VMG1312-B10A: CLI

From AAISP Support Site

CLI Tips

The ZyXEL VMG1312 has a web interface and a Command Line Interface (CLI). The CLI can be reached by telnet or ssh. Usually the CLI is not needed to be used as most of the config changes can be done from the Web interface. However, here are some useful commands for the CLI.

Show the list of commands

?

There are extra commands that are not shown in that list, e.g. ifconfig, top, and ps.

The firewall can be examined/controlled using the unlisted 'iptables' command (known to Linux users):

> iptables -nvL
Chain INPUT (policy ACCEPT 74 packets, 16446 bytes)
 pkts bytes target     prot opt in     out     source               destination         
10946 1726K LAN_ONLY_INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
10946 1726K DOS_INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
10946 1726K ACL_INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
10946 1726K FW_GENERAL_INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 4836  524K SERVICE_CONTROL  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  289 75333 OTHER_INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  215 58887 DROP       all  --  !br+   *       0.0.0.0/0            0.0.0.0/0           
...

But frustratingly the 'ip6tables' command is not available for examining/controlling the IPv6 firewall. The 'ip6tables' command is available from the shell prompt, but AAISP's config means getting a shell prompt is a little complicated.

Show running processes and CPU/memory information

top

or

ps


Change LAN address to be 192.168.100.1

lan config --ipaddr primary 192.168.100.1 255.255.255.0

Note: Check your DHCP settings when changing the LAN address, the DHCP range may well change itself when you change the LAN address this way anyway.

SSH access

The ssh daemon on the ZyXEL is provided by 'dropbear', and (at least on AAISP's standard firmware) is an antique version dating from July 2005 and which only offers one key-exchange algorithm (diffie-hellman-group1-sha1), an algorithm which is no longer considered secure and might not be used automatically by clients.

The workaround is to manually specify their only available algorithm. E.g. for an openssh client:

 ssh -o KexAlgorithms=diffie-hellman-group1-sha1 admin@192.168.1.1