VMG1312-B10A: CLI: Difference between revisions
(Detail that one might need to force the key-exchange algorithm (e.g. hosts running Debian testing)) |
mNo edit summary |
||
Line 41: | Line 41: | ||
ssh -o KexAlgorithms=diffie-hellman-group1-sha1 admin@192.168.1.1 |
ssh -o KexAlgorithms=diffie-hellman-group1-sha1 admin@192.168.1.1 |
||
[[Category:ZyXEL_VMG1312]] |
[[Category:ZyXEL_VMG1312-B10A]] |
Revision as of 15:38, 7 July 2017
CLI Tips
The ZyXEL VMG1312 has a web interface and a Command Line Interface (CLI). The CLI can be reached by telnet or ssh. Usually the CLI is not needed to be used as most of the config changes can be done from the Web interface. However, here are some useful commands for the CLI.
Show the list of commands:
?
There are extra commands that are not shown in that list, e.g. ifconfig, top, and ps.
The firewall can be examined/controlled using the unlisted 'iptables' command (known to Linux users):
> iptables -nvL Chain INPUT (policy ACCEPT 74 packets, 16446 bytes) pkts bytes target prot opt in out source destination 10946 1726K LAN_ONLY_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 10946 1726K DOS_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 10946 1726K ACL_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 10946 1726K FW_GENERAL_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 4836 524K SERVICE_CONTROL all -- * * 0.0.0.0/0 0.0.0.0/0 289 75333 OTHER_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 215 58887 DROP all -- !br+ * 0.0.0.0/0 0.0.0.0/0 ...
But frustratingly the 'ip6tables' command is not available for examining/controlling the IPv6 firewall. The 'ip6tables' command is available from the shell prompt, but AAISP's config means getting a shell prompt is a little complicated.
Show running processes and CPU/memory information:
top
or
ps
Change LAN address to be 192.168.100.1:
lan config --ipaddr primary 192.168.100.1 255.255.255.0
Note: Check your DHCP settings when changing the LAN address, the DHCP range may well change itself when you change the LAN address this way anyway.
SSH access
The ssh daemon on the ZyXEL is provided by 'dropbear', and (at least on AAISP's standard firmware) is an antique version dating from July 2005 and which only offers one key-exchange algorithm (diffie-hellman-group1-sha1), an algorithm which is no longer considered secure and might not be used automatically by clients.
The workaround is to manually specify their only available algorithm. E.g. for an openssh client:
ssh -o KexAlgorithms=diffie-hellman-group1-sha1 admin@192.168.1.1