Call Home is used to establish a northbound connection from a console server to Lighthouse, allowing it to be enrolled and managed.
This is useful where Lighthouse does not have a direct or consistent way to establish a southbound connection the console server – e.g. the console server is on a firewalled network, or is using cellular failover to switch dynamically between networks.
For a comprehensive overview of how Call Home works, see this article.
Note that these instructions are primarily useful for manually configuring a small number of console servers. For bulk console server provisioning including automatic Call Home, see this article.
First, if you have not already, set a Call Home password on Lighthouse.
Note: This password is only used in establishing new Call Home connections, and may be safely changed without disrupting existing Call Home connections.
- Login to the Lighthouse web UI as root
- Click Configure -> System Administration
- Enter and confirm a Call Home Password and click Apply
Next, setup the Call Home connection on the console server:
- Login to the console server's web UI as root or an admin user
- Click System -> Administration
- Scroll down, check Generate SSH keys automatically and Apply
- Check RSA Keys and Apply
- Click Serial & Network -> Call Home -> Add Call Home
- In Server Address, enter Lighthouse's IP address
- In Password, enter the Call Home Password
- Leave the Advanced fields blank to ensure the Call Home Listening Port is automatically allocated to a unique, unused port
- Click Apply, the Call Home registration process may take a minute or two to complete
- Note the allocated Call Home Listening Port and proceed with Lighthouse enrollment
Note: If your console server primarily accesses Lighthouse via an internal network but is configured to failover to a backup public WAN connection, Lighthouse may become inaccessible during failover. You may avoid this by accessing Lighthouse via an external port forward during both failover and fail forward (as per scenario #3 in this article), or by dynamically starting VPN on failover (as per this article).