Home
/
Lantronix
/
100-120 VAC SLB
/
User Manual

Lantronix 100-120 VAC SLB, User Manual, Page: 210 / 344

Share

Page: 210 / 344

Lantronix 100-120 VAC SLB User Manual Download Page 210

11: User Authentication

SLB™ Branch Office Manager User Guide

210

Similar to RADIUS, the main function of is to perform authentication for remote access.

The SLB branch office manager supports the protocol (not the older TACACS or

XTACACS protocols).
The system administrator can configure the SLB branch office manager to use to

authenticate users attempting to log in using the Web, Telnet, SSH, or the console port.
Users who are authenticated through Kerberos are granted device port access through the port

permissions on this page.
All users are members of a group that has predefined user rights associated with it.

You can add additional user rights that are not defined by the group.

Groups

This section describes how a

priv_lvl

assigned to a user can be mapped to a SLB

custom

, which will set the permissions and port rights for a user when they

login to the SLB.
users are typically configured to have a privilege level 0-15, with each level

representing a privilege level that is a superset of the next lower value. The privilege level can be

assigned to individual users, or to groups that the user is a member of. When the SLB

authenticates a user, it will first send an authentication request to the server,

and wait for an authentication reply. If the user is successfully authenticated, the SLB will next

send an authorization request to the server with the

Service

and optional

Protocol

.

The SLB will wait for an authorization response that will indicate if the user was successfully

authorized for the requested service and protocol, and also contains a set of attribute-value pairs

which define the attributes associated with the user.
The

priv_lvl

or

priv-lvl

is the only attribute sent from the server that the SLB will

recognize and utilize. The privilege level number will be used to map to a SLB custom user group

by finding a group with a name that ends in the same number as the

priv_lvl

. For example, a

SLB group called "admin15" will map to any users with

priv_lvl

equal to 15; a SLB

group called "manager8" will map to any users with

priv_lvl

equal to 8, and a SLB

group called "readonly0" will map to any users with

priv_lvl

equal to 0. If two SLB

groups ending with the same number exist, the SLB will select the first matching group it finds

while searching the group list; for consistency it is recommended that only one SLB group exist for

each

priv_lvl

.

When a user authenticates to the SLB, the Authentication Log will record any priv_lvl

attribute-value pair returned by the server:

Sep 21 15:44:38 2017 slc431d SLC-SLB/x15login[2839]:

pam_sm_authenticate: server returned attribute `PRIV_LVL=14'

Any

priv_lvl

obtained for a user can also be viewed at the CLI with the show user

command.

«
...
208
209
210
211
212
...
»

Summary of Contents for 100-120 VAC SLB

Page 1: ...Part Number 900 671 R Revision K April 2019 SLB Branch Office Manager User Guide 100 120 VAC 200 240 VAC ...

Page 2: ...neral Public License GPL as published by the Free Software Foundation FSF Lantronix grants you no right to receive source code to the Open Source software however in some cases rights and access to source code for certain Open Source software may be available directly from Lantronix licensors Upon request Lantronix will identify the Open Source components and the licenses that apply to them Your u...

Page 3: ... is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with this user guide may clause interference to radio communications Operation of this equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference at his own expense The user...

Page 4: ...12 which includes Support for custom Expect scripts that can be connected to the SLB CLI or a device port Web and SSH support for SHA2 and higher ConsoleFlow access timeout settings April 2019 K Updated to firmware revision 6 8 0 0RC8 which includes support for Tcl and Python custom scripts ...

Page 5: ..._____20 Integration with Other Secure Lantronix Products _____________________________20 Internal Temperature Sensor _____________________________________________21 Designed for Branch Offices and Similar Environments _________________________21 Typical Equipment _____________________________________________________22 Types of Business _____________________________________________________22 Benefi...

Page 6: ...__________________________________________________37 Connecting Devices to Power Outlets ______________________________________38 Typical Installations ________________________________________________________39 4 Quick Setup 41 Recommendations ________________________________________________________41 IP Address _______________________________________________________________41 Method 1 Using the F...

Page 7: ...__64 Fail Over Cellular Gateway Firmware _______________________________________64 Load Cellular Gateway Firmware Options ___________________________________64 Ethernet Counters _____________________________________________________64 Network Commands ____________________________________________________64 IP Filter _________________________________________________________________65 Viewing IP Filte...

Page 8: ... Network ___________________________________________________92 Troubleshooting Browser Issues ______________________________________________96 Web SSH Telnet Copy and Paste _________________________________________98 Secure Lantronix Network Commands ______________________________________98 Date and Time ____________________________________________________________99 Date and Time Commands ________...

Page 9: ..._____126 Email SNMP Traps ____________________________________________________126 Log Viewing Attributes _________________________________________________127 NFS File Logging _____________________________________________________128 USB Logging ________________________________________________________128 Syslog Logging _______________________________________________________128 Logging Commands _____...

Page 10: ..._____________________179 USB Commands ______________________________________________________179 10 Connections 180 Typical Setup Scenarios for the SLB _________________________________________180 Terminal Server ______________________________________________________180 Remote Access Server _________________________________________________181 Reverse Terminal Server ________________________________...

Page 11: ...___226 Internal Temperature __________________________________________________228 Site Information ______________________________________________________228 SLB Firmware ________________________________________________________228 Boot Banks __________________________________________________________229 Load Firmware Via Options _____________________________________________229 Configuration Manageme...

Page 12: ...__________________________________276 TACACS Commands ____________________________________________________277 User Permissions Commands _______________________________________________278 CLI Commands __________________________________________________________281 Connection Commands ____________________________________________________283 Console Port Commands ________________________________________...

Page 13: ...Commands ________________________________________________________328 System Log Commands ___________________________________________________329 USB Storage Commands __________________________________________________330 USB Modem Commands __________________________________________________331 Appendix A Bootloader 335 Accessing the Bootloader __________________________________________________335 Boo...

Page 14: ...ive Button Keypads Enter Up Down Left Right _____42 Figure 4 5 Quick Setup ___________________________________________________________47 Figure 4 6 Beginning of Quick Setup Script ____________________________________________49 Figure 4 7 Completed Quick Setup___________________________________________________50 Figure 5 1 Web Page Layout _______________________________________________________52 Fi...

Page 15: ...______________________135 Figure 8 13 Adding or Editing New Scripts ____________________________________________136 Figure 8 14 Devices Scripts Scheduler ____________________________________________138 Figure 8 15 Custom Scripts Operations _____________________________________________140 Figure 8 16 View Custom Script Results _____________________________________________141 Figure 8 21 Devices Sit...

Page 16: ...______________237 Figure 12 8 Diagnostics Report ____________________________________________________238 Figure 12 9 Maintenance Status Reports ___________________________________________239 Figure 12 10 Generated Status Reports______________________________________________240 Figure 12 11 Emailed Log or Report_________________________________________________242 Figure 12 12 Maintenance Events____...

Page 17: ...with Associated Parameters __________________________43 Table 5 2 Actions and Category Options _____________________________________________55 Table 6 9 Error Conditions _________________________________________________________81 Table 8 5 Port Status and Counters _________________________________________________120 Table 8 17 Definitions ___________________________________________________________...

Page 18: ...eb interface and include equivalent command line interface commands Chapter 6 Basic Parameters Provides instructions for configuring network ports firewall and routing settings and the date and time Chapter 7 Services Provides instructions for enabling and disabling system logging SSH and Telnet logins SNMP SMTP and the date and time Chapter 8 Device Ports Provides instructions for configuring glo...

Page 19: ...s adapter pinout diagrams Appendix D Protocol Glossary Lists the protocols supported by the SLB unit with brief descriptions Appendix E Compliance Information Provides information about the SLB device s compliance with industry standards Document Description SLB Branch Office Manager Quick Start Describes the steps for getting the SLB unit up and running SLB Branch Office Manager Online Help for t...

Page 20: ...ging monitoring and secure access control via the Internet Power Management Outlets for Power Connectivity 8 outlets for power connectivity Provides ability to control power individually to all attached equipment Provides on off reboot control Per port power consumption monitoring SLB882KIT 15P and SLB882KIT 20P outlets support NEMA 5 15P 5 20P plugs SLB8824KIT AP and SLB8824KIT EU outlets support...

Page 21: ...e IT equipment distributed among branch offices simply and cost effectively Branch offices are facilities that are typically remote or distributed IT locations likely located off site of corporate headquarters or large scale enterprise facilities These distributed facilities typically do not have an on site maintenance staff or IT System Administrator Typically the branch office environment has so...

Page 22: ...Insurance companies Healthcare Retail Sales Information Technology Education and campus style facilities Hospitality Manufacturing Facilities Base Station Control and Management Benefits The key benefits of using the SLB branch office manager Saves space Compact design merges the functionality of two solutions into a 1U rack solution reducing required rack space and total cost of ownership Saves m...

Page 23: ...interface Serial Device Ports Eight serial RS 232C EIA 232 device ports are for remote console management of the attached equipment These match the RJ45 pin outs of the console ports of many popular devices found in a network environment and where different can be converted using Lantronix adapters See the appendix Appendix C Adapters and Pinouts for more information on serial adapters and pin out...

Page 24: ... and Common Internet File System CIFS support for configuration files TCP Telnet or SSH to a serial port by IP address per port or by IP address and TCP port number Configurable user rights for local and remotely authenticated users Built in internal modem External USB modem and Flash Storage supported Sun break safe no unintentional break ever sent to attached servers Simultaneous access on the s...

Page 25: ...er management capability system administrators can remotely control the power on off reboot individually to all IT equipment in the branch office ensure safe power distribution and reduce in rush current overload If SNMP traps are enabled a trap alarm is sent if the total current for all outlets exceeds a threshold Device Port Buffer The SLB branch office manager supports real time data logging fo...

Page 26: ... an optional vSLM management appliance at the main office The branch offices are interconnected always on by VPN routers overlaid on the Internet and also interconnected on demand through the analog phone system The SLB unit provides remotely controlled and monitored AC power orange console management green and traditional wired telephone network PSTN access yellow ...

Page 27: ...port by means of the SLB web page or CLI optionally via the vSLM management appliance and checks the server s system parameters 3 If the server is not responsive on the console port commands the SLB to reboot the server s power 4 If the entire branch office loses IP connectivity dial in to the SLB to perform the diagnostic functions Hardware Features Caution To avoid physical and electrical hazard...

Page 28: ...l devices attached to the device ports and the console port must support the RS 232C EIA 232 standard Category 5 cabling with RJ45 connections is used for the device port connections and for the console port For pinout information see Adapters and Pinouts on page 338 Note RJ45 to DB9 DB25 adapters are available from Lantronix Device ports and the console port support the following baud rate option...

Page 29: ...network Use standard RJ45 terminated Category 5 cables Network parameters must be configured before the SLB branch office manager can be accessed over the network Note One possible use for the two Ethernet ports is to have one port on a private secure network and the other on a public unsecured network Figure 2 8 Network Connection USB Interface The SLB unit has a USB port Lantronix qualifies USB ...

Page 30: ...uration and control of the unit via dialing into the unit Caution To reduce the risk of fire use only No 26 AWG or larger e g 24 AWG UL Listed or CSA Certified Telecommunication Line Cord Attention Pour réduire les risques d incendie utiliser uniquement des conducteurs de télécommunications 26 AWG au de section supérleure Figure 2 10 Modem Interface ...

Page 31: ...69A Adapter DB9M DCE to RJ45 SGI Onyx 200 2070A Adapter DB9F DCE to RJ45 HP9000 SGI Origin IBM RS6000 and PC based Linux servers ADP010104 01 Adapter RJ45 rolled serial Cisco and Sun Netra Note The following optional adapters are available from Lantronix 200 2073 Adapter DB25M DTE to RJ45 external modems 200 2071 Adapter DB9M DTE to convert the RJ45 serial connector to a PC style D sub serial port...

Page 32: ...6A max input current Note The max input current is de rated to figures listed in Table 3 4 when using specified power cords Power Outlets 100 120 VAC SLB Model 8 NEMA5 20R outlets 100 120 VAC 50 60Hz 20A Branch Circuit 16A max per outlet 16A total Individual current sensor for monitoring power draw on each outlet Output power switchable via independent relay for each outlet 200 240 VAC SLB Model 8...

Page 33: ...rent rating marked on the SLB Install the SLB unit near an AC outlet that is easily accessible Always connect any equipment used with the product to properly wired and grounded power sources Dimensions 1U 1 7 in x 18 9 in x 12 4 in Weight 10 lb Temperature Operating 0 to 50 C 32 to 122 F Storage 20 to 70 C 4 to 158 F Relative Humidity Operating 10 to 90 non condensing Storage 10 to 90 non condensi...

Page 34: ...oid electric shock Disconnect downstream device power cables prior to servicing the downstream device Note The SLB branch office manager is intended for use in Single Phase systems Check nameplate ratings to assure there is no overloading of supply circuits that could affect over current protection and supply wiring Grounding 1 Maintain reliable grounding of this product 2 Pay particular attention...

Page 35: ... T Only connect device ports to equipment with serial ports that support EIA 232 formerly RS 232C Only connect the console port to equipment with serial ports that support EIA 232 formerly RS 232C Physical Installation To install the SLB branch office manager in a rack 1 Place the SLB unit in a 19 inch rack Warning Do not to block the air vents on the sides of the SLB device If you mount the SLB b...

Page 36: ...mation To connect to a device port 1 Connect one end of the Cat 5 cable to a device port on the SLB unit front panel 2 Connect the other end of the Cat 5 cable to a Lantronix serial console adapter Note To connect a device port to a Lantronix SLP power management use the ADP010104 adapter and a Cat5 patch cable between the adapter and the connected equipment See the appendix Adapters and Pinouts o...

Page 37: ...minal for Windows XP or lower For recent versions of Windows use a free terminal emulator such as PuTTY or TeraTerm Pro 4 Once the SLB branch office manager is running press Enter to establish connection You should see the model name and a login prompt on your terminal You are connected Connecting to the Internal Modem 1 Connect an RJ11 telecommunication cable to the modem port on the front of the...

Page 38: ...rce the power will be switched back from the secondary power source to the primary power source Both power sources must be on the same phase Using power from different phases will cause the relay to malfunction and possibly cause damage to the SLB Connecting Devices to Power Outlets To avoid the possibility of noise due to arcing 1 Keep the device s on off switch in the off position until after it...

Page 39: ...stallations Following are illustrations showing some typical ways to install the SLB branch office manager In Figure 3 10 three serial devices a server a Cisco switch and a firewall connect to the SLB unit s serial ports and power outlets This setup enables the SLB branch office manager to manage the devices and provide power to the devices In addition the SLB unit includes a built in modem for ou...

Page 40: ...e Manager User Guide 40 Figure 3 11 200 240 VAC SLB Installation Diagram The SLB device controls up to eight serial devices and provides power to them The devices use a separate user supplied Ethernet switch to connect to the network ...

Page 41: ...or generally provides the IP address and corresponding subnet mask and gateway The IP address must be within a valid range unique to your network and in the same subnet as your PC if you are using the DeviceInstaller utility The following table lists the options for assigning an IP address to your SLB branch office manager Table 4 1 Methods of Assigning an IP Address Method Description DHCP A DHCP...

Page 42: ...el display initially shows the hostname abbreviated to 14 letters total current level and state of the power supply When you click the right arrow keypad buttons the SLB network settings display Using the five keypad buttons you can change the network console port and date time settings and view the firmware release version If desired you can restore the factory defaults Note Have your information...

Page 43: ...de Up and down arrows Within edit mode to increase or decrease a numerical entry Right or left arrows Within edit mode to move the cursor right or left Enter To exit edit mode Up and down arrows To scroll up or down the list of parameters within an option e g from IP Address to Mask Left Right Arrow Network Settings Console Settings Date Time Settings Release Power Internal Temp User Strings Locat...

Page 44: ...o exit edit mode and then press the down arrow button The Subnet Mask parameter displays Note You must edit the IP address and the Subnet Mask together for a valid IP address combination 5 To save your entries for one or more parameters in the group press the right arrow button The Save Settings Yes No prompt displays Note If the prompt does not display make sure you are no longer in edit mode 6 U...

Page 45: ...t password is 999999 Note The Restore Factory Defaults password is only for the LCD You can change it at the command line interface using the admin keypad password command 5 Press Enter to exit edit mode If the password is valid a Save Settings Yes No prompt displays 6 To initiate the process for restoring factory defaults select Yes When the process is complete the SLB branch office manager reboo...

Page 46: ...age After the unit has an IP address you can use the Quick Setup page to configure the remaining network settings This page displays the first time you log into the SLB unit only Otherwise the SLB Home Page displays To complete the Quick Setup page 1 Open a web browser Firefox Chrome or Internet Explorer with JavaScript enabled 2 In the URL field type https followed by the IP address of your SLB N...

Page 47: ... Quick Setup settings checkbox in the top portion of the page and click the Apply button at the bottom of the page Otherwise continue with step 5 Note Once you click the Apply button on the Quick Setup page you can continue using the web interface to configure the SLB branch office manager further 5 Enter the following settings ...

Page 48: ... interfaces Ethernet or PPP Subnet Mask If specifying an IP address enter the subnet mask for the network on which the SLB device resides There is no default Default Gateway The IP address of the router for this network There is no default Hostname The default host name is slbXXXX where XXXX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit contiguou...

Page 49: ...ld be at the login prompt 2 Enter sysadmin as the user name and press Enter 3 Enter PASS as the password and press Enter The first time you log in the Quick Setup script runs automatically Normally the command prompt displays Figure 4 6 Beginning of Quick Setup Script Quick Setup will now step you through configuring a few basic settings The current settings are shown in brackets You can accept th...

Page 50: ... subnet mask specifies the network segment on which the SLB branch office manager resides There is no default If you selected DHCP or BOOTP this prompt does not display Default Gateway IP address of the router for this network There is no default Hostname The default host name is slbXXXX where XXXX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit co...

Page 51: ...er time zone UTC ____Date Time___________________________________________________________ The current time is Mon April 30 02 33 17 2018 Change the current time n ____Sysadmin Password___________________________________________________ Enter new password current password Quick Setup is now complete Next Step After completing quick setup on the SLB you may want to configure other settings You can u...

Page 52: ...face A web interface allows the system administrator and other authorized users to configure and manage the SLB unit using most web browsers Firefox Chrome or Internet Explorer with JavaScript enabled The SLB branch office manager provides a secure encrypted web interface over SSL secure sockets layer Note The web server listens for requests on the unencrypted HTTP port port 80 and redirects all r...

Page 53: ...SSH is enabled and if SSH is enabled for the device port Selecting the port and the Connected Device button allows access to supported devices such as SLP power managers and or SensorSoft temperature and humidity probes connected to the device port The red P1 P8 buttons enable you to select a power outlet and display the Devices Power Outlets page with the selected outlet s information highlighted...

Page 54: ...view detailed information about an SLB web page 1 Click the Help button to the right of any user interface page Online Help contents will appear in a new browser Command Line Interface A command line interface CLI is available for entering all the commands you can use with the SLB In this User Guide after each section of instructions for using the web interface you will find the equivalent CLI com...

Page 55: ...Out To log out of the SLB command line interface type logout and press Enter Command Syntax Commands have the following format action category parameter s where action is set show connect admin diag or logout category is a group of related parameters whose settings you want to configure or view Examples are ntp deviceport and network parameter s is one or more name value pairs in one of the follow...

Page 56: ...en connecting to the console port Use the left and right arrow keys to move within a command Use the up and down arrows to scroll through previously entered commands If desired select one and edit it You can scroll through up to 100 previous commands entered in the session To clear an IP address type 0 0 0 0 or to clear a non IP address value type CLEAR When the number of lines displayed by a comm...

Page 57: ...the terminal emulation screen for paging through text one screenful at a time if the SLB branch office manager cannot detect the size of the terminal automatically To show current CLI settings show cli To view the last 100 commands entered in the session show history To clear the command history set history clear To view the rights of the currently logged in user show user Note For information abo...

Page 58: ...ck Setup procedure you may update them here Requirements If you assign a different IP address from the current one it must be within a valid range unique to your network and with the same subnet mask as your workstation To configure the unit you need the following information Eth1 IP address ________ ________ ________ ________ Subnet mask ________ ________ ________ ________ Eth2 IP address optiona...

Page 59: ... Branch Office Manager User Guide 59 To enter settings for one or both network ports 1 Click the Network tab and select the Network Settings option The following page displays Figure 6 1 Network Network Settings top of page ...

Page 60: ...from BOOTP Lets a network node request configuration information from a BOOTP server node If you select this option skip to Gateway Specify Lets you manually assign a static IP address generally provided by the system administrator IP Address if specifying Enter an IP address that will be unique and valid on your network There is no default Enter all IP addresses in dot quad notation Do not use le...

Page 61: ...ssigning individual IP Addresses to Device Ports is not supported Enable IP Forwarding IP forwarding enables network traffic received on one interface Eth1 Eth2 or an external USB modem attached to the SLB branch office manager with an active PPP connection to be transferred out another interface any of the above The default behavior if IP forwarding is disabled is for network traffic to be receiv...

Page 62: ...uired Gateway acquired by DHCP for Eth1 or Eth2 View only GPRS Acquired Displays the IP address of the router if it has been automatically assigned by General Packet Radio Service GPRS View only Precedence Indicates whether the gateway acquired by DHCP or the default gateway takes precedence The default is DHCP Gateway If the DHCP Gateway is selected and both Eth1 and Eth2 are configured for DHCP ...

Page 63: ... required firmware version for Sierra Wireless ES450 is 4 9 2 When the SLB sends an updated configuration to the fail over device it is recommended to check the SLB syslog even if the SLB indicates that the update was successful Responses from the fail over device indicating that the device needs to be rebooted for configuration changes to take effect may also be in the syslog The configuration wi...

Page 64: ...rd Retype For the Sierra gateways the PIN number for the SIM card used by the gateway May have up to 8 characters SIM PUK Retype The Sierra gateway does not have this feature Update Firmware check box Select this option to update firmware on the Sierra gateway The Functional Firmware file and the Radio Firmware file will be transferred to the SLB using the method selected by the Load Firmware via ...

Page 65: ... upon the rules of that filter rule set The administrator uses the Network IP Filter page to view add edit delete and map IP filters Warning IP filters configuration is a feature for advanced users Adding and enabling IP filter sets incorrectly can disable your SLB Viewing IP Filters You can view a list of filters and a table showing how each filter is mapped to an interface To view a list of IP f...

Page 66: ...to enable all filters or clear the checkbox to disable all filters Disabled by default Packets Dropped Displays the number of data packets that the filter ignored did not respond to View only Packets Rejected Displays the number of data packets that the filter sent a rejected response to View only Test Timer Timer for testing IP Filter rulesets Select No to disable the timer Select Yes minutes 1 1...

Page 67: ...ers and hyphens only The name cannot start with a hyphen Example FILTER 2 IP Address es Specify a single IP address to act as a filter Example 172 19 220 64 this specific IP address only Subnet Mask Specify a subnet mask to act determine how much of the address should apply to the filter Example 255 255 255 255 to specify the whole address should apply Protocol From the drop down list select the t...

Page 68: ...t numbers to be tested An entry is required for TCP TCP New TCP Established and UDP and is not allowed for other protocols Separate multiple ports with commas Separate ranges of ports by colons Examples 22 filter on port 22 only 23 64 80 filter on ports 23 64 and 80 23 64 80 143 150 filter on ports 23 through 64 port 80 and ports 143 through 150 Action Select whether to Drop Reject or Accept commu...

Page 69: ... Device Port To map a rule set to a network interface 1 On the Network IP Filter page select the IP filter ruleset to be mapped 2 From the Interface drop down list select the interface and click the Map Ruleset button The Interface and rule set display in the IP Filter Mappings table To delete a mapping 1 On the Network IP Filter page select the mapping from the list and click the Delete Mapping b...

Page 70: ...tically Disabled by default RIP Version Select the RIP version The default is 2 Enable Static Routing Select to assign the routes manually The system administrator usually provides the routes Disabled by default To add a static route enter the IP Address Subnet Mask and Gateway for the route and click the Add Edit Route button The route displays in the Static Routes table You can add up to 64 stat...

Page 71: ...ts IPSec tunnels using Encapsulated Security Payload ESP The SLB branch office manager supports host to host net to net host to net and roaming user tunnels Note To allow VPN tunnel access if the SLB firewall is enabled traffic to UDP ports 500 and 4500 from the remote host should be allowed as well as protocol ESP from the remote host To complete the VPN page 1 Click the Network tab and select th...

Page 72: ...nicate via IPSec The first phase of the protocol authenticates the two hosts to each other and establishes the Internet Security Association Key Management Protocol Security Association ISAKMP SA The second phase of the protocol establishes the cryptographic parameters for protecting the data passed through the tunnel which is the IPSec Security Association IPSec SA The IPSec SA can periodically b...

Page 73: ...ey for Remote Host If RSA Public Key is selected for authentication enter the public key for the remote host Pre Shared Key If Pre Shared Key is selected for authentication enter the key Retype Pre Shared Key If Pre Shared Key is selected for authentication re enter the key Perfect Forward Secrecy When a new IPSec SA is negotiated after the IPSec SA lifetime expires a new Diffie Hellman key exchan...

Page 74: ...n the local SLB storage or an external USB thumb drive The number of operations that can be stored per probe on the local SLB storage is 50 operations for external USB thumb drive 200 operations can be stored per probe Responders The SLB can act as a responder for probes that require a responder to answer packets that are sent from the SLB UDP jitter UDP jitter VoIP UDP Echo and TCP Connect The SL...

Page 75: ...peration set files have been generated changing the repository will cause all of the existing files to be moved from the old repository directory to the new repository directory It is recommended that the repository only be changed when probes are not actively running If external storage is used for the repository it is recommended that the external storage device not be removed from the SLB while...

Page 76: ...for the selected probe State Restart Allows the state of a probe to be controlled the user can Restart a completed or running probe When a probe is added it will automatically start running depending on how the probe start time is configured Once a probe has run all of its configured operations it will be in the Complete state If the SLB is rebooted all probes will automatically be restarted Edit ...

Page 77: ...add a new probe or edit an existing probe 1 Click the Network tab and select the Perf Monitoring option The Network Perf Monitoring page displays 2 To add a new probe in the lower section of the page select the Add Probe link To edit an existing probe select a probe by clicking the radio button to the right right in the probe s row then select the Edit Probe button In both cases the following page...

Page 78: ...kets to send for each probe For DNS Lookup probes this is the number of lookups to perform For HTTP Get probes this is the number of HTTP Gets to perform For TCP Connect probes this is the number of TCP connections to perform The valid range is 1 1000 for the Local repository and 1 2000 for a USB The default is 10 packets Interval between Packets Interval between packets in milliseconds The valid ...

Page 79: ...default payload size will be used for the probes as follows ICMP Echo 56 bytes UDP Jitter VoIP G 729A 32 bytes UDP Jitter all others 64 bytes TCP Connect and UDP Echo 256 bytes Verify Data If enabled indicates that the SLB should verify if there is data corruption in the reply packets This parameter is only supported for ICMP Echo UDP Echo UDP Jitter and UDP Jitter VoIP probes Timeout How long the...

Page 80: ...ation udpjitter_170628_002049 dat Pkt Time Src To Dst Time Dst To Src Time Result 1 17 06 28 00 20 49 621 31029 usec 44191 usec OK 2 17 06 28 00 20 49 717 35409 usec 44170 usec OK 3 17 06 28 00 20 49 808 35558 usec 34120 usec OK 4 17 06 28 00 20 49 898 25500 usec 34175 usec OK 5 17 06 28 00 20 49 988 35210 usec 34196 usec OK 6 17 06 28 00 20 50 079 25517 usec 34177 usec OK 7 17 06 28 00 20 50 169 ...

Page 81: ...n Avg Max 1 7 20 msec Positive Number Of Sum of All Sum of All Squared 13 100 1090 msec Negative Min Avg Max 1 5 20 msec Negative Number Of Sum of All Sum of All Squared 17 96 1018 msec Jitter Destination to Source Number of Samples 49 Positive and Negative Min Avg Max 10 3 20 msec Positive Min Avg Max 10 12 20 msec Positive Number Of Sum of All Sum of All Squared 7 90 1300 msec Negative Min Avg M...

Page 82: ...t timed out a corrupted packet was received and was not detected Verify Data Error A response was received for a packet with payload data that does not match the expected data DNS Server Timeout A DNS lookup could not be completed because the SLB could not connect to the DNS name server DNS Lookup Error A DNS lookup failed the requested hostname could not be resolved This is not considered a proto...

Page 83: ... that the packet was sent The total round trip time for non jitter probes or the source to destination time and destination to source time for jitter probes and The status for the packet OK successful or an error condition For more information see Round Trip Times or Error Conditions Accumulated Results Displays the accumulated statistics for the selected operation in a separate window The results...

Page 84: ...s defined by RFC 1213 and a private enterprise MIB The private enterprise MIB provides read only access to all statistics and configurable items provided by the SLB unit It provides read write access to a select set of functions for controlling the SLB unit and device ports See the MIB definition file for details Identify a Simple Mail Transfer Protocol SMTP server Enable or disable SSH and Telnet...

Page 85: ...f the following alert levels from the drop down list for each message category Off Disables this type of logging Error Saves messages that are output because of an error Warning Saves message output from a condition that may be cause for concern in addition to error messages This is the default for all message types Info Saves informative message in addition to warning and error messages Debug Sav...

Page 86: ...t Include In System Log If enabled the contents of the audit log are added to the system log under the General Info category level Disabled by default Server IP address of your network s Simple Mail Transfer Protocol SMTP relay server Sender The email address of the sender of outgoing emails The strings host and domain can be part of the email address they will be substituted with the actual hostn...

Page 87: ...cause an idle connection to disconnect after a specified number of minutes Select Yes and enter a value of from 1 to 30 minutes Note You must reboot the unit before a change will take effect Escape Sequence A single character or a two character sequence that causes the SLB unit to terminate a Telnet client Currently the Escape Sequence is only used for Web Telnet sessions The default value is Esc ...

Page 88: ...ice Manager User Guide 88 SNMP Simple Network Management Protocol SNMP is a set of protocols for managing complex networks 1 Click the Services tab and select the SNMP option The following page displays Figure 7 2 Services SNMP ...

Page 89: ... 12 0 15 slbEventUSBAction 1 3 6 1 4 1 244 1 12 0 16 slbEventDevicePortError 1 3 6 1 4 1 244 1 12 0 17 slbEventNoDialToneAlarm 1 3 6 1 4 1 244 1 12 0 18 slbEventNetworkFailover 1 3 6 1 4 1 244 1 12 0 23 The SLC or SLB unit sends the traps to the host identified in the NMS 1 and NMS 2 field NMS 1 or 2 When SNMP is enabled an NMS Network Management System acts as a central server requesting and rece...

Page 90: ...essage Digest algorithm 5 default SHA Secure Hash Algorithm Encrypt with Encryption standard to use DES Data Encryption Standard default AES Advanced Encryption Standard User Name SNMP v3 is secure and requires user based authorization to access SLB MIB objects Enter a user ID The default is snmpuser Up to 20 characters Password Retype Password Password for a user with read only authority to use t...

Page 91: ...the SLB unit available for the logging file s You may also save SLB configurations on the network server Similarly use SMB CIFS Server Message Block Common Internet File System Microsoft s file sharing protocol to export a directory on the SLB branch office manager as an SMB CIFS share The SLB exports a single read write CIFS share called public with the subdirectory The config directory which con...

Page 92: ...ory in the format nfs_server_hostname or ipaddr exported path Local Directory The local directory on the SLB unit on which to mount the remote directory The SLB device creates the local directory automatically Read Write If enabled indicates that the SLB device can write files to the remote directory If you plan to log port data or save configurations to this directory you must enable this option ...

Page 93: ...nctionality see Web SSH Telnet Copy and Paste Figure 7 4 Services Secure Lantronix Network 2 Access your device or device port through any of the methods below To directly access the web interface for a secure Lantronix device 1 Make sure Web Telnet and Web SSH is enabled for the specific device or device port 2 Click the IP address of a specific secure Lantronix device to open a new browser page ...

Page 94: ...ld like to access If Web SSH and SSH to the CLI are enabled an SSH link will display and be accessible beside the specific port s Clicking this link will open a new Web SSH session If Web Telnet and Telnet to the CLI are enabled a Telnet link will display and be accessible beside the specific port s Clicking this link will open a new Web Telnet session If neither Web Telnet and or Web SSH are enab...

Page 95: ...ssion If enabled an SSH or Telnet popup window appears depending on what is clicked See Figure 7 6 b Disabled port numbers are in a dark green box and you will see a popup Figure 7 7 Disabled Port Number Popup Window 2 Click OK and login to the CLI interface which appears See Figure 7 6 To configure how secure Lantronix devices are searched for on the network 1 Click the Search Options link on the...

Page 96: ...b Telnet session These errors may be the standard browser error displayed for self signed or untrusted certificates There is a problem with this website s security certificate or Your connection is not private The SSL server that handles Web SSH and Web Telnet sessions is accessible on port 8000 instead of the standard port 443 for SSL connections It is recommended that the SLB be configured to us...

Page 97: ...nd when the SLB web server is using a self signed SSL certificate accepting the self signed SSL certificate in the browser for the primary SLB website will only accept the certificate for port 443 It will not accept the certificate for port 8000 This may result in a popup being displayed in the Web SSH or Web Telnet window indicating that the browser needs to accept a certificate To accept the sel...

Page 98: ...ss to the system clipboard The Web SSH and Web Telnet window provide copy and paste functionality via a right click menu the Copy option will copy what is highlighted in the Web SSH or Web Telnet window into an internal non system clipboard and the contents can be pasted into the Web SSH or Web Telnet window with the Paste Support for copying and pasting content between the system clipboard and th...

Page 99: ...e displays Figure 7 9 Services Date Time 2 Enter the following 3 To save click the Apply button To synchronize the SLB unit with a remote timeserver using NTP 1 Enter the following Change Date Time Select the checkbox to manually enter the date and time at the SLB s location Date From the drop down lists select the current month day and year Time From the drop down lists select the current hour an...

Page 100: ...Broadcast from NTP Server Enables the SLB branch office manager to accept time information periodically transmitted by the NTP server This is the default if you enable NTP Poll NTP Server Enables the SLB unit to query the NTP Server for the correct time If you select this option complete one of the following Local Select this option if the NTP servers are on a local network and enter the IP addres...

Page 101: ... sessions click the Web Sessions link To view import or reset the SSL Certificate click the SSL Certificate link Enable TLS v1 0 Protocol By default the web supports the TLS v1 0 protocol Uncheck this to disable the TLS v1 0 protocol Changing this option requires a reboot or restarting the web server with the CLI command admin web restart for the change to take effect Enable TLS v1 1 Protocol By d...

Page 102: ...erwise access will be denied Users authenticated via RADIUS may have a group or groups provided by the RADIUS server via the Filter Id attribute that overrides the group defined for a user on the SLB branch office manager A group provided by a remote server must be either a single group or multiple groups delimited by the characters comma semicolon or equals for example group group1 group2 or grou...

Page 103: ...Server page enables you to view and update SSL certificate information The SSL certificate consisting of a public private key pair used to encrypt HTTP data is associated with the web server You can import a site specific SSL certificate or generate a custom certificate if desired To view reset import or change an SSL Certificate 1 On the Services tab click the Web Server page and click the SSL Ce...

Page 104: ...SSL Certificate select the checkbox Unselected by default Import via From the drop down list select the method of importing the certificate SCP or SFTP The default is SCP Certificate Filename Filename of the certificate If HTTPS is selected as the method for import the Upload File link will be selectable to upload a certificate file Key Filename Filename of the private key for the certificate HTTP...

Page 105: ...r of Bits The number of bits to use when generating the certificate 2048 3072 or 4096 The default is 2048 Number of Days The number of days that the certificate can be used before it expires up to 7500 days Country Name The two letter country code for the custom certificate e g US or FR State or Province Name The state or province for the custom certificate e g California Must be at least 2 charac...

Page 106: ... display Registered with the date and time of registration Note that the Registered date time displayed in the SLC or SLB status may be different from the registered date time shown in the ConsoleFlow web UI The SLC or SLB registered date time is the most recent date and time that the SLC or SLB registered with the ConsoleFlow server The registered date and time shown in the ConsoleFlow web UI is ...

Page 107: ... check was performed If a firmware update is found it will be applied to the alternate non active boot bank and Status of Client will display Firmware updated with the date and time the firmware was updated If a configuration update is found it will be applied to the current boot bank and Status of Client will display Configuration restored with the date and time the configuration was restored To ...

Page 108: ...nloaded to the device and applied to the alternate boot bank Enabled by default Configuration Updates via ConsoleFlow If enabled configuration updates can be initiated by ConsoleFlow for the SLB The device will check for updates per the frequency defined by Interval between FW and Config Checks and if a configuration update is found the update will be downloaded to the device and applied to the cu...

Page 109: ...efaults to 443 Messaging Services Security If enabled TLS is used for messaging If Validate certificates with HTTPS is enabled for the Registration Host a certificate authority will be used to validate the HTTPS certificates used for TLS Enabled by default Remote Access CLI Timeout Remote Access CLI Connection will be idle timed out after a specified number of seconds as defined in the Seconds fie...

Page 110: ...lish a raw TCP connection to Eth1 IP address tcp port number or Eth2 IP address tcp port number where tcp port number is uniquely assigned for each device port 5 If a device port has an IP address assigned to it you can Telnet SSH or establish a raw TCP connection to the IP address For Telnet and SSH use the default TCP port number 23 and 22 respectively to connect to the device port For raw TCP u...

Page 111: ...us page displays the status of the SLB s ports USB port and power outlets 1 Click the Devices tab and select the Device Status option The following page displays Figure 8 1 Devices Device Status Global Port Settings On the Devices Device Ports page you can set up the numbering of Telnet SSH and TCP ports view a summary of current port modes establish the maximum number of direct connections for ea...

Page 112: ...ice Ports Settings on page 113 An external modem is connected to the port The user may dial into or out of the port Telnet in or SSH in is enabled for the device port The device port is either waiting for a Telnet or SSH login or has received a Telnet or SSH login a user has logged in Starting Telnet Port Each port is assigned a number for connecting via Telnet Enter a number 1025 65528 that repre...

Page 113: ...l ports and if the port connects to an external modem modem settings as well To open the Device Ports Settings page 1 You have two options In the Devices Device Ports page described in the previous section select the port from the ports list and click the Configure button Click the desired port number in the green bar Figure 8 3 at the top of any page and the following page appears Starting TCP Po...

Page 114: ...8 Device Ports SLB Branch Office Manager User Guide 114 Figure 8 4 Device Ports Settings ...

Page 115: ...acters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B View Port Log Seq The key sequence used to view the Port Log while in Connect Direct mode Non printing characters...

Page 116: ...falls in will be used For Telnet and SSH the default TCP port numbers 22 and 23 respectively are used to connect to the device port For raw TCP the TCP port number defined for TCP In to the device port is used Note If Ethernet Bonding is enabled assigning individual IP Addresses to Device Ports is not supported Note that the IP address will be bound to Eth1 only so if Eth2 is connected and configu...

Page 117: ...is currently in session and the DSR signal transitions to a de asserted state the connection disconnects immediately Disabled is the default unless dial in dial out or dial back is enabled for the device port State Indicates whether an external modem is attached to the device port If enabling set the modem to dial out dial in dial back dial on demand dial in host list or dial in dial on demand Dis...

Page 118: ...ne number the modem dials back on a fixed number or a number associated with their login If you select Fixed Number enter the number in the format 2123456789 The dial back number is also used for CBCP client as the number for a user defined number See Device Ports Settings on page 113 for more information Dial back Delay For dial back and CBCP Server the number of seconds between the dial in and d...

Page 119: ...s of the Local Users and any of the remote authentication methods that are enabled With CHAP the DOD CHAP Handshake fields authenticate the user DOD CHAP Handshake For DOD Authentication enter the Host User Name for UNIX systems or Secret User Password for Windows systems used for CHAP authentication May have up to 128 characters Enable NAT Select to enable Network Address Translation NAT for dial...

Page 120: ...in the middle of the page displays the flow control lines and port statistics for the device port The system automatically updates these values To reset them to zeros select the Zero port counters checkbox in the IP Settings section of the page Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page Table 8 5 Port ...

Page 121: ...yed by the SLP unit or ServerTech CDU device This will default to a typical prompt for an SLP power manager or ServerTech CDU If you are unable to control the SLP unit or ServerTech CDU device verify that the prompt is set to the right value Outlet Status Note If there is an SLP power manager and an SLP Expansion chassis the SLP unit is Tower A and the Expansion chassis is Tower B For Tower A or T...

Page 122: ...e Outlet and the number of the outlet to be controlled 1 8 for the SLP8 or 1 16 for the SLP16 devices and select the command for the outlet No Action Power On Power Off Cycle Power No Action is the default Dev Port Displays the number of the SLB port Device Port Name Displays the name of the SLB port Temp Current temperature degrees Celsius on the device the sensor is monitoring Low Temp Enter the...

Page 123: ...ce port to monitor and or interact with it or to establish an outbound network connection connect direct endpoint endpoint is one of deviceport Port or Name ssh IP Address port TCP Port SSH flags where SSH flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address port TCP Port udp IP Address port UDP Port hostlist Host List Note T...

Page 124: ...ogged locally to the SLB branch office manager is limited to 256 Kbytes and may be lost in the event of a power loss Data logged to a file on an NFS server does not have these limitations The system administrator can define the directory for saving logged data on a port by port basis and configure file size and number of files per port The directory path must be the local directory for one of the ...

Page 125: ...r defined number of characters in the log from your server or device is exceeded or a specific sequence of characters is received Use the Device Ports SLP Units on page 120 to set logging parameters on individual ports Sylogs Logging Data can be logged to the system log If this feature is enabled the data will appear in the Device Ports log under the Info level The log level for the Device Ports l...

Page 126: ...00 screens of I O data in a true FIFO buffer Disabled by default Clear Local Log Select the checkbox to clear the local log View Local Log Click this link to see the local log in text format Email Traps Select the checkbox to enable email and SNMP logging Email logging sends an email message to pre defined email addresses or an SNMP trap to the designated NMS see Chapter 7 Services on page 84 when...

Page 127: ... g recognizes the strings abcdg abceg abcfg The SLB device supports GNU regular expressions for more information see http www delorie com gnu docs regex regex html Email Delay A time limit of how long in seconds after the SLB branch office manager detects the trigger that the device port captures data before closing the log file with a fixed internal buffer maximum capacity of 1500 bytes and sendi...

Page 128: ...ectory must be a directory exported from an NFS server mounted on the SLB Specify the local directory path for the NFS mount Max Number of Files The maximum number of files to create to contain log data to the port These files keep a history of the data received from the port Once this limit is exceeded the oldest file is overwritten The default is 10 Max Size of Files The maximum allowable file s...

Page 129: ...at indicate that a byte of data has been transmitted From the drop down list select the number of stop bits The default is 1 Parity Parity checking is a rudimentary method of detecting simple single bit errors From the drop down list select the parity The default is none Flow Control A method of preventing buffer overflow and loss of data The available methods include none xon xoff software and RT...

Page 130: ... following page displays Note Clicking any of the red P1 through P8 buttons located at the top of each page displayed allows controlled configuration of the power outlets Group Access If undefined any group can access the console port If one or more groups are specified groups are delimited by the characters space comma or semicolon then any user who logs into the console port must be a member of ...

Page 131: ...8 Device Ports SLB Branch Office Manager User Guide 131 Figure 8 10 Devices Power Outlets ...

Page 132: ...tal current for all outlets exceeds a threshold Enter the number of amps measured in tenths of an amp above which the SLB unit sends a trap The maximum is 180 Note If the alarm goes off a warning message displays on the CLI Current Level for all Outlets Displays the total load carried by the outlets Outlet Displays the number of the outlet being configured Status Displays the current state of the ...

Page 133: ...he Delete Host List button To edit the selected host list follow the steps below beginning with step 5 To add a new host list follow the steps below beginning with proceed to step 4 4 To add a new host list first deselect any selected host list by clicking the Clear Host List button then proceed to step 5 5 Enter or modify host list settings Host List Settings Host List Id Displays after a host li...

Page 134: ...generation on Device Port output Batch Scripts which are a series of CLI commands Custom Scripts are Expect scripts that use most of the Expect scripting language can be run against the CLI or a Device Port and can be scheduled to run at periodic intervals with the results from each run saved to a file in a repository Up to 10 Custom Scripts can be created Each Custom Script run is an operation an...

Page 135: ...ypes of scripts see Batch Script Syntax Interface Script Syntax and Custom Script Syntax Example Custom Scripts for Expect Tcl and Python are provided The following versions are supported Expect 5 45 4 Tcl 8 6 8 and Python 3 6 7 For Python scripts the Pexpect module is supported All scripts have permissions associated with them a user who runs a script must have the permissions associated with the...

Page 136: ...ing Scripts Script Name A unique identifier for the script Type Select Interface for a script that utilizes Expect Tcl to perform pattern detection and action generation on Device Port output Select Batch for a script of CLI commands Select Custom for an Expect Tcl or Python script that can be run against a CLI session or a Device Port either manually or scheduled to run at periodic intervals ...

Page 137: ...se a script at the CLI below Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g SLP Spider SLC and SLB units on the local subnet Date Time Right to set the date and time Lo...

Page 138: ...the Rename Script button The script will be renamed and the Devices Scripts page redisplays To delete a script 1 In the Scripts table select the script to delete 2 Click the Delete Script button After a confirmation the script will be deleted and the Devices Scripts page redisplays To schedule a custom script 1 Click the Devices tab and select the Scripts option The Scripts page displays 2 In the ...

Page 139: ...te time and timezone not be changed while scripts are scheduled to run To change the Enable Disable state of a custom script schedule 1 In the Scripts table select the script to enable or disable 2 Click the Enable button this will resume running of a script at its next scheduled time if it was previously disabled or the Disable button this will suspend running of a script but continue to update t...

Page 140: ...e Custom Scripts Operations page displays with a list of any results that have been generated for a script in reverse date time order Figure 8 15 Custom Scripts Operations 3 Any of the results can be viewed by selecting the operation and clicking Script Results ...

Page 141: ...Custom Script Results To use a script at the CLI 1 To run an Interface Script or a Custom Script on a device port for pattern recognition and action generation use the connect script Script Name deviceport Device Port or Name command This action requires that a SLB user running the connect script command have Device Port Operations do rights and port permissions for the selected device port 2 To r...

Page 142: ...be typed at the CLI with the additions described in this section The sleep command suspends execution of the script puts it to sleep for the specified number of seconds Syntax sleep value The while command allows a loop containing CLI commands to be executed Syntax while Boolean expression CLI command 1 CLI command 2 CLI command n Note The closing left brace must be on a line without any other cha...

Page 143: ... include any characters including space characters If a double quote character is to be included in a quoted string it must be preceded escaped by a backslash character Variable Reference A word as defined above preceded by a dollar sign character CLI Command A quoted string containing a valid CLI show command Arithmetic Operator A single character representing a simple arithmetic operation The ch...

Page 144: ...ntax sleep value where value can be a word a quoted string or a variable reference exec The exec command executes a single CLI command Currently only CLI show commands may be executed via exec Syntax exec CLI command send send_user The send command sends output to a sub process The send_user command sends output to the standard output Both commands have the same syntax send string send_user string...

Page 145: ...tr 2 Determine if two strings are equal string first str needle str haystack Find and return the index of the first occurrence of str_needle in str_haystack string last str needle str haystack Find and return the index of the last occurrence of str_needle in str_haystack string length str Return the length of str string index str int Return the character located at position int in str string range...

Page 146: ...ill only be used in combination with the set command to produce the value for a variable Syntax timestamp format where format is a quoted string format The format command is analogous to the C language sprintf The format command will only be used in combination with the set command to produce the value for a variable Syntax format format string value 1 value 2 value n where format string will be a...

Page 147: ...on otherwise the script will be invalid 4 The script should include a spawn command to connect the script to either a SLB CLI session or a SLB Device Port session Refer to the following spawn command syntax if elseif and else The if command executes an associated block of commands if its Boolean expression evaluates to TRUE Each command within the block must be a Primary command Syntax if Boolean ...

Page 148: ... session subprocess Popen portsession p devicePort stdin subprocess PIPE stdout subprocess PIPE stderr subprocess PIPE It is recommended that scripts that spawn clisession only be used with the set script runcli command and not the connect script command and that scripts that spawn portsession only be used with the connect script command and not the set script runcli command 5 The script cannot co...

Page 149: ...g in or check for Command Prompt expect Did not capture ogin or Command Prompt timeout send_user Time out login r n return Got login prompt login send_user Logging in r n send login r expect timeout send_user Time out waiting for pwd prompt r n return Got password prompt password Send Password send pwd r expect timeout send_user Time out waiting for prompt r n return prompt Already Logged in got C...

Page 150: ..._Current Hostname Settings____________________________________________ Hostname slb251glenn Domain support int lantronix com slb251glen Device HOSTNAME SLB 251GLENN ________________________________________________________________________ Monitored Port Port 7 Monitor Interval Time 5 Seconds Current Time 21 16 43 show portcounter deviceport 7 n show portcounter deviceport 7 Device Port 7 Seconds si...

Page 151: ...rface Scripts______Group Permissions_____________________________ getslb Adm ad nt sv dt lu ra um dp pc rs fc dr sn wb sk po do Test Adm ad nt sv dt lu ra um dp pc rs fc dr sn wb sk po do monport Adm none ___Batch Scripts__________Group Permissions_____________________________ cli Adm ad nt sv dt lu ra um dp pc rs fc dr sn wb sk po do slb247glenn slb247glenn connect script monport deviceport 7 log...

Page 152: ..._____ Login Out logout Returning to command line slbvz249_glenn show script ___Interface Scripts______Group Permissions_____________________________ test3 Def do ___Batch Scripts__________Group Permissions_____________________________ test1 Adm ad nt sv dt lu ra um dp ub rs fc dr sn wb sk po do slbvz249_glenn Expect Custom Script SLB CLI Session An example of an Expect Custom Script that interacts...

Page 153: ...ion 2 set timeout 10 log_user 0 Wait for the first prompt set loggedIn false while loggedIn expect timeout myprint Timeout waiting to login abortSession 3 Need to specify username myprint Need to specify U abortSession 4 set loggedIn true exp_send n expect timeout myprint Timeout waiting for CLI prompt abortSession 3 re n r r set slbPrompt expect_out 1 string Run the temperature command exp_send s...

Page 154: ...rt expect Script to get the load of a ServerTech PDU outlet set pduPrompt set pduLoad unknown proc myprint str send_user str n proc abortSession err send_user Error err Terminating session n exit err set now clock seconds set date clock format now format D R myprint Load of ServerTech PDU outlet B1 at date spawn the port session on a device port if catch spawn noecho portsession p devicePort resul...

Page 155: ...ggedIn true Detect the prompt exp_send n expect are r n expect LOGIN r n expect REMOVE r n expect RESTART r n expect timeout myprint Timeout waiting for prompt abortSession 3 re r n r set pduPrompt expect_out 1 string Run the ostat command exp_send ostat b1 n expect Outlet Power r n expect ID Watts r n expect timeout myprint Timeout waiting for load abortSession 3 re B1 s S s S s S set pduLoad exp...

Page 156: ...Terminating session n exit err if argc 2 myprint Usage script_md_cisco exp TFTP Server Backup File Name abortSession 1 set tftp lindex argv 0 set configFile lindex argv 1 set enablePassword secret set timeout 10 set now clock seconds set date clock format now format D R myprint Backing up Cisco Server to tftp configFile at date spawn the port session on a device port if catch spawn noecho portsess...

Page 157: ...loggedIn true set passwordPrompt true send enable r set loggedIn true set execMode true Error r n send_user expect_out 0 string abortSession 5 timeout set cnt expr cnt 1 myprint Logged in send copy running config tftp tftp configFile r expect tftp send r expect configFile send r myprint Backup initiated expect myprint Successfully backed up timeout myprint Timeout waiting for backup to complete ab...

Page 158: ..._cli_radius py RADIUS server RADIUS secret sys exit 1 print Settings RADIUS server on SLC at end now datetime datetime now print now strftime Y m d H M server sys argv 1 secret sys argv 2 proc subprocess Popen clisession U sysadmin stdin subprocess PIPE stdout subprocess PIPE stderr subprocess PIPE wait for prompt while True output_str proc stdout readline if b list of commands in output_str proc ...

Page 159: ...returned s2 split n 0 proc stdin close proc terminate proc wait sys exit 1 print RADIUS settings updated and enabled proc stdin close proc terminate proc wait sys exit 0 Python Custom Script SLB CLI Session An example of a Python Custom Script that uses the Pexpect module to interact with the CLI session and the device ports to detect the prompt on any devices connected to the SLB and set the devi...

Page 160: ...umber SLC80 d r n Model Number SLB882 r n timeout 10 if i 0 Timeout print Timeout waiting to login p terminate True sys exit 1 elif i 1 EOF print Session unexpectedly terminated p terminate True sys exit 1 elif i 2 SLC8000 model number model p match group 1 numPorts int model elif i 3 SLB882 model number numPorts 8 elif i 4 prompt loggedIn True slcPrompt p match group 1 decode utf 8 if numPorts 0 ...

Page 161: ...ed and wait for the first prompt p sendline gotPrompt False slcDevice False cnt 1 while not gotPrompt i p expect pexpect TIMEOUT pexpect EOF login Error r n timeout 10 if i 0 Timeout cnt cnt 1 if cnt 3 print Timeout waiting to connect to DP devicePort p terminate True p wait break may need to send a CR to get prompt p send r elif i 1 EOF print portsession on DP devicePort unexpectedly terminated b...

Page 162: ...ort devicePort 1 pList append continue print Detected prompt devPrompt Strip characters not allowed in DP names devPromptStrip re sub 0 9A Za z _ devPrompt devPromptComplete devPromptStrip str devicePort pList append devPromptComplete p terminate True p wait devicePort devicePort 1 end of while devicePort numPorts Connect to the SLC CLI and set the device port names p pexpect spawn clisession U sy...

Page 163: ... if i 0 Timeout print Timeout waiting for response devicePort devicePort 1 Terminate the CLI session p sendline logout time sleep 500 p wait print Script completed sys exit 0 Tcl Custom Script SLB CLI Session An example of a Tcl Custom Script that interacts with a CLI session tcl Script to get the current internal temperature of the SLB Accepts one optional command line parameter for location set ...

Page 164: ...passed to clisession break if string first For a list of commands line 1 puts io n flush io if string first line 1 set loggedIn true if loggedIn exit 1 puts io show temp flush io set gotTemp false while gotTemp set len gets io line if string first Current Internal Temperature line 1 set slcTemp string range line expr string first line 1 end set gotTemp true puts Temperature slcTemp puts io logout ...

Page 165: ...e Use Sites for the modem Sites can be used with the following modem states dial in dial back CBCP Server dial on demand dial in dial on demand and dial back dial on demand For more information on how sites are used with each modem state see Modem Dialing States on page 167 Figure 8 21 Devices Sites To add a site 1 Click the Devices tab and select the Sites option The Sites page displays 2 In the ...

Page 166: ...atic Route IP Address Subnet Mask and Gateway must be configured for dial on demand sites The SLB device will automatically dial out and establish a PPP connection when IP traffic destined for the network specified by the static route needs to be sent Note Static Routing must be enabled on the Network Routing page for dial on demand connections Static Route Subnet Mask The subnet mask for a dial o...

Page 167: ...ee Sites Dial In The SLB unit waits for a peer to call the SLB device to establish a text command line or PPP connection For text connections the user will be prompted for a login and password and will be authenticated via the currently enabled authentication methods Local Users NIS LDAP etc Once authenticated a CLI session will be initiated and the user will remain connected to the Dial back Retr...

Page 168: ...ce authenticated the SLB unit will use the Dial back Number configured for the modem either a fixed number assigned to the modem or a number associated with the user that was authenticated the user must have Allow Dial back enabled and a Dial back Number defined If the SLB device can determine a dial back number to use it will hang up and wait Dial back Delay seconds before initiating the dial bac...

Page 169: ...ress it must be configured with a Local IP and a Remote IP as the PPP connection will be established when it sees IP traffic destined for the Remote IP For Dial in the user will be authenticated via PAP or CHAP configured with the Authentication setting For PAP the Local Remote list will be used to authenticate the login and password sent by the PPP peer For CHAP the CHAP Handshake Host User Name ...

Page 170: ... seconds Once the timeout has expired the PPP connection will be terminated and will not be reestablished for at least Restart Delay seconds Dial In Host List The SLBwaits for a peer to call and establishes a text command line connection to the first host in a Host List that connects A host list of a prioritized list of SSH Telnet or raw TCP hosts to connect to If Authentication is enabled for the...

Page 171: ... to a CBCP server establish a PPP connection negotiate a callback number with the server using CBCP terminate the connection and wait for the server to call back The SLB device dials the Dial out Number and if the remote peer requests PAP or CHAP authentication provides the Remote Dial out Login and Remote Dial out Password as authentication tokens Once authenticated the CBCP handshake with the se...

Page 172: ...mware and Configuration Files Set Up of USB Storage The Devices USB page has an USB Access checkbox USB Access is a security feature ensures that access to any USB device is disabled if the box is unchecked The SLB unit ignores any USB device plugged into the port To set up USB storage in the SLB device perform the following steps 1 Insert any of the supported thumb drives into the USB port on the...

Page 173: ...U2 is selected Mount Enables the first partition of the USB device if not currently mounted Once mounted a device is used for device port logging and saving restoring configurations Unmount Enables ejecting the USB device Warning If you eject a USB device from the SLB branch office manager without unmounting it subsequent mounts may fail and you will need to reboot the SLB unit to restore the func...

Page 174: ...9 USB Port SLB Branch Office Manager User Guide 174 Figure 9 3 Devices USB Modem ...

Page 175: ...own list select the number of stop bits The default is 1 Flow Control A method of preventing buffer overflow and loss of data The available methods include none xon xoff software and RTS CTS hardware The default is none Dial out Mode Select either GPRS or GSM Global System for Mobile communication as the type of dial out connection PIN Enter PIN personal identification number for accessing the GSM...

Page 176: ...e characters space comma semicolon or equals for example group group1 group2 or group1 group2 group3 Initialization Script Commands sent to configure the modem may have up to 100 characters Consult your modem s documentation for recommended initialization options If you do not specify an initialization script the SLB device uses a default initialization string of AT S7 45 SO 0 L1 V1 X4 D2 c1 E1 Q0...

Page 177: ...the SLB device or the modem have fixed IP addresses select No and enter the Local IP IP address of the port and Remote IP IP address of the modem Authentication Enables PAP or CHAP authentication for modem logins PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the CHAP Handshake fields authentic...

Page 178: ...30 seconds CBCP Server Allow No Callback For CBCP Server state allows No Callback as an option in the CBCP handshake in addition to User defined Number and Admin defined Number CBCP Client Type For CBCP Client this selects the number that the client would like to use for callback either a user defined number passed to the server specified by the Fixed Dial back Number or an administrator defined n...

Page 179: ...of the page shown in Figure 9 4 are the Delete Download and Rename options 2 To delete a file click the check box next to the filename and click Delete File A confirmation message displays 3 To download a file click the Download File button Select the file from the list 4 To rename a file click the check box next to the filename and enter a new name in the New File Name field 5 Click Rename File U...

Page 180: ...y These connections are always re established after reboot At a specified date and time These connections connect if the date and time have already passed After a specified amount of data or a specified sequence of data passes through the connection Following reboot the connection is not reestablished until the specified data passes through the connection Typical Setup Scenarios for the SLB Follow...

Page 181: ...ice and connect to the command line interface Figure 10 2 Remote Access Server Reverse Terminal Server In this scenario the SLB branch office manager has one or more device ports connected to one or more serial ports of a mainframe server Users can access a terminal session by establishing a Telnet or SSH session to the SLB unit To configure the SLB device select the Enable Telnet In or Enable SSH...

Page 182: ...uld like to manage To manage a specific piece of equipment the user can Telnet or SSH to a specific port or IP address on the SLB unit and be connected directly to the console port of the end server or device To configure this setup set the Enable Telnet In or Enable SSH In option on the Device Ports Settings page for the device port in question The user can implement an extra remote management ca...

Page 183: ...o for no timeout Yes for a timeout Specify the number of seconds in the seconds field Port The number of the device port you are connecting This device port must be connected to an external serial device and must not have command line interface logins enabled be connected to a modem or be running a loopback test Note To see the current settings for this device port click the Settings link Data Flo...

Page 184: ...or all other options this is the TCP UDP port number which is optional for Telnet out and SSH out but required for TCP Port and UDP Port Note If you select Device Port it must not have command line interface logins enabled or be running a loopback test To view the device port s settings click the Settings link to the right of the port number SSH Out Options Select one of the following optional fla...

Page 185: ... connection and click the Restart button 6 To view information about Web connections click the here link in the text above the table The Maintenance Firmware Configurations page displays Connection Commands Go to Connection Commands on page 283 to view CLI commands which correspond to the web page entries described above ...

Page 186: ...ser sysadmin account is always available for login For security purposes full administrative access to the SLB via the default sysadmin local user account can be limited to only the front console port of the SLB device See Limiting Sysadmin User Access on page 45 Authentication can occur using all methods in the order of precedence until a successful authentication is obtained or using only the fi...

Page 187: ... the client server model and the Remote Procedure Call RPC interface for communication between hosts NIS consists of a server a library of client programs and some administrative tools NIS is often used with the Network File System NFS LDAP Lightweight Directory Access Protocol A set of protocols for accessing information directories specifically X 500 based directory services LDAP runs over TCP I...

Page 188: ...ilable clear the check box 6 Click Apply Now that you have enabled one or more authentication methods you must configure them Authentication Commands Go to Authentication Commands on page 267 to view CLI commands which correspond to the web page entries described above Kerberos Kerberos is a network authentication protocol that enables two parties to exchange private information across an unprotec...

Page 189: ... and describing all local and remote users To enable local and or remote users 2 Enter the following Enable Local Users Select to enable all local users except sysadmin The sysadmin is always available regardless of how you set the check box Enabled by default Multiple Sysadmin Web Logins Select to allow the sysadmin to have multiple simultaneous logins to the web interface Disabled by default Sys...

Page 190: ...users to continue to reuse old passwords If you disable the check box they cannot use any of the Reuse History number of passwords Enabled by default Reuse History The number of passwords the user must use before reusing an old password The default is 4 For example if you set reuse history to 4 the user may reuse an old password after using 4 other passwords Password Lifetime days The number of da...

Page 191: ...a user To add a user 1 On the User Authentication Local Remote Users click the Add Edit User button The User Authentication Local Remote User Settings page displays Figure 11 3 User Authentication Local Remote User Settings 2 Enter the following information for the user Login User ID of selected user Authentication Select the type of authenticated user Local User listed in the SLB database Remote ...

Page 192: ...eractive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp Break...

Page 193: ...as all possible rights Custom Group Select a custom group from the drop down menu Full Administrative Right to perform any function on the SLB Networking Right to enter network and routing settings Services Right to enable and disable system and audit logging SSH and Telnet logins SNMP and SMTP Includes NFS and CIFS Secure Lantronix Network Right to view and manage secure Lantronix units e g SLP S...

Page 194: ...page select sysadmin and click the Add Edit User button The Local Remote User Settings page displays 2 Enter the new password in the Password and Retype Password fields Note You can change Escape Sequence and Break Sequence if desired You cannot delete the UID or change the UID port permissions or custom menu 3 Click the Apply button Local Users Commands Go to Local Users Commands on page 271 to v...

Page 195: ...ods page If you want to set up this authentication method but not enable it immediately clear the checkbox Note You can enable NIS here or on the first User Authentication page If you enable NIS here it automatically displays at the end of the order of precedence on the User Authentication page NIS Domain The NIS domain of the SLB branch office manager must be the same as the NIS domain of the NIS...

Page 196: ...user Dial Back on page 168 Users with dial back access can dial into the SLB branch office manager and enter their login and password Once the SLB device authenticates them the modem hangs up and dials them back Disabled by default Dial back Number The phone number the modem dials back on depends on this setting for the device port The user is either dialed back on a fixed number or on a number th...

Page 197: ...members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for NIS users Web Access Right to access...

Page 198: ...n tab and select LDAP The following page displays Figure 11 5 User Authentication LDAP 2 Enter the following Enable LDAP Displays selected if you enabled this method on the first User Authentication page If you want to set up this authentication method but not enable it immediately clear the checkbox Server The IP address or host name of the LDAP server ...

Page 199: ...B device will use posixGroup For AD LDAP servers the objectclass for groups is typically Group Group Member Attribute The attribute used by the LDAP server for group membership This attribute may be use to search for a name ie msmith or a Distinguished Name ie uid msmith ou People dc lantronix dc com Select either Name or DN as appropriate for the LDAP server If nothing is specified for the group ...

Page 200: ... to LDAP users See Custom Menus on page 223 Escape Sequence A single character or a two character sequence that causes the SLB branch office manager to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by...

Page 201: ... system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g SLP Spider and SLB units on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to...

Page 202: ...h RADIUS are granted device port access through the port permissions on this page All RADIUS users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLB branch office manager to use RADIUS to authenticate users 1 Click the User Authentication tab and select RADIUS The following page displa...

Page 203: ...ed secret between a RADIUS client and the server SLB The shared secret is used to encrypt a password sent between the client and the server May have up to 128 characters Timeout The number of seconds 1 30 after which the connection attempt times out The default is 30 seconds Use VSA Select the check box to obtain remote user attributes group permissions and port access from the RADIUS server via t...

Page 204: ...oot Shutdown and Diagnostics Reports Administrators This group has all possible rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g SLP Spider and SLB units on the lo...

Page 205: ...e list of port buffers the user has the right to clear outlet Outlet port access The value string is the list of SLB outlets the user has rights for group User group Valid values for the value string are default power and admin escseq Escape sequence The value string specifies the user s escape sequence Use x to specify non printable characters For example x1bA specifies the sequence ESC A brkseq ...

Page 206: ...IBUTE Lantronix User Attributes 1 string END VENDOR Lantronix Once this is complete the users file can be updated to include the Lantronix VSA for any user myuser Auth Type Local User Password myuser_pwd Reply Message Hello u Lantronix User Attributes data 1 4 listen 1 6 clear 1 4 group power ...

Page 207: ...g to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions on this page All Kerberos users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLB unit to use Kerberos to authenticate users...

Page 208: ...DIUS users Escape Sequence A single character or a two character sequence that causes the SLB unit to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate th...

Page 209: ...ble and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g SLP Spider and SLB units on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SS...

Page 210: ...ation reply If the user is successfully authenticated the SLB will next send an authorization request to the TACACS server with the Service and optional Protocol The SLB will wait for an authorization response that will indicate if the user was successfully authorized for the requested service and protocol and also contains a set of attribute value pairs which define the attributes associated with...

Page 211: ...t not enable it immediately clear the checkbox You can enable TACACS here or on the first User Authentication page If you enable TACACS here it automatically displays at the end of the order of precedence on the User Authentication page TACACS Servers 1 3 IP address or host name of up to three TACACS servers Secret Retype Secret Shared secret for message encryption between the SLB branch office ma...

Page 212: ...ence A single character or a two character sequence that causes the SLB unit to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct comma...

Page 213: ...e and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g SLP Spider and SLB units on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH ...

Page 214: ...ing a LDAP server for groups that a LDAP user is a member of if any of the LDAP group names match a Custom Group Name the LDAP user will be granted the rights of the custom group A custom group cannot be given the name of one of the pre defined groups Admin Power or Default or any version of these names where the case of the letters is different since these names are used for the SLB pre defined g...

Page 215: ...LB models with an internal modem U2 denotes the internal modem Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Access Outlets The power outlets users may monitor and configure SLB only Enable for Dial back Select to grant a user Users with dial back access can dial into the SLB unit and enter their login and password Once the SLB device authentic...

Page 216: ... followed by a B Custom Menu If custom menus have been created you can assign a default custom menu to the group See Custom Menus for more information Display Menu at Login Check the checkbox to display the menu at login Full Administrative Right to add update and delete all editable fields Networking Right to enter network settings Services Right to enable and disable system logging SSH and Telne...

Page 217: ...ith site specific host keys or reset them to the default values Imported Keys Imported SSH keys must be associated with an SLB local user The key can be generated on host MyHost for user MyUser and when the key is imported into the SLB it must be associated with either MyUser if MyUser is an existing SLB local user or an alternate SLB local user The public key file can be imported via SCP or FTP o...

Page 218: ...ice Manager User Guide 218 To configure the SLB unit to use SSH keys to authenticate users 1 From the main menu select User Authentication SSH Keys The following page displays Figure 11 10 User Authentication SSH Keys 2 Enter the following ...

Page 219: ...or example mykey pub May contain multiple keys Host IP address of the remote server from which to SCP or FTP the public key file Path Optional pathname to the public key file Login User ID to use to SCP or FTP the file Password Retype Password Password to use to SCP or FTP the file Export Enables you to export created public keys Select one of the following New Key for User Enables you to create a...

Page 220: ...e key click the Delete button To view reset or import SSH RSA1 RSA And DSA host keys 1 On the User Authentication SSH Keys page click the SSH Server Host Keys link at the top right The following page displays the current host keys In the example below the current keys are the defaults Export via Select the method SCP FTP HTTPS or Copy Paste of exporting the key to the remote server Copy Paste the ...

Page 221: ...r more checkboxes to reset defaults for RSA1 RSA or DSA keys All checkboxes are unselected by default Import Host Key To import a site specific host key select the checkbox Unselected by default Type From the drop down list select the type of host key to import Import via From the drop down list select the method of importing the host key SCP or SFTP The default is SCP Public Key Filename Filename...

Page 222: ...Commands Go to SSH Key Commands on page 325 to view CLI commands which correspond to the web page entries described above Private Key Filename Filename of the private host key Host Host name or IPaddress of the host from which to import the key Path Path of the directory where the host key will be stored Login User ID to use to SCP or SFTP the file Password Retype Password Password to use to SCP o...

Page 223: ...can be displayed in the menu instead of the command The commands showmenu Menu Name and returnmenu can be entered to display another menu from a menu or to return to the prior menu The command returncli can be used to break out of a menu and return to the regular CLI To add a custom menu 1 Click the User Authentication tab and select the Custom Menus option The Custom Menus page displays Figure 11...

Page 224: ... nickname in the list 4 To add more commands to the custom menu repeat step 3 5 You also have the following options To edit a command nickname in the custom menu select the command in the Commands Nicknames List box and select the left arrow button Change the command and or the nickname and with the same command still selected in the list select the right arrow button To remove a command nickname ...

Page 225: ...k the Delete Custom Menu button To create a new custom menu from an existing custom menu 1 Select the custom menu in the Custom Menus table 2 Enter a name for the new menu in the New Menu Name field 3 Click the Copy Custom Menu button Custom User Menu Commands Go to Custom User Menu Commands on page 287 to view CLI commands which correspond to the web page entries described above ...

Page 226: ... TFTP Zero Touch Provisioning Set up the location or method that will be used to save or restore configurations default FTP SFTP NFS CIFS or USB Update the version of the firmware running on the SLB Save a snapshot of all settings on the SLB unit save a configuration Restore the configuration either to a previously saved configuration or to the factory defaults For dual boot SLB units view the fir...

Page 227: ...12 Maintenance SLB Branch Office Manager User Guide 227 Figure 12 1 Maintenance Firmware Configurations ...

Page 228: ...he default for these fields is 1 Data Center Rack Cluster Set these fields to define the rack cluster the SLB device is located within a large data center The default for these fields is 1 Data Center Rack Set these fields to define the rack the SLB unit is located within a large data center The default for these fields is 1 Site Tag Tag or description used to identify the location or some other a...

Page 229: ... the current bank to the bank being updated The two numbers are automatically generated so that the first number is the current bank Copy contents of Bank 1 to Bank 2 If checked enables you to copy the current boot bank to the alternate boot bank This process takes a few minutes to complete High Resolution Timers Enables or disables timers with a high degree of accuracy High resolution timers are ...

Page 230: ... part of the current configuration you want to keep for example Networking Services or Device Ports Configuration Name to Save To or Restore From If you selected to save or restore a configuration enter a name for the configuration file up to 12 characters Location for Save Restore or Manage If you selected to save or restore a configuration select one of the following options Local Disk Saved Con...

Page 231: ... the Boot Filename from the TFTP Server it will restore the configuration onto the SLB and begin the normal startup process If any of these steps fail for the Eth1 network port it will repeat the process of trying to acquire a configuration over the Eth2 network port After attempting to acquire a configuration over the Eth2 network port the unit will begin the normal startup process Any results of...

Page 232: ...and click the Rename File button Administrative Commands These commands for the command line interface correspond to the web page entries described above System Logs The Maintenance System Logs page allows you to view various system logs See Chapter 7 Services on page 84 for more information about system logs You can also clear logs on this page To view system logs 1 Click the Maintenance tab and ...

Page 233: ...rvices Authentication Device Ports Diagnostics General Software Level Select the alert level you want to view for the selected log Error Warning Info Debug Starting at Select the starting point of the range you want to view Beginning of Log to view the log from the earliest available beginning time and date Date to view the log starting from a specific starting date and time Ending at Select the e...

Page 234: ... to System Log Commands on page 329 to view CLI commands which correspond to the web page entries described above Audit Log The Maintenance Audit Log page displays a log of all actions that have changed the configuration of the SLB The audit log is disabled by default Use the Services SSH Telnet Logging page Chapter 7 Services to enable the audit log and to configure its maximum size Each entry in...

Page 235: ...ick the Sort by User button To sort by command action click the Command button 3 To email this log follow the instructions in Emailing Logs and Reports on page 241 4 To clear the log click the Clear Log button 5 To freeze or stop automatic refreshing of the log click the Stop Refresh button Email Log The Maintenance Email Log page displays a log of all attempted emails The log file can be cleared ...

Page 236: ...SLB Branch Office Manager User Guide 236 Figure 12 6 Maintenance Email Log 2 To email this log follow the instructions in Emailing Logs and Reports on page 241 3 To clear the log click the Clear Log button Diagnostics ...

Page 237: ... want to run or select All to run them all ARP Table Address Resolution Protocol ARP table used to view the IP address to hardware address mapping Netstat Displays network connections If you select the checkbox select the TCP or UDP protocol or select All for both protocols to control the output of the Netstat report Host Lookup Select to verify that the SLB branch office manager can resolve the h...

Page 238: ...e number of times the string is sent may or may not be equal to the number of packets sent because TCP controls how data is packetized and sent out Enter the following Protocol Select the type of packet to send TCP or UDP Hostname Specify a host name or IPaddress of the host to send the packet to Port Specify a TCP or UDP port number of the host to send the packet to String Enter a set of up to 64...

Page 239: ... reload the web page 1 Click the Maintenance tab and select the Status Reports option The following page displays Figure 12 9 Maintenance Status Reports The top half of the page displays the status of each port power supply and power outlet Green indicates that the port connection or power supply is active and functioning correctly Red indicates an error or failure or that the device is off 2 Sele...

Page 240: ... statistics related to the flow of data through each device port IP Routes Displays the routing table Connections Displays all active connections for the SLB Telnet SSH TCP UDP device port and modem System Configuration Complete Displays a complete snapshot of the SLB settings System Configuration Basic Displays a snapshot of the SLB s basic settings for example network date time routing services ...

Page 241: ... Technical Support directly from the log page System Log i e Figure 12 4 Audit Log i e Figure 12 5 Email Log i e Figure 12 6 Diagnostic Reports i e Figure 12 8 Status Reports i e Figure 12 10 To email a log to an individual 1 In the Comment field of a particular log or report page enter a comment if desired 2 Select the to field beside the empty field where you then enter the person s email addres...

Page 242: ...uide 242 Figure 12 11 Emailed Log or Report Events On this Maintenance Events page you can define what action you want to take for events that may occur in the SLB 1 Click the Maintenance tab and select the Events option The following page displays ...

Page 243: ...n be writing an entry into the syslog with details of the event or sending the trap s to the Ethernet or modem connection Ethernet For actions that require an Ethernet connection for example Forward All Traps to Ethernet select the Ethernet port to use Modem Connection on For actions that require a modem connection for example Forward All Traps to a Modem Connection select which device port or USB...

Page 244: ... associated with the LCD can also be configured The types of screens include current time network settings console settings date and time release version location and custom user strings Enabling the Auto Scroll LCD Screens option enables scrolling through the screens and pausing the number of seconds specified by the Scroll Delay between each screen After any input to the keypad the LCD waits unt...

Page 245: ...ce 1 Select a screen to be removed from the Enabled Screens and click the button The screen moves to the Disabled Screens list to the right 2 Select a screen to be added from the Disabled Screens list and click the button The screen is added to the Enabled Screens to the left 3 Select a screen in the Enabled Screens list and click the or button to change the order of the screens Note The User Stri...

Page 246: ...nd select Banners option Figure 12 14 Maintenance Banners 2 Enter the following fields Keypad Locked Select this to lock out any input to the keypad The default is for the keypad to be unlocked Restore FactoryDefaults Password Retype Password Enter the 6 digit key sequence entered at the keypad to restore the SLB unit to factory defaults The default is 999999 Welcome Banner The text to display on ...

Page 247: ...ted Default is blank Note To create more lines use the n character sequence Logout Banner The text to display on the command line interface after the user logs out May contain up to 1024 characters Single quote and double quote characters are not supported Default is blank Note To create more lines use the n character sequence SSH Banner The text to display when a user logs into the SLB unit via S...

Page 248: ...nfiguration This chapter includes three typical scenarios for using the SLB unit The scenarios assume that the SLB device is connected to the network and has already been assigned an IP address In the examples we use the command line interface You can do the same things using the web page interface except for directly interacting with the SLB unit direct command Telnet SSH to a Remote Device The f...

Page 249: ...isabled USB Logging disabled Email Logging disabled Log to upper slot Byte Threshold 100 Max number of files 10 Email Delay 60 seconds Max size of files 2048 Restart Delay 60 seconds Email To none Email Subject Port d Logging Email String none NFS File Logging disabled Directory to log to none Max number of files 10 Max size of files 2048 2 Change the baud to 57600 and disable flow control SLB set...

Page 250: ...or dial in SLB set deviceport port 1 modemmode text Device Port settings successfully updated SLB set deviceport port 1 initscript AT F K3 C1 D2 C0A Device Port settings successfully updated SLB set deviceport port 1 auth pap Device Port settings successfully updated SLB set deviceport port 1 localsecret password Device Port settings successfully updated SLB set deviceport port 1 modemstate dialin...

Page 251: ...device port and an outbound Telnet session users can access the Sun server as though they were directly connected to it See Chapter 10 Connections on page 180 Figure 13 4 Local Serial Connection to Network Device via Telnet In this example the sysadmin would 1 Display the current settings for device port 2 SLB show deviceport port 2 ___Current Device Port Settings__________________________________...

Page 252: ...serial settings for the vt100 terminal changes baud to 57600 and disables flow control SLB set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated 3 Create a connection between the vt100 terminal connected to device port 2 and an outbound telnet session to the server The IP address of the server is 192 168 1 1 SLB connect bidirection 2 telnet 192 168 1 1 Connect...

Page 253: ...pecify one of the values aa or bb separated by a vertical line The values are in all lowercase and must be entered exactly as shown Bold indicates a default value parameter name Value User must specify an appropriate value for example an IP address The parameter values are in mixed case Square brackets indicate optional parameters Action Category set auth cflow cifs cli command consoleport datetim...

Page 254: ...istake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port Use the left and right arrow keys to move within a command Use the up and down arrows to scroll through previously entered commands If desired select one and edit i...

Page 255: ...ontrol k erase from cursor to end of the line Administrative Commands admin banner login Syntax admin banner login Banner Text Description Configures the banner displayed after the user logs in Note To go to the next line type n and press Enter admin banner logout Syntax admin banner logout Banner Text Description Configures the banner displayed after the user logs out Note To go to the next line ...

Page 256: ...Description Clears the directory holding temporary files admin config delete Syntax admin config delete Config Name location default nfs cifs usb usbport u1 admin config rename Config Name location default nfs cifs usb usbport u1 nfsdir NFS Mounted Directory Description Deletes a configuration admin config factorydefaults Syntax admin config factorydefaults savesshkeys enable disable savesslcert e...

Page 257: ...keys enable disable savesslcert enable disable savescripts enable disable Config Params to Preserve is a comma separated list of current configuration parameters to retain after the config restore or factorydefaults Description Restores a saved configuration to the SLB admin config save Syntax admin config save Config Name location default ftp sftp nfs cifs usb nfsdir NFS Mounted Dir usbport u1 De...

Page 258: ...he next SLB reboot admin firmware copybank Syntax admin firmware copybank Description Copies the boot bank from the currently booted bank to the alternate bank for dual boot SLBs admin firmware highrestimers Syntax admin firmware highrestimers enable disable Description Enables high resolution timers required for Performance Monitoring or disables high resolution timers the default Changing this s...

Page 259: ... be able to access the firmware file using the settings admin ftp show displays The SLB branch office manager automatically reboots after successful update admin ftp password Syntax admin ftp password Description Sets the FTP server password and prevent it from being echoed admin ftp server Syntax admin ftp server IP Address or Hostname login User Login path Directory Description Sets the FTP TFTP...

Page 260: ... the LCD keypad If the keypad is locked you can scroll through settings but not change them admin keypad password Syntax admin keypad password Password Must be 6 digits Description Changes the Restore Factory Defaults password used at the LCD to return the SLB unit to the factory settings admin keypad show Syntax admin keypad show Description Displays keypad settings admin lcd reset Syntax admin l...

Page 261: ...ge admin memory swap add Size of Swap in MB usbport u1 Syntax admin memory swap add Size of Swap in MB usbport u1 Description Creates a swap space from the SLB disk or an external storage device admin memory swap delete Syntax admin memory swap delete Description Deletes the swap space from the SLB disk or an external storage device admin quicksetup Syntax admin quicksetup Description Runs the qui...

Page 262: ...ont panel displays the Shutting down the SLB message followed by a pause and then Shutdown complete When Shutdown complete displays it is safe to power off the SLB This command is not available on the Web page admin site Syntax Configures information about the site the SLB is located at admin site row Data Center Rack Row Number admin site cluster Data Center Rack Group Number admin site rack Data...

Page 263: ...me login User Login path Path to Files Description Imports an SSL certificate admin web certificate reset Syntax admin web certificate reset Description Resets a web certificate and generates custom self signed SSL certificate admin web certificate custom admin web certificate show Syntax admin web certificate show Description Displays a web certificate admin web gadget Syntax admin web gadget ena...

Page 264: ... web tlsv10 Syntax admin web tlsv10 enable disable Description Enables or disables TLS v1 0 admin web tlsv11 Syntax admin web tlsv11 enable disable Description Enables or disables TLS v1 1 admin web timeout Syntax admin web timeout disable 5 120 Description Configures the timeout for web sessions admin web terminate Syntax admin web terminate Session ID Description Terminates a web session ...

Page 265: ...figures the banner displayed on the web home page admin web iface none eth1 eth2 ppp Syntax admin web iface none eth1 eth2 ppp Description Defines a list of network interfaces the web is available on admin web timeout disable 5 120 minutes Syntax admin web timeout disable 5 120 minutes Description Configures the timeout for web sessions admin web cipher Syntax admin web cipher high himed Descripti...

Page 266: ...s 80 and 443 admin web server enable disable admin web restart Restart the web server admin web restart The following list includes options which accept the CLEAR command Note CLEAR must be in all caps Audit Log Commands show auditlog Syntax show auditlog command user clear Description Displays audit log By default shows the audit log sorted by date time You can sort it by user or command or clear...

Page 267: ...6 localusers 1 6 nis 1 6 radius 1 6 tacacs 1 6 Description Sets ordering of authentication methods Local Users authentication is always the first method used Any methods omitted from the command are disabled show auth Syntax show auth Description Displays authentication methods and their order of precedence show user Syntax show user Description Displays attributes of the currently logged in user ...

Page 268: ...et cflow secureport enable disable Enable or disable validating certificates when using https set cflow validatecerts enable disable Enable or disable messaging services set cflow mqttstate enable disable Set host and TCP port used to for messaging set cflow mqtthost Messaging Host mqttport TCP Port Enable or disable messaging security set cflow mqttsecurity enable disable Configure the device nam...

Page 269: ... Center IP Address kdc Key Distribution Center listenports Port List permissions Permission List Note See User Permissions Commands on page 278 for information on groups and user rights port Key Distribution Center TCP Port realm Kerberos Realm state enable disable useldapforlookup enable disable Description Configures the SLB device to use Kerberos to authenticate users who log in via the Web SSH...

Page 270: ...TCP Port base LDAP Base bindname Bind Name bindwithlogin enable disable useldapschema enable disable adsupport enable disable filteruser User Login Attribute filtergroup Group Objectclass grmemberattr Group Membership Attribute grmembervalue dn name encrypt enable disable dataports Port List listenports Port List clearports Port List accessoutlets Outlet List escapeseq 1 10 Chars breakseq 1 10 Cha...

Page 271: ...ion Displays LDAP settings Local Users Commands set localusers add edit Syntax set localusers add edit User Login one or more parameters Parameters accessoutlets Outlet List allowdialback enable disable breakseq 1 10 Chars changenextlogin enable disable changepassword enable disable clearports Port List dataports Port List dialbacknumber Phone Number displaymenu enable disable escapeseq 1 10 Chars...

Page 272: ...calusers allowreuse Syntax set localusers allowreuse enable disable Description Sets whether a login password can be reused set localusers complexpasswords Syntax set localusers complexpasswords enable disable Description Sets whether a complex login password is required set localusers state Syntax set localusers state enable disable Description Enables or disables authentication of local users Th...

Page 273: ... of days the login password may be used The default is 90 days set localusers maxloginattempts Syntax set localusers maxloginattempts Number of Logins Description Sets the maximum number of login attempts before the account is locked Disabled by default set localusers password Syntax set localusers password User Login Description Sets a login password for the local user set localusers periodlockou...

Page 274: ...ays the system warns the user that the password will be expiring The default is 7 days set localusers reusehistory Syntax set localusers reusehistory Number of Passwords Description Sets the number of passwords the user must use before reusing an old password The default is 4 set localusers state Syntax set localusers state enable disable Description Enables or disables authentication of local use...

Page 275: ...ee User Permissions Commands on page 278 for information on groups and user rights slave1 IP Address or Hostname slave2 IP Address or Hostname slave3 IP Address or Hostname slave4 IP Address or Hostname slave5 IP Address or Hostname state enable disable Description Configures the SLB branch office manager to use NIS to authenticate users who log in via the Web SSH Telnet or the console port The fo...

Page 276: ...ns Permission List Note See User Permissions Commands on page 278 for information on groups and user rights timeout enable 1 30 Note Sets the number of seconds after which the connection attempt times out It may be 1 30 seconds Description Configures the SLB branch office manager to use RADIUS to authenticate users who log in via the Web SSH Telnet or the console port set radius server Syntax set ...

Page 277: ...ist allowdialback enable disable authservice login pap chap breakseq 1 10 Chars clearports Port List custommenu Menu Name dataports Port List dialbacknumber Phone Number encrypt enable disable escapeseq 1 10 Chars group default power admin listenports Port List permissions Permission List protocol Protocol for Service server1 IP Address or Name server2 IP Address or Name server3 IP Address or Name...

Page 278: ... the console port The following list includes options which accept the CLEAR command Note CLEAR must be in all caps show tacacs Syntax show tacacs Description Displays TACACS settings User Permissions Commands set localusers group Syntax set localusers add edit user group default power admin Description Adds a local user to a user group or changes the group the user belongs to set localusers lock ...

Page 279: ...ub dp do ub rs rc dr wb sn ad po To remove a permission type a minus sign before the two letter abbreviation for a user permission Description Sets a local user s permissions not defined by the user group set remoteusers add edit Syntax set remoteusers add edit User Login parameters Parameters accessoutlets Outlet List dataports Port List breakseq 1 10 Chars escapeseq 1 10 Chars listenports Port L...

Page 280: ...e not part of the remote user list will be authenticated set remoteusers delete Syntax set remoteusers delete User Login Description Removes a remote user show remoteusers Syntax show remoteusers Description Displays settings for all remote users The following list includes options which accept the CLEAR command Note CLEAR must be in all caps set nis ldap radius kerberos tacacs group Syntax set ni...

Page 281: ...n ad po Description Sets permissions not already defined by the assigned permissions group show user Syntax show user Description Displays the rights of the currently logged in user CLI Commands set cli Syntax set cli scscommands enable disable Description Allows you to use SCS compatible commands as shortcuts for executing commands Enabling this feature enables it only for the current cli session...

Page 282: ...nnot detect the size of the terminal automatically Note Settings are retained between CLI sessions for local users and users listed in the remote users list set localusers lock Syntax set localusers lock User Login Description Block lock out a user s ability to log in set localusers unlock Syntax set localusers unlock User Login Description Allow unlock a user s ability to log in show cli Syntax s...

Page 283: ...plays the last 100 commands entered during the session Connection Commands connect bidirection Syntax connect bidirection Port or Name endpoint one or more Parameters Parameters Endpoint is one of charcount of Chars charseq Char Sequence charxfer toendpoint fromendpoint date MMDDYYhhmm ss deviceport Device Port or Name exclusive enable disable ssh IP Address or Name port TCP Port SSH flags where S...

Page 284: ...oth directions connect direct Syntax connect direct endpoint Parameters Endpoint is one of deviceport Device Port or Name ssh IP Address or Name port TCP Port SSH flags where SSH flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address or Name port TCP Port udp IP Address port UDP Port Description Connects to a device port to mon...

Page 285: ...f charcount of Chars charseq Char Sequence datetime MMDDYYhhmm ss deviceport Port or Name exclusive enable disable ssh IP Address or Name port TCP Port SSH flags where SSH flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address or Name port TCP Port trigger now datetime chars If the trigger is datetime establish connection at a ...

Page 286: ...esulting table The connection ID associated with a particular connection may change if the connection times out and is restarted show connections connid Syntax show connections connid Connection ID email Email Address Description Displays details for a single connection You can optionally email the displayed information Console Port Commands set consoleport Syntax set consoleport one or more param...

Page 287: ...When creating a custom user menu note the following limitations Maximum of 20 custom user menus Maximum of 50 commands per custom user menu logout is always the last command Maximum of 15 characters for menu names Maximum of five nested menus can be called No syntax checking Enter each command correctly set localusers Syntax set localusers add edit User Login menu Menu Name Description Assigns a c...

Page 288: ...Changes a nickname within an existing custom user menu Enables or disables the redisplay of the menu before each prompt Enables or disables the display of command nicknames instead of commands Sets the optional title for a menu set menu delete Syntax set menu delete Menu Name command Command Number Description Deletes a custom user menu or one command within a custom user menu The following list i...

Page 289: ...mands for a specific menu Date and Time Commands set datetime Syntax set datetime one date time parameter Parameters date MMDDYYhhmm ss timezone Time Zone Note If you type an invalid time zone the system guides you through the process of selecting a time zone Description Sets the local date time and local time zone one parameter at a time show datetime Syntax show datetime Description Displays the...

Page 290: ...Description Synchronizes the SLB branch office manager with a remote time server using NTP show ntp Syntax show ntp Description Displays NTP settings Device Commands set command Syntax set command Device Port or Name or List one or more parameters Parameters slp auth login User Login Establishes the authentication information to log into the SLP power manager attached to the device port slp restar...

Page 291: ...e permitted for the port sensorsoft hightemp High Temperature in C Sets the hightest temperature permitted for the port sensorsoft lowhumidity Low Humidity Sets the lowest humidity pemitted for the port sensorsoft highhumidity High Humidity Sets the lowest humidity permitted for the port sensorsoft traps enable disable Enables or disables traps when specified conditions are met sensorsoft status D...

Page 292: ...backdelay PPP Dial back Delay dialbacknumber usernumber Phone Number dialbackretries 1 10 dialinhostlist dialondemand dialin ondemand dialinlist Host List for Dial in dialoutnumber Phone Number dialoutlogin Remote User Login dialbacknumber usernumber Phone Number dodauth pap chap dodchaphost CHAP Host or User Name emaildelay Email Delay emaillogging disable bytecnt charstr emailrestart Restart Del...

Page 293: ...isable slmnms NMS IP Address slmthreshold Threshold slmtime Time Frame sshauth enable disable sshin enable disable sshport TCP Port sshtimeout disable 1 1800 seconds stopbits 1 2 sysloglogging enable disable tcpauth enable disable tcpin enable disable tcpport TCP Port tcptimeout disable 1 1800 seconds telnetauth enable disable telnetin enable disable telnetport TCP Port telnettimeout disable 1 180...

Page 294: ...rt global Syntax show deviceport global Description Displays global settings for device ports show deviceport names Syntax show deviceport names Description Displays a list of all device port names show deviceport port Syntax show deviceport port Device Port List or Name Description Displays the settings for one or more device ports set deviceport dialinlist nfsdir nfsdir breakseq banner group por...

Page 295: ...how portcounters zerocounters Device Port List or Name Description Zeros the port counters for one or more device ports show portstatus Syntax show portstatus deviceport Device Port List or Name email Email Address Description Displays the modes and states of one or more device port s You can optionally email the displayed information Diagnostic Commands diag arp Syntax diag arp email Email Addres...

Page 296: ...il Address Description To display a report of network connections You can optionally email the displayed information diag nettrace Syntax diag nettrace one or more parameters Parameters ethport 1 2 protocol tcp udp icmp esp host IP Address or Name numpackets Number of Packets verbose low medium high disable pcapfile File Name usbport U1 Description Displays all network traffic applying optional fi...

Page 297: ...at it is received correctly A special loopback cable comes with the SLB To test a device port plug the cable into the device port and run this command The command sends the specified Kbytes to the device port and reports success or failure The test is performed at 9600 baud Only an external test requires a loopback cable Top Command Synopsis he diag top Syntax he diag top Description Displays CPU ...

Page 298: ...e port slp envmon Displays the environmental status e g temperature and humidity of the SLP slp outletcontrol state on off cyclepower outlet Outlet Outlet is 1 8 for SLP8 and 1 16 for SLP16 The outletcontrol parameters control individual outlets slp outletstate outlet Outlet Shows the state of all outlets or a single outlet slp restart Issues the CLI command the SLP uses to restart itself slp syst...

Page 299: ...ty oid SNMP OID action fwdalltrapsmodem fwdseltrapmodem deviceport Device Port or Name nms SNMP NMS community SNMP Community oid SNMP Trap OID action fwdalltrapsmodem fwdseltrapmodem usbport u1 nms SNMP NMS community SNMP Community oid SNMP Trap OID action syslog Description Defines events admin events delete Syntax admin events delete Event ID Description Deletes an event definition admin events ...

Page 300: ... Description Displays event definitions Global Commands set deviceport global Syntax set deviceport global one or more parameters Parameters sshport TCP Port tcpport TCP Port telnetport TCP Port Port is a port number between 1025 and 65528 To view global settings for device ports show deviceport global Description Configures settings for all or a group of device ports ...

Page 301: ...le disable allowdialback enable disable dialbacknumber Phone Number permissions Permission List Note See help user permissions for information on user rights Rename a group set groups rename Group Name newname New Group Name Delete a group set groups delete Group Name show groups name Group Name members enable disable The following list includes options which accept the CLEAR command Note CLEAR mu...

Page 302: ... hosts to be used for modem dial in connections set hostlist add edit Host List Name entry Syntax set hostlist add edit Host List Name entry Host Number parameters Parameters host IP Address or Name protocol ssh telnet tcp port TCP Port escapeseq 1 10 Chars Description Adds a new host entry to a list or edit an existing entry set hostlist edit Host List Name move Syntax set hostlist edit Host List...

Page 303: ...iption Displays the members of a host list IP Filter Commands set ipfilter state Syntax set ipfilter state Description Enables or disables IP filtering for incoming network traffic set ipfilter mapping Syntax set ipfilter mapping parameters Parameters ethernet 1 2 state disable ethernet 1 2 state enable ruleset Ruleset Name deviceport 1 48 state disable deviceport 1 48 state enable ruleset Ruleset...

Page 304: ...ace Rule Number delete Rule Number Description Sets IP filter rules Logging Commands set deviceport port Syntax set deviceport port Device Port List or Name one or more deviceport parameters Parameters emaildelay Email Delay emaillogging disable bytecnt charstr emailrestart Restart Delay emailsend email trap both emailstring Regex String emailsubj Email Subject emailthreshold Byte Threshold emailt...

Page 305: ...o use the set locallog clear command the user must have permission to clear port buffers see Chapter 11 User Authentication Example set deviceport port 2 5 6 12 15 16 baud 2400 locallogging enable show locallog Syntax show locallog Device Port or Name bytes Bytes To Display Description Displays a specific number of bytes of data for a device port 1K is the default set locallog clear Syntax set loc...

Page 306: ... disable Description Enables PPP activity messages in the modem log set log modem pppdebug Syntax set log modem pppdebug enable disable Description Enables PPP debugging messages in the modem log show log modem Syntax show log modem display head tail numlines Number of Lines Description View the modem activity log for external modems and USB modems show log local Syntax show log local nfs usb Devi...

Page 307: ... the log show log files Syntax show log files nfs usb localdir NFS Mount Local Directory usbport u1 deviceport Device Port or name Description Lists the NFS or USB log files either for a specific device port or all log files in a USB or NFSlocation Network Commands set network Syntax set network parameters Parameters interval 1 99999 Seconds ipforwarding enable disable probes Number of Probes star...

Page 308: ...n the fail over device set network gateway faildevupdate ftp sftp scp usb gwfile Firmware File radiofile Radio File host IP Address or Name login User login path File Path Reboot the fail over device or set the fail over device SIM Card PIN SIM Personal Unblocking Key or Admin Password any extra parameters are ignored set network gateway reboot set network gateway faildevpin set network gateway fa...

Page 309: ...l 100mbit full state dhcp bootp static disable ipaddr IP Address mask Mask ipv6addr IP v6 Address Prefix Description Configures Ethernet port 1 or 2 The following list includes options which accept the CLEAR command Note CLEAR must be in all caps show network dns Syntax show network dns Description Displays DNS settings show network gateway Syntax show network gateway Description Displays gateway ...

Page 310: ...etwork port 1 2 Description Displays Ethernet port settings and counters show network all Syntax show network all Description Displays all network settings NFS and SMB CIFS Commands set nfs mount Syntax set nfs mount one or more parameters Parameters locdir Directory mount enable disable remdir Remote NFS Directory rw enable disable Enables or disables read write access to remote directory ...

Page 311: ...mand Note CLEAR must be in all caps set cifs Syntax set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup Description Configures the SMB CIFS share which contains the system and device port logs The admin config command saves SLB configurations on the SMB CIFS share set cifs password Syntax set cifs password Description ...

Page 312: ...ommand Note CLEAR must be in all caps show cifs Syntax show cifs Description Displays SMB CIFS settings show nfs Syntax show nfs Description Displays NFS share settings Performance Monitoring Commands show perfmon Syntax show perfmon Parameters show perfmon probe all Probe Id or Name Description Display global settings and all probes or a selected probe set cifs workgroup ...

Page 313: ...s Parameters show perfmon operations Probe Id or Name Description Display list of completed operation sets for a probe set perfmon results Syntax set perfmon results Parameters show perfmon results Probe Id or Name set Operation Set Number display head tail numlines Number of Lines email Email Address Description Display round trip times RTT for last completed operation set or selected set and opt...

Page 314: ...et perfmon repo Syntax set perfmon repo local usb usbport U1 Description Set repository where probe operations are stored set perfmon keep Syntax set perfmon keep Number of Operations to Keep Description Set number of operations stored for each probe set perfmon udpjitterresp Syntax set perfmon udpjitterresp enable disable Description Enable responders for UDP jitter set perfmon udpechoresp Syntax...

Page 315: ...conds between Operations packets Number of Packets to Send interval Milliseconds between Packets timeout Milliseconds to Wait for Response host Destination IP Address or Name port Destination Port precision milli micro datasize Payload Data Size in Bytes verifydata enable disable codec g729a g711alaw g711mulaw tos none Type of Service interface none eth1 eth2 nameserver IPv4 Address Description Ad...

Page 316: ... Type of Service interface none eth1 eth2 nameserver IPv4 Address Description Edit an existing probe set perfmon delete Syntax set perfmon delete Probe Id or Name data all of Sets to Keep Description Delete a probe or delete all operation data for a probe or delete all but the most recent operation sets for a probe set perfmon state Syntax set perfmon state all Probe Id or Name action restart Desc...

Page 317: ...t Description state on off wakeup on off laststate reboot Description Configures and controls power outlets Example set power outlet 1 2 4 state on set power switchingdelay Syntax set power switchingdelay Delay in msec Description Sets the delay after switching on an outlet before switching on the next show power Syntax show power Outlet or Name Description Displays power settings for all outlets ...

Page 318: ...h Description Configures static or dynamic routing To delete a static route set the IP address mask and gateway parameters to 0 0 0 0 show routing Syntax show routing resolveip enable disable email Email Address Description Sets the routing table to display IP addresses disable or the corresponding host names enable You can optionally email the displayed information Script Commands set script impo...

Page 319: ...admin permissions Permission List Note See help user permissions for information on groups and user rights Description Update a script set script rename Syntax set script rename interface batch custom name Script Name newname New Script Name Description Rename a script set script delete Syntax set script delete interface batch custom name Script Name Description Delete a script set script runcli S...

Page 320: ... Device Port or Name state enable disable delete parameters Cmd Line Parameters starttime now HH MM MMDD afterHH MM frequency Hours Days between each operation stoptime forever HH MM MMDD afterHH MM Description Schedule a custom script to be run at a certain time either once or recurring frequency is specified as hours 4H for 4 hours or days 2D for 2 days show script Syntax show script type interf...

Page 321: ...ion or a selected operation and optionally email the results Services Commands set services Syntax set services one or more services parameters Parameters alarmdelay 1 6000 Seconds auditlog enable disable auditsize 1 500 in Kbytes authlog off error warning info debug clicommands enable disable contact Admin contact info devlog off error warning info debug diaglog off error warning info debug dsake...

Page 322: ...e or 1 30 timeouttelnet disable or 1 30 traps enable disable trapcommunity Trap Community v1 enable disable v1ssh enable disable v2c enable disable v3auth md5 sha v3encrypt des aes v3user V3 RW User v3user V3 RO User v3rwuser V3 RW User v3security noauth auth authencrypt webssh enable disable webtelnet enable disable Set SNMP v3 read only password passphrase or read write password passphrase set s...

Page 323: ... modem related events authentication outbound network traffic for DOD connections etc The site parameters will override any parameters configured for the modem To use sites with a modem enable usesites Sites can be used with the following modem states dialin dialback cbcpserver dialondemand dialin ondemand and dialback ondemand Parameters allowdialback enable disable auth pap chap cbcpnocallback e...

Page 324: ... will be ignored set site dialoutpassword Site Name set site chapsecret Site Name Deletes a site set site delete Site Name show site all names Site Name Secure Lantronix Network Commands set slcnetwork Syntax set slcnetwork one or more parameters Parameters add IP Address delete IP Address search localsubnet ipaddrlist both Description Detects and displays all SLB branch office manager or user def...

Page 325: ... scp copypaste pubfile Public Key File host IP Address or Name login User Login path Path to Copy Keys Description Exports the public keys all of the previously created SSH keys set sshkey delete Syntax set sshkey delete one or more parameters Parameters keyhost SSH Key Host keyname SSH Key Name keyuser SSH Key User Description Deletes an ssh key Specify the keyuser and keyhost to delete an import...

Page 326: ...eyuser SSH Key User path Path to Public Key File file Public Key File host IP Address or Name login User Login Description Imports an SSH key set sshkey server import Syntax set sshkey server import type rsa1 rsa dsa via sftp scp pubfile Public Key File privfile Private Key File host IP Address or Name login User Login path Path to Key File Description Imports an SLB host key set sshkey server res...

Page 327: ...ys all exported keys or keys for a specific user IP address or name show sshkey import Syntax show sshkey import one or more parameters Parameters keyhost SSH Key IP Address or Name keyuser SSH Key User viewkey enable disable Description Displays all keys that have been imported or keys for a specific user IP address or name show sshkey server Syntax show sshkey server type all rsa1 rsa dsa Descri...

Page 328: ...connid Connection ID email Email Address Description Provides details for example endpoint parameters and trigger for a specific connection Optionally emails the displayed information Note Use the basic show connections command to obtain the Connection ID show portcounters Syntax show portcounters deviceport Device Port List or Name email Email Address Description Generates a report for one or mor...

Page 329: ...B devices Optionally emails the displayed information System Log Commands show syslog Syntax show syslog parameters Parameters email Email Address level error warning info debug log all netlog servlog authlog devlog diaglog genlog display head tail numlines Number of Lines starttime MMDDYYhhmm ss endtime MMDDYYhhmm ss Description Displays the system logs containing information and error messages N...

Page 330: ...format Syntax set usb storage fsck Description Views a directory listing of a file system check set usb storage fsck u1 Syntax set usb storage format u1 filesystem ext2 fat Description Formats a Compact Flash card set usb storage mount Syntax set usb storage mount u1 Description Mounts a Compact Flash card in the SLB branch office manager for use as a storage device The Compact Flash card must be ...

Page 331: ...sers chaphost CHAP Host or User Name checkdialtone disable 5 600 mins databits 7 8 dialbackdelay PPP Dialback Delay dialbacknumber usernumber Phone Number dialbackretries 1 10 dialinlist Host List for Dial in dialoutlogin Remote User Login dialoutnumber Phone Number dodauth pap chap dodchaphost CHAP Host or User Name flowcontrol none xon xoff rts cts group Local or Remote Group Name initscript Mod...

Page 332: ...vice logging set usb storage mount U1 Unmounts a thumb drive set usb storage unmount U1 Runs a filesystem check on a thumb drive recommended if it does not mount set usb storage fsck U1 Displays a directory listing of a thumb drive set usb storage dir U1 Renames a file on a thumb drive set usb storage rename U1 file Filename newfile New Filename Copies a file on a thumb drive set usb storage copy ...

Page 333: ...cription Sets the vpn The following list includes options which accept the CLEAR command Note CLEAR must be in all caps show vpn Syntax show vpn Description Shows the vpn set temperature Syntax set temperature Description Sets the temperature set usb modem dialinlist chaphost chapsecret dodchaphost dodchapsecret initscript dialoutlogin dialoutpassword dialbacknumber group set vpn name remoteid loc...

Page 334: ...14 Command Reference SLB Branch Office Manager User Guide 334 show temperature Syntax show temperature Description Shows the temperature ...

Page 335: ...mmand Description Help Lists and prints the command list and online help An alias for help Boot Boot default runs bootcmd Bootcheck Checks boot bank information Bootinfo Displays boot bank information bootsel 1 2 Selects boot bank 1 or boot bank 2 IDE Accesses the IDE sub system Mtest Performs a simple test of the RAM Ping Sends a query to determine whether a connectino exists Printenv Displays th...

Page 336: ...llowing Command Description Imagecopy Copies an image of the drive from the lower PCMCIA device to the internal CF card Passwd Provides a new password for user admin The default password for user admin is admin User cust does not have a password Ping Sends a ping request to the network host Printenv Prints bootloader variables Setenv Sets environment variables ...

Page 337: ...acility and network infrastructure for example how vulnerable the CAT 5 wiring is to tapping Factors Affecting Security External factors affect the security provided by the SLB unit for example Telnet sends the login exchange as clear text across Ethernet A person snooping on a subnet may read your password A terminal to the SLB device may be secure but the path from the SLB branch office manager ...

Page 338: ... 25 pin serial connector found on other manufacturers serial devices or re route the serial signals for connections to other devices that use RJ45 serial connectors Please check the cabling database on the Lantronix Web site at www lantronix com for suggested cables and adapters for commonly used serial devices The console port is wired the same way as the device ports and has the same signal opti...

Page 339: ... C Adapters and Pinouts SLB Branch Office Manager User Guide 339 Figure C 2 RJ45 Receptacle to DB25F DCE Adapter for the SLB PN 200 2067A Figure C 3 RJ45 Receptacle to DB9M DCE Adapter for the SLB PN 200 2069A ...

Page 340: ...Use PN 200 2070A adapter with a PC s serial port Figure C 5 RJ45 to RJ45 Adapter for Netra Sun Cisco and SLP PNs 200 2225 and ADP010104 01 Note The cable ends of the ADP010104 01 are an RJ45 socket on one end and a RJ45 plug on the other instead of RJ45 sockets on both ends Use this adapter for SLP Remote Power Manager Netra SUN CISCO and others ...

Page 341: ...cation for client server applications by using secret key cryptography LDAP Lightweight Directory Access Protocol A protocol for accessing directory information NAT Network Address Translation An Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic This enables a company to shield internal addresses from the pub...

Page 342: ...ns as well as Web browsers to share files across the Internet CIFS runs on TCP IP and uses the SMB protocol in Microsoft Windows for accessing files With CIFS users with different platforms and computers can share files without having to install new software SNMP Simple Network Management Protocol A protocol that system administrators use to monitor networks and connected devices and to respond to...

Page 343: ...2010 A12 2011 A2 2013 UL 60950 1 2nd Edition 2011 12 19 Information Technology Equipment Safety Part 1 General Requirements CSA C22 2 No 60950 1 07 2nd Edition 2011 12 Information Technology Equipment Safety Part 1 General Requirements EMC EMC Directive 2014 30 EU Emissions FCC Part 15 Subpart B Industry Canada ICES 003 Issue 5 VCCI V 3 2013 04 AS NZS CISPR 22 2009 EN 55022 2011 Immunity EN 55024 ...

Page 344: ...erference in which case you will be required to correct the interference at your own expense INDUSTRY CANADA NOTICE Canada Only This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à la norme NMB 003 du Canada RoHS Compliance This product meets the requirements of 2002 95 EC European RoHS and also complies with the SJ T 11363 2006 People...

Reviews:

No comments