Network Services¶
In addition to providing a IPv4 networking stack, Lantronix gateways also include support for a number of networking protocols and services that deliver a complete network communications offload engine in network co-processor mode. The production ready services work together in wireless microcontroller mode to minimize required application development.
You can configure, start, and stop the clients and servers using the available management interfaces.
- CLI Server
- DHCP Client
- DHCP Server
- DNS Client
- DNS Server
- HTTP(S) Server
- Network Discovery
- SMTP Client
- SNMP
- SNTP Client
- TCP Client
- TCP Server
- TLS Client
- TLS Server
- UDP
CLI Server¶
The CLI Server allows you to access the command mode remotely over the network using Telnet. By default, the CLI Server is disabled and remote access to the command line is not available. To connect using Telnet, the CLI server must be enabled in the configuration.
Important
Permissions configured in HTTP Server do not apply to CLI Server. CLI and CLI Server access is available to all users if enabled.
To configure the CLI Server:
In Web Manager, go to CLI Server > Configuration.
For CLI, see Config CLI Server Level.
For XML, see configgroup CLI Server.
CLI Server Configuration Settings¶
The following table describes the Web Manager CLI Server configuration settings.
Links to the equivalent settings for the CLI and XML reference are listed below.
For CLI, see Config CLI Server Level.
For XML, see configgroup CLI Server.
CLI Server Settings | Description |
---|---|
Inactivity Timeout | The amount of time CLI server will maintain the connection without activity. Enter 0 for none. Units can be minutes and/or hours. |
Mode | Enables or disables the CLI server. |
Interface | The interface used for the CLI server. This can be any, ap0, eth0, or wlan0. |
Port | The CLI server will listen on this port for connections. |
DHCP Client¶
The DHCP client obtains an IP address and other networking parameters when attempting to make a connection on either the wlan0 or eth0 interfaces. Configure the DHCP client for the interfaces by accessing the network interface configuration group for the respective interface.
By default, the interfaces are configured for DHCP mode versus static IP mode.
In Web Manager, go to Network and select eth0 > Interface > Configuration or wlan0 > Interface > Configuration.
For the CLI, see Config Interface level.
For XML, see configgroup interface.
DHCP Server¶
The DHCP server assigns an IP address to a client attempting to make a connection on the ap0 interface.
Enable the ap0 interface in order for the DHCP server to assign IP addresses to clients connecting on ap0.
See SoftAP for configuration settings and more information.
In Web Manager, go to Network and select ap0 > Interface > Configuration.
For the CLI, see Config Interface level.
For XML, see configgroup interface.
DNS Client¶
The DNS client resolves and caches the DNS domain name to IP address mapping.
It communicates with the DNS server addresses configured statically or obtained via DHCP within the wlan0 or eth0 interface.
You can configure the Primary DNS and Secondary DNS to define the DNS servers that will be used when performing a domain name lookup.
In Web Manager, go to Network > eth0 or wlan0 > Interface > Configuration.
For the CLI, go to Config Interface level.
For XML, go to configgroup interface.
DNS Server¶
The DNS performs a redirect when the WLAN client connected to the SoftAP interface issues a DNS request. DNS resolves the request to the SoftAP IP address.
HTTP(S) Server¶
The HTTP server is used to store, process, and deliver web pages to the Web UI client using HTTP. It also serves resources such as HTML pages, Javascript files, images, etc. to web browser based applications or network applications that utilize the HTTP protocol for communication.
The HTTP server can be configured with TLS to provide secure HTTP communication.
HTTP Server Configuration¶
You can configure the following HTTP Server settings:
- Set the operation mode. The HTTP server can be enabled, disabled, or triggered by the CPM role. For details on configurable pins, see CPM.
- Specify the TLS credential to be used. For details on TLS credentials, see Data Communication Security (TLS).
- Set the authentication timeout value if Digest Authentication is in use.
- Specify the Inactivity Timeout for Standby Power mode. For details on managing power settings, see Power Management.
To configure the HTTP server:
In Web Manager, go to HTTP Server > Configuration.
In CLI, see Config HTTP Server Level.
In XML, see configgroup HTTP server.
HTTP Server Configuration Settings¶
The following table describes the Web Manager HTTP Server configuration settings.
Links to the equivalent settings for the CLI and XML reference are listed below.
In CLI, see Config HTTP Server Level.
In XML, see configgroup HTTP server.
Changes to HTTP Server take effect after reboot.
HTTP Settings | Description |
---|---|
Mode | Enables or disables the HTTP server. Choices are: Enabled Disabled Triggered - HTTP Server will wait for the CPM Role to become active. Then the HTTP server stays up indefinitely. |
Port | HTTP server port number. Default is 80. Clearing the field will restore the default. Enter 0 for none. |
Secure Port | Secure port number. Enter 0 for none. The default Secure Port (TLS) can be overridden. |
Secure Credential | TLS server credential. It may contain up to 30 characters. The secure credential specifies the name of the TLS Server Credential to be used for the secure connection. |
Authentication Timeout | The Authentication Timeout value is applied only if Digest authentication is being used. |
Inactivity Timeout | The amount of time the HTTP server will hold power on after completing a request. This setting only applies if HTTP Server is enabled in Power settings. The HTTP Server will hold power on this long after it completes a request. |
HTTP Server Security¶
HTTP Server security provides role-based access control enabling you to assign authentication directives to specific URIs, config groups (for setting configuration), and status groups (for performing actions that appear in the status menu). In addition to controlling access to config groups, status groups, and built-in URIs (such as "/tlog" or "/upgrade"), you can also control access to URIs that you create, such as a "/welcome" URI.
To assign access control to specific URIs, config groups, and status groups, you specify the authentication type (what type of passphrase is required) and the user level (Admin, Tech, User, or None). The access control is hierarchical; Admin can access URIs, config groups, and status groups assigned to Admin or below, while Tech can access URIs, config groups, and status groups assigned to Tech or User level, and User can only access URIs, config groups, and status groups granted to User level. Additionally, the Tech user level can only see URIs, config groups, and status groups associated with their assigned Zone(s). See User Management for more details on zones.
The permission settings of a URI are passed on to the child folders of that URI, unless you set a different permission directive for a child folder. The directive will override the parent folder's access control setting.
When setting permissions for config groups and status groups, a partial group name can be used to apply that permission to all groups that match that partial name. For example, a permission for "Tunnel" would apply to "Tunnel Accept," "Tunnel Line," "Tunnel Connect," "Tunnel Disconnect," and "Tunnel Packing."
Built-in URIs
The following URIs are built in to the server:
URI | Description |
---|---|
/ajax | Web Manager helper |
/wm/firmware_upgrade | Web Manager upgrade firmware |
/wm/fs/copy | Web Manager copy file |
/wm/fs/mkdir | Web Manager make directory |
/wm/fs/rename | Web Manager rename file |
/wm/fs/rm | Web Manager remove file |
/wm/fs/rmdir | Web Manager remove directory |
/wm/fs/upload | Web Manager upload file |
/fs | File System Web API |
/logout | Digest Authentication |
/mux_http | Mux Listener |
/tlog | Trouble Log |
/upgrade | Firmware Upgrade |
/export/status | Export status |
/export/config | Export configuration |
/import/config | Import configuration |
/action/status | Web API actions |
Example configuration:
To allow administrators full access and restrict users to only being able to configure line settings, set the configuration as follows:
- Config 1 Group: Line
- Config 1 User: User
Default permissions:
By default, only Admin level has permission. Permission needs to be given to users in the Tech or User levels. Before firmware version 3.5, all users had permission by default. If you had non-administrator users on firmware versions lower than 3.5, you can achieve backward compatibility by adding the following:
- Config 1 Group: *
- Config 1 User Level: User
- Status 1 Group: *
- Status 1 User Level: User
Important
Permissions set here apply to the HTTP Server, including Web API and Web Manager. Permissions do not apply to CLI or CLI Server (Telnet CLI). Full access to CLI (and CLI Server if it's enabled) is given to all users.
HTTP Server Security Configuration¶
To configure HTTP server security from Web Manager:
- Go to HTTP Server > Security.
- Click Edit next to Access Control, Config, or Status.
- Enter a URI (starting with /), a config group, or a status group.
- Configure the authentication type and user level.
- If you have not created a Tech level user or User level user, do so now. See User Management for details.
- If necessary, create the URI and add an html file to the file system. See File System. If you configured access control on a built-in URI, you can skip this step.
- Test the authorization level.
For CLI, see Config HTTP Server Security Level.
For XML, see configgroup HTTP Server Security.
Network Discovery¶
Network discovery allows applications on the network to discover the Lantronix gateway. An application such as DeviceInstaller issues discovery queries according to the Lantronix Discovery Protocol operating on UDP port 30718 (0x77FE).
To allow applications to discover the device, you enable the Discovery Query Port parameter for the network interface instances. Discovery is enabled by default.
To prevent applications from discovering the device, you disable the Query Port parameter for the network interface instances.
In Web Manager, go to Discovery > ap0 or eth0 or wlan0 > Configuration. Enable or disable the query port state.
For the CLI, see Config Discovery level.
For XML, see configgroup Discovery.
SMTP Client¶
The Simple Mail Transfer Protocol (SMTP) client is used to configure an email message to be sent using an external SMTP server.
The SMTP client is available only through the CLI. To configure an email message, see Status SMTP level.
Example usage follows:
Send <ssl server hostname>
<username>
<password>
<from mail address>
<first recipient mail address>
[optional second recipient mail address]
[...] <-- Empty line ends recipient list
<subject>
<first line of body>
[optional second line of body]
[...] <-- Empty line ends body
SNMP¶
SNMP is not included in the default firmware. To use SNMP, use the SDK to create a project including the snmp
module. See the Optional Features chapter of the xPico 200 Series SDK User Guide for more information.
SNTP Client¶
The Simple Network Time Protocol (SNTP) client synchronizes with the Network Time Protocol (NTP) server. NTP is an Internet protocol used to synchronize computer clocks to a single time reference.
You can configure the Clock settings to update according to NTP or to update manually. For information on how to set the clock, see Date and Time.
You can also view and set the SNTP client configuration. See NTP.
TCP Client¶
The TCP client initiates a Tunnel connection with a TCP server that is listening on a designated port for a request.
TCP connections can use AES or TLS to encrypt the data stream. To configure the connection using either of these encryption types, you will need to supply an AES credential or TLS credential.
To configure TCP connections, see TruPort Serial.
TCP Server¶
The TCP server accepts Tunnel connection requests initiated by a TCP client.
TCP connections can use AES or TLS to encrypt the data stream. To configure the connection using either of these encryption types, you will need to supply an AES credential or TLS credential.
To configure TCP connections, see TruPort Serial.
TLS Client¶
TLS can be configured for TCP tunnel connections or Socket (Mux).
TLS can be configured with HTTP to provide a secure HTTP server. For details on setting up TLS with HTTP, see HTTPS Server.
To configure TLS, you create a TLS credential that contains the security details such as the certificate, private key, and trusted authority, as needed.
The TLS protocol version must be one of the following combinations:
- TLS 1.0
- TLS 1.1
- TLS 1.2
- TLS 1.1, TLS 1.2
- TLS 1.0, TLS 1.1, TLS 1.2
To set up a TLS client for a tunnel or Mux connection, specify the TLS credential as part of the connection settings.
See TruPort Serial or TruPort Socket for details on how to set up these connections.
TLS Server¶
TLS can be configured for TCP tunnel connections or Socket (Mux).
To configure TLS, you create a TLS credential that contains the security details such as the certificate, private key, and trusted authority, as needed.
The TLS protocol version must be one of the following combinations:
- TLS 1.0
- TLS 1.1
- TLS 1.2
- TLS 1.1, TLS 1.2
- TLS 1.0, TLS 1.1, TLS 1.2
To set up a TLS server for a TruPort Serial (tunnel) or TruPort Socket (Mux) connection, specify the TLS credential as part of the connection settings.
See TruPort Serial or TruPort Socket for details on how to set up these connections.
UDP Client and Server¶
User Datagram Protocol (UDP) can be used to provide an alternative transport-layer protocol for Tunnel connections.
You can configure Tunnel to use UDP protocol. The reception setting can be "restricted" or "unrestricted." When it is set to "restricted," UDP packets will only be accepted from the address and port designated by the Host Address and Port. The remote address and port of the first received packet are taken as designated until the socket is closed. When it is set to "unrestricted," UDP packets from any IP address will be accepted as long as they are directed to the local Port.
To configure UDP, see TruPort Serial.