Chat with us
- Support Form
- Knowledge base
- Basic concepts
- Installation
- Design
- System
- Management
- Algorithms
- Features
- Ethernet Bonding
- Quality of Service QoS
- Gateway MAC Address (GMAC)
- Connectivity
- Probe
- Security
- Failover and High Availability
- Persistence
- TAG Balancing
- Intelligent DNS (iDNS)
- Intelligent Service Verificator
- SitePathMTPX
- Geolink
- IPv6 Support
- Performance Impact
- USB Mobile Stick
- 3G - 4G Device Form
- Feature Request
- Download Area
- Online Training
- Unboxing a Link Balancer
- Power Protection
- Visio Stencil
- End of sale models
- Elfiq BETA Program
 |
Management
When I try to access the Link LB through the console port, the only output that I get is strange characters.
The console port on the terminal application is not properly set. It needs to be set at 9600-8-N-1 (no hardware flow control). Please consult your EOS User Guide for additional information on proper setup of the console port.
The console port does not display the login screen using the serial cable.
Check your terminal settings; you must be in 9600 bauds 8-N-1 and deactivate the hardware flow control.
What is inline access and how is it secured?
There are several ways to connect to an Elfiq unit and one of the most convenient and secure is Inline Access. This method allows an administrator to connect to an Elfiq unit remotely via an Internet link, without looping back around to the physical management port. Packets that are sent from the remote administrator's computer are intercepted directly by the Elfiq unit through the ISP link port which pertains to the chosen target IP address.
This method is secured by simply validating the preconfigured source IP address from which the administrator is originating the connection. Packets from that address will be intercepted by the Elfiq unit and a prompt or a service will be presented. Traffic from any other source IP address will pass through the Link Balancer and will be dealt with by whichever device was in charge of security prior to integrating the Elfiq unit. That means it will be impossible for an intruder to "exhaust" the Elfiq unit by repeatedly attacking it since the packets will be handled by the next network node in the chain.
What ports does Inline Access listen on for its various services or management methods?
This grid contains all ports that the Link LB will use with its Inline Access feature, including the direction in which there will be an interception. This is important in the context of Inline Access because some of these ports will not be intercepted in both directions.
| Protocol | Port | Direction |
|---|---|---|
| TCP | 22 (SSH) | Inbound |
| TCP | 80 (HTTP) | Inbound |
| TCP | 443 (HTTPS) | Inbound |
| TCP | 123 (NTP) | Outbound |
| TCP | 9998 (Elfiq API) | Inbound |
| UDP | 161 (SNMP) | Inbound |
| UDP | 162 (SNMP Traps) | Outbound |
| ICMP | PING ECHO | Inbound |
I configured Inline Access on my Link LB and I can log in remotely using some links but not others.
If you have devices that add a layer of NAT between the ISP and the Link LB, for example a DSL modem that NATs the dynamic public IP to a 192.168.1.0/24 range. Ensure that the rules inside the NAT device permit incoming traffic over the relevant ports (TCP 22, 80 and 9998) and check for the destination IP (session forwarding) in the private range to configure the Link LB inline access on the correct IP.
If you have a link configured as a PPPoE link, then this link cannot be used for Inline Access.
I am having performance issues with the web interface.
Elfiq Networks has designed this management interface to have a broad compatibility with modern browsers. Users should be aware of the following limitations:
- Mozilla Firefox : If FireBug is installed, it should be turned off. It creates memory leaks and slows the response time of the application.
- Security : The security level should be set to medium in your browser.
- Supported browsers : Most modern browsers are currently supported (e.g. IE,Firefox,Chrome,Opera), but it is highly recommended to get the latest versions of these browsers to assure the good functioning of the application.
- Apple Safari is currently not supported.
In some large network infrastructures where the Elfiq unit manages a high number of GMACs (over 5), the web interface my take longer to load the initial components. Slowness may also be experienced while scrolling through the different gauges as the browser frequently repopulates these objects with the latest values.
Can I use different user names and tailor the rights to let people connect to the unit but not change anything?
Starting with version 3.2 and up, you can now define users and assign them to different security groups. These users are independent from the usual mgmt and enable users. Once new custom users are created you can log in the Link LB using your own username and password. Every login will be logged and any command issued can be backtraced to the user through the log. The mgmt and enable users are always active and available to ensure a last resort access, they cannot be disabled by configuration so please choose those passwords wisely.
Important: The default password for any newly created user is “mgmt”, once logged in with the temporary password you can change it to a secure password. The enable user doesn’t have the right to view or change other user’s passwords.
Depending on which groups your user is part of, your own security permissions will differ. Typically, everyone should be part of the eos_read group that has the rights to see the different stats but all other commands are disabled and sensitive information is hidden. Adding a user to more than one group will grant more rights, at this time no groups exist to revoke rights, therefore the effective rights of a user can always be expressed as the sum of their group memberships.
Groups have been predefined by Elfiq Network and are not customizable. A user can override his assigned rights and obtain “enable” status by using the “ena” command as before. This action will be logged.
Granting the eos_enable group membership to a user will effectively put this user on level with the enable user. In other words, once you have been granted the eos_enable group, you no longer have to use the “ena” command.
Available Groups:
- eos_read: Gives the right to see statistics and logs.
- eos_reload: Gives the right to use the reload command.
- eos_eosupdate: Gives the right to use the eosupdate command.
- eos_diagnostic: Gives the right to use the status altering commands but not the configuration altering commands.
- eos_enable: Gives full rights to the user, configuration creation, modification, destruction.
- eos_geolink: Special group reserved for inbound geolink connections. Cannot be used for other purposes than Link LB to Link LB geolink establishment.
Users can be managed both from the web interface using the “User management” wizard or the Command-Line interface in the system module, please see the user guide for more details.
-
Products
-
Resources
-
Solutions
-
Company
-
Support
-
RSS Subscription
Copyright Elfiq, Inc. 2012
Terms of Use