Jump to content

Template:Networking rutos manual administration: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 16: Line 16:
The <b>General</b> section is used to set up some of device managerial parameters, such as changing device name. For more information on the General section, refer to figure and table below.
The <b>General</b> section is used to set up some of device managerial parameters, such as changing device name. For more information on the General section, refer to figure and table below.
{{#switch:{{{series}}}
{{#switch:{{{series}}}
| TAP100=[[File:Networking_rutos_manual_administration_general_tap100_v1.png|border|class=tlt-border]]
  | TCR1=[[File:Networking_rutos_manual_administration_general_tcr_v2.png|border|class=tlt-border]]
  | TCR1=[[File:Networking_rutos_manual_administration_general_tcr_v2.png|border|class=tlt-border]]
  | TRB1|TRB2|TRB5=[[File:Networking_rutos_manual_administration_general_trb_v2.png|border|class=tlt-border]]
  | TRB1|TRB2|TRB5=[[File:Networking_rutos_manual_administration_general_trb_v2.png|border|class=tlt-border]]
Line 25: Line 26:
       <th>Value</th>
       <th>Value</th>
       <th>Description</th>
       <th>Description</th>
     </tr>
     </tr>{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
       <th>General Settings</th>
       <th>General Settings</th>
Line 40: Line 41:
       <td>Basic {{!}} Advanced; default: <b>Basic</b></td>
       <td>Basic {{!}} Advanced; default: <b>Basic</b></td>
       <td>Mode determines what options and configurations are shown. In Basic mode only the essential configurations are shown. In Advanced mode there is greater freedom to configure and access more options.</td>
       <td>Mode determines what options and configurations are shown. In Basic mode only the essential configurations are shown. In Advanced mode there is greater freedom to configure and access more options.</td>
     </tr>
     </tr>}}
     <tr>
     <tr>
       <th>Device name and hostname</th>
       <th>Device name and hostname</th>
Line 83: Line 84:
</table>
</table>


<span class="asterisk">*</span> Different language packages can be downloaded separately from the <b>Services → [[{{{name}}} Package Manager|Package Manager]]</b> page.
{{#ifeq:{{{series}}}|TAP100||<span class="asterisk">*</span> Different language packages can be downloaded separately from the <b>Services → [[{{{name}}} Package Manager|Package Manager]]</b> page.}}


==Access Control==
==Access Control==
===General===
===General===
----
----
The <b>Access Control</b> page is used to manage remote and local access to device.
The <b>Access Control</b> page is used to manage {{#ifeq:{{{series}}}|TAP100||remote and}} local access to device.


<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.
{{#ifeq:{{{series}}}|TAP100||<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.
<br><br>
<br><br>}}
<b>SSH</b>
<b>SSH</b>
----
----{{#switch:{{{series}}}
[[File:Networking_rutos_manual_administration_access_control_general_ssh_v1.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v1.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v1.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 106: Line 108:
         <td>off | on; default: <b>on</b></td>
         <td>off | on; default: <b>on</b></td>
         <td>Turns SSH access from the local network (LAN) on or off.</td>
         <td>Turns SSH access from the local network (LAN) on or off.</td>
     </tr>
     </tr>{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>Remote SSH access</td>
         <td>Remote SSH access</td>
         <td>off | on; default: <b>off</b></td>
         <td>off | on; default: <b>off</b></td>
         <td>Turns SSH access from remote networks (WAN) on or off.</td>
         <td>Turns SSH access from remote networks (WAN) on or off.</td>
     </tr>
     </tr>}}
     <tr>
     <tr>
         <td>Port</td>
         <td>Port</td>
Line 125: Line 127:
<br>
<br>
<b>WebUI</b>
<b>WebUI</b>
----
----{{#switch:{{{series}}}
[[File:Networking_rutos_manual_administration_access_control_general_webui_v1.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_administration_access_control_general_webui_tap100_v1.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_webui_v1.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 148: Line 151:
         <td>off | on; default: <b>off</b></td>
         <td>off | on; default: <b>off</b></td>
         <td>Redirects connection attempts from HTTP to HTTPS.</td>
         <td>Redirects connection attempts from HTTP to HTTPS.</td>
     </tr>
     </tr>{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>Enable remote HTTP access</td>
         <td>Enable remote HTTP access</td>
         <td>off | on; default: <b>off</b></td>
         <td>off | on; default: <b>off</b></td>
         <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
         <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
     </tr>
     </tr>}}
     <tr>
     <tr>
         <td>Port</td>
         <td>Port</td>
         <td>integer [0..65535]; default: <b>80</b></td>
         <td>integer [0..65535]; default: <b>80</b></td>
         <td>Selects which port to use for HTTP access.</td>
         <td>Selects which port to use for HTTP access.</td>
     </tr>
     </tr>{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>Enable remote HTTPS access</td>
         <td>Enable remote HTTPS access</td>
         <td>off | on; default: <b>off</b></td>
         <td>off | on; default: <b>off</b></td>
         <td>Turns HTTPS access from remote networks (WAN) to the device WebUI on or off.</td>
         <td>Turns HTTPS access from remote networks (WAN) to the device WebUI on or off.</td>
     </tr>
     </tr>}}
     <tr>
     <tr>
         <td>Port</td>
         <td>Port</td>
         <td>integer [0..65535]; default: <b>443</b></td>
         <td>integer [0..65535]; default: <b>443</b></td>
         <td>Selects which port to use for HTTPS access.</td>
         <td>Selects which port to use for HTTPS access.</td>
     </tr>
     </tr>{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>Ignore private IPs on public interface</td>
         <td>Ignore private IPs on public interface</td>
         <td>off | on; default: <b>on</b></td>
         <td>off | on; default: <b>on</b></td>
         <td>Prevent access from private (RFC1918) IPs on an interface if it has an public IP address.</td>
         <td>Prevent access from private (RFC1918) IPs on an interface if it has an public IP address.</td>
     </tr>
     </tr>}}{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>Certificate files from device</td>
         <td>Certificate files from device</td>
         <td>off | on; default: <b>on</b></td>
         <td>off | on; default: <b>on</b></td>
         <td>Choose this option if you want to select certificate files from device. Certificate files can be generated in [[{{{name}}} Administration#Certificates|Certificates]] section.</td>
         <td>Choose this option if you want to select certificate files from device. Certificate files can be generated in [[{{{name}}} Administration#Certificates|Certificates]] section.</td>
     </tr>
     </tr>}}{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>Server certificate</td>
         <td>Server certificate</td>
         <td>.crt; default: <b>uhttpd.crt</b></td>
         <td>.crt; default: <b>uhttpd.crt</b></td>
         <td>Server certificate file.</td>
         <td>Server certificate file.</td>
     </tr>
     </tr>}}{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>Server key</td>
         <td>Server key</td>
         <td>.key; default: <b>uhttpd.key</b></td>
         <td>.key; default: <b>uhttpd.key</b></td>
         <td>Server key file.</td>
         <td>Server key file.</td>
     </tr>
     </tr>}}
</table>
</table>
<br>
<br>
<b>CLI</b>
<b>CLI</b>
----
----{{#switch:{{{series}}}
[[File:Networking_rutos_manual_administration_access_control_general_cli.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_cli.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 205: Line 209:
         <td>off | on; default: <b>on</b></td>
         <td>off | on; default: <b>on</b></td>
         <td>Turns CLI access from the local network (LAN) on or off.</td>
         <td>Turns CLI access from the local network (LAN) on or off.</td>
     </tr>
     </tr>{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>Enable remote CLI</td>
         <td>Enable remote CLI</td>
         <td>off | on; default: <b>off</b></td>
         <td>off | on; default: <b>off</b></td>
         <td>Turns CLI access from remote networks (WAN) on or off.</td>
         <td>Turns CLI access from remote networks (WAN) on or off.</td>
     </tr>
     </tr>}}
     <tr>
     <tr>
         <td>Port range</td>
         <td>Port range</td>
Line 222: Line 226:
     </tr>
     </tr>
</table>
</table>
<br>
<br>{{#ifeq:{{{series}}}|TAP100||
<b>Telnet</b>
<b>Telnet</b>
----
----
Line 235: Line 239:
     <tr>
     <tr>
         <td>Enable Telnet access</td>
         <td>Enable Telnet access</td>
         <td>off | on; default: <b>on</b></td>
         <td>off {{!}} on; default: <b>on</b></td>
         <td>Turns Telnet access from the local network (LAN) on or off.</td>
         <td>Turns Telnet access from the local network (LAN) on or off.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Enable remote Telnet access</td>
         <td>Enable remote Telnet access</td>
         <td>off | on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>Turns Telnet access from remote networks (WAN) on or off.</td>
         <td>Turns Telnet access from remote networks (WAN) on or off.</td>
     </tr>
     </tr>
Line 268: Line 272:
     <tr>
     <tr>
         <td>Enable</td>
         <td>Enable</td>
         <td>off | on; default: <b>on</b></td>
         <td>off {{!}} on; default: <b>on</b></td>
         <td>Turns the PAM auth on or off.</td>
         <td>Turns the PAM auth on or off.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Module</td>
         <td>Module</td>
         <td><span style="color:blue">TACACS+</span> | <span style="color:red">Radius</span> | Local; default: <b>Local</b></td>
         <td><span style="color:blue">TACACS+</span> {{!}} <span style="color:red">Radius</span> {{!}} Local; default: <b>Local</b></td>
         <td>Specifies the PAM module that implements the service.</td>
         <td>Specifies the PAM module that implements the service.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Type</td>
         <td>Type</td>
         <td>Required | Requisite | Sufficient | Optional; default: <b>Required </b></td>
         <td>Required {{!}} Requisite {{!}} Sufficient {{!}} Optional; default: <b>Required </b></td>
         <td>Determines the continuation or failure behavior for the module</td>
         <td>Determines the continuation or failure behavior for the module</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td><span style="color:blue">TACACS+</span>/<span style="color:red">Radius</span>: Server</td>
         <td><span style="color:blue">TACACS+</span>/<span style="color:red">Radius</span>: Server</td>
         <td>ip4 | ip6; default: <b>none</b></td>
         <td>ip4 {{!}} ip6; default: <b>none</b></td>
         <td>The IP address of the RADIUS server</td>
         <td>The IP address of the RADIUS server</td>
     </tr>
     </tr>
Line 301: Line 305:
         <td>Timeout in seconds waiting for RADIUS server reply.</td>
         <td>Timeout in seconds waiting for RADIUS server reply.</td>
     </tr>
     </tr>
</table>
</table>}}


===Security===
===Security===
Line 330: Line 334:
</table>
</table>


==Recipients==
{{#ifeq:{{{series}}}|TAP100||==Recipients==


The <b>Recipients</b> section is used to configure{{#ifeq:{{{mobile}}}|0|&nbsp;|&nbsp;phone groups and&nbsp;}}email  
The <b>Recipients</b> section is used to configure{{#ifeq:{{{mobile}}}|0|&nbsp;|&nbsp;phone groups and&nbsp;}}email  
Line 371: Line 375:
     </tr>
     </tr>
</table>
</table>
}}
 


===Email Accounts===
===Email Accounts===
Line 437: Line 441:
       <td> Sends an email based on the current configuration. This is used to test whether the configuration works as intended.</td>
       <td> Sends an email based on the current configuration. This is used to test whether the configuration works as intended.</td>
     </tr>
     </tr>
</table>
</table>}}}}


==Certificates==
{{#ifeq:{{{series}}}|TAP100||==Certificates==


The <b>Certificates</b> page is used for convenient TLS certificate and key generation and management. Generated files can be exported and used on other machines or locally on this device with functions that use TLS/SSL, such as {{#ifeq:{{{mqtt}}}|0||[[{{{name}}} MQTT|MQTT]],&nbsp;}}[[{{{name}}} VPN#OpenVPN|OpenVPN]], [[{{{name}}} VPN#IPsec|IPsec]] and others.
The <b>Certificates</b> page is used for convenient TLS certificate and key generation and management. Generated files can be exported and used on other machines or locally on this device with functions that use TLS/SSL, such as {{#ifeq:{{{mqtt}}}|0||[[{{{name}}} MQTT|MQTT]],&nbsp;}}[[{{{name}}} VPN#OpenVPN|OpenVPN]], [[{{{name}}} VPN#IPsec|IPsec]] and others.
Line 521: Line 525:
     <tr>
     <tr>
       <td>Delete Signing Request</td>
       <td>Delete Signing Request</td>
       <td>off | on; default: <b>off</b></td>
       <td>off {{!}} on; default: <b>off</b></td>
       <td>Generation creates additional 'signing request' files (which appear under the [[#Certificate_Manager|Certificate Manager]] tab) that are later used to sign the generated certificates. When this option is set to 'on', the device deletes the signing request files after the signing process is complete.</td>
       <td>Generation creates additional 'signing request' files (which appear under the [[#Certificate_Manager|Certificate Manager]] tab) that are later used to sign the generated certificates. When this option is set to 'on', the device deletes the signing request files after the signing process is complete.</td>
     </tr>
     </tr>
Line 549: Line 553:
     <tr>
     <tr>
       <td>Type of Certificate to Sign</td>
       <td>Type of Certificate to Sign</td>
       <td>Certificate Authority | Client Certificate | Server Certificate; default: <b>Certificate Authority</b></td>
       <td>Certificate Authority {{!}} Client Certificate {{!}} Server Certificate; default: <b>Certificate Authority</b></td>
       <td>Specifies what type of file will be signed.</td>
       <td>Specifies what type of file will be signed.</td>
     </tr>
     </tr>
Line 574: Line 578:
     <tr>
     <tr>
       <td>Delete Signing Request</td>
       <td>Delete Signing Request</td>
       <td>off | on; default: <b>off</b></td>
       <td>off {{!}} on; default: <b>off</b></td>
       <td>Generation creates additional 'signing request' files (which appear under the [[#Certificate_Manager|Certificate Manager]] tab) that are later used to sign the generated certificates. When this option is set to 'on', the device deletes the signing request files after the signing process is complete.</td>
       <td>Generation creates additional 'signing request' files (which appear under the [[#Certificate_Manager|Certificate Manager]] tab) that are later used to sign the generated certificates. When this option is set to 'on', the device deletes the signing request files after the signing process is complete.</td>
     </tr>
     </tr>
Line 608: Line 612:
The <b>Root CA</b> section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 300 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.
The <b>Root CA</b> section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 300 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.


[[File:Networking_rutos_manual_administration_access_control_root_ca_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_access_control_root_ca_v1.png|border|class=tlt-border]]}}




Line 675: Line 679:
----
----
The <b>Troubleshoot</b> section is used to download various files that contain information used for troubleshooting the device. Refer to the figure and table below for information on the Troubleshoot page.
The <b>Troubleshoot</b> section is used to download various files that contain information used for troubleshooting the device. Refer to the figure and table below for information on the Troubleshoot page.
 
{{#switch:{{{series}}}
[[File:Networking_rutos_manual_administration_troubleshoot_troubleshoot.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_administration_troubleshoot_troubleshoot_tap100.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_troubleshoot_troubleshoot.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 698: Line 703:
         <td>- (interactive button)</td>
         <td>- (interactive button)</td>
         <td>Downloads the device Troubleshoot file. It contains the device configuration information, logs and some other files. When requesting support, it is recommended to always provide the device Troubleshoot file to Teltonika engineers for analysis.</td>
         <td>Downloads the device Troubleshoot file. It contains the device configuration information, logs and some other files. When requesting support, it is recommended to always provide the device Troubleshoot file to Teltonika engineers for analysis.</td>
     </tr>
     </tr>{{#ifeq:{{{series}}}|TAP100||
     <tr>
     <tr>
         <td>TCP dump file{{#ifeq:{{{series}}}|RUTX||<span class="asterisk">*</span>}}</td>
         <td>TCP dump file{{#ifeq:{{{series}}}|RUTX||<span class="asterisk">*</span>}}</td>
Line 708: Line 713:
         <td>off | on; default: <b>off</b></td>
         <td>off | on; default: <b>off</b></td>
         <td>Turns TCP dump packets capture on or off.</td>
         <td>Turns TCP dump packets capture on or off.</td>
     </tr>
     </tr>}}
</table>
</table>
{{#switch:{{{series}}}| RUT2M|RUT9M|TCR1=
{{#switch:{{{series}}}|TAP100|RUT2M|RUT9M|TCR1=
| #default={{#ifeq:{{{series}}}|RUTX||<font size="-1"><span class="asterisk">*</span> As of {{{series}}}_R_00.07.00, TCPdump is not part of core functionality anymore. To see these options, the TCPdump package must be downloaded from [[{{{name}}}_Package_Manager|Package Manager]].</font>}}
| #default={{#ifeq:{{{series}}}|RUTX||<font size="-1"><span class="asterisk">*</span> As of {{{series}}}_R_00.07.00, TCPdump is not part of core functionality anymore. To see these options, the TCPdump package must be downloaded from [[{{{name}}}_Package_Manager|Package Manager]].</font>}}
}}
}}


====TCP dump====
{{#ifeq:{{{series}}}|TAP100||====TCP dump====
----
----
<b>TCP dump</b> is {{#ifeq:{{{series}}}|RUTX||an <i>optional</i> downloadable functionality<span class="asterisk">*</span>}} used to capture packets moving through network interfaces. By default, the device does not store TCP dump information. You must enable TCP dump and save the changes before you can download the file.  
<b>TCP dump</b> is {{#ifeq:{{{series}}}|RUTX||an <i>optional</i> downloadable functionality<span class="asterisk">*</span>}} used to capture packets moving through network interfaces. By default, the device does not store TCP dump information. You must enable TCP dump and save the changes before you can download the file.  
Line 732: Line 737:
     <tr>
     <tr>
         <td>Enable TCP dump</td>
         <td>Enable TCP dump</td>
         <td>off | on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>Turns TCP dump packet capture on or off.</td>
         <td>Turns TCP dump packet capture on or off.</td>
     </tr>
     </tr>
Line 742: Line 747:
     <tr>
     <tr>
         <td>Select protocol filter</td>
         <td>Select protocol filter</td>
         <td>All | ICMP | TCP | UDP | ARP; default: <b>All</b></td>
         <td>All {{!}} ICMP {{!}} TCP {{!}} UDP {{!}} ARP; default: <b>All</b></td>
         <td>Only captures packets that match the specified protocol.</td>
         <td>Only captures packets that match the specified protocol.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Select packets direction</td>
         <td>Select packets direction</td>
         <td>Incoming/Outgoing | Incoming | Outgoing; default: <b>Incoming/Outgoing</b></td>
         <td>Incoming/Outgoing {{!}} Incoming {{!}} Outgoing; default: <b>Incoming/Outgoing</b></td>
         <td>Only captures packets coming from the specified direction.</td>
         <td>Only captures packets coming from the specified direction.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Host</td>
         <td>Host</td>
         <td>ip | host; default: <b>none</b></td>
         <td>ip {{!}} host; default: <b>none</b></td>
         <td>Only captures packets related to the specified host.</td>
         <td>Only captures packets related to the specified host.</td>
     </tr>
     </tr>
Line 765: Line 770:
         <td>Specifies where the TCP dump file will be stored.</td>
         <td>Specifies where the TCP dump file will be stored.</td>
     </tr>
     </tr>
</table>
</table>}}


===Diagnostics===
===Diagnostics===