Page 1 SCS Reference Manual For the Lantronix Family of Secure Console Servers Part Number 900-235 Revision D December 2003...
Page 2 Copyright 2003, Lantronix. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Printed in the United States of America.
Page 3: Table Of Contents
Contents 1: Introduction......................1-1 1.1 What Is New........................ 1-1 1.2 How To Use This Manual.................... 1-1 2: Getting Started......................2-1 2.1 Configuration Methods ....................2-1 2.1.1 EZWebCon..........................2-1 2.1.2 Web Browser Interface ......................2-1 2.1.3 Command Line ..........................2-2 2.2 Rebooting........................2-5 2.2.1 Sending a Broadcast Message ....................2-5 2.2.2 Restoring Factory Defaults......................2-5 2.2.3 Reloading Operational Software ....................2-6 2.2.4 Editing Boot Parameters ......................2-6...
Page 4 4: Basic Remote Networking ..................4-1 4.1 Remote Connection Types..................4-1 4.1.1 Remote Dial-in ..........................4-1 4.1.2 LAN to LAN ..........................4-2 4.2 Managing Connections With Sites ................4-2 4.2.1 Creating a New Site ........................4-3 4.2.2 Displaying Existing Sites ......................4-4 4.2.3 Editing Sites ..........................4-4 4.2.4 Testing Sites..........................4-5 4.2.5 Deleting Sites ..........................4-5 4.2.6 Using Sites for Incoming Connections ..................4-5...
Page 5 5.5.6 Increasing Requirements for Adding Additional Bandwidth.............5-12 5.5.7 Controlling Frequency of Calls ....................5-12 5.6 Using the SCS Without Dialup Modems ..............5-13 5.6.1 Situations Where Dialup Modems Are Not Used..............5-13 5.6.2 Configuring the Unit for Modemless Connections ..............5-14 5.7 Character Mode Sites ....................
Page 6 7.3.1 User-Initiated PPP ........................7-4 7.3.2 Automatic Detection of PPP ......................7-4 7.3.3 Dedicated PPP ..........................7-4 7.4 Multilink PPP ....................... 7-4 7.4.1 Configuring the Calling SCS......................7-4 7.4.2 Configuring the Receiving SCS....................7-6 7.5 Restoring Default PPP Settings .................. 7-7 7.6 Pocket PC PPP Support ..................... 7-7 7.7 Character Mode Sites ....................
Page 7 9.3.1 Using a Profile ...........................9-3 9.3.2 Editing a Profile .........................9-3 9.3.3 Profile Settings ..........................9-5 9.3.4 Profiles for Modems with External Switches................9-8 9.4 Modem and SCS Interaction..................9-8 9.4.1 Initialization..........................9-8 9.4.2 Outgoing Calls...........................9-8 9.4.3 Incoming Calls...........................9-9 9.4.4 When a Port is Logged Out .......................9-9 9.4.5 Compression ..........................9-9...
Page 8 11: Security........................ 11-1 11.1 Incoming Authentication..................11-1 11.1.1 Character Mode Logins ......................11-1 11.1.2 PPP Logins..........................11-3 11.1.3 SLIP Logins ........................... 11-4 11.2 Outgoing Authentication..................11-4 11.2.1 Outgoing Character Mode Connections ................11-5 11.2.2 Outgoing PPP Connections....................11-5 11.2.3 Outgoing SLIP Connections ....................11-5 11.3 Dialback ........................
Page 9 12.4.4 Define Ports Modem CallerID....................12-5 12.4.5 Define Ports Modem Carrierwait ...................12-5 12.4.6 Define Ports Modem Commandprefix ................... 12-6 12.4.7 Define Ports Modem Compression ..................12-6 12.4.8 Define Ports Modem Connected ...................12-7 12.4.9 Define Ports Modem Control ....................12-8 12.4.10 Define Ports Modem Dial ....................12-8 12.4.11 Define Ports Modem Error....................
Page 10 12.6 Port Commands ....................12-52 12.6.1 List Email ..........................12-52 12.6.2 Lock ............................. 12-52 12.6.3 Logout Port .......................... 12-53 12.6.4 Purge Port ...........................12-53 12.6.5 Purge Email ......................... 12-54 12.6.6 Resume ..........................12-54 12.6.7 Set Noprivileged ........................12-54 12.6.8 Snoop Port .......................... 12-55 12.6.9 Define Email ........................
Page 11 12.6.59 Set SLIP ..........................12-96 12.6.60 Show/Monitor/List Ports ....................12-96 12.6.61 Show RS485 ........................12-98 12.6.62 Show/Monitor Sessions .....................12-98 12.6.63 Test Port ..........................12-99 12.6.64 Unlock Port ........................12-100 12.7 Service Commands..................... 12-101 12.7.1 Clear/Purge Service ......................12-101 12.7.2 Remove Queue .........................12-101 12.7.3 Set/Define Service......................12-102 12.7.4 Set/Define Service Banner ....................12-103 12.7.5 Set/Define Service Binary ....................12-103 12.7.6 Set/Define Service EOJ.....................12-103...
Page 12 12.8.35 Show/Monitor/List Timezone ...................12-131 12.8.36 Show/Monitor Users ......................12-131 12.8.37 Source ..........................12-131 12.9 Site Commands ....................12-132 12.9.1 Define Site .........................12-132 12.9.2 Define Site Authentication ....................12-132 12.9.3 Define Site Bandwidth .......................12-134 12.9.4 Define Site Chat ........................12-136 12.9.5 Define Site Dial on Hangup ....................12-138 12.9.6 Define Site Filter ........................12-138 12.9.7 Define Site Idle ........................12-139 12.9.8 Define Site IP ........................12-140...
Page 13 12.11.5 Disk ..........................12-182 12.11.6 Finger ..........................12-186 12.11.7 Forwards .........................12-186 12.11.8 Help ..........................12-187 12.11.9 Monitor ..........................12-187 12.11.10 Netstat ...........................12-187 12.11.11 Ping ..........................12-188 12.11.12 Resolve .........................12-188 12.11.13 Save ..........................12-189 12.11.14 Show/Monitor Queue.....................12-190 12.11.15 Show Version ........................12-191 12.11.16 Zero Counters .......................12-192 A: Environment Strings....................A-1 A.1 Usage .........................A-1 A.1.1 Multiple Strings ....................A-1 A.2 Available Strings......................A-1...
Page 15: 1: Introduction
This reference manual provides instructions for advanced configuration as well as the complete command set for all products in the SCS family. Many of these features can also be setup using EZWebCon and the web browser interface, and are noted as such.
Page 16 Chapter 12. Appendix B, Show 802.11 Errors, defines the error bits that appear in the Show 80211 screen. Appendix C, covers the SNMP features supported by the SCS. Appendix D, Supported RADIUS Attributes, lists and explains the RADIUS attributes currently...
Page 17: 2: Getting Started
Figure 2-1: The EZWebCon Utility EZWebCon is included on the CD-ROM that is shipped with each SCS unit. Instructions are listed in the Read Me file, also located on the CD-ROM. For assistance once EZWebCon is running, refer to the EZWebCon online help.
Page 18: Command Line
The default serial port parameters are 9600 baud, 8 data bits, 1 stop bit, no Note: parity, and XON/XOFF flow control. Establish a Telnet, SSH, or Rlogin connection to the SCS from a TCP/IP host. See Establishing Sessions on page 6-8 for more information. In EZWebCon, select Telnet To Device from the Actions menu.
Page 19: Entering Commands
To use command completion, type part of a command, then press the space bar. The SCS will automatically “type” the remainder of the command. If the partially-entered command is ambiguous (or if you are entering an optional string), the SCS will be unable to finish the command and the terminal will beep.
Page 20: Restricted Commands
See Privileged Password on page 2-8 for instructions on entering and editing the privileged password. By default, the SCS prompt changes from Local> to Local>> to reflect privileged user status. 2.1.3.4 Abbreviating Commands When configuring the Server via the command line, you only need to enter as many characters as are needed to distinguish the keywords from one another.
Page 21: Rebooting
At the Local> prompt, issue the Initialize Server command. Cycle power to the unit. When the SCS is rebooted, any changes made using Set commands will be lost. To ensure that the changes will be saved, use Define commands, or use the Save command after the Set command.
Page 22: Reloading Operational Software
For instructions on reloading Flash ROM, refer to your Installation Guide. 2.2.4 Editing Boot Parameters If the information that the SCS uses at boot time changes, you will need to change the SCS boot parameters. Boot parameters include the following: Loadhost (TCP/IP).
Page 23: System Passwords
The following sections discuss each password in more detail. 2.3.1 Login Password When you open the web browser interface for an SCS, you are prompted for the login username and password. To control this setting, use the Server Login Password Required checkbox on the Server page.
Page 24: Privileged Password
When you click on a link in the left navigation column of the SCS web browser interface, you are prompted for the privileged username and password. Once you enter the password, you can access all of the configuration pages.
Page 25: Basic Configuration
2.4.1 Changing the Server Name Each SCS is initially configured with a server name in the form of SCS_xxxxxx, where xxxxxx represents the last three segments of its hardware address. However, you can give the Server a custom name of up to 16 alphanumeric characters using the following command.
Page 26: Changing The Login Prompts
Changing the Login Prompts When a user logs into the SCS, he is prompted for a username, and sometimes a login password. By default, the prompts are Username> and Password>. The prompts can be changed to be more like UNIX prompts (login: and Password:) with the following command.
Page 27: Configuration
Sunday in October. The time change will occur at 2:00. 2.4.4.3 Designating a Timeserver The SCS regularly verifies and updates its setting with the designated timeserver. A timeserver is a host which provides time of day information for nodes on a network. The SCS can communicate with either Daytime or Network Timeserver Protocol (NTP) servers.
Page 28 Error message. Any time you enable or disable 802.11 networking, you must reboot the SCS before the change takes effect. Any other changes you request with the Set/Define 80211 commands will not take place until you have entered the Set 80211 Reset command.
Page 29 The SCS has 802.11 networking enabled by default. This allows the SCS to check for a compatible wireless networking card at startup. If a compatible card is present, the SCS will use the wireless network and ignore any wired Ethernet settings. If no compatible PC card is present, the SCS will use the 10/100BASE-T Ethernet interface.
Page 30: Mac Address
A MAC address is a unique identifier that distinguishes different devices on the 802.11 network. It is the same as the unit’s hardware address. The SCS can be configured to use either the PC card’s MAC address or its own internal MAC address (the default) with the Set/Define 80211 MAC Address command. For seamless operation when switching between wired and wireless networking, use the SCS’s MAC address.
Page 31 Your SCS needs to know which channel it should use for communications—the channel will be the same as the one being used by the local AP. The default setting, Any, causes the SCS to use the same channel used by the strongest AP with the same ESSID.
Page 32: Configuration Files
The configuration file must not contain any initialization commands (such as Initialize Server). Because the file is read when the SCS boots, a “reboot” command in the file would cause the SCS to boot perpetually. You would then have to flush the NVR to correct the error.
Page 33: Using A Configuration File
To change this setting, use the Set/Define Server Startupfile Retry command. Figure 2-33: Setting Number of Download Attempts Local>> DEFINE SERVER STARTUPFILE "TROUT\SYS:\LOGIN\config.sys" RETRY 10 If Retry is set to zero, the SCS can no longer be used; it will wait indefinitely for the configuration file to download. 2-17...
Page 34: Disk Management
PC cards for portable storage of local files. In some instances, you may need to edit a file on another machine and then FTP it to the SCS. Use your FTP client software to form a connection to the SCS (using the SCS’s resolvable name or IP address). You can then transfer files to (put) and from (get) the /flash, /pccard, and /ram disks.
Page 35 Getting Started Disk Management The Disk commands described above and on page 12-182 can also be used for file management on the flash card. For example, to back up a Flash disk file (data.txt) to an ATA card, use the following commands to create a backups folder on the card and to copy the desired file into that folder: Figure 2-36: Backing Up Files To a Flash Card Local>>...
Page 36: 3: Console Server Features
Most of these features are discussed in more detail in the IP, Ports, and Security chapters. 3.1 Overview of Console Servers The SCS can be connected to the serial console ports of a variety of devices. You can then manage these devices remotely either over an IP network or through a dial-up modem connection.
Page 37: Event Port Logging
3.2 Event Port Logging Port logging saves all idle data from an SCS serial port in a log file. This log file can be accessed by a system administrator after a system crash, and can provide valuable information about the cause of and solution for any problems with the attached serial device.
Page 38: Email Alerts For Serial Events
10 minutes. The email sent by the SCS also includes a URL that refers to the serial log file directly, so you can open it in an email client or web browser. You will need to enter the system login password to access the file.
Page 39: Configuring Menu Mode
It is a good idea to add a command to the menu that allows the user to log out of the server. The Exit command only works in menu mode. It allows users to return to the Local> prompt on the SCS on which the menu was configured.
Page 40: Menu Configuration Files
Follow the steps below to create a menu configuration file: Start a new text file on a host other than the SCS. Once the file is complete, you will FTP it to the SCS’s /flash disk. The /flash disk and the Disk commands are discussed in detail on page 2-18.
Page 41 Set/Define Menu on page 12-112. Once the file is set and stored on the /flash disk, a user logging into the SCS will be presented with the appropriate menu. The menu configured above, for one of the defined users (sandy, dave bob, kathy,...
Page 42: Nested Menus
Console Server Features Configuring Menu Mode 3.4.3 Nested Menus Nested menus are file-based menus that allow you to nest submenus within a menu file. Submenus have to appear in the file before the menu that references them. To use submenus, specify SUBMENU instead of MENU for the start of a new menu block. Then from a different menu, include an action of GOTOMENU to jump to the submenu.
Page 43: Login Banner
3.6.1 In-Band Management The SCS provides TCP/IP socket connections to its serial ports. A TCP session to port 30xx, where xx is the serial port number, will form a raw TCP/IP connection to that serial port. A connection to port 20xx provides Telnet IAC interpretation.
Page 44: Out Of Band Management
To ensure that you can manage attached equipment even if there are network problems, the SCS provides an out-of-band management feature. If you have a modem connected to one of the SCS serial ports, you can access and manage the SCS via a dial-in modem connection.
Page 45: Serial Breaks
Console Server Features Managing the Attached Devices 3.6.4.1 Serial Breaks Break conditions originating from serial connections are controlled on a per port basis. Break conditions originating from incoming Telnet and SSH connections are based on the settings for port 0, the network (template) port.
Page 46 Console Server Features Managing the Attached Devices The table below shows some examples to help you understand how the SCS handles breaks. Table 3-1: Examples of Alternate Break Sequences Then The serial port has The AltBreak sequence returns Break = Local the user to a local (SCS) command prompt.
Page 47 0 The user forms a Telnet connection from a Port 7 has Break = A serial break condition is host to port 7 on the SCS using socket 2007 Remote generated on the port. Port 7 has Break= Nothing happens.
Page 48 Then The user forms a TCP connection from a Port 7 has Break = A serial break condition is host to port 7 on the SCS using socket 3007 Remote generated on the port. Port 7 is set to Nothing happens.
Page 49: Serial Port Configurations
None prevents all incoming and outgoing connections, rendering the port unusable. When using the SCS as a console server, you will want to set most ports to Remote access so any serial data from the attached device will not accidentally cause the SCS to create a local connection and make that port unavailable.
Page 50: 4: Basic Remote Networking
(LANs) to connect to each other. This chapter describes how to initialize, maintain, and disconnect individual remote user dial-ins and LAN to LAN remote connections. After completing this chapter, you should be able to configure the SCS to support the following types of connections:...
Page 51: Lan To Lan
Basic Remote Networking Managing Connections With Sites The SCS cannot initiate connections to remote nodes. Remote nodes must call the SCS when they wish to communicate with the network. 4.1.2 LAN to LAN In LAN to LAN connections, the SCS provides a link between two networks. The SCS will communicate with a remote router, which may be another access server, a UNIX machine capable of PPP routing, or another SCS.
Page 52: Creating A New Site
Basic Remote Networking Managing Connections With Sites To manage a connection once it is in place. For example, it may be desirable to control the amount of bandwidth used for a connection. To enable a system administrator to monitor a single connection. For example, a system administrator may wish to restrict remote node users to a particular range of IP addresses.
Page 53: Displaying Existing Sites
Basic Remote Networking Managing Connections With Sites Table 4-1: Default Site Configuration Characteristic Configuration in Default Site Remote host’s IP configuration Undefined IP compression slots Maximum packet size (MTU): PPP 1522 Ports defined None Enabled SLIP Disabled Telephone number of remote site None defined Outgoing packet filter None defined...
Page 54: Testing Sites
In the event that there is a problem with the site, or if the Test Site command does not work, use the SCS site logging feature to troubleshoot the problem. See Set/Define Logging Site on page 12-172 and Show/ Monitor/List Logging Site on page 12-179 for more information.
Page 55: Using Sites For Outgoing Connections
Dallas, the site used for the connection might be named dallas. This site could also be used for incoming calls; if the router in Dallas needed to call the first SCS, it could use dallas to make the connection.
Page 56: Ip Address Negotiation
By default, sites use “unnumbered” interfaces for IP. The IP address of the Ethernet connected to the SCS will be used as the IP address on all SCS serial ports. This reduces the amount of configuration and eliminates the need to allocate a separate IP network for each port.
Page 57: Ip Routing
LAN to LAN connections. The first time that the SCS needs to send a packet destined for a network on a remote LAN, the site will be activated and the SCS will attempt to call the remote router.
Page 58: Routes For Incoming Lan To Lan
If the SCS is a stub router (or you’re using the SCS to connect to the Internet), default routes can be used to reduce configuration time. A stub router connects a LAN without any routers to a larger LAN. For example, in a remote office with no other outside connections, an SCS that connects to exactly one other (larger) location is a stub router.
Page 59: Configuring Rip For Sites
Local>> DEFINE SITE irvine IP RIP DISABLED If you want the SCS to either listen for or send RIP packets, but not both, you can selectively disable one or the other. The following example turns off listening for RIP packets.
Page 60: Incoming Connections
This section describes how the SCS deals with incoming connections. When a remote device or network tries to connect, the SCS forms a serial connection using its asynchronous serial lines. A protocol is then run on this serial connection to allow network packets to be sent.
Page 61 4.5.1.2 Starting PPP or SLIP Using Automatic Protocol Detection You can configure an SCS port to automatically detect a PPP or SLIP packet and, if PPP or SLIP is enabled on the port, run the appropriate protocol when the packet is received. This eliminates the need for callers to explicitly start PPP or SLIP.
Page 62: Incoming Connection Sequence
4.5.1.3 Starting PPP or SLIP on a Dedicated Port You can dedicate an SCS serial port so it automatically runs PPP or SLIP when that port is started. No other protocol can be run on the port; it will continue to run PPP or SLIP until the port is logged out. Whenever the port receives a character, it starts up a temporary copy of the default site using the appropriate link layer.
Page 63: Configuring Incoming Connections
If a match is not found, the connection attempt fails. 4.5.2.2 Ports Not Using Automatic Protocol Detection If an incoming call is received on an SCS port that’s not configured to automatically run PPP or SLIP, the following login sequence occurs.
Page 64 Basic Remote Networking Incoming Connections To properly configure the serial ports, decide whether PPP or SLIP will be used, whether the ports will be dedicated to PPP or SLIP, whether autodetection of PPP or SLIP will be used, and, if a modem is attached it any of the ports, how it will be configured.
Page 65: Outgoing Connections
The SCS does not support outgoing remote node connections. Note: When the SCS receives a packet, it consults its routing table to determine the best route to the packet’s destination. If the specified route points to a site, a connection to the site may be initiated. The connection will be subject to any restrictions defined for the site, such as a startup filter or time of day restrictions.
Page 66: Ports For Outgoing Connections
2 or port 3 could be used for outgoing connections. When the SCS attempts to make a connection to a site, it attempts to use one of the specified ports. If the port is busy (in use with another connection), it attempts a connection using another specified port.
Page 67: Configuring Outgoing Connections
Chat Scripts on page 5-3 for more information. 4.6.4 Configuring Outgoing Connections To configure the SCS for outgoing connections, complete the steps in the following sections. 4.6.4.1 Configure Ports All ports that will support outgoing connections must be configured for dynamic connections. Use the following command.
Page 68 PAP will be used. The remote router requires a login password In this case, the SCS will need to use a chat script to communicate the password to the remote router. See Chapter 5, Additional Remote Networking, for instructions.
Page 69: Monitoring Networking Activity
Basic Remote Networking Monitoring Networking Activity The instructions in this section will not be necessary. Continue to Configure Routing on page 4-20. Before configuring authentication, ensure that you have the username and password required to log into the remote router. In addition, determine whether the remote router will use PAP or CHAP to transmit the username and password.
Page 70: Examples
Traffic is being forwarded to the remote site. 4.8 Examples 4.8.1 LAN to LAN—Calling One Direction Only An SCS in a remote office in Dallas must call an SCS at the company headquarters in Seattle. This LAN to LAN connection must meet the following criteria: 4-21...
Page 71: Lan To Lan-Bidirectional (Symmetric) Calling
Local>> INITIALIZE SERVER DELAY 0 4.8.2 LAN to LAN—Bidirectional (Symmetric) Calling An SCS in a remote office in Dallas must be able to call an SCS at the company headquarters in Seattle. This LAN to LAN connection must meet the following criteria:...
Page 72 After 60 seconds of idle time, the connection between Dallas and Seattle should be timed out. The SCS in Seattle expects the username dallas and the password xyz. The SCS in Dallas expects the username seattle and the password abc.
Page 73: Remote Dial-In User Example
4.8.3.1 Configure the Ports & Modems First, you need to configure ports 2 and 3. When the connection is initiated by the remote caller, the SCS will detect when a PPP packet is received and automatically run PPP. To provide a layer of security, PPP authentication (CHAP and PAP) will be enabled on the ports, requiring the remote user to authenticate itself before a true connection is established.
Page 74 4.8.3.3 Configure the Default Site Once the connection is authenticated, the SCS will start with a temporary copy of the default site. For this example, you need to configure a range of IP addresses for default site users that corresponds to the IP addresses defined for the IP address pool.
Page 75: 5: Additional Remote Networking
When the user is successfully authenticated, these associated commands will be executed. Figure 5-1: Restricting a User to a Particular Site Local>> DEFINE AUTHENTICATION USER “bob” COMMAND “set ppp dialin_users” In the example above, when user bob logs into the SCS, he will automatically run site dialin_users.
Page 76: Filter Lists
When a site with an associated filter list receives a packet, the SCS compares the packet against each filter starting with the first filter on the list. If the packet matches any of the filters, the packet is forwarded or discarded according to the filter’s specification.
Page 77: Chat Scripts
For example, the SCS might log into a remote site that has a login program. Using a chat script defined for the site, the SCS could send carriage returns until the login prompt is returned, send a username, wait for the password prompt, and send a password.
Page 78: Configuring Timeouts
Local>> DEFINE SITE irvine CHAT TIMEOUT 4 SEND "hello?" The first command in Figure 5-6 will cause the SCS to wait two seconds for a response from the remote host after sending an Expect command. If no response is received after two seconds, the chat script will fail or return to the previous fail marker.
Page 79: How Bandwidth Is Controlled
To avoid congestion, the SCS enables you to customize a site’s use of bandwidth. As it is needed, additional bandwidth will be added. The SCS will assign more ports to the site until it has enough bandwidth or reaches a certain threshold. When it is no longer needed, the extra bandwidth will be removed.
Page 80: Configuring Bandwidth Allocated To Sites
If the modems attached to a series of SCS ports are going to be calling similar remote modems, these ports should be set to the same bandwidth estimates. In addition, if several ports have compression enabled, you should assume that the compression rate on each port will be the same (for example, a 2:1 compression rate).
Page 81 5.3.3.3 Specify the Bandwidth Measurement Period A period must be specified (in seconds) during which the SCS will measure a site’s use of bandwidth. The measurement taken during this period will be compared to the Add and Remove values (see below) to determine if bandwidth should be added or removed.
Page 82: Displaying Current Bandwidth Settings
Bytes/Second Size Total: Size Total: To display how the SCS is currently managing a particular site’s use of bandwidth, use the Show Site Bandwidth command. 5.3.5 Restoring Default Bandwidth Settings To return a site’s bandwidth parameters to their default values, use the following command: Figure 5-14: Restoring Default Bandwidth Values Local>>...
Page 83: Compressing Data And Correcting Errors
In situations where the delay is undesirable (for example, during interactive use over a long distance line), compression and error correction should not be used. These options are enabled by default on the SCS; to disable them, use the following commands: Figure 5-16: Disabling Error Correction and Compression Local>>...
Page 84: Reducing Cost
5.5.1 Inactivity Logouts The SCS can be configured to log out a particular site after a certain period of inactivity (referred to as idle time). To configure an inactivity timeout, the site must be allocated a maximum idle time in seconds using the Define Site Idle command.
Page 85: Restricting Connections To Particular Times
Controlling Access During Weekend Hours on page 5-16. 5.5.5.3 Getting Timesetting Information In order to restrict packet traffic during the specified times, the SCS must get accurate time information from one of two sources: an IP timeserver or from the SCS’ internal clock.
Page 86: Increasing Requirements For Adding Additional Bandwidth
If the last connection attempt succeeded and the success timer is set to a high value (for example, 20 minutes), the SCS will wait for a longer period of time before attempting a new connection. If the SCS was not able to connect for some reason, setting the failure timer to a low value (for example, 5 seconds) will cause the SCS to retry the connection at short intervals until it succeeds.
Page 87: Using The Scs Without Dialup Modems
Two locations may have statistical multiplexors (commonly called stat-muxes) in place. These stat-muxes may be used to connect to SCS units. A series of commands may have to be sent to the stat-mux to connect to the remote SCS; chat scripts make sending these commands easy and relatively error-free.
Page 88: Configuring The Unit For Modemless Connections
The port is configured to support incoming and outgoing connections. Modem control is disabled In the following examples (both SLIP and PPP), the SCS has an IP address of 192.0.1.1, and must connect to another router with IP address 192.99.99.99.
Page 89: Character Mode Sites
5.7 Character Mode Sites The SCS allows you to create a character mode site. A character mode site is treated as a normal site that does not run a serial protocol. The site still allows modems to be dialed and can execute a chat script, but once the site is up, it will not run PPP.
Page 90: Examples
In this example, a network policy prevents all IP traffic, permitting only ICMP ping packets and email. Telnet connections are permitted to only one secure host (192.0.1.4) on the local network. The SCS is calling site memphis. First, create a filter list for IP traffic. This list is called mem.
Page 91 Additional Remote Networking Examples The following example restricts access during the weekend hours between 5:00 p.m. on Friday and 6:00 a.m. on Monday. Two commands are used to configure the necessary blocks of time: one that spans Friday evening to Saturday just before midnight, and one that spans midnight on Sunday to Monday morning. Figure 5-28: Disabling Connections During the Weekend Local>>...
Page 92: 6: Ip
0 to 254; for example, 192.0.1.99. You must assign the SCS a unique IP address. This IP address will also be used for each individual serial port on the SCS.
Page 93: Ip Addresses For Incoming Connections
6.1.1 IP Addresses for Incoming Connections When the SCS receives an incoming connection request (remote node or LAN to LAN), an IP address is negotiated for the caller. The address agreed upon depends on the caller’s requirements; some don’t have a specific address requirement, while others must use the same IP address each time they log into the SCS.
Page 94 ARP on page 6-22), the SCS will respond to ARP requests for these addresses, even when they aren’t currently assigned. This enables the SCS to defend the addresses in the pool; other hosts will not be able to use them.
Page 95: Ip Addresses For Outgoing Connections
If the addresses do not match, the SCS terminates the call. 6.1.2 IP Addresses For Outgoing Connections By default, when a new site is defined, the SCS IP address on that interface will be the IP address assigned with the Define Site IP Address command.
Page 96: Subnet Masks
6.1.2.2 Dialing Out to an ISP An SCS site can be configured to dial out to an ISP that uses PPP, such as Earthlink. Most ISPs will want to assign a nameserver and an IP address to the SCS. To accept this assignment, set the SCS IP address assignment to dynamic and set its nameserver to 0.0.0.0.
Page 97: Length Of Subnet Masks
255.255.255.0 The SCS will not change the subnet mask once it is set. If the SCS IP address is changed to a different class, for example, from a class B to a class C address, the subnet mask will remain a class B address.
Page 98: Configuring The Domain Name Service (Dns)
In the example above, the default domain name is ctcorp.com. If user Bob typed telnet athena, the SCS would automatically append the domain suffix and attempt to resolve athena.ctcorp.com. If a hostname is entered that ends with a period (“.”), the SCS will not add the domain suffix to the hostname for resolution.
Page 99: Header Compression
6.5 Establishing Sessions When you log into an SCS port to connect to a network service, your connection is referred to as a session. A network service may be an interactive login to a TCP/IP host, a connection to a modem on the SCS, another server, etc.
Page 100: Telnet And Rlogin Sessions
Establishing Sessions 6.5.1 Telnet and Rlogin Sessions Telnet is an industry-standard protocol that enables users anywhere on a network to access a remote host and start a terminal session. Telnet connections do not require that either end of the connection know the hardware/software used on the other end;...
Page 101: Ssh Sessions
Local>> DEFINE SERVER RLOGIN DISABLED Another way to secure your network is to ensure that the SCS is not a trusted host on any UNIX hosts on the network. This solution is not foolproof, however, as a user could still add the SCS to a UNIX host’s .rhost file.
Page 102 When you power on the SCS for the first time, the SCS generates two permanent host key pairs. These keys will be used to identify the server and will only be replaced if the file storing the key is deleted and the SCS is rebooted.
Page 103 If the private keys match, the user’s identity is confirmed and an SSH connection forms. If RSA or DSA user authentication fails, the SCS prompts for a username and password (or just a password, if the SSH client forwarded the username). The user’s name and password are then checked against the Radius, Secure ID, or local user databases, in order of their precedence settings.
Page 104 Create a file including the complete text of your identity.pub file, plus the public keys of any other users you want to authenticate for connections to the SCS. Save it in the SCS’s /flash/ssh/ directory as follows: FTP to the IP address of the SCS.
Page 105 6.5.2.7 Username/Password Authentication (SSHv1 or SSHv2) If RSA or DSA authentication fails, the SCS prompts the user for a password (or just a password, if the SSH client forwarded the username). The user’s name and password are then checked against the internal user database, Radius, or Secure ID, in order of their precedence settings (if configured).
Page 106 % ssh (username)@(hostname or IP) If your RSA or DSA key is passphrase protected, enter your password. If you are not using an RSA or DSA key, specify the username and password that the SCS will use to authenticate you.
Page 107 IP address. The first time you SSH to a remote host from the SCS, the SCS notes that the host is not recognized, but permits the connection. If you are not the privileged user, you will be allowed to use the host’s key for the current session, but the key will not be permanently saved in the list of known hosts.
Page 108: Restricting Connections To Ssh
6.5.4 Disabling HTTP and FTP You can make the SCS into a highly secure host by turning off the FTP and HTTP services. For information on disabling HTTP and FTP, see Disabling the FTP and HTTP Servers on page 11-23.
Page 109: Configuring The Security Table
IP Security 6.6.1 Configuring the Security Table The IP security table provides rules for checking a TCP/IP connection for legality. To configure the IP security table, use the Set/Define IP Security command. To add an entry to the table, specify a valid IP address, a list of affected ports, and what type of restriction is desired.
Page 110: Ip Routing
Routers are typically connected to two or more networks. The SCS serves as a router for the networks that it is directly connected to. To determine the path to other routers on the network, the SCS will listen to network broadcast packets (for example, RIP packets); routers will advertise themselves in these packets.
Page 111 12-140. An SCS in a small sales office might have a default route that points to the corporate headquarters. The SCS doesn’t need to know about all of the routes on the headquarters network. It only knows to send all otherwise unspecified traffic to the central location, where it will be routed to the final destination.
Page 112 If a metric is not specified, the SCS will assign a metric of 1 to the route.
Page 113: Using Rip
RIP messages. The SCS can be configured to listen only to RIP updates from a list of trusted IP addresses. See Set/Define IP Trusted on page 12-47 for details. This is not entirely foolproof however, as a sophisticated attacker could still send RIP updates as one of the trusted addresses and potentially defeat the system.
Page 114: Routing And Subnetworks
Note: 6.7.6 Routing and Subnetworks When dividing a network into subnetworks, ensure that subnetworks are contiguous. The SCS uses RIP to learn routing information; if subnetworks are not contiguous, RIP cannot correctly inform the SCS of the route to a particular network.
Page 115 Last Packet Out: 0:00 Last Routed Packet In:0:00 Last Round Packet: 0:00 The Show IP Route command displays the routes currently in the SCS routing table. Figure 6-53: Show IP Route Output Local>> SHOW IP ROUTE SCS Version B1.1/102int(951128) Name:...
Page 116: Examples
SCS ports have been configured to accept incoming calls, therefore, only five IP addresses must be included in the pool. Bob will use site bob when he logs into the SCS. At authentication time, he will be prompted for the site’s local password, badger. He will be assigned IP address 192.0.1.108.
Page 117: General Ip Setup
All IP packets to unknown networks must be forwarded to Internet gateway router 192.0.1.110. A default route to this router must be configured on the SCS, and the route must be included in RIP updates to other routers. The route must have a metric of 2.
Page 118: 7: Ppp
Both sides of a connection negotiate the size of the packets each can receive. Packet size is also known as Maximum Receive Unit (MRU). The MRU need not be the same in each direction. The SCS MRU is 1522 bytes.
Page 119: Ppp Authentication
If the unit is authenticating to an unauthorized peer, the password could be compromised. 7.1.4.1 Configuring CHAP and PAP The SCS may be configured for PPP authentication in one of three ways: Remote hosts must authenticate themselves The SCS authenticates itself to remote hosts Remote hosts and the SCS authenticate each other PAP and CHAP may be enabled on each port and each site.
Page 120: Cbcp
The passwords will not be automatically transmitted, but the site will let the user know that it is willing to do so if required. If the user requires the SCS to authenticate itself, the SCS will transmit the remote password over the link, thereby give the user a password to access the server.
Page 121: User-Initiated Ppp
Two Servers are needed for multilink PPP connections, one to initiate the call and one to receive it. All multilink packets for a given connection must originate from the SCS that brought up the link and be received by another single SCS. The following sections explain how to configure a calling SCS and a receiving SCS for a one-way multilink connection.
Page 122 Specify a telephone number for each port. When the site is brought up, the SCS will attempt a connection by dialing the telephone number associated with the highest priority port (in this case, 555-1001). Figure 7-8: Configuring Port Telephone Numbers Local>>...
Page 123: Configuring The Receiving Scs
Local>> DEFINE SITE irvine AUTHENTICATION CHAP ENABLED Local>> DEFINE SITE irvine AUTHENTICATION PAP ENABLED 7.4.2 Configuring the Receiving SCS Configure the ports that will be used for the multilink connection. Enable Multilink PPP on all ports that will be used.
Page 124: Restoring Default Ppp Settings
Character Mode Sites The SCS allows you to create a character mode site. A character mode site is treated as a normal site that does not run a serial protocol. The site still allows modems to be dialed, and can have a chat script and other functions, but once the site is up, it does not run PPP.
Page 125: Troubleshooting
Such sites can only be started by network traffic or with the Test Site command. 7.8 Troubleshooting The SCS event logging feature enables you to monitor network and user activity and troubleshoot problems. Configure a destination for logging information using the Set/Define Logging command, described on page 12-172.
Page 126: 8: Ports
None prevents all incoming and outgoing connections, rendering the port unusable. If a user wants to Telnet to an SCS port and dial out using an attached modem, the port must have dynamic or remote access. If the user wants to log into a port locally and Telnet to a remote host, the port must have local or dynamic access.
Page 127: Waiting For Character Input
8.3.1 Waiting for Character Input By default, each SCS port is idle until character input is received (e.g. if a remote user presses the Return key). If automatic protocol detection is enabled (see Automatic Protocol Detection on page 8-4), and the SCS recognizes a PPP or SLIP character in a packet for an enabled protocol, the SCS automatically runs that protocol.
Page 128: Port Modes
8.4 Port Modes An SCS port can be used in one of three modes: character mode, PPP mode, or SLIP mode. The default port mode is character mode.To configure a port to run PPP or SLIP, see the corresponding sections below.
Page 129: Automatic Protocol Detection
8.5 Automatic Protocol Detection An SCS port may be configured to automatically detect a PPP or SLIP packet and, if PPP or SLIP is enabled on the port, run the appropriate protocol when the first packet is received. This eliminates the need for callers to explicitly start PPP or SLIP.
Page 130: Switching Between Sessions
The Break key is used to suspend a session. When a session is suspended or exited, the Local> prompt will be displayed. SCS commands can be entered at this prompt to configure the unit, start a new session, or display information.
Page 131 Local or Remote Break: Nothing happens, because the user is already at the Local> prompt. A user forms a TCP connection from a network host to port 7 on the SCS (for which an alternate Break character has been defined) using socket 2007, then types the alternate Break character.
Page 132: Monitoring Session Activity
Ports Port-Specific Session Configuration Note: The 30xx range of sockets is 8-bit clean. If a Break condition is detected on the serial port, nothing happens, because there is no way to propagate a Break condition across an 8-bit clean connection. Local Break: If the alternate Break character is detected in the datastream, nothing happens.
Page 133: Preferred/Dedicated Protocols & Hosts
When a port is dedicated, the local prompt cannot be accessed, therefore, commands can’t be entered to disable the Dedicated characteristic. Take caution when dedicating ports; if you’re going to dedicate all SCS ports, be sure that you have another way to log into the server (such as a Telnet login).
Page 134: Preferred/Dedicated Hosts
Figure 8-19: Sending Autostart Characters to a Dedicated Host Local>> DEFINE PORT 4 AUTOSTART SAVE 1 If you have a two-character autostart trigger, you can instruct the SCS to pass along both, one, or none of the characters as part of this command.
Page 135: Enabling Signal Check
Ports Port Restrictions Secure ports (set using the Set/Define Ports Security command) cannot be Note: locked. To unlock a port without the Lock password, a privileged user must use the Unlock Port command or log out the port using the Logout Port command. Logout will disconnect all sessions. Unlock Port is discussed on page 12-100.
Page 136: Automatic Logouts
8.8.4 Automatic Logouts When a device connected to the SCS is disconnected or powered off, the DSR signal is dropped. The SCS can be configured to automatically log out a port when this occurs to prevent users from accessing other sessions by physically swapping terminal cables and using someone else’s privileges.
Page 137: Restricting Commands
When Menu mode is enabled, the Local> prompt cannot be accessed. Be sure that you have another way to log into the SCS before enabling Menu mode on all ports. For a complete discussion of menu mode, see Configuring Menu Mode on page Note: 3-4.
Page 138: Serial Port Configuration
Ports Serial Port Configuration 8.9 Serial Port Configuration There are a number of configurations that apply specifically to serial transmission. These configurations are a port’s parity, baud rate, and bits per character. The bits per character is set using the Set/Define Ports Character Size command, described on page 12-64.
Page 139: Padding Return Characters
Ports Serial Port Configuration 8.9.4 Padding Return Characters By default, the SCS will pad Carriage Returns entered in Telnet sessions with null characters. To disable this characteristic, use the Set/Define Ports Telnet Pad command. Figure 8-34: Disabling Telnet Pad Local>> DEFINE PORT 3 TELNET PAD DISABLED 8.9.5 Setting the Device Type...
Page 140: Restoring Default Port Settings
Another option is to set a one- or two-character trigger that will cause the SCS to transmit the data. You can also specify whether the trigger characters will be sent to the host as part of the serial data or whether they should be discarded (the default).
Page 141: Two-Wire Mode
Slave In a two-wire RS-485 network, the SCS must turn its transmitter on when it is ready to send data and then off for a certain period of time after the data has been sent so that the line is available to receive again. At most baud rate settings, the timing delay is typically one character length with a maximum of 1.5 character...
Page 142: Four-Wire Mode
In four-wire mode, the SCS operates in full duplex: one pair of wires functions as the transmit pair, another pair of wires functions as the receive pair, and there is a shield/ground wire for each pair. The SCS is able to send and receive data simultaneously.
Page 143: Termination
The SCS is compatible with RS-422 networks in four-wire RS-485 mode. Connect the SCS to a single slave device using a swapped cable, as shown below, and configure the SCS as if you were going to use it for four-wire RS-485 networking.
Page 144: Software Flow Control
Flow Control For example, the SCS will assert RTS when it is ready to accept data. When it can no longer accept data (its buffers are full) it will deassert this signal. A connected modem will monitor the assertion and deassertion of this signal;...
Page 145: Serial Signals
8.12 Serial Signals Two of the modem signals (DSR and DCD) can be used to control when the SCS ports are active. By monitoring when these signals are asserted or deasserted (dropped), SCS ports can be logged out or kept from starting.
Page 146: Dsr (Data Set Ready)
8.12.1.1 DSR for Automatic Logouts An SCS port can be configured to automatically log itself out when DSR is no longer asserted; in other words, the port will log out when the modem is disconnected. This can help ensure port security; users will be prevented from unplugging terminal lines and using sessions that are still active.
Page 147: Dtr (Data Terminal Ready)
8.12.3 DTR (Data Terminal Ready) The SCS asserts DTR when it is ready to accept incoming data or connections. It also uses DTR to cycle the modem when modem control is enabled by temporarily dropping the signal. SCS ports can be configured to assert DTR only when a user logs into the port by enabling the DTRWait characteristic.
Page 148: Modem Emulation
Modem Emulation 8.14 Modem Emulation Modem mode allows the SCS to emulate a modem for performing network connections. To configure specific ports to emulate modems, use the Set/Define Ports Modem Emulation command.] When the port is in modem mode, the following modem commands are available:...
Page 149: 9: Modems
DTE devices requires the use of a null modem cable to swap the signals; for complete wiring instructions, refer to the Pinouts appendix of your User Guide. The SCS must be wired to the DCD pin on your modem. See the Pinouts appendix of your User Guide for complete wiring information.
Page 150: Modem Speeds
The modem’s serial speed, measured in bits per second (bps), is the rate at which the modem sends data to a host computer or other device (such as the SCS) over its serial port. The modem’s line speed, also measured in bits per second, is the rate at which the modem sends data through a telephone line to another modem or communications server.
Page 151: Using A Profile
New modem profiles will be added to the lists as they become available from users and our engineering staff. If your modem isn’t included in the list of profiles, contact Lantronix to see if it will be added in a later version of the software.
Page 152 Often, initialization commands are sent individually, prefaced by the modem’s Command Prefix string (commonly “at”). In order for the SCS to correctly send the information to your modem, all commands must be sent in one string. Do not include the Command Prefix string in the init string.
Page 153: Profile Settings
Modems Modem Profiles 9.3.2.3 Edit Other Settings All settings in a modem profile can be edited with the Define Ports Modem commands. For example, to configure the Dial string, use the Define Ports Modem Dial command. Figure 9-5: Configuring a String Local>>...
Page 154 Modems Modem Profiles Commandprefix string This string is placed before all commands sent to the modem except for the Attention string. In the unlikely event that your modem doesn’t use a common command prefix for all commands, this string should be left blank; include the appropriate command prefix in every string sent to the modem.
Page 155 Get Setup to “” could wear out the modem’s NVR. Init string The initialization (Init) string must be configured in a specific manner in order for your modem to work with the SCS. See Editing a Profile on page 9-3 for instructions. Nocarrier string The modem should respond with this string if the remote modem doesn’t...
Page 156: Profiles For Modems With External Switches
9.4.1 Initialization When the SCS is booted, the DTR signal will be held low so that the modem will reset and will not answer incoming calls. All SCS ports with Modem Control enabled will be checked to see if a modem is connected and powered up.
Page 157: Incoming Calls
9.4.3 Incoming Calls The SCS will detect an incoming call when a port receives the Ring string. The port will then be in a “ringing” state; outgoing calls cannot be made from this port during this period. The SCS will send the Command string followed by the Answer string forcing the modem to answer the call.
Page 158: Error Correction
Note: page 12-6. When modem compression is enabled on a port, the SCS will send a string to the modem to instruct it to enable modem compression. When compression should be disabled, a disable string may be sent. The default enable and disable strings vary, depending upon the modem profile used. To display the default strings for a particular modem profile, use the List Modem command.
Page 159: Modem Security
12-10. When error correction is enabled on a port, the SCS will send a string to the modem to instruct it to enable error correction. When error correction should be disabled, a disable string may be sent. The default enable and disable strings vary, dependent upon the modem profile used.
Page 160: Terminal Adapters
SCS is the complexity of TA setup, which varies by telephone service provider. For the most part, the SCS interacts with a TA in the same way that it interacts with a modem. However, two things must be taken into account when using a TA with the SCS: Although some TAs can autodetect certain settings, it is not always possible to auto-configure information needed for the connection, such as the caller’s own phone number.
Page 161: Examples
9.7.2 Modem Configuration Using Generic Profile In this example, a V.34 modem is attached to SCS port 2. A modem profile does not exist for this brand of modem; the generic modem profile must be used. This modem will support incoming and outgoing connections.
Page 162 To determine the maximum baud rate supported by the modem, the port speed must be set and tested. Modem handling must be disabled on the port; if it is enabled, the SCS will attempt to initialize the modem when the port is logged out.
Page 163: Editing Modem Strings
Modems Examples The generic modem profile made a series of configurations to port 2. To determine the current configuration of port 2, use the List Port or List Port Modem command. Figure 9-20: Current Port Configuration Local>> list port 2 Port 2: Username: Physical Port 2 (Idle) Char Size/Stop Bits:...
Page 164: Troubleshooting
To help diagnose any difficulty with your modem setup, it is a good idea to do the following: Install a breakout box between the modem and the SCS. Set all modem switches to the “normal” position, and remove all jumpers. When the modem and SCS are powered on, the box’s LEDs will display the state of the signals, enabling you to more easily diagnose the problem.
Page 165 SCS port match. port used. Flow control isn’t working properly. Ensure that the modem and SCS port are configured to use the same flow control method. The modem is set to the wrong baud Cycle power on the modem.
Page 166: 10: Modem Sharing
Services provide links for TCP connections to SCS serial ports. They are employed in modem sharing to establish connections to the SCS modems. 10.1.1 Creating a Service Each SCS service must have a unique name. To create a service, use the Set/Define Service command. An example is displayed below. Figure 10-1: Creating a New Service Local>>...
Page 167: Displaying Current Services
Modem Sharing Services Ports associated with a service used for modem sharing must support outgoing connections. To support outgoing connections, the port access must be set to Dynamic or Remote. Figure 10-4: Configuring a Port for Outgoing Connections Local>> DEFINE PORT 2 ACCESS DYNAMIC A port associated with a service used for modem sharing must also be configured to operate the modem attached to it.
Page 168: Sharing Modems
These methods are discussed in the following sections. 10.2.1 Configuring an IP Modem Pool Service Creating a service allows you to set up a modem pool on several SCS ports. To create an IP modem pool service, enter the Set/Define Service Ports command.
Page 169: Connecting To A Serial Port
10.2.4 Connecting to a Serial Port To connect directly to an SCS serial port, specify a port number of 30nn or 200nn. The nn represents the number of the SCS serial port; for example, port 2002 represents SCS serial port 2.
Page 170: Configuring The Redirector
10.3.1 Configuring the Redirector The following table shows how the Redirector setup utility should be configured for this example. All three SCS services (fastmodems, slowmodems, and slowestmodem) appear in the Service Selection window. Table 10-2: Redirector Configuration COM Port #...
Page 171 Modem Sharing Examples 10-6...
Page 172: 11: Security
11: Security The SCS enables you to secure your network in a number of ways. Supported security features include: Authentication of incoming connections, discussed on page 11-1. Authentication of outgoing LAN to LAN connections, discussed on page 11-4. Dialback during incoming connection attempts, discussed.
Page 173 In addition to the login password, each port may be configured to prompt users for a personal username and password. When the user enters the username/password pair, the SCS scans the authentication databases (see Database Configuration on page 11-9) for a matching pair. If a match is not found, the login will not be permitted.
Page 174: Ppp Logins
If the password entered matches the site’s local password, the site will be started. If it does not match the local password, or if the site does not have a local password defined, the SCS will check the next database (according to the order of database precedence).
Page 175: Slip Logins
PAP authentication negotiation. At that point, the remote caller can hang up in possession of the SCS passwords. The caller may be able to use the SCS remote password to log into other networks, or to call the SCS and connect as an authorized user.
Page 176: Outgoing Character Mode Connections
To configure chat scripts, see Chat Scripts on page 5-3. 11.3 Dialback When dialback is used, the SCS verifies the identity of incoming users by logging the port out and dialing the user back at a specified number. Dialback may be configured to do any combination of the following:...
Page 177: The Dialback Process
"atdt." The SCS waits the length of the Carrier Wait setting for the DCD signal to go high, indicating that the modem has reconnected successfully. Otherwise, DTR is dropped for 3 seconds and the port is reset.
Page 178: Dialback From Slip/Ppp Mode
In the example in Figure 11-15, user frank will bypass dialback. When user bob attempts to connect, the SCS will call him back at 555-1235. Any other user attempting to connect will be subject to dialback; if he or she is not in the dialback database, the attempt will fail.
Page 179: Potential Dialback Drawbacks
<username> Port Serial <portlist> command. This command currently only affects users authenticated against the local SCS database. The SCS rejects a user connection attempt to a port not on his or her port target list. The syntax of the command is Set/Define Authentication User <username> Port [Target] <portlist>.
Page 180: Database Configuration
Enabling Strictfail causes the SCS to abort the login attempt on the first failure in the authentication method list. This option is SCS-wide, not per port or per user. Unless Strict fail mode is enabled, the SCS does not examine the reasons for authentication failures. It simply notes the failure.
Page 181: Forcing Execution Of Commands
A command or series of commands may be associated with a particular username; the commands will be run when the user is successfully authenticated. For example, when user elmo logs into the SCS, he will be automatically telnetted to host 192.0.1.67 and logged out of the SCS.
Page 182: Kerberos
Passwords are always encrypted; it is not possible to obtain a user’s password by eavesdropping on a connection attempt. Kerberos is a widely-accepted standard, and is proven to be secure. The SCS may easily be added to an existing Kerberos network. A large number of users may be supported. Disadvantages include: Configuring the Kerberos database can be complicated.
Page 183: Configuring Kerberos
Kerberos server. The default setting for the SCS principle is rcmd; for the SCS instance, the default setting is scs. The authenticator is the password for the principle/instance pair. It must be defined on the SCS and the Kerberos server.
Page 184 Note: these strings in quotes to retain case. Configure the Key Version Number (KVNO). The key version number ensures that the SCS and Kerberos server are using the correct authenticator for the defined principle/instance pair. A KVNO must be configured on the SCS to match the KVNO on the Kerberos server.
Page 185: Radius
The general process of SCS user authentication using a RADIUS server is explained below. A user connects to the SCS. The SCS prompt the user for a username and password, or CHAP/PAP authentication information if CHAP or PAP is configured.
Page 186 The server may be configured to send a challenge to the user after attempting to log in. If this is the case, the SCS will print the server’s challenge and prompt the user to enter a response. The user must respond to the challenge, at which time step 3 is repeated using the response in place of the password in the Access-Request Packet.
Page 187 11.4.3.3 RADIUS and Sites When a user logs in via PPP or SLIP, the SCS looks for a site that has the same name as the user. If it finds a matching site, it starts the site and modifies it with whatever additional setup information the RADIUS server sends it in its Access-Accept packet (see Step A under).
Page 188: Securid
Accounting-Start and Accounting-Stop packets contain session IDs that are used to match them together. In order to generate the proper session IDs, the SCS must know the current time. It can be told the correct time by a timeserver (configured with Set/Define IP Timeserver) or by its internal clock (configured with Set/ Define Server Clock).
Page 189 11.4.4.1 Configuring SecurID To log into the SCS, the user must enter a username at the username prompt, and the passcode at the password prompt. To specify the SecurID ACE/Server for authentication of username/passcodes, use the Set/Define...
Page 190: Unix Password File
UNIX password files are advantageous because existing UNIX password files can be used. Their main disadvantage is that TFTP poses a security risk. If the SCS can retrieve the file, chances are that other hosts on the network can retrieve the file and potentially crack the passwords. If your network is not trusted, you may not want to use TFTP authentication.
Page 191: Ip Address Restriction
User Restrictions 11.5.2 IP Address Restriction To avoid routing problems and enhance security, the SCS can restrict incoming remote networking callers to a particular address or range of addresses. Each site may specify a particular range of acceptable IP addresses. When an incoming caller requests to use a specific address, it will be compared to this range.
Page 192: Locking A Port
Figure 11-41: Forcing User to Start a Particular Site Local>> DEFINE AUTHENTICATION USER bob COMMAND "SET PPP dialin_users; logout" In the previous example, when user bob logs into the SCS, he will automatically start PPP and run the site dialin_users.
Page 193: Network Restrictions
Security Network Restrictions Unique authentication applies only to ports that have authentication enabled. If user george connects to port2 and then attempts a second connection to port9, the second login will be allowed because port9 does not have authentication enabled. Similarly, if george attempts an authenticated login to port 2 after another user has logged into port9 with username george, he will succeed (provided that he enters the correct password) because he is the first user to log in as george on an authenticated port.
Page 194: Disabling The Ftp And Http Servers
11.6.5 Packet Filters and Firewalls Filters enable the SCS to restrict packet traffic. Each filter specifies a particular rule, for example, only IP packets will be permitted passage. Packets that pass the filter will be forwarded; packets that don’t will be discarded.
Page 195 When a site with an associated filter list receives a packet, the SCS will compare the packet against each filter starting with the first filter on the list. If the packet matches any of the filters, the packet will be forwarded or discarded to the filter’s specification.
Page 196: Event Logging
(all passwords). 11.7.1 Setting the Destination In order to use logging, the SCS must be configured to send logging information to one of the following destinations: A TCP/IP host running syslog...
Page 197: Logging Levels
The complete syntax of Set/Define Logging is given on page 12-172. Note: To see logging information that is stored in the SCS memory, enter the Show/Monitor/List Logging Memory command. The following command will display the log and update the display continuously.
Page 198 Security Event Logging Table 11-2: Events Logged by the SCS, cont. To Log Events The Following Options are Available: Associated With: (Numbers Reflect Logging Level) Incoming/Outgoing RIP Packets Resulting Routing Table Contents of All RIP Packets Routed Packets Modems Problems...
Page 199: Examples
11.8.2 Terminal User Forced to Execute Command Terminal user jerry does not have an existing account on UNIX. He will only use the SCS to Telnet to his own remote host, venus. The following figure shows the commands necessary to add jerry to the local database.
Page 200: Multiple-User Authentication
SunOS UNIX (venus) Login:_ 11.8.3 Multiple-User Authentication A large number of users need to connect to the SCS. These users must be authenticated. The SCS must be configured to meet the following criteria: All users will connect to port 2.
Page 201: Outgoing Lan To Lan Connection
Examples 11.8.4 Outgoing LAN to LAN Connection An SCS in Dallas must connect to an SCS in Seattle. The Dallas SCS must be configured in the following manner: The SCS in Dallas must have a site for the connection to the Seattle SCS. The site’s name is seattle.
Page 202 Figure 11-61: Permitting Outgoing Telnet Connections Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ TELNET DPORT GT 1023 ACK To permit SMTP traffic between the SCS and the local and backup SMTP servers, the following commands are required: Figure 11-62: Permitting SMTP Traffic to SMTP Servers Local>>...
Page 203 Security Examples To permit NNTP traffic between the local and remote NNTP servers, the following commands are required: Figure 11-63: Permitting Traffic Between NNTP Servers Local>> DEF FILT fw_i ADD ALLOW IP TCP DPORT EQ NNTP SPORT GT 1023 DST 255.255.255.255 192.0.1.104 SRC 255.255.255.255 192.0.2.100 Local>>...
Page 204: Dialback
An SCS must be configured to prevent all users from connecting with the exception of two users, sam and paul. When sam and paul attempt to connect to the SCS, the modem must dial them back to verify their identities.
Page 205: 12: Command Reference
12: Command Reference This chapter describes all commands that can be used with the SCS. To recap the types of commands (Set/ Define, Show/Monitor/List, Clear/Purge), see Chapter 2, Getting Started. Most Define commands are documented with their corresponding Set commands, but some are listed separately under the Define keyword.
Page 206: About Strings
First, any user-entered strings should be enclosed in quotes to retain the case entered. If a string is not enclosed in quotes, it will be changed to all uppercase characters, and any spaces will cause the SCS to interpret the different parts of the string as different command parameters.
Page 207: Modem Commands
Commonly set to “s0=1.” Rings Either enter 1 or 3 to tell the SCS how many rings to wait before answering the line. When Caller-ID is enabled, the ring value should be set to 3 to give the SCS time to gather Caller-ID information.
Page 208: Define Ports Modem Attention
12.4.3 Define Ports Modem Busy DEFINE PORTS PortList MODEM BUSY string Defines a string that the SCS will expect from the modem on outbound calls to signal that the remote number is busy or otherwise unavailable. Restrictions Requires privileged user status.
Page 209: Define Ports Modem Callerid
Defines the length of time that a server will wait for a carrier on incoming and autodialed calls. If a carrier is not received in that length of time, the SCS assumes that it will not be received. The call will fail and the modem will be reset.
Page 210: Define Ports Modem Commandprefix
Command Reference Modem Commands Examples Local>> DEFINE PORT 2 MODEM CARRIERWAIT 40 See Also Profile Settings—Carrierwait String, page 9-5 12.4.6 Define Ports Modem Commandprefix DEFINE PORTS PortList MODEM COMMANDPREFIX onds Defines a string to send before the “Init” and other configuration strings. Restrictions Requires privileged user status.
Page 211: Define Ports Modem Connected
Command Reference Modem Commands DisableString A string of up to 12 characters. When this string is received by the modem, data compression will be disabled The DisableString and the EnableString must be entered together. Note: EnableString A string up to 12 characters. When this string is received by the modem, data compression will be enabled.
Page 212: Define Ports Modem Control
(DSR, DTR, and DCD) control the port’s interaction with the modem, including initializing the modem upon booting and resetting the modem between uses. The SCS monitors DCD to determine if a connection exists. If DCD drops, the SCS will log the port out and drop DTR.
Page 213: Define Ports Modem Error
Command Reference Modem Commands DialString A string of up to 12 characters. Often touch tone dialing is activated with “dt” and pulse dialing is activated with “dp.” Defaults Depends on modem and modem profile. Examples Local>> DEFINE PORT 2 MODEM DIAL “dt” See Also Define Ports Modem Commandprefix, page 12-6;...
Page 214: Define Ports Modem Errorcorrection
Defines a string to send to the modem to cause it to return its setup. This string is preceded by the Commandprefix string. If the string is set to “”, the SCS will not attempt to get the modem’s setup. The SCS will always send the Save string after configuration.
Page 215: Define Ports Modem Init
Command Reference Modem Commands Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the Note: current port only.
Page 216: Define Ports Modem Nocarrier
Command Reference Modem Commands 12.4.15 Define Ports Modem Nocarrier DEFINE PORTS PortList MODEM NOCARRIER string Defines a string to expect on outbound calls when the modem can dial but doesn’t connect. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges).
Page 217: Define Ports Modem Ok
Command Reference Modem Commands 12.4.17 Define Ports Modem OK DEFINE PORTS PortList MODEM OK string Defines a string to expect after the Attention string is sent to the modem. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges).
Page 218: Define Ports Modem Ring
Command Reference Modem Commands 12.4.19 Define Ports Modem Ring DEFINE PORTS PortList MODEM RING string Defines a string that the modem returns if it rings. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges).
Page 219: Define Ports Modem Speaker
Command Reference Modem Commands 12.4.21 Define Ports Modem Speaker ⎧ ⎫ ENABLED ⎪ ⎪ DEFINE PORTS PortList ⎨ ⎬ MODEM SPEAKER DISABLED ⎪ ⎪ ⎩ ⎭ EnableString DisableString Enables or disables the modem’s speaker. The speaker allows the user to hear the modem’s dialup and connect sequences for debugging purposes.
Page 220: Define Ports Modem Type
Command Reference Modem Commands In the absence of a PortList or the All parameter, the configuration will affect the Note: current port only. string A string of up to 12 characters. Defaults Depends on modem and modem profile. Examples Local>> DEFINE PORT 2 MODEM STATISTICS “statreport” See Also Define Ports Modem Commandprefix, page 12-6;...
Page 221 Command Reference Modem Commands Restrictions You must be the privileged user to use the Monitor command. Parameters A particular modem profile type to display. Examples Local> SHOW MODEM 3 See Also Modem Profiles, page 9-2 12-17...
Page 222: Ip/Network Commands
Removes a TCP/IP host entry from the SCS table of known hosts. If Clear is used and the host was seen through the rwho facility, it will reappear as soon as that machine broadcasts again. A host will also reappear if a user Connects to it.
Page 223: Clear/Purge Ip Route
Command Reference IP/Network Commands 12.5.4 Clear/Purge IP Route ⎧ ⎫ ⎧ ⎫ DEFAULT ⎪ ⎪ CLEAR ⎨ ⎬ IP ROUTE ⎨ ⎬ address ⎩ ⎭ ⎪ ⎪ PURGE ⎩ ⎭ Removes a static IP route. Restrictions Requires privileged user status. Parameters Default Clears or purges default IP routes.
Page 224: Clear/Purge Ip Trusted
Command Reference IP/Network Commands 12.5.6 Clear/Purge IP Trusted ⎧ ⎫ ⎧ ⎫ CLEAR address ⎨ ⎬ IPTRUSTED ⎨ ⎬ ⎩ ⎭ PURGE ⎩ ⎭ Removes all entries from the trusted router table. Restrictions You must be the privileged user to use this command. Parameters address An IP address in standard numeric format (for example, 193.53.2.2).
Page 225 Command Reference IP/Network Commands Parameters Establishes an SSH connection to the specified host or, if no hostname is entered, to the preferred host. host Enter a text host name or an IP address in a standard numeric format (for example, 192.0.1.183). username Enter a user name that will be passed to the remote host.
Page 226: Disconnect
Connect, page 12-20; Show/Monitor Sessions, page 12-98; Exiting Sessions, page 8-5 12.5.9 Purge IP Ethernet PURGE IP ETHERNET num Removes the specified secondary Ethernet from the SCS permanent memory. Restrictions Requires privileged user status. Parameters An integer specifying a secondary Ethernet. Numbering begins at 1.
Page 227: Send
Command Reference IP/Network Commands Parameters hostname A text hostname or an IP address in standard numeric format (for example, 192.0.1.183). username A username to use as the login name. See Also Connect, page 12-20; Set/Define Ports Password, page 12-78; Telnet and Rlogin Sessions, page 6-9 12.5.11 Send ⎧...
Page 228: Set/Define 80211
Ethernet port. If no valid PC card is detected at startup, the SCS uses the 10/100BASE-T network connection. When 802.11 is disabled, the SCS will ignore an installed 802.11 card and will only look for a compatible wired Ethernet connection.
Page 229 The default settings should work in most applications. Any configuration changes you make with the above commands will not take place until you reboot the SCS or issue the Set 80211 Reset command.
Page 230 See your PC card documentation for specific information about which channels are available in your area. Any configuration changes you make with the above commands will not take place until you reboot the SCS or issue the Set 80211 Reset command.
Page 231 NONE DEFINE Configures the ESSID, which tells the SCS the name of the Extended Service Set (ESS) to which it belongs. Setting an ESSID ensures that the SCS will stay on the desired network subsegment. Any configuration changes you make with the above commands will not take place until you reboot the SCS...
Page 232 ⎭ DEFINE Configures which of the two available MAC addresses the SCS will use on the network—its own or that of the attached 802.11 wireless networking PC card. The SCS MAC address, which is the same as its hardware address, is printed on bottom label of the SCS.
Page 233 Denotes whether the SCS operates in a peer-to-peer (AdHoc) or managed (Infrastructure) network environment. Any configuration changes you make with the above commands will not take place until you reboot the SCS or issue the Set 80211 Reset command. Restrictions Requires privileged user status.
Page 234 ⎩ ⎭ Sets the regulatory region under which you will operate the SCS. Users in the United States can leave this at the default setting (FCC). Other users should set it to correspond with their region. Any configuration changes you make with the above commands will not take place until you reboot the SCS or issue the Set 80211 Reset command.
Page 235 Only applies to the SCS200. Parameters Reset Resets the SCS to make all 802.11 changes take effect immediately. This command should be entered anytime you make an 802.11 configuration change. It also clears out any previous errors and starts over with the current 802.11 parameters.
Page 236 (in ad-hoc mode) that have been programmed with the same WEP key as the SCS. All wireless network traffic the SCS sends will be encrypted with its WEP key and any encrypted wireless network traffic the SCS receives will be decrypted with its WEP key. Disabling WEP causes the SCS to ignore its WEP key and only receive and transmit unencrypted network traffic.
Page 237 Enter an integer between 1 and 4. For two keys to match, both their key data and their index number must be identical. Sets the WEP key. The SCS allows both 40-bit and 128-bit keys, and will determine which key length is being set by the length of the key data.
Page 238: Set/Define Hosts
Command Reference IP/Network Commands 12.5.13 Set/Define Hosts ⎧ ⎫ ⎨ ⎬ TELNET HOSTS hostname IPaddress ⎩ ⎭ DEFINE Associates a TCP/IP hostname with an IP address in the local host table, allowing you to use the text name for Telnet connections even if there is no name server to resolve it. If the given host name has already been configured, the new IP address will replace the previous value.
Page 239: Set/Define Ip All/Ethernet
Command Reference IP/Network Commands 12.5.14 Set/Define IP All/Ethernet ⎧ ⎫ TTL TTLnum ⎪ ⎪ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ENABLED ⎨ ⎬ DEFAULT ⎪ ⎪ ⎩ ⎭ DISABLED ⎪ ⎪ ⎪ ⎪ MTU bytes ⎪ ⎪ ⎪ ⎪ ⎧ ⎫...
Page 240 Allocates a pool of IP addresses to dialin users. When Proxy-ARP is enabled, the SCS will respond to ARP requests to all addresses in the pool. Must be used with the First and Last parameters, or with the None parameter.
Page 241: Set/Define Ip Create
Command Reference IP/Network Commands Trusted When enabled, this interface will only listen to routing updates from routers specified by the Set/Define IP Trusted command. Otherwise, this interface will listen to all routing updates. Defaults Ethernet Interface number: 0 TTLNum: 1 Default, Proxy-ARP, and Trusted: Disabled MTU: 1500 bytes Listen and Send: Enabled...
Page 242: Set/Define Ip Domain
⎭ DEFINE NONE Sets the maximum number of TCP/IP hosts that the SCS will add to its host table as a result of Rwho and DNS lookups. Hosts from the preset host table are exempt from this limit. Restrictions Requires privileged user status.
Page 243: Set/Define Ip Ipaddress
Specifies the server’s IP address for TCP/IP connections. Restrictions Requires privileged user status. Errors An error is returned if there are active connections to the SCS. An error is returned if the address is in use by another node. Parameters address An IP address in standard numeric format (for example, 193.0.1.50).
Page 244: Set/Define Ip Nat
Command Reference IP/Network Commands See Also Configuring the Domain Name Service (DNS), page 6-7 12.5.22 Set/Define IP NAT ⎧ ⎫ ENABLED ⎨ ⎬ ⎩ ⎭ DISABLED ⎧ ⎫ ⎧ ⎫ TCP string ⎨ ⎬ EXPIRE ⎨ ⎬ PROTOCOL IP NAT ⎩...
Page 245: Set/Define Ip Nat Table
Specifies the address of the NetBIOS Name Server (NBNS) used for NetBIOS over an IP network. NBNS addresses are passed via PPP to remote users who want to locate the name server dynamically. The SCS does not use this information itself.
Page 246: Set/Define Ip Route
Command Reference IP/Network Commands Parameters address An IP address in standard numeric format (for example, 193.0.1.50). See Also Set/Define IP Nameserver, page 12-39; Configuring the Domain Name Service (DNS), page 6-7 12.5.25 Set/Define IP Route ⎧ ⎫ ⎧ ⎫ NEXTROUTER router ⎧...
Page 247: Set/Define Ip Routing
⎭ DEFINE DISABLED Configures the routing of IP packets. If routing is disabled, any packets requiring routing on the SCS will be rejected. The router will still learn routes via RIP (if enabled) for its own use. Restrictions Requires privileged user status.
Page 248 Command Reference IP/Network Commands Parameters address The IP address to be restricted. The address can be a full IP address, such as 192.0.180, to restrict one address; it can also be expressed as a partial address, such as 192.0.1.255, to restrict whole subnetworks. An address with a 255 in any segment means the restriction applies to all the addresses in that range.
Page 249: Set/Define Ip Subnet
Command Reference IP/Network Commands 12.5.28 Set/Define IP Subnet ⎧ ⎫ ⎨ ⎬ PROTOCOLS IP SUBNET MASK address ⎩ ⎭ DEFINE Specifies a subnet mask as an IP address. The mask must be specified using the address parameter. Restrictions Requires privileged user status. Parameters Mask Specifies a subnet mask.
Page 250: Set/Define Ip Timeserver
PASSIVE NONE Configures a timeserver for the SCS to use to update its internal clock. The SCS can communicate with either Daytime or Network Timeserver Protocol (NTP) servers. For NTP, the SCS can periodically broadcast a message asking for time information and wait for an NTP timeserver to reply, periodically query a specific NTP timeserver, or just listen for NTP broadcasts on the network.
Page 251: Set/Define Ip Trusted
⎩ ⎭ ⎩ ⎭ DEFINE DISABLED Configures a list of trusted routers. When Set/Define IP All/Ethernet Trusted is enabled, the SCS will only listen to RIP updates from routers in this list. Restrictions Requires privileged user status. Parameters address An IP address in standard numeric format (for example, 193.0.1.50).
Page 252: Show Ip Counters
Command Reference IP/Network Commands 12.5.33 Show IP Counters SHOW IP COUNTERS Displays current TCP/IP traffic counters. 12.5.34 Show/Monitor/List Hosts ⎧ ⎫ SHOW hostname ⎪ ⎪ ⎨ ⎬ TELNET HOSTS MONITOR ⎪ ⎪ ⎩ ⎭ LIST LOCAL Displays either the currently available TCP/IP (Telnet/Rlogin) hosts (Show) or the ones that have been Defined locally in the host table (List).
Page 253: Show/Monitor/List Ip
Command Reference IP/Network Commands 12.5.35 Show/Monitor/List IP COUNTERS HASHTABLE ⎧ ⎫ SHOW ⎪ ⎪ INTERFACES ETHERNET num ⎨ ⎬ PROTOCOLS IP MONITOR CACHE ⎪ ⎪ ⎩ ⎭ SiteName LIST ROUTES SECURITY TRUSTED Displays the current operating characteristics of the targets. Use the List command to see the permanent attributes that will take effect upon reboot/login.
Page 254 Command Reference IP/Network Commands Table 12-1: IP Failure and Message Reasons, cont. Connect Failure Invalid Packet ICMP Message Reasons Reasons Reasons Attempted ARP failed Packet received for an Host unreachable unknown local user Remote host did not answer Unused, should be 0 Port unreachable;...
Page 255: Ssh
Command Reference IP/Network Commands Trusted Displays trusted IP routers. Timeserver Displays the timeserver. Examples Local> SHOW IP HASHTABLE Local>> SHOW IP INTERFACES ETHERNET Local>> SHOW IP INTERFACES ETHERNET 4 See Also Netstat, page 12-187; IP/Network Commands, page 12-18; Chapter 6, IP 12.5.36 SSH SSH is a shorthand for the Connect SSH command.
Page 256: List Email
Command Reference Port Commands 12.6 Port Commands 12.6.1 List Email LIST EMAIL emailsite When entered without any parameters, displays all emailsite configurations that will take place the next time that emailsite is used. Using the emailsite parameter will show the configurations for that specific site, while the All parameter will show a detailed listing of all emailsites.
Page 257: Logout Port
Requires privileged user status. Parameters Resets all Link Control Protocol parameters on the specified port. Modem Clears the specified port’s modem init information. PortNum Specifies a particular SCS port. See Also Show/Monitor/List Ports, page 12-96; Port Commands, page 12-52 12-53...
Page 258: Purge Email
Command Reference Port Commands 12.6.5 Purge Email PURGE EMAIL emailsite Removes an emailsite. Restrictions Requires privileged user status. Parameters emailsite Enter the name of an emailsite. See Also Define Email, page 12-55; Define Ports Event Email Serialdata, page 12-71; Event Port Logging, page 3-2 12.6.6 Resume RESUME SESSION number Leaves character (Local>) mode and resumes the current (active) session.
Page 259: Snoop Port
Specifies a particular SCS port to watch. Displays only data coming into the serial port from an attached device. Displays only data going from the SCS serial port to the attached serial device. Both Displays both incoming and outgoing data to and from the serial port.
Page 260 Date, Year format (e.g. Tue June 8, 1999) Substitutes the SCS’s hardware address Print’s the SCS’s IP address Prints the domain name of the network the SCS is on, as specified with the Set/Define IP Domain command Prints the SCS’s name, as specified with the Set/Define...
Page 261: Set/Define Ports Access
Command Reference Port Commands string Enter a character string with a maximum length of 32 characters. Enclose the string in quotes to preserve case and spaces. Mailhost Sets the SMTP mailhost. Enter a string with maximum length of 24 characters. Enclose the string in quotes to preserve case and spaces.
Page 262: Set/Define Ports Authenticate
Command Reference Port Commands Remote The specified ports accept only network connection requests. No local logins are permitted. Defaults Dynamic Examples Local>> DEFINE PORTS ALL ACCESS LOCAL See Also Setting Port Access, page 8-1; Limiting Port Access, page 11-22 12.6.11 Set/Define Ports Authenticate ⎧...
Page 263: Set/Define Ports Autoconnect
Command Reference Port Commands Restrictions Requires privileged user status. Errors Autobaud and Autostart cannot be used together. If you try to configure both options, you will get a message saying that the previously configured option was disabled. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges).
Page 264: Set/Define Ports Autostart
Command Reference Port Commands 12.6.14 Set/Define Ports Autostart ⎧ ⎫ ⎪ ENABLED ⎪ ⎪ ⎪ DISABLED ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ⎨ ⎬ CHARACTER PORTS PortList ⎨ ⎬ ⎨ ⎬...
Page 265: Set/Define Ports Backward Switch
Any key can be specified unless it conflicts with SCS line editing or the Break or Forward keys. The key you specify will be stripped from the data stream, so while it won’t interfere with remote operating systems, you will lose any functionality that key would have on local programs.
Page 266: Set/Define Ports Break
Command Reference Port Commands Restrictions Requires privileged user status if you want to use this command on ports other than your own. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the Note: current port only.
Page 267: Define Ports Backspace
Local Pressing the Break key will return to character (Local>) mode. Remote The Break key is ignored by the SCS and passed through to the remote service. None Removes the alternate Break character (when used with the Character keyword) or disables Break key processing. Pressing the Break key does nothing.
Page 268: Set/Define Ports Broadcast
Command Reference Port Commands 12.6.18 Set/Define Ports Broadcast ⎧ ⎫ ⎧ ⎫ PORTS PortList ENABLED ⎨ ⎬ ⎨ ⎬ BROADCAST ⎩ ⎭ ⎩ ⎭ DEFINE DISABLED Enables or disables other users’ broadcasts to this port. Broadcasts are typically disabled when extra messages are not desired on the port’s output device.
Page 269: Set/Define Ports Command Completion
⎭ DEFINE DISABLED Enables or disables the command completion feature. If enabled, the SCS will attempt to complete partially- typed command words when the user presses the Space or Tab keys. Restrictions Requires privileged user status if you want to use this command on ports other than your own.
Page 270: Set/Define Ports Datasend
Another option is to set a one- or two-character trigger, specified through the Character parameter, that will cause the SCS to transmit the data. You can also specify whether the trigger characters will be sent to the host as part of the serial data or whether they should be discarded through the Save parameter.
Page 271 Defines the timeout as the time since the current “character burst” was started. None Clears previous timeout settings, so the transmission takes place whenever the SCS decides to send the data. Character Sets a trigger that transmits any accumulated data as soon as the specified one or two byte character sequence is detected in the data stream.
Page 272: Define Ports Dedicated
There should be no spaces between the hostname, colon, and environment string. Dedicating all SCS ports is dangerous, as it leaves no easy way to log into the Note: server. (In other words, users can no longer quickly access the Local> prompt.) If all ports are dedicated, users must connect via the console ports, or the SCS must have incoming logins enabled.
Page 273 Command Reference Port Commands envstring Sets up the connection environment before the session is started. For a description of all available environment strings, see Appendix A, Environment Strings. If no environment string is specified with the TCP parameter, the connection will default to a Telnet connection. Examples Local>>...
Page 274: Define Ports Dialback
If the entered username is not in the table, the port is logged out. If the username is in the table, the port is logged out and the SCS sends the dialback string to the port and awaits a second login. Typically, the dialback string will cause the modem attached to the port to call the user back at a certain telephone number for security reasons.
Page 275: Set/Define Ports Dtrwait
DISABLED If enabled, the SCS will not assert the DTR signal on the serial port until a user logs into the port, connects to the port via a service, or connects to the port via a Telnet connect. When the port is idle, DTR will not be asserted.
Page 276: Set/Define Ports Flow Control
Command Reference Port Commands When email notification is enabled, an email is triggered when the specified serial port receives a burst of 20 or more characters in its serial log. The port will buffer the incoming data for up to 25 seconds or until the log file reaches 1500 bytes before sending the email, which contains the current contents of the log file.
Page 277: Set/Define Ports Forward Switch
Any key can be specified unless it conflicts with SCS line editing or the Break or Backward keys. The key you specify will be stripped from the data stream, so while it won’t interfere with remote operating systems, you will lose any functionality that key would have on local programs.
Page 278: Set/Define Ports Inactivity Logout
Any key can be specified unless it conflicts with SCS line editing or the Break or Forward/Backward keys. The key you specify will be stripped from the data stream, so while it won’t interfere with remote operating systems, you will lose any functionality that key would have on local programs.
Page 279: Set/Define Ports Loss Notification
DISABLED Sends the terminal device a Ctrl-G (Bell) when a typed character is lost due to a data error or an overrun on the SCS. Restrictions Requires privileged user status if you want to use this command on a port other than your own.
Page 280: Set/Define Ports Menu
DISABLED Specifies whether or not to enable the SCS to emulate a modem for performing network connections. If it is disabled, the Local> prompt will appear at login. If it is enabled, the SCS will respond to “AT” commands. Restrictions Requires privileged user status if you want to use this command on ports other than your own.
Page 281: Set/Define Ports Name
Command Reference Port Commands Defaults Disabled See Also Modem Emulation, page 8-23 12.6.34 Set/Define Ports Name ⎧ ⎫ PORTS PortList ⎨ ⎬ NAME portname ⎩ ⎭ DEFINE Sets a unique name for each port, or a common name for a group of ports. Giving the same name to several ports may be desirable, for example, when you want to label them as modem connection ports or dedicated SLIP/PPP ports.
Page 282: Set/Define Ports Password
DISABLED ⎩ ⎭ ⎩ ⎭ Controls whether or not the login password is required to log in to an SCS port. The Set/Define Server Login Password command is used to set the password. Restrictions Requires privileged user status. Errors The virtual port (port 0) password must be enabled or disabled with the Define command.
Page 283: Set/Define Ports Pocketpc
⎭ ⎩ ⎭ Specifies a default service for this port. The SCS will attempt to use the preferred service for Autoconnecting, as well as when no service name is specified in a Connect, Telnet, SSH, or Rlogin command. If no environment string is specified, the service will be a Telnet connection by default.
Page 284 Command Reference Port Commands Rlogin Specifies that the service is a default Rlogin connection. Must be used in conjunction with the hostname parameter. Specifies that the service is a default SSH connection. Must be used in conjunction with the hostname parameter. Specifies that the service is a default TCP connection.
Page 285: Define Ports Ppp
PPP. You can use this command to specify a per port username and password to authenticate information outbound from the SCS, for example, CHAP Secrets. If you do not specify the per port fields, the username and password from the appropriate site is used for the connection.
Page 286 Turns off CHAP/PAP authentication. Local The SCS will authenticate itself to the SCS. Remote The remote node will authenticate itself to the SCS. Counter Specifies the number of configuration retries for the Link protocol and all Network Control protocols. Configure Specifies the number of Configure-Requests to send before giving up negotiation.
Page 287 An integer between 1 and 255, representing a length of time in tenths of seconds. For example, a setting of 25 equals 2.5 seconds. Multilink Allows the SCS to add the specified port to a PPP connection to increase bandwidth on demand. Username A specific per-port username for authenticating data outbound from the SCS, for example, CHAP Secrets.
Page 288: Define Ports Pppdetect
Command Reference Port Commands See Also Define Ports PPPdetect, page 12-84; Purge Port PPP, page 12-53; Show/ Monitor/List Logging PPP, page 12-179; Set PPP, page 12-95; Show/Monitor/ List Ports PPP, page 12-96; Chapter 7, PPP 12.6.40 Define Ports PPPdetect ⎧ ⎫...
Page 289: Set/Define Ports Security
DEFINE DISABLED Setting a port to Secure status restricts its access to SCS commands and the ability to get information about other ports using Show/List commands. Privileged commands are not available to secure users. Certain other commands cannot be entered for a port other than the secure user’s own port.
Page 290: Set/Define Ports Session Limit
Command Reference Port Commands number The maximum size, in KB, of the log file. Enter an integer between 0 and 250. A value of 0 turns logging off. Defaults No logging See Also Set/Define Ports Access, page 12-57; Define Email, page 12-55; Define Ports Event Email Serialdata, page 12-71;...
Page 291: Define Ports Slip
Command Reference Port Commands Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the Note: current port only.
Page 292: Set/Define Ports Slipdetect
Command Reference Port Commands 12.6.47 Set/Define Ports SLIPdetect ⎧ ⎫ ⎧ ⎫ PORTS PortList ENABLED ⎨ ⎬ ⎨ ⎬ SLIPDETECT ⎩ ⎭ ⎩ ⎭ DEFINE DISABLED Automatically detects and starts running SLIP. Be aware that automatically running SLIP is a potential security hazard.
Page 293: Set/Define Ports Stop
Command Reference Port Commands Examples Local>> SET PORTS SPEED 2400 See Also Set/Define Ports Autobaud, page 12-58; Modem Speeds, page 9-2 12.6.49 Set/Define Ports Stop ⎧ ⎫ ⎧ ⎫ PORTS PortList ⎨ ⎬ ⎨ ⎬ STOP ⎩ ⎭ ⎩ ⎭ DEFINE Specifies the stop bit count for the port.
Page 294: Set/Define Ports Termtype
Command Reference Port Commands Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the Note: current port only.
Page 295: Set/Define Ports Username
Command Reference Port Commands Describes the type of device connected to the port. Restrictions Requires privileged user status to use this command on ports other than your own. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges).
Page 296: Set/Define Ports Verification
Command Reference Port Commands Defaults None See Also Specifying a Username, page 8-13 12.6.54 Set/Define Ports Verification ⎧ ⎫ ⎧ ⎫ PORTS PortList ENABLED ⎨ ⎬ ⎨ ⎬ VERIFICATION ⎩ ⎭ ⎩ ⎭ DEFINE DISABLED When enabled, the server will issue informational messages whenever a session is connected, disconnected, or switched.
Page 297: Define Protocols Rs485
232 networking. Mode When RS-485 Mode is enabled, you must choose either two-wire or four-wire mode. If you do not explicitly set a mode with this command, the SCS will default to four-wire mode. 2Wire Sets the SCS to use two-wire mode.
Page 298: Set Session
TXDrive Controls how the SCS drives the TX pin. Always Sets the SCS to drive TX. The SCS will never tristate TX, even if data is not being sent. Always is only valid for four-wire mode. Auto Sets the SCS to drive TX only when transmitting, and tristate when not transmitting.
Page 299: Set Ppp
Command Reference Port Commands Backspace Set Session Delete Backspace sends a backspace character (ASCII 0x8, or Ctrl-H). Echo Enabling asks the unit to echo for TCP connections. The default is Disabled, on the assumption that the remote host will provide echoing. Newline Changes what is sent to the remote service when you press the newline (usually <Return>) key.
Page 300: Set Slip
Command Reference Port Commands Parameters IPaddress Defines the non-negotiable remote IP address. address An IP address in standard numeric format (for example, 193.0.1.50). SiteName A name of 12 characters or less. If no site name is given, a site with the default site characteristics will be used.
Page 301 Command Reference Port Commands These commands display information about the server’s ports. The current port is the default, unless another port number or All is specified. You can also get information about all the local ports having a particular Access value. If no keywords are added to the command, the current port’s Characteristics will be shown. If the port is a virtual port, irrelevant information (such as baud rate, parity, or flow control) will not be displayed.
Page 302: Show Rs485
Command Reference Port Commands Summary Displays a one-line summary of information about the specified ports. The information includes type of access, status, and services offered. The Summary option shows the access type, any offered services, and the login status of the port.
Page 303: Test Port
Virtual and multisession-enabled ports can only be tested by the user on that port. Parameters PortNum Specifies a particular SCS port. PostScript Sends a Postscript test page to the port instead of ASCII data. Count Specifies the number of test lines to be send, or if in postscript mode, the number of pages to print.
Page 304: Unlock Port
The command does nothing if the port is already unlocked. Restrictions Requires privileged user status. Parameters PortNum The number of the locked SCS port. Examples Local>> UNLOCK PORT 6 See Also Lock, page 12-52; Locking a Port, page 8-9; Locking a Port, page 11-21...
Page 305: Service Commands
⎭ ⎩ ⎭ PURGE ServiceName Removes an SCS service. Clearing a service only disables it until re-initialization of the SCS. For a permanent removal, the Purge command must be used. Restrictions Requires privileged user status. Errors Clear Service fails when there are sessions connected to the service or when there are connect requests in the service’s queue.
Page 306: Set/Define Service
DEFINE Creates a new service. For the description and syntax of particular parameters used in conjunction with this command, refer to the individual entries that follow. A maximum of 16 services can be created for the SCS. Note: Restrictions Requires privileged user status.
Page 307: Set/Define Service Banner
⎩ ⎭ ⎩ ⎭ DEFINE DISABLED Specifies whether the SCS should print a banner page before starting the job. Banners should be disabled (the default) for all PostScript and plotter (binary) data. Restrictions Requires privileged user status. Defaults Enabled See Also Clear/Purge Service, page 12-101 12.7.5 Set/Define Service Binary...
Page 308: Set/Define Service Formfeed
SERVICE ServiceName FORMFEED ⎩ ⎭ ⎩ ⎭ DEFINE DISABLED If enabled (the default), the SCS will append a formfeed at the end of any LPR print jobs. Restrictions Requires privileged user status. Defaults Enabled See Also Clear/Purge Service, page 12-101 12.7.8 Set/Define Service Identification...
Page 309: Set/Define Service Password
Command Reference Service Commands 12.7.9 Set/Define Service Password ⎧ ⎫ ) Password ⎨ ⎬ SERVICE ServiceName PASSWORD ⎩ ⎭ DEFINE Provides a password for the specified service. Local connections to service and IP connections to TelnetPort or TCPPort sockets will be prompted for this password. Restrictions Requires privileged user status.
Page 310: Set/Define Service Postscript
DISABLED If enabled, the SCS will assume there is a PostScript printer attached to the service ports and will try to ensure a job is done before starting another. It will send a Ctrl-D to the attached device and wait for the new printer to return a Ctrl-D before starting the job transfer.
Page 311: Set/Define Service Soj
Command Reference Service Commands 12.7.14 Set/Define Service SOJ ⎧ ⎫ ⎧ ⎫ StartString ⎨ ⎬ ⎨ ⎬ SERVICE ServiceName SOJ ⎩ ⎭ ⎩ ⎭ DEFINE NONE Specifies a string to be sent to the attached device at the start of every access regardless of network protocol. Restrictions Requires privileged user status.
Page 312: Set/Define Service Telnetport
Command Reference Service Commands 12.7.16 Set/Define Service Telnetport ⎧ ⎫ ⎧ ⎫ SocketNum ⎨ ⎬ ⎨ ⎬ SERVICE ServiceName TELNETPORT ⎩ ⎭ ⎩ ⎭ DEFINE NONE Associates a TCP listener socket with the given service. TCP connections to this socket will be connected to the service.
Page 313 Command Reference Service Commands Status Displays full information for the specified services including network address, protocol version, and other services that node offers. Examples Local> SHOW SERVICE lab5_prtr STATUS Local> MONITOR SERVICE LOCAL SUMMARY See Also Clear/Purge Service, page 12-101 12-109...
Page 314 Command Reference Service Commands 12-110...
Page 315: Server Commands
⎩ ⎭ Controls SCS initialization and behavior after the unit is booted. When the server is initialized, all changes made using Set commands will be lost unless corresponding Define or Save commands were also made. Initialization also sets local authentication in the first precedence slot (i.e. Set/Define Authentication Local Precedence 1).
Page 316: Set/Define Menu
Reloads the factory settings. All configurations made with the Define and Save commands will be cleared and will have to be reconfigured. Noboot Forces the SCS to remain in the Boot Configuration Program (BCP) instead of booting. Reload On Flash ROM equipped units, re-downloads the operational code and reprograms the Flash ROM.
Page 317 Date, Year format (e.g. Tue June 8, 1999) Substitutes the SCS’s hardware address Print’s the SCS’s IP address Prints the domain name of the network the SCS is on, as specified with the Set/Define IP Domain command Prints the SCS’s name, as specified with the Set/Define...
Page 318: Set/Define Protocol Ftp
12.8.6 Set/Define Protocol SSH Mode V1ONLY ⎧ ⎫ V1PREFER ⎨ ⎬ PROTOCOL SSH MODE ⎩ ⎭ DEFINE V2ONLY V2PREFER Allows the user to specify they types of SSH connections allowed from the command prompt of the SCS. Restrictions Requires privileged user status. 12-114...
Page 319: Set/Define Server Altprompt
The SCS offers only SSHv1 incoming and outgoing connections. V1PREFER The SCS offers both v1 and v2 incoming (host to SCS) connections, and the client chooses. If both versions are available, the SCS chooses SSHv1 for (SCS to Host) outgoing connections.
Page 320: Set/Define Server Bootgateway
⎨ ⎬ SERVER BOOTGATEWAY IPaddress ⎩ ⎭ DEFINE Specifies a bootgateway, which allows a router to be used when the SCS attempts to download new code through a routed network. Restrictions Requires privileged user status. Parameters IPaddress An IP address in standard numeric format (for example, 193.0.1.50).
Page 321: Set/Define Server Clock
SERVER DHCP ⎩ ⎭ ⎩ ⎭ DEFINE DISABLED If a DHCP server exists on the network, enabling it will provide the SCS with an IP address, gateway address, and subnet mask. Restrictions Requires privileged user status. Defaults Enabled See Also...
Page 322: Set/Define Server Host Limit
Command Reference Server Commands 12.8.14 Set/Define Server Host Limit ⎧ ⎫ ⎧ ⎫ limit ⎨ ⎬ ⎨ ⎬ SERVER HOST LIMIT ⎩ ⎭ ⎩ ⎭ DEFINE NONE Sets the maximum number of TCP/IP hosts learned from Rwho that the server will keep information for. Hosts from the preset host table are exempt from this limit.
Page 323: Set/Define Server Incoming
Command Reference Server Commands Examples Local>> DEFINE SERVER INACTIVITY LIMIT 20 See Also Set/Define Ports Inactivity Logout, page 12-74 12.8.16 Set/Define Server Incoming ⎧ ⎫ ⎪ ⎪ TELNET ⎪ ⎪ NONE ⎧ ⎫ ⎪ ⎪ ⎨ ⎬ ⎨ ⎬ SERVER INCOMING PASSWORD ⎩...
Page 324: Set/Define Server Loadhost
SERVER SECONDARY LOADHOST IPaddress ⎩ ⎭ DEFINE Specifies the host to be used for downloads from TCP/IP hosts. The host name must be a numeric IP-style address. The SCS requests its run-time code from this host. Restrictions Requires privileged user status. Parameters IPaddress An IP address in standard numeric format (for example, 193.0.1.50).
Page 325: Set/Define Server Login Password
⎬ SERVER NAME ServerName ⎩ ⎭ DEFINE Specifies the name of the SCS. The name string must be in quotes if lowercase characters are used. Restrictions Requires privileged user status. Parameters ServerName Assign a name to the SCS, 16 alpahanumeric characters or less.
Page 326: Set/Define Server Nameserver
Command Reference Server Commands 12.8.21 Set/Define Server Nameserver ⎧ ⎫ ⎨ ⎬ SERVER SECONDARY NAMESERVER IPaddress ⎩ ⎭ DEFINE Specifies the IP address of the name server (if any) for TCP/IP connections. This host will attempt to resolve text hostnames into numeric form if the local host table is unable to do so. Restrictions Requires privileged user status.
Page 327: Set/Define Server Privileged Password
Restrictions Requires privileged user status. Parameters Parameters passwd Enter a password of 16 or fewer characters. SCS passwords are case-independent, even when enclosed in quotes. Note: Defaults “system” Examples Local>> SET SERVER PRIVILEGED PASSWORD “yodel” Local>> SET SERVER PRIVILEGED...
Page 328 Substitutes the current port’s name Substitutes the current port’s number Substitutes the current server name Substitutes the product name (SCS1600, etc.) Substitutes the company name (Lantronix) Substitutes the current session name Substitutes a > if user is currently privileged Substitutes a percent sign (%)
Page 329: Set/Define Server Rarp
Command Reference Server Commands 12.8.25 Set/Define Server RARP ⎧ ⎫ ⎧ ⎫ ENABLED ⎨ ⎬ ⎨ ⎬ SERVER RARP ⎩ ⎭ ⎩ ⎭ DEFINE DISABLED Enables or disables querying for a RARP host at system boot time. Restrictions Requires privileged user status. Defaults Enabled See Also...
Page 330: Set/Define Server Session Limit
Command Reference Server Commands 12.8.28 Set/Define Server Session Limit ⎧ ⎫ ⎧ ⎫ limit ⎨ ⎬ SERVER SESSION LIMIT ⎨ ⎬ ⎩ ⎭ ⎩ ⎭ DEFINE NONE Sets the limit on active sessions per port. Each port can have an additional limit less than or equal to this limit.
Page 331: Set/Define Server Startupfile
Configures the startup configuration file that the SCS will attempt to download at boot time. This file contains the SCS commands that will configure the server before the users and services are started. If no retry limit is specified in the command, the SCS will retry failed downloads forever; otherwise it will retry the specified number of times and then boot normally.
Page 332: Set/Define Server Timezone
Command Reference Server Commands Examples Local>> DEFINE SERVER STARTUPFILE “bob:start” RETRY See Also Editing Boot Parameters, page 2-6; Your SCS Installation Guide 12.8.32 Set/Define Server Timezone ⎧ ⎫ ⎪ ⎪ timezone ⎧ ⎫ ⎪ ⎪ ⎨ ⎬ ⎨ ⎬ SERVER TIMEZONE STDzone time DSTzone time ChangeTime ReverTime ⎩...
Page 333: Show/Monitor/List Menu
Command Reference Server Commands None Specifies that no timezone will be used. Examples Local>> DEFINE SERVER TIMEZONE AMERICA/EASTERN Local>> DEFINE SERVER TIMEZONE HST -10 Local>> DEFINE SERVER TIMEZONE MET 1:00 MET-DST 1:00 Mar lastSun 2:00 Sep lastSun 2:00 (In the last example above, MET is the STDzone, and MET-DST is the DSTzone, both of which are one hour off of Greenwich Mean Time.
Page 334 Command Reference Server Commands Clock Displays the local time and date and the UTC (GMT) time and date. Counters Counters can be reset to zero with the Zero Counters All command. Displays the accumulated error counters for the Ethernet and TCP/IP protocols. The four-digit bit position numbers represent one of the network error reasons listed below: Table 12-4: Server Failure Reasons...
Page 335: Show/Monitor/List Timezone
⎬ USERS ⎩ ⎭ MONITOR Displays the current users logged onto the server. For each user, the SCS displays the port username and current connection information. Restrictions You must be the privileged user to use the Monitor command. Errors List Users will cause an error.
Page 336: Site Commands
Command Reference Site Commands 12.9 Site Commands 12.9.1 Define Site DEFINE SITE SiteName option Creates a new site with the given name. See the following Define Site commands for additional site configuration options. Restrictions Requires privileged user status. Examples Local>> DEFINE SITE irvine See Also The following Define Site commands 12.9.2 Define Site Authentication...
Page 337 PPP or SLIP. Dialback If Dialback is enabled, when the site receives an incoming connection, the SCS will hang up and initiate an outgoing connection to verify the caller’s identity. If Insecure dialback is enabled, the caller may be given the option of specifying the dialback telephone number.
Page 338: Define Site Bandwidth
Sets the initial or maximum amount of bandwidth that should be used when connecting to the specified site. Also controls how the SCS calculates the bandwidth needed, and how often it is checked to see if it is within the desired range.
Page 339 Command Reference Site Commands BytesPerSecond The precise bandwidth amount, up to 6,550,000 bytes per second. The server will add ports until it reaches the specified amount. BytesPerSecond is truncated to the nearest 100. For example, a setting of 3840 is truncated to 3800. A BytesPerSecond value below of 99 or less truncates to zero, disabling bandwidth.
Page 340: Define Site Chat
Command Reference Site Commands 12.9.4 Define Site Chat ⎧ ⎫ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ EXPECT string ⎪ AFTER LineNum ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎨ ⎬ ⎨...
Page 341 Command Reference Site Commands Fail Uses the number specified as the Timeout seconds parameter to set the number of times the search for a string (specified with the Expect parameter) can fail before the whole script will give up. Each time the Expect command fails, the script continues at the last Fail command.
Page 342: Define Site Dial On Hangup
Must be used in conjunction with the filtername parameter. Incoming Configures the packet filter for packets that come into the SCS from the remote site. Packets that do not pass this filter will be dropped. Must be used in conjunction with the filtername parameter.
Page 343: Define Site Idle
Sets the maximum time, in seconds, that the specified site may be idle before the link is shut down (“timed out”). The SCS must be idle for at least 10 seconds before the link can be shut down. Note: Restrictions Requires privileged user status.
Page 344: Define Site Ip
Command Reference Site Commands 12.9.8 Define Site IP ⎧ ⎫ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ENABLED ⎨ ⎬ ⎪ ⎪ ⎩ ⎭ DISABLED ⎪ ⎪ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ address ⎪ ⎪ ⎪ ⎪ ⎨ ⎬ ⎪ ADDRESS ⎪...
Page 345 Command Reference Site Commands Dynamic Allows the SCS to be dynamically assigned an IP address by a remote host. Default Advertises this server as the default route to the remote host. Netmask Sets the IP Netmask on this server's IP interface.
Page 346: Define Site Mtu
149; Configuring RIP for Sites, page 4-10; Chapter 7,Character Mode Sites 12.9.9 Define Site MTU DEFINE SITE SiteName MTU MaxSize Configures the maximum sized packet that the remote site may send to the SCS. Packets larger than this will be fragmented by the remote site. Restrictions Requires privileged user status.
Page 347: Define Site Permanent
⎩ ⎭ DISABLED Configures a permanently connected site. When enabled, the site connects immediately after the SCS boots. If the connection is interrupted and the site goes down, the site will reconnect as soon as it is able. Restrictions Requires privileged user status.
Page 348 Command Reference Site Commands Bandwidth Gives the SCS a bandwidth estimate for the device (for example, a modem) that is attached to the port. Must be used in conjunction with the BytesPerSecond parameter. See Estimate Each Port’s Bandwidth on page 5-6 for more information on how Note: to use the port bandwidth setting.
Page 349: Define Site Protocol
⎩ ⎭ NONE Defines the telephone number of the remote site. Before you assign a telephone number, you must associate the site with an SCS port or ports. Restrictions Requires privileged user status. Errors An error is returned if there is no port associated with the site.
Page 350: Define Site Time
Command Reference Site Commands Examples Local>> DEFINE SITE irvine TELEPHONE 8675309 See Also Define Site Port Telephone, page 12-143; Assign a Telephone Number to the Port or Site, page 4-19 12.9.14 Define Site Time ⎧ ⎫ ⎪ ⎪ ADD day starttime day endtime ⎪...
Page 351 The success and failure settings control the time between calls. If the connection Note: worked, the SCS waits for the success delay to pass before attempting another connection. If the connection did not work, the SCS waits for the failure delay to pass. seconds A delay time of 1 to 65000 seconds.
Page 352: Logout Site
Command Reference Site Commands Defaults Default: Disabled (connections are allowed only when specified). Success: 1 second. Failure: 30 seconds. Session: 0 seconds (disabled). Examples Local>> DEFINE SITE irvine TIME ADD mon 8:00 mon 17:00 Local>> DEFINE SITE irvine CLEAR TIME 3 See Also Set/Define Server Clock, page 12-117;...
Page 353: Show/Monitor/List Sites
Parameters SiteName A particular site name of up to 12 characters. Displays all accumulated statistics for all sites that have started since the SCS was last booted, not just those that are running. Bandwidth Displays the specified site’s bandwidth configuration and related statistics.
Page 354: Test Site
12.9.18 Test Site TEST SITE SiteName Tests a site without having to force packet traffic. When the command is issued, the SCS will attempt a connection to the site and return basic status. The site must then be shut down manually.
Page 355: Security Commands
Command Reference Security Commands 12.10 Security Commands 12.10.1 Clear/Purge Authentication ⎧ ⎫ ⎧ ⎫ ⎨ ⎬ CLEAR USER ⎨ ⎬ AUTHENTICATION ⎩ ⎭ username ⎩ ⎭ PURGE PRECEDENCE num Removes information stored in the local authentication database. Restrictions Requires privileged user status. Parameters User Clears or purges a user from the local authentication database.
Page 356: Clear/Purge Dialback
Command Reference Security Commands 12.10.2 Clear/Purge Dialback ⎧ ⎫ ⎧ ⎫ CLEAR ⎨ ⎬ DIALBACK ⎨ ⎬ ⎩ ⎭ ⎩ ⎭ PURGE username Removes a dialback setting for a particular username, or for all usernames. Restrictions Requires privileged user status. Errors Clear Dialback will return an error if the specified username isn’t found, or if All is specified and no entries are configured.
Page 357: Clear/Purge Snmp
Configures the authentication system. Logins on ports with authentication enabled will be prompted for a username and password pair, which will be checked sequentially against up to six databases: a Kerberos database, the SCS local database (NVR), a RADIUS server, a SecurID server, or a UNIX password file (TFTP).
Page 358: Set/Define Authentication Kerberos
None parameter may be used to indicate that the database or file will not be used. If the SCS fails to authenticate the user using the primary database or server (due to network failure, server failure, missing or incorrect username/ password), the secondary database or server (discussed below) will be checked.
Page 359 A precedence number between 1 and 6. Principle A label that identifies the authentication service that the SCS requests from the Kerberos server. Must be used in conjunction with the string parameter. Instance A label that is used to distinguish among variations of the principle. Must be used in conjunction with the string parameter.
Page 360: Set/Define Authentication Local
⎨ ⎬ AUTHENTICATION LOCAL PRECEDENCE num ⎩ ⎭ DEFINE Specifies that an SCS database (saved in NVR or RAM) will be used for authentication. The precedence number is set to 1 by default. Restrictions Requires privileged user status. Parameters Precedence Sets the precedence in which this database or server is checked.
Page 361: Set/Define Authentication Radius
None parameter may be used to indicate that the database or file will not be used. If the SCS fails to authenticate the user using the primary database or server (due to network failure, server failure, missing or incorrect username/ password), the secondary database will be checked.
Page 362 An integer between 1 and 255, inclusive. For accounting, the SCS has to hold onto packets until they can be verified. If the Note: Maxtries and Timeout values are too large, you can overflow the SCS and it will begin to drop accounting packets.
Page 363: Set/Define Authentication Securid
Security Commands Accounting Specifies that RADIUS accounting information will be sent to a RADIUS accounting server. Accounting can be enabled even if the SCS does not use a RADIUS server for authentication. Primary Specifies the primary accounting server to which accounting information will be sent.
Page 364 Secondary If the SCS fails to authenticate the user using the primary database or server (due to network failure, server failure, missing or incorrect username/ password), the secondary database or server will be checked. A specific address may be set with the address parameter, or the None parameter may be used to indicate that the server will not be used.
Page 365: Set/Define Authentication Strictfail
Command Reference Security Commands PortNum An integer between 1 and 65535. Timeout Specifies the timeout period for a response from the SecurID server. Must be used in conjunction with the seconds parameter. seconds An integer between 1 and 255, inclusive. Defaults Encryption: DES Maxtries: 5...
Page 366: Set/Define Authentication Tftp
Secondary If the SCS fails to authenticate the user using the primary database or server (due to network failure, server failure, missing or incorrect username/ password), the secondary database or server will be checked. A specific address may be set with the address parameter, or the None parameter may be used to indicate that the server will not be used.
Page 367: Set/Define Authentication Unique
Command Reference Security Commands filename Specify a TFTP password file name of up to 32 characters. If spaces or lowercase characters are used, the filename must be enclosed in quotes. Examples Local>> SET AUTHENTICATION TFTP FILENAME radicchio See Also Define Site Authentication, page 12-132; UNIX Password File, page 11-19 12.10.12 Set/Define Authentication Unique ⎧...
Page 368 Command Reference Security Commands Parameters username A username of up to 16 characters. The name is converted to all uppercase unless it is enclosed in quotes. Password Configures a password for an authenticated user. The password is converted to all uppercase unless it is enclosed in quotes. Users who don’t have passwords configured for them will always be granted Note: access.
Page 369: Set/Define Dialback
Dialback lists include usernames and corresponding phone numbers. When a username entered matches one in the list, the port is logged out and the SCS sends the corresponding phone number to the serial port, at which time the port’s modem profile initiates the modem connection.
Page 370: Set/Define Filter
Command Reference Security Commands 12.10.15 Set/Define Filter ⎧ ⎫ CREATE ⎪ ⎪ ⎪ ⎪ DELETE ruleNum ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ⎪ ⎪ ⎧ ⎫ ⎨ ⎬ ⎨ ⎬ FILTER filtername AFTER ⎪ ⎪...
Page 371: Set/Define Filter Any
⎭ DEFINE Specifies that every packet will be allowed or denied passage through the SCS. Using the Any parameter along with either Allow or Deny will affect all packets regardless of any filter specifications that follow. Usually, an Any rule is placed at the end of a filter list to process data packets not specifically identified by the previous rules in the list.
Page 372: Set/Define Filter Generic
Command Reference Security Commands 12.10.17 Set/Define Filter Generic ⎧ ⎧ ⎫ ⎫ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ⎪ ⎪ ⎨ ⎬ ⎨ ⎨ ⎬ ⎬ FILTER filtername ... GENERIC OFFSET offset MASK mask value ⎩...
Page 373: Set/Define Filter Ip
Command Reference Security Commands 12.10.18 Set/Define Filter IP ⎧ ⎫ ⎪ ⎪ ⎧ ⎫ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎨ ⎬ IPGENERIC OFFSET offset MASK mask value ⎪...
Page 374 Command Reference Security Commands mask A hexadecimal or decimal number. The mask is applied to the data using the operator and the result is compared with the value. In the case of TOS, the operator EQ is implied. operator (EQ, GE, GT, LE, LT, NE) The available operators are: equal to (EQ), greater than or equal to (GE), greater than (GT), less than or equal to (LE), less than (LT), and not equal to (NE).
Page 375 Command Reference Security Commands Allows or denies TCP-based packets which match criteria specified by the subsequent parameters. Applications that use TCP include Telnet, FTP, and SMTP (Simple Mail Transfer Protocol). Allows or denies User Datagram Protocol (UDP) based packets which match criteria specified by subsequent parameters.
Page 376: Set/Define Ftp
Command Reference Security Commands 12.10.19 Set/Define FTP ⎧ ⎫ ⎧ ⎫ ENABLED ⎨ ⎬ ⎨ ⎬ PROTOCOL FTP ⎩ ⎭ ⎩ ⎭ DEFINE DISABLED Enables or disables the on-board FTP server. See Also Disabling the FTP and HTTP Servers, page 11-23 12.10.20 Set/Define HTTP ⎧...
Page 377 Command Reference Security Commands Controls error and event logging on the SCS. Events can be logged to a network host via TCP/IP or to a terminal connected to the SCS. The host must be configured to support logging. For a TCP/IP host, the host’s syslog facility must be configured;...
Page 378 Command Reference Security Commands Dialback Logs events associated with dialback functionality. Must be used with the num parameter or the None parameter. Level Information Dialback Problems Unauthorized Users Dialback Failures Dialback Successes Dialback Attempts Modem Chat Traces the activities of the IP router. Must be used with the num parameter or the None parameter.
Page 379 Command Reference Security Commands Logs events associated with PPP. Must be used with the num parameter or the None parameter. Level Information Local System Problems Remote System Problems Negotiation Failures Negotiation Data State Transitions Full Debugging Site Logs events associated with sites. Must be used with the num parameter or the None parameter.
Page 380: Set/Define Password
The user has three chances to enter the old password before he or she is logged Note: out of the SCS. Restrictions Does not require privileged user status. To prevent users from altering their own passwords, enter the Set/Define Authentication User Alter Disabled command.
Page 381: Set/Define Snmp
Command Reference Security Commands 12.10.24 Set/Define SNMP ⎧ ⎫ BOTH ⎧ ⎫ ⎪ ⎪ ⎨ ⎬ ⎨ ⎬ SNMP COMMUNITY community ACCESS NONE ⎩ ⎭ ⎪ ⎪ DEFINE ⎩ ⎭ READ Configures a community name and access mode for SNMP access. Each name has an access restriction associated with it;...
Page 382: Show/Monitor/List Dialback
Command Reference Security Commands 12.10.26 Show/Monitor/List Dialback ⎧ ⎫ SHOW ⎪ ⎪ ⎨ ⎬ DIALBACK MONITOR ⎪ ⎪ ⎩ ⎭ LIST Displays the currently configured dialback strings, as well as the number of connect attempts with that string the number of connect failures. Restrictions Requires privileged user status.
Page 383: Show/Monitor/List Logging
Command Reference Security Commands 12.10.28 Show/Monitor/List Logging ⎧ ⎫ SHOW ⎪ ⎪ ⎨ ⎬ LOGGING MEMORY MONITOR ⎪ ⎪ ⎩ ⎭ LIST Displays the current or saved event logging configuration. Restrictions You must be the privileged user to use the Monitor command. Secure users may not use this command.
Page 384: Navigation/Help Commands
Displays commands containing the specified keyword. If a command containing the keyword cannot be found, the SCS will display “nothing appropriate.” The SCS will not display all relevant commands. If there are any logout commands, such as Set Ports and Define Ports, only one will be shown (in this case, Set Ports).
Page 385: Cls
Ports Specifies a particular port as recipient of the message. Must be used with the PortNum parameter. PortNum A particular SCS port. username A particular user as recipient of this message. message One word, or several words, in quotes. The message will be sent exactly as typed if enclosed in quotes, or in uppercase if not.
Page 386: Disk
ATA flash card. The SCS contains two modifiable directories—/ram and /flash—and one read-only directory—/rom. For SCS models with one PC card slot, an ATA card can be accessed as /pccard1; for models with two slots, the card in the top slot can be accessed as /pccard1 and the card in the bottom slot as /pccard2.
Page 387 To move a file, specify the filename as file1 and the destination directory as file2. Displays the blocks of free space on the SCS disks. When you add the -i switch, the display includes in the display the number of inodes used versus the number still available.
Page 388 Command Reference Navigation/Help Commands /PCCard1 Formats an ATA flash card for use in an SCS PC card slot. An unformatted card can not be used by the SCS. name Names the specified disk Fsck Checks the SCS filesystem and corrects any problems.
Page 389 Sync Forces the SCS to write files on all disks (including any PC card disks) immediately. Normally, when the SCS is rewriting files to disk, it will buffer data before initiating a write sequence. Write sequences are automatically written after 5 seconds of disk inactivity.
Page 390: Finger
The “at” character, followed by a hostname. Finger Displays a list of current processes. Examples Local> FINGER BOB (shows user bob on SCS) Local> FINGER @HYDRA (shows users on host hydra) Local> FINGER bob@hydra (shows user bob on hydra) See Also Show/Monitor Users, page 12-131 12.11.7 Forwards...
Page 391: Help
12.11.8 Help HELP command parameter Accesses the SCS Help system. Using the Help command without any parameters displays all available commands. Specifying a command gives information about that command a list of its parameters. Specifying a parameter gives information about the parameter, including any sub-parameters it may have.
Page 392: Ping
Command Reference Navigation/Help Commands 12.11.11 Ping PING hostname num Sends a TCP/IP request for an echo packet to another network host. This provides an easy way to test network connections to other TCP/IP hosts. In general, any host that supports TCP/IP will respond to the request if it is able, regardless of login restrictions, job load, or operating system.
Page 393: Save
Command Reference Navigation/Help Commands 12.11.13 Save ⎧ ⎫ ⎪ ⎪ AUTHENTICATION ⎪ ⎪ FILTER filtername ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ IP ROUTER ⎪ ⎪ SECURITY ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ PORT PortList ⎪ ⎪ ⎨ ⎬ SAVE ⎪ ⎪...
Page 394: Show/Monitor Queue
You must be the privileged user to use the Monitor command. Parameters Port Displays information for all queue entries that can be served by the specified port. Must be used in conjunction with the PortNum parameter. PortNum Specifies a particular SCS port. 12-190...
Page 395: Show Version
Specifies a service name of up to 16 characters. Examples Local> SHOW QUEUE Port 6 Local> MONITOR QUEUE SERVICE lab5 12.11.15 Show Version SHOW VERSION Displays the current version of the SCS software. See Also Reloading Operational Software, page 2-6 12-191...
Page 396: Zero Counters
Command Reference Navigation/Help Commands 12.11.16 Zero Counters ZERO COUNTERS ETHERNET PORTPortNum This command is used to reset the counters for errors and other network and server events. Restrictions You must be the privileged user to zero some other port (or All). Parameters Zeroes all Ethernet, TCP/IP, SLIP, and serial port counters.
Page 397: A: Environment Strings
A: Environment Strings A.1 Usage An environment string is a sequence of key letters, sometimes prefixed by a plus (+) or minus (-). Environment strings can be used with certain commands to configure connections. The keys are added after the hostname (if one is given) and a colon. Key letters are not case-sensitive, and no white space is allowed in the environment string.
Page 398 Environment Strings Usage Examples A.2.1.1 nnnn Sets a socket number. For SSH and TCP connections only. The most common socket numbers are 20xx (for Telnet IAC interpretation), 30xx (for raw TCP/IP), and 22xx (for SSH connections), where xx is the number of the desired serial port.
Page 399: B: Show 802.11 Errors
Access Point loses power in the middle of sending a fragmented packet to the SCS. If you entered the Show 80211 command, you might see a screen resembling the following: Figure B-1: Example of Error Bits Local>>...
Page 400 Show 802.11 Errors Leftmost Number 10000000 Internal error. 08000000 Fragment reassembly timed out. Failed to receive all the fragments of a fragmented 802.11 packet before the reassembly window expired. Dropped some correctly received fragments. 04000000 Received an 802.11 packet with invalid subtype code. 02000000 Received an 802.11 packet with invalid type code.
Page 401: Rightmost Number
Show 802.11 Errors Rightmost Number 00000100 Authentication with the AP failed because the WEP key the unit is using is not the same as the key the AP is using. 00000080 Authentication with the AP failed because either the unit or the AP sent an incorrect authentication packet.
Page 402 Show 802.11 Errors Rightmost Number 00100000 Unassigned. 00080000 Unassigned. 00040000 Unassigned. 00020000 Internal error. May occur on some cards in conjunction with other described error codes. 00010000 The 802.11 card in use is not compatible with the regulatory region to which the unit has been programmed.
Page 403 Show 802.11 Errors Rightmost Number 00000002 Internal error. 00000001 Internal error.
Page 404: C: Snmp Support
The SCS has a local SNMP security table to restrict or prevent unauthorized SNMP configuration. The SCS will also generate limited forms of 3 of the SNMP traps. Traps are sent to a host when an abnormal event occurs on the SCS.
Page 405 All parameter to clear the entire table. Show/Monitor/List SNMP commands require privileged access to prevent unauthorized users from seeing the allowed community names. The SCS sends an error message when it receives SNMP queries or Set requests that are not permitted for the current user.
Page 406: D: Supported Radius Attributes
D: Supported RADIUS Attributes This appendix lists and explains the RADIUS attributes currently supported by the SCS. The SCS transmits these attributes whenever they are appropriate for the given connection. sers cannot directly specify which attributes the SCS will transmit—this is negotiated for each connection based on the connection type and requirements.
Page 407: Access-Accept
The user is disconnected and called back, then begins a PPP/SLIP connection. Prompt The user is provided with a command line prompt on the SCS from which it is possible to enter privileged commands. See RADIUS on page 11-14 for the differences between the login and prompt Note: service types and how they are handled by the SCS.
Page 408 255.255.255.254 (0xFFFFFFFE) assigns the user an address from the SCS IP address pool If an IP address pool is defined for the SCS and the incoming user asks for an address, one will be assigned from the pool. If the user asks for a specific address, the user will be given the address, provided it is available.
Page 409: Accounting Attributes
Supported RADIUS Attributes Accounting Attributes If Login-Service is Rlogin and the Login-IP-Host value is not set, the SCS makes an Rlogin connection to the preferred Telnet host. D.2 Accounting Attributes For all Accounting packets, the SCS transmits Acct-Status-Type (On, Off, Start, or Stop) and the SCS’s NAS-Identifier.
Page 410: Examples
If authenticated by the latter, the user will automatically be forced to execute the command Set PPP sitename; Logout where sitename is the name of the site dynamically created by the SCS for this user. All settings in the default site other than the IP address will apply for this user.
Page 411: Forcing A Telnet Connection To Preferred Host
Remember that if a user connects via PPP and is authenticated by the RADIUS server with Service-Type set to Login or Prompt, the SCS RADIUS client code will reject the user because a user cannot be made to fall out of PPP mode into local (character) mode.
Page 412: Index
Index Numerics Local 12-156 Multiple-user (example) 11-29 802.11 2-11 2-15 12-24 – Outgoing connections 4-19 11-4 11-30 Antenna 12-24 12-25 RADIUS 11-14 12-157 Channel 2-15 12-26 RSA 6-12 6-13 Errors B-1 SecurID 11-17 12-159 ESSID 12-27 Shared key 6-12 Extended Service Set ID 2-14 Sites 4-17 12-132 Fragmentation 12-28...
Page 413 Index BOOTP 12-115 Abbreviation 2-4 Subnet masks 6-5 Execution upon login 11-21 11-28 Break key 8-5 12-62 Forced 11-10 Broadcast 2-5 12-180 Help 12-180 Enabling 12-63 12-64 12-116 IP 12-18 Limiting 8-12 Keywords 2-4 Buffering 3-2 Navigation 12-180 Port 12-52 Privileged 11-19 Caller-ID 9-12 12-5...
Page 414 Precedence setting 11-9 DTE 9-1 Purging user 11-11 DTR 8-22 RADIUS 11-14 12-157 DTRWait 12-71 SecurID 11-17 12-159 Dyanmic print 12-55 12-112 Databases Search order 11-28 Email notification 3-3 Datasend 8-14 12-66 Enable string 9-10 Date Environment strings A-1 –?? Setting 2-10 Error correction 5-9 12-10...
Page 415 Index FTP 2-18 Interface 6-23 Disabling FTP server 6-17 12-114 Interfaces 12-37 Loadhost 12-39 Nameserver 12-39 12-40 12-41 Gateways.See Routers Packet traffic 11-24 Packets 6-19 Hardcopy 8-14 RIP metric 4-10 Header compression 5-9 Security 6-17 Help 12-187 Security table 6-18 Commands 12-180 Settings 12-49 Holddown 5-7...
Page 416 Loss notification 8-13 12-75 Kerberos 11-11 12-154 Authenticator 11-12 Mac address 2-14 Configuring 11-12 MAC address, 802.11 12-28 Instance 11-12 Markers 5-4 KVNO 11-12 Measurement period 5-7 Principle 11-12 Menu mode 12-76 12-112 Realm 11-12 Commands 3-4 KVNO 11-12 Configuration files 3-5 Configuring 3-4 Displaying 12-129 LAN to LAN 4-2...
Page 417 Name server 6-7 MTU 7-1 Backup 6-7 Restricting traffic 5-2 Specifying 12-122 RIP 4-10 Naming Routing 6-19 Ports 12-77 Sizes 7-1 SCS 2-9 12-121 Padding 8-14 PAP 4-13 4-15 11-3 11-5 ISP Site Connections 4-6 Configuring 7-2 Set/Define IP 12-40...
Page 418 Login 2-7 Buffering 3-2 Privileged 2-8 Character size 12-64 Passwords 2-7 Commands 8-1 12-52 Limiting attempts 12-122 Configuration 8-13 Local 4-14 11-2 11-3 Dedicated 4-13 12-68 Local database 12-176 Dedicating 4-13 Login 4-15 6-10 8-10 11-1 12-78 Default settings 8-15 12-119 12-121 Dialback 12-70...
Page 419 Index Username 8-13 12-91 Privileged user 11-19 Verification 8-7 12-92 Profile Virtual 8-22 8-23 11-1 Modems 4-18 Zero 6-18 8-22 8-23 11-1 Profile settings 9-5 Power Profiles 9-2 802.11 12-30 12-31 Editing 9-3 PPP 4-11 8-19 11-2 12-53 12-55 Prompts Authentication 7-2 Altprompt 12-115 Automatic detection 7-4...
Page 420 Reset string 9-9 12-13 Restrictions Save 12-189 Connection times 5-16 Save string 9-8 Filters 11-30 Secure users 8-12 12-85 User 11-19 SecurID 11-17 12-159 Return characters, Padding 8-14 Configuring 11-18 Ring string 12-14 PAP 11-17 RIP 4-9 4-10 6-22 Passcodes 11-17 Disabling 4-10 Precedence 11-18 Enabling 12-140...
Page 421 Index RARP 12-125 Site Retransmit limit 12-125 Dial Back on Hangup 12-138 Rlogin 12-125 Sites 4-2 4-12 4-17 4-18 Secure setting 11-22 12-119 Authentication 4-17 12-132 Session limit 12-126 Bandwidth 5-8 12-134 Silentboot 12-126 Character mode 5-15 Software file 12-126 Chat scripts 5-3 12-136 Startup file 12-127...
Page 422 Incoming connection 4-13 Length 6-6 IP address 6-4 Setting 6-5 Local prompt 4-12 Switch Mode 8-3 Backward 12-61 Ougoing 11-5 Forward 12-73 Sites 12-145 Local 8-5 12-74 SLIPDetect 4-15 12-88 Synchronous leased lines 5-13 Starting 4-11 12-96 Static routing 5-15 Tables Without modems 5-15 ARP 6-3...
Page 423 Index Setting 2-10 12-128 Troubleshooting Authentication 11-33 Modems 9-13 Monitoring network activity 4-20 TXDrive 8-17 Type Device 8-14 Terminal 8-14 UDP 12-46 Unix commands 12-182 UNIX password file 11-19 Unlock 11-21 Username/password pair 11-2 11-10 Users Privileged 11-19 12-92 Restrictions 11-19 Secure 12-85 v.32 9-2 v.32bis 9-2...
Page 424 Index-13...

Lantronix SCS Reference Manual

1 : Introduction

2 : Getting Started

3 : Console Server Features

4 : Basic Remote Networking

5 : Additional Remote Networking

6 : Ip

7 : Ppp

8 : Ports

9 : Modems

10 : Modem Sharing

11 : Security

Quick Links

Troubleshooting

Related Manuals for Lantronix SCS

Summary of Contents for Lantronix SCS