Lantronix SCSxx05 User Manual Download

Page: 1 / 141

Part

No.

900-287

Rev. D April 2004

SCSxx05/SCSxx20

Secure Console Server

User Guide

Models SCS3205, SCS4805, SCS820, SCS1620

with Firmware v4.3 and later

Summary of Contents for SCSxx05

Page 1: ...Part No 900 287 Rev D April 2004 SCSxx05 SCSxx20 Secure Console Server User Guide Models SCS3205 SCS4805 SCS820 SCS1620 with Firmware v4 3 and later ...

Page 2: ...chine readable copy of the corresponding portions of GPL licensed source code are available at the cost of distribution Such source code is distributed WITHOUT ANY WARRANTY INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details A copy of the GNU General Public License is available on the Lantronix Web Site at http w...

Page 3: ...peration of this equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference at his own expense The user is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the user s authority to operate this equipment Changes or modifications to this device not explicitly approve...

Page 4: ...ssible Always connect any equipment used with the product to properly wired and grounded power sources To help protect the product from sudden transient increases and decreases in electrical power use a surge suppressor line conditioner or uninterruptible power supply UPS Do not connect or disconnect this product during an electrical storm Grounding Maintain reliable grounding of this product Pay ...

Page 5: ...ores de tensión e intensidad superiores a la tensión y la intensidad indicados en la unidad Instale la unidad cerca de un toma de CA de fácil acceso Conecte siempre cualquier equipo que se use con el producto a tomas eléctricas correctamente cableadas y conectadas a tierra Para proteger el producto contra aumentos y descensos transitorios bruscos de la alimentación eléctrica use un supresor de sob...

Page 6: ...correct Prise d alimentation secteur Pour débrancher le câble d alimentation électrique tirez sur la prise pas sur le cordon Veillez à toujours brancher le câble d alimentation électrique à une prise correctement câblée avec mise à la terre N utilisez pas d adaptateur et ne démontez pas la fiche de terre du câble Utilisez uniquement un câble d alimentation électrique certifié pour une tension et u...

Page 7: ...deckung des Gehäuses ab Im Gerät befinden sich keine vom Benutzer wartbaren Teile Durch Öffnen oder Entfernen der Abdeckung können Sie gefährlichen Spannungen ausgesetzt werden die einen Brand verursachen oder einen elektrischen Schlag bewirken könnten Überlassen Sie alle Wartungsarbeiten Lantronix Wartungspersonal Entsorgen Sie alte Batterien gemäß den Anweisungen Wird die Batterie durch eine fal...

Page 8: ...t seriellen Ports an die EIA 232 früher RS 232C unterstützen Schließen Sie den Konsolenport nur an Geräte mit seriellen Ports an die EIA 232 früher RS 232C unterstützen Меры предосторожности При установке и эксплуатации защищенного консольного сервера Secure Console Server SCSxx05 SCSxx20 соблюдайте описанные ниже меры предосторожности Крышка Не снимайте крышку с рамы Внутри нет деталей которые до...

Page 9: ...о иметь надежное заземление При подсоединении к шинам питания особое внимание обращайте на соединения питания а не на ответвление цепи Предохранители Для защиты от пожара заменяйте предохранитель модуля подвода питания на предохранитель такого же типа рассчитанный на аналогичный номинальный ток Стойка Не устанавливайте устройство на стойку так чтобы возникала опасность нарушения стабильности из за...

Page 10: ...ix ...

Page 11: ...x ...

Page 12: ...xi ...

Page 13: ...xii ...

Page 14: ...xiii ...

Page 15: ...xiv ...

Page 16: ...___________________________ 1 7 Logging to File_____________________________________________________________ 1 7 Email Notification __________________________________________________________ 1 7 Technical Specifications ________________________________________________ 1 8 Product Information Label _______________________________________________ 1 9 System Resource Information _____________________...

Page 17: ...e User Authentication____________________________________________________ 4 2 Configuring NFS Mount_________________________________________________ 4 2 Configuring Firewall Packet Filtering ______________________________________ 4 4 Configuring Device Ports________________________________________________ 4 5 Device Port Configuration Options _____________________________________________ 4 6 Devic...

Page 18: ..._____________________________________________________ 8 4 break ____________________________________________________________________ 8 4 changes__________________________________________________________________ 8 4 config save _______________________________________________________________ 8 4 config restore _____________________________________________________________ 8 4 install modem __________...

Page 19: ..._______________________ 8 13 Mounting File Systems During Boot ___________________________________________ 8 14 Mounting File Systems Dynamically Using autofs ________________________________ 8 15 9 Port Access ___________________________________________________ 9 1 Telnet to Serial Port Feature _____________________________________________ 9 1 Accessing Serial Ports ______________________________...

Page 20: ...pliance and Warranty Information _____________________________ D 1 Compliance Information 1 ______________________________________________D 1 Compliance Information 2 ______________________________________________D 3 Warranty ____________________________________________________________D 4 ...

Page 21: ...ocol Support 1 4 System Components 1 5 Connection Formats 1 5 Access Control 1 6 Device Port Buffer 1 7 Technical Specifications i1 8 Product Information Label 1 9 System Resource Information 1 10 SCSxx05 and SCSxx20 The Lantronix SCSxx05 and SCSxx20 are console servers offering authentication and secure encryption These SCS models offer a compact solution for remote and local management of up to ...

Page 22: ... Model SCS4805 AC Powered 48 Port Secure Console Server The SCS4805 is depicted above the other models are similar The products differ only in the number of device ports provided and in AC or DC power and modem availability The SCSxx20 models have dual entry redundant power supplies for mission critical applications They are available in AC or DC powered versions and can include an optional intern...

Page 23: ...8 RS232 serial device ports connected via Category 5 RJ45 wiring One serial terminal port console port for VT100 terminal or PC with emulation Optional One modem module for analog dial up connections SCSxx20 only 256KB per port buffer memory for device ports logging supported Front panel 2 line backlit LCD display and pushbutton controls 128MB flash memory 128MB RAM field upgradeable Universal AC ...

Page 24: ...Local access through terminal port Built in setup routine for simple setup and administration Web administration using any modern browser Protocol Support The SCS supports the TCP IP network protocol as well as SSH Telnet and PPP for connections in and out of the SCS DNS for text to IP address name resolution SNMP for remote monitoring and management FTP for file transfers and firmware upgrades TF...

Page 25: ...low system administrators to monitor and manage nodes on a LAN Local Area Network and respond to queries from other network hosts One community name can be configured with read write access SSH Secure Shell A secure transport protocol based on public key cryptography Telnet A terminal protocol that provides an easy to use method of creating terminal connections to a network host System Components ...

Page 26: ...ine using standard RJ11 modular telephone cable The analog modem on the card connects at speeds up to 38 400 baud Any PPP features require a modem With the modem installed the SCSxx20 supports Plain Text TTY PPP connection with PAP or CHAP authentication Callback connection Note Both the SCSxx05 and the SCSxx20 can work with an external modem Power Manager The SCSxx20 has an extra power manager po...

Page 27: ...end an email notification of an issue or take no action SAVE a system administrator command discussed later does not affect the buffer log files Logging the data to an NFS mount location ensures that the device port data will be maintained elsewhere in the event of a power failure Logging to File Data can be logged either to a file on the SCS or to a file on a remote NFS server Data logged to a lo...

Page 28: ... selectable 2400 to 115 200 baud Software selectable EIA 232 formerly RS 232C Network Interface 10Base T 100Base TX RJ45 Ethernet Power Supply Universal AC Power input 100 240VAC 50 60 Hz IEC type regional cord set included Dimensions SCS3205 1U 1 75 in x 17 25 in x 12 25 in 4 45 cm x 43 8 cm x 31 1 cm SCS4805 1U 1 75 in x 17 25 in x 14 75 in 4 45 cm x 43 8 cm x 37 5 cm Weight SCS3205 4 5 kg 10 lb...

Page 29: ...max Power Supply AC Power Universal AC Power input 100 240VAC 50 60 Hz IEC type regional cord set included DC Power 48 VDC only externally fused Dimensions SCS820 1U 1 75 in x 17 25 in x 12 25 in 4 45 cm x 43 8 cm x 31 1 cm SCS1620 1U 1 75 in x 17 25 in x 13 00 in 4 45 cm x 43 8 cm x 33 0 cm Weight SCS820 4 8 kg 10 6 lbs SCS1620 5 0 kg 11 lbs Temperature Operating 0 to 50 C 32 to 122 F 30 to 90 RH...

Page 30: ... tools and techniques and configuration advice A few of the Internet sites are listed below SSH info www openSSH org RFC s the standards and details behind the Internet www rfc editor org PuTTY a free Win32 Telnet SSH Client recommended http www chiark greenend org uk sgtatham putty Security www bastille linux org An online manual on Linux security http www linuxdoc org LDP solrhe Securing Optimiz...

Page 31: ...e rack mount brackets and use the four rubber feet provided Make all physical connections to the rear of the SCS You may use the backlit front panel LCD display during initial setup and to view current network settings Figure 2 1 SCS4805 Rear Panel Connections and Labels with Rack Mount Brackets 38 14 CON SO LE 3 2 1 8 7 6 5 4 12 13 11 9 10 DEVIC ES 25 N ETW ORK 27 26 30 2 9 28 3 2 31 35 34 3 3 37...

Page 32: ...iversal AC power input The SCSxx05 has a single supply input while the SCSxx20 has dual inputs and dual supplies The power connector also houses a replaceable protective fuse and the on off switch In addition we provide the SCSxx20 with a Y cord Figure 2 2 AC Power Input and Power Switch on Rear of SCS4805 DC Input The DC version of the SCSxx20 accepts standard 48 VDC power The SCSxx20 accepts two...

Page 33: ...ta bits 1 stop bit No parity XON XOFF flow control DCE port type Adapters from Lantronix may be used to connect the terminal port to the serial port on your terminal or other DTE device See http www lantronix com To connect a terminal 1 Attach the Lantronix adapter to your terminal use PN 200 2066A adapter for the SCSxx05 or PN 200 0066 for the SCSxx20 in most cases or your PC s serial port use PN...

Page 34: ...ion for more information Figure 2 5 Connections on Rear of SCS4805 Mostly Device Ports Using RJ45 Connectors The default communication parameters for the device ports are 9600 baud 8 data bits 1 stop bit No parity XON XOFF flow control DTE port type You can configure each device port individually with the following values Baud rates 2400 4800 9600 19200 38400 57600 or 115200 baud Note We recommend...

Page 35: ...aution When installing or removing a modem be extremely careful to avoid contact with interior components Contact could cause a short resulting in fire or electric shock Figure 2 6 SCS1620 Modem Module The SCSxx20 modem is an analog modem supporting connection rates up to 38 400 baud The modem has a single RJ11 type analog telephone jack plus five status LEDs The user interface to the modem is ide...

Page 36: ...The PCU8 uses a DB9 connector on its serial connector and requires a Part Number 200 0069 DB9 to RJ45 adapter for that connection Lantronix supplies one such adapter with each PCU8 system The required default of PCU8 communication parameters for a device port for use as a power manager port are 9600 baud 8 data bits 1 stop bit No parity XON XOFF flow control DTE port type Refer to the PCU8 documen...

Page 37: ...ddress security issues access and passwords first when administering the system See the Commands chapter for a list of the commands including steps to change the system s passwords This chapter includes the following topics Topic Page Before You Begin 3 1 Method 1 Using the Front Panel Display 3 2 Method 2 Using Telnet 3 4 Before You Begin Before you begin make sure you know An IP address that wil...

Page 38: ...entries Once you save the values for your network the network subsystem restarts the front panel display indicates restarting after which the network connection becomes active Navigating The front panel has one ENTER button and four arrow buttons up left right and down Press the arrow buttons to navigate from one option to another or to increment or decrement a numerical entry of the selected feat...

Page 39: ...ogether for a valid IP address combination 5 Press the down arrow to move to the next parameter 6 Repeat steps 3 5 to select and complete the remaining options 7 To save your entries for that group of parameters when you are done a In response to the Save Changes prompt press the down arrow button again A Yes No prompt displays b To save the changes use the left right arrow buttons to select Yes a...

Page 40: ...S is 10 0 0 1 with a subnet mask of 255 0 0 0 If you temporarily change your workstation to an IP address of 10 X X X with a subnet mask of 255 0 0 0 you can Telnet to the SCS using the following commands 1 To access the SCS on the command line type telnet 10 0 0 1 and press Enter You should be at the login prompt at this point 2 Log in using sysadmin as the user name and the default password PASS...

Page 41: ...ave not been generated so Telnet or the terminal port is used to initially access and configure the SCS When you first install the SCS the automatic setup script helps you configure the majority of the system functions and automatically saves the programming changes to non volatile memory Upon completion of this automated script file the SCS automatically reboots to ensure that all processes are u...

Page 42: ...ator If you are not already logged in as described in Quick Start follow these steps 1 Type sysadmin a predefined user with special privileges and press Enter The Password prompt displays SCS4805 login sysadmin Password sysadmin 2 Type your password and press Enter The default password is PASS The password does not display when you type it If this is the first time you have logged in as the system...

Page 43: ...Enter A setup configuration menu including the available configuration options and a Done option displays You must scroll down to see all of the menu options Note If you select No the setup program ends and the command prompt displays Figure 4 2 Setup Menu Navigating You can step through the menu and the configuration screens using the arrow Tab and Enter keys ...

Page 44: ...must complete the steps in the first option of the setup menu Configure Hostname and IP Address Use this option to specify the following parameters DHCP A DHCP server automatically assigns the IP address and network settings Hostname including domain name IP address of the SCS Network mask of the IP address Gateway IP address of the router of this network 1 Select Configure Hostname and IP Address...

Page 45: ...ed from this answer Answer SCS4805 Be sure to include the domain name as well In the following example we add lantronix com to the default factory name of SCS4805 to get SCS4805 lantronix com Hostname and IP Address Answer SCS4805 lantronix com Note After the value is accepted and saved and you have rebooted the system the hostname appears as your command prompt and on the front panel LCD display ...

Page 46: ... returns with Configure Timezone selected Configuring Timezone Use the Configure TImezone option to specify your local time zone 1 With Configure Timezone selected press Enter The timezone prompt displays 2 Use the arrow keys to select the local time zone from the list of international time zones for example Africa America Brazil and press Enter 3 If a sublist displays select a more specific locat...

Page 47: ...SCSxx05 SCSxx20 User Guide 4 Configuration 4 7 ...

Page 48: ...r an address of 0 0 0 0 for the primary nameserver The system will accept this entry even though it is not a valid nameserver address You must correct it later Input value for PRI_NAMESERVER IP Address in dot quad notation of the primary nameserver Answer 172 20 201 63 3 Enter the IP Address of your secondary nameserver optional and press Enter 4 Enter the IP Address for the tertiary nameserver op...

Page 49: ...boot process may take several minutes while the SCS regenerates SSH keys Enable ssh Logins Do you want to enable system logins via ssh This is the recommended method of login because of its security Yes No 4 Press Enter The Telnet logins prompt displays For Telnet logins the default setting is Yes to allow simple Telnet connections into the SCS even during its initial configuration You may choose ...

Page 50: ...uration utility This will allow using a Web browser to configure the SCS4805 This uses https SSL only Yes No 2 Select Yes to enable or No default to disable Web configuration and press Enter The setup menu returns with Configure NTP selected Configuring NTP This option enables or disables the Network Time Protocol NTP function which synchronizes the time clock in the SCS with other NTP devices on ...

Page 51: ...Telnet or terminal connection after a specified period of time You can enable or disable the timeout daemon to configure the disconnection of idle connections for Telnet timeout default is disabled PPP timeout default is disabled Terminal port timeout default is disabled You can program each timer in a range of 1 to 30 minutes Note By default all timers are disabled Once you enable a timer you can...

Page 52: ...ure CHAP Secrets for the SCSxx05 selected Configuring Modem SCSxx20 Only The internal modem is available but optional in the SCSxx20 products The Configure Modem option does not display on the SCSxx05 setup menu Note You configure an external modem by enabling a port as an operator port in the Configuring Device Ports option If a modem is installed configure it as follows Enable modem logins to al...

Page 53: ...e Modem do a TTY callback If you do you will next have to edit the callback configuration Configure Modem TTY Callbacks Yes No 5 Press Enter If you selected Yes the login configuration prompt displays If you selected No the PPP logins prompt displays Continue with step 8 6 Enter the TTY callback number in xxx xxx xxx format following the S on the line beginning with Modem_cb Edit login config Use ...

Page 54: ...ses you want to use with the PPP link in the format Local_IP_Addr Remote_IP_ADDR for example 192 168 0 1 172 20 101 3 Both entries are optional PPP Options Input value for PPP IP Addresses Input the IP Address s you want to use with the PPP link The format is Local_IP_Addr Remote_IP_Addr Both addresses should be in dot quad notation with no spaces before or after the Both IP addresses are optional...

Page 55: ... line Secrets for authentication using CHAP and press Enter to create a new line 3 Enter the CHAP secrets information as four separate fields separating the entries with a space client server secret and IP address Do not use a sign which indicates a comment Edit chap secrets Use Escape to end edit Each line should contain four fields containing Client server secret IP address The second line usual...

Page 56: ...with a space client server secret and IP address Do not use a sign which indicates a comment Edit pap secrets Use Escape to end edit Each line should contain four fields containing Client server secret IP address The second line usually contains the same info as the first line Secrets for authentication using PAP clients server secret IP addresses 4 Press Enter The setup menu returns with Configur...

Page 57: ...he NIS domain name often same as hostname Enable NIS default is disabled Identify NIS master server required if NIS is enabled Identify up to five NIS slave servers optional Note You must not use packet filtering firewall if you are using NIS because it would filter out the NIS packets 1 With Configure NIS selected press Enter The NIS domain name prompt displays 2 Enter the NIS domain name NIS Dom...

Page 58: ...tication Configuring LDAP If you are using LDAP Version 2 you must Enable LDAP version 2 authentication default is disabled Enter the IP address of the LDAP server Enter the input value for the LDAP base 1 With Configure LDAP selected press Enter The LDAP prompt displays 2 Select Yes to enable LDAP to authenticate users 3 Press Enter The LDAP IP address prompt displays 4 Enter the IP address of th...

Page 59: ...quad notation of a RADIUS server the shared secret and optionally the timeout in seconds Each line shall be of the form 192 168 0 10 45 secret 1 radiusserver domain com other secret 3 5 Press Esc The User Authentication Menu returns with Configure Global Port Permissions selected Continue with Configure Global Port Permissions or Done User Authentication Configuring Global Port Permissions With th...

Page 60: ... displays 6 If desired enter a range and or list of listen mode permissions 7 Press Enter The User Authentication Menu returns with Done User Authentication selected Done User Authentication This option returns you to the main setup menu With Done User Authentication selected press Enter The setup menu returns with Configure NFS Mount selected Configuring NFS Mount Here you can configure the NFS s...

Page 61: ...all selected 3 Enter the NFS server path in the format nfs_server_hostname or ipaddr exported path The exported path will be mounted to nfs on the SCS If the line begins with a please remove it Note Exporting an incorrect NFS server path may degrade the performance of the system Input value for NFS mount Install the NFS server info to mount an NFS share The format is nfs_server_hostname or ipaddr ...

Page 62: ...er The firewall prompt displays 2 Select Yes to enable or No default to disable packet filtering and press Enter If you selected Yes the reject method prompt displays If you selected No the setup menu returns with Configure Device Ports selected 3 To choose the reject method for attempts to access your site select Deny or Reject default The screen explains these responses What is the value for REJ...

Page 63: ...ICES This is the list of ports we allow UDP connections to Answer ntp 10 Press the Esc key to end text entry and press Enter to continue The setup menu returns with Configure Device Ports selected Configuring Device Ports Note It is generally not necessary to change the configuration of the terminal port other than its data rate Therefore no options are available on the setup menu or Web interface...

Page 64: ...igure Device Ports on the setup menu The system may take a few seconds to show an intermediate screen and then continue to the Device Port menu with Device Port Names selected 2 Continue with Device Port Names or select one of the other options from the menu Figure 4 4 Configure Device Ports Menu Device Port Names The Device Port Names option allows you to assign a meaningful name to each device p...

Page 65: ...ng ports for a different port or group of ports select Yes To move on to the next option Device Port Parameters select No 9 Press Enter If you selected No the Configure Device Port menu returns with Device Port Parameters selected Device Port Parameters You can configure the device port parameters on individual ports or in ad hoc groups You determine the group and then apply selected features to t...

Page 66: ...e port type is set to DTE Enable Port 3 7 9 as an operator port Yes No 5 Select Yes to enable system logins or No default to disable system logins and press Enter The operator port baud rate displays if you enabled an operator port or group of ports otherwise the baud rate prompt displays Operator Port Baud Rate You can select from seven device baud rates 2400 4800 9600 19200 38400 57600 and 115 2...

Page 67: ... device ports is XON XOFF Check the equipment documentation for the correct flow control setting 1 Select the flow control for the port s Device xx Flow Control XON XOFF RTS CTS 2 Press Enter The port type prompt displays Port Type Each SCSxx05 device port is factory configured as a DTE device ad each SCSxx20 device port is factory configured as a DCE device Note Make sure to select DTE if you ena...

Page 68: ... the system saves the changes to flash memory After the changes are confirmed the system offers the ability to configure a different port or group of ports 2 You have two options To repeat the process of setting device port parameters select Yes or To move on to the next option Device Logging select No 3 Press Enter If you selected No the Configure Device Port menu returns with Device Logging Para...

Page 69: ...port s These files keep a history of the data received from the port s The default value is two files even if no entry is made here you may keep as many files as you wish If you are specifying a range or a group of ports remember that each port will have its own unique files the log file name s contain the port number to differentiate the similar files in the log file directory 4 Press Enter The l...

Page 70: ...severe They classify the importance of each connected server within your configuration 5 Press Enter The Device Logging Parameters menu returns with Email Logging Port selected Email Logging Email Logging Email Notification sends an email message to pre defined email addresses when alert criteria have been met Data received on the SCS device port s trigger the alert The default is disabled althoug...

Page 71: ...500 bytes and sending it as an email message The SCS sends the data as the body text in the email message to your predefined recipients 6 Press Enter The email ignore timer prompt displays 7 Enter the number of seconds digits for the desired ignore time The default is 600 seconds 10 minutes This is a period of time after the email message has been sent for which the device port will ignore additio...

Page 72: ... your entries and want to save them press Enter A confirmation prompt displays 16 To confirm your entries select Yes The system saves the entries to flash memory You have two options To configure additional device ports select Yes and press Enter If you have finished configuring device ports select No and press Enter The Device Logging Parameters menu returns with Done Device Ports selected Note E...

Page 73: ...efault path on the server that will be used to obtain Software update files and as the location on the server to get and put configuration save files What is the value for FTPPATH Answer scs updates 4 Enter the default path on the server for obtaining software files and getting and putting configuration save files and press Enter The ftp user prompt displays What is the value for FTPUSER If you se...

Page 74: ...o obtain from the server you specified and press Enter The edit updates applied prompt displays 8 Add delete or change any of the listed files and press Esc to exit editing mode The setup menu returns with Done selected Note To save or restore a configuration use the config save or config restore commands respectively Using Done After completing the setup menu use Done the last option to finalize ...

Page 75: ... store the buffered data which is only maintained in RAM If you require the buffered data you can poll the appropriate ports and capture the buffered data at any time Rebooting The very first time you log in to the SCS as sysadmin a special routine runs to properly set up the system files read write operations and other aspects of the file system The SCS automatically reboots after running the set...

Page 76: ... 5 4 Exiting 5 4 Accessing the Web Interface Before using the Web interface you should have Assigned the IP address of the SCS using either the buttons on the front of the unit or the setup command Initially configured the unit using the setup command You must log in using the sysadmin username and password Cookies must be enabled in your browser 1 Launch your Browser and type https followed by th...

Page 77: ...ave buttons are at the bottom of each parameter window See Saving Web Interface Entries on page 5 4 Configurable Parameters To use the Web interface select any of the tabs near the top of the page Each tab allows you to configure a particular parameter or set of parameters When you select User Authentication several sub tabs display below the first line of tabs Figure 5 3 User Authentication Selec...

Page 78: ...unctions cannot be administered using the Web interface Users cannot access the system using the Web interface only the system administrator can You cannot enable or disable the Web interface from the Web interface You cannot reboot power off or access the command line interface from the Web interface Web Access Delay The Web interface has a built in delay of approximately one minute between sessi...

Page 79: ...onfiguration to flash memory but does not apply or save any entries that have not been applied Can be used at any time but is really only needed after you have applied all of the configuration changes Note For those entries that require a reboot to function e g network parameter changes the system administrator must reboot the system using the command line interface Exiting To exit the Web interfa...

Page 80: ...ring the modem slot on the SCSxx20 2 Insert the modem card into the open slot in the rear of the SCSxx20 Figure 6 1 Installing a Modem Card in the SCSxx20 3 Tighten the screws on the modem card by hand 4 Connect the modem to your telephone line using the RJ11 telephone cord Initializing the Modem If a modem card is installed into a working SCS1620 the system administrator must initialize it for pr...

Page 81: ...letely the sysadmin prompt displays The modem has reset and is ready to use SCS1620 login sysadmin Password sysadmin install_modem sysadmin 4 Check the status LEDs on the modem module Figure 6 2 Normal Modem LEDs Red Red Green Green Red for an idle Modem Port A red LED indicates the inactive state and a green LED indicates the active state The PWR LED should always be green when the system is on ...

Page 82: ...ging out as the system administrator Security and Passwords The SCS uses Linux UNIX commands to administer the system The system administrator and the users access the system using a shell interface which limits what they can affect in the operating system Note This guide discusses applicable Linux commands only The shell offers the appropriate level of administration while maintaining the integri...

Page 83: ...llow the procedure below It uses the passwd command but with some changes for root level The default root password is root 1 Log in as sysadmin The command line prompt displays 2 Type bash to start a shell process notice sysadmin level 3 su switch user to root level enter the existing root password default root After the system accepts the password notice that the root level sysadmin SCSXXYY 4 Typ...

Page 84: ...the system reboots log in using the new sysadmin password User Access and Functions The user can be any person who is assigned a user name and password by the system administrator The system may have up to 200 unique users including sysadmin the only default user For security reasons users can change their own password For the most part users access the SCS through the network connection In genera...

Page 85: ...he SCS You need a standard SCS user password pair to authenticate to the system IP traffic can then be forwarded through the SCS to the Ethernet port This allows standard Internet applications to communicate to systems including the SCSxx20 on the network attached to the Ethernet port of the SCSxx20 These applications include but are not limited to telnet ftp and SSH CHAP is also supported Callbac...

Page 86: ...ly connects to the server and acts as if the terminal was physically connected to the server The SCS displays the last page of the device buffer along with a system information message indicating the device port selected To escape from direct mode use the direct mode escape sequence The direct mode escape sequence is a series of two to five characters that allow you to leave direct mode and return...

Page 87: ...lways log out when you are finished with your session activity To log out from a user session 1 Type logout 2 Press Enter If you are logging out from a network the SCS disconnects the Telnet or SSH session If you are logging out from a direct serial session the SCS returns to the login prompt The system administrator may configure the SCS to automatically log you out if the terminal connection has...

Page 88: ... Lists files changed from factory settings x x clear Clears port buffer x config restore Restores a configuration x config save Saves a configuration x x connections Lists all users in direct mode x deluser Deletes a user x x direct Enters direct mode x dtedce Configures the device port type x x editbrk Edits user send break sequence x editdev Edits device settings x x editesc Edits user direct mo...

Page 89: ...sed to set up the system All commands are case sensitive SAVE SAVE saves any new system data to the system s non volatile memory All parameters and settings that the sysadmin changes remain in RAM until then The sysadmin should run SAVE before powering off or rebooting the system SAVE is not required the very first time only that the sysadmin sets up the system using the automated setup script In ...

Page 90: ...ommands Command specific help is provided for some commands when you type h space dash dash the letter h after the command Other commands use h space dash letter h Some commands offer pop up help if your entry is in an invalid format Some commands do not provide a help file q exits help Note Some system commands e g poweroff reboot operate immediately and do not have a help file using help or h al...

Page 91: ...an the sysadmin password and is administered differently See Changing the Root Password break Use this command to break a connection The syntax is break port e g break 1 break 2 break 3 changes Use this command to list files that have been changed from factory settings config save Use this command to place a backup of the system configuration on the ftp or tftp server configured in the setup proce...

Page 92: ...nerate the security keys for SSH using ssh keygen depending on your application of SSH Refer to the man pages for SSH for a description and command options ssh keygen Use ssh keygen to create the security keys for your client system to interact with an SSH host elsewhere After the keys have been generated the user can establish a secure shell connection using SSH over a network See Advanced Sysadm...

Page 93: ...ystem senses periods of no activity on the connection and if the idle time exceeds the timeout duration the system disconnects the port Use timeout h to get a help file for the timeout feature Use timeout c value 0 or 1 30 for the terminal port timeout Use timeout t value 0 or 1 30 for the Telnet network timeout You may disable timeout for any or all of the connection ports The timeout duration ma...

Page 94: ... for all device ports Press the spacebar to continue the list and press q when you reach the end prompt editdev Use editdev u device number or name to edit and update the parameter settings of a device Step through each device option when you are done the system prompts Are you sure before accepting the changes Remember to SAVE listdev Use the listdev command to display a list of device port names...

Page 95: ...for the device ports is XON XOFF Check the equipment documentation for the correct flow control setting Buffering The Inhibit Buffering in Direct setting allows the administrator to turn off port buffering while a user is connected to the device and is in direct mode The device port buffer still collects data while not in direct mode when this setting is active You may disable direct mode bufferin...

Page 96: ...ted successfully Enter accepts present value Server number of 0 zero will remove all access to servers ESCAPE_SEQ x1bA BREAK_SEQ x1bB ALLOW_CLEAR 1 9 1 8 ALLOW_DIRECT 1 9 1 3 5 7 ALLOW_LISTEN 1 9 1 3 5 7 9 Are you sure y sysadmin 1 Type adduser and press Enter 2 Type the desired user name case sensitive and press Enter A prompt asks for a password for the new user Note Passwords should be at least...

Page 97: ...t to inhibit this ability to preserve user accountability when accessing attached devices Users are allowed to clear buffers by default The ALLOW_DIRECT option determines which devices a user may select for direct access The ALLOW_LISTEN option determines which devices a user may select for listen mode 1 You have two options To edit or change parameters for the sysadmin enter the command edituser ...

Page 98: ...the same line Note The deluser command does not verify whether you wish to delete the user or not Be careful Use the listusers command after deleting a user ID to verify the deletion editbrk Use editbrk user name to edit the break sequence for a user The break sequence user key strokes default is Esc B displays to the system administrator in its ASCII form in the edituser list See Break Sequence o...

Page 99: ...y the sysadmin user has permission to run telnetconfig Users who wish to Telnet to a device port must have must have direct access rights to use this command listen Use listen port name or number to listen to a port only applies to ports for which this user is allowed listen access clear Use clear port name or number to clear the buffer of a device port only applies to ports for which this user is...

Page 100: ...ut Enter passphrase Identity added home max ssh identity max miraclehut max miraclehut jay ssh humperdink castle In the first step I invoke the ssh agent giving it a child program to run The agent gives access to my key s only to its children I run bash here so that every program I run in this new bash shell can have access to my private key I just as well could have typed ssh agent xterm or ssh a...

Page 101: ...type any more passphrases I can walk away now content that I don t have to manually start Tripwire on each of the nine hosts I can use more for loops now since I don t have to re enter my passphrase again until I exit out of the bash shell This saves tons of time without the insecurity of rsh or rlogin s rhost authentication Mounting File Systems During Boot You can configure the SCS to mount a fi...

Page 102: ...ystem needs to be dumped fs_passno The fsck program uses this to determine the order to check disks at boot time An example of an entry in etc fstab is as follows erh62 export var test var test nfs rw bg intr soft 0 0 To manually test whether the system will automatically mount a file system at boot time enter the following command to manually mount the file mount a This command reads the etc fsta...

Page 103: ...tion of the two listed in the etc directory are system files The auto master and auto export files are configuration files for automount The following example describes how to set up the SCS so that whenever user tomv logs into the SCS and accesses its home directory the system uses the NFS mounted file system on the erh62 server 1 Look at the configuration files The auto master file tells automou...

Page 104: ...at the SCS will use 2 Once the configuration files are complete start the autofs service by issuing the following command service autofs start For completeness you can place a symlink in the home directory ln s export home tomv tomv Now the user can access the user s home directory using the path home tomv If you need to change the autofs configuration files you must restart the service by doing o...

Page 105: ...You can set up the console server in several simple steps The reason to use one access method or the other is site specific If your site has limited IP addresses available then you may want to define separate IP port numbers for the serial ports and use these numbers in combination with the console server s IP address If you have enough IP addresses available and would like to assign names to each...

Page 106: ...cted to the serial port Assume we have three devices connected to three different serial ports Serial port 1 is connected to the console of a Sun server named quasar Serial port 2 is connected to the console of a SGI named seyfert Serial port 3 is connected to the console of an HP named stellar We assigned a distinct IP address to each console server serial port Then we associated these three IP a...

Page 107: ...uncomment the existing entries in the supplied etc inetd conf as follows a Log in to the sysadmin account sysadmin bash sysadmin km3210 var tmp su Password root km3210 var tmp cd etc root km3210 etc vi inetd conf b Uncomment the entries for ports 9001 to 9017 Save and exit vi The entries should look like 9001 stream tcp nowait root usr sbin tcpd in telnetd c Tell the inetd process to re read the e...

Page 108: ...ng 192 168 201 60 Connected to km3205 lci net 192 168 201 60 Escape character is km3205 lci net login kerrym Password Last login Thu Mar 14 11 19 54 from quasar Entering Direct mode Server 5 Saving the Changes to Flash Once you complete the setup save the changes to flash Note that on the system shown below NIS was running NIS was used for both the login authentication of kerrym and to obtain the ...

Page 109: ...168 202 11 through 192 168 202 26 These correspond to serial ports 1 through 16 respectively The IP addresses do not need to be in consecutive order Obtain or choose IP addresses that are appropriate for your site 1 Log in to the sysadmin account and then go into the bash shell sysadmin bash sysadmin km3210 var tmp su Password root km3210 var tmp cd lci root km3210 lci vi lwip_serial conf 2 Modify...

Page 110: ...f the eth0 n output values is shown below Note that your Hwaddr will not match the one that is shown below root km3210 etc sysconfig network scripts ifconfig eth0 Link encap Ethernet HWaddr 00 30 31 00 27 D5 inet addr 192 168 201 60 Bcast 192 168 201 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 164716 errors 0 dropped 0 overruns 0 frame 0 TX packets 8039 error...

Page 111: ... etc sysconfig network scripts ifdown eth0 root km3210 etc sysconfig network scripts ifup eth0 Testing Now verify that you can access the serial ports on an IP address basis You can test this from the SCS itself Exit the root user and perform this from the sysadmin shell level If you have not set up the local or NIS port permission file for the user on the console server the user will not have acc...

Page 112: ...daemon OK Binding to the NIS domain OK Listening for an NIS domain server quasar lci net system SAVE complete sysadmin Final Testing Reboot the SCS to verify that the test procedures above operate If not return to the appropriate section above and verify your setup From the command line shell of the sysadmin login command a reboot sysadmin reboot Once the console server reboots attempt to access t...

Page 113: ...other end of the serial port should use some type of authentication method Some sites may have their console servers on a dedicated internal network that only a system administrator or a console management software application can access This additional step of authentication becomes either a nuisance or causes problems with the console management software application In this case you can indicate...

Page 114: ...n any of the ports Otherwise specify a range and or comma separated entries e g 1 4 6 12 16 c Save and exit this file 3 Once you have tested your changes save them to flash root km3210 lci exit exit sysadmin km3210 var tmp exit exit sysadmin SAVE Shutting down Timeout daemon OK Shutting down NIS services OK Saving random seed OK Initializing random number generator OK mounting filesystem read writ...

Page 115: ...in parentheses indicate the behavior if N is given h H Display this help q q Q Q ZZ Exit MOVING pattern Search backward for N th matching line HELP Press RETURN for more or q when done HELP Press RETURN for more or q when done HELP Press RETURN for more or q when done e E j N CR Forward one line or N lines y Y k K P Backward one line or N lines f F V SPACE Forward one window or N lines b B ESC v B...

Page 116: ...ne N G ESC Go to last line in file or line N p Go to beginning of file or N percent into file Find close bracket Find open bracket ESC F c1 c2 Find close bracket c2 ESC B c1 c2 Find open bracket c1 Each find close bracket command goes forward to the close bracket matching the N th open bracket in the top line Each find open bracket command goes backward to the open bracket matching the N th close ...

Page 117: ... B auto buffers Don t automatically allocate buffers for pipes c C clear screen CLEAR SCREEN Repaint by scrolling clearing HELP Press RETURN for more or q when done vi Editor Commands The vi editor is a powerful command editor used to modify Unix commands Note It is possible to damage a file which might render the system inoperative by improper use of a file or command editor on system files This ...

Page 118: ...rwritten o Creates a new line below the current line and inserts the text All existing text shifts down and follows the text you are about to insert u Reverts to the previous text undo x Deletes the letter at the current cursor position dd Deletes the current line Once you have completed all editing you must close or save the file in line mode Closing a File Opened in vi After you are done editing...

Page 119: ... Code Equivalent Character Hexadecimal Code Equivalent Character 00 NUL 20 SP 01 SOH 21 02 STX 22 03 ETX 23 04 EOT 24 05 ENQ 25 06 ACK 26 07 BEL 27 08 BS 28 09 HT 29 0A NL 2A 0B VT 2B 0C NP 2C 0D CR 2D 0E SO 2E 0F SI 2F 10 DLE 30 0 11 DC1 31 1 12 DC2 32 2 13 DC3 33 3 14 DC4 34 4 15 NAK 35 5 16 SYN 36 6 17 ETB 37 7 18 CAN 38 8 19 EM 39 9 1A SUB 3A 1B ESC 3B 1C FS 3C 1D GS 3D 1E RS 3E 1F US 3F 40 60...

Page 120: ... Code Equivalent Character 42 B 62 b 43 C 63 c 44 D 64 d 45 E 65 e 46 F 66 f 47 G 67 g 48 H 68 h 49 I 69 i 4A J 6A j 4B K 6B k 4C L 6C l 4D M 6D m 4E N 6E n 4F O 6F o 50 P 70 p 51 Q 71 q 52 R 72 r 53 S 73 s 54 T 74 t 55 U 75 u 56 V 76 v 57 W 77 w 58 X 78 x 59 Y 79 y 5A Z 7A z 5B 7B 5C 7C 5D 7D 5E 7E 5F _ 7F DEL ...

Page 121: ...l devices You can configure the SCSxx05 SCSxx20 device ports as either DTE or DCE ports using a software command thus reducing the issues in making custom pinned cables for different devices The serial terminal port is wired in the same manner as the device ports and has the same signal options Note It is generally not necessary to change the configuration of the terminal port other than its data ...

Page 122: ...uts Pinouts for SCSxx05 Terminal and Device Ports DCE and DTE 4 2 7 8 1 6 3 5 Tx Rx RTS CTS DTR DSR SG SCSxx05 Terminal Device DTE RJ45 4 2 7 8 1 6 3 5 Tx Rx RTS CTS DTR DSR SG SCSxx05 Terminal Device DCE RJ45 pin 1 RJ45 Connector Note Default for Device Ports is DTE Setting ...

Page 123: ...e adapters illustrated below are compatible with the Lantronix SCSxx05 models RJ45 Receptacle to DB25M DCE Adapter for the SCSxx05 Part 200 2066A Use PN 200 2066A adapter with a dumb terminal or with most SUN applications 1 5 2 6 4 7 6 2 7 20 8 4 8 5 3 3 RJ45 DB25 Male Pin 1 ...

Page 124: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 4 RJ45 Receptacle to DB25F DCE Adapter for the SCSxx05 Part 200 2067A 1 5 2 6 4 7 6 2 7 20 8 4 8 5 3 3 RJ45 DB25 Female Pin 1 ...

Page 125: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 5 RJ45 Receptacle to DB9M DCE Adapter for the SCSxx05 Part 200 2069A 1 8 2 6 4 5 6 3 7 4 8 7 1 5 3 2 RJ45 DB9 Male Pin 1 ...

Page 126: ...xx20 User Guide C Pinouts and Adapters C 6 RJ45 Receptacle to DB9F DCE Adapter for the SCSxx05 Part 200 2070A Use PN 200 2070A adapter with a PC s serial port 1 8 2 6 4 5 6 3 7 4 8 7 1 5 3 2 RJ45 DB9 Female Pin 1 ...

Page 127: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 7 RJ45 Receptacle to DB9M DTE Adapter for the SCSxx05 Part 200 2071 ...

Page 128: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 8 RJ45 Receptacle to DB9F DTE Adapter for the SCSxx05 Part 200 2072 ...

Page 129: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 9 RJ45 Receptacle to DB25M DTE Adapter for the SCSxx05 Part 200 2073 ...

Page 130: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 10 RJ45 Receptacle to DB25F DTE Adapter for the SCSxx05 Part 200 2074 ...

Page 131: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 11 RJ45 to RJ45F Netra Adapter for the SCSxx05 Part 200 2225 Use this adapter for Netra SUN CISCO and others ...

Page 132: ... Pinouts for SCSxx20 Terminal and Device Ports DCE and DTE 1 4 6 8 7 2 3 5 Tx Rx RTS CTS DTR DSR DCD SG SCS1620 Terminal Device DTE RJ45 1 4 6 8 7 2 3 5 Tx Rx RTS CTS DTR DSR DCD SG SCS1620 Terminal Device DCE RJ45 pin 1 RJ45 Connector Note Default for Device Ports is DCE Setting ...

Page 133: ...e adapters illustrated below are compatible with the Lantronix SCSxx20 models RJ45 Receptacle to DB25M DCE Adapter for the SCSxx20 Part 200 0066 Use PN 200 0066 adapter with a dumb terminal or with most SUN applications 2 3 4 7 6 6 8 1 20 4 5 5 8 DB25 Male RJ45 Pin 1 3 2 7 5 ...

Page 134: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 14 RJ45 Receptacle to DB25F DCE Adapter for the SCSxx20 Part 200 0067 2 3 4 7 6 6 8 1 20 4 1 5 5 8 DB25 Male RJ45 Pin 1 3 2 7 5 ...

Page 135: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 15 RJ45 Receptacle to DB9M Adapter for SCSxx20 Part 200 0069 1 1 3 3 5 5 7 7 8 8 1 5 4 4 DB9 Male RJ45 Pin 1 2 2 6 6 ...

Page 136: ...SCSxx20 User Guide C Pinouts and Adapters C 16 RJ45 Receptacle to DB9F Adapter for SCSxx20 Part 200 0070 Use PN 200 0070 adapter with a PC s serial port 1 1 3 3 5 5 7 7 8 8 1 5 4 4 DB9 Female RJ45 Pin 1 2 2 6 6 ...

Page 137: ...SCSxx05 SCSxx20 User Guide C Pinouts and Adapters C 17 Netra t1 to SCSxx20 RJ45 Adapter Part 200 0225 Use this adapter for Netra SUN CISCO and others ...

Page 138: ...ostatic Discharge Test EN 61000 4 3 1995 Radiated RF Immunity Field Test EN 61000 4 4 1995 Electrical Fast Transient Test EN 61000 4 5 1995 Power Supply Surge Test EN 61000 4 6 1996 Conducted RF Immunity Test EN 61000 4 8 1993 Power Frequency Magnetic Field Test EN 61000 4 11 1994 Voltage Dips Interrupts Test Supplementary Information This Class A digital apparatus complies with Canadian ICES 003 ...

Page 139: ...ety EN 60950 2000 Emissions EN 55022 1998 Class A Immunity EN 55024 1998 This product meets the requirements for and carries the following marks VCCI Japan AS NZS Australia New Zealand GS Germany GOST Russia S Mark Argentina MIC Korea Manufacturer s Contact Director of Quality Assurance Lantronix Inc 15353 Barranca Parkway Irvine CA 92618 USA Phone 949 453 3990 Fax 949 453 3995 ...

Page 140: ...5 Power Supply Surge Test IEC61000 4 6 1996 Conducted Immunity Test IEC61000 4 8 1993 Magnetic Field Test IEC61000 4 11 1994 Voltage Dips Interrupts Test Supplementary Information This Class A digital apparatus complies with Canadian ICES 003 CSA and has been verified as being compliant within the Class A limits of the FCC Radio Frequency Device Rules FCC Title 47 Part 15 Subpart B CLASS A measure...

Page 141: ...to Lantronix Lantronix will ship the replacement media to the customer In no event will Lantronix be responsible to the user in contract in tort including negligence strict liability or otherwise for any special indirect incidental or consequential damage or loss of equipment plant or power system cost of capital loss of profits or revenues cost of replacement power additional expenses in the use ...

Search results

Summary of Contents for SCSxx05

Reviews:

Related manuals for SCSxx05

Brands by name

Popular brands

Lantronix SCSxx05, User Manual

Search results

Summary of Contents for SCSxx05

Reviews:

Related manuals for SCSxx05

Brands by name

Popular brands