background image

11: User Authentication

SLC™ 8000 Advanced Console Manager User Guide

185

where 

<Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, do, 
ub, rs, rc, dr, wb, sn, ad, md, sd

To remove a permission, type a minus sign before the two-letter abbreviation for a user 
right.

To view the rights of the currently logged-in user:

show user

Remote User Commands

The following CLI commands correspond to the web page entries described above.

To configure whether remote users who are not part of the remote user list will be 
authenticated:

set remoteusers listonlyauth <enable|disable>

To configure attributes for users who log in by a remote authentication method:

set remoteusers add|edit <User Login> [<parameters>]

Parameters

breakseq <1-10 Chars>
clearports <Port List>
dataports <Port List>
escapeseq <1-10 Chars>
group <default|power|admin|Custom Group Name>
listenports <Port List>
permissions <Permissions List>

where 

<Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, do, 
ub, rs, rc, dr, wb, sn, ad, md, sd

To remove a permission, type a minus sign before the two-letter abbreviation for a user 
right.

To remove a remote user:

set remoteusers delete <User Login>

To view settings for all remote users:

show remoteusers

To view the rights of the currently logged-in user:

show user

Summary of Contents for SLC 8000

Page 1: ...Part Number 900 704 R Revision B October 2014 SLC 8000 Advanced Console Manager User Guide ...

Page 2: ...ation FSF Lantronix grants you no right to receive source code to the Open Source software however in some cases rights and access to source code for certain Open Source software may be available directly from Lantronix licensors Upon request Lantronix will identify the Open Source components and the licenses that apply to them Your use of each Open Source component or software is subject to the t...

Page 3: ...ause interference in which case the user at his or her own expense will be required to take whatever measures may be required to correct the interference Note This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is ...

Page 4: ..._____________________________20 System Features __________________________________________________________20 Protocols Supported ____________________________________________________21 Access Control ________________________________________________________21 Device Port Buffer _____________________________________________________22 Configuration Options _____________________________________________...

Page 5: ...______________________________________________49 5 Web and Command Line Interfaces 50 Web Manager ____________________________________________________________50 Logging in ____________________________________________________________52 Logging Out __________________________________________________________53 Web Page Help _______________________________________________________53 Command Line Interfa...

Page 6: ..._____________________________________________76 System Logging _______________________________________________________76 Audit Log ____________________________________________________________77 SMTP _______________________________________________________________77 SSH ________________________________________________________________77 Telnet _________________________________________________________...

Page 7: ..._________________________110 Port Status and Counters _______________________________________________112 Device Ports SLP ServerTech CDU Device _______________________________112 Status Info __________________________________________________________114 Commands __________________________________________________________114 Device Port Sensorsoft Device __________________________________________114 ...

Page 8: ...ling States _____________________________________________________152 Dial In ______________________________________________________________152 Dial back ____________________________________________________________153 Dial on demand ______________________________________________________153 Dial in Dial on demand _______________________________________________154 Dial back Dial on demand ___________...

Page 9: ...________________199 User Attributes Permissions from LDAP Schema or RADIUS VSA _____________200 Kerberos _______________________________________________________________201 Kerberos Commands __________________________________________________204 TACACS ______________________________________________________________205 TACACS Commands _________________________________________________208 Groups _______...

Page 10: ...______________________________________________253 Banner Commands ____________________________________________________254 13 Application Examples 255 Telnet SSH to a Remote Device __________________________________________255 Dial in Text Mode to a Remote Device _______________________________________257 Local Serial Connection to Network Device via Telnet ____________________________258 14 Comman...

Page 11: ..._________________315 Services Commands ______________________________________________________315 SLC Network Commands __________________________________________________317 SSH Key Commands ____________________________________________________317 Status Commands ________________________________________________________320 System Log Commands ___________________________________________________321 USB ...

Page 12: ...SLC 8000 Advanced Console Manager User Guide 12 Appendix C Adapters and Pinouts 331 Appendix D Protocol Glossary 334 Appendix E Compliance Information 336 ...

Page 13: ...______________________________________________41 Table 4 4 Front Panel Setup Options with Associated Parameters __________________________41 Table 5 2 CLI Keyboard Shortcuts ___________________________________________________56 Table 8 1 Supported I O Module Configurations _______________________________________101 Table 8 6 Port Status and Counters ________________________________________________...

Page 14: ..._____________48 Figure 5 1 Web Page Layout _______________________________________________________51 Figure 6 1 Network Network Settings _______________________________________________58 Figure 6 2 Network IP Filter ______________________________________________________63 Figure 6 3 Network IP Filter Ruleset Adding Editing Rulesets ___________________________65 Figure 6 4 Network Routing _________...

Page 15: ..._________________________159 Figure 9 4 Devices USB Modem ________________________________________________160 Figure 9 5 Firmware and Configurations Manage Files Top of Page ______________________164 Figure 10 1 Terminal Server _______________________________________________________167 Figure 10 2 Remote Access Server _________________________________________________167 Figure 10 3 Reverse Termina...

Page 16: ...__________________245 Figure 12 11 Emailed Log or Report_________________________________________________247 Figure 12 12 About SLC __________________________________________________________248 Figure 12 13 Maintenance Events_________________________________________________249 Figure 12 14 Maintenance LCD Keypad ____________________________________________252 Figure 12 15 Maintenance Banners______...

Page 17: ...ions for using the web interface and include equivalent command line interface commands Chapter 6 Basic Parameters Provides instructions for configuring network ports firewall and routing settings and VPN Chapter 7 Services Provides instructions for enabling and disabling system logging SSH and Telnet logins SNMP SMTP and the date and time Chapter 8 Device Ports Provides instructions for configuri...

Page 18: ... Glossary Lists the protocols supported by the SLC unit with brief descriptions Appendix E Compliance Information Provides information about the SLC 8000 advanced console manager s compliance with industry standards Document Description SLC 8000 Advanced Console Manager Quick Start Describes the steps for getting the SLC unit up and running SLC 8000 Advanced Console Manager Online Help for the Com...

Page 19: ...ooting without sending a technician onsite Reduces travel costs and downtime costs Saves time Provides instant access and reduces response time improving efficiency Simplifies access Enables you to access equipment securely and remotely after hours and on weekends and holidays without having to schedule visits or arrange for off hour access Protects assets Security features provide encryption auth...

Page 20: ...onverted using Lantronix adapters See Appendix C Adapters and Pinouts on page 331 for more information on serial adapters and pin outs Network Ports The SLC unit has two 10 100 1000 Base T Ethernet ports referred to in this user guide as Eth1 and Eth2 Console Port The SLC has a front panel serial console port RJ45 SLC 8000 advanced console manager also includes two USB type A ports in the front pa...

Page 21: ...d console manager supports the TCP IP network protocol as well as SSH Telnet PPP NFS and CIFS for connections in and out of the SLC console manager SMTP for mail transfer DNS for text to IP address name resolution SNMP for remote monitoring and management SCP FTP and SFTP for file transfers and firmware upgrades TFTP for firmware upgrades DHCP and BOOTP for IP address assignment HTTPS SSL for secu...

Page 22: ...rature status Both a web interface viewed through a standard browser and a command line interface CLI are available for configuring the SLC settings and monitoring performance Hardware Features The SLC 8000 hardware includes the following 1U tall 1 75 inch rack mountable appliance Two 10 100 1000 Base T network ports with LED for link and activity Up to 48 RS 232 serial device ports connected via ...

Page 23: ...nd Sun RJ45 serial console ports If you are replacing an SLC with an SLC 8000 you can either switch the ports to the non reversed pinout used by SLC units and use your original cables and adapters or remove any rolled cables or adapters and replace them with straight through RJ45 cables e g Ethernet patch cables Note RJ45 to DB9 DB25 adapters are available from Lantronix Device ports and the conso...

Page 24: ...Use standard RJ45 terminated cables like Category 5 or 6 patch cable Additionally CAT5E or better cables are recommended for 1000 Base Ethernet Network parameters must be configured before the SLC console manager can be accessed over the network Note One possible use for the two Ethernet ports is to have one port on a private secure network and the other on a public unsecured network Figure 2 6 Ne...

Page 25: ...anager User Guide 25 USB Interface The SLC 8000 unit has two 2 0 USB ports HS FS LS Figure 2 7 Dual USB Ports Memory Card Port The SLC unit has a memory card port on the front panel of the unit which accepts SD cards Figure 2 8 Memory Card Port ...

Page 26: ...8000 Advanced Console Manager User Guide 26 Internal Modem An internal modem can be installed in the SLC 8000 advanced console manager See Modem Installation on page 33 for instructions Figure 2 9 Internal Modem Location ...

Page 27: ...mbers Table 3 1 Part Numbers and Descriptions Verify and inspect the contents of the SLC package using the enclosed packing slip or the table above If any item is missing or damaged contact your place of purchase immediately Product Information Label The product information label on the underside of the SLC 8000 advanced console manager contains the following information about each SLC unit Part N...

Page 28: ... speeds or no link Yellow light ON indicates a link is established Yellow light blinking indicates activity Power Supply AC single or dual Universal AC power input 100 240 VAC 50 or 60 Hz IEC 60320 C19IEC type regional cord set included Power Supply DC dual 20V to 72V input Power Consumption Less than 25 watts Dimensions 1U 1 75 in x 17 25 in x 12 in Weight 11 5 lbs or less depending on options Te...

Page 29: ...e terminal or PC to the SLC console port See Connecting Terminals on page 31 4 Connect the power cord and apply power See AC Input on page 32 5 Wait approximately a minute for the boot process to complete When the boot process ends the SLC host name and the clock appear on the LCD display Now you are ready to configure the network settings as described in Chapter 4 Quick Setup Connecting to a Devi...

Page 30: ...s shown in Figure 3 3 Table 3 4 Console Port and Device Port DTE Reverse Pinout Disabled Table 3 5 Device Port DCE Reverse Pinout Enabled Pin Number Description 1 RTS output 2 DTR output 3 TXD output 4 Ground 5 Ground 6 RXD input 7 DSR input 8 CTS input Pin Number Description 1 CTS input 2 DSR input 3 RXD input 4 Ground 5 Ground 6 TXD output 7 DTR output 8 RTS output RJ45 CABLE ...

Page 31: ...T5e or better cable is recommended for use with a 1000 Base T Ethernet connection Note One possible use for the two Ethernet ports is to have one port on a private secure network and the other on an unsecured network Connecting Terminals The console port is for local access to the SLC 8000 advanced console manager and the attached devices You may attach a dumb terminal or a computer with terminal ...

Page 32: ...XP or lower For recent versions of Windows use a free terminal emulator such as PuTTY or TeraTerm Pro 4 Once the SLC 8000 advanced console manager is running press Enter to establish connection You should see the model name and a login prompt on your terminal You are connected AC Input The power supply module for the SLC controller accepts AC input voltage of 100 240 VAC 50 60 HZ Rear mounted IEC ...

Page 33: ...E SECTION SUPÉRLEURE Warning RISK OF ELECTRICAL SHOCKS DISCONNECT ALL POWER AND PHONE LINES BEFORE SERVICING Caution DEVICES INSIDE THE EQUIPMENT AND THE MODEM ARE ELECTROSTATIC SENSITIVE DO NOT HANDLE EXCEPT AT A STATIC FREE WORKPLACE MODEM PART NUMBER Lantronix 56KINTMODEM 01 MODEM SERVICING INSTRUCTIONS You will need a medium size Phillips screw driver 1 Turn off power to the SLC 8000 advanced ...

Page 34: ... the orientation of the modem so that later you can install a new modem correctly with the same orientation 5 If there is a modem replacement carefully lift the old modem out of its socket 6 Install the new modem with correct orientation 7 Make sure to have correct pin alignment ...

Page 35: ...ACCORDING TO THE INSTRUCTIONS Attention II Y A DANGER D EXPLOSION S IL Y A REMPLACEMENT INCORRECT DE LA BATTERIE REMPLACER UNIQUEMENT AVEC UNE BATTERIE DU MÊME TYPE OU D UN TYPE EQUIVALENT RECOMMANDÉ PAR LE CONSTRUCTEUR METTRE AU REBUT LES BATTERIES USAGÉES CONFORMÉMENT AUX INSTRUCTIONS DU FABRICANT Caution DEVICES INSIDE THE EQUIPMENT ARE ELECTROSTATIC SENSITIVE DO NOT HANDLE EXCEPT AT A STATIC F...

Page 36: ...geable in Federal State and local hazardous waste transportation and disposal requirements Caution RISK OF FIRE EXPLOSION AND BURNS DO NOT RECHARGE CRUSH HEAT ABOVE 212 F 100 C OR INCINERATE Battery Replacement Instructions Warning RISK OF ELECTRICAL SHOCKS DISCONNECT ALL POWER AND PHONE LINE BEFORE SERVICING You will need a medium size Phillips screw driver 1 Turn off power to the SLC 8000 advanc...

Page 37: ...modem out of its socket 6 Use fingers to lift the battery out of the socket Caution DO NOT USE A METAL OBJECT TO PRY OUT THE BATTERY SINCE IT MAY SHORT THE BATTERY AND DAMAGE THE BATTERY HOUSING 7 Install the new battery with the side up making sure the battery sits completely and securely in the housing ...

Page 38: ... have correct pin alignment b Press the modem down to make sure it sits down all the way in the socket 9 Double check the battery and modem placements to make sure they are done properly 10 Place the battery modem door back 11 Tighten the door screw 12 Reprogram the SLC system date time after installing a new battery if necessary ...

Page 39: ...advanced console manager must have a unique IP address on your network The system administrator generally provides the IP address and corresponding subnet mask and gateway The IP address must be within a valid range unique to your network and in the same subnet as your PC The following table lists the options for assigning an IP address to your SLC unit Table 4 1 Methods of Assigning an IP Address...

Page 40: ...wn Left Right The front panel display initially shows the hostname abbreviated to 14 letters and the date and time When you click the right arrow button the SLC network settings displays Using the five buttons on the keypad you can change the network console port and date time settings and view the firmware release version If desired you can restore the factory defaults Note Have your information ...

Page 41: ...revious option Enter center button To enter edit mode Up and down arrows Within edit mode to increase or decrease a numerical entry Right or left arrows Within edit mode to move the cursor right or left Enter To exit edit mode Up and down arrows To scroll up or down the list of parameters within an option e g from IP Address to Mask Left Right Arrow Current Time Eth1 Network Settings Console Port ...

Page 42: ...mpt displays Note If the prompt does not display make sure you are no longer in edit mode 6 Use the left right arrow buttons to select Yes and press the Enter button 7 Press the right arrow button to move to the next option Console Settings 8 Repeat steps 2 7 for each setting 9 Press the right arrow button to move to the next option Date Time Settings and click Enter to edit the time zone To enter...

Page 43: ...it at the command line interface using the admin keypad password command 5 Press Enter to exit edit mode If the password is valid a Save Settings Yes No prompt displays 6 Select Yes and press Enter When the process is complete the SLC unit reboots Method 2 Quick Setup on the Web Page After the unit has an IP address you can use the Quick Setup page to configure the remaining network settings This ...

Page 44: ... User Guide 44 Figure 4 5 Quick Setup Figure 4 6 Home 4 To accept the defaults select the Accept default Quick Setup settings checkbox on the top portion of the page and click the Apply button at the bottom of the page Otherwise continue with step 5 ...

Page 45: ...172 19 201 28 do not enter 028 for the last segment Note Currently the SLC 8000 advanced console manager does not support configurations with the same IP subnet on multiple interfaces Ethernet or PPP Subnet Mask If specifying an IP address enter the subnet mask for the network on which the SLC unit resides There is no default Default Gateway The IP address of the router for this network There is n...

Page 46: ...lnet Logging on page 76 To complete the command line interface Quick Setup script 1 Do one of the following With a serial terminal connection power up and when the command line displays press Enter With a network connection use an SSH program or Telnet program if Telnet has been enabled to connect to xx xx xx xx the IP address in dot quad notation and press Enter You should be at the login prompt ...

Page 47: ...use leading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for the last segment Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported Subnet Mask The subnet mask specifies the network segment on which the SLC 8000 advanced console manager resides There is no default If ...

Page 48: ...ress none ____Hostname____________________________________________________________ The current hostname is slc and the current domain is undefined The hostname will be shown in the CLI prompt Specify a hostname slc Specify a domain undefined ____Time Zone___________________________________________________________ The current time zone is GMT Enter time zone GMT ____Date Time_______________________...

Page 49: ...advanced console manager you may want to configure other settings You can use the web page or the command line interface for configuration For information about the web and the command line interfaces go to Chapter 5 Web and Command Line Interfaces To continue configuring the SLC unit go to Chapter 6 Basic Parameters ...

Page 50: ...network settings and web manager and CLI to perform quick setup Web Manager A web manager allows the system administrator and other authorized users to configure and manage the SLC 8000 advanced console manager using most web browsers Firefox Chrome or Internet Explorer web applications with JavaScript enabled The Web Telnet and Web SSH features require Java 1 1 or later support in the browser The...

Page 51: ...elow each tab are options for specific types of settings Note Only those options for which the currently logged in user has rights display Port Number Bar The light green LCD button allows you to configure the front panel LCD The beige SD button allows you to configure the SD card if a card is inserted See Chapter 9 USB SD Card Port on page 157 Logout Button Tabs Options Entry Fields and Options A...

Page 52: ...umidity probes connected to the device port The yellow orange A and B buttons display the status of the power supplies Entry Fields and Options Allow you to enter data and select options for the settings Note For specific instructions on completing the fields on the web pages see Chapters 5 through 12 Apply Button Apply on each web page makes the changes immediately and saves them so they will be ...

Page 53: ...ing Telnet SSH or a serial terminal connection Note By default Telnet is disabled and SSH is enabled To enable Telnet use the Services SSH Telnet Logging web page a serial terminal connection or an SSH connection See Chapter 7 Services The sysadmin user and users with who have full administrative rights have access to the complete command set while all other users have access to a reduced command ...

Page 54: ...line For more information about a specific command type help followed by the command For example help set network or help admin firmware Tips Type enough characters to identify the action category or parameter name uniquely For parameter values type the entire value For example you can shorten set network port 1 state static ipaddr 122 3 10 1 mask 255 255 0 0 to se net po 1 st static ip 122 3 10 1...

Page 55: ... the page press the space bar You can override the number of lines or disable the feature altogether with the set cli command General CLI Commands The following commands relate to the CLI itself To configure the current command line session set cli scscommands enable disable Allows you to use SCS compatible commands as shortcuts for executing commands Note Settings are retained between CLI session...

Page 56: ... user show user Note For information about user rights see Chapter 11 User Authentication Table 5 2 CLI Keyboard Shortcuts Keyboard Shortcut Description Control a Move to the start of the line Control e Move to the end of the line Control b Move back to the start of the current word Control f Move forward to the end of the next word Control u Erase from cursor to the beginning of the line Control ...

Page 57: ...sing a Quick Setup procedure you may update them here Requirements If you assign a different IP address from the current one it must be within a valid range unique to your network and with the same subnet mask as your workstation To configure the unit you need the following information Eth1 IP address ________ ________ ________ ________ Subnet mask ________ ________ ________ ________ Eth2 IP addre...

Page 58: ...LC 8000 Advanced Console Manager User Guide 58 To enter settings for one or both network ports 1 Click the Network tab and select the Network Settings option The following page displays Figure 6 1 Network Network Settings ...

Page 59: ...dress enter the network segment on which the SLC unit resides There is no default IPv6 Address Address of the port in IPv6 format Note The SLC 8000 advanced console manager supports IPv6 connections for a limited set of services the web SSH and Telnet IPv6 addresses are written as 8 sets of 4 digit hexadecimal numbers separated by colons There are several rules for modifying the address For exampl...

Page 60: ...lt gateway for routing DHCP Acquired Gateway acquired by DHCP for Eth1 or Eth2 View only Precedence Indicates whether the gateway acquired by DHCP or the default gateway takes precedence The default is DHCP Gateway If the DHCP Gateway is selected and both Eth1 and Eth2 are configured for DHCP the SLC unit gives precedence to the Eth1 gateway Alternate An alternate IP address of the router for this...

Page 61: ...uto 10mbit half 100mbit half 10mbit full 100mbit full 1000mbit full state dhcp bootp static disable ipaddr IP Address mask Mask ipv6addr IP v6 Address Prefix To configure up to three DNS servers set network dns 1 2 3 ipaddr IP Address 1 3 Configure up to three name servers 1 is required if you choose to configure DNS Domain Name Server servers The first three DNS servers acquired via DHCP through ...

Page 62: ...fails to return one or more pings To set the SLC host name and domain name set network host Hostname domain Domain Name To set TCP Keepalive and IP Forwarding network parameters set network parameters Parameters interval 1 99999 Seconds ipforwarding enable disable probes Number of Probes startprobes 1 99999 Seconds To view all network settings show network all To view Ethernet port settings and co...

Page 63: ...dit delete and map IP filters Warning IP filters configuration is a feature for advanced users Adding and enabling IP filter sets incorrectly can disable your SLC unit Viewing IP Filters You can view a list of filters and a table showing how each filter is mapped to an interface To view a list of IP filters 1 Click the Network tab and select the IP Filter option The following page displays Figure ...

Page 64: ...lters Note A configured filter has no effect until it is mapped to a network interface See Mapping Rulesets on page 63 To add an IP filter 1 On the Network IP Filter page click the Add Ruleset button The following page displays Enable IP Filter Select the Enable IP Filter checkbox to enable all filters or clear the checkbox to disable all filters Disabled by default Packets Dropped Displays the nu...

Page 65: ...numbers and hyphens only The name cannot start with a hyphen Example FILTER 2 IP Address es Specify a single IP address to act as a filter Example 172 19 220 64 this specific IP address only Subnet Mask Specify a subnet mask to act determine how much of the address should apply to the filter Example 255 255 255 255 to specify the whole address should apply Protocol From the drop down list select t...

Page 66: ...P port numbers to be tested An entry is required for TCP TCP New TCP Established and UDP and is not allowed for other protocols Separate multiple ports with commas Separate ranges of ports by colons Examples 22 filter on port 22 only 23 64 80 filter on ports 23 64 and 80 23 64 80 143 150 filter on ports 23 through 64 port 80 and ports 143 through 150 Action Select whether to Drop Reject or Allow c...

Page 67: ... the Delete Ruleset button IP Filter Commands The following CLI commands correspond to the web page entries described above To enable or disable IP filtering for incoming network traffic set ipfilter state To set IP filter mapping set ipfilter mapping parameters Parameters ethernet 1 2 state disable ethernet 1 2 state enable ruleset Ruleset Name deviceport 1 48 state disable deviceport 1 48 state ...

Page 68: ...ocol RIP capable routes to enable the RIP protocol to configure the routes dynamically To configure routing settings 1 Click the Network tab and select the Routing option The following page displays Figure 6 4 Network Routing 2 Enter the following Dynamic Routing Enable RIP Select to enable Dynamic Routing Information Protocol RIP to assign routes automatically Disabled by default RIP Version Sele...

Page 69: ... SLC 8000 advanced console manager for secure communication between the SLC unit and a remote host or gateway The SLC 8000 advanced console manager supports IPSec tunnels using Encapsulated Security Payload ESP The SLC unit supports host to host net to net host to net and roaming user tunnels Note To allow VPN tunnel access if the SLC firewall is enabled traffic to UDP ports 500 and 4500 from the ...

Page 70: ... Tunnel Select to create a tunnel Name The name assigned to the tunnel Required to create a tunnel Ethernet Port Select ethernet port 1 or 2 Remote Host The IP address of the remote host s public network interface The special value of any can be entered if the remote host is a roaming user who may not have the same IP address each time a tunnel is created In this case it is recommended that the Re...

Page 71: ... data passed through the tunnel which is the IPSec Security Association IPSec SA The IPSec SA can periodically be renegotiated to ensure security The IKE protocol can use one of two modes Main Mode which provides identity protection and takes longer or Aggressive Mode which provides no identity protection but is quicker With Aggressive Mode there is no negotiation of which cryptographic parameters...

Page 72: ...ame passphrase to be used for authentication RSA Public Key for Remote Host If RSA Public Key is selected for authentication enter the public key for the remote host Pre Shared Key If Pre Shared Key is selected for authentication enter the key Retype Pre Shared Key If Pre Shared Key is selected for authentication re enter the key Perfect Forward Secrecy When a new IPSec SA is negotiated after the ...

Page 73: ...0 2 is a security standard developed by the United States federal government that defines rules regulations and standards for the use of encryption and cryptographic services The National Institute of Standards and Technology NIST maintains the documents related to FIPS at http csrc nist gov publications PubsFIPS html FIPS 140 2 defines four security levels Level 1 through Level 4 The SLC unit use...

Page 74: ...utomatically disabled LDAP authentication must be configured with the following StartTLS encryption SSL encryption over port 636 is not supported A SSL secure certificate Either Bind with Login or a Bind Name and Password Note In FIPS mode passphrases are not supported for SSH keys and SSL certificates Figure 6 6 Network Security To enable FIPS 1 Check the Enable FIPS Mode check box on the Network...

Page 75: ...ivate enterprise MIB provides read only access to all statistics and configurable items provided by the SLC unit It provides read write access to a select set of functions for controlling the SLC 8000 advanced console manager and device ports See the MIB definition file for details Identify a Simple Mail Transfer Protocol SMTP server Enable or disable SSH and Telnet logins Configure an audit log V...

Page 76: ...rvices SSH Telnet Logging 2 Enter the following settings System Logging In the System Logging section select one of the following alert levels from the drop down list for each message category Off Disables this type of logging Error Saves messages that are output because of an error Warning Saves message output from a condition that may be cause for concern in addition to error messages This is th...

Page 77: ...mum size of the log from 1 to 500 Kbytes Include CLI Commands Select to cause the audit log to include the CLI commands that have been executed Disabled by default Include In System Log If enabled the contents of the audit log are added to the system log under the General Info category level Disabled by default Server IP address of your network s Simple Mail Transfer Protocol SMTP relay server If ...

Page 78: ... SLC unit to allow users to access the CLI using Telnet Disabled by default This setting does not control Telnet access to individual device ports See Device Ports Settings on page 106 for information on enabling Telnet access to individual ports You may want to keep this option disabled for security reasons Web Telnet Enables or disables the ability to access the SLC command Iine interface or dev...

Page 79: ...ent Enables or disables SNMP agent which allows read only access to the system Disabled by default Top Level MIB Click the link to access the top level MIB file for all Lantronix products SLC MIB Click the link to access the SLC MIB definition file for SLC 8000 advanced console managers and advanced console managers ...

Page 80: ...e a name optional Up to 20 characters Read Only A string that SNMP agent provides The default is public Read Write A string that acts like a password for an SNMP manager to access the read only data from the SLC unit SNMP like a password for an SNMP manager to access the read only data the SLC SNMP agent provides and to modify data where permitted The default is private Trap The trap used for outg...

Page 81: ...e nms2 IP Address or Name phonehome enable disable phoneip IP Address portssh TCP Port rocommunity Read Only Community Name rwcommunity Read Write Community Name User Name SNMP v3 is secure and requires user based authorization to access SLC MIB objects Enter a user ID The default is snmpuser Up to 20 characters Password Retype Password Password for a user with read only authority to use to access...

Page 82: ...save configuration and logging data onto a remote NFS server or export configurations by means of an exported CIFS share Mounting an NFS shared directory on a remote network server onto a local SLC directory enables the SLC advanced console manager to store device port logging data on that network server This configuration avoids possible limitations in the amount of disk space on the SLC unit ava...

Page 83: ...al directory automatically Read Write If enabled indicates that the SLC 8000 advanced console manager can write files to the remote directory If you plan to log port data or save configurations to this directory you must enable this option Mount Select the checkbox to enable the SLC unit to mount the file to the NFS server Disabled by default Share SMB CIFS directory Select the checkbox to enable ...

Page 84: ...share set nfs unmount 1 2 3 To view NFS share settings show nfs To configure the SMB CIFS share which contains the system and device port logs set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup Note The admin config command saves SLC configurations on the SMB CIFS share To change the password for the SMB CIFS share lo...

Page 85: ...es SLC 8000 advanced console managers and Lantronix Spider devices on the local subnet Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data reload the web page To access vSLM management appliances and Lantronix Spider devices on the local network 1 Click the Services tab and select the Secure Lantronix Network option The following page disp...

Page 86: ...7 Services SLC 8000 Advanced Console Manager User Guide 86 Figure 7 4 Services Secure Lantronix Network ...

Page 87: ...a specific secure Lantronix device to open a new browser page with the web interface for the selected secure Lantronix device 3 Log in as usual Figure 7 5 IP Address Login Page To directly access the CLI interface for a device 1 Click the SSH or Telnet link in the SSH Telnet to CLI column directly beside the port you would like to access A ssh or telnet popup window appears depending on what is cl...

Page 88: ...ebSSH or a WebTelnet session If enabled an ssh or telnet popup window appears depending on what is clicked See Figure 7 6 d Disabled port numbers are in a dark green box and you will see a popup Figure 7 8 Disabled Port Number Popup Window 2 Click OK and login to the CLI interface which appears See Figure 7 7 To configure how secure Lantronix devices are searched for on the network 1 Click the Sea...

Page 89: ...ch You can now manage these devices Secure Lantronix Network Commands The following commands for the command line interface correspond to the web page entries described above To detect and view all SLC advanced console managers or user defined IP addresses on the local network set s one or more parameters Parameters add IP Address delete IP Address Secure Lantronix Network Search Select the type o...

Page 90: ...the current NTP status if NTP is enabled The column headings are as follows the host names or addresses shown in the remote column correspond to configured NTP server names however the DNS names might not agree if the names listed are not the canonical DNS names The refid column shows the current source of synchronization while the st column reveals the stratum t the type u unicast m multicast l l...

Page 91: ...te Time Select the checkbox to manually enter the date and time at the SLC location Date From the drop down lists select the current month day and year Time From the drop down lists select the current hour and minute Time Zone From the drop down list select the appropriate time zone For information on each timezone see http en wikipedia org wiki List_of_tz_database_time_zones Enable NTP Select the...

Page 92: ...ast poll Synchronize via Select one of the following Broadcast from NTP Server Enables the SLC unit to accept time information periodically transmitted by the NTP server This is the default if you enable NTP Poll NTP Server Enables the SLC 8000 advanced console manager to query the NTP Server for the correct time If you select this option complete one of the following Local Select this option if t...

Page 93: ...tor to Configure attributes of the web server View and terminate current web sessions Import a site specific SSL certificate Enable an iGoogle gadget that displays the status of ports on multiple SLC units To configure the Web Server 1 Click the Services tab and select the Web Server option The following page appears Figure 7 11 Services Web Server ...

Page 94: ... take effect Cipher By default the web uses High Medium security 128 bits or higher for the cipher This option can be used to configure the web to also support Low security less than 128 bits ciphers or FIPS approved ciphers see Security Changing this option requires a reboot for the change to take effect Group Access Specify one or more groups to allow access to the web manager user interface If ...

Page 95: ...on ID To view the current sessions and their ID admin web show To import an SSL certificate or reset the web server certificate to the default admin web certificate import via sftp scp certfile Certificate File privfile Private Key File host IP Address or Name login User Login path Path to Files admin web certificate reset admin web certificate show admin web show viewslmsessions enable disable Se...

Page 96: ...ervices SSL Certificate The Services Web Server page enables you to view and update SSL certificate information The SSL certificate consisting of a public private key pair used to encrypt HTTP data is associated with the web server You can import a site specific SSL certificate if desired To view reset import or change an SSL Certificate 1 On the Services tab click the Web Server page and click th...

Page 97: ...selected by default Import via From the drop down list select the method of importing the certificate SCP SFTP or HTTPS The default is SCP Certificate Filename Filename of the certificate Key Filename Filename of the private key for the certificate Passphrase Retype Passphrase Enter the passphrase associated with the SSL certificate if the private key is encrypted Host Host name or IPaddress of th...

Page 98: ...email account gmail com can create an iGoogle gadget for viewing web pages There are two types of iGoogle gadgets public gadgets and private gadgets The public gadgets are listed for import on iGoogle web pages The SLC gadget is a private gadget whose location is not publicly advertised To set up an SLC iGoogle gadget 1 Load the following XML code on a web server that is accessible over the Intern...

Page 99: ...0 seconds EnumValue value 60 display_value 1 minute EnumValue value 300 display_value 5 minutes EnumValue value 600 display_value 10 minutes UserPref Content type url href http __UP_ip__ devstatus htm Module 2 On the iGoogle web page click the Add stuff link 3 On the new page click the Add feed or gadget link 4 In the field that displays type the URL of the gadget location 5 Return to the gadget v...

Page 100: ...vice port establish a raw TCP connection to Eth1 IP address tcp port number or Eth2 IP address tcp port number where tcp port number is uniquely assigned for each device port 5 If a device port has an IP address assigned to it you can Telnet SSH or establish a raw TCP connection to the IP address For Telnet and SSH use the default TCP port number 23 and 22 respectively to connect to the device por...

Page 101: ...or by swapping an 8 port I O module in Bay 1 for a 16 port module The configurations listed above are the only valid configurations if any other configuration is detected at boot the SLC unit will still boot disable use of the device ports and provide indications in the boot messages in the CLI and in the web that the I O configuration is invalid When an invalid configuration is corrected by recon...

Page 102: ...er User Guide 102 Device Status The Devices Device Status page displays the status of the SLC ports USB ports and SD card ports 1 Click the Devices tab and select the Device Status option The following page displays Figure 8 2 Devices Device Status ...

Page 103: ... TCP ports display on the left The list of ports 1 16 on the right includes the individual ports and their current mode Note For units with more ports click the buttons above the table to view additional ports Icons that represent some of the possible modes include Idle The port is not in use The port is in data text mode Note You may set up ports to allow Telnet access using the IP Setting per De...

Page 104: ... Each port is assigned a number for connecting via Telnet Enter a number 1025 65528 that represents the first port The default is 2000 plus the port number For example if you enter 2001 subsequent ports are automatically assigned numbers 2002 2003 and so on Starting SSH Port Each port is assigned a number for connecting via SSH Enter a number 1025 65528 that represents the first port The default i...

Page 105: ...On the Device Ports Settings page configure IP and data serial settings for individual ports and if the port connects to an external modem modem settings as well To open the Device Ports Settings page 1 You have two options In the Port Number Bar page described in the previous section select the port from the ports list and click the Configure button Click the desired port number in the green bar ...

Page 106: ...8 Device Ports SLC 8000 Advanced Console Manager User Guide 106 The following page displays Figure 8 5 Device Ports Settings ...

Page 107: ...then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B View Port Log Seq The key sequence used to view the Port Log while in Connect Direct mode Non printing characters can be specified by giving their hexidecimal code see Break Sequence above The default is Esc V x1bV View Port Log Select to allow the u...

Page 108: ...r of columns in the Web SSH Telnet applet when this device port is accessed via the applet Rows Number of rows in the Web SSH Telnet applet when this device port is accessed via the applet Baud The speed with which the device port exchanges data with the attached serial device From the drop down list select the baud rate Most devices use 9600 for the administration port so the device port defaults...

Page 109: ...ion if DSR Data Set Ready is in an asserted state DSR should already be in an asserted state not transitioning to when a connection attempt is made Disabled by default unless dial in dial out or dial back is enabled for the device port Disconnect on DSR If a connection to a device port is currently in session and the DSR signal transitions to a de asserted state the connection disconnects immediat...

Page 110: ...e phone number the modem dials back on a fixed number or a number associated with their login If you select Fixed Number enter the number in the format 2123456789 The dial back number is also used for CBCP client as the number for a user defined number See Device Ports Settings on page 105 for more information Dial back Delay For dial back and CBCP Server the number of seconds between the dial in ...

Page 111: ...by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the DOD CHAP Handshake fields authenticate the user DOD CHAP Handshake For DOD Authentication enter the Host User Name for UNIX systems or Secret User Password for Windows systems used for CHAP authentication May have up to 128 characters Enable NAT Select to enable Network Address Translation NAT f...

Page 112: ...automatically updates these values To reset them to zeros select the Zero port counters checkbox in the IP Settings section of the page Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page Table 8 6 Port Status and Counters Device Ports SLP ServerTech CDU Device On the Device Ports SLP ServerTech CDU page config...

Page 113: ... setting is not applicable for an SLP device Login User ID for logging into the SLP unit or ServerTech CDU device Password Enter password for logging into the SLP power manager or ServerTech CDU device Retype Password Re enter password for logging into the SLP unit or ServerTech CDU device Prompt Enter the prompt displayed by the SLP unit or ServerTech CDU device This will default to a typical pro...

Page 114: ...alue of 1 8 for the SLP8 or 1 16 for the SLP16 device For the ServerTech CDU the valid range of outlets is specified by the Number of Outlets setting for Tower A or the Number of Expansion Outlets setting for Tower B Click the Outlet Status link to see the status of the selected outlet s Environmental Status Click the link to view the environmental status e g temperature and humidity Infeed Status...

Page 115: ...rtech dialbackeretries 1 10 Dev Port Displays the number of the SLC port Device Port Name Displays the name of the SLC port Temp Current temperature degrees Celsius on the device the sensor is monitoring Low Temp Enter the temperature degrees Celsius permitted on the monitored device below which the SLC 8000 advanced console manager sends a trap High Temp Enter the temperature degrees Celsius perm...

Page 116: ...e dialout dialin dialback dialondemand dialin dialondemand dialinhostlist modemtimeout disable 1 9999 seconds name Device Port Name nat enable disable parity none odd even remoteipaddr negotiate IP Address restartdelay PPP Restart Delay reversepinout enable disable showlines enable disable sshauth enable disable sshin enable disable sshport TCP Port stopbits 1 2 tcpauth enable disable tcpin enable...

Page 117: ...n SLC unit port over the serial port Note Currently the only devices supported for this type of interaction are the SLP power manager and Sensorsoft devices set command Device Port or Name or List one or more parameters Parameters slp servertech auth login User Login Establishes the authentication information to log into the SLP or ServerTech CDU attached to the device port slp servertech restart ...

Page 118: ...mp Low Temperature in C Sets the lowest temperature permitted for the port sensorsoft hightemp High Temperature in C Sets the hightest temperature permitted for the port sensorsoft lowhumidity Low Humidity Sets the lowest humidity pemitted for the port sensorsoft highhumidity High Humidity Sets the lowest humidity permitted for the port sensorsoft traps enable disable Enables or disables temperatu...

Page 119: ...rt buffering of the data on the system s device ports as well as notification of receiving data on a device port Port logging is disabled by default You can enable more than one type of logging local NFS file email SNMP SD card or USB port at a time The buffer containing device port data is cleared when any type of logging is enabled Local Logging If local logging is enabled each device port store...

Page 120: ...files reaches the maximum the oldest file is overwritten The file naming convention is Device Port Number _ Device Port Name _ File number log Examples 02_Port 2_1 log 02_Port 2_2 log 02_Port 2_3 log 02_Port 2_4 log 02_Port 2_5 log Email SNMP Notification The system administrator can configure the SLC 8000 advanced console manager to send an email alert message indicating a particular condition de...

Page 121: ...400 screens of I O data in a true FIFO buffer Disabled by default Clear Local Log Select the checkbox to clear the local log View Local Log Click this link to see the local log in text format Email Traps Select the checkbox to enable email and SNMP logging Email logging sends an email message to pre defined email addresses or an SNMP trap to the designated NMS see Chapter 7 Services on page 75 whe...

Page 122: ...ple the regular expression abc def g recognizes the strings abcdg abceg abcfg The SLC 8000 advanced console manager supports GNU regular expressions for more information see http www gnu org software libc manual html_node Regular Expressions html http www delorie com gnu docs regex regex html Email Delay A time limit of how long in seconds after the SLC unit detects the trigger that the device por...

Page 123: ... for the NFS mount Max Number of Files The maximum number of files to create to contain log data to the port These files keep a history of the data received from the port Once this limit is exceeded the oldest file is overwritten The default is 10 Max Size of Files The maximum allowable file size in bytes The default is 2048 bytes Once the maximum size of a file is reached the SLC unit begins gene...

Page 124: ...x String emailsubj Email Subject emailthreshold Byte Threshold emailto Email Address filedir Logging Directory filelogging enable disable filemaxfiles Max of Files filemaxsize Max Size of Files locallogging enable disable name Device Port Name nfsdir Logging Directory nfslogging enable disable nfsmaxfiles Max of Files nfsmaxsize Size in Bytes sysloglogging enable disable usblogging enable disable ...

Page 125: ... select the number of data bits The default is 8 data bits Stop Bits The number of stop bits that indicate that a byte of data has been transmitted From the drop down list select the number of stop bits The default is 1 Parity Parity checking is a rudimentary method of detecting simple single bit errors From the drop down list select the parity The default is none Flow Control A method of preventi...

Page 126: ...report The internal modem provides a subset of the modem functionality available for modems connected to a Device Port and USB modems If the internal modem is installed the Internal Modem web page can be displayed by selecting the Internal Modem option from the main menu or by selecting the MD button in the Port Number Bar on the upper right corner of the web page Note The internal modem only supp...

Page 127: ...ole manager To set up internal modem storage in the SLC 8000 advanced console manager 1 Insert an internal modem into the SLC unit according to the instructions in Modem Installation on page 33 Note Your internal modem will appear in the Port Number Bar in the upper right hand corner once the SLC unit is reboots 2 Reboot the SLC 8000 advanced console manager 3 Log into the SLC unit and click Devic...

Page 128: ... Console Manager User Guide 128 Figure 8 11 Devices Internal Modem 5 Enter the following fields State Indicates whether the internal is enabled When enabling set the modem to Disabled Dial in Dial out and Dial back Disabled by default ...

Page 129: ... V1 X4 D2 c1 E1 Q0 Note We recommend that the modem initialization script always be pre pended with AT and include E1 V1 x4 Q0 so that the SLC unit may properly control the modem Modem Timeout Timeout for modem connections Set to No by default To configure the modem connection to time out when no traffic is received choose Yes and enter a value of 1 to 9999 seconds Caller ID Logging Select to enab...

Page 130: ...sers are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the CHAP Handshake fields authenticate the user CHAP Handshake The Host User Name for UNIX systems or Secret User Password for Windows systems used for CHAP authentication May have up to 128 characters CHAP Auth Uses For CHAP authentication determines what is used to validate ...

Page 131: ... Host List button To add hosts enter the following Host Parameters Host List Id Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the SLC advanced console manager should attempt to retry connecting to the host list Authentication Select to require authentication when the SLC unit connects to a host Host Name or IP address of the...

Page 132: ... lower precedence select the host in the Hosts box and click the down arrow 7 Click the Add Host List button After the process completes a link back to the Device Ports Settings page displays Escape Sequence The escape character used to get the attention of the SSH or Telnet client It is optional and if not specified Telnet and SSH use their default escape character For Telnet the escape character...

Page 133: ...ost Parameters Host List Id Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the SLC 8000 advanced console manager should attempt to retry connecting to the host list Authentication Select to require authentication when the SLC unit connects to a host Host Name or IP address of the host Protocol Protocol for connecting to the h...

Page 134: ...mmands correspond to the web page entries described above To configure a prioritized list of hosts to be used for modem dial in connections set hostlist add edit Host List Name parameters Parameters name Host List Name edit only retrycount 1 10 Default is 3 auth enable disable To add a new host entry to a list or edit an existing entry set hostlist add edit Host List Name entry Host Number paramet...

Page 135: ...ipts which use a subset of the Expect Tcl scripting language to perform pattern detection and action generation on Device Port output Batch Scripts which are a series of CLI commands A user can create scripts at the web view scripts at the web and the CLI and utilize scripts at the CLI For a description of the syntax allowed in Interface Scripts see Interface Script Syntax at the end of this page ...

Page 136: ...8 Device Ports SLC 8000 Advanced Console Manager User Guide 136 Figure 8 14 Devices Scripts 2 Click the Add Scripts button The page for editing script attributes displays ...

Page 137: ...ollowing Scripts 4 In the User Rights section select the user Group to which NIS users will belong Script Name A unique identifier for the script Type Select Interface for a script that utilizes Expect Tcl to perform pattern detection and action generation on Device Port output Select Batch for a script of CLI commands ...

Page 138: ...t to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure Lantronix units e g SLP Spider or SLC devices on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the SLC unit Local Users Right to add or delete local users on the system ...

Page 139: ... a script at the CLI 1 To run an Interface Script on a device port for pattern recognition and action generation use the connect script Script Name deviceport Device Port or Name command 2 To run a Batch Script at the CLI with a series of CLI commands use the set script runcli Script Name command Batch Script Syntax The syntax for Batch Scripts is exactly the same as the commands that can be typed...

Page 140: ...tion Secondary Command One of the secondary commands defined in this section Quoted String A group of characters enclosed by double quote characters A quoted string may include any characters including space characters If a double quote character is to be included in a quoted string it must be preceded escaped by a backslash character Variable Reference A word as defined above preceded by a dollar...

Page 141: ...he expr secondary command A value generated via the format secondary command A value generated via the expr timestamp command unset This command removes the definition of a variable within a script Syntax unset variable where variable is a word scan The scan command is analogous to the C language scanf Syntax scan variable format string value 1 value 2 value n where variable a variable reference a...

Page 142: ...input and attempts to match it against one or more patterns If one of the patterns matches the input the corresponding optional command is executed All expect commands have the same syntax expect string 1 command 1 string 2 command 2 string n command n where string x will either be a quoted string a variable reference or the reserved word timeout The command x is optional but the curly braces and ...

Page 143: ...ength of str string index str int Return the character located at position int in str string range str int start int end Return a string consisting of the characters in str between int start and int end string tolower str Convert str to lowercase string toupper str Convert str to uppercase string trim str 1 str 2 Trim str 2 from str 1 string trimleft str 1 str 2 Trim str 2 from the beginning of st...

Page 144: ... format command is analogous to the C language sprintf The format command will only be used in combination with the set command to produce the value for a variable Syntax format format string value 1 value 2 value n where format string will be a quoted string Each of the value x elements will be a word a quoted string or a variable reference Command Description while The while command executes an ...

Page 145: ...uates to TRUE Each command within the block must be a Primary command Syntax if Boolean expression command 1 command 2 command n The elseif command is used in association with an if command it must immediately follow an if or elseif command It executes an associated block of commands if its Boolean expression evaluates to TRUE Each command within the block must be a Primay command Syntax elseif Bo...

Page 146: ...ommand Prompt prompt send_user Already Logged r n Get hostname info send show network port 1 host r expect timeout send_user Time out Getting Hostname 1 r n return Domain Get Hostname from SLC set hostname string range expect_out buffer string first Hostname expect_out buffer expr string first Domain expect_out buffer 2 send_user r n r n r n r n send_user Device string toupper hostname r n send_us...

Page 147: ...conds Current Time 21 16 43 show portcounter deviceport 7 n show portcounter deviceport 7 Device Port 7 Seconds since zeroed 1453619 Bytes input 0 Bytes output 0 Framing errors 0 Flow control errors 0 Overrun errors 0 Parity errors 0 SLC251glenn Current Time 21 16 58 show portcounter deviceport 7 show portcounter deviceport 7 Device Port 7 Seconds since zeroed 1453634 Bytes input 0 Bytes output 0 ...

Page 148: ...Adm none ___Batch Scripts__________Group Permissions_____________________________________ cli Adm ad nt sv dt lu ra um dp pc rs fc dr sn wb sk po do slc247glenn slc247glenn connect script monport deviceport 7 login Logging in sysadmin sysadmin Password PASS Welcome to the Secure Lantronix Console Manager Model Number SLC 48 For a list of commands type help SLC251glenn show network port 1 host show...

Page 149: ...on dial in outbound network traffic for a dial on demand connection etc The site parameters will override parameters that are configured for a modem To use sites with a modem create one or more sites described below then enable Use Sites for the modem Sites can be used with the following modem states dial in dial back CBCP Server dial on demand dial in dial on demand and dial back dial on demand F...

Page 150: ...er will automatically dial out and establish a PPP connection when IP traffic destined for the network specified by the static route needs to be sent Note Static Routing must be enabled on the Network Routing page for dial on demand connections Static Route Subnet Mask The subnet mask for a dial on demand connection Static Route Gateway The gateway for a dial on demand connection Dial out Number T...

Page 151: ...ers name Site Name edit only deviceport Device Port or Name or none usbport U1 U2 internal modem auth pap chap loginhost User Login CHAP Host chapsecret CHAP Secret localipaddr negotiate IP Address remoteipaddr negotiate IP Address routeipaddr IP Address routemask Mask routegateway Gateway nat enable disable dialoutnumber Phone Number Modem Timeout Timeout for dial in and dial on demand PPP connec...

Page 152: ...nected to the SLC 8000 advanced console manager until they either logout of the CLI session or if Timeout Logins is enabled the CLI session is terminated if it has been idle For PPP connections the user will be authenticated via PAP or CHAP determined by the Authentication setting for the modem For PAP the Local Remote User list will be used to authenticate the login and password sent by the PPP p...

Page 153: ... matches the port the modem is on For CHAP the site list will be searched for a site that a the Login CHAP Host and CHAP Secret match the name and secret sent in the CHAP Challenge response by the PPP peer b Authentication is set to CHAP and c the Port is set to None or matches the port the modem is on If the remote peer requests PAP or CHAP authentication from the SLC 8000 advanced console manage...

Page 154: ...out parameters will be used for the rest of the dial in connection instead of the parameters configured for the modem Once authenticated a PPP session will be established using either negotiated IP addresses or specific IP addresses determined by the Negotiate IP Address setting The PPP connection will stay active until no IP traffic is sent for Modem Timeout seconds For Dial on Demand the SLC uni...

Page 155: ...on will be established using either negotiated IP addresses or specific IP addresses determined by the Negotiate IP Address setting The PPP connection will stay active until no IP traffic is sent for Modem Timeout seconds Once the timeout has expired the PPP connection will be terminated and will not be reestablished for at least Restart Delay seconds CBCP Server Callback Control Protocl CBCP is a...

Page 156: ...Allow Dial back is enabled for the site and a Dial back Number is defined the administrator defined option is allowed if this is not the case the user defined number is allowed Additionally if CBCP Server Allow No Callback is enabled the client can also select no callback the PPP connection established at dial in will remain up The client will select from the available callback options If the SLC ...

Page 157: ...or SD card storage in the SLC 8000 advanced console manager 1 Insert any of the supported storage devices into the USB port or the SD card slot on the front of the SLC unit You can do this before or after powering up the SLC 8000 advanced console manager If the first partition on the storage device is formatted with a file system supported by the SLC unit ext2 FAT16 and FAT32 the card mounts autom...

Page 158: ...ard storage port from the USB Ports SD Card table 1 Click the radio button on the far right of a USB or SD card device storage port 2 Click Configure Figure 9 2 shows the page that displays if a USB storage device is inserted Figure 9 3 shows the page that displays if an SD Card is inserted Figure 9 2 Devices USB Configure ...

Page 159: ...igurations Unmount To eject the USB thumb drive or SD card from the SLC unit first unmount the thumb drive or SD card Select the checkbox to unmount it Warning If you eject a thumb drive or SD card from the SLC unit without unmounting it subsequent mounts of a USB thumb drive or SD card in may fail and you will need to reboot the device to restore thumb drive or SD card functionality Format Select...

Page 160: ... To configure the USB Modem port from the USB Ports table 1 Click the radio button on the far right for Port U1 or U2 2 Click Configure Figure 9 4 shows the page that displays if a USB modem is inserted in Port U1 or if Port U2 is selected Figure 9 4 Devices USB Modem ...

Page 161: ...thod of preventing buffer overflow and loss of data The available methods include none xon xoff software and rts cts hardware The default is none State Indicates whether an external modem is attached to the device port If enabling set the modem to dial out dial in dial back dial on demand dial in host list or dial in dial on demand CBCP Server and CBCP Client Disabled by default See Modem Dialing ...

Page 162: ...elect to enable the SLC unit to log caller IDs on incoming calls Disabled by default Note For the Caller ID AT command refer to the modem user guide Modem Command Modem AT command used to initiate caller ID logging by the modem Note For the AT command refer to the modem user guide Dial back Number Users with dial back access can dial into the SLC 8000 advanced console manager and enter their login...

Page 163: ...shake For DOD Authentication enter the Host User Name for UNIX systems or Secret User Password for Windows systems used for CHAP authentication May have up to 128 characters Enable NAT Select to enable Network Address Translation NAT for dial in and dial out PPP connections on a per modem device port or USB port basis Users dialing into the SLC access the network connected to Eth1 and or Eth2 Note...

Page 164: ...e Telnet SSH or TCP Only one can be active at a time The default is None Telnet Port Telnet Port Telnet session port number to use if you selected Telnet Defaults USB Port U1 2049 USB Port U2 2050 Range 1025 65535 SSH Port The SSH session port number to use if you selected SSH Defaults USB Port U1 3049 USB Port U2 3050 Range 1025 65535 TCP Port The TCP raw session port number to use if you selecte...

Page 165: ...espond to the USB port For more information see Chapter 14 Command Reference on page 260 set usb access set usb modem set usb storage mount set usb storage unmount set usb storage dir set usb storage rename set usb storage copy set usb storage delete set usb storage format set usb storage fsck show usb show usb storage show usb modem SD Card Commands The following CLI commands correspond to the SD...

Page 166: ...mmediately These connections are always re established after reboot At a specified date and time These connections connect if the date and time have already passed After a specified amount of data or a specified sequence of data passes through the connection Following reboot the connection is not reestablished until the specified data passes through the connection Typical Setup Scenarios for the S...

Page 167: ... unit and connect to the command line interface Figure 10 2 Remote Access Server Reverse Terminal Server In this scenario the SLC 8000 advanced console manager has one or more device ports connected to one or more serial ports of a mainframe server Users can access a terminal session by establishing a Telnet or SSH session to the SLC unit To configure the SLC console manager select the Enable Teln...

Page 168: ...nage To manage a specific piece of equipment the user can Telnet or SSH to a specific port or IP address on the SLC unit and be connected directly to the console port of the end server or device To configure this setup set the Enable Telnet In or Enable SSH In option on the Device Ports Settings page for the device port in question The user can implement an extra remote management capability by ad...

Page 169: ...ut No for no timeout Yes for a timeout Specify the number of seconds in the seconds field Port The number of the device port you are connecting This device port must be connected to an external serial device and must not have command line interface logins enabled be connected to a modem or be running a loopback test Note To see the current settings for this device port click the Settings link Data...

Page 170: ...his is the TCP UDP port number which is optional for Telnet out and SSH out but required for TCP Port and UDP Port Note If you select Device Port it must not have command line interface logins enabled or be running a loopback test To view the device port s settings click the Settings link to the right of the port number SSH Out Options Select one of the following optional flags to use for the SSH ...

Page 171: ... IP Address or Name port TCP Port udp IP Address port UDP Port hostlist Host List To configure initial timeout for outgoing connections connect global outgoingtimeout disable 1 9999 seconds Note This is not a TCP timeout To monitor a device port connect listen deviceport Device Port or Name To connect a device port to another device port or an outbound network connection data flows in both directi...

Page 172: ... where SSH flags is one or more of user Login Name version 1 2 command Command to Execute tcp IP Address port TCP Port telnet IP Address or Name port TCP Port trigger now datetime chars udp IP Address port UDP Port Note If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or c...

Page 173: ...10 Connections SLC 8000 Advanced Console Manager User Guide 173 To display global connections connect global show ...

Page 174: ...local user authentication is enabled the local user sysadmin account is always available for login Authentication can occur using all methods in the order of precedence until a successful authentication is obtained or using only the first authentication method that responds in the event that a server is down If you have the same user name defined in multiple authentication methods the result is un...

Page 175: ...le System NFS LDAP Lightweight Directory Access Protocol A set of protocols for accessing information directories specifically X 500 based directory services LDAP runs over TCP IP or other connection oriented transfer services RADIUS Remote Authentication Dial In User Service An authentication and accounting system used by many Internet Service Providers ISPs A client server protocol it enables re...

Page 176: ... methods you must configure them Authentication Commands The following command for the command line interface corresponds to the web page entries described above To set ordering of authentication methods Note Local Users authentication is always the first method used Any methods omitted from the command will be disabled set auth one or more parameters Parameters authusenextmethod enable disable ke...

Page 177: ...r Types and Rights You cannot deny a user rights defined for the group but you can add or remove all other rights at any time By default the system assigns new users to the Default Users group but you can change their group membership at any time If you change a user s rights while the user is logged into the web or CLI the results do not take effect until the next time the user logs in User Right...

Page 178: ...page displays a table listing and describing all local and remote users To enable local and or remote users 1 Enter the following Enable Local Users Select to enable all local users except sysadmin The sysadmin is always available regardless of how you set the check box Enabled by default Multiple Sysadmin Web Logins Select to allow the sysadmin to have multiple simultaneous logins to the web inte...

Page 179: ... a z one digit 0 9 and one punctuation character _ Allow Reuse Select to enable users to continue to reuse old passwords If you disable the check box they cannot use any of the Reuse History number of passwords Enabled by default Reuse History The number of passwords the user must use before reusing an old password The default is 4 For example if you set reuse history to 4 the user may reuse an ol...

Page 180: ...ue If it is not SLC unit automatically increments it Starting at 101 the SLC 8000 advanced console manager finds the next unused UID Listen Ports The device ports that the user may access to view data using the connect listen command Enter the port numbers or the range of port numbers for example 1 5 8 10 15 U1 and U2 denote the USB upper and lower ports on the front of the SLC unit Data Ports The...

Page 181: ...and line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Custom Menu If custom menus have been created you can assign a default custom menu to the user The custom menu will display at login Note In the Lo...

Page 182: ...and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage Secure Lantronix units e g SLP Spider or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the SLC unit Local Users Right...

Page 183: ... Remote User Settings page displays 2 Click the Delete User button 3 Click the Apply button To change the sysadmin password 1 On the User Authentication Local Remote Users page select sysadmin and click the Add Edit User button The Local Remote User Settings page displays 2 Enter the new password in the Password and Retype Password fields Note You can change Escape Sequence and Break Sequence if d...

Page 184: ...rs password User Login To delete a local user set localusers delete User Login To view settings for all users or a local user show localusers user User Login To block lock out a user s ability to log in set localusers lock User Login Note This capability is not available on the web page To allow unlock a user s ability to log in set localusers unlock User Login Note This capability is not availabl...

Page 185: ...set remoteusers listonlyauth enable disable To configure attributes for users who log in by a remote authentication method set remoteusers add edit User Login parameters Parameters breakseq 1 10 Chars clearports Port List dataports Port List escapeseq 1 10 Chars group default power admin Custom Group Name listenports Port List permissions Permissions List where Permission List is one or more of nt...

Page 186: ...le port If NIS does not provide port permissions you can use this page to grant device port access to users who are authenticated through NIS All NIS users are members of a group that has predefined user rights associated with it You can assign additional user rights that are not defined by the group To configure the SLC unit to use NIS to authenticate users 1 Click the User Authentication tab and...

Page 187: ...bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp Break Sequence A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then upperc...

Page 188: ... Secure Lantronix Network Right to view and manage secure Lantronix units e g SLP Spider or SLC units on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the SLC unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys R...

Page 189: ...er IP Address or Hostname slave1 IP Address or Hostname slave2 IP Address or Hostname slave3 IP Address or Hostname slave4 IP Address or Hostname slave5 IP Address or Hostname state enable disable To set group and permissions for NIS users set nis group default power admin To set permissions for NIS users not already defined by the user rights group set nis permissions Permission List where Permis...

Page 190: ...h as OpenLDAP and Microsoft Active Directory The LDAP implementation supports LDAP servers that do not allow anonymous queries Users who are authenticated through LDAP are granted device port access through the port permissions on this page All LDAP users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group T...

Page 191: ... Authentication LDAP 2 Enter the following Enable LDAP Displays selected if you enabled this method on the first User Authentication page If you want to set up this authentication method but not enable it immediately clear the checkbox Server The IP address or host name of the LDAP server ...

Page 192: ... Name ie uid msmith ou People dc lantronix dc com Select either Name or DN as appropriate for the LDAP server If nothing is specified for the group membership attribute the SLC unit will use memberUID for name and uniqueMember for DN For AD LDAP servers the Group Membership Value is typically DN with the Group Membership Attribute of member Group Member Value The attribute used by the LDAP server ...

Page 193: ...er on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Enable for Dial back Select to grant a user dial back access Users with dial back access can dial into the SLC unit and enter their l...

Page 194: ...anage secure Lantronix units e g SLP Spider or SLC devices on the local subnet Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the SLC unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating use...

Page 195: ...r admin To set permissions for LDAP users not already defined by the user rights group permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rs rc dr wb sn ad md sd To remove a permission type a minus sign before the two letter abbreviation for a user right To set a default custom menu for LDAP users custommenu Menu Name To set the LDAP bind password set...

Page 196: ... Users who are authenticated through RADIUS are granted device port access through the port permissions on this page All RADIUS users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLC unit to use RADIUS to authenticate users 1 Click the User Authentication tab and select RADIUS The fol...

Page 197: ...erves as a shared secret between a RADIUS client and the server SLC unit The shared secret is used to encrypt a password sent between the client and the server May have up to 128 characters Timeout The number of seconds 1 30 after which the connection attempt times out The default is 30 seconds Use VSA Select the check box to obtain remote user attributes group permissions and port access from the...

Page 198: ...e Reboot Shutdown and Diagnostics Reports Administrators This group has all possible rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage Secure Lantronix units e g SLP Spider or SLC units on th...

Page 199: ... secret and the number of the TCP port on the RADIUS server set radius server 1 2 host IP Address or Hostname secret Secret port TCP Port The default port is 1812 To set the number of seconds after which the connection attempt times out set radius timeout disable 1 30 May be 1 30 seconds To set user group and permissions for RADIUS users set radius group default power admin To set permissions for ...

Page 200: ...and it matches a current SLC custom group name any rights attribute will be ignored and the custom group s rights permissions will be used instead A group name with spaces cannot be specified escseq Escape sequence The value string specifies the user s escape sequence Use x to specify non printable characters For example x1bA specifies the sequence ESC A brkseq Break sequence The value string spec...

Page 201: ...t key cryptography The system administrator can configure the SLC 8000 advanced console manager to use Kerberos to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions on this page All Kerberos users are members of a group that has predefined user rights associat...

Page 202: ...nd of the order of precedence on the User Authentication page Realm Enter the name of the logical network served by a single Kerberos database and a set of Key Distribution Centers Usually realm names are all uppercase letters to differentiate the realm from the Internet domain Realm is similar in concept to an NT domain KDC A key distribution center KDC is a server that issues Kerberos tickets A ...

Page 203: ...e as x1bB which is hexadecimal x character 27 1B followed by a B Enable for Dial back Select to grant a user dial back access Users with dial back access can dial into the SLC 8000 advanced console manager and enter their login and password Once the SLC unit authenticates them the modem hangs up and dials them back Disabled by default Dial back Number The phone number the modem dials back on depen...

Page 204: ...ult power admin Date Time Right to set the date and time Reboot Shutdown Right to shut down and reboot the SLC unit Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI fo...

Page 205: ... function of TACACS is to perform authentication for remote access The SLC 8000 advanced console manager supports the TACACS protocol not the older TACACS or XTACACS protocols The system administrator can configure the SLC unit to use TACACS to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port a...

Page 206: ...you enable TACACS here it automatically displays at the end of the order of precedence on the User Authentication page TACACS Servers 1 3 IP address or host name of up to three TACACS servers Secret Shared secret for message encryption between the SLC 8000 advanced console manager and the TACACS server Enter an alphanumeric secret of up to 127 characters Encrypt Messages Select the checkbox to enc...

Page 207: ...ne number the modem dials back on depends on this setting for the device port The user is either dialed back on a fixed number or on a number that is associated with the user s login specified here Data Ports The ports users are able to monitor and interact with using the connect direct command U1 and U2 denote the USB upper and lower ports on the front of the SLC unit Listen Ports The ports users...

Page 208: ...CACS users set tacacs group default power admin To set permissions for TACACS users not already defined by the user rights group set tacacs permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rs rc dr wb sn ad md sd User Menus Right to create a custom user menu for the CLI for LDAP users Web Access Right to access Web Manager Diagnostics Reports Right ...

Page 209: ...permissions rather than their individual attributes and permissions The SLC 8000 advanced console manager supports querying a LDAP server for groups that a LDAP user is a member of if any of the LDAP group names match a Custom Group Name the LDAP user will be granted the rights of the custom group A custom group cannot be given the name of one of the pre defined groups Admin Power or Default or an...

Page 210: ... 8000 Advanced Console Manager User Guide 210 Figure 11 10 User Authentication Groups 2 Enter the following Group Name Enter a name for the group Listen Ports The ports users are able to monitor using the connect listen command ...

Page 211: ...onnect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp Break Sequence A series of one to ten characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadec...

Page 212: ...e saved with the SLC console manager configuration and the administrator has the option of retaining the SSH keys during a reset to factory defaults The SLC unit can also update the SSH RSA1 RSA and DSA host keys that the SSH server uses with site specific host keys or reset them to the default values Imported Keys Imported SSH keys must be associated with an SLC 8000 advanced console manager loca...

Page 213: ... copy and paste The name of the key is used to generate the name of the public key file that is exported for example keyname pub and the exported keys are organized by user and key name Once a key is generated and exported you can delete the key or view the public portion Any SSH connection out of the SLC console manager for the designated host user combination uses the SSH key for authentication ...

Page 214: ...11 User Authentication SLC 8000 Advanced Console Manager User Guide 214 Figure 11 11 User Authentication SSH Keys ...

Page 215: ...be used to access the SLC from any host not just the host associated with the key User The User ID of the user being given secure access to the SLC unit Import via Select SCP FTP HTTPS or Copy Paste as the method for importing the SSH keys SCP is the default If SCP or FTP are selected the Filename Host Path Login and Password fields are filled in If HTTPS is selected the Upload File link will beco...

Page 216: ...ilename e g keyname pub Key Type Select either the RSA or the DSA encryption standard RSA is the default Number of Bits Select the number of bits in the key 1024 2048 or 4096 The default is 1024 Passphrase Retype Passphrase Optionally enter a passphrase associated with the key The passphrase may have up to 50 characters The passphrase is an optional password that can be associated with an SSH key ...

Page 217: ... default key s or select one or more checkboxes to reset defaults for RSA1 RSA or DSA keys All checkboxes are unselected by default Import Host Key To import a site specific host key select the checkbox Unselected by default Type From the drop down list select the type of host key to import Import via From the drop down list select the method of importing the host key SCP or SFTP The default is SC...

Page 218: ...t a key set sshkey export ftp scp copypaste one or more parameters Parameters format openssh secsh host IP Address or Name login User Login path Path to Copy Key bits 1024 2048 4096 keyname SSH Key Name keyuser SSH Key User type rsa dsa To export the public keys of all previously created SSH keys set sshkey all export ftp scp copypaste pubfile Public Key File host IP Address or Name login User Log...

Page 219: ...ost IP Address or Name login User Login path Path to Key File To reset defaults for all or selected host keys set sshkey server reset type all rsa1 rsa dsa To display SSH keys that have been imported show sshkey import one or more parameters Parameters keyhost SSH Key IP Address or Name keyuser SSH Key User viewkey enable disable To display SSH keys that have been exported show sshkey export one o...

Page 220: ... the user enters the number associated with the command Each command can also have a nickname associated with it which can be displayed in the menu instead of the command The commands showmenu Menu Name and returnmenu can be entered to display another menu from a menu or to return to the prior menu The command returncli can be used to break out of a menu and return to the regular CLI To add a cust...

Page 221: ...11 User Authentication SLC 8000 Advanced Console Manager User Guide 221 Figure 11 13 User Authentication Custom Menus ...

Page 222: ...s not selected in the list or will replace the currently selected command nickname in the list The Unselect Command Nickname button can be used to unselect the currently selected command nickname in the list 4 To add more commands to the custom menu repeat step 3 5 You also have the following options To edit a command nickname in the custom menu select the command in the Commands Nicknames List bo...

Page 223: ...e displays a specified menu The special command returnmenu redisplays the parent menu if the current menu was displayed from a showmenu command The user with appropriate rights creates and manages custom user menus from the command line interface but can assign a custom user menu to a user from either the command line or the web interface When creating a custom user menu note the following limitat...

Page 224: ...l menu title return for none Menu1 Title Specify nickname for each command no y Enter each command up to 50 commands logout is always the last command Press return when the menu command set is complete Command 1 connect direct deviceport 1 Nickname 1 connect Port 1 Command 2 connect direct deviceport 2 Nickname 2 connect Port 2 Command 3 showmenu menu2 Warning menu menu2 does not exist Nickname 3 ...

Page 225: ...____________________________________________ Menu menu2 Title Menu2 Title Show Nicknames disabled Redisplay Menu disabled Command 1 connect direct deviceport 3 Nickname 1 none Command 2 connect direct deviceport 4 Nickname 2 none Command 3 show datetime Nickname 3 none Command 4 returnmenu Nickname 4 none Command 5 logout Nickname 5 none The system administrator 4 configures local user john to use...

Page 226: ...nds type help Enter 1 4 help Menu1 Title 1 connect Port 1 3 menu2 2 connect Port 2 4 log off Enter 1 4 3 Executing showmenu menu2 Enter 1 5 help Menu2 Title 1 connect direct deviceport 3 2 connect direct deviceport 4 3 show datetime 4 returnmenu 5 logout Enter 1 5 3 Executing show datetime Date Time Tue Sep 7 19 13 35 2004 Timezone UTC Enter 1 5 4 Executing returnmenu Enter 1 4 help Menu1 Title 1 ...

Page 227: ...stem administrator to Configure the FTP SFTP or TFTP server that will be used to provide firmware updates and save restore configurations TFTP is only used for firmware updates Set up the location or method that will be used to save or restore configurations Local Disk FTP SFTP NFS CIFS USB HTTPS or SD card Update the version of the firmware running on the SLC unit Save a snapshot of all settings ...

Page 228: ...tenance SLC 8000 Advanced Console Manager User Guide 228 To configure settings 1 Click the Maintenance tab The Maintenance Firmware Configurations page displays Figure 12 1 Maintenance Firmware Configurations ...

Page 229: ...brate Offset C An offset for calibrating the internal temperature of the SLC console manager The offset will be applied one hour after setting the calibration value Zeroing the offset will take effect immediately and will cancel any current and or pending calibration Data Center Rack Row Set these fields to define the rack row the SLC unit is located within a large data center The default for thes...

Page 230: ... current setting for bank to boot from at next reboot Switch to Bank 2 If desired select the alternate bank to boot from at next reboot Copy configuration from Bank 1 to Bank 2 during firmware update If checked will copy the configuration from the current bank to the bank being updated The two numbers are automatically generated so that the first number is the current bank Copy contents of Bank 1 ...

Page 231: ... of the current configuration you want to keep for example Networking Services or Device Ports Configuration Name to Save to or Restore From If you selected to save or restore a configuration enter a name for the configuration file up to 12 characters Location for Save Restore or Manage If you selected to save or restore a configuration select one of the following options Manage This link allows y...

Page 232: ...nage on page 232 page appears and displays the name and the time and date the file was saved 2 To rename a file select a file enter the New File Name and click the Rename File button 3 To download a file select a file and click the Download File button 4 To delete files select one or more files and click the Delete File button Administrative Commands These commands for the command line interface c...

Page 233: ...rt U1 U2 To list the current firmware revision admin firmware show viewlog enable disable Lists the current firmware revision and optionally displays the log containing details about firmware updates To set the FTP TFTP SFTP server used for firmware updates and configuration save restore admin ftp server IP Address or Hostname login User Login path Directory To view FTP settings admin ftp show To ...

Page 234: ...tp nfs cifs usb sdcard nfsdir NFS Mounted Dir usbport U1 U2 To rename a saved configuration admin config rename Config Name location local nfs cifs usb sdcard nfsdir NFS Mounted Dir usbport U1 U2 To delete a saved configuration admin config delete Config Name location local nfs cifs usb sdcard usbport U1 U2 To list the configurations saved to a location admin config show local ftp sftp nfs cifs us...

Page 235: ...isplays Figure 12 3 Maintenance System Logs 2 Enter the following to define the parameters of the log you would like to view Log Select the type s of log you want to view All Network Services Authentication Device Ports Diagnostics General Software Level Select the alert level you want to view for the selected log Error Warning Info Debug Starting at Select the starting point of the range you want...

Page 236: ...g Logs and Reports on page 246 To clear system logs 1 From the Maintenance System Logs page select Maintenance System Logs 2 Click the Clear Log button to clear all log information System Log Command The following command for the command line interface corresponds to the web page entries described above To view the system logs containing information and error messages show syslog parameters Ending...

Page 237: ...diaglog genlog Audit Log The Maintenance Audit Log page displays a log of all actions that have changed the configuration of the SLC 8000 advanced console manager The audit log is disabled by default Use the Services SSH Telnet Logging page Chapter 7 Services to enable the audit log and to configure its maximum size Each entry in the log file contains a date time stamp user login and the action pe...

Page 238: ...ime click the sort by Date Time button this is the default To sort by user click the sort by User button To sort by command action click the sort by Command button 3 To email this log follow the instructions in Emailing Logs and Reports on page 246 4 To clear the log click the Clear Log button 5 To freeze or stop automatic refreshing of the log click the Stop Refresh button ...

Page 239: ...mails The log file can be cleared from here The email log is saved through SLC reboots 1 Click the Maintenance tab and select the Email Log option The following page displays Figure 12 6 Maintenance Email Log 2 To email this log follow the instructions in Emailing Logs and Reports on page 246 3 To clear the log click the Clear Log button ...

Page 240: ...stics 2 Select Diagnostics from checklist one or more diagnostic methods you want to run or select All to run them all ARP Table Address Resolution Protocol ARP table used to view the IP address to hardware address mapping Netstat Displays network connections If you select the checkbox select the TCP or UDP protocol or select All for both protocols to control the output of the Netstat report Host ...

Page 241: ...s a network connectivity test For UDP the number of times the string is sent is equal to the number of packets sent For TCP the number of times the string is sent may or may not be equal to the number of packets sent because TCP controls how data is packetized and sent out Enter the following Protocol Select the type of packet to send TCP or UDP Hostname Specify a host name or IPaddress of the hos...

Page 242: ...C unit To test a device port plug the cable into the device port and run this command The command sends the specified Kbytes to the device port and reports success or failure The test is performed at 9600 baud Only an external test requires a loopback cable To display the route that packets take to get to a network host diag traceroute IP Address or Hostname To verify that the host is up and runni...

Page 243: ...terface diag nettrace one or more parameters Parameters ethport 1 2 host IP Address or Name numpackets Number of Packets protocol tcp udp icmp verbose enable disable To display information on the internal memory storage and processes of the SLC 8000 advanced console manager diag internals Note This command is available on the web interface as SLC Internals under Maintenance Diagnostics ...

Page 244: ...e most recent data you must reload the web page 1 Click the Maintenance tab and select the Status Reports option The following page displays Figure 12 9 Maintenance Status Reports The top half of the page displays the status of each port power supply and the internal modem Green indicates that the port connection or power supply is active and functioning correctly Red indicates an error or failure...

Page 245: ...Counters Displays statistics related to the flow of data through each device port IP Routes Displays the routing table Connections Displays all active connections for the SLC unit Telnet SSH TCP UDP device port and modem System Configuration Complete Displays a complete snapshot of the SLC settings System Configuration Basic Displays a snapshot of the SLC unit s basic settings for example network ...

Page 246: ...for one or more ports You can optionally email the displayed information show portcounters deviceport Device Port List or Name email Email Address To display the overall status of all SLC units show sysstatus email Email Address You can optionally email the displayed information To display a list of all current connections show connections email Email Address You can optionally email the displayed...

Page 247: ...r a comment if desired 2 Select the to field beside the empty field where you then enter the person s email address 3 Press the Email Output button An email is immediately sent out and a confirmation appears on the screen Figure 12 11 Emailed Log or Report To view information about the SLC unit and contact information for Lantronix 1 Click the button on the upper right portion of any web page to a...

Page 248: ...12 Maintenance SLC 8000 Advanced Console Manager User Guide 248 Figure 12 12 About SLC ...

Page 249: ...e of incident that triggers an event Currently the options are Receive Trap Temperature Over Under Limit for Sensorsoft devices Humidity Over Under Limit for Sensorsoft devices Device Port Data Drop No Internal Modem Dial Tone Action From the drop down list select the action taken because of the trigger For example the action can be writing an entry into the syslog with details of the event or sen...

Page 250: ... emailaddress destination email address xml version 1 0 body xmlns http www w3 org 1999 xhtml xmlns xfa http www xfa org schema xfa data 1 0 xfa APIVersion Acrobat 11 0 7 xfa spec 2 0 2 style font size 12 0pt text align left color FF0000 font weight normal font style normal font family Helvetica sans serif font stretch normal p dir ltr span dir ltr style font style italic On behalf of christi 10 1...

Page 251: ... p dir ltr span dir ltr style font style italic On behalf of christi 10 10 span spandir ltr style insert 10 emailaddress lt destination email address gt p body To delete an event admin events delete Event ID To view events admin events show LCD Keypad The LCD has a series of screens consisting of 2 lines of 24 characters each Specific screens and the display order can be configured The keypad asso...

Page 252: ...ct a screen to be added from the Disabled Screens list and click the button The screen is added to the Enabled Screens to the left 3 Select a screen in the Enabled Screens list and click the or button to change the order of the screens Note The User Strings screen displays the 2 lines defined by the User Strings Line 1 and Line 2 fields By default these user strings are blank 4 Click Apply to save...

Page 253: ...in lcd reset admin lcd default admin lcd screens admin lcd line1 admin lcd scrolling admin lcd show Banners The Maintenance Banners page allows the system administrator to customize text messages that display to users To configure banner settings 1 Click the Maintenance tab and select Banners option Figure 12 15 Maintenance Banners Restore Factory Defaults Password Retype Password Enter the 6 digi...

Page 254: ...e lines use the n character sequence Login Banner The text to display on the command line interface after the user logs in May contain up to 1024 characters Single quote and double quote characters are not supported Default is blank Note To create more lines use the n character sequence Logout Banner The text to display on the command line interface after the user logs out May contain up to 1024 c...

Page 255: ...cenarios assume that the SLC 8000 advanced console manager is connected to the network and has already been assigned an IP address In the examples we use the command line interface You can do the same things using the web page interface except for directly interacting with the SLC unit direct command Telnet SSH to a Remote Device The following figure shows a Sun server connected to port 2 of the S...

Page 256: ...r slot Byte Threshold 100 Max number of files 10 Email Delay 60 seconds Max size of files 2048 Restart Delay 60 seconds Email To none Email Subject Port d Logging Email String none NFS File Logging disabled Directory to log to none Max number of files 10 Max size of files 2048 2 Change the baud to 57600 and disable flow control SLC set deviceport port 2 baud 57600 flowcontrol none Device Port sett...

Page 257: ...lly updated SLC set deviceport port 1 initscript AT F K3 C1 D2 C0A Device Port settings successfully updated SLC set deviceport port 1 auth pap Device Port settings successfully updated SLC set deviceport port 1 localsecret password Device Port settings successfully updated SLC set deviceport port 1 modemstate dialin Device Port settings successfully updated SLC 2 Configure the device port that is...

Page 258: ...re directly connected to it See Chapter 10 Connections on page 166 Figure 13 4 Local Serial Connection to Network Device via Telnet In this example the sysadmin would 1 Display the current settings for device port 2 SLC show deviceport port 2 ___Current Device Port Settings________________________________________________ Number 2 Name Port 2 Modem Settings Data Settings IP Settings Modem State dis...

Page 259: ... vt100 terminal changes baud to 57600 and disables flow control SLC set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated 3 Create a connection between the vt100 terminal connected to device port 2 and an outbound telnet session to the server The IP address of the server is 192 168 1 1 SLC connect bidirection 2 telnet 192 168 1 1 Connection settings successful...

Page 260: ...ecify one of the values aa or bb separated by a vertical line The values are in all lowercase and must be entered exactly as shown Bold indicates a default value parameter name Value User must specify an appropriate value for example an IP address The parameter values are in mixed case Square brackets indicate optional parameters Action Category set auth cifs cli command consoleport datetime devic...

Page 261: ...ake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port Use the left and right arrow keys to move within a command Use the up and down arrows to scroll through previously entered commands If desired select one and edit it Y...

Page 262: ... Control k erase from cursor to end of the line Administrative Commands admin banner login Syntax admin banner login Banner Text Description Configures the banner displayed after the user logs in Note To go to the next line type n and press Enter admin banner logout Syntax admin banner logout Banner Text Description Configures the banner displayed after the user logs out Note To go to the next lin...

Page 263: ...ote To go to the next line type n and press Enter admin config delete Syntax admin config delete Config Name location local nfs cifs usb sdcard usbport U1 U2 nfsdir NFS Mounted Directory admin config rename Config Name location local nfs cifs usb sdcard usbport U1 U2 nfsdir NFS Mounted Directory Description Deletes or renames a configuration admin config factorydefaults Syntax admin config factory...

Page 264: ...ble savesslcert enable disable savescripts enable disable Config Params to Preserve is a comma separated list of current configuration parameters to retain after the config restore or factorydefaults Description Restores a saved configuration to the SLC 8000 advanced console manager admin config save Syntax admin config save Config Name location default ftp sftp nfs cifs usb sdcard nfsdir NFS Moun...

Page 265: ... at the next SLC reboot admin firmware show Syntax admin firmware show viewlog enable disable Description Lists the current firmware revision the boot bank status and optionally displays the log containing details about firmware updates admin firmware update Syntax admin firmware update ftp tftp sftp nfs usb sdcard file Firmware File key Checksum Key nfsdir NFS Mounted Dir usbport U1 U2 Descriptio...

Page 266: ...TP server used for firmware updates and configuration save restore admin ftp show Syntax admin ftp show Description Displays FTP settings admin keypad Syntax admin keypad lock unlock Description Locks or unlocks the LCD keypad If the keypad is locked you can scroll through settings but not change them admin keypad password Syntax admin keypad password Password Must be 6 digits Description Changes ...

Page 267: ...hat controls the LCD admin memory show Syntax admin memory show Description Displays information about SLC memory usage admin memory swap add Size of Swap in MB usbport U1 U1 Syntax admin memory swap add Size of Swap in MB usbport U1 U1 Description Creates a swap space from an external storage device admin memory swap delete Syntax admin memory swap delete Description Deletes the swap space from a...

Page 268: ... Prepares the SLC 8000 advanced console manager to be powered off When you use this command to shut down the SLC console manager the LCD front panel displays the Shutting down the SLC message followed by a pause and then Shutdown complete When Shutdown complete displays it is safe to power off the SLC 8000 advanced console manager admin site Syntax admin site row Data Center Rack Row Number admin ...

Page 269: ...tificate File privfile Private Key File host IP Address or Name login User Login path Path to Files Description Imports an SSL certificate admin web certificate reset Syntax admin web certificate reset Description Resets a web certificate admin web certificate show Syntax admin web certificate show Description Displays a web certificate admin web gadget Syntax admin web gadget enable disable Descr...

Page 270: ...yntax admin web timeout disable 5 120 Description Configures the timeout for web sessions admin web terminate Syntax admin web terminate Session ID Description Terminates a web session admin web show Syntax admin web show viewslmsessions enable disable Description Displays the current sessions and their ID admin web banner Syntax admin web banner Description Configures the banner displayed on the ...

Page 271: ...server to use SSLv2 in addition to SSLv3 and TLSv1 admin web timeout disable 5 120 minutes Syntax admin web timeout disable 5 120 minutes Description Configures the timeout for web sessions admin web cipher himed himedlow fips Syntax admin web cipher himed himedlow fips Description Configures the strength of the cipher used by the web server high is 256 or 128 bit medium is 128 bit low is 64 56 or...

Page 272: ...arameters Parameters authusenextmethod enable disable kerberos 1 6 ldap 1 6 localusers 1 6 nis 1 6 radius 1 6 tacacs 1 6 Description Sets ordering of authentication methods Local Users authentication is always the first method used Any methods omitted from the command are disabled show auth Syntax show auth Description Displays authentication methods and their order of precedence show user Syntax ...

Page 273: ...IP Address kdc Key Distribution Center listenports Port List permissions Permission List Note See User Permissions Commands on page 281 for information on groups and user rights port Key Distribution Center TCP Port realm Kerberos Realm state enable disable useldapforlookup enable disable Description Configures the SLC 8000 advanced console manager to use Kerberos to authenticate users who log in ...

Page 274: ...membervalue dn name encrypt starttls ssl disable dataports Port List listenports Port List clearports Port List escapeseq 1 10 Chars breakseq 1 10 Chars custommenu Menu Name allowdialback enable disable dialbacknumber Phone Number group default power admin permissions Permission List Default is 389 Note See User Permissions Commands on page 281 for information on groups and user rights Description...

Page 275: ...settings Local Users Commands set localusers add edit Syntax set localusers add edit User Login one or more parameters Parameters allowdialback enable disable breakseq 1 10 Chars changenextlogin enable disable changepassword enable disable clearports Port List dataports Port List dialbacknumber Phone Number displaymenu enable disable escapeseq 1 10 Chars listenports Port List custommenu Menu Name ...

Page 276: ...d can be reused set local users complexpasswords Syntax set localusers complexpasswords enable disable Description Sets whether a complex login password is required set localusers state Syntax set localusers state enable disable Description Enables or disables authentication of local users set localusers delete Syntax set localusers delete User Login Description Deletes a local user set localusers...

Page 277: ...t localusers periodlockout Syntax set localusers periodlockout Number of Minutes Description Sets the number of minutes after a lockout before the user can try to log in again Disabled by default set localusers periodwarning Syntax set localusers periodwarning Number of Days Description Sets the number of days the system warns the user that the password will be expiring The default is 7 days set l...

Page 278: ...rameters Parameters broadcast enable disable clearports Port List custommenu Menu Name dataports Port List domain NIS Domain Name breakseq 1 10 Chars escapeseq 1 10 Chars group default power admin listenports Port List master IP Address or Hostname permissions Permission List Note See User Permissions Commands on page 281 for information on groups and user rights slave1 IP Address or Hostname slav...

Page 279: ...tate enable disable clearports Port List custommenu Menu Name dataports Port List breakseq 1 10 Chars escapeseq 1 10 Chars group default power admin listenports Port List permissions Permission List Note See User Permissions Commands on page 281 for information on groups and user rights timeout enable 1 30 Note Sets the number of seconds after which the connection attempt times out It may be 1 30 ...

Page 280: ...Syntax show radius Description Displays RADIUS settings TACACS Commands set tacacs Syntax set tacacs one or more parameters Parameters clearports Port List custommenu Menu Name dataports Port List encrypt enable disable breakseq 1 10 Chars escapeseq 1 10 Chars group default power admin listenports Port List permissions Permission List Note See User Permissions Commands on page 281 for information ...

Page 281: ...tacacs Description Displays TACACS settings User Permissions Commands set localusers group Syntax set localusers add edit user group default power admin Description Adds a local user to a user group or changes the group the user belongs to set localusers lock Syntax set local users unlock User Login Description Blocks locks a user s ability to login set localusers unlock Syntax set local users unl...

Page 282: ...ers add edit User Login parameters Parameters dataports Port List breakseq 1 10 Chars escapeseq 1 10 Chars listenports Port List clearports Port List group default power admin Custom Group Name permissions Permissions List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rs rc dr wb sn ad md sd To remove a permission type a minus sign before the two letter abbreviation for a u...

Page 283: ...t nis ldap radius kerberos tacacs group default power admin Description Sets a permission group for remotely authorized users set nis ldap radius kerberos tacacs permissions Syntax set nis ldap radius kerberos tacacs permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp do ub rs rc dr wb sn ad md sd Description Sets permissions not already defined by the assig...

Page 284: ...t set cli terminallines Syntax set cli terminallines disable Number of lines Description Sets the number of lines in the terminal emulation screen for paging through text one screenful at a time if the SLC 8000 advanced console manager cannot detect the size of the terminal automatically Note Settings are retained between CLI sessions for local users and users listed in the remote users list set l...

Page 285: ... currently logged in user set history Syntax set history clear Description Clears the commands that have been entered during the command line interface session show history Syntax show history Description Displays the last 100 commands entered during the session Connection Commands connect bidirection Syntax connect bidirection Port or Name endpoint one or more Parameters Parameters Endpoint is on...

Page 286: ...n on receipt of a specified number or characters or a character sequence enter the charxfer parameter and either the charcount or the charseq parameter udp IP Address port UDP Port Description Connects a device port to another device port or an outbound network connection data flows in both directions connect direct Syntax connect direct endpoint Parameters Endpoint is one of deviceport Device Por...

Page 287: ...ice Port or Name Description Monitors a device port connect terminate Syntax connect terminate Connection ID Description Terminates a bidirectional or unidirectional connection connect unidirection Syntax connect unidirection Device Port or Name dataflow toendpoint fromendpoint endpoint Parameters Endpoint is one of charcount of Chars charseq Char Sequence datetime MMDDYYhhmm ss deviceport Port or...

Page 288: ...ons Syntax show connections email Email Address Description Displays connections and their IDs You can optionally email the displayed information The connection IDs are in the left column of the resulting table The connection ID associated with a particular connection may change if the connection times out and is restarted show connections connid Syntax show connections connid Connection ID email ...

Page 289: ...imum of 50 commands per custom user menu logout is always the last command Maximum of 15 characters for menu names Maximum of five nested menus can be called No syntax checking Enter each command correctly set localusers Syntax set localusers add edit User Login menu Menu Name Description Assigns a custom user menu to a local user set menu add Syntax set menu add Menu Name command Command Number D...

Page 290: ...e each prompt Enables or disables the display of command nicknames instead of commands Sets the optional title for a menu set menu delete Syntax set menu delete Menu Name command Command Number Description Deletes a custom user menu or one command within a custom user menu set nis ldap radius kerberos tacacs custommenu Syntax set nis ldap radius kerberos tacacs custommenu Menu Name Description Set...

Page 291: ...ts the local date time and local time zone one parameter at a time show datetime Syntax show datetime Description Displays the local date time and time zone set ntp Syntax set ntp one or more ntp parameters Parameters localserver1 IP Address or Hostname localserver2 IP Address or Hostname localserver3 IP Address or Hostname poll local public publicserver IP Address or Hostname state enable disable...

Page 292: ... Outlet is 1 8 for SLP8 and 1 16 for SLP16 For the ServerTech CDU the valid range of outlets is specified by the number of outlets settings for Tower A or number of expansion outlets settings for Tower B see below The outletcontrol parameters control individual outlets slp servertech outletstate outlet Outlet tower A B The outletstate parameter shows the state of all outlets or a single outlet slp...

Page 293: ...Low Temperature in C Sets the lowest temperature permitted for the port sensorsoft hightemp High Temperature in C Sets the hightest temperature permitted for the port sensorsoft lowhumidity Low Humidity Sets the lowest humidity pemitted for the port sensorsoft highhumidity High Humidity Sets the lowest humidity permitted for the port sensorsoft degrees celsius fahrenheit Enables or disables temper...

Page 294: ...lbackdelay PPP Dial back Delay dialbacknumber usernumber Phone Number dialbackretries 1 10 dialoutlogin User Login dialoutnumber Phone Number dodauth pap chap dodchaphost CHAP Host or User Name dodchapsecret CHAP Secret or User Password flowcontrol none xon xoff rts cts group Local or Remote Group Name initscript Initialization Script Note We recommend preceding the initscript with AT and include ...

Page 295: ...disable telnetport TCP Port timeoutlogins disable or 1 30 webcolumns Web SSH Telnet Cols webrows Web SSH Telnet Rows Description Configures a single port or a group of ports set deviceport global Syntax set deviceport global one or more parameters Parameters sshport TCP Port telnetport TCP Port tcpport TCP Port Description Configures settings for all or a group of device ports show deviceport glob...

Page 296: ... or Name email Email Address Description Displays device port statistics and errors for one or more ports You can optionally email the displayed information show portcounters zerocounters Syntax show portcounters zerocounters Device Port List or Name Description Zeros the port counters for one or more device ports show portstatus Syntax show portstatus deviceport Device Port List or Name email Ema...

Page 297: ...lays information on the internal memory storage and processes of the SLC 8000 advanced console manager Note This command is available in the CLI but not the web diag netstat Syntax diag netstat protocol all tcp udp email Email Address Description To display a report of network connections You can optionally email the displayed information diag nettrace Syntax diag nettrace one or more parameters P...

Page 298: ... device port by transmitting data out the port and verifying that it is received correctly A special loopback cable comes with the SLC 8000 advanced console manager To test a device port plug the cable into the device port and run this command The command sends the specified Kbytes to the device port and reports success or failure The test is performed at 9600 baud Only an external test requires a...

Page 299: ...or UDP Port Number string Packet String protocol tcp udp count Number of Packets diag top Syntax diag top parameters Description Displays CPU usage memory usage and tasks Parameters continuous enable disable count Number of Iterations to Display delay Delay in Seconds numlines Number of Lines to Display Defaults count 1 delay 5 seconds diag traceroute Syntax diag traceroute IP Address or Hostname ...

Page 300: ... envmon Syntax slp envmon Description Displays the environmental status e g temperature and humidity of the SLP slp outletcontrol state Syntax slp outletcontrol state Parameters slp outletcontrol state on off cyclepower outlet Outlet Outlet is 1 8 for SLP8 and 1 16 for SLP16 Description The outletcontrol parameters control individual outlets slp outletstate outlet Outlet Syntax slp outletstate out...

Page 301: ...dial or dpdatadrop response is one of action fwdalltrapseth fwdseltrapeth ethport 1 2 nms SNMP NMS community SNMP Community oid SNMP OID action fwdalltrapsmodem fwdseltrapmodem deviceport Device Port or Name nms SNMP NMS community SNMP Community oid SNMP Trap OID action fwdalltrapsmodem fwdseltrapmodem usbport u1 u2 nms SNMP NMS community SNMP Community oid SNMP Trap OID action fwdalltrapsmodem fw...

Page 302: ... ID parameters Parameters community SNMP Community deviceport Device Port or Name ethport 1 2 nms SNMP NMS oid SNMP Trap OID usbport u1 u2 internal modem emailaddress destination email address Description Edits event definitions admin events show Syntax admin events show Description Displays event definitions Group Commands set groups add edit Group Name parameters Syntax set groups add edit Group...

Page 303: ...issions for information on user rights Rename a group set groups rename Group Name newname New Group Name Delete a group set groups delete Group Name show groups name Group Name members enable disable Host List Commands set hostlist add edit Host List Name Syntax set hostlist add edit Host List Name parameters Parameters name Host List Name edit only retrycount 1 10 Default is 3 auth enable disabl...

Page 304: ...a list or edit an existing entry set hostlist edit Host List Name move Syntax set hostlist edit Host List Name move Host Number position Host Number Description Moves a host entry to a new position in the host list set hostlist delete Syntax set hostlist delete Host List entry Host Number Description Deletes a host list or a single host entry from a host list show hostlist Syntax show hostlist all...

Page 305: ...enable disable auth pap chap calleridcmd Modem Command String chaphost CHAP Host or User Name initscript Modem Init Script chapsecret CHAP Secret or User Password nat enable disable chapauth chaphost localusers checkdialtone disable 5 600 min dialbacknumber usernumber Phone Number dialoutnumber Phone Number dialbackdelay PPP Dialback Delay dialoutlogin Remote User Login dialbackretries 1 10 Set th...

Page 306: ...able ruleset Ruleset Name internal modem state disable internal modem state enable ruleset Ruleset Name Description Maps an IP filter to an interface set ip filter rules Syntax set ipfilter rules parameters Parameters add Ruleset Name delete Ruleset Name edit Ruleset Name Edit Parameters Edit Parameters append insert Rule Number replace Rule Number delete Rule Number Description Sets IP filter rul...

Page 307: ...maxsize Size in Bytes usblogging enable disable usbmaxfiles Max of Files usbmaxsize Size in Bytes usbport u1 u2 sd sysloglogging enable disable Description Configures logging settings for one or more device ports Local logging must be enabled for a device port for the locallog commands to be executed To use the set locallog clear command the user must have permission to clear port buffers see Chap...

Page 308: ...et log clear modem Syntax set log clear modem Description Clear the modem log the modem log is automatically pruned when it reaches 50K set log clear modem Syntax set log modem ppplog Description Enables PPP activity messages in the modem log set log modem ppplog enable disable Syntax set log modem pppdebug Description Enables PPP debugging messages in the modem log set log modem pppdebug enable d...

Page 309: ...e Index logfile NFS USB or SD card Log File Defaults bytes 1000 startbyte 1 numlines 40 Lists the NFS or USB log files either for a specific device port or all log files in a USB or NFS location show log files nfs usb sdcard localdir NFS Mount Local Directory usbport U1 U2 deviceport Device Port or name Network Commands set network Syntax set network parameters Parameters interval 1 99999 Seconds ...

Page 310: ...ult and alternate gateways The alternate gateway is used if an IP address usually accessible through the default gateway fails to return one or more pings set network host Syntax set network host Hostname domain Domain Name Description Sets the SLC host name and domain name set network port Syntax set network port 1 2 parameters Parameters mode auto 10mbit half 100mbit half 10mbit full 100mbit ful...

Page 311: ...twork gateway Description Displays gateway settings show network host Syntax show network host Description Displays the network host name of the SLC 8000 advanced console manager show network port Syntax show network port 1 2 Description Displays Ethernet port settings and counters show network all Syntax show network all Description Displays all network settings ...

Page 312: ...te NFS share The remdir and locdir parameters are required but if they have been specified previously you do not need to provide them again set nfs unmount Syntax set nfs unmount 1 2 3 Description Unmounts a remote NFS share set cifs Syntax set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup Description Configures the ...

Page 313: ...Description Displays SMB CIFS settings show nfs Syntax show nfs Description Displays NFS share settings Routing Commands set routing Syntax set routing parameters Parameters rip enable disable route 1 64 ipaddr IP Address mask Netmask gateway IP Address static enable disable version 1 2 both Description Configures static or dynamic routing To delete a static route set the IP address mask and gatew...

Page 314: ...ce The SD Card can be used for saving configurations firmware updates and device logging set sdcard mount Unmounts a SD Card set sdcard unmount Formats a SD Card set sdcard format filesystem ext2 fat16 fat32 Defaults filesystem ext2 Runs a filesystem check on a SD Card recommended if it does not mount set sdcard fsck Displays a directory listing of a SD Card set sdcard dir Renames a file on a SD C...

Page 315: ...ity settings and current status Parameters show security Services Commands set services Syntax set services one or more services parameters Parameters alarmdelay 1 6000 Seconds auditlog enable disable auditsize Size in Kbytes Limit is 1 500 Kbytes authlog off error warning info debug clicommands enable disable contact Admin contact info devlog off error warning info debug diaglog off error warning...

Page 316: ... syslogserver1 IP Address or Name syslogserver2 IP Address or Name telnet enable disable timeoutssh disable or 1 30 timeouttelnet disable or 1 30 traps enable disable trapcommunity Trap Community v1ssh enable disable v1v2 enable disable v3password Password for v3 auth v3user User for v3 auth v3user V3 RO User v3rwuser V3 RW User v3security noauth auth authencrypt v3auth md5 sha v3encrypt des aes w...

Page 317: ...rk Syntax show slcnetwork ipaddrlist all Address Mask Description Detects and displays all SLC 8000 advanced console managers on the local network Without the ipaddrlist parameter the command searches the SLC network With the ipaddrlist parameter the command displays a sorted list of all IP addresses or displays the IP addresses that match the mask for example 172 19 255 255 would display all IP a...

Page 318: ...key Specify the keyuser and keyhost to delete an imported key specify the keyuser and keyname to delete exported key set sshkey export Syntax set sshkey export ftp scp copypaste one or more parameters Parameters format openssh secsh host IP Address or Name login User Login path Path to Copy Key bits 1024 2048 4096 keyname SSH Key Name keyuser SSH Key User type rsa dsa Description Exports an sshkey...

Page 319: ...scp pubfile Public Key File privfile Private Key File host IP Address or Name login User Login path Path to Key File Description Imports an SLC host key set sshkey server reset Syntax set sshkey server reset type all rsa1 rsa dsa Description Resets defaults for all or selected host keys show sshkey export Syntax show sshkey export one or more parameters Parameters keyhost SSH Key IP Address or Nam...

Page 320: ...s show connections Syntax show connections email Email Address Description Displays a list of current connections Optionally emails the displayed information The connection IDs are in the left column of the resulting table The connection ID associated with a particular connection may change if the connection times out and is restarted show connections connid Syntax show connections connid Connecti...

Page 321: ...il Email Address Description Displays device port modes and states for one or more ports Optionally emails the displayed information show sysconfig Syntax show sysconfig display basic auth devices email Email Address Description Displays a snapshot of all configurable parameters Optionally emails the displayed information show sysstatus Syntax show sysstatus email Email Address Description To disp...

Page 322: ...ontaining information and error messages Note The level display and time parameters cannot be used simultaneously show syslog clear Syntax show syslog clear all netlog servlog authlog devlog diaglog genlog Description Clears one or all of the system logs USB Access Commands set usb access Syntax set usb access enable disable Description Enables or disables access to USB devices USB Storage Command...

Page 323: ...ax set usb storage mount U1 U2 Description Mounts a USB flash drive in the SLC 8000 advanced console manager for use as a storage device The USB flash drive must be formatted with an ext2 or FAT file system before you mount it set usb storage unmount Syntax set usb storage unmount U1 U2 Description Unmounts a USB flash drive Enter this command before removing the USB device set usb storage rename ...

Page 324: ...t usb storage delete U1 U2 file Current Filename show usb storage Description Display product information and settings for any USB thumb drive Syntax show usb storage USB Modem Commands set usb modem Syntax set usb modem u1 u2 parameters Parameters auth pap chap baud 300 230400 9600 is the default calleridcmd Modem Command String calleridlogging enable disable chaphost CHAP Host or User Password c...

Page 325: ...modemstate disable dialout dialin dialback dialondemand dialin dialondemand cbcpserver cbcpclient dialback ondemand dialinhostli st modemtimeout disable 1 9999 seconds parity none odd even remoteipaddr negotiate IP Address restartdelay PPP Restart Delay service none telnet ssh tcp sshauth enable disable sshport TCP Port stopbits 1 2 tcpauth enable disable tcpport TCP Port telnetauth enable disable...

Page 326: ... in CIDR notation ikenegotation main aggressive ikeenc any 3des aes ikeauth any sha1 md5 ikedhgroup any dh2 dh5 espec any 3des aes espauth any sha1 md5 espdhgroup any dh2 dh5 pfs enable disable modeconfig enable disable xauthclient enable disable xauthlogin User Login Enter RSA public key or Pre Shared Key of remote host set vpn key Enter XAUTH password set vpn xauthpassword show vpn Syntax show v...

Page 327: ...emperatures can be entered in either Celsius or Fahrenheit to indicate a temperature is Fahrenheit append the degrees with an F i e 75F Parameter set temperature one or more parameters Parameters low Low Temperature in C or F high High Temperature in C or F calibrate Temperature Calibration in C or F cancel Note The calibration offset will be applied one hour after setting the value Description Di...

Page 328: ... facility and network infrastructure for example how vulnerable the CAT 5 wiring is to tapping Factors Affecting Security External factors affect the security provided by the SLC unit for example Telnet sends the login exchange as clear text across Ethernet A person snooping on a subnet may read your password A terminal to the SLC may be secure but the path from the SLC 8000 advanced console manag...

Page 329: ...ord with a voltage and current rating greater than the voltage and current rating marked on the SLC unit Install the SLC 8000 advanced console manager near an AC outlet that is easily accessible Always connect any equipment used with the product to properly wired and grounded power sources To help protect the product from sudden transient increases and decreases in electrical power use a surge sup...

Page 330: ...ature of the SLC unit See Technical Specifications on page 28 Install the equipment in a rack in such a way that the amount of airflow required for safe operation of the equipment is not compromised Mount the equipment in the rack so that a hazardous condition is not achieved due to uneven mechanical loading Maintain reliable earthing of rack mounted equipment Give particular attention to supply c...

Page 331: ... or 25 pin serial connector found on other manufacturers serial devices or re route the serial signals for connections to other devices that use RJ45 serial connectors Please check the cabling database on the Lantronix Web site at www lantronix com for suggested cables and adapters for commonly used serial devices The console port is wired the same way as the device ports and has the same signal o...

Page 332: ...rs and Pinouts SLC 8000 Advanced Console Manager User Guide 332 Figure C 2 RJ45 Receptacle to DB25F DCE Adapter for the SLC unit PN 200 2067A Figure C 3 RJ45 Receptacle to DB9M DCE Adapter for the SLC unit PN 200 2069A ...

Page 333: ...pendix C Adapters and Pinouts SLC 8000 Advanced Console Manager User Guide 333 Figure C 4 RJ45 Receptacle to DB9F DCE Adapter for the SLC unit PN 200 2070A Use PN 200 2070A adapter with a PC s serial port ...

Page 334: ...entication for client server applications by using secret key cryptography LDAP Lightweight Directory Access Protocol A protocol for accessing directory information NAT Network Address Translation An Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic This enables a company to shield internal addresses from the...

Page 335: ...ations as well as Web browsers to share files across the Internet CIFS runs on TCP IP and uses the SMB protocol in Microsoft Windows for accessing files With CIFS users with different platforms and computers can share files without having to install new software SNMP Simple Network Management Protocol A protocol that system administrators use to monitor networks and connected devices and to respon...

Page 336: ...N 55024 2010 Information Technology Equipment Immunity Characteristics EN 61000 4 2 2008 Electro Static Discharge Test EN 61000 4 3 2010 Radiated Immunity Field Test EN 61000 4 4 2012 Electrical Fast Transient Test EN 61000 4 5 2014 Power Supply Surge Test EN 61000 4 6 2013 Conducted Immunity Test EN 61000 4 8 2009 Magnetic Field Test EN 61000 4 11 2004 Voltage Dips Interrupts Supplementary Inform...

Page 337: ...d in at least one of the homogeneous materials used for this part is above the limit requirement in SJ T11363 2006 Lead Pb Mercury Hg Polybrominated biphenyls PBB Cadmium Cd Hexavalent Chromium Cr VI Polybrominated diphenyl ethers PBDE Product Family Name Toxic or hazardous Substances and Elements Lead Pb Mercury Hg Cadmium Cd Hexavalent Chromium Cr VI Polybrominated biphenyls PBB Polybrominated d...

Reviews: