Home
/
Lantronix
/
SLB088411-01
/
User Manual

Lantronix SLB088411-01, User Manual, Page: 158 / 280

Share

Page: 158 / 280

Lantronix SLB088411-01 User Manual Download Page 158

11: User Authentication

SLB™ Branch Office Manager User Guide

158

To set user group and permissions for RADIUS users:

set radius group <default|power|admin>

To set permissions for RADIUS users not already defined by the user rights group:

set radius permissions <Permission List>

where

<Permission List>

is one or more of

nt, sv, dt, lu, ra, sk, um, dp,

pc, rs, rc, dr, wb, sn, ad

To remove a permission, type a minus sign before the two-letter abbreviation for a user
right.

To set a default custom menu for RADIUS users:

set radius custommenu <Menu Name>

To view RADIUS settings:

show radius

Kerberos

Kerberos is a network authentication protocol that provides strong authentication for
client/server applications by using secret-key cryptography.

The system administrator can configure the SLB branch office manager to use Kerberos
to authenticate users attempting to log in using the Web, Telnet, SSH, or the console
port.

Users who are authenticated through Kerberos are granted device port access through
the port permissions on this page.

All Kerberos users are members of a group that has predefined user rights associated
with it. You can add additional user rights that are not defined by the group.

To configure the SLB branch office manager to use Kerberos to authenticate
users:

1. Click the

User Authentication

tab and select the

Kerberos

option. The following

page displays.

«
...
156
157
158
159
160
...
»

Summary of Contents for SLB088411-01

Page 1: ...Part Number 900 510 Revision C October 2013 SLB Branch Office Manager User Guide ...

Page 2: ...licensed under the Berkeley Software Distribution BSD license or the GNU General Public License GPL as published by the Free Software Foundation FSF Redistribution or incorporation of BSD or GPL licensed software into hosts other than this product must be done under their terms A machine readable copy of the corresponding portions of GPL licensed source code is available at the cost of distributio...

Page 3: ... is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the user s authority to operate this equipment Changes or modifications to this device not explicitly approved by Lantronix will void the user s authority to operate this device The information in this guide may change without notice The manufacturer assumes no responsibility for any ...

Page 4: ...______14 Benefits ______________________________________________________________ 14 Models_______________________________________________________________ 15 System Features_______________________________________________________ 16 Protocols Supported ________________________________________________________17 Access Control ____________________________________________________________17 Power Outlet...

Page 5: ...____________________43 Logging out _______________________________________________________________43 Command Syntax __________________________________________________________44 Command Line Help ________________________________________________________45 Tips _____________________________________________________________________45 General CLI Commands ________________________________________________...

Page 6: ... _____________________________________________________________98 NFS File Logging___________________________________________________________99 PC Card Logging___________________________________________________________99 Email SNMP Notification _____________________________________________________99 Sylog Logging ____________________________________________________________100 Logging Commands _____...

Page 7: ...__________162 TACACS ___________________________________________________________ 163 TACACS Commands _____________________________________________________166 SSH Keys ___________________________________________________________ 166 Imported Keys ____________________________________________________________167 Exported Keys____________________________________________________________167 SSH Commands _...

Page 8: ...______________________________________ 232 Console Port Commands _______________________________________________ 235 Custom User Menu Commands __________________________________________ 236 Date and Time Commands ______________________________________________ 237 Device Commands ____________________________________________________ 238 Device Port Commands __________________________________________...

Page 9: ...s 8 Switch Ports 1 AC Power Supply 16 Figure 2 3 Device Port Connections 20 Figure 2 4 Console Port Connection 20 Figure 2 5 Network Connection 21 Figure 2 6 PC Card Interface 21 Figure 3 1 CAT 5 Cable Connection 25 Figure 3 2 Power Outlets 26 Figure 3 3 8 Port Ethernet Switch 27 Figure 3 4 SLB Installation Using the Integrated Ethernet Switch 28 Figure 3 5 SLB Installation Using a Managed Switch ...

Page 10: ...nd for configuring required settings 5 Web and Command Line Interfaces Describes the web and command line interfaces available for configuring the SLB branch office manager Note The configuration chapters 6 12 provide detailed instructions for using the web interface and include equivalent command line interface commands 6 Basic Parameters Provides instructions for configuring network ports firewa...

Page 11: ... enhancing SLB security C Safety Precautions Lists safety precautions for using the SLB branch office manager D Adapters and Pinouts Includes adapter pinout diagrams E Protocol Glossary Lists the protocols supported by the SLB unit with brief descriptions F Compliance Information Provides information about the SLB device s compliance with industry standards Additional Documentation Visit the Lantr...

Page 12: ...es data logging monitoring and secure access control via the Internet Power Management Outlets for Power Connectivity 4 outlets for power connectivity Provides ability to control power individually to all attached equipment Provides on off reboot control Ensures safe power distribution and reduces in rush current overload Ethernet Switch 8 ports for network connectivity Provides additional flexibi...

Page 13: ...ities that are typically remote or distributed IT locations likely located off site of corporate headquarters or large scale enterprise facilities These distributed facilities typically do not have an on site maintenance staff or IT System Administrator Typically the branch office environment has some of the following characteristics Space is limited to 1U rack space or shelf mounted desktop unit ...

Page 14: ...B branch office manager is used in many types of business for example Banking and finance Insurance companies Healthcare Retail Sales Information Technology Education and campus style facilities Hospitality Manufacturing Facilities Benefits The key benefits of using the SLB branch office manager Saves space Compact design merges the functionality of three solutions into a 1U rack solution reducing...

Page 15: ... RJ45 pin outs of the console ports of many popular devices found in a network environment and where different can be converted using Lantronix adapters See D Adapters and Pinouts for more information on serial adapters and pin outs Unmanaged Ethernet Switch A built in 8 port unmanaged Ethernet switch provides convenience and helps further reduce required rack space Ports and Modem Slots The SLB b...

Page 16: ...rity protocols Network File System NFS and Common Internet File System CIFS support Telnet or SSH to a serial port by IP address per port or by IP address and TCP port number Configurable user rights for local and remotely authenticated users Support for an internal PC Card modem or an external modem Sun break safe no unintentional break ever sent to attached servers Simultaneous access on the sam...

Page 17: ...d LDAP Power Outlet Control With the SLB branch office manager s built in power management capability system administrators can remotely control the power on off reboot individually to all IT equipment in the branch office ensure safe power distribution and reduce in rush current overload If SNMP traps are enabled a trap alarm is sent if the total current for all outlets exceeds a threshold Device...

Page 18: ...ffices are interconnected always on by VPN routers overlaid on the Internet and also interconnected on demand through the analog phone system Note The SLB branch office manager can also be the authentication gateway to a network architecture that is not VPN based The SLB device provides Ethernet switch service blue remotely controlled and monitored AC power orange console management green and trad...

Page 19: ...d slots Front panel LCD display and keypad 256 KB per port buffer memory for serial device ports 8 port unmanaged Ethernet switch with auto MDI MDIX function 8 RS 232 serial device ports connected via Category 5 RJ45 wiring AC Power Input SLB088411 01 model 1 IEC 60320 C20 inlet 100 120 VAC 50 60Hz 20A Branch Circuit 16A max input current 2 15A Branch Circuit 12A max input current 1 SLB088412 01 m...

Page 20: ...sole port must support the RS 232C EIA 232 standard Category 5 cabling with RJ45 connections is used for the device port connections and for the console port For pinout information see D Adapters and Pinouts Note RJ45 to DB9 DB25 adapters are available from Lantronix Device ports and the console port support eight baud rate options 300 600 1200 2400 4800 9600 19200 38400 57600 and 115200 baud Figu...

Page 21: ...s must be configured before the SLB branch office manager can be accessed over the network Note One possible use for the two Ethernet ports is to have one port on a private secure network and the other on a public unsecured network Figure 2 5 Network Connection PC Card Interface The SLB has two PC Card slots Lantronix qualifies cards continuously and publishes a list of qualified cards on the Lant...

Page 22: ... DB25 male and some HP9000 s 200 2069A Adapter DB9M DCE to RJ45 SGI Onyx 200 2070A Adapter DB9F DCE to RJ45 HP9000 SGI Origin IBM RS6000 and PC based Linux servers ADP010104 01 Adapter RJ45 rolled serial Cisco and Sun Netra Note An optional adapter for external modems is also available from Lantronix 200 2073 Adapter DB25M DCE to RJ45 external modems Cables 500 184 R Cable RJ45 to RJ45 Cat 5 1 Ft ...

Page 23: ...ble 300 to 115 200 baud Power Input Model SLB088411 01 1 IEC 60320 C20 inlet 100 120 VAC 50 60Hz 20A Branch Circuit 16A max input current 2 15A Branch Circuit 12A max input current 1 Model SLB088412 01 1 IEC 60320 C20 inlet 100 240 VAC 50 60Hz 20A Branch Circuit 15A max input current Power Outlets Model SLB088411 01 4 NEMA5 15R outlets 100 120 VAC 50 60Hz 20A Branch Circuit 15A max per outlet 16A ...

Page 24: ... adequate airflow through the SLB 2 Connect the serial device s to the SLB device ports See on page 25 3 Install any PC Cards you intend to use If you install a modem card connect to the phone line See 9 PC Cards 4 You have the following options a To configure the SLB branch office manager using the network or to monitor serial devices on the network connect at least one SLB network port to a netw...

Page 25: ...cted equipment See D Adapters and Pinouts for more information about Lantronix adapters 3 Connect the adapter to the serial console of the serial device Figure 3 1 CAT 5 Cable Connection Connecting to a Network Port The SLB device s network ports 10Base T 100Base TX allow remote access to the attached devices and the system administrative functions Use a standard RJ45 terminated Category 5 cable t...

Page 26: ...r Source The SLB branch office manager consumes less than 20W of electrical power The SLB device has a universal auto switching AC power supply The power supply accepts AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz Rear mounted IEC type AC power connector s are provided for universal AC power input see page 22 for included power cords Figure 4 2 AC Power Input Connecting...

Page 27: ...standard Ethernet patch cables from the Ethernet devices to the SLB device s switch ports An example of a standard Ethernet patch cable is the Lantronix 200 0062 RJ45 TO RJ45 CAT5 CABLE LAN PINNING 6 6 Ft Typical Installations Following are illustrations showing some typical ways to install the SLB branch office manager In Figure 3 4 three serial devices a server a Cisco switch and a firewall conn...

Page 28: ...egrated Ethernet Switch In Figure 3 5 the SLB branch office manager controls four serial devices and provides power to them The devices use a managed switch to connect to the network The figure also shows how Lantronix Spiders can be daisy chained Figure 3 5 SLB Installation Using a Managed Switch ...

Page 29: ...ss Your SLB branch office manager must have a unique IP address on your network The system administrator generally provides the IP address and corresponding subnet mask and gateway The IP address must be within a valid range unique to your network and in the same subnet as your PC You have the following options for assigning an IP address to your SLB device Table 4 1 Methods of Assigning an IP Add...

Page 30: ...k unless automatically assigned Gateway DNS settings Date time and time zone Console port settings baud rate data bits stop bits parity and flow control Make sure the SLB branch office manager is plugged in to power and turned on Front Panel LCD Display and Pushbuttons With the SLB device powered up you can use the front panel display and pushbuttons to set up the basic parameters Figure 4 1 Front...

Page 31: ...To return to the previous option left arrow To enter edit mode Enter center button Within edit mode to increase or decrease a numerical entry up and down arrows Within edit mode to move the cursor right or left right or left arrows To exit edit mode Enter To scroll up or down the list of parameters within an option e g from IP Address to Mask up and down arrows Table 4 2 Front Panel Setup Options ...

Page 32: ...r each setting 9 Press the right arrow button to move to the next option Date Time Settings and click Enter to edit the time zone a To enter a US time zone use the up down arrow buttons to scroll through the US time zones and then press Enter to select the correct one b To enter a time zone outside the US press the left arrow button to move up to the top level of time zones Press the up down arrow...

Page 33: ...defaults select Yes When the process is complete the SLB reboots Method 2 Quick Setup on the Web Page After the unit has an IP address you can use the Quick Setup web page to configure the remaining network settings This page displays the first time you log into the SLB only Otherwise the SLB Home Page displays For information about the web interface see Web Interface on page 40 To complete the Qu...

Page 34: ... the Apply button at the bottom of the page Otherwise continue with step 5 Note Once you click the Apply button on the Quick Setup page you can continue using the web interface to configure the SLB branch office manager further 5 Enter the following Network Settings Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported ...

Page 35: ...ons with the same IP subnet on multiple interfaces Ethernet or PPP Subnet Mask If specifying an IP address enter the network segment on which the SLB device resides There is no default Default Gateway The IP address of the router for this network There is no default Hostname The default host name is slbXXXX where XXXX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 6...

Page 36: ...ranch Office Manager User Guide 36 Administrator Settings Sysadmin Password Retype Password To change the password e g from the default enter a password of up to 64 characters 6 To save your entries click the Apply button ...

Page 37: ... should be at the login prompt 2 Enter sysadmin as the user name and press Enter 3 Enter PASS as the password and press Enter The first time you log in the Quick Setup script runs automatically Normally the command prompt displays Figure 4 2 Beginning of Quick Setup Script Quick Setup will now step you through configuring a few basic settings The current settings are shown in brackets You can acce...

Page 38: ...ware address of Ethernet Port 1 There is a 64 character limit contiguous characters no spaces Note The host name becomes the prompt in the command line interface Domain If desired specify a domain name for example support lantronix com The domain name is used for host name resolution within the SLB branch office manager For example if abcd is specified for the SMTP server and mydomain com is speci...

Page 39: ... Next Step After quick starting the SLB branch office manager you may want to configure other settings You can use the web page or the command line interface for configuration For information about the web and the command line interfaces go to 5 Web and Command Line Interfaces To continue configuring the SLB device go to 6 Basic Parameters ...

Page 40: ...rface A web interface allows the system administrator and other authorized users to configure and manage the SLB branch office manager using most web browsers Netscape Navigator 6 x and later or Internet Explorer 5 5 and later with JavaScript enabled The Web Telnet and Web SSH features require Java 1 1 or later support in the browser The SLB device provides a secure encrypted web interface over SS...

Page 41: ...ions for use with the port buttons Selecting a port and the Configuration option takes you to the Device Port Settings page Selecting a port and the WebSSH option displays the WebSSH window for the device port if Web SSH is enabled and if SSH is enabled for the device port S switch buttons refer to the unmanaged Ethernet switch ports on the back of the unit The firmware does not currently configur...

Page 42: ...og in but the same user cannot login more than once To log in to the SLB web interface 1 Open a web browser Netscape Navigator 6 x and later or Internet Explorer 5 5 and later 2 In the URL field type https followed by the IP address of your SLB branch office manager 3 To configure the SLB device use sysadmin as the user name and PASS as the password These are the default values Note The system adm...

Page 43: ...f the following With a serial terminal connection power up and when the command line displays press Enter If the SLB branch office manager already has an IP address assigned previously or assigned by DHCP Telnet if Telnet has been enabled or SSH to xx xx xx xx the IP address in dot quad notation and press Enter The login prompt displays 2 To log in as the system administrator for setup and configu...

Page 44: ...r values are in mixed case Square brackets indicate optional parameters Table 5 1 Actions and Category Options Action Category set network ipfilter routing datetime ntp services nfs cifs menu hostlist auth localusers remoteusers ldap radius kerberos tacacs consoleport deviceport nis slcnetwork command sshkey password history cli locallog power show network ipfilter routing datetime ntp services nf...

Page 45: ... names if more than one is possible Following a space after the preceding name Tab displays all possible names Should you make a mistake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port Use the left and right arrow keys ...

Page 46: ...show deviceport names direct connect direct deviceport listen connect listen deviceport clear set locallog clear telnet connect direct telnet ssh connect direct ssh To set the number of lines displayed by a command set cli terminallines disable Number of lines Sets the number of lines in the terminal emulation screen for paging through text one screenful at a time if the SLB branch office manager ...

Page 47: ...ick Setup procedure you may update them here Requirements If you assign a different IP address from the current one it must be within a valid range unique to your network and with the same subnet mask as your workstation To configure the unit you need the following information IP address ________ ________ ________ ________ Subnet mask ________ ________ ________ ________ IP address optional _______...

Page 48: ...ne or both network ports 1 Click the Network tab and select the Network Settings option The following page displays 2 Enter the following information Eth1 and Eth2 Settings Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported ...

Page 49: ... if your IP address is 172 19 201 28 do not enter 028 for the last segment Note Currently the SLB branch office manager does not support configurations with the same IP subnet on multiple interfaces Ethernet or PPP Subnet Mask If specifying an IP address enter the network segment on which the SLB device resides There is no default Eth 1 and or Eth2 IPv6 Address Address of the port in IPv6 format N...

Page 50: ... gives precedence to the Eth1 gateway Alternate An alternate IP address of the router for this network to be used if an IP address usually accessible through the default gateway fails to return one or more pings IP Address to Ping IP address to ping to determine whether to use the alternate gateway Ethernet Port to Ping Ethernet port to use for the ping Delay between Pings Number of seconds betwee...

Page 51: ...tomatically DHCP Acquired DNS Servers 1 3 Displays the IP address of the name servers if automatically assigned by DHCP GPRS Acquired DNS Servers 1 3 Displays the IP address of the name servers if automatically assigned by General Packet Radio Service GPRS TCP Keepalive Parameters Start Probes Number of seconds the SLB branch office manager waits after the last transmission before sending the firs...

Page 52: ...ddress To set the default and alternate network gateways set network gateway parameters Parameters default IP Address precedence dhcp gprs default alternate IP Address pingip IP Address ethport 1 or 2 pingdelay 1 250 seconds failedpings 1 25 The alternate gateway is used if an IP address usually accessible through the default gateway fails to return one or more pings To set the SLB host name and d...

Page 53: ...traffic through that connection is compared in order to the rules of that filter Network traffic may be allowed to pass it may be dropped without notice or it may be rejected sends back an error packet depending upon the rules of that filter rule set The administrator uses the Network IP Filter page to view add edit delete and map IP filters Warning IP filters configuration is a feature for advanc...

Page 54: ...d not respond to Packets Rejected view only Displays the number of data packets that the filter sent a rejected response to Test Timer Timer for testing IP Filter rulesets Select No to disable the timer Select Yes minutes 1 120 to enable the timer and enter the number of minutes the timer should run The timer automatically disables the IP Filters when the time expires Time Remaining view only Indi...

Page 55: ...ay be composed of letters numbers and hyphens only The name cannot start with a hyphen Example FILTER 2 Rule Parameters IP Address Specify a single IP address to act as a filter Example 172 19 220 64 this specific IP address only Subnet Mask Specify a subnet mask to act as a filter Example 255 255 0 0 Protocol From the drop down list select the type of protocol through which the filter will operat...

Page 56: ...erate the necessary rule to allow their use 3 Click the right arrow button to add the new rule to the bottom of the Rules list box on the right 4 To remove a rule from the filter set highlight that line and click the left arrow The rule populates the rule definition fields allowing you to make minor changes before reinserting the rule To clear the definition fields click the Clear button 5 To chan...

Page 57: ...er Commands The following CLI commands correspond to the web page entries described above To enable or disable IP filtering for incoming network traffic set ipfilter state To set IP filter mapping set ipfilter mapping parameters Parameters ethernet 1 2 state disable ethernet 1 2 state enable ruleset Ruleset Name deviceport 1 48 state disable deviceport 1 48 state enable ruleset Ruleset Name pccard...

Page 58: ...abled by default RIP Version Select the RIP version The default is 2 Static Routing Enable Static Routing Select to assign the routes manually The system administrator usually provides the routes Disabled by default To add a static route enter the IP Address Subnet Mask and Gateway for the route and click the Add Edit Route button The route displays in the Static Routes table You can add up to 64 ...

Page 59: ...e entries described above To configure static or dynamic routing set routing parameters Parameters rip enable disable route 1 64 ipaddr IP Address mask Netmask gateway IP Address static enable disable version 1 2 both Note To delete a static route set the IP address mask and gateway parameters to 0 0 0 0 To set the routing table to display IP addresses disable or the corresponding host names enabl...

Page 60: ...pport downloads The private enterprise MIB provides read only access to all statistics and configurable items provided by the SLB It provides read write access to a select set of functions for controlling the SLB and device ports See the MIB definition file for details Identify a Simple Mail Transfer Protocol SMTP server Enable or disable SSH and Telnet logins Configure an audit log View the statu...

Page 61: ...ror messages This is the default for all message types Error Saves messages that are output because of an error Debug Saves extraneous detail that may be helpful in tracking down a problem in addition to information warning and error messages Network Level Messages concerning the network activity for example about Ethernet and routing Services Messages concerning services such as SNMP and SMTP Aut...

Page 62: ...irect through the Web SSH window Disabled by default Timeout If you enable SSH logins you can cause an idle connection to disconnect after a specified number of minutes Select Yes and enter a value of from 1 to 30 minutes Note You must reboot the unit before a change will take effect SSH Port Allows you to change the SSH login port to a different value in the range of 1 65535 The default is 22 Not...

Page 63: ...50 Kbytes approximately 500 entries You can set the maximum size of the log from 1 to 500 Kbytes Include CLI Commands Select to cause the audit log to include the CLI commands that have been executed Disabled by default Include In System Log If enabled the contents of the audit log are added to the system log under the General Info category level Disabled by default SMTP Server IP address of your ...

Page 64: ...lows read only access to the system Disabled by default Enable Traps Traps are notifications of certain critical events Disabled by default This feature is applicable when SNMP is enabled Examples of traps that the SLB branch office manager sends include Ethernet Port Link Up Ethernet Port Link Down Authentication Failure SLB Booted SLB Shutdown Device Port Logging Power Supply Status Sysadmin use...

Page 65: ... used for outgoing generic and enterprise traps Traps sent with the Event trigger mechanism still use the trap community specified with the Event action The default is public Read Only A string that acts like a password for an SNMP manager to access the read only data the SLB SNMP agent provides The default is public Read Write A string that acts like a password for an SNMP manager to access the r...

Page 66: ...type Password Password for the user with read write authority to use to access SNMP v3 The default is SNMPRWPASS Up to 20 characters Passphrase Retype Passphrase Passphrase associated with the password for a user with read write authority Up to 20 characters 3 To save click the Apply button SNMP SSH Telnet and Logging Commands The following CLI commands correspond to the web page entries described...

Page 67: ... enable disable syslogserver1 IP Address or Name syslogserver2 IP Address or Name telnet enable disable timeoutssh disable or 1 30 timeouttelnet disable or 1 30 traps enable disable trapcommunity Trap Community v1ssh enable disable v3user V3 RO User v3password V3 RO User Password v3phrase V3 RO User Passphrase v3rwuser V3 RW User v3rwpassword V3 RW User Password v3rwphrase V3 RW User Passphrase v3...

Page 68: ...7 Services SLB Branch Office Manager User Guide 68 To view current services show services ...

Page 69: ...ver Similarly use SMB CIFS Server Message Block Common Internet File System Microsoft s file sharing protocol to export a directory on the SLB branch office manager as an SMB CIFS share The SLB device exports a single read write CIFS share called public with two subdirectories The logs directory which contains the system logs and the device port local buffers see System Logs on page 190 and is rea...

Page 70: ...ce creates the local directory automatically Read Write If enabled indicates that the SLB branch office manager can write files to the remote directory If you plan to log port data or save configurations to this directory you must enable this option Mount Select the checkbox to enable the SLB device to mount the file to the NFS server Disabled by default 3 Enter the following SMB CIFS Share Share ...

Page 71: ...ws workgroup to which the SLB branch office manager belongs Every PC exporting a CIFS share must belong to a workgroup Can have up to 15 characters 4 To save click the Apply button NFS and SMB CIFS Commands The following CLI commands correspond to the web page entries described above To mount a remote NFS share set nfs mount one or more parameters Parameters locdir Directory mount enable disable r...

Page 72: ...rd for the SMB CIFS share login default is cifsuser set cifs password To view SMB CIFS settings show cifs Secure Lantronix Network Use the Secure Lantronix Network option to view and manage SLC console manager and Spiders on the local subnet Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data reload the web page To view and manage SLB bran...

Page 73: ... the user to the web interface for the selected Secure IT management device login required 3 For SLM management appliances if SSH or Telnet is enabled for the device to the CLI or for a device port and you want to access the device or device port a Click the View link in the Telnet SSH to Device Ports or CLI column The following page displays ...

Page 74: ...H access to the CLI The table page lists all of the unit s device ports if applicable indicates whether they are Telnet enabled or SSH enabled and lists their Telnet and SSH port numbers Note For the links to work you must enable Web Telnet or Web SSH for the secure IT management unit b To open a Telnet session to the CLI click Yes in the Telnet to the CLI Enabled field above the table ...

Page 75: ...secure IT management devices on the local subnet Manually Entered IP Address List provides a list of IP addresses that may not respond to a broadcast because of how the network is configured The default is Both IP Address If you selected Manually Entered IP Address List or Both enter the IP address of the secure IT management device you want to find and manage 3 If you entered an IP address click ...

Page 76: ...ow slcnetwork ipaddrlist all Address Mask Note Without the ipaddrlist parameter the command searches the network according to the search setting With the ipaddrlist parameter the command displays a sorted list of all IP addresses or displays the IP addresses that match the mask for example 172 19 255 255 would display all IP addresses that start with 172 19 Date and Time You can specify the curren...

Page 77: ...rop down lists select the current month day and year Time From the drop down lists select the current hour and minute Time Zone From the drop down list select the appropriate time zone 3 To save click the Apply button To synchronize the SLB branch office manager with a remote timeserver using NTP 1 Enter the following Enable NTP Select the checkbox to enable NTP synchronization NTP is disabled by ...

Page 78: ...f the NTP server from the drop down list This is not recommended because of the high load on many public NTP servers All servers in the drop down list are stratum 2 servers See www ntp org for more information Each public NTP server has its own usage rules please refer to the appropriate web site before using one Our listing them here is to provide easy configuration but does not indicate any perm...

Page 79: ...emote time server using NTP set ntp one or more ntp parameters Parameters localserver1 IP Address or Hostname localserver2 IP Address or Hostname localserver3 IP Address or Hostname poll local public publicserver IP Address or Hostname state enable disable sync broadcast poll To view NTP settings show ntp ...

Page 80: ...SH to Eth1 IP address ssh port number or Eth2 IP address ssh port number where ssh port number is uniquely assigned for each device port 4 If TCP is enabled for a device port establish a raw TCP connection to Eth1 IP address tcp port number or Eth2 IP address tcp port number where tcp port number is uniquely assigned for each device port 5 If a device port has an IP address assigned to it you can ...

Page 81: ...administrator and users with remote authentication rights assign port access to users authenticated by NIS RADIUS LDAP Kerberos and TACACS Device Status The Device Status page displays the status of the SLB branch office manager s ports PC card slots and power outlets 1 Click the Devices tab and select the Device Status option The following page displays Global Port Settings On the Device Ports pa...

Page 82: ...g the IP Settings on the Device Ports Settings page An external modem is connected to the port The user may dial into or out of the port Telnet in or SSH in is enabled for the device port The device port is either waiting for a Telnet or SSH login or has received a Telnet or SSH login a user has logged in To set up Telnet SSH and TCP port numbering 1 Enter the following Telnet SSH TCP in Port Numb...

Page 83: ...raw TCP connection to spool print jobs to the printer over the network Note When using raw TCP connections to transmit binary data or where the break command escape sequence is not required set the Break Sequence of the respective device port to null clear it Caution Ports 1 1024 are RFC assigned and may conflict with services running on the SLB branch office manager Avoid this range 2 Click the A...

Page 84: ...re settings for all or a group of device ports set deviceport global one or more parameters Parameters maxdirect 1 10 Sets the maximum number of direct connections for each device port sshport TCP Port tcpport TCP Port telnetport TCP Port Port is a port number between 1025 and 65535 To view global settings for device ports show deviceport global Device Ports Settings On the Device Ports Settings p...

Page 85: ...8 Device Ports SLB Branch Office Manager User Guide 85 Click the desired port number in the green bar shown below at the top of any page The following page displays ...

Page 86: ... in the Port Counters table at the bottom of the page to zero 0 Connected to The type of device connected to the device port Presently the SLB branch office manager supports SLP power manager SLP8 and SLP16 and Sensorsoft devices If the type of device is not listed select undefined If you select anything other than undefined click Device Commands The appropriate web page displays IP Settings Enabl...

Page 87: ...om the drop down list select the baud rate Most devices use 9600 for the administration port so the device port defaults to this value Check the equipment settings and documentation for the proper baud rate Data Bits Number of data bits used to transmit a character From the drop down list select the number of data bits The default is 8 data bits Stop Bits The number of stop bit s used to indicate ...

Page 88: ...al in dial out or dial back is enabled for the device port Disconnect on DSR If a connection to a device port is currently in session and the DSR signal transitions to a de asserted state the connection disconnects immediately Disabled is the default unless dial in dial out or dial back is enabled for the device port Modem Settings Note Depending on the State and Mode you select different fields a...

Page 89: ...te caller ID logging by the modem Note For the AT command refer to the modem user guide Modem Settings Text Mode Timeout Logins If you selected Text mode you can enable logins to time out after the connection is inactive for a specified number of minutes The default is No This setting is only applicable for text mode connections PPP mode connections stay connected until either side drops the conne...

Page 90: ...ions take their authentication settings from the DOD parameter settings If DOD Authentication is PAP then the DOD CHAP Handshake field is not used DOD Authentication Enables PAP or CHAP authentication for dial in dial on demand PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the DOD CHAP Handsha...

Page 91: ...B branch office manager updates and increments the port counters as signals change and data flows in and out of the system These counters help troubleshoot connections or diagnose problems because they give the user an overview of the state of various parameters By setting them to zero and then re checking them later the user can view changes in status The chart in the middle of the page displays ...

Page 92: ...SLP power manager SLP Status Info Outlet Status Note If there is an SLP power manager and an SLP Expansion chassis the SLP power manager is Tower A and the Expansion chassis is Tower B For Tower A or Tower B select All Outlets or Single Outlet to view the status of all outlets or a single outlet of the SLP power manager If you select Single Outlet enter a value of 1 8 for the SLP8 power manager or...

Page 93: ... default 2 Click the Apply button Device Port Sensorsoft Device Devices made by Sensorsoft are used to monitor environmental conditions 1 In the Connected to field above the IP Settings section of the Device Ports Settings page select Sensorsoft 2 Click the Device Commands link The following page displays 3 Select a port and enter or view the following information Device Port view only Number of t...

Page 94: ...y button 5 To view the status detected by the Sensorsoft click the Sensorsoft Status link to the right of the table Device Port Commands The following CLI commands correspond to the web page entries described above To configure a single port or a group of ports Example set deviceport port 2 5 6 12 15 16 baud 2400 set deviceport port Device Port List or Name one or more device port parameters Param...

Page 95: ...s enable disable modemmode text ppp modemstate disable dialout dialin dialback dialondemand dialin dialondemand dialinhostlist modemtimeout disable 1 9999 seconds name Device Port Name nat enable disable parity none odd even remoteipaddr negotiate IP Address restartdelay PPP Restart Delay showlines enable disable sshauth enable disable sshin enable disable sshport TCP Port stopbits 1 2 tcpauth ena...

Page 96: ...ort List or Name Device Commands The following CLI commands correspond to the web page entries described above To send commands to or control a device connected to an SLB device port over the serial port Note Currently the only devices supported for this type of interaction are the SLP and Sensorsoft devices set command Device Port or Name or List one or more parameters Parameters slp auth login U...

Page 97: ...y pemitted for the port sensorsoft highhumidity High Humidity Sets the lowest humidity permitted for the port sensorsoft traps enable disable Enables or disables traps when specified conditions are met sensorsoft status Displays the status of the port Interacting with a Device Port Once a device port has been configured and connected to an external device such as the console port of an external se...

Page 98: ...ny key Setting up a user with an escape sequence is optional For any NIS LDAP RADIUS Kerberos or TACACS user or any local user who does not have an escape sequence defined the default escape sequence is Esc A Device Ports Logging The SLB products support port buffering of the data on the system s device ports as well as notification of receiving data on a device port Port logging is disabled by de...

Page 99: ...ed into one of the PC Card slots on the front of the SLB branch office manager and properly mounted see PC Card Logging on page 99 Data logged locally to the SLB device is limited to 256 Kbytes and may be lost in the event of a power loss Data logged to a PC Card Compact Flash does not have these limitations The system administrator can define the file size and number of files per port For each lo...

Page 100: ...tem log See 7 Services To set logging parameters 1 In the top section of the Device Ports Settings page click the Settings link in the Logging field The following page displays 2 Enter the following Local Logging Local Logging If you enable local logging each device port stores 256 Kbytes approximately 400 screens of I O data in a true FIFO buffer Disabled by default Clear Local Log Select the che...

Page 101: ...tification regarding this port The default is 100 bytes In most cases the console port of your device does not send any data unless there is an alarm condition After the SLB device receives a small number of bytes it perceives that your device needs some attention The SLB branch office manager notifies your technician when that point has been passed and the notification includes the logged data Fo...

Page 102: ...sired recipients of the problem on a certain server or location e g server location or other classification of your equipment This is helpful if the email message goes to the system administrator s or service technician s mobile or wireless device e g text messaging by means of email Note The character sequence d anywhere in the email subject is replaced with the device port number automatically N...

Page 103: ...ing level for the device ports log must be set to Info to view Syslog entries for Device Port logging on the Services page Note To apply the settings to additional device ports in the Apply settings to Device Ports field enter the additional ports e g 1 3 5 6 3 To apply settings to other device ports in addition to the currently selected port select the Apply settings to Device Ports and enter por...

Page 104: ...pccardslot upper lower sysloglogging enable disable To view a specific number of bytes of data for a device port show locallog Device Port or Name bytes Bytes To Display 1 Kbyte is the default To clear the local log for a device port set locallog clear Device Port or Name Note The locallog commands can only be executed for a device port if local logging is enabled for the port The set locallog cle...

Page 105: ...rity Parity checking is a rudimentary method of detecting simple single bit errors From the drop down list select the parity The default is none Flow Control A method of preventing buffer overflow and loss of data The available methods include none xon xoff software and RTS CTS hardware The default is none Timeout The number of minutes 1 30 after which an idle session on the console is automatical...

Page 106: ...w consoleport Power Outlets The SLB branch office manager has four outlets that can provide power to other units in an IT environment Each outlet can be configured and controlled through the SLB device The SLB can issue an SNMP trap if the total current for all four outlets exceeds a specified threshold To configure a power outlet 1 Click the Devices tab and select the Power Outlets option The fol...

Page 107: ... above which the SLB device sends a trap The maximum is 180 Note If the alarm goes off a warning message displays on the CLI Current Level for all Outlets Displays the total load carried by the outlets 3 View or enter the following information for each outlet Outlet Displays the number of the outlet being configured Status Displays the current state of the outlet Name User configurable name identi...

Page 108: ...utlet or List or Name one or more parameters Parameters name Outlet Name description Outlet Description state on off wakeup on off laststate reboot Example set power outlet 1 2 4 state on To view power outlet settings show power outlet Outlet or Name Note The screen displays PND when the outlet is powering up and is waiting for the delay period to expire It displays RBT when an outlet has been tol...

Page 109: ... number of times the SLB branch office manager should attempt to retry connecting to the host list Authentication Select to require authentication when the SLB device connects to a host 3 You have the following options To save the host list without adding hosts at this time click the Add Host List button To add hosts enter the following Host Parameters Host Name or IP address of the host Protocol ...

Page 110: ...he escape character For SSH the escape character is a single character 4 Click the right arrow The host displays in the Hosts box 5 Repeat steps 2 4 to add more hosts to the host list Note To clear fields before adding the next host click the Clear Host Parameters button 6 You have the following options To remove a host from the host list select the host in the Hosts box and click the left arrow T...

Page 111: ...ly Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the SLB branch office manager should attempt to retry connecting to the host list Authentication Select to require authentication when the SLB device connects to a host Host Parameters Host Name or IP address of the host Protocol Protocol for connecting to the host TCP SSH or ...

Page 112: ...move a host from the host list select the host in the Hosts box and click the left arrow To give the host a higher precedence select the host in the Hosts box and click the up arrow To give the host a lower precedence select the host in the Hosts box and click the down arrow 4 Click the Edit Host List button After the process completes a link back to the Device Ports Settings page displays To dele...

Page 113: ...ost IP Address or Name protocol ssh telnet tcp port TCP Port escapeseq 1 10 Chars To move a host entry to a new position in the host list set hostlist edit Host List Name move Host Number position Host Number To delete a host list or a single host entry from a host list set hostlist delete Host List entry Host Number To display the members of a host list show hostlist all names Host List Name ...

Page 114: ...SLB device 1 Insert any of the supported PC Cards into either of the PC Card bays on the front of the SLB branch office manager You can do this before or after powering up the SLB device If the card is a compact Flash to PC Card adapter and the first partition on the Compact Flash is formatted with a file system supported by the SLB branch office manager ext2 and FAT the card mounts automatically ...

Page 115: ...t the Compact Flash from the SLB branch office manager first unmount the Compact Flash Select the checkbox to unmount it Warning If you eject a Compact Flash from the SLB device without unmounting it subsequent mounts of a PC Card Compact Flash in either slot may fail and you will need to reboot the SLB branch office manager to restore PC Card functionality Format Select to unmount the Compact Fla...

Page 116: ...pported modem or ISDN cards see www lantronix com slb into either of the PC Card bays on the front of the SLB branch office manager You can do this before or after powering up the SLB device 2 Click the Devices tab and select the PC Card option The PC Card page displays 3 Select the PC Card you want to configure from the PC Card Slots table and click the Configure button The PC Card Modem ISDN pag...

Page 117: ...ch Office Manager User Guide 117 4 Enter or view the following State Select to indicate whether to disable the PC Card or set it for dial in dial out dial back dial on demand or dial in dial on demand Disabled by default ...

Page 118: ...E1 Q0 Note We recommend that the modem initialization script always be preceded with AT and include E1 V1 x4 Q0 so that the SLB branch office manager may properly control the modem Modem Timeout Timeout for modem connections Select Yes for the SLB branch office manager to terminate the connection if no traffic is received during the configured idle time Enter a value of from 1 to 9999 seconds Call...

Page 119: ...tings These settings are only active when a GSM GPRS PC card modem is in the appropriate slot Notes Please consult your wireless carrier s configuration requirements for more detailed information Dial out GPRS connections may replace the default route and DNS entries Static routes may be required to maintain access to subnets that are not directly attached to the SLB branch office manager Click th...

Page 120: ...essfully connects to one To establish and configure host lists click the Host Lists link See Host Lists on page 108 PPP Mode Negotiate IP Address If the SLB branch office manager and or the serial device have dynamic IP addresses e g IP addresses assigned by a DHCP server select Yes This is the default If the SLB device or the modem have fixed IP addresses select No and enter the Local IP IP addre...

Page 121: ...work Settings page for NAT to work To enable click the IP Forwarding link to display the Network Settings page See Dial out Number Phone number for dialing out to a remote system or serial device May have up to 20 characters Any format is acceptable Dial out Login User ID for dialing out to a remote system May have up to 32 characters Dial out Password and Retype Password for dialing out to a remo...

Page 122: ...Card Storage Commands To mount a Compact Flash card in the SLB branch office manager for use as a storage device Note The Compact Flash card must be formatted with an ext2 or FAT file system before you mount it pccard storage mount upper lower To view a directory listing of a Compact Flash card pccard storage dir upper lower To unmount a Compact Flash card Note Enter this command before ejecting t...

Page 123: ...AP Secret or User Password databits 7 8 dialbacknumber usernumber Phone Number dialinlist Host List for Dial in dodauth pap chap dodchaphost CHAP Host or User Name dodchapsecret CHAP Secret or User Password dialoutlogin User Login dialoutnumber Phone Number dialoutpassword Password flowcontrol none xon xoff rts cts gsmautodns enable disable gsmbearerservice GSM Bearer Service gsmcompression enable...

Page 124: ...d dialinhostlist modemtimeout disable 1 9999 sec nat enable disable parity none odd even remoteipaddr negotiate IP Address restartdelay PPP Restart Delay service none telnet ssh tcp sshauth enable disable sshport TCP Port stopbits 1 2 tcpauth enable disable tcpport TCP Port telnetauth enable disable telnetport TCP Port timeoutlogins disable 1 30 ...

Page 125: ...other device port attached to an external device Another device port with a modem attached An outgoing Telnet or SSH session An outgoing TCP or UDP network connection This enables the user to set up connections such as those described in the next section You can establish a connection at various times Immediately These connections are always re established after reboot At a specified date and time...

Page 126: ... the server as if they were connected directly to it by local serial ports or a console Remote Access Server In this setup the SLB branch office manager is connected to one or more modems by its device ports Configure the device ports on the Device Ports Settings web page by selecting the Dial in option in the Modem Settings section Most customers use the modems in PPP mode to establish an IP conn...

Page 127: ... com or similar software Console Server For this situation the SLB branch office manager is configured so that the user can manage a number of servers or pieces of network equipment using their console ports The device ports on the SLB are connected to the console ports of the equipment that the user would like to manage To manage a specific piece of equipment the user can Telnet or SSH to a speci...

Page 128: ... of the Device Ports Settings web page A user could then dial into the SLB branch office manager using another modem and terminal emulation program at a remote location Modem PC PC PC SLB Branch Office Manager Telnet SSH Sessions Router Switch Web Server Serial Terminal Sessions ...

Page 129: ...r of the device port you are connecting This device port must be connected to an external serial device and must not have command line interface logins enabled be connected to a modem or be running a loopback test Note To see the current settings for this device port click the Settings link Data Flow Select the arrow showing the direction bidirectional or unidirectional the data will flow in relat...

Page 130: ...t number SSH Out Options Select one of the following optional flags to use for the SSH connection User Login ID to use for authenticating on the remote host Version Version of SSH Select 1 or 2 Command Enter a specific command on the remote host for example reboot Trigger Select the condition that will trigger a connection Options include Connect now Connects immediately or if you reboot the SLB b...

Page 131: ... table The Firmware Configurations Web Sessions page displays Connection Commands These commands for configuring connections correspond to the web page entries described above To connect to a device port to monitor and or interact with it or to establish an outbound network connection connect direct endpoint Endpoint is one of deviceport Port or Name ssh IP Address or Name port TCP Port SSH flags ...

Page 132: ... Command to Execute tcp IP Address port TCP Port telnet IP Address or Name port TCP Port trigger now datetime chars udp IP Address port UDP Port Note If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or characters or a character sequence enter the charxfer parameter and eit...

Page 133: ...umber or characters or a character sequence enter either the charcount or the charseq parameter To terminate a bidirectional or unidirectional connection connect terminate Connection ID To view connections and their IDs Note The connection IDs are in the left column of the resulting table The connection ID associated with a particular connection may change if the connection times out and is restar...

Page 134: ... user authentication is enabled the local user sysadmin account is always available for login Authentication can occur using all methods in the order of precedence until a successful authentication is obtained or using only the first authentication method that responds in the event that a server is down If you have the same user name defined in multiple authentication methods the result is unknown...

Page 135: ...irectory Access Protocol A set of protocols for accessing information directories specifically X 500 based directory services LDAP runs over TCP IP or other connection oriented transfer services RADIUS Remote Authentication Dial In User Service An authentication and accounting system used by many Internet Service Providers ISPs A client server protocol it enables remote access servers to authentic...

Page 136: ...t next method on authentication rejection you have the following options To enable the SLB device to use all methods in order of precedence until it obtains a successful authentication select the check box This is the default To enable the SLB branch office manager to use only the first authentication method that responds in case a server is down or unavailable clear the check box 6 Click Apply No...

Page 137: ...r setting password requirements The bottom of the page displays a table listing and describing all local and remote users To enable local and or remote users 1 Enter the following Enable Local Users Select to enable all local users except sysadmin The sysadmin is always available regardless of how you set the check box Enabled by default Authenticate only users who are in the remote users list Sel...

Page 138: ...ays ahead that the system warns that the user s password will expire The default setting is 7 Max Login Attempts The number of times up to 8 the user can attempt to log in unsuccessfully before the system locks the user out The default setting is 0 disabled Lockout Period minutes The number of minutes up to 90 the locked out user must wait before trying to log in to the web interface again The def...

Page 139: ...SLB branch office manager automatically increments it Starting at 101 the SLB finds the next unused UID Listen Ports The device ports that the user may access to view data using the connect listen command Enter the port numbers or the range of port numbers for example 1 5 8 10 15 U and L denote the PC Card upper and lower slots Data Ports The device ports with which the user may interact using the...

Page 140: ...is deviceport tcp or udp Break Sequence A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Custom Menu If custom menus have been created you ca...

Page 141: ...k Right to view and manage secure IT management units e g SLP power managers Spiders SLB branch office managers on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user Includes configuring remote authentication methods and orde...

Page 142: ...st to change the Password too 3 Click the Apply button To edit a local user 1 On the Local Remote Users page select the user and click the Add Edit User button The Local Remote User Settings page displays 2 Update values as desired 3 Click the Apply button To delete a local user 1 On the Local Remote Users page select the user and click the Add Edit User button The Local Remote User Settings page ...

Page 143: ...ngenextlogin enable disable changepassword enable disable clearports Port List custommenu Menu Name dataports Port List dialbacknumber Phone Number displaymenu enable disable escapeseq 1 10 Chars group default power admin listenports Port List passwordexpires enable disable permissions Permission List uid User Identifier To set whether a complex login password is required set localusers complexpas...

Page 144: ...al user to a user group or to change the group the user belongs to set localusers add edit user group default power admin To set a local user s permissions not defined by the user group set localusers add edit user permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp pc rs rc dr wb sn ad To remove a permission type a minus sign before the two letter abbreviat...

Page 145: ...te user set remoteusers delete User Login To view settings for all remote users show remoteusers To view the rights of the currently logged in user show user NIS The system administrator can configure the SLB branch office manager to use NIS to authenticate users attempting to log in to the SLB device through the Web SSH Telnet or the Console port If NIS does not provide port permissions you can u...

Page 146: ...thentication page If you enable NIS here it automatically displays at the end of the order of precedence on the User Authentication page NIS Domain The NIS domain of the SLB branch office manager must be the same as the NIS domain of the NIS server Broadcast for NIS Server If selected the SLB device sends a broadcast datagram to find the NIS Server on the local network NIS Master Server required T...

Page 147: ...ecimal x character 27 1B followed by a B Data Ports The ports users are able to monitor and interact with using the connect direct command U and L denote the PC Card upper and lower slots Listen Ports The ports users are able to monitor using the connect listen command Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Access Outlets The outlets the...

Page 148: ...ot Shutdown Right to use the CLI or shut down the SLB branch office manager and then reboot it Firmware Configuration Right to upgrade the firmware on the unit and save or restore a configuration all settings Selecting this option automatically selects Reboot Shutdown Diagnostics Reports Right to obtain diagnostic information and reports about the unit Web Access Right to access Web Manager Device...

Page 149: ...name slave4 IP Address or Hostname slave5 IP Address or Hostname state enable disable To set group and permissions for NIS users set nis group default power admin To set permissions for NIS users not already defined by the user rights group set nis permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp pc rs rc dr wb sn ad To remove a permission type a minus si...

Page 150: ...ed user rights associated with it You can add additional user rights that are not defined by the group To configure the SLB branch office manager to use LDAP to authenticate users 1 Click the User Authentication tab and select LDAP The following page displays 2 Enter the following Enable LDAP Displays selected if you enabled this method on the first User Authentication page If you want to set up t...

Page 151: ...B branch office manager to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of...

Page 152: ...anagers on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for LDAP users Reboot Shutdown Right to use the C...

Page 153: ...1 10 Chars dataports Ports List listenports Port List clearports Port List escapeseq 1 10 Chars bindpassword Bind Password encrypt enable disable port TCP Port Default is 389 server IP Address or Hostname state enable disable To set user group and permissions for LDAP users group default power admin To set permissions for LDAP users not already defined by the user rights group permissions Permissi...

Page 154: ...ho are authenticated through RADIUS are granted device port access through the port permissions on this page All RADIUS users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLB branch office manager to use RADIUS to authenticate users 1 Click the User Authentication tab and select RADIU...

Page 155: ...ypt a password sent between the client and the server May have up to 128 characters RADIUS Server 2 IP address or host name of the secondary RADIUS server This server can be used as a SecurID proxy Server 2 Port Number of the TCP port on the RADIUS server used for the RADIUS service If you do not specify an optional port the SLB branch office manager uses the default RADIUS port 1812 Server 2 Secr...

Page 156: ...which RADIUS users will belong Group Select the group to which the RADIUS users will belong Default Users This group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Networking Date Time Reboot Shutdown and Diagnostics Reports Administrators This group has all possible rights 4 Select or clear ...

Page 157: ...ote You must reboot the unit before your changes will take effect RADIUS Commands These commands for the command line interface correspond to the web page entries described above To configure the SLB branch office manager to use RADIUS to authenticate users who log in via the Web SSH Telnet or the console port set radius one or more parameters Parameters accessoutlets Outlet List breakseq 1 10 Cha...

Page 158: ...Kerberos is a network authentication protocol that provides strong authentication for client server applications by using secret key cryptography The system administrator can configure the SLB branch office manager to use Kerberos to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access throu...

Page 159: ...ys at the end of the order of precedence on the User Authentication page Realm Enter the name of the logical network served by a single Kerberos database and a set of Key Distribution Centers Usually realm names are all uppercase letters to differentiate the realm from the Internet domain Realm is similar in concept to an NT domain KDC A key distribution center KDC is a server that issues Kerberos...

Page 160: ...ape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Use LDAP Indicate whether Kerberos should rely on LDAP to look up user IDs and Group IDs This setting is disabled by default Note Make sure to configure LDAP if you select this option Data Ports The ports users are able to monitor and interac...

Page 161: ...sers on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for Kerberos users Reboot Shutdown Right to use the CLI or shut down the SLB branch office manager and then reboot it Firmware Configuration Right to upgrade th...

Page 162: ...let List breakseq 1 10 Chars clearports Port List dataports Port List escapeseq 1 10 Chars ipaddr Key Distribution Center IP Address kdc Key Distribution Center listenports Port List port Key Distribution Center TCP Port realm Kerberos Realm state enable disable useldapforlookup enable disable To set user group and permissions for Kerberos users set kerberos group default power admin To set permis...

Page 163: ... the SLB device to use TACACS to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions on this page All Kerberos users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To...

Page 164: ...e manager to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command i...

Page 165: ...ffice managers on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for TACACS users Reboot Shutdown Right to ...

Page 166: ...s or Name state enable disable To set user group and permissions for TACACS users set tacacs group default power admin To set permissions for TACACS users not already defined by the user rights group set tacacs permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp pc rs rc dr wb sn ad To remove a permission type a minus sign before the two letter abbreviation ...

Page 167: ... must be associated with either MyUser if MyUser is an existing SLB local user or an alternate SLB local user The public key file can be imported via SCP or FTP once imported you can view or delete the public key Any SSH connection into the SLB branch office manager from the designated host user combination uses the SSH key for authentication Exported Keys The SLB device can generate SSH keys for ...

Page 168: ...not contain the host that the user will be making an SSH connection from or The SLB local user login for the connection is different from the user name the key was generated from or is not included in the imported key file If either of these conditions is true or the imported file is in SECSH format you must specify the user and host The following is an example of a public key file that includes t...

Page 169: ...eys SSH Out Export Enables you to export created public keys Select one of the following New Key for User Enables you to create a new key for a user and export the public key in a file All Previously Created Keys Does not create any keys but exports all previously created public keys in one file User User ID of the person given secure access to the remote server Key Name Name of the key This will ...

Page 170: ... public key too Login User ID to use to SCP or FTP the public key file Password Retype Password Password to use to SCP or FTP the public key file To view or delete a key 1 Select the key from the appropriate table The View and Delete buttons become active 2 To view the key click the View button A pop up page displays the key 3 To delete the key click the Delete button To view reset or import SSH R...

Page 171: ...elect one or more checkboxes to reset defaults for RSA1 RSA or DSA keys All checkboxes are unselected by default Import Host Key To import a site specific host key select the checkbox Unselected by default Type From the drop down list select the type of host key to import Import via From the drop down list select the method of importing the host key SCP or SFTP The default is SCP ...

Page 172: ...e Password Retype Password Password to use to SCP or SFTP the file 3 Click the Apply button 4 Repeat steps 2 3 for each key you want to import 5 To return to the SSH Keys page click the Back to SSH Keys link SSH Commands These commands for the command line interface correspond to the web page entries described above To import an SSH key set sshkey import ftp scp one or more parameters Parameters k...

Page 173: ...ddress or Name login User Login path Path to Copy Keys To delete a key set sshkey delete one or more parameters Parameters keyhost SSH Key Host keyname SSH Key Name keyuser SSH Key User Note Specify the key user and key host to delete an imported key specify the keyuser and keyname to delete an exported key To import an SLB host key or to reset a SLB host key to the default set sshkey server impor...

Page 174: ...ather than the standard command set Instead of typing each command the user enters the number associated with the command Each command can also have a nickname that can display in the menu instead of the command From the current menu a user can display another menu thus allowing menus to be nested The special command showmenu Menu Name displays a specified menu The special command returnmenu redis...

Page 175: ...tom user menu set menu edit Menu Name command Command Number set menu edit Menu Name nickname Command Number To set the optional title for a menu set menu edit Menu Name title Menu Title To enable or disable the display of command nicknames instead of commands set menu edit Menu Name shownicknames enable disable To enable or disable the redisplay of the menu before each prompt set menu edit Menu N...

Page 176: ...2 Enter optional menu title return for none Menu2 Title Specify nickname for each command no Enter each command up to 50 commands logout is always the last command Press return when the menu command set is complete Command 1 connect direct deviceport 3 Command 2 connect direct deviceport 4 Command 3 show datetime Command 4 returnmenu Command 5 Command 5 logout Custom User Menu settings successfull...

Page 177: ...ers Settings________________________________________________ Login john Password set UID 101 Listen Ports 1 32 Data Ports 1 32 Clear Ports 1 32 Escape Sequence x1bA Break Sequence x1bB Custom Menu menu1 Allow Dialback disabled Dialback Number none User john logs into the command line interface initially sees menu1 executes the command to jump to nested menu menu2 and then returns to menu1 Welcome ...

Page 178: ...11 User Authentication SLB Branch Office Manager User Guide 178 Menu1 Title 1 connect Port 1 3 menu2 2 connect Port 2 4 log off Enter 1 4 4 Executing logout Logging out ...

Page 179: ...ll be used to save or restore configurations default FTP SFTP NFS CIFS or PCCARD Update the version of the firmware running on the SLB branch office manager Save a snapshot of all settings on the SLB device save a configuration Restore the configuration either to a previously saved configuration or to the factory defaults View and terminate current web sessions Import a site specific SSL certifica...

Page 180: ...tely The default is No Note The front panel LCD displays the Rebooting the SLB message and the normal boot sequence occurs Shutdown Select this option to shut down the SLB device The default is No Welcome Banner The text to display on the command line interface before the user logs in Welcome to the SLB is the default Note To create more lines use the n character sequence ...

Page 181: ...click the SSL Certificate link See Firmware Configurations Web Sessions on page 184 Enable iGoogle Gadget Web Content Select the check box to enable an SLB iGoogle gadget The iGoogle gadget allows an iGoogle user to view the port status of many SLB devices on one web page See iGoogle Gadgets on page 186 SLB Firmware Update Firmware To update the SLB firmware select the checkbox If you select this ...

Page 182: ...include hyphens and underscores Path The default path on the server for obtaining firmware update files and getting and putting configuration save files Login The userid for accessing the FTP server May be blank Password Retype Password The FTP user password Configuration Management Configuration Management From the option list select one of the following No Save Restore Does not save or restore a...

Page 183: ...d configuration from the drop down list Manage The Manage option allows you to view and delete all configurations saved to the selected location This feature is available for the default CIFS Share and PC Card locations See page 183 Preserve Configuration after Restore Allows the user to keep a subset of the current configuration after restoring a configuration or resetting to factory defaults Sel...

Page 184: ...e click the Web Sessions link The following page displays Firmware Configurations SSL Certificate The Firmware Configurations SSL Certificate page enables you to view and update SSL certificate information The SSL certificate consisting of a public private key pair used to encrypt HTTP data is associated with the web server You can import a site specific SSL certificate if desired To view reset im...

Page 185: ...of importing the certificate SCP or SFTP The default is SCP Certificate Filename Filename of the certificate Key Filename Filename of the private key for the certificate Host Host name or IPaddress of the host from which to import the file Path Path of the directory where the certificate will be stored Login User ID to use to SCP or SFTP the file Password Retype Password Password to use to SCP or ...

Page 186: ...tle SLC SLB Status description Devport status and counters scrolling true width 400 height 360 UserPref name model display_name Model datatype enum default_value slc EnumValue value SLC display_value SLC EnumValue value SLB display_value SLB UserPref UserPref name ip display_name IP Address required true UserPref name rate display_name Refresh Rate datatype enum default_value 10 EnumValue value 1 ...

Page 187: ...ssage and the normal boot sequence occurs To add welcome login and logout banners admin banner login Banner Text admin banner logout Banner Text admin banner welcome Banner Text Note To go to the next line type n and press Enter To display banners admin banner show To prepare the SLB branch office manager to be powered off admin shutdown Note When you use this command to shut down the SLB device t...

Page 188: ...r automatically reboots after successful update admin firmware update ftp tftp sftp file Firmware File key Checksum Key To set the boot bank to be used at the next SLB reboot admin firmware bootbank 1 2 Applies to dual boot SLB devices only To list the current firmware revision admin firmware show viewlog enable disable Lists the current firmware revision the boot bank status for dual boot SLB bra...

Page 189: ...ion parameters to retain after the config restore or factorydefaults nt Networking lu Local Users sv Services dp Device Ports dt Date Time pc PC Card po Power Outlets To restore a saved configuration to the SLB branch office manager admin config restore Config Name location default ftp sftp nfs cifs pccard nfsdir NFS Mounted Dir pccardslot upper lower keepconfig Config Params to Keep preserveconfi...

Page 190: ...rver certificate to the default admin web certificate import via sftp scp certfile Certificate File privfile Private Key File host IP Address or Name login User Login path Path to Files To reset a web certificate admin web certificate reset To show a web certificate admin web certificate show To restart the program that controls the LCD admin lcd reset System Logs The System Logs page allows you t...

Page 191: ...elect the starting point of the range you want to view Beginning of Log Beginning of the log Date Specific start date and time of the log Ending at Select the endpoint of the range you want to view End of Log The end of the log Date Specific end date and time of the log 3 Click the View Log button The log displays For example if you select the type All and the level Error the SLB device displays a...

Page 192: ...nix Technical Support a In the Comment field enter a comment if desired b Select to Lantronix Tech Support c Call Lantronix Tech Support and obtain a case number Note For contact information click the Lantronix Tech Support link d Enter the number in Case Number e Press the Email Output button 6 A message asks for confirmation Click OK To clear system logs 1 From the main menu select SLB Maintenan...

Page 193: ...login and the action performed by the user The user may clear the log file and sort the log by date time user and command The audit log is saved through SLB reboots 1 Click the Maintenance tab and select the Audit Log option The following page displays To view the system logs containing information and error messages show syslog parameters Parameters email Email Address level error warning info de...

Page 194: ...y User button To sort by command action click the Command button 3 To clear the log click the Clear Log button Diagnostics The Diagnostics web page provides methods for diagnosing problems such as network connectivity and device port input output problems You can use equivalent commands on the command line interface An additional diagnostic loopback is only available as a command 1 Click the Maint...

Page 195: ...to hardware address mapping Netstat Displays network connections If you select the checkbox select a protocol or select All for both protocols to control the output of the Netstat report Host Lookup If you enter a host name in the corresponding Hostname field verifies that the SLB branch office manager can resolve the host name into an IP address if DNS is enabled Ping If you enter a host name in ...

Page 196: ...nd the packet to String Enter a set of up to 64 characters The string is encapsulated in the packet so you could use a network sniffer to track the packet and by looking at its contents verify that it was sent Count The count is the number of times the string is sent For UDP the number of times the string is sent is equal to the number of packets sent For TCP the number of times the string is sent...

Page 197: ...d b Select to and enter the person s email address c Press the Email Output button 6 To email the report s to Lantronix Technical Support a In the Comment field enter a comment if desired b Select to Lantronix Tech Support c Call Lantronix Tech Support and obtain a case number Note For contact information click the Lantronix Tech Support link d Enter the number in Case Number e Press the Email Out...

Page 198: ...pback Device Port Number or Name parameters Parameters test internal external xferdatasize Size In Kbytes to Transfer Default is 1 Kbyte Note A special loopback cable comes with the SLB branch office manager To test a device port plug the cable into the device port and run this command The command sends the specified Kbytes to the device port and reports success or failure The test is performed at...

Page 199: ...dress or Name numpackets Number of Packets protocol tcp udp icmp verbose enable disable To display information on the internal memory storage and processes of the SLB branch office manager diag internals Note This command is available in the CLI but not the web Status Reports On this page you can view the status of the SLB ports and power supplies and generate a selection of reports Note Status an...

Page 200: ...o the flow of data through each device port IP Routes Displays the routing table Connections Displays all active connections for the SLB branch office manager Telnet SSH TCP UDP device port and modem System Configuration Complete Displays a complete snapshot of the SLB settings System Configuration Basic Displays a snapshot of the SLB device s basic settings for example network date time routing s...

Page 201: ...ment if desired b Select to Lantronix Tech Support c Call Lantronix Tech Support and obtain a case number Note For contact information click the Lantronix Tech Support link d Enter the number in Case Number e Press the Email Output button 6 To email the report s to an individual a In the Comment field enter a comment if desired b Select to and enter the person s email address c Press the Email Out...

Page 202: ...ort for one or more ports You can optionally email the displayed information show portcounters deviceport Device Port List or Name email Email Address To display the overall status of all SLB devices You can optionally email the displayed information show sysstatus email Email Address To display a list of all current connections You can optionally email the displayed information show connections e...

Page 203: ...ent or sending the trap s to the Ethernet or modem connection Ethernet For actions that require an Ethernet connection for example Forward All Traps to Ethernet select the Ethernet port to use Modem Connection on For actions that require a modem connection for example Forward All Traps to a Modem Connection select which device port or PC Card slot with a modem connection to use NMS Host to forward...

Page 204: ...e Events page displays the event To delete an event select the event from the Events table and click the Delete Event button A message asks for confirmation Click OK 4 To save click Apply Events Commands To manage the response to events that occur in the SLB branch office manager admin events add trigger response trigger is one of receivetrap templimit humidlimit overcurrent response is one of act...

Page 205: ...pdate event definitions admin events edit Event ID parameters Parameters community SNMP Community deviceport Device Port or Name ethport 1 2 nms SNMP NMS oid SNMP Trap OID pccardslot upper lower To delete an event admin events delete Event ID To view events admin events show ...

Page 206: ...an remotely access any of the connected IT devices using Telnet or SSH Figure 13 1 SLB Branch Office Manager Configuration This chapter includes three typical scenarios for using the SLB branch office manager The scenarios assume that the SLB device is connected to the network and has already been assigned an IP address In the examples we use the command line interface You can do the same things u...

Page 207: ...ate Flow Control xon xoff IP none Authentication PAP Logins disabled CHAP Host none Break Sequence x1bB CHAP Secret none Check DSR disabled NAT disabled Close DSR disabled Dial out Login none Dial out Password none Dial out Number none Dial back Number usernumber Initialization Script none Logging Settings Local Logging disabled PC Card Logging disabled Email Logging disabled Log to upper slot Byt...

Page 208: ...to an SLB device port and a Sun server connected to another SLB device port You can configure the modem for text mode dial in so a remote user can dial into the modem using a terminal emulation program and access the Sun server HyperTerminal which comes with the Microsoft Windows operating system is an example of a terminal emulation program In this example the sysadmin would 1 Configure the devic...

Page 209: ...ne prompt displays 4 Log into the SLB device CONNECT 57600 Welcome to the SLB login sysadmin Password Welcome to the SLB Branch Office Manager Model Number SLB48 For a list of commands type help SLB 5 Connect to the SUN Unix server using the direct command SLB connect direct deviceport 2 SunOS 5 7 login frank Password Last login Wed Jul 14 16 07 49 from computer Sun Microsystems Inc SunOS 5 7 Gene...

Page 210: ...t Device Port Settings________________________________________________ Number 2 Name Port 2 Modem Settings Data Settings IP Settings Modem State disabled Baud Rate 9600 Telnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff IP none Authentication PAP Logins ...

Page 211: ... control SLB set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated 3 Create a connection between the vt100 terminal connected to device port 2 and an outbound telnet session to the server The IP address of the server is 192 168 1 1 SLB connect bidirection 2 telnet 192 168 1 1 Connection settings successfully updated 4 At the VT100 terminal hit return a couple ...

Page 212: ...g format action category parameter s where action is set show connect admin diag pccard or logout category is a group of related parameters whose settings you want to configure or view Examples are ntp deviceport and network parameter s is one or more name value pairs in one of the following formats parameter name aa bb User must specify one of the values aa or bb separated by a vertical line The ...

Page 213: ...and to display the commands to which you have rights type help For general command line Help type help command line For more information about a specific command type help followed by the command for example help set network or help admin firmware Tips Type enough characters to identify the action category or parameter name uniquely For parameter values type the entire value For example you can sh...

Page 214: ...ace bar You can override the number of lines or disable the feature altogether with the set cli command Administrative Commands admin banner login Syntax admin banner login Banner Text Description Configures the banner displayed after the user logs in Note To go to the next line type n and press Enter admin banner logout Syntax admin banner logout Banner Text Description Configures the banner disp...

Page 215: ...e Ports dt Date Time pc PC Card po Power Outlets Description Restores the SLB branch office manager to factory default settings admin config restore Syntax admin config restore Config Name location default ftp sftp nfs cifs pccard nfsdir NFS Mounted Dir pccardslot upper lower preserveconfig Config Params to Preserve Config Params to Preserve is a comma separated list of current configuration param...

Page 216: ...Syntax admin firmware copybank Description Copies the boot bank from the currently booted bank to the alternate bank for dual boot SLB devices admin firmware show Syntax admin firmware show viewlog enable disable Description Lists the current firmware revision the boot bank status for dual boot SLB branch office managers and optionally displays the log containing details about firmware updates adm...

Page 217: ...r firmware updates and configuration save restore admin ftp show Syntax admin ftp show Description Displays FTP settings admin keypad Syntax admin keypad lock unlock Description Locks or unlocks the LCD keypad If the keypad is locked you can scroll through settings but not change them admin keypad password Syntax admin keypad password Password Must be 6 digits Description Changes the Restore Facto...

Page 218: ...D displays the Rebooting the SLB message and the normal boot sequence occurs admin shutdown Syntax admin shutdown Description Prepares the SLB branch office manager to be powered off When you use this command to shut down the SLB device the LCD front panel displays the Shutting down the SLB message followed by a pause and then Shutdown complete When Shutdown complete displays it is safe to power o...

Page 219: ...ion Imports an SSL certificate admin web certificate reset Syntax admin web certificate reset Description Resets a web certificate admin web certificate show Syntax admin web certificate show Description Displays a web certificate admin web gadget Syntax admin web gadget enable disable Description Enables or disables iGoogle Gadget web content admin web timeout Syntax admin web timeout disable 5 1...

Page 220: ...rtificate commands Audit Log Commands show auditlog Syntax show auditlog command user clear Description Displays audit log By default shows the audit log sorted by date time You can sort it by user or command or clear the audit log Authentication Commands set auth Syntax set auth one or more parameters Parameters authusenextmethod enable disable kerberos 1 6 ldap 1 6 localusers 1 6 nis 1 6 radius ...

Page 221: ...r Kerberos Commands set kerberos Syntax set kerberos one or more parameters Parameters accessoutlets Outlet List clearports Port List custommenu Menu Name dataports Port List breakseq 1 10 Chars escapeseq 1 10 Chars group default power admin ipaddr Key Distribution Center IP Address kdc Key Distribution Center listenports Port List permissions Permission List Note See User Permissions Commands on ...

Page 222: ...adsupport enable disable base LDAP Base bindname Bind Name bindpassword Bind Password clearports Port List custommenu Menu Name dataports Port List breakseq 1 10 Chars escapeseq 1 10 Chars encrypt enable disable group default power admin listenports Port List permissions Permission List port TCP Port server IP Address or Hostname state enable disable Default is 389 Note See User Permissions Comman...

Page 223: ... disable changepassword enable disable clearports Port List dataports Port List dialbacknumber Phone Number displaymenu enable disable escapeseq 1 10 Chars listenports Port List custommenu Menu Name uid User Identifier group default power admin passwordexpires enable disable permissions Permission List Note See User Permissions Commands on page 228 for information on groups and user rights Descrip...

Page 224: ... state Syntax set localusers state enable disable Description Enables or disables authentication of local users set localusers delete Syntax set localusers delete User Login Description Deletes a local user set localusers lifetime Syntax set localusers lifetime Number of Days Description Sets the number of days the login password may be used The default is 90 days set localusers maxloginattempts S...

Page 225: ...ers periodwarning Syntax set localusers periodwarning Number of Days Description Sets the number of days the system warns the user that the password will be expiring The default is 7 days set localusers reusehistory Syntax set localusers reusehistory Number of Passwords Description Sets the number of passwords the user must use before reusing an old password The default is 4 set localusers state S...

Page 226: ... admin listenports Port List master IP Address or Hostname permissions Permission List Note See User Permissions Commands on page 228 for information on groups and user rights slave1 IP Address or Hostname slave2 IP Address or Hostname slave3 IP Address or Hostname slave4 IP Address or Hostname slave5 IP Address or Hostname state enable disable Description Configures the SLB device to use NIS to a...

Page 227: ...8 for information on groups and user rights timeout enable 1 30 Sets the number of seconds after which the connection attempt times out It may be 1 30 seconds Description Configures the SLB branch office manager to use RADIUS to authenticate users who log in via the Web SSH Telnet or the console port set radius server Syntax set radius server 1 2 host IP Address or Hostname secret Secret port TCP ...

Page 228: ...ons Permission List Note See User Permissions Commands on page 228 for information on groups and user rights secret TACACS Secret server1 IP Address or Name server2 IP Address or Name server3 IP Address or Name state enable disable Description Configures the SLB branch office manager to use TACACS to authenticate users who log in via the Web SSH Telnet or the console port show tacacs Syntax show t...

Page 229: ...ons Syntax set localusers add edit user permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp pc rs rc dr wb sn ad po To remove a permission type a minus sign before the two letter abbreviation for a user permission Description Sets a local user s permissions not defined by the user group set remoteusers add edit Syntax set remoteusers add edit User Login para...

Page 230: ...sers who are not part of the remote user list will be authenticated set remoteusers delete Syntax set remoteusers delete User Login Description Removes a remote user show remoteusers Syntax show remoteusers Description Displays settings for all remote users set nis ldap radius kerberos tacacs group Syntax set nis ldap radius kerberos tacacs group default power admin Description Sets a permission g...

Page 231: ...abled by default Note Settings are retained between CLI sessions for local users and users listed in the remote users list set cli terminallines Syntax set cli terminallines disable Number of lines Description Sets the number of lines in the terminal emulation screen for paging through text one screenful at a time if the SLB device cannot detect the size of the terminal automatically Note Settings...

Page 232: ...e currently logged in user set history Syntax set history clear Description Clears the commands that have been entered during the command line interface session show history Syntax show history Description Displays the last 100 commands entered during the session Connection Commands connect bidirection Syntax connect bidirection Port or Name endpoint one or more Parameters Parameters Endpoint is o...

Page 233: ...ipt of a specified number or characters or a character sequence enter the charxfer parameter and either the charcount or the charseq parameter udp IP Address port UDP Port Description Connects a device port to another device port or an outbound network connection data flows in both directions connect direct Syntax connect direct endpoint Parameters Endpoint is one of deviceport Device Port or Name...

Page 234: ...port Device Port or Name Description Monitors a device port connect terminate Syntax connect terminate Connection ID Description Terminates a bidirectional or unidirectional connection connect unidirection Syntax connect unidirection Device Port or Name dataflow toendpoint fromendpoint endpoint Parameters Endpoint is one of charcount of Chars charseq Char Sequence datetime MMDDYYhhmm ss deviceport...

Page 235: ...tions Syntax show connections email Email Address Description Displays connections and their IDs You can optionally email the displayed information The connection IDs are in the left column of the resulting table The connection ID associated with a particular connection may change if the connection times out and is restarted show connections connid Syntax show connections connid Connection ID emai...

Page 236: ...nd Maximum of 15 characters for menu names Maximum of five nested menus can be called No syntax checking Enter each command correctly set localusers Syntax set localusers add edit User Login menu Menu Name Description Assigns a custom user menu to a local user set menu add Syntax set menu add Menu Name command Command Number Description Creates a new custom user menu or adds a command to an existi...

Page 237: ...tom user menu or one command within a custom user menu set nis ldap radius kerberos tacacs custommenu Syntax set nis ldap radius kerberos tacacs custommenu Menu Name Description Sets a default custom menu for remotely authorized users show menu Syntax show menu all Menu Name Description Displays a list of all menu names or all commands for a specific menu Date and Time Commands set datetime Syntax...

Page 238: ...licserver IP Address or Hostname state enable disable sync broadcast poll Description Synchronizes the SLB branch office manager with a remote time server using NTP show ntp Syntax show ntp Description Displays NTP settings Device Commands set command Syntax set command Device Port or Name or List one or more parameters Parameters slp auth login User Login Establishes the authentication informatio...

Page 239: ... the port sensorsoft hightemp High Temperature in C Sets the hightest temperature permitted for the port sensorsoft lowhumidity Low Humidity Sets the lowest humidity pemitted for the port sensorsoft highhumidity High Humidity Sets the lowest humidity permitted for the port sensorsoft traps enable disable Enables or disables traps when specified conditions are met sensorsoft status Displays the sta...

Page 240: ...Secret or User Password flowcontrol none xon xoff rts cts gsmautodns enable disable gsmbearerservice GSM Bearer Service gsmcompression enable disable gsmcontext GPRS Context Id gsmdialoutmode gprs gsm gsmpin GSM GPRS PIN Number initscript Initialization Script A script that initializes a modem Note We recommend preceding the initscript with AT and include E1 V1 x4 Q0 so that the SLB branch office ...

Page 241: ...ort TCP Port timeoutlogins disable or 1 30 webcolumns Web SSH Telnet Cols webrows Web SSH Telnet Rows Description Configures a single port or a group of ports set deviceport global Syntax set deviceport global one or more parameters Parameters sshport TCP Port telnetport TCP Port tcpport TCP Port maxdirect 1 10 Description Configures settings for all or a group of device ports show deviceport glob...

Page 242: ...orts You can optionally email the displayed information show portcounters zerocounters Syntax show portcounters zerocounters Device Port List or Name Description Zeros the port counters for one or more device ports show portstatus Syntax show portstatus deviceport Device Port List or Name email Email Address Description Displays the modes and states of one or more device port s You can optionally ...

Page 243: ...n optionally email the displayed information diag nettrace Syntax diag nettrace one or more parameters Parmeters ethport 1 2 host IP Address or Name numpackets Number of Packets protocol tcp udp icmp verbose enable disable Description Displays all network traffic applying optional filters This command is not available on the web page diag lookup Syntax diag lookup Hostname email Email Address Desc...

Page 244: ...yntax set command Device Port or Name or List one or more parameters Parameters slp auth login User Login Establishes the authentication information to log into the SLP power manager attached to the device port slp envmon Displays the environmental status e g temperature and humidity of the SLP power manager slp outletcontrol state on off cyclepower outlet Outlet Outlet is 1 8 for SLP8 power manag...

Page 245: ...MP NMS community SNMP Community oid SNMP Trap OID action fwdalltrapsmodem fwdseltrapmodem pccardslot upper lower nms SNMP NMS community SNMP Community oid SNMP Trap OID action syslog Description Defines events admin events delete Syntax admin events delete Event ID Description Deletes an event definition admin events edit Syntax admin events edit Event ID parameters Parameters community SNMP Commu...

Page 246: ...cription Configures a prioritized list of hosts to be used for modem dial in connections set hostlist add edit Host List Name entry Syntax set hostlist add edit Host List Name entry Host Number parameters Parameters host IP Address or Name protocol ssh telnet tcp port TCP Port escapeseq 1 10 Chars Description Adds a new host entry to a list or edit an existing entry set hostlist edit Host List Nam...

Page 247: ... set ipfilter state Description Enables or disables IP filtering for incoming network traffic set ipfilter mapping Syntax set ipfilter mapping parameters Parameters ethernet 1 2 state disable ethernet 1 2 state enable ruleset Ruleset Name deviceport 1 48 state disable deviceport 1 48 state enable ruleset Ruleset Name pccardslot upper lower state disable pccardslot upper lower state enable ruleset ...

Page 248: ...elay emaillogging disable bytecnt charstr emailrestart Restart Delay emailsend email trap both emailstring Regex String emailsubj Email Subject emailthreshold Byte Threshold emailto Email Address filedir Logging Directory filelogging enable disable filemaxfiles Max of Files filemaxsize Max Size of Files locallogging enable disable name Device Port Name nfsdir Logging Directory nfslogging enable di...

Page 249: ...s Bytes To Display Description Displays a specific number of bytes of data for a device port 1K is the default set locallog clear Syntax set locallog clear Device Port or Name Description Clears the local log for a device port The locallog commands can only be executed for a device port if local logging is enabled for the port The set locallog clear command can only be executed if the user has per...

Page 250: ...ledpings 1 250 Description Sets default and alternate gateways The alternate gateway is used if an IP address usually accessible through the default gateway fails to return one or more pings set network host Syntax set network host Hostname domain Domain Name Description Sets the SLB host name and domain name set network port Syntax set network port 1 2 parameters Parameters mode auto 10mbit half ...

Page 251: ...ngs show network host Syntax show network host Description Displays the network host name of the SLB branch office manager show network port Syntax show network port 1 2 Description Displays Ethernet port settings and counters show network all Syntax show network all Description Displays all network settings NFS and SMB CIFS Commands set nfs mount Syntax set nfs mount one or more parameters Parame...

Page 252: ...ntax set nfs unmount 1 2 3 Description Unmounts a remote NFS share set cifs Syntax set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup Description Configures the SMB CIFS share which contains the system and device port logs Note The admin config command saves SLB configurations on the SMB CIFS share set cifs password S...

Page 253: ... Syntax pccard storage format upper lower filesystem ext2 fat Description Formats a Compact Flash card pccard storage mount Syntax pccard storage mount upper lower Description Mounts a Compact Flash card in the SLB device for use as a storage device The Compact Flash card must be formatted with an ext2 or FAT file system before you mount it pccard storage unmount Syntax pccard storage unmount uppe...

Page 254: ...Login dialoutnumber Phone Number dodauth pap chap dodchaphost CHAP Host or User Name dodchapsecret CHAP Secret or User Password dialoutpassword Password flowcontrol none xon xoff rts cts gsmautodns enable disable gsmbearerservice GSM Bearer Service gsmcompression enable disable gsmcontext GPRS Context Id gsmdialoutmode gprs gsm gsmpin GSM GPRS PIN Number initscript Initialization Script isdnchanne...

Page 255: ...d Power Commands set power alarmthreshold Syntax set power alarmthreshold disable Tenths of Amps Description Number of amps measured in tenths of an amp above which the SLB branch office manager sends a trap The maximum is 180 Note If the alarm goes off a warning message displays on the CLI set power outlet Syntax set power outlet Outlet or List or Name one or more parameters Parameters name Outle...

Page 256: ... waiting for the reboot interval to expire default is 20 seconds The switching delay and the reboot interval are completely independent of each other Routing Commands set routing Syntax set routing parameters Parameters rip enable disable route 1 64 ipaddr IP Address mask Netmask gateway IP Address static enable disable version 1 2 both Description Configures static or dynamic routing To delete a ...

Page 257: ...includesyslog enable disable location Physical Location netlog off error warning info debug nms IP Address or Name phonehome enable disable phoneip IP Address portssh TCP Port rocommunity Read Only Community Name rwcommunity Read Write Community Name Sets a password for an SNMP manager to access the read only data the SLB SNMP agent provides and to modify data where permitted servlog off error war...

Page 258: ...rypt v3auth md5 sha v3encrypt des aes webssh enable disable webtelnet enable disable Description Configures services system logging SSH and Telnet access SSH and Telnet timeout SNMP agent email SMTP server and audit log show services Syntax show services Description Displays current services SLB Network Commands set slcnetwork Syntax set slcnetwork one or more parameters Parameters add IP Address ...

Page 259: ...SH Key Commands set sshkey all export Syntax set sshkey allexport ftp scp copypaste pubfile Public Key File host IP Address or Name login User Login path Path to Copy Keys Description Exports the public keys all of the previously created SSH keys set sshkey delete Syntax set sshkey delete one or more parameters Parameters keyhost SSH Key Host keyname SSH Key Name keyuser SSH Key User Description D...

Page 260: ...ey File file Public Key File host IP Address or Name login User Login Description Imports an SSH key set sshkey server import Syntax set sshkey server import type rsa1 rsa dsa via sftp scp pubfile Public Key File privfile Private Key File host IP Address or Name login User Login path Path to Key File Description Imports an SLB host key set sshkey server reset Syntax set sshkey server reset type al...

Page 261: ...s that have been imported or keys for a specific user IP address or name show sshkey server Syntax show sshkey server type all rsa1 rsa dsa Description Displays host keys public key only Status Commands show connections Syntax show connections email Email Address Description Displays a list of current connections Optionally emails the displayed information The connection IDs are in the left column...

Page 262: ...ormation show portstatus Syntax show portstatus deviceport Device Port List or Name email Email Address Description Displays device port modes and states for one or more ports Optionally emails the displayed information show sysconfig Syntax show sysconfig display basic auth devices email Email Address Description Displays a snapshot of all configurable parameters Optionally emails the displayed i...

Page 263: ... numlines Number of Lines starttime MMDDYYhhmm ss endtime MMDDYYhhmm ss Description Displays the system logs containing information and error messages Note The level display and time parameters cannot be used simultaneously show syslog clear Syntax show syslog clear all netlog servlog authlog devlog diaglog genlog Description Clears one or all of the system logs ...

Page 264: ... seconds of power up The bootloader halts the boot procedure and displays a Lantronix command prompt Bootload Commands User Commands help Lists and prints the command list and online help An alias for help boot Boot default runs bootcmd bootcheck Checks boot bank information bootinfo Displays boot bank information bootsel 1 2 Selects boot bank 1 or boot bank 2 IDE Accesses the IDE sub system mtest...

Page 265: ...dministrator can issue the following commands imagecopy Copies an image of the drive from the lower PCMCIA device to the internal CF card passwd Provides a new password for user admin The default password for user admin is admin User cust does not have a password ping Sends a ping request to the network host printenv Prints bootloader variables setenv Sets environment variables ...

Page 266: ... and network infrastructure for example how vulnerable the CAT 5 wiring is to tapping Factors Affecting Security External factors affect the security provided by the SLB device for example Telnet sends the login exchange as clear text across Ethernet A person snooping on a subnet may read your password A terminal to the SLB branch office manager may be secure but the path from the SLB device to th...

Page 267: ...sily accessible Always connect any equipment used with the product to properly wired and grounded power sources To help protect the product from sudden transient increases and decreases in electrical power use a surge suppressor line conditioner or uninterruptible power supply UPS Do not connect or disconnect this product during an electrical storm Input Supply This SLB branch office manager may h...

Page 268: ...rdous stability condition results because of uneven loading A drop or fall could cause injury The ambient temperature Tma inside the rack may be greater than the room ambient temperature Make sure to install the SLB device in an environment with an ambient temperature less than the maximum operating temperature of the SLB branch office manager See Technical Specifications on page 23 Install the eq...

Page 269: ...pters convert the RJ45 connection on the SLB branch office manager to a 9 pin or 25 pin serial connector found on other manufacturers serial devices or re route the serial signals for connections to other devices that use RJ45 serial connectors Please check the cabling database on the Lantronix website at http www lantronix com for suggested cables and adapters for commonly used serial devices The...

Page 270: ...er User Guide 270 RJ45 Receptacle to DB25M DCE Adapter for the SLB Device PN 200 2066A Use PN 200 2066A adapter with a dumb terminal or with many SUN applications 5 6 7 2 20 4 8 3 RJ45 DB25 Male Pin 1 Gnd 4 Rx 6 DSR 7 CTS 8 Gnd 5 Tx 3 RTS 1 DTR 2 1 ...

Page 271: ...ters and Pinouts SLB Branch Office Manager User Guide 271 RJ45 Receptacle to DB25F DCE Adapter for the SLB Device PN 200 2067A 5 6 7 2 20 4 8 3 RJ45 DB25 Female Pin 1 Rx 6 DSR 7 CTS 8 Gnd 5 Tx 3 RTS 1 DTR 2 1 ...

Page 272: ...ers and Pinouts SLB Branch Office Manager User Guide 272 RJ45 Receptacle to DB9M DCE Adapter for the SLB Device PN 200 2069A 8 6 5 3 4 7 1 2 RJ45 DB9 Male Pin 1 Gnd 4 Rx 6 DSR 7 CTS 8 Gnd 5 Tx 3 RTS 1 DTR 2 1 ...

Page 273: ... Manager User Guide 273 RJ45 Receptacle to DB9F DCE Adapter for the SLB Device PN 200 2070A Use PN 200 2070A adapter with a PC s serial port 1 8 2 6 4 5 6 3 7 4 8 7 1 5 3 2 RJ45 DB9 Female Pin 1 Gnd 4 Rx 6 DSR 7 CTS 8 Gnd 5 Tx 3 RTS 1 DTR 2 1 ...

Page 274: ...isco and SLP Device PNs 200 2225 and ADP010104 01 Note The cable ends of the ADP010104 01 are an RJ45 socket on one end and a RJ45 plug on the other instead of RJ45 sockets on both ends Use this adapter for the SLP power manager Netra SUN CISCO and others Gnd 4 Rx 6 DSR 7 CTS 8 Gnd 5 Tx 3 RTS 1 DTR 2 ...

Page 275: ... client server applications by using secret key cryptography LDAP Lightweight Directory Access Protocol A protocol for accessing directory information NAT Network Address Translation An Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic This enables a company to shield internal addresses from the public Intern...

Page 276: ...ate dial in users and their access permissions A company stores user profiles in a central database that all remote servers can share SMB CIFS Server Message Block Common Internet File System Microsoft s protocol for allowing all applications as well as Web browsers to share files across the Internet CIFS runs on TCP IP and uses the SMB protocol in Microsoft Windows for accessing files With CIFS u...

Page 277: ...rol System A method of authentication used in UNIX networks It allows a remote access server to communicate with an authentication server to determine whether the user has access to the network Telnet A terminal protocol that provides an easy to use method of creating terminal connections to a network host ...

Page 278: ...ated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the manufacturer s instruction manual may cause harmful interference with radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case you will be required to correct the interference a...

Page 279: ...1000 3 3 Electromagnetic compatibility EMC Part 3 Limits Section 3 Limitation of voltage fluctuations and flicker in low voltage supply systems for equipment with rated current up to and including 16 A EN 60950 Safety of Information Technology Equipment RoHS Compliance This product meets the requirements of 2002 95 EC European RoHS and also complies with the SJ T 11363 2006 Peoples Republic of Chi...

Page 280: ... 0 0 0 0 0 0 EDS 0 0 0 0 0 0 MSS100 0 0 0 0 0 0 IntelliBox 0 0 0 0 0 0 XPress DR XPress DR 0 0 0 0 0 0 SecureBox 1101 0 0 0 0 0 0 WiBox 0 0 0 0 0 0 UBox 0 0 0 0 0 0 MatchPort 0 0 0 0 0 0 SLC 0 0 0 0 0 0 XPort 0 0 0 0 0 0 WiPort 0 0 0 0 0 0 SLB 0 0 0 0 0 0 SLP 0 0 0 0 0 0 SCS 0 0 0 0 0 0 SLS 0 0 0 0 0 0 O toxic or hazardous substance contained in all of the homogeneous materials for this part is be...

Reviews:

No comments