Home WTI User's Guides
cover
Warnings and Cautions
1. Introduction
2. Unit Description
2.1. Front Panel Indicators
2.2. Back Panel
3. Quick Start Guide
3.2. Hardware Installation
3.2.1. Apply Power to the NetLink II
3.2.2. Connect your PC to the NetLink II
3.3. Communicating with the NetLink II
3.3.1. Access via Console Port or Modem
3.3.2. Access via Network
3.4. Connect your PBX to the NetLink II
4. Hardware Installation
4.1. Connect the NetLink II to your Power Supply
4.2. Set-Up Switches
4.2.1. Console Port Password
4.2.2. Power Up Console Defaults
4.2.3 Modem Speaker
4.3. Reset to Defaults
4.4. Connecting Cables and Phone Line
4.4.1. PBX Input Port
4.4.2. Modem Port
4.4.3. Console Port
4.4.4. Network Port
5. Configuration
5.1. Command Mode Access
5.2. Menu System Conventions
5.3. Set System Parameters
5.3.1. The User Directory
5.3.1.1. Administrator Access
5.3.1.2. Adding New User Accounts
5.3.1.3. Editing and Deleting User Accounts
5.3.1.4. Viewing the User Directory
5.3.2 Real-Time Clock Settings
5.4. Port Configuration
5.4.1. PBX Serial Input Port
5.4.1.1. Field Suppression; The Lucent Switch Feature
5.4.2. PBX IP Port Configuration
5.4.3. Console Port Configuration
5.4.4. Modem Port Configuration
5.4.4.1. Dialback Security
5.4.5. Network Port Configuration
5.4.5.1. The IP Security Feature
5.4.5.2. The Email Text Messaging Parameters Menu
5.4.5.3. PPP Dialout Configuration
5.4.6. Push File Configuration
5.4.7. Server Configuration
6. Menu System Description
6.1. Software Tree
7. Status Screens
7.1. Buffer Status Screen
7.2. File List Screen
7.4. The User Directory
7.5 PBX Port Status Screen
7.6. The PBX IP Port Status Screen
7.7. The Console Port Status Screen
7.8. The Modem Port Status Screen
7.9. The Network Port Status Screen
7.10. Scheduled Action Status Screens
7.11. PBX Inactivity Alarm Status Screens
7.12. 80 Full Alarm Status Screen
7.13. Data Filters Alarms Status Screen
7.15. Reason for Action Screen
7.16. Alarm Filter Clue Status Screens
8. The Data Filters
8.1. The Data Filter Configuration Menus
8.2. Defining the Data Filter Format
8.3. Defining Data Filter Clues
8.4. Logical and Relational Operators 8.4. Logical and Relational Operators
8.4.1. Logical AND-OR Conditions
8.4.1.1. Logical AND Conditions
8.4.1.2. Logical OR Conditions
8.4.2. The Contains String Operator
8.5. Real Time Variables
8.6. Assigning the Data Filter to a Port
8.7. Data Filter Definition Examples
9. The Alarm Filters
9.1. Common Types of Suspect Phone Activity
9.2. The Alarm Configuration Menu
9.2.1. Default Alarm Filter Actions
9.3. The Alarm Filter Configuration Menus
9.4. Defining the Alarm Filter Format
9.5. Defining Alarm Filter Clues
9.5.1. Alarm Clue Definition
9.5.2. Editing and Deleting Clues
9.6. Logical and Relational Operators
9.6.1. Logical AND-OR Conditions
9.6.1.1. Logical AND Conditions
9.6.1.2. Logical OR Conditions
9.6.2. The Contains String Operator
9.7. Real Time Variables
9.8. Assigning the Alarm Filter to a Port
9.9. Match Parameter Definition Examples
10. PBX Inactivity Alarms
10.1. Schedules and Timers
10.2. Enabling the PBX Inactivity Alarm
11. The 80 Full Alarm
12. Alarm Actions
12.1. Alarm Actions for Alarm Filter Clues
12.2. Alarm Action Summary
12.2.1. None
12.2.2. Callout
12.2.3. Alphanumeric Page
12.2.4. Numeric Page
12.2.6. Email Text Message
12.2.7. Console
12.3. The Auto Execute Function
13. Scheduled Actions
14. Saving NetLink II Parameters
14.1. Saving Parameters to Flash Memory
14.2. Saving and Restoring Parameters from an ASCII File
14.2.1. Saving Parameters to an ASCII File
14.2.2. Saving Parameters to an ASCII File
14.3. Configuring NetLink II with Saved Parameters
15. Buffer Functions
15.1. Memory Partitions and Shared Data
15.1.1. Partitions and Files
15.1.2. Setting the Partition
15.1.3. Releasing the Partition
15.2. Menu Driven Data Release
15.2.1. The Buffer Functions Menu
15.2.2. Read Session Parameters
15.3. Command Driven Data Release
15.3.1. Command B00
15.3.2. The B01 Command Line
15.3.3. Command B01 Examples
15.3.4. Other Commands Used During Data Release
15.4. Retrieving Data Using the Push Function
15.4.1. File Names Created by the Push Function
15.4.2. Push Start Time
15.5. Retrieving Data Using the Server Function
15.5.1. File Names Created by the Server Feature
15.6. The Auto Delete Function
15.7. Zmodem Data Release Mode
16. Other Menu Functions
16.1. System Functions
16.1.1. Pass-Through Mode
16.1.2. Monitor Mode
16.1.3. Clear Alarm Condition
16.1.4. Clear Alarm Counters
16.1.5. Download Parameters
16.1.6. Audit Trail
16.1.7. Upload Firmware
16.1.8. Download SSH Server Keys
16.2. System Diagnostics
16.2.1. Load and Test Memory
16.2.2. Send Test Message
16.2.3. Test Pager
16.2.4. Send Test SNMP
16.2.5 Send Test SYSLOG Message
16.3. Reboot System
17. Command Reference Guide
17.1. Command Mode Access
17.2. Command Help
17.3. Command Syntax
17.4. Command Summary
A. Specifications
B. Description of System Interfaces
B.1. Serial PBX Input Port
B.2. Console Port
C. Administrator Functions and User Functions
C.1. Security Mode at Start Up
C.2. Dialback Security
C.3. Administrator Mode and User Mode Functions
D. Alarm Clue Definition Tips
D.1. Headers Banners and Other Non-Data
D.1.1. The Comparative Operators
D.1.1.1. Limit Comparisons
D.1.1.2. Exclude Non-Data Characteristics
D.1.2. Exact Match with PBX Call Record Format
D.2. Programming Support
E. SSH Application Notes
E.1. Windows XP - Assign a User Name
E.2. Create the User Name in the WINSSHD Application
E.3. Generate Netlink client keys
E.4. Import the Client Keys Into the WINSSHD Application
E. Customer Service
Index
PollCat NetLink II B

5.4.5.1. The IP Security Feature

 

NetLink II can restrict unauthorized IP addresses from establishing an inbound Telnet connection to the unit.  This allows the user to grant Telnet access to only a specific group of IP addresses, or block a particular IP address.  In the default state, the NetLink II accepts incoming IP connections from all hosts.

The IP Security Function employs a TCP Wrapper program which allows the use of standard, Linux operators, wild cards and net/mask pairs to create a host based access control list.

As shown in Figure 5.14, the IP Security configuration menu allows you to define a "hosts.allow" client list and "hosts.deny" client list.  Basically, when setting up IP Security, you must enter IP addresses for the hosts that you wish to allow in the Allow list, and addresses for hosts that you wish to deny in the Deny list. Since Linux operators, wild cards and net/mask pairs are allowed, these lists can indicate specific addresses, or a range of addresses.

IP SECURITY:

1.    CLIENT LIST FOR “hosts.allow”

2.    CLIENT LIST FOR “hosts.deny”

 

Enter selection,Press <ESC> to return to previous menu ...

Figure 5.14:  The IP Security Configuration Menu

When the IP Security feature is properly enabled, and a client attempts to connect, NetLink II will perform the following checks:

1                     If the client’s IP address is found in the "hosts.allow" list, the client will be granted immediate access. Once an IP address is found in the Allow list, the NetLink II will not check the Deny list, and will assume that you wish to allow the address to connect.

2                     If the client’s IP address is not found in the Allow list, the NetLink II will then proceed to check the Deny list.

3                     If the client’s IP Address is found in the Deny list, the client will not be allowed to connect.

4                     If the client’s IP Address is not found in the Deny list, the client will be allowed to connect, even if the address was not found in the Allow list.

 

Notes:

•                      If NetLink II finds an IP Address in the Allow list, it will not check the Deny list, and will allow the client to connect.

•                      If both the Allow and Deny lists are left blank, then the IP Security feature will be disabled, and all IP Addresses will be allowed to connect (providing that the proper password and/or SSH key is supplied.)

•                      When the Allow and Deny lists are defined, the user is only allowed to specify the Client List; the Daemon List and Shell Command cannot be defined.

 

CLIENT LIST FOR “hosts.allow”:

1.    (undefined)

2.    (undefined)

3.    (undefined)

4.    (undefined)

5.    (undefined)

6.    (undefined)

7.    (undefined)

8.    (undefined)

 

Enter selection,Press <ESC> to return to previous menu ...

Figure 5.15:  IP Security:  The Allow List

Adding IP Addresses to the Allow and Deny Lists

To add an IP Address to the Allow or Deny list, and begin configuring the IP Security feature, proceed as follows.

Notes:

•                      Both the Allow and Deny list can include Linux operators, wild cards, and net/mask pairs.

•                      In some cases, it is not necessary to enter all four "digits" of the IP Address.  For example, if you wish to allow access to all IP addresses that begin with "192", then you would only need to enter "192."

•                      The IP Security Configuration menu is only available to accounts that allow access to Administrator level commands.

 

1                     Access the IP Security Configuration Menu.  From the Main Menu, type 22and press [Enter] to access the Port Configuration Menu, then type 23and press [Enter] to access the Network Port Configuration menu. From the Network Configuration menu, type 6and press [Enter] to display the IP Security Menu, shown in Figure 5.14.

2                     Allow List:

 

a) From the IP Security Menu, type 1and press [Enter] to access the Allow List. 

b) Enter the IP Address(es) for the clients that you wish to allow.  Note that if an Address is found in the Allow List, the client will be allowed to connect, and NetLink will not check the Deny List.

c) Note the number for the first empty field in the Allow List, then type that number at the command prompt, press [Enter], and then follow the instructions in the resulting submenu.

3. Deny List:

a) From the IP Security Menu, type 2and press [Enter] to display the Deny List.

b) Enter the IP Address(es) for the clients that you wish to deny.  Note that if the client’s IP Address is not found in the Deny List, that client will be allowed to connect. Use the same procedure for entering IP Addresses described in Step 2 above.

Note: After IP addresses have been added to the Allow or Deny list, the IP Security feature will be automatically enabled, and the Network Configuration menu will indicate that the feature is "On."

Linux Operators and Wild Cards

In addition to merely entering a specific IP address or partial IP address in the Allow or Deny list, you may also use any standard Linux operator or wild card. In most cases, the only operator used is "EXCEPT" and the only wild card used is "ALL", but more experienced Linux users may note that other operators and wild cards may also be used.

EXCEPT:

This operator creates an exception in either the "allow" list or "deny" list.

For example, if the Allow list includes a line which reads "192. EXCEPT 192.255.255.6," then all IP address that begin with "192." will be allowed; except 192.255.255.6 (providing that address appears in the Deny List.)

ALL:

The ALL wild card indicates that all IP Addresses should be allowed or denied. When ALL is included in the Allow list, all IP addresses will be allowed to connect; conversely, if ALL is included in the Deny List, all IP Addresses will be denied (except for IP addresses listed in the Allow List.)

For example, if the Deny List includes a line which reads "ALL EXCEPT 168.255.192.192, then all IP addresses except 168.255.192.192 will be denied (except for IP addresses that are listed in the Allow List.)

Net/Mask Pairs:

An expression of the form "n.n.n.n/m.m.m.m" is interpreted as a "net/mask" pair.  A host address is matched if "net" is equal to the bitwise AND of the address and the "mask."

For example, the net/mask pattern "131.155.72.0/255.255.254.0" matches every address in the range "131.155.72.0" through "131.155.73.255."

IP Security Examples

1. Mostly Closed: Access is denied by default and the only clients allowed, are those explicitly listed in the Allow list.  To deny access to all clients except 192.255.255.192 and 168.112.112.05, the Allow and Deny Lists would be defined as follows:

Allow List:

1                     192.255.255.192

2                     168.112.112.05

 

Deny List:

1. ALL

2. Mostly Open: Access is granted by default, and the only clients denied access, are those explicitly listed in the Deny List, and as exceptions in the Allow list.  To allow access to all clients except

192.255.255.192 and 168.112.112.05, the Allow and Deny Lists would be defined as follows:

Allow List:

1. ALL EXCEPT 192.255.255.192, 168.112.112.05

Deny List:

1. 192.255.255.192, 168.112.112.05

Notes:

•                      When defining a line in the Allow or Deny List that includes several IP addresses, each individual address is separated by either a space, a comma, or a comma and a space as shown in Example 2 above.

•                      Take care when using the "ALL" wild card.  When ALL is included in the Allow List, it should always include an EXCEPT operator in order to allow the unit to proceed to the Deny list and determine any addresses you wish to deny.

 

EMAIL AND TEXT MESSAGING:

SMTP SERVER PARAMETERS EMAIL PARAMETERS

1. IP Address: (undefined)  21. From Name: (undefined)

2. Port Number: 25 22. From Address: (undefined)

3. User Name: (undefined)  (Cont.):(Cont.): (Cont.):(Cont.): 23. To Name #1: (undefined)

4. Password: (undefined)  24. To Address #1: (undefined)

5. Auth Type: LOGIN (Cont.):(Cont.):

一.    To Name #2: (undefined)

一.    To Address #2: (undefined)(Cont.):(Cont.):

 

MISCELLANEOUS 27. Priority: Normal

1.    Send Test Email 28. Subject: (undefined)

2.    Stop Email Sess (Cont.):

3.    Last Email Stat (Cont.):

 

Enter selection,Press <ESC> to return to previous menu ...

Figure 5.16:  The SMTP Parameters Configuration Menu