file on your computer and click 'Import'
The <b>Certificate Import</b> section provides the possibility to import certificates and files generated on another machine. To upload such a file simply click 'Browse' and locate the file on your computer, it should then start uploading automatically.
[[File:Networking_rutos_manual_administartion_certificates_certificates_manager_certificate_import_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administartion_certificates_certificates_manager_certificate_import_v2.png|border|class=tlt-border]]
====Certificates, Keys & Requests====
====Certificates, Keys & Requests====
The 'Export' buttons are used to download the files from the device onto your local machine. The 'X' buttons located to the right of each entry are used to delete related files.
The 'Export' buttons are used to download the files from the device onto your local machine. The 'X' buttons located to the right of each entry are used to delete related files.
==Root CA==
===Root CA===
----
The <b>Root CA</b> section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 300 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.
The <b>Root CA</b> section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 300 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.
[[File:Networking_rutx_manual_administration_root_ca_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_access_control_root_ca_v1.png|border|class=tlt-border]]
==Troubleshoot==
===Logging Settings===
----
The <b>Logging Settings</b> section is used to configure how and where the device stores system log data. The system log is a file that contains information on various system related events and is useful to engineers for troubleshooting the device.
[[File:Networking_rutx_manual_administration_logging_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_troubleshoot_logging_settings_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<td>RAM memory | Flash memory; default: <b>RAM memory</b></td>
<td>RAM memory | Flash memory; default: <b>RAM memory</b></td>
<td>Specifies which type of memory to use for storing system logs.</td>
<td>Specifies which type of memory to use for storing system logs.</td>
</tr></table>
</tr>
<tr>
<td>Show hostname</td>
<td>off | on; default: <b>off</b></td>
<td>Show hostname instead of IP address in syslog.</td>
</tr>
</table>
==Unsaved changes==
===Troubleshoot===
----
The <b>Troubleshoot</b> section is used to download various files that contain information used for troubleshooting the device. Refer to the figure and table below for information on the Troubleshoot page.
[[File:Networking_rutos_manual_administration_troubleshoot_troubleshoot.png|border|class=tlt-border]]
[[File:Networking_rutx_manual_administration_unsaved_changes_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<tr>
<th>Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>System log</td>
<td>- (interactive button)</td>
<td>Displays the contents of the device system log file. The system log contains records of various system related events, such as starts/stops of various services, errors, reboots, etc.</td>
</tr>
<tr>
<td>Kernel log</td>
<td>- (interactive button)</td>
<td>Displays the contents of the device kernel log file. The kernel log contains records of various events related to the processes of the operating system (OS).</td>
</tr>
<tr>
<td>Troubleshoot file</td>
<td>- (interactive button)</td>
<td>Downloads the device Troubleshoot file. It contains the device configuration information, logs and some other files. When requesting support, it is recommended to always provide the device Troubleshoot file to Teltonika engineers for analysis.</td>
</tr>
<tr>
<td>TCP dump file{{#ifeq:{{{series}}}|RUTX||<span class="asterisk">*</span>}}</td>
<td>- (interactive button)</td>
<td>Downloads the device TCP dump file. TCP dump is a program used to capture packets moving through network interfaces. By default, the device does not store TCP dump information. You must enable TCP dump and save the changes before you can download the file.</td>
</tr>
<tr>
<td>Enable TCP dump{{#ifeq:{{{series}}}|RUTX||<span class="asterisk">*</span>}}</td>
<td>off | on; default: <b>off</b></td>
<td>Turns TCP dump packets capture on or off.</td>
</tr>
</table>
{{#switch:{{{series}}}| RUT2M|RUT9M|TCR1=
| #default={{#ifeq:{{{series}}}|RUTX||<font size="-1"><span class="asterisk">*</span> As of {{{series}}}_R_00.07.00, TCPdump is not part of core functionality anymore. To see these options, the TCPdump package must be downloaded from [[{{{name}}}_Package_Manager|Package Manager]].</font>}}
}}
====TCP dump====
----
<b>TCP dump</b> is {{#ifeq:{{{series}}}|RUTX||an <i>optional</i> downloadable functionality<span class="asterisk">*</span>}} used to capture packets moving through network interfaces. By default, the device does not store TCP dump information. You must enable TCP dump and save the changes before you can download the file.
If you enable TCP dump, you will notice additional configuration fields appear. Refer to the figure and table below for realted information.
{{#ifeq:{{{series}}}|RUTX||<font size="-1"><span class="asterisk">*</span> You can download the TCPdump package from [[{{{name}}}_Package_Manager|Package Manager]].</font>}}
[[File:Networking_rutos_manual_administration_troubleshoot_tcp_dump.png|border|class=tlt-border]]
<table class="nd-mantable">
<tr>
<th>Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>Enable TCP dump</td>
<td>off | on; default: <b>off</b></td>
<td>Turns TCP dump packet capture on or off.</td>
</tr>
<tr>
<td>Select interface</td>
<td>network interface; default: '''br-lan'''</td>
<td>Only captures packets that move through the specified network interface.</td>
</tr>
<tr>
<td>Select protocol filter</td>
<td>All | ICMP | TCP | UDP | ARP; default: <b>All</b></td>
<td>Only captures packets that match the specified protocol.</td>
</tr>
<tr>
<td>Select packets direction</td>
<td>Incoming/Outgoing | Incoming | Outgoing; default: <b>Incoming/Outgoing</b></td>
<td>Only captures packets coming from the specified direction.</td>
</tr>
<tr>
<td>Host</td>
<td>ip | host; default: <b>none</b></td>
<td>Only captures packets related to the specified host.</td>
</tr>
<tr>
<td>Port</td>
<td>integer [0..65335]; default: <b>none</b></td>
<td>Only captures packets related to the specified communication port.</td>
</tr>
<tr>
<td>Select storage</td>
<td>RAM memory; default: <b>RAM memory</b></td>
<td>Specifies where the TCP dump file will be stored.</td>
</tr>
</table>
===Diagnostics===
----
The <b>Diagnostics</b> section is used to execute simple network diagnostic tests, including <i>ping</i>, <i>traceroute</i> and <i>nslookup</i>.
[[File:Networking_rutos_manual_administration_troubleshoot_diagnostics.png|border|class=tlt-border]]
<table class="nd-mantable">
<tr>
<th>Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>Method</td>
<td>Ping | Traceroute | Nslookup; default: <b>Ping</b></td>
<td>Selects diagnostic method.
<ul>
<li><b>Ping</b> - sends ICMP requests to the specified address.</li>
<li><b>Traceroute</b> - displays the path that packets have to take in order to reach the specified address.</li>
<li><b>Nslookup</b> - obtains domain name address and IP address mapping information.</li>
</ul>
</td>
</tr>
<tr>
<td>Protocol</td>
<td>IPv4 | IPv6; default: <b>IPv4</b></td>
<td>Selects IP address family for diagnostic test.</td>
</tr>
<tr>
<td>Address</td>
<td>ip | host; default: <b>none</b></td>
<td>IP address or hostname on which the diagnostic test will be performed.</td>
</tr>
<tr>
<td>Perform</td>
<td>-(interactive button)</td>
<td>Performs diagnostic test when clicked.</td>
</tr>
</table>
[[Category:{{{name}}} System section]]
[[Category:{{{name}}} System section]]
