4.1     Terminal Proxy Tab


 

Terminal Proxy feature allows remote clients to log in to the managed devices through netLD server. One useful aspect of using Terminal Proxy is that you 

do not have to input the login information on the console — netLD automatically feeds the information  for you.  It also logs all the operation history with 

various information that can be later reviewed when something happens.


Also, using this feature results in the more secure network because the password do not have to be sent through the World Wide Web. Moreover, 

outsourcing the management effort is more secure because the operators do not have to know the actual device password. The outside operators, they 

just have to know the login passwords of Net Line Dancer instances and NOT the device passwords, avoiding access to the critical security information 

in your network.


Consequently, Terminal Proxy provides a centralized management of the devices (even on the devices beyond netLD  backup coverage).


Figure  4.1.1: Operation Model of Terminal Proxy

blob1477953321903.png


To set up the Terminal Proxy feature, follow  these steps described  in this section:

 

 

4.1.1   Available Commands

 

 

Command

Example
Description


connect(IP 


address or host


name)


connect (initials)


device(IP 


address or host 


name)


device (initials)

 

 

exit help

Network

<network

name>

version

connect

192.168.10.0;

connect cisco

connect c

 

 





device

192.168.10.0;

device cisco

device c


Connect to devices with either SSH or 


telnet. (You have to set up the 


  Credentials prior to the connection.)

Show the list of up to 20 devices


starting with the character.


show the details of the device.

 

Show the list in just the same way as

connect command does.

  Terminate the SSH session with netLD.

  Show the list of commands.

  Switch the current network (in terms of

  Sec. 2.5) to the specified one.

  Show the current version of netLD.


 

 

4.1.2   Setup the Terminal Proxy


First, since this feature is disabled by default, enable Terminal Proxy in the settings window. Go to Settings → Network Servers and check on the 


Enable the Terminal Server Proxy (SSH). You can change the port that SSH communicate through with the Terminal Server Proxy SSH Port below. 


Click on the OK button to save the change. Remember that you  must open the access to the SSH  port in  your firewall program!


blob1477953542753.png


 

4.1.3    Login


Before trying to log in, take a memo of the netLD  server IP address.


First, open and start an SSH client and connect to the netLD server.  The type of the client does not matter – you can use a standard OpenSSH on 

various OSes like UNIX, Mac OSX, Linux and Windows machines (additional installation is required on Windows.)  

In this example, we assume the server is 192.168.0.77 and the client is bash.Again, remember that you  must open the access to the SSH  port in  your 

firewall program!


bash>

 

Log in to the netLD  server as an usual SSH session. The username and pass- word are the same as those used in the usual browser GUI interface 

login. Note that you have to specify the appropriate port upon login. On Linux version it is 2222 and on windows version it is 22 (same as what SSH 

uses by default). Check the port at Terminal Server Proxy SSH port in Server Settings window → Network Servers.

bash>  ssh   admin@192.168.0.77 -p  2222 

admin@192.168.0.77’s password:

Active network: Default

Welcome to Net  LineDancer - 2014/03/26 11:33:20  JST

netld#

 

Connect the IP address of a device with connect <IP  address or  host name>. You can automatically login to the devices  as an administrator, 

with already enabled state, as long as netLD already has the correct credential information of the device.


netld# connect 10.0.2.2

connect 10.0.2.2

Resolving device 10.0.2.2... 

Connecting to  device 10.0.2.2...

Warning: skipping login authentication  until an  administrative user is  added.

NEC  Portable Internetwork Core  Operating System  Software

Copyright Notices:

Copyright (c)  NEC  Corporation  2001-2010. All   rights reserved. 

Copyright (c)  1985-1998   OpenROUTE  Networks, Inc.

Copyright (c)  1984-1987, 1989  J. Noel  Chiappa. 

IX2025_LVI# enable-config

Enter configuration  commands,  one  per   line. End with   CNTL/Z.

IX2025_LVI(config)#


When you are done, enter exit several times to go back to the netLD SSH session. (However the number is device-specific.) The first exit is for 

exiting the enabled mode in the device CUI and the second exit is for exiting the session with the device. Upon logout, netLD takes a backup 

automatically.  Also, when a configuration  change has been detected, the event is automatically stored into the configuration history.


IX2025_LVI(config)# exit exit

IX2025_LVI# exit 

exit

Connection to 10.0.2.2 closed. 

netld#

To exit the netLD session, again hit exit.

netld# exit 

exit

Connection to  192.168.0.77 closed.

bash>

 



During the session with the netLD  server, connect c shows the list of top 10 host names starting with c in your network. Enter the key number of the 

device, then hit Enter. It automatically tries to log in, and when successful, the prompt on the device appears. Also, the auto-completion  is available,  

e.g., connect c  <Tab> shows all host names starting from c.  When the target device was not in the list, you can narrow down the list of the matched 

devices by entering additional characters, like Cisco <Tab>, and the list contains only the devices starting with Cisco.

 

 

 You cannot login to the devices in the Network  which you are not authorized.Without an authorization,you can login only to the devices in the Default network.To switch the network, enter network  <network name>.More descriptions are available in Sec.2.5, p.35.

 


4.1.4   Terminal Proxy Log



You can check the terminal proxy history in Terminal Proxy tab. double-click on a log and you will see the detailed log on the lower pane.

Terminal Proxy log.



blob1477953788227.png


Menu Items            Description

Device IP Address Device IP address you logged in

Device Hostname  Hostname you logged in

Make/Model           Make/Model  you logged in

Protocol                 Protocol used

User                       Login User

Client IP Address   IP address of original client login

Session Start         Time of Session Start

Session End          Time of Session End


In terminal log, there are five kinds of searches available.


Search            Description

Device              IP address and hostname you logged in

Text                   Searches for the query Texts in the command input and output.

User                  Login user of netLD

Client IP            The IP address that the user logged in from.

Session date     Specify the range of dates to search.


Tips: Right-click  on a device in Device View, then click on the Show Terminal

Proxy Logs. It provides an easy access to the terminal history of the device.


blob1477953832821.png


4.1.5   Verifying the Log  from Change History

As in the normal backups, if a backup was performed due to the changes made in the proxy terminal, Configuration  Change History shows the change, and 

you can check the backup status. Click on the  button while selecting the configuration, and the change summary tab shows up in the status pane.

Click on the   button while selecting the configuration.


blob1477953846103.png


The change summary tab shows up in the status pane.


blob1477953862258.png


4.1.6   Exporting the Log  Files

Clicking the Export button in the Terminal Proxy Tab in the mane pane creates an zip archive in a specified folder.

The files in the archive are organized into sub directories as follows:


• <filename>.zip

–  <network  name>

∗ 10.0.0.1 (1812J-B)

∗ 10.0.0.201 (cisco2500b.intra.dar.co.jp)

∗ 10.0.0.203 (cisco2600a.intra.dar.co.jp)

∗ 10.0.0.208 (C2801)

∗ . . .