Lantronix SLC16 User Manual Download | Manualshive

Page: 317 / 351

background image

SLC™ Console Manager User Guide

317

Appendix B: Security Considerations

The SLC console manager provides data path security by means of SSH or Web/SSL. Do not
assume that you have complete security, however. Securing the data path is only one way to
ensure security. This appendix briefly discusses some important security considerations.

Security Practice

Develop and document a Security Practice. For example, the Security Practice document should
state the rules to maintaining security. For example, do not leave sessions open or advertise
passwords because these actions could compromise SSH and SSL. Or, do not speculate about
the facility and network infrastructure with reference to how vulnerable the CAT 5 wiring is to
tapping.

Factors Affecting Security

External factors affect the security provided by the SLC device, for example:



Telnet sends the login exchange as clear text across Ethernet. A person snooping on a subnet
may read your password.



A terminal to the SLC console manager may be secure, but the path from the SLC device to
the end device may not be secure.



With the right tools, a person having physical access to open the SLC console manager may
be able to read the encryption keys.



There is no true test for a denial-of-service attack; there is always a legitimate reason to
request a storm. A denial-of-service filter locks out some high-performance automated/
scripted requests. The SLC device always attempts to service requests and does not filter out
potential denial–of-service attacks.

«
...
315
316
317
318
319
...
»

Summary of Contents for SLC16

Page 1: ...Part Number 900 449 Revision J July 2014 SLC Console Manager User Guide SLC8 SLC16 SLC32 SLC48 ...

Page 2: ...e into hosts other than this product must be done under their terms A machine readable copy of the corresponding portions of GPL licensed source code may be available at the cost of distribution Such Open Source Software is distributed WITHOUT ANY WARRANTY INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE See the GPL and BSD for details A copy of the licenses is...

Page 3: ...quipment Changes or modifications to this device not explicitly approved by Lantronix will void the user s authority to operate this device The information in this guide may change without notice The manufacturer assumes no responsibility for any errors that may appear in this guide For the latest revision of product documents please check our online documentation at www lantronix com support docu...

Page 4: ... redesigned SLC Network web page Email Log Firmware Update vi PC Card and NFS SLC Temperature and PPP dialback including CallBack Control Protocol March 2010 H Updated for USB support that was added in firmware 5 5 November 2013 I Updated product name and trademark information July 2014 J Updated to firmware release 6 1 0 0 Date continued Rev Comments ...

Page 5: ...cols Supported ____________________________________________________25 Access Control ________________________________________________________25 Device Port Buffer _____________________________________________________25 Configuration Options ___________________________________________________25 Hardware Features ________________________________________________________26 Serial Connections _________...

Page 6: ...____________________________________47 Command Line Interface ____________________________________________________47 Logging In ____________________________________________________________47 Logging Out __________________________________________________________48 Command Syntax ______________________________________________________48 Command Line Help ______________________________________________...

Page 7: ...___________________71 Web SSH Web Telnet Settings ___________________________________________71 Phone Home __________________________________________________________71 SNMP __________________________________________________________________72 Communities __________________________________________________________73 Version 3 ____________________________________________________________73 V3 Read Only...

Page 8: ...ds ________________________________________________104 Device Commands ____________________________________________________106 Interacting with a Device Port _______________________________________________107 Device Ports Logging ____________________________________________________108 Local Logging ________________________________________________________108 NFS File Logging _______________________...

Page 9: ...____138 CBCP Server ________________________________________________________139 9 PC Cards 140 Set Up of PC Card Storage _________________________________________________140 Modem Settings _________________________________________________________142 PC Card Commands ______________________________________________________147 10 USB Port 148 Set Up of USB Storage _____________________________________...

Page 10: ...____________190 Kerberos Commands __________________________________________________193 TACACS ______________________________________________________________194 TACACS Commands _________________________________________________197 Groups ________________________________________________________________198 SSH Keys ______________________________________________________________201 Imported Keys ______...

Page 11: ...Text Mode to a Remote Device _______________________________________247 Local Serial Connection to Network Device via Telnet ____________________________248 15 Command Reference 250 Introduction to Commands _________________________________________________250 Command Syntax _____________________________________________________250 Command Line Actions and Categories ________________________________...

Page 12: ...mands _____________________________________________________305 Status Commands ________________________________________________________307 System Log Commands ___________________________________________________307 TACACS Commands ____________________________________________________308 Temperature Commands __________________________________________________309 USB Commands __________________________...

Page 13: ..._________________________________322 Signalverbindungen ______________________________________________________323 Appendix E Adapters and Pinouts 324 Appendix F Protocol Glossary 329 Appendix G Compliance Information 334 Appendix H DC Connector Instructions 337 Appendix I LDAP Schemas 340 Installing Schema Support in Window AD Server ________________________________340 Creating the SLC Schema Attr...

Page 14: ...________53 Figure 6 2 Network IP Filter ______________________________________________________58 Figure 6 3 Network IP Filter Ruleset Adding Editing Rulesets ___________________________60 Figure 6 4 Network Routing _______________________________________________________63 Figure 6 5 Network VPN _________________________________________________________65 Figure 7 1 Services SSH Telnet Logging______...

Page 15: ...__________________158 Figure 11 4 Multiport Device Server _________________________________________________159 Figure 11 5 Console Server _______________________________________________________160 Figure 11 6 Devices Connections _________________________________________________161 Figure 11 7 Current Connections ___________________________________________________162 Figure 12 1 User Authentication...

Page 16: ...nsole Manager PN 200 2067A _ 325 Figure E 3 RJ45 Receptacle to DB9M DCE Adapter for the SLC Console Manager PN 200 2069A _ 326 Figure E 4 RJ45 Receptacle to DB9F DCE Adapter for the SLC Console Manager PN 200 2070A _ 327 Figure E 5 RJ45 to RJ45 Adapter for Netra Sun Cisco and SLP PNs 200 2225 and ADP010104 01 ____________________________________________________________________328 Figure H 1 Connec...

Page 17: ...ect Schema Object Window ___________________________________________347 Figure I 15 ADSI Edit Window _____________________________________________________348 Figure I 16 ADSI Edit Window CN Users Folder ______________________________________349 Figure I 17 Properties Window _____________________________________________________349 Figure I 18 Attribute Editor Window ________________________________...

Page 18: ...e 4 4 Front Panel Setup Options with Associated Parameters __________________________36 Table 5 2 Actions and Category Options ______________________________________________48 Table 8 5 Port Status and Counters _________________________________________________101 Table 8 14 Definitions ____________________________________________________________124 Table 8 15 Primary Commands _____________________...

Page 19: ...stallation Provides technical specifications describes connection formats and power supplies provides instructions for installing the unit in a rack Chapter 4 Quick Setup Provides instructions for getting your unit up and running and for configuring required settings Chapter 5 Web and Command Line Interfaces Describes the web and command line interfaces available for configuring the unit Note Chap...

Page 20: ...ations Chapter 15 Command Reference Lists and describes all of the commands available on the SLC command line interface Appendix A Bootloader Lists and describes the commands available for the bootloader command line interface Appendix B Security Considerations Provides tips for enhancing SLC security Appendix C Safety Information Lists safety precautions for using the SLC console manager Appendix...

Page 21: ...p Provides online help for assigning a static IP address to the SLC console manager using the Lantronix Detector tool Table 1 2 Conventions Used in This Book Convention Description Bold text Default parameters Brackets Optional parameters Angle Brackets Possible values for parameters Pipe Choice of parameters Warning Warning Means that you are in a situation that could cause equipment damage or bo...

Page 22: ...g access systems UPS medial devices The key benefits of using Console Managers Saves money Enables remote management and troubleshooting without sending a technician onsite Reduces travel costs and downtime costs Saves time Provides instant access and reduces response time improving efficiency Simplifies access Enables you to access equipment securely and remotely after hours and on weekends and h...

Page 23: ... and Description SLC00812N 03 SLC00812N 02 SLC8 8 port Single AC Supply Secure Console Manager SLC01612N 03 SLC01612N 02 SLC16 16 Port Single AC Supply Secure Console Manager SLC03212N 03 SLC03212N 02 SLC32 32 Port Single AC Supply Secure Console Manager SLC04812N 03 SLC04812N 02 SLC48 48 Port Single AC Supply Secure Console Manager SLC00822N 03 SLC00822N 02 SLC8 8 Port Dual AC Supply Secure Conso...

Page 24: ...Email and SNMP notification ID Password security configurable access rights Secure shell SSH security supports numerous other security protocols Network File System NFS and Common Internet File System CIFS support Telnet or SSH to a serial port by IP address per port or by IP address and TCP port number 1u Tall Self Contained Rack Mountable Chassis Two line Display Front Panel Pushbuttons Two PC C...

Page 25: ...CBCP For descriptions of the protocols see Appendix F Protocol Glossary Access Control The system administrator controls access to attached servers or devices by assigning access rights to up to 128 user profiles Each user has an assigned ID password and access rights Other user profile access options may include externally configured authentication methods such as NIS and LDAP Device Port Buffer ...

Page 26: ...ation see Technical Specifications on page 30 All physical connections use industry standard cabling and connectors The network and serial ports are on the rear panel of the SLC console manager and the console port is on the front Required cables and adapters for certain servers switches and other products are available from Lantronix at www lantronix com Serial Connections All devices attached to...

Page 27: ...standard RJ45 terminated Category 5 cables Network parameters must be configured before the SLC console manager can be accessed over the network Figure 2 6 Network Connection PC Card Interface Note This PC Card interface is only supported on SLC 02 part numbers The SLC console manager has two PC Card slots as shown in Figure 2 7 Lantronix qualifies cards continuously and publishes a list of qualif...

Page 28: ...ager User Guide 28 Figure 2 7 PC Card Interface USB Port Note This USB port is only supported on SLC 03 part numbers The SLC console manager has a USB port as shown in Figure 2 8 Figure 2 8 SLC Console Manager with USB Interface ...

Page 29: ...scription Adapters 200 2066A Adapter DB25M DCE Sun w DB25 female 200 2067A Adapter DB25F DCE to RJ45 Sun w DB25 male and some HP9000s 200 2069A Adapter DB9M DCE to RJ45 SGI Onyx 200 2070A Adapter DB9F DCE to RJ45 HP9000 SGI Origin IBM RS6000 and PC based Linux servers ADP010104 01 Adapter RJ45 rolled serial Cisco and Sun Netra Note An optional adapter for an external modem is available from Lantro...

Page 30: ...tion cooling to dissipate excess heat Table 3 2 Components and Descriptions Component Description Serial Interface Device RJ45 type 8 conductor connector DTE Speed software selectable 300 to 115 200 baud Serial Interface Console RJ45 type 8 pin connector DTE Speed software selectable 300 to 115 200 baud Network Interface 10Base T 100Base TX RJ45 Ethernet Power Supply Universal AC power input 100 2...

Page 31: ... page 32 5 Wait approximately a minute and a half for the boot process to complete When the boot process ends the SLC host name and the clock appear on the LCD display Now you are ready to configure the network settings as described in Chapter 4 Quick Setup Connecting to Device Ports You can connect any device that has a serial console port to a device port on the SLC console manager for remote ad...

Page 32: ...ional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector The console port is configured as DTE For more information see Appendix E Adapters and Pinouts on page 324 and go to the Lantronix web site at www lantronix com support and click Cable Adapter Lookup on the Support menu To connect a terminal 1 Attach the Lantronix adapter to your terminal use PN 200 2066A ada...

Page 33: ...nputs and power switch Figure 3 4 AC Power Input and Power Switch SLCxxxx2N Note The SLC48 console manager with dual AC does not have an on off switch DC Input The DC version of the SLC console manager accepts standard 48 VDC power The SLC0xx24T models accept two DC power inputs for supply redundancy Lantronix provides the DC power connections using industry standard Wago connectors One set of con...

Page 34: ...stem administrator generally provides the IP address and corresponding subnet mask and gateway The IP address must be within a valid range unique to your network and in the same subnet as your PC The following table lists the options for assigning an IP address to your SLC unit Table 4 1 Methods of Assigning an IP Address Method Description DHCP A DHCP server automatically assigns the IP address a...

Page 35: ...ft Right The front panel display initially shows the hostname abbreviated to 14 letters and total current level When you click the right arrow keypad the SLC console manager s network settings display Using the five keypads you can change the network console port and date time settings and view the firmware release version If desired you can restore the factory defaults Note Have your information ...

Page 36: ...nter button To enter edit mode Up and down arrows Within edit mode to increase or decrease a numerical entry Right or left arrows Within edit mode to move the cursor right or left Enter To exit edit mode Up and down arrows To scroll up or down the list of parameters within an option e g from IP Address to Mask Left Right Arrow Network Settings Console Settings Date Time Settings Release Internal T...

Page 37: ... and then press the down arrow button The Subnet Mask parameter displays Note You must edit the IP address and the Subnet Mask together for a valid IP address combination 5 To save your entries for one or more parameters in the group press the right arrow button The Save Settings Yes No prompt displays Note If the prompt does not display make sure you are no longer in edit mode 6 Use the left righ...

Page 38: ...default password is 999999 Note The Restore Factory Defaults password is only for the LCD You can change it at the command line interface using the admin keypad password command 5 Press Enter to exit edit mode If the password is valid a Save Settings Yes No prompt displays 6 To initiate the process for restoring factory defaults select Yes When the process is complete the SLC unit reboots Method 2...

Page 39: ...Network Settings Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported Network Setting Description Eth 1 Settings Obtain from DHCP Acquires IP address subnet mask hostname and gateway from the DHCP server The DHCP server may not provide the hostname gateway depending on its setup This is the default setting If you select this option skip to ...

Page 40: ...enter the subnet mask for the network on which the SLC console manager resides There is no default Default Gateway The IP address of the router for this network There is no default Hostname The default host name is slcXXXX where XXXX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit contiguous characters no spaces The host name becomes the prompt in ...

Page 41: ...owing 1 obtain IP Address from DHCP The unit will acquire the IP address subnet mask hostname and gateway from the DHCP server The DHCP server may or may not provide the gateway and hostname depending on its setup This is the default setting 2 obtain IP Address from BOOTP Permits a network node to request configuration information from a BOOTP server node 3 static IP Address Allows you to assign a...

Page 42: ...nter time zone GMT ____Date Time___________________________________________________________ Hostname The default host name is slcXXXX where XXXX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit contiguous characters no spaces Note The host name becomes the prompt in the command line interface Domain If desired specify a domain name for example suppo...

Page 43: ...ord current password Quick Setup is now complete Next Step After completing quick setup on the SLC console manager you may want to configure other settings You can use the web page or the command line interface for configuration For information about the web and the command line interfaces go to Chapter 5 Web and Command Line Interfaces To continue configuring the SLC unit go to Chapter 6 Basic Pa...

Page 44: ... SLC 02 part numbers The features and functionality specific to USB port use are supported on SLC 03 part numbers Web Interface A web interface allows the system administrator and other authorized users to configure and manage the SLC console manager using most web browsers Firefox Chrome or Internet Explorer with JavaScript enabled The Web Telnet and Web SSH features require Java 1 1 or later sup...

Page 45: ...ton allows you to configure the USB device flash drive or modem plugged into the front panel USB connector The gray U2 button allows you to configure the internal USB dial up modem The blue E1 and E2 buttons display the Network Network Settings page The A and B buttons display the status of the power supplies Only ports to which the currently logged in user has rights are enabled The green number ...

Page 46: ...x contact information Configuration site map Status of the SLC device Help Button Provides online Help for the specific web page Logging In Only the system administrator or users with web access rights can log into the web page More than one user at a time can log in but the same user cannot login more than once See Chapter 15 Command Reference for more information To log in to the SLC console man...

Page 47: ...g web page a serial terminal connection or an SSH connection See Chapter 7 Services The sysadmin user and users with who have full administrative rights have access to the complete command set while all other users have access to a reduced command set based on their permissions Logging In To log in to the SLC command line interface 1 Do one of the following With a serial terminal connection power ...

Page 48: ...ted parameters whose settings you want to configure or view Examples are ntp deviceport and network parameter s is one or more name value pairs in one of the following formats Table 5 2 Actions and Category Options parameter name aa bb User must specify one of the values aa or bb separated by a vertical line The values are in all lowercase and must be entered exactly as shown Bold indicates a defa...

Page 49: ...e the name if only one is possible or to display the possible names if more than one is possible Following a space after the preceding name Tab displays all possible names Should you make a mistake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when conn...

Page 50: ...lf To configure the current command line session set cli scscommands enable disable Allows you to use SCS compatible commands as shortcuts for executing commands Note Settings are retained between CLI sessions for local users and users listed in the remote users list To set the number of lines displayed by a command set cli terminallines disable Number of lines Sets the number of lines in the term...

Page 51: ...nterfaces SLC Console Manager User Guide 51 To clear the command history set history clear To view the rights of the currently logged in user show user Note For information about user rights see Chapter 12 User Authentication ...

Page 52: ... use are supported on SLC 02 part numbers The features and functionality specific to USB port use are supported on SLC 03 part numbers Requirements If you assign a different IP address from the current one it must be within a valid range unique to your network and with the same subnet mask as your workstation To configure the unit you need the following information Eth1 IP address ________ _______...

Page 53: ...eters SLC Console Manager User Guide 53 To enter settings for one or both network ports 1 Click the Network tab and select the Network Settings option The following page displays Figure 6 1 Network Network Settings ...

Page 54: ...t support configurations with the same IP subnet on multiple interfaces Ethernet or PPP Subnet Mask If specifying an IP address enter the network segment on which the SLC resides There is no default IPv6 Address Address of the port in IPv6 format Note The SLC unit upports IPv6 connections for a limited set of services the web SSH and Telnet IPv6 addresses are written as 8 sets of 4 digit hexadecim...

Page 55: ...dress to Ping IP address to ping to determine whether to use the alternate gateway Ethernet Port to Ping Ethernet port to use for the ping Delay between Pings Number of seconds between pings Number of Failed Pings Number of pings that fail before the SLC unit uses the alternate gateway Enable IP Forwarding IP forwarding enables network traffic received on one interface Eth1 Eth2 or an external USB...

Page 56: ...it half 100mbit half 10mbit full 100mbit full state dhcp bootp static disable ipaddr IP Address mask Mask ipv6addr IP v6 Address Prefix DNS Servers 1 3 Configure up to three name servers 1 is required if you choose to configure DNS Domain Name Server servers The first three DNS servers acquired via DHCP through Eth1 and or Eth2 display automatically 1 3 Displays the IP address of the name servers ...

Page 57: ...sually accessible through the default gateway fails to return one or more pings To set the SLC host name and domain name set network host Hostname domain Domain Name To set TCP Keepalive and IP Forwarding network parameters set network parameters Parameters interval 1 99999 Seconds ipforwarding enable disable probes Number of Probes startprobes 1 99999 Seconds To view all network settings show net...

Page 58: ...hout notice or it may be rejected sends back an error packet depending upon the rules of that filter rule set The administrator uses the Network IP Filter page to view add edit delete and map IP filters Warning IP filters configuration is a feature for advanced users Adding and enabling IP filter sets incorrectly can disable your SLC console manager Viewing IP Filters You can view a list of filter...

Page 59: ...ollowing page displays Enable IP Filter Select the Enable IP Filter checkbox to enable all filters or clear the checkbox to disable all filters Disabled by default Packets Dropped Displays the number of data packets that the filter ignored did not respond to View only Packets Rejected Displays the number of data packets that the filter sent a rejected response to View only Test Timer Timer for tes...

Page 60: ...ingle IP address to act as a filter or specify a range of IP addresses if the range cannot be defined by an IP address and Subnet Mask Example 172 19 220 64 this specific IP address only 172 19 220 60 172 19 220 68 a range of IP addresses from 172 19 220 60 through 172 19 220 68 Subnet Mask Specify a subnet mask to act determine how much of the address should apply to the filter Example 255 255 25...

Page 61: ...umbers to be tested An entry is required for TCP TCP New TCP Established and UDP and is not allowed for other protocols Separate multiple ports with commas Separate ranges of ports by colons Examples 22 filter on port 22 only 23 64 80 filter on ports 23 64 and 80 23 64 80 143 150 filter on ports 23 through 64 port 80 and ports 143 through 150 Action Select whether to Drop Reject or Accept communic...

Page 62: ... modem connected to a Device Port To map a rule set to a network interface 1 On the Network IP Filter page select the IP filter ruleset to be mapped 2 From the Interface drop down list select the interface and click the Map Ruleset button The Interface and rule set display in the IP Filter Mappings table To delete a mapping 1 On the Network IP Filter page select the mapping from the list and click...

Page 63: ...rameters Edit Parameters append insert Rule Number replace Rule Number delete Rule Number Routing The SLC console manager allows you to define static routes and for networks using Routing Information Protocol RIP capable routes to enable the RIP protocol to configure the routes dynamically To configure routing settings 1 Click the Network tab and select the Routing option The following page displa...

Page 64: ...es enable show routing resolveip enable disable email Email Address Note You can optionally email the displayed information Enable RIP Select to enable Dynamic Routing Information Protocol RIP to assign routes automatically Disabled by default RIP Version Select the RIP version The default is 2 Enable Static Routing Select to assign the routes manually The system administrator usually provides the...

Page 65: ...IPSec tunnels using Encapsulated Security Payload ESP The SLC console manager supports host to host net to net host to net and roaming user tunnels Note To allow VPN tunnel access if the SLC firewall is enabled traffic to UDP ports 500 and 4500 from the remote host should be allowed as well as protocol ESP from the remote host To complete the VPN page 1 Click the Network tab and select the VPN opt...

Page 66: ... communicate via IPSec The first phase of the protocol authenticates the two hosts to each other and establishes the Internet Security Association Key Management Protocol Security Association ISAKMP SA The second phase of the protocol establishes the cryptographic parameters for protecting the data passed through the tunnel which is the IPSec Security Association IPSec SA The IPSec SA can periodic...

Page 67: ...emote Host If RSA Public Key is selected for authentication enter the public key for the remote host Pre Shared Key If Pre Shared Key is selected for authentication enter the key Retype Pre Shared Key If Pre Shared Key is selected for authentication re enter the key Perfect Forward Secrecy When a new IPSec SA is negotiated after the IPSec SA lifetime expires a new Diffie Hellman key exchange can b...

Page 68: ... only access to all statistics and configurable items provided by the SLC unit It provides read write access to a select set of functions for controlling the SLC device and device ports See the MIB definition file for details Identify a Simple Mail Transfer Protocol SMTP server Enable or disable SSH and Telnet logins Configure an audit log View the status of and manage the SLC console managers on ...

Page 69: ...dition that may be cause for concern in addition to error messages This is the default for all message types Info Saves informative message in addition to warning and error messages Debug Saves extraneous detail that may be helpful in tracking down a problem in addition to information warning and error messages Network Level Messages concerning the network activity for example about Ethernet and r...

Page 70: ...r of outgoing emails The strings host and domain can be part of the email address they will be substituted with the actual hostname and domain The default is donotreply host domain Enable Logins Enables or disables SSH logins to the SLC unit to allow users to access the CLI using SSH Enabled by default This setting does not control SSH access to individual device ports See Device Ports Settings on...

Page 71: ...ns you can cause an idle connection to disconnect after a specified number of minutes Select Yes and enter a value of from 1 to 30 minutes Note You must reboot the unit before a change will take effect Outgoing Telnet Enables or disables the ability to create Telnet out connections Java Terminal Deployment Method used to launch Java applications either Java Web Start or Applet Java Terminal Buffer...

Page 72: ...MP is a set of protocols for managing complex networks 1 Click the Services tab and select the SNMP option The following page displays Figure 7 2 Services SNMP 2 Enter the following Enable Agent Enables or disables SNMP agent which allows read only access to the system Disabled by default ...

Page 73: ...anager for example a name optional Up to 20 characters Read Only A string that acs agent provides The default is public Read Write A string that acts like a password for an SNMP manager to access the read only data the SLC SNMP agent provides and to modify data where permitted The default is private Trap The trap used for outgoing generic and enterprise traps Traps sent with the Event trigger mech...

Page 74: ...IP Address or Name phonehome enable disable phoneip IP Address portssh TCP Port rocommunity Read Only Community Name rwcommunity Read Write Community Name User Name SNMP v3 is secure and requires user based authorization to access SLC MIB objects Enter a user ID The default is snmpuser Up to 20 characters Password Retype Password Password for a user with read only authority to use to access SNMP v...

Page 75: ...nd SMB CIFS Use the Services NFS CIFS page if you want to save configuration and logging data onto a remote NFS server or export configuration by means of an exported CIFS share Mounting an NFS shared directory on a remote network server onto a local SLC directory enables the SLC console manager to store device port logging data on that network server This configuration avoids possible limitations...

Page 76: ...h to mount the remote directory The SLC unit creates the local directory automatically Read Write If enabled indicates that the SLC device can write files to the remote directory If you plan to log port data or save configurations to this directory you must enable this option Mount Select the checkbox to enable the SLC unit to mount the file to the NFS server Disabled by default Share SMB CIFS dir...

Page 77: ... share which contains the system and device port logs set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup Note The admin config command saves SLC configurations on the SMB CIFS share To change the password for the SMB CIFS share login default is cifsuser set cifs password To view SMB CIFS settings show cifs CIFS User P...

Page 78: ...work 1 Click the Services tab and select the Secure Lantronix Network option The following page displays Figure 7 4 Services Secure Lantronix Network 2 Click a device IP Address in the column labeled IP Address Web Interface A separate browser opens at the device Home page after you have logged in In the separate browser page you can manage the device 3 To access a device port via SSH or Telnet cl...

Page 79: ...I column directly beside the port you would like to access A ssh or telnet popup window appears depending on what is clicked Figure 7 5 Telnet Session To configure how Secure Lantronix devices are searched for on the network 1 Click the Search Options link on the top right of the Services Secure Lantronix Network page The following web page displays ...

Page 80: ...ese devices Secure Lantronix Network Commands The following commands for the command line interface correspond to the web page entries described above To detect and view all SLC console manager or user defined IP addresses on the local network set slcnetwork one or more parameters Parameters add IP Address delete IP Address search localsubnet ipaddrlist both Secure Lantronix Network Search Select ...

Page 81: ...or example 172 19 255 255 would display all IP addresses that start with 172 19 Date and Time You can specify the current date time and time zone at the SLC console manager s location default or the SLC unit can use NTP to synchronize with other NTP devices on your network To set the local date time and time zone 1 Click the Services tab and select the Date Time option The following page displays ...

Page 82: ...priate time zone Enable NTP Select the checkbox to enable NTP synchronization NTP is disabled by default Synchronize via Select one of the following Broadcast from NTP Server Enables the SLC console manager to accept time information periodically transmitted by the NTP server This is the default if you enable NTP Poll NTP Server Enables the SLC unit to query the NTP Server for the correct time If ...

Page 83: ...Web Server The Web Server page allows the system administrator to Configure attributes of the web server View and terminate current web sessions Import a site specific SSL certificate Enable an iGoogle gadget that displays the status of ports on multiple SLC units To configure the Web Server 1 Click the Services tab and select the Web Server option The following page appears Figure 7 8 Services We...

Page 84: ...edium security 128 bits or higher for the cipher By default the web uses High Medium Changing this option requires a reboot for the change to take effect Group Access If undefined any group can access the web If one or more groups are specified groups are delimited by the characters comma or semicolon then any user who logs into the web must be a member of one of the specified groups otherwise acc...

Page 85: ... none eth1 eth2 ppp To terminate a web session admin web terminate Session ID To view the current sessions and their ID admin web show To import an SSL certificate or reset the web server certificate to the default admin web certificate import via sftp scp certfile Certificate File privfile Private Key File host IP Address or Name login User Login path Path to Files admin web certificate reset adm...

Page 86: ... The Services Web Server page enables you to view and update SSL certificate information The SSL certificate consisting of a public private key pair used to encrypt HTTP data is associated with the web server You can import a site specific SSL certificate if desired To view reset import or change an SSL Certificate 1 On the Services tab click the Web Server page and click the SSL Certificate link ...

Page 87: ...e drop down list select the method of importing the certificate SCP or SFTP The default is SCP Certificate Filename Filename of the certificate Key Filename Filename of the private key for the certificate Passphrase Retype Passphrase Enter the passphrase associated with the SSL certificate if the private key is encrypted protected with a passphrase Host Host name or IPaddress of the host from whic...

Page 88: ... gadgets and private gadgets The public gadgets are listed for import on iGoogle web pages The SLC gadget is a private gadget whose location is not publicly advertised To set up an SLC iGoogle gadget 1 Load the following XML code on a web server that is accessible over the Internet This code describes how to retrieve information and how to format the data for display xml version 1 0 encoding UTF 8...

Page 89: ...0 display_value 10 minutes UserPref Content type url href http __UP_ip__ devstatus htm Module 2 On the iGoogle web page click the Add stuff link 3 On the new page click the Add feed or gadget link 4 In the field that displays type the URL of the gadget location 5 Return to the gadget viewing page and complete the SLC gadget configuration fields You should see an iGoogle gadget similar to the follo...

Page 90: ...ly assigned for each device port 5 If a device port has an IP address assigned to it you can Telnet SSH or establish a raw TCP connection to the IP address For Telnet and SSH use the default TCP port number 23 and 22 respectively to connect to the device port For raw TCP use the TCP port number defined for TCP In to the device port according to the Device Ports Settings on page 94 section 6 Connec...

Page 91: ...de 91 Device Status The Devices Device Status page displays the status of the SLC console manager s ports and power outlets 1 Click the Devices tab and select the Device Status option The following page displays Figure 8 1 Devices Device Status ...

Page 92: ...P ports display on the left The list of ports 1 16 on the right includes the individual ports and their current mode Note For units with more ports click the buttons above the table to view additional ports Icons that represent some of the possible modes include Idle The port is not in use The port is in data text mode Note You may set up ports to allow Telnet access using the IP Setting per Devic...

Page 93: ...d a number for connecting via Telnet Enter a number 1025 65528 that represents the first port The default is 2000 plus the port number For example if you enter 2001 subsequent ports are automatically assigned numbers 2002 2003 and so on Starting SSH Port Each port is assigned a number for connecting via SSH Enter a number 1025 65528 that represents the first port The default is 3000 plus the port ...

Page 94: ...tings page configure IP and data serial settings for individual ports and if the port connects to an external modem modem settings as well To open the Device Ports Settings page 1 You have two options In the Device Ports List page described in the previous section select the port from the ports list and click the Configure button Click the desired port number in the green bar shown below at the to...

Page 95: ...8 Device Ports SLC Console Manager User Guide 95 Figure 8 4 Device Ports Settings ...

Page 96: ... B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B View Port Log Seq The key sequence used to view the Port Log while in Connect Direct mode Non printing characters can be specified by giving their hexidecimal code see Break Sequence above The default is Esc V x1bV View Port Log Select to allow the user to enter t...

Page 97: ... so if Eth2 is connected and configured and Eth1 is not this feature will not work Web SSH Telnet Columns Number of columns in the Web SSH Telnet applet when this device port is accessed via the applet Rows Number of rows in the Web SSH Telnet applet when this device port is accessed via the applet Baud The speed with which the device port exchanges data with the attached serial device From the dr...

Page 98: ...dial out dial in dial back CBCP server CBCP client dial on demand dial in dial on demand dial back dial on demand or dial in host list For more information on the different dialing types see Modem Dialing States on page 136 Disabled by default Mode The format in which the data flows back and forth Text In this mode the SLC unit assumes that the modem will be used for remotely logging into the comm...

Page 99: ...he SLC console manager will retry the dial out portion of the dialing sequence if the first attempt to dial out fails Timeout Logins If you selected Text mode you can enable logins to time out after the connection is inactive for a specified number of minutes The default is No This setting is only applicable for text mode connections PPP mode connections stay connected until either side drops the ...

Page 100: ...word for Windows systems used for CHAP authentication May have up to 128 characters Enable NAT Select to enable Network Address Translation NAT for dial in and dial out PPP connections on a per modem device port or basis Users dialing into the SLC unit access the network connected to Eth1 and or Eth2 Note IP forwarding must be enabled on the Network Network Settings page for NAT to work See Chapte...

Page 101: ... port statistics for the device port The system automatically updates these values To reset them to zeros select the Zero port counters checkbox in the IP Settings section of the page Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page Table 8 5 Port Status and Counters Device Ports SLP ServerTech CDU On the De...

Page 102: ...nit or ServerTech CDU device This will default to a typical prompt for an SLP power manager or ServerTech CDU If you are unable to control the SLP unit or ServerTech CDU device verify that the prompt is set to the right value Outlet Status Note If there is an SLP and an SLP Expansion chassis the SLP is Tower A and the Expansion chassis is Tower B This is also applicable to a or ServerTech CDU For ...

Page 103: ...erTech CDU Restart SLP To restart the SLP device or ServerTech CDU select the checkbox Control Outlet For Tower A or Tower B select All Outlets or Single Outlet and the number of the outlet to be controlled 1 8 for the SLP8 or 1 16 for the SLP16 and select the command for the outlet No Action On Off Cycle Power No Action is the default Dev Port Displays the number of the SLC port Device Port Name ...

Page 104: ...e databits 7 8 device none slp8 slp16 slp8exp8 slp8exp16 slp16exp8 slp16exp16 sensorsoft servertech dialbackretries 1 10 dialbackdelay PPP Dial back Delay dialinlist Host List for Dial in dialoutnumber Phone Number dialoutlogin User Login dialoutpassword Password dialbacknumber usernumber Phone Number dodauth pap chap dodchaphost CHAP Host or User Name dodchapsecret CHAP Secret or User Password fl...

Page 105: ...netin enable disable telnetport TCP Port timeoutlogins disable or 1 30 usesites enable disable webcolumns Web SSH Telnet Cols webrows Web SSH Telnet Rows To view the settings for one or more device ports show deviceport port Device Port List or Name To view a list of all device port names show deviceport names To view the modes and states of one or more device port s Note You can optionally email ...

Page 106: ... A or number of expansion outlets settings for Tower B see below The outletcontrol parameters control individual outlets slp servertech outletstate outlet Outlet tower A B The outletstate parameter shows the state of all outlets or a single outlet slp servertech envmon Displays the environmental status e g temperature and humidity of the SLP or ServerTech CDU slp servertech infeedstatus Displays t...

Page 107: ...of an external server the data received over the device port can be monitored at the command line interface with the connect listen command as follows To connect to a device port to monitor it connect listen deviceport Port or Name In addition you can send data out the device port for example commands issued to an external server with the connect direct command as follows To connect to a device po...

Page 108: ...y in the amount of overrun not in large blocks of memory NFS File Logging Data can be logged to a file on a remote NFS server Data logged locally to the SLC is limited to 256 Kbytes and may be lost in the event of a power loss Data logged to a file on an NFS server does not have these limitations The system administrator can define the directory for saving logged data on a port by port basis and c...

Page 109: ...3 log 02_Port 2_4 log 02_Port 2_5 log Email SNMP Notification The system administrator can configure the SLC console manager to send an email alert message indicating a particular condition detected in the device port log to the appropriate parties or an SNMP trap to the designated NMS see Chapter 7 Services on page 68 The email or trap is triggered when a user defined number of characters in the ...

Page 110: ...lt Clear Local Log Select the checkbox to clear the local log View Local Log Click this link to see the local log in text format Email Traps Select the checkbox to enable email and SNMP logging Email logging sends an email message to pre defined email addresses or an SNMP trap to the designated NMS see Chapter 7 Services on page 68 when alert criteria are met Disabled by default Send If you enable...

Page 111: ... expressions for more information see http www codeforge com help GNURegularExpr html http www delorie com gnu docs regex regex html Email Delay A time limit of how long in seconds after the SLC unit detects the trigger that the device port captures data before closing the log file with a fixed internal buffer maximum capacity of 1500 bytes and sending a notification The default is 60 seconds Rest...

Page 112: ...a file is reached the SLC console manager begins generating a new file USB PC Card Logging Select to enable USB PC Card logging A PC Card Compact Flash must be loaded into one of the PC Card slots of the SLC unit and properly mounted A USB flash drive must be loaded into the SLC unit Disabled by default USB PC Card Log to View Available log files in the selected USB port or PC card slot to view Lo...

Page 113: ...e Max Size of Files locallogging enable disable name Device Port Name nfsdir Logging Directory nfslogging enable disable nfsmaxfiles Max of Files nfsmaxsize Size in Bytes sysloglogging enable disable usblogging enable disable usbmaxfiles Max of Files usbmaxsize Size in Bytes usbport U1 pccardlogging enable disable pccardmaxfiles Max of Files pccardmaxsize Size in Bytes pccardslot upper lower To vi...

Page 114: ...the number of data bits The default is 8 data bits Stop Bits The number of stop bits that indicate that a byte of data has been transmitted From the drop down list select the number of stop bits The default is 1 Parity Parity checking is a rudimentary method of detecting simple single bit errors From the drop down list select the parity The default is none Flow Control A method of preventing buffe...

Page 115: ...I The SLC console manager cycles through the list until it successfully connects to one To add a host list 1 Click the Devices tab and select the Host Lists option The following page displays Group Access If undefined any group can access the console port If one or more groups are specified groups are delimited by the characters space comma or semicolon then any user who logs into the console port...

Page 116: ...me click the Add Host List button To add hosts enter the following Host Parameters Host List Id Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Enter the number of times the SLC console manager should attempt to retry connecting to the host list Authentication Select to require authentication when the SLC unit connects to a host Host Name or IP address...

Page 117: ...utton After the process completes a link back to the Device Ports Settings page displays To view or update a host list 1 In the Host Lists table select the host list and click the View Host List button The list of hosts display in the Hosts box Port Port on the host to connect to Escape Sequence The escape character used to get the attention of the SSH or Telnet client It is optional and if not sp...

Page 118: ...n when the SLC unit connects to a host Host Name or IP address of the host Protocol Protocol for connecting to the host TCP SSH or Telnet Port Port on the host to connect to SLC console manager Escape Sequence The escape character used to get the attention of the SSH or Telnet client It is optional and if not specified Telnet and SSH use their default escape character For Telnet the escape charact...

Page 119: ...ist Commands The following CLI commands correspond to the web page entries described above To configure a prioritized list of hosts to be used for modem dial in connections set hostlist add edit Host List Name parameters Parameters name Host List Name edit only retrycount 1 10 Default is 3 auth enable disable To add a new host entry to a list or edit an existing entry set hostlist add edit Host Li...

Page 120: ...I commands A user can create scripts at the web view scripts at the web and the CLI and utilize scripts at the CLI For a description of the syntax allowed in Interface Scripts see Interface Script Syntax at the end of this page All scripts have permissions associated with them a user who runs a script must have the permissions associated with the script in order to run the script To add a script 1...

Page 121: ...Editing New Scripts 3 Enter the following Scripts 4 In the User Rights section select the user Group to which NIS users will belong Script Name A unique identifier for the script Type Select Interface for a script that utilizes Expect Tcl to perform pattern detection and action generation on Device Port output Select Batch for a script of CLI commands ...

Page 122: ... and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage Secure Lantronix units e g SLP Spider SLC and SLB units on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user S...

Page 123: ...pt at the CLI 1 To run an Interface Script on a device port for pattern recognition and action generation use the connect script Script Name deviceport Device Port or Name command 2 To run a Batch Script at the CLI with a series of CLI commands use the set script runcli Script Name command Batch Script Syntax The syntax for Batch Scripts is exactly the same as the commands that can be typed at the...

Page 124: ...condary Command One of the secondary commands defined in this section Quoted String A group of characters enclosed by double quote characters A quoted string may include any characters including space characters If a double quote character is to be included in a quoted string it must be preceded escaped by a backslash character Variable Reference A word as defined above preceded by a dollar sign c...

Page 125: ...r secondary command A value generated via the format secondary command A value generated via the timestamp command unset This command removes the definition of a variable within a script Syntax unset variable where variable is a word scan The scan command is analogous to the C language scanf Syntax scan variable format string value 1 value 2 value n where variable is a variable reference and forma...

Page 126: ...t commands have the same syntax expect string 1 command 1 string 2 command 2 string n command n where string x will either be a quoted string a variable reference or the reserved word timeout The command x is optional but the curly braces and are required If present it must be a primary command return The return command terminates execution of the script and returns an optional value to the callin...

Page 127: ...2 Determine if two strings are equal string first str needle str haystack Find and return the index of the first occurrence of str_needle in str_haystack string last str needle str haystack Find and return the index of the last occurrence of str_needle in str_haystack string length str Return the length of str string index str int Return the character located at position int in str string range st...

Page 128: ...will only be used in combination with the set command to produce the value for a variable Syntax timestamp format where format is a quoted string format The format command is analogous to the C language sprintf The format command will only be used in combination with the set command to produce the value for a variable Syntax format format string value 1 value 2 value n where format string will be ...

Page 129: ...o TRUE Each command within the block must be a Primary command Syntax if Boolean expression command 1 command 2 command n The elseif command is used in association with an if command it must immediately follow an if or elseif command It executes an associated block of commands if its Boolean expression evaluates to TRUE Each command within the block must be a Primay command Syntax elseif Boolean e...

Page 130: ...Prompt prompt send_user Already Logged r n Get hostname info send show network port 1 host r expect timeout send_user Time out Getting Hostname 1 r n return Domain Get Hostname from SLC set hostname string range expect_out buffer string first Hostname expect_out buffer expr string first Domain expect_out buffer 2 send_user r n r n r n r n send_user Device string toupper hostname r n send_user ____...

Page 131: ...urrent Time 21 16 43 show portcounter deviceport 7 n show portcounter deviceport 7 Device Port 7 Seconds since zeroed 1453619 Bytes input 0 Bytes output 0 Framing errors 0 Flow control errors 0 Overrun errors 0 Parity errors 0 SLC251glenn Current Time 21 16 58 show portcounter deviceport 7 show portcounter deviceport 7 Device Port 7 Seconds since zeroed 1453634 Bytes input 0 Bytes output 0 Framing...

Page 132: ...e ___Batch Scripts__________Group Permissions_____________________________________ cli Adm ad nt sv dt lu ra um dp pc rs fc dr sn wb sk po do slb247glenn slb247glenn connect script monport deviceport 7 login Logging in sysadmin sysadmin Password PASS Welcome to the Secure Lantronix Console Manager Model Number slc 48 For a list of commands type help slc251glenn show network port 1 host show networ...

Page 133: ... below then enable Use Sites for the modem Sites can be used with the following modem states dial in dial back CBCP Server dial on demand dial in dial on demand and dial back dial on demand For more information on how sites are used with each modem state see Modem Dialing States on page 136 To add a site 1 Click the Devices tab and select the Sites option The Sites page displays 2 In the lower sec...

Page 134: ...or dial on demand sites This indicates the phone number to dial when the SLC console manager needs to send IP traffice for a dial on demand connection Dial out Login User ID for authentication when dialing out to a remote system May have up to 32 characters This ID is used for authenticating the SLC unit during the dial out portion of a dial back including CBCP server and dial on demand Dial out P...

Page 135: ... deviceport Device Port or Name or none dialoutlogin User Login usbport U1 U2 dialoutpassword Password pccardslot upper lower allowdialback enable disable auth pap chap dialbacknumber Phone Number loginhost User Login CHAP Host dialbackdelay Dial back Delay chapsecret CHAP Secret dialbackretries 1 10 localipaddr negotiate IP Address timeoutlogins disable 1 30 minutes remoteipaddr negotiate IP Addr...

Page 136: ...to CHAP and c the Port is set to None or matches the port the modem is on If the remote peer requests PAP or CHAP authentication from the SLC unit the Remote Dial out Login and Remote Dial out Password configured for the modem not the site will be provided as authentication tokens If a matching site is found its Negotiate IP Address NAT and Modem Timeout parameters will be used for the rest of the...

Page 137: ...IP Address setting Dial on demand The SLC console manager automatically dial outs and establishes a PPP connection when IP traffic destined for a remote network needs to be sent It will remain connected until no data packets have been sent to the peer for a specified amount of time When this modem state is initiated the SLC unit searches the site list for all sites that a have a Dial out Number de...

Page 138: ...ng out to establish a PPP connection when IP traffic destined for a remote network needs to be sent When either event occurs an incoming call or IP traffic destined for the remote network the other mode will be disabled For Dial back the user will be authenticated via PAP or CHAP determined by the Authentication setting for the modem For PAP the Local Remote User list will be used to authenticate ...

Page 139: ...ill be used to authenticate the login and password sent by the PPP peer and the site list will be searched for a site that a the Login CHAP Host matches the name that was authenticated b Authentication is set to PAP and c the Port is set to None or matches the port the modem is on For CHAP the site list will be searched for a site that a the Login CHAP Host and CHAP Secret match the name and secre...

Page 140: ...ds chapter applies only to SLC 02 part numbers Set Up of PC Card Storage To set up PC Card storage in the SLC console manager perform the following steps 1 Insert any of the supported PC cards into either of the PC card bays on the front of the SLC device You can do this before or after powering up the SLC console manager If the card is a compact Flash to PC card adapter and the first partition on...

Page 141: ...Flash is used for device port logging and saving restoring configurations Unmount Click the checkbox to eject the compact flash from the SLC console manager after unmounting it Warning If you eject a Compact Flash from the SLC device without unmounting it subsequent mounts of a PC Card Compact Flash in either slot may fail and you will need to reboot the SLC console manager to restore PC Card func...

Page 142: ... lantronix com slc into one of the PC card bays on the front of the SLC device You can do this before or after powering up the SLC console manager 2 Click the Devices tab and select the PC Card option 3 Click the radio button in the PC Card Slots table that shows a modem installed 4 Click the Configure button Figure 9 3 shows the page that displays Figure 9 3 PC Card Modem ISDN Page ...

Page 143: ...es dial in dial back dial on demand dial in dial on demand dial back dial on demand and CBCP server For more information see Sites on page 133 Group Access If undefined any group can access the modem text login only If one or more groups are specified groups are delimited by the characters comma or semicolon then any user who logs into the modem must be a member of one of the specified groups othe...

Page 144: ...mber of times the SLC or SLB unit will retry the dial out portion of the dialing sequence if the first attempt to dial out fails Baud The speed with which the device port exchanges data with the attached serial device From the drop down list select the baud rate Most devices use 9600 for the administration port so this is the default Check the equipment settings and documentation for the proper ba...

Page 145: ... the connection is inactive for a specified number of minutes The default is No This setting only applies to text mode connections PPP mode connections stay connected until either side drops the connection Disabled by default Dial in Host List From the drop down list select the desired host list The host list is a prioritized list of SSH Telnet and TCP hosts that are available for establishing out...

Page 146: ...st be enabled on the Network Settings page for NAT to work To enable click the IP Forwarding link to display the Network Settings page Dial out Number Phone number for dialing out to a remote system or serial device May have up to 20 characters Any format is acceptable Remote Dial out Login User ID for authentication when dialing out to a remote system or if a remote system requests authentication...

Page 147: ...aults Upper PC Card Slot 2049 Lower PC Card Slot 2050 Range 1025 65535 Authenticate Checkbox and if selected the SLC console manager requires user authentication before granting access to the port Authenticate is selected by default for Telnet Port and SSH Port but not for TCP Port SSH Port The SSH session port number to use if you selected SSH Defaults Upper PC Card Slot 3049 Lower PC Card Slot 3...

Page 148: ...ge The Devices USB page has an USB Access checkbox USB Access is a security feature ensures that access to any USB device is disabled if the box is unchecked The SLC unit ignores any USB device plugged into the port To set up USB storage in the SLC console manager perform the following steps 1 Insert any of the supported thumb drives into the USB port on the front of the SLC unit You can do this b...

Page 149: ...ogging and saving restoring configurations Unmount Enables ejecting the USB device Warning If you eject a USB device from the SLC console manager without unmounting it subsequent mounts may fail and you will need to reboot the SLC unit to restore the functionality Format Select to Unmount the USB device if it is mounted Remove all existing partitions Create one partition Format it with the selecte...

Page 150: ...10 USB Port SLC Console Manager User Guide 150 Figure 10 3 Devices USB Modem 3 Enter the following fields ...

Page 151: ...pe of dial out connection PIN Enter PIN personal identification number for accessing the GSM GPRS card Retype PIN Re enter PIN personal identification number for accessing the GSM GPRS card PPP Compression Select to enable negotiation of data compression over PPP links Disabled by default Auto acquire DNS Select to enable the SLC console manager to acquire up to three DNS servers by means of GPRS ...

Page 152: ...ly control the modem Modem Timeout Timeout for all modem connections Select Yes default for the SLC console manager to terminate the connection if no traffic is received during the configured idle time Enter a value of from 1 to 9999 seconds The default is 30 seconds Caller ID Logging Select to enable the SLC unit to log caller IDs on incoming calls Disabled by default Note For the Caller ID AT co...

Page 153: ...tication settings as outgoing connections dial on demand If this option is not selected then the dial on demand connections take their authentication settings from the DOD parameter settings If DOD Authentication is PAP then the DOD CHAP Handshake field is not used DOD Authentication Enables PAP or CHAP authentication for dial in dial on demand PAP is the default With PAP users are authenticated b...

Page 154: ...umber determined by the server based on the login that is PAP or CHAP authenticated Service The available connection services for this modem port Telnet SSH or TCP Only one can be active at a time The default is None Telnet Port Telnet Port Telnet session port number to use if you selected Telnet Defaults USB Port U1 2049 USB Port U2 2050 Range 1025 65535 SSH Port The SSH session port number to us...

Page 155: ...re 10 4 Firmware and Configurations Manage Files Top of Page Note At the bottom of the page shown in Figure 10 4 are the Delete Download and Rename options 2 To delete a file click the check box next to the filename and click Delete File A confirmation message displays 3 To download a file click the Download File button Select the file from the list 4 To rename a file click the check box next to t...

Page 156: ...SB port For more information see Chapter 15 Command Reference set usb access set usb modem set usb storage mount set usb storage unmount set usb storage dir set usb storage fsck set usb storage rename set usb storage copy set usb storage delete set usb storage format show usb show usb storage show usb modem ...

Page 157: ...n at various times Immediately These connections are always re established after reboot At a specified date and time These connections connect if the date and time have already passed After a specified amount of data or a specified sequence of data passes through the connection Following reboot the connection is not reestablished until the specified data passes through the connection Typical Setup...

Page 158: ...SSH into the SLC They could also select text mode where using a terminal emulation program a user could dial into the SLC unit and connect to the command line interface Figure 11 2 Remote Access Server Reverse Terminal Server In this scenario the SLC console manager has one or more device ports connected to one or more serial ports of a mainframe server Users can access a terminal session by estab...

Page 159: ...orts The device ports on the SLC unit are connected to the console ports of the equipment that the user would like to manage To manage a specific piece of equipment the user can Telnet or SSH to a specific port or IP address on the SLC console manager and be connected directly to the console port of the end server or device To configure this setup set the Enable Telnet In or Enable SSH In option o...

Page 160: ...onnections SLC Console Manager User Guide 160 Figure 11 5 Console Server Connection Configuration To create a connection 1 Click the Devices tab and select the Connections option The following page displays ...

Page 161: ...e seconds field Port The number of the device port you are connecting This device port must be connected to an external serial device and must not have command line interface logins enabled be connected to a modem or be running a loopback test Note To see the current settings for this device port click the Settings link Data Flow Select the arrow showing the direction bidirectional or unidirection...

Page 162: ...er options this is the TCP UDP port number which is optional for Telnet out and SSH out but required for TCP Port and UDP Port Note If you select Device Port it must not have command line interface logins enabled or be running a loopback test To view the device port s settings click the Settings link to the right of the port number SSH Out Options Select one of the following optional flags to use ...

Page 163: ...t To configure initial timeout for outgoing connections connect global outgoingtimeout disable 1 9999 seconds Note This is not a TCP timeout To monitor a device port connect listen deviceport Device Port or Name To connect a device port to another device port or an outbound network connection data flows in both directions connect bidirection Port or Name endpoint Endpoint is one of charcount of Ch...

Page 164: ...to Execute tcp IP Address port TCP Port telnet IP Address or Name port TCP Port trigger now datetime chars udp IP Address port UDP Port Note If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or characters or a character sequence enter either the charcount or the charseq par...

Page 165: ...ser authentication is enabled the local user sysadmin account is always available for login Authentication can occur using all methods in the order of precedence until a successful authentication is obtained or using only the first authentication method that responds in the event that a server is down If you have the same user name defined in multiple authentication methods the result is unknown E...

Page 166: ...em NFS LDAP Lightweight Directory Access Protocol A set of protocols for accessing information directories specifically X 500 based directory services LDAP runs over TCP IP or other connection oriented transfer services RADIUS Remote Authentication Dial In User Service An authentication and accounting system used by many Internet Service Providers ISPs A client server protocol it enables remote ac...

Page 167: ...pply Now that you have enabled one or more authentication methods you must configure them Authentication Commands The following command for the command line interface corresponds to the web page entries described above To set ordering of authentication methods Note Local Users authentication is always the first method used Any methods omitted from the command will be disabled set auth one or more ...

Page 168: ...accounts to authenticate users 1 Click the User Authentication tab and select the Local Remote Users option The following page displays Figure 12 2 User Authentication Local Remote Users The top of the page has entry fields for enabling local and remote users and for setting password requirements The bottom of the page displays a table listing and describing all local and remote users ...

Page 169: ... Complex Passwords Select to enable the SLC unit to enforce rules concerning the password structure e g alphanumeric requirements number of characters punctuation marks Disabled by default Complexity rules Passwords must be at least eight characters long They must contain one upper case letter A Z one lower case letter a z one digit 0 9 and one punctuation character _ Allow Reuse Select to enable ...

Page 170: ...294967295 Note The UID must be unique If it is not SLC console manager automatically increments it Starting at 101 the SLC unit finds the next unused UID Listen Ports The device ports that the user may access to view data using the connect listen command Enter the port numbers or the range of port numbers for example 1 5 8 10 15 Data Ports The device ports with which the user may interact using th...

Page 171: ...iceport tcp or udp Break Sequence A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Custom Menu If custom menus have been created you can assi...

Page 172: ...e system and audit logging SSH and Telnet logins SNMP and SMTP Includes NFS and CIFS Secure Lantronix Network Right to view and manage Secure Lantronix units e g SLP Spider and SLC units on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rig...

Page 173: ...lick the Delete User button 3 Click the Apply button To change the sysadmin password 1 On the Local Remote Users page select sysadmin and click the Add Edit User button The Local Remote User Settings page displays 2 Enter the new password in the Password and Retype Password fields Note You can change Escape Sequence and Break Sequence if desired You cannot delete the UID or change the UID port per...

Page 174: ...n To delete a local user set localusers delete User Login To view settings for all users or a local user show localusers user User Login To block lock out a user s ability to log in set localusers lock User Login Note This capability is not available on the web page To allow unlock a user s ability to log in set localusers unlock User Login Note This capability is not available on the web page Loc...

Page 175: ...yauth enable disable To configure attributes for users who log in by a remote authentication method set remoteusers add edit User Login parameters Parameters accessoutlets Outlet List breakseq 1 10 Chars clearports Port List dataports Port List escapeseq 1 10 Chars group default power admin Custom Group Name listenports Port List permissions Permissions List where Permission List is one or more of...

Page 176: ...NIS does not provide port permissions you can use this page to grant device port access to users who are authenticated through NIS All NIS users are members of a group that has predefined user rights associated with it You can assign additional user rights that are not defined by the group To configure the SLC unit to use NIS to authenticate users 1 Click the User Authentication tab and select the...

Page 177: ...tting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp Break Sequence A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify t...

Page 178: ... SLB units on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for NIS users Web Access Right to access Web M...

Page 179: ...et a default custom menu for NIS users set nis custommenu Menu Name To view NIS settings show nis LDAP The system administrator can configure the SLC console manager to use LDAP to authenticate users attempting to log in using the Web Telnet SSH or the console port LDAP allows SLC users to authenticate using a wide variety of LDAP servers such as OpenLDAP and Microsoft Active Directory The LDAP im...

Page 180: ...hod on the first User Authentication page If you want to set up this authentication method but not enable it immediately clear the checkbox Server The IP address or host name of the LDAP server Port Number of the TCP port on the LDAP server to which the SLC talks The default is 389 Base The name of the LDAP search base e g dc company dc com May have up to 80 characters ...

Page 181: ...bute used by the LDAP server for group membership This attribute may be use to search for a name ie msmith or a Distinguished Name ie uid msmith ou People dc lantronix dc com Select either Name or DN as appropriate for the LDAP server If nothing is specified for the group membership attribute the SLC console manager will use memberUID for name and uniqueMember for DN For AD LDAP servers the Group ...

Page 182: ...pecify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp Break Sequence A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B...

Page 183: ...e local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for LDAP users Web Access Right to access Web Manager Diagnost...

Page 184: ... port TCP Port Default is 389 server IP Address or Hostname state enable disable To set user group and permissions for LDAP users group default power admin To set permissions for LDAP users not already defined by the user rights group permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp ub rs rc dr wb sn ad po pc To remove a permission type a minus sign befor...

Page 185: ... authenticated through RADIUS are granted device port access through the port permissions on this page All RADIUS users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLC unit to use RADIUS to authenticate users 1 Click the User Authentication tab and select RADIUS The following page di...

Page 186: ...f you do not specify an optional port the SLC console manager uses the default RADIUS port 1812 Server 2 Secret Text that serves as a shared secret between a RADIUS client and the server SLC The shared secret is used to encrypt a password sent between the client and the server May have up to 128 characters Timeout The number of seconds 1 30 after which the connection attempt times out The default ...

Page 187: ...ecify additional rights for the individual user Power Users This group has the same rights as Default Users plus Networking Date Time Reboot Shutdown and Diagnostics Reports Administrators This group has all possible rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Te...

Page 188: ... and the number of the TCP port on the RADIUS server set radius server 1 2 host IP Address or Hostname secret Secret port TCP Port The default port is 1812 To set the number of seconds after which the connection attempt times out set radius timeout disable 1 30 May be 1 30 seconds To set user group and permissions for RADIUS users set radius group default power admin To set permissions for RADIUS ...

Page 189: ...he right to clear group User group Valid values for the value string are default power and admin and any SLC or SLB custom group name If a custom group name is specified and it matches a current SLC custom group name any rights attribute will be ignored and the custom group s rights permissions will be used instead A group name with spaces cannot be specified escseq Escape sequence The value strin...

Page 190: ...work authentication protocol that provides strong authentication for client server applications by using secret key cryptography The system administrator can configure the SLC console manager to use Kerberos to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions...

Page 191: ...he order of precedence on the User Authentication page Realm Enter the name of the logical network served by a single Kerberos database and a set of Key Distribution Centers Usually realm names are all uppercase letters to differentiate the realm from the Internet domain Realm is similar in concept to an NT domain KDC A key distribution center KDC is a server that issues Kerberos tickets A ticket ...

Page 192: ...ch is hexadecimal x character 27 1B followed by a B Enable for Dial back Select to grant a user dial back access Users with dial back access can dial into the SLC unit and enter their login and password Once the SLC device authenticates them the modem hangs up and dials them back Disabled by default Dial back Number The phone number the modem dials back on depends on this setting for the device po...

Page 193: ...lt power admin Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for Kerberos users Web Access Right to access Web Manager Diagnostics Reports Right to obtain diagnostic information and reports about the unit Reboot Shutdown Righ...

Page 194: ...on of TACACS is to perform authentication for remote access The SLC console manager supports the TACACS protocol not the older TACACS or XTACACS protocols The system administrator can configure the SLC unit to use TACACS to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the por...

Page 195: ...you enable TACACS here it automatically displays at the end of the order of precedence on the User Authentication page TACACS Servers 1 3 IP address or host name of up to three TACACS servers Secret Shared secret for message encryption between the SLC console manager and the TACACS server Enter an alphanumeric secret of up to 127 characters Encrypt Messages Select the checkbox to encrypt messages ...

Page 196: ...r the modem dials back on depends on this setting for the device port The user is either dialed back on a fixed number or on a number that is associated with the user s login specified here Data Ports The ports users are able to monitor and interact with using the connect direct command Listen Ports The ports users are able to monitor using the connect listen command Clear Port Buffers The ports w...

Page 197: ...et tacacs group default power admin To set permissions for TACACS users not already defined by the user rights group set tacacs permissions Permission List where Permission List is one or more of nt sv dt lu ra sk um dp ub rs rc dr wb sn ad po pc Diagnostics Reports Right to obtain diagnostic information and reports about the unit Reboot Shutdown Right to use the CLI or shut down the SLC console m...

Page 198: ...ons rather than their individual attributes and permissions The SLC device supports querying a LDAP server for groups that a LDAP user is a member of if any of the LDAP group names match a Custom Group Name the LDAP user will be granted the rights of the custom group A custom group cannot be given the name of one of the pre defined groups Admin Power or Default or any version of these names where ...

Page 199: ...tion SLC Console Manager User Guide 199 Figure 12 9 User Authentication Group 2 Enter the following Group Name Enter a name for the group Listen Ports The ports users are able to monitor using the connect listen command ...

Page 200: ...allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp or udp Break Sequence A series of one to ten characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify t...

Page 201: ...re saved with the SLC configuration and the administrator has the option of retaining the SSH keys during a reset to factory defaults The SLC device can also update the SSH RSA1 RSA and DSA host keys that the SSH server uses with site specific host keys or reset them to the default values Imported Keys Imported SSH keys must be associated with an SLC local user The key can be generated on host MyH...

Page 202: ... paste The name of the key is used to generate the name of the public key file that is exported for example keyname pub and the exported keys are organized by user and key name Once a key is generated and exported you can delete the key or view the public portion Any SSH connection out of the SLC unit for the designated host user combination uses the SSH key for authentication To configure the SLC...

Page 203: ...re 12 10 User Authentication SSH Keys 2 Enter the following Imported Keys SSH In Host User Associated with Key These entries are required in the following cases The imported key file does not contain the host that the user will be making an SSH connection from or ...

Page 204: ...ey to the SLC If Copy Paste is selected the public key will be entered into the Filename Public Key field Filename Public Key The name of the file that was uploaded via HTTPS or to be copied via SCP or FTP may contain multiple keys or the public key optionally including user host at the end if Copy Paste is used Host IP address of the remote server from which to SCP or FTP the public key file Path...

Page 205: ...vvGmoEWBuBSu505lQHfL70ijxZWOEVTJGFqUQTSq8Ls3 v3lkUJEX5ln 2AlQx0F40I5wNEC0 m3d5QE FKc sysadmin DaveSLM 3 To delete the key click the Delete button Export via Select the method SCP FTP HTTPS or Cut and Paste of exporting the key to the remote server Cut and Paste the default requires no other parameters for export Host IP address of the remote server to which the SLC console manager will SCP or FTP ...

Page 206: ... or import SSH RSA1 RSA And DSA host keys 1 On the User Authentication SSH Keys page click the SSH Server Host Keys link at the top right The following page displays the current host keys In the example below the current keys are the defaults Figure 12 11 Current Host Keys ...

Page 207: ...ogin path Path to Copy Key bits 1024 2048 keyname SSH Key Name keyuser SSH Key User type rsa dsa Reset to Default Host Key Select the All Keys checkbox to reset all default key s or select one or more checkboxes to reset defaults for RSA1 RSA or DSA keys All checkboxes are unselected by default Import Host Key To import a site specific host key select the checkbox Unselected by default Type From t...

Page 208: ...port type rsa1 rsa dsa via sftp scp pubfile Public Key File privfile Private Key File host IP Address or Name login User Login path Path to Key File To reset defaults for all or selected host keys set sshkey server reset type all rsa1 rsa dsa To display SSH keys that have been imported show sshkey import one or more parameters Parameters keyhost SSH Key IP Address or Name keyuser SSH Key User view...

Page 209: ...er enters the number associated with the command Each command can also have a nickname associated with it which can be displayed in the menu instead of the command The commands showmenu Menu Name and returnmenu can be entered to display another menu from a menu or to return to the prior menu The command returncli can be used to break out of a menu and return to the regular CLI To add a custom menu...

Page 210: ...12 User Authentication SLC Console Manager User Guide 210 Figure 12 12 User Authentication Custom Menus 2 In the lower section of the page enter the following ...

Page 211: ...replace the currently selected command nickname in the list The Unselect Command Nickname button can be used to unselect the currently selected command nickname in the list 4 To add more commands to the custom menu repeat step 3 5 You also have the following options To edit a command nickname in the custom menu select the command in the Commands Nicknames List box and select the left arrow button ...

Page 212: ...ays a specified menu The special command returnmenu redisplays the parent menu if the current menu was displayed from a showmenu command The user with appropriate rights creates and manages custom user menus from the command line interface but can assign a custom user menu to a user from either the command line or the web interface When creating a custom user menu note the following limitations Ma...

Page 213: ...title return for none Menu1 Title Specify nickname for each command no y Enter each command up to 50 commands logout is always the last command Press return when the menu command set is complete Command 1 connect direct deviceport 1 Nickname 1 connect Port 1 Command 2 connect direct deviceport 2 Nickname 2 connect Port 2 Command 3 showmenu menu2 Warning menu menu2 does not exist Nickname 3 menu2 C...

Page 214: ..._____________________________________ Menu menu2 Title Menu2 Title Show Nicknames disabled Redisplay Menu disabled Command 1 connect direct deviceport 3 Nickname 1 none Command 2 connect direct deviceport 4 Nickname 2 none Command 3 show datetime Nickname 3 none Command 4 returnmenu Nickname 4 none Command 5 logout Nickname 5 none The system administrator 4 configures local user john to use custom...

Page 215: ...e help Enter 1 4 help Menu1 Title 1 connect Port 1 3 menu2 2 connect Port 2 4 log off Enter 1 4 3 Executing showmenu menu2 Enter 1 5 help Menu2 Title 1 connect direct deviceport 3 2 connect direct deviceport 4 3 show datetime 4 returnmenu 5 logout Enter 1 5 3 Executing show datetime Date Time Tue Sep 7 19 13 35 2004 Timezone UTC Enter 1 5 4 Executing returnmenu Enter 1 4 help Menu1 Title 1 connect...

Page 216: ...sed for firmware updates Set up the location or method that will be used to save or restore configurations default FTP SFTP NFS CIFS PC card or USB Update the version of the firmware running on the SLC console manager Save a snapshot of all settings on the SLC unit save a configuration Restore the configuration either to a previously saved configuration or to the factory defaults View and terminat...

Page 217: ...13 Maintenance SLC Console Manager User Guide 217 Figure 13 1 Maintenance Firmware Config ...

Page 218: ...1 Data Center Rack Cluster Set these fields to define the rack cluster the SLC device is located within a large data center The default for these fields is 1 Data Center Rack Set these fields to define the rack the SLC console manager is located within a large data center The default for these fields is 1 Current Version Displays the current firmware version Update Firmware To update the SLC firmw...

Page 219: ...ble on certain models of SLC or SLB units PC Card Slot Click to select the Upper Slot or Lower Slot if PC Card PC Cards are available on certain models of SLC or SLB units FTP SFTP TFTP Server The IP address or host name of the server used for obtaining updates and saving or restoring configurations May have up to 64 alphanumeric characters may include hyphens and underscores Path The default path...

Page 220: ...wn list FTP Server The FTP server specified in the FTP SFTP TFTP section If you select this option select FTP or SFTP to transfer the configuration file NFS Mounted Directory Local directory of the NFS server for mounting files CIFS Share Saved Configurations If restoring select a saved configuration from the drop down list USB If a USB thumb drive is loaded into one of the USB ports of the SLC un...

Page 221: ...n local ftp sftp nfs cifs usb pccard nfsdir NFS Mounted Directory usbport U1 pccardslot upper lower savesshkeys enable disable savesslcert enable disable savescripts enable disable To restore a saved configuration to the SLC admin config restore Config Name location local ftp sftp nfs cifs usb pccard nfsdir NFS Mounted Directory usbport U1 pccardslot upper lower savesshkeys enable disable savesslc...

Page 222: ...displayed by admin ftp show admin firmware update ftp tftp sftp nfs usb pccard file Firmware File key Checksum Key nfsdir NFS Mounted Directory usbport U1 pccardslot upper lower To set the boot bank to be used at the next SLB SLC reboot for dual boot SLB SLC units admin firmware bootbank 1 2 To copy the boot bank from the currently booted bank to the alternate bank for dual boot SLB SLC units admi...

Page 223: ... To copy the boot bank from the currently booted bank to the alternate bank for dual boot SLB SLC units admin firmware copybank To reboot the SLC admin reboot Note The front panel LCD displays the Rebooting the SLC message and the normal boot sequence occurs To prepare the SLC console manager to be powered off admin shutdown Note When you use this command to shut down the SLC unit the LCD front pa...

Page 224: ...about firmware updates To set the FTP TFTP SFTP server used for firmware updates and configuration save restore admin ftp server IP Address or Hostname login User Login path Directory To view FTP settings admin ftp show To set the FTP server password and prevent it from being echoed admin ftp password To restore the SLC console manager to factory default settings admin config factorydefaults saves...

Page 225: ...rt u1 pccardslot upper lower To delete a saved configuration admin config delete Config Name location default cifs usb usbport u1 pccardslot upper lower To list the configurations saved to a location admin config show default ftp sftp nfs cifs usb pccard nfsdir NFS Mounted Dir usbport u1 pccardslot upper lower To run the quick setup script admin quicksetup System Logs The Maintenance System Logs p...

Page 226: ...l Network Services Authentication Device Ports Diagnostics General Software Level Select the alert level you want to view for the selected log Error Warning Info Debug Starting at Select the starting point of the range you want to view Beginning of Log to view the log from the earliest available beginning time and date Date to view the log starting from aspecific starting date and time Ending at S...

Page 227: ...s 2 Click the Clear Log button to clear all log information System Log Command The following command for the command line interface corresponds to the web page entries described above To view the system logs containing information and error messages show syslog parameters Parameters email Email Address level error warning info debug log all netlog servlog authlog devlog diaglog genlog display head...

Page 228: ... in the log file contains a date time stamp user login and the action performed by the user The user may clear the log file and sort the log by date time user and command The audit log is saved through SLC unit reboots 1 Click the Maintenance tab and select the Audit Log option The following page displays Figure 13 5 Maintenance Audit Log 2 To select a sort option click the appropriate button To s...

Page 229: ...enance Email Log page displays a log of all attempted emails The log file can be cleared from here The email log is saved through SLC unit reboots 1 Click the Maintenance tab and select the Email Log option The following page displays Figure 13 6 Maintenance Email Log 2 To email this log follow the instructions in Emailing Logs and Reports on page 236 3 To clear the log click the Clear Log button ...

Page 230: ...ys Figure 13 7 Maintenance Diagnostics 2 Select Diagnostics from checklist one or more diagnostic methods you want to run or select All to run them all ARP Table Address Resolution Protocol ARP table used to view the IP address to hardware address mapping Netstat Displays network connections If you select the checkbox select the TCP or UDP protocol or select All for both protocols to control the o...

Page 231: ...work connectivity test For UDP the number of times the string is sent is equal to the number of packets sent For TCP the number of times the string is sent may or may not be equal to the number of packets sent because TCP controls how data is packetized and sent out Enter the following Protocol Select the type of packet to send TCP or UDP Hostname Specify a host name or IPaddress of the host to se...

Page 232: ...SLC unit To test a device port plug the cable into the device port and run this command The command sends the specified Kbytes to the device port and reports success or failure The test is performed at 9600 baud Only an external test requires a loopback cable To display the route that packets take to get to a network host diag traceroute IP Address or Hostname To verify that the host is up and run...

Page 233: ...face diag nettrace one or more parameters Parameters ethport 1 2 host IP Address or Name numpackets Number of Packets protocol tcp udp icmp verbose enable disable To display information on the internal memory storage and processes of the SLC unit diag internals email Email Address Note This command is available the web interface as SLC Internals under Maintenance Diagnostics ...

Page 234: ...owing page displays Figure 13 9 Maintenance Status Reports The top half of the page displays the status of each port power supply and power outlet Green indicates that the port connection or power supply is active and functioning correctly Red indicates an error or failure or that the device is off 2 Select the desired reports to view under View Report View Report All Displays all reports Port Sta...

Page 235: ...how portstatus deviceport Device Port List or Name email Email Address You can optionally email the displayed information IP Routes Displays the routing table Connections Displays all active connections for the SLC unit Telnet SSH TCP UDP device port and modem System Configuration Complete Displays a complete snapshot of the SLC settings System Configuration Basic Displays a snapshot of the SLC un...

Page 236: ...u can optionally email the displayed information To provide details e g endpoint parameters and trigger for a specific connection show connections connid Connection ID email Email Address You can optionally email the displayed information Note Use the basic show connections command to obtain the Connection ID Emailing Logs and Reports The following logs and reports can be directly emailed to a spe...

Page 237: ... Emailed Log or Report To email a log to Lantronix Technical Support 1 Click the question mark icon on the upper right corner to access SLC console manager device and setup information as well as contact information for Lantronix Technical Support see Figure 13 12 ...

Page 238: ... Technical Support 2 Call Lantronix Tech Support with the contact information provided and obtain a case number 3 Press the Email Output button to send Lantronix Tech Support the log along with the identifying support number 4 Click OK in the confirmation popup that appears ...

Page 239: ...ent Currently the options are Receive Trap Temperature Over Under Limit for Sensorsoft devices Humidity Over Under Limit for Sensorsoft devices Device Port Data Drop Curent Over Threshold Note Certain event triggers are available on some SLC and SLB models Action From the drop down list select the action taken because of the trigger For example the action can be writing an entry into the syslog wi...

Page 240: ...smodem fwdseltrapmodem usbport U1 pccardslot upper lower nms SNMP NMS community SNMP Community oid SNMP Trap OID action emailalert emailaddress destination email address To update event definitions admin events edit Event ID parameters Parameters community SNMP Community deviceport Device Port or Name ethport 1 2 Modem Connection on For actions that require a modem connection for example Forward A...

Page 241: ... screens include current time network settings console settings date and time release version location and custom user strings Enabling the Auto Scroll LCD Screens option enables scrolling through the screens and pausing the number of seconds specified by the Scroll Delay between each screen After any input to the keypad the LCD waits until the keypad has been idle for the number of seconds specif...

Page 242: ...the 2 lines defined by the User Strings Line 1 and Line 2 fields By default these user strings are blank 4 Click Apply to save To configure the Keypad 1 Enter the following fields 2 Click Apply to save LCD Keypad Commands The following CLI commands correspond to the Maintenance LCD Keypad page For more information see Chapter 15 Command Reference admin keypad lock admin keypad password admin keypa...

Page 243: ... n character sequence Login Banner The text to display on the command line interface after the user logs in May contain up to 1024 characters single quote and double quote characters are not supported Default is blank Note To create more lines use the n character sequence Logout Banner The text to display on the command line interface after the user logs out May contain up to 1024 characters singl...

Page 244: ...uide 244 Banner Commands The following CLI commands correspond to the Maintenance Banners page For more information see Chapter 15 Command Reference admin banner login admin banner logout admin banner show admin banner ssh admin banner welcome ...

Page 245: ...igure 14 1 SLC Console Manager This chapter includes three examples that use the SLC device The examples assume that the SLC console manager is connected to the network and has already been assigned an IP address In the examples the command line interface is shown You can perform the same configurations using the web page interface except for directly interacting with the SLC device direct command...

Page 246: ...s disabled CHAP Host none Break Sequence x1bB CHAP Secret none Check DSR disabled NAT disabled Close DSR disabled Dial out Login none Dial out Password none Dial out Number none Dial back Number usernumber Initialization Script none Logging Settings Local Logging disabled PC Card Logging disabled Email Logging disabled Log to upper slot Byte Threshold 100 Max number of files 10 Email Delay 60 seco...

Page 247: ... dial in by using the set deviceport command with the shown parameters 2 Configure the device port that is connected to the console port of the SUN UNIX server by using the baud and flowcontrol parameters 3 Dial into the SLC console manager via the modem using a terminal emulation program on a remote PC A command line prompt displays SLC set deviceport port 1 modemmode text Device Port settings su...

Page 248: ...ce When a connection is established between the device port and an outbound Telnet session users can access the SUN server as though directly connected to it See Chapter 11 Connections for more information Figure 14 4 Terminal Device Connection to the SLC Console Manager CONNECT 57600 Welcome to the SLC login sysadmin Password Welcome to the SLC Console Manager Model Number SLC 48 For a list of co...

Page 249: ...e 9600 Telnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff IP none Authentication PAP Logins disabled CHAP Host none Break Sequence x1bB CHAP Secret none Check DSR disabled NAT disabled Close DSR disabled Dial out Login none Dial out Password none Dial ou...

Page 250: ...lue can be one of the following set show connect diag pccard admin or logout The category value is a group of related parameters that you can configure or view Examples are ntp deviceport and network Administrative Commands Log Commands Audit Log Commands Network Commands Authentication Commands NFS and SMB CIFS Commands CLI Commands NIS Commands Connection Commands PC Card Commands Console Port C...

Page 251: ...state static ipaddr 122 3 10 1 mask 255 255 0 0 to se net po 1 st static ip 122 3 10 1 ma 255 255 0 0 Use the Tab key to automatically complete action category or parameter names Type a partial name and press Tab either to complete the name if only one is possible or to display the possible names if more than one is possible Following a space after the preceding name Tab displays all possible name...

Page 252: ...ning of each section When the number of lines displayed by a command exceeds the size of the window the default is 25 the command output is halted until you are ready to continue To display the next line press Enter and to display the page press the space bar You can override the number of lines or disable the feature altogether with set cli Deprecated Commands Deprecated commands in this release ...

Page 253: ...pdir Description Resets system resources and clears the temporary directory admin config copy Syntax admin config copy current Config Name location local nfs cifs pccard usb nfsdir NFS Mounted Directory usbport U1 pccardslot upper lower Description Copies the current configuration or optionally a configuration from another location to the other bank for dual boot SLC console managers admin config ...

Page 254: ... Config Name location local ftp sftp nfs cifs pccard usb nfsdir NFS Mounted Directory usbport U1 pccardslot upper lower savesshkeys enable disable savesslcert enable disable savescripts enable disable preserveconfig Config Params to Preserve Config Params to Preserve nt Networking ra Remote Authentication sv Services dp Device Ports dt Date Time pc PC Card lu Local Users ub USB Note The Config Par...

Page 255: ...om the currently booted bank to the alternate bank for dual boot SLC console managers admin firmware show Syntax admin firmware show viewlog enable disable Description Lists the current firmware revision the boot bank status for dual boot SLC console managers and optionally displays the log containing details about firmware updates admin firmware update Syntax admin firmware update ftp tftp sftp n...

Page 256: ...r firmware updates and configuration save restore admin ftp show Syntax admin ftp show Description Displays FTP settings admin keypad Syntax admin keypad lock unlock Description Locks or unlocks the LCD keypad If the keypad is locked you can scroll through settings but not change them admin keypad password Syntax admin keypad password Must be 6 digits Description Changes the Restore Factory Defaul...

Page 257: ...Chars Description Sets the strings displayed on the LCD user string screen admin lcd screens Syntax admin lcd screens zero or more parameters Parameters currtime 1 8 network 1 8 console 1 8 datetime 1 8 release 1 8 devports 1 8 location 1 8 userstrings 1 8 Description Sets which screens that display on the LCD and the display order Any screens omitted from the admin lcd screens command are disable...

Page 258: ...l storage device admin memory swap add Size of Swap in MB usbport U1 Deletes the swap space from the SLC disk or an external storage device admin memory swap delete admin memory show admin quicksetup Syntax admin quicksetup Description Runs the quick setup script admin reboot Syntax admin reboot Description Terminates all connections and reboots the SLC console manager The front panel LCD displays...

Page 259: ...en Shutdown complete displays it is safe to power off the SLC console manager This command is not available on the Web page admin version Syntax admin version Description Displays current hardware and firmware information admin web certificate Syntax admin web certificate import via sftp scp certfile Certificate File privfile Private Key File host IP Address or Name login User Login path Path to F...

Page 260: ...et enable disable Description Enables or disables iGoogle Gadget web content admin web iface Syntax admin web iface none eth1 eth2 ppp Description Defines a list of network interfaces the web is available on admin web group Syntax admin web group Local or Remote Group Name Description Configures the group that can access the web admin web banner Syntax admin web banner Banner Text Description Conf...

Page 261: ... web show viewslmsessions enable disable Description Displays the current sessions and their ID Audit Log Commands show auditlog Syntax show auditlog command user clear email Email Address Description Displays audit log By default shows the audit log sorted by date time You can sort it by user or command or clear the audit log Authentication Commands set auth Syntax set auth one or more parameters...

Page 262: ...er CLI Commands set cli scscommands Syntax set cli scscommands enable disable Commands info direct Device Port or Name version listen Device Port or Name reboot clear Device Port or Name poweroff telnet IP Address or Name listdev ssh IP Address or Name Description Allows you to use SCS compatible commands as shortcuts for executing commands Enabling this feature enables it only for the current cli...

Page 263: ...erminal automatically Note Settings are retained between CLI sessions for local users and users listed in the remote users list set history Syntax set history clear Description Clears the CLI commands history show history Syntax show history Description Displays the last 100 commands entered during a session Connection Commands connect bidirection Syntax connect bidirection Device Port or Name end...

Page 264: ...r or characters or a character sequence enter the charxfer parameter and either the charcount or the charseq parameter connect direct Syntax connect direct endpoint Parameters deviceport Device Port or Name hostlist Host List ssh IP Address or Name port TCP Port SSH flags tcp IP Address port TCP Port telnet IP Address or Name port TCP Port udp IP Address port UDP Port SSH flags is one or more of u...

Page 265: ...e Port or Name Description Connect an interface script to a Device Port and run it connect terminate Syntax connect terminate Connection ID List Description Terminates a bidirectional or unidirectional connection connect unidirection Syntax connect unidirection Device Port or Name dataflow toendpoint fromendpoint endpoint one or more parameters endpoint is one of deviceport Device Port or Name tel...

Page 266: ...s email Email Address Description Displays connections and their IDs You can optionally email the displayed information The connection IDs are in the left column of the resulting table The connection ID associated with a particular connection may change if the connection times out and is restarted show connections connid Syntax show connections connid Connection ID email Email Address Description ...

Page 267: ...and Each command can also have a nickname associated with it which can be displayed in the menu instead of the command The commands showmenu Menu Name and returnmenu can be entered to display another menu from a menu or to return to the prior menu When creating a custom user menu note the following limitations Maximum of 20 custom user menus Maximum of 50 commands per custom user menu logout is al...

Page 268: ...sable shownicknames enable disable title Menu Title The following list includes options which accept the CLEAR command Note CLEAR must be in all caps Description Changes a command within an existing custom user menu changes a nickname within an existing custom user menu enables or disables the redisplay of the menu before each prompt enables or disables the display of command nicknames instead of ...

Page 269: ...through the process of selecting a time zone Description Sets the local date time and local time zone one parameter at a time show datetime Syntax show datetime Description Displays the local date time and time zone set ntp Syntax set ntp one or more parameters Parameters localserver1 IP Address or Name localserver2 IP Address or Name localserver3 IP Address or Name poll local public publicserver ...

Page 270: ...tstate outlet Outlet tower A B slp servertech envmon slp servertech infeedstatus slp servertech system Description Sends commands to or control a device connected to an SLC device port over the serial port Note Currently the only devices supported for this type of interaction are the SLP power manager ServerTech CDU and Sensorsoft devices Device Port Commands set deviceport port Syntax set devicep...

Page 271: ...n dialoutlogin User Login dialoutnumber Phone Number dialoutpassword Password dodauth pap chap dodchaphost CHAP Host or User Name dodchapsecret CHAP Secret or User Password emaildelay Email Delay emaillogging disable bytecnt charstr emailrestart Restart Delay emailsend email trap both emailstring Regex String emailsubj Email Subject emailthreshold Threshold emailto Email Address flowcontrol none x...

Page 272: ... portlogseq 1 10 Chars remoteipaddr negotiate IP Address restartdelay PPP Restart Delay showlines disable 1 50 lines slmlogging enable disable slmnms NMS IP Address slmthreshold Threshold slmtime Time Frame sshauth enable disable sshin enable disable sshport TCP Port sshtimeout disable 1 1800 seconds stopbits 1 2 sysloglogging enable disable tcpauth enable disable tcpin enable disable tcpport TCP ...

Page 273: ...ices such as SLP power manager and Sensorsoft see the help for set command The following list includes options which accept the CLEAR command Note CLEAR must be in all caps Description Configures a single port or a group of ports set deviceport global Syntax set deviceport global one or more parameters Parameters sshport TCP Port telnetport TCP Port tcpport TCP Port Description Configures settings...

Page 274: ...List or Name email Email Address Description Displays device port statistics and errors for one or more ports You can optionally email the displayed information show portcounters zerocounters Syntax show portcounters zerocounters Device Port List or Name Description Zeros the port counters for one or more device ports show portstatus Syntax show portstatus deviceport Device Port List or Name email...

Page 275: ... external xferdatasize Size In Kbytes to Transfer Default is 1 Kbyte Description Tests a device port by transmitting data out the port and verifying that it is received correctly A special loopback cable comes with the SLC console manager To test a device port plug the cable into the device port and run this command The command sends the specified Kbytes to the device port and reports success or f...

Page 276: ...ion Verifies if the SLC console manager can reach a host over the network diag perfstat Syntax diag perfstat ethport 1 2 deviceport Device Port or Name Note You must specify an Ethernet Port or Device Port Description Displays performance statistics for an Ethernet Port or Device Port averaged over the last 5 seconds diag sendpacket host Syntax diag sendpacket host IP Address or Name port TCP or U...

Page 277: ...igger response trigger is one of receivetrap templimit humidlimit or overcurrent response is one of action syslog action fwdalltrapseth fwdseltrapeth ethport 1 2 nms SNMP NMS community SNMP Community oid SNMP OID action fwdalltrapsmodem fwdseltrapmodem deviceport Device Port or Name nms SNMP NMS community SNMP Community oid SNMP Trap OID action fwdalltrapsmodem fwdseltrapmodem pccardslot upper low...

Page 278: ...MS oid SNMP Trap OID usbport U1 pccardslot upper lower emailaddress destination email address Description Edits event definitions admin events show Syntax admin events show Description Displays event definitions Group Commands set groups add edit Group Name parameters Syntax set groups add edit Group Name parameters Parameters dataports Port List listenports Port List clearports Port List accessou...

Page 279: ...ers must be removed from a group before it can be deleted show group Syntax show groups name Group Name members enable disable Description Displays all groups or a specific group The members of the group s can optionally be displayed The following list includes options which accept the CLEAR command Note CLEAR must be in all caps Host List Commands set hostlist name Syntax set hostlist add edit Ho...

Page 280: ...ds a new host entry to a list or edit an existing entry set hostlist delete Syntax set hostlist delete Host List entry Host Number Description Deletes a host list or a single host entry from a host list set hostlist edit Syntax set hostlist edit Host List Name move Host Number position Host Number Description Moves a host entry to a new position in the host list show hostlist Syntax show hostlist ...

Page 281: ...1 state enable ruleset Ruleset Name Description Maps an IP filter to an interface set ip filter rules Syntax set ipfilter rules parameters Parameters add Ruleset Name delete Ruleset Name edit Ruleset Name Edit Parameters append insert Rule Number replace Rule Number delete Rule Number Description Sets IP filter rules set ipfilter state Syntax set ipfilter state enable disable testtimer disable 1 1...

Page 282: ...r status Syntax show ipfilter status all Ruleset Name Description Displays the IP filter status Kerberos Commands set kerberos Syntax set kerberos one or more parameters Parameters accessoutlets Outlet List breakseq 1 10 Chars clearports Port List custommenu Menu Name allowdialback enable disable dialbacknumber Phone Number dataports Port List escapeseq 1 10 Chars group default power admin ipaddr ...

Page 283: ...s who log in via the Web SSH Telnet or the console port show kerberos Syntax show kerberos Description Displays Kerberos settings LDAP Commands set ldap Syntax set ldap one or more parameters Parameters accessoutlets Outlet List adsupport enable disable base LDAP Base bindname Bind Name bindpassword Bind Password bindwithlogin enable disable useldapschema enable disable breakseq 1 10 Chars clearpo...

Page 284: ...e disable The following list includes options which accept the CLEAR command Note CLEAR must be in all caps Description Configures the SLC console manager to use LDAP to authenticate users who log in via the Web SSH Telnet or the console port show ldap Syntax show ldap Description Displays LDAP settings Local Users Commands set localusers Syntax set localusers add edit User Login one or more param...

Page 285: ... the CLEAR command Note CLEAR must be in all caps Description Configures local accounts including sysadmin who log in to the SLC console manager by means of the Web SSH Telnet or the console port set localusers allowreuse Syntax set localusers allowreuse enable disable Description Sets whether a login password can be reused set localusers complexpasswords Syntax set localusers complexpasswords ena...

Page 286: ...ck unlock User Login Description Allows or blocks a user login set localusers maxloginattempts Syntax set localusers maxloginattempts Number of Logins Description Sets the maximum number of login attempts before the account is locked Disabled by default set localusers multipleadminlogins Syntax set localusers multipleadminlogins enable disable Description Sets multiple admin logins set localusers ...

Page 287: ...et localusers reusehistory Number of Passwords Description Sets the number of passwords the user must use before reusing an old password The default is 4 set localusers state Syntax set localusers state enable disable Description Enables or disables authentication of local users show localusers Syntax show localusers user User Login Description Displays local users Log Commands set log clear Synta...

Page 288: ...USB or PC Card log files either for a specific Device Port or all log files in a PC Card or NFS location show log local Syntax show log local nfs pccard Device Port or Name parameters Parameters display head tail numlines Number of Lines bytes Bytes to Display startbyte Byte Index logfile NFS or PC Card Log File Defaults bytes 1000 startbyte 1 numlines 40 Description Views the log for local NFS or...

Page 289: ...ription Sets TCP Keepalive and IP Forwarding network parameters set network bonding Syntax set network bonding disabled active backup 802 3ad load balancing Description Configures ethernet bonding set network dns Syntax set network dns 1 2 3 ipaddr IP Address Description Configures up to three DNS servers set network gateway Syntax set network gateway parameters Parameters default IP Address prece...

Page 290: ...6 Syntax set network ipv6 enable disable Description Enables or disables IPv6 networking set network port Syntax set network port 1 2 parameters Parameters mode auto 10mbit half 100mbit half 10mbit full 100mbit full state dhcp bootp static disable ipaddr IP Address mask Mask ipv6addr IP v6 Address Prefix mtu Maximum Transmission Unit Description Configures Ethernet port 1 or 2 show network all Syn...

Page 291: ...escription Displays the network host name of the SLC console manager show network port Syntax show network port 1 2 Description Displays Ethernet port settings and counters NFS and SMB CIFS Commands set cifs Syntax set cifs one or more parameters Parameters eth1 enable disable eth2 enable disable state enable disable workgroup Windows workgroup The following list includes options which accept the ...

Page 292: ...ers Parameters remdir NFS Share locdir Directory rw enable disable mount enable disable Note Specification of rmdir and locdir parameters are required Once specified the parameters do not need to be re specified The following list includes options which accept the CLEAR command Note CLEAR must be in all caps Description Mounts a remote NFS share The remdir and locdir parameters are required but if...

Page 293: ...earports Port List custommenu Menu Name allowdialback enable disable dialbacknumber Phone Number dataports Port List domain NIS Domain Name escapeseq 1 10 Chars group default power admin listenports Port List master IP Address or Hostname permissions Permission List slave1 IP Address or Hostname slave2 IP Address or Hostname slave3 IP Address or Hostname slave4 IP Address or Hostname slave5 IP Add...

Page 294: ... chap baud 300 115200 Default is 9600 cbcpnocallback enable disable cbcptype admin user calleridcmd Modem Command String calleridlogging enable disable chaphost CHAP Host or User Name chapauth chaphost localusers chapsecret CHAP Secret or User Password databits 7 8 dialbackdelay PPP Dialback Delay dialbacknumber usernumber Phone Number dialbackretries 1 10 dialinlist Host List for Dial in dialoutl...

Page 295: ...alback ondemand dialinhostlist modemtimeout disable 1 9999 sec nat enable disable parity none odd even remoteipaddr negotiate IP Address restartdelay PPP Restart Delay service none telnet ssh tcp sshauth enable disable sshport TCP Port stopbits 1 2 tcpauth enable disable tcpport TCP Port telnetauth enable disable telnetport TCP Port timeoutlogins disable 1 30 minutes Note Dial out GPRS connections...

Page 296: ...card storage dir Syntax pccard storage dir upper lower Description Views a directory listing of a Compact Flash card pccard storage format Syntax pccard storage format upper lower filesystem ext2 fat Description Formats a Compact Flash card pccard storage mount Syntax pccard storage mount upper lower Description Mounts a Compact Flash card in the SLC console manager for use as a storage device The...

Page 297: ...efore ejecting the card show pccard Syntax show pccard Description Displays currently loaded PC cards with product information and settings show pccard storage Syntax show pccard storage Description Displays product information and settings for any PC card compact flash show pccard modem Syntax show pccard modem Description Displays product information and settings for any PC card modem RADIUS Com...

Page 298: ...e CLEAR command Note CLEAR must be in all caps Description Configures the SLC console manager to use RADIUS to authenticate users who log in via the Web SSH Telnet or the console port set radius server Syntax set radius server 1 2 host IP Address or Hostname secret Secret port TCP Port Description Identifies the RADIUS server the text secret and the TCP port number Note The default port is 1812 sh...

Page 299: ...List where Permission List is one or more of nt sv dt lu ra sk um dp pc rs rc dr wb sn ad do ub po Note To remove a permission type a minus sign before the two letter abbreviation for a user right The following list includes options which accept the CLEAR command Note CLEAR must be in all caps Description Sets attributes for users who log in by a remote authentication method set remoteusers delete...

Page 300: ...static enable disable version 1 2 both Note To delete a static route set the ipaddr mask and gateway to 0 0 0 0 Description Configures static or dynamic routing To delete a static route set the IP address mask and gateway parameters to 0 0 0 0 show routing Syntax show routing sort destination iface display IP Address resolveip enable disable email Email Address Description Sets the routing table t...

Page 301: ...erwise a script name must be specified for import Description Import a script set script rename Syntax set script rename interface batch name Script Name newname New Script Name Description Rename a script set script runcli Syntax set script runcli Script Name Description Run a CLI batch script set script update Syntax set script update interface batch name Script Name group default power admin pe...

Page 302: ...udesyslog enable disable javabufsize Number of Lines javaterminal jws applet location Physical Location netlog off error warning info debug nms1 IP Address or Name nms2 IP Address or Name outgoingtelnet enable disable phoneip IP Address phonehome enable disable portssh TCP Port rocommunity Read Only Community rwcommunity Read Write Community servlog off error warning info debug smtpsender Email Ad...

Page 303: ...owing list includes options which accept the CLEAR command Note CLEAR must be in all caps Description Configures services system logging SSH and Telnet access SSH and Telnet timeout SNMP agent email SMTP server and audit log Sets a password for an SNMP manager to access the read only data the SLC SNMP agent provides and to modify data when permitted set services trapenable Syntax set services trap...

Page 304: ... Mask restartdelay PPP Restart Delay routegateway Gateway cbcpnocallback enable disable nat enable disable To delete a site set site delete Site Name show site all names Site Name The following list includes options which accept the CLEAR command CLEAR must be in all caps SLC Network Commands set slcnetwork Syntax set slcnetwork parameters Parameters add IP Address delete IP Address search localsu...

Page 305: ...c keys of all previously created SSH keys set sshkey delete Syntax set sshkey delete one or more parameters Parameters keyhost SSH Key Host keyname SSH Key Name keyuser SSH Key User Description Deletes an ssh key Specify the keyuser and keyhost to delete an imported key specify the keyuser and keyname to delete exported key set sshkey export Syntax set sshkey export ftp scp copypaste one or more p...

Page 306: ...bfile Public Key File privfile Private Key File host IP Address or Name login User Login path Path to Key File Description Imports an SLC host key set sshkey server reset Syntax set sshkey server reset type all rsa1 rsa dsa Description Resets defaults for all or selected host keys show sshkey export Syntax show sshkey export one or more parameters Parameters keyhost SSH Key IP Address or Name keyu...

Page 307: ...rameters Optionally emails the displayed information show sysstatus Syntax show sysstatus email Email Address Description To display the overall status of all SLC devices Optionally emails the displayed information System Log Commands show syslog Syntax show syslog parameters Parameters email Email Address level error warning info debug log all netlog servlog authlog devlog diaglog genlog display ...

Page 308: ...stommenu Menu Name allowdialback enable disable dialbacknumber Phone Number dataports Port List encrypt enable disable escapeseq 1 10 Chars group default power admin listenports Port List permissions Permission List secret TACACS Secret server1 IP Address or Name server2 IP Address or Name server3 IP Address or Name state enable disable The following list includes options which accept the CLEAR co...

Page 309: ...te Temperature Calibration in C or F cancel Syntax set temperature low Low Temperature in C high High Temperature in C Description Sets the acceptable range for the internal temperature sensor an SNMP trap is sent if the temperature is outside of this range show temperature Syntax show temperature Description Displays the acceptable range and the current reading from the internal temperature senso...

Page 310: ...one Number dialoutpassword Password dodauth pap chap dodchaphost CHAP Host or User Name dodchapsecret CHAP Secret or User Password restartdelay PPP Restart Delay flowcontrol none xon xoff rts cts initscript Modem Init Script localipaddr negotiate IP Address modemmode text ppp modemstate disable dialin dialout dialback cbcpserver cbcpclient dialondemand dialin ondemand dialinhostlist modemtimeout d...

Page 311: ...ng of a thumb drive set usb storage rename Syntax set usb storage rename U1 file Filename newfile New Filename Description Renames a file on a thumb drive set usb storage copy Syntax set usb storage copy U1 file Filename newfile New Filename Description Copies a file on a thumb drive set usb storage delete Syntax set usb storage delete U1 file Current Filename Description Removes a file on a thumb...

Page 312: ...ive show usb Syntax show usb Description Displays currently attached USB devices with their product information and settings show usb storage Syntax show usb storage Description Display product information and settings for any USB thumb drive show usb modem Syntax show usb modem Description Display product information and settings for any USB modem show user Description Displays information about ...

Page 313: ...re Services do Device Port operations dt configure Date Time pc configure PC Cards lu configure Local Users um configure User Menus ra configure Remote Authentication methods dr view Diagnostics Reports rs Reboot or Shutdown the SLC wb Web Access fc manage Firmware and Configurations sn configure Secure Lantronix Network ad full Administrative rights sk configure SSH Keys po configure Power Outlet...

Page 314: ...ng list includes options which accept the CLEAR command CLEAR must be in all caps Enter RSA public key or Pre Shared Key of remote host set vpn key Enter XAUTH password set vpn xauthpassword Display all VPN settings and current status show vpn email Email Address Display detailed VPN status show vpn status email Email Address Display VPN logs show vpn viewlog numlines Number of Lines email Email A...

Page 315: ...and prompt Bootloader Commands Table A 1 User Commands help Lists and prints the command list and online help An alias for help boot Boot default runs bootcmd bootcheck Checks boot bank information bootinfo Displays boot bank information bootsel 1 2 Selects boot bank 1 or boot bank 2 IDE Accesses the IDE sub system mtest Performs a simple test of the RAM showconf Displays hardware configuration su...

Page 316: ...opies an image of the drive from the USB port or from the lower PCMCIA device to the internal CF card passwd Provides a new password for user admin The default password for user admin is admin User cust does not have a password ping Sends a ping request to the network host printenv Prints bootloader variables setenv Sets environment variables showconf Displays hardware configuration parameters ...

Page 317: ...nfrastructure with reference to how vulnerable the CAT 5 wiring is to tapping Factors Affecting Security External factors affect the security provided by the SLC device for example Telnet sends the login exchange as clear text across Ethernet A person snooping on a subnet may read your password A terminal to the SLC console manager may be secure but the path from the SLC device to the end device m...

Page 318: ...nded power source Do not use adapter plugs or remove the grounding prong from the cord Only use a power cord with a voltage and current rating greater than the voltage and current rating marked on the unit Install the unit near an AC outlet that is easily accessible Always connect any equipment used with the product to properly wired and grounded power sources To help protect the product from sudd...

Page 319: ... mounted units are installed in a closed or multi unit rack assembly they may require further evaluation by Certification Agencies The following items must be considered Do not install the unit in a rack in such a way that a hazardous stability condition results because of uneven loading A drop or fall could cause injury The ambient temperature Tma inside the rack may be greater than the room ambi...

Page 320: ...s Only connect the network port to an Ethernet network that supports 10Base T 100Base T Only connect device ports to equipment with serial ports that support EIA 232 formerly RS 232C Only connect the console port to equipment with serial ports that support EIA 232 formerly RS 232C ...

Page 321: ... Netzkabel von der Steckdose trennen ziehen Sie am Stecker und nicht am Kabel Das Netzkabel muß unter allen Umständen an einer geeigneten sowie geerdeten Netzversorgung angeschlossen werden Benutzen Sie keine Adapterstecker und entfernen Sie nicht den Schutzleiteranschluss des Netzkabels Benutzen Sie nur ein Netzkabel das mindestens mit den Anforderungen bezüglich der Spannungs und Stromangaben de...

Page 322: ...ke oder ähnliches Führen und sichern Sie die Anschlussverdrahtung so zu den Anschlussklemmen daß sie vor hoher Beanspruchung und Beschädigung geschützt ist Beim Anschluß des Gerätes muß eine leicht zugängliche Trennvorrichtung mit einem Kontaktabstand der mindestens 3mm beträgt in die Anschlußverkabelung mitinstalliert werden Für die Absicherung des Anschlußstromkreises muß ein geeigneter Schutzsc...

Page 323: ...unden sind Beachten Sie dieses besonders im Falle des Anschlusses an eine Steckdosenleiste oder wenn aus einem anderen Grund das Gerät nicht direkt an eine Steckdose angeschlossen wird Bevor Sie das SLC Gerät in Betrieb nehmen stellen Sie sicher daß es entsprechend und sicher in den Einbauschrank oder Rack installiert ist Signalverbindungen Verbinden Sie den Netzwerkanschluß nur an einen Etherneta...

Page 324: ...l connector found on other manufacturers serial devices or re route the serial signals for connections to other devices that use RJ45 serial connectors Please check the cabling database on the Lantronix web site at http www lantronix com for suggested cables and adapters for commonly used serial devices The console port is wired the same way as the device ports and has the same signal options Note...

Page 325: ...Appendix E Adapters and Pinouts SLC Console Manager User Guide 325 Figure E 2 RJ45 Receptacle to DB25F DCE Adapter for the SLC Console Manager PN 200 2067A ...

Page 326: ...Appendix E Adapters and Pinouts SLC Console Manager User Guide 326 Figure E 3 RJ45 Receptacle to DB9M DCE Adapter for the SLC Console Manager PN 200 2069A ...

Page 327: ...Appendix E Adapters and Pinouts SLC Console Manager User Guide 327 Figure E 4 RJ45 Receptacle to DB9F DCE Adapter for the SLC Console Manager PN 200 2070A Use PN 200 2070A adapter with a PC serial port ...

Page 328: ... to RJ45 Adapter for Netra Sun Cisco and SLP PNs 200 2225 and ADP010104 01 Note The cable ends of the ADP010104 01 are an RJ45 socket on one end and a RJ45 plug on the other instead of RJ45 sockets on both ends Use this adapter for SLP remote power manager Netra SUN Cisco and others ...

Page 329: ...directory information Modem State Parameters Dial in The SLC console manager waits for a peer to call the SLC unit to establish a text command line or PPP connection For text connections the user will be prompted for a login and password and will be authenticated via the currently the currently enabled authentication methods Local Users NIS LDAP etc Once authenticated a CLI session will be initiat...

Page 330: ...itiating the dial back The SLC device will dial and if the remote peer requests PAP or CHAP authentication provide the Dial out Login and Dial out Password as authentication tokens Once authenticated a PPP session will be established using either negotiated IP addresses or specific IP addresses determined by the Negotiate IP Address setting Dial on demand The SLC console manager automatically dial...

Page 331: ...uest the server use an administrator defined number to dial on callback Optionally some servers may also allow no callback as an option CBCP Server The SLC device waits for a client to call the SLC console manager establishes a PPP connection authenticates the user and negotiates a dial back number with the client using CBCP If the SLC device is able to determine a dial back number to use it hangs...

Page 332: ... answering a call the modem should always be configured for manual answer not auto answer When answering a call the SLC console manager answers after the 2nd ring Any text or PPP connection can be terminated by setting the modem state to disabled NAT Network Address Translation An Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses...

Page 333: ...ers can share files without having to install new software SNMP Simple Network Management Protocol A protocol that system administrators use to monitor networks and connected devices and to respond to queries from other network hosts SMTP Simple Mail Transfer Protocol TCP IP protocol for sending email between servers SSL Secure Sockets Layer A protocol that provides authentication and encryption s...

Page 334: ...1000 4 2 1995 Electro Static Discharge Test IEC61000 4 3 1996 Radiated Immunity Field Test IEC61000 4 4 1995 Electrical Fast Transient Test IEC61000 4 5 1995 Power Supply Surge Test IEC61000 4 6 1996 Conducted Immunity Test IEC61000 4 8 1993 Magnetic Field Test IEC61000 4 11 1994 Voltage Dips Interrupts Test Supplementary Information This Class A digital apparatus complies with Canadian ICES 003 C...

Page 335: ...it has been tested and found compliant with the following standards Safety EN 60950 Emissions EN 55022 Class A Immunity EN 55024 RoHS Notice All Lantronix products in are China RoHS compliant and free of the following hazardous substances and elements Lead Pb Mercury Hg Cadmium Cd Hexavalent Chromium Cr VI Polybrominated biphenyls PBB Polybrominated diphenyl ethers PBDE ...

Page 336: ...453 3990 Fax 949 453 3995 Table G 1 Lantronix Product Family Names and Toxic Hazardous Substances and Elements Product Family Name Toxic or hazardous Substances and Elements Lead Pb Mercur y Hg Cadmium Cd Hexavalent Chromium Cr VI Polybrominated biphenyls PBB Polybrominate d diphenyl ethers PBDE UDS1100 and 2100 0 0 0 0 0 0 EDS 0 0 0 0 0 0 MSS100 0 0 0 0 0 0 IntelliBox 0 0 0 0 0 0 XPress DR and XP...

Page 337: ...ly isolated from any source Connected to reliable Earth ground The connector kit contains 6 pieces that make 2 complete 48VDC connectors as shown in Figure H 1 Figure H 1 Connector Kit Contents Caution Ensure that the SLC power source is turned off while assembling the connector head To assemble the DC plug connectors 1 Use 16AWG copper wire to make the connections shown in Figure H 2 Figure H 2 W...

Page 338: ...re connecting to the SLC console manager If the polarity is reversed you can damage the SLC internal power supply 5 Connect a Digital Volt OHM DVOM meter to the power source leads and verify the 48 VDC power source a Insert the RED lead of the DVOM into the top hole of the connector for the source power lead b Then insert the BLACK lead of the DVOM into the bottom hole of the connector for the ret...

Page 339: ...Console Manager User Guide 339 Figure H 5 DC Power Cord into the SLC Console Manager b Turn on your 48VDC power source c Turn on the power switch of the SLC console server 7 Follow the setup instructions in your SLC manual to use your product ...

Page 340: ...is appendix contains the following sections Installing Schema Support in Window AD Server Creating the SLC Schema Attribute Adding the Attribute to the Users Group in Windows Adding the Permissions to the Individual User Values to Use String Format Installing Schema Support in Window AD Server To install schema support in a Windows AD server for the SLC console manager follow the steps contained i...

Page 341: ...le Manager User Guide 341 Figure I 1 Programs Window 3 Click Start Run mmc 4 Click OK Figure I 2 shows the window that displays Figure I 2 MMC Window 5 On the File menu click Add Remove Snap in Figure I 3 shows the window that displays ...

Page 342: ...igure I 3 Snap In Window 6 Under Available snap ins click Active Directory Schema Add OK Figure I 4 shows the directory that displays Figure I 4 Active Directory Schema 7 To save this console click Save on the File menu Figure I 5 shows the window that displays ...

Page 343: ...older in File name box type a name for the snap in and then click Save Figure I 6 shows the folder that displays Figure I 6 Administrative Tools Folder b Or to save the snap in to a location other than the Administrative Tools folder in Save in navigate to a location for the snap in In File name type a name for the snap in and then click Save Figure I 7 shows the directory that displays ...

Page 344: ...console open it and right click on Attributes 2 Mouse over New and left click on Attribute Figure I 8 shows the window that displays Figure I 8 New Attribute Window 3 Click Continue on the Warning screen 4 For both the Common Name and LDAP Display Name use secureLinxSLCPerms in exactly that form case included Figure I 9 shows the window that displays ...

Page 345: ...nything for the description 7 Change the Syntax pull down menu to Unicode String 8 Click on OK Adding the Attribute to the Users Group in Windows 1 Highlight the Classes folder in the console tree on the left Figure I 10 shows the files that display Figure I 10 Classes Folder 2 In the right pane scroll down to user Figure I 11 shows the window that displays ...

Page 346: ...e 346 Figure I 11 User Class Window 3 Right click on a user and left click on Properties Figure I 12 shows the window that displays Figure I 12 Class User Properties Window 4 Under the Attributes tab click on Add Figure I 13 shows the window that displays ...

Page 347: ...er Guide 347 Figure I 13 User Properties Window 5 Find the secureLinxSLCPerms attribute highlight it and click on OK Figure I 14 Select Schema Object Window 6 Click on OK on the window underneath 7 Click on File and click on Save 8 Exit out of MMC ...

Page 348: ...he Individual User 1 Open ADSI Edit if you start typing adsi in the search line in Windows it should find it Figure I 15 shows the window that displays Figure I 15 ADSI Edit Window 2 Expand the console tree until you get to the listing of users Figure I 16 shows the folder that displays ...

Page 349: ...click on the user for whom you wish to configure permissions and left click on Properties Figure I 17 shows the Properties Window Figure I 17 Properties Window 4 Under the Attribute Editor tab scroll down to secureLinxSLCPerms 5 Highlight it and click on the Edit button Figure I 18 shows the window that displays ...

Page 350: ...he values that you can use in the Value field that specify the user permissions are as follows rights data listen clear group escseq brkseq menu For rights you can enable the following fa Full Administrative nt Networking sv Services lu Local Users ra Remote Authentication dt Date Time sk SSH Keys um User Menus ...

Page 351: ...at key sequence would escape you from a console session and send a break out the current session port respectively The default for each is x1bA esc A and x1bB esc B respectively The x in the default strings denotes that the next two characters are HEX With the default the x is followed by 1b which equates to ESCAPE For menu specify the name of a user menu configured on the SLC console manager that...

Reviews:

No comments

Related manuals for SLC16

Brand: TC Electronic Pages: 2

Scorpio WD2500BPVT

Brand: Western Digital Pages: 3

Scorpio WD2500BPVT

Brand: Western Digital Pages: 4

Brand: DPtech Pages: 39

Brand: KPN Pages: 14

MegaRAID SCSI 320-2X

Brand: LSI Pages: 4

Brand: ZyXEL Communications Pages: 2

Brand: Omega Engineering Pages: 34

Brand: H3C Pages: 12

Brand: Rosewill Pages: 3

Brand: ProCurve Pages: 2

Brand: JUMO Pages: 60

Brand: AMD Pages: 45

BROADCAST POLLING FRAD BPF-14 BU

Brand: DCB Pages: 28

Brand: IEI Technology Pages: 2

Brand: Xantech Pages: 5

NetVanta Analog Modem Dial Backup Interface Module

Brand: ADTRAN Pages: 2

Brand: Softing Pages: 16

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands