Jump to content
  • EN

Template:Networking rutos manual administration: Difference between revisions

Template:Networking rutos manual administration (view source)

Revision as of 10:26, 2 September 2024

1,459 bytes added ,  2 September
→‎Access Control
VisualWikitext
No edit summary
Line 266: Line 266:
----
----
The <b>Access Control</b> page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device.
The <b>Access Control</b> page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device.
{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general tap v1.png|border|class=tlt-border]]
|#default = [[File:Networking rutos manual administration access control general v1.png|border|class=tlt-border]]}}


{{#switch:{{{series}}}|TAP100|TAP200=|#default=<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.
{{#switch:{{{series}}}|TAP100|TAP200=|#default=<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.
Line 271: Line 275:
<b>SSH</b>
<b>SSH</b>
----{{#switch:{{{series}}}
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v2.png|border|class=tlt-border]]
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v3.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v2.png|border|class=tlt-border]]}}
|#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v3.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 311: Line 315:
</table>
</table>
<br>
<br>
<b>WebUI</b>
<b>HTTP</b>
----{{#switch:{{{series}}}
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general webui tap100 v2.png|border|class=tlt-border]]
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general http tap v1.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_webui_v2.png|border|class=tlt-border]]}}
|#default = [[File:Networking rutos manual administration access control general http v1.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 326: Line 330:
         <td>off {{!}} on; default: <b>on</b></td>
         <td>off {{!}} on; default: <b>on</b></td>
         <td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td>
         <td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td>
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
    <tr>
        <td>Enable remote HTTP access</td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
    </tr>}}
    <tr>
        <td>HTTP Port</td>
        <td>integer [0..65535]; default: <b>80</b></td>
        <td>Selects which port to use for HTTP access.</td>
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
    <tr>
        <td>Ignore private IPs on public interface</td>
        <td>off {{!}} on; default: <b>on</b></td>
        <td>Prevent access from private (RFC1918) IPs on an interface if it has an public IP address.</td>
    </tr>}}
</table>
<br>
<b>HTTPS/b>
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general https tap v1.png|border|class=tlt-border]]
|#default = [[File:Networking rutos manual administration access control general https v1.png|border|class=tlt-border]]}}
<table class="nd-mantable">
    <tr>
        <th>Field</th>
      <th>Value</th>
      <th>Description</th>
     </tr>
     </tr>
     <tr>
     <tr>
Line 336: Line 369:
         <td>off {{!}} on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>Redirects connection attempts from HTTP to HTTPS.</td>
         <td>Redirects connection attempts from HTTP to HTTPS.</td>
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
    <tr>
        <td>Enable remote HTTP access</td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
    </tr>}}
    <tr>
        <td>Port</td>
        <td>integer [0..65535]; default: <b>80</b></td>
        <td>Selects which port to use for HTTP access.</td>
     </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
     </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
     <tr>
     <tr>
Line 353: Line 376:
     </tr>}}
     </tr>}}
     <tr>
     <tr>
         <td>Port</td>
         <td>HTTPS Port</td>
         <td>integer [0..65535]; default: <b>443</b></td>
         <td>integer [0..65535]; default: <b>443</b></td>
         <td>Selects which port to use for HTTPS access.</td>
         <td>Selects which port to use for HTTPS access.</td>
Line 377: Line 400:
         <td>Server key file.</td>
         <td>Server key file.</td>
     </tr>}}
     </tr>}}
    <tr>
        <td>Certificate file</td>
        <td>.crt; default: <b>uhttpd.crt</b></td>
        <td>Download certificate file from device. Used for browsers to reach HTTPS connection.</td>
    </tr>
</table>
</table>
<br>
<br>
<b>CLI</b>
<b>CLI</b>
----{{#switch:{{{series}}}
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100.png|border|class=tlt-border]]
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100_v2.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_cli.png|border|class=tlt-border]]}}
|#default = [[File:Networking_rutos_manual_administration_access_control_general_cli_v2.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 414: Line 443:
<b>Telnet</b>
<b>Telnet</b>
----
----
[[File:Networking_rutos_manual_administration_access_control_general_telnet.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_access_control_general_telnet v2.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 443: Line 472:
<b>Note:</b> PAM is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.
<b>Note:</b> PAM is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.


[[File:Networking_rutos_manual_administration_access_control_pam_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_access_control_pam_v3.png|border|class=tlt-border]]


====Modify PAM Auth====
====Modify PAM Auth====
----
----
[[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v2.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 474: Line 503:
         <td>off {{!}} on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td>
         <td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td>
    </tr>
    <tr>
        <td><span style="color:red">Radius</span>: Require Message-Authenticator</td>
        <td>off {{!}} on; default: <b>on</b></td>
        <td>Require and validate Message-Authenticator RADIUS attribute on Access-Request replies.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 503: Line 537:
<b>IP Block Settings</b>  
<b>IP Block Settings</b>  
----
----
[[File:Networking_rutos_manual_administration_access_control_security_v4.png|border|class=tlt-border]]
[[File:Networking rutos manual administration access control security settings v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
     <tr>
     <tr>
Line 585: Line 619:
{{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing===
{{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing===
----
----
[[File:Networking_rutos_manual_administration_access_control_pairing_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administration_access_control_pairing_v3.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
     <tr>
     <tr>
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/131768"