Page 1 SecureLinx Console Manager (SLC) User Guide SecureLinx SLC8 SecureLinx SLC16 SecureLinx SLC32 SecureLinx SLC48 Part No. 900-449 Rev. F April 2008...
Page 2: Copyright & Trademark
Copyright & Trademark © 2004, 2005, 2006, 2007, 2008 Lantronix. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Printed in the United States of America.
Page 3: Disclaimer & Revisions
Changes or modifications to this device not explicitly approved by Lantronix will void the user's authority to operate this device. The information in this guide may change without notice. The manufacturer assumes no responsibility for any errors that may appear in this guide.
Page 4: Table Of Contents
Table of Contents Copyright & Trademark _______________________________________________________ 2 Open Source Software ________________________________________________________ 2 Contacts ___________________________________________________________________ 2 Disclaimer & Revisions _______________________________________________________ 3 1: About This Guide Purpose and Audience__________________________________________________ 10 Chapter Summaries ____________________________________________________ 10 Additional Documentation _______________________________________________ 12 2: Overview SLC Models __________________________________________________________ 14 System Features ______________________________________________________ 15 Protocols Supported_________________________________________________________ 16 Access Control _____________________________________________________________ 16...
Page 5 Web Page Help ____________________________________________________________ 36 Command Line Interface ________________________________________________ 36 Logging in_________________________________________________________________ 36 Logging out________________________________________________________________ 37 Command Syntax___________________________________________________________ 37 Command Line Help_________________________________________________________ 38 Tips______________________________________________________________________ 38 General CLI Commands _____________________________________________________ 39 6: Basic Parameters Requirements_________________________________________________________ 41 Network Settings ______________________________________________________ 42 Ethernet Counters __________________________________________________________ 45 Network Commands_________________________________________________________ 46 IP Filter______________________________________________________________ 47 Viewing IP Filters ___________________________________________________________ 47...
Page 6 Device Ports – Logging _________________________________________________ 90 Local Logging ______________________________________________________________ 90 NFS File Logging ___________________________________________________________ 90 PC Card Logging ___________________________________________________________ 90 Email/SNMP Notification _____________________________________________________ 91 Sylog Logging______________________________________________________________ 91 Logging Commands _________________________________________________________ 94 Console Port _________________________________________________________ 95 Console Port Commands _____________________________________________________ 96 Host Lists ____________________________________________________________ 97 Host List Commands _______________________________________________________ 101 9: PC Cards...
Page 7 Custom User Menu Commands_______________________________________________ 164 Example _________________________________________________________________ 165 12: Maintenance Firmware & Configurations _____________________________________________ 168 Firmware & Configurations – Web Sessions ________________________________ 173 Firmware & Configurations – SSL Certificate________________________________ 174 iGoogle Gadgets _____________________________________________________ 176 Administrative Commands ___________________________________________________ 177 System Logs ________________________________________________________ 180 System Log Command______________________________________________________ 183 Audit Log ___________________________________________________________ 183 Diagnostics _________________________________________________________ 184...
Page 8 Host List Commands __________________________________________________ 233 IP Filter Commands ___________________________________________________ 235 Logging Commands___________________________________________________ 236 Network Commands __________________________________________________ 237 NFS and SMB/CIFS Commands _________________________________________ 239 PC Card Commands __________________________________________________ 240 PC Card Storage Commands ________________________________________________ 240 PC Card Modem Commands _________________________________________________ 242 Routing Commands ___________________________________________________ 243 Services Commands __________________________________________________ 243 SLC Network Commands ______________________________________________ 245...
Page 9 Figures Figure 2-1. SLC - 48 Device Ports, 2 Network Ports, 1 Console Port, Dual DC Powered..15 Figure 2-2. Device Port Connections ..................17 Figure 2-3. Console Port Connection ..................18 Figure 2-4. Network Connection....................18 Figure 2-5. PC Card Interface ....................18 Figure 3-1.
Page 10: 1: About This Guide
Purpose and Audience This guide provides the information needed to install, configure, and use the products in the Lantronix SecureLinx Console Manager (SLC) family. It is for IT professionals who must remotely and securely configure and administer servers, routers, switches, telephone equipment, or other devices equipped with a serial port.
Page 11 1: About This Guide Chapter Summary 8: Devices Provides instructions for configuring global device port settings, individual device port settings, and console port settings. 10: Connections Provides instructions for configuring connections and viewing, updating, or disconnecting a connection. 11: User Authentication Provides instructions for enabling or disabling methods that authenticate users who attempt to log in via SSH, Telnet, or the console port.
Page 12: Additional Documentation
1: About This Guide Additional Documentation The following information is available on the product CD, the Lantronix web site (www.lantronix.com), or the product itself: SLC Quick Start Describes the steps for getting the SLC up and running; provided on the CD and in printed form.
Page 13 IT professionals a variety of tools to securely access and manage their resources. Lantronix has been an innovator in this market with terminal servers and secure console servers, as well as other remote access devices. The SLC Console Managers build on that foundation and offer new features and capabilities.
Page 14: 2: Overview
2: Overview SLC Models These SLC models offer a compact solution for remote and local management of up to 48 devices (e.g., servers, routers, and switches) with RS-232C (now EIA-232) compatible serial consoles in a 1U-tall rack space. All models have two Ethernet ports, referred to in this User Guide as Eth1 and Eth2. Note: One possible use for the two Ethernet ports is to have one port on a private, secure network and the other on a public, unsecured network.
Page 15: System Features
2: Overview Figure 2-1. SLC - 48 Device Ports, 2 Network Ports, 1 Console Port, Dual DC Powered 1U Tall, Self-Contained Two-Line Front Panel Two PC Card Slots Rack-Mountable Chassis LCD Display Pushbuttons Console Port (RS-232) Two 10/100 Network Ports RS-232 Device Ports (1-48) On/Off Switch Dual DC Power Input...
Page 16: Protocols Supported
2: Overview Protocols Supported The SLC supports the TCP/IP network protocol as well as: SSH, Telnet, PPP, NFS, and CIFS for connections in and out of the SLC SMTP for mail transfer. DNS for text-to-IP address name resolution SNMP for remote monitoring and management FTP and SFTP for file transfers and firmware upgrades TFTP for firmware upgrades DHCP and BOOTP for IP address assignment...
Page 17: Hardware Features
D: Adapters and Pinouts.) Note: RJ45 to DB9/DB25 adapters are available from Lantronix. Device ports and the console port support eight baud-rate options: 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 baud. Figure 2-2. Device Port Connections...
Page 18: Network Connections
Figure 2-4. Network Connection PC Card Interface The SLC has two PC Card slots. Lantronix qualifies cards continuously and publishes a list of qualified cards on the Lantronix web site. Figure 2-5. PC Card Interface SecureLinx SLC User Guide...
Page 19: 3: Installation
PC-based Linux servers ADP010104-01 Adapter: RJ45 rolled serial, Cisco, and Sun Netra Note: An optional adapter for external modems is also available from Lantronix: 200.2073 Adapter: DB25M (DCE) to RJ45, external modems. Cables: 200.0063 Cable: RJ45 to RJ45, 6.6 ft (2 m)
Page 20: Product Information Label
3: Installation Product Information Label The product information label on the underside of the unit contains the following information about each specific unit: Part Number Serial Number Bar Code Serial Number and Date Code Regulatory Certifications and Statements Technical Specifications Table 3-1.
Page 21: Physical Installation
To connect to a device port: 1. Connect one end of the Cat 5 cable to the device port. 2. Connect the other end of the Cat 5 cable to a Lantronix serial console adapter. Note: To connect a device port to a Lantronix SLP, use the rolled serial cable provided with the unit, a 200.2225 adapter and Cat 5 cabling, or the ADP010104 adapter that...
Page 22: Connecting To A Network Port
RS-232C protocol and supports VT100 emulation. The default baud rate is 9600. To connect the console port to a terminal or computer with terminal emulation, Lantronix offers optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector.
Page 23: Power
DC Input The DC version of the SLC accepts standard –48 VDC power. The SLC0xx24T models accept two DC power inputs for supply redundancy. Lantronix provides the DC power connections using industry standard Wago connectors. One set of connectors is included with the SLC.
Page 24: 4: Quick Setup
This chapter helps get the IP network port up and running quickly, so you can administer the SLC using your network. To set up the network connections quickly, we suggest you do one of the following: Use the front panel LCD display and pushbuttons. Complete the Quick Setup web page on the web interface.
Page 25: Method #1 Using The Front Panel Display
4: Quick Setup Method Description Front panel LCD display You manually assign the IP address and other basic network, and pushbuttons console, and date/time settings. If desired, you can restore the factory defaults. Serial port login to You assign an IP address and configure the SLC using a command line interface terminal or a PC running a terminal emulation program to the unit’s serial console port connection.
Page 26: Navigating
4: Quick Setup Any changes made to the network, console port, and date/time settings take effect immediately. Navigating The front panel has one Enter button (in the center) and four arrow buttons (up, left, right, and down). Press the arrow buttons to navigate from one option to another, or to increment or decrement a numerical entry of the selected option.
Page 27 4: Quick Setup Note: If you have connected Eth1 to the network, and Eth1 is able to acquire an IP address through DHCP, this IP address displays, followed by the letter [D]. Otherwise, the IP address displays as all zeros (000.000.000.000). 2.
Page 28: Restoring Factory Defaults
4: Quick Setup Restoring Factory Defaults To use the LCD display to restore factory default settings: 1. Press the right arrow button to move to the last option, Release. 2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit Restore Factory Defaults password displays.
Page 29 4: Quick Setup 4. To accept the defaults, select the Accept default Quick Setup settings checkbox in the top portion of the page and click the Apply button at the bottom of the page. Otherwise, continue with step 5. Note: Once you click the Apply button on the Quick Setup page, you can continue using the web interface to configure the SLC further.
Page 30 Domain If desired, specify a domain name (for example, support.lantronix.com). The domain name is used for host name resolution within the SLC. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC attempts to resolve abcd.mydomain.com for the...
Page 31: Method #3 Quick Setup On The Command Line Interface
4: Quick Setup Method #3 Quick Setup on the Command Line Interface If the SLC does not have an IP address, you can connect a dumb terminal or a PC running a terminal emulation program (VT100) to access the command line interface. (See Connecting a Terminal on page 22.) If the unit has an IP address, you can use SSH...
Page 32 Domain If desired, specify a domain name (for example, support.lantronix.com). The domain name is used for host name resolution within the SLC. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC attempts to resolve abcd.mydomain.com for the...
Page 33: Next Step
4: Quick Setup Figure 4-3. Completed Quick Setup 5. To logout, type logout at the prompt and press Enter. Next Step After quick starting the SLC, you may want to configure other settings. You can use the web page or the command line interface for configuration. For information about the web and the command line interfaces, go to 5: Web and Command Line Interfaces.
Page 34: 5: Web And Command Line Interfaces
The SLC offers three interfaces for configuring the SLC: a command line interface (CLI), a web interface, and an LCD with pushbuttons on the front panel. This chapter discusses the web and command line interfaces. (4: Quick Setup includes instructions for using the LCD to configure basic network settings.) Web Interface A web interface allows the system administrator and other authorized users to configure...
Page 35: Logging In
PIN number, the next passcode, or the next tokencode. The Lantronix SLC Quick Setup page displays automatically the first time you log in. Subsequently, the Lantronix SLC Home page displays. (If you want to display the Quick Setup page again, click Quick Setup on the main menu.)
Page 36: Logging Off
5: Web and Command Line Interfaces Logging off To log off the SLC web interface: Click the Logoff button. The “Logging out” message, followed by the login page displays. Web Page Help To view detailed information about an SLC web page: Click the Help button to the right of the web page title.
Page 37: Logging Out
5: Web and Command Line Interfaces Logging out To log out of the SLC command line interface: 1. Type logout and press Enter. Command Syntax Commands have the following format: <action> <category> <parameter(s)> where <action> is set, show, connect, admin, diag, pccard, or logout. <category>...
Page 38: Command Line Help
5: Web and Command Line Interfaces Command Line Help For general Help and to display the commands to which you have rights, type: help For general command line Help, type: help command line For more information about a specific command, type help followed by the command, for example: help set network or help admin firmware Tips...
Page 39: General Cli Commands
5: Web and Command Line Interfaces General CLI Commands The following commands relate to the CLI itself. To configure the current command line session: set cli scscommands <enable|disable> Allows you to use SCS-compatible commands as shortcuts for executing commands: Note: Settings are retained between CLI sessions for local users and users listed in the remote users list.
Page 40 5: Web and Command Line Interfaces To view the rights of the currently logged-in user: show user Note: For information about user rights, see 11: User Authentication. SecureLinx SLC User Guide...
Page 41: 6: Basic Parameters
This chapter explains how to set the following basic configuration settings for the SLC using the SLC web interface or the CLI: Network parameters that determine how the SLC interacts with the attached network Firewall and routing Date and time Note: If you entered some of these settings using a Quick Setup procedure, you may update them here.
Page 42: Network Settings
6: Basic Parameters Network Settings To enter settings for one or both network ports: 1. Click the Network tab and select the Network Settings option. The following page displays: 2. Enter the following information: Eth1 and Eth2 Settings Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP) are not currently supported.
Page 43 6: Basic Parameters Eth 1 and/or Eth 2 Disabled: If selected, disables the network port. Defaults Settings are Eth1 and Eth2 enabled. Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway from the DHCP server. (The DHCP server may not provide the hostname gateway, depending on its setup.) This is the default setting.
Page 44 6: Basic Parameters Gateway Default IP address of the router for this network. If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2 displays. All network traffic that matches the Eth1 IP address and subnet mask is sent out Eth1.
Page 45: Ethernet Counters
Domain If desired, specify a domain name (for example, support.lantronix.com). The domain name is used for host name resolution within the SLC. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC attempts to resolve abcd.mydomain.com for the...
Page 46: Network Commands
6: Basic Parameters Network Commands The following CLI commands correspond to the web page entries described above. To set the default and alternate network gateways: set network gateway <parameters> Parameters: default <IP Address> precedence <dhcp|gprs|default> alternate <IP Address> pingip <IP Address> ethport <1 or 2>...
Page 47: Ip Filter
6: Basic Parameters To set TCP Keepalive and IP Forwarding network parameters: set network <parameters> Parameters: interval <1-99999 Seconds> ipforwarding <enable|disable> probes <Number of Probes> startprobes <1-99999 Seconds> To view all network settings: show network all To view Ethernet port settings and counters: show network port <1|2>...
Page 48: Enabling Ip Filters
6: Basic Parameters Enabling IP Filters On the IP Filter page, you can enable all filters or disable all filters. Note: There is no way to enable or disable individual filters. To enable IP filters: 1. Enter the following: Enable IP Filter Select the Enable IP Filter checkbox to enable all filters, or clear the checkbox to disable all filters.
Page 49 6: Basic Parameters 1. On the IP Filter page, click the Add Ruleset button. The following page displays: 2. Enter the following Ruleset Name Name that identifies a filter; may be composed of letters, numbers, and hyphens only. (The name cannot start with a hyphen.) Example: FILTER-2 Rule Parameters...
Page 50: Updating An Ip Filter
6: Basic Parameters Port Range Enter a range of destination TCP or UDP port numbers to be tested. An entry is required for TCP, TCP New, TCP Established, and UDP, and is not allowed for other protocols. Separate multiple ports with commas. Separate ranges of ports by colons.
Page 51: Mapping A Rule Set
6: Basic Parameters Mapping a Rule Set The administrator can assign an IP Filter Rule Set to a network interface (Ethernet interface), a modem connected to a Device Port, or a PC Card modem. To map a rule set to a network interface: 1.
Page 52: Routing
6: Basic Parameters Routing The SLC allows you to define static routes and, for networks using Routing Information Protocol (RIP)-capable routes, to enable the RIP protocol to configure the routes dynamically. To configure routing settings: 1. Click the Network tab and select the Routing option. The following page displays: 2.
Page 53: Routing Commands
6: Basic Parameters 3. Click the Apply button. Note: To display the routing table, click the IP Routes Report link. The Status/Reports page displays. To view the report, select the IP Routes checkbox and click Generate Report. Routing Commands The following CLI commands correspond to the web page entries described above. To configure static or dynamic routing: set routing [parameters] Parameters:...
Page 54: 7: Services
Use the Services page to: Configure the amount of data sent to the logs. Enable or disable SSH and Telnet logins. Enable a Simple Network Management Protocol (SNMP) agent. Note: The SLC supports both MIB-II (as defined by RFC 1213) and a private enterprise MIB.
Page 55 7: Services 2. Enter the following settings: System Logging In the System Logging section, select one of the following alert levels from the drop- down list for each message category: Off: Disables this type of logging. Info: Saves informative message, in addition to warning and error messages. Warning Saves message output from a condition that may be cause for concern, in addition to error messages.
Page 56 7: Services Remote Servers IP address of the remote server(s) where system logs (#1 and #2) are stored. The system log is always saved to local SLC storage. It is retained through SLC reboots for files up to 200K. Saving the system log to a server that supports remote logging services (see RFC 3164) allows the administrator to save the complete system log history.
Page 57 7: Services Web Telnet Enables or disables the ability to access the SLC command Iine interface or device ports (connect direct) through the Web Telnet window. Disabled by default. Timeout If you enable Telnet logins, you can cause an idle connection to disconnect after a specified number of minutes.
Page 58: Snmp
7: Services SNMP Simple Network Management Protocol (SNMP) is a set of protocols for managing complex networks. 1. Click the Services tab and select the SNMP option. The following page displays: 2. Enter the following: Enable Agent Enables or disables SNMP agent, which allows read- only access to the system.
Page 59 7: Services When SNMP is enabled, an NMS (Network Management System) acts as a central server, requesting and receiving SNMP-type information from any computer using SNMP. The NMS can request information from the SLC and receive traps from the SLC. Enter the IP address of the NMS server. Required if you selected Enable Traps.
Page 60: Ssh,Telnet, And Logging Commands
7: Services V3 Read-Only User User Name SNMP v3 is secure and requires user-based authorization to access SLC MIB objects. Enter a user ID. The default is snmpuser. Up to 20 characters. Password for a user with read-only authority to use to Password/Retype access SNMP v3.
Page 61: Nfs And Smb/Cifs
7: Services netlog <off|error|warning|info|debug> nms <IP Address or Name> phonehome <enable|disable> phoneip <IP Address> portssh <TCP Port> rocommunity <Read-Only Community Name> rwcommunity <Read-Write Community Name> servlog <off|error|warning|info|debug> smtpserver <IP Address or Hostname> snmp <enable|disable> ssh <enable|disable> syslogserver1 <IP Address or Name> syslogserver2 <IP Address or Name>...
Page 62 7: Services Mounting an NFS shared directory on a remote network server onto a local SLC directory enables the SLC to store device port logging data on that network server. This configuration avoids possible limitations in the amount of disk space on the SLC available for the logging file(s).
Page 63: Nfs And Smb/Cifs Commands
7: Services NFS Mounts Remote Directory The remote NFS share directory in the format: nfs_server_hostname or ipaddr:/exported/path Local Directory The local directory on the SLC on which to mount the remote directory. The SLC creates the local directory automatically. Read-Write If enabled, indicates that the SLC can write files to the remote directory.
Page 64: Securelinx Network
7: Services To mount a remote NFS share: set nfs mount <one or more parameters> Parameters: locdir <Directory> mount <enable|disable> remdir <Remote NFS Directory> rw <enable|disable> Enables read/write access to remote directory. Note: The remdir and locdir parameters are required, but if you specified them previously, you do not need to provide them again.
Page 65 7: Services To view and manage SecureLinx Managers and Spiders on the local network: 1. Click the Services tab and select the SecureLinx Network option. The following page displays. 2. To manage a SecureLinx device, click its IP Address. A separate browser page takes the user to the web interface for the selected SecureLinx device (login required).
Page 66 7: Services Above the table, the Telnet to the CLI Enabled and SSH to the CLI Enabled fields indicate whether the unit has been set for Telnet or SSH access to the CLI. The table page lists all of the unit’s device ports (if applicable), indicates whether they are Telnet enabled or SSH enabled, and lists their Telnet and SSH port numbers.
Page 67 7: Services c) To open a Telnet session to a specific device port, click the Yes link in the Telnet Enabled column. d) To open an SSH session to the CLI, click Yes in the SSH to the CLI Enabled field above the table.
Page 68: Securelinx Network Commands
7: Services SecureLinx Select the type of search you want to conduct. Network Search Local Subnet performs a broadcast to detect SecureLinx devices on the local subnet. Manually Entered IP Address List provides a list of IP addresses that may not respond to a broadcast because of how the network is configured.
Page 69: Date And Time
Date and Time You can specify the current date, time, and time zone at the SLC’s location (default), or the SLC can use NTP to synchronize with other NTP devices on your network. To set the local date, time, and time zone: 1.
Page 70: Date And Time Commands
7: Services Synchronize via Select one of the following: Broadcast from NTP Server: Enables the SLC to accept time information periodically transmitted by the NTP server. This is the default if you enable NTP. Poll NTP Server: Enables the SLC to query the NTP Server for the correct time.
Page 71 7: Services To synchronize the SLC with a remote time server using NTP: set ntp <one or more ntp parameters> Parameters: localserver1 <IP Address or Hostname> localserver2 <IP Address or Hostname> localserver3 <IP Address or Hostname> poll <local|public> publicserver <IP Address or Hostname> state <enable|disable>...
Page 72: 8: Devices
This chapter describes how to view the status of, configure, and use an SLC device port connected to an external device, such as a server or a modem. Chapter 10: Connections describes how to use the Connections web page to connect external devices and outbound network connections (such as Telnet or SSH) in various configurations.
Page 73: Permissions
8: Devices Permissions There are three types of permissions: Direct (or data) mode: The user can interact with and monitor the device port (connect direct command). Listen mode: The user can only monitor the device port (connect listen command). Clear mode: The user can clear the contents of the device port buffer (set locallog <port>...
Page 74 8: Devices 1. Click the Devices tab and select the Device Status option. The following page displays: Current port numbering schemes for Telnet, SSH, and TCP ports display on the left. The list of ports 1-16 on the right includes the individual ports and their current mode. Note: To view additional ports, click the 17-32 button or the 33-48 button, as appropriate.
Page 75 8: Devices Telnet/SSH/TCP in Port Numbers Starting Telnet Each port is assigned a number for connecting via Telnet. Port Enter a number (1025-65535) that represents the first port. The default is 2000 plus the port number. For example, if you enter 2001, subsequent ports are automatically assigned numbers 2002, 2003, and so on.
Page 76: Global Commands
8: Devices Global Commands The following CLI commands correspond to the web page entries described above. To configure settings for all or a group of device ports: set deviceport global <one or more parameters> Parameters: maxdirect <1-10> Sets the maximum number of direct connections for each device port. sshport <TCP Port>...
Page 77 8: Devices To enter device port settings: 1. Enter the following: Mode The status of the port; displays automatically. SecureLinx SLC User Guide...
Page 78 (0). Connected to The type of device connected to the device port. Presently, the SLC supports Lantronix’s SecureLinx Remote Power Manager (SLP8 and SLP16) and Sensorsoft devices. If the type of device is not listed, select undefined.
Page 79 8: Devices IP Address IP address used for this device port so a user can Telnet, SSH, or establish a raw TCP connection to this address and connect directly to the device port. For Telnet and SSH, the default TCP port numbers (22 and 23, respectively) are used to connect to the device port.
Page 80 8: Devices Show Lines on If enabled, when the user either does a connect direct Connecting from the CLI or connects directly to the port using Telnet or SSH, the SLC outputs up to 24 lines of buffered data as soon as the serial port is connected.
Page 81 8: Devices Modem Timeout Timeout for all modem connections. Select Yes (default) for the SLC to terminate the connection if no traffic is received during the configured idle time. Enter a value of from 1 to 9999 seconds. The default is 30 seconds. Caller ID Logging Select to enable the SLC to log caller IDs on incoming calls.
Page 82 8: Devices Authentication Enables PAP or CHAP authentication for modem logins. PAP is the default. With PAP, users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled. With CHAP, the CHAP Handshake fields authenticate the user. CHAP Handshake The host/username (for UNIX systems) or secret/user password (for Windows systems) used for CHAP...
Page 83: Port Status And Counters
8: Devices b) In to Device Ports, type the device port numbers, separated by commas; indicate a range of port numbers with a hyphen (e.g., 2, 5, 7-10). Note: It may take a few minutes for the system to apply the settings to multiple ports.
Page 84 8: Devices To enter SLP commands: 1. Enter the following: SLP Login User ID for logging into the SLP. Password for logging into the SLP. Password/Retype Password SLP Status/Info Outlet Status Note: If there is an SLP and an SLP Expansion chassis, the SLP is Tower A and the Expansion chassis is Tower B.
Page 85: Device Port - Sensorsoft Device
8: Devices SLP Commands Restart SLP To restart the SLP, select the checkbox. Control Outlet For Tower A or Tower B, select All Outlets or Single Outlet and the number of the outlet to be controlled (1-8 for the SLP8 or 1-16 for the SLP16) and select the command for the outlet (No Action, Power On, Power Off, Cycle Power).
Page 86: Device Port Commands
8: Devices High Humidity Enter the highest relative acceptable humidity permitted on the device above which the sensor sends a trap to the SLC. Traps Select to indicate the SLC should send a trap or configured Event Alert when the sensor detects an out-of-range configured threshold.
Page 87 8: Devices A script that initializes a modem. localipaddr <negotiate|IP Address> logins <enable|disable> modemmode <text|ppp> modemstate <disable|dialout|dialin|dialback|dialondemand|dial in+dialondemand|dialinhostlist> modemtimeout <disable|1-9999 seconds> name <Device Port Name> nat <enable|disable> parity <none|odd|even> remoteipaddr <negotiate|IP Address> restartdelay <PPP Restart Delay> showlines <enable|disable> sshauth <enable|disable> sshin <enable|disable>...
Page 88: Device Commands
8: Devices To zero the port counters for one or more device ports: show portcounters zerocounters <Device Port List or Name> Device Commands The following CLI commands correspond to the web page entries described above. To send commands to (or control) a device connected to an SLC device port over the serial port: Note: Currently the only devices supported for this type of interaction are the SLP...
Page 89: Interacting With A Device Port
8: Devices Interacting with a Device Port Once a device port has been configured and connected to an external device such as the console port of an external server, the data received over the device port can be monitored at the command line interface with the connect listen command, as follows: To connect to a device port to monitor it: connect listen deviceport <Port # or Name>...
Page 90: Device Ports - Logging
8: Devices Device Ports – Logging The SLC products support port buffering of the data on the system's device ports as well as notification of receiving data on a device port. Port logging is disabled by default. You can enable more than one type of logging (local, NFS file, email/SNMP, or PC Card) at a time.
Page 91: Email/Snmp Notification
8: Devices Email/SNMP Notification The system administrator can configure the SLC to send an email alert message indicating a particular condition detected in the device port log to the appropriate parties or an SNMP trap to the designated NMS (see Services).
Page 92 8: Devices Clear Local Log Select the checkbox to clear the local log. View Local Log Click this link to see the local log in text format. Email/SNMP Traps Email/Traps Select the checkbox to enable email and SNMP logging. Email logging sends an email message to pre-defined email addresses or an SNMP trap to the designated NMS (see Services) when alert criteria are met.
Page 93 8: Devices Text String The specific pattern of characters the SLC must recognize before sending a notification to the technician about this port. The maximum is 100 characters. You may use a regular expression to define the pattern. For example, the regular expression “abc[def]g”...
Page 94: Logging Commands
8: Devices PC Card Logging PC Card Logging Select to enable PC Card logging. A PC Card Compact Flash must be loaded into one of the PC Card slots on the front of the SLC and properly mounted ((see PC Card Logging on page 90).
Page 95: Console Port
8: Devices emailsend <email|trap|both> emailstring <Regex String> emailsubj <Email Subject> emailthreshold <Byte Threshold> emailto <Email Address> filedir <Logging Directory> filelogging <enable|disable> filemaxfiles <Max # of Files> filemaxsize <Max Size of Files> locallogging <enable|disable> name <Device Port Name> nfsdir <Logging Directory> nfslogging <enable|disable>...
Page 96: Console Port Commands
8: Devices 2. Change the following as desired: Baud The speed with which the device port exchanges data with the attached serial device. From the drop-down list, select the baud rate. Most devices use 9600 for the administration port, so the console port defaults to this value.
Page 97: Host Lists
8: Devices To configure console port settings: set consoleport <one or more parameters> Parameters: baud <300-115200> databits <7|8> stopbits <1|2> parity <none|odd|even> flowcontrol <none|xon/xoff|rts/cts> showlines <enable|disable> timeout <disable|1-30> To view console port settings: show consoleport Host Lists A host list is a prioritized list of SSH, Telnet, and TCP hosts available for establishing incoming modem connections or for the connect direct command on the CLI.
Page 98 8: Devices 2. In the lower section of the page, enter the following: Note: To clear fields in the lower part of the page, click the Clear Host List button. Host List Id (view Displays after a host list is saved. only) Host List Name Enter a name for the host list.
Page 99 8: Devices Escape Sequence The escape character used to get the attention of the SSH or Telnet client. It is optional, and if not specified, Telnet and SSH use their default escape character. For Telnet, the escape character is either a single character or a two-character sequence consisting of '^' followed by one character.
Page 100 8: Devices 2. View, add, or update the following: Host List Id (view Displays after a host list is saved. only) Host List Name Enter a name for the host list. Retry Count Enter the number of times the SLC should attempt to retry connecting to the host list.
Page 101: Host List Commands
8: Devices Escape Sequence The escape character used to get the attention of the SSH or Telnet client. It is optional, and if not specified, Telnet and SSH use their default escape character. For Telnet, the escape character is either a single character or a two-character sequence consisting of '^' followed by one character.
Page 102 8: Devices To add a new host entry to a list or edit an existing entry: set hostlist add|edit <Host List Name> entry <Host Number> [<parameters>] Parameters: host <IP Address or Name> protocol <ssh|telnet|tcp> port <TCP Port> escapeseq <1-10 Chars> To move a host entry to a new position in the host list: set hostlist edit <Host List Name>...
Page 103 90). The SLC supports a variety of Compact Flash-to-PC Card adapters, as well as modem and Basic Rate Interface (BRI) ISDN cards. (See the Lantronix web site for a complete list.) To set up PC Card storage in the SLC: 1.
Page 104: 9: Pc Cards
To enter modem settings for a PC Card: 1. Insert any of the supported modem or ISDN cards (see www.lantronix.com/slc) into either of the PC Card bays on the front of the SLC. (You can do this before or after powering up the SLC.)
Page 105 9: PC Cards 4. Enter or view the following: State Select to indicate whether to disable the PC Card or set it for dial-in, dial-out, dial-back, dial-on-demand, or dial-in & dial-on-demand. Disabled by default. SecureLinx SLC User Guide...
Page 106 9: PC Cards Mode The format in which the data flows back and forth. With Text selected, the SLC assumes that the modem will be used for remotely logging into the command line. Text mode is only for dialing in. This is the default. PPP establishes an IP-based link over the modem.
Page 107 9: PC Cards Stop Bits The number of stop bit(s) used to indicate that a byte of data has been transmitted. From the drop-down list, select the number of stop bits. The default is 1. Flow Control A method of preventing buffer overflow and loss of data. The available methods include none, xon/xoff (software), and RTS/CTS (hardware).
Page 108 9: PC Cards Text Mode Timeout If you selected Text mode, you can enable logins to time Logins out after the connection is inactive for a specified number of minutes. The default is No. This setting only applies to text mode connections. PPP mode connections stay connected until either side drops the connection.
Page 109 9: PC Cards Enables PAP or CHAP authentication for dial-in & dial-on- Authentication demand. PAP is the default. With PAP, users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled. With CHAP, the DOD CHAP Handshake fields authenticate the user.
Page 110: Pc Card Commands
9: PC Cards Authenticate If selected, the SLC requires user authentication before granting access to the port. Authenticate is selected by default for Telnet Port and SSH Port, but not for TCP Port. 5. Click the Apply button. PC Card Commands These commands for the command line interface correspond to the web page entries described above.
Page 111 9: PC Cards auth <pap|chap> baud <300-115200> 9600 is the default. calleridcmd <Modem Command String> calleridlogging <enable| disable> chaphost <CHAP Host or User Password> chapsecret <CHAP Secret or User Password> databits <7|8> dialbacknumber <usernumber|Phone Number> dialinlist <Host List for Dial-in> dodauth <pap|chap>...
Page 112 9: PC Cards tcpauth <enable|disable> tcpport <TCP Port> telnetauth <enable|disable> telnetport <TCP Port> timeoutlogins <disable|1-30> SecureLinx SLC User Guide...
Page 113 Chapter 8: Devices described how to configure and interact with an SLC device port connected to an external device. This chapter describes how to use the Connections web page to connect external devices and outbound network connections (such as Telnet or SSH) in various configurations.
Page 114: 10: Connections
10: Connections Typical Setup Scenarios for the SLC Following are typical configurations in which SLC connections can be used, with references to settings on the Connections and Device Ports web pages. Terminal Server In this setup, the SLC acts as a multiplexer of serial data to a single server computer. Terminal devices are connected to the serial ports of the SLC and configured as a Device Port to Telnet out type connection on the Connections page.
Page 115: Reverse Terminal Server
A PC can use the device ports on the SLC as virtual serial ports, enabling the ports to act as if they are local ports to the PC. To use the SLC in this setup, the PC requires special software, for example, Com Port Redirector (available on www.lantronix.com) or similar software).
Page 116: Console Server
10: Connections Console Server For this situation, the SLC is configured so that the user can manage a number of servers or pieces of network equipment using their console ports. The device ports on the SLC are connected to the console ports of the equipment that the user would like to manage. To manage a specific piece of equipment, the user can Telnet or SSH to a specific port or IP address on the SLC and be connected directly to the console port of the end server or device.
Page 117: Connection Configuration
10: Connections Connection Configuration To create a connection: 1. Click the Devices tab and select the Connections opton. The following page displays: 2. For a device port, enter the following: Port The number of the device port you are connecting. This device port must be connected to an external serial device and must not have command line interface logins enabled, be connected to a...
Page 118 10: Connections Data Flow Select the arrow showing the direction (bidirectional or unidirectional) the data will flow in relationship to the device port you are connecting. From the drop-down list, select a destination for the connection: a device port connected to a serial device, a device port connected to a modem, or an outbound network connection (Telnet, SSH, TCP Port, or UDP Port).
Page 119: Connection Commands
10: Connections Trigger Select the condition that will trigger a connection. Options include: Connect now: Connects immediately, or if you reboot the SLC, immediately on reboot. Connect at date/time: Connects at a specified date and time. Use the drop-down lists to complete the date and time.
Page 120 10: Connections To connect to a device port to monitor and/or interact with it, or to establish an outbound network connection: connect direct <endpoint> Endpoint is one of: deviceport <Port # or Name> ssh <IP Address or Name> [port <TCP Port>] [<SSH flags>] where <SSH flags>...
Page 121 10: Connections To connect a device port to another device port or an outbound network connection (data flows in both directions): connect bidirection <Port # or Name> <endpoint> Endpoint is one of: charcount <# of Chars> charseq <Char Sequence> charxfer <toendpoint|fromendpoint> deviceport <Device Port # or Name>...
Page 122 10: Connections command <Command to Execute> tcp <IP Address> [port <TCP Port>] telnet <IP Address or Name> [port <TCP Port] trigger <now|datetime|chars> udp <IP Address> [port <UDP Port>] Note: If the trigger is datetime (establish connection at a specified date/time), enter the date parameter.
Page 123: 11: User Authentication
Users who attempt to log in to the SLC by means of Telnet, SSH, the console port, or one of the device ports are granted access by one or more authentication methods. The User Authentication page provides a submenu of methods (Local Users, NIS, LDAP, RADIUS, Kerberos, and TACACS+) for authenticating users attempting to log in.
Page 124 11: User Authentication 2. To enable a method currently in the Disabled methods list, select the method and press the left arrow to the left of the list. The methods include: NIS (Network A network naming and administration system developed by Information Sun Microsystems for smaller networks.
Page 125: Authentication Commands
11: User Authentication TACACS+ TACACS+ allows a remote access server to communicate (Terminal Access with an authentication server to determine whether the user Controller Access has access to the network. TACACS+ is a completely new Control System) protocol and is not compatible with TACACS or XTACACS. The SLC supports TACACS+ only.
Page 126: User Rights
11: User Authentication User Rights The SLC has three default user groups: Administrators, Power Users, and Default Users. Each has a predefined set of rights; users inherit rights from the user group to which they belong. These rights are in addition to the current functions that a user can perform at the CLI: connect direct/listen set locallog/password/history/cli...
Page 127: Local And Remote Users
11: User Authentication Local and Remote Users The system administrator can configure the SLC to use local accounts and remote accounts to authenticate users. 1. Click the User Authentication tab and select the Local/Remote Users option. The following page displays. The top of the page has entry fields for enabling local and remote users and for setting password requirements.
Page 128 11: User Authentication To set password requirements for local users: Local User Passwords Complex Select to enable the SLC to enforce rules concerning the Passwords password structure (e.g., alphanumeric requirements, number of characters, punctuation marks). Disabled by default. Complexity rules: Passwords must be at least eight characters long.
Page 129: Local/Remote User Settings
11: User Authentication Local/Remote User Settings On this page, you can add, edit, or delete a local or remote user. To add a user: 1. On the Local/Remote Users page (described above), click the Add/Edit User button. The Local/Remote User Settings page displays. 2.
Page 130 11: User Authentication Data Ports The device ports with which the user may interact using the connect direct command. Enter the port numbers or the range of port numbers. Clear Port Buffers The device port buffers the users may clear using the set locallog clear command.
Page 131 11: User Authentication Allow Password Select to allow the user to change password. Change Change Password Indicate whether the user must change the password at the on Next Login next login. Lock Account Select to locks the account indefinitely. 3. Assign rights to users. Each user is a member of a group that has a predefined user rights associated with it.
Page 132: Local Users Commands
11: User Authentication PC Card Right to enter modem settings for PC cards. Includes managing storage PC Cards. 4. Click the Apply button. 5. Click the Back to Local/Remote Users link to return to the Local/Remote User Settings page. 6. Add another user or click the Back to Local/Remote Users link. The Local/Remote Users page displays with the new user(s) listed in the table.
Page 133 11: User Authentication To configure local accounts (including sysadmin) who log in to the SLC by means of SSH, Telnet, the Web, or the console port: set localusers add|edit <User Login> <parameters> Parameters: allowdialback <enable|disable> breakseq <1-10 Chars> changenextlogin <enable|disable> changepassword <enable|disable>...
Page 134: Local User Rights Commands
11: User Authentication To allow (unlock) a user's ability to log in: set localusers unlock <User Login> Note: This capability is not available on the web page. Local User Rights Commands The following CLI commands correspond to the web page entries described above. To add a local user to a user group or to change the group the user belongs to: set localusers add|edit <user>...
Page 135: Nis
11: User Authentication To configure attributes for users who log in by a remote authentication method: set remoteusers add|edit <User Login> [<parameters>] Parameters breakseq <1-10 Chars> clearports <Port List> dataports <Port List> escapeseq <1-10 Chars> group <default|power|admin> listenports <Port List> permissions <Permissions List>...
Page 136 11: User Authentication 2. Enter the following: Enable NIS Displays selected if you enabled this method on the Authentication Methods page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: You can enable NIS here or on the first User Authentication page.
Page 137 11: User Authentication Custom Menu If custom menus have been created (see Custom User Menus on page 163), you can assign a default custom menu to NIS users. Escape Sequence A single character or a two-character sequence that causes the SLC to leave direct (interactive) mode. (To leave listen mode, press any key.) A suggested value is Esc+A (escape key, then uppercase "A"...
Page 138: Nis Commands
11: User Authentication Local Users Right to add or delete local users on the system. Remote Right to assign a remote user to a user group and assign a Authentication set of rights to the user. SSH Keys Right to set SSH keys for authenticating users. User Menus Right to create a custom user menu for the CLI for NIS users.
Page 139: Ldap
11: User Authentication To configure the SLC to use NIS to authenticate users who log in via the Web, SSH, Telnet, or the console port: set nis <one or more parameters> Parameters: breakseq <1-10 Chars> broadcast <enable|disable> clearports <Port List> dataports <Port List>...
Page 140 11: User Authentication All LDAP users are members of a group that has predefined user rights associated with it. You can add additional user rights that are not defined by the group. To configure the SLC to use LDAP to authenticate users: 1.
Page 141 11: User Authentication Bind Name The name for a non-anonymous bind to an LDAP server. This item has the same format as LDAP Base. One example is cn=administrator,cn=Users,dc=domain,dc=com Bind Password and Password for a non-anonymous bind. This entry is Retype Password optional.
Page 142: Ldap Commands
11: User Authentication Group Select the group to which the LDAP users will belong: Default Users: This group has only the most basic rights (described above). Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot & Shutdown, and Diagnostics &...
Page 143: Radius
11: User Authentication To configure the SLC to use LDAP to authenticate users who log in via the Web, SSH, Telnet, or the console port: set ldap <one or more parameters> Parameters: adsupport <enable|disable> Enables or disables active directory. base <LDAP Base> bindname <Bind Name>...
Page 144 11: User Authentication To configure the SLC to use RADIUS to authenticate users: 1. Click the User Authentication tab and select RADIUS. The following page displays. 2. Enter the following: Enable RADIUS Displays selected if you enabled this method on the User Authentication page.
Page 145 11: User Authentication RADIUS Server #1 IP address or hostname of the primary RADIUS server. This RADIUS server may be a proxy for SecurID. SecurID is a two-factor authentication method based on the user's SecurID token and pin number. The SecurID token displays a string of digits called a token code that changes once a minute (some tokens are set to change codes every 30 seconds).
Page 146 11: User Authentication Break A series of 1-10 characters users can enter on the Sequence command line interface to send a break signal to the external device. A suggested value is Esc+B (escape key, then uppercase “B” performed quickly but not simultaneously). You would specify this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B.
Page 147: Radius Commands
11: User Authentication Firmware & Right to upgrade the firmware on the unit and save or restore Configuration a configuration (all settings). Selecting this option automatically selects Reboot & Shutdown. Diagnostics & Right to obtain diagnostic information and reports about the Reports unit.
Page 148: Kerberos
11: User Authentication To set permissions for RADIUS users not already defined by the user rights group: set radius permissions <Permission List> where <Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, pc, rs, rc, dr, wb, sn, ad To remove a permission, type a minus sign before the two-letter abbreviation for a user right.
Page 149 11: User Authentication 2. Enter the following: Displays selected if you enabled this method on the User Enable Kerberos Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: You can enable Kerberos here or on the first User Authentication page.
Page 150 11: User Authentication KDC Port Port on the KDC listening for requests. Enter an integer with a maximum value of 65535. The default is 88. Custom Menu If custom menus have been created (see Custom User Menus page 163), you can assign a default custom menu to RADIUS users.
Page 151: Kerberos Commands
11: User Authentication Networking Right to enter Network settings. Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and SMTP. SecureLinx Right to view and manage SecureLinx units (e.g., SLPs, Network Spiders, SLCs) on the local subnet. Date/Time Right to set the date and time.
Page 152: Tacacs
11: User Authentication To configure the SLC to use Kerberos to authenticate users who log in via the Web, SSH, Telnet, or the console port: set kerberos <one or more parameters> Parameters: breakseq <1-10 Chars> clearports <Port List> dataports <Port List> escapeseq <1-10 Chars>...
Page 153 11: User Authentication To configure the SLC to use TACACS+ to authenticate users: 1. Click the TACACS+ tab and select TACACS+. The following page displays. 2. Enter the following: Enable TACACS+ Displays selected if you enabled this method on the User Authentication page.
Page 154 11: User Authentication Escape Sequence A single character or a two-character sequence that causes the SLC to leave direct (interactive) mode. (To leave listen mode, press any key.) A suggested value is Esc+A (escape key, then uppercase "A" performed quickly but not simultaneously). You would specify this value as \x1bA, which is hexadecimal (\x) character 27 (1B) followed by an A.
Page 155: Tacacs+ Commands
11: User Authentication Remote Right to assign a remote user to a user group and assign a Authentication set of rights to the user. SSH Keys Right to set SSH keys for authenticating users. User Menus Right to create a custom user menu for the CLI for TACACS+ users.
Page 156: Ssh Keys
11: User Authentication To set user group and permissions for TACACS+ users: set tacacs+ group <default|power|admin> To set permissions for TACACS+ users not already defined by the user rights group: set tacacs+ permissions <Permission List> where <Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, pc, rs, rc, dr, wb, sn, ad To remove a permission, type a minus sign before the two-letter abbreviation for a user right.
Page 157 11: User Authentication 1. From the main menu, select User Authentication – SSH Keys. The following page displays. 2. Enter the following: Imported Keys (SSH In) Host & User Associated with Key These entries are required in the following cases: The imported key file does not contain the host that the user will be making an SSH connection from, or SecureLinx SLC User Guide...
Page 158 11: User Authentication The SLC local user login for the connection is different from the user name the key was generated from or is not included in the imported key file. If either of these conditions is true, or the imported file is in SECSH format, you must specify the user and host.
Page 159 11: User Authentication Passphrase/Retype Optionally, enter a passphrase associated with the key. The Passphrase passphrase may have up to 50 characters. The passphrase is an optional password that can be associated with an SSH key. It is unique to each user and to each key. SECSH Format Indicate whether the keys will be exported in SECSH format (by default the key is exported in OpenSSH format).
Page 160 11: User Authentication 2. View or enter the following: Reset to Default Select the All Keys checkbox to reset all default Host Key key(s), or select one or more checkboxes to reset defaults for RSA1, RSA, or DSA keys. All checkboxes are unselected by default.
Page 161: Ssh Commands
11: User Authentication Import via From the drop-down list, select the method of importing the host key (SCP or SFTP). The default is SCP. Public Key Filename of the public host key. Filename Private Key Filename of the private host key. Filename Host Host name or IPaddress of the host from which to...
Page 162 11: User Authentication To export a key: set sshkey export <ftp|scp|copypaste> <one or more parameters> Parameters: [format <openssh|secsh>] [host <IP Address or Name>] [login <User Login>] [path <Path to Copy Key>] bits <512|1024> keyname <SSH Key Name> keyuser <SSH Key User> type <rsa|dsa>...
Page 163: Custom User Menus
11: User Authentication To display SSH keys that have been imported: show sshkey import <one or more parameters> Parameters: [keyhost <SSH Key IP Address or Name>] [keyuser <SSH Key User>] [viewkey <enable|disable>] To display SSH keys that have been exported: show sshkey export <one or more parameters>...
Page 164: Custom User Menu Commands
11: User Authentication Custom User Menu Commands When creating a custom user menu, note the following limitations: Maximum of 20 custom user menus Maximum of 50 commands per custom user menu (logout is always the last command) Maximum of 15 characters for menu names Maximum of five nested menus can be called.
Page 165: Example
11: User Authentication Example The system administrator creates two custom user menus, with menu1 having a nested menu (menu2): [slc]> set menu add menu1 Enter optional menu title (<return> for none): Menu1 Title Specify nickname for each command? [no] y Enter each command, up to 50 commands ('logout' is always the last command).
Page 166 11: User Authentication __Custom User Menus___________________________________________________________ Menu: menu2 Title: Menu2 Title Show Nicknames: disabled Redisplay Menu: disabled Command 1: connect direct deviceport 3 Nickname 1: <none> Command 2: connect direct deviceport 4 Nickname 2: <none> Command 3: show datetime Nickname 3: <none>...
Page 167 11: User Authentication Menu1 Title ------------------------------------------------------------------------- 1) connect Port-1 3) menu2 2) connect Port-2 4) log off [Enter 1-4]> 4 Executing: logout Logging out... SecureLinx SLC User Guide...
Page 168: 12: Maintenance
The system administrator performs maintenance activities and operates the SLC using the pages of the Maintenance tab and additional commands on the command line interface. Firmware & Configurations The SLC Firmware & Configurations page allows the system administrator to: Configure the FTP, SFTP, or TFTP server that will be used to provide firmware updates and save/restore configurations.
Page 169 12: Maintenance 2. Enter the following: General Reboot Select this option to reboot the SLC immediately. The default is No. Note: The front panel LCD displays the “Rebooting the SLC” message, and the normal boot sequence occurs. Shutdown Select this option to shut down the SLC. The default is No.
Page 170 12: Maintenance Welcome Banner The text to display on the command line interface before the user logs in. Welcome to the SLC is the default. Note: To create more lines use the \n character sequence. Login Banner The text to display on the command line interface after the user logs in.
Page 171 Firmware Filename The name of the firmware update file downloaded from the Lantronix web site. A key for validating the firmware file. The key is provided with the firmware file (32 hex characters).
Page 172 12: Maintenance Configuration Management Configuration From the option list, select one of the following: Management No Save/Restore: Does not save or restore a configuration. Save Configuration: Saves all settings to file, which can be backed up to a location that is not on the SLC.
Page 173: Firmware & Configurations - Web Sessions
12: Maintenance Preserve Allows the user to keep a subset of the current Configuration after configuration after restoring a configuration or Restore resetting to factory defaults. Select the checkbox for each part of the current configuration you want to keep, for example, Networking, Services, or Device Ports.
Page 174: Firmware & Configurations - Ssl Certificate
12: Maintenance 2. To terminate a web session, select the checkbox for the session and click the Terminate button. 3. To return to the Firmware & Configurations page, click the Back to Firmware & Configurations link. Firmware & Configurations – SSL Certificate The SLC Firmware &...
Page 175 12: Maintenance 2. If desired, enter the following: Reset to Default To reset to the default certificate, select the Certificate checkbox to reset to the default certificate. Unselected by default. Import SSL To import your own SSL Certificate, select the Certificate checkbox.
Page 176: Igoogle Gadgets
1. Load the following XML code on a web server that is accessible over the Internet. This code describes how to retrieve information and how to format the data for display. <?xml version="1.0" encoding="UTF-8" ?> <Module> <ModulePrefs title="__UP_model__ Devport Status" title_url="http://www.lantronix.com" directory_title="SLC/SLB Status" description="Devport status and counters" scrolling="true" width="400" height="360" /> <UserPref name="model"...
Page 177: Administrative Commands
12: Maintenance Administrative Commands These commands for the command line interface correspond to the web page entries described above. To reboot the SLC: admin reboot Note: The front panel LCD displays the “Rebooting the SLC” message, and the normal boot sequence occurs.
Page 178 12: Maintenance To prepare the SLC to be powered off: admin shutdown Note: When you use this command to shut down the SLC, the LCD front panel displays "Shutting down the SLC," followed by a pause, and then "Shutdown complete." When "Shutdown complete" displays, it is safe to power off the SLC.
Page 179 12: Maintenance To change the Restore Factory Defaults password used at the LCD to return the SLC to the factory settings: admin keypad password <Password> Must be 6 digits. To view keypad settings: admin keypad show To set the FTP/TFTP/SFTP server used for firmware updates and configuration save/restore: admin ftp server <IP Address or Hostname>...
Page 180: System Logs
12: Maintenance To list the configurations saved to a location: admin config show <default|ftp|sftp|nfs|cifs|pccard> [nfsdir <NFS Mounted Dir>] [pccardslot <upper|lower>] To run the quick setup script: admin quicksetup To import an SSL certificate, or reset the web server certificate to the default: admin web certificate import via <sftp|scp>...
Page 181 12: Maintenance 2. Enter the following: Select the type(s) of log you want to view. Level Select the alert level you want to view for the selected log. Starting at Select the starting point of the range you want to view: Beginning of Log: Beginning of the log.
Page 182 Select to and enter the person’s email address. c) Press the Email Output button. 5. To email the system log to Lantronix Technical Support: a) In the Comment field, enter a comment (if desired). b) Select to: Lantronix Tech Support.
Page 183: System Log Command
12: Maintenance System Log Command The following command for the command line interface corresponds to the web page entries described above. To view the system logs containing information and error messages: show syslog [<parameters>] Parameters: [email <Email Address>] level <error|warning|info|debug> log <all|netlog|servlog|authlog|devlog|diaglog|genlog>...
Page 184: Diagnostics
12: Maintenance 2. To select a sort option (by User or Command) click the appropriate button: To sort by user, click the Sort by User button. To sort by command/action, click the Sort by Command button. 3. To clear the log, click the Clear Log button. Diagnostics The Diagnostics web page provides methods for diagnosing problems such as network connectivity and device port input/output problems.
Page 185 12: Maintenance 2. Enter the following: Select Diagnostics Select one or more diagnostic methods you want to run, or select All to run them all. ARP Table Address Resolution Protocol (ARP) table used to view the IP address-to-hardware address mapping. Netstat Displays network connections.
Page 186 12: Maintenance Send Packet This option sends an Ethernet packet out one of the Ethernet ports, mainly as a network connectivity test. Enter the following: Protocol: Select the type of packet to send. Hostname: Specify a host name or IPaddress of the host to send the packet to.
Page 187: Diagnostic Commands
6. To email the report(s) to Lantronix Technical Support: a) In the Comment field, enter a comment (if desired). b) Select to: Lantronix Tech Support c) Call Lantronix Tech Support and obtain a case number. Note: For contact information, click the Lantronix Tech Support link.
Page 188 12: Maintenance To verify that the host is up and running: diag ping <IP Address or Name> [<parameters>] Parameters: count <Number of Times to Ping> The default is 5. packetsize <Size in Bytes> The default is 64. To display performance statistics for an Ethernet port or a device port (averaged over the last 5 seconds): diag perfstat [ethport <1|2>] [deviceport <Device Port # or Name>] To generate and send Ethernet packets:...
Page 189: Status/Reports
12: Maintenance Status/Reports On this page, you can view the status of the SLC ports and power supplies and generate a selection of reports. Note: Status and statistics shown on the web interface represent a snapshot in time. To see the most recent data, you must reload the web page. 1.
Page 190 3. Click the Generate Report button. In the upper left, the report page displays a list of reports generated. 4. To view a report, click the link for that report. 5. To email the report(s) to Lantronix Technical Support: a) In the Comment field, enter a comment (if desired). b) Select to: Lantronix Tech Support...
Page 191: Status Commands
12: Maintenance c) Call Lantronix Tech Support and obtain a case number. Note: For contact information, click the Lantronix Tech Support link. d) Enter the number in Case Number. e) Press the Email Output button. 6. To email the report(s) to an individual: a) In the Comment field, enter a comment (if desired).
Page 192: Events
12: Maintenance Events On this page, you can define what action you want to take for events that may occur in the SLC. 1. Click the Maintenance tab and select the Events option. The following page displays: 2. Enter the following: Event Trigger From the drop-down list, select the type of incident that triggers an event.
Page 193: Events Commands
12: Maintenance NMS/Host to For actions that forward a trap, enter the IP address of the forward trap to computer to forward the trap to. The computer does not have to be an SNMP NMS; it just has to be capable of receiving SNMP traps.
Page 194 12: Maintenance To update event definitions: admin events edit <Event ID> <parameters> Parameters: community <SNMP Community> deviceport <Device Port # or Name> ethport <1|2> nms <SNMP NMS> oid <SNMP Trap OID> pccardslot <upper|lower> emailaddress <destination email address> To delete an event: admin events delete <Event ID>...
Page 195: Figure 13-1. Slc Console Manager Configuration
Each SLC has multiple serial ports and two network ports. Each serial port can be connected to the console port of an IT device. Using a network port (in-band) or a modem (out-of-band) for dial-up connection, an administrator can remotely access any of the connected IT devices using Telnet or SSH.
Page 196: 13: Application Examples
13: Application Examples Telnet/SSH to a Remote Device The following figure shows a Sun server connected to port 2 of the SLC. Figure 13-2. Remote User Connected to a SUN Server via the SLC Sun Server Remote User Serial Cable to Port 2 Internet SLC Console Manager In this example, the sysadmin would:...
Page 197: Dial-In (Text Mode) To A Remote Device
13: Application Examples 2. Change the baud to 57600 and disable flow control: [slc]> set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated. 3. Connect to the device port: [slc]> connect direct deviceport 2 4. View messages from the SUN server console: Mar 15 09:09:44 tssf280r sendmail[292]: [ID 702911 mail.info] starting daemon (8.12.2+Sun): SMTP+queueing@00:15:00 Mar 15 09:09:44 tssf280r sendmail[293]: [ID 702911 mail.info] starting daemon...
Page 198 13: Application Examples Device Port settings successfully updated. [slc]> set deviceport port 1 localsecret "password" Device Port settings successfully updated. [slc]> set deviceport port 1 modemstate dialin Device Port settings successfully updated. [slc]> 2. Configure the device port that is connected to the console port of the Sun UNIX server: [slc]>...
Page 199: Local Serial Connection To Network Device Via Telnet
13: Application Examples Local Serial Connection to Network Device via Telnet This example shows a terminal device connected to an SLC device port, and a Sun server connected over the network to the SLC. When a connection is established between the device port and an outbound Telnet session, users can access the Sun server as though they were directly connected to it.
Page 200 13: Application Examples 2. Change the serial settings to match the serial settings for the vt100 terminal - changes baud to 57600 and disables flow control: [slc]> set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated. 3.
Page 201: 14: Command Reference
After an introduction to using commands, this chapter lists and describes all of the commands available on the SLC command line interface accessed through Telnet, SSH, or a serial connection. The commands are in alphabetical order by category. Introduction to Commands Following is some information about command syntax, command line help, and tips for using commands.
Page 202: Command Line Help
14: Command Reference Table 14-1. Actions and Category Options Action Category network | ipfilter | routing | datetime | ntp | services | nfs | cifs | menu | hostlist | auth | localusers | remoteusers | ldap | radius | kerberos | tacacs+ | consoleport | deviceport | nis | slcnetwork | command | sshkey | password | history | cli | locallog | show...
Page 203: Administrative Commands
14: Command Reference Use the up and down arrows to scroll through previously entered commands. If desired, select one and edit it. You can scroll through up to 100 previous commands entered in the session. To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.
Page 204 14: Command Reference admin config delete Syntax admin config delete <Config Name> location <default|cifs|pccard> [pccardslot <upper|lower>] Description Deletes a configuration. admin config factorydefaults Syntax admin config factorydefaults [savesshkeys <enable|disable>] [savesslcert <enable|disable>] [preserveconfig <Config Params to Preserve>] <Config Params to Preserve> is a comma-separated list of current configuration parameters to retain after the config restore or factorydefaults: nt –...
Page 205 14: Command Reference admin config show Syntax admin config show <default|ftp|sftp|nfs|cifs|pccard> [nfsdir <NFS Mounted Dir>] [pccardslot <upper|lower>] Description Lists the configurations saved to a location. admin firmware bootbank Syntax admin firmware bootbank <1|2> Description Sets the boot bank to be used at the next SLC reboot. Applies to dual-boot SLCs only. admin firmware copybank Syntax admin firmware copybank...
Page 206 14: Command Reference admin ftp server Syntax admin ftp server <IP Address or Hostname> [login <User Login>] [path <Directory>] Description Sets the FTP/TFTP/SFTP server used for firmware updates and configuration save/restore. admin ftp show Syntax admin ftp show Description Displays FTP settings. admin keypad Syntax admin keypad <lock|unlock>...
Page 207 14: Command Reference admin reboot Syntax admin reboot Description Reboots the SLC. The front panel LCD displays the “Rebooting the SLC” message, and the normal boot sequence occurs. admin shutdown Syntax admin shutdown Description Prepares the SLC to be powered off. When you use this command to shut down the SLC, the LCD front panel displays the “Shutting down the SLC”...
Page 208: Audit Log Commands
14: Command Reference Description Displays a web certificate. admin web gadget Syntax admin web gadget <enable|disable> Description Enables or disables iGoogle Gadget web content. admin web timeout Syntax admin web timeout <disable|5-120> Description Configures the timeout for web sessions. admin web terminate Syntax admin web terminate <Session ID>...
Page 209: Authentication Commands
14: Command Reference Authentication Commands set auth Syntax set auth <one or more parameters> Parameters authusenextmethod <enable|disable> kerberos <1-6> ldap <1-6> localusers <1-6> nis <1-6> radius <1-6> tacacs+ <1-6> Description Sets ordering of authentication methods. Local Users authentication is always the first method used. Any methods omitted from the command are disabled.
Page 210: Ldap Commands
14: Command Reference escapeseq <1-10 Chars> group <default|power|admin> ipaddr <Key Distribution Center IP Address> kdc <Key Distribution Center> listenports <Port List> port <Key Distribution Center TCP Port> realm <Kerberos Realm> state <enable|disable> useldapforlookup <enable|disable> permissions <Permission List> Note: User Permissions Commands on page 216 for information on groups and user rights.
Page 211: Local Users Commands
14: Command Reference listenports <Port List> permissions <Permission List> port <TCP Port> server <IP Address or Hostname> state <enable|disable> Default is 389. Note: User Permissions Commands on page 216 for information on groups and user rights. Description Configures the SLC to use LDAP to authenticate users who log in via the Web, SSH, Telnet, or the console port.
Page 212 14: Command Reference Description Configures local accounts (including sysadmin) who log in to the SLC by means of the Web, SSH, Telnet, or the console port. set localusers allowreuse Syntax set localusers allowreuse <enable|disable> Description Sets whether a login password can be reused. set localusers complexpasswords Syntax set localusers complexpasswords <enable|disable>...
Page 213: Nis Commands
14: Command Reference set localusers periodlockout Syntax set localusers periodlockout <Number of Minutes> Description Sets the number of minutes after a lockout before the user can try to log in again. Disabled by default. set localusers periodwarning Syntax set localusers periodwarning <Number of Days> Description Sets the number of days the system warns the user that the password will be expiring.
Page 214: Radius Commands
14: Command Reference clearports <Port List> custommenu <Menu Name> dataports <Port List> domain <NIS Domain Name> escapeseq <1-10 Chars> group <default|power|admin> listenports <Port List> master <IP Address or Hostname> permissions <Permission List> Note: User Permissions Commands on page 216 for information on groups and user rights. slave1 <IP Address or Hostname>...
Page 215: Tacacs+ Commands
14: Command Reference permissions <Permission List> Note: User Permissions Commands on page 216 for information on groups and user rights. timeout <enable|1-30> Sets the number of seconds after which the connection attempt times out. It may be 1-30 seconds. Description Configures the SLC to use RADIUS to authenticate users who log in via the Web, SSH, Telnet, or the console port.
Page 216: User Permissions Commands
14: Command Reference server2 <IP Address or Name> server3 <IP Address or Name> state <enable|disable> Description Configures the SLC to use TACACS+ to authenticate users who log in via the Web, SSH, Telnet, or the console port. show tacacs+ Syntax show tacacs+ Description Displays TACACS+ settings.
Page 217 14: Command Reference Description Allows (unlocks) a user's ability to login. set localusers permissions Syntax set localusers add|edit <user> permissions <Permission List> where <Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, pc, rs, rc, dr, wb, sn, ad To remove a permission, type a minus sign before the two-letter abbreviation for a user permission.
Page 218: Cli Commands
14: Command Reference show remoteusers Syntax show remoteusers Description Displays settings for all remote users set <nis|ldap|radius|kerberos|tacacs+> group Syntax set <nis|ldap|radius|kerberos|tacacs> group <default|power|admin> Description Sets a permission group for remotely authorized users. set <nis|ldap|radius|kerberos|tacacs+> permissions Syntax set <nis|ldap|radius|kerberos|tacacs> permissions <Permission List> where <Permission List>...
Page 219 14: Command Reference set cli menu start Syntax set cli menu start Description Starts the menu if the menu associated with the current user does not display. set cli terminallines Syntax set cli terminallines <disable|Number of lines> Description Sets the number of lines in the terminal emulation (screen) for paging through text one screenful at a time, if the SLC cannot detect the size of the terminal automatically.
Page 220: Connection Commands
14: Command Reference show history Syntax show history Description Displays the last 100 commands entered during the session. Connection Commands connect bidirection Syntax connect bidirection <Port # or Name> <endpoint> <one or more Parameters> Parameters Endpoint is one of: charcount <# of Chars> charseq <Char Sequence>...
Page 221 14: Command Reference connect direct Syntax connect direct <endpoint> Parameters Endpoint is one of: deviceport <Device Port # or Name> hostlist <Host List> ssh <IP Address or Name> [port <TCP Port>][<SSH flags>] where <SSH flags> is one or more of: user <Login Name>...
Page 222 14: Command Reference connect terminate Syntax connect terminate <Connection ID> Description Terminates a bidirectional or unidirectional connection. connect unidirection Syntax connect unidirection <Device Port # or Name> dataflow <toendpoint⎢fromendpoint> <endpoint> Parameters Endpoint is one of: charcount <# of Chars> charseq <Char Sequence> datetime <MMDDYYhhmm[ss]>...
Page 223: Console Port Commands
14: Command Reference show connections connid Syntax show connections connid <Connection ID> [email <Email Address>] Description Displays details for a single connection. You can optionally email the displayed information. Console Port Commands set consoleport Syntax set consoleport <one or more parameters> Parameters baud <300-115200>...
Page 224 14: Command Reference set localusers Syntax set localusers add|edit <User Login> menu <Menu Name> Description Assigns a custom user menu to a local user. set menu add Syntax set menu add <Menu Name> [command <Command Number>] Description Creates a new custom user menu or adds a command to an existing custom user menu. set menu edit Syntax set menu edit <Menu Name>...
Page 225: Date And Time Commands
14: Command Reference set <nis|ldap|radius|kerberos|tacacs+> custommenu Syntax set <nis|ldap|radius|kerberos|tacacs> custommenu <Menu Name> Description Sets a default custom menu for remotely authorized users. show menu Syntax show menu <all|Menu Name> Description Displays a list of all menu names or all commands for a specific menu: Date and Time Commands set datetime Syntax...
Page 226: Device Commands
14: Command Reference state <enable|disable> sync <broadcast|poll> Description Synchronizes the SLC with a remote time server using NTP. show ntp Syntax show ntp Description Displays NTP settings. Device Commands set command Syntax set command <Device Port # or Name or List> <one or more parameters> Parameters slp auth login <User Login>...
Page 227: Device Port Commands
14: Command Reference sensorsoft status Displays the status of the port. Description Sends commands to (or control) a device connected to an SLC device port over the serial port. Note: Currently the only devices supported for this type of interaction are the SLP and Sensorsoft devices.
Page 228 14: Command Reference gsmdialoutmode <gprs|gsm> gsmpin <GSM/GPRS PIN Number> idletimeout <disable|1-9999 seconds> initscript <Initialization Script> A script that initializes a modem. Note: We recommend preceding the initscript with AT and include E1 V1 x4 Q0 so that the SLC may properly control the modem. ipaddr <IP Address>...
Page 229 14: Command Reference tcpport <TCP Port> maxdirect <1-10> Description Configures settings for all or a group of device ports. show deviceport global Syntax show deviceport global Description Displays global settings for device ports. show deviceport names Syntax show deviceport names Description Displays a list of all device port names.
Page 230: Diagnostic Commands
14: Command Reference Description Displays the modes and states of one or more device port(s). You can optionally email the displayed information. Diagnostic Commands diag arp Syntax diag arp [email <Email Address>] Description Displays the ARP table of IP address-to-hardware address mapping. You can optionally email the displayed information.
Page 231: End Device Commands
14: Command Reference diag lookup Syntax diag lookup <Hostname> [email <Email Address>] Description Resolves a host name into an IP address. You can optionally email the displayed information. diag loopback Syntax diag loopback <Device Port Number or Name>[<parameters>] Parameters test <internal|external> xferdatasize <Size In Kbytes to Transfer>...
Page 232 14: Command Reference slp restart Issues the CLI command the SLP uses to restart itself. slp system Displays system information for the SLP. Description Sends commands to (or controls) a device connected to an SLC device port over the serial port. Note: Currently the only devices supported for this type of interaction are the SLP and Sensorsoft devices.
Page 233: Host List Commands
14: Command Reference admin events edit Syntax admin events edit <Event ID> <parameters> Parameters community <SNMP Community> deviceport <Device Port # or Name> ethport <1|2> nms <SNMP NMS> oid <SNMP Trap OID> pccardslot <upper|lower> emailaddress <destination email address> Description Edits event definitions. admin events show Syntax admin events show...
Page 234 14: Command Reference port <TCP Port> escapeseq <1-10 Chars> Description Adds a new host entry to a list or edit an existing entry. set hostlist edit <Host List Name> move Syntax set hostlist edit <Host List Name> move <Host Number> position <Host Number>...
Page 235: Ip Filter Commands
IP Filter Commands set ipfilter state Syntax set ipfilter state Description Enables or disables IP filtering for incoming network traffic. set ipfilter mapping Syntax set ipfilter mapping <parameters> Parameters ethernet <1|2> state <disable> ethernet <1|2> state <enable> ruleset <Ruleset Name> deviceport <1..48>...
Page 236: Logging Commands
14: Command Reference Logging Commands set deviceport port Syntax set deviceport port <Device Port List or Name> <one or more deviceport parameters> Parameters emaildelay <Email Delay> emaillogging <disable|bytecnt|charstr> emailrestart <Restart Delay> emailsend <email|trap|both> emailstring <Regex String> emailsubj <Email Subject> emailthreshold <Byte Threshold> emailto <Email Address>...
Page 237: Network Commands
14: Command Reference show locallog Syntax show locallog <Device Port # or Name> [bytes <Bytes To Display>] Description Displays a specific number of bytes of data for a device port. 1K is the default. set locallog clear Syntax set locallog clear <Device Port # or Name> Description Clears the local log for a device port.
Page 238 14: Command Reference alternate <IP Address> pingip <IP Address> ethport <1 or 2> pingdelay <1-250 seconds> failedpings <1-250> Description Sets default and alternate gateways. The alternate gateway is used if an IP address usually accessible through the default gateway fails to return one or more pings. set network host Syntax set network host <Hostname>...
Page 239: Nfs And Smb/Cifs Commands
14: Command Reference Description Displays the network host name of the SLC. show network port Syntax show network port <1|2> Description Displays Ethernet port settings and counters. show network all Syntax show network all Description Displays all network settings. NFS and SMB/CIFS Commands set nfs mount Syntax set nfs mount <one or more parameters>...
Page 240: Pc Card Commands
14: Command Reference Parameters eth1 <enable|disable> eth2 <enable|disable> state <enable|disable> workgroup <Windows workgroup> Description Configures the SMB/CIFS share, which contains the system and device port logs. Note: The admin config command saves SLC configurations on the SMB/CIFS share. set cifs password Syntax set cifs password Description...
Page 241 14: Command Reference pccard storage delete Syntax pccard storage delete <upper|lower> file <Current Filename> Description Removes a file on a Compact Flash card. pccard storage dir Syntax pccard storage dir <upper|lower> Description Views a directory listing of a Compact Flash card. pccard storage format Syntax pccard storage format <upper|lower>...
Page 242: Pc Card Modem Commands
14: Command Reference PC Card Modem Commands pccard modem Syntax pccard modem <upper|lower> <parameters> Parameters auth <pap|chap> baud <300-115200> 9600 is the default. calleridcmd <Modem Command String> calleridlogging <enable| disable> chaphost <CHAP Host or User Password> chapsecret <CHAP Secret or User Password> databits <7|8>...
Page 243: Routing Commands
14: Command Reference service <none|telnet|ssh|tcp> sshauth <enable|disable> sshport <TCP Port> stopbits <1|2> tcpauth <enable|disable> tcpport <TCP Port> telnetauth <enable|disable> telnetport <TCP Port> timeoutlogins <disable|1-30> Description Configures a currently loaded PC Card. Routing Commands set routing Syntax set routing [parameters] Parameters rip <enable|disable>...
Page 244 14: Command Reference auditlog <enable|disable> auditsize <Size in Kbytes> Limit is 1-500 Kbytes authlog <off|error|warning|info|debug> clicommands <enable|disable> contact <Admin contact info> devlog <off|error|warning|info|debug> diaglog <off|error|warning|info|debug> genlog <off|error|warning|info|debug> includesyslog <enable|disable> location <Physical Location> netlog <off|error|warning|info|debug> nms <IP Address or Name> phonehome <enable|disable> phoneip <IP Address>...
Page 245: Slc Network Commands
14: Command Reference v3auth <md5|sha> v3encrypt <des|aes> webssh <enable|disable webtelnet <enable|disable> Description Configures services (system logging, SSH and Telnet access, SSH and Telnet timeout, SNMP agent, email (SMTP) server, and audit log): show services Syntax show services Description Displays current services. SLC Network Commands set slcnetwork Syntax...
Page 246: Ssh Key Commands
14: Command Reference SSH Key Commands set sshkey allexport Syntax set sshkey allexport <ftp|scp|copypaste> [pubfile <Public Key File>] [host <IP Address or Name>] [login <User Login>] [path <Path to Copy Keys>] Parameter Exports the public keys of all previously created SSH keys. set sshkey delete Syntax set sshkey delete <one or more parameters>...
Page 247 14: Command Reference [keyuser <SSH Key User>] [path <Path to Public Key File>] file <Public Key File> host <IP Address or Name> login <User Login> Description Imports an SSH key. set sshkey server import Syntax set sshkey server import type <rsa1|rsa|dsa> via <sftp|scp> pubfile <Public Key File>...
Page 248: Status Commands
14: Command Reference [viewkey <enable|disable>] Description Displays all keys that have been imported or keys for a specific user, IP address, or name. show sshkey server Syntax show sshkey server [type <all|rsa1|rsa|dsa>] Description Displays host keys (public key only). Status Commands show connections Syntax show connections [email <Email Address>]...
Page 249: System Log Commands
14: Command Reference Description Displays device port modes and states for one or more ports. Optionally emails the displayed information. show sysconfig Syntax show sysconfig [display <basic|auth|devices>] [email <Email Address] Description Displays a snapshot of all configurable parameters. Optionally emails the displayed information. show sysstatus Syntax show sysstatus [email <Email Address>]...
Page 250: A: Bootloader
Accessing the Bootloader To access the bootloader CLI: 1. Power up the SLC. 2. Type x15 within 10 seconds of power up. The bootloader halts the boot procedure and displays a Lantronix command prompt. Bootloader Commands User Commands help Lists and prints the command list and online help.
Page 251: Administrator Commands
A: Bootloader mtest Performs a simple test of the RAM. showconf Displays hardware configuration. su cust|admin Switches to another user: from cust (customer) to adm (administrator) and vice versa. version Prints the bootloader version. whoami Displays information about the current user. Administrator Commands In addition to the commands that the user can issue, the administrator can issue the following commands:...
Page 252: B: Security Considerations
The SLC provides data path security by means of SSH or Web/SSL. Even with the use of SSH/SSL, however, do not assume you have complete security. Securing the data path is only one measure needed to ensure security. This appendix briefly discusses some important security considerations.
Page 253: C: Safety Information
Opening or removing the cover may expose you to dangerous voltage that could cause fire or electric shock. Refer all servicing to Lantronix. Power Plug When disconnecting the power cable from the socket, pull on the plug, not the cord.
Page 254 C: Safety Information − Install only in restricted access areas (dedicated equipment rooms, equipment closets or the like) in accordance with Articles 110-16, 110-17, and 110-18 of the National Electrical Code, ANSI/NFPA 70. − Route and secure input wiring to terminal block in such a manner that it is protected from damage and stress.
Page 255: D: Adapters And Pinouts
Category 5 fully pinned network cables for all connections when used with Lantronix adapters. The cables are available in various lengths. In most cases, you will need an adapter for your serial devices. Lantronix offers a variety of RJ45-to-serial connector adapters for many devices. These adapters convert the RJ45...
Page 256 C: Adapters and Pinouts RJ45 Receptacle to DB25M DCE Adapter for the SLC (PN 200.2066A) Pin 1 DB25 Male RJ45 RTS 1 DTR 2 Tx 3 Gnd 4 Gnd 5 Rx 6 DSR 7 CTS 8 Use PN 200.2066A adapter with a dumb terminal or with many SUN applications. SecureLinx SLC User Guide...
Page 257 C: Adapters and Pinouts RJ45 Receptacle to DB25F DCE Adapter for the SLC (PN 200.2067A) Pin 1 DB25 Female RJ45 RTS 1 DTR 2 Tx 3 Gnd 5 Rx 6 DSR 7 CTS 8 SecureLinx SLC User Guide...
Page 258 C: Adapters and Pinouts RJ45 Receptacle to DB9M DCE Adapter for the SLC (PN 200.2069A) Pin 1 DB9 Male RJ45 RTS 1 DTR 2 Tx 3 Gnd 4 Gnd 5 Rx 6 DSR 7 CTS 8 SecureLinx SLC User Guide...
Page 259 C: Adapters and Pinouts RJ45 Receptacle to DB9F DCE Adapter for the SLC (PN 200.2070A) Pin 1 DB9 Female RJ45 RTS 1 DTR 2 Tx 3 Gnd 4 Gnd 5 Rx 6 DSR 7 CTS 8 Use PN 200.2070A adapter with a PC's serial port. SecureLinx SLC User Guide...
Page 260 C: Adapters and Pinouts RJ45 to RJ45 Adapter for Netra/Sun/Cisco and SLP (PNs 200.2225 and ADP010104-01) Note: The cable ends of the ADP010104-01 are an RJ45 socket on one end and a RJ45 plug on the other instead of RJ45 sockets on both ends. RTS 1 DTR 2 Tx 3...
Page 261: E: Protocol Glossary
BOOTP (Bootstrap Protocol) Similar to DHCP, but for smaller networks. Automatically assigns the IP address for a specific duration of time. CHAP (Challenge Handshake Authentication Protocol) A secure protocol for connecting to a system; it is more secure than the PAP. DHCP (Dynamic Host Configuration Protocol) Internet protocol for automating the configuration of computers that use TCP/IP.
Page 262 E: Protocol Glossary NMS (Network Management System) NMS acts as a central server, requesting and receiving SNMP-type information from any computer using SNMP. NTP (Network Time Protocol) A protocol used to synchronize time on networked computers and equipment. PAP (Password Authentication Protocol) A method of user authentication in which the username and password are transmitted over a network and compared to a table of name-password pairs.
Page 263 E: Protocol Glossary TACACS+ (Terminal Access Controller Access Control System) A method of authentication used in UNIX networks. It allows a remote access server to communicate with an authentication server to determine whether the user has access to the network. Telnet A terminal protocol that provides an easy-to-use method of creating terminal connections to a network host.
Page 264: F: Compliance Information
(according to ISO/IEC Guide 22 and EN 45014) Manufacturer’s Name & Address: Lantronix Inc., 15353 Barranca Parkway, Irvine, CA 92618 USA Declares that the following product: Product Name(s): Models SLC8, SLC16, SLC32, and SLC48 SecureLinx Console Managers Conform to the following standards or other normative documents:...
Page 265 Safety: EN 60950 Emissions: EN 55022 Class A Immunity: EN 55024 RoHS Notice: All Lantronix products in the following families are China RoHS-compliant and free of the following hazardous substances and elements: • • • Lead (Pb) Mercury (Hg) Polybrominated biphenyls (PBB) •...
Page 266: G: Warranty
-- repair or replace the product and return it to the customer freight prepaid. If the product is not under warranty, the customer may have Lantronix repair the unit on a fee basis or return it. No services are handled at the customer's site under this warranty.

This manual is also suitable for:

Securelinx slc16 Securelinx slc32 Securelinx slc48

Lantronix SecureLinx SLC8 User Manual

Quick Links

Need help?

Questions and answers

Related Manuals for Lantronix SecureLinx SLC8

Summary of Contents for Lantronix SecureLinx SLC8