Description:

Access to the LANCOM router is required for configuration and error analysis. If there is no remote maintenance available for accessing the device, it may be necessary to connect to the router from the Internet.

This article describes how to enable access by LANconfig / WEBconfig and SSH, and which IP addresses have to be set in order to enable remote access by LANCOM Systems Support.

In scenarios with an upstream router (plain Ethernet connection), port forwarding must be set up for the ports used to access the LANCOM router. By default these are the TCP ports 22 (SSH) and 443 (HTTPS).

If access by LANCOM Support is no longer required, LANCOM Systems recommends that you deactivate the remote access.


Requirements:


Procedure:

Allow access to the LANCOM router via HTTPS and SSH:

1) Open the configuration for the router in LANconfig and switch to the menu item Management → Admin → Access settings.

Screenshot of a complex configuration menu for a technical device featuring options for device password enforcement, general management, authentication settings, software updates, interface configurations, and advanced network settings.

2) Under Configuration access ways open the menu Access rights → From a WAN interface

Screenshot of a network configuration interface displaying options for specifying access rights for various network protocols and supported configuration paths, with buttons for OK and Cancel.

3) Under Protocols, use the drop-down menus to set the options SSH and HTTPS to allowed, which enables access to the router.

Image displays a network device configuration interface showing various protocol access settings, including SSH, TELNET, TELNET over SSL, and TFTP, all set to 'denied', as well as considerations for read-only access rights necessary for LAN configuration and device communication.

4) Under Access to web server services, open the menu Access rights → From a WAN interface

An image of a network configuration interface showing options to set access rights and limitations for various network protocols and stations, with buttons for OK and Cancel visible.

5) Make sure that the HTTP port is set to the option Automatic, which means that the web server is active.

Image of a user interface showing access rights settings from a WAN interface, labeled 'Lonconee'.

6) Go to the menu Access stations

The access stations table is a whitelist. Access is only possible from the IP addresses or IP networks stored there.

The table Access stations needs to contain all of the IP networks or IP addresses from which access to the router should be allowed. Consequently, the internal networks must also be stored here. Otherwise access to the router will no longer be possible from the internal network!

Image of a computer interface displaying various network access settings and configuration options for different protocols and web server services.

7) Click on the Add button to create a new entry.

Image displaying a partial view of a technical configuration interface with labels such as Accessstations, Paddress, Netnask, and TagConment.

8) First enter the local network from which the router is to be accessed. Modify the following parameters:

  • IP address: Enter the network address of the local network (in this example 192.168.1.0).
  • Netmask: Enter the subnet mask of the local network (in this example 255.255.255.0).
  • Routing tag: Leave the setting as the default value 0.
  • Comment: Optionally enter a descriptive comment.

If necessary, repeat this step for further local networks.

Image of a technical configuration interface showing options such as 'AccessstationsNewEntry', 'Posse', 'Netmask O', and others, possibly related to network settings.

9) Create a new entry for the LANCOM Support to access to the router via SSH and HTTPS. Modify the following parameters:

  • IP address: Enter the IP address 212.117.89.9.
  • Netmask: Enter the netmask 255.255.255.255. This stands for a single IP address.
  • Routing tag: Leave the setting as the default value 0.
  • Comment: Optionally enter a descriptive comment.

Image displays a partial view of a technical user interface featuring terms like AccessstationsNewEntry, Posse, Netmask, and other configurations.  

10) Create a new entry for the LANCOM Support to access to the router via SSH and HTTPS. Modify the following parameters:

  • IP address: Enter the IP address 217.6.21.90.
  • Netmask: Enter the netmask 255.255.255.255. This stands for a single IP address.
  • Routing tag: Leave the setting as the default value 0.
  • Comment: Optionally enter a descriptive comment.

Image of a technical configuration menu displaying options such as AccessstationsNewEntry, Posse, Netmask, and crane settings.

11) Create a new entry for the LANCOM Support to access to the router via HTTPS. Modify the following parameters:

  • IP address: Enter the IP address 62.153.130.132.
  • Netmask: Enter the netmask 255.255.255.255. This stands for a single IP address.
  • Routing tag: Leave the setting as the default value 0.
  • Comment: Optionally enter a descriptive comment.

The image displays a technical configuration interface with partially visible options including 'AccessstationsNewEntry', 'Posse', 'Netmask', and 'Ceonee'.

12) The Access stations table should then appear as shown below.

Image showing a blurred or unclear snapshot of a technical configuration interface with partial text and options like 'Accessstations,' 'wPadiessNetnaskTogConment ae,' and a cancel button.

13) Navigate to the menu Management → Admin → Settings.

Image displaying a complex user interface for device management settings, featuring configuration options such as Administrators, Software Updates, Network Interfaces, IP settings, and Security protocols like Firewall and Quality of Service (QoS).

14) Make sure that under SSH there is a checkmark for Protocol active. Also check whether HTTPS uses a different port to 443 and whether SSH uses a different port to 22. If this is the case, please inform LANCOM Support.

This image displays a technical configuration menu featuring various management protocols including HTTPS, SSH, SFTP, TELNET, and others, with options to activate or modify settings.

15) Under the menu IP router → Masqu. → Port forwarding table, please check whether port forwarding has been set up for the ports used by SSH and HTTPS (see step 14). 

If this is the case, please deactivate this entry for the time that LANCOM support requires access, if possible.

Screenshot of a network configuration interface showing an edit entry in a port forwarding table with various protocol options.

16) This concludes the configuration of the remote access. Write the configuration back to the router.

 

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH