SLC 8000 User Guide

View All Related Products | Download PDF Datasheet
LANTQONI
Part Number 900-704-R
Revision P April 2019
SLC™ 8000
Advanced Console Manager
User Guide
ga1en1s.lamronix.com For de‘ails on me Lamronix warramy policy mtg://www.Iamronix.com/suppon/warranu www.|antronix.com/suggor\ For a current Iis‘ of our domestic a www.Iamronix.oom/abou1/con1ac1
SLC™ 8000 Advanced Console Manager User Guide 2
Intellectual Property
© 2019 Lantronix, Inc. All rights reserved. No part of the contents of this publication may be
transmitted or reproduced in any form or by any means without the written permission of Lantronix.
Lantronix and Lantronix Spider are registered trademarks of Lantronix, Inc. in the United States
and other countries. SLC and vSLM are trademarks of Lantronix, Inc.
Patented: patents.lantronix.com; additional patents pending.
Windows and Internet Explorer are registered trademarks of Microsoft Corporation. Firefox is a
registered trademark of the Mozilla Foundation. Chrome is a trademark of Google Inc. All other
trademarks and trade names are the property of their respective holders.
Warranty
For details on the Lantronix warranty policy, please go to our web site at
http://www.lantronix.com/support/warranty.
Contacts
Lantronix Corporate Headquarters
7535 Irvine Center Drive
Suite100
Irvine, CA 92618, USA
Toll Free: 800-526-8766
Phone: 949-453-3990
Fax: 949-453-3995
Technical Support
Online: www.lantronix.com/support
Sales Offices
For a current list of our domestic and international sales offices, go to the Lantronix web site at
www.lantronix.com/about/contact.
GNU General Public License Notice
This product includes open source software, including software subject to the GNU General Public
Licenses (“GPL”). Lantronix will provide a CD-ROM containing the source files subject to the GPL
upon request by mail. To request a CD containing the source files, send a check payable to
“Lantronix, Inc.” for US $50.00 (per product) to the address below. This nominal charge covers
Lantronix’ costs for duplication, media, and postage. Your request should identify the Lantronix
product for which source code is desired, and the check must indicate “Open Source CD
Request”. Please allow 6-8 weeks for the CD to be shipped. For GPL source code requests or
inquiries please contact write to Lantronix, Inc., Attn: Open Source Request, 7535 Irvine Center
Drive, Irvine, CA 92618 USA. Any GPL Code made available is for informational purposes only
and distributed “As is" with no support and/or warranty of any kind intended, implied, or provided.
SLC™ 8000 Advanced Console Manager User Guide 3
Disclaimer & Revisions
All information contained herein is provided “AS IS.Lantronix undertakes no obligation to update
the information in this publication. Lantronix does not make, and specifically disclaims, all
warranties of any kind (express, implied or otherwise) regarding title, non-infringement, fitness,
quality, accuracy, completeness, usefulness, suitability or performance of the information provided
herein. Lantronix shall have no liability whatsoever to any user for any damages, losses and
causes of action (whether in contract or in tort or otherwise) in connection with the user’s access or
usage of any of the information or content contained herein. The information and specifications
contained in this document are subject to change without notice.
Operation of this equipment in a residential area is likely to cause interference, in which case the
user, at his or her own expense, will be required to take whatever measures may be required to
correct the interference.
Note: This equipment has been tested and found to comply with the limits for Class A digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with this user guide, may cause interference to radio
communications. Operation of this equipment in a residential area is likely to cause interference, in
which case the user will be required to correct the interference at his own expense.
User Information
Class A Equipment (Broadcasting and communication equipments for office work)
Seller and user shall be noticed that this equipment is suitable for electromagnetic equipments for
office work (Class A) and it can be used outside home.
Changes or modifications made to this device that are not explicitly approved by Lantronix will void
the user's authority to operate this device.
사용자안내문
기 종 별 사 용 자 안 내 문
A 급 기기
( 업무용방송통신기자재 )
이 기기는 업무용 (A 급 ) 전자파적합기기로서
판매자 또는 사용자는 이 점을 주의하시기
바라며 , 가정외의 지역에서 사용하는 것을
목적으로 합니다 .
声明
此为 A 级产品,在生活环境中,该产品可能会造成无线电干扰。在这种情况下,
可能需要用户对其干扰采取切实可行的措施。
SLC™ 8000 Advanced Console Manager User Guide 4
Revision History
Date Rev. Comments
March 2014 A Preliminary release.
October 2014 B Initial document for firmware release 7.1.0.0.
June 2015 C Updated for firmware release 7.2.0.0.
Changes include new operating atmosphere information and warning language in
Chinese and Korean. Software changes include additions in Telnet, SSH and TCP
timeout directions, number of sessions message, idle timeout message, VBUS
enabling, assert DTR, run web server, added mounted column information for
NFS Mounts, masked CHAP secret and DOD CHAP secret fields, USB devices in
diagnostics and addition of SSH bit option. SSL settings were removed so the
SSLv2 protocol option is no longer available.
June 2016 D Updated for firmware release 7.3.0.0.
January 2017 E Updated power cord information.
June 2017 F Updated for firmware release 7.4.0.0 and for new dual SFP transceiver port or
dual Ethernet port capability options. Updated the following:
IPv6 Neighbor Table, Ethernet Bonding Status links, and IPv6 Forward Flag
under Network Settings.
IKE v2, x.509 Certificate, Certificate Authority/Certificate File for Remote Peer,
Certificate Authority/Certificate File/Key File for Local Peer, SA Lifetime,
Remote and Dead Peer settings under Network VPN.
Enable v1/v2c, Trap Version, Alarm Delay to SNMP, and Trap User Name,
Password and Passphrase under SNMP Services.
Added ability change and reset BootCount, BootDelay and BootLimit.
September 2017 G Updated part number.
February 2018 H Updated for firmware release 7.5.0.0.
March 2018 J Updated to include additional SLC hardware and new trap information for firmware
release 7.5.0.0.
June 2018 K Updated for firmware release 7.6.0.1R6.
August 2018 L Updated fail-over gateway details for Network Settings for firmware release
7.6.0.1.
January 2019 M Updated for firmware release 7.7.0.0.
Software changes include hostname resolution in local hosts table, extended
device port timers range, new user notifications when connecting to a device port,
support for iPerf3, support for dual channel USB devices, auto enable DTR on
device ports, Xmodem support, device port baud rate can be set while connected
to a device port, openSSH and openSSL upgraded, SNMP v3 SHA2 support,
expanded support for HSPA+ gateway integration.
March 2019 N Updated for firmware release 7.8.0.0.
Added support for custom Expect scripts that can be connected to the SLC CLI or
a device port.
April 2019 P Updated for firmware release 7.9.0.0.
Added support for custom Python and Tcl scripts.
SLC™ 8000 Advanced Console Manager User Guide 5
Table of Contents
Intellectual Property ________________________________________________________2
Warranty _________________________________________________________________2
Contacts _________________________________________________________________2
GNU General Public License Notice ____________________________________________2
Disclaimer & Revisions ______________________________________________________3
Revision History ___________________________________________________________4
Table of Contents __________________________________________________________5
List of Figures ____________________________________________________________15
List of Tables ____________________________________________________________19
1: About this Guide 20
Purpose and Audience _____________________________________________________20
Summary of Chapters ______________________________________________________20
Additional Documentation ___________________________________________________21
2: Introduction 22
Features ________________________________________________________________22
Console Management __________________________________________________22
Power _______________________________________________________________23
Integration with Other Secure Lantronix Products _____________________________23
Hardware ________________________________________________________________23
System Features __________________________________________________________25
Protocols Supported ____________________________________________________26
Access Control ________________________________________________________26
Device Port Buffer _____________________________________________________26
Configuration Options ___________________________________________________26
Device Port and Console Port Interfaces ____________________________________27
Network Connections ___________________________________________________30
Front Panel USB Ports __________________________________________________31
Memory Card Port _____________________________________________________31
Internal Modem ________________________________________________________32
3: Installation 33
What's in the Box _________________________________________________________33
Customize an SLC 8000 _________________________________________________34
Product Label _________________________________________________________35
Technical Specifications ____________________________________________________35
Physical Installation ________________________________________________________37
Connecting to a Device Port ______________________________________________37
SLC™ 8000 Advanced Console Manager User Guide 6
Modular Expansion for I/O Module Bays ____________________________________39
Connecting to Network Ports _____________________________________________40
Connecting Terminals ___________________________________________________40
AC Input _____________________________________________________________41
Modem Installation _____________________________________________________42
Battery Replacement ___________________________________________________45
4: Quick Setup 49
Recommendations ________________________________________________________49
IP Address _______________________________________________________________49
Method #1 Using the Front Panel Display _______________________________________50
Front Panel LCD Display and Keypads _____________________________________50
Navigating ____________________________________________________________50
Entering the Settings ___________________________________________________52
Restoring Factory Defaults _______________________________________________53
Limiting Sysadmin User Access ___________________________________________53
Method #2 Quick Setup on the Web Page ______________________________________54
Network Settings ______________________________________________________55
Date & Time Settings ___________________________________________________56
Administrator Settings __________________________________________________56
Method #3 Quick Setup on the Command Line Interface ___________________________57
Next Step _______________________________________________________________60
5: Web and Command Line Interfaces 61
Web Manager ____________________________________________________________61
Logging in ____________________________________________________________63
Logging Out __________________________________________________________63
Web Page Help _______________________________________________________64
Command Line Interface ____________________________________________________64
Logging In ____________________________________________________________64
Logging Out __________________________________________________________64
Command Syntax ______________________________________________________65
Command Line Help ____________________________________________________65
Tips _________________________________________________________________65
6: Basic Parameters 68
Requirements ____________________________________________________________68
Network Port Settings ______________________________________________________69
Ethernet Interfaces (Eth1 and Eth2) ________________________________________72
Hostname & Name Servers ______________________________________________74
DNS Servers __________________________________________________________74
DHCP-Acquired DNS Servers ____________________________________________74
SLC™ 8000 Advanced Console Manager User Guide 7
TCP Keepalive Parameters ______________________________________________74
Gateway _____________________________________________________________75
Fail-Over Settings ______________________________________________________75
Fail-Over Cellular Gateway Configuration ___________________________________76
Advanced Cellular Gateway Configuration ___________________________________77
Fail-Over Cellular Gateway Firmware _______________________________________77
Load Cellular Gateway Firmware Options ___________________________________78
Ethernet Counters _____________________________________________________78
Network Commands ____________________________________________________78
IP Filter _________________________________________________________________78
Viewing IP Filters ______________________________________________________79
Mapping Rulesets ______________________________________________________79
Enabling IP Filters _____________________________________________________79
Configuring IP Filters ___________________________________________________81
Rule Parameters _______________________________________________________82
Updating an IP Filter ____________________________________________________82
Deleting an IP Filter ____________________________________________________83
IP Filter Commands ____________________________________________________83
Routing _________________________________________________________________83
Dynamic Routing ______________________________________________________84
Static Routing _________________________________________________________84
Routing Commands ____________________________________________________84
VPN ____________________________________________________________________84
VPN Commands _______________________________________________________89
Security _________________________________________________________________90
Performance Monitoring ____________________________________________________92
Performance Monitoring - Add/Edit Probe ___________________________________95
Performance Monitoring - Results _________________________________________97
Performance Monitoring Commands ______________________________________101
FQDN List ______________________________________________________________101
7: Services 103
System Logging and Other Services __________________________________________103
SSH/Telnet/Logging ______________________________________________________104
System Logging ______________________________________________________105
Audit Log ___________________________________________________________105
SMTP ______________________________________________________________105
SSH _______________________________________________________________106
Telnet ______________________________________________________________106
Web SSH/Web Telnet Settings __________________________________________107
Phone Home _________________________________________________________107
SSH Commands ______________________________________________________107
Logging Commands ___________________________________________________107
SLC™ 8000 Advanced Console Manager User Guide 8
SNMP _________________________________________________________________107
v1/v2c Communities ___________________________________________________110
Version 3 ___________________________________________________________110
V3 User Read-Only ___________________________________________________110
V3 User Read-Write ___________________________________________________111
V3 User Trap ________________________________________________________111
Services Commands __________________________________________________111
NFS and SMB/CIFS ______________________________________________________111
SMB/CIFS Share _____________________________________________________113
NFS and SMB/CIFS Commands _________________________________________113
Secure Lantronix Network __________________________________________________114
Browser Issues _______________________________________________________117
Troubleshooting Browser Issues _____________________________________________118
Web SSH/Telnet Copy and Paste ________________________________________119
Secure Lantronix Network Commands _____________________________________120
Date and Time ___________________________________________________________120
Date and Time Commands ______________________________________________122
Web Server _____________________________________________________________122
Admin Web Commands ________________________________________________124
Services - SSL Certificate _______________________________________________124
Services - Web Sessions _______________________________________________127
ConsoleFlow ____________________________________________________________127
ConsoleFlow Commands _______________________________________________131
8: USB/SD Card Port 132
Set Up of USB/SD Card Storage ____________________________________________132
Data Settings ________________________________________________________136
Modem Settings ______________________________________________________136
Text Mode ___________________________________________________________137
PPP Mode __________________________________________________________138
IP Settings __________________________________________________________139
Manage Files ____________________________________________________________139
USB Commands ______________________________________________________140
SD Card Commands __________________________________________________140
9: Device Ports 141
Connection Methods ______________________________________________________141
Permissions _____________________________________________________________141
I/O Modules _____________________________________________________________142
Device Status ___________________________________________________________143
Device Ports ____________________________________________________________144
Telnet/SSH/TCP in Port Numbers ________________________________________145
DevicePort Global Commands ___________________________________________145
SLC™ 8000 Advanced Console Manager User Guide 9
Device Ports - Settings ____________________________________________________146
Device Port Settings ___________________________________________________148
IP Settings __________________________________________________________150
Data Settings ________________________________________________________151
Hardware Signal Triggers _______________________________________________152
Modem Settings (Device Ports) __________________________________________153
Modem Settings: Text Mode _____________________________________________154
Modem Settings: PPP Mode ____________________________________________155
Port Status and Counters _______________________________________________156
Device Ports - Power Management _______________________________________156
Device Ports - RPMs - Add Device ________________________________________159
Device Port - Sensorsoft Device __________________________________________161
Device Port Commands ________________________________________________162
Device Commands ____________________________________________________162
Interacting with a Device Port _______________________________________________162
Device Ports - Logging and Events ___________________________________________163
Local Logging ________________________________________________________163
NFS File Logging _____________________________________________________163
USB and SD Card Logging ______________________________________________164
Token/Data Detection __________________________________________________164
Syslog Logging _______________________________________________________164
Token & Data Detection ________________________________________________165
Local Logging ________________________________________________________167
Log Viewing Attributes _________________________________________________167
NFS File Logging _____________________________________________________167
USB / SD Card Logging ________________________________________________167
Syslog Logging _______________________________________________________167
Logging Commands ___________________________________________________168
Console Port ____________________________________________________________168
Console Port Commands _______________________________________________169
Internal Modem Settings ___________________________________________________169
Setting Up Internal Modem Storage _______________________________________169
Internal Modem Commands _____________________________________________173
Xmodem _______________________________________________________________173
Host Lists ______________________________________________________________176
Host Parameters ______________________________________________________177
Host Parameters ______________________________________________________178
Host List Commands __________________________________________________179
Scripts _________________________________________________________________179
Scripts ______________________________________________________________181
Script Commands _____________________________________________________186
Batch Script Syntax ___________________________________________________186
Interface Script Syntax _________________________________________________186
SLC™ 8000 Advanced Console Manager User Guide 10
Primary Commands ___________________________________________________187
Secondary Commands _________________________________________________189
Control Flow Commands _______________________________________________190
Custom Script Syntax __________________________________________________191
Example Scripts ______________________________________________________192
Sites __________________________________________________________________208
Site Commands ______________________________________________________211
Modem Dialing States _____________________________________________________211
Dial In ______________________________________________________________211
Dial-back ____________________________________________________________212
Dial-on-demand ______________________________________________________213
Dial-in & Dial-on-demand _______________________________________________213
Dial-back & Dial-on-demand _____________________________________________214
CBCP Server and CBCP Client __________________________________________215
CBCP Server ________________________________________________________215
CBCP Client _________________________________________________________215
Key Sequences ______________________________________________________216
10: Remote Power Managers 217
Devices - RPMs _________________________________________________________217
RPMs - Add Device ___________________________________________________220
RPMs - Manage Device ___________________________________________________223
RPMs - Outlets __________________________________________________________226
RPM Shutdown Procedure _________________________________________________227
Optimizing and Troubleshooting RPM Behavior _________________________________229
RPM Commands _____________________________________________________230
11: Connections 231
Typical Setup Scenarios for the SLC Unit ______________________________________231
Terminal Server ______________________________________________________231
Remote Access Server _________________________________________________232
Reverse Terminal Server _______________________________________________232
Multiport Device Server ________________________________________________233
Console Server _______________________________________________________233
Connection Configuration _______________________________________________234
Connection Commands ________________________________________________236
12: User Authentication 237
Authentication Commands ______________________________________________239
User Rights _____________________________________________________________239
Local and Remote User Settings ____________________________________________241
Adding, Editing or Deleting a User ________________________________________242
SLC™ 8000 Advanced Console Manager User Guide 11
Shortcut ____________________________________________________________246
Local Users Commands ________________________________________________246
Remote User Rights Commands _________________________________________246
NIS ___________________________________________________________________247
NIS Commands ______________________________________________________250
LDAP __________________________________________________________________250
LDAP Commands _____________________________________________________254
RADIUS ________________________________________________________________255
RADIUS Commands ___________________________________________________258
User Attributes & Permissions from LDAP Schema or RADIUS VSA _____________258
Kerberos _______________________________________________________________259
Kerberos Commands __________________________________________________262
TACACS+ ______________________________________________________________262
TACACS+ Groups ____________________________________________________263
TACACS+ Commands _________________________________________________266
Groups ________________________________________________________________267
Group Commands ____________________________________________________270
SSH Keys ______________________________________________________________270
Imported Keys _______________________________________________________270
Exported Keys _______________________________________________________270
Imported Keys (SSH In) ________________________________________________272
Host & Login for Import _________________________________________________272
Exported Keys (SSH Out) _______________________________________________272
Host and Login for Export _______________________________________________273
SSH Commands ______________________________________________________275
Custom Menus __________________________________________________________275
Custom User Menu Commands __________________________________________278
13: Maintenance 279
Firmware & Configurations _________________________________________________279
Zero Touch Provisioning Configuration Restore ______________________________279
HTTPS Push Configuration Restore _______________________________________280
Internal Temperature __________________________________________________282
Site Information ______________________________________________________282
SLC Firmware ________________________________________________________282
Boot Banks and Bootloader Settings ______________________________________283
Load Firmware Via Options _____________________________________________284
Configuration Management _____________________________________________284
Manage Files ________________________________________________________286
Administrative Commands ______________________________________________286
System Logs _________________________________________________________287
System Log Commands ________________________________________________288
Audit Log _______________________________________________________________289
SLC™ 8000 Advanced Console Manager User Guide 12
Audit Log Commands __________________________________________________290
Email Log ______________________________________________________________290
Logging Commands ___________________________________________________290
Diagnostics _____________________________________________________________291
Diagnostic Commands _________________________________________________294
Status/Reports __________________________________________________________294
View Report _________________________________________________________294
Status Commands ____________________________________________________296
Emailing Logs and Reports _________________________________________________296
Events _________________________________________________________________299
Events Commands ____________________________________________________300
LCD/Keypad ____________________________________________________________301
Administrative LCD/Keypad Commands ___________________________________302
Banners ________________________________________________________________302
Administrative Banner Commands ________________________________________303
14: Application Examples 304
Telnet/SSH to a Remote Device _____________________________________________304
Dial-in (Text Mode) to a Remote Device _______________________________________306
Local Serial Connection to Network Device via Telnet ____________________________307
15: Command Reference 309
Introduction to Commands _________________________________________________309
Command ___________________________________________________________309
Command Line Help ___________________________________________________310
Tips ________________________________________________________________310
Administrative Commands _________________________________________________311
Audit Log Commands _____________________________________________________325
Authentication Commands _________________________________________________325
Kerberos Commands _____________________________________________________326
LDAP Commands ________________________________________________________327
Local Users Commands ___________________________________________________329
NIS Commands __________________________________________________________333
RADIUS Commands ______________________________________________________334
TACACS+ Commands ____________________________________________________335
User Permissions Commands _______________________________________________336
Remote User Commands __________________________________________________337
ConsoleFlow Commands __________________________________________________339
CLI Commands __________________________________________________________342
Connection Commands ____________________________________________________343
Console Port Commands __________________________________________________346
Custom User Menu Commands _____________________________________________347
Date and Time Commands _________________________________________________349
SLC™ 8000 Advanced Console Manager User Guide 13
Device Commands _______________________________________________________350
Device Port Commands ___________________________________________________351
Diagnostic Commands ____________________________________________________355
Events Commands _______________________________________________________360
Group Commands ________________________________________________________361
Host List Commands ______________________________________________________362
Internal Modem Commands ________________________________________________363
IP Filter Commands ______________________________________________________364
Logging Commands ______________________________________________________365
Network Commands ______________________________________________________368
NFS and SMB/CIFS Commands _____________________________________________372
Performance Monitoring Commands _________________________________________373
Routing Commands ______________________________________________________378
RPM Commands _________________________________________________________378
Script Commands ________________________________________________________381
SD Card Commands ______________________________________________________383
Security Commands ______________________________________________________384
Services Commands ______________________________________________________384
Site Commands __________________________________________________________386
SLC Network Commands __________________________________________________386
SSH Key Commands _____________________________________________________387
Status Commands ________________________________________________________390
System Log Commands ___________________________________________________391
USB Access Commands ___________________________________________________392
USB Device Commands ___________________________________________________392
USB Storage Commands __________________________________________________393
USB Modem Commands __________________________________________________395
VPN Commands _________________________________________________________397
Temperature Commands __________________________________________________398
Xmodem Commands _____________________________________________________399
Appendix A: Security Considerations 401
Security Practice _________________________________________________________401
Factors Affecting Security __________________________________________________401
Appendix B: Safety Information 402
Safety Precautions _______________________________________________________402
Fuse Caution Statement ________________________________________________402
Cover ______________________________________________________________402
Power Plug __________________________________________________________402
Input Supply _________________________________________________________403
Grounding ___________________________________________________________403
Rack _______________________________________________________________403
SLC™ 8000 Advanced Console Manager User Guide 14
Port Connections _____________________________________________________403
Appendix C: Adapters and Pinouts 404
Appendix D: Protocol Glossary 407
Appendix E: Compliance Information 409
RoHS, REACH and WEEE Compliance Statement ______________________________410
SLC™ 8000 Advanced Console Manager User Guide 15
List of Figures
Figure 2-1 SLC 8048 Unit (Front Side) - Part Number SLC 804812N-01-S ____________________24
Figure 2-2 SLC 8048 Unit Samples (Back Side) - Part Number SLC80482201S________________25
Figure 2-3 Three 16-Port USB I/O Modules Installed in Bays 1, 2, & 3 with Dual Ethernet Port ____28
Figure 2-4 One 16-Port USB I/O Module Installed in Bay 1 with Dual Ethernet Port _____________28
Figure 2-5 One 16 RJ-45 Serial Port I/O Module Installed in
Bay1 & Two 15 USB I/O Module Installed Bays 2 & 3 with Dual SFP Port ________________________28
Figure 2-6 SFP Port LEDs _________________________________________________________29
Figure 2-8 Console Port (Front Side) _________________________________________________29
Figure 2-10 Dual Ethernet Network Connection _________________________________________30
Figure 2-11 Inserting SFP Transceiver Module into the SFP Port ___________________________30
Figure 2-12 Dual USB Ports ________________________________________________________31
Figure 2-13 Memory Card Port ______________________________________________________31
Figure 2-14 Internal Modem Location _________________________________________________32
Figure 3-3 Product Label___________________________________________________________35
Figure 3-7 Sample Device Port Connections (Back Side) _________________________________39
Figure 3-9 AC Power Input _________________________________________________________41
Figure 4-2 Front Panel LCD Display and Five Button Keypad (Enter, Up, Down, Left, Right) ______50
Figure 4-5 Quick Setup ____________________________________________________________54
Figure 4-6 Quick Setup Completed in Web Manager _____________________________________56
Figure 4-7 Home _________________________________________________________________57
Figure 4-8 Beginning of Quick Setup Script ____________________________________________57
Figure 4-9 Quick Setup Completed in CLI _____________________________________________59
Figure 5-1 Web Page Layout _______________________________________________________61
Figure 5-2 Sample Dashboards _____________________________________________________62
Figure 6-1 Network > Network Settings (1 of 2) _________________________________________70
Figure 6-2 Network > Network Settings (2 of 2) _________________________________________71
Figure 6-3 Network Settings > SFP NIC Information & Diagnostics __________________________72
Figure 6-4 Network > IP Filter ______________________________________________________79
Figure 6-5 Network > IP Filter Ruleset (Adding/Editing Rulesets) ___________________________81
Figure 6-6 Network > Routing _______________________________________________________83
Figure 6-7 Network > VPN (1 of 2) ___________________________________________________85
Figure 6-8 Network > VPN (2 of 2) ___________________________________________________86
Figure 6-9 Network > Security ______________________________________________________91
Figure 6-10 Network > Perf Monitoring ________________________________________________93
Figure 6-11 Performance Monitoring - Add/Edit Probe____________________________________95
SLC™ 8000 Advanced Console Manager User Guide 16
Figure 6-13 Performance Monitoring - Operations ______________________________________100
Figure 6-14 FQDN List ___________________________________________________________101
Figure 7-1 Services > SSH/Telnet/Logging____________________________________________104
Figure 7-2 Services > SNMP ______________________________________________________108
Figure 7-3 Services > NFS & SMB/CIFS _____________________________________________112
Figure 7-4 Services > Secure Lantronix Network _______________________________________114
Figure 7-5 IP Address Login Page __________________________________________________115
Figure 7-6 SSH and Telnet Opening File Popups_______________________________________115
Figure 7-7 SSH or Telnet CLI Session _______________________________________________116
Figure 7-8 Disabled Port Number Popup Window ______________________________________117
Figure 7-9 Services > Secure Lantronix Network > Search Options_________________________117
Figure 7-10 Services > Date & Time ________________________________________________121
Figure 7-11 Services > Web Server ________________________________________________123
Figure 7-12 SSL Certificate________________________________________________________125
Figure 7-13 Web Sessions ________________________________________________________127
Figure 7-14 Services > ConsoleFlow ________________________________________________129
Figure 8-1 Devices > USB / SD Card ________________________________________________133
Figure 8-2 Devices > SD Card > Configure ___________________________________________133
Figure 8-3 Devices > USB > Configure_______________________________________________134
Figure 8-4 Devices > USB > Modem ________________________________________________135
Figure 8-5 Firmware and Configurations - Manage Files _________________________________139
Figure 9-2 Devices > Device Status _________________________________________________143
Figure 9-3 Devices > Device Ports __________________________________________________144
Figure 9-4 Device Ports > Settings (1 of 2)____________________________________________147
Figure 9-5 Device Ports > Settings (2 of 2)____________________________________________148
Figure 9-7 Device Ports - Power Management_________________________________________158
Figure 9-8 Device Ports > RPMs - Add Device_________________________________________160
Figure 9-9 Devices > Device Ports > Sensorsoft _______________________________________161
Figure 9-10 Sensorsoft Status _____________________________________________________162
Figure 9-11 Devices > Device Ports - Logging & Events _________________________________165
Figure 9-12 Devices > Console Port _________________________________________________168
Figure 9-13 Devices > Internal Modem_______________________________________________170
Figure 9-14 Devices > Host Lists ___________________________________________________176
Figure 9-15 View Host Lists _______________________________________________________178
Figure 9-16 Devices > Scripts______________________________________________________180
Figure 9-17 Adding or Editing New Scripts ____________________________________________181
Figure 9-18 Custom Scripts - Scheduler______________________________________________184
Figure 9-23 Devices > Sites _______________________________________________________209
SLC™ 8000 Advanced Console Manager User Guide 17
Figure 10-1 Devices > RPMs ______________________________________________________217
Figure 10-2 RPM Shutdown Order __________________________________________________218
Figure 10-3 RPM Notifications _____________________________________________________219
Figure 10-4 RPM Raw Data Log____________________________________________________219
Figure 10-5 RPM Logs ___________________________________________________________220
Figure 10-6 RPM Environmental Log ________________________________________________220
Figure 10-7 Device Ports > RPMs - Add Device________________________________________221
Figure 10-8 RPMs - Managed Device________________________________________________224
Figure 10-9 RPMs - Outlets _______________________________________________________227
Figure 11-1 Terminal Server _______________________________________________________232
Figure 11-2 Remote Access Server _________________________________________________232
Figure 11-3 Reverse Terminal Server________________________________________________232
Figure 11-4 Multiport Device Server _________________________________________________233
Figure 11-5 Console Server _______________________________________________________233
Figure 11-6 Devices > Connections _________________________________________________234
Figure 11-7 Current Connections ___________________________________________________236
Figure 12-1 User Authentication > Authentication Methods _______________________________238
Figure 12-3 User Authentication > Local/Remote Users__________________________________241
Figure 12-4 User Authentication > Local/Remote User > Add/Edit User _____________________243
Figure 12-5 User Authentication > NIS _______________________________________________247
Figure 12-6 User Authentication > LDAP _____________________________________________251
Figure 12-7 User Authentication > RADIUS ___________________________________________255
Figure 12-8 User Authentication > Kerberos___________________________________________260
Figure 12-9 User Authentication > TACACS+__________________________________________264
Figure 12-10 User Authentication > Groups ___________________________________________268
Figure 12-11 User Authentication > SSH Keys_________________________________________271
Figure 12-12 Current Host Keys ____________________________________________________274
Figure 12-13 User Authentication > Custom Menus _____________________________________276
Figure 13-1 Maintenance > Firmware & Configurations __________________________________281
Figure 13-2 Network > Firmware/Config > Manage _____________________________________286
Figure 13-3 Maintenance > System Logs _____________________________________________287
Figure 13-4 System Logs _________________________________________________________288
Figure 13-5 Maintenance > Audit Log________________________________________________289
Figure 13-6 Maintenance > Email Log _______________________________________________290
Figure 13-7 Maintenance > Diagnostics ______________________________________________291
Figure 13-8 Maintenance > Diagnostics ______________________________________________293
Figure 13-9 Maintenance > Status/Reports ___________________________________________294
Figure 13-10 Generated Status/Reports______________________________________________295
SLC™ 8000 Advanced Console Manager User Guide 18
Figure 13-11 Emailed Log or Report_________________________________________________297
Figure 13-12 About SLC __________________________________________________________298
Figure 13-13 Maintenance > Events _________________________________________________299
Figure 13-14 Maintenance > LCD/Keypad ____________________________________________301
Figure 13-15 Maintenance > Banners________________________________________________303
Figure 14-1 SLC - Console Manager Configuration _____________________________________304
Figure 14-2 Remote User Connected to a SUN Server via the SLC unit _____________________304
Figure 14-3 Dial-in (Text Mode) to a Remote Device ____________________________________306
Figure 14-4 Local Serial Connection to Network Device via Telnet _________________________307
Figure C-1 RJ45. Receptacle to DB25M DCE Adapter for the SLC unit (PN 200.2066A) ________404
Figure C-2 RJ45 Receptacle to DB25F DCE Adapter for the SLC unit (PN 200.2067A) _________405
Figure C-3 RJ45 Receptacle to DB9M DCE Adapter for the SLC unit (PN 200.2069A)__________405
Figure C-4 RJ45 Receptacle to DB9F DCE Adapter for the SLC unit (PN 200.2070A) __________406
Figure C-5 RJ45 Receptacle to DB25M DTE Adapter (PN 200.2073) _______________________406
SLC™ 8000 Advanced Console Manager User Guide 19
List of Tables
Table 2-7 Device (DCE Reversed & DTE) Port Pinout ___________________________________29
Table 2-9 Console (DTE) Port Pinout ________________________________________________29
Table 3-1 What’s in the Box ________________________________________________________33
Table 3-2 Optional Accessories _____________________________________________________34
Table 3-4 SLC Technical Specifications ______________________________________________35
Table 3-5 Console Port and Device Port - Reverse Pinout Disabled _________________________38
Table 3-6 Device Port - Reverse Pinout Enabled (Default) ________________________________38
Table 3-8 Available I/O Module Configurations _________________________________________40
Table 4-1 Methods of Assigning an IP Address _________________________________________49
Table 4-3 LCD Arrow Keypad Actions ________________________________________________51
Table 4-4 Front Panel Setup Options with Associated Parameters __________________________51
Table 5-3 SCS Commands ________________________________________________________66
Table 5-4 CLI Keyboard Shortcuts ___________________________________________________67
Table 6-12 Error Conditions ________________________________________________________99
Table 9-1 Supported I/O Module Configurations _______________________________________142
Table 9-6 Port Status and Counters _________________________________________________156
Table 9-19 Definitions ___________________________________________________________187
Table 9-20 Primary Commands ____________________________________________________188
Table 9-21 Secondary Commands _________________________________________________189
Table 9-22 Control Flow Commands ________________________________________________190
Table 12-2 User Types and Rights _________________________________________________240
Table 15-1 Actions and Category Options ___________________________________________309
SLC™ 8000 Advanced Console Manager User Guide 20
1: About this Guide
Purpose and Audience
This guide provides the information needed to install, configure, and use the Lantronix SLC™
8000 advanced console manager. The SLC unit is for IT professionals who must remotely and
securely configure and administer servers, routers, switches, telephone equipment, or other
devices equipped with a serial port for facilities that are typically remote branch offices or
“distributed” IT locations.
Summary of Chapters
The remaining chapters in this guide include:
Chapter Description
Chapter 2: Introduction Describes the SLC 8000 models, their main features, and the protocols they
support.
Chapter 3: Installation Provides technical specifications; describes connection form factors and
power supplies; provides instructions for installing the SLC 8000 advanced
console manager in a rack.
Chapter 4: Quick Setup Provides instructions for getting your SLC unit up and running and for
configuring required settings.
Chapter 5: Web and
Command Line Interfaces
Describes the web and command line interfaces available for configuring
the SLC 8000 advanced console manager.
The configuration chapters (6-12) provide detailed instructions for using the
web interface and include equivalent command line interface commands.
Chapter 6: Basic Parameters Provides instructions for configuring network ports, firewall and routing
settings, and VPN.
Chapter 7: Services Provides instructions for enabling and disabling system logging, SSH and
Telnet logins, SNMP, SMTP, and the date and time.
Chapter 8: USB/SD Card Port Provides instructions for using the USB port.
Chapter 9: Device Ports Provides instructions for configuring global device port settings, individual
device port settings, and console port settings.
Chapter 10: Remote Power
Managers
Provides instructions for using RPMs.
Chapter 11: Connections Provides instructions for configuring connections and viewing, updating, or
disconnecting a connection.
Chapter 12: User
Authentication
Provides instructions for enabling or disabling methods that authenticate
users who attempt to log in via the web, SSH, Telnet, or the console port.
Provides instructions for creating custom menus.
Chapter 13: Maintenance Provides instructions for upgrading firmware, viewing system logs and
diagnostics, generating reports, and defining events. Includes information
about web pages and commands used to shut down and reboot the SLC
8000 advanced console manager.
Chapter 14: Application
Examples
Shows how to set up and use the SLC unit in three different configurations.
ww Iantron com/suggon/documenta on
1: About this Guide
SLC™ 8000 Advanced Console Manager User Guide 21
Additional Documentation
Visit the Lantronix Web site at www.lantronix.com/support/documentation for the latest
documentation and the following additional documentation.
Chapter 15: Command
Reference
Lists and describes all of the commands available on the SLC command line
interface
Appendix A: Security
Considerations
Provides tips for enhancing SLC security.
Appendix B: Safety
Information
Lists safety precautions for using the SLC 8000 advanced console
manager.
Appendix C: Adapters and
Pinouts
Includes adapter pinout diagrams.
Appendix D: Protocol
Glossary
Lists the protocols supported by the SLC unit with brief descriptions.
Appendix E: Compliance
Information
Provides information about the SLC 8000 advanced console manager’s
compliance with industry standards.
Document Description
SLC 8000 Advanced Console Manager
Quick Start Guide
Provides accessories and part number information,
hardware installation instructions, directions to connect the
SLC unit, and network IP configuration information.
SLC 8000 Advanced Console Manager
Product Brief
Provides product overview information and specifications.
Chapter (continued) Description
SLC™ 8000 Advanced Console Manager User Guide 22
2: Introduction
The SLC 8000 advanced console manager enables IT system administrators to manage remote
servers and IT infrastructure equipment securely over the Internet.
IT equipment can be configured, administered, and managed in a variety of ways, but most
devices have one of two methods in common: via USB port and/or via an RS-232 serial port,
sometimes called a console, auxiliary, or management port. These ports are often accessed
directly by connecting a terminal or laptop to them, meaning that the administrator must be in the
same physical location as the equipment. The SLC 8000 advanced console manager gives the
administrator a way to access them remotely from anywhere there is a network or modem
connection. The SLC 8000 unit can accommodate up to three I/O modules (16-port USB I/O
module and/or 16-port RJ45 I/O module.)
Many types of equipment can be accessed and administered using console managers including:
Servers: Unix, Linux, Windows, and others.
Networking equipment: Routers, switches, storage networking.
Telecom: PBX, voice switches.
Other systems with serial interfaces: Heating/cooling systems, security/building access
systems, UPS, medical devices.
The key benefits of using console managers:
Saves money: Enables remote management and troubleshooting without sending a
technician onsite. Reduces travel costs and downtime costs.
Saves time: Provides instant access and reduces response time, improving efficiency.
Simplifies access: Enables you to access equipment securely and remotely after hours and
on weekends and holidays—without having to schedule visits or arrange for off-hour access.
Protects assets: Security features provide encryption, authentication, authorization, and
firewall features to protect your IT infrastructure while providing flexible remote access.
The SLC advanced console manager provides features such as convenient text menu
systems, break-safe operation, port buffering (logging), remote authentication, and Secure
Shell (SSH) access. Dial-up modem support ensures access when the network is not
available.
Features
Console Management
Up to 48 serial RJ45 RS-232 and/or USB type A ports for console connectivity
Note: USB ports are generally intended to connect directly to USB console ports. It
is also possible to connect a USB to serial adapter to them to connect to serial
console ports, if needed.
Enables system administrators to remotely manage devices with serial and/or USB console
ports, e.g., Linux, Unix, and recent versions of Windows servers, routers, telecom, and
switches with RS-232C (now EIA-232) or USB compatible serial consoles in a 1U-tall rack
space. All models have two Ethernet ports, called Eth1 and Eth2 in this document.
Provides data logging, monitoring, and secure access control via the Internet
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 23
Power
Universal AC power input (100-240V, 50/60 Hz) or 20-72 VDC power input hardware option
Convection cooled, silent operation, low power consumption
Integration with Other Secure Lantronix Products
Can integrate seamlessly with the ConsoleFlow™ or vSLM™ management appliance
software for a complete end-to-end Out-of-Band (OOB) management solution.
Hardware
SLC Chassis: The SLC 8000 advanced console manager has a 1U-tall (1.75 inch), self-
contained rack-mountable chassis.
Three I/O Module Bays are available on the back of the SLC unit, and able to accommodate
a combined total of 48 device ports depending on the number of I/O modules installed. See
Figure 2-2. Configuration possibilities are listed below. See Appendix C: Adapters and
Pinouts on page 404 for more information on serial adapters and pin-outs, and also Table 3-8
on page 40 which describes different I/O module configurations.
-Up to three 16-port RJ45 I/O modules can be installed to provide a maximum of forty-
eight serial RS-232C (EIA-232) device ports. The serial RJ45 ports match the RJ45 pin-
outs of the console ports of many popular devices found in a network environment, and
where different can be converted using Lantronix adapters.
-Up to three 16-port USB I/O modules can be installed to provide a maximum of forty-
eight USB I/O device ports.
-A combination of 16-port USB I/O modules and 16-port RJ45 I/O modules can be
installed to provide up to forty-eight serial RJ45 ports and/or USB type A ports, according
to the type and number of I/O modules installed on the back of the SLC unit.
Note: The SLC8008 ships with an 8-port serial module that must be installed in
the first bay. This module is not available separately. See Table 3-8 on page 40
which describes different I/O module configurations.
Network Interface on the back left side of the SLC unit can accommodate either a factory-
installed:
-Dual 10/100/1000 Base-T Ethernet port I/F card. Ethernet ports are referred to as Eth1
and Eth2 in the user interface and this user guide.
-Dual SFP port I/F card to support 1 Gigabit-capable single or multi-mode fiber or copper
SFP transceiver modules. Single and multi-mode SFP transceiver modules are referred to
as F1 in the user interface and this user guide.
Notes:
1000 BASE-T SFP transceiver copper modules need to use RX_LOS signal within
SFP interface pins for the indicator on Link Status LED. Not all vendor 1000 Base-T
SFP modules provide this feature. Qualified copper SFP transceiver modules with this
feature include the following: the Finisar 1000 Base-T Copper SFP Transceiver
FCLF8250P2BTL and the Fiberstore Cisco SFP-GE-T Compatible 1000 Base-T SFP
RJ-45 100m Transceiver.
SFP transceiver modules are provided by users according to fiber mode and brand
preferences. Network ports and the SFP port have LEDs to indicate link and activity
Front-mickey Modem Maunling 3mm Dual usa Fons (ommnan TT lndlcaKor LED LCD SD Card Console
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 24
status. If a single mode and a multi-mode are both installed the SLC 8000 unit, the
device can be configured to utilize one mode at a time.
Front Console Panel Ports (see Figure 2-1)
-One serial console port (RJ45) for VT100 terminal or PC with emulation with LED for
activity indicators
-Two USB type A ports for use with flash drives or external USB modems
-Optional internal modem
-One Secure Digital (SD) memory card slot (SD card provided by the user)
-One RJ11 modem port on the front panel
Note: Use of the RJ11 modem port requires installation of an optional modem
card (Lantronix part number 56KINTMODEM-01) - see Modem Installation on
page 42.
-LCD display and keypad
256 KB-per-port buffer memory for serial device ports
Software reversible device port pinouts
Either universal AC power input (100-240V, 50/60 Hz) or DC power input (20-72 VDC)
Note: For more detailed information, see Chapter 4: Quick Setup on page 49.
Figure 2-1 SLC 8048 Unit (Front Side) - Part Number SLC 804812N-01-S
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 25
Figure 2-2 SLC 8048 Unit Samples (Back Side) - Part Number SLC80482201S
Note: For the SFP modules that Lantronix resells or supports for operation with our SLC
console managers, please refer to https://www.lantronix.com/products/sfp/
System Features
The SLC 8000 firmware has the following basic capabilities:
Software reversible device port pinouts (serial RJ45 ports only)
Connects up to 48 RS-232 serial consoles or up to 48 USB consoles
Support use of simple straight-through cables for use with Cisco, Sun and other devices that
use the “Cisco” RJ-45 serial pinouts
10/100/1000 Base-T Ethernet network compatibility or SFP ports to support single or multi-
mode 1 Gigabit SFP transceiver modules
Buffer logging to file
Email and SNMP notification
ID/Password security, configurable access rights
Secure shell (SSH) security; supports numerous other security protocols
Network File System (NFS) and Common Internet File System (CIFS) support
RAW TCP, Telnet or SSH to a serial port by IP address per port or by IP address and TCP port
number
Configurable user rights for local and remotely authenticated users
Supports an external modem
The SLC 8000 supports the use of single mode, multi-
mode fiber optic and copper SFP transceiver modules in
dual SFP port models. SFP modules are provided by the
user.
The back of the SLC unit appearance and function will
depend upon:
1) The type(s) of I/O modules installed in Bay 1, Bay 2
and Bay 3. See Table 3-8 on page 40.
2) The type of I/F card (dual Ethernet port or dual SFP
port) installed. If a dual SFP port is installed, then the
type of SFP transceiver module (single mode optic
fiber, multi-mode optic fiber, or copper) inserted into the
SFP port will also impact appearance and function.
Dual Ethernet Port
OR
Dual SFP Port
Three I/O Modular Device Port Bays
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 26
No unintentional break ever sent to attached servers (Solaris Ready)
Simultaneous access on the same port - “listen” and “direct” connect mode
Remote power manager (RPM) control of UPS and PDU devices
Local access through a dedicated front panel serial console port
Web administration (using most browsers)
Protocols Supported
The SLC 8000 advanced console manager supports the TCP/IP network protocol as well as:
SSH, Telnet, PPP, NFS, and CIFS for connections in and out of the SLC console manager
SMTP for mail transfer
DNS for text-to-IP address name resolution
SNMP for remote monitoring and management
SCP, FTP and SFTP for file transfers and firmware upgrades
TFTP for firmware upgrades
DHCP and BOOTP for IP address assignment
HTTPS (SSL) for secure browser-based configuration
NTP for time synchronization
LDAP with Group support, NIS, RADIUS with VSA support, CHAP, PAP, Kerberos, TACACS+
with Group support, and SecurID (via RADIUS) for user authentication
Callback Control Protocol (CBCP)
IPsec for VPN access
For brief descriptions of these protocols, see Appendix D: Protocol Glossary on page 407.
Access Control
The system administrator controls access to attached servers or devices by assigning access
rights to up to 128 user profiles. Each user has an assigned ID, password, and access rights.
Other user profile access options may include externally configured authentication methods such
as Radius, TACACS+, NIS, and LDAP. Groups are supported in LDAP, RADIUS (using VSA), and
TACACS+ (using priv_lvl).
Device Port Buffer
The SLC 8000 unit supports real-time data logging for each device port. The port can save the
data log to a file, send an email notification of an issue, or take no action.
You can define the path for logged data on a port-by-port basis, configure file size and number of
files per port for each logging event, and configure the device log to send an email alert message
automatically to the appropriate parties indicating a particular error.
Configuration Options
You may use the back lit front-panel LCD display for initial setup and configuration and to view
current network, console, and date/time settings, and get internal temperature status.
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 27
Both a web interface viewed through a standard browser and a command line interface (CLI) are
available for configuring the SLC settings and monitoring performance.
Device Port and Console Port Interfaces
RS-232 RJ45 Interface
Device ports are located on the back of the SLC 8000 unit (please see Figure 2-2). The console
port is located on the front of the SLC 8000 unit (please see Figure 2-8). All devices attached to
the device ports and the console port must support the RS-232C (EIA-232) standard. For serial
RJ45 device ports and the console port, RJ45 cabling (e.g., category 5 or 6 patch cabling) is used.
Serial RJ45 device ports for the SLC 8000 advanced console manager are reversed by default so
that straight-through RJ45 patch cables may be used to connect to Cisco and Sun RJ45 serial
console ports. If you are replacing an SLC with an SLC 8000 you can either switch the ports to the
non-reversed pinout used by SLC units and use your original cables and adapters, or remove any
rolled cables or adapters and replace them with straight-through RJ45 cables, e.g. Ethernet patch
cables.
Note: RJ45 to DB9/DB25 adapters are available from Lantronix. For serial pinout
information, see the Appendix C: Adapters and Pinouts on page 404.
Device ports and the console port support the following baud-rate options: 300, 600, 1200, 2400,
4800, 9600, 19200, 38400, 57600, 115200 and 230400 baud.
USB Interface
The SLC unit can contain up to up to three I/O modules comprised of 16-port USB I/O module(s)
and/or 16-port RJ45 I/O module(s) installed in the three module bays available from the back of
the SLC 8000 unit. USB device ports can be used with a USB type A connector to serial adapter, if
needed.
Figure 2-3 shows an SLC unit containing two 16-port RJ45 I/O modules installed in Bay 1 and
Bay 2 for a total of 32 serial RJ45 device ports and one 16-port USB I/O module installed in Bay 3,
for a total of 48 device ports. Figure 2-4 shows an SLC unit containing three 16-port RJ45 I/O
modules installed in Bay 1, Bay 2 and Bay 3 for a total of 48 serial RJ45 device ports.
Note: When installing I/O modules into an SLC 8000 (Figure 2-2), Bay 1, Bay 2, and Bay
3 must be populated in order. The 8-port RJ45 serial module is supported on Bay 1 only.
I/F Card Slot: Dual Small Form-Factor Pluggable (SFP) or Dual Ethernet Port
On the left back side of the SLC 8000 unit, a dual SFP port or dual Ethernet port I/F card can be
installed. See Figure 2-5. If the dual SFP port is installed, copper or optic fiber 1 Gigabit SFP
transceiver modules may be used. The SLC 8000 supports use of single and multi-mode SFPs.
“m... 1 I x ‘ \ x \ l . um mm s»
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 28
Figure 2-3 Three 16-Port USB I/O Modules Installed in Bays 1, 2, & 3 with Dual Ethernet Port
Figure 2-4 One 16-Port USB I/O Module Installed in Bay 1 with Dual Ethernet Port
Figure 2-5 One 16 RJ-45 Serial Port I/O Module Installed in
Bay1 & Two 15 USB I/O Module Installed Bays 2 & 3 with Dual SFP Port
Bay 1 Bay 2 Bay 3
Bay 1 Bay 2 Bay 3
Bay 1 Bay 2 Bay 3
P0711 Acuvllms LED (knew) Fun 2 Lm LG mm", mm 1 um LED (6mm Fan 2 Acnvmus LED "wow? » (Morey w
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 29
Figure 2-6 SFP Port LEDs
Table 2-7 Device (DCE Reversed & DTE) Port Pinout
Figure 2-8 Console Port (Front Side)
DCE Pin DTE Pin Description
8 1 RTS (output)
7 2 DTR (output)
6 3 TXD (output)
5 4 Ground
4 5 Ground
3 6 RXD (input)
2 7 DSR (input)
1 8 CTS (input)
Table 2-9 Console (DTE) Port Pinout
DTE Pin Description
1 RTS (output)
2 DTR (output)
3 TXD (output)
4 Ground
5 Ground
6 RXD (input)
7 DSR (input)
8 CTS (input)
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 30
Network Connections
The SLC 8000 network interfaces are 10/100/1000 Base-T Ethernet for use with a conventional
Ethernet network as shown in Figure 2-10. Use standard RJ45-terminated cables, like Category 5
or 6 patch cable. CAT5E or better cables are recommended for 1000 Base Ethernet. Network
parameters must be configured before the SLC console manager can be accessed over the network.
Note: One possible use for the two Ethernet ports is to have one port on a private,
secure network and the other on a public, unsecured network. The SLC 8000 can also be
equipped with a factory-installed NIC (Ethernet RJ45 or SFP ports). The NIC with SFP
ports can support single/multi-mode fiber or copper SFP transceiver modules at 1 Gigabit
speed.
Figure 2-10 Dual Ethernet Network Connection
Figure 2-11 Inserting SFP Transceiver Module into the SFP Port
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 31
Front Panel USB Ports
The SLC 8000 unit has two 2.0 USB ports (HS, FS, LS) on the front panel, as seen in Figure 2-12.
Figure 2-12 Dual USB Ports
Memory Card Port
The SLC unit has a memory card port on the front panel of the unit which accepts SD cards.
Figure 2-13 Memory Card Port
2: Introduction
SLC™ 8000 Advanced Console Manager User Guide 32
Internal Modem
An internal modem can be installed in the SLC 8000 advanced console manager. See Modem
Installation on page 42 for instructions.
Figure 2-14 Internal Modem Location
SLC™ 8000 Advanced Console Manager User Guide 33
3: Installation
This chapter provides a high-level procedure for installing the SLC advanced console manager
followed by more detailed information about the SLC connections and power supplies.
Caution: To avoid physical and electrical hazards, please read
Appendix A: Security Considerations on page 401 before installing the
SLC 8000 advanced console manager.
What's in the Box
Table 3-1 lists all included components that come in the box and their corresponding part
numbers.
Table 3-1 What’s in the Box
Notes:
Accessories that can be ordered separately are listed below in Table 3-2. Regional
power cords are available as accessories.
SLC 8000 single and dual AC supply variants ship with 110V North American AC
power cord(s).
* TAA Compliant models available, replace the “S” with “G” in the SKUs above, (e.g.
SLC80321201G for 16-Port RS-232 (RJ45) Single AC Supply).
Part Number Component Description
SLC 8000 Advanced Console Manager Models
Part number
depends on SLC
model.*
SLC 8000 Advanced Console Manager
Note: *Please visit https://www.lantronix.com/products/lantronix-slc-8000/#tab-order to
view available SLC models and configurations. See Customize an SLC 8000 on page 34.
Cables
200.2070A RJ45 to DB9F Adapter
200.0062 RJ45 to RJ45, Cat5, 6.6 ft (2 m)
Note: Not available with SFP fiber versions.
500-153 RJ45 Loopback Plug
North American Power Cords
500-041-R For AC Supply Models, USA & Canada: 110V AC Power Cord,
8 ft (2.43 m), RoHS.
Note: Power cords for other international regions are available and sold separately. See
Table 3-2.
083-152-R For DC Supply Models, USA & Canada: the DC Installation Kit is included.
a Port Rs-zsz or 16 Pan Rs-zaz or 16 Port UsB 15PM Rs-zsz or 16PM Use
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 34
Table 3-2 Optional Accessories
Verify and inspect the contents of the SLC package using the enclosed packing slip or the table
above. If any item is missing or damaged, contact your place of purchase immediately.
Customize an SLC 8000
Build any combination up to 48 managed console ports by following these easy steps:
1. Pick a baseline configuration:
2. Add up to two modules:
3. Choose from Single AC, Dual AC or Dual DC power supply.
4. Choose from Ethernet Copper or SFP (Dual AC) variants.
5. Select secondary out-of-band options (PSTN modem, cellular gateway.)
6. Protect investment with various extended warranty and service options.
Part Number Component Description
International Power Cords:
930-077-R Power Cord, Israel, 250VAC 10A, 8FT, RoHS
930-075-R Power Cord, UK, 250VAC 10A, 8FT, RoHS
930-074-R Power Cord, European, 250VAC 10A, 8FT, RoHS
User Swappable Modules
FRRJ451601 16 Device Port RS-232 (RJ45) I/O Device Port Module
FRUSB1601 16 Device Port USB I/O Device Port Module
FR1ACPS01 100 to 240V AC Single Power Supply Module
FR2ACPS01 100 to 240V AC Dual Power Supply Module
FR2DCPS01 -20 to -72V DC Dual Power Supply Module
Secondary Connectivity Accessories for SLC 8000
56KINTMODEM-0156K v.92 Internal Modem for Dial-UP Out-of-Band Connection
PXC2102H2-01-S 3.5G Cellular Out-of-Band Connectivity Intelligent Gateway
Note: Wireless data plan sold separately.
Manufaccunng Date Code Prod uct Pa rt SYSTEM SN‘ DaaoAsFFFFoo Ongm Sena‘ Number Number LANT?ON|X® g 5Lcau4312N-o1 'é Product Revlswun A11 14W31 2 Country of MADE IN USA on E. Manufacturmg g 2 5
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 35
Product Label
The product label on the underside of the SLC 8000 advanced console manager contains the
following information about each SLC unit:
Part Number
Product Revision
Country of Manufacturing Origin
Serial Number
Manufacturing Date Code
Bar Code
Figure 3-3 Product Label
Technical Specifications
Table 3-4 SLC Technical Specifications
Component Description
Serial Interface (Device) Up to 48 RJ45-type 8-conductor connectors as up to three16-port RJ45 I/O
modules can be installed. These connectors have individually configurable
standard and reversible pinouts, 8 or 16 ports per I/O module.
Speed software selectable (300 to 230400 baud)
Note: Serial RJ45 device ports for the SLC 8000 advanced console manager
are reversed by default. Do not use rolled cables and adapters when replacing
an SLC console manager with the SLC 8000 model.
USB 2.0 Interface
(Device)
Up to 48 USB type A (Host) as up to three 16-port USB I/O modules can be
installed
HS, FS, and LS
Capable of providing VBUS 5V up to 100 mA per port, but not to exceed 600
mA total per 16-port USB I/O module.
May be used with a USB-to-serial adapter to connect a serial device, if
needed. Please contact Lantronix for the list of tested adapters.
Caution: USB ports are designed for data traffic only. They are not
designed for charging or powering devices. Over-current conditions on
VBUS 5V may disrupt operations.
®
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 36
Serial Interface (Console) (1) RJ45-type 8-pin connector (DTE)
Speed software selectable (300 to 230400 baud)
LEDs:
Green light ON indicates data transmission activities
Yellow light ON indicates data receiving activities
Network Interface (2) 10/100/1000 Base-T RJ45 Ethernet with LED indicators:
Green light ON indicates a link at 1000 Base-T.
Green light OFF indicates a link at other speeds or no link.
Yellow light ON indicates a link is established.
Yellow light blinking indicates activity.
OR
(2) SFP ports to support standard fiber or copper SFP transceiver modules
(single or multi-mode) at speed 1 Gigabit. LED indicators:
Green light ON indicates a link is established.
Green light OFF indicates no link.
Yellow light steady ON indicates no activity.
Yellow light blinking indicates activity.
Power Supply AC
(single or dual)
Universal AC power input: 100-240 VAC
50 or 60 Hz IEC 60320/C14
Power Supply DC (dual) 20V to 72V input
Power Consumption Less than 25W with 48 RS232 serial ports
Less than 45W with 48 USB ports
Dimensions 1U, 1.75 in x 17.25 in x 12 in
Weight 12.1 lbs with 48 serial ports
11.8 lbs with 48 USB ports
Temperature Operating: 0 to 50°C (32 to 122°F), 30 to 90% RH, non-condensing
Storage: -20 to 80°C (-4 to 176°F), 10 to 90% RH, non-condensing
Relative Humidity Operating: 10% to 90% non-condensing; 40% to 60% recommended
Storage: 10% to 90% non-condensing
Front USB Ports (2) ports, type A, host USB 2.0 (HS, FS, LS)
Memory Card Single memory card slot supporting:
SD
SDHC
Optional Internal Modem 300 bps to 56K bps data rate
Upstream 48K bps, downstream 56K bps
V.44 data compression (V92MB-U, V92HU)
V.42 bis and MNP-5 data compression
V.29 FastPOS support
Caller ID type I and II for select countries
Agency approvals: Transferable FCC68, CS03 and CTR21 certifications,
IEC60601-1 (Medical Electronics) compliant, CE Marking, IEC60950 approved
Operating Atmosphere
Caution: EQUIPMENT
IS FOR INDOOR USE
ONLY!
For use at altitudes no more than 2000 meters above sea level only.
仅适用于海拔 2000m 以下地区安全使用
For use in non-tropical conditions only.
仅适用于非热带气候条件下安全使用
Component (continued) Description
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 37
Physical Installation
Install the SLC 8000 advanced console manager in an EIA-standard 19-inch rack (1U tall) or as a
desktop unit. The SLC module uses convection cooling to dissipate excess heat.
To install the SLC 8000 advanced console manager in a rack:
1. Place the SLC unit in a 19-inch rack.
Warning: Do not to block the air vents on the sides of the SLC module. If you
mount the SLC advanced console manager in an enclosed rack, we
recommend that the rack have a ventilation fan to provide adequate
airflow through the SLC unit.
2. Connect the serial device(s) to the SLC unit ports. See the section,
Connecting to a Device Port (on page 37).
3. Choose one of the following options:
-To configure the SLC 8000 advanced console manager using the network, or to monitor
serial devices on the network, connect at least one SLC network port to a network. See
Connecting to Network Ports (on page 40).
-To configure the SLC unit using a dumb terminal or a computer with terminal emulation,
connect the terminal or PC to the front panel SLC console port. See
Connecting Terminals (on page 40).
4. Connect the power cord, and apply power. See AC Input (on page 41).
5. Wait approximately one minute for the boot process to complete.
When the boot process ends, the SLC host name and the clock appear on the LCD display.
Now you are ready to configure the network settings as described in Chapter 4: Quick Setup.
Connecting to a Device Port
You can connect almost any device that has a serial console port to a device port on the SLC 8000
unit for remote administration. The console port must support the RS-232C interface.
Note: Many servers must either have the serial port enabled as a console or the
keyboard and mouse detached. Consult the server hardware and/or software
documentation for more information.
To connect to a serial RJ45 device port:
1. Connect one end of the Cat 5 cable to the device port.
2. Connect the other end of the Cat 5 cable to an RJ45 serial console port or to other port types
using a Lantronix serial console adapter.
Notes:
See Device Port Commands to enable or disable reverse pinouts through the CLI.
Table 3-5 and Table 3-6 provide additional information on reverse pinouts.
See Appendix C: Adapters and Pinouts for information about Lantronix adapters.
3. Connect the adapter to the serial console port on the serial device as shown in Figure 3-7.
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 38
Table 3-5 Console Port and Device Port - Reverse Pinout Disabled
Table 3-6 Device Port - Reverse Pinout Enabled (Default)
To connect to a USB device port:
1. Connect the USB type A connector of a USB cable to a device port.
2. Connect the other end of the USB cable to a USB console port.
Figure 3-7 shows a sample I/O module installation with two 16-port RJ45 I/O modules and one
16-port USB I/O module, and how the device ports correspond to the buttons on the Dashboard.
Pin Number Description
1 RTS (output)
2 DTR (output)
3 TXD (output)
4 Ground
5 Ground
6 RXD (input)
7 DSR (input)
8 CTS (input)
Pin Number Description
1 CTS (input)
2 DSR (input)
3 RXD (input)
4 Ground
5 Ground
6 TXD (output)
7 DTR (output)
8 RTS (output)
U1 LCD 51: MD U2 E113 5 7 911131517192123252729313335373941434547 A E2 2 4 6 S101214161820222426283032343633‘042444648 B
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 39
Figure 3-7 Sample Device Port Connections (Back Side)
Modular Expansion for I/O Module Bays
The SLC 8000 advanced console manager, which provides 3 separate bays, supports the
flexibility to change the I/O module configuration by offering a 16-port module for expansion. When
populating the bays, Bay 1, Bay 2 and Bay 3 must be populated in consecutive order. Bay 1 is the
slot next to the Ethernet ports and Bay 3 is the slot beside the power supply module. See
Figure 3-7 and Table 3-8. When device ports are unused or unsupported, they do not appear in
the Dashboard. See Sample Dashboards.
Note: See the SLC 8000 I/O Module Installation Guide for information on installing I/O
modules.
Bay 1 Bay 2 Bay 3
16-Port USB
I/O Module
(Part Number
FRUSB1601)
16-Port RJ45
I/O Module
(Part Number
FRRJ451601)
16-Port RJ45
I/O Module
(Part Number
FRRJ451601)
Examp‘e; of Aval able l/O Configumhuns Mudd Pans fiml (kpnfiylrah'fili Standard a Standard 15 Customized 24 Standard 32 Customized Custumlxed 40 Standard Customized 45 Custumlxed Customized u Cusmmized 31 C t d As us DmIIe Standard Made! R145 I/o Module [16 ports) usa l/O Mudule (1s puns) Cusmmized 4B Cusmmized 45
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 40
Table 3-8 Available I/O Module Configurations
Note: The 8-port RJ45 serial module is supported on Bay 1 only. The available I/O
module configurations in Table 3-8 are supported with either dual Gigabit Ethernet or dual
SFP ports.
Connecting to Network Ports
The SLC network ports, 10/100/1000 Base-T Ethernet, allow remote access to the attached
devices and the system administrative functions. Use a standard RJ45-terminated Category 5
cable to connect to the network port. A CAT5e or better cable is recommended for use with a
1000 Base-T Ethernet connection.
Note: One possible use for the two Ethernet ports is to have one port on a private,
secure network, and the other on an unsecured network.
Connecting Terminals
The console port is for local access to the SLC 8000 advanced console manager and the attached
devices. You may attach a dumb terminal or a computer with terminal emulation to the console
port. The SLC console port uses RS-232C protocol and supports VT100 emulation. The default
serial settings are 9600 baud, 8 bit data, No parity, 1 stop bit with no flow control.
To connect the console port to a terminal or computer with terminal emulation, Lantronix offers
optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector.
The console port is configured as DTE (non-reversed RJ45). See Appendix C: Adapters and
Pinouts on page 404 for more information.
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 41
To connect a terminal:
1. Attach the Lantronix adapter to your terminal (typically a PN 200.2066A adapter - see
Figure C-1) or your PC's serial port (use PN 200. adapter - see Figure C-4).
2. Connect the Cat 5 cable to the adapter, and connect the other end to the SLC console port.
3. Turn on the terminal or start your computer's communication program (e.g., PuTTY or
TeraTerm Pro).
4. Once the SLC 8000 advanced console manager is running, press Enter to establish
connection. You should see the model name and a login prompt on your terminal. On a factory
default SLC you may log in with the user name sysadmin and the password PASS.
AC Input
The power supply module for the SLC controller accepts AC input voltage of 100-240 VAC, 50/60
HZ. Rear-mounted IEC-type AC power connectors are provided for universal AC power input.
(See What's in the Box on page 33.)
Warning: Risk of serious electric shock! Disconnect all power cords before
servicing the SLC.
Figure 3-9 AC Power Input
ATTENTION A OBSERVE PRECAUTIONS FOR NANDLING ELECTROSTATIC SENSITIVE DEVICES
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 42
Modem Installation
Caution: TO REDUCE THE RISK OF FIRE, USE ONLY NO. 26 AWG OR LARGER
(e.g., 24 AWG) UL LISTED OR CSA CERTIFIED TELECOMMUNICATION
LINE CORD.
Attention: POUR RÉDUIRE LES RISQUES D'INCENDIE, UTILISER UNIQUEMENT DES
CONDUCTEURS DE TÉLÉCOMMUNICATIONS 26 AWG AU DE SECTION
SUPÉRLEURE.
Warning: RISK OF ELECTRICAL SHOCKS; DISCONNECT ALL POWER AND
PHONE LINES BEFORE SERVICING!
Caution: DEVICES INSIDE THE EQUIPMENT AND THE MODEM ARE
ELECTROSTATIC -SENSITIVE; DO NOT HANDLE EXCEPT AT A STATIC
FREE WORKPLACE.
MODEM PART NUMBER
Lantronix 56KINTMODEM-01
MODEM SERVICING INSTRUCTIONS
You will need a medium size Phillips screw driver.
1. Turn off power to the SLC 8000 advanced console manager.
2. Locate the battery modem door on the top of the SLC unit.
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 43
3. Carefully unscrew and lift the door off with the screw driver.
4. Take note of the orientation of the modem in the photograph so that you can install a new
modem correctly with the same orientation.
5. If there is a modem replacement, carefully lift the old modem out of its socket.
6. Install the new modem with correct orientation.
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 44
7. Make sure to have correct pin alignment.
8. Press the modem down to make sure it sits down all the way in the socket.
9. Double-check the new modem placement to make sure it is done properly.
10. Place the battery/modem door back.
11. Carefully tighten the door screw.
FOR HANDLING ELECTROSTATIC sENsmvE DEVICES ATTENTION A OBSERVE PRECAUTIONS
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 45
Battery Replacement
Caution: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT
TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE
INSTRUCTIONS.
Attention: II Y A DANGER D'EXPLOSION S'IL Y A REMPLACEMENT INCORRECT DE LA
BATTERIE. REMPLACER UNIQUEMENT AVEC UNE BATTERIE DU MÊME TYPE
OU D'UN TYPE EQUIVALENT RECOMMANDÉ PAR LE CONSTRUCTEUR.
METTRE AU REBUT LES BATTERIES USAGÉES CONFORMÉMENT AUX
INSTRUCTIONS DU FABRICANT.
Caution: DEVICES INSIDE THE EQUIPMENT ARE ELECTROSTATIC -SENSITIVE;
DO NOT HANDLE EXCEPT AT A STATIC FREE WORKPLACE.
Battery Part Numbers
Panasonic BR2032 or equivalent (button cell lithium, non-rechargeable.)
Caution: DO NOT USE BATTERY TYPE CR2032 SINCE IT HAS A LOWER
OPERATING TEMPERATURE RANGE.
DISPOSAL OF USED BATTERIES (from battery data sheet)
If not in a large quantity, button cell batteries contain so little Lithium that they do not qualify as
reactive hazardous waste. These batteries are safe for disposal in the normal municipal waste
stream.
If in a large quantity, disposal of button cell batteries should be performed by permitted,
professional firms knowledgeable in Federal, State and local hazardous waste transportation
and disposal requirements.
Caution: RISK OF FIRE, EXPLOSION AND BURNS. DO NOT RECHARGE, CRUSH,
HEAT ABOVE 212°F (100°C) OR INCINERATE.
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 46
Battery Replacement Instructions
Warning: RISK OF ELECTRICAL SHOCKS; DISCONNECT ALL POWER AND
PHONE LINE BEFORE SERVICING!
You will need a medium size Phillips screw driver.
1. Turn off power to the SLC 8000 advanced console manager.
2. Locate the battery/modem door on the top of the SLC unit.
3. Carefully unscrew and lift the door off with the screw driver.
4. If there is a modem installed, note the orientation of the modem so that later you can install it
back correctly.
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 47
5. If there is a modem installed, carefully lift the modem out of its socket.
6. Use fingers to lift the battery out of the socket.
Caution: DO NOT USE A METAL OBJECT TO PRY OUT THE BATTERY. IT MAY
SHORT THE BATTERY AND DAMAGE THE BATTERY HOUSING.
7. Install the new battery with the (+) side up making sure the battery sits completely and
securely in the housing.
8. Re-install the modem with correct orientation.
a. Make sure also to have correct pin alignment.
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 48
b. Press the modem down to make sure it sits down all the way in the socket.
9. Double-check the battery and modem placements to make sure they are done properly.
10. Place the battery/modem door back.
11. Carefully tighten the door screw.
12. If necessary, reprogram the SLC system date-time after installing a new battery.
SLC™ 8000 Advanced Console Manager User Guide 49
4: Quick Setup
This chapter helps get the IP network port up and running quickly, so you can administer the SLC
advanced console manager using your network.
Recommendations
To set up the network connections quickly, we suggest you do one of the following:
Use the front panel LCD display and keypad buttons to configure the IP address, subnet
mask, gateway address and DNS address(es), if applicable.
Complete the quick setup (see Figure 4-5) on the web interface.
SSH to the command line interface and follow the Quick Setup script on the command line
interface.
Connect to the console port and follow the Quick Setup script on the command line interface.
Note: The first time you power up the SLC unit, Eth1 tries to obtain its IP address via
DHCP. If you have connected Eth1 to the network, and Eth1 is able to acquire an IP
address, you can view this IP address on the LCD or by running the Lantronix Provisioning
Manager application. If Eth1 cannot acquire an IP address, you cannot use Telnet, SSH,
or the web interface to run Quick Setup.
IP Address
Your SLC 8000 advanced console manager must have a unique IP address on your network. The
system administrator generally provides the IP address and corresponding subnet mask and
gateway. The IP address must be within a valid range and unique to your network. If a valid
gateway address has not been assigned the IP address must be on the same subnet as
workstations connecting to the SLC 8000 over the network.
The following table lists the options for assigning an IP address to your SLC unit.
Table 4-1 Methods of Assigning an IP Address
Method Description
DHCP A DHCP server automatically assigns the IP address and network settings.
The SLC 8000 advanced console manager is DHCP-enabled by default.
With the Eth1 network port connected to the network, and the SLC unit
powered up, Eth1 acquires an IP address, viewable on the LCD.
At this point, you can use SSH to connect to the SLC console manager or use
the web interface.
BOOTP Non-dynamic predecessor to DHCP.
Front panel LCD display
and keypads
You manually assign the IP address and other basic network, console, and
date/time settings. If desired, you can restore the factory defaults.
Serial port login to
command line interface
You assign an IP address and configure the SLC unit using a terminal or a PC
running a terminal emulation program to the SLC serial console port
connection.
Flgure 4-2 From Panel LCD Dlsplay and Flve Button Keypad (Enter, Up, Down, Left, nghl)
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 50
Method #1 Using the Front Panel Display
Before you begin, ensure that you have:
Unique IP address that is valid on your network (unless automatically assigned)
Subnet mask (unless automatically assigned)
Gateway (unless automatically assigned)
DNS settings (unless automatically assigned)
Date, time, and time zone
Console port settings: baud rate, data bits, stop bits, parity, and flow control
Make sure the SLC advanced console manager is plugged into power and turned on.
Front Panel LCD Display and Keypads
With the SLC unit powered up, you can use the front panel display and buttons to set up the basic
parameters.
Figure 4-2 Front Panel LCD Display and Five Button Keypad (Enter, Up, Down, Left, Right)
The front panel display initially shows the hostname (abbreviated to 14 letters) and the date and
time.
When you click the right-arrow button, the SLC network settings displays. Using the five buttons on
the keypad, you can change the network, console port, and date/time settings and view the
firmware release version. If desired, you can restore the factory defaults.
Note: Have your information handy as the display times out without accepting any
unsaved changes if you take more than 30 seconds between entries.
Any changes made to the network, console port, and date/time settings take effect immediately.
Navigating
The front panel keypad has one Enter button (in the center) and four arrow buttons (up, left, right,
and down). Press the arrow buttons to navigate from one option to another, or to increment or
decrement a numerical entry of the selected option. Use the Enter button to select an option to
change or to save your settings.
E E E III—.-
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 51
The following table lists the SLC navigation actions, buttons, and options.
Table 4-3 LCD Arrow Keypad Actions
Table 4-4 Front Panel Setup Options with Associated Parameters
Note: The individual screens listed from left to right in Table 4-4 can be enabled or
disabled for display on the SLC LCD screen. The order of appearance of the screens, if
enabled, along with the elected “Home Page” may vary on the LCD monitor according to
configuration. The internal temperature, user strings, location and device ports LCD
menus are disabled by default. See LCD/Keypad (on page 301) for instructions on
enabling and disabling screens.
Button Action
Right arrow To move to the next option (e.g., from Network Settings to Console Settings)
Left arrow To return to the previous option
Enter (center button) To enter edit mode
Up and down arrows Within edit mode, to increase or decrease a numerical entry
Right or left arrows Within edit mode, to move the cursor right or left
Enter To exit edit mode
Up and down arrows To scroll up or down the list of parameters within an option (e.g., from IP
Address to Mask)
Left/Right Arrow
Current
Time
Eth1
Network
Settings
Console
Port
Settings
Date /
Time
Settings
Release Internal
Temp
User
Strings
Location Device
Ports
User ID &
Current
Time
Eth1 IP
Address
Baud Rate,
Data Bits,
Stop Bits,
Parity,
Flow
Control
Time Zone Firmware
version and
date code
(display
only)
Reading in
Celsius &
Fahrenheit
Displays
configured
user
string(s), if
any.
Indicates
the Rack
(RK), Row
(RW) &
Cluster
(CW)
locations.
Detects the
connection
state of each
port:
0=No DSR
input signal
detected on
device port
1=DSR input
signal
detected on
device port
Eth1
Subnet
Mask
Data Bits Date/Time Restore
Factory
Defaults
Gateway Stop Bits
DNS1 Parity
DNS2 Flow
Control
DNS3
Up/
Down
Arrow
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 52
Entering the Settings
To enter setup information:
1. From the normal display (host name, date and time), press the right arrow button to display
Network Settings. The IP address for Eth1 displays.
Note: If you have connected Eth1 to the network, and Eth1 is able to acquire an IP
address through DHCP, this IP address displays, followed by the letter [D]. Otherwise, the
IP address displays as all zeros (000.000.000.000).
2. Press the Enter button on the keypad to enter edit mode. A cursor displays below one
character of the existing IP address setting.
3. To enter values:
- Use the left or right arrow to move the cursor to the left or to the right position.
- Use the up or down arrow to increment or decrement the numerical value.
4. When you have the IP address as you want it, press Enter to exit edit mode, and then press
the down arrow button. The Subnet Mask parameter displays.
Note: You must edit the IP address and the Subnet Mask together for a valid IP address
combination.
5. To save your entries for one or more parameters in the group, press the right arrow button.
The Save Settings? Yes/No prompt displays.
Note: If the prompt does not display, make sure you are no longer in edit mode.
6. Use the left/right arrow buttons to select Yes, and press the Enter button.
7. Press the right arrow button to move to the next option, Console Settings.
8. Repeat steps 2-7 for each setting.
9. Press the right arrow button to move to the next option, Date/Time Settings, and click Enter
to edit the time zone.
-To enter a US time zone, use the up/down arrow buttons to scroll through the US time
zones, and then press Enter to select the correct one.
-To enter a time zone outside the US, press the left arrow button to move up to the top level
of time zones. Press the up/down arrow button to scroll through the top level.
A time zone with a trailing slash (such as Africa/) has sub-time zones. Use the right arrow
button to select the Africa time zones, and then the up/down arrows to scroll through them.
Press Enter to select the correct time zone. To move back to the top-level time zone at
any time, press the left arrow.
10. To save your entries, press the right arrow button. The Save Settings? Yes/No prompt
displays.
Note: If the prompt does not display, make sure you are no longer in edit mode.
11. Use the left/right arrow buttons to select Yes, and press the Enter button.
12. To review the saved settings, press the up or down arrows to step through the current settings.
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 53
When you are done, the front panel returns to the clock display. The network port resets to the
new settings, and you can connect to your IP network for further administration. You should be
able to SSH to the SLC 8000 advanced console manager through your network connection, or
access the Web interface through a Web browser.
Restoring Factory Defaults
To use the LCD display to restore factory default settings:
1. Press the right arrow button to move to the last option, Release.
2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit
Restore Factory Defaults password displays.
3. Press Enter to enter edit mode.
4. Using the left and right arrows to move between digits and the up and down arrows to change
digits, enter the password (the default password is 999999).
Note: The Restore Factory Defaults password is only for the LCD. You can change
it at the command line interface using the admin keypad password command. The
front panel Factory Default password and sysadmin password should be recorded
and stored in a secure place accessible by at least two authorized system
administrators. Recovering an SLC if both of these passwords are unknown is
cumbersome and time consuming.
5. Press Enter to exit edit mode. If the password is valid, a Save Settings? Yes/No prompt
displays.
6. Select Yes and press Enter. When the process is complete, the SLC unit reboots.
Limiting Sysadmin User Access
For security purposes, full administrative access to the SLC via the default sysadmin local user
account can be limited to only the front console port of the SLC device.
To configure this:
1. Enable the Sysadmin access limited to Console Port option on the Local/Remote Users web
page.’
2. Enable a remote authentication method (such as TACACS+ or LDAP) and configure the
remote authentication method to be first in the order of methods used.
3. Create a remote user account with full administrative rights.
4. Uncheck the Attempt next method on authentication rejection checkbox on the
Authentication Methods web page.
These steps will prevent any local users from logging in, restrict the default sysadmin local user to
the front console port, and allow a user with administrative rights to login, as long as remote
authentication is working.
WJTENIX SLC 8048 s u msww 2125272921 2: 3: x: 39m 414547 n - ‘cv2H1»:Iaznzzzdzamsaazh15364542441543 » mm," EMMW ‘a‘cmmm ‘wansswopmm Mmacxmmwcnmpmm mum mm 4* 7 5 E OmnkSemD Quick Setup Hag?‘ welcome to ma ummnlx ch mo Amanm console Manager Bebw afe baa: semsm as reccmmeMEd vmcwflgwe belue using me Lamnrm ch 3000mm Came Manager «M seams are OK. clmkmecheckbax Dew and saw the MM Man 1 Accm dawn Quck saw saunas The ac us: we Ememex pans, Em and Eml "mm 5mm“ By dam, mm Em and Emz ale configured fur DHCP Woman "om DHCP Damn Guam 7 am Saunas "ma." ham mow ’ Spenfy Hadrian»: 5|(4331 Mme- mummy Mu he used as me W ““55 won-m n '2‘: Com m Wm: sum nag um an. a. ma soiling: Mmlnlsmr Smng‘ cw Dag-um 1 Thenfldllln usernas some pmueges kw ch aammmon Dame Mry , f 2n; mm 1 mdammms‘mss' T v 3 . . Ime U8 5 pm sysadmmp .1 Tune Zone GMI v , Retype Passwum
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 54
Method #2 Quick Setup on the Web Page
After the unit has an IP address, you can use the Quick Setup page to configure the remaining
network settings. This page displays the first time you log into the SLC 8000 advanced console
manager only. Otherwise, the SLC Home page displays.
To complete the Quick Setup page:
1. Open a web browser (Firefox, Chrome or Internet Explorer web browsers with the latest
browser updates).
2. In the URL field, type https:// followed by the IP address of your SLC console manager.
Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and
redirects all requests to the encrypted (HTTPS) port (port 443).
3. Log in using sysadmin as the user name and PASS as the password. The first time you log in to
the SLC unit, the Quick Setup page automatically displays.
Note: To open the Quick Setup page at another time, click the Quick Setup tab.
Figure 4-5 Quick Setup
4. To accept the defaults, select the Accept default Quick Setup settings checkbox on the top
portion of the page and click the Apply button at the bottom of the page. Otherwise, continue
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 55
with step 5.
Note: Once you click the Apply button on the Quick Setup page, you can continue using
the web interface to configure the SLC further.
5. Enter the following settings:
Network Settings
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Network Setting Description
Eth 1 Settings Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway
from the DHCP server. (The DHCP server may not provide the hostname
gateway, depending on its setup.) This is the default setting. If you select this
option, skip to Gateway.
Obtain from BOOTP: Lets a network node request configuration information from
a BOOTP "server" node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.
IP Address
(if specifying)
Enter an IP address that is unique and valid on your network. There is no default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields
for dot-quad numbers less than 100. For example, if your IP address is
172.19.201.28, do not enter 028 for the last segment octet.
Note: Currently, the SLC 8000 advanced console manager does not support
configurations with the same IP subnet on multiple interfaces (Ethernet or PPP).
Subnet Mask If specifying an IP address, enter the subnet mask for the network on which the SLC
unit resides. There is no default.
Default Gateway The IP address of the router for this network. There is no default.
Hostname The default host name is slcXXXX, where XXXX is the last 4 characters of the
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces).
Note: The host name becomes the prompt in the command line interface.
Domain If desired, specify a domain name (for example, support.lantronix.com). The
domain name is used for host name resolution within the SLC 8000 advanced
console manager. For example, if abcd is specified for the SMTP server, and
mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC unit
attempts to resolve abcd.mydomain.com for the SMTP server.
,' - ‘ > . X SLC 804B Lcomm a v 3 5 7 a u131517192123252729313335373941434“) A 22 2 a 5 a m<2141s1azn122425233032342532annuaew a="" @3333,“="" www.="" .wmm.="" mwnmm="" wwwww.="" mmm-m="" fi‘="" 83="" e="" um="" sup="" conngurmn="" ‘3="" camping="" von="" can="" m.="" beam="" :onfiguvmg="" and="" wnnecmg="" dewce="" pans="">
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 56
Date & Time Settings
Administrator Settings
6. Click the Apply button to save your entries.
Figure 4-6 Quick Setup Completed in Web Manager
If Quick Setup has already been run the standard Home page will display.
Date & Time Setting Description
Change Date/Time Select the checkbox to manually enter the date and time at the SLC unit’s location.
Date From the drop-down lists, select the current month, day, and year.
Time From the drop-down lists, select the current hour and minute.
Time Zone From the drop-down list, select the appropriate time zone.
Administrator
Setting
Description
Sysadmin Password To change the password (e.g., from the default) enter a Sysadmin Password of up
to 64 characters.
Retype Password Re-enter the Sysadmin Password above in this field as a confirmation.
LANTQONIX SLC 8048 ' 0 H131517192123252783133:53 3911434547 A , Am1:1-116ixznuzuanauazu1631404244.wa a 53mm.“ 5mm.“ gamma g Wnbssnmwmm 7 mmammnm 7 Home Welcome to the Lantronix SLC 8000 Advanced Console Manager
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 57
Figure 4-7 Home
Method #3 Quick Setup on the Command Line Interface
If the SLC 8000 advanced console manager does not have an IP address, you can connect a
dumb terminal or a PC running a terminal emulation program (VT100) to access the command line
interface. (See Connecting Terminals on page 40.) If the unit has an IP address, you can use SSH
or Telnet to connect to the SLC unit.
By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the
Services > SSH/Telnet/Logging (on page 104).
To complete the command line interface Quick Setup script:
1. Do one of the following:
-With a serial terminal connection, power up, and when the command line displays, press
Enter.
-With a network connection, use an SSH client or Telnet program (if Telnet has been
enabled) to connect to xx.xx.xx.xx (the IP address in dot quad notation), and press
Enter. You should be at the login prompt.
2. Enter sysadmin as the user name and press Enter.
3. Enter PASS as the password and press Enter. The first time you log in, the Quick Setup script
runs automatically. Normally, the command prompt displays.
Figure 4-8 Beginning of Quick Setup Script
Welcome to the Lantronix SLC8000 Advanced Console Manager
Model Number: SLC8032
Quick Setup will now step you through configuring a few basic settings.
The current settings are shown in brackets ('[]').
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 58
You can accept the current setting for each question by pressing
<return>.
4. Enter the following information at the prompts:
Note: To accept a default or to skip an entry that is not required, press Enter.
After you complete the Quick Setup script, the changes take effect immediately.
CLI Quick Setup
Settings
Description
Config Eth1 Select one of the following:
(1) obtain IP Address from DHCP: The unit will acquire the IP address, subnet
mask, hostname, and gateway from the DHCP server. (The DHCP server may or
may not provide the gateway and hostname, depending on its setup.) This is the
default setting.
(2) obtain IP Address from BOOTP: Permits a network node to request
configuration information from a BOOTP "server" node.
(3) static IP Address: Allows you to assign a static IP address manually. The IP
address is generally provided by the system administrator.
IP Address (if
specifying)
An IP address that is unique and valid on your network and in the same subnet as
your PC. There is no default.
If you selected DHCP or BOOTP, this prompt does not display.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields for
dot-quad numbers less than 100. For example, if your IP address is 172.19.201.28,
do not enter 028 for the last octet.
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or
PPP) are not currently supported.
Subnet Mask The subnet mask specifies the network segment on which the SLC 8000 advanced
console manager resides. There is no default. If you selected DHCP or BOOTP, this
prompt does not display.
Default Gateway IP address of the router for this network. There is no default.
Hostname The default host name is slcXXXX, where XXXX is the last 4 characters of the
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces).
Note: The host name becomes the prompt in the command line interface.
Domain If desired, specify a domain name (for example, support.lantronix.com). The domain
name is used for host name resolution within the SLC unit. For example, if abcd is
specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLC 8000 advanced console manager attempts to
resolve abcd.mydomain.com for the SMTP server.
Time Zone If the time zone displayed is incorrect, enter the correct time zone and press Enter. If
the entry is not a valid time zone, the system guides you through selecting a time
zone. A list of valid regions and countries displays. At the prompts, enter the correct
region and country.
Date/Time If the date and time displayed are correct, type n and continue. If the date and time
are incorrect, type y and enter the correct date and time in the formats shown at the
prompts.
Sysadmin
password
Enter a new sysadmin password.
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 59
Figure 4-9 Quick Setup Completed in CLI
Welcome to the Lantronix SLC8000 Advanced Console Manager
Model Number: SLC8032
Quick Setup will now step you through configuring a few basic settings.
The current settings are shown in brackets ('[]').
You can accept the current setting for each question by pressing
<return>.
____Ethernet Port and Default Gateway___________________________________
The SLC8032 has two ethernet ports, Eth1 and Eth2.
By default, both ports are configured for DHCP.
Configure Eth1: (1) obtain IP Address from DHCP
(2) obtain IP Address from BOOTP
(3) static IP Address
Enter 1-3: [1]
The SLC8032 can be configured to use a default gateway.
Enter gateway IP Address: [none]
____Hostname____________________________________________________________
The current hostname is 'slc0348', and the current domain is
'<undefined>'.
The hostname will be shown in the CLI prompt.
Specify a hostname: [slc0348]
Specify a domain: [<undefined>]
____Time Zone___________________________________________________________
The current time zone is 'GMT'.
Enter time zone: [GMT]
____Date/Time___________________________________________________________
The current time is Wed May 18 20:51:04 2016
Change the current time? [n]
____Sysadmin Password___________________________________________________
The default sysadmin (administrator user) password is 'PASS'.
Enter new password: [PASS]
Quick Setup is now complete.
For a list of commands, type 'help'.
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 60
Next Step
After completing quick setup on the SLC 8000 advanced console manager, you may want to
configure other settings. You can use the web page or the command line interface for
configuration.
For information about the web and the command line interfaces, go to Chapter 5: Web and
Command Line Interfaces.
To continue configuring the SLC unit, go to Chapter 6: Basic Parameters.
\ LAN‘ROMX mm W m», MmNMMWUW Dawns ¢ “,me Amman mm mm ' haw; 5m {mm m... BIB-mum y." A mun-“I‘dfiumm m... hm” . Wm M ”vam— my mm W mm m m mmwanmum..m«w.,xm. .wwmmummu..mn mum” Mme-1:1 gamma». mummy: W . (m m mm: mm ‘51:: >194. , mrmmw
SLC™ 8000 Advanced Console Manager User Guide 61
5: Web and Command Line Interfaces
The SLC advanced console manager offers three interfaces for configuring the SLC unit: a
command line interface (CLI), a web interface, and an LCD with keypad buttons on the front panel.
This chapter discusses the web and command line interfaces.
Note: See Chapter 4: Quick Setup on page 49 for instructions on using the LCD front
panel to configure basic network settings, Web Manager, and CLI to perform quick setup.
Web Manager
A Web Manager allows the system administrator and other authorized users to configure and
manage the SLC 8000 advanced console manager using most web browsers (Firefox, Chrome or
Internet Explorer web applications with the latest browser updates). The SLC unit provides a
secure, encrypted web interface over SSL (secure sockets layer).
Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and
redirects all requests to the encrypted (HTTPS) port (port 443). Web Telnet and Web SSH
features (utilized in SLC console managers with firmware 7.2.0.0 or earlier) require Java
1.1 (or later) support in the browser.
The following figure shows a typical web page:
Figure 5-1 Web Page Layout
Logout Button
Tabs
Options
Entry Fields
and Options
Dashboard
Icons
Help
Button
M E: 1 3 5 7 5 H131517192I13152729313335373941434547 A LCDSD u2 52 2 4 s a1n1214151320222426233032343533 42444545 5 k \ pm pm U1 1 1 5 7 a11131517192123252729313335373941434547 A 1|@ 2 4 6 81012141618202224262830323436384042444548 a n pm; sww um Lcusnmw E1 1 3 5 7 9111315171921232527293133353739414345“ A u 2 A a E1n12141618202224262830323-1363840412444648 a {Emma PM 2]
5: Web and Command Line Interfaces
SLC™ 8000 Advanced Console Manager User Guide 62
The web page has the following components:
Tabs: Groups of settings to configure.
Options: Below each tab are options for specific types of settings.
Note: Only those options for which the currently logged-in user has rights display.
Figure 5-2 Sample Dashboards
Dashboard
The appearance of the user interface dashboard will differ according to the type of NIC card
and bay modules installed in the back of the SLC 8000. See Figure 2-2 SLC 8048 Unit
Samples (Back Side) - Part Number SLC80482201S (on page 25), Figure 3-7 Sample Device
Port Connections (Back Side) (on page 39), and Figure 5-2 Sample Dashboards (on page 62).
-The light green LCD button allows you to configure the front panel LCD.
-The beige SD button allows you to configure the SD card, if a card is inserted. See
Chapter 8: USB/SD Card Port on page 132.
-The gray U1 button allows you to configure the upper USB device (flash drive or modem)
plugged into the front panel USB connector. The gray U2 button allows you to configure
the lower USB device plugged into the front panel USB connector. See Chapter 8: USB/
SD Card Port on page 132.
-The brown MD button allows you to configure the internal modem, if an internal modem is
installed.
-The blue E1 and E2 buttons display the Network > Network Settings (1 of 2) page for the
Ethernet port.
-The F1 and F2 buttons display the Network > Network Settings (1 of 2) page for the SFP
transceiver port.
-The number buttons allow you to select a port and display its settings. Only ports to which
the currently logged-in user has rights are enabled.
Below the bar are options for use with the port buttons. Selecting a port and the
Configuration option takes you to the Device Ports > Settings (1 of 2) page. Selecting a
port and the WebSSH option displays the WebSSH window for the device port --if Web
SSH is enabled, and if SSH is enabled for the device port. Selecting the port and the
Connected Device button allows access to supported devices such as remote power
m?mmE
5: Web and Command Line Interfaces
SLC™ 8000 Advanced Console Manager User Guide 63
managers (RPMs) and/or SensorSoft temperature and humidity probes connected to the
device port.
-The yellow orange A and B buttons display the status of the power supplies.
Entry Fields and Options: Allow you to enter data and select options for the settings.
Note: For specific instructions on completing the fields on the web pages, see Chapters
5 through 12.
Apply Button: Apply on each web page makes the changes immediately and saves them so
they will be there when the SLC 8000 advanced console manager is rebooted.
Icons: The icon bar above the Main Menu has icons that display the following:
Home page.
Information about the SLC unit and Lantronix contact information.
Configuration site map.
Status of the SLC 8000 advanced console manager.
Help Button: Provides online Help for the specific web page.
Logging in
Only the system administrator or users with web access rights can log into the Web Manager.
More than one user at a time can log in, but the same user cannot login more than once.
To log in to the SLC Web Manager:
1. Open a web browser.
2. In the URL field, type https:// followed by the IP address of your SLC 8000 advanced
console manager.
3. To configure the SLC unit, use sysadmin as the user name and PASS as the password.
(These are the default values.)
Note: The system administrator may have changed the password using one of the
Quick Setup methods in the previous chapter.
The Lantronix SLC Quick Setup page displays automatically the first time you log in.
Subsequently, the Lantronix SLC Home page displays. (If you want to display the Quick Setup
page again, click Quick Setup on the main menu.)
Logging Out
To log off the SLC web interface:
1. Click the Logout button located on the upper left part of any Web Manager page. You are
brought back to the login screen when logout is complete.
5: Web and Command Line Interfaces
SLC™ 8000 Advanced Console Manager User Guide 64
Web Page Help
To view detailed information about an SLC web page:
1. Click the Help button to the right of any Web Manager page. Online Help contents will appear
in a new browser window.
Command Line Interface
A command line interface (CLI) is available for entering all the commands you can use with the
SLC 8000 advanced console manager. In this user guide, after each section of instructions for
using the web interface, you will find the equivalent CLI commands. You can access the command
line interface using Telnet, SSH, or a serial terminal connection.
Note: By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the
Services > SSH/Telnet/Logging web page, a serial terminal connection, or an SSH
connection. (See Chapter 7: Services.)
The sysadmin user and users with who have full administrative rights have access to the complete
command set, while all other users have access to a reduced command set based on their
permissions.
Logging In
To log in to the SLC command line interface:
1. Do one of the following:
-With a serial terminal connection, power up, and when the command line displays, press
Enter.
-If the SLC 8000 advanced console manager already has an IP address (assigned
previously or assigned by DHCP), Telnet (if Telnet has been enabled) or SSH to
xx.xx.xx.xx (the IP address in dot quad notation) and press Enter. The login prompt
displays.
2. To log in as the system administrator for setup and configuration, enter sysadmin as the user
name and press Enter.
3. Enter PASS as the password and press Enter. The first time you log in, the Quick Setup script
runs automatically. Normally, the command prompt displays. (If you want to display the Quick
Setup script again, use the admin quicksetup command.)
Note: The system administrator may have changed the password using one of the
Quick Setup methods in the previous chapter.
To log in any other user:
1. Enter your SLC user name and press Enter.
2. Enter your SLC password and press Enter.
Logging Out
To log out of the SLC command line interface, type logout and press Enter.
5: Web and Command Line Interfaces
SLC™ 8000 Advanced Console Manager User Guide 65
Command Syntax
Commands have the following format:
<action> <category> <parameter(s)>
where
<action> is set, show, connect, admin, diag, or logout.
<category> is a group of related parameters whose settings you want to configure or view.
Examples are ntp, deviceport, and network.
<parameter(s)> is one or more name-value pairs in one of the following formats:
Command Line Help
For general Help and to display the commands to which you have rights, type: help
For general command line Help, type: help command line
For release notes for the current firmware release, type: help release
For more information about a specific command, type help followed by the command. For
example: help set network or help admin firmware
Tips
Type enough characters to identify the action, category, or parameter name uniquely. For
parameter values, type the entire value. For example, you can shorten:
set network port 1 state static ipaddr 122.3.10.1 mask 255.255.0.0
to
se net po 1 st static ip 122.3.10.1 ma 255.255.0.0
Use the Tab key to automatically complete action, category, or parameter names. Type a
partial name and press Tab either to complete the name if only one is possible, or to display
the possible names if more than one is possible. Following a space after the preceding name,
Tab displays all possible names.
Should you make a mistake while typing, backspace by pressing the Backspace key and/or
the Delete key, depending on how you accessed the interface. Both keys work if you use
VT100 emulation in your terminal access program when connecting to the console port. Use
the left and right arrow keys to move within a command.
Use the up and down arrows to scroll through previously entered commands. If desired, select
one and edit it. You can scroll through up to 100 previous commands entered in the session.
To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.
When the number of lines displayed by a command exceeds the size of the window (the
default is 25), the command output is halted until the user is ready to continue. To display the
<parameter name> <aa|bb> User must specify one of the values (aa or bb) separated by a
vertical line ( | ). The values are in all lowercase and must be
entered exactly as shown. Bold indicates a default value.
<parameter name> <Value> User must specify an appropriate value, for example, an IP address.
The parameter values are in mixed case. Square brackets [ ]
indicate optional parameters.
5: Web and Command Line Interfaces
SLC™ 8000 Advanced Console Manager User Guide 66
next line, press Enter, and to display the page, press the space bar. You can override the
number of lines (or disable the feature altogether) with the set cli command.General CLI
Commands
The following commands relate to the CLI itself.
To configure the current command line session:
set cli scscommands <enable|disable>
Allows you to use SCS-compatible commands as shortcuts for executing commands:
Note: Settings are retained between CLI sessions for local users and users listed in the
remote users list.
Table 5-3 SCS Commands
To set the number of lines displayed by a command:
set cli terminallines <disable|Number of lines>
Sets the number of lines in the terminal emulation (screen) for paging through text one screenful at
a time, if the SLC 8000 unit cannot detect the size of the terminal automatically.
To show current CLI settings:
show cli
To view the last 100 commands entered in the session:
show history
To clear the command history:
set history clear
To view the rights of the currently logged-in user:
show user
SCS Commands Commands
info 'show sysstatus'
version 'admin version'
reboot 'admin reboot'
poweroff 'admin shutdown'
listdev 'show deviceport names'
direct 'connect direct deviceport'
listen 'connect listen deviceport'
clear 'set locallog clear'
telnet 'connect direct telnet'
ssh 'connect direct ssh'
5: Web and Command Line Interfaces
SLC™ 8000 Advanced Console Manager User Guide 67
Note: For information about user rights, see Chapter 12: User Authentication.
Table 5-4 CLI Keyboard Shortcuts
Keyboard Shortcut Description
Control + [a] Move to the start of the line.
Control + [e] Move to the end of the line.
Control + [b] Move back to the start of the current word.
Control + [f] Move forward to the end of the next word.
Control + [u] Erase from cursor to the beginning of the line.
Control + [k] Erase from cursor to the end of the line.
SLC™ 8000 Advanced Console Manager User Guide 68
6: Basic Parameters
This chapter explains how to set the following basic configuration settings for the SLC advanced
console manager using the SLC web interface or the CLI:
Network parameters that determine how the SLC 8000 advanced console manager interacts
with the attached network
Firewall and routing
Date and time
Note: If you entered some of these settings using a Quick Setup procedure, you may
update them here.
Requirements
If you assign a different IP address from the current one, it must be within a valid range and unique
to your network. If a valid gateway address has not been assigned the IP address must be on the
same subnet as workstations connecting to the SLC 8000 over the network.
To configure the unit, you need the following information:
Eth1 IP address: ________ - ________ - ________ - ________
Subnet mask: ________ - ________ - ________ - ________
Eth2 IP address (optional): ________ - ________ - ________ - ________
Subnet mask (optional): ________ - ________ - ________ - ________
Gateway: ___________ - ___________ - ___________ - ___________
DNS: ___________ - ___________ - ___________ - ___________
dard SL I'a'] IE A variety 0 led in 1h these are - -, opfical S - NIC board n the web UI p0 of colors. e mode 1000 e 1000 B opfical S F1 h no S
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 69
Network Port Settings
Network parameters determine how the SLC unit interacts with the attached network. Use this
page to set the following basic configuration settings for the network ports (Eth1 and Eth2).
The SLC supports the following types of network interfaces:
RJ-45 ports, as part of the standard SLC RJ45 NIC board. In the web UI port banner bar,
these are represented as and . These ports can be configured for speeds of 10Mbit,
100 Mbit or 1000 Mbit, at half-duplex or full-duplex. The RJ45 Ethernet NIC LEDs display the
following states:
-Green Light On: indicates a link at 1000 BASE-T
-Green Light Off: indicates a link at other speeds, or no link
-Yellow Light On: indicates a link is established
-Yellow Light Blinking: indicates link activity
A variety of SFP modules, installed in the SLC SFP NIC board. In the web UI port banner bar,
these are represented as and , in a variety of colors. Single mode 1000 BASE-LX
optical SFPs are shown in yellow as . Multi mode 1000 BASE-SX optical SFPs are shown
as . RJ45 1000 BASE-T SFPs are shown in blue as . A port with no SFP module is
shown in white as F1. A port with an unknown SFP module is shown as .
The SFP Ethernet NIC LEDs are located between the two SFP module slots; the LEDs for
Ethernet 1 are on the left, and the LEDs for Ethernet 2 are on the right. They display the
following states:
-Green Light On: indicates a link is established
-Green Light Off: indicates no link
-Yellow Light On: indicates no link activity
-Yellow Light Blinking: indicates link activity
These ports are fixed at 1000 Mbit full-duplex. Note that in some vendor's RJ45 1000 BASE-T
transceivers, the RX LOS is internally ground, so the link status feature may fail.
LANRONIX swam Husl slcom E1 1 as vanmsA u: n 24 5 “0121415 B Usersyudmm swarm - Maw-slim mmmmyu cunmnflmnwn mm m—“m G ? {3 E Network Sunnis w Filter Rmmnu va Security Perannikuing Network Settings MK] Em. HIM-nuns nasmammuam. mm ”same“ 0‘52“" Q Hnsmame swan am Semngs ' OME‘M'W" DHCP £th Selungs ' 0W" "‘1’“ WC" um: emunewilbeusedume Oblam imm mow 395W u: Address Subnel Mask Omam fmm BOOTF svecfiv u: Mums; 17219215 2 Subnex Mask 255 255 n n “mm; mm“; m) M) Am : (Balm) Zuni dhfifl aD13 (1912 280 m : m Wm (Lmk Luca” V980 280 a3" [eel 874/154 (mix “a” Made :Aum . Morse MTU 1500 MTU HWMdrEss ou- mam Mmlcasl 231255255251 mm» 1 HWAddress on Mu‘ntast 21mm m me Im a. Diagnnsllcs> Enable IN; V (Reqmres 13mm) pmtin me Edmund L'ne Imam: Domain DNS Servers m 172 19 39 23 an 172 19 1 2 “a :1 DHCFrAcq wed DNS Sewevs am Mon: #2 None as None Pram IPv4 ‘4 Bus Records TCP K: am: Pammelers \P Folwardmg A Emamet Bundmg Disabled v ‘M Stan Prunes 60D secs Few-m“ 7mm” “LIN" Numwwm :l Rx “ \nterva‘ so sea am a...“ Em mm. a,“ mum Em am 37mm 27335 D n 3193531 M15 0 E012 0 U U U U U 0 Gateway F '-Over52flinug Faflmer Gamay w Mules; w Address «0 Plug to Tngger FawLOvey Ememel Pan tor Pm Devan“ 17219 01 DHCPVACquEd nun- DHCFALuuwed . Default IM Devan“ Fveceuence Delay hemeen Plugs Numba o1 Famed PINES fi \— . Em Emz secan$ 110—\
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 70
To enter settings for one or both network ports:
1. Click the Network tab and select the Network Settings option. Either the Network > Network
Settings (1 of 2) or the Network > Network Settings (2 of 2) displays depending on your SLC
8000 model.
Figure 6-1 Network > Network Settings (1 of 2)
Note: The SFP NIC Info & Diagnostics link in the Network > Network Settings (1 of 2)
image above only appears in SLC units equipped with an SFP NIC board. The SFP NIC
Info & Diagnostics link brings you to the Network Settings > SFP NIC Information &
Diagnostics page.
Fall-over cellular Gateway collfinuralon am am AFN olMchAe earner |:| Mmm Password ]—‘ Change Mmm Password A , WWW |:| we: Rebool Gateway ‘ wnen Making Changes ' Advanced lar Gateway Confinurlmon SIM cam PIN lex A , we, |:| We: sum: We: mam Roamlng A , The lelmergaleway IS used ran IF aanress zcoesslble lnruugn me default gateway larlslo return one or more pings Fall—aver cellular Gateway slams > Fall-over cellularGaleway Flnnware umale Flmlwzre A , “m"a' Hm” :I Fllename R31“) Hm!!! Fllename Load Flrmwzre vAz FTP V Load cellular Gateway Fmrmare Options USBPan: uPa1UI PorIU2 “WW: Retype Password
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 71
Figure 6-2 Network > Network Settings (2 of 2)
MNT?ONIX ch 8048 Lcnsnm 1 1 5 7 9111315171921 , 2729111335373‘341434547 A U; 2 4 e awnummmnznaza: amamuuum a [133: gyggmwww mm”. WW." 1.35%an . mm mm. mm. mm mumm 6’ ? £3 Nelwork semnvs IPFmer Rommn VPN Securlly Network - SFP Nlc Information 8- Diagnosfics L‘LI Em SFP Mnaule IONIEASEVLX Single Home Wendel: Fmemme pn- swterx‘ss Rev: A0) Em SFP Module laollBASE-LX Slllule Mode Minter: FIDerSInre PM. sFP1 51x55 Rev: A) SFP Diixnustir Infarmitinn Pon_remv—w1tage Current thut Power Input Pwrr_LOS_lx Fault— Ethl 35.53 neat/97.76 degF 3.295“! 23.5%.»: n.5a7smu 9.5522nw M Na mu 43.42 den/119.15 aagr 3.19am ze.wm Leumu ammw Yes Na < back="" 10="" newark="" semngs="">
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 72
Figure 6-3 Network Settings > SFP NIC Information & Diagnostics
2. Enter the following information:
Ethernet Interfaces (Eth1 and Eth2)
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Eth 1 Settings
or
Eth 2 Settings
Disabled: If selected, disables the network port.
Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway
from the DHCP server. (The DHCP server may not provide the hostname
gateway, depending on its setup.) This is the default setting. If you select this
option, skip to Gateway.
Obtain from BOOTP: Lets a network node request configuration information
from a BOOTP "server" node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.
IP Address
(if specifying)
Enter an IP address that will be unique and valid on your network. There is no
default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the
fields for dot-quad numbers less than 100. For example, if your IP address is
172.19.201.28, do not enter 028 for the last segment octet.
Note: Currently, the SLC unit does not support configurations with the same IP
subnet on multiple interfaces (Ethernet or PPP).
Subnet Mask If specifying an IP address, enter the network segment on which the SLC unit
resides. There is no default.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 73
IPv6 Address
(Static)
Address of the port in IPv6 format.
Note: The SLC 8000 advanced console manager supports IPv6 connections for
the following services: the web, SSH, Telnet, remote syslog, SNMP, NTP, LDAP,
Kerberos, RADIUS, TACACS+, connections to device ports, and diagnostic ping.
IPv6 addresses are written as 8 sets of 4-digit hexadecimal numbers separated by
colons. There are several rules for modifying the address. For example:
1234:0BCD:1D67:0000:0000:8375:BADD:0057 may be shortened to
1234:BCD:1D67::8375:BADD:57.
IPv6 Address
(Global)
IPv6 address with global scope that is generated by address autoconfiguration. The
address is generated from a combination of router advertisements and MAC
address to create a unique IPv6 address. This field is read only.
Note: This field will not appear in the absence of an IPv6 global address.
IPv6 Address
(Link Local)
An IPv6 address that is intended only for communications within the segment of a
local network. This field is read only.
Mode Select the direction, duplex mode (full duplex or half-duplex), and speed (10, 100,
or 1000 Mbit) of data transmission. The default is Auto, which allows the Ethernet
port to auto-negotiate the speed and duplex with the hardware endpoint to which it
is connected.
MTU Specifies the maximum transmission unit (MTU) or maximum packet size of
packets at the IP layer (OSI layer 3) for the Ethernet port. When fragmenting a
datagram, this is the largest number of bytes that can be used in a packet. The
minimum MTU size is 108 bytes (to conform with RFC 2460) and the maximum size
is 1500 bytes.
HW Address Displays the hardware address of the Ethernet port.
Multicast Displays the multicast address of the Ethernet port.
Enable IPv6 Select this box to enable the IPv6 protocol. If changed, the SLC unit will need to
reboot. Enabled by default.
IP Forwarding If enabled, IP forwarding enables IPv4 network traffic received on one interface
(Eth1, Eth2, or an external/USB modem attached to the SLC unit with an active
PPP connection) to be transferred out another interface (any of the above). The
default behavior (if IP forwarding is disabled) is for network traffic to be received but
not routed to another destination.
Enabling IP forwarding is required if you enable Network Address Translation
(NAT) for any device port modem or USB/ISDN modem. IP forwarding allows a
user accessing the SLC 8000 advanced console manager over a modem to access
the network connected to Eth1 or Eth2.
IPv6 Forwarding If enabled, IPv6 forwarding enables IPv6 network traffic received on one interface
(Eth1, Eth2, or an external/USB modem attached to the SLC unit with an active
PPP connection) to be transferred out another interface (any of the above). The
default behavior (if IP forwarding is disabled) is for network traffic to be received but
not routed to another destination.
SFP NIC Info &
Diagnostics (Link)
Clicking the link brings you to the Network Settings > SFP NIC Information &
Diagnostics page showing information and diagnostics about the SFP connection
port, temperature, voltage, current, output power, input power, LOS, and TX fault.
Click Back to Network Settings to return to the Network > Network Settings (1 of 2)
page.
Note: The SFP NIC Info & Diagnostics link in the Network > Network Settings (1 of
2) page only appears in SLC units equipped with an SFP NIC board.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 74
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Hostname & Name Servers
DNS Servers
DHCP-Acquired DNS Servers
TCP Keepalive Parameters
Ethernet Bonding Ethernet 1 and Ethernet 2 can be bonded to support redundancy (Active Backup),
aggregation (802.3ad), and load balancing. Disabled by default. Note that if
Ethernet Bonding is enabled, assigning individual IP Addresses to Device Ports is
not supported.
Ethernet Bonding
Status (Link)
Click the link to access Ethernet bonding status information. Ethernet 1 and
Ethernet 2 can be bonded to support redundancy (Active Backup), aggregation
(802.3ad), and load balancing. Disabled by default. Note that if Ethernet Bonding is
enabled, assigning individual IP Addresses to Device Ports is not supported.
Click Back to Network Settings link to return to the Network Settings page.
Hostname The default host name is slcXXXX, where XXXX is the last 4 characters of the
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces). The host name becomes the prompt in the command line
interface.
Domain If desired, specify a domain name (for example, support.lantronix.com). The domain
name is used for host name resolution within the SLC unit. For example, if abcd is
specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLC 8000 advanced console manager attempts to
resolve abcd.mydomain.com for the SMTP server.
#1 - #3 Configure up to three name servers with an IPv4 or IPv6 address. #1 is required if
you choose to configure DNS (Domain Name Server) servers. The SLC will attempt
to contact each DNS server in the order that they are given. If a DNS server cannot
be reached, the next DNS server will be tried. If a DNS server is reachable, but does
not resolve a hostname, no other attempts will be mad to resolve the hostname using
the remaining DNS servers.
The first three DNS servers acquired via DHCP through Eth1 and/or Eth2 display
automatically.
#1 - #3 Displays the IP address of the name servers if automatically assigned by DHCP.
Prefer IPv4 DNS
Records
If enabled, IPv4 DNS records will be preferred when DNS hostname lookups are
performed. Otherwise IPv6 records will be preferred (when IPv6 is enabled). Enabled
by default.
Start Probes Number of seconds the SLC unit waits after the last transmission before sending the
first probe to determine whether a TCP session is still alive. The default is 600
seconds (10 minutes).
Number of Probes Number of probes the SLC 8000 advanced console manager sends before closing a
session. The default is 5.
Interval The number of seconds the SLC unit waits between probes. The default is 60
seconds.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 75
Gateway
Fail-Over Settings
Default IP address of the IPv4 router for this network.
If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2
displays.
All network traffic that matches the Eth1 IP address and subnet mask is sent out
Eth1. All network traffic that matches the Eth2 IP address and subnet mask is sent
out Eth 2.
If you set a default gateway, any network traffic that does not match Eth1 or Eth2 is
sent to the default gateway for routing.
DHCP-Acquired Gateway acquired by DHCP for Eth1 or Eth2. View only.
Precedence Indicates whether the gateway acquired by DHCP or the default gateway takes
precedence. The default is DHCP Gateway. If the DHCP Gateway is selected and
both Eth1 and Eth2 are configured for DHCP, the SLC unit gives precedence to the
Eth1 gateway.
IPv6 Default Indicates the IP address of the IPv6 router for this network.
Fail-over Gateway
IP Address
The fail-over gateway is a backup default gateway, used when it is determined
through a fail-over trigger that the primary default gateway is no longer a viable
route. A fail-over event happens when a Ping device reachable via an Ethernet
interface and the default gateway becomes unreachable. Fail-back occurs when the
Ping device becomes reachable again, causing the primary default route to be
restored.
Note: The fail-over gateway is not supported when DHCP is used.
IP Address to Ping to
Trigger Fail-over
IP address to ping to determine whether to use the fail-over gateway.
Ethernet Port for
Ping
Ethernet port to use for the ping.
Delay between Pings Number of seconds between pings
Number of Failed
Pings
Number of pings that fail before the SLC 8000 advanced console manager uses the
fail-over gateway.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 76
Fail-Over Cellular Gateway Configuration
Fail-over Device Select an integrated device to be used as the fail-over gateway. Currently the
Lantronix PremierWave XC HSPA+ Cellular Gateway and the Sierra Wireless
AirLink ES450 are supported. The HSPA+ gateway must be configured in gateway
mode before it can be used as the fail-over gateway. It is recommended that the
HSPA+ Cellular Connection Mode be set to On Demand, which will leave the link
quiescent until an application attempts to make use of the cellular network
connection. It is also recommended that the SNTP protocol be disabled, as On
Demand mode uses the egress traffic as a trigger.
The Sierra gateway must be properly provisioned before first use by initializing the
APN of the installed SIM card. This is done by connecting the Sierra gateway to the
second ethernet port of the SLC, and assigning a static IP address to the SLC port
so that it is in the same subnet as the IP address of the Sierra gateway. Use the
console CLI or web GUI to set the APN of the SIM card. After setting the APN,
power cycle the Sierra gateway and allow it to reboot completely.
The failover feature requires that both Ethernet ports be configured with a static IP
address. Using DHCP on one of the Ethernet ports may overwrite the default route,
interfering with fail-over and fail-back.
Note: The commands sent to the fail-over device to retrieve status and update the
configuration are shown in the syslog (messages may be displayed under Network
syslog; at the Debug level). If there are errors retrieving status or updating the
configuration, check messages in the Network syslog, the device administrator
login/password, connectivity to the device and the firmware version of the fail-over
device (the minimum required firmware version for HSPA+ is 8.1.0.0 and for Sierra
Wireless ES450, it is 4.9.2). For the HSPA+ gateway, if the firmware is updated and
new items are added to the status output by the gateway, the new items will
automatically be displayed on the SLC.
When the SLC sends an updated configuration to the fail-over device, it is
recommended to check the SLC syslog, even if the SLC indicates that the update
was successful. Responses from the fail-over device indicating that the device
needs to be rebooted for configuration changes to take affect may also be in the
syslog. The configuration will be re-sent to the device if any of the fail-over device
settings are changed, or the selected fail-over device is changed from None to one
of the supported fail-over device types.
When a fail-over or fail-back occurs, running applications such as VPN tunnel and
ConsoleFlow will be restarted.
APN of Mobile
Carrier
For the HSPA+ and Sierra gateways, configure the Access Point Name for the
mobile carrier. May have up to 256 characters.
Admin Login and
Password/Retype
For the selected Fail-over Device, the administrator login and password used to
retrieve status from the device and send configuration updates to the device. The
login may have up to 32 characters, and the password may have up to 64
characters. The Admin Password displays the current password masked.
Change Admin
Password (check
box)
Select this check box if you wish to update the admin password for the selected
gateway Fail-over Device.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 77
Advanced Cellular Gateway Configuration
Fail-Over Cellular Gateway Firmware
Note: The HSPA+ or Sierra fail-over device must be selected in order for you to be able
to update the firmware.
New Admin
Password/Retype
For the selected Fail-over Device, the administrator password can be changed on
the gateway. The password may have up to 64 characters.
To change the Admin Password, click the Change Admin Password checkbox and
enter the new password in the New Admin Password and Retype fields. Changing
the HSPA+ Admin password will save the password on the SLC for status and
configuration queries to the HSPA+ gateway. The password must match what is
stored on the HSPA+ gateway. Changing the Sierra Admin password will save the
password on the SLC for status and configuration queries to the Sierra gateway.
The new password will also be configured on the Sierra gateway. The Sierra
gateway login must be set as ‘user’.
Reboot Gateway
When Making
Changes (check
box)
For the selected Fail-over Device, the administrator can reboot the gateway.
Fail-Over Cellular
Gateway Status
(link)
Clicking the link opens the Fail-Over Cellular Gateway status window, showing
status and statistics about the fail-over gateway.
Click Back to Network Settings to return to the Network Settings page.
SIM Card PIN Lock
(check box)
For the HSPA+ and Sierra gateways, enable a lock so that the SIM card used by the
gateway cannot be used by anyone who does not have the PIN.
Pin # for SIM Card/
Retype
For the HSPA+ and Sierra gateways, the PIN number for the SIM card used by the
gateway. May have up to 8 characters.
SIM PUK/Retype For the HSPA+ gateway, the SIM Personal Unblocking Key. May have up to 16
characters. The Sierra gateway does not have this feature.
SIM Username For the HSPA+ gateway, enter the username for dial up to the cellular carrier, if
required. May have up to 64 characters. The Sierra gateway does not have this
feature.
SIM Password For the HSPA+ gateway, enter the password for dial up to the cellular carrier, if
required. May have up to 64 characters. The Sierra gateway does not have this
feature.
Dial-up String For the HSPA+ gateway, enter the modem string used for making a connection to
the carrier. May have up to 64 characters. The Sierra gateway does not have this
feature.
Roaming For the HSPA+ gateway, enable or disable network roaming. The Sierra gateway
does not have this feature.
Update Firmware
(check box)
Select this option to update firmware on the HSPA+ gateway or the Sierra gateway.
The Functional Firmware file and the Radio Firmware file (required for the Sierra
gateway only) will be transferred to the SLC using the method selected by the Load
Firmware via option. Once the file(s) have been transferred to the SLC, the SLC
will initiate the firmware update on the gateway.
Functional Firmware
Filename
Enter the name of the firmware filename exactly as it is represented.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 78
Load Cellular Gateway Firmware Options
3. To save your entries, click the Apply button. Apply makes the changes immediately and
saves them so they will be there when the SLC 8000 advanced console manager is rebooted.
Ethernet Counters
The Network > Network Settings (1 of 2) page displays statistics for each of the SLC Ethernet
ports since boot-up. The system automatically updates them.
Note: For Ethernet statistics for a smaller time period, use the diag perfstat
command.
Network Commands
Go to Network Commands to view CLI commands which correspond to the web page entries
described above.
IP Filter
IP filters (also called a rule set) act as a firewall to allow or deny an individual MAC address or
individual or a range of IP addresses, ports, and protocols. When a network connection is
configured to use an IP filter, all network traffic through that connection is compared, in order, to
the rules of that filter. Network traffic may be allowed to pass, it may be dropped (without notice),
or it may be rejected (sends back an error packet) depending upon the rules of that filter rule set.
The administrator uses the Network > IP Filter page to view, add, edit, delete, and map IP filters.
Warning: IP filters configuration is a feature for advanced users. Adding and
enabling IP filter sets incorrectly can disable access to your SLC unit.
Radio Firmware
Filename
Enter the name of the radio firmware filename exactly as it is represented.
Load Firmware via Select the method to load the firmware from the options in the drop-down menu.
Options are: FTP, TFTP, SCP, USB, SD Card, and HTTPS. FTP is the default.
If you select HTTPS, the Upload File link becomes active. Select the link to open
a popup window that allows you to browse to a firmware update file to upload.
If you select NFS, the mount directory must be specified.
Note: Connections available depend on the model of the SLC unit.
USB Port Select the USB port. The firmware files must be stored in the top level directory of
the USB flash drive.
FTP/SFTP/SCP
Server
Enter the IP address or host name of the server used for obtaining the firmware
files. May have up to 64 alphanumeric characters; may include hyphens and
underscore characters.
Path Enter the path on the server for obtaining firmware update files.
Login Enter the user login for the FTP/SFTP/SCP server to verify access. May be blank.
Password/
Retype Password
Enter the FTP/SFTP/SCP user password. Retype the password in the Retype
Password field.
n 13 5 7 2H131517192121252729313335\739‘1414547 A LANTQOMX chaa4a ummm u: r7 2 4 s I101:141613202214262330322436366052444645 n 5:; :fi‘ggi" Sdmpmiw - Mm” WebSSHWm-‘y’ cmmmemmn W m 69 ? B} E Newmsuunis IPFHIer Rummu vrm Securfly Pulmonmmni IP Filler Nclp?‘ Enable H: mm ‘ Packets Dmpped n Packet: Rammed o m Sums > tesmmer . No Yes mmulES mm) Use lhe resmme. m venfy m u: my Ru‘esets IF lelerwxl‘ , ammamny be dlsab‘ed when «he Testfimel expwes Tme Remalmnu n ”mime: mama rumba“ mamas“ mm“ [—‘Etrmen . |:| page New 1:ne.e[e Mm.“ up rum Ruesets I: run Maw-nus Mam. mum:- mam
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 79
Viewing IP Filters
You can view a list of filters and a table showing how each filter is mapped to an interface.
To view a list of IP filters:
1. Click the Network tab and select the IP Filter option. The following page displays:
Figure 6-4 Network > IP Filter
Mapping Rulesets
The administrator can assign an IP Filter Rule Set to a network interface (Ethernet interface), a
modem connected to a device port, or a USB modem or an internal modem (if installed).
To map a ruleset to a network interface:
1. Click the Network tab and select the IP Filter option. The Network > IP Filter page displays.
2. Select the IP filter rule set to be mapped.
3. From the Interface drop-down list, select the desired network interface and click the Map
Ruleset button. The Interface and rule set display in the IP Filter Mappings table.
To delete a mapping:
1. Click the Network tab and select the IP Filter option. The Network > IP Filter page displays.
2. Select the mapping from the list and click the Delete Mappings button. The mapping no
longer displays.
3. Click the Apply button.
Enabling IP Filters
On the Network > IP Filter page, you can enable all filters or disable all filters.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 80
Note: There is no way to enable or disable individual filters.
To enable IP filters:
1. Enter the following:
Enable IP Filter Select the Enable IP Filter checkbox to enable all filters, or clear the checkbox
to disable all filters. Disabled by default.
Packets Dropped Displays the number of data packets that the filter ignored (did not respond to).
View only.
Packets Rejected Displays the number of data packets that the filter sent a rejected” response to.
View only.
Test Timer Timer for testing IP Filter rulesets. Select No to disable the timer. Select Yes,
minutes (1-120) to enable the timer and enter the number of minutes the timer
should run. The timer automatically disables the IP Filters when the time
expires.
Time Remaining Indicates how many minutes are left on the timer before it expires and IP Filters
disabled. View only.
F11357911l315a LANT?ON|X “99016 wmfil a 2 .5 319121415 333‘, $32,“ Sgreflwnhr ,crmgm”. . wanssmnponw \ Cunnemflwclmr’un‘y) momma—mm «NEE anork seam-as rr: Fingr Rouurru VPM security Permonrronrra FanN Us: anwork - IF Filtnr Rulnset H-Iz'i Hueset Name Numnemmures 1 Rue Fararrrerers RHIS (m older or Dremnmce] IPAmre§AE§ I U U U DID,AIHDYOD A warm: i W ran 7‘ m WWW Pmmool All v v Purl Range Mon -, Drop \, Ram ,Acccpl Clear t BOOTP/DHCP M rerrrer M rm? M FI'F Genm‘e Me , DNS M SNMP M Ms M 5m: tuallvwservlae , RJF M sum: M LDAP M rrr-rr= , rm: M NFS M RADrus M VFN , Syslag M sma/crrs M Kaberw M LDP , SSH M HrrPs M TACACS+ M SLCLoggrrlg < back="" ru="" rp="" frlter="" apply="">
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 81
Configuring IP Filters
The administrator can add, edit, delete, and map IP filters.
Note: A configured filter has no effect until it is mapped to a network interface.
See Mapping Rulesets on page 79.
To add an IP filter:
1. On the Network > IP Filter page, click the Add Ruleset button. The following page displays:
Figure 6-5 Network > IP Filter Ruleset (Adding/Editing Rulesets)
Rulesets can be added or updated on this page.
2. Enter the following:
Ruleset Name Name that identifies a filter; may be composed of letters, numbers, and hyphens
only. (The name cannot start with a hyphen.)
Example: FILTER-2
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 82
Rule Parameters
3. Click the right arrow button to add the new rule to the bottom of the Rules list box on the
right. A maximum of 64 rules can be created for each ruleset.
4. To remove a rule from the filter set, highlight that line and click the left arrow. The rule
populates the rule definition fields, allowing you to make minor changes before reinserting the
rule. To clear the definition fields, click the Clear button.
5. To change the order of priority of the rules in the list box, select the rule to move and use the
up or down arrow buttons on the right side of the filter list box.
6. To save, click the Apply button. The new filter displays in the menu tree.
Note: To add another new filter rule set, click the Back to IP Filter link to return to the
Network > IP Filter page.
Updating an IP Filter
To update an IP filter rule set:
IP Address(es) Specify a single IP address to act as a filter.
Example: 172.19.220.64 – this specific IP address only
Subnet Mask Specify a subnet mask to act determine how much of the address should apply to
the filter.
Example: 255.255.255.255 to specify the whole address should apply.
MAC Address Specify a single MAC address to act as a filter.
Example: 10:7d:1a:33:5c:e1
Protocol From the drop-down list, select the type of protocol through which the filter will
operate. The default setting is All.
Port Range Enter a range of destination TCP or UDP port numbers to be tested. An entry is
required for TCP, TCP New, TCP Established, and UDP, and is not allowed for
other protocols. Separate multiple ports with commas. Separate ranges of ports by
colons.
Examples:
22 – filter on port 22 only
23,64,80 – filter on ports 23, 64 and 80
23:64,80,143:150 – filter on ports 23 through 64, port 80 and ports 143 through
150
Action Select whether to Drop, Reject, or Allow communications for the specified IP
address, subnet mask, protocol, and port range. Drop ignores the packet with no
notification. Reject ignores the packet and sends back an error message. Allow
permits the packet through the filter.
Clear Click the Clear button to clear any Rule Parameter information set above.
Generate rule to
allow service
You may wish to “punch holes” in your filter set for a particular protocol or service.
For instance, if you have configured your NIS server and wish to create an opening
in your filter set, select the NIS option and click the Add Rule button. This entry
adds a new rule to your filter set using the NIS -configured IP address. Other
services and protocols added automatically generate the necessary rule to allow
their use.
LANTQONIX SLc 8048 [1 1:5 5 7 511131511192123252129313235 71541434547 A 2 [2 2 A 5 a m1:1.115152n212425uanaznsfiaumzu‘au n fig; mm“. sammm - comm" WebssHmPnnm mama nmmpmm m w—mmm 6‘} ? W NIIwerkSulmgs wrmr Rummy vpu Slcumy Pmmnmmng Rou ml Th: Rmmng Table can bewewed Emble RIP I R‘PVarsmn I I and 2 mm m w Rm“ R Ln) Tn em ordelem a sum: route, Emma 3"“ “WW ‘ se‘eclme mum human m we ngm commn below u: Adams; Static Roms 5mm Ma“ No \PAdflmss Sum-t Mask Gamay Gamay Add/Em! Rome DBMS Rmfle Annly
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 83
1. From the Network > IP Filter page, the administrator selects the IP filter ruleset to be edited
and clicks the Edit Ruleset button to return to the Network > IP Filter Ruleset (Adding/Editing
Rulesets) page (see Figure 6-5).
2. Edit the information as desired and click the Apply button.
Deleting an IP Filter
To delete an IP filter rule set:
1. On the Network > IP Filter page, the administrator selects the IP filter ruleset to be deleted and
clicks the Delete Ruleset button.
IP Filter Commands
Go to IP Filter Commands to view CLI commands which correspond to the web page entries
described above.
Routing
The SLC 8000 advanced console manager allows you to define static routes and, for networks
using Routing Information Protocol (RIP)-capable routes, to enable the RIP protocol to configure
the routes dynamically.
To configure routing settings:
1. Click the Network tab and select the Routing option. The following page displays:
Figure 6-6 Network > Routing
2. Enter the following:
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 84
Dynamic Routing
Static Routing
3. Click the Apply button.
Note: To display the routing table, status or specific report, see the section,
Status/Reports on page 294.
Routing Commands
Go to Routing Commands to view CLI commands which correspond to the web page entries
described above.
VPN
This page can be used to create a Virtual Private Network (VPN) tunnel to the SLC 8000 advanced
console manager for secure communication between the SLC unit and a remote host or gateway.
The SLC 8000 advanced console manager supports IPSec tunnels using Encapsulated Security
Payload (ESP). The SLC unit supports host-to-host, net-to-net, host-to-net, and roaming user
tunnels.
Note: To allow VPN tunnel access if the SLC firewall is enabled, traffic to UDP ports 500
and 4500 from the remote host should be allowed, as well as protocol ESP from the
remote host.
Enable RIP Select to enable Dynamic Routing Information Protocol (RIP) to assign routes
automatically. Disabled by default.
RIP Version Select the RIP version. The default is 2.
Enable Static
Routing
Select to assign the routes manually. The system administrator usually provides the
routes. Disabled by default.
To add a static route, enter the IP Address, Subnet Mask, and Gateway for the
route and click the Add/Edit Route button. The route displays in the Static Routes
table. You can add up to 64 static routes.
To edit a static route, select the radio button to the right of the route, change the IP
Address, Subnet Mask, and Gateway fields as desired, and click the Add/Edit
Route button.
To delete a static route, select the radio button to the right of the route and click the
Delete Route button.
n1: 5 7 9111\1517192123252725315355573341434547 A LANTQONIX m we [I 2 A E am<2u(5152:1222‘2525anazuaaaaladzudada l3="" fig;="" i'fi’flm="" seemm="" gcmfignmnu="" websshmpanm="" 7="" mnedestvxeumm="" um="" m—-ww="" 6*="" 7="" {8%="" anwork="" sclllngs="" "="">an Rummy vpu Sccuvlry Pnflrllomlonng VP“ ml! £71311wa 7 Cullen‘Tume‘S'ams Dawn me Name meme,” .1 1 swam Remote Hos! Remme In Remue Hun/Rnuler Rum: sunneqs) Loca‘ Id VIeWVFN Laws) Lam ‘ Hep/Remy Lam sunneqs) Vxew Dena ed Sums) View 5L0 RSA Fubuc Key) v joDS cm cams) IKE Negunanm mm :mm . Encrypnlg‘E AW ' Ammm‘w Any v DH Gmup Any . ES" . :v Encwm Any Aumenmum Any MGM“, Any Amhermcauun . RSA Public Key 7 Prfihaed Key x509 Cervical: REA Fem: Kev 4m Rzmme Host Pesnlagyu Rm: PrcShanzd Km! {—1 Cemficae mm var um > Rem-me Peev Bellman: Fvle {or Remme upload a > Peer eemnme Amnonmov Upload Fue> mew mmeee ermeeerl: EFL-1 e> {5179\— ummnm Perveu 7 anm w Secvecy SA Mewne 28301] Mode 7 Canflgmanun A Chem . Mam Made 7 Aauresswe Made
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 85
To complete the VPN page:
1. Click the Network tab and select the VPN option. The following page displays:
Figure 6-7 Network > VPN (1 of 2)
Flgure 6.8 Network > VPN (2 on) mum chem ‘ mm |:| W“: : Passwnm Retype Fasswom Remme Pee! Type . IEIFAnorrCmo) gm Fume ‘ Encapsulahnn Deed Pee! mm“ Nn . V25,D2lay 30 5mm; Dead Pee! Defiecucm \Hald—v/ Anmn MW
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 86
Figure 6-8 Network > VPN (2 of 2)
2. Enter the following:
Enable VPN Tunnel Select to create a tunnel.
Name The name assigned to the tunnel. Required to create a tunnel.
Ethernet Port Select Ethernet port 1 or 2, or the default route (default is 1). If default route
is selected, VPN will automatically use the local address of the default route
interface (as determined at IPsec startup time); this also overrides any value
supplied for Local Hop/Router.
Remote Host The IP address of the remote host's public network interface. The special
value of any can be entered if the remote host is a roaming user who may
not have the same IP address each time a tunnel is created. In this case, it
is recommended that the Remote Id also be configured.
Remote Id How the remote host should be identified for authentication. The Id is used
to select the proper credentials for communicating with the remote host.
Remote Hop/Router If the remote host is behind a gateway, this specifies the IP address of the
gateway's public network interface.
Remote Subnet(s) One or more subnets behind the remote host, expressed in CIDR notation
(IP address/mask bits). If multiple subnets are specified, the subnets should
be separated by a comma. Up to 10 local subnets supported.
Local Id How the SLC 8000 advanced console manager should be identified for
authentication. The Id is used by the remote host to select the proper
credentials for communicating with the SLC advanced console manager.
Local Hop/
Router
If the SLC unit is behind a gateway, this specifies the IP address of the
gateway's public network interface.
Local Subnet(s) One or more subnets behind the SLC 8000 advanced console manager,
expressed in CIDR notation (IP address/mask bits). If multiple subnets are
specified, the subnets should be separated by a comma. Up to 10 local
subnets supported.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 87
IKE Negotiation The Internet Key Exchange (IKE) protocol is used to exchange security
options between two hosts who want to communicate via IPSec. The first
phase of the protocol authenticates the two hosts to each other and
establishes the Internet Security Association Key Management Protocol
Security Association (ISAKMP SA). The second phase of the protocol
establishes the cryptographic parameters for protecting the data passed
through the tunnel, which is the IPSec Security Association (IPSec SA). The
IPSec SA can periodically be renegotiated to ensure security. The IKE
protocol can use one of two modes: Main Mode, which provides identity
protection and takes longer, or Aggressive Mode, which provides no
identity protection but is quicker. With Aggressive Mode, there is no
negotiation of which cryptographic parameters will be used; each side must
give the correct cryptographic parameters in the initial package of the
exchange, otherwise the exchange will fail. If Aggressive Mode is used, the
IKE Encryption, IKE Authentication, and IKE DH Group must be
specified.
IKE v2 IKE version 2 settings to be used. Currently the accepted values are Permit,
(the default) signifying no IKEv2 should be transmitted, but will be accepted
if the other ends initiates to us with IKEv2; Never signifying no IKEv2
negotiation should be transmitted or accepted; Propose signifying that the
SLC will permit IKEv2, and also use it as the default to initiate; Insist,
signifying that the SLC only accept and receive IKEv2 and IKEv1
negotiations will be rejected.
If the IKEv2 setting is set to Permit or Propose, the SLC will try and detect a
"bid down" attack from IKEv2 to IKEv1. Since there is no standard for
transmitting the IKEv2 capability with IKEv1, the SLC uses a special Vendor
ID "CAN-IKEv2". If a fall back from IKEv2 to IKEv1 was detected, and the
IKEv1 negotiation contains Vendor ID "CAN-IKEv2", the SLC will
immediately attempt an IKEv2 rekey and refuse to use the IKEv1
connection. With an IKEv2 setting of Insist, no IKEv1 negotiation is allowed,
and no bid down attack is possible.
IKE Encryption The type of encryption, 3DES or AES, are used for IKE negotiation. Any
can be selected if the two sides can negotiate which type of encryption to
use.
Authentication (IKE) The type of authentication, SHA1, MD5, SHA2_256, or SHA2_512, used for
IKE negotiation. Any can be selected if the two sides can negotiate which
type of authentication to use.
DH Group (IKE) The Diffie-Hellman Group, 2, 5, 14 or 15 used for IKE negotiation. Any can
be selected if the two sides can negotiate which Diffie-Hellman Group to
use.
ESP Encryption The type of encryption, 3DES or AES, used for encrypting the data sent
through the tunnel. Any can be selected if the two sides can negotiate
which type of encryption to use.
Authentication (ESP) The type of authentication, SHA1, MD5, SHA2_256, or SHA2_512 used for
authenticating data sent through the tunnel. Any can be selected if the two
sides can negotiate which type of authentication to use.
DH Group (ESP) The Diffie-Hellman Group, 2, 5, 14 or 15, used for the key exchange for data
sent through the tunnel. Any can be selected if the two sides can negotiate
which Diffie-Hellman Group to use.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 88
Authentication The type of authentication used by the host on each side of the VPN tunnel
to verify the identity of the other host.
For RSA Public Key, each host generates a RSA public-private key pair,
and shares its public key with the remote host. The RSA Public Key for
the SLC 8000 advanced console manager (which has 2192 bits) can be
viewed at either the web or CLI.
For Pre-Shared Key, each host enters the same passphrase to be used
for authentication.
For X.509 Certificate, each host is configured with a Certificate Authority
certificate along with a X.509 certificate with a corresponding private key,
and shares the X.509 certificate with the remote host.
RSA Public Key for
Remote Host
If RSA Public Key is selected for authentication, enter the public key for the
remote host.
Pre-Shared Key If Pre-Shared Key is selected for authentication, enter the key.
Retype Pre-Shared Key If Pre-Shared Key is selected for authentication, re-enter the key.
Certificate Authority for
Remote Peer
A certificate can be uploaded to the SLC unit for peer authentication. The
certificate for the remote peer is used to authenticate the SLC to the remote
peer, and at a minimum contains the public certificate file of the remote
peer. The certificate may also contain a Certificate Authority file; if the
Certificate Authority file is omitted, the SLC may display "issuer cacert not
found" and "X.509 certificate rejected" messages, but still authenticate. The
Certificate Authority file and public certificate File must be in PEM format,
e.g.:
-----BEGIN CERTIFICATE-----
(certificate in base64 encoding)
-----END CERTIFICATE-----
Certificate File for Remote
Peer
Certificate Authority for
Local Peer
A certificate can be uploaded to the SLC unit for peer authentication. The
certificate for the local peer is used to authenticate any remote peer to the
SLC, and contains a Certificate Authority file, a public certificate file, and a
private key file. The public certificate file can be shared with any remote
peer for authentication. The Certificate Authority and public certificate file
must be in PEM format, e.g.:
-----BEGIN CERTIFICATE-----
(certificate in base64 encoding)
-----END CERTIFICATE-----
The key file must be in RSA private key file (PKCS#1) format, eg:
-----BEGIN RSA PRIVATE KEY-----
(private key in base64 encoding)
-----END RSA PRIVATE KEY-----
Certificate File for Local
Peer
Key File for Local Peer
Perfect Forward Secrecy When a new IPSec SA is negotiated after the IPSec SA lifetime expires, a
new Diffie-Hellman key exchange can be performed to generate a new
session key to be used to encrypt the data being sent through the tunnel. If
this is enabled, it provides greater security, since the old session keys are
destroyed.
SA Lifetime How long a particular instance of a connection should last, from successful
negotiation to expiry, in seconds. Normally, the connection is renegotiated
(via the keying channel) before it expires.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 89
3. To save, click Apply button.
4. To see a details of the VPN tunnel connection, including the cryptographic algorithms used,
select the View Detailed Status link.
5. To see the last 100 lines of the logs associated with the VPN tunnel, select the View VPN
Logs link.
6. To see the RSA public key for the SLC 8000 advanced console manager (required for
configuring the remote host if RSA Public Keys are being used), select the View SLC RSA
Public Key link.
7. To see the X.509 Certificates for the SLC 8000 advanced console manager, select the View
X.509 Certificates link.
VPN Commands
Go to VPN Commands to view CLI commands which correspond to the web page entries
described above.
Mode Configuration Client If this is enabled, the SLC unit can receive network configuration from the
remote host. This allows the remote host to assign an IP address/netmask
to the SLC advanced console manager side of the VPN tunnel.
XAUTH Client If this is enabled, the SLC 8000 advanced console manager will send
authentication credentials to the remote host if they are requested. XAUTH,
or Extended Authentication, can be used as an additional security measure
on top of the Pre-Shared Key or RSA Public Key.
XAUTH Login (Client) If XAUTH Client is enabled, this is the login used for authentication.
XAUTH Password If XAUTH Client is enabled, this is the password used for authentication.
Retype Password If XAUTH Client is enabled, this is the password used for authentication.
Remote Peer Type Defines the type of the remote peer, either IETF (non-Cisco) or Cisco.
When set to Cisco, support for Cisco IPsec gateway redirection and Cisco
obtained DNS and domainname are enabled.
Force Encapsulation In some cases, for example when ESP packets are filtered or when a
broken IPsec peer does not properly recognise NAT, it can be useful to
force RFC-3948 encapsulation.
Dead Peer Detection Sets the delay (in seconds) between Dead Peer Detection (RFC 3706)
keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for the tunnel
(default 30 seconds). Dead Peer Detection can also be disabled.
Dead Peer Detection
Timeout
Sets the length of time (in seconds) the SLC will idle without hearing either
an R_U_THERE poll from the peer, or an R_U_THERE_ACK reply. The
default is 120 seconds. After this period has elapsed with no response and
no traffic, the SLC will declare the peer dead, remove the Security
Association (SA), and perform the action defined by Dead Peer Detection
Action.
Dead Peer Detection Action When a Dead Peer Detection enabled peer is declared dead, the action that
should be taken. Hold (the default) means the tunnel will be put into a hold
status. Clear means the Security Association (SA) will be cleared. Restart
means the SA will immediately be renegotiated.
The SLC 8000 advanced console manager suppo 140-2 standard. FIPS (Federal Information Proce developed by the United States federal governm for the use of encryption and cryptographic serv Technology (NIST) maintains the documents re httg://csrc.nist.gov/Qublications/PubsFlPShtml
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 90
Security
The SLC 8000 advanced console manager supports a security mode that complies with the FIPS
140-2 standard. FIPS (Federal Information Processing Standard) 140-2 is a security standard
developed by the United States federal government that defines rules, regulations and standards
for the use of encryption and cryptographic services. The National Institute of Standards and
Technology (NIST) maintains the documents related to FIPS at:
http://csrc.nist.gov/publications/PubsFIPS.html
FIPS 140-2 defines four security levels, Level 1 through Level 4. The SLC unit uses a FIPS
module certified at Level 1.
Note: The SSH client keyboard-interactive authentication type is not supported while the
SLC unit is in FIPS mode. The SLC 8000 can support a limit of 25 concurrent CLI sessions
simultaneously when in FIPs mode.
To enable FIPS mode, the Network -> Security -> FIPS Mode flag needs to be enabled and the
SLC unit rebooted. Each time the SLC unit is booted in FIPS mode, it will perform a power up self
test to verify the integrity of the SLC unit's cryptographic module. If there are any issues with the
integrity of the cryptographic module, FIPS mode will be disabled and the SLC unit will be
rebooted into non-FIPS mode.
When the SLC unit is running in FIPS mode, the following protocols are supported: TLS 1.0, TLS
1.1, TLS 1.2, and SSH v2.
For SSL, the SLC unit will support the following cipher suites:
AES128-SHA
AES128-SHA256
AES128-GCM-SHA256
AES256-SHA
AES256-SHA256
AES256-GCM-SHA384
SSL/secure certificates imported for use with the web server or LDAP authentication must use
either the SHA1 or SHA2 hash with a RSA public key of 1024, 2048 or 3072 bits.
For SSH, the SLC unit will support the following cipher suites:
* AEAD-AES-128-GCM-SSH
* AEAD-AES-256-GCM-SSH
* AES128-CTR
* AES256-CTR
* AES192-CTR
SSH Keys imported for use with SSH authentication must use a RSA public key of 1024, 2048 or
3072 bits. SSH Keys exported by the SLC must use a RSA public key of 2048 or 3072 bits.
When the SLC unit is running in FIPS mode, the following protocols/functions will not be
supported: NIS, Kerberos, RADIUS, TACACS+, Telnet/WebTelnet, WebSSH, IPSec/VPN, SSH
v1, FTP, PPP, CIFS/Samba, TCP, UDP, unencrypted LDAP, performance monitoring,
ConsoleFlow, and SNMP. If any of these protocols/functions are enabled prior to enabling FIPS
mode, they will be automatically disabled.
LANTENIX SLC 8048 m *u 1 3 5 7 «z 11111517I9112325272§3133353719~MA3454? n U: .2 2 4 a sIn12H15Izzuzzzdzfiznanazllaaiamu m a flgggfiggfln WWW ocmwmw Wenssumvunm mmnmusmvmm . mar- m—“w «:1 7 w Nelwnrksulmvs "=de Rommg VFN Secunty Security Enzh‘e FIPS Mod: L m: 0..an was Mmetamwes a mum AWIV
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 91
LDAP authentication must be configured with the following:
StartTLS encryption (SSL encryption over port 636 is not supported)
A SSL/secure certificate
Either Bind with Login or a Bind Name and Password
Note: In FIPS mode, passphrases are not supported for SSH keys and SSL certificates.
Figure 6-9 Network > Security
To enable FIPS:
Note: The SSH client keyboard-interactive authentication type is not supported while the
SLC unit is in FIPS mode.
1. Check the Enable FIPS Mode check box on the Networks > Security page.
2. Click Apply. The SLC unit will need to be rebooted to initiate FIPS mode. Once the SLC
module is running in FIPS mode, the Security page, will display all processes that are running
in FIPS mode.
To disable FIPS:
1. Uncheck the Enable FIPS Mode check box on the Networks > Security page.
2. Click Apply. The SLC unit will need to be rebooted for this change to take effect. When
rebooted after disabling FIPS mode, information about processes running in FIPS mode will
no longer display on the Security page.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 92
Performance Monitoring
The SLC supports Performance Monitoring probes for analyzing network performance. Probes for
DNS Lookup, HTTP Get, ICMP Echo, TCP Connect, UDP Jitter and UDP Jitter VoIP are
supported. Up to 15 different probes can be configured. Each probe will run a series of operations,
each of which sends a series of packets to a destination host. The SLC will measure how long it
took to receive a response, and record the results. For each operation, the user can view the
results for each packet (round trip times), or the accumulated statistics for all packets - minimum,
average and maximum latency, and for jitter probes, minimum, average, maximum and standard
deviation of the jitter delay. Dropped packets and other error conditions are recorded for each
operation. This capability allows an administrator to analyze network efficiency across the
network.
An operation consists of sending a specified number of packets to a destination host and optional
port, with a specified amount of time between each packet. All results for each operation are
stored in one data file, and the results can be viewed later. Accumulated statistics can also be
pulled from the SLC via SNMP Gets.
Repository and Operations Kept: The SLC can be configured to store probe results on the local
SLC storage, or an external USB thumb drive or SD card. The number of operations that can be
stored per probe on the local SLC storage is 50 operations; for external USB thumb drive or SD,
200 operations can be stored per probe.
Responders: The SLC can act as a responder for probes that require a responder to answer
packets that are sent from the SLC (UDP jitter, UDP jitter VoIP, UDP Echo and TCP Connect). The
SLC UDP jitter responder can support packet responses for up to 15 UDP jitter or UDP jitter VoIP
probes. The UDP Echo and TCP Connect can support packets responses for one UDP Echo or
TCP Connect probe.
Jitter Probes and Clock Skew: For jitter probes, it is important to have both the sender and
responder synchronized to a reliable NTP server. Significant clock skew can greatly affect jitter
results, as timestamps are recorded in the sender probe and the responder, and these timestamps
are used to measure one-way latency for the packets. At the start of each jitter operation, the clock
skew between the sender and the responder will be output to the system log.
Compatibility with Cisco Responders: The SLC Performance Monitor sender is compatible with
Cisco IP SLA responders (IOS versions 12.2 and 15.0) for jitter probes. The SLC uses a simplified
version of the IP SLA v2 (Engine II) protocol to communicate with the Cisco IP SLA responders.
This compatibility gives the administrator a large number of devices with which to measure
network performance.
High Resolution Timers: Performance Monitoring requires that high resolution timers be enabled
in order to generate accurate results down to the microsecond. The high resolution timers are
disabled by default, and can be enabled on the Maintenance > Firmware & Configurations web
page. A reboot is required if the setting is changed. Enabling high resolution timers may affect SLC
performance.
LANTQONIX swam snag-a new w—mm Nemarksufings IPFi‘Ier Rnullrlu VPN Security PerannHun-ug Performance Monitoring Number m upelatnns kept «or Bath pmbE Reposuoly 1m nperaunns Local v UDP Echo Respunder UDP 1mg. Raspunder F111 5 7 sH13151715212325272531\3\5\7\3414a4547 A u 2 A a a«a<2m«5132:1222125zasnszuaaaawuuaaw u="" 533:="" glfgggh="" swam,="" mmnnm="" wassfiuwunm="" danmled="" dame="" (dp="" mm="" m="" 7="" {i}="" el="" mm="" mm="" :|="" tcp="" canned="" resnnnder="" top="" pun="" ‘="" ‘="" add”!="" rafmsh)="" add="" probe)="" )=""> > a mans, T p, ,n Id Nam State 22:53." Emr gnwm‘w'm'z‘l
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 93
To manage or view status for a Performance Monitoring probe:
1. Click the Network tab and select the Perf Monitoring option. The following page displays.
Figure 6-10 Network > Perf Monitoring
2. In the upper section of the page, modify the global Performance Monitoring settings:
Number of operations
kept for each probe
Specifies the number of operation set files to keep for each probe. The limit for
Local storage is 50 sets. The limit for external (USB or SD card) is 200 sets. While
a probe is running, the operation set files will be automatically culled to remove
the oldest operation set files.
Repository for
operations
The repository where the operation set files will be kept - Local storage, a USB
thumb drive inserted in the upper USB Port U1 or lower USB Port U2, or the SD
card slot. The data is stored in individual directories under a directory called
"perfmon". Once probes have been run and operation set files have been
generated, changing the repository will cause all of the existing files to be moved
from the old repository directory to the new repository directory. It is
recommended that the repository only be changed when probes are not actively
running. If external storage is used for the repository, it is recommended that the
external storage device not be removed from the SLC while probes are actively
running.
UDP Jitter Responder Starts the UDP Jitter responder to reply to UDP jitter or UDP jitter VoIP packets.
The responder will listen on UDP port 1967 for control messages requesting to
start individual responders on a specific UDP port. The SLC UDP jitter responder
can support up to 15 UDP jitter senders.
UDP Echo Responder Starts the UDP Echo responder on the port configured in UDP Port to reply to
UDP echo packets. The SLC UDP Echo responder supports one UDP echo
sender.
When the UDP Echo responder is enabled, the SLC will verify that the responder
UDP port is not being used by any other SLC processes, including port 1967
which is reserved for the UDP Jitter responder.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 94
3. Click the Apply button.
4. In the lower section of the page, select a probe by clicking the radio button to the far right in
the probe's row. The options that are available for that probe will be ungreyed. Select one of
the following options:
The table at the bottom of the page lists information about completed and running probes.
TCP Connect
Responder
Starts the TCP Connect responder on the port configured in TCP Port to reply to
TCP connect requests. The SLC TCP Connect responder supports one TCP
connect sender.
When the TCP Connect responder is enabled, the SLC will verify that the
responder TCP port is not being used by any other SLC processes.
Refresh Refreshes the information on the Performance Monitoring page.
Add Probe Displays the Performance Monitoring - Add/Edit Probe web page to add a new
probe.
Operations Displays a list of completed operations for the selected probe and allows the user
to view either raw packet results or accumulated statistics for any operation.
Latest Results Displays the latest raw packet results for the selected probe.
Latest Accumulated Displays the latest accumulated statistics for the selected probe.
State: Restart Allows the state of a probe to be controlled: the user can Restart a completed or
running probe. When a probe is added, it will automatically start running,
depending on how the probe start time is configured. Once a probe has run all of
its configured operations, it will be in the "Complete" state. If the SLC is rebooted,
all probes will automatically be restarted.
Edit Probe Displays the Performance Monitoring - Add/Edit Probe web page to edit the
currently selected probe.
Delete Deletes the selected probe, after a confirmation.
Id Unique identifier for the probe.
Name Name assigned to the probe.
State The current state of the probe: Complete if all operations have been run, or
Running if there are still operations that need to be run.
Start Time First Op The date and time that the first operation started.
Finish Time Last Op The date time that the most recently completed operation finished.
Error Any errors reported by the probe:
NMT: the current repository is an external source, but the USB thumb drive or
SD card is not mounted
NDR: the repository directory for the probe does not exist
OPF: failed to open an operation data file
SCT: error initializing a socket
CFG: error retrieving probe configuration
EXP: probe start time has expired
Operations Comp/
Total
The number of operations that have been completed and the total
number of operations that will be run.
LAN'RONIX 3Lc3016 mu 113 5 7 3111315 A u 7245510121415»; 333; iwlrfiin sererrrmer . Cnnfgnnnn websSHKDPmr‘y) CunnsLledDevIZEmFmM mm m—wmm W {3% Newark Settings IP Filler Routing va Security PeflMonnuring Performance Monitoring - Add/Edit Probe Helga ( Back!» Perv Mom News Name Number 0! Operanons mu Frequency hemeen ‘50 Overalwns NumberofPackeB 1D Interval between Packers 5m) ruse: Trrneoul: ‘sccnnds ruse: unermerww cm \G‘rzsA r \ new Ememer menace Bum v NW! —2v- 7% , Atdmdhme D7 7 10 v m ,Arewmg |:rm :lmrnres Desonahm Host ,—‘ Daslnannn Pun 5m Tune Pmmsmn - mmrszmnds muesemrms Dam. Srze 0 bytes VernyDava r rywrsémrms, El eusrmsmel: Adrtess Aunly
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 95
Performance Monitoring - Add/Edit Probe
The Performance Monitoring - Add/Edit Probe web page allows a user to add a new Performance
Monitoring probe or edit an existing Performance Monitoring probe.
To add a new probe or edit an existing probe:
1. Click the Network tab and select the Perf Monitoring option. The Network > Perf Monitoring
page displays.
2. To add a new probe, in the lower section of the page, select the Add Probe link. To edit an
existing probe, select a probe by clicking the radio button to the right in the probe's row, then
select the Edit Probe button. In both cases, the following page displays.
Figure 6-11 Performance Monitoring - Add/Edit Probe
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 96
3. Modify the probe settings:
Probe Type Select from one of the available probe types:
DNS Lookup - Performs a DNS lookup on the hostname specified in the
Destination Host using the Name Server. By default port 53 is always used as
the Destination Port.
HTTP Get - Performs an HTTP Get to the home (root) of the web server at the
Destination Host and Destination Port.
ICMP Echo - Sends ICMP Echo (ping) packets to the Destination Host.
TCP Connect - Performs a TCP Connection to the Destination Host and
Destination Port.
UDP Echo - Sends UDP Echo packets to the Destination Host and Destination
Port.
UDP Jitter - Sends UDP jitter packets using a simplified version of the Cisco IP
SLA v2 (Engine II) protocol to the Destination Host and Destination Port.
UDP Jitter VoIP - Sends UDP jitter packets configured to simulate Voice over
IP network traffic (VoIP) using a simplified version of the Cisco IP SLA v2
(Engine II) protocol to the Destination Host and Destination Port.
Name Probe name, up to 40 characters long. Valid characters are letters, numbers,
dashes (-), periods and underscores (_).
Number of Operations Number of operations to perform for the probe. Probes can for a specific number
of operations. The valid range is 1 - 1000, and the default is 100.
Frequency between
Operations
Time between probe operations, in seconds. The valid range is 5 - 3600 seconds,
and the default is 60 seconds.
Number of Packets Number of packets to send for each probe. For DNS Lookup probes, this is the
number of lookups to perform. For HTTP Get probes, this is the number of HTTP
Gets to perform. For TCP Connect probes, this is the number of TCP connections
to perform. The valid range is 1 - 1000 for the Local repository and 1 - 2000 for a
USB or SD card repository. The default is 10 packets.
Interval between
Packets
Interval between packets in milliseconds. The valid range is 10 - 5000
milliseconds, and the default is 500 milliseconds. For HTTP Get, DNS Lookup and
TCP Connect probes, the timeout must be less than the interval due to a new
socket being created and destroyed for each packet.
Start Time Time to start the probe: Now starts the probe immediately; At date/time will start
the probe at the specified date and time in the future; After waiting will start the
probe after waiting a period of time that is less than 24 hours. When the SLC is
rebooted, the probe will start according to the Start Time settings: (a) immediately
if it set to Now, (b) at a date and time in the future if it is set to At date/time and
the date and time is in the future, (c) after waiting a period of time if it is set to
After waiting.
Destination Host The hostname or IP address to send packets to. For DNS Lookup probes this is
the hostname to lookup.
Destination Port The TCP or UDP port to send packets to. For ICMP probes, the port setting is not
used. For DNS Lookup probes, the destination port is always port 53. Port 1967 is
reserved for the UDP jitter responder. The valid range is 1 - 65535.
Precision The precision to view results in - milliseconds (the default) or microseconds. Jitter
results are always displayed in milliseconds.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 97
4. Click the Apply button.
Performance Monitoring - Results
The Performance Monitoring - Operations page displays all of the operations that have been
saved for a selected probe. The probe ID and name are shown at the top of the web page. From
this page, the user may select any operation to view its round trip time (RTT) results, or the
accumulated statistics for all round trip times in an operation.
An operation consists of sending a specified number of packets to a destination host and optional
port, with a specified amount of time between each packet. All results for each operation are
stored in one data file.
Data Size The size in bytes to use for the payload portion of the packet - this size is in
addition to the IPv4 header and the TCP, UDP or ICMP header. Any additional
space in the packet that is not used by the protocol will be padded with random
data that can be used for data verification (see below).
This parameter is only supported for ICMP Echo, TCP Connect, UDP Echo, UDP
Jitter, and UDP Jitter VoIP probes. The maximum payload for any probe is 1460
bytes. The minimum payload size for probes is: UDP Jitter VoIP G.729a codec
probes - 32 bytes; all other UDP Jitter probes - 64 bytes; ICMP Echo probes - 18
bytes; TCP Connect probes - 1 bytes; UDP Echo probes - 4 bytes.
If no data size is specified (e.g., it is set to zero), a default payload size will be
used for the probes as follows:
ICMP Echo - 56 bytes
UDP Jitter VoIP G.729A - 32 bytes
UDP Jitter (all others) - 64 bytes
TCP Connect and UDP Echo - 256 bytes
Verify Data If enabled, indicates that the SLC should verify if there is data corruption in the
reply packets. This parameter is only supported for ICMP Echo, UDP Echo, UDP
Jitter, and UDP Jitter VoIP probes.
Timeout How long the SLC will wait for a packet to arrive, in milliseconds. If the packet
arrives after the timeout it will be considered a Late Arrival error (see Error
Conditions). The valid range is 10 - 1000, and the default is 200 msec.
UDP Jitter VoIP
Codec
For UDP Jitter VoIP probes, the codec to simulate. The following codecs are
available:
G.729A - 32 byte packets sent 20 msec apart, 1000 packets per operation, 60
seconds between operations
G.711 A-law - 172 byte packets sent 20 msec apart, 1000 packets per
operation, 60 seconds between operations
G.711 mu-law - 172 byte packets sent 20 msec apart, 1000 packets per
operation, 60 seconds between operations
The default values for the VoIP probes can be overridden to use different packet
sizes, intervals, etc.
ICMP Ethernet
Interface
For ICMP Echo probes, which Ethernet interface can be used for the probe: both
interfaces, Ethernet Port 1, or Ethernet Port 2.
TOS (Type of Service) Sets the IPv4 Type of Service field in the IPv4 header. This is available for UDP
Jitter and UDP Jitter VoIP probes only. The range is 0 - 255, and the default value
is 0.
DNS Name Server IP
Address
For DNS Lookup probes, the IP address of the DNS name server to use for
lookups.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 98
Round Trip Times
The results for each packet in an operation can be displayed with the RTT Results link. Each
packet will be displayed with the packet start time and any error that resulted from sending the
packet. For non-jitter probes, the total round trip time is displayed in either milliseconds or
microseconds, depending on the probe's precision setting:
Probe 6/icmp-probe, operation icmp_170627_235709.dat:
Pkt Time RT Time Result
1 17-06-27 23:57:09.171 0.419 ms OK
2 17-06-27 23:57:09.211 0.378 ms OK
3 17-06-27 23:57:09.251 0.366 ms OK
4 17-06-27 23:57:09.291 0.354 ms OK
5 17-06-27 23:57:09.332 0.448 ms OK
6 17-06-27 23:57:09.372 0.382 ms OK
7 17-06-27 23:57:09.412 0.308 ms OK
8 17-06-27 23:57:09.452 0.334 ms OK
9 17-06-27 23:57:09.492 0.365 ms OK
10 17-06-27 23:57:09.532 0.361 ms OK
For jitter probes, the source to destination and destination times are displayed in the probe's
configured precision:
Probe 7/udp-jitter-probe, operation udpjitter_170628_002049.dat:
Pkt Time Src To Dst Time Dst To Src Time Result
1 17-06-28 00:20:49.621 31029 usec 44191 usec OK
2 17-06-28 00:20:49.717 35409 usec 44170 usec OK
3 17-06-28 00:20:49.808 35558 usec 34120 usec OK
4 17-06-28 00:20:49.898 25500 usec 34175 usec OK
5 17-06-28 00:20:49.988 35210 usec 34196 usec OK
6 17-06-28 00:20:50.079 25517 usec 34177 usec OK
7 17-06-28 00:20:50.169 35210 usec 54166 usec Late Arrival
8 17-06-28 00:20:50.259 25549 usec 34170 usec OK
9 17-06-28 00:20:50.350 25313 usec 34255 usec OK
10 17-06-28 00:20:50.440 24848 usec 34351 usec OK
Accumulated Statistics
A summary of all round trip time and any error conditions is displayed. The display will vary for
non-jitter and jitter results. For example, non-jitter accumulated results will show:
Probe 6/icmp-probe, operation icmp_170627_235709.dat:
Operation Type:
ICMP Echo to 10.0.1.162, Ethernet Port: both
30 packets sent 40 ms apart, timeout 1000 ms
Operation Start Time: 17-06-27 23:57:09.171
Last Packet RTT: 0.340 msec
Round Trip Time Results:
Number of RTT: 30
RTT Min/Avg/Max: 0.306/0.362/0.448 msec
Number of Successes: 30
Number of Errors: 0
Lost Packet: 0 (0%)
Out of Sequence: 0
Late Arrival: 0
Miscellaneous Error: 0
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 99
For jitter probes, positive (increasing latency) and negative (decreasing latency) statistics are
shown, as well as the number of positive or negative jitter samples in each direction, and the sum
and (and sum squared) of the positive or negative jitter times. These numbers give a summary of
how much variation there was in latency times and if the variation was small or large.
Probe 7/udp-jitter-probe, operation udpjitter_170628_002049.dat:
Operation Type:
UDP Jitter to 10.0.1.93:50505
50 packets sent 60 ms apart, timeout 1000 msec
Operation Start Time: 17-06-28 00:20:49.071
Last Packet RTT: 69.334 msec
Round Trip Time Results:
Number of RTT: 50
RTT Min/Avg/Max: 57.327/63.863/89.376 msec
One-way Latency Results:
Number of samples: 50
Source to Destination Min/Avg/Max: 23.174/27.467/45.206 msec
Destination to Source Min/Avg/Max: 34.068/36.396/54.166 msec
Jitter, Source to Destination:
Number of Samples: 49
Positive and Negative Min/Avg/Max: 1/4/20 msec
Positive Min/Avg/Max: 1/7/20 msec
Positive Number Of/Sum of All/Sum of All Squared: 13/100/1090 msec
Negative Min/Avg/Max: 1/5/20 msec
Negative Number Of/Sum of All/Sum of All Squared: 17/96/1018 msec
Jitter, Destination to Source:
Number of Samples: 49
Positive and Negative Min/Avg/Max: 10/3/20 msec
Positive Min/Avg/Max: 10/12/20 msec
Positive Number Of/Sum of All/Sum of All Squared: 7/90/1300 msec
Negative Min/Avg/Max: 10/12/20 msec
Negative Number Of/Sum of All/Sum of All Squared: 8/100/1400 msec
Number of Successes: 49
Number of Errors: 1
Lost Packet: 0 (0%)
Out of Sequence: 0
Late Arrival: 1
Miscellaneous Error: 0
Table 6-12 Error Conditions
The following error conditions are detected by the probes. Except where noted, the RTT results for
a packet with errors will not be counted in the accumulated statistics.
Error Condition Description
Timeout A response was never received for the packet. These packets are listed as
Lost Packets under the accumulated statistics.
Late Arrival A response was received for a packet, but the response was received after
the timeout configured for the probe. The SLC will wait at most 2 times the
probe's timeout for late arrival packets. The RTT results will be included in
the accumulated statistics.
X ch 304g msnmm [I1v5. a11“15111921“2521zso1wvs Hum slum User swan-m ”M4245 awn-«Asa u (a (a U2 :2 2 4 samumawmzzzusumuucs sum mm - Cnnfigumnun \AEDSSH DPunM Rimmed Dew: mp mm < enema="" pm="" men="" wm="" w="" mm="" mm.="" performance="" monitoring="" -="" operations="" "493‘="" the="" #1="" i="" best="" raves"?=""> > Wm mm, m.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 100
To view results for a Performance Monitoring probe:
1. Click the Network tab and select the Perf Monitoring option. The Network > Perf Monitoring
page displays.
2. Select a probe from the table in the lower part of the page and select the Operations link. The
Performance Monitoring - Operations page displays.
Figure 6-13 Performance Monitoring - Operations
3. A table will list all available operations for the selected probe, with the most recent operation
listed first. The table may be empty if no operations have been run for the probe or the
operations for the probe have been deleted. Select an operation by clicking the radio button to
Not Connected A packet could not be sent because the connection to the destination host
could not be established, or because the attempt to send the packet failed.
Sequence Error A packet response was received with an unexpected sequence number.
Possible reasons are: a duplicate packet was received, a response was
received after it timed out, a corrupted packet was received and was not
detected.
Verify Data Error A response was received for a packet with payload data that does not match
the expected data.
DNS Server Timeout A DNS lookup could not be completed because the SLC could not connect to
the DNS name server.
DNS Lookup Error A DNS lookup failed - the requested hostname could not be resolved. This is
not considered a protocol error, but rather an expected result, depending on
the hostname being resolved. The RTT results will be included in the
accumulated statistics.
TCP Connect Timeout A TCP connect could not be completed because a connection to the TCP
server could not be established.
HTTP Transaction Timeout An HTTP Get that failed because no response was received from the HTTP
server before the timeout expired.
HTTP Error An HTTP Get succeeded, but the HTTP content (base page) that was
downloaded had errors: missing "HTTP/" header string, missing
"Connection: close" string, or response has an HTTP error code (the code
was not 200/OK). This is not considered a protocol error. The RTT results
will be included in the accumulated statistics.
Generic Error Any error that does fall into any of the above error conditions.
Error Condition Description
“:57 «mm/x 2A 5 “mm; u emu“. er’mm CannxthavkelDPuNH LANTEONIX swam Ugi‘ri'fllrfim mammal um m_mmm 6* 7 W E Numvksnfinus IPFin-v Roulilla vw 5|qu FIflMunmzrmu man u“ FQDN List \PMdress my: u; room My. "we.“ mo» \fmmmofls‘ \ mm my \ \w\
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 101
the far right in the operation's row. The options that are available for that operation will be
ungreyed. Select one of the following options:
Performance Monitoring Commands
Go to Performance Monitoring Commands to view CLI commands which correspond to the web
page entries described above.
FQDN List
Use the FQDN List to add static hostname entries to the local hosts table so that the SLC 8000
can resolve hostnames that are not resolved via DNS.
To add/edit/delete hosts:
1. Click the Network tab and select FQDN List. The following page appears:
Figure 6-14 FQDN List
2. Enter the following information:
-To add a Host, enter the IP address, FQDN, and click Add/Edit Hosts. The IP address
Refresh Refreshes the information on the Performance Monitoring - Operations page.
RTT Results Displays the round trip time (RTT) results for the selected operation in a
separate window. The results show:
the time that the packet was sent,
the total round trip time for non-jitter probes or the source to destination time
and destination to source time for jitter probes, and
the status for the packet - OK/successful or an error condition.
For more information, see Round Trip Times or Error Conditions).
Accumulated Results Displays the accumulated statistics for the selected operation in a separate
window. The results show parameters used for the selected operation, and the
minimum, average and maximum round trip times for all probes. For jitter
probes, the results show minimum, average and maximum one way latency
times, as well as jitter results for source to destination and destination to
source. For a probes, a summary of lost packets and error conditions is
displayed.
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 102
and hostname displays in the Hosts/FQDN List. You may add up to 15 hosts.
-To edit a Host entry, select the radio button next to the host in the Hosts/FQDN List,
change the IP address or FQDN fields as desired, and click Add/Edit Hosts.
-To delete a Host, select the radio button next to the host in the Hosts/FQDN List and click
Delete Host.
3. Click Apply.
SLC™ 8000 Advanced Console Manager User Guide 103
7: Services
System Logging and Other Services
Use the Services tab to:
Configure the amount of data sent to the logs.
Enable or disable SSH and Telnet logins.
Enable a Simple Network Management Protocol (SNMP) agent.
Note: The SLC advanced console manager supports both MIB-II (as defined by
RFC 1213) and a private enterprise MIB. The private enterprise MIB provides read-
only access to all statistics and configurable items provided by the SLC unit. It
provides read-write access to a select set of functions for controlling the SLC 8000
advanced console manager and device ports. See the MIB definition file for details.
Identify a Simple Mail Transfer Protocol (SMTP) server.
Enable or disable SSH and Telnet logins.
Configure an audit log.
View the status of and manage the SLC 8000 advanced console managers on the Secure
Lantronix network.
Set the date and time.
Configure NFS and CIFS shares.
Configure the web server.
LANTQONIX SLC 8016 lCDmm E1 1 a s 7 5111315 A U2 E2 2 4 s a mum a fig} 3,115.74“. smwm . cnnmumhn wwwssrflwmm -,cunnemumemwcn>fl mms—mmm WW SSWMneflL/agglng SNMP NFSICIFS seculeLammmx "mum Damxnme Web Server cousolaFlow SSHlTelnellLoggmg Helzg Emma m Network Lever EnanIeLoqms w Wen SSH ‘4‘ Services Wammg v nmeom 1N0 \ VesElmmmes mmmn- nmeumDalaDwrsdmn BumDIrecnons v Dame Pans Wammo ' SSH PD" ulsgnusus BSA Keys w, Gem mon‘ymmg ‘ , Remus sewem ”2 mm |:| Enablelngms we wanna w “WW9 we ““65 nmemn ., No \ VES E mlllules 0"” m“ ale K—IZM “Mes “mm" ”3'3 D‘m'fl" 7 Escape Sequence \x1bT AudiILpg oumng Telnel w Enamemg w. 52: Kby|es Was Immecucammanas ‘ Tamna‘fiulverslze 250 Include m Syflem Log ‘ , Phone Home SM'I'P Enable ‘ , 5M |:| mm :| Sender dunmreply@$hus1$damaln mammmm MIA Nola '3th 2M ‘Sdcman‘ W‘H be Resmts NIA Summit‘s} WM 708"sz a“! domain ADP'Y
7: Services
SLC™ 8000 Advanced Console Manager User Guide 104
SSH/Telnet/Logging
To configure SSH, Telnet, and Logging settings:
1. Click the Services tab and select the SSH/Telnet/Logging option. The following page
displays.
Figure 7-1 Services > SSH/Telnet/Logging
2. Enter the following settings:
7: Services
SLC™ 8000 Advanced Console Manager User Guide 105
System Logging
Audit Log
SMTP
Alert Levels Select one of the following alert levels from the drop-down list for each message
category:
Off: Disables this type of logging.
Error: Saves messages that are output because of an error.
Warning: Saves message output from a condition that may be cause for concern, in
addition to error messages. This is the default for all message types.
Info: Saves informative message, in addition to warning and error messages.
Debug: Saves extraneous detail that may be helpful in tracking down a problem, in
addition to information, warning, and error messages.
Network Level Messages concerning the network activity, for example about Ethernet and routing.
Services Messages concerning services such as SNMP and SMTP.
Authentication Messages concerning user authentication.
Device Ports Messages concerning device ports and connections.
Diagnostics Messages concerning system status and problems.
General Any message not in the categories above.
Remote Servers
(#1 and #2)
The IPv4 or IPv6 address of the remote server(s) where system logs are stored.
The system log is always saved to local SLC storage. It is retained through SLC unit
reboots for files up to Other Log Size (see below). Saving the system log to a server
that supports remote logging services (see RFC 3164) allows the administrator to save
the complete system log history.
Note: If the SLC is unable resolve the Remote Server hostnames or contact the
Remote Servers to send syslog messages, the syslog messages that cannot be sent to
a Remote Server may appear on the SLC console port.
RPM Log Size The maximum size in Kbytes that RPM logs can grow to before they are pruned. When
the file is pruned, it will be pruned to 50% of the RPM Log Size.
Other Log Size The maximum size in Kbytes that all logs other than the RPM logs can grow to before
they are pruned. When the file is pruned, it will be pruned to 50% of the Other Log Size.
Enable Log Select to save a history of all configuration changes in a circular log. Disabled by
default. The audit log is saved through SLC 8000 advanced console manager reboots.
Size The log has a default maximum size of 50 Kbytes (approximately 500 entries). You
can set the maximum size of the log from 1 to 500 Kbytes.
Include CLI
Commands
Select to cause the audit log to include the CLI commands that have been executed.
Disabled by default.
Include In System
Log
If enabled, the contents of the audit log are added to the system log (under the
General/Info category/level). Disabled by default.
Server IP address of your network’s Simple Mail Transfer Protocol (SMTP) relay server. If an
SMTP server is not specified, the SLC module will attempt to look up the MX record for
the domain in the destination email addresses of outgoing emails.
Sender The email address of the sender of outgoing emails. The strings "$host" and "$domain"
can be part of the email address - they will be substituted with the actual hostname and
domain. The default is donotreply@$host.$domain.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 106
SSH
Telnet
Enable Logins Enables or disables SSH logins to the SLC unit to allow users to access the CLI using
SSH. Enabled by default.
This setting does not control SSH access to individual device ports. (See Device Ports
- Settings (on page 146) for information on enabling SSH access to individual ports.)
Most system administrators enable SSH logins, which is the preferred method of
accessing the system.
Web SSH Enables or disables the ability to access the SLC command Iine interface or device
ports (connect direct) through the Web SSH window. Disabled by default.
Timeout If you enable SSH logins, you can cause an idle connection to disconnect after a
specified number of minutes. Select Yes and enter a value of from 1 to 30 minutes.
Timeout Data
Direction
If idle connection timeouts are enabled, this setting indicates the direction of data used
to determine if the connection has timed out. Select the type of data direction:
Both Directions
Incoming Network
Outgoing Network
SSH Port Allows you to change the SSH login port to a different value in the range of 1 - 65535.
The default is 22. Use of ports other than 22 that are less than 1025 is not
recommended.
DSA Keys Enables or disables support for DSA keys for incoming and outgoing connections for
the SLC unit. Any imported or exported DSA keys will be retained but will not be visible
on the web or the CLI. Enabled by default.
Use only SHA2
and Higher
Enables or disables support for only SHA2 and higher ciphers for incoming connections
for the SLC unit. Disabled by default. Enabling this option will also disable MACs with
tag sizes lower than 128 bits (e.g. umac-64-etm@openssh.com and umac-
64@openssh.com).
Enable Logins Enables or disables Telnet logins to the SLC unit to allow users to access the CLI
using Telnet. Disabled by default.
This setting does not control Telnet access to individual device ports. (See Device
Ports > Settings (1 of 2) (on page 147) for information on enabling Telnet access to
individual ports.) You may want to keep this option disabled for security reasons.
Web Telnet Enables or disables the ability to access the SLC command Iine interface or device
ports (connect direct) through the Web Telnet window. Disabled by default.
Timeout If you enable Telnet logins, you can cause an idle connection to disconnect after a
specified number of minutes. Select Yes and enter a value of from 1 to 30 minutes.
Timeout Data
Direction
If idle connection timeouts are enabled, this setting indicates the direction of data used
to determine if the connection has timed out. Select the type of data direction:
Both Directions
Incoming Network
Outgoing Network
7: Services
SLC™ 8000 Advanced Console Manager User Guide 107
Web SSH/Web Telnet Settings
Phone Home
3. To save, click the Apply button.
SSH Commands
Go to SSH Key Commands to view CLI commands which correspond to the web page entries
described above.
Logging Commands
Go to Logging Commands to view CLI commands which correspond to the web page entries
described above.
SNMP
Simple Network Management Protocol (SNMP) is a set of protocols for managing complex
networks. The SLC unit supports both MIB-II (as defined by RFC 1213) and a private enterprise
MIB. The private enterprise MIB provides read-only access to all statistics and configurable items
provided by the SLC unit. It provides read-write access to a select set of functions for controlling
Escape Sequence A single character or a two-character sequence that causes the SLC unit to terminate
a Telnet client. Currently the Escape Sequence is only used for Web Telnet sessions.
The default value is Esc+T (escape key, then uppercase "T" performed quickly but not
simultaneously). You would specify this value as \x1bT, which is hexadecimal (\x)
character 27 (1B) followed by a T. A control character can be specified with the
hexadecimal number for the control character; for example, Control-E can be
specified as \x05. Note that some browsers do not report key press events if Control is
pressed for non-alphanumeric keys, so it is recommended to only use letters with
Control character sequences.
Outgoing Telnet Enables or disables the ability to create Telnet out connections.
Terminal Buffer
Size
Number of lines in the Web SSH or Web Telnet terminal window that are available for
scrolling back through output.
Note: For tips on browser issues with Web SSH or Web Telnet, see Browser Issues
on page 117.
Enable If enabled, allows SLC 8000 advanced console manager to directly contact a vSLM™
management appliance and request addition to the database
IP Address IP address of the SLM device.
Last Attempt
(view only)
Displays the date and time of last connection attempt.
Results
(view only)
Indicates whether the attempt was successful.
LANT?ON|X SL050“ 5-73; “2:333:23: @fiy‘gm‘m summm-cunfigmmn 11.5511119141 cmwmwmm mm mm —mmm 4711 a SSWl'hlnm/Logginn 511w MFSICIFS Sacumlzmmlxflntwulk nan-4mm Wabsamr consul-Flow SNMP 55sz EnszeAgent 35:3?! 3:: 51.6 ME “IF! Billed hr Setting 7 mlflS‘al’lMSBlGSllfi’H Emww v, I111kan113615311537 Emma ., 1.1111111151611154) mm» “111.12.11.13.“ (1 3 1. s 1. 1 5 5) mpwfim 2: ' sicEveMFawelSuppry (1 1151412441 1 n 1) srgwmwsmmnpmmm (1 as 1 4 1 2441 1112) was 441 $511211stan (1 a 51 41 2441 1 113) ”M5 *2 slcEvemDevDePonDala (1 3 s 1 4 1 2441 1 n 4) AW!" DBlay 5n seconds sicEvemDevDePonSU/Dma 11 3 514 1 2441 1 11 5) £1.ng ID mmmwmmm‘ scEvemnemePnnsuvcamg 11 3 6 1 41 2441 1 u a) stvemDevDePonDevlbaowTemp (1 3 5 1 41 2441 1 u 7) 11mm 1mm. scavemuemeponueumgmempu:1614 1 2441 1 u a) smguemnemepnnneummmmmy (1 a s 1 4 12441 1 n 11) Comm nomad stveMDevDePnnDevIDa'ignHImnly (1 3 a 1 4 1 244 1 113112) srgwmnevmpnnnemegnm (1 a a 1 4 1 2441 1 1111) sszvemUSBI-‘cmn (1 a 514 1 2441 1 1114) slcEvemlmemalTemu [1 as 1 41 24A 1 1013) smEvemDevaonEmru a1; 1 41 2441 1 015) Rea-mm public Rename Dnvale K\Klkk£K§K§Klkkkkkkkklkkkk Tran publlc scEvemsDcamAmun (1 3 51 41 244 1 1111s) stvemNoDla‘TonFAlanuU 1s 1 41244 1 1 11 17) versmns scavenmpmcucn (1 15141244114111) secumy No 4.1mm 21mm sicEveumyhleans (1 1 11 41 2441 1 1114) - 4111111114 Emmi stveMDevDePnnDevlmmacICnarged (1 1 a 1 41 2441 1 n 211) Aum/Enc/ypi sicEvEmSFPAnlnnu 351 41 2441 11421) A1111. WWI MD5 v sszvemDevrxPunAmmn (1 :1 51412441 1 n 22) Encwwm . DES A55 slcEvemNewukFallvver (1 351 4 1 2441 11123) 5111111: Taps Sam/Fm um 12 Users 1243401111 12434 Wme Lap User Name snmplser snmplwuser snmplvapusev Pawn Retype pzsmm Passmrase Retype Passphrase Aww
7: Services
SLC™ 8000 Advanced Console Manager User Guide 108
the SLC unit and device ports. See the MIB definition file for details. The SLC MIB definition file
and the top level MIB file for all Lantronix products is accessible from the SNMP web page.
1. Click the Services tab and select the SNMP option. The following page displays:
Figure 7-2 Services > SNMP
7: Services
SLC™ 8000 Advanced Console Manager User Guide 109
2. Enter the following:
Enable Agent Enables or disables the Simple Network Management Protocol (SNMP) agent, which
allows read-only access to the system. Disabled by default.
Top Level MIB
(link)
Click the link to access the top level MIB file for all Lantronix products.
SLC MIB (link) Click the link to access the SLC MIB definition file for SLC 8000 advanced console
managers and advanced console managers.
SLC MON MIB
(link)
Click the link to access the SLC monitor MIB definition file for SLC 8000 advanced
console managers and advanced console managers.
Enable v1 If checked, SNMP version 1 (which uses the Read-Only and Read-Write Communities)
is enabled. The default is disabled.
Enable v2c If checked, SNMP version 2c (which uses the Read-Only and Read-Write
Communities) is enabled. The default is enabled.
Enable Traps Traps are notifications of certain critical events. Disabled by default. This feature is
applicable when SNMP is enabled. Traps that the SLC unit sends include:
coldStart (generic trap 0, OID 1.3.6.1.6.3.1.1.5.1)
linkDown (generic trap 2, OID 1.3.6.1.6.3.1.1.5.3)
linkUp (generic trap 3, OID 1.3.6.1.6.3.1.1.5.4
authenticationFailure (generic trap 4, OID 1.3.6.1.6.3.1.1.5.5)
slcEventPowerSupply (1.3.6.1.4.1.244.1.1.0.1)
slcEventSysadminPassword (1.3.6.1.4.1.244.1.1.0.2)
slcEventSLCShutdown (1.3.6.1.4.1.244.1.1.0.3)
slcEventDevicePortData (1.3.6.1.4.1.244.1.1.0.4)
slcEventDevicePortSLMData (1.3.6.1.4.1.244.1.1.0.5)
slcEventDevicePortSLMConfig (1.3.6.1.4.1.244.1.1.0.6)
slcEventDevicePortDeviceLowTemp (1.3.6.1.4.1.244.1.1.0.7)
slcEventDevicePortDeviceHighTemp (1.3.6.1.4.1.244.1.1.0.8)
slcEventDevicePortDeviceLowHumidity (1.3.6.1.4.1.244.1.1.0.9)
slcEventDevicePortDeviceHighHumidity (1.3.6.1.4.1.244.1.1.0.10)
slcEventDevicePortDeviceError (1.3.6.1.4.1.244.1.1.0.11)
slcEventUSBAction (1.3.6.1.4.1.244.1.1.0.14)
slcEventInternalTemp (1.3.6.1.4.1.244.1.1.0.13)
slcEventDevicePortError (1.3.6.1.4.1.244.1.1.0.15)
slcEventSDCardAction (1.3.6.1.4.1.244.1.1.0.16)
slcEventNoDialToneAlarm (1.3.6.1.4.1.244.1.1.0.17)
slcEventDevicePortDeviceContactChanged (1.3.6.1.4.1.244.1.1.0.20)
slcEventSFPAction (1.3.6.1.4.1.244.1.1.0.21)
slcEventNoDialToneAlarm (1.3.6.1.4.1.244.1.1.0.17)
slcEventRPMAction (1.3.6.1.4.1.244.1.1.0.18)
slcEventPingHostFails (1.3.6.1.4.1.244.1.1.0.19)
slcEventDevicePortDeviceContactChanged (1.3.6.1.4.1.244.1.1.0.20)
slcEventSFPAction (1.3.6.1.4.1.244.1.1.0.21)
slcEventDevicePortAction (1.3.6.1.4.1.244.1.1.0.22)
slcEventNetworkFailover (1.3.6.1.4.1.244.1.1.0.23)
The SLC unit sends the traps to the host identified in the NMS #1 and NMS #2 field
using the selected Trap Version.
For information on these traps, view the SLC enterprise MIB, which is available on the
SNMP web page.
Note: When the DSR signal drops on a device port, indicating that the attached cable
has been disconnected or the attached device has been powered off, the SLC will log
the event in the Device Ports system log and send a slcEventDevicePortAction
SNMP trap. The log message and SNMP trap only occur if there is an active (connect
direct or network connection) to the device port.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 110
v1/v2c Communities
Version 3
V3 User Read-Only
Trap Version When traps are sent, which SNMP version to use when sending the trap: v1, v2c or v3.
The default is v2c.
NMS #1 (or #2) When SNMP is enabled, an NMS (Network Management System) acts as a central
server, requesting and receiving SNMP-type information from any computer using
SNMP. The NMS can request information from the SLC 8000 advanced console
manager and receive traps from the SLC unit. Enter the IPv4 or IPv6 address of the
NMS server. At least NMS #1 is required if you selected Enable Traps.
Alarm Delay Number of seconds delay between outgoing SNMP traps.
Engine ID The unique SNMP engine identifier for the SLC. This identifier may be required by the
NMS in order to received v3 traps.
Location Physical location of the SLC 8000 advanced console manager (optional). Useful for
managing the SLC unit using SNMP. Up to 20 characters.
Contact Description of the person responsible for maintaining the SLC 8000 advanced console
manager, for example, a name (optional). Up to 20 characters.
Read-Only A string that SNMP agent provides. The Read-Only Community is used for SNMP v1
and v2c. The default is public.
Read-Write A string that acts like a password for an SNMP manager to access the read-only data
from the SLC unit SNMP, like a password for an SNMP manager to access the read-
only data the SLC SNMP agent provides, and to modify data where permitted. The
Read-Write Community is used for SNMP v1 and v2c. The default is private.
Trap The trap used for outgoing generic and enterprise traps. Traps sent with the Event
trigger mechanism still use the trap community specified with the Event action. The
default is public.
Security Levels of security available with SNMP v. 3.
No Auth/No Encrypt: No authentication or encryption.
Auth/No Encrypt: Authentication but no encryption. (default)
Auth/Encrypt: Authentication and encryption.
Auth with For Auth/No Encrypt or Auth/Encrypt, the authentication method:
MD5: Message-Digest algorithm 5 (default)
SHA: Secure Hash Algorithm
SHA2: Secure Hash Algorithm 2: SHA2_224, SHA2_256, SHA2_384, and
SHA2_512
Encrypt with Encryption standard to use:
DES: Data Encryption Standard (default)
AES: Advanced Encryption Standard
User Name SNMP v3 is secure and requires user-based authorization to access SLC MIB objects.
Enter a user ID. The default is snmpuser. Up to 20 characters.
Password/Retype
Password
Password for a user with read-only authority to use to access SNMP v3. The default is
SNMPPASS. Up to 20 characters.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 111
V3 User Read-Write
V3 User Trap
3. To save, click the Apply button.
Services Commands
Go to Services Commands to view CLI commands which correspond to the web page entries
described above.
NFS and SMB/CIFS
Use the Services > NFS & SMB/CIFS page if you want to save configuration and logging data onto
a remote NFS server, or export configurations by means of an exported CIFS share.
Mounting an NFS shared directory on a remote network server onto a local SLC directory enables
the SLC advanced console manager to store device port logging data on that network server. This
configuration avoids possible limitations in the amount of disk space on the SLC unit available for
the logging file(s). You may also save SLC configurations on the network server.
Similarly, use SMB/CIFS (Server Message Block/Common Internet File System), Microsoft's file-
sharing protocol, to export a directory on the SLC 8000 advanced console manager as an SMB/
CIFS share. The SLC unit exports a single read-write CIFS share called "public," with the
subdirectory the config directory, which contains saved configurations and is read-write.
The share allows users to access the contents of the directory or map the directory onto a
Windows computer.
Passphrase/
Retype
Passphrase
Passphrase associated with the password for a user with read-only authority. Up to 20
characters. If this is not specified it will default to the v3 Read-Only Password.
User Name SNMP v3 is secure and requires user-based authorization to access SLC MIB objects.
Enter a user ID for users with read-write authority. The default is snmprwuser. Up to
20 characters.
Password/
Retype Password
Password for the user with read-write authority to use to access SNMP v3. The default
is SNMPRWPASS. Up to 20 characters.
Passphrase/
Retype
Passphrase
Passphrase associated with the password for a user with read-write authority. Up to 20
characters. If this is not specified it will default to the v3 Read-Write Password.
User Name SNMP v3 is secure and requires user-based authorization to access SLC unit MIB
objects. Enter a user ID for users with authority to send traps. The default is
snmptrapuser. Up to 20 characters.
Password/
Retype Password
Password for the user with authority to send v3 traps. The default is
SNMPTRAPPASS. Up to 20 characters.
Passphrase/
Retype
Passphrase
Passphrase associated with the password for a user with authority to send v3 traps. Up
to 20 characters. If this is not specified it will default to the v3 Trap Password.
LANR‘ONIX swam H 1 = 5 7 A U2 V3 2 4 5 3101214115 R flggggm 5mm” a Mgumm gnwmmmy, ‘cDmmmwpmm m —-mm 6} 7 BE ssNITeInev/Logninu SNMP NFSIC‘FS Secure Lamnix Nemork Dale 9. 11m ww Server CunaneFlow NFS & SMBICIFS N‘Ip?‘ "F5 Mounts Remnls Dweumy Luza‘ Dmeumy 6%; m m m ‘ ‘ x x :32 ‘ ‘ t r :43 ‘ ‘ A A SMBIuFS sum Shave SME/C‘FS mracmvy Nelwm‘K \merhcas cxrs use! Passwud Re‘YDE Passwum Wumvouu m m can be configured m shale a mum comammg the system logs m a Mmson mam "mm m; dlrscluly can also be used my szvmg ch mnfigulzlmns ma mm. A ounrgummm 4 mm w: 1a 100 122) z Em: |:| The mm m be ,—‘ mmwme-m‘ugm \ \ Awly
7: Services
SLC™ 8000 Advanced Console Manager User Guide 112
To configure NFS and SMB/CIFS:
1. Click the Services tab and select the NFS/CIFS option. The following page displays:
Figure 7-3 Services > NFS & SMB/CIFS
2. Enter the following for up to three directories:
NFS Mounts
Remote Directory The remote NFS share directory in the format:
nfs_server_hostname or ipaddr:/exported/path
Local Directory The local directory on the SLC 8000 advanced console manager on which to mount
the remote directory. The SLC unit creates the local directory automatically.
Read-Write If enabled, indicates that the SLC 8000 advanced console manager can write files to
the remote directory. If you plan to log port data or save configurations to this
directory, you must enable this option.
Mount Select the checkbox to enable the SLC unit to mount the file to the NFS server.
Disabled by default.
Mounted Indicates if the SLC was able to successfully mount the NFS share directory.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 113
3. Enter the following:
SMB/CIFS Share
4. To save, click the Apply button.
5. Click the Firmware & Configurations link to access the
Firmware & Configurations (on page 279) to save SLC configuration, as desired.
NFS and SMB/CIFS Commands
Go to NFS and SMB/CIFS Commands to view CLI commands which correspond to the web page
entries described above.
Share SMB/CIFS
directory
Select the checkbox to enable the SLC 8000 advanced console manager to export an
SMB/CIFS share called “public.” Disabled by default.
Network
Interfaces
Select the network ports from which the share can be seen. The default is for the share
to be visible on both network ports.
CIFS User
Password/Retype
Password
Only one user special username (cifsuser) can access the CIFS share. Enter the CIFS
user password in both password fields. The default user password is CIFSPASS.
More than one user can access the share with the cifsuser user name and password
at the same time.
Workgroup The Windows workgroup to which the SLC unit belongs. Every PC exporting a CIFS
share must belong to a workgroup. Can have up to 15 characters.
LANTQONIX swam mm mm _mmm (.11 12a SSHITeIneI/Lniiinu SNMP NFSICIFS SecureLamro H051 slum!" User Sysadmln U1 :1 1 mm” 13 5 7 5111.15 A u: 2 4 5 5111121415 11 51151111111111» . 09111911311311 meSH 113mm (Suwanee DamamPanm Nemalk Daka‘fime Web Server CnnsoleFlnw Secure Lanlro Netwnrk 11.1221 Secure Lammmx Managers and Sliders an me 1ocal suhnel Search Cphons‘? Each 1.1151 :31 be managed 11, selec11ng1Ls1P admess mm > 11 Dev1ce(s)found. 11mm. 11.0.11. 1111111111551 W 33:11 Ms 7 7 Web 1111mm m 191m ChckonbllgmgreenpunstoWeDSSHurWebTelne‘ 1 a 5 1111115 51mm chsnm 11219111912» mums m1 2 A S 510121-115 1 a 5 «1111151719212125272 21113511 41434511 1121922511» 1 slcmd SL080“ 7GUDR1 NA 2 A E E1D1Z14IEIEZDEZ ZEZBSEEZUA 42444543 1 s 5 5111115 1121911111511» 1 sch<> 1 $50376 SLCBME 1721910063 7GUDR5 NA 2 A i a1012141515211222425”animusnwazuasu slbéhEd SLESBZ I7ZI9.20313 3 6 3 U 0 N/A 55.1) 1: 5 3111115 slc1ej1enn SL016 I7ZI9.25D127‘1' 55 Telnal) 2 A 5 3101214“ 5111;111:1111 FB1RC11 SLEfiM I72 ”.250 55) 6100 mm; 51111132 112192111112» 53017 DSM'MEESE SLEfiM I72I9.39 253) 54 1 a 5 1 a111:15171921232527253131.135373541434547 1 1 SIEEODI SLC‘S w 55 NA 2 A E a11)12141s1520222425zuuazsnsaauazunsu 1 5 1 5111711111 51121132 1721922350) 65013ch N/A
7: Services
SLC™ 8000 Advanced Console Manager User Guide 114
Secure Lantronix Network
Use the Secure Lantronix Network option to view and manage SLC and SLB console managers,
SLC 8000 advanced console managers, and Lantronix Spider® devices on the local subnet.
Note: Status and statistics shown on the web interface represent a snapshot in time. To
see the most recent data, reload the web page.
To access SLC and SLB console managers, and Lantronix Spider devices on the local
network:
1. Click the Services tab and select the Secure Lantronix Network option. The following page
displays.
Figure 7-4 Services > Secure Lantronix Network
2. Access your device or device port through any of the methods below.
LANT?ONIX SLCsMB Lngln m 5mm: 0me my : szgt| W m mmmw m mmmm M MN...» M “Ma. .... mm. mymasxbymy mm. mymnmkmav m mlvs Hm xv m m m Mus/[17219 2m mu mmummmmwmw w»:smudmnaxaawmmmv (a (3mm :meaasumwm at) @ 9mm» —‘Jav
7: Services
SLC™ 8000 Advanced Console Manager User Guide 115
To directly access the web interface for a secure Lantronix device:
1. Make sure Web Telnet and Web SSH is enabled for the specific device or device port.
2. Click the IP address of a specific secure Lantronix device to open a new browser page with
the web interface for the selected secure Lantronix device.
3. Log in as usual.
Figure 7-5 IP Address Login Page
To directly access the CLI interface for a device:
1. Click the SSH or Telnet link in the SSH/Telnet to CLI column directly beside the port you
would like to access.
Note: For SLC console managers with 7.2.0.0 firmware releases and earlier, an
SSH or Telnet popup window for Java appears (see Figure 7-6) before login. Click OK
to dismiss this popup window and continue on to the login. For SLC console
managers with 7.3.0.0 firmware releases and later, the SSH or Telnet popup window
is bypassed and you are brought directly to the login in a non-Java based browser
window (see Figure 7-7). For tips on troubleshooting browser issues for the non-Java
based Web SSH/Telnet application, see Troubleshooting Browser Issues (on page
118).
Figure 7-6 SSH and Telnet Opening File Popups
2. Click your mouse into the CLI login interface that appears and login. The CLI interface will
indicate when your connection is established.
3. When using the non-Java Web SSH or Web Telnet window, to terminate the session, use
either the host's logoff command. You may also use ^] to terminate a Telnet session or ~. to
terminate an SSH session.
E 172.151.1110.)» Pum muuu'w a 4 a a 7 Human: numamumam - u: :2 z 4 a a muzma muwammum» a ”mm, mm m ”WWW whnmalhpwr-‘F‘V’n
7: Services
SLC™ 8000 Advanced Console Manager User Guide 116
Figure 7-7 SSH or Telnet CLI Session
To directly access a specific port on a particular device:
1. You have two options:
-Dashboard
Make sure the WebSSH (DP only) radio button directly beneath the Dashboard is
selected and click the desired port number. The Dashboard is located on the upper right
corner of each Web Manager page (see Chapter 5: Web Page Layout.) An SSH popup
window appears.
Note: WebTelnet is not available from the Dashboard. See Dashboard on page
62 as the dashboard may vary in appearance.
-Secure Lantronix Page
Click the Services tab, then click the Secure Lantronix Network link (see Figure 7-4.)
Select the port you want to configure. Enabled port numbers are in bright green boxes and
will allow you to select either a WebSSH or a WebTelnet session. If enabled, an SSH or
Telnet popup window appears depending on what is clicked. For SLC console managers
with 7.2.0.0 firmware releases and earlier, an SSH or Telnet popup window for Java
appears (see Figure 7-6) before login. Click OK to dismiss this popup window and
continue on to the login. For SLC console managers with 7.3.0.0 firmware releases and
later, the SSH or Telnet popup window is bypassed and you are brought directly to the
login in a non-Java based window (see Figure 7-7). For tips on troubleshooting browser
issues for the non-Java based Web SSH/Telnet application, see Troubleshooting Browser
Issues (on page 118).
Note: Port numbers that are disabled are in dark green boxes; clicking a
disabled port number generates a popup window indicating the port is disabled
(see Figure 7-8 below.)
17219100148 says: ssu In & Tana: In mr W; pan ave msamen , Frevem ms page mm usaung aammnm diamgs LANTQOle SLC 5015 M Du1 n 1 a 5 7 sums A u: El 2 a a ammns a 5:; 3533mm 5%an wcmmnm ‘Wshssfimvmm menewcemvap m M "mm a 7 5? E SSH/Temmanminn sum: MFsIcIFs SecumLammmeanmk Damhfima wmsmu CmsnlaFluw Secure Lanlronix Nelwolk - Search Options Mel ? Saute Lanlmmx Namnrmeamn ‘ LucalSubneV Manua‘ly Eulered u: Address m m Bum w MESS ‘ w Anus Lisl — No M: Adams; Add IP Mdmss \ \ Delete w miss
7: Services
SLC™ 8000 Advanced Console Manager User Guide 117
Figure 7-8 Disabled Port Number Popup Window
2. Click your mouse into the CLI login interface that appears (see Figure 7-7) and login. The CLI
interface will indicate when your connection is established.
3. When using the non-Java Web SSH or Web Telnet window, to terminate the session, use
either the host's logoff command, or use ^] to terminate a Telnet session or ~. to terminate
an SSH session.
Browser Issues
Please check the Lantronix Knowledge Base at http://ltxfaq.custhelp.com/app/answers/list to
research any browser errors.
To configure how secure Lantronix devices are searched for on the network:
1. Click the Search Options link on the top right of the Services > Secure Lantronix Network
page. The following web page displays:
Figure 7-9 Services > Secure Lantronix Network > Search Options
2. Enter the following:
Secure Lantronix
Network Search
Select the type of search you want to conduct.
Local Subnet performs a broadcast to detect secure Lantronix devices on the
local subnet.
Manually Entered IP Address List provides a list of IP addresses that may not
respond to a broadcast because of how the network is configured.
Both is the default selection.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 118
3. If you entered an IP address, click the Add IP Address button. The IP address displays in the
IP Address List.
4. Repeat steps 2 and 3 for each IP address you want to add.
5. To delete an IP address from the IP Address List, select the address and click the Delete IP
Address button.
6. Click the Apply button. When the confirmation message displays, click Secure Lantronix
Network on the main menu. The Services > Secure Lantronix Network page displays the
secure Lantronix devices resulting from the search. You can now manage these devices.
Troubleshooting Browser Issues
Depending on which browser you are using and what type of SSL certificate the SLC web server is
configured with, there may be errors connecting to a Web SSH or Web Telnet session. These
errors may be the standard browser error displayed for self-signed or untrusted certificates ("There
is a problem with this website's security certificate." or "Your connection is not private.").
The SSL server that handles Web SSH and Web Telnet sessions is accessible on port 8000,
instead of the standard port 443 for SSL connections. It is recommended that the SLC be
configured to use a SSL certificate from a Certificate Authority to prevent issues accessing Web
SSH and Web Telnet terminals. If your SLC web server is configured to use a self-signed or
untrusted SSL certificate, refer to the notes below for how to work around this for various
browsers.
When an SLC is configured with a SSL certificate that is either a wildcard certificate or associated
with a specific name, in order to establish a Web SSH or Web Telnet session to the SLC unit, the
unit must be able to successfully perform a reverse lookup on any IP address to which Web SSH
or Web Telnet requests are sent. For example, if a unit is configured with a SSL certificate for the
name "SLCXYZ.lantronix.com", and the unit website is being accessed in a browser with "https://
SLCXYZ.lantronix.com", the unit needs to be configured with a name server that will allow the unit
to perform a reverse lookup on the IP address associated with SLCXYZ.lantronix.com. Failure to
perform a reverse lookup on a name may result in name mismatch errors in the browser when it
attempts to open the Web SSH or Web Telnet window.
If you are unable to connect to a Web SSH or Web Telnet session for a reason other than a
browser SSL certificate issue, restarting the SSL server on port 8000 may resolve the connection
problem. This can be done by restarting the web server (with the CLI command "admin web
restart") or by disabling both Web SSH and Web Telnet on the SSH/Telnet/Logging web page,
and then re-enabling them.
Chrome - For the greatest ease of use with Web SSH and Web Telnet, when the SLC web
server is using a self-signed SSL certificate, use the Chrome browser. When the user accepts
the self-signed SSL certificate in the browser for the primary SLC website, the self-signed SSL
certificate is accepted for all ports - including port 8000 - for the SLC website.
Firefox - When accessing the SLC website with Firefox, and when the SLC web server is
using a self-signed SSL certificate, accepting the self-signed SSL certificate in the browser for
the primary SLC website will only accept the certificate for port 443. It will not accept the
certificate for port 8000. This may result in a popup being displayed in the Web SSH or Web
Telnet window indicating that the browser needs to accept a certificate. To accept the self-
signed certificate for port 8000, go to Firefox -> Options (or Preferences) -> Advanced ->
IP Address If you selected Manually Entered IP Address List or Both, enter the IP address of
the secure Lantronix device you want to find and manage.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 119
Certificates -> View Certificates -> Servers, and add an exception for the SLC IP address or
hostname, with port 8000.
Internet Explorer - When accessing the SLC website with Internet Explorer, and when the
SLC web server is using a self-signed SSL certificate, Explorer will grant access to the Web
SSH and Web Telnet terminals if (a) the host name or common name in the self-signed
certificate matches the name (or IP address) being used to access the SLC website, and (b)
Explorer has imported and trusted the self-signed certficate. A custom self-signed certificate
with the SLC name can be generated via the SSL Certificate web page or the admin web
certificate custom CLI command.
Once the SLC web server has been configured to use the custom self-signed certificate, follow
these steps for Internet Explorer to trust the custom certificate:
In Internet Explorer, browse to the SLC website whose certificate you want to trust.
When the message "There is a problem with this website's security certificate.", choose
Continue to this website (not recommended).
In Internet Explorer, select Tools -> Internet Options.
Select Security -> Trusted Sites -> Sites.
Verify or fill in the SLC website URL in the Add this website field, click Add, and then Close.
Close the Internet Options dialog with either OK or Cancel.
Refresh the Internet Explorer web page with the SLC website.
When the message "There is a problem with this website's security certificate", choose
Continue to this website (not recommended).
Click on the red Certificate Error at the right of the URL address bar and select View
certificates.
In the dialog that displays, click on Install Certificate, then in the Certificate Import Wizard,
click Next.
On the next page select Place all certificates in the following store.
Click Browse, select Trusted Root Certification Authorities, and click OK.
Back in the Certificate Import Wizard, click Next, then Finish.
If you get a Security Warning message box, click Yes.
Dismiss the Import was successful message box with OK.
In Internet Explorer, select Tools -> Internet Options.
Select Security -> Trusted Sites -> Sites.
Select the SLC website URL you just added, click Remove, then Close.
Now shut down all running instances of Internet Explorer, and start up Internet Explorer again.
The SLC website's certificate should now be trusted.
Web SSH/Telnet Copy and Paste
There are security issues with letting a web page access the system clipboard, which is the main
clipboard on a system that is shared between all applications. Because of this, browsers limit
access to the system clipboard. The Web SSH and Web Telnet window provide copy and paste
functionality via a right-click menu: the Copy option will copy what is highlighted in the Web SSH or
7: Services
SLC™ 8000 Advanced Console Manager User Guide 120
Web Telnet window into an internal (non-system) clipboard, and the contents can be pasted into
the Web SSH or Web Telnet window with the Paste.
Support for copying and pasting content between the system clipboard and the Web SSH or Web
Telnet window will vary from browser to browser. With the exception of Internet Explorer, most
browsers will not allow highlighted content from the Web SSH or Web Telnet window to be copied
to the system clipboard (Internet Explorer will display a prompt confirming the copy). Likewise,
most browsers will not allow content from the system clipboard to be directly pasted into the Web
SSH or Web Telnet window with the standard Control-V paste key sequence. With some
browsers, the user will be able to use the Paste from browser option in the right-click menu to
paste content from the system clipboard into a text field in a popup, and after hitting Enter, the
content will be sent to the Web SSH or Web Telnet window.
Secure Lantronix Network Commands
Go to SLC Network Commands (on page 386) to view CLI commands which correspond to the
web page entries described above.
Date and Time
Use the Date and Time Settings page to specify the local date, time, and time zone at the SLC
location, or enable the SLC unit to use NTP to synchronize with other NTP devices on your
network. Note that changing the date/time and/or timezone, or enabling NTP may affect the user's
ability to login to the web; if this happens, use the CLI admin web restart command to restart
the web server.
The CLI show ntp command will display the current NTP status if NTP is enabled. The column
headings are as follows: the host names or addresses shown in the remote column correspond to
configured NTP server names; however, the DNS names might not agree if the names listed are
not the canonical DNS names. The refid column shows the current source of synchronization,
while the st column reveals the stratum, t the type (u = unicast, m = multicast, l =
local, - = don't know), and poll the poll interval in seconds. The when column shows the
time since the peer was last heard in seconds, while the reach column shows the status of the
reachability register (see RFC-1305) in octal. The remaining entries show the latest delay, offset
and jitter in milliseconds. The symbol at the left margin displays the synchronization status of each
peer. The currently selected peer is marked *, while additional peers designated acceptable for
synchronization, but not currently selected, are marked +. Peers marked * and + are included in
the weighted average computation to set the local clock; the data produced by peers marked with
other symbols are discarded.
To set the local date, time, and time zone:
1. Click the Services tab and select the Date & Time option. The following page displays:
LANTQONIX swam F. 1 a 5 7 m,“ Usersysadmln mm,” m w» —--m a 7 {E E SSWTIinm/Longlng 5mm: NFSICiFS SunnLanmnixM-(mvk Dal-I‘m“: Wlbsorvu CansnhFluw Mguman wecssfiuvmm cwecmnemmpmy) Date 8 Time neigfl Change Dawning U Dale wav . Tmewn.‘ ”KW" Tune Zone ism , : Enade mp i The am can symhronlze fl: clack m a m m m, “an; my - [imam “Mm Pnli NTP Sewcfls) , , % m. . m i Symnmnlzze vla PuDiIc uui 0 Wu? ”may “anew Apiary \ -down list, select the appropriate time zone. For information 0 http Ien Ikigedla rg/wwki/Llst of (2 database time zones
7: Services
SLC™ 8000 Advanced Console Manager User Guide 121
Figure 7-10 Services > Date & Time
2. Enter the following:
3. To save, click the Apply button.
To synchronize the SLC 8000 advanced console manager with a remote timeserver using
NTP:
1. Enter the following:
Change Date/Time Select the checkbox to manually enter the date and time at the SLC location.
Date From the drop-down lists, select the current month, day, and year.
Time From the drop-down lists, select the current hour and minute.
Time Zone From the drop-down list, select the appropriate time zone. For information on each
timezone, see http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
Enable NTP Select the checkbox to enable NTP synchronization. NTP is disabled by default.
Current NTP status Displays the current NTP status if NTP is enabled above.
NTP server, an This \s nol NTP sewers. www.mgmg
7: Services
SLC™ 8000 Advanced Console Manager User Guide 122
2. To save, click the Apply button.
Date and Time Commands
Go to Date and Time Commands (on page 349) to view CLI commands which correspond to the
web page entries described above.
Web Server
The Web Server supports all versions of the TLS protocol, but due to security concerns, does not
support any versions of the SSL protocol. The Web Server page allows the system administrator
to:
Configure attributes of the web server.
View and terminate current web sessions.
Import a site-specific SSL certificate.
To configure the Web Server:
1. Click the Services tab and select the Web Server option. The following page appears:
Synchronize via Select one of the following:
Broadcast from NTP Server: Enables the SLC unit to accept time
information periodically transmitted by the NTP server. This is the default if
you enable NTP.
Poll NTP Server: Enables the SLC 8000 advanced console manager to query
the NTP Server for the correct time. If you select this option, complete one of
the following:
Local: Select this option if the NTP servers are on a local network, and
enter the IPv4 or IPv6 address of up to three NTP servers. This is the
default, and it is highly recommended.
Public: Select this option if you want to use a public NTP server, and select
the address of the NTP server from the drop-down list. This is not
recommended because of the high load on many public NTP servers. All
servers in the drop-down list are stratum-2 servers. (See www.ntp.org for
more information.) Each public NTP server has its own usage rules --please
refer to the appropriate web site before using one. Our listing them here is
to provide easy configuration but does not indicate any permission for use.
LANTQONIX swam Hos! elcnm User sysadmm m sm- —-mm SSH/YamallLonmng sump NFsrcIFs n 1 a 5 7 9111315 A uz E2 2 .4 s mums n sn Sdsrlpmllnr - Commun 7 mmmvanm CnmscMlecamPuriy] e '2 EB Socun Lanlmnlx Norwork an: s m... wua Sow-r Consthlw Web Server w Twmenm Ename n5 v1 u Pmmcm Ename ns v1 1 Pmmcm OWE! Use my 5qu and ngher 9pm; um. GmupAuess aannev um Nelwmk lmeflzces Run Web Serve! Enah‘e IGngle Gadget Web Camel“ Nu Yes mules (5120) 30 Web Sessions> 55L cmmme v w: ‘7 Hugh (256 163129) . Hugh (256 169129) Medmmmza) HPsAnvmveu ‘ . Charanw us [Imam m alpha rem-res a udrm ar me on cnmmd 'adrmn wee res " :1 Lme feeds can be Induded mme bannervmh me "n‘ chavaderseweme ‘7 am ‘2 am PPP Semng can be thanged ma me an
7: Services
SLC™ 8000 Advanced Console Manager User Guide 123
Figure 7-11 Services > Web Server
2. Enter the following fields:
Timeout Select No to disable Timeout.
Select Yes, minutes (5-120) to enable timeout.
Enter the number of minutes (must be between 30 and 120 minutes) after
which the SLC web session times out. The default is 5.
Note: If a session times out, refresh the browser page and login to a new web
session. If you close the browser without logging off the SLC unit first, you will
have to wait for the timeout time to expire. You can also end a web session by
using the admin web terminate command at the CLI or by asking your system
administrator to terminate your active web session.
To view or terminate current web sessions, click the Web Sessions link. See
Services - SSL Certificate.
To view, import, or reset the SSL Certificate, click the SSL Certificate link.
See Services - SSL Certificate.
Enable TLS v1.0
Protocol
By default, the web supports the TLS v1.0 protocol. Uncheck this to disable the
TLS v1.0 protocol. Changing this option requires a reboot or restarting the web
server with the CLI command "admin web restart" for the change to take effect.
Enable TLS v1.1
Protocol
By default, the web supports the TLS v1.1 protocol. Uncheck this to disable the
TLS v1.1 protocol. Changing this option requires a reboot or restarting the web
server with the CLI command "admin web restart" for the change to take effect.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 124
3. Click the Apply button to save.
Admin Web Commands
Go to Administrative Commands to view CLI commands which correspond to the web page entries
described above.
Services - SSL Certificate
The Services > Web Server page enables you to view and update SSL certificate information. The
SSL certificate, consisting of a public/private key pair used to encrypt HTTP data, is associated
with the web server. You can import a site-specific SSL certificate or generate a custom self-
signed SSL certificate. The custom self-signed SSL certificates generated by the SLC use the
SHA256 hash algorithm.
To view, reset, import, or change an SSL Certificate:
1. On the Services tab, click the Web Server page and click the SSL Certificate link. The
following page displays the current SSL certificate.
Cipher By default, the web uses High/Medium security (128 bits or higher) for the cipher.
This option can be used to configure the web to also support just High security
ciphers (256 bit, 168 bit and some 128 bit), or FIPS approved ciphers (see
Security.) Changing this option requires a reboot or restarting the web server
with the CLI command admin web restart for the change to take effect.
Use only SHA2 and
Higher Ciphers
By default, the web supports SHA1 as well as SHA2 and higher ciphers. Check
this option to support only SHA2 and higher ciphers. Changing this option
requires a reboot or restarting the web server with the CLI command "admin web
restart" for the change to take effect.
Group Access Specify one or more groups to allow access to the Web Manager user interface.
If undefined, any group can access the web. If one or more groups are specified
(groups are delimited by the characters ',' (comma) or ';' (semicolon)), then any
user who logs into the web must be a member of one of the specified groups,
otherwise access will be denied. Users authenticated via RADIUS may have a
group (or groups) provided by the RADIUS server via the Filter-Id attribute that
overrides the group defined for a user on the SLC. A group provided by a remote
server must be either a single group or multiple groups delimited by the
characters ',' (comma), ';' (semicolon), or '=' (equals) - for example
"group=group1,group2;" or "group1,group2,group3".
Banner Enter to replace default text displayed on the Web Manager home page after the
user logs in. May contain up to 1024 characters. Blank by default. To create
additional lines in the banner use the \n character sequence.
Network Interfaces The interfaces that the web server is available on. By default, Eth1, Eth2 and
PPP interfaces on modems are enabled.
Run Web Server If enabled, the web server will run and listen on TCP ports 80 and 443 (all
requests to port 80 are redirected to port 443). By default, the web server is
enabled. The web server supports TLS 1.0, TLS 1.1, and TLS 1.2. Due to
security vulnerabilities, SSL is not supported.
Note: This option can only be changed at the CLI.
{113579111315n LANTQONIX 3'43“" n s A s 3 mm. H ngggyggggm Ssssswm-mamsn ““55qu esmmnmsmpsm m ss~sss —wmm 6’ 1 w SSHITe‘nm/Lnnfiinu SNMP NFSICIFS SecumLammxmmnrk Dalell'lme WehServu CansnleFlow Web Sewer - SSL Certificate "“P'H Cumm ssL Cenfimk (Mann) Certifkate: A um: Version: 1 (EXB) Sena] mm a . is.” .E(:56 ssgnsms ”Mum shzzsshlnhRSAEnmypnnn Issuer. c=uss 5 “mm, l=lrviu!, D=lantmmx, 04:st usmm Not Before' m 95 2015 am Hot um : m as 2925 am mum: :=u5, Sirtzhfumxz, Lrlrxuna, Udzntmnx, 01:ch 5mm mus Key mm mm Key Algnrithm' pssznsrypnsn Puhlvie s (2%! Mt) ' Mums I REM) Nun: cnzngmg Ihe SSL Cemficale reqmres Mam. gamma“; ‘ a rebnul m res'anma use web sewev forme update m Lake ellecl \mpmSSL Cemficale A w; m-rps v Gemmm‘gflfififlf Rum Manama u mu Fxla) Number nfBM 2049 v Cemrrale mename :| We" no Numberol Days :| Key Manama ]—‘ Up‘ead m9 Gummy Name 7 Passphrass sum nr Prnvmce Name Relype Passphvase ]—‘ Lotzluy Name —‘ Hns‘ Orgamzsmm. Name Logln |:| Orgamzzum um Name :] Pam |:| Commas: Passwntd Email Address News Passmum OW'E'Eg‘jgf \— Retype menm < back="" (a="" wen="" server="" apply="">
7: Services
SLC™ 8000 Advanced Console Manager User Guide 125
Figure 7-12 SSL Certificate
2. If desired, enter the following:
Reset to Default
Certificate
To reset to the default certificate, select the checkbox to reset to the default
certificate. Unselected by default.
Root Filename Filename of the imported root or intermediate Certificate Authority. If HTTPS is
selected as the method for import, the Upload File link will be selectable to upload
a Certificate authority.
Import SSL Certificate To import your own SSL Certificate, select the checkbox. Unselected by default.
Import via From the drop-down list, select the method of importing the certificate (SCP,
SFTP, or HTTPS). The default is HTTPS.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 126
3. Click the Apply button.
Note: You must reboot the SLC advanced console manager for the update to take
effect.
4. To return to the Services > Web Server page, click the Back to Web Server link.
Certificate Filename Filename of the certificate. If HTTPS is selected as the method for import, the
Upload File link will be selectable to upload a certificate file.
Key Filename Filename of the private key for the certificate. If HTTPS is selected as the method
for import, the Upload File link will be selectable to upload a key file.
Passphrase /
Retype Passphrase
Enter the passphrase associated with the SSL certificate if the private key is
encrypted.
Host Host name or IP address of the host from which to import the file.
Path Path of the directory where the certificate will be stored.
Login User ID to use to SCP or SFTP the file.
Password /
Retype Password
Password to use to SCP or SFTP the file.
Generate custom self-
signed SSL Certificate
To generate your own custom self-signed certificate with attributes specific to your
site, select the checkbox. The SHA256 hashing algorithm will be used to generate
the certificate. Unselected by default.
Number of Bits The number of bits to use when generating the certificate: 2048, 3072 or 4096.
Number of Days The number of days that the certificate can be used before it expires, up to 7500
days.
Country Name The two letter country code for the custom certificate, e.g. "US" or "FR".
State or Province
Name
The state or province for the custom certificate, e.g. "California". Must be at least
2 characters long.
Locality Name The locality or city for the custom certificate, e.g. "Irvine". Must be at least 2
characters long.
Organization Name The organization or company name for the custom certificate, e.g. "Lantronix".
Must be at least 2 characters long.
Organization Unit
Name
The unit name for the custom certificate, e.g. "Engineering" or "Sales". Must be at
least 2 characters long.
Hostname or Common
Name
The hostname or other name associated with the SLC the certificate is generated
on, e.g., "slc100.engineering.lantronix.com". Must be at least 2 characters long.
Email Address An optional email address to associate with the custom certificate.
Optional Challenge
Password & Retype
Password
An optional password use to encrypt the custom certificate.
‘13579111215A LANTQONIX SLC 80"" 2 2 . a mum in figggggggm “Emu-Mgr.” Wigwam" mmmnaiovum m s-m "mm <1" 7="" f3="" e="" sswmnmogqmg="" sump="" nfsieifs="" socurlunrramxihtwunr="" dar-limi-="" wshslrv/er="" consaiiflow="" web="" sewer="" -="" web="" sessions="" hug?="" *="" back="" to="" web="" server="" tun-m="" w-b="" mm:="" tennlnale="" id="" user="" loni"="" time="" idle="" time="" i="" sysadmin="" umma="" 1s="" 45="" minimum="" device="" requires="" a="" unique="" device="" id="" to="" communicate="" with="" the="" e="" in="" the="" consoleflow="" settings.="" ifa="" device="" is="" not="" already="" pre="" sioned="" using="" lantronix="" provisioning="" manager="" (lf‘m).="" httg="" ww="" ntro="" '="" com/resources/qroduc="" '="" de="">
7: Services
SLC™ 8000 Advanced Console Manager User Guide 127
Services - Web Sessions
The Services > Web Server page enables you to view and terminate current web sessions.
To view or terminate current web sessions:
1. On the Services tab, click the Web Server page and click the Web Sessions link to the right.
The following page displays:
Figure 7-13 Web Sessions
2. To terminate, click the check box in the row of the session you want to terminate and click the
Terminate button.
3. To return to the Services > Web Server page, click the Back to Web Server link.
ConsoleFlow
ConsoleFlow is a cloud or on-premise portal for the centralized management of multiple SLC8000
devices. A browser based interface (including mobile phone app support) allows an administrator
to view status, send commands, view logs and charts and update firmware for an SLC 8000. Each
SLC can communicate with the cloud server or on-premise server, sending status updates,
responding to commands sent by the server.
An SLC device requires a unique Device ID to communicate with the ConsoleFlow portal. The ID
is viewable in the ConsoleFlow settings. If a device is not already pre-configured with the ID, the ID
must be provisioned using Lantronix Provisioning Manager (LPM). See the Provisioning Manager
User Guide at https://www.lantronix.com/resources/product-index/.
The ConsoleFlow client follows a sequence of steps to connect to the cloud or on-premise
ConsoleFlow server, send status updates, check for firmware and configuration updates, and
respond to commands from the server. This series of steps is the same each time the client starts
- at SLC boot, or if the client is enabled. Any changes to the ConsoleFlow Device ID, Registration
settings or Messaging settings require the ConsoleFlow client to be disabled and re-enabled for
the changes to take effect.
1. Registration
The client will attempt to register to the Registration Host using the Project Tag and Device
ID. If registration fails, the client will wait 30 seconds and retry. The client will retry until it is
successful, or the client is disabled. Registration may fail if the Project Tag is invalid, the
7: Services
SLC™ 8000 Advanced Console Manager User Guide 128
Device ID is invalid, the Registration Host name cannot be resolved, or the Registration Host
is not reachable. Once registration is successful, Status of Client will display Registered with
the date and time of registration. Note that the Registered date/time displayed in the SLC
status may be different from the registered date/time shown in the ConsoleFlow web UI. The
SLC registered date/time is the most recent date and time that the SLC registered with the
ConsoleFlow server. The registered date and time shown in the ConsoleFlow web UI is the
first time that the SLC ever registered with the ConsoleFlow server.
2. Telemetry
After registration, the client will connect to the Telemetry Host (the hostname is provided
during registration) and perform a telemetry handshake. This handshake may request that the
client publish a set of statistics at regular intervals. If a telemetry handshake is successful,
Status of Client will display Telemetry Handshake with the date and time of the handshake.
Each time telemetry statistics are published, Status of Client will display Telemetry
Statistics with the date and time the statistics were sent.
3. Messages and Status Updates
After the telemetry handshake, the client will connect to the Messaging Host to receive
messages and publish status updates. If the connection fails, the client will wait 5 seconds and
retry. The connection may fail if the Messaging Host name cannot be resolved, or the
Messaging Host is not reachable. Once the connection is successful, Status of Client will
display Messaging connected with the date and time the connection was established.
The client publishes status update messages (changes to device attributes) at the interval
defined by Interval between Status Updates. Each time a status update is published, Status
of Client will display Status with the date and time the status was sent. The client also
accepts command messages from the ConsoleFlow server to perform actions, such as reboot
or shutdown. Each time a message is received, Status of Client will display Message
received with the date and time the message was received.
4. Firmware and Configuration Updates
The client checks for firmware and configuration updates at the interval defined by Interval
between FW and Config Checks. When the client checks for firmware or configuration
updates, Status of Client will display Checked for Content with the date and time the check
was performed. If a firmware update is found, it will be applied to the alternate (non-active)
boot bank, and Status of Client will display Firmware updated with the date and time the
firmware was updated. If a configuration update is found, it will be applied to the current boot
bank, and Status of Client will display Configuration restored with the date and time the
configuration was restored.
LANTQONIX swam Host 5mm m miasvsnlslsA lEDsn U2 E2 2 .- s a 1n12u1s a ”WWW... WM." 2W...“ WWW, Cunmnmnmn m was usemmm Ina—m 4* ? ma “WWW W WWW mm Mm, mm ConsoleFlnw Hely?‘ camalenuwcnem w Stain: ofCllem Running Ms mm cmml: nlmmg (bonnet-d u: s-mn Inmaim: a: mum 19.x an smon am-npm) a: mum 1: as nemsma at mums 19:5 Nissaqmn Dal-muted at «Home 15:55 Checks! for comm a- mmms 19-55 sums sum 11.411102": 13:5: lmaval between status updates 2 ‘lmnules Imewzl belween rwm Qwfig 2‘ mos . Flmmre Updatesvla Carsalerw w, comuummn umales via H ConschbW ' new MIer Human; Updale n , Conneala mom w, Bunsakrlwcloud my. Dem: , Name ‘chamu Dem: Descnpnun Dewce ID SIN unawcwm Remmz Agnes cu sun seconds nmeoul Ramon: Antes; Dame Fun , 595mm nmemn summon O'H’lam a sea Reglmmn Hm ‘apw consolefiww com REJISIrallum 453 Use HWPS our .egsmnn w, mum: ocmfimlcswm HTI’FS n , Mesagmg SENIDS w, Messagmg H061 irnqn Lansuleflow com “Wm ‘apw canso‘eflow Dom use Hrws lur n4, Wan was»: nemnmles ‘ wm ' HTTPS Messaging ‘1 Services ' Messagmg : Hm nNII cam‘eflow com , Megagmg PM ‘443 Messaging Semms Sammy .1 Messagmg ‘ ‘ PM 43 Messaging Sen/Ices w Sammy
7: Services
SLC™ 8000 Advanced Console Manager User Guide 129
To configure ConsoleFlow settings:
1. Click the Services tab and select the ConsoleFlow option. The following page displays.
Figure 7-14 Services > ConsoleFlow
7: Services
SLC™ 8000 Advanced Console Manager User Guide 130
2. Enter the following:
Device Attributes
Registration Host
ConsoleFlow Client Enables or disables the ConsoleFlow client. This option is enabled by default,
unless an SLC is not configured with a Device ID. When the client is enabled, it
will attempt to register with the Registration Host. If this is successful, the
client will attempt to establish a connection with the Messaging Host. The
General log (see SSH/Telnet/Logging on page 104) will contain messages
about connections made to the Registration Host and Messaging Host. Status
of Client displays the last time of actions performed by the client. Note that
when the client is disabled, it may take as long as 30 seconds for the client to
terminate, depending on what actions the client was performing at the time it
was disabled.
Interval between status
updates
Number of minutes between status updates sent from the client to the server.
Valid values are 1 - 60 minutes. The default is 2 minutes.
Interval between FW
and Config Checks
Number of hours between checks for firmware and configuration updates
initiated by the server. Valid values are 1 - 72 hours. The default is 24 hours.
Firmware Updates via
ConsoleFlow
If enabled, firmware updates can be initiated by ConsoleFlow for the SLC. The
device will check for updates per the frequency defined by Interval between FW
and Config Checks, and if a firmware update is found, the update will be
downloaded to the device and applied to the alternate boot bank. Enabled by
default.
Configuration Updates
via ConsoleFlow
If enabled, configuration updates can be initiated by ConsoleFlow for the SLC.
The device will check for updates per the frequency defined by Interval between
FW and Config Checks, and if a configuration update is found, the update will
be downloaded to the device and applied to the current boot bank, and the SLC
will be immediately rebooted. Enabled by default.
Reboot after Firmware
Update
If enabled, the SLC will automatically reboot after a successful firmware update
via ConsoleFlow. Disabled by default.
Connect to Cloud If enabled, the SLC or SLB ConsoleFlow client uses Cloud server settings for
registration. Otherwise it uses On-Premise server settings. Enabled by default.
i.e., By default, ConsoleFlow Active connection is to Cloud.
Device Name The device name displayed in the ConsoleFlow server UI. Valid characters are
alphanumeric characters, dash "-", and underscore "_". The default is the
device type (SLC) with the last 4 characters of the Eth1 MAC address
appended.
Device Description Long description that is displayed in the ConsoleFlow server UI.
Device ID The unique device identifier. The ID is 32 alphanumeric characters. The ID may
be provisioned using Lantronix Provisioning Manager (LPM). Contact Lantronix
Tech Support for more information on LPM.
S/N Displays the serial number.
Registration Host Hostname of the server the client registers with. The Host Name should start
with api.
Registration Port The TCP port on the Registration Host. Defaults to 443.
Use HTTPS for
registration
If enabled, HTTPS (instead of HTTP) is used for registration. Enabled by
default.
7: Services
SLC™ 8000 Advanced Console Manager User Guide 131
Messaging Host
Remote Access Idle Timeout
3. To save, click Apply.
ConsoleFlow Commands
Go to ConsoleFlow Commands (on page 339) to view CLI commands which correspond to the
web page entries described above.
Validate certificates with
HTTPS
If enabled, use a certificate authority to validate the HTTPS certificate. A
certificate authority file can be uploaded on the Web Server page. Disabled by
default.
Messaging Services If enabled, messaging services are used for status updates and commands.
Enabled by default.
Messaging Host Hostname of the server used for messaging services. The hostname should
start with mqtt.
Messaging Port The TCP port on the Messaging Host. Defaults to 443.
Messaging Services
Security
If enabled, TLS is used for messaging. If Validate certificates with HTTPS is
enabled for the Registration Host, a certificate authority will be used to validate
the HTTPS certificates used for TLS. Enabled by default.
Remote Access CLI
Timeout
Remote Access CLI Connection will be idle timed out after a specified number
of seconds as defined in the Seconds field to the right. Enter a value from 1 to
1800 seconds. The default is 600 seconds.
Remote Access Device
Port Timeout
Remote Access Device Port Connection will be idle timed out after a specified
number of seconds as defined in the Seconds field to the right. Enter a value
from 1 to 1800 seconds. The default is 600 seconds.
SLC™ 8000 Advanced Console Manager User Guide 132
8: USB/SD Card Port
This chapter describes how to configure storage by using the Devices > USB / SD Card page and
CLI. This page can be used to configure the thumb drive and modems. The thumb drive or SD
card is useful for firmware updates, saving and restoring configurations and for device port
logging. See Firmware & Configurations (on page 279).
The SLC advanced console manager supports a variety of thumb drives.
This chapter describes the Web Manager pages and available CLI commands that configure the
SLC USB, ports and SD card. This chapter contains the following sections:
Set Up of USB/SD Card Storage
Manage Files
USB Commands
Set Up of USB/SD Card Storage
The Devices > USB / SD Card page has a checkbox for both USB Access and SD card access.
These checkboxes are a security feature to ensure that access to any USB device or the SD card
is disabled if the box is unchecked. If unchecked, the SLC unit ignores any device plugged into the
port.
To set up USB or SD card storage in the SLC 8000 advanced console manager:
1. Insert any of the supported storage devices into the USB port or the SD card slot on the front
of the SLC unit. You can do this before or after powering up the SLC 8000 advanced console
manager. If the first partition on the storage device is formatted with a file system supported by
the SLC unit (ext2, FAT16 and FAT32), the card mounts automatically.
2. Log into the SLC unit and click Devices.
3. Click USB / SD Card. Figure 8-1 shows the page that displays. Your storage device should
display in the appropriate row of the USB ports / SD card table if you have inserted it. If it does
not display and you have inserted it, refresh the web page.
4. View the USB/SD card information and options available on the page:
Port (view only) Port on the SLC unit where the USB device or SD card is inserted.
Device (view only) Type of USB device or SD card (modem or storage).
Type (view only) Information read from USB device or SD card.
State (view only) Indicates if the device is mounted, and if mounted, how much space is available.
USB Access
(check box)
Check to enable USB Access. Uncheck to disable USB access.
SD Card Access
(check box)
Check to enable SD Card Access. Uncheck to disable SD card access.
LANTQONIX swam Hm| almzsmmmm Usa sysadmin mm m m [1135 u: [124 Se‘mpanhr - Mummy: um. sums Bum Fons Cansoh Pan 0551 SD Card Immalmua-m RPMs Conunmws v e111.1I5171521zazszvzsanoassmsnuuu A s a mumsm2a22uzsuanuuassuuzuau B mmn (UP mm ConnzcbdDewcziDPanM {a 7 E} El Hos! Lists Snips Sms USBISD Card Helg‘fl u 55 Dames; a ”55%,ch nausaaemcenrsu Cam . has been mened m P“ ”9"“ 7”” 5"" rs m1 vlsfle m "mania U1 modem u s Home: Insefled Weasel revesh me web page U: m Cmpsbank Mmoebammrs Co ‘ La: 13132 munm Sue/Used/Auall Ta cnnflgle me smug: m a 399 camzmu Flashdnve commhef 31 mmomw 1M use dewceor SD Cad m2. mwnled Sszscd/Avai 33‘5““? ”m Mn" SD swans 256MB 234 mm mm m .an ngm commn usa Access w SD Cam Access w WW 5 V a 5 7 91v13x517r51129252129313335:7394‘434547 A n 2 4 e B101214161:20zzuzfinanazuzsutuozutsw a nut m an LANT?ON|X swam Uifli'fiflm ga‘wn'm - Cunnnguw wmsswovmm auumwnmmww. “mm mm m— m 7 69 E DCVIOI sums Dw‘cu Patti Coniolt Po" USE ( 5D Ca"! RPMS Cunmcllnni Hos! Llils SCHDB 5"“ use I so Card - Stomge M211 Pun su Mount 1 Dewce Menu: Unmaum ’ Wye 253MB Fovmat j Stat: axe,mnunhd,SlxelundmvmlZIIIJIMHIMRIE‘IM Fllssyslem EXVZ ‘ ‘FATm 7 PATH masysnem Chem Manage Fun: on sump Dav v , MIL]
8: USB/SD Card Port
SLC™ 8000 Advanced Console Manager User Guide 133
Figure 8-1 Devices > USB / SD Card
To configure a USB/SD card storage port, from the USB Ports / SD Card table,
1. Click the radio button (on the far right) of a USB or SD card device storage port.
2. Click Configure.
-Figure 8-2 shows the page that displays if a USB storage device is inserted.
-Figure 8-3 shows the page that displays if an SD Card is inserted.
Figure 8-2 Devices > SD Card > Configure
a 1 a 5 1 911131517192123252729113335111941114“? A LANT?ONIX swam 523255.};m W Wmssmmm Camemmmm mwm Wm wm Q 7 a El Dwicestllus Devlcehm consoloPon use/50cm: RPM; cannecwuns Hosmsts ScllpB Shes USB I SD Card - Storage Fan m Moum : Devlts smug. Unmoum , Wna Yoshlba comxlnguonnmmv IrZ.Dsfl0k[2!:B) me ' Stale ":31,mcuulm,5|zel|lsed/Avn\l14.AG/1e7.1M/1A36 FHesyslem . Em FATIS FATsz Fuesyscem Check iApP‘y
8: USB/SD Card Port
SLC™ 8000 Advanced Console Manager User Guide 134
Figure 8-3 Devices > USB > Configure
3. Enter the following fields.
4. Click Apply.
5. Click the Manage Files on Storage Device link to view and manage files on the selected USB
thumb drive or SD Card. Files on the storage device may then be deleted, downloaded or
renamed. See Manage Files on page 139 for more information.
To configure the USB Modem port, from the USB Ports table:
1. Click the radio button (on the far right) for Port U1 or U2.
2. Click Configure. Figure 8-4 shows the page that displays if a USB modem is inserted in Port
U1, or if Port U2 is selected.
Mount Select the checkbox to mount the first partition of the storage device on
the SLC unit (if not currently mounted). Once mounted, a USB thumb
drive or SD card is used for firmware updates, device port logging and
saving/restoring configurations.
Unmount To eject the USB thumb drive or SD card from the SLC unit , first
unmount the thumb drive or SD card . Select the checkbox to unmount it.
Warning: If you eject a thumb drive or SD card from the SLC unit
without unmounting it, subsequent mounts of a USB thumb drive or
SD card in may fail, and you will need to reboot the device to restore
thumb drive or SD card functionality.
Format Select to:
Unmount the USB/SD card device (if it is mounted)
Remove all existing partitions
Create one partition
Format it with the selected file system (ext2, FAT16 or FAT32)
Mount the USB device
Filesystem Select Ext2, FAT16 or FAT32, the filesystems the SLC supports.
Filesystem Check Select to run a filesystem integrity check on the thumb drive. This is
recommended if the filesystem does not mount or if the filesystem has errors.
:11 3 5 1 9111315171-321232527292133353739414345" A n 2 A a a 1n12101s1n2u227-2nnnwusssawuuwae e LANT?ONIX swam u2 WM 5:::,:';:::,:... seemm - mum wussmeemu; Cudvn‘t-JDeweyDPwM -mm 5...... mm G 7 *3 E mule-Sums MIC-Fons Consulul'on usB/sncara Rm: conmvons Holtusts scripts 311;: USB - Modem "9'E7l Pun m s1a1e DiaHn v w Mo Lag Dewce Modem Mme Text 16, PPP PPpLogamg E Type Hiuehi, m use sues 7 PPP Debug 5W9 WA GmuD Access lumahzmmn mp1 ATEWIxiQnMB 1m: smug: Modem Tuner»)! 9 No . .Ves,secmus(199991 Baud i1ézuu v Galleria Logglng L1 Mods.“ Cams,“ 7 v 1. L IU N be omens a DlalrbadKNumber 5:114:35,“ 7' 7 PENN none ' 7 7 Sum Bus '1' v D-aumcxnemy 15 seconds Flowcamm mm . DIaLhnckReires 3 Tumoue 111mm Log": : No Vesmlmneswao) 3 01am Hm L15! ‘Vundefmed v N051 Lms - PFP Moa- Yes anaHF 12.1.1.1 9 No Remme 11: 12.1.1.2 Aumenucamu _ PAP j cw Nuswsemame cum Handshake Secret/USE Password Negnuale 1P Address Relwe Password cum: Aum Uses 91mm: H1151 ,Lecel users Same amnenmuon 1m mam s DmLmrDemam (DOD) DOD Aumermcamn 7.1m: cum: Husuuwmams. 7 DOD cm? Handshake Seem/Use! Pesswmu 1 1 Relype Password ‘7 ' . Enahle NAT r m.- smug w WM 1: Forwardml us [renamed Datum Number 1 Remnemlawm Loam Remute/mamut Pwd Remus Resmn Da‘fiy 30 seconds sac? Server F New Nu Camatk cscp cuem Type 91Mm1nrdefined Number .1 Usememu Number IF swings Seance 91None Jane. ‘ .ssN . .1012 rampart Emé ' Amnenucme m SSH Pm 3M9 Amnenueme TCP Pan 4045 Amhenucme I" New
8: USB/SD Card Port
SLC™ 8000 Advanced Console Manager User Guide 135
Figure 8-4 Devices > USB > Modem
8: USB/SD Card Port
SLC™ 8000 Advanced Console Manager User Guide 136
3. Enter the following fields.
Data Settings
Note: Check the modem’s equipment settings and documentation for the proper
settings. The attached modem must have the same settings.
Modem Settings
Note: Depending on the State and Mode you select, different fields are available.
Baud The speed with which the device port exchanges data with the attached serial
device.
From the drop-down list, select the baud rate. Most devices use 9600 for the
administration port, so the device port defaults to this value. Check the equipment
settings and documentation for the proper baud rate.
Note: Cypress ACM-based USB to serial chip set does not support 230400 baud
rate.
Data Bits Number of data bits used to transmit a character. From the drop-down list, select
the number of data bits. The default is 8 data bits.
Parity Parity checking is a rudimentary method of detecting simple, single-bit errors.
From the drop-down list, select the parity. The default is none.
Stop Bits The number of stop bit(s) used to indicate that a byte of data has been transmitted.
From the drop-down list, select the number of stop bits. The default is 1.
Flow Control A method of preventing buffer overflow and loss of data. The available methods
include none, xon/xoff (software), and rts/cts (hardware). The default is none.
State Indicates whether an external modem is attached to the device port. If enabling,
set the modem to dial-out, dial-in, dial-back, dial-on-demand, dial-in/host list, or
dial in, dial-on-demand, CBCP Server, and CBCP Client. Disabled by default. See
Modem Dialing States (on page 211) for more information.
Mode The format in which the data flows back and forth:
Text: In this mode, the SLC unit assumes that the modem will be used for
remotely logging into the command line. Text mode can only be used for
dialing in or dialing back. Text is the default.
PPP: This mode establishes an IP-based link over the modem. PPP
connections can be used in dial-out mode (e.g., the SLC 8000 advanced
console manager connects to an external network), dial-in mode (e.g., the
external computer connects to the network that the SLC unit is part of), or dial-
on-demand.
Use Sites Enables the use of site-oriented modem parameters which can be activated by
various modem-related events (authentication, outbound network traffic for dial-
on-demand connections, etc.). Sites can be used with the following modem
states: dial-in, dial-back, dial-on-demand, dial-in & dial-on-demand, dial-back &
dial-on-demand, and CBCP server.
8: USB/SD Card Port
SLC™ 8000 Advanced Console Manager User Guide 137
Text Mode
Group Access If undefined, any group can access the modem (text login only). If one or more
groups are specified (groups are delimited by the characters ' ' (space), ','
(comma), or ';' (semicolon)), then any user who logs into the modem must be a
member of one of the specified groups, otherwise access will be denied. Users
authenticated via RADIUS may have a group (or groups) provided by the
RADIUS server via the Filter-Id attribute that overrides the group defined for a
user on the SLC 8000 advanced console manager. A group provided by a remote
server must be either a single group or multiple groups delimited by the
characters ' ' (space), ',' (comma), ';' (semicolon), or '=' (equals) - for example
"group=group1,group2;" or "group1,group2,group3".
Initialization Script Commands sent to configure the modem may have up to 100 characters. Consult
your modem’s documentation for recommended initialization options. If you do
not specify an initialization script, the SLC unit uses a default initialization string of
AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0.
Note: We recommend that the modem initialization script always be preceded
with AT and include E1 V1 x4 Q0 so that the SLC unit may properly control the
modem.
Modem Timeout Timeout for all modem connections. Select Yes (default) for the SLC 8000
advanced console manager to terminate the connection if no traffic is received
during the configured idle time. Enter a value of from 1 to 9999 seconds. The
default is 30 seconds.
Caller ID Logging Select to enable the SLC unit to log caller IDs on incoming calls. Disabled by
default.
Note: For the Caller ID AT command, refer to the modem user guide.
Modem Command Modem AT command used to initiate caller ID logging by the modem.
Note: For the AT command, refer to the modem user guide.
Dial-back Number Users with dial-back access can dial into the SLC 8000 advanced console
manager and enter their login and password. Once the SLC unit authenticates
them, the modem hangs up and dials them back.
Select the phone number the modem dials back on -a fixed number or a number
associated with their login. If you select Fixed Number, enter the number (in the
format 2123456789).
The dial-back number is also used for CBCP client as the number for a user-
defined number. See Device Ports - Settings (on page 146) for more information.
Dial-back Delay For dial-back and CBCP Server, the number of seconds between the dial-in and
dial-out portions of the dialing sequence.
Dial-back Retries Specify the number of times to retry dialing back.
Timeout Logins If you selected Text mode, you can enable logins to time out after the connection is
inactive for a specified number of minutes. The default is No. This setting is only
applicable for text mode connections. PPP mode connections stay connected until
either side drops the connection. Disabled by default.
Dial-in Host List From the drop-down list, select the desired host list. The host list is a prioritized list
of SSH, Telnet, and TCP hosts that are available for establishing outgoing modem
connections or for connect direct at the CLI. The hosts in the list are cycled
through until the SLC unit successfully connects to one.
To establish and configure host lists, click the Host Lists link.
8: USB/SD Card Port
SLC™ 8000 Advanced Console Manager User Guide 138
PPP Mode
Negotiate IP Address If the SLC unit and/or the serial device have dynamic IP addresses (e.g., IP
addresses assigned by a DHCP server), select Yes. Yes is the default.
If the SLC unit or the modem have fixed IP addresses, select No, and enter the
Local IP (IP address of the port) and Remote IP (IP address of the modem).
Authentication Enables PAP or CHAP authentication for modem logins. PAP is the default.
With PAP, users are authenticated by means of the Local Users and any of the
remote authentication methods that are enabled. With CHAP, the CHAP
Handshake fields authenticate the user.
CHAP Handshake The Host/User Name (for UNIX systems) or Secret/User Password (for
Windows systems) used for CHAP authentication. May have up to 128 characters.
CHAP Auth Uses For CHAP authentication, determines what is used to validate the CHAP Host
and Chap Local host/user sent by the remote peer: either the CHAP Host
defined for the modem, or any of the users in the Local Users list.
Same authentication for
Dial-in & Dial-on-Demand
(DOD)
Select this option to let incoming connections (dial-in) use the same
authentication settings as outgoing connections (dial-on-demand). If this option
is not selected, then the dial-on-demand connections take their authentication
settings from the DOD parameter settings. If DOD Authentication is PAP,
then the DOD CHAP Handshake field is not used.
DOD Authentication Enables PAP or CHAP authentication for dial-in & dial-on-demand. PAP is the
default. With PAP, users are authenticated by means of the Local Users and
any of the remote authentication methods that are enabled. With CHAP, the
DOD CHAP Handshake fields authenticate the user.
DOD CHAP Handshake For DOD Authentication, enter the Host/User Name for UNIX systems) or
Secret/User Password (for Windows systems) used for CHAP authentication.
May have up to 128 characters.
Enable NAT Select to enable Network Address Translation (NAT) for dial-in and dial-out
PPP connections on a per modem (device port or USB port) basis. Users
dialing into the SLC access the network connected to Eth1 and/or Eth2.
Note: IP forwarding must be enabled on the Network > Network Settings (1 of
2) page for NAT to work. See Chapter 6: Basic Parameters on page 68.
Dial-out Number Phone number for dialing out to a remote system or serial device. May have up
to 20 characters. Any format is acceptable.
Remote/Dial-out Login User ID for authentication when dialing out to a remote system, or if a remote
system requests authentication from the SLC device when it dials in. May have up
to 32 characters. This ID is used for authenticating the SLC unit during the dial-out
portion of a dial-back (including CBCP server) and dial-on-demand.
Remote/Dial-out Pwd Password for authentication when dialing out to a remote system, or if a
remote system requests authentication from the SLC unit when it dials in. May
have up to 64 characters.
Retype Re-enter password for dialing out to a remote system. May have up to 64
characters.
Restart Delay The number of seconds after the timeout and before the SLC 8000 advanced
console manager attempts another connection. The default is 30 seconds.
CBCP Server
Allow No Callback
For CBCP Server state, allows "No Callback" as an option in the CBCP
handshake in addition to User-defined Number and Admin-defined Number.
CBCP Client Type For CBCP Client, this selects the number that the client would like to use for
callback - either a user-defined number passed to the server (specified by the
Fixed Dial-back Number) or an administrator-defined number determined by
the server based on the login that is PAP or CHAP authenticated.
a I 3 5 1 9 1/1:1517/92123252729311335373941434541 a LANTR’ONIX swam H usziiwmm an WWW, WWW/W, m-— mm- mm m -’ 63 E Mlcnsmus Dcv/c-Fons consul-Pan use/sncam RPM: conmcuans HoflLlns Scripts Sims Firmware a. Configurations - Manage Files .Eack agsa/sg card 510m 9 Fllas-USBPMIH‘I Nam lam/11m. sand ssH Km ssL com/1cm Sulms slccpyrsmdg ng 04/13/15 23 43 15 N N u apasss/CAEREHID- , slum ‘91 04/14/15 us 55 as v v v alcRaV‘s/ZDJSRS» DANA/16 as m 32 v v v ales/g n]: SLC-UPDATE- , 7‘ a URN W 05/25/15 0/ a: 55 MA MA MA / mam ublis n5a5/15 n7 1/ as N/A N/A N/A
8: USB/SD Card Port
SLC™ 8000 Advanced Console Manager User Guide 139
IP Settings
4. Click Apply.
Manage Files
To manage files, perform the following steps.
1. Click the Manage Files on the Storage Device link on the Devices > USB > Configure page.
Figure 8-5 Firmware and Configurations - Manage Files
Service The available connection services for this modem port (None, Telnet, SSH, or
TCP). Only one can be active at a time. The default is None.
Telnet Port Telnet Port Telnet session port number to use if you selected Telnet. Defaults:
USB Port U1: 2049
USB Port U2: 2050
Range: 1025-65535
SSH Port The SSH session port number to use if you selected SSH.
Defaults:
USB Port U1: 3049
USB Port U2: 3050
Range: 1025-65535
TCP Port The TCP (raw) session port number to use if you selected TCP.
Defaults:
USB Port U1: 4049
USB Port U2: 4050
Range: 1025-65535
Authenticate
(checkbox)
If selected, the SLC unit requires user authentication before granting access to
the port. Authenticate is selected by default for Telnet Port and SSH Port, but
not for TCP Port.
8: USB/SD Card Port
SLC™ 8000 Advanced Console Manager User Guide 140
Note: The Delete, Download, and Rename options are at the bottom of the page (Figure 8-5).
2. To delete a file, click the check box next to the filename and click Delete File. A confirmation
message displays.
3. To download a file, click the Download File button. Select the file from the list.
4. To rename a file, click the check box next to the filename and enter a new name in the New
File Name field.
5. Click Rename File.
USB Commands
Go to USB Access Commands, USB Device Commands, USB Storage Commands, and USB
Modem Commands to view CLI commands which correspond to the web page entries described
above.
SD Card Commands
Go to SD Card Commands to view CLI commands which correspond to the web page entries
described above.
SLC™ 8000 Advanced Console Manager User Guide 141
9: Device Ports
This chapter describes how to configure and use an SLC advanced console manager port
connected to an external device, such as a server or a modem. The subsequent chapter,
Chapter 11: Connections describes how to use the Devices > Connections web page to connect
external devices and outbound network connections (such as Telnet or SSH) in various
configurations. The Devices > Console Port page allows you to configure the console port, if
desired.
Connection Methods
A user can connect to a device port in one of the following ways:
1. Telnet or SSH to the Eth1 or Eth2 IP address, or connect to the console port, and log in to the
command line interface. At the command line interface, issue the connect direct or connect
listen commands.
2. If Telnet is enabled for a device port, Telnet to <Eth1 IP address>:< telnet port
number> or <Eth2 IP address>:<telnet port number>, where telnet port number is
uniquely assigned for each device port.
3. If SSH is enabled for a device port, SSH to <Eth1 IP address>:<ssh port number> or
<Eth2 IP address>:<ssh port number>, where ssh port number is uniquely assigned for
each device port.
4. If TCP is enabled for a device port, establish a raw TCP connection to <Eth1 IP
address>:<tcp port number> or <Eth2 IP address>:<tcp port number>, where
tcp port number is uniquely assigned for each device port.
5. If a device port has an IP address assigned to it, you can Telnet, SSH, or establish a raw TCP
connection to the IP address. For Telnet and SSH, use the default TCP port number (23 and
22, respectively) to connect to the device port. For raw TCP, use the TCP port number defined
for TCP In to the device port according to the Device Ports - Settings (on page 146) section.
6. Connect a terminal or a terminal emulation program directly to the device port. If logins are
enabled, the user is prompted for a username/password and logs in to the command line interface.
For #2, #3, #4, #5, and #6, if logins or authentication are not enabled, the user is directly
connected to the device port with no authentication.
For #1 and #6, if logins are enabled, the user is authenticated first, and then logged into the
command line interface. The user login determines permissions for accessing device ports.
Permissions
There are three types of permissions:
1. Direct (or data) mode: The user can interact with and monitor the device port (connect direct
command).
2. Listen mode: The user can only monitor the device port (connect listen command).
3. Clear mode: The user can clear the contents of the device port buffer (set locallog <port>
clear buffer command).
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 142
The administrator and users with local user rights may assign individual port permissions to local
users. The administrator and users with remote authentication rights assign port access to users
authenticated by NIS, RADIUS, LDAP, Kerberos and TACACS+.
I/O Modules
The SLC module port configuration can be changed by adding or replacing I/O modules in the I/O
module bays. Any changes to the I/O modules must be done while the SLC unit is powered off.
The following I/O module configurations are supported (Bay 1 is the leftmost bay when viewing the
back of the SLC 8000 advanced console manager where the device ports are located):
Table 9-1 Supported I/O Module Configurations
Note: A 16-port RJ45 module is shown as "RJ45-16" in the About page in the Web
interface and the output of the admin version command in the CLI, and a 8-port
module is shown as "RJ45-08". A 16-port USB module is shown as “USB-16.” For
example, I/O Module Type(s): RJ45-08, RJ45-16, and RJ45-16 indicate that the SLC
unit has an 8-port I/O module in Bay 1, and 16-port modules in Bay 2 and 3. Please note
that only the following configurations are available from Lantronix: SLC 8008, SLC 8016,
SLC 8032 and SLC 8048 modules. The SLC 8024 and SLC 8040 console managers can
only be created by adding 16-port RJ45 modules to an existing SLC 8008 unit.
The number of device ports in a SLC 8000 advanced console manager can be expanded by
adding 16-port I/O modules in Bay 2 and Bay 3, or by swapping an 8-port I/O module in Bay 1 for
a 16-port module. The configurations listed above are the only valid configurations; if any other
configuration is detected at boot, the SLC unit will still boot, disable use of the device ports, and
provide indications in the boot messages, in the CLI and in the web that the I/O configuration is
invalid. When an invalid configuration is corrected by reconfiguring the I/O modules into a valid
configuration, after the SLC module is powered up and booted, the valid configuration will be
detected and the SLC module ports can be used again.
For the SLC 8024 and SLC 8040 modules, with an 8-port I/O module in Bay 1, the device ports will
be numbered 1-8 and 17-32 (for the SLC 8024 model) and 1-8 and 17-48 (for the SLC 8040
model). See Figure 9-2 Devices > Device Status on page 143.
Restoring a configuration to the SLC 8000 advanced console manager will automatically adjust the
number of device ports to reflect the number of ports in the SLC unit the configuration is being
restored to. For example, a configuration that is saved on an SLC 8048 unit and restored to an
SLC 8016 unit will have the last 32 ports removed from the configuration. Conversely, a
configuration that is saved on a SLC 8016 unit and restored to a SLC 8048 unit will have 32 device
ports (with factory default settings) added to the configuration.
Model Bay 1 Bay 2 Bay 3
SLC 8008 8-port module Empty Empty
SLC 8016 16-port module Empty Empty
SLC 8024 8-port module 16-port module Empty
SLC 8032 16-port module 16-port module Empty
SLC 8040 8-port module 16-port module 16-port module
SLC 8048 16-port module 16-port module 16-port module
LANTQONIX swag“ trnsnmlm 21:; v ammqummmm :3 «man: samzmmmzmszamw mums; figgfigfs‘fih mehvlwflwvaunn mmsmnvw CmmMc-mvnnm mmmm-w wm “Wag amusxm u. are!“ Canal-Purl usarsncm mummm RPM: Cam-mans HullLuh Snnpu Suns Device status m :2] Consult Pm coma mmmmcm m: mm. Dsfi mow“ Enws gm; “" 1 pom Yes an) a me 2 PM? Ves W32 0 5'33“" a PM: Yes mo n m A Full Yes cm a We 5 Pairs Y6 am a m a paw. Yes cm n m: 7 FmT u» on a We a ma No «w n we 9 mm N0 an a me ya me m an a m u mu m cm a We 1: ram N0 on a me 13 pm: N0 cm n m: w PM” No (no a We I5 Fans N0 am a me 15 Farm m an n MI: W F0111? No (no a Mb 15 mm No on a me I9 Fume N0 M7 a mi: an mm m an a m 2‘ Fm?‘ u» cm n We 22 Pam N0 on a me 23 mm m cm n m: 24 Funk No (no a Mb 5 mm N0 M7 a me 25 Fans m an n M: 21 Fan 27 No (no a m 23 szs m am a me as mm m an n Me an mm m. 0/0 n m 3‘ [701131 Yes cm a We :2 Fan: N0 on a me 33 Puma m cm n m 34 my No (no a We 15 was N0 M7 a me as Pumas N0 on a me 37 mu m an a m as Paws m 0/0 a me as Fans No on n me «a mu um um n m u PM“ No no a his oz m4: N0 am a me 4; Farm m cm n m: 4: Full‘ No (no a We 45 mus N0 M7 a min :16 M46 N0 on a me a mu m an a m as Pulls m am a me
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 143
Device Status
The Devices > Device Status page displays the status of the SLC ports, USB ports and SD card
ports.
1. Click the Devices tab and select the Device Status option. The following page displays:
Figure 9-2 Devices > Device Status
3 5 7 a flI:151719212325272911assssnuunsn A LANTQONIX swam . 2 4 5 a101214m1.3202224262830321.135384042444543 a 53333;", mm.“ ‘g‘cmm Magnum) mama, WWW Wu. Mm mm «a 7 a} a Davlnestilus Davlce Park CnnsolePnn USBISDCam am: cannecuom HnSILisls sunprs Sues Devlce Ports Helg?‘ "' “SSW“ "' Pm "“m'm‘ Pam: 1-16' 1 2 33-48 Configure Ranumbav Illa TO‘ml M, SSH III or —‘ m;- In pm Numbeflbr all Dawes Fan; Nu Mame Made sum I Port-I ml: , ‘ 2 Pod-2 Idle V 3 FW-S NIB 7 ‘ smug 1c; Fan: 4001 d Pod-4 ml! 5 N175 mus , ‘ WY , 5 ma MI: , 7 Furl-7 Idle 1 a Puma Idle : 9 Pod-5 ml! 1 1D Pod-ID MI! I n Pod-11 MI: : ‘ IZ Pod-12 ml! 13 mm Idle 3 ‘ u pm.“ MI: : 15 Fan-15 Idl! ‘ is ForHE Idle :
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 144
Device Ports
On the Devices > Device Ports page, you can set up the numbering of Telnet, SSH, and TCP
ports, view a summary of current port modes, establish the maximum number of direct
connections for each device port, and select individual ports to configure.
1. Click the Devices tab and select the Device Ports option. The following page displays:
Figure 9-3 Devices > Device Ports
Current port numbering schemes for Telnet, SSH, and TCP ports display on the left. The list of
ports 1-16 on the right includes the individual ports and their current mode.
Note: For units with more ports, click the buttons above the table to view additional
ports.
Icons that represent some of the possible modes include:
Idle The port is not in use.
The port is in data/text mode.
Note: You may set up ports to allow Telnet access using the IP Setting per Device Ports -
Settings (on page 146).
An external modem is connected to the port. The user may dial into or out of the port.
Telnet in or SSH in is enabled for the device port. The device port is either waiting for a Telnet
or SSH login or has received a Telnet or SSH login (a user has logged in).
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 145
To set up Telnet, SSH, and TCP port numbering:
1. Enter the following:
Telnet/SSH/TCP in Port Numbers
Caution: Ports 1-1024 are RFC-assigned and may conflict with services running
on the SLC 8000 advanced console manager. Avoid this range.
2. Click the Apply button to save the settings.
To set limits on direct connections:
1. Enter the maximum number (1-10) of simultaneous direct connections for each device port.
The default is 1.
2. Click the Apply button to save the settings.
To configure a specific port:
1. You have two options:
-Select the port from the ports list and click the Configure button. The Device Ports >
Settings (1 of 2) page for the port displays.
-Click the port number on the green bar at the top of each page.
2. Continue with directions in the section, Device Ports - Settings (on page 146).
DevicePort Global Commands
Go to Device Port Commands to view CLI commands which correspond to the web page entries
described above.
Starting Telnet Port Each port is assigned a number for connecting via Telnet. Enter a number (1025-
65528) that represents the first port. The default is 2000 plus the port number. For
example, if you enter 2001, port 1 will be 2001 and subsequent 2000 ports are
automatically assigned numbers 2001, 2002, and so on.
Starting SSH Port Each port is assigned a number for connecting via SSH. Enter a number (1025-
65528) that represents the first port. The default is 3000 plus the port number. For
example, if you enter 3001, port 1 will be 3001 and subsequent 3000 ports are
automatically assigned numbers 3001, 3002, and so on.
Starting TCP Port Each port is assigned a number for connecting through a raw TCP connection. Enter
a number (1025-65528) that represents the first port. The default is 4000 plus the
port number. For example, if you enter 4001, port 1 will be 4001 and subsequent
4000 ports are automatically assigned numbers 4001, 4002, and so on.
You can use a raw TCP connection in situations where a TCP/IP connection is to
communicate with a serial device. For example, you can connect a serial printer to a
device port and use a raw TCP connection to send print jobs to the printer over the
network.
Note: When using raw TCP connections to transmit binary data, or where the break
command (escape sequence) is not required, set the Break Sequence of the
respective device port to null (clear it).
m a 1 3 5 a M13151119212325277‘3313335371941“4557 A LCDSD uz Ex 2 1 e. a1n12H1618202224ZSZHSDZZIHAQZEMM«45“; a swim"). rmmm :WehsstPump 'mmmmmumm LANTQONIX SLC 8048 Lama a ‘ a 5 7 9 w w151719211325212931'aaarnauuusn; z: 2 4 s s mammzuzzzaznzaanaz muuuwm 533,293,," WWW mummy," , wmsstPr-m ‘ cuwmnmmvmm -m—mmm WEE lecgsnms DevlcePorls ConsnlePon usa/sncam am: Connections nasmsts Scripts Sfles Devlce Pom Nelg?‘ mmsswmp In Pan uumbm . runs. 1-15 17-32 334:; Configure R.numm.r.mmn.ssmm ' i TCPIanNumewallDav/mPuns "0 "In" ”W- 5m" summelmm m1 ' PW We ' ShmngSSHPm 3061’ 2 ”“2 ""° :1 m4 we swung m: m» 4001 4 Pon4 rm- 5 Pun-5 m ' Apply 6 me we , 1 Pan-7 Im- a mm m. s vane me my mun we H mm m ‘2 ram-12 m ' 13 m4: Ime , u pm: [me '5 Pod-15 we <5 pun-is="" m="" '="">
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 146
Device Ports - Settings
On the Device Ports > Settings (1 of 2) page, configure IP and data (serial) settings for individual
ports, and if the port connects to an external modem, modem settings as well.
To open the Device Ports - Settings page:
1. You have two options:
-Dashboard
Make sure the Configuration radio button directly beneath the Dashboard is selected and
click the desired port number in the Dashboard. The Dashboard is located on the upper
right corner of each Web Manager page (see Chapter 5: Web Page Layout.)
-Device Ports Page
Click the Devices tab, then click the Device Ports link. Select the port you want to
configure and then click the Configure button. Higher numbered ports can be displayed
using the "1-16", "17-32" and "33-48" buttons at the top of the Device Port list.
‘13571112151‘ LANT?ON|X 31-0307" a 2 . 5 u mg {glam 54.5mm - 9mm” Wehssuwmn ammummmm mm— Ms W- {3, 7 B E Demo: sum DevlcePorIs cansm Pull usersncm RPM: came-mus Xmudem Has-um Scrlp‘s SHE Device Pans - Setfings Hum Pan 9 Luggng5EvEnVs swing Puwel Management swing Mode Idle summam \ndef ed v use as“: "on: Name Puma w 5mm; Dam Part Name Telnenn ’ Part E Amhcmlcamn 7 Damn Name — ME"; “10"“ Te‘nexTxmeom v Sscunds 600 ‘ Dam Dueflmn Bum Dwmdmns GmuD mess Telnex Sun we Mode Bannav 55H m ’ Pun: Aumenucanun 3 fl “olSessmns M59 SSH TxmeuA v Secunds sou Data mm“ Both Duedmns v M: “mam Msg ’ mu m ’ Port 4009 Amhcmlcamn ’ mm M“ 3 m: Meow . Sscunds 600 ‘ Dam Dueflmn Inmmmg Nalwmk v New ”5“ “5" IP Address/Nevmsk Bus Mlmnnze Laxency [ Send Term 5an Tenn 5mm meek SEuuence \xle mm: mm mm Swervetnl Dulce pm («wetland m law um mnnmlms wew Purl Lug Seq \xle View PM an Zevo Purl Cnumefs , > u Baud asun v sum mamm v PFFLDggmg mm W mm . Tan H» mnemg 7 mm; m mm mom mme . Mmemnmm . Na yessmmmm ‘ Emn‘emwns Calcvmwawmu Moflemcnmmanfl :] WNW-Ms fl . LmlesevNumber Com-emu] D‘alrhack Dday second: USE Charm-3‘ 1 DlawackRelnes ‘3 ‘ Naldwar: Sinnah '9“ "“19 cmk DER man" fimeuullogns . No Yes‘mmulesflrw) ”mm a" as»: my." Hus! m wde’med v > Ayn um 4 ”P "D" . v L HF om (1mm Nmm v Mame x? mm“ ‘5 m Nn Remnlr u:
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 147
The following page displays:
Figure 9-4 Device Ports > Settings (1 of 2)
Flgure 9-5 Devlfze Ports > Seltlngs (2 of 2) am; pm... « "0 Rem ‘P \ Aumenncauon -FAF CHAP Hon/user Name CHAP Handshake Sena/User Fasswmd Relwe Password use vaus v Pun m; and Chunk-s DER/CD Nu an: Nu CHAPAmh U55 . CHAP Host Luca‘ Users crs No Same numemmm 1 ms "a fur mam. & DmLmogmam (Dom Ems WW a nun Amhenncahm . PAP CHAP Bytes nuwnl u Hosuusey Name “W“ ""7” ” DOD CHAP Hamshake Scum/Use! Password |: Pamy enors n Ovenuneymys u Ram‘s ”SSW" K; Flaw 9mm ervors u Enable NAT um. flung my mm W Mmmmgmhumaum 5mm; me when u Damn Numhzr Remme/Dmlom Logm Ramom/Dwaknm Passmmd Retype Regan Daisy an semnas cam: Sewer Anew No camack CECP Chem Me . menrdefined Number Usememed Number
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 148
Figure 9-5 Device Ports > Settings (2 of 2)
2. Enter the following:
Device Port Settings
Port Displays number of port; displays automatically.
Mode The status of the port; displays automatically.
USB Device This field is only displayed for USB ports. If a USB device is connected to the
device port, this displays the USB version, speed, and a short type description for
the USB device. The SLC supports up to 48 USB type A (Host) devices at data
rates of HS (480 Mbit/s), FS (12 Mbit/s) or LS (1.5 Mbit/s). Each port has VBUS 5V
support of up to 100mA (but not too exceed 600mA total per 16-port USB I/O
module). Drawing more than 150 mA on a USB device port will shut down the
VBUS 5V. USB ports are designed for data traffic only, and are not designed for
charging or powering devices. Overcurrent conditions may disrupt operations.
Name The name of the port. Valid characters are letters, numbers, dashes (-), periods,
and underscores ( _ ).
Detect Port Name If enabled, the SLC will attempt to detect the hostname of the device connected to
the device port, and set the device port name to the detected hostname. Many
devices use their hostname or another identifier as the device prompt, and the SLC
can extract this name from the prompt using the Detect Name Tokens.
If the device port name is set to the default value, when a user interacts with a
device connected to a device port, the SLC will look for the device prompt and set
the device port name. The device prompt must be output at least 3 times in a single
session for the prompt to be detected and the name extracted from the prompt.
Any characters that are not part of the allowed characters for the device port Name
will be removed. If the device name is automatically detected, the name will be
logged in the Device Ports log.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 149
Detect Name Tokens If Detect Port Name is enabled, the SLC will attempt to extract a hostname or
other identifier from the device prompt, to use as the device port name. The SLC
will extract any name between either the start of a line sent from the device up until
one of the tokens, or any part of a prompt that does not include the tokens, as the
device port name.
For example, if the device prompt is set to [slc431d]>, and the Detect Name
Tokens include "[" and "]", the SLC will extract the identifier slc431d and set it as
the device port name. If the device prompt is set to myrouter>, and the Detect
Name Tokens include ">", the SLC will extract the identifier myrouter and set it as
the device port name.
Group Access If undefined, any group can access the device port. If one or more groups are
specified (groups are delimited by the characters ' ' (space), ',' (comma), or ';'
(semicolon)), then any user who logs into the device port must be a member of one
of the specified groups, otherwise access will be denied. Users authenticated via
RADIUS may have a group (or groups) provided by the RADIUS server via the
Filter-Id attribute that overrides the group defined for a user on the SLC unit. A
group provided by a remote server must be either a single group or multiple groups
delimited by the characters ' ' (space), ',' (comma), ';' (semicolon), or '=' (equals) -
for example "group=group1,group2;" or "group1,group2,group3".
Banner Text to display when a user connects to a device port by means of Telnet, SSH, or
TCP. If authentication is enabled for the device port, the banner displays once the
user successfully logs in. Blank is the default.
# of Sessions Msg If enabled, a message will be displayed to a user when connecting to a device port
that indicates how many users are currently connected to the device port. Disabled
by default.
Idle Timeout Msg If enabled, a message will be displayed to a user when their connection to a device
port will be terminated soon due to the connection being idle. Disabled by default.
Note: When the Idle Timeout Msg is enabled, the terminal application timeout
values for Telnet, SSH and TCP should be set to a value greater than 15 seconds.
Connected Msg If enabled, a message will be displayed to a user when they initially connect to a
device port. Enabled by default.
New User Msg If enabled, a message will be displayed to all the users connected to the device
port when a new user connects to the same device port. Disabled by default.
Minimize Latency Minimize device port latency by reducing read delays. This may improve
communication efficiency in scenarios where a series of short messages are
exchanged, but may increase CPU utilization and decrease throughput in cases
where large messages are transmitted. Disabled by default.
Break Sequence A series of one to ten characters users can enter on the command line interface to
send a break signal to the external device. A suggested value is Esc+B (escape
key, then uppercase “B” performed quickly but not simultaneously). You would
specify this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed
by a B.
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
View Port Log Seq The key sequence used to view the Port Log while in Connect Direct mode. Non-
printing characters can be specified by giving their hexidecimal code (see Break
Sequence above). The default is Esc+V (\x1bV).
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
View Port Log Select to allow the user to enter the View Port Log Sequence to view the Port Log
during Connect Direct mode. The default is disabled.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 150
IP Settings
Zero Port Counters Resets all of the numerical values in the Port Counters table at the bottom of the
page to zero (0).
Logging & Events Click the Settings link to configure file logging (see Device Ports - Logging and
Events on page 163), email logging, local logging, and USB logging.
Power Management Click the Settings link to configure power supplies for the device connected to this
device port on the Device Ports - Power Management page.
Connected to The type of device connected to the device port. Currently, the SLC unit supports
Remote Power Managers (PDUs and UPSes) from 140+ vendors, as well as
Sensorsoft devices. If the connected device is an RPM, the user can assign an
RPM to the device port by either select an existing RPM (via the Select dropdown)
or clicking the Add RPM link to configure a new RPM for the SLC. If an RPM is
already assigned to the device port, the user can click on the Selected RPM link to
view status and configuration for the RPM. If the connected device is a Sensorsoft
device, the user can click on Device Commands to manage the Sensorsoft
device. If the type of device connected to the device port is not listed, select
Undefined.
Note: Sensorsoft temperature/humidity devices are supported with USB-to-serial
adapters (ftdi/pl2303/cp210x) but are not supported for use with USB-to-Serial
CDC_ACM devices.
Telnet In Enables access to this port through Telnet. Disabled by default.
SSH In Enables access to this port through SSH. Disabled by default.
TCP in Enables access to this port through a raw TCP connection. Disabled by default:
Note: When using raw TCP connections to transmit binary data, or where the
break command (escape sequence) is not required, set the Break Sequence of
the respective device port to null (clear it).
Port Automatically assigned Telnet, SSH, and TCP port numbers. You may override
this value, if desired. The value must be unique on the SLC 8000; for example,
you cannot have two or more ports numbered 10001.
Authentication If selected, the SLC unit requires user authentication before granting access to
the port. Authenticate is selected by default for Telnet in and SSH in, but not for
TCP in.
Telnet/SSH/TCP
Timeout
Select the checkbox to cause an idle Telnet, SSH or TCP connection to
disconnect after a specified number of seconds as defined in the Seconds field to
the right.
Seconds Enter a value from 1 to 3600 seconds if selecting the Telnet, SSH or TCP
Timeout checkbox to the left. The default is 600 seconds.
Note: When the Idle Timeout Msg is enabled, the terminal application timeout
values for Telnet, SSH and TCP should be set to a value greater than 15
seconds.
Data Direction If a Telnet, SSH or TCP connection has the idle Timeout enabled, this setting
indicates the direction of data use to determine if the connection has timed out:
incoming network data, outgoing network data, or data from both directions. The
default is Both Directions for Telnet and SSH, and Incoming Network data for
TCP.
Telnet Soft IAC Mode When Telnet Soft IAC mode is enabled, the Telnet server will not block waiting
for the initial Telnet protocol IAC option responses. An abbreviated list of IAC
options will be sent to the client, including a request for client side Echoing.
Disabled by default.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 151
Data Settings
Note: Check the serial device’s equipment settings and documentation for the proper
settings. The device port and the attached serial device must have the same settings.
IP Address/Netmask
Bits
IP address used for this device port so a user can Telnet, SSH, or establish a raw
TCP connection to this address and connect directly to the device port. The
optional netmask bits specify the netmask to use for the IP address. For
example, for a netmask of 255.255.255.0 specify 24 bits. If the netmask bits are
not specified, a default netmask used for the class of network that the IP address
falls in will be used.
For Telnet and SSH, the default TCP port numbers (22 and 23, respectively) are
used to connect to the device port. For raw TCP, the TCP port number defined
for TCP In to the device port is used.
Note: If Ethernet Bonding is enabled, assigning individual IP Addresses to
Device Ports is not supported. Note that the IP address will be bound to Eth1
only, so if Eth2 is connected and configured, and Eth1 is not, this feature will not
work.
Send Term String/Term
String
If Send Term String is enabled and a Term String is defined, when a network
connection to a device port is terminated, the termination string is sent to the
device connected to the device port. The string should be defined so that it sends
the appropriate command(s) to the device to terminate any active user sessions,
e.g. "logout" or "exit". The string may contain multiple commands separated by a
newline ("\n") character. This is a security mechanism used to close sessions
that are inadvertently left open by users.
Baud The speed with which the device port exchanges data with the attached serial
device.
From the drop-down list, select the baud rate. Most devices use 9600 for the
administration port, so the device port defaults to this value. Check the equipment
settings and documentation for the proper baud rate. The baud rate can also be
set from the Power Management and Baud Rate menu. See the Device Ports -
Power Management page.
Data Bits Number of data bits used to transmit a character. From the drop-down list, select
the number of data bits. The default is 8 data bits.
Stop Bits The number of stop bit(s) used to indicate that a byte of data has been transmitted.
From the drop-down list, select the number of stop bits. The default is 1.
Parity Parity checking is a rudimentary method of detecting simple, single-bit errors.
From the drop-down list, select the parity. The default is none.
Flow Control A method of preventing buffer overflow and loss of data. The available methods
include none, xon/xoff (software), and rts/cts (hardware). The default is none.
Enable Logins For serial devices connected to the device port, displays a login prompt and
authenticates users. Successfully authenticated users are logged into the
command line interface.
The default is disabled. This is the correct setting if the device port is the endpoint
for a network connection.
Max Direct Connects Enter the maximum number (1-15) of simultaneous connections for the device
port. The default is 1.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 152
Hardware Signal Triggers
Note: When the DSR signal drops on a device port, indicating that the attached cable has been
disconnected or the attached device has been powered off, the SLC will log the event in the Device
Ports system log and send a slcEventDevicePortAction SNMP trap. The log message and SNMP
trap only occur if there is an active (connect direct or network connection) to the device port.
Show Lines on
Connecting
If enabled, when the user either does a connect direct from the CLI or
connects directly to the port using Telnet or SSH, the SLC outputs up to 24 lines of
buffered data as soon as the serial port is connected.
For example, an SLC user issues a connect direct device 1 command
to connect port 1 to a Linux server.
For example, if the SLC user issues the ls command to display a directory on a
Linux server, then exits the connection, the results of the ls will be stored in the
buffer. When the SLC user then issues another direct connect device
1, the last 24 lines of the ls command is displayed so the user can see what state
the server was left in.
USB Channel Applies to USB device ports only. When a dual channel USB device is connected
to the device port, this allows the user to select which of the channels is the active
channel used for all connections. Only one channel can be active at any time.
Enter the number 1 or 2. The default is 1.
Check DSR on
Connect
If this setting is enabled, the device port only establishes a connection if DSR
(Data Set Ready) is in an asserted state. DSR should already be in an asserted
state, not transitioning to, when a connection attempt is made. Disabled by default
unless dial-in, dial-out, or dial-back is enabled for the device port.
Note: Applies to serial RJ45 device ports only.
Disconnect on DSR If a connection to a device port is currently in session, and the DSR signal
transitions to a de-asserted state, the connection disconnects immediately.
Disabled is the default unless dial-in, dial-out, or dial-back is enabled for the device
port.
Note: Applies to serial RJ45 device ports only.
Assert DTR By default, DTR (Data Terminal Ready) is asserted on a device port nearly all of
the time (except momentarily when a port is opened for operations). Unchecking
this option will deassert DTR, simulating a cable disconnection for the device that
is connected to a device port.
Note: Applies to serial RJ45 device ports only.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 153
Modem Settings (Device Ports)
Note: Depending on the State and Mode you select, different fields are available.
DTR Control The type of DTR control feature. The options include: None, Toggle DTR, or Auto
Enable DTR:
None: No option selected.
Toggle DTR: If enabled, when a user disconnects from a device port, DTR will be
toggled. DTR will be de-asserted, and after a 2-second delay, will be re-asserted.
This feature can be used when a serial connection requires DSR to be active for
the attached device to connect. In this case, toggling DTR will end any active
connection on the device.
Auto Enable DTR: If enabled, DTR will be de-asserted and will remain de-
asserted until the first connection (Connect Direct, Telnet, SSH, TCP In or
ConsoleFlow Web Terminal Session) is established to the device port. At this time,
DTR will be asserted. DTR will remain asserted as long as any connection exists
to the device port. Once the last connection is terminated, DTR will be deasserted.
The Assert DTR setting is ignored if DTR Control is set to Auto Enable.
Note: Applies to serial RJ45 device ports only.
Reverse Pinout If enabled, swaps the positions of the serial lines, such that the direction of data or
the signal is reversed. For instance, TX is swapped with RX. Enabling Reverse
Pinout facilitates connections to Cisco and Sun style RS-45 console ports using a
straight through Ethernet patch cable, without the need for a rolled cable or
adapter. Enabled by default.
Note: Applies to serial RJ45 device ports only. All Lantronix serial adapters are
intended to be used with Reverse Pinout disabled. If you are replacing an original
SLC unit with an SLC 8000 advanced console manager, disable the reverse pinout
so you can use the original cables and adapters.
USB VBUS For USB Device Ports only. If enabled, the USB VBUS signal provides power to
the USB device attached to a device port. Disabling VBUS will power down the
device as long as it is bus-powered instead of self-powered. The VBUS 5V signal
is up to 100 mA per port, but not to exceed 600mA total per USB I/O Module.
Drawing more than 150 mA on a USB port will shut down the VBUS 5V.
Caution: USB ports are designed for data traffic only. They are not
designed for charging or powering devices. Over-current conditions on
VBUS 5V may disrupt operations.
State Used if an external modem is attached to the device port. If enabling, set the
modem to dial-out, dial-in, dial-back, dial-on-demand, dial-in/host list, dial-back &
dial-on-demand, dial in & dial-on-demand, CBCP Server, and CBCP Client.
Disabled by default. See Modem Dialing States (on page 211) for more
information.
Mode The format in which the data flows back and forth:
Text: In this mode, the SLC advanced console manager assumes that the
modem will be used for remotely logging into the command line. Text mode
can only be used for dialing in or dialing back. Text is the default.
PPP: This mode establishes an IP-based link over the modem. PPP
connections can be used in dial-out mode (e.g., the SLC unit connects to an
external network), dial-in mode (e.g., the external computer connects to the
network that the SLC 8000 advanced console manager is part of), or dial-on-
demand.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 154
Modem Settings: Text Mode
Use Sites Enables the use of site-oriented modem parameters which can be activated by
various modem-related events (authentication, outbound network traffic for dial-
on-demand connections, etc.). Sites can be used with the following modem
states: dial-in, dial-back, dial-on-demand, dial-in & dial-on-demand, dial-back &
dial-on-demand, and CBCP server.
Initialization Script Commands sent to configure the modem may have up to 100 characters. Consult
your modem’s documentation for recommended initialization options. If you do
not specify an initialization script, the SLC unit uses a default initialization string of
AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0.
Note: We recommend that the modem initialization script always be preceded
with AT and include E1 V1 x4 Q0 so that the SLC 8000 advanced console
manager may properly control the modem. For information on AT commands,
refer to the modem user guide, or do a web search for at command set.
Serial modems may need to include &B1 in the modem initialization string to set
the DTE rate to a fixed baud rate.
Modem Timeout Timeout for all modem connections. Select Yes (default) for the SLC unit to
terminate the connection if no traffic is received during the configured idle time.
Enter a value of from 1 to 9999 seconds. The default is 30 seconds.
Caller ID Logging Select to enable the SLC advanced console manager to log caller IDs on
incoming calls. Disabled by default.
Note: For the Caller ID AT command, refer to the modem user guide.
Modem Command Modem AT command used to initiate caller ID logging by the modem.
Note: For the AT command, refer to the modem user guide.
Dial-Back Number Users with dial-back access can dial into the SLC device and enter their login and
password. Once the SLC 8000 advanced console manager authenticates them,
the modem hangs up and dials them back.
Select the phone number the modem dials back on -a fixed number or a number
associated with their login. If you select Fixed Number, enter the number (in the
format 2123456789).
The dial-back number is also used for CBCP client as the number for a user-
defined number. See Device Ports - Settings (on page 146) for more information.
Dial-Back Delay For dial-back and CBCP Server, the number of seconds between the dial-in and
dial-out portions of the dialing sequence.
Dial-Back Retries For dial-back and CBCP Server, the number of times the SLC unit will retry the
dial-out portion of the dialing sequence if the first attempt to dial-out fails.
Timeout Logins If you selected Text mode, you can enable logins to time out after the connection is
inactive for a specified number of minutes. The default is No. This setting is only
applicable for text mode connections. PPP mode connections stay connected until
either side drops the connection. Disabled by default.
Dial-in Host List From the drop-down list, select the desired host list. The host list is a prioritized list
of SSH, Telnet, and TCP hosts that are available for establishing outgoing modem
connections or for connect direct at the CLI. The hosts in the list are cycled
through until the SLC 8000 advanced console manager successfully connects to
one.
To establish and configure host lists, click the Host Lists link.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 155
Modem Settings: PPP Mode
3. To save settings for just this port, click the Apply button.
Negotiate IP Address If the SLC unit and/or the serial device have dynamic IP addresses (e.g., IP
addresses assigned by a DHCP server), select Yes. Yes is the default.
If the SLC advanced console manager or the modem have fixed IP addresses,
select No, and enter the Local IP (IP address of the port) and Remote IP (IP
address of the modem).
Authentication Enables PAP or CHAP authentication for modem logins. PAP is the default.
With PAP, users are authenticated by means of the Local Users and any of the
remote authentication methods that are enabled. With CHAP, the CHAP
Handshake fields authenticate the user.
CHAP Handshake The Host/User Name (for UNIX systems) or Secret/User Password (for
Windows systems) used for CHAP authentication. May have up to 128
characters.
CHAP Auth Uses For CHAP authentication, determines what is used to validate the CHAP host/
user sent by the remote peer: either the CHAP Host defined for the modem, or
any of the users in the Local Users list.
Same authentication for
Dial-in & Dial-on-Demand
(DOD)
Select this option to let incoming connections (dial-in) use the same
authentication settings as outgoing connections (dial-on-demand). If this option
is not selected, then the dial-on-demand connections take their authentication
settings from the DOD parameter settings. If DOD Authentication is PAP,
then the DOD CHAP Handshake field is not used.
DOD Authentication Enables PAP or CHAP authentication for dial-in & dial-on-demand. PAP is the
default. With PAP, users are authenticated by means of the Local Users and
any of the remote authentication methods that are enabled. With CHAP, the
DOD CHAP Handshake fields authenticate the user.
DOD CHAP Handshake For DOD Authentication, enter the Host/User Name for UNIX systems) or
Secret/User Password (for Windows systems) used for CHAP authentication.
May have up to 128 characters.
Enable NAT Select to enable Network Address Translation (NAT) for dial-in and dial-out
PPP connections on a per modem (device port or USB port) basis. Users
dialing into the SLC 8000 advanced console manager access the network
connected to Eth1 and/or Eth2.
Note: IP forwarding must be enabled on the Network > Network Settings (1 of
2) page for NAT to work. See Chapter 6: Basic Parameters on page 68.
Dial-out Number Phone number for dialing out to a remote system or serial device. May have up
to 20 characters. Any format is acceptable.
Remote/Dial-out Login User ID for dialing out to a remote system. May have up to 32 characters.
Remote/Dial-out
Password
Password for dialing out to a remote system. May have up to 64 characters.
Retype Re-enter remote/dial-out password for dialing out to a remote system. May
have up to 64 characters.
Restart Delay The number of seconds after the timeout and before the SLC unit attempts
another connection. The default is 30 seconds.
CBCP Server Allow
No Callback
For CBCP Server state, allows "No Callback" as an option in the CBCP
handshake in addition to User-defined Number and Admin-defined Number.
CBCP Client Type For CBCP Client, this selects the number that the client would like to use for
callback - either a user-defined number passed to the server (specified by the
Fixed Dial-back Number) or an administrator-defined number determined by
the server based on the login that is PAP or CHAP authenticated.
Port Status and Counters DSR/CD DTR CTS RTS Bytes Input Bytes output Framing errors Parity errors Overrun errors Flow Control errors Seconds since zeroed No Yes 06734
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 156
4. To save selected settings to ports other than the one you are configuring:
-From the Apply Settings drop-down box, select none, a group of settings, or All.
-In to Device Ports, type the device port numbers, separated by commas; indicate a range
of port numbers with a hyphen (e.g., 2, 5, 7-10).
Note: It may take a few minutes for the system to apply the settings to multiple ports.
Port Status and Counters
Port Counters describe the status of signals and
interfaces. SLC advanced console manager updates
and increments the port counters as signals change
and data flows in and out of the system. These
counters help troubleshoot connections or diagnose
problems because they give the user an overview of
the state of various parameters. By setting them to
zero and then re-checking them later, the user can
view changes in status.
The chart in the middle of the page displays the flow
control lines and port statistics for the device port.
The system automatically updates these values. To
reset them to zeros, select the Zero port counters
checkbox in the IP Settings section of the page.
Note: Status and statistics shown on the web
interface represent a snapshot in time. To see the
most recent data, you must reload the web page.
Status may display “N/A” if SLC is unable to
dynamically determine the connected/inserted device.
Device Ports - Power Management
In the Device Ports - Power Management page, configure power supplies that provide power to
the device or server connected to the device port. Up to 4 power supplies can be configured, by
selecting an RPM, an outlet on the RPM, and defining a unique name for the RPM/outlet pair. The
RPM outlet pair can also be controlled (power cycled, turned on, turned off).
This page also allows the user to define the Power Management Sequence, which, when entered
while the user is connected to a device port via the connect direct command, will display the Power
Management and Baud Rate menu:
---------------------------------------------
Power Management and Baud Rate Menu
---------------------------------------------
RPM/outlet>>> trippOUT4 sentry3OUT15
A. Status E. Turn On H. Turn On
B. Help F. Turn Off I. Turn Off
C. Set Baud G. Power Cycle J. Power Cycle
D. Quit
Table 9-6 Port Status and Counters
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 157
This menu allows the administrator to query status and control any of the power supplies that
provide power to the device connected to the device port and change the Baud Rate of the device
port.
Note: The Baud Rate can be configured while connected to a device port by entering the
Power Management Sequence. This will display the Power Management and Baud
Rate menu, which provides an option to set the Baud Rate.
To configure power management settings for a device port:
1. Connect to a specific port on the Devices > Device Ports page according to instructions in To
open the Device Ports - Settings page: (on page 146).
2. Click the Settings link beside Power Management to access the Device Ports - Power
Management page.
:4 < x="" 7="" a="" nmsmnmnzsnnn12253719414145”="" -="" lant?on|x="" slc="" 8048="" memw="" u1="" e2="" 1="" 4="" f.="" e1011111515702224261319jzmz‘ejemhzmjeab="" i="" hikifi‘fflm="" smmmw="" cumuumn="" waassmnmyy="" cummuwmupaw.="" dcvwnstulus="" deviczfon:="" conwlnpnn="" usavsocm="" \nlnmilmudum="" rpm:="" cumwaiun:="" noleists="" sums="" sins="" device="" fons="" —="" power="" management="" hale"="" w"="" 5="" sum="" up="" ‘9="" ;="" rpm="" mm;="" mm="" mm:="" pwev="" nam:="" furl-5="" (04="" me="" acme="" mnnaded="" 1»="" (hrs="" device="" pan="" mm="" m;="" powev="" manzgmm="" slmlence="" wm:="" cannzclad="" m="" a="" flax/it!="" part="" w.“="" miplay="" :="" mlnu="" pcwrrmana="" emems:="" mun,="" ‘="" it:="" i="" u="" l="" p="" 10!="" car-(mum="" each="" at="" (he="" powu="" supphes="" managed="" pawn="" sugghes="" rfm="" omlelx="" slpveshm="" m="" rpm,="" slpieernin="" v="" vew="" ouuels="">> Pher- EM 3?“ m on r. 1:: z . cum, < salad.="" omlel="" 7="" u="" ““91,“="" m="" l="" ;="" name="" a="" stale="" a="" rana",="" nun:="" v="" w.="" gym="" 1%="" l‘="" 9="" “arm:="" «2="" rpm="" seied="" rpm="" v="" viewouflels="" »="" ‘="" “www="" 3m="" -="" 0mm="">< salad="" gulls!="" ,="" '°="" ""="" "”“5‘="" “="" nvemvouzm="" u="" nam:="" ,="" ,="" lomen;="" stay="" a:="" “.st="" gum="" mm="" nuns="" ,="" 14="" ‘="" -9r.\7rm(lfir'="" 4="" 13="" 'héri="" dot="" efle="" v;="" a“:="" lane="" «3="" rpm="" se‘ect="" rpm="" v="" view="" ouflels="" »="" '="" to“="" own!="">< soibg="" dmiib!="" name="" sule'="" anion,="" none="" .="" u="" rpm="" sa‘acl="" rpm="" v="" vw="" omels="">> 0mm» < sllsd="" dlflls‘="" nam="" state="" adi-2n="" nuns="" v="" mm="" mm="" m="" snmngs="" apmy="">
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 158
Figure 9-7 Device Ports - Power Management
3. Enter the following:
Power Management
Sequence
A series of one to ten characters that will display the Power Management menu
when connected to the device port. The default value is Esc+P (escape key, then
uppercase "P"). This value is specified as \x1bP, which is hexidecimal (\x)
character 27 (1B) followed by a P.
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
RPM For each managed power supply, select a RPM, most likely a PDU, which has
outlets that can be individually controlled, and which provides power to the device
connected to the device port.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 159
4. To save, click Apply.
Device Ports - RPMs - Add Device
On the Devices > Device Ports page, access the Device Ports > RPMs - Add Device page to
configure a new managed remote power manager (RPM) for the SLC configuration.
To add a new managed RPM :
1. Connect to a specific port on the Devices > Device Ports page according to instructions in
To open the Device Ports - Settings page: (on page 146).
2. In the Connected to drop-down menu above the IP Settings section of the
Device Ports > Settings (1 of 2) page, select RPM.
3. Click the Add RPM link. The Device Ports > RPMs - Add Device page displays.
Note: The Device Ports > RPMs - Add Device page can also be accessed via the
Devices > RPMs page.
4. Update the configuration settings on this page according to directions in
RPMs - Add Device (on page 220).
Outlet For each managed power supply, enter the outlet on the selected RPM. As an aid to
selecting the outlet, click the View Outlets button, then select an outlet from the list
and click the Select Outlet button. The managed power supply outlet number will be
filled in, as well as the managed power supply outlet name if a name is listed for the
outlet and one has not already been defined for the managed power supply. A
unique name for the managed power supply name is required; this is what will be
displayed on the Power Management menu.
Name For each managed power supply, enter the name on the selected RPM. As an aid to
selecting the name, click the View Outlets button, then select an outlet from the list
and click the Select Outlet button. The managed power supply outlet number will be
filled in, as well as the managed power supply outlet name if a name is listed for the
outlet and one has not already been defined for the managed power supply. A
unique name for the managed power supply name is required; this is what will be
displayed on the Power Management menu.
State Displays the current state of the outlet when the Device Ports - Power Management
web page is loaded: on, off or unknown if the RPM does not provide status for
individual outlets or the SLC was unable to obtain the status of the outlet.
Action The action to take on the outlet: Cycle Power, On or Off.
E113 5 7 911”1511192121252125113335173941414547 A E2 2 4 5 a 1012Hls1:120222426253032M36154042M4543 a LANR’ONIX swam mm: mm a:;:;;c;:g,gm Seiemmmmm Wm, mm mm_ M. mm <9 i="" 6*="" el="" rmlcnsmus="" 5“”:er="" consul-rm="" usaisnc-m="" rpms="" conmciions="" hosilim="" scripts="" sim="" rpm:="" -="" add="" device="" 533="" vendor="" seiect="" one="" v="" i="" (u)="" »="" use,="" is)="" -="" sam="" m="" -="" nemaik‘="" in;="" -="" sump="" medal="" jeieck="" orig:="" usa="" 5mm="" newmrk="" snmp="" managed="" m="" usa="" device="" seieciune="" .="" name="" 1:="" or="" omieu="" ii:="" addrsss="" fan="" emsrwmr="" a="" «must:="" pm="" uiw="" opts="" lugin="" passwm="" reiyps="" fasawm,="" log="" smug,="" .="" no="" vexmimilex‘="" cmmal="" snmf="" naps="" i="" crmcal="" emails="" .="" snumawn="" w:="" ups="" law="" am="" ,="" shumnwn="" aii="" upsu="" w="" aiiaw="" baneryiziiwe="" shmflawn="" mm="" slc="" ups“="" snmawn="" omai="" prawns:="" ch="" pawnr'="" '="" apply="">
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 160
Figure 9-8 Device Ports > RPMs - Add Device
Flgure 9-9 Devlces > Devlce Ports > Sensorsofl LANT?ON|X SLC 8048 Km”mm Fl 1 z 7 s um5mszuzszsz7zsu2335373541434“; A uz E2 2 A s a mums«azazzmazuaazma:muumm a fig; :fi‘m‘ln 59mm». . Canfigwifim mussnpmm CmmededDwzemF-‘nmyy Inn-m mst «M?- Dlvlusums DlwnePons consollFun usersucam lmlmalModIm mam: connmans HnsILlsls Scllpls Slus Device Ports - Seusorsofl Helz?‘ 53805le Dev DevibePan Curr Lw ngh u Humidilv Lflw Hinh Show Perl Naml imp imp amp “5‘ Fm) mummy Humlany “mu" 7"” Exam; 5 Pmrs mm a 25 ’ an }n \ 11m ‘ Mm . ‘ mm Device Pun Samngs \ Aw'y \
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 161
Device Port - Sensorsoft Device
Devices made by Sensorsoft are used to monitor environmental conditions.
1. In the Connected to drop-down menu above the IP Settings section of the
Device Ports > Settings (1 of 2) page, select Sensorsoft.
Note: Sensorsoft temperature/humidity devices are supported with USB-to-serial adapters (ftdi/
pl2303/cp210x) but not supported for use with USB-to-Serial CDC_ACM devices.
2. Click the Device Commands link. The following page displays:
Figure 9-9 Devices > Device Ports > Sensorsoft
3. Select a port and enter or view the following information:
Dev Port Displays the number of the SLC port.
Device Port Name Displays the name of the SLC port.
Curr Temp Current temperature (degrees Celsius) on the device the sensor is monitoring.
Low Temp Enter the temperature (degrees Celsius) permitted on the monitored device below
which the SLC 8000 advanced console manager sends a trap.
High Temp Enter the temperature (degrees Celsius) permitted on the monitored device above
which the SLC unit sends a trap.
Use °F Display and set the temperature for this device in degrees Fahrenheit, instead of
Celsius, which is the default.
Humidity (%) Current relative humidity on the device the sensor is monitoring.
Low Humidity Enter the relative humidity permitted on the device the sensor is monitoring below
which the sensor sends a trap to the SLC advanced console manager.
High Humidity Enter the highest relative acceptable humidity permitted on the device above which
the sensor sends a trap to the SLC unit.
Contact Displays the current contact closure status of the sensor, if supported by the
connected Sensorsoft device. If the Sensorsoft device does not report a contact
status, N/A will be displayed. If Traps are enabled for the Sensorsoft device, an
slcEventDevicePortDeviceContactChanged trap will be sent when
the contact state changes from Open to Closed and from Closed to Open.
Traps Select to indicate whether the SLC 8000 unit should send a trap or configured
Event Alert when the sensor detects an out-of-range configured threshold.
Sums m Sawyer: (mum m mm pm 9- Dawn: Par: um Pm‘b? Sumn'juftlkvim MM 555%: mm“. Lu mm m (mm szm- - (m)
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 162
4. Click the Apply button.
5. To view the status detected by the Sensorsoft, click the Show Status link in the far right
column of the table.
Figure 9-10 Sensorsoft Status
Device Port Commands
Go to Device Port Commands to view CLI commands which correspond to the web page entries
described above.
Device Commands
Go to Device Commands to view CLI commands which correspond to the web page entries
described above.
Interacting with a Device Port
Once a device port has been configured and connected to an external device such as the console
port of an external server, the data received over the device port can be monitored at the
command line interface with the connect listen command, as follows:
To connect to a device port to monitor it:
connect listen deviceport <Port # or Name>
In addition, you can send data out the device port (for example, commands issued to an external
server) with the connect direct command, as follows:
To connect to a device port to monitor and/or interact with it, or to establish an outbound
network connection:
connect direct <endpoint>
endpoint is one of:
deviceport <Port # or Name>
ssh <IP Address> [port <TCP Port>][<SSH flags>]
where:
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 163
<SSH flags> is one or more of:
user <Login Name>
version <1|2>
command <Command to Execute>
tcp <IP Address> port <TCP Port>
telnet <IP Address> [port <TCP Port>]
udp <IP Address> port <UDP Port>
hostlist <Host List>
Notes: To escape from the connect direct command when the endpoint of the
command is deviceport, tcp, or udp and return to the command line interface, type the
escape sequence assigned to the currently logged in user. If the endpoint is telnet or
SSH, logging out returns the user to the command line prompt.
To escape from the connect listen command, press any key. Setting up a user with
an escape sequence is optional. For any NIS, LDAP, RADIUS, Kerberos, or TACACS+
user, or any local user who does not have an escape sequence defined, the default
escape sequence is Esc+A.
When connecting to a USB device port, buffered data collected while there was no active
connection to the device port may be displayed initially. This is due to clearing internal
buffers in preparation for the new connection to the device port.
Device Ports - Logging and Events
The SLC products support port buffering of the data on the system's device ports as well as
notification of receiving data on a device port. Port logging is disabled by default. You can enable
more than one type of logging (local, NFS file, token and data detection, SD card, or USB port) at
a time. The buffer containing device port data is cleared when any type of logging is enabled.
Local Logging
If local logging is enabled, each device port stores 256 Kbytes (approximately 400 screens) of I/O
data in a true FIFO buffer. You may view this data (in ASCII format) at the CLI with the show
locallog command or on the Devices > Device Ports - Logging & Events page. Buffered data is
normally stored in RAM and is lost in the event of a power failure if it is not logged using an NFS
mount solution. If the buffer data overflows the buffer capacity, only the oldest data is lost, and only
in the amount of overrun (not in large blocks of memory).
NFS File Logging
Data can be logged to a file on a remote NFS server. Data logged locally to the SLC 8000
advanced console manager is limited to 256 Kbytes and may be lost in the event of a power loss.
Data logged to a file on an NFS server does not have these limitations. The system administrator
can define the directory for saving logged data on a port-by-port basis and configure file size and
number of files per port.
The directory path must be the local directory for one of the NFS mounts. For each logging file,
once the file size reaches the maximum, a new file opens for logging. Once the number of files
reaches the maximum, the oldest file is overwritten. The file naming convention is: <Device Port
Number>_<Device Port Name>_<File number>.log.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 164
Examples:
02_Port-2_1.log
02_Port-2_2.log
02_Port-2_3.log
02_Port-2_4.log
02_Port-2_5.log
USB and SD Card Logging
Data can be logged to a USB flash drive that is loaded into the USB ports or the SD card slot on
the front of the SLC unit and properly mounted. Data logged locally to the SLC advanced console
manager is limited to 256 Kbytes and may be lost in the event of a power loss. Data logged to a
USB flash drive or SD card does not have these limitations. The system administrator can define
the file size and number of files per port. For each logging file, once the file size reaches the
maximum, a new file opens for logging. Once the number of files reaches the maximum, the oldest
file is overwritten. The file naming convention is:
<Device Port Number>_<Device Port Name>_<File number>.log
Examples:
02_Port-2_1.log
02_Port-2_2.log
02_Port-2_3.log
02_Port-2_4.log
02_Port-2_5.log
Token/Data Detection
The system administrator can configure the device log to detect when a user-defined string or
number of characters is received from the device, and automatically perform one or more actions:
send a message to the system log, send an SNMP trap, send an email alert, send a string to the
device, or control one of the power supplies associated with the device.
Syslog Logging
Data can be logged to the system log. If this feature is enabled, the data will appear in the Device
Ports log, under the Info level. The log level for the Device Ports log must be set to Info for the data
to be saved to the system log. See Device Ports - Logging and Events (on page 163).
To set logging parameters:
1. In the top section of the Device Port Settings page, click the Settings link in the Logging field.
The following page displays:
LANTQONIX swan“ @ng Eii‘ri'yfiéhn 5224sa1n‘2 Se‘ecl W: m . cmgmm mmm Mm mm awe-sum owls-Fons consoleFan usalsncuu RPM: canneeuom Holems sonpn sun Devlce Ports - Logglng 8. Events Pen, 14 Many pen—14 Yak-n & um Dnhnfiun‘ - can. 5m cm mamchereusrsnng Emu-memoir: 100 Ynggar on Taken mm: Sysvog SNMP Trap Emall v Email Tn Emu sublecl Pun w Loggmg Send 51mg «9 Dewcs smug m Sand cumm Power Supp‘y Pwer Suppry v \ - CYCIB Power new man ‘mm 0,, Turn on See unhne help lot haw Dewy parametevs men Acme Amen Delay. so " secnnfls Rlslan may so sanands ( am In flange pm segmgs Appry web/SH mp my 813 5 7 a11<315a19212325272911anssnuuusn a="" 1513102225252mn32u3aanuuuutua="" u="" cnrmecmd="" name="" (up="" mm="" 975%="" «um="" for="" nfs="" rue="" loggmg="" me="" mremry="" m="" 109="" m="" mun="" nswe="" on="" an="" mama»="" nfs="" sewer="" spemry="" m:="" \uu‘="" 4mm,="" (or="" me="" nfsmoum="" »="" luna!="" lugglng:="" char="" local="" lou="" mw="" dlsway="" number="" a!="" unes="" mfs="" file="" logging.="" nfs="" log="" (0="" v‘sw="" d‘ramnry="" (a="" lag="" m="" max="" number="" omen="" max="" 5112="" ovrues.="" usa="" rsu="" cam="" lugglng‘="" lug="" w="" mew="" lag="" m="" mex="" numner="" ovrues="" max="" sue="" ulfhes="" syslng="" mggmg:="" ,="" ylaw="" has="" my.="" .="" m="" 40="" \="" head="" mmfit:="" m="" ‘="" se‘edl="" une="" v="" 10="" i="" 2043="" bym="" must="" recem="" v="" view="" .="" pan="" m="" m="" u:="" sn="" cam="" 10="" @371="" hy‘es="" um»="" yhemgmg="" m="" m="" m:="" dewte="" pms="" mg="" msvnesevlu="" m.="" m="" mew="" svs‘ng="" mines="" mwww="" mm="" appry="" 531mg:="" (a="" name="" pans="" nm:="" in="" .3an="" mame="" new:="" inme="" min»="" s’se’cfiuau="" pe="" ’="" mesmws="" can="" asnbeapweam="" m="" dewce="" pms="">
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 165
Figure 9-11 Devices > Device Ports - Logging & Events
2. Enter the following:
Token & Data Detection
Token & Data
Detection
Select to enable token and data detection on the selected device port, with a set of
actions that can be enabled if a data trigger occurs. The default is disabled.
Trigger on Select the method of triggering an action:
Data Byte Count: A specific number of bytes of data. This is the default.
Token/Character String: A specific pattern of characters, which you can define
by a regular expression.
Note: Token/Character String recognition may negatively impact the SLC unit's
performance, particularly when regular expressions are used.
hm):I/www‘qnqurq/sofmare/libc/manual/hlml node/Reau‘ar-Exoressionsmm‘ hug I/www‘ el com/gnuldocs/regex/regex.hlm‘
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 166
Byte Threshold The number of bytes of data the port will receive before the SLC unit will capture
log data and initiate the selected actions. The default is 100 bytes.
In most cases, the console port of your device does not send any data unless
there is an alarm condition. After the SLC unit receives a small number of bytes, it
perceives that your device needs some attention.
A threshold set to 30 characters means that as soon as the unit receives 30 bytes
of data, it performs the actions that are selected for this port.
Token The specific pattern of characters the SLC unit must recognize before initiating the
actions configured for this port. The maximum is 100 characters. You may use a
regular expression to define the pattern. For example, the regular expression
"abc[def]g" recognizes the strings abcdg, abceg, abcfg.
The SLC console manager supports GNU regular expressions; for more
information, see:
http://www.gnu.org/software/libc/manual/html_node/Regular-Expressions.html
http://www.delorie.com/gnu/docs/regex/regex.html
Actions Select one or more actions to perform if there is a data trigger:
Syslog: A message is logged to the system log indicating what the data trigger
was along with the initial portion of the data received.
SNMP Trap: A slcEventDevicePortData trap will be sent to the NMS configured
in the SNMP settings.
Email: An email alert will be sent to the address configured for the device port.
Send String to Device: A string will be sent to the device connected to the
device port.
Control Power Supply: The state of one or more of the device port power
supplies can be changed.
Email to The email address of the message recipient(s) for an email alert. To enter more
than one email address, separate the addresses with a single space. You can
enter a total of 128 characters.
Email Subject A subject text appropriate for your site. May have up to 128 characters.
The email subject line is pre-defined for each port with its port number. You can
use the email subject to inform the desired recipients of the problem on a certain
server or location (e.g., server location or other classification of your equipment).
Note: The character sequence %d anywhere in the email subject is automatically
replaced with the device port number.
String to Send The string to send to the device connected to the device port. The string supports
the following special characters: newline ("\n"), double quote ("\""), single
quote ("\'"), and escape ("\x1b"). You can enter a total of 128 characters.
Power Supply The power supply that provides power to the device connected to the device port
which to control. Select either all power supplies or an individual power supply.
Power Action The action to perform on the selected power supply or power supplies - Cycle
Power, Turn On or Turn Off.
Action Delay A time limit of how long, in seconds, the device port will capture data after the data
trigger is detected and before closing the log file (with a fixed internal buffer
maximum capacity of 1500 bytes) and performing the selected actions. The default
is 60 seconds.
Restart Delay The number of seconds for the period of time, after performing the selected action,
during which the device port will ignore additional characters received. The data
will simply be ignored and not trigger additional actions until this time elapses. The
default is 60 seconds.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 167
Local Logging
Log Viewing Attributes
NFS File Logging
USB / SD Card Logging
Syslog Logging
Note: To apply the settings to additional device ports, in the Apply settings to Device
Ports field, enter the additional ports, (e.g., 1-3, 5, 6)
3. To apply settings to other device ports in addition to the currently selected port, select the
Local Logging If you enable local logging, each device port stores 256 Kbytes (approximately 400
screens) of I/O data in a true FIFO buffer. Disabled by default.
Clear Local Log Select the checkbox to clear the local log.
View Local Log Click this link to see the local log in text format.
Display Select to view either the beginning (Head) or end (Tail) of the log.
Number of Lines Number of lines from the head or tail of the log to display.
NFS File Logging Select the checkbox to log all data sent to the device port to one or more files on an
external NFS server. Disabled by default.
NFS Log to View Available log files in the selected NFS Directory to view.
Directory to Log to The path of the directory where the log files will be stored.
Note: This directory must be a directory exported from an NFS server mounted on
the SLC 8000 advanced console manager Specify the local directory path for the
NFS mount.
Max Number of Files The maximum number of files to create to contain log data to the port. These files
keep a history of the data received from the port. Once this limit is exceeded, the
oldest file is overwritten. The default is 10.
Max Size of Files The maximum allowable file size in bytes. The default is 2048 bytes. Once the
maximum size of a file is reached, the SLC unit begins generating a new file.
USB / SD Card
Logging
Select to enable USB / SD card logging. A USB thumb drive or SD card must be
loaded into one of the ports of the SLC and properly mounted. Disabled by default.
Log to View Available log files in the selected USB / SD card slot to view.
Log To Select the USB port or SD card to use for logging.
Max Number of Files The maximum number of files to create to contain log data to the port. These files
keep a history of the data received from the port. Once this limit is exceeded, the
oldest file is overwritten. The default is 10.
Max Size of Files The maximum allowable file size in bytes. The default is 2048 bytes. Once the
maximum size of a file is reached, the SLC 8000 advanced console manager
begins generating a new file. The default is 2048 bytes.
Syslog Logging Select to enable system logging.
Note: The logging level for the device ports log must be set to Info to view Syslog
entries for Device Port logging on the Services > SSH/Telnet/Logging page.
E|13 5 7 9111315171921212521293113353719414355" A a: z I s a1n1214161:20222426253n323435335042u5u5 a LANT?ONIX swam m3; Loam b:§$;§f£§.lm smmm-cmnmm Websswopmm sqmwomsmvmm m-mme GWE Duvlustum: mvlcoPons ConsoloPon usa/sncam RPM: connacuans Hosmsu Scrlpts syn-s Cunsole Port Slams' Mat cannemea am issou v Dam Bin. Sup an: Pamy. \ none v i Fluwcnnlml inane v Timeam .Nu Yes‘mmmes Shaw Unsson Cannewm; . Nu Yas‘aafnnas [24 ‘ Group Accus‘ Maw \
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 168
Apply settings to Device Ports and enter port numbers separated by commas. Indicate a
range of port numbers with a hyphen (e.g., 2, 5, 7-10), and separate ranges with commas.
4. To save, click the Apply button.
Logging Commands
Go to Logging Commands to view CLI commands which correspond to the web page entries
described above.
Console Port
The console port initially has the same defaults as the device ports. Use the Devices > Console
Port page to change the settings, if desired.
To set console port parameters:
1. Click the Devices tab and select Console Port. The following page displays:
Figure 9-12 Devices > Console Port
2. Change the following as desired:
Baud The speed with which the device port exchanges data with the attached serial
device.
From the drop-down list, select the baud rate. Most devices use 9600 for the
administration port, so the console port defaults to this value.
Data Bits Number of data bits used to transmit a character. From the drop-down list, select
the number of data bits. The default is 8 data bits.
Stop Bits The number of stop bits that indicate that a byte of data has been transmitted.
From the drop-down list, select the number of stop bits. The default is 1.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 169
3. Click the Apply button to save the changes.
Console Port Commands
Go to Console Port Commands to view CLI commands which correspond to the web page entries
described above.
Internal Modem Settings
This section describes how to configure an internal modem in the SLC advanced console
manager. The SLC 8000 internal modem is an optional part. If the modem is installed, a message
will be displayed when the SLC unit is booted:
Internal modem installed.
The presence of the modem will also be displayed in the CLI admin version command, the
web About SLC page, and the System Configuration report. The internal modem provides a
subset of the modem functionality available for modems connected to a Device Port and USB
modems. If the internal modem is installed, the Internal Modem web page can be displayed by
selecting the Internal Modem option from the main menu, or by selecting the MD button in the
Sample Dashboards on the upper right corner of the web page.
Note: The internal modem only supports Dial-in, Dial-out and Dial-back.
Setting Up Internal Modem Storage
An internal modem may be configured on the Devices > Internal Modem page and accessed
through the Sample Dashboards only if it is installed into the SLC 8000 advanced console
manager. .
To set up internal modem storage in the SLC 8000 advanced console manager:
1. Insert an internal modem into the SLC unit according to the instructions in Modem Installation
(on page 42).
Parity Parity checking is a rudimentary method of detecting simple, single-bit errors.
From the drop-down list, select the parity. The default is none.
Flow Control A method of preventing buffer overflow and loss of data. The available methods
include none, xon/xoff (software), and rts/cts (hardware). The default is none.
Timeout The number of minutes (1-30) after which an idle session on the console is
automatically logged out. Disabled by default.
Show Lines on
Connecting
If selected, when you connect to the console port with a terminal emulator, you will
see the last lines output to the console, for example, the SLC boot messages or
the last lines output during a CLI session on the console.
Group Access If undefined, any group can access the console port. If one or more groups are
specified (groups are delimited by the characters ' ' (space), ',' (comma), or ';'
(semicolon)), then any user who logs into the console port must be a member of
one of the specified groups, otherwise access will be denied. Users authenticated
via RADIUS may have a group (or groups) provided by the RADIUS server via the
Filter-Id attribute that overrides the group defined for a user on the SLC 8000
advanced console manager. A group provided by a remote server must be either a
single group or multiple groups delimited by the characters ' ' (space), ',' (comma),
';' (semicolon), or '=' (equals) - for example "group=group1,group2;" or
"group1,group2,group3".
a1 35 7 9 n1:151119212325272931saunasuuasn » LANTQONIX 51-06048 mm“, nzwgggm mm WWW Cwnmemmm mmm was mm 4* 7 83 E Divicasums BIMqu‘I: consul-Pen usa/sncam Intern-modem RPM: connlchons HouLIsu 5mm: 5m: Internal Modem ML! View Madam Lug Ema 'Dfibxed 7 w Lagging ‘ ‘ Mud: . Ten PPP PPFDenug ‘ Use Sues ‘ Gmup Access «mm-Imam 5mm Modemfimeam . No Yes seconds [179999) CaHer m Laggmg Madam Cummanfl Chack max ma Nu . Yes mm: (5.500) 15 . Local User Numbar manna Numbar Hm Numb” meuckneuy .5 ‘secnnds D|aHzank names 3 Tm Moan mam Lngms . Nu m, mmums (may FPP Mode » Yes LocaHP" Magnum w Adar-ass Nu Ramma u: \ Amhanhcnflon >FAP cm: Han/use: Nnme \ cm Handshaks' SachUsar mm \’ My.» pasmm ‘ CHAF Amh Uses ' CHAP HDM Local U537: Enable NAT um.» mm WW I; mm“ m mm Dialmul Number Ramme/Dwakmn Lugin nemmumm pawn. mp2 ‘ Resm De‘ay 3a \semnas \ Apply
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 170
Note: Your internal modem will appear in the Sample Dashboards in the upper right
hand corner once the SLC unit reboots.
2. Reboot the SLC 8000 advanced console manager.
3. Log into the SLC unit and click Devices.
4. Click Internal Modem. Figure 9-13 shows the page that displays.
Figure 9-13 Devices > Internal Modem
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 171
5. Enter the following fields.
State Indicates whether the internal modem is enabled. When enabling, set the
modem to Disabled, Dial-in, Dial-out, and Dial-back. Disabled by default.
Mode The format in which the data flows back and forth.
With Text selected, the SLC unit assumes that the modem will be used for
remotely logging into the command line. Text mode is only for dialing in. This
is the default.
PPP establishes an IP-based link over the modem. PPP connections can be
used in dial-out mode (e.g., the SLC unit connects to an external network) or
dial-in mode (e.g., the external computer connects to the network that the
SLC unit is part of), dial-back (dial-in followed by dial-out), CBCP server and
CBCP client.
Use Sites Enables the use of site-oriented modem parameters which can be activated by
various modem-related events (authentication, outbound network traffic for dial-
on-demand connections, etc.). Sites can be used with the following modem
states: dial-in, dial-back, dial-on-demand, dial-in & dial-on-demand, dial-back &
dial-on-demand, and CBCP server.
For more information see Sites (on page 208).
Group Access If undefined, any group can access the modem (text login only). If one or more
groups are specified (groups are delimited by the characters ',' (comma) or ';'
(semicolon)), then any user who logs into the modem must be a member of one
of the specified groups, otherwise access will be denied. Users authenticated
via RADIUS may have a group (or groups) provided by the RADIUS server via
the Filter-Id attribute that overrides the group defined for a user on the SLC unit.
A group provided by a remote server must be either a single group or multiple
groups delimited by the characters ',' (comma), ';' (semicolon), or '=' (equals) -
for example "group=group1,group2;" or "group1,group2,group3".
Initialization Script Commands sent to configure the modem may have up to 100 characters.
Consult your modem’s documentation for recommended initialization options. If
you do not specify an initialization script, the SLC uses a uses a default
initialization string of:
AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0
Note: We recommend that the modem initialization script always be pre-
pended with AT and include E1 V1 x4 Q0 so that the SLC unit may properly
control the modem.
Modem Timeout Timeout for modem connections. Set to No by default.
To configure the modem connection to time out when no traffic is received
choose Yes and enter a value of 1 to 9999 seconds.
Caller ID Logging Select to enable the SLC unit to log caller IDs on incoming calls. Disabled by
default.
Modem Command Modem AT command used to initiate caller ID logging by the modem.
Note: For the AT command, use +VCID=1 to enable Caller ID with formatted
presentation, and use +VCID=2 to enable Caller ID with unformatted
presentation. This is subject to subscribing to a Caller ID service for the modem
line.
Check Dial Tone If enabled, the SLC will periodically check the modem for a dial tone while
waiting for a dial in (e.g., if the Modem State is set to Dial-in, or if the Modem
State is set to Dial-back and the SLC unit is in the Dial-in portion of the
sequence). The SLC unit can issue a trap or an event can be setup to notify the
user if no dial tone is detected. Enabled by default (every 15 minutes).
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 172
6. Click Apply.
Dial-back Number Users with Dial-back can dial into the SLC unit and enter their login and
password. Once the SLC unit authenticates them, the modem hangs up and
dials them back .
Select the phone number the modem dials back on: a fixed number or a
number associated with their login. If you select Fixed Number, enter the
number (in the format 2123456789).
The dial-back number is also used for CBCP client as the number for a user-
defined number. See CBCP Server and CBCP Client for more information.
Dial-back Delay For dial-back and CBCP Server, the number of seconds between the dial-in
and dial-out portions of the dialing sequence.
Dial-back Retries For dial-back and CBCP Server, the number of times the SLC unit will retry the
dial-out portion of the dialing sequence if the first attempt to dial-out fails.
Timeout Logins If you selected text mode, you can enable logins to time out after the
connection is inactive for a specified number of minutes. The default is No. This
setting only applies to text mode connections. PPP mode connections stay
connected until either side drops the connection. Disabled by default.
Negotiate IP Address If the SLC and/or the serial device have dynamic IP addresses (e.g., IP
addresses assigned by a DHCP server), select Yes. This is the default.
If the SLC unit or the modem have fixed IP addresses, select No, and enter the
Local IP (IP address of the internal modem) and Remote IP (IP address of the
modem).
Authentication Enables PAP or CHAP authentication for modem logins. PAP is the default.
With PAP, users are authenticated by means of the Local Users and any of the
remote authentication methods that are enabled.
With CHAP, the CHAP Handshake fields authenticate the user.
CHAP Handshake The Host/User Name (for UNIX systems) or
Secret/User Password (for Windows systems) used for CHAP authentication.
May have up to 128 characters.
CHAP Auth Uses For CHAP authentication, determines what is used to validate the CHAP host/
user sent by the remote peer: either the CHAP Host defined for the modem, or
any of the users in the Local Users list.
Enable NAT Select to enable Network Address Translation (NAT) for dial-in and dial-out
PPP connections on a per modem (device port, USB port, or internal modem)
basis. Users dialing into the SLC unit access the network connected to Eth1
and/or Eth2.
Note: IP forwarding must be enabled on the Network Settings (on page 55) for
NAT to work.
Dial-out Number Phone number for dialing out to a remote system or serial device. May have up
to 20 characters. Any format is acceptable.
Remote/Dial-out Login User ID for authentication when dialing out to a remote system, or if a remote
system requests authentication from the SLC module when it dials in. May have
up to 32 characters.
Remote/Dial-out
Password/ Retype
Password for authentication when dialing out to a remote system, or if a remote
system requests authentication from the SLC unit when it dials in. May have up
to 20 characters.
Restart Delay The number of seconds after the timeout and before the SLC module attempts
another connection. The default is 30 seconds.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 173
Internal Modem Commands
Go to Internal Modem Commands to view CLI commands which correspond to the web page
entries described above.
Xmodem
The SLC supports using the Xmodem, Ymodem, or Zmodem protocols to send and receive files
across serial ports. An Xmodem repository on the SLC holds files that can be sent or have been
received. In order to use one of the protocols, the device port that will be used must not be
currently in use for any other purpose.
An example of sending a file with Zmodem to device port 3 using the CLI:
[slc431d]> set xmodem send 3 file update.bin protocol zmodem xfer binary
Starting Zmodem send of 117K file update.bin...
Sending: update.bin
Bytes Sent: 117988 BPS:919
Transfer complete
An example of receiving the same file with Zmodem from device port 4 using the CLI:
[slc431d]> se xmodem receive 4 protocol zmodem xfer binary
Starting Zmodem receive of file specified by protocol...
Receiving: update.bin.0
Bytes received: 117988/ 117988 BPS:937
Transfer complete
Note: When performing critical operations (such as firmware update over a serial
connection) with Xmodem, Ymodem or Zmodem, it is recommended to use the CLI to
send and receive files instead of the web interface, as web browsers may be subject to
timeouts which can interrupt the operation. It is also recommended that any timeouts that
may affect the CLI session be disabled so that the operation is not interrupted.
To manage the Xmodem repository, send files or receive files:
LANTQONIX SLC 901s LCDS“m n 1 c 5 7 9 111315 A U2 5 2 4 e 910121415 a 52.25% mm mm— m -m m 7 {8 E1 ounce sums Devmpons cansolePun usarsncam RPM: Onnnecfinns xnmem Hosths scripts Sites wcmmmm \ weassmm’nnm \ Cunmmnmcsz-my) xmodem m xnmn mes my. Figs): 0 "an: mum": saved slze mums] 0 Delete File Rename rue New FIE Name Add Llpluzded me «4: Rep: File xom gpman > Send Hem Device Furl Pmlum! :., xnmem :7: andem :; zrmuem Receive Flle 1mm Devloe Furl Remus FIE Name am Fan |:| Trans1er :-: Binary ,7 ASCII Renews Overwme a
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 174
1. Click the Devices tab and select the Xmodem option. The Xmodem page displays:
2. To upload a file to the repository, click the Upload File link and upload a file in the window that
is displayed. Upload file size should not exceed 20 MB. The maximum length for the upload
file name is 40 characters. The file name should not contain the following characters: forward
slash ‘/’, backslash ‘\’, colon ‘:’, asterisk ‘*’, question mark ‘?’, double quotation mark (“), less
than symbol <‘, greater than symbol ‘>’, or the vertical bar symbol ‘|’. After upload is complete,
the filename will appear in the File to Add field. Click the Add Uploaded File to Repo button
to add the file to the repository. The maximum repository size is 25 MB.
3. To rename a file, select the box to the right of the file in the Xmodem Files Repository list,
enter the new file name in the New File Name field, and click the Rename File button.
4. To delete a file, select the box to the right of the file in the Xmodem Files Repository list, and
click the Delete button.
5. To send a file, select the box to the right of the file in the Xmodem Files Repository list, and
complete the following fields:
6. Click the Send File to Device Port button. The send will be initiated, and the Status window
Protocol Select whether to use the Xmodem, Ymodem or Zmodem
protocol. Xmodem is a very rudimentary protocol that sends
files in 128 byte blocks, padding the resulting file if necessary.
Ymodem and Zmodem expand upon Xmodem by including
the file’s name, size and timestamp as part of the protocol.
Device Port Enter the device port number to send the file to. The device
port that will be used must not be currently in use for any other
purpose.
Transfer Select whether to send the file as a binary file or an ASCII file.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 175
can be opened to view the progress of the send. When the Xmodem protocol is used, the user
will be prompted when to start the file receive with the message, “Give your local XMODEM
receive command now.”
Note: Ymodem transfers may display a line at the end of a successful transfer such
as, “Ymodem sectors/kbytes sent: 0/ 0k”, however, the transfer is successful if
“Transfer complete” is displayed and the bytes sent matches the size of the file.
7. To receive a file, complete the following fields:
8. Click the Receive File from Device Port button. The receive will be initiated, and the Status
window can be opened to view the progress of the receive. If a file with the same name
already exists in the repository and Receive Overwrite is not enabled, the transfer will abort
without overwriting the existing file.
Protocol Select whether to use the Xmodem, Ymodem or
Zmodem protocol. Xmodem is a very rudimentary
protocol that sends files in 128 byte blocks,
padding the resulting file if necessary. Ymodem
and Zmodem expand upon Xmodem by including
the file’s name, size and timestamp as part of the
protocol.
Receive File Name When Xmodem is used, enter the name to give
the file that is received.
Device Port Enter the device port number to receive the file
from. The device port that will be used must not
be currently in use for any other purpose.
Transfer Select whether to receive the file as a binary file
or an ASCII file.
Receive Overwrite Select whether to overwrite files in the repository
with the same name as the received file.
LANT?ON|X SLC 804B Lmsnm :4 9 a 5 1 9 1|131517192123252729313335373941t34547 A m 22 2 4 a aW12141a1a2021zusznnuuzaauoozulus a m 53:} 3:33;." Warm . Cmngwm WSWW mmmummwm mm— mm mm a? ? E} mmesmus DevlcePnfls CansnlePan uSE/SDCam RPMs Cunneclluns Nolevsts Scripts Sites Hos! Llsts Helg?‘ Hannah ,7 7 new Host Llsl Dele'e my my, Name HUS‘ US‘ ‘6 " cleaer Llst Host Lisl Name 7 J m mm l Retry 5mm 7 7 Ean Host LEl l Amhenlicalion , W m lm mar er masseuse) l leucul TQP v .‘ H. Pan 7‘ fl Host ‘ l Escape Saquanna' l l Clear Hus! Parameters l ‘ Host Llst Id Dlsplays alter a host llsl ls saved. Host Llst Name Enter a name for the host list. Retry Count Enter the number oltimes the SLC advanced console manager should attempt Authentlcatlon Select to reqmre authentlcalion when the SLC unit connects to a host.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 176
Host Lists
A host list is a prioritized list of SSH, Telnet, and TCP hosts available for establishing incoming
modem connections or for the connect direct command on the CLI. The SLC unit cycles
through the list until it successfully connects to one.
To add a host list:
1. Click the Devices tab and select the Host Lists option. The following page displays:
Figure 9-14 Devices > Host Lists
2. Enter the following:
Note: To clear fields in the lower part of the page, click the Clear Host List button.
3. You have the following options:
-To save the host list without adding hosts at this time, click the Add Host List button.
-To add hosts, enter the following:
Host List Id Displays after a host list is saved.
Host List Name Enter a name for the host list.
Retry Count Enter the number of times the SLC advanced console manager should attempt
to retry connecting to the host list.
Authentication Select to require authentication when the SLC unit connects to a host.
rem E To give upE To give (h down E
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 177
Host Parameters
4. Click the right arrow. The host displays in the Hosts box.
5. Repeat steps 2-4 to add more hosts to the host list.
6. Click the Clear Host Parameters button to clear fields before adding the next host.
7. You have the following options:
-To remove a host from the host list, select the host in the Hosts box and click the
left arrow.
-To give the host a higher precedence, select the host in the Hosts box and click the
up arrow.
-To give the host a lower precedence, select the host in the Hosts box and click the
down arrow.
8. Click the Add Host List button. After the process completes, a link back to the Device Ports >
Settings (1 of 2) page displays.
Host Name or IP address of the host.
Protocol Protocol for connecting to the host (TCP, SSH, or Telnet).
Port Port on the host to connect to.
Escape Sequence The escape character used to get the attention of the SSH or Telnet client. It is
optional, and if not specified, Telnet and SSH use their default escape character.
For Telnet, the escape character is either a single character or a two-character
sequence consisting of '^' followed by one character. If the second character is '?',
the DEL character is selected. Otherwise, the second character is converted to a
control character and used as the escape character.
For SSH, the escape character is a single character.
Note: When the Device Port Esc Sequence/ViewLog/PowerMenu Escape
Sequence is configured, the following escape sequence precedent behavior can be
expected: 1) Escape 2) PowerMenu 3) ViewLogs
A clear/restart of the remaining escape events occurs when there is a match in any
configured sequence. All the sequences should have unique sequence defined and
user should avoid overlapping sequence strings. When detecting key sequences,
after receiving the first character(s) of a sequence, the SLC will wait 3 or more
seconds for the remaining characters, before timing out and sending all characters
to the device. For example, if the Escape Sequence is ABCD, and the user types
"AB", the SLC will wait at least 3 seconds for the next character ("C") before timing
out and sending the "AB" characters to the device.
a 1 1 5 1 a 1113151719212331?st3335113951414“? n LANT?ONIX swam nggngggggm SE‘WWWWW WWW Cammnmww, mm— new» mm <3 a="" e="" ours-stuns="" nuvaom="" consolopon="" usa/sncum="" rpm:="" conuumms="" hasmm="" senpu="" sms="" h="" ost="" lists="" mi="" hm="" lists="" id="" name="" 1="" ah:="" .="" \="" view="" hm="" lin="" dem:="" husmst="" hus!="" l15!="" m="" 1="" clear="" hall="" lm="" hus:="" l15!="" name="" abc="" m="" hos‘="" us|="" ‘="" revy="" caum="" 2="" em:="" husl="" usz="" amnemlcauan="" ‘="" 7="" w4="" mm="" m="" ewe!="" owreceflsnca)="" hm="" i11111.1t1.w:tq3/2”="" ‘="" pmmcol="" tcp="" v="" ‘9="" pan="" \g="" esuna="" sinusnce="" c‘eal="" host="" parameters="" ww="">
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 178
To view or update a host list:
1. In the Host Lists table, select the host list and click the View Host List button. The list of hosts
display in the Hosts box.
Figure 9-15 View Host Lists
2. View, add, or update the following:
Host Parameters
Host List Id Displays after a host list is saved.
Host List Name Enter a name for the host list.
Retry Count Enter the number of times the SLC 8000 advanced console manager should
attempt to retry connecting to the host list.
Authentication Select to require authentication when the SLC unit connects to a host.
Host Name or IP address of the host.
Protocol Protocol for connecting to the host (TCP, SSH, or Telnet).
Port Port on the host to connect to SLC advanced console manager
rem F To give upE To give (h down i:
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 179
3. You have the following options:
-To add a host to the host list, click the right arrow. The host displays in the Hosts box.
-To remove a host from the host list, select the host in the Hosts box and click the
left arrow.
-To give the host a higher precedence, select the host in the Hosts box and click the
up arrow.
-To give the host a lower precedence, select the host in the Hosts box and click the
down arrow.
4. Click the Edit Host List button. After the process completes, a link back to the
Device Ports > Settings (1 of 2) page displays.
To delete a host list:
1. Select the host list in the Host Lists table.
2. Click the Delete Host List button. After the process completes, a link back to the
Device Ports > Settings (1 of 2) page displays.
Host List Commands
Go to Host List Commands to view CLI commands which correspond to the web page entries
described above.
Scripts
The SLC unit supports three types of scripts:
Interface Scripts which use a subset of the Expect/Tcl scripting language to perform pattern
detection and action generation on Device Port output.
Batch Scripts which are a series of CLI commands.
Custom Scripts are Expect, Tcl or Python scripts which use most of the Expect/Tcl/Python
scripting language, can be run against the CLI or a Device Port, and can be scheduled to run
at periodic intervals, with the results from each run saved to a file in a repository. Up to 10
Custom Scripts can be created. Each Custom Script run is an operation, and the results from
each operation can be viewed. Up to 50 script result files will be saved Locally in the SLC
storage. Once this maximum is reached and new result files are generated, the oldest result
files will automatically be deleted to accommodate the new result files.
A user can create scripts at the web, view scripts at the web and the CLI, and utilize (run) scripts at
the CLI. For a description of the syntax allowed in the various types of scripts, see Batch Script
Syntax, Interface Script Syntax and Custom Script Syntax.
Escape Sequence The escape character used to get the attention of the SSH or Telnet client. It is
optional, and if not specified, Telnet and SSH use their default escape character.
For Telnet, the escape character is either a single character or a two-character
sequence consisting of '^' followed by one character. If the second character is '?',
the DEL character is selected. Otherwise, the second character is converted to a
control character and used as the escape character.
For SSH, the escape character is a single character.
LANTQONIX SLC 8016 Icnsn‘" E1 1 a 5 7 5111315 A u: 52 2 4 s 3 11112111; a $31,335?ng semapmum . “my...” mssnmmm cunnemmmnpunlyy mw mmmm mm —m 1* 1 32‘ El Dame Slams DevlcaFofls Conso‘e Fun usa/sncam RPMs Onnnecfiuns Xmodem Hostllsts Scnpts Sites Scripts mam Remme 5mm mum : Cllrlem Damme: 04/03/19 21 03 m) Lausfi Sulpt Resu‘ts) m 70PM) 1 Saints: me "am lype Grp sum sulnme anm) stop mm mm sums geldwme‘emppy Cmom Adm enable new 1 furevev cu smmemmmmm
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 180
All scripts have permissions associated with them; a user who runs a script must have the
permissions associated with the script in order to run the script.
To add a script:
1. Click the Devices tab and select the Scripts option. This page displays.
Figure 9-16 Devices > Scripts
LANTQONIX SLC 301s lCDmm E1 1 a 5 7 5111315 A 112 E2 2 A s s1n121A1s Egg; 3,115.7” 5mm.” “Mum..." ,weassmnwnm} 1 conmmumemvunlw Emma ueeeeeeeeeeeee eeeeee —m <1 7="" *3="" el="" name="" slams="" dewcerons="" consolann="" usa/sncam="" rfms="" cunnecuuns="" xmodem="" 11°st151:="" sulpts="" sms="" scripts="" 111129="" 5(2an="" name="" type="" a,="" menace="" ,="" batch="" 1,="" cus10m="" 1="" i="" use!="" mums="" a,="" defaun="" users="" group="" _,="" powcr="" users="" 1="" ,mmmmramvs="" r1111="" mmlmsmwe="" ,="" lmzl="" users="" 1="" firmware="" 1:="" canngurzllon="" nflwnmng="" ,="" remmeamnenna-llm="" 1="" imam="" modem="" sen/ines="" ,="" ssh="" keys="" 1="" demos="" pan="" operanons="" secure="" lammmx="" nemmk="" ,="" user="" menus="" 1="" damn:="" poll="" configuration="" damme="" ,="" wezacce§="" 1="" use="" 1="" ,="" remol="" 111="" snmawm="" ,="" dngmslks="" 111="" repcns="" 1="" ,="" so="" am="" 1="" ,="" 12pm="">< back="" in="" sums="">
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 181
2. Click the Add Script button. The page for editing script attributes displays.
Figure 9-17 Adding or Editing New Scripts
3. Enter the following:
Scripts
Script Name A unique identifier for the script.
In me free-4mm editing emer xhe oomems of lhe scrim. Reslnclions o scripx lorma: are desc Baxch Scrigx Symax Interface Scngl Synlax Custom Scrig: Symax For more informaxi To use a scrim a: me C
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 182
4. Assign or unassign User Rights for the specific user by checking or unchecking the following
boxes:
Type Select Interface for a script that utilizes Expect/Tcl to perform pattern detection
and action generation on Device Port output.
Select Batch for a script of CLI commands.
Select Custom for an Expect, Tcl or Python script that can be run against a CLI
session or a Device Port, either manually or scheduled to run at periodic
intervals.
Script Text In the free-form editing box, enter the contents of the script. Restrictions on the
script format are described in Batch Script Syntax, Interface Script Syntax, and
Custom Script Syntax.
Group Select the group to which the script will belong:
Default Users: This group has only the most basic rights. You can specify
additional rights for the individual user.
Power Users: This group has the same rights as Default Users plus
Networking, Date/Time, Reboot & Shutdown, and Diagnostics & Reports.
You can specify additional rights for the individual user.
Administrators: This group has all possible rights.
For more information on how the group and rights are used with scripts, see To use
a script at the CLI: below.
Full Administrative Right to add, update, and delete all editable fields.
Networking Right to enter Network settings.
Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and
SMTP.
Secure Lantronix
Network
Right to view and manage secure Lantronix units (e.g., Spider, or SLC devices) on
the local subnet.
Date/Time Right to set the date and time.
Reboot & Shutdown Right to shut down and reboot the SLC unit.
RPMs Right to view and enter Remote Power Manager (RPM) settings.
Local Users Right to add or delete local users on the system.
Remote
Authentication
Right to assign a remote user to a user group and assign a set of rights to the user.
SSH Keys Right to set SSH keys for authenticating users.
User Menus Right to create a custom user menu for the CLI.
Web Access Right to access Web-Manager.
Diagnostics &
Reports
Right to obtain diagnostic information and reports about the unit.
Firmware &
Configuration
Right to upgrade the firmware on the unit and save or restore a configuration (all
settings). Selecting this option automatically selects Reboot & Shutdown.
Internal Modem Right to configure internal modem settings.
Device Port
Operations
Right to control device ports.
Device Port
Configuration
Right to enter device port configurations.
USB Right to enter modem settings for USB modems and to control USB storage
devices.
SD Card Right to view and enter settings for SD card.
ee To add a script: Click the Delete S Devices > Scripts
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 183
5. To save, click the Apply button. If the type of script is Interface or Custom, the script will be
validated before it is saved. Once the script is saved, the main Scripts page is displayed.
To view or update a script:
1. In the Scripts table, select the script and click the Edit Script button. The page for editing
script attributes displays (see Figure 9-17).
2. Update the script attributes (see To add a script: above).
3. To save, click the Apply button.
To rename a script:
1. In the Scripts table, select the script and enter a new script name in the New Name field.
2. Click the Rename Script button. The script will be renamed and the Devices > Scripts page
redisplays.
To delete a script:
1. In the Scripts table, select the script to delete.
2. Click the Delete Script button. After a confirmation, the script will be deleted and the
Devices > Scripts page redisplays.
To schedule a custom script:
1. In the Scripts table, select the script and click the Schedule button. The Custom Scripts -
Schedule page displays.
nU1|E11357511I$15 A LANRONIX 5Lcso16 m, n a . 5 “mm; a 5:31, 3:51,," smwm . Mum. wassHman) CunnemnthPunly) mm— W mm m 7 8? E lecn sums Dunc-Pans consul. Pun Usa/sncam RPM; cunnmuns Xmodlm "mum Sulpts Slhs Custom Sc pts -Scl|e|1ule Mel! ScuptName ge|devnetem|>py DevneType s, CLI U Dense Purl 5M6 G/Ename DSZD‘E Dewele mm Lune mm |:| SIBVITIIYE 3, NW w “Wine Apn‘ . v 3 v 2019 V [IS V . U7 V . DD V pm V Frequenq‘ _., Hams _ , Days 1 SIinIme a, Furevcr w Mommy»: . US v . 07 v Hank m Scrip;
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 184
Figure 9-18 Custom Scripts - Scheduler
2. Enter the following (each Custom Script can be run against one device - CLI or Device Port -
with one schedule):
4. To save, click the Apply button. The schedule will be validated, and the script manager will
either immediately start running the script or schedule the next run of the script. The main Scripts
page is displayed, showing the schedule status of the script (this may take a few seconds to be
updated while the script manager processes the script - click Refresh to view the latest
information).
Notes on scheduling:
Scripts that are scheduled to start immediately and run forever will be restarted when the SLC
is rebooted.
Device Type The device - either the CLI or a Device Port - that the script is connected to.
State The state of the script’s schedule. A script must be Enabled in order for the script
scheduler to begin running the schedule. Once a script has been scheduled and
enabled, it can be Disabled; in this state the script manager will continue to update
the scheduled run time for a script, but the script will not be run or produce any
results. At any point a schedule for a script can be Deleted.
Command Line
Arguments
Optional command line arguments to pass to the script each time it is run.
Start Time The date and time when the script should start running, either Now or at a specific
date and time.
Frequency How often the script will run, given in hours or days. The web UI and CLI will always
display the frequency in hours.
Stop Time The date and time when the script should stop running, either at a specified date
and time, or Forever if it should never stop running.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 185
Scripts that are scheduled to start at a specific time will be restarted when the SLC is rebooted
if the script is scheduled to run forever or if the stop time has not expired.
After the SLC has booted, there will be a short delay after launching each script before starting
the next script in order to minimize the impact on system resources. Shortly after boot, if the
script status shows that a script is not scheduled when the script is configured with a schedule,
refreshing the status will eventually show that all scheduled scripts will be running and/or
scheduled.
If the date, time or timezone is changed on the SLC while a script is scheduled, the CLI and
web UI will still show the same scheduled date and time for the script, until the next time the
script is run. It is recommended that the date, time and timezone not be changed while scripts
are scheduled to run.
To change the Enable/Disable state of a custom script schedule:
1. In the Scripts table, select the script to enable or disable.
2. Click the Enable button (this will resume running of a script at its next scheduled time if it was
previously disabled) or the Disable button (this will suspend running of a script but continue to
update the schedule). The script's state will be updated and the Scripts page redisplays.
To view the list of completed operations (runs) for a custom script:
1. In the Scripts table, select the script to view operations for, and click Script Operations.
2. The Custom Scripts - Operations page displays, with a list of any results that have been
generated for a script, in reverse date/time order. Any of the results can be viewed by
selecting the operation and clicking Script Results.
To delete the completed operations (runs) for a custom script:
1. In the Scripts table, select the script to view operations for, and click Script Operations.
2. The Custom Scripts - Operations page displays, with a list of any results that have been
generated for a script, in reverse date/time order. All the results can be deleted by clicking
Delete Results.
To view the latest results from a completed operation (run) of a custom script:
1. Click the Devices tab and select the Scripts option. The Scripts page displays.
2. In the Scripts table, select the script to view results for, and click Latest Results Results.
The results are displayed in a popup window.
To use a script at the CLI:
1. To run an Interface Script or a Custom Script on a device port for pattern recognition and
action generation, use the connect script <Script Name> deviceport <Device
Port # or Name> command. This action requires that a SLC user running the connect
script command have Device Port Operations (do) rights and port permissions for the selected
device port.
2. To run a Batch Script at the CLI with a series of CLI commands, or a Custom Script for pattern
recognition and action generation, use the set script runcli <Script Name>
command. This action requires that a SLC user running the runcli command belong to a group
that is the same or greater than the group assigned to the script (e.g., if the script is assigned
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 186
to the Power group, the user running the runcli command must belong to the Power or Admin
group). For Batch Scripts, if this minimum group requirement is met, the SLC user will
temporarily be granted all of the individual rights assigned to the script while the Batch Script is
running.
Note: Expect Custom Scripts have a debug enable option that supports printing
Expect debug information to aid in creating an Expect script. The debug option is not
supported for Tcl and Python scripts.
Script Commands
Go to Script Commands to view CLI commands which correspond to the web page entries
described above.
Batch Script Syntax
The syntax for Batch Scripts is exactly the same as the commands that can be typed at the CLI,
with the additions described in this section.
The sleep command suspends execution of the script (puts it to 'sleep') for the specified number
of seconds. Syntax:
sleep <value>
The while command allows a loop containing CLI commands to be executed. Syntax:
while {<Boolean expression>} {
CLI command 1
CLI command 2
...
CLI command n
}
Note: The closing left brace '}' must be on a line without any other characters. To
support a while command, the set command, variables, and secondary commands are
also supported.
Interface Script Syntax
This section describes the abbreviated scripting syntax for Interface Scripts. This limited syntax
was created to prevent the creation of scripts containing potentially harmful commands. Script
commands are divided into three groups: Primary, Secondary and Control Flow. Primary
commands provide the basic functionality of a script and are generally the first element on a line of
a script, as in:
send_user "Password:"
Secondary commands provide support for the primary commands and are generally not useful by
themselves. For example, the expr command can be used to generate a value for a set
command.
set <my_var> [expr 1 + 1]
Control Flow commands allow conditional execution of other commands based on the results
of the evaluation of a Boolean expression.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 187
Table 9-19 Definitions
Primary Commands
These are stand-alone commands which provide the primary functionality in a script. These
commands may rely on one or more of the Secondary Commands to provide values for some
parameters. The preprocessor will require that these commands appear only as the first element
of a command line. The start of a command line is delimited by any of the following:
The start of a new line of text in the script
A semicolon (';')
A left brace ('{')
Term Definition
Word A contiguous group of characters delimited on either side by spaces. Not enclosed
by double quotes.
Primary Command One of the primary commands listed in this section.
Secondary Command One of the secondary commands defined in this section.
Quoted String A group of characters enclosed by double quote (") characters. A quoted string
may include any characters, including space characters. If a double quote
character is to be included in a quoted string it must be preceded (escaped) by a
backslash character ('\').
Variable Reference A word (as defined above) preceded by a dollar sign character ('$').
CLI Command A quoted string containing a valid CLI show command.
Arithmetic Operator A single character representing a simple arithmetic operation. The character may
be one of the following:
A plus sign (+) representing addition
A minus sign (-) representing subtraction
An asterisk sign (*) representing multiplication
A forward slash (/) representing division
A percent sign (%) representing a modulus
Boolean Expression An expression which evaluates to TRUE or FALSE. A Boolean expression has the
following syntax:
<value> <Boolean operator> <value>
Each can be either a word or a variable reference.
Boolean Operator A binary operator which expresses a comparison between two operands and
evaluates to TRUE or FALSE. The following Boolean operators are valid:
'<' less than
'>' greater than
'<=' less than or equal to
'>=' greater than or equal to
'==' equal to
'!=' not equal to
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 188
Table 9-20 Primary Commands
Command Description
set The set command assigns a value to a variable. Syntax:
set <variable> <value>
where <variable> is a word, and <value> can be defined in one of the following
ways:
A quoted string
A word
A variable reference
A value generated via one of the string secondary commands (compare,
match, first, etc.)
A value generated via the expr secondary command
A value generated via the format secondary command
A value generated via the expr timestamp command
unset This command removes the definition of a variable within a script. Syntax:
unset <variable>
where <variable> is a word.
scan The scan command is analogous to the C language scanf(). Syntax:
scan <variable> <format string> <value 1> <value 2> ... <value n>
where <variable> a variable reference, and <format string> is a quoted
string. Each of the <value x> elements will be a word.
sleep The sleep command suspends execution of the script (puts it to 'sleep') for the
specified number of seconds. Syntax:
sleep <value>
where <value> can be a word, a quoted string or a variable reference.
exec The exec command executes a single CLI command. Currently only CLI 'show'
commands may be executed via exec. Syntax:
exec <CLI command>
send, send_user The send command sends output to a sub-process, The send_user
command sends output to the standard output. Both commands have the same
syntax:
send <string>
send_user <string>
where <string> can be either a quoted string or a variable reference.
expect, expect_user,
expect_before,
expect_after,
expect_background
The expect command waits for input and attempts to match it against one or
more patterns. If one of the patterns matches the input the corresponding
(optional) command is executed. All expect commands have the same syntax:
expect {<string 1> {command 1} <string 2> {command 2} ... <string n> {command
n}}
where <string x> will either be a quoted string, a variable reference or the
reserved word 'timeout.' The command x is optional, but the curly braces
('{' and '}') are required. If present it must be a primary command.
return The return command terminates execution of the script and returns an optional
value to the calling environment. Syntax:
return <value>
where <value> can be a word or a variable reference.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 189
Secondary Commands
These are commands which provide data or other support to the Primary commands. These
commands are never used by themselves in a script. The preprocessor will require that these
commands always follow a left square bracket ('[') character and be followed on a single line by a
right bracket (']').
Table 9-21 Secondary Commands
Command Description
string The string command provides a series of string manipulation operations. The
string command will only be used with the set command to generate a value
for a variable. There are nine operations provided by the string command.
Syntax (varies by operation):
string compare <str 1> <str 2>
Compare two strings
string match <str 1> <str 2>
Determine if two strings are equal
string first <str needle> <str haystack>
Find and return the index of the first occurrence
of 'str_needle' in 'str_haystack'
string last <str needle> <str haystack>
Find and return the index of the last occurrence of
'str_needle' in 'str_haystack'
string length <str>
Return the length of 'str'
string index <str> <int>
Return the character located at position 'int' in
'str'
string range <str> <int start> <int end>
Return a string consisting of the characters in
'str' between 'int start' and 'int end'
string tolower <str>
Convert <str> to lowercase
string toupper <str>
Convert <str> to uppercase
string trim <str 1> <str 2>
Trim 'str 2' from 'str 1'
string trimleft <str 1> <str 2>
Trim 'str 2' from the beginning of 'str 1'
string trimright <str 1> <str 2>
Trim 'str 2' from the end of 'str 1'
In each of the above operations, each <str *> element can either be a quoted string
or a variable reference. The <int *> elements will be either words or variable
references.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 190
Control Flow Commands
The control flow commands allow conditional execution of blocks of other commands. The
preprocessor treats these as Primary commands, allowing them to appear anywhere in a script
that a Primary command is appropriate.
Table 9-22 Control Flow Commands
expr This command evaluates an arithmetic expression and returns the result. The expr
command will only be used in combination with the set command to generate a
value for a variable. Syntax:
expr <value> <operation> <value>
Each <value> will be either a word or a variable reference, and <operation> an
arithmetic operation.
timestamp This command returns the current time of day as determined by the SLC . The
timestamp command will only be used in combination with the set command
to produce the value for a variable. Syntax:
timestamp <format>
where <format> is a quoted string.
format The format command is analogous to the C language sprintf(). The format
command will only be used in combination with the set command to produce the
value for a variable. Syntax:
format <format string> <value 1> <value 2> ... <value n>
where <format string> will be a quoted string. Each of the <value x> elements will be
a word, a quoted string or a variable reference.
Command Description
while The while command executes an associated block of commands as long as its
Boolean expression evaluates to TRUE. After each iteration the Boolean expression
is re-evaluated; when the Boolean expression evaluates to FALSE execution
passes to the first command following the associated block. Each command within
the block must be a Primary command. Syntax:
while {<Boolean expression>} {
command 1
command 2
...
command n
}
Command Description
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 191
Custom Script Syntax
This section describes the scripting syntax for Custom Scripts. The syntax is more flexible than
Interactive Script syntax, but still has restrictions to prevent the creation of scripts containing
potentially harmful commands. In addition, Custom Scripts can be configured to use command line
parameters. Custom Scripts have the following guidelines:
1. The size of the script file cannot exceed 6 Kbytes.
2. The size of the results generated by the script cannot exceed 1 Kbyte (any results over 1Kbyte
will be truncated).
3. The first line of the script must contain a Linux script style interpreter directive so that the SLC
will know which interpreter to use to run the script. Currently only Expect is supported. The
format of the first line is #! expect, #! tcl, or #! python. When a custom script is
imported, the interpreter line must match the selected script or file type (Expect, Tcl, or
Python), otherwise the script will be invalid.
4. The script should include a spawn command to connect the script to either a SLC CLI session
or a SLC Device Port session. Refer to the following spawn command syntax:
if, elseif and else The if command executes an associated block of commands if its Boolean
expression evaluates to TRUE. Each command within the block must be a Primary
command. Syntax:
if {<Boolean expression>} {
command 1
command 2
...
command n
}
The elseif command is used in association with an if command - it must
immediately follow an if or elseif command. It executes an associated block of
commands if its Boolean expression evaluates to TRUE. Each command within the
block must be a Primary command. Syntax:
elseif {<Boolean expression>} {
command 1
command 2
...
command n
}
The else command is used in combination with an if or elseif command to
provide a default path of execution. If the Boolean expressions for all preceding if
and elseif commands evaluate to FALSE the associated block of commands is
executed. Each command within the block must be a Primary Command. Syntax:
else {
command 1
command 2
...
command n
}
Command Description
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 192
Note:
For CLI sessions, a local user name should be given
For Device Port sessions, the $devicePort variable will be used by the SLC to connect
the script to the appropriate Device Port. The -noecho flag may be passed to spawn
command.
Expect script - CLI session
spawn clisession -U <username>
Expect script - Device Port session
spawn portsession -p $devicePort
Tcl script - CLI session
set io [open "| clisession -U <username>" r+]
Tcl script - Device Port session
set io [open "| portsession -p $devicePort" r+]
Python script - CLI session
subprocess.Popen(['clisession', '-U', '<username>'],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
Python script - Device Port session
subprocess.Popen(['portsession', '-p', devicePort],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
5. It is recommended that scripts that spawn clisession only be used with the set script
runcli command (and not the connect script command), and that scripts that spawn
portsession only be used with the connect script command (and not the set script
runcli command).
6. The script cannot contain commands which spawn or fork other commands, read or write files
on the SLC filesystem, or interrogate the SLC filesystem. The list of commands that are not
allowed for Expect scripts includes "fork", "open", "exp_open", "exec",
"system", "log_file", "pwd".
7. For scripts that return an exit code, the SLC will interpret an exit code of zero as a successful
exit code, and any non-zero exit code as an error. Non-zero exit codes are displayed (at the
CLI) or logged (for scripts that are run by the script scheduler).
Example Scripts
Interface Script—Monitor Port
The Monitor Port (Monport) script connects directly to a device port by logging into the SLC port,
gets the device hostname, loops a couple of times to get port interface statistics, and logs out. The
following is the script:
set monPort 7
set monTime 5
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 193
set sleepTime 2
set prompt ">"
set login "sysadmin"
set pwd "PASS"
#Send CR to echo prompt
send "\r"
sleep $sleepTime
#Log in or check for Command Prompt
expect {
#Did not capture "ogin" or Command Prompt
timeout { send_user "Time out login......\r\n"; return }
#Got login prompt
"login" {
send_user "Logging in....\r\n"
send "$login\r"
expect {
timeout { send_user "Time out waiting for pwd
prompt......\r\n"; return }
#Got password prompt
"password" {
#Send Password
send "$pwd\r"
expect {
timeout { send_user "Time out waiting for prompt......\r\n";
return }
$prompt {}
}
}
}
}
#Already Logged in got Command Prompt
$prompt {
send_user "Already Logged....\r\n"
}
}
#Get hostname info
send "show network port 1 host\r"
expect {
timeout { send_user "Time out Getting Hostname 1\r\n"; return }
"Domain" {
#Get Hostname from SLC
set hostname "[string range $expect_out(buffer) [string first
Hostname:
$expect_out(buffer)] [expr [string first Domain
$expect_out(buffer)]-2]]"
}
}
send_user "\r\n\r\n\r\n\r\n"
send_user "Device [string toupper $hostname]\r\n"
send_user "________________________________________________________\r\n"
send_user "Monitored Port: Port $monPort \r\n"
send_user "Monitor Interval Time: $monTime Seconds \r\n"
set loopCtr 0
set loopMax 2
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 194
while { $loopCtr < $loopMax } {
#Get current time
The following is the screen output:
slc247glenn]> conn script ex4 deviceport 7
login: Logging in....
sysadmin
sysadmin
Password: PASS
Welcome to the Secure Lantronix Console Manager
Model Number: SLC 48
For a list of commands, type 'help'.
[SLC251glenn]> show network port 1 host
show network port 1 host
___Current Hostname Settings____________________________________________
Hostname: SLC251glenn
Domain: support.int.lantronix.com
[SLC251glen
Device HOSTNAME: SLC 251GLENN
________________________________________________________________________
Monitored Port: Port 7
Monitor Interval Time: 5 Seconds
[Current Time:21:16:43]
show portcounter deviceport 7
n]> show portcounter deviceport 7
Device Port: 7 Seconds since zeroed: 1453619
Bytes input: 0 Bytes output: 0
Framing errors: 0 Flow control errors: 0
Overrun errors: 0 Parity errors: 0
[SLC251glenn]>
[Current Time:21:16:58]
show portcounter deviceport 7
show portcounter deviceport 7
Device Port: 7 Seconds since zeroed: 1453634
Bytes input: 0 Bytes output: 0
Framing errors: 0 Flow control errors: 0
Overrun errors: 0 Parity errors: 0
[SLC251glenn]>
Port Counter Monitor Script Ending......
________________________________________________________________________
Login Out.......
logout
Returning to command line
[slc247glenn]>
Batch Script—SLC CLI
This script runs the following SLC CLI commands, then runs the Monport Interface script:
show network port 1 host
show deviceport names
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 195
show script
connect script monport deviceport 7
The following is the screen output of the script:
[slc247glenn]> se script runcli cli
[slc247glenn]> show network port 1 host
___Current Hostname Settings____________________________________________
Hostname: slc247glenn
Domain: <none>
[slc247glenn]>
[slc247glenn]> show deviceport names
___Current Device Port Names____________________________________________
01 - SCS_ALIAS_Test 05 - Port-5
02 - Port-2 06 - Port-6
03 - Port-3 07 - SLC -251
04 - Port-4 08 - Port-8
[slc247glenn]>
[slc247glenn]> show script
___Interface Scripts______Group/Permissions_____________________________
getSLC Adm/ad,nt,sv,dt,lu,ra,um,dp,pc,rp,rs,fc,dr,sn,wb,sk,po,do
Test Adm/ad,nt,sv,dt,lu,ra,um,dp,pc,rp,rs,fc,dr,sn,wb,sk,po,do
monport Adm/<none>
___Batch Scripts__________Group/Permissions_____________________________
cli Adm/ad,nt,sv,dt,lu,ra,um,dp,pc,rs,fc,dr,sn,wb,sk,po,do,rp
[slc247glenn]>
[slc247glenn]> connect script monport deviceport 7
login: Logging in....
sysadmin
sysadmin
Password: PASS
Welcome to the Secure Lantronix Console Manager
Model Number: SLC 48
For a list of commands, type 'help'.
[SLC251glenn]> show network port 1 host
show network port 1 host
___Current Hostname Settings____________________________________________
Hostname: SLC251glenn
Domain: support.int.
Device HOSTNAME: SLC 251GLENN
________________________________________________________________________
Monitored Port: Port 7
Monitor Interval Time: 5 Seconds
[Current Time:21:25:04]
show portcounter deviceport 7
lantronix.com
[SLC251glenn]> show portcounter deviceport 7
Device Port: 7 Seconds since zeroed: 1454120
Bytes input: 0 Bytes output: 0
Framing errors: 0 Flow control errors: 0
Overrun errors: 0 Parity errors: 0
[SLC251glenn]>
[Current Time:21:25:20]
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 196
show portcounter deviceport 7
show portcounter deviceport 7
Device Port: 7 Seconds since zeroed: 1454136
Bytes input: 0 Bytes output: 0
Framing errors: 0 Flow control errors: 0
Overrun errors: 0 Parity errors: 0
[SLC251glenn]>
Port Counter Monitor Script Ending......
________________________________________________________________________
Login Out.......
logout
Returning to command line
[slcvz249_glenn]> show script
___Interface Scripts______Group/Permissions_____________________________
test3 Def/do
___Batch Scripts__________Group/Permissions_____________________________
test1 Adm/
ad,nt,sv,dt,lu,ra,um,dp,ub,rs,fc,dr,rp,sn,wb,sk,po,do
[slcvz249_glenn]>
Expect Custom Script - SLC CLI Session
An example of an ExpectCustom Script that interacts with a SLC CLI session:
#! expect
# script to get the current internal temperature of the SLC
# accepts one optional command line parameter for location
set slcPrompt ">"
set slcTemp "unknown"
set location ""
proc myprint {str} {
send_user -- "$str\n"
}
proc abortSession {err} {
send_user "Error $err. Terminating session.\n"
exit $err
}
# Are there any command line parameters?
if {$argc > 0} {
set location [lindex $argv 0]
}
set now [clock seconds]
set date [clock format $now -format {%D %R}]
if {$argc > 0} {
myprint "Internal temperature of the $location SLC at $date"
} else {
myprint "Internal temperature of the SLC at $date"
}
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 197
# spawn the CLI session
if {[catch {spawn -noecho clisession -U sysadmin} result]} {
abortSession 1
}
set sessionId $spawn_id
# Handle eof
expect_after {
-i $sessionId eof {
myprint "Session unexpectedly terminated."
abortSession 2
}
}
set timeout 10
log_user 0
# Wait for the first prompt
set loggedIn false
while {! $loggedIn} {
expect {
timeout {myprint "Timeout waiting to login"; abortSession 3}
"Need to specify username" {myprint "Need to specify -U ";
abortSession 4}
"*> " {set loggedIn true}
} ;
}
exp_send "\n"
expect {
timeout {myprint "Timeout waiting for CLI prompt"; abortSession 3}
-re "\n\r(\\\[\[^\r]*]>)"
}
set slcPrompt $expect_out(1,string)
# Run the temperature command
exp_send "show temperature\n"
expect {
timeout {myprint "Timeout waiting for temperature"; abortSession 3}
-re "Current Internal Temperature: (.*)\r\n"
}
set slcTemp $expect_out(1,string)
myprint "Temperature: $slcTemp"
exp_send "logout\n"
sleep .5
close
exit 0
This script can be run manually at the CLI:
[slc431d] set script runcli cliExample parameters "East Data Center"
Internal temperature of the East Data Center SLC at 01/27/2019 02:07
Temperature: 48C (118F)
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 198
Expect Custom Script - SLC Device Port Session
An example of an Expect Custom Script that interacts with a SLC Device Port (in this example a
ServerTech PDU is connected to a Device Port):
#! expect
#
# Script to get the load of a ServerTech PDU outlet
#
set pduPrompt ">"
set pduLoad "unknown"
proc myprint {str} {
send_user -- "$str\n"
}
proc abortSession {err} {
send_user "Error $err. Terminating session.\n"
exit $err
}
set now [clock seconds]
set date [clock format $now -format {%D %R}]
myprint "Load of ServerTech PDU outlet B1 at $date"
# spawn the port session on a device port
if {[catch {spawn -noecho portsession -p $devicePort} result]} {
abortSession 1
}
set sessionId $spawn_id
# Handle eof
expect_after {
-i $sessionId eof {
myprint "Session unexpectedly terminated."
abortSession 2
}
}
set timeout 10
log_user 0
#
# Login to the PDU
# The "Error:*" pattern matches all error messages output by portsession
#
send "\n"
expect {
"Username:" { send "admn\n" }
"Error:*\r\n" { send_user $expect_out(0,string); abortSession 2 }
}
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 199
expect "Password:"
send "admn\n"
# Wait for the first prompt
set loggedIn false
while {! $loggedIn} {
expect {
timeout {myprint "Timeout waiting to login"; abortSession 3}
"*CDU: " {set loggedIn true}
} ;
}
# Detect the prompt
exp_send "\n"
expect "are:\r\n"
expect "LOGIN\r\n"
expect "REMOVE\r\n"
expect "RESTART\r\n"
expect {
timeout {myprint "Timeout waiting for prompt"; abortSession 3}
-re "\r\n(\[^\r]*:)"
}
set pduPrompt $expect_out(1,string)
# Run the ostat command
exp_send "ostat .b1\n"
expect "Outlet*Power\r\n"
expect "ID*Watts*\r\n"
expect {
timeout {myprint "Timeout waiting for load"; abortSession 3}
-re "\.B1\\s+\\S+\\s+\\S+\\s+(\\S+)"
}
set pduLoad $expect_out(1,string)
myprint "Outlet B1 Load: $pduLoad Amps"
expect $pduPrompt
exp_send "logout\n"
sleep .5
close
exit 0
Expect Custom Script - SLC Device Port Session
An example of an Expect Custom Script that interacts with a SLC Device Port (in this example a
Cisco server is connected to a Device Port):
#! expect
#
# Save a copy of the running config of a Cisco server to a TFTP server
# The Cisco server is connected to a SLC/B device port
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 200
#
proc myprint {str} {
send_user -- "$str\n"
}
proc abortSession {err} {
send_user "Error $err. Terminating session.\n"
exit $err
}
if {$argc < 2} {
myprint "Usage: script_md_cisco.exp <TFTP Server> <Backup File Name>"
abortSession 1
}
set tftp [lindex $argv 0]
set configFile [lindex $argv 1]
set enablePassword "secret"
set timeout 10
set now [clock seconds]
set date [clock format $now -format {%D %R}]
myprint "Backing up Cisco Server to $tftp:$configFile at $date"
# spawn the port session on a device port
if {[catch {spawn -noecho portsession -p $devicePort} result]} {
abortSession 2
}
set sessionId $spawn_id
# Handle eof
expect_after {
-i $sessionId eof {
myprint "Session unexpectedly terminated."
abortSession 3
}
}
log_user 0
# Send carriage return, see if we are connected
set loggedIn false
set execMode false
set passwordPrompt false
set cnt 1
while {! $loggedIn || ! $execMode} {
if {$cnt == 5} {
myprint "Timeout waiting for > or # prompt"
abortSession 4
}
if {! $passwordPrompt} {
send "\r"
}
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 201
expect {
"*assword: " { send "$enablePassword\r" }
">" { set loggedIn true; set passwordPrompt true; send "enable\r"
}
"#" { set loggedIn true; set execMode true }
"Error:*\r\n" { send_user $expect_out(0,string); abortSession 5 }
timeout {set cnt [expr {$cnt + 1}] }
}
}
myprint "Logged in."
send "copy running-config tftp://$tftp/$configFile\r"
expect "$tftp"
send "\r"
expect "$configFile"
send "\r"
myprint "Backup initiated."
expect {
"!!" { myprint "Successfully backed up." }
timeout { myprint "Timeout waiting for backup to complete.";
abortSession 6 }
}
send "exit\r"
sleep .5
close
exit 0
Python Custom Script - SLC CLI Session
An example of a Python Custom Script that interacts with a CLI session:
#! python
# Script to set the RADIUS authentication settings of the SLC
# Sets the first RADIUS server and secret, and enables RADIUS
# Note: passing secret as a command line parameter is a security
vulnerability
# Usage:
# script_cli_radius.py <RADIUS server> <RADIUS secret>
#
import subprocess
import datetime
import sys
num_args = len(sys.argv) - 1
if num_args < 2:
print("Usage: script_cli_radius.py <RADIUS server> <RADIUS secret>")
sys.exit(1)
print("Settings RADIUS server on SLC at ", end="")
now = datetime.datetime.now()
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 202
print(now.strftime("%Y-%m-%d %H:%M"))
server = sys.argv[1]
secret = sys.argv[2]
proc = subprocess.Popen(['clisession', '-U', 'sysadmin'],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
# wait for prompt
while True:
output_str = proc.stdout.readline()
if b'list of commands' in output_str:
proc.stdin.write(b'\n')
proc.stdin.flush()
if b']> ' in output_str:
break
if b'Invalid local user' in output_str:
print("Invalid local user passed to clisession.")
proc.stdin.close()
proc.terminate()
proc.wait()
sys.exit(1)
# Run the RADIUS command
s = "set radius server 1 host " + server + " secret " + secret + "\n"
b = bytearray(s.encode())
proc.stdin.write(b)
proc.stdin.flush()
while True:
output_str = proc.stdout.readline()
if b'RADIUS settings successfully updated' in output_str:
break
elif b'set radius' not in output_str:
# RADIUS command returned an error
s1 = str(output_str)
s2 = s1.split("\\r")[1]
print("RADIUS command returned: " + s2.split("\\n")[0])
proc.stdin.close()
proc.terminate()
proc.wait()
sys.exit(1)
proc.stdin.write(b'set radius state enable\n')
proc.stdin.flush()
while True:
output_str = proc.stdout.readline()
if b'RADIUS settings successfully updated' in output_str:
break
elif b'set radius' not in output_str:
# RADIUS command returned an error
s1 = str(output_str)
s2 = s1.split("\\r")[1]
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 203
print("RADIUS command returned: " + s2.split("\\n")[0])
proc.stdin.close()
proc.terminate()
proc.wait()
sys.exit(1)
print("RADIUS settings updated and enabled.")
proc.stdin.close()
proc.terminate()
proc.wait()
sys.exit(0)
Python Custom Script - SLC CLI Session
An example of a Python Custom Script that uses the Pexpect module to interact with the CLI
session and the device ports to detect the prompt on any devices connected to the SLC, and set
the device port name to be the same as the device prompt:
#! python
# Script to detect the prompt on a device connected to a SLC or SLB
device port,
# and set the device port name to the prompt. Punctuation characters are
# removed and the device port number is appended to the name. Prompts
ending
# in '>' are detected. For example, for a Cisco device attached to device
# port 3 and displays this prompt:
# engcisco_cat3560>
# the name for device port 3 will be set to "engcisco_cat3560-3"
import pexpect
import datetime
import time
import sys
import re
now = datetime.datetime.now()
print("Detecting devices on SLC at ", end="")
print(now.strftime("%Y-%m-%d %H:%M"))
# start the CLI session to get number of device ports
p=pexpect.spawn('clisession -U sysadmin')
slcPrompt = ""
numPorts = 0
loggedIn = False
while not loggedIn:
i = p.expect([pexpect.TIMEOUT, pexpect.EOF,
'Model Number: SLC80(\d*)\r\n', 'Model Number:
SLB882\r\n',
'(\[.*>)'], timeout=10)
if i == 0: # Timeout
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 204
print("Timeout waiting to login.")
p.terminate(True)
sys.exit(1)
elif i == 1: # EOF
print("Session unexpectedly terminated.")
p.terminate(True)
sys.exit(1)
elif i == 2: # SLC8000 model number
model = p.match.group(1)
numPorts = int(model)
elif i == 3: # SLB882 model number
numPorts = 8
elif i == 4: # prompt
loggedIn = True
slcPrompt = p.match.group(1).decode('utf-8')
if numPorts == 0:
print("Cannot determine number of device ports.")
p.terminate(True)
sys.exit(1)
print("Number of device ports:", numPorts)
# Terminate the CLI session
p.sendline("logout")
time.sleep(.500)
p.wait()
skipPorts = False
devicePort = 1
pList = []
if numPorts == 24 or numPorts == 40:
# Adjust port numbering for SLC8024 and SLC8040
skipPorts = True
numPorts = numPorts + 8
# Loop through device ports, connect and try to detect the prompt
while devicePort <= numPorts:
if skipPorts and devicePort >= 9 and devicePort <= 16:
devicePort = devicePort + 1
pList.append('')
continue
print("Scanning device port", devicePort, "...")
port = str(devicePort)
p=pexpect.spawn('portsession', ['-p', port])
# Login (if required), and wait for the first prompt
p.sendline("")
gotPrompt = False
slcDevice = False
cnt = 1
while not gotPrompt:
i = p.expect([pexpect.TIMEOUT, pexpect.EOF,
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 205
'login:', 'Error: (.*)\r\n',
'>'], timeout=10)
if i == 0: # Timeout
cnt = cnt + 1
if cnt == 3:
print("Timeout waiting to connect to DP", devicePort, ".")
p.terminate(True)
p.wait()
break
# may need to send a CR to get prompt
p.send("\r")
elif i == 1: # EOF
print("portsession on DP ", devicePort, "unexpectedly
terminated.")
break
elif i == 2: # login prompt
p.sendline("sysadmin")
p.expect("Password:")
p.sendline("PASS")
slcDevice = True
gotPrompt = True
elif i == 3: # error from portsession
print(p.match.group(1).decode('utf-8'))
p.terminate(True)
p.wait()
break
elif i == 4: # prompt
gotPrompt = True
# end if while not gotPrompt:
if not gotPrompt:
devicePort = devicePort + 1
pList.append('')
continue
# Detect the prompt
devPrompt = ""
p.send("\n")
i = p.expect([pexpect.TIMEOUT, pexpect.EOF, '\r\n(.*)>'],
timeout=10)
if i == 0 or i == 1: # Timeout or EOF
print("Timeout waiting for the prompt on DP", devicePort, ".")
p.terminate(True)
p.wait()
devicePort = devicePort + 1
pList.append('')
continue
if i == 2: # prompt
devPrompt = p.match.group(1).decode('utf-8')
if devPrompt == "":
print("Timeout waiting for the prompt on DP", devicePort, ".")
devicePort = devicePort + 1
pList.append('')
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 206
continue
print("Detected prompt", devPrompt, ".")
# Strip characters not allowed in DP names
devPromptStrip = re.sub("[^0-9A-Za-z\._\-]", "", devPrompt)
devPromptComplete = devPromptStrip + "-" + str(devicePort)
pList.append(devPromptComplete)
p.terminate(True)
p.wait()
devicePort = devicePort + 1
# end of while devicePort <= numPorts:
# Connect to the SLC CLI and set the device port names
p=pexpect.spawn('clisession -U sysadmin')
loggedIn = False
while not loggedIn:
i = p.expect([pexpect.TIMEOUT, pexpect.EOF,
'Model Number: SLC80(\d*)\r\n', 'Model Number:
SLB882\r\n',
'(\[.*>)'], timeout=10)
if i == 0: # Timeout
print("Timeout waiting to login.")
p.terminate(True)
sys.exit(1)
elif i == 1: # EOF
print("Session unexpectedly terminated.")
p.terminate(True)
sys.exit(1)
elif i == 4: # prompt
loggedIn = True
devicePort = 1
while devicePort <= numPorts:
if skipPorts and devicePort >= 9 and devicePort <= 16:
devicePort = devicePort + 1
continue
if len(pList[devicePort - 1]) > 0:
# Detected a prompt; set it
print("Setting name on DP", devicePort, "to", pList[devicePort -
1], "...")
s = "set deviceport port " + str(devicePort) + " name " +
pList[devicePort - 1]
p.sendline(s)
i = p.expect([pexpect.TIMEOUT,
'Device Port settings successfully updated.\r\n'],
timeout=10)
if i == 0: # Timeout
print("Timeout waiting for response.")
devicePort = devicePort + 1
# Terminate the CLI session
p.sendline("logout")
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 207
time.sleep(.500)
p.wait()
print("Script completed.")
sys.exit(0)
Tcl Custom Script - SLC CLI Session
An example of a Tcl Custom Script that interacts with a CLI session:
#! tcl
# Script to get the current internal temperature of the SLC
# Accepts one optional command line parameter for location
set slcTemp "unknown"
set location ""
# Are there any command line parameters?
if {$argc > 0} {
set location [lindex $argv 0]
}
set now [clock seconds]
set date [clock format $now -format {%D %R}]
if {$argc > 0} {
puts "Internal temperature of the $location SLC at $date"
} else {
puts "Internal temperature of the SLC at $date"
}
set io [open "| clisession -U sysadmin" r+]
set loggedIn false
while {! $loggedIn} {
set len [gets $io line]
if {[string first "Invalid local user" $line] != -1} {
puts "Invalid local user passed to clisession"
break
}
if {[string first "For a list of commands" $line] != -1} {
puts $io "\n"
flush $io
}
if {[string first ">" $line] != -1} {
set loggedIn true
}
}
if {! $loggedIn} {
exit 1
}
puts $io "show temp"
flush $io
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 208
set gotTemp false
while {! $gotTemp} {
set len [gets $io line]
if {[string first "Current Internal Temperature" $line] != -1} {
set slcTemp [string range $line [expr {[string first ":" $line] +
1}] end]
set gotTemp true
}
}
puts "Temperature: $slcTemp"
puts $io "logout"
flush $io
exit 0
Sites
A site is a group of site-oriented modem parameters that can be activated by various modem-
related events (authentication on dial-in, outbound network traffic for a dial-on-demand
connection, etc.). The site parameters will override parameters that are configured for a modem.
To use sites with a modem, create one or more sites (described below), then enable Use Sites for
the modem. Sites can be used with the following modem states: dial-in, dial-back, CBCP Server,
dial-on-demand, dial-in & dial-on-demand, and dial-back & dial-on-demand. For more information
on how sites are used with each modem state, see Modem Dialing States on page 211.
a 1 z 5 7 a 11I:15171921232517293I31153739l1434541 A a: 2 ‘ a a1012u1am2n22241tszaaosuusam42444545: a LANTQONIX stems m3; Luge-n U::$‘s§,°s‘§§.1.m fidecrpmm'cunfiwvabm wmsswpmm CanmledfiewcHDPm-m mm— mm —m m ? a? E Dunc-scams DuvlaPnfls Ennsnthn USBISDCam RFMs Connocflnns NostLlsIs 5mm; Snls sues ML?! m slm W ‘ 5“” 0 Rams“. Add sue \ \ Ean sne Sne Name 7.7 Nana \nhmai Modem PM Dame Pan 7 max-numumnec. use Furl u: nun-am Lngin. use Pan uz DraLcm Fasswum Lagm/CHAP Host 7‘ fielype Passwm amp Sacra 7 Retype ’ 7’ mamcmumnev Amnenficau‘on . PAP cm: AHMDIaI-buck ‘ ‘ 'flmsomLogln: . No 7 mmmss Dial-bacKDuley‘ T‘secunfls . Va: LucaHF: Dial-BuckRames a Newly“: u: Addrass No Ramon w: Madam 11mm . Nu: m.‘ menus sum: Rome u: Mums Rum Dally an mom: cam: Server sum: Route sub-m Mask MW Nu 53mm 51am: Rama Sammy Ename NAT ‘ ‘
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 209
To add a site:
1. Click the Devices tab and select the Sites option. The Sites page displays:
Figure 9-23 Devices > Sites
2. In the lower section of the page, enter the following:
Note: To clear fields in the lower part of the page, click the Reset Site button.
Site Id
(view only)
Displays after a site is created.
Site Name Enter a name for the site.
Port Select the port: None, Internal Modem, Device Port, USB Port U1, or USB
Port U2 the site is assigned to. For dial-on-demand sites, a port must be
selected. For any other sites, the port selection can be set to None. See Modem
Dialing States on page 211.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 210
Login/CHAP Host The login name (for PAP authentication) or CHAP host (for CHAP authentication)
associated with this site. If a modem has sites enabled and the authentication is
successful at dial-in (for modem states dial-in, dial-back, CBCP server, dial-in &
dial-on-demand, or dial-back & dial-on-demand), and the name that was
authenticated matches the Login/CHAP Host, the site parameters will be used for
the remainder of the modem connection.
CHAP Secret/Retype The CHAP secret associated with this site. If a modem has sites enabled and
CHAP authentication enabled, then at dial-in, if the remote server sends a name
in the CHAP challenge response that matches the CHAP host of a site, the CHAP
secret for the site will be used to authenticate the CHAP challenge response sent
by the remote server.
Authentication The type of authentication, PAP or CHAP, for which this site is applicable. On
dial-in authentication, only sites with the authentication type that matches the
authentication type configured for the modem will be used to try to find a matching
site.
Timeout Logins For text dial-in connections, the connection can time out after the connection is
inactive for a specified number of minutes.
Negotiate IP Address If the SLC advanced console manager and the remote server should negotiate
the IP addresses for each side of the PPP connection, select Yes. Select No if the
address of the SLC unit (Local IP) and remote server (Remote IP) need to be
specified.
Static Route IP
Address
The Static Route IP Address, Subnet Mask and Gateway must be configured for
dial-on-demand sites. The SLC 8000 advanced console manager will
automatically dial-out and establish a PPP connection when IP traffic destined for
the network specified by the static route needs to be sent.
Note: Static Routing must be enabled on the Network - Routing page for dial-on-
demand connections.
Static Route Subnet
Mask
The subnet mask for a dial-on-demand connection.
Static Route Gateway The gateway for a dial-on-demand connection.
Dial-out Number The dial-out number must be specified for dial-on-demand sites. This indicates
the phone number to dial when the SLC unit needs to send IP traffic for a dial-on-
demand connection.
Dial-out Login User ID for authentication when dialing out to a remote system, or when a remote
system requests authentication from the SLC 8000 unit when it dials in. May have
up to 32 characters. This ID is used for authenticating the SLC 8000 advanced
console manager during the dial-out portion of a dial-back (including CBCP
server) and dial-on-demand.
Dial-out Password Password for authentication when dialing out to a remote system, or if a remote
system requests authentication from the SLC unit when it dials in. May have up to
64 characters
Retype Password Re-enter password for dialing out to a remote system. May have up to 64
characters.
Dial-back Number The phone number to dial on callback for text or PPP dial-back connections. A
site must successfully authenticate, have Allow Dial-back enabled and have a
Dial-back Number defined in order for the site to be used for callback.
Allow Dial-back If enabled, the site is allowed to be used for dial-back connections.
Dial-back Delay For dial-back and CBCP Server, the number of seconds between the dial-in and
dial-out portions of the dialing sequence.
Dial-back Retries For dial-back and CBCP Server, the number of times the SLC unit will retry the
dial-out portion of the dialing sequence if the first attempt to dial-out fails.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 211
3. Click the Add Site button.
To view or update a site:
1. In the Sites table, select the site and click the View Site button. The site attributes are
displayed in the bottom half of the page.
2. Update any of the site attributes.
3. Click the Edit Site button.
To delete a site:
1. Select the site in the Sites table.
2. Click the Delete Site button.
Configures a set of site-oriented modem parameters that can be activated by various modem-
related events (authentication, outbound network traffic for DOD connections, etc.).
The site parameters will override any parameters configured for the modem.
Uses sites with a modem, enable 'usesites'. Sites can be used with the following modem states:
dialin, dialback, cbcpserver, dialondemand, dialin+ondemand, and dialback+ondemand.
Site Commands
Go to Site Commands to view CLI commands which correspond to the web page entries described
above.
Modem Dialing States
This section describes how each modem state that supports sites operates when sites are
enabled.
Dial In
The SLC 8000 advanced console manager waits for a peer to call the SLC unit to establish a text
(command line) or PPP connection.
For text connections, the user will be prompted for a login and password, and will be
authenticated via the currently enabled authentication methods (Local Users, NIS, LDAP, etc).
Modem Timeout Timeout for dial-in and dial-on-demand PPP connections. Select Yes (default) for
the SLC 8000 advanced console manager to terminate the connection if no traffic
is received during the configured idle time. Enter a value of from 1 to 9999
seconds. The default is 30 seconds.
Restart Delay The number of seconds after the modem timeout and before the SLC unit
attempts another connection. The default is 30 seconds.
CBCP Server
Allow No Callback
For a CBCP Server site, allows "No Callback" as an option in the CBCP
handshake in addition to User-defined Number and Admin-defined Number.
Enable NAT Select to enable Network Address Translation (NAT) for PPP connections.
Note: IP forwarding must be enabled on Network Settings (on page 55) for NAT
to work.
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 212
The site list will be searched for a site that (a) the Login/CHAP Host matches the name that
was authenticated, (b) Authentication is set to PAP, and (c) the Port is set to None or
matches the port the modem is on.
If a matching site is found, the Timeout Logins parameter configured for the site will be used
for the rest of the dial-in connection instead of the Timeout Logins parameter configured for
the modem. Once authenticated, a CLI session will be initiated, and the user will remain
connected to the SLC 8000 advanced console manager until they either logout of the CLI
session, or (if Timeout Logins is enabled) the CLI session is terminated if it has been idle.
For PPP connections, the user will be authenticated via PAP or CHAP (determined by the
Authentication setting for the modem). For PAP, the Local/Remote User list will be used to
authenticate the login and password sent by the PPP peer, and the site list will be searched for
a site that (a) the Login/CHAP Host matches the name that was authenticated, (b)
Authentication is set to PAP, and (c) the Port is set to None or matches the port the modem
is on. For CHAP, the site list will be searched for a site that (a) the Login/CHAP Host and
CHAP Secret match the name and secret sent in the CHAP Challenge response by the PPP
peer, (b) Authentication is set to CHAP, and (c) the Port is set to None or matches the port
the modem is on. If the remote peer requests PAP or CHAP authentication from the SLC unit,
the Remote/Dial-out Login and Remote/Dial-out Password configured for the modem (not
the site) will be provided as authentication tokens.
If a matching site is found, its Negotiate IP Address, NAT, and Modem Timeout parameters
will be used for the rest of the dial-in connection instead of the parameters configured for the
modem. Once authenticated, a PPP session will be established using either negotiated IP
addresses or specific IP addresses (determined by the Negotiate IP Address setting). The
PPP connection will stay active until no IP traffic is sent for Modem Timeout seconds.
Dial-back
The SLC advanced console manager waits for a peer to call the SLC unit, establishes a text
(command line) or PPP connection, authenticates the user, and if the SLC 8000 advanced console
manager is able to determine a dial-back number to use, hangs up and calls the dial-back number
to establish either a text or PPP connection.
For text connections, the user will be prompted for a login and password, and will be
authenticated via the currently enabled authentication methods (Local Users, NIS, LDAP, etc).
The site list will be searched for a site that (a) the Login/CHAP Host matches the name that
was authenticated, (b) Authentication is set to PAP, and (c) the Port is set to None or
matches the port the modem is on.
If a matching site is found, its Timeout Logins, Dial-back Number, Allow Dial-back, and
Dial-back Delay parameters will be used for the rest of the dial-back connection instead of the
parameters configured for the modem. Once the remote server is authenticated, if Allow Dial-
back is enabled for the site and a Dial-back Number is defined, the SLC unit will hang up and
wait Dial-back Delay seconds before initiating the dial-back. The SLC 8000 advanced
console manager will dial, prompt the user again for a login and password, and a CLI session
will be initiated. The user will remain connected to the SLC unit until they either logout of the
CLI session, or (if Timeout Logins is enabled) the CLI session is terminated if it has been
idle.
For PPP connections, the user will be authenticated via PAP or CHAP (determined by the
Authentication setting for the modem). For PAP, the Local/Remote User list will be used to
authenticate the login and password sent by the PPP peer, and the site list will be searched for
a site that (a) the Login/CHAP Host matches the name that was authenticated, (b)
Authentication is set to PAP, and (c) the Port is set to None or matches the port the modem
is on. For CHAP, the site list will be searched for a site that (a) the Login/CHAP Host and
CHAP Secret match the name and secret sent in the CHAP Challenge response by the PPP
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 213
peer, (b) Authentication is set to CHAP, and (c) the Port is set to None or matches the port
the modem is on. If the remote peer requests PAP or CHAP authentication from the SLC 8000
advanced console manager, the Remote/Dial-out Login and Remote/Dial-out Password
configured for the modem (not the site) will be provided as authentication tokens.
If a matching site is found, its Dial-back Number, Allow Dial-back, Dial-back Delay, Dial-
out Login, Dial-out Password, Negotiate IP Address, NAT, and Modem Timeout
parameters will be used for the rest of the dial-back connection instead of the parameters
configured for the modem. Once the remote server is authenticated, if Allow Dial-back is
enabled for the site and a Dial-back Number is defined, the SLC unit will hang up and wait
Dial-back Delay seconds before initiating the dial-back. The SLC 8000 advanced console
manager will dial, and if the remote peer requests PAP or CHAP authentication, provide the
Dial-out Login and Dial-out Password as authentication tokens. Once authenticated, a PPP
session will be established using either negotiated IP addresses or specific IP addresses
(determined by the Negotiate IP Address setting).
Dial-on-demand
The SLC unit automatically dial outs and establishes a PPP connection when IP traffic destined for
a remote network needs to be sent. It will remain connected until no data packets have been sent
to the peer for a specified amount of time.
When this modem state is initiated, the SLC 8000 advanced console manager searches the site
list for all sites that (a) have a Dial-out Number defined, (b) have a Static Route IP Address,
Static Route Subnet Mask and Static Route Gateway defined, and (c) the Port matches the port
the modem is on. A dial-on-demand connection will be started for each, waiting for IP traffic
destined for a remote network.
When IP traffic needs to be sent, the SLC unit dials the appropriate Dial-out Number for the site,
and if the remote peer requests PAP or CHAP authentication, provides the Dial-out Login and
Dial-out Password as authentication tokens. Once authenticated, a PPP session will be
established using either negotiated IP addresses or specific IP addresses (determined by the
Negotiate IP Address setting). The PPP connection will stay active until no IP traffic is sent for
Modem Timeout seconds. Once the timeout has expired, the PPP connection will be terminated
and will not be reestablished for at least Restart Delay seconds.
Dial-in & Dial-on-demand
A modem is configured to be in two modes: answering incoming calls to establish a PPP
connection, and automatically dialing out to establish a PPP connection when IP traffic destined
for a remote network needs to be sent. When either event occurs (an incoming call or IP traffic
destined for the remote network), the other mode will be disabled.
For Dial-in, the user will be authenticated via PAP or CHAP (determined by the
Authentication setting for the modem). For PAP, the Local/Remote User list will be used to
authenticate the login and password sent by the PPP peer, and the site list will be searched for
a site that (a) the Login/CHAP Host matches the name that was authenticated, (b)
Authentication is set to PAP, and (c) the Port is set to None or matches the port the modem
is on. For CHAP, the site list will be searched for a site that (a) the Login/CHAP Host and
CHAP Secret match the name and secret sent in the CHAP Challenge response by the PPP
peer, (b) Authentication is set to CHAP, and (c) the Port is set to None or matches the port
the modem is on. If the remote peer requests PAP or CHAP authentication from the SLC
advanced console manager, the Remote/Dial-out Login and Remote/Dial-out Password
configured for the modem (not the site) will be provided as authentication tokens.
If a matching site is found, its Negotiate IP Address, NAT, and Modem Timeout parameters
will be used for the rest of the dial-in connection instead of the parameters configured for the
modem. Once authenticated, a PPP session will be established using either negotiated IP
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 214
addresses or specific IP addresses (determined by the Negotiate IP Address setting). The
PPP connection will stay active until no IP traffic is sent for Modem Timeout seconds.
For Dial-on-Demand, the SLC unit searches the site list for all sites that (a) have a Dial-out
Number defined, (b) have a Static Route IP Address, Static Route Subnet Mask and Static
Route Gateway defined, and (c) the Port matches the port the modem is on. A dial-on-
demand connection will be started for each, waiting for IP traffic destined for a remote
network. When IP traffic needs to be sent, the SLC 8000 advanced console manager dials the
appropriate Dial-out Number for the site, and if the remote peer requests PAP or CHAP
authentication, provides the Dial-out Login and Dial-out Password as authentication tokens.
Once authenticated, a PPP session will be established using either negotiated IP addresses
or specific IP addresses (determined by the Negotiate IP Address setting). The PPP
connection will stay active until no IP traffic is sent for Modem Timeout seconds. Once the
timeout has expired, the PPP connection will be terminated and will not be reestablished for at
least Restart Delay seconds.
Dial-back & Dial-on-demand
A modem is configured to be in two modes: answering incoming calls to initiate a dial-back, and
automatically dialing out to establish a PPP connection when IP traffic destined for a remote
network needs to be sent. When either event occurs (an incoming call or IP traffic destined for the
remote network), the other mode will be disabled.
For Dial-back, the user will be authenticated via PAP or CHAP (determined by the
Authentication setting for the modem). For PAP, the Local/Remote User list will be used to
authenticate the login and password sent by the PPP peer, and the site list will be searched for
a site that (a) the Login/CHAP Host matches the name that was authenticated, (b)
Authentication is set to PAP, and (c) the Port is set to None or matches the port the modem
is on. For CHAP, the site list will be searched for a site that (a) the Login/CHAP Host and
CHAP Secret match the name and secret sent in the CHAP Challenge response by the PPP
peer, (b) Authentication is set to CHAP, and (c) the Port is set to None or matches the port
the modem is on. If the remote peer requests PAP or CHAP authentication from the SLC unit,
the Remote/Dial-out Login and Remote/Dial-out Password configured for the modem (not
the site) will be provided as authentication tokens.
If a matching site is found, its Dial-back Number, Allow Dial-back, Dial-back Delay, Dial-
out Login, Dial-out Password, Negotiate IP Address, NAT, and Modem Timeout
parameters will be used for the rest of the dial-back connection instead of the parameters
configured for the modem. Once the remote server is authenticated, if Allow Dial-back is
enabled for the site and a Dial-back Number is defined, the SLC 8000 advanced console
manager will hang up and wait Dial-back Delay seconds before initiating the dial-back. The
SLC unit will dial, and if the remote peer requests PAP or CHAP authentication, provide the
Dial-out Login and Dial-out Password as authentication tokens. Once authenticated, a PPP
session will be established using either negotiated IP addresses or specific IP addresses
(determined by the Negotiate IP Address setting).
For Dial-on-Demand, the SLC 8000 advanced console manager searches the site list for all
sites that (a) have a Dial-out Number defined, (b) have a Static Route IP Address, Static
Route Subnet Mask and Static Route Gateway defined, and (c) the Port matches the port
the modem is on. A dial-on-demand connection will be started for each, waiting for IP traffic
destined for a remote network.
When IP traffic needs to be sent, the SLC unit dials the appropriate Dial-out Number for the
site, and if the remote peer requests PAP or CHAP authentication, provides the Dial-out
Login and Dial-out Password as authentication tokens. Once authenticated, a PPP session
will be established using either negotiated IP addresses or specific IP addresses (determined
by the Negotiate IP Address setting). The PPP connection will stay active until no IP traffic is
Callback Control Protocol (CBCP) is a PPP option that ne server, after authenticating the client, terminates the conn phone number that is determined by the CBCP handshak http://technet.microsoft.com/en-us/librarv/ccQ57979.asox
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 215
sent for Modem Timeout seconds. Once the timeout has expired, the PPP connection will be
terminated and will not be reestablished for at least Restart Delay seconds.
CBCP Server and CBCP Client
Callback Control Protocol (CBCP) is a PPP option that negotiates the use of callback where the
server, after authenticating the client, terminates the connection and calls the client back at a
phone number that is determined by the CBCP handshake. For more information on CBCP, see
http://technet.microsoft.com/en-us/library/cc957979.aspx. CBCP is used primarily by Microsoft
PPP peers. CBCP supports two options for determining the number to dial on callback: the client
can specify a user-defined number for the server to dial on callback, or the client can request the
server use an administrator-defined number to dial on callback. Optionally, some servers may also
allow "no callback" as an option.
CBCP Server
The SLC 8000 advanced console manager waits for a client to call the SLC unit, establishes a
PPP connection, authenticates the user, and negotiates a dial-back number with the client using
CBCP. If the SLC 8000 advanced console manager is able to determine a dial-back number to
use, it hangs up and calls the dial-back number.
When a call is received, a PPP connection is established, and the user will be authenticated via
PAP or CHAP (configured with the Authentication setting). For PAP, the Local/Remote list will be
used to authenticate the login and password sent by the PPP peer. For CHAP, the CHAP
Handshake Host/User Name and Secret/User Password will be used to authenticate CHAP
Challenge response sent by the PPP peer. If the remote peer requests PAP or CHAP
authentication from the SLC unit, the Remote/Dial-out Login and Remote/Dial-out Password
will be provided as authentication tokens. Once authenticated, the CBCP handshake with the
client determines the number to use for dial-back. The SLC unit will present the client with the
available options: if the authenticated user is a Local/Remote User with Allow Dial-back enabled
and a Dial-back Number defined, the administrator-defined option is allowed; if this is not the case,
the user-defined number is allowed. Additionally, if CBCP Server Allow No Callback is enabled,
the client can also select no callback (the PPP connection established at dial-in will remain up).
The client will select from the available callback options. If the SLC unit can determine a dial-back
number to use, it will hang up and wait Dial-back Delay seconds before initiating the dial-back (if
the dial-back fails, the SLC will try Dial-back Retries times to dial-back). The SLC unit will call
back the previously authenticated remote peer, and if the remote peer requests PAP or CHAP
authentication, provide the Remote/Dial-out Login and Remote/Dial-out Password as
authentication tokens. Once authenticated, a PPP session will be established using either
negotiated IP addresses or specific IP addresses (determined by the Negotiate IP Address
setting).
CBCP Client
The SLC unit will dial out to a CBCP server, establish a PPP connection, negotiate a callback
number with the server using CBCP, terminate the connection, and wait for the server to call back.
The SLC unit dials the Dial-out Number, and if the remote peer requests PAP or CHAP
authentication, provides the Remote/Dial-out Login and Remote/Dial-out Password as
authentication tokens. Once authenticated, the CBCP handshake with the server determines the
number to use for dial-back. The SLC device will request the type of number defined by CBCP
Client Type - either an Admin-defined Number (the CBCP server determines the number to call)
or a User-defined Number (the SLC unit will provide the Fixed Dial-back Number as the number
to call). If the CBCP handshake is successful, the SLC unit will terminate the PPP connection,
hang up, and wait for the server to dial back. When the remote server calls back the SLC unit and
the PPP connection is established, the user will be authenticated via PAP or CHAP (configured
9: Device Ports
SLC™ 8000 Advanced Console Manager User Guide 216
with the Authentication setting). For PAP, the Local/Remote list will be used to authenticate the
login and password sent by the PPP peer. For CHAP, the CHAP Handshake Host/User Name
and Secret/User Password will be used to authenticate CHAP Challenge response sent by the
PPP peer. Once authenticated, a PPP session will be established using either negotiated IP
addresses or specific IP addresses (determined by the Negotiate IP Address setting).
Notes:
In a state where the modem will be answering a call, the modem should always be
configured for manual answer, not auto answer.
When answering a call, the SLC unit answers after the 2nd ring.
Any text or PPP connection can be terminated by setting the modem state to disabled.
Key Sequences
The default values for the various key sequences (Escape Sequence, Break Sequence, View Port
Log Sequence, Power Menu Sequence) are set to different key sequences, and it is
recommended that they always be set to different key sequences so that the SLC can properly
handle each of the functions accessed by the key sequence while connected to a device.
For example, if the View Port Log Sequence is set to the same sequence as the Power Menu
Sequence, and this sequence is typed while connected to a device port, both the Power Menu and
the option to display Port Log will be displayed, with the Power Menu taking precedence and
processing user input.
If any of the key sequences are set to the same value, the precedence used to process the key
sequences is:
Escape Sequence
Power Management Sequence
View Port Log Sequence
It is also recommended that the key sequences not share a significant amount of overlap other
than the first character. For example, if the View Port Log Sequence is set to ABCD and the Power
Management Sequence is set to ABCE, the first three characters of both sequences are the same
- this is not recommended.
When any portion of key sequences overlap, typing a complete escape sequence for one of the
sequences will reset recognition of the other sequences back to the beginning of the key
sequence. For example, with the default View Port Log sequence of ESC-V and the default Power
Management sequence of ESC-P, if the user types "ESC-V" and views the port log and then
returns to interacting with the device, they need to type "ESC-P" to view the Power Menu, and not
just "P".
When detecting key sequences, after receiving the first character(s) of a sequence, the SLC will
wait 3 or more seconds for the remaining characters, before timing out and sending all characters
to the device. For example, if the Escape Sequence is ABCD, and the user types "AB", the SLC
will wait at least 3 seconds for the next character ("C") before timing out and sending the "AB"
characters to the device.
LANTQONIX SLC 8048 lmmmm E1135 7 a 11131517191123252729313335:1739‘1045" A u: En245i!10121416Ia2n12zlzszlaoazauasamtzuwtaa 5:3:g';::§,‘mn swamp/wWWW Webswom, eqnnmommpw m-_ mm mm m ? £3 E rum-sum: owe-Pom Consul-Pm usavsncam Immlmnmm RPMS connlcuans HostLlfls Scrlpts svnu RPMs Mug?‘ awash: AddDevlce‘J Shulaownomar) Nunncauuns; Raszu) “95> Envl[anuveu'a|‘ MznzggDEvice‘y‘ Quljexs} iflhzsdgviuals) Esq)”: Ename‘ Mme ‘ Dwsable nevi-=2: aenom‘ \ Shumawn Delete mum :npm Pow-r Powar anmry Laud Id Name Man: ed V): e . 322 El Scams 9 "P Mn N) (w (W) u.) «m P | SLPISsnmp sNMPanszanu PDu ms m MA N/A N/A N/A N/A normal . 2 CyberPuwer— suurups a STecMGSNMPSNMP71721§13E|24 PDU 515 m 52 35 N/A MA MA narmai USErvantpan uPs mN/A 114 N/A ea mu :1 on 0L
SLC™ 8000 Advanced Console Manager User Guide 217
10: Remote Power Managers
The SLC supports managing remote power managers (RPMs) for devices from over 140 vendors.
The RPMs can be either PDUs or UPSes, and can be managed via SNMP, serial port, network
and USB connections. The RPMs web page displays a list of all currently managed RPMs with an
overview of their current status, with options to control and view detailed status for each RPM,
depending on its supported capabilities.
Network and SNMP managed RPMs are disabled in FIPS mode. The only action that can be
performed on a network or SNMP managed RPM in FIPS mode is that it can be deleted via the
CLI.
For notes on optimizing the management of specific devices, see
Optimizing and Troubleshooting RPM Behavior (on page 229).
Devices - RPMs
To control or view status for an RPM:
1. Click the Devices tab and select the RPMs option. The RPMs page displays.
Figure 10-1 Devices > RPMs
2. In the lower section of the page, select an RPM by clicking on the radio button to the far right
in the RPM's row. The options that are available for that RPM will be available (ungreyed).
Select one of the following options:
Refresh Refreshes the information in the RPMs table.
Add Device Displays the Device Ports > RPMs - Add Device to add a new
managed PDU or UPS.
Shutdown Order Displays the order in which all UPS devices are shutdown in the event
that a UPS reaches a low battery state. See Figure 10-2. For more
information, see RPM Shutdown Procedure.
a; my/172.u.lou.1aa/rpmsxams hlmheportfsdarder LCB‘MB - RPM Shutdown Order 5mm nraer for ups um: Pea-er Managers Shut-1m" W Lu: Buttery Action Shutduun this “‘5 swam this “’5
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 218
Figure 10-2 RPM Shutdown Order
Notifications Displays the notifications configured for each PDU and UPS. See
Figure 10-3.
Raw Data Displays a window with all of the information returned by the driver
when a query for status is requested. This option is available for all
RPMs. See Figure 10-4.
Logs Displays a window with any logging information that has been
accumulated for the selected RPM, if logging is enabled for the RPM.
This option is available for all RPMs. See Figure 10-5.
Environmental Displays a window with any environmental (humidity and
temperature) information that may be available for the selected RPM,
if sensors are installed for the RPM. This option is available for all
RPMs. See Figure 10-6.
Managed Device Displays the RPMs - Manage Device page, with the complete status
and configuration for the selected RPM. This option is available for all
RPMs.
Outlets Displays the RPMs - Outlets page for RPMs that support individual
outlet control and status.
Beeper: Enable, Mute,
Disable
If the RPM has a beeper than can be controlled, these options allow
the administrator to Enable, Mute, or Disable the beeper. If you try to
use Mute to silence a beeper and the beeper continues to sound, the
UPS most likely does not support mute, and the Disable option will be
the only way to silence the beeper.
Reboot Reboots the RPM immediately, which may interrupt the power
provided by the RPM while it is rebooting. Some PDUs and UPSes
have a default delay that they will wait before initiating a reboot; this
setting may be visible in the raw data (see above) as
"ups.delay.reboot".
Shutdown Shutsdown the RPM immediately, which will interrupt the power
provided by the RPM. Some PDUs and UPSes have a default delay
that they will wait before initiating a shutdown; this setting may be
visible in the raw data (see above) as "ups.delay.shutdown".
Delete Deletes the selected RPM, after a confirmation.
a bilin/ln.19.]0DJ48/vpmstauls thZreport=noniy L050“ - RPM Notifications _ mi iatim (min-tin (or We pm Hunters um Ila-e Log an» Email 14 SW: Tm Mares: ”c151 1 min [none] man 1 mill [none] Server‘lecm’elm 1 min {none} Serums-Ia 1 min [ma] cyber 1 «in [me] s was). ambientd‘hu‘idity: Ame ambient.2.lwenlur9: 24m mum-«r: Lantmmx m dzvuaJnizl: Hummer aevm.seaal: Demise; mimtype: up man drivenname: snqups driver.parmter.pullinterval: z drivenparaletenuart: 171.19 13738 Muenpaca-etensynchrmus: no avivenmsion: 2.7.3 drivermea‘sinnmiata: 51p m 17.12.27 drivarmerslnndnterna]: 11.72 MUELLdesz: toner-Aimtleu mm . w n
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 219
Figure 10-3 RPM Notifications
Figure 10-4 RPM Raw Data Log
Inn-m 5 ' spam/112 151m l‘a/rpmmllus ntm>mppn=tpg
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 220
Figure 10-5 RPM Logs
Figure 10-6 RPM Environmental Log
RPMs - Add Device
The Add Device page assists the administrator with adding a new managed RPM to the SLC
configuration. With over 140 different vendors and nearly 1000 different models that are
supported, the key to ensuring the SLC can properly manage a PDU or UPS is selecting the right
model (with its associated driver) and any required driver options, especially for USB managed
devices. On the Devices > RPMs page, access the Device Ports > RPMs - Add Device page to
configure a new managed remote power manager (RPM) for the SLC configuration.
Note: The Device Ports > RPMs - Add Device page with the same functionality can also
be accessed through the Devices > Device Ports page.
To add a new managed RPM :
1. Click the Devices tab and select the RPMs option. Figure 10-1 shows the page that displays.
2. Click the Add Device link on the Devices > RPMs page. The following page displays.
E113 5 7 911”1511192121252125113335173941414547 A E2 2 4 5 a 1012Hls1:120222426253032M36154042M4543 a LANR’ONIX swam mm: mm a:;:;;c;:g,gm Seiemmmmm Wm, mm mm_ M. mm <9 i="" 6*="" el="" rmlcnsmus="" 5“”:er="" consul-rm="" usaisnc-m="" rpms="" conmciions="" hosilim="" scripts="" sim="" rpm:="" -="" add="" device="" 533="" vendor="" seiect="" one="" v="" i="" (u)="" »="" use,="" is)="" -="" sam="" m="" -="" nemaik‘="" in;="" -="" sump="" medal="" jeieck="" orig:="" usa="" 5mm="" newmrk="" snmp="" managed="" m="" usa="" device="" seieciune="" .="" name="" 1:="" or="" omieu="" ii:="" addrsss="" fan="" emsrwmr="" a="" «must:="" pm="" uiw="" opts="" lugin="" passwm="" reiyps="" fasawm,="" log="" smug,="" .="" no="" vexmimilex‘="" cmmal="" snmf="" naps="" i="" crmcal="" emails="" .="" snumawn="" w:="" ups="" law="" am="" ,="" shumnwn="" aii="" upsu="" w="" aiiaw="" baneryiziiwe="" shmflawn="" mm="" slc="" ups“="" snmawn="" omai="" prawns:="" ch="" pawnr'="" '="" apply="">
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 221
Figure 10-7 Device Ports > RPMs - Add Device
3. Enter the following:
Vendor Select the correct vendor from the drop-down menu.
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 222
Model Select the Model in the drop-down menu. The drop-down menu will be
populated with models supported for the selected vendor above. To the left of
each model name is one or two letters in parentheses that indicate the type of
control available for the selected model: P - SNMP, S - serial port, U - USB
port, N - network. Some of the model names in the dropdown may be
truncated because the list of models is very long - in this case, hover over the
model name and the complete model name(s) will be displayed.
Managed via If there is more than one way to manage the selected model, select the
appropriate management method.
USB Device For USB controlled devices, if the RPM is connected to a USB port, the device
should be displayed in the USB Device dropdown. Select the correct device.
This will automatically fill in the Port with the correct port number and the
Driver Opts with the USB vendor and product ID (see below).
Name Specify the unique name of the RPM (up to 20 characters).
# of Outlets Specify the number of outlets on the RPM (maximum of 120 outlets).
IP Address For SNMP and Network (Telnet) managed RPMs, specify the IP address of
the RPM.
Port For network (Telnet) managed RPMs, this is assumed to be port 23 (if left
blank), or it can be filled in with an alternate TCP port. For USB managed
RPMs, this is one of the front USB ports ("0") or the device port that the RPM
is connected to on the SLC (this may be automatically filled in when the USB
Device is selected). For serially controlled RPMs, this is the device port that
the RPM is connected to on the SLC.
Driver Opts For the driver associated with the RPM device, these are extra options which
may be required to make the driver work. The most frequent use of the driver
options is for USB devices (the vendor and product ID may be required so that
the SLC can find the correct device on the USB bus), or in the event that the
default driver options do not work with the RPM. The vendor and product ID
may be automatically filled in if a USB Device is selected. There may also be
other driver options that are filled in by the SLC from an internal table - these
will be automatically set and can be viewed after the RPM has been added,
and can always be overridden by driver options set by the user. For a
complete list of RPM models, drivers and driver options, refer to the Network
UPS Tools Hardware Compatibility List. The format of the driver options
setting is one or more comma-separated parameters-value pairs, e.g.
<parameter name>=<value>.
Login For Network and serially managed RPMs, this is the administrator login.
Password/Retype
Password
For Network and serially managed RPMs, this is the administrator password.
Read Community For SNMP managed RPMs, this is the SNMP read (get) community.
Write Community/Retype
Write Comm
For SNMP managed RPMs, this is the SNMP write (set) community.
Log Status Indicates if the status of the RPM is periodically logged. Select Yes, minutes
to log the status periodically and enter a value between 1 and 60 minutes. The
logs can be viewed by viewing the Devices > RPMs page and clicking on
"Logs".
Critical SNMP Traps If enabled, under critical conditions (UPS goes onto battery power, UPS
battery is low, UPS forced shutdown in progress, UPS on line power, UPS
battery needs to be replaced, RPM is unavailable, communications with RPM
lost, communications with RPM established), a slcEventRPMAction
trap will be sent to the NMS configured in the SNMP settings. This requires
that SNMP traps be enabled.
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 223
4. Click Apply to Save.
RPMs - Manage Device
The Manage Device page allows the administrator to modify the settings for a managed RPM.
To modify a managed RPM:
1. Click the Devices tab and select the RPMs option. Figure 10-1 Devices > RPMs shows the
page which displays.
2. Select an RPM and click the Manage Device link. Figure 10-8 RPMs - Managed Device
shows the page which displays.
Critical Emails If an email address is specified, under critical conditions (see Critical SNMP
Traps above), an email notification will be sent to the email address. The
Server and Sender configured in the SMTP settings will be used to send the
email.
Low Battery For UPS devices only. Indicates the behavior to take when the UPS reaches a
low battery state. Options are to Shutdown this UPS - shutdown only the
UPS that has reached a low battery state; Shutdown all UPSes - shutdown
all UPSes managed by the SLC; Allow battery failure - allow the battery to
completely fail, which may result in the unsafe shutdown of the devices it
provides power to; Shutdown both SLC UPSes - shutdown both UPSes that
provide power to the SLC, including the UPS with that has reached a low
battery state (some SLCs have dual power supplies). For more information,
see RPM Shutdown Procedure.
Shutdown Order For UPS devices only. If any of the UPSes managed by the SLC reaches a
low battery state AND is configured for Shutdown all UPSes for its Low
Battery setting, this indicates the order in which this UPS will be shutdown. All
UPSes with a shutdown order of "1" will be shutdown first, followed by all
UPSes with a shutdown order of "2", etc. Shutdown orders are in the range of
1 to 49, with 50 being reserved for UPSes that provide power to the SLC -
they will always be shutdown last (see Provides SLC Power below).
Provides SLC Power For UPS devices only. Indicates if this UPS provides power to the SLC.
a v a s 7 a 11131517192123252129313125371941435" A ANTQQMX chaaae mm.” DESRY‘fié‘Jm smmw-cmwm wwsmunmyy» comemamempmw mm— new-s mm 6* 7 +33 numesmus Duqunfl: ConsoloPan usa/sncem InhrnllMadlm RPMS commons "mum swpu 5|!» RPMs - Manage Device n RFMH 1 Manageflvla sNMP Name SLFtEsnmp \PMdress “72.19 237 30 Pan Smus' norm-I BM, 0m: Vendor, Lnnlmnlx SLP Mnde‘ Glenn-Tamer R9“ Cammunfly : av omen: 15 WW C°’“’“”""Y' mum: on 157 Rmype Wm- Camm‘ PM Version iggum‘m """M'MWV‘NW Lag sum No . v” mmmes 11 \ SenmNum, munuoz CnuzalSNMP 173p: 4‘ MAC Andres: [none] Cruim‘EmaHs \ ‘ cunenr 0.5 amps mm Vunage' MIA Shmflawn mus ups Shutdown an uPsas Apparent Fwerv NIA L“ “my AHW banery tame Nomlnn] NM Shumawn hath ch UPSes Apparem Power ‘ , ‘ Real vower um Shwm‘ we“ ”mm valdes ch Power V NIA Rial Fmr WW5 ‘ ADP‘Y \
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 224
Figure 10-8 RPMs - Managed Device
3. Enter the following:
RPM Id (view only) The unique number associated with the RPM.
Name Specify the unique name of the RPM (up to 20 characters).
Status (view only) The current status of the RPM. Any error status will be shown here.
Vendor (view only) The manufacturer of the RPM.
Model (view only) The model of the RPM. The model is read from the device, if it is provided; not all
RPMs provide a model string. If the device normally provides the device model and
becomes unreachable, or does not provide a model string, the Model is derived from
the supported model list strings.
# of Outlets Specify the number of outlets on the RPM (maximum of 120 outlets).
Outlets On (view
only)
The number of outlets that are currently turned on, if this information is provided by
the RPM.
F/W Version (view
only)
The firmware version of the RPM, if this information is provided by the RPM.
Serial Num (view
only)
The serial number of the RPM, if this information is provided by the RPM.
MAC Address (view
only)
The MAC address of the RPM, if this information is provided by the RPM.
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 225
Current (view only) The total current value for the RPM in Amperes, if this information is provided by the
RPM. If the RPM consists of two separate towers or units, each with its own current
value, both current values will be displayed, separated by a slash.
Input Voltage (view
only)
The input voltage for the RPM in Volts, if this information is provided by the RPM. If
the RPM consists of two separate towers or units, each with its own input voltage
value, both voltage values will be displayed, separated by a slash.
Apparent Power
(view only)
The apparent power value for the RPM in Volt-Amperes, if this information is
provided by the RPM. If the RPM consists of two separate towers or units, each with
its own apparent power value, both power values will be displayed, separated by a
slash.
Nominal Apparent
Power (view only)
The nominal apparent power value for the RPM in Volt-Amperes, if this information is
provided by the RPM. If the RPM consists of two separate towers or units, each with
its own nominal apparent power value, both power values will be displayed,
separated by a slash.
Real Power (view
only)
The real power value for the RPM in Watts, if this information is provided by the
RPM. If the RPM consists of two separate towers or units, each with its own real
power value, both power values will be displayed, separated by a slash.
Battery Charge
(view only)
For UPS devices only. Displays the current charge level for the battery, as a
percentage.
Battery Runtime
(view only)
For UPS devices only. Displays the amount of time remaining in the UPS battery life.
Beeper Status (view
only)
For UPS devices only. Displays the current state of the UPS beeper.
Managed via (view
only)
Displays the method used to control the RPM device (SNMP, Network, Serial Port,
USB port).
IP Address For SNMP and Network (Telnet) managed RPMs, specify the IP address of the
RPM.
Port For network (Telnet) managed RPMs, this is assumed to be port 23 (if left blank), or
it can be filled in with an alternate TCP port. For USB managed RPMs, this is one of
the front USB ports ("0") or the device port that the RPM is connected to on the SLC.
For serially controlled RPMs, this is the device port that the RPM is connect to on the
SLC.
Driver Opts For the driver associated with the RPM device, these are extra options which may be
required to make the driver work. The most frequent use of the driver options is for
USB devices (the vendor and product ID may be required so that the SLC can find
the correct device on the USB bus), or in the event that the default driver options do
not work with the RPM. There may also be other driver options that are filled in by
the SLC from an internal table - these will be automatically set and can be viewed
after the RPM has been added, and can always be overridden by driver options set
by the user. For a complete list of RPM models, drivers and driver options, refer to
Network UPS Tools Hardware Compatibility List. The format of the driver options
setting is one or more comma-separated parameters-value pairs, e.g. "<parameter
name>=<value>".
Login For Network and serially managed RPMs, this is the administrator login.
Password/Retype
Password
For Network and serially managed RPMs, this is the administrator password.
Read Community For SNMP managed RPMs, this is the SNMP read (get) community.
Write Community/
Retype Write Comm
For SNMP managed RPMs, this is the SNMP write (set) community.
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 226
3. To save, click Apply.
RPMs - Outlets
The Outlets page allows the administrator to view the current status of each individual outlet on an
RPM, and change the state of the outlets. Not all RPMs support individual outlet status and
control.
To control and view status for RPM outlets:
1. Click the Devices tab and select the RPMs option. Figure 10-1 Devices > RPMs shows the
page which displays.
2. Select an RPM and click the Outlets link. Figure 10-9 RPMs - Outlets shows the page which
displays. This page will, at a minimum, list the outlet numbers and their state - On or Off. If the
RPM provides additional information for the outlets, the custom name and the current reading
in Amperes will also be displayed for each outlet.
Log Status Indicates if the status of the RPM is periodically logged. Select Yes, minutes to log
the status periodically and enter a value between 1 and 60 minutes. The logs can be
viewed by viewing the RPMs web page and clicking on "Logs".
Critical SNMP Traps If enabled, under critical conditions (UPS goes onto battery power, UPS battery is
low, UPS forced shutdown in progress, UPS on line power, UPS battery needs to be
replaced, RPM is unavailable, communications with RPM lost, communications with
RPM established), a slcEventRPMAction trap will be sent to the NMS configured in
SNMP settings. This requires that SNMP traps be enabled.
Critical Emails If an email address is specified, under critical conditions (see Critical SNMP Traps
above), an email notification will be sent to the email address. The Server and
Sender configured in the SMTP settings will be used to send the email.
Low Battery For UPS devices only. Indicates the behavior to take when the UPS reaches a low
battery state. Options are to Shutdown this UPS - shutdown only the UPS that has
reached a low battery state; Shutdown all UPSes - shutdown all UPSes managed by
the SLC; Allow battery failure - allow the battery to completely fail, which may result
in the unsafe shutdown of the devices it provides power to; Shutdown both SLC
UPSes - shutdown both UPSes that provide power to the SLC, including the UPS
with that has reached a low battery state (some SLCs have dual power supplies).
For more information, see RPM Shutdown Procedure
Shutdown Order For UPS devices only. If any of the UPSes managed by the SLC reaches a low
battery state AND is configured for Shutdown all UPSes for its Low Battery setting,
this indicates the order in which this UPS will be shutdown. All UPSes with a
shutdown order of "1" will be shutdown first, followed by all UPSes with a shutdown
order of "2", etc. Shutdown orders are in the range of 1 to 49, with 50 being reserved
for UPSes that provide power to the SLC - they will always be shutdown last (see
Provides SLC Power in the next field below).
Provides SLC
Power
For UPS devices only. Indicates if this UPS provides power to the SLC.
a v :57 s 111115171921232521293111353719414305" A LANT?ONIX swam mm» bzgmy'gfsggun mm WWW WWWDW mm_ was wm <0 7="" *3="" blvlcastllm="" newnernm="" cnnsolopon="" usa/suc-m="" imemllmodun="" rpms="" connecllons="" hosmsu="" scrlpls="" slus="" rpms="" -="" outlets="" refresh="" »="" rpm="" «04mm»!="" 0mm:="" cytle="" paws!="" tum="" dr="" tum="" on="" in="" sum-="" duscflptlan="" cumm="" (imps)="" g="" i="" on="" (men="" 0="" 00="" ‘="" ‘="" 2="" on="" tmmfiommz="" 0="" 00="" u="" s="" on="" towera_ounem="" 0.00="" ‘="" ‘="" a="" on="" tweva_gunem="" 0="" 00="" 0="" 1="" 5="" on="" towera_ouhet5="" 0="" 00="" u="" s="" on="" ywera_duhete="" 0.00="" 0="" j="">
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 227
Figure 10-9 RPMs - Outlets
3. To change the state of one or more outlets, select the outlets, and click the Cycle Power,
Turn On or Turn Off buttons. The command will be sent to the RPM and the page will refresh.
It may take one or two minutes before the new outlet state(s) are reflected on the Outlets
page.
RPM Shutdown Procedure
This section applies to UPS-type RPMs only, and does not apply to PDU-type RPMS. This section
describes the shutdown process when a UPS managed by the SLC reaches a low battery state.
When one UPS reaches a low battery state, the SLC can be configured to allow the UPS to
continue to run until its battery fails completely, to shutdown just the UPS with the low battery, or to
shutdown one or more UPSes. UPS-type RPMs can report the following states:
OL - On line power
OB - On battery power
LB - Low battery
HB - High battery
RB - The battery needs to be replaced
CHRG - The battery is charging
DISCHRG - The battery is discharging (inverter is providing load power)
BYPASS - UPS bypass circuit is active - no battery protection available
CAL - UPS is currently performing runtime calibration (on battery)
OFF - UPS is offline and is not supplying power to the load
OVER - UPS is overloaded
TRIM - UPS is trimming incoming voltage
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 228
BOOST - UPS is boosting incoming voltage
FSD - UPS is in forced shutdown due to a critical condition
Once a UPS is on line power (status is OL) and goes off of line power and onto battery power
(status is OB), it may reach a low battery state (status is OB, LB or LB). Switching from line power
to battery power, and reaching a low battery state are critical states that can result in syslog, email
and SNMP trap notifications. The exact point at which a UPS reaches a low battery state is device
dependent and is related to the battery.charge, battery.charge.low, battery.runtime and
battery.runtime.low settings which can be viewed in the "Raw Data" report.
Once a UPS reaches a low battery state, the Shutdown Order, Low Battery Action and
Provides SLC Power settings determine which UPSes to shutdown, and in what order. The UPS
with the low battery will be placed into FSD (Forced Shutdown) mode. The following actions will be
performed based on the Low Battery Action setting for the UPS with the failed battery:
Allow Battery Failure - The UPS battery will be allowed to run until it fails completely. If the
UPS provides power to the SLC and the battery fails, the SLC will not be cleanly shutdown. In
this scenario, the Shutdown Order setting will be ignored. The Shutdown Order setting may
be used if another UPS reaches the low battery state (see Shutdown all UPSes below).
Shutdown This UPS - If the UPS provides power to the SLC, the SLC will begin shutdown
procedures, shutting down the UPS last. If the UPS does not provide power to the SLC, the
UPS will be shutdown, but will continued to be monitored in case it comes back online.
Shutdown all UPSes - The SLC will begin shutting down all UPSes with a non-zero
Shutdown Order, shutting down UPSes with a shutdown order of "1" first, UPSes with a
shutdown order of "2" second, etc. Any UPS which provides power to the SLC is always forced
to have its Shutdown Order set to 50, which the highest (and last) Shutdown Order. If the
UPS with the failed battery provides power to the SLC (and thus has a Shutdown Order set to
50), the SLC will also begin shutdown procedures, shutting down the failed UPS last. If none
of the UPSes provide power to the SLC, after they are all shutdown their drivers will remaining
running in case the UPS comes back online. In this case, any queries to an RPM while it is still
offline may report "RPM driver data is stale". If the Low Battery Action for a UPS is set to
Allow Battery Failure, but the UPS has a non-zero Shutdown Order, the UPS will still be
shutdown if another UPS reaches the low battery state and has its Low Battery Action set to
Shutdown all UPSes.
Shutdown Both SLC UPSes - This setting should only be used on dual-power SLC units
which have each power supply connected to separate (different) UPS devices, and both UPS
devices are being managed by the SLC. If a UPS is configured for Shutdown Both SLC
UPSes but does not have Provides SLC Power enabled, this is an ambiguous configuration,
and no shutdown action will occur.
For this configuration, when one of the UPSes providing power to the SLC reaches a low
battery state, the event will be noted in the system log, and the SLC will continue to run with no
further actions until the second UPS providing power to the SLC reaches a low battery state.
At this point the SLC will begin shutdown procedures, shutting down both failed UPSes last.
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 229
Optimizing and Troubleshooting RPM Behavior
This section gives tips on how to optimize the management of specific PDUs and UPSes, and how
to troubleshoot any problems with the SLC connecting to and managing an RPM.
Sentry3 - Network and Serially Managed PDUs - Some Sentry3 PDUs have a CLI timeout,
with a default setting of 5 minutes. This timeout may cause frequent query errors when
requesting information from the Sentry3 PDU. It is recommended that the timeout be set as
high as possible to reduce the frequency of the query errors.
Serially Managed RPMs with Administrator Logins - Some serially managed devices will
have an administrator login for the console port. It is recommended that any active sessions
be logged out before adding the device as an RPM, otherwise the RPM may experience query
errors.
If the SLC is unable to communicate with an RPM, or an RPM is displaying the error "driver is not
running", the following steps can be used to troubleshoot the driver issues:
Correct Driver - The CLI command set rpm driver <RPM Id or Name> action show
can be used to display the current running driver for the RPM. Some serially and network
managed RPMs do not have drivers; if this is the case for the RPM, the CLI command will
indicate this. Otherwise it will display the driver that is running for the RPM, and it should
match the driver listed for the device at Network UPS Tools Hardware Compatibility List. If the
wrong driver is shown, the RPM will need to be deleted and re-added, with the correct vendor
and model selected. If no driver is shown, the driver may not be able to start for a variety of
reasons; see remaining steps.
SNMP Settings - For SNMP managed devices, verify the IP Address, Read Community and
Write Community settings are correct.
Reverse Pinout Setting - For serially managed devices, verify the Reverse Pinout setting
(located in the Device Port Settings page) is set correctly.
VendorId and ProductId Driver Options - For USB managed devices, verify the vendorid
and productid shown in the RPM driver options are correct. These can be set automatically
by the SLC from an internal table, set by the user by selecting a specific USB device when
adding a USB-managed RPM, or changed by the user at any time. The CLI command show
usb devices displays all connected USB devices with their port, Product ID and Vendor ID.
Extra Driver Options - The driver documentation at Network UPS Tools Hardware Compatibility
List may indicate that extra driver options are required for the RPM. Select the driver name link
under the Driver column to see any special requirements for the UPS or PDU.
Driver Debug Mode - The driver can be run in debug mode at the CLI and the output
examined to determine why the driver is not starting or is unable to communicate with the
RPM. The CLI command set rpm driver <RPM Id or Name> action debug [level
<1|2|3>] will stop any currently running driver and restart the driver in debug mode with
output sent to a local file. Running set rpm driver <RPM Id or Name> action show
should show a driver running with one or more -D flags. The debug output can be examined or
emailed with the set rpm driver <RPM Id or Name> action viewoutput [email
<Email Address>] [display <head|tail>] [numlines <Number or Lines>]
command. To return the driver to its normal non-debug state, run set rpm driver <RPM
Id or Name> action restart. Note that drivers running in debug mode will generate
copious output, and for disk space reasons should not be left running in debug mode for long
periods of time (e.g. more than an hour).
10: Remote Power Managers
SLC™ 8000 Advanced Console Manager User Guide 230
RPM Commands
Go to RPM Commands to view CLI commands which correspond to the web page entries
described above.
SLC™ 8000 Advanced Console Manager User Guide 231
11: Connections
Chapter 9: Device Ports on page 141 described how to configure and interact with an SLC
advanced console server port connected to an external device. This chapter describes how to use
the Devices > Connections page to connect external devices and outbound network connections
(such as Telnet or SSH) in various configurations.
An SLC unit port attached to an external device can be connected to one of the following
endpoints:
Another device port attached to an external device
Another device port with a modem attached
An outgoing Telnet or SSH session
An outgoing TCP or UDP network connection
This enables the user to set up connections such as those described in the next section. You can
establish a connection at various times:
Immediately. These connections are always re-established after reboot.
At a specified date and time. These connections connect if the date and time have already
passed.
After a specified amount of data or a specified sequence of data passes through the
connection. Following reboot, the connection is not reestablished until the specified data
passes through the connection.
Typical Setup Scenarios for the SLC Unit
Following are typical configurations in which SLC connections can be used, with references to
settings on the Devices > Connections and Device Ports > Settings (1 of 2) web pages.
Terminal Server
In this setup, the SLC 8000 advanced console manager acts as a multiplexer of serial data to a
single server computer. Terminal devices are connected to the serial ports of the SLC unit and
configured as a Device Port to Telnet out type connection on the Devices > Connections page.
The users of the terminals can access the server as if they were connected directly to it by local
serial ports or a console.
EIEIIQ DEE 1‘ ‘ I" ”El
11: Connections
SLC™ 8000 Advanced Console Manager User Guide 232
Figure 11-1 Terminal Server
Remote Access Server
In this setup, the SLC 8000 advanced console manager is connected to one or more modems by
its device ports. Configure the device ports on the Device Ports > Settings (1 of 2) web page by
selecting the Dial-in option in the Modem Settings section. Most customers use the modems in
PPP mode to establish an IP connection to the SLC unit and either Telnet or SSH into the SLC
8000 advanced console manager. They could also select text mode where, using a terminal
emulation program, a user could dial into the SLC unit and connect to the command line interface.
Figure 11-2 Remote Access Server
Reverse Terminal Server
In this scenario, the SLC 8000 advanced console manager has one or more device ports
connected to one or more serial ports of a mainframe server. Users can access a terminal session
by establishing a Telnet or SSH session to the SLC unit. To configure the SLC console manager,
select the Enable Telnet In or Enable SSH In option on the Device Ports > Settings (1 of 2) page.
Figure 11-3 Reverse Terminal Server
SLC 8000 Advanced Console Manager Server
Serial
Connections
VT100 Terminals
Telnet Sessions (via
Network connection)
Network
Connections
Internal
Network
Serial
Connections
Phone System
Modems
SLC 8000 Advanced Console Manager
Serial
Sessions
Unix Server
Telnet/SSH
Sessions
PC
PC
PC
SLC 8000 Advanced Console Manager
, enabling the poms to act as if anager in this setup, the www.|antronix.oom
11: Connections
SLC™ 8000 Advanced Console Manager User Guide 233
Multiport Device Server
A PC can use the device ports on the SLC unit as virtual serial ports, enabling the ports to act as if
they are local ports to the PC. To use the SLC 8000 advanced console manager in this setup, the
PC requires special software, for example, Com Port Redirector (available on www.lantronix.com)
or similar software).
Figure 11-4 Multiport Device Server
Console Server
For this situation, the SLC unit is configured so that the user can manage a number of servers or
pieces of network equipment using their console ports. The device ports on the SLC 8000
advanced console manager are connected to the console ports of the equipment that the user
would like to manage. To manage a specific piece of equipment, the user can Telnet or SSH to a
specific port or IP address on the SLC unit and be connected directly to the console port of the end
server or device. To configure this setup, set the Enable Telnet In or Enable SSH In option on the
Device Ports > Settings (1 of 2) page for the device port in question. The user can implement an
extra remote management capability by adding a modem to one of the device ports and setting the
Dial-in option in the Modem Settings section of the Device Ports > Settings (1 of 2) page. A user
could then dial into the SLC 8000 advanced console manager using another modem and terminal
emulation program at a remote location.
Figure 11-5 Console Server
Serial
Connections
Serial Printer
Modem
Serial
Device
Raw TCP
Sessions
Windows/
Linux PC
SLC 8000 Advanced Console Manager
Serial
Terminal
Sessions
Telnet/SSH
Sessions
PC
PC
PC
Web Server
Switch
Router
Modem
SLC 8000 Advanced Console Manager
LANTQONIX 5133049 lcmu. :1 4 a 5 7 sumsmmmsmsmmmmumw In uz E2 2 A s a1nmaIsmzonzniumazumumnuwu a ngfifg‘a’flm Se‘eflpmfw - Cnnigurannn WebSSNLDPnnM sonnmuommwamyx m-_ m mm «WEE nemesums DunneFvfls tensuier use/50cm RPM: Canneflluns HastLisKs 5mm: Shes Connections Omgmng CannecnnnTmEout ND . VB: 5 secands Comm: Dewce non 031.3me . 0 m- VDsyIcpyPonr Fun 1 smmns ¢ Husxname ‘ ‘ Fun ' Se nas‘ SSH Dm Dglmn User Versm -Nom— 1 Command Tngga . Cunnecmow Cnnrvemamane’nme ‘Iflay v u . 20m . n7 . \ m . “my! v Aulorcomeannchzvacwrsvanflzmr‘g . ¢ 9 ( atleas| ‘ Charafla/s [hammer mums \ Aixily Tn mew delaus m 3 Manama" hamme mouse my me avmw man m me How Lmumn u a cannebwm can be modmed mm: above m“ be mad m modify me cannetum and 5mm ‘cmgme Tn termmate a cunrvecum sexed me vadx) bumn m we rum cum new and :eku ‘Terminate Web mmecnnns can as viewed &‘ cum-m cam-mans ‘Conflgyre‘ jermmale‘ Kegp cumecnaw ‘ ‘Reslan‘ anserwu How Pomsamu Us" mm ’CmsmeF—‘m “ .Cummanolme N/A 331455 ‘
11: Connections
SLC™ 8000 Advanced Console Manager User Guide 234
Connection Configuration
Note: These are advanced connection settings for specific applications. If the SLC 8000
advanced console manager is being used as a console or device server it is unlikely that
you will need any of the Connection settings described below.
To create a connection:
1. Click the Devices tab and select Connections. The following page displays:
Figure 11-6 Devices > Connections
2. For a device port, enter the following:
Outgoing
Connection
Timeout
Select to turn on or turn off the connection timeout:
No for no timeout
Yes for a timeout. Specify the number of seconds in the seconds field.
11: Connections
SLC™ 8000 Advanced Console Manager User Guide 235
3. To save, click the Apply button.
To view, update, or disconnect a current connection:
The bottom of the Current Connections page displays current connections.
Port The number of the device port you are connecting.
This device port must be connected to an external serial device and must not have
command line interface logins enabled, be connected to a modem, or be running a
loopback test.
Note: To see the current settings for this device port, click the Settings link.
Data Flow Select the arrow showing the direction (bidirectional or unidirectional) the data will flow in
relationship to the device port you are connecting.
to From the drop-down list, select a destination for the connection: a device port connected
to a serial device, a device port connected to a modem, or an outbound network
connection (Telnet out, SSH out, TCP Port, or UDP Port).
Note: To see the current settings for a selected device port, click the Settings link.
Hostname The host name or IP Address of the destination. This entry is required if the to field is set
to Telnet out, SSH out, TCP port, or UDP port.
Port If the to field is set to Device Port or Modem on Device Port, enter the number of the
device port. For all other options, this is the TCP/UDP port number, which is optional for
Telnet out and SSH out, but required for TCP Port and UDP Port.
Note: If you select Device Port, it must not have command line interface logins
enabled or be running a loopback test. To view the device port's settings, click the
Settings link to the right of the port number.
SSH Out
Options
Select one of the following optional flags to use for the SSH connection.
User: Login ID to use for authenticating on the remote host.
Version: Version of SSH. Select 1 or 2.
Command: Enter a specific command on the remote host (for example, reboot).
Trigger Select the condition that will trigger a connection. Options include:
Connect now: Connects immediately, or if you reboot the SLC 8000 advanced
console manager, immediately on reboot.
Connect at date/time: Connects at a specified date and time. Use the drop-down
lists to complete the date and time. Upon rebooting, the SLC unit reestablishes the
connection if the date/time has passed.
Auto-connect on characters transferring: Select the arrow indicating the direction
of the data transfer and either the minimum number of characters or a specific
character sequence that will trigger the connection.
You can select the direction of the data transfer only if Data Flow is bidirectional. Upon
rebooting, the SLC 8000 advanced console manager does not reestablish the
connection until the specified data has passed through one of the endpoints of the
connection.
Figure 11-1 Current Connections m mew detzfls rm 2 cunneflmn‘ nmu me muuse uverthe armw mun rnme me cmumn r a tunnewun [an m mumfiad‘thz mm; aha/E m h? fiHEfl m‘ mumvyme runnettmn and sa‘att‘cunfigure‘ Tutenmnate a cunnettmn se‘eflme ramu buttun m we ngm mmmn new and se‘ect‘TErmmatE‘ Web cunnecnuns can be meweu here > current connections Keep Cunnecuun D Pomserwce Flow Fan/Service User Time 5 cansme Pan 0 I Dummand Lme swam" 2 45 D3 D
11: Connections
SLC™ 8000 Advanced Console Manager User Guide 236
Figure 11-7 Current Connections
1. To view details about a connection, hold the mouse over the arrow in the Flow column.
2. To disconnect (delete) a connection, select the connection in the Select column and click the
Terminate button.
3. To reestablish the connection, create the connection again in the top part of the page.
4. To view information about Web connections, click the here link in the text above the table. The
Maintenance > Firmware & Configurations page displays.
Connection Commands
Go to Connection Commands to view CLI commands which correspond to the web page entries
described above.
SLC™ 8000 Advanced Console Manager User Guide 237
12: User Authentication
Users who attempt to log in to the SLC advanced console manager by means of Telnet, SSH, the
console port, or one of the device ports are granted access by one or more authentication
methods.
The User Authentication page provides a submenu of methods (Local Users, NIS, LDAP,
RADIUS, Kerberos, and TACACS+) for authenticating users attempting to log in. Use this page to
assign the order in which the SLC unit will use the methods. By default, local user authentication is
enabled and is the first method the SLC 8000 advanced console manager uses to authenticate
users. If desired, you can disable local user authentication or assign it a lower precedence.
Note: Regardless of whether local user authentication is enabled, the local user
sysadmin account is always available for login. For security purposes, full administrative
access to the SLC via the default sysadmin local user account can be limited to only the
front console port of the SLC device. See Limiting Sysadmin User Access on page 53.
Authentication can occur using all methods, in the order of precedence, until a successful
authentication is obtained, or using only the first authentication method that responds (in the event
that a server is down).
If you have the same user name defined in multiple authentication methods, the result is unknown.
Example:
There is an LDAP user "joe" and an NIS user "joe" and the order of authentication methods is:
1. Local Users
2. LDAP
3. NIS
User "joe" tries to log in. Because there is an LDAP user "joe," the SLC unit tries to authenticate
him against his LDAP password first. If he fails to log in, then the SLC 8000 advanced console
manager may (or may not) try to authenticate him against his NIS "joe" user password.
To enable, disable, and set the precedence of authentication methods:
1. From the main menu, select User Authentication. The following page displays:
a 1: 5 7 91113‘511192123252729113335113951434541 A ANT?ON|X swam U2 1 ‘ 5 n1a121a1a132111124252330123416334114244464: . n:;;g|,c::g,;m smmm WWW WeosstPm/y summemmmw mm mum-mm" mm— m ? E? E AmhMemads Local/Remmusora ms LDAP RADIUS Knrblrol rAcAcso omupa 55mm: cum-"Menus Authen Ication Melhnds M [E9 The m: can he emgurea m use one at more aumenucafion melnnds Each aumemieauan mm is assgned a precedence mdnzung me umermalme memafl ls vied (a amhermcam a use! who Iaglns (a the 5m vla SSH mm ma Web mm Cansma Pan Enabled mahads Dwsamen memos (m alder m pmcananm) \Lucal Users , ms 1 \f {- LW , ‘ RADIUS * * Kemems L 7‘ TAcAcs+ ‘ Aumemuuun can acturusmg nu memoae, m me order uHhew precedence usmg me nex: me‘hud n me prevluus ane vejened me :umenucamon a! usmg only me firs! amhenucauon memm mm vespanfls 4 Aflempl "en melhud an numemwcutmn rejecnon Appiy \
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 238
Figure 12-1 User Authentication > Authentication Methods
2. To enable a method currently in the Disabled methods list, select the method and press the
left arrow to the left of the list. The methods include:
NIS
(Network Information
System)
A network naming and administration system developed by Sun Microsystems
for smaller networks. Each host client or server computer in the system has
knowledge about the entire system. A user at any host can access files or
applications on any host in the network with a single user identification and
password.
NIS uses the client/server model and the Remote Procedure Call (RPC)
interface for communication between hosts. NIS consists of a server, a library of
client programs, and some administrative tools. NIS is often used with the
Network File System (NFS).
LDAP
(Lightweight Directory
Access Protocol)
A set of protocols for accessing information directories, specifically X.500-based
directory services. LDAP runs over TCP/IP or other connection-oriented transfer
services.
RADIUS
(Remote Authentication
Dial-In User Service)
An authentication and accounting system used by many Internet Service
Providers (ISPs). A client/server protocol, it enables remote access servers to
authenticate dial-in users and authorize their access to the requested system or
service.
RADIUS allows a company to maintain user profiles in a central database that all
remote servers can share. It increases security, allowing a company to set up a
policy that can be applied at a single administered network point.
Kerberos Kerberos is a network authentication protocol that enables two parties to
exchange private information across an unprotected network.
It works by assigning a unique electronic credential, called a ticket, to each user
who logs on to the network. The ticket is embedded in messages to identify the
sender.
HIDE down I?
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 239
3. To disable a method currently in the Enabled methods list, select the method and click the
right arrow between the lists.
4. To set the order in which the SLC unit will authenticate users, use the up and down
arrows to the left of the Enabled methods list.
5. For Attempt next method on authentication rejection, you have the following options:
-To enable the SLC 8000 advanced console manager to use all methods, in order of
precedence, until it obtains a successful authentication, select the check box. This is the
default.
-To enable the SLC unit to use only the first authentication method that responds (in case a
server is down or unavailable), clear the check box.
Note: When limiting accessibility of the sysadmin login to the physical SLC 8000
console manager device, make sure to uncheck Attempt next method on
authentication rejection.
6. Click Apply.
Now that you have enabled one or more authentication methods, you must configure them.
Authentication Commands
Go to Authentication Commands to view CLI commands which correspond to the web page
entries described above.
User Rights
The SLC has three user groups: Administrators, Power Users, and Default Users. Each has a
predefined set of rights; users inherit rights from the user group to which they belong. These rights
are in addition to the current functions that a user can perform at the command line interface:
connect direct/listen
set locallog/password/history/cli
show datetime/deviceport/locallog/portstatus/portcounters/
history/cli/user
The table below shows the mapping of groups and user rights.
TACACS+
(Terminal Access
Controller Access Control
System)
TACACS+ allows a remote access server to communicate with an
authentication server to determine whether the user has access to the network.
TACACS+ is a completely new protocol and is not compatible with TACACS or
XTACACS. The SLC 8000 advanced console manager supports TACACS+
only.
Local Users Local accounts on the SLC unit used to authenticate users who log in using
SSH, Telnet, the web, or the console port.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 240
Table 12-2 User Types and Rights
You cannot deny a user rights defined for the group, but you can add or remove all other rights at
any time.
By default, the system assigns new users to the Default Users group, but you can change their
group membership at any time. If you change a user's rights while the user is logged into the web
or CLI, the results do not take effect until the next time the user logs in.
User Right Administrator Power Users Default Users
Full Administrative Rights X
Networking X X
Services X
Date/Time X X
Local Users X
Remote Authentication X
SSH Keys X
User Menus X
Device Port Operations X
Device Port Configuration X
USB X
Reboot/Shutdown X X
Firmware/Configuration X
Diagnostics and Reports X X
Secure Lantronix Network X
Web Access X X
Internal Modem X
RPMs X
SD Card X
a 51 «4:qu LANT?ON|X SL089“ . “mum. 53;; 3135,73" Se‘eupmku - WWW mswww) CnnmwmemeM m- u-mm mmm 6* ? *3 E "manna; memmmu...‘ Ms um muus mm... muse Group: ssnK-y. Cunan-nux LocalIRemo‘e Users m, Lunal ms mum: utmmls nn lhe SLE :2 used .0 zmhfimmm use/s m mgm 10 me Mu‘lmizSysaflmm was Lngms ¢ SLCWE 53m rem mewmv me cunm Pan Emma lncal Usevs . 51mm" Aness mum to Column Part mm» mm 25(ng &Ele:kseqnentesvomsavs Aulhenlrale my muteusers m are m m m User: hsl mam raw Mmcannzcmnsm Dem Pm my mm m mm users mam It: wants mm at: m map msmmmgmw MW Wmnmm ‘ Hmmme an day: mam V WWW Nu . n57 m mwm fl www.mm . "a MW WWW . Nu mm mm smmmwmm mam.“ 9mm. mmmmmmmw 7 smudmmmum.wm lawnmmmnmumm, ‘mm‘uflm WWW m an tum w... m. u.» ammum. s... m ”m an...“ a... Wm." M u Mm mmmmapm“n‘ysu‘m‘snm‘wmmpm was N ”sum Haw; Pauly
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 241
Local and Remote User Settings
The system administrator can configure the SLC 8000 advanced console manager to use local
accounts and remote accounts to authenticate users.
1. Click the User Authentication tab and select the Local/Remote Users option. The following
page displays.
Figure 12-3 User Authentication > Local/Remote Users
The top of the page has entry fields for enabling local and remote users and for setting
password requirements. The bottom of the page displays a table listing and describing all local
and remote users.
To enable local and/or remote users:
1) Enter the following:
Enable Local Users Select to enable all local users except sysadmin. The sysadmin user is always
available regardless of how you set the check box. Enabled by default.
Multiple Sysadmin
Web Logins
Select to allow the sysadmin to have multiple simultaneous logins to the web
interface. Disabled by default.
Sysadmin Access
Limited to Console
Port
Select to limit sysadmin logins to the physical SLC 8000 console port only.
Disabled by default.
Note: For security purposes, full administrative access to the SLC via the
default sysadmin local user account can be limited to only the front console port
of the SLC device. See Limiting Sysadmin User Access on page 53.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 242
2) Continue to set Local User Passwords:
2. Click the Apply button.
Adding, Editing or Deleting a User
Through this User Authentication > Local/Remote Users page, you can delete a user listed in the
table or open a page for adding or editing a user.
To add a user:
1. On the User Authentication > Local/Remote Users, click the Add/Edit User button. The User
Authentication > Local/Remote User > Add/Edit User page displays.
Authenticate only
remote users who are
in the remote users list
Select the check box to authenticate users listed in the Remote Users list in the
lower part of the page. Disabled by default.
Deny access to remote
users assigned to
groups that do not map
to SLC custom group
Select the check box to authenticate remote users whose LDAP group or
TACACS+ priv_lvl map to a SLC custom group, allow SLC access if matched.
Disabled by default.
Complex Passwords Select to enable the SLC unit to enforce rules concerning the password structure
(e.g., alphanumeric requirements, number of characters, punctuation marks).
Disabled by default.
Complexity rules:
Passwords must be at least eight characters long.
They must contain one upper case letter (A-Z), one lower case letter (a-z), one
digit ( 0-9), and one punctuation character (()`~!@#$%%^&*-+=\{}[]:;"'<>,.?/_).
Allow Reuse Select to enable users to continue to reuse old passwords. If you disable the
check box, they cannot use any of the Reuse History number of passwords.
Enabled by default.
Reuse History The number of passwords the user must use before reusing an old password. The
default is 4.
For example, if you set reuse history to 4, the user may reuse an old password
after using 4 other passwords.
Password Lifetime
(days)
The number of days until the password expires. The default setting is 90.
Warning Period
(days)
The number of days ahead that the system warns that the user's password will
expire. The default setting is 7.
Max Login Attempts The number of times (up to 8) the user can attempt to log in unsuccessfully before
the system locks the user out. The default setting is 0 (disabled).
Lockout Period
(minutes)
The number of minutes (up to 90) the locked-out user must wait before trying to
log in to the web interface again. The default setting is 0 (disabled).
a 13 5 7 sn111517192121252129311335311941414547 A a: 2 4 s B101214151!20222626253032MJEJBADAZMMM a LANTQONIX us me mg; 32;; 25:31,... ‘ mmnwmuwm»; mm ”W‘WM'M“ m-- G" 7 5’ E' AumMemods Local/Remnkusers ms LDAP RADIUS K-mum nucso omnps ssuxnys cuuomuenus sampumm 'Cwnhgmauan Wenssmwmm Local/Remote User Se H E Lngln Enabls Var Dial—um Passwava Amhemmmn . Lem Ramm Dial-buck Number ‘ Retype Feuwam mp 101 amps saqums 1mm mem Expms, Lman Fans ‘1 AB m uz Erenk Sequente 1mm; Nlaw Pnsawnm Change 4 change Passwaru on Nu: Lagm Lock mum mm Fans ‘1745 mm mm Menu ‘ v c‘sav PM savers 7.45 m ,uz D‘spley Menu 9! Lagm ‘4 Amnum sums Arliv: . Damn Users Puwev Users Admlnlsvamrs cuswm Gmup knbne Gmup mmmmm Lamusm Newarklng ammmmn Sen/Its: 55H Keys *mmg‘; ”Wm mm. mm“ Reboot & mum Dwgnosucs & Ram» RPM! ~ Back «2 LucaURumexe usevs \ Apply' saw us! :5 u mamber ave gmup whmh his predefinefl usm ugms assumam mm n Use! ngms mm are asiucwaxefl wnh a gmup :annm Di monmefl fur mawmual ussvs Firmware a Cunngurauun \msma‘ Madam: Device For! Operaunns Dawn: Perl nonngur n us: so cm
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 243
Figure 12-4 User Authentication > Local/Remote User > Add/Edit User
2. Enter the following information for the user:
Login User ID of selected user.
Authentication Select the type of authenticated user:
Local: User listed in the SLC database.
Remote: User not listed in the SLC database.
UID A unique numeric identifier the system administrator assigns to each user.
Valid UIDs are 101-4294967295.
Note: The UID must be unique. If it is not, SLC unit automatically increments
it. Starting at 101, the SLC 8000 advanced console manager finds the next
unused UID.
Listen Ports The device ports that the user may access to view data using the connect
listen command. Enter the port numbers or the range of port numbers (for
example, 1, 5, 8, 10-15). U1 and U2 denote the USB upper and lower ports on
the front of the SLC unit.
Data Ports The device ports with which the user may interact using the connect direct
command. Enter the port numbers or the range of port numbers.
Clear Port Buffers The device port buffers the users may clear using the set locallog
clear command. Enter the port numbers or the range of port numbers.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 244
Enable for Dial-back Select to grant a local user dial-back access. Users with dial-back access can
dial into the SLC unit and enter their login and password. Once the SLC 8000
advanced console manager authenticates them, the modem hangs up and
dials them back. Disabled by default.
Dial-back Number The phone number the modem dials back on depends on this setting for the
device port. The user is either dialed back on a fixed number (specified on the
Device Port - Settings page), or on a number that is associated with the user’s
login (specified here).
Escape Sequence A single character or a two-character sequence that causes the SLC unit to
leave direct (interactive) mode. (To leave listen mode, press any key.)
A suggested value is Esc+A (escape key, then uppercase "A" performed
quickly but not simultaneously). You would specify this value as \x1bA, which
is hexadecimal (\x) character 27 (1B) followed by an A.
This setting allows the user to terminate the connect direct command on
the command line interface when the endpoint of the command is deviceport,
tcp, or udp.
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
Break Sequence A series of 1-10 characters users can enter on the command line interface to
send a break signal to the external device. A suggested value is Esc+B
(escape key, then uppercase “B” performed quickly but not simultaneously).
You would specify this value as \x1bB, which is hexadecimal (\x) character 27
(1B) followed by a B.
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
Custom Menu If custom menus have been created, you can assign a default custom menu to
the user. The custom menu will display at login.
Note: In the Local Users table, if the menu assigned to a local user no longer
exists, it is marked with an asterisk (*).
Display Menu at Login If custom menus have been created, select to enable the menu to display
when the user logs into the CLI.
Password /
Retype Password
When a user logs into the SLC 8000 advanced console manager, the SLC unit
prompts for a password (up to 64 characters). The sysadmin establishes that
password here.
Password Expires If not selected, allows the user to keep a password indefinitely. If selected the
user keeps the password for a set period. (See the section, Local and Remote
User Settings (on page 241) for information on specifying the length of time
before the password expires.)
Allow Password Change Select to allow the user to change password.
Change Password on
Next Login
Indicate whether the user must change the password at the next login.
Lock Account Select to lock the account indefinitely.
Account Status Displays the current account status:
Active
Locked
Locked (invalid logins)
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 245
3. In the User Rights section, select the user group to which local/remote users will belong.
4. Select or clear the checkboxes for the following rights:
5. Click the Apply button.
6. Click the Back to Local/Remote Users link to return to the Local/Remote User Settings page.
7. Add another user or click the Back to Local/Remote Users link. The Local/Remote Users
page displays with the new user(s) listed in the table.
Note: The logged-in user's name displays at the top of the web page. Only the tabs and
options for which the user has rights display.
Group Select the group to which the local or remote user will belong:
Default Users: This group has only the most basic rights. You can specify
additional rights for the individual user.
Power Users: This group has the same rights as Default Users plus Web
Access, Networking, Date/Time, Reboot & Shutdown, and Diagnostics &
Reports.
Administrators: This group has all possible rights.
Custom Group: Select a custom group from the drop-down menu.
Full Administrative Right to add, update, and delete all editable fields.
Networking Right to enter Network settings.
Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and
SMTP.
Secure Lantronix
Network
Right to view and manage Secure Lantronix units (e.g., Spider, or SLC units) on
the local subnet.
Date/Time Right to set the date and time.
Reboot & Shutdown Right to shut down and reboot the SLC unit.
Local Users Right to add or delete local users on the system.
Remote
Authentication
Right to assign a remote user to a user group and assign a set of rights to the user.
SSH Keys Right to set SSH keys for authenticating users.
User Menus Right to create a custom user menu for the CLI.
Web Access Right to access Web-Manager.
Diagnostics &
Reports
Right to obtain diagnostic information and reports about the unit.
Firmware &
Configuration
Right to upgrade the firmware on the unit and save or restore a configuration (all
settings). Selecting this option automatically selects Reboot & Shutdown.
Internal Modem Right to update internal modem settings.
Device Port
Operations
Right to control device ports.
Device Port
Configuration
Right to enter device port settings.
USB Right to enter modem settings for USB devices and control USB storage devices.
SD Card Right to enter settings for SD card.
RPM Right to manage and control remote power managers.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 246
Shortcut
To add a user based on an existing user:
1. Display the existing user on the User Authentication > Local/Remote Users page. The fields in
the top part of the page display the current values for the user.
2. Change the Login to that of the new user. It is best to change the Password too.
3. Click the Apply button.
To edit a local user:
1. On the User Authentication > Local/Remote Users page, select the user and click the Add/
Edit User button. The Local/Remote User Settings page displays.
2. Update values as desired.
3. Click the Apply button.
To delete a local user:
1. On the User Authentication > Local/Remote Users page, select the user and click the Add/
Edit User button. The Local/Remote User Settings page displays.
2. Click the Delete User button.
3. Click the Apply button.
To change the sysadmin password:
1. On the User Authentication > Local/Remote Users page, select sysadmin and click the Add/
Edit User button. The Local/Remote User Settings page displays.
2. Enter the new password in the Password and Retype Password fields.
Note: You can change Escape Sequence and Break Sequence, if desired. You cannot
delete the UID or change the UID, port permissions, or custom menu.
3. Click the Apply button.
Local Users Commands
Go to Local Users Commands to view CLI commands which correspond to the web page entries
described above.
Remote User Rights Commands
Go to Remote User Commands to view CLI commands which correspond to the web page entries
described above.
LANT?ONIX SLC 304a mWm n1; 5 7 anmsmwzazszmmmmummy A uz L2 2 4 s n In12MIsqamnzneznwnuseaamnutsu a $333?“ Sn‘enpnnfnr - Ennlgmaurm wanssmbvomw mmnmwnmupwy; m- ummm mmm 6* 7 ’3 E Amannfls Lmlflemmusus ms LDAP mums mums mums. Gmups ssnms Cusllmlknus NIS The SLC can be CDMQWEG to use NIS (u amhcnlvcalz users WM ,7 mgmtamesmwassH mmmwmmmmm N‘s om ‘ ‘ Ms M mm: am Fan ’7 access ihmugh me Dun Permtssrms bemw Enable ms Nah: Tue Ms Domam ”mm me NYdemmn name an he ms Sawnv Bmadtasx «or N45 Samar NIS MafilerServar NIS S‘ave 5mm ‘ \ Cusium Menu \ v Dali Fans 1748 m U2 \ M5 S‘ave Sam :2 ‘ Escape Saquenze mm nine" Pans we U1 U2 J Ms S‘ave Sewn ‘ Emak Séquente was near Fm Buflev: mu m U2 ms S‘ave Sewem \ Emmy Dwa‘ back NIS smesSvgm \ Damask Numba \ mwmum‘mz‘ FM‘ Admrms‘valwe Lwa‘ Usevs Frmware A Caflimmahm Nelefkmg Remme Amhenncaimn Mama} Modem 7 HM _ W , WWW; , Da‘eflrme Web Access USE Rehmt & Shmdown ‘ D‘mnosncs 8v REDWE , SD Card , RPM: ‘ \ Aup‘v
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 247
NIS
The system administrator can configure the SLC advanced console manager to use NIS to
authenticate users attempting to log in to the SLC unit through the Web, SSH, Telnet, or the
console port. If NIS does not provide port permissions, you can use this page to grant device port
access to users who are authenticated through NIS.
All NIS users are members of a group that has predefined user rights associated with it. You can
assign additional user rights that are not defined by the group.
To configure the SLC unit to use NIS to authenticate users:
1. Click the User Authentication tab and select the NIS option.
Figure 12-5 User Authentication > NIS
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 248
2. Enter the following:
Enable NIS Displays selected if you enabled this method on the Authentication Methods page.
If you want to set up this authentication method but not enable it immediately, clear
the checkbox.
Note: You can enable NIS here or on the first User Authentication page. If you
enable NIS here, it automatically displays at the end of the order of precedence on
the User Authentication page.
NIS Domain The NIS domain of the SLC 8000 advanced console manager must be the same as
the NIS domain of the NIS server.
Broadcast for NIS
Server
If selected, the SLC unit sends a broadcast datagram to find the NIS Server on the
local network.
NIS Master Server The IP address or host name of the master server.
NIS Slave
Servers #1 -5
The IP addresses or host names of up to five slave servers.
Custom Menu If custom menus have been created you can assign a default custom menu to NIS
users.
Escape Sequence A single character or a two-character sequence that causes the SLC 8000
advanced console manager to leave direct (interactive) mode. (To leave listen
mode, press any key.)
A suggested value is Esc+A (escape key, then uppercase "A" performed quickly
but not simultaneously). You would specify this value as \x1bA, which is
hexadecimal (\x) character 27 (1B) followed by an A.
This setting allows the user to terminate the connect direct command on the
command line interface when the endpoint of the command is deviceport, tcp, or
udp.
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
Break
Sequence
A series of 1-10 characters users can enter on the command line interface to send
a break signal to the external device. A suggested value is Esc+B (escape key,
then uppercase “B” performed quickly but not simultaneously). You would specify
this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B.
Enable for Dial-back Select to grant a user Dial-back (on page 212). Users with dial-back access can
dial into the SLC 8000 advanced console manager and enter their login and
password. Once the SLC unit authenticates them, the modem hangs up and dials
them back. Disabled by default.
Dial-back Number The phone number the modem dials back on depends on this setting for the device
port. The user is either dialed back on a fixed number, or on a number that is
associated with the user’s login (specified here).
Data Ports The ports users are able to monitor and interact with using the connect direct
command. Enter the port numbers or the range of port numbers (for example, 1, 5,
8, 10-15). U1 and U2 denote the USB upper and lower ports on the front of the SLC
unit.
Listen Ports The ports users are able to monitor using the connect listen command.
Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 249
3. In the User Rights section, select the user Group to which NIS users will belong:
4. Assign or unassign User Rights for the specific user by checking or unchecking the following
checkboxes:
5. Click the Apply button.
Note: You must reboot the unit before your changes will take effect.
Group Select the group to which the NIS users will belong:
Default Users: This group has only the most basic rights. You can specify
additional rights for the individual user .
Power Users: This group has the same rights as Default Users plus Web
Access, Networking, Date/Time, Reboot & Shutdown, and Diagnostics &
Reports.
Administrators: This group has all possible rights.
Full Administrative Right to add, update, and delete all editable fields.
Networking Right to enter Network settings.
Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and
SMTP.
Secure Lantronix
Network
Right to view and manage secure Lantronix units (e.g., Spider, or SLC units) on the
local subnet.
Date/Time Right to set the date and time.
Reboot & Shutdown Right to shut down and reboot the SLC unit.
Local Users Right to add or delete local users on the system.
Remote
Authentication
Right to assign a remote user to a user group and assign a set of rights to the user.
SSH Keys Right to set SSH keys for authenticating users.
User Menus Right to create a custom user menu for the CLI.
Web Access Right to access Web-Manager.
Diagnostics &
Reports
Right to obtain diagnostic information and reports about the unit.
Firmware &
Configuration
Right to upgrade the firmware on the unit and save or restore a configuration (all
settings). Selecting this option automatically selects Reboot & Shutdown.
Internal Modem Right to update internal modem settings.
Device Port
Operations
Right to control device ports.
Device Port
Configuration
Right to enter device port settings.
USB Right to enter modem settings for USB devices and control USB storage devices.
SD Card Right to enter settings for SD card.
RPM Right to manage and control remote power managers.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 250
NIS Commands
Go to NIS Commands to view CLI commands which correspond to the web page entries described
above.
LDAP
The system administrator can configure the SLC 8000 advanced console manager to use LDAP to
authenticate users attempting to log in using the Web, Telnet, SSH, or the console port.
LDAP allows SLC unit users to authenticate using a wide variety of LDAP servers, such as
OpenLDAP and Microsoft Active Directory. The LDAP implementation supports LDAP servers that
do not allow anonymous queries.
Users who are authenticated through LDAP are granted device port access through the port
permissions on this page.
All LDAP users are members of a group that has predefined user rights associated with it. You can
add additional user rights that are not defined by the group.
To configure the SLC unit to use LDAP to authenticate users:
1. Click the User Authentication tab and select LDAP. The following page displays.
LANTQONIX swam Has: slum Uur sysadmin m— u-mmmwm mmm Imam-mm Loculchmohunrs ms LDAP RADHJS Kmms Tunes. LDAP Sekflxpnnmr - Dnmguvmmn a I a 5 1 9 H”1517I921232527293133353739414345“ A a 2 4 s a1n‘2141saazuzzzuauannussauuzuann a wmssH mp mm Emnennd newts mp MM 67’63E amps ssu Kny: cusmm Mums Enama LDAP 52mm ‘ Sewer“ ‘ Pan 1399 Base ‘ am NW \ Elnd Password RMYDE Puswum ama mm Logm UserLogm Annum ‘ Glaup Fum meanness Gmun Member ‘ Annbma Gmup Membervame . nu use LDAP Schema Ann/E Dummy Mm mm: am Namevnu be subslmud wnh me W The ch can be Ennfiglfled m use LDAF m amnemrrate users whn \ cusmm Menu ‘ (none) \ Emp- Sequenca: ‘\x1hA \ Emikseuuance 1mm Emma Var Dial-back ‘ mama may Name Var User Ammms and Permssmns Ingm ya me an: ma SSH Teme‘ me Wen urine Cansnle Pun u pm pmmwuns are um pmvldad ma LDAF Scnima‘ LDAF ussrs an gamed Dawns For! access Waugh ma non permiss‘ons be‘ow ' Dull Fan's 1741mm Lmen Fans 174E m‘uz Clear Pm eunm 48 L11 U2 Supper! Encrypx Mamas - msanleu sun us SSL Cemfica'e Amhunly ‘ j Uplold File- Oanficala Fxla \ \ ugqun File a KW Flli \ \ Uplnzfl Flle * um nghu . WM Us“ NI LDAP usm are members an group whim Gm has predefined user ngm: Assaulted mm n V PWE' USE“ Ammunal ngms much are um Aammmmmvs defined by me gmup nan he added Full Mmlnlsflifllve. max Um: Firmwar: s. Gunfigum‘iun Newarkmg' Remme Amemmaunn \Memal Madam San/mes SSH Kay; Device Pun Opiraflans Secure Lanxmnlx Newark , Usu Menua. , Dlvlce PM cormgumuan , Dale/“me. wen Acne: . 7 use Rehnm & Shumnwn Dvagnuslics 5. mm: sn Cam RPM: VAvnly
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 251
Figure 12-6 User Authentication > LDAP
2. Enter the following:
Enable LDAP Displays selected if you enabled this method on the first User Authentication page.
If you want to set up this authentication method but not enable it immediately, clear
the checkbox.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 252
Server #1
(or Server #2)
The IPv4 or IPv6 address or host name of the primary and secondary LDAP
servers. The secondary LDAP server will be used for authentication in the event
that the primary LDAP server cannot be reached.
Port Number of the TCP port on the LDAP server to which the SLC talks. The default is
389.
Base The name of the LDAP search base (e.g., dc=company, dc=com). May have up to
80 characters.
Bind Name The name for a non-anonymous bind to an LDAP server. This item has the same
format as LDAP Base. One example is
cn=administrator,cn=Users,dc=domain,dc=com
Bind Password /
Retype Password
Password for a non-anonymous bind. This entry is optional. Acceptable characters
are a-z, A-Z, and 0-9.
The maximum length is 127 characters.
Bind with Login Select to bind with the login and password that a user is authenticating with. This
requires that the Bind Name contain the $login token, which will be replaced with
the current login. For example, if the Bind Name is
uid=$login,ou=People,dc=lantronix,dc=com, and user roberts
logs into the SLC 8000 advanced console manager, LDAP will bind with
uid=roberts,ou=People,dc=lantronix,dc=com and the password
entered by roberts.
User Login Attribute The attribute used by the LDAP server for user logins. If nothing is specified for the
user filter, the SLC unit will use "uid". For AD LDAP servers, the attribute for user
logins is typically "sAMAccountName".
Group Filter
Objectclass
The objectclass used by the LDAP server for groups. If nothing is specified for the
group filter, the SLC 8000 advanced console manager will use "posixGroup". For
AD LDAP servers, the objectclass for groups is typically "Group".
Group Member
Attribute
The attribute used by the LDAP server for group membership. This attribute may be
use to search for a name (ie, "msmith") or a Distinguished Name (ie,
"uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as
appropriate for the LDAP server. If nothing is specified for the group membership
attribute, the SLC unit will use "memberUID" for name and "uniqueMember" for DN.
For AD LDAP servers, the Group Membership Value is typically DN, with the Group
Membership Attribute of "member".
Group Member Value The attribute used by the LDAP server for group membership. This attribute may be
use to search for a name (ie, "msmith") or a Distinguished Name (ie,
"uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as
appropriate for the LDAP server. If nothing is specified for the group membership
attribute, the SLC 8000 advanced console manager will use "memberUID" for
name and "uniqueMember" for DN. For AD LDAP servers, the Group Membership
Value is typically DN, with the Group Membership Attribute of "member".
Use LDAP Schema Select the check box to obtain remote user attributes (group/permissions and port
access) from an Active Directory server's scheme via the user attribute 'Secure
LantronixPerms' (see details below). Disabled by default.
Active Directory
Support
Select to enable. Active Directory is a directory service from Microsoft that is a part
of Windows 2000 and later versions of Windows. It is LDAP- and Kerberos-
compliant. Disabled by default.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 253
Encrypt Messages Select Start TLS or SSL to encrypt messages between the SLC unit and the LDAP
server. If Start TLS is selected, the port will automatically be set to 389 and the
StartTLS extension will be used to initiate a secure connection; if SSL is selected,
the port will automatically be set to 636 and a SSL tunnel will be used for LDAP
communication. The port number can be changed to a non-standard LDAP port; if
the port number is set to anything other than 636, Start TLS will be used as the
encryption method. Disabled by default.
Certificate Authority A certificate can be uploaded to the SLC unit for peer authentication. In non-FIPS
mode, the uploaded certificate may contain a Certificate Authority file, a Certificate
file (with an optional Key file), or both. A Key file alone is not a valid certificate. In
FIPS mode, all 3 files (CA, certificate and key) are required. The Certificate
Authority and Certificate File are in PEM format, for instance:
-----BEGIN CERTIFICATE-----
(certificate in base64 encoding)
-----END CERTIFICATE-----
The Key File is in PEM format, eg:
-----BEGIN RSA PRIVATE KEY-----
(private key in base64 encoding)
-----END RSA PRIVATE KEY-----
Certificate File
Key File
Custom Menu If custom menus have been created, you can assign a default custom menu to
LDAP users. (See “Custom Menus” on page 275.)
Escape Sequence A single character or a two-character sequence that causes the SLC 8000
advanced console manager to leave direct (interactive) mode. (To leave listen
mode, press any key.)
A suggested value is Esc+A (escape key, then uppercase "A" performed quickly
but not simultaneously). You would specify this value as \x1bA, which is
hexadecimal (\x) character 27 (1B) followed by an A.
This setting allows the user to terminate the connect direct command on the
command line interface when the endpoint of the command is deviceport, tcp, or
udp.
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
Break Sequence A series of 1-10 characters users can enter on the command line interface to send
a break signal to the external device. A suggested value is Esc+B (escape key,
then uppercase “B” performed quickly but not simultaneously). You would specify
this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B.
Enable for Dial-back Select to grant a user dial-back access. Users with dial-back access can dial into
the SLC unit and enter their login and password. Once the SLC 8000 advanced
console manager authenticates them, the modem hangs up and dials them back.
Disabled by default.
Dial-back Number The phone number the modem dials back on depends on this setting for the device
port. The user is either dialed back on a fixed number, or on a number that is
associated with the user’s login (specified here).
Data Ports The ports users are able to monitor and interact with using the connect
direct command. U1 and U2 denote the USB upper and lower ports on the front
of the SLC unit.
Listen Ports The ports users are able to monitor using the connect listen command.
Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear
command.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 254
3. In the User Rights section, select the user group to which LDAP users will belong:
4. Select or clear the checkboxes for the following rights:
5. Click the Apply button.
Note: You must reboot the unit before your changes will take effect.
LDAP Commands
Go to LDAP Commands to view CLI commands which correspond to the web page entries
described above.
Group Select the group to which the LDAP users will belong:
Default Users: This group has only the most basic rights. You can specify
additional rights for the individual user.
Power Users: This group has the same rights as Default Users plus Web
Access, Networking, Date/Time, Reboot & Shutdown, and Diagnostics &
Reports.
Administrators: This group has all possible rights.
Full Administrative Right to add, update, and delete all editable fields.
Networking Right to enter Network settings.
Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and
SMTP.
Secure Lantronix
Network
Right to view and manage secure Lantronix units (e.g., Spider, or SLC devices) on
the local subnet.
Date/Time Right to set the date and time.
Reboot & Shutdown Right to shut down and reboot the SLC unit.
Local Users Right to add or delete local users on the system.
Remote
Authentication
Right to assign a remote user to a user group and assign a set of rights to the user.
SSH Keys Right to set SSH keys for authenticating users.
User Menus Right to create a custom user menu for the CLI.
Web Access Right to access Web-Manager.
Diagnostics &
Reports
Right to obtain diagnostic information and reports about the unit.
Firmware &
Configuration
Right to upgrade the firmware on the unit and save or restore a configuration (all
settings). Selecting this option automatically selects Reboot & Shutdown.
Internal Modem Right to configure internal modem settings.
Device Port
Operations
Right to control device ports.
Device Port
Configuration
Right to enter device port configurations.
USB Right to enter modem settings for USB.
SD Card Right to view and enter settings for SD card.
RPM Right to manage and control remote power managers.
Flgure 12-7 User Authenllcallon > RADIUS LANTENIX ch 8048 unsu‘“ E1 1 a 5 7 s111315171521znszvahuaunauutsw A uz E2 2 4 s ammumemzzuzszamazuasuuuzuesm U m... 53:1 $5333" WW . mm“ mew mm. ‘ semammw, M- “Human mm- m ? *3 E' Amuwms Lou‘lflcmowuws ms LDAP RAmus K-vbcras macs» Bumps SSHKI/s Cummlhnus RADIUS m; The ch :an be configured m use RADIUS m aumenncaxe users who \egm mm sec VBSSH Twat the Web erme Cansue Pun RADIUS users ave warned Dawn: Pm! access Waugh me pen penmssmns [)2th Enabse RADxus mus sewn —1 Serve! 41 Pm 11312 ‘ Servem Seam \ RADI‘JS Servena ‘ \ cusmm menu \ v Dale Fans 1415 u U2 Server 32 PM :W Escape Séqnente Lumen Pure ‘17 1 L12 ServerfiStcret 1 \ Break Sequence ClearFm Bufltrs has m M fimemJL ‘30 secmds Enablz for Dxal batk Use m , :fpfimfiggs new Number \ \ Usnr mums 5W ' 3:55;: “” “:3':::::;:§}§m::1:3::§ Wm" mew rights Mum are nu Admmrslramrs seine-a by me grwpcen beameo Fm Admwflrafiwe LDEa‘ Uscrs ‘ firmware 1': Cmflgumflun Newark/fig Rams Amhenwnalmn L Wema‘ Modem , Semces 55H KEYS ‘ Drwce “ml Dwauans Secure lammmx Network ‘ U521 Menus ‘ meme Don Cmngurama nae/me Web Access use Retinal a Shummm ‘ Dwagnoshcs s Repms ‘ SD Lard RPM: Apply \
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 255
RADIUS
The system administrator can configure the SLC 8000 advanced console manager to use RADIUS
to authenticate users attempting to log in using the Web, Telnet, SSH, or the console port.
Users who are authenticated through RADIUS are granted device port access through the port
permissions on this page.
All RADIUS users are members of a group that has predefined user rights associated with it. You
can add additional user rights that are not defined by the group.
To configure the SLC unit to use RADIUS to authenticate users:
1. Click the User Authentication tab and select RADIUS. The following page displays.
Figure 12-7 User Authentication > RADIUS
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 256
2. Enter the following:
Enable RADIUS Displays selected if you enabled this method on the User Authentication page. If
you want to set up this authentication method but not enable it immediately, clear
the checkbox.
Note: You can enable RADIUS here or on the first User Authentication page. If
you enable RADIUS here, it automatically displays at the end of the order of
precedence on the User Authentication page.
RADIUS Server #1 IPv4 or IPv6 address or hostname of the primary RADIUS server. This RADIUS
server may be a proxy for SecurID.
SecurID is a two-factor authentication method based on the user's SecurID token
and pin number. The SecurID token displays a string of digits called a token code
that changes once a minute (some tokens are set to change codes every 30
seconds).
Server #1 Port Number of the TCP port on the RADIUS server used for the RADIUS service. If you
do not specify an optional port, the SLC unit uses the default RADIUS port (1812).
Server #1 Secret Text that serves as a shared secret between a RADIUS client and the server (SLC
unit). The shared secret is used to encrypt a password sent between the client and
the server. May have up to 128 characters.
RADIUS Server #2 IPv4 or IPv6 address or host name of the secondary RADIUS server. This server
can be used as a SecurID proxy.
Server #2 Port Number of the TCP port on the RADIUS server used for the RADIUS service. If you
do not specify an optional port, the SLC 8000 advanced console manager uses the
default RADIUS port (1812).
Server #2 Secret Text that serves as a shared secret between a RADIUS client and the server (SLC
unit). The shared secret is used to encrypt a password sent between the client and
the server. May have up to 128 characters.
Timeout The number of seconds (1-30) after which the connection attempt times out. The
default is 30 seconds.
Use VSA Select the check box to obtain remote user attributes (group/permissions and port
access) from the RADIUS server via the Vendor-Specific Attribute (VSA). For
details on the format of the VSA, see User Attributes & Permissions from LDAP
Schema or RADIUS VSA on page 258.
Custom Menu If custom menus have been created, you can assign a default custom menu to
RADIUS users.
Escape Sequence A single character or a two-character sequence that causes the SLC unit to leave
direct (interactive) mode. (To leave listen mode, press any key.)
A suggested value is Esc+A (escape key, then uppercase "A" performed quickly
but not simultaneously). You would specify this value as \x1bA, which is
hexadecimal (\x) character 27 (1B) followed by an A.
This setting allows the user to terminate the connect direct command on the
command line interface when the endpoint of the command is deviceport,
tcp, or udp.
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
Break Sequence A series of 1-10 characters users can enter on the command line interface to send
a break signal to the external device. A suggested value is Esc+B (escape key,
then uppercase “B” performed quickly but not simultaneously). You would specify
this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 257
Note: Older RADIUS servers may use 1645 as the default port. Check your RADIUS
server configuration.
3. In the User Rights section, select the user group to which RADIUS users will belong.
4. Select or clear the checkboxes for the following rights:
Enable for Dial-back Select to grant a user dial-back access. Users with dial-back access can dial into
the SLC 8000 advanced console manager and enter their login and password.
Once the SLC device authenticates them, the modem hangs up and dials them
back. Disabled by default.
Dial-back Number The phone number the modem dials back on depends on this setting for the device
port. The user is either dialed back on a fixed number, or on a number that is
associated with the user’s login (specified here).
Data Ports The ports users are able to monitor and interact with using the connect direct
command. U1 and U2 denote the USB upper and lower ports on the front of the
SLC unit.
Listen Port The ports users are able to monitor using the connect listen command.
Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear
command.
Group Select the group to which the RADIUS users will belong:
Default Users: This group has only the most basic rights. You can specify
additional rights for the individual user.
Power Users: This group has the same rights as Default Users plus Web
Access, Networking, Date/Time, Reboot & Shutdown, and Diagnostics &
Reports.
Administrators: This group has all possible rights.
Full Administrative Right to add, update, and delete all editable fields.
Networking Right to enter Network settings.
Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and
SMTP.
Secure Lantronix
Network
Right to view and manage Secure Lantronix units (e.g., Spider, or SLC units) on
the local subnet.
Date/Time Right to set the date and time.
Reboot & Shutdown Right to shut down and reboot the SLC unit.
Local Users Right to add or delete local users on the system.
Remote
Authentication
Right to assign a remote user to a user group and assign a set of rights to the user.
SSH Keys Right to set SSH keys for authenticating users.
User Menus Right to create a custom user menu for the CLI.
Web Access Right to access Web-Manager.
Diagnostics &
Reports
Right to obtain diagnostic information and reports about the unit.
Firmware &
Configuration
Right to upgrade the firmware on the unit and save or restore a configuration (all
settings). Selecting this option automatically selects Reboot & Shutdown.
Internal Modem Right to update internal modem settings.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 258
5. Click the Apply button.
RADIUS Commands
Go to RADIUS Commands to view CLI commands which correspond to the web page entries
described above.
User Attributes & Permissions from LDAP Schema or RADIUS VSA
Remote user attributes (group/permissions and port access) can be obtained from an Active
Directory server's schema via the user attribute 'secureLinxSLCPerms', or from a RADIUS server's
Vendor-Specific Attribute (see below). This attribute is a set of parameter-value pairs. Each
parameter and value is separated by a space, and a space separates each parameter-value pair.
Whitespace is not supported in the value strings. The parameters that are supported are:
rights - User rights. The value string is a comma-separated list of two letter user permissions.
Example: "nt,wb,ra".
data - Data port access. The value string specifies the list of ports the user has 'direct' access
to. Example: "2,4-18,U1,U2".
listen - Listen port access. The value string specifies the list of ports the user has 'listen'
access to.
clear - Clear port access. The value string specifies the list of port buffers the user has the
right to clear.
group - User group. Valid values for the value string are "default", "power", and "admin", and
any SLC custom group name. If a custom group name is specified and it matches a current
SLC custom group name, any rights attribute will be ignored, and the custom group's rights
(permissions) will be used instead. A group name with spaces cannot be specified.
escseq - Escape sequence. The value string specifies the user's escape sequence. Use "\x"
to specify non-printable characters. For example, "\x1bA" specifies the sequence "ESC-A".
brkseq - Break sequence. The value string specifies the user's break sequence.
menu - Custom user menu. The value string specifies the user's custom user menu.
display - Display custom user menu when a user logs into the CLI. Valid values for the value
string are "yes" and "no".
dbnumber - Dial-back number. The value string specifies the user's dial-back number for
modem dial-back connections.
allowdb - Allow a user to have dial-back access. Valid values for the value string are "yes"
and "no".
RADIUS servers will need to be configured to support the Lantronix Vendor-Specific Attribute. For
example, on a FreeRADIUS server, the dictionary will need be updated with the Lantronix
definition by including the contents below in a file named dictionary.lantronix, and including it in the
Device Port
Operations
Right to control device ports.
Device Port
Configuration
Right to enter device port settings.
USB Right to enter modem settings for USB devices and control USB storage devices.
SD Card Right to enter settings for SD card.
RPM Right to manage and control remote power managers.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 259
RADIUS server dictionary definitions by adding the appropriate $INCLUDE directive to the main
dictionary file.
# dictionary.lantronix
#
# Lantronix SLC Console Manager
# Provides SLC-specific user attributes
#
VENDOR Lantronix 244
BEGIN-VENDOR Lantronix
ATTRIBUTE Lantronix-User-Attributes 1 string
END-VENDOR Lantronix
Once this is complete, the users file can be updated to include the Lantronix VSA for any user:
myuser Auth-Type := Local, User-Password == "myuser_pwd"
Reply-Message = "Hello, %u",
Lantronix-User-Attributes = "data 1-4 listen 1-6 clear 1-4
group power"
Kerberos
Kerberos is a network authentication protocol that provides strong authentication for client/server
applications by using secret-key cryptography.
The system administrator can configure the SLC 8000 advanced console manager to use
Kerberos to authenticate users attempting to log in using the Web, Telnet, SSH, or the console
port.
Users who are authenticated through Kerberos are granted device port access through the port
permissions on this page.
All Kerberos users are members of a group that has predefined user rights associated with it. You
can add additional user rights that are not defined by the group.
To configure the SLC 8000 advanced console manager to use Kerberos to authenticate
users:
1. Click the User Authentication tab and select the Kerberos option. The following page
displays.
Flgure 12-8 User Authentlcallon > Kerheros LANTQON|X ch 3045 Lumm n r 3 5 7 3u1315‘7‘92111252129313335373511454547 A “1 E2 2 A s amumsmmzzzusuanzuasaumzuuu B 5:311:31,“ eeeupme-Corrgrem WebSSwDanyv enrrememeropmyr mm mmm maim- 6* ? *‘3 E Amhmhms Lnulmmqus-rs le LDAF RADIUS Kalb-ms rAcAcy Groups ssHK-ys CnslomMInus Kerberos my ’i Em” “was The M can be configured to use Kereens m aumenu'eere users who Ream. ‘ mm m m: m: we SSH. TE‘HE‘ Ihe Wen nr me Cnnsu‘e Purl Kevbems users are granted Dwme Furl KDC ‘ attass mmugh the pan permssrans below Knc IF' Andres: \ Data Fons Msyxuz KM: Pan res cuemm Menu inane; use Lam: r Estape Sequervce \xmA use» Fans ‘4» U1 U2 Hut: mmursueeder user‘nbkw Wiemmmflwamw Byaak Sequence \x1bE \ Ckavpfinfiuflas 145mm Enab‘e Mr De: peek DvaLback Number Use! Rights . Dayan“ U595 AH Kememe users are members ofa group wmch Gm“ has preueflrvedusemghb asst-Galen mom ” PW” ”595 Ammonal ngms whmh ave m Anmnsha'ors defined by me gmup can be added FuH Aummerrauwe , anal Usere firmware 5. Cermgurarren r, New/01mg Remme Amhenllcalmn \mana‘ Madam r SeMEEs SSH Keys Deuce Purl Dperamns r Secure Lanimmx NEW/ark , User Menu; neuree PM Cmnflgmanun r, Dzremme Web Aeeees , Usa r Rebom a Shudawn Dregnueues a. Repens so Card r RPM: Apply
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 260
Figure 12-8 User Authentication > Kerberos
2. Enter the following:
Enable Kerberos Check box displays as checked if this method is enabled on the User
Authentication page. If you want to set up this authentication method but not enable
it immediately, clear the checkbox.
Note: You can enable Kerberos here or on the first User Authentication page. If
you enable Kerberos here, it automatically displays at the end of the order of
precedence on the User Authentication page.
Realm Enter the name of the logical network served by a single Kerberos database and a
set of Key Distribution Centers. Usually, realm names are all uppercase letters to
differentiate the realm from the Internet domain. Realm is similar in concept to an
NT domain.
KDC A key distribution center (KDC) is a server that issues Kerberos tickets. A ticket is a
temporary set of electronic credentials that verify the identity of a client for a
particular service.
Enter the KDC in the fully qualified domain format (FQDN). An example is
SLC.local.
KDC IP Address Enter the IPv4 or IPv6 address of the Key Distribution Center (KDC).
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 261
3. In the User Rights section, select the user group to which Kerberos users will belong.
4. Select or clear the checkboxes for the following rights:
KDC Port Port on the KDC listening for requests. Enter an integer with a maximum value of
65535. The default is 88.
Use LDAP Indicate whether Kerberos should rely on LDAP to look up
user IDs and Group IDs. This setting is disabled by default.
Note: Make sure to configure LDAP if you select this option.
Custom Menu If custom menus have been created, you can assign a default custom menu to
RADIUS users.
Escape Sequence A single character or a two-character sequence that causes the SLC 8000
advanced console manager to leave direct (interactive) mode. (To leave listen
mode, press any key.)
A suggested value is Esc+A (escape key, then uppercase "A" performed quickly
but not simultaneously). You would specify this value as \x1bA, which is
hexadecimal (\x) character 27 (1B) followed by an A.
This setting allows the user to terminate the connect direct command on the
command line interface when the endpoint of the command is deviceport,
tcp, or udp.
See Key Sequences on page 216 for notes on key sequence precedence and
behavior.
Break Sequence A series of 1-10 characters users can enter on the command line interface to send
a break signal to the external device. A suggested value is Esc+B (escape key,
then uppercase “B” performed quickly but not simultaneously). You would specify
this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B.
Enable for Dial-back Select to grant a user dial-back access. Users with dial-back access can dial into
the SLC 8000 advanced console manager and enter their login and password.
Once the SLC unit authenticates them, the modem hangs up and dials them back.
Disabled by default.
Dial-back Number The phone number the modem dials back on depends on this setting for the device
port. The user is either dialed back on a fixed number, or on a number that is
associated with the user’s login (specified here).
Data Ports The ports users are able to monitor and interact with using the connect direct
command. U1 and U2 denote the USB upper and lower ports on the front of the
SLC unit.
Listen Port The ports users are able to monitor using the connect listen command.
Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear
command.
Group Select the group to which the Kerberos users will belong:
Default Users: This group has only the most basic rights. You can specify
additional rights for the individual user.
Power Users: This group has the same rights as Default Users plus Web
Access, Networking, Date/Time, Reboot & Shutdown, and Diagnostics &
Reports.
Administrators: This group has all possible rights.
Full Administrative Right to add, update, and delete all editable fields.
Networking Right to enter Network settings.
Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and
SMTP.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 262
5. Click the Apply button.
Note: You must reboot the unit before your changes will take effect.
Kerberos Commands
Go to Kerberos Commands to view CLI commands which correspond to the web page entries
described above.
TACACS+
Similar to RADIUS, the main function of TACACS+ is to perform authentication for remote access.
The SLC 8000 advanced console manager supports the TACACS+ protocol (not the older
TACACS or XTACACS protocols).
The system administrator can configure the SLC unit to use TACACS+ to authenticate users
attempting to log in using the Web, Telnet, SSH, or the console port.
Users who are authenticated through TACACS+ are granted device port access through the port
permissions on this page.
All TACACS+ users are members of a group with associated predefined user rights. You may add
additional user rights that are not defined by the group.
Secure Lantronix
Network
Right to view and manage secure Lantronix units (e.g.,Spider, or SLC units) on the
local subnet.
Date/Time Right to set the date and time.
Reboot & Shutdown Right to shut down and reboot the SLC unit.
Local Users Right to add or delete local users on the system.
Remote
Authentication
Right to assign a remote user to a user group and assign a set of rights to the user.
SSH Keys Right to set SSH keys for authenticating users.
User Menus Right to create a custom user menu for the CLI.
Web Access Right to access Web-Manager.
Diagnostics &
Reports
Right to obtain diagnostic information and reports about the unit.
Firmware &
Configuration
Right to upgrade the firmware on the unit and save or restore a configuration (all
settings). Selecting this option automatically selects Reboot & Shutdown.
Internal Modem Right to update internal modem settings.
Device Port
Operations
Right to control device ports.
Device Port
Configuration
Right to enter device port settings.
USB Right to enter modem settings for USB devices and control USB storage devices.
SD Card Right to enter settings for SD card.
RPM Right to manage and control remote power managers.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 263
TACACS+ Groups
This section describes how a priv_lvl assigned to a TACACS+ user can be mapped to a SLC
custom Groups, which will set the permissions and port rights for a TACACS+ user when they
login to the SLC.
TACACS+ users are typically configured to have a privilege level 0-15, with each level
representing a privilege level that is a superset of the next lower value. The privilege level can be
assigned to individual users, or to groups that the user is a member of. When the SLC
authenticates a TACACS+ user, it will first send an authentication request to the TACACS+ server,
and wait for an authentication reply. If the user is successfully authenticated, the SLC will next
send an authorization request to the TACACS+ server with the Service and optional Protocol.
The SLC will wait for an authorization response that will indicate if the user was successfully
authorized for the requested service and protocol, and also contains a set of attribute-value pairs
which define the attributes associated with the TACACS+ user.
The priv_lvl or priv-lvl is the only attribute sent from the TACACS+ server that the SLC will
recognize and utilize. The privilege level number will be used to map to a SLC custom user group
by finding a group with a name that ends in the same number as the priv_lvl. For example, a SLC
group called "admin15" will map to any TACACS+ users with priv_lvl equal to 15; a SLC group
called "manager8" will map to any TACACS+ users with priv_lvl equal to 8, and a SLC group
called "readonly0" will map to any TACACS+ users with priv_lvl equal to 0. If two SLC groups
ending with the same number exist, the SLC will select the first matching group it finds while
searching the group list; for consistency it is recommended that only one SLC group exist for each
priv_lvl.
When a TACACS+ user authenticates to the SLC, the Authentication Log will record any priv_lvl
attribute-value pair returned by the TACACS+ server:
Sep 21 15:44:38 2017 slc431d SLC-SLB/x15login[2839]:
pam_sm_authenticate: server returned attribute `PRIV_LVL=14'
Any priv_lvl obtained for a TACACS+ user can also be viewed at the CLI with the show user
command.
To configure the SLC unit to use TACACS+ to authenticate users:
1. Click the TACACS+ tab and select TACACS+. The following page displays.
Flgure12-9 User Aulhenllcatlon > TACACS+ LANTENIX SLC 8048 m n ‘ a a 7 SVIV31517I521232527253131 iamumufiw A u I. 1 4 a a mmwmmemszmem a: mums u ”05‘ 5'0““ seeqpmm - {bniymm mems‘umwyy cemueanevmmem wflw‘ Usev sysamnn mm mm mwm 6* 7 {‘3 E AumMumds LocallmeleUsels le um: RADIUS Kemem nucso emups SSHKays Gustav-Menus TAcAcso Enab‘e mango me as can he configusd m use rAcAcsqu amhenunaxe userswm 7 lugm In the m m SSH tem me Webarme (lemme Fun IACACSw Servem mums. Myers eye gmmefl nemee pm access mmuh me mm venmssmns new TACACso Server #2 mums. Server at: Sacral Cuslnm Menu ‘Q’mnv . Dal: Fons Manuuz news“ eeepesmme ‘mm ‘ ”mm \HW'IUI ‘ eneWMemgee . when“ WV agg‘gW‘ w. W" W ‘ Aulhenllemsewme - PPF/FAP hack pee/cm Deemmm‘ Sarvme shell m, Tuna-m 5 sexunds ”mm W ' 5:12:53: “”fi:f:;::;:.:§fl:;:§§:§mfir “mm Mnemsegvsm:xseiszz$ mmemwe we”; ‘ emmmrem ‘ “WWW ‘ WWW“ ‘ Wm We“ ‘ ‘ Remeemm nmmmeme ‘ 5W ‘ RPMs
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 264
Figure 12-9 User Authentication > TACACS+
2. Enter the following:
Enable TACACS+ Displays selected if you enabled this method on the User Authentication page. If
you want to set up this authentication method but not enable it immediately, clear
the checkbox.
You can enable TACACS+ here or on the first User Authentication page. If you
enable TACACS+ here, it automatically displays at the end of the order of
precedence on the User Authentication page.
TACACS+ Servers 1-3 IPv4 or IPv6 address or host name of up to three TACACS+ servers.
Secret/Retype Secret Shared secret for message encryption between the SLC 8000 advanced console
manager and the TACACS+ server. Enter an alphanumeric secret of up to 127
characters.
Encrypt Messages Select the checkbox to encrypt messages between the SLC unit and the
TACACS+ server. Selected by default.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 265
Authentication
Service
The type of service used to pass the authentication tokens (e.g., login and
password) between the SLC and the TACACS+ server. Options are: ASCII Login
(login and password are transmitted in clear, unencrypted text), PPP/PAP (login
and password are transmitted in clear, unencrypted text via a PAP protocol
packet), and PPP/CHAP (the TACACS+ server sends a challenge that consists of
a session ID and an arbitrary challenge string, and the user name and password
are encrypted before they are sent back to the server). PPP/PAP is the default.
Service The service to use when sending a TACACS+ authorization message to the
server to obtain an authenticated user's priv_lvl. The priv_lvl is used to assign a
SLC custom group to the authenticated user for permissions and port rights (see
TACACS+ Groups). Suggested values are "slip", "ppp", "arap", "shell", "tty-
daemon", "connection", "system" and "firewall". The default is "shell".
Protocol The optional protocol associated with the Service, which is included in the
TACACS+ authorization message sent to the server to obtain an authenticated
user's priv_lvl. The priv_lvl is used to assign a SLC custom group to the
authenticated user for permissions and port rights (see TACACS+ Groups).
Suggested values are "lcp", "ip", "ipx", "atalk", "vines", "lat", "xremote", "tn3270",
"telnet", "rlogin", "pad", "vpdn", "ftp", "http", "deccp", "osicp" and "unknown".
Timeout The timeout in seconds when attempting to connect to a TACACS+ server.
Timeout range is 1 to 10 seconds. 5 seconds is the default.
Custom Menu If custom menus have been created (see Custom User Menu Commands), you
can assign a default custom menu to TACACS+ users.
Escape Sequence A single character or a two-character sequence that causes the SLC 8000
advanced console manager to leave direct (interactive) mode. (To leave listen
mode, press any key.)
A suggested value is Esc+A (escape key, then uppercase "A" performed quickly
but not simultaneously). You would specify this value as \x1bA, which is
hexadecimal (\x) character 27 (1B) followed by an A.
This setting allows the user to terminate the connect direct command on
the command line interface when the endpoint of the command is deviceport,
tcp, or udp.
Break
Sequence
A series of 1-10 characters users can enter on the command line interface to send
a break signal to the external device. A suggested value is Esc+B (escape key,
then uppercase “B” performed quickly but not simultaneously). You would specify
this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B.
See Key Sequences for notes on key sequence precedence and behavior.
Enable for Dial-back Select to grant a user Dial-back access. Users with dial-back access can dial into
the SLC unit and enter their login and password. Once the SLC 8000 advanced
console manager authenticates them, the modem hangs up and dials them back.
Disabled by default.
Dial-back Number The phone number the modem dials back on depends on this setting for the
device port. The user is either Dial-back on a fixed number, or on a number that is
associated with the user’s login (specified here).
Data Ports The ports users are able to monitor and interact with using the connect direct
command. U1 and U2 denote the USB upper and lower ports on the front of the
SLC unit.
Listen Ports The ports users are able to monitor using the connect listen command.
Clear Port Buffers The ports whose port buffer users may clear using the set locallog
clear command.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 266
3. In the User Rights section, select the user group to which TACACS+ users will belong.
4. Select or clear the checkboxes for the following rights:
5. Click the Apply button.
Note: You must reboot the unit before your changes will take effect.
TACACS+ Commands
Go to TACACS+ Commands to view CLI commands which correspond to the web page entries
described above.
Group Select the group to which the TACACS+ users will belong:
Default Users: This group has only the most basic rights. You can specify
additional rights for the individual user.
Power Users: This group has the same rights as Default Users plus Web
Access, Networking, Date/Time, Reboot & Shutdown, and Diagnostics &
Reports.
Administrators: This group has all possible rights.
Full Administrative Right to add, update, and delete all editable fields.
Networking Right to enter Network settings.
Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and
SMTP.
Secure Lantronix
Network
Right to view and manage secure Lantronix units (e.g., Spider, or SLC units) on the
local subnet.
Date/Time Right to set the date and time.
Reboot & Shutdown Right to shut down and reboot the SLC unit.
Local Users Right to add or delete local users on the system.
Remote
Authentication
Right to assign a remote user to a user group and assign a set of rights to the user.
SSH Keys Right to set SSH keys for authenticating users.
User Menus Right to create a custom user menu for the CLI.
Web Access Right to access Web-Manager.
Diagnostics &
Reports
Right to obtain diagnostic information and reports about the unit.
Firmware &
Configuration
Right to upgrade the firmware on the unit and save or restore a configuration (all
settings). Selecting this option automatically selects Reboot & Shutdown.
Internal Modem Right to update internal modem settings.
Device Port
Operations
Right to control device ports.
Device Port
Configuration
Right to enter device port settings.
USB Right to enter modem settings for USB devices and control USB storage devices.
SD Card Right to enter settings for SD card.
RPM Right to manage and control remote power managers.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 267
Groups
The SLC 8000 advanced console manager has 3 pre-defined groups: Administrators, Power
Users, and Default Users. Custom groups can also be created; each custom group is a set of user
attributes and permissions. Local Users and Remote Users defined on the SLC unit can be
assigned to one of the pre-defined groups or a custom group. When a user authenticates, if they
belong to custom group, they will be granted the custom group attributes and permissions, rather
than their individual attributes and permissions. The SLC 8000 advanced console manager
supports querying a LDAP server for groups that a LDAP user is a member of; if any of the LDAP
group names match a (Custom Group Name), the LDAP user will be granted the rights of the
custom group.
A custom group cannot be given the name of one of the pre-defined groups: "Admin", "Power" or
"Default" (or any version of these names where the case of the letters is different) since these
names are used for the SLC pre-defined groups. Any LDAP group that matches one of these pre-
defined group names will be ignored and not used to assign rights to a user.
To configure Groups in the SLC unit:
1. From the main menu, select User Authentication - Groups. The following page displays.
Note: If the fields in the lower part of the page have been populated by viewing another
group, the fields can be cleared by selecting the Reset Group button.
LANT?ONIX swam Hus! sl=4331 Uslr :ysadmln mm mm unw- mnsom uz Edecfipor‘tor - cmhgumuan a 13 5 7 s11131517mm21252729313335373941454547 A z: 2 4 s a1n1214151:202:24252331132Maszuodzunsda a \V‘ebssH war: mm Dmnened Deuce aw My» 979%! AunrM-mods LoelllRomotoUnrs ms LDAP RADIUS Kemercs macs» Groups SSHKnys cusmemu: Groups is .rraup Dame Sump maps In Name Permissions 5“ 5'“ °“"°"‘ n3 Listen rm: Clur Seq Seq Menu Gran}: ‘6 n \ Rum Gmup Add Gruup Edh Group} Gmup Name Lsren Fans ‘Eauwz Enahlaleal-hark \ CuslamMenu' Dana Pans ‘1TAE.LTLUZ mama Number ' \ away Menu axmum m Clear For! Bun-rs. mu Admmlsttaflva Nemsmng Services sacurs Lanlmnlx Nllwark ommms Ream a. Shumawn RPM; ‘1-45 U1 U2 Esbupi Saqusncs \x1hA Erenk Sequence‘ \x1hE Lam ums. \ Remote Amamremrun. ‘ SSH Keyi r uur Manus' \ Web Access. ‘ magnum: a. Repons Firmware a. cmngunuan \Nema‘ Modem, Device Pan Operalmns' Dlvm Fun cannauranan, USE’ sn cm
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 268
Figure 12-10 User Authentication > Groups
2. Enter the following:
Group Name Enter a name for the group.
Listen Ports The ports users are able to monitor using the connect listen
command.
Data Ports The ports users are able to monitor and interact with using the connect direct
command. U1 and U2 denote the USB upper and lower ports on the front of
the SLC unit.
Clear Port Buffers The ports whose port buffer users may clear using the set locallog
clear command.
Enable for
Dial-back
Select to grant a user. Users with dial-back access can dial into the SLC unit
and enter their login and password. Once the SLC 8000 advanced console
manager authenticates them, the modem hangs up and dials them back.
Disabled by default.
Dial-back Number The phone number the modem dials back on depends on this setting for the
device port. The user is either on a fixed number, or on a number that is
associated with the user’s login (specified here).
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 269
3. Select or clear the checkboxes for the following rights:
4. Click the Add Group button.
Escape Sequence A single character or a two-character sequence that causes the SLC 8000
advanced console manager to leave direct (interactive) mode. (To leave
listen mode, press any key.)
A suggested value is Esc+A (escape key, then uppercase "A" performed
quickly but not simultaneously). You would specify this value as \x1bA, which
is hexadecimal (\x) character 27 (1B) followed by an A.
This setting allows the user to terminate the connect direct command
on the command line interface when the endpoint of the command is
deviceport, tcp, or udp.
Break Sequence A series of one to ten characters users can enter on the command line
interface to send a break signal to the external device. A suggested value is
Esc+B (escape key, then uppercase “B” performed quickly but not
simultaneously). You would specify this value as \x1bB, which is
hexadecimal (\x) character 27 (1B) followed by a B.
Custom Menu If custom menus have been created you can assign a default custom menu
to the group. See Custom Menus for more information.
Display Menu at Login Check the checkbox to display the menu at login.
Full Administrative Right to add, update, and delete all editable fields.
Networking Right to enter Network settings.
Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and
SMTP.
Secure Lantronix
Network
Right to view and manage Secure Lantronix units (e.g., Spider, or SLC units) on
the local subnet.
Date/Time Right to set the date and time.
Reboot & Shutdown Right to shut down and reboot the SLC unit.
Local Users Right to add or delete local users on the system.
Remote
Authentication
Right to assign a remote user to a user group and assign a set of rights to the user.
SSH Keys Right to set SSH keys for authenticating users.
User Menus Right to create a custom user menu for the CLI.
Web Access Right to access Web-Manager.
Diagnostics &
Reports
Right to obtain diagnostic information and reports about the unit.
Firmware &
Configuration
Right to upgrade the firmware on the unit and save or restore a configuration (all
settings). Selecting this option automatically selects Reboot & Shutdown.
Internal Modem Right to update internal modem settings.
Device Port
Operations
Right to control device ports.
Device Port
Configuration
Right to enter device port settings.
USB Right to enter modem settings for USB devices and control USB storage devices.
SD Card Right to enter settings for SD card.
RPM Right to manage and control remote power managers.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 270
To view or update a group:
1. In the Groups table, select the group and click the View Group button. The group attributes
and permissions will be displayed in the lower section of the page.
2. Modify the group attributes and permissions and click the Edit Group button.
To delete a group:
1. Select the group in the Groups table.
2. Click the Delete Group button.
Group Commands
Go to Group Commands to view CLI commands which correspond to the web page entries
described above.
SSH Keys
The SLC 8000 advanced console manager can import and export SSH keys to facilitate shared
key authentication for all incoming and outgoing SSH connections. By using a public/private key
pair, a user can access multiple hosts with a single passphrase, or, if a passphrase is not used, a
user can access multiple hosts without entering a password. In either case, the authentication is
protected against security attacks because both the public key and the private key are required to
authenticate. For both imported and exported SSH keys, the SLC unit supports both RSA and
DSA keys, and can import and export keys in OpenSSH and SECSH formats. Imported and
exported keys are saved with the SLC console manager configuration, and the administrator has
the option of retaining the SSH keys during a reset to factory defaults.
The SLC unit can also update the SSH RSA and DSA host keys that the SSH server uses with
site-specific host keys or reset them to the default values.
Imported Keys
Imported SSH keys must be associated with an SLC 8000 advanced console manager local user.
The key can be generated on host "MyHost" for user "MyUser," and when the key is imported into
the SLC unit, it must be associated with either "MyUser" (if "MyUser" is an existing SLC console
manager local user) or an alternate SLC local user. The public key file can be imported via SCP,
SFTP, or FTP; once imported, you can view or delete the public key. Any SSH connection into the
SLC unit from the designated host/user combination uses the SSH key for authentication.
Exported Keys
The SLC can generate SSH keys for SSH connections out of the SLC advanced console manager
for any SLC user. The SLC 8000 advanced console manager retains both the private and public
key on the SLC unit, and makes the public key available for export via SCP, SFTP, FTP, or copy
and paste. The name of the key is used to generate the name of the public key file that is exported
(for example, <keyname>.pub), and the exported keys are organized by user and key name. Once
a key is generated and exported, you can delete the key or view the public portion. Any SSH
connection out of the SLC console manager for the designated host/user combination uses the
SSH key for authentication.
a 13 5 7 9u13‘5171921232527293133353719415345“ A LANTQONIX swam ”a“ 5:32,“:534,“ gemwwmwm WWW mmmww mm mm» mwm <3! 7="" +1?="" aummmous="" lucalrknmuws="" ms="" leap="" radius="" komm:="" 7acacs~="" omup:="" ssanys="" cuslcmmomls="" ssh="" keys="" mel="" ssn="" servgvmw="" keys="" lmponzfl="" keys="" (55»:="" in)="" h5518.="" userassucmw="" mm="" key="" .mm="" 5;”="" my:="" few="" de,”="" mm="" mm="" am="" m="" 5m="" m="" m="" mm="" ”mam="" %="" m="" wpofled="" kzyfile="" \gnuvza="" «mgramams="" wwii:="" revs!="" ullr="" holl="" wm="" has!="" ‘="" user="" h="" .="" r="" \mpan="" vin="" (:opy/fiasfe="" v="" mum-y="" \="" hesx="" path="" lagm="" passwmd="" retype="" passwmd="" ‘="" expuflm="" kay:="" (ssn="" cm)="" ,="" -="" new="" key="" fur="" user="" expand="" 55h="" my:="" v4ew="" dcwnmad="" dame="" ewan="" all="" prsvmusw="" created="" knys="" u="" k="" n="" ‘="" 7="" 7="" 7="" ,="" :er="" .="" .m-="" wp!="" um="" ‘="" y="" kay="" name="" 7‘="" kay="" wpe="" -="" rsa="" dsa="" numbevuffins="" 2048="" v="" passphrase="" 7="" ‘="" rewpe="" passpmase,="" \="" secsh="" farms!="" —="" dunn:="" key="" filename="" has!="" a.="" mam="" «a:="" ewan="" sxpmwa="" copy/pane="" v="" hm="" ‘="" hath="" ‘="" lagm="" —}="" passwnm="" —‘="" reiype="" passtmm="" \="" apply="" ‘="">
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 271
To configure the SLC unit to use SSH keys to authenticate users:
1. From the main menu, select User Authentication - SSH Keys. The following page displays.
Figure 12-11 User Authentication > SSH Keys
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 272
2. Enter the following:
Imported Keys (SSH In)
Host & User Associated with Key
These entries are required in the following cases:
The imported key file does not contain the host that the user will be making an SSH
connection from, or
The SLC local user login for the connection is different from the user name the key was
generated from or is not included in the imported key file, or
The imported key file contains multiple keys; in this case, each key must include the user
name and host at the end of the line in the standard <key> <user name>@<host> format.
If either of these conditions is true, or the imported file is in SECSH format, you must specify the
user and host. The following is an example of a public key file that includes the user and host:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAEEApUHCX9EWsHt+jmUGXa1YC3us
ABYxIXUhSU1N+NU9HNaUADUFfd8LYz8/gUnUSH4Ksm8GRT7/8/Sn9jCVfGPh
UQ== asallaway@winserver
Host & Login for Import
Exported Keys (SSH Out)
Host The host name or IP address which will be associated with the SSH Key, typically
the host that the key was generated on. Once imported, the key can be used to
access the SLC from any host, not just the host associated with the key.
User The User ID of the user being given secure access to the SLC unit.
Import via Select SCP, SFTP, FTP, HTTPS, or Copy/Paste as the method for importing the
SSH keys. SCP is the default. If SCP, SFTP or FTP are selected, the Filename,
Host, Path, Login, and Password fields are filled in. If HTTPS is selected, the
Upload File link will become active to upload a file containing a public key to the
SLC. If Copy/Paste is selected, the public key will be entered into the Filename/
Public Key field.
Filename Public Key The name of the file that was uploaded via HTTPS, or to be copied via SCP, SFTP
or FTP (may contain multiple keys); or the public key (optionally including
"user@host" at the end) if Copy/Paste is used.
Host IP address of the remote server from which to SCP, SFTP or FTP the public key
file.
Path Optional pathname to the public key file.
Login User ID to use to SCP, SFTP or FTP the file.
Password /
Retype Password
Password to use to SCP, SFTP or FTP the file.
Export Enables you to export created public keys. Select one of the following:
New Key for User: Enables you to create a new key for a user and export the
public key in a file.
All Previously Created Keys: Does not create any keys, but exports all
previously created public keys in one file.
User User ID of the person given secure access to the remote server.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 273
Host and Login for Export
To view or delete a key:
1. Select the key from the appropriate table. The View and Delete buttons become active.
2. To view the key, click the View button. A pop-up page displays the key.
Imported key for sysadmin@DaveSLM:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxGxPGY9HsG9VqroDo98B89Cf
haqB6jG//0tTMKkb3zrpPu0HHAXaiVXHAvv7lAte31VTpoXdLAXN0uCvuJLf
aL/LvvGmoEWBuBSu505lQHfL70ijxZWOEVTJGFqUQTSq8Ls3/v3lkUJEX5ln
2AlQx0F40I5wNEC0+m3d5QE+FKc= sysadmin@DaveSLM
3. To delete the key, click the Delete button.
To view, reset, or import SSH RSA, And DSA host keys:
1. On the User Authentication - SSH Keys page, click the SSH Server/Host Keys link at the
top right. The following page displays the current host keys. In the example below, the current
keys are the defaults.
Key Name Name of the key. This will generate the public key filename (e.g., <keyname>.pub).
Key Type Select either the RSA or the DSA encryption standard. RSA is the default.
Number of Bits Select the number of bits in the key (1024, 2048, 3072, or 4096). The default is
2048.
Passphrase / Retype
Passphrase
Optionally, enter a passphrase associated with the key. The passphrase may have
up to 50 characters. The passphrase is an optional password that can be
associated with an SSH key. It is unique to each user and to each key.
See Key Sequences for notes on key sequence precedence and behavior.
SECSH Format Indicate whether the keys will be exported in SECSH format (by default the key is
exported in OpenSSH format).
Public Key Filename Filename of the public host key.
Export via Select the method (SCP, SFTP, FTP, HTTPS, or Copy/Paste) of exporting the key
to the remote server. Copy/Paste, the default, requires no other parameters for
export.
Host IP address of the remote server to which the SLC 8000 advanced console manager
will SCP, SFTP or FTP the public key file.
Path Optional path of the file on the host to SCP, SFTP or FTP the public key too.
Login User ID to use to SCP, SFTP or FTP the public key file.
Password /
Retype Password
Password to use to SCP, SFTP or FTP the public key file.
3575111315A LANT?ON|X SL" 8"“ l. a a a ggggggggm 5mm.“ mama" wmssnmpunm ommaumwmm m- useummm m—m W 7 is E Ammamm; LomllRammeUsys ms LDAF lumus «mam; “may Gmups 55H Keys cusmmmnus SSH Server/Host Keys nag?! cum-n mm RSA Public Key (mun Key) sshrrsa AAAABJMmclyKZEAMAWABAQCBmiJVKHgGISqQkG]SubeJlullmIKJ7WZOPyi53x pcrmpwsmmpumkmsqygzwmmv1msmnsqrmmrxmjwmmmoIummlsrr WWUr-prWhmermZuthSr-FmibCVjVJjCZJVM‘IAkMNhnj EmmaouqzzbEmaam AKflmlN2bflE‘7L99v-Bvel]ilRBZLudGBxQBSHLtWVMxI'SKZelllyaEIEzyPufiIDDSMlv-Atuwk SZlCixHthZMlyiSpE7WQZthMudmhuI-id202]SMIIEfozleHSJBXkAr rmte(mne) fingernr-int: 2942 sums=pgzmzmaqmvMWSPquzmm7mu rantehnnz) (ass) cumm Host BSA Public Key (Default Key) sshrdss wsuzacmmmm2mminxdlJmelxuauoaapopmnflmmnnbmk uhSMoPEueHIEDfFlftbIMinZzBSfiLkvLIflMEP/X9iWmhaSKHIWNEDdSUn(E93VyLk41yh6 NhNHFBhtFE(Vaqptheksmj(IKMSFquBQAMAFWMWh7MTQOoi]SMFXWMAIBI‘ .xQnsmosmwaslsmesmskzrvznxsmspm)umpsamslzoenspuxmmoszqvmm nleFI]SASJ7/luflBnSBGSiSJbDAZVJNjgSEJnBlzefiqanBBMMchELmhithz] LKzorerakIm/u manxsaqqmumwgmugcvapu/nvxmnzvmxmmmamvugnmLzzunyaasspasjs WLVAnzidZHKWquJFIJMiHIIOZIGDnnTdeimflCLZrOdOEBXnIIMSDLDEtyLn75VZDzE6AFev-8 jamznnxyrknmcvpkzcum: r-nme(mne) fingerprin- 1324 smsa=xezJ-ans«(epxamnpmasjuchnsqomzqnza rantehime) (DSA) Resex w Devaun rm Kev All Keys Note: margmgz host key reqwesa REA DSA rehomfurme updzle Ia Iake mm Import H051 Kev Hus! Type RSA v Pam momma SFTF’ v Lugm Puma Key leename Password Prwae Key leename Rewpe Password < eackm="" ssh="" kevs="" awly="">
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 274
Figure 12-12 Current Host Keys
2. View or enter the following:
Reset to Default Host
Key
Select the All Keys checkbox to reset all default key(s), or select one or more
checkboxes to reset defaults for RSA, or DSA keys. All checkboxes are
unselected by default.
Import Host Key To import a site-specific host key, select the checkbox. Unselected by default.
Type From the drop-down list, select the type of host key to import.
Import via From the drop-down list, select the method of importing the host key (SCP or
SFTP). The default is SFTP.
Public Key Filename Filename of the public host key.
Private Key Filename Filename of the private host key.
Host Host name or IPaddress of the host from which to import the key.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 275
3. Click the Apply button.
4. Repeat steps 2-3 for each key you want to import.
5. To return to the SSH Keys page, click the Back to SSH Keys link.
SSH Commands
Go to SSH Key Commands to view CLI commands that correspond to the web page entries
described above.
Custom Menus
Users can have custom user menus as their command line interface, rather than the standard CLI
command set. Each custom user menu can contain up to 50 commands ('logout' is always the last
command). Instead of typing each command, the user enters the number associated with the
command. Each command can also have a nickname associated with it, which can be displayed in
the menu instead of the command. The commands showmenu <Menu Name> and returnmenu
can be entered to display another menu from a menu, or to return to the prior menu. The
command returncli can be used to break out of a menu and return to the regular CLI.
To add a custom menu:
1. Click the User Authentication tab and select the Custom Menus option. The Custom Menus
page displays:
Path Path of the directory where the host key will be stored.
Login User ID to use to SCP or SFTP the file.
Password /
Retype Password
Password to use to SCP or SFTP the file.
LANTQONIX SL6 8046 mg; HoflxlcuCfi User sysaflmm mm mam-m mmm Se‘edmmar . cmnmzon a 13 5 7 9 u13‘511192123252729113335:1194‘514541 A E2 1 5 s a In1214‘s132021326nanazuasnaunuuu a Wewsu (on MM Cmnedm Duncan)“ mN‘ Q7§3E AumMmous LocouRommuws ms LDAP RAmus Komro: vAcAcs+ omups ssuKoys CustomMemls Custom Menus "new Nun: glenm g>enn2 gyenna glennd glenmacam glennmcacz grenmacaoz gltnnkrhi glennkmz glennkrbB oam om oana wennnm grennmsz gllnnmia Menu Nam: N4cknames a me Raolspmy Maw Commanns/Nxcknames Lust Iogoumogom) cammano, \ ‘* Wm \ HI Quickénn Made I ’Dolem Command a. Nyeknamo’ {Clea} éummana & Nickname \ \ Unselecx Command 8. Nickname ‘ Wew Cusmm Menu Balm: mmom Manu Capy Cusmm Menu New Mann Nams' Clurculwm Mlnu \ ‘ Add Custom Menu ‘ ‘Tncmimfi
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 276
Figure 12-13 User Authentication > Custom Menus
2. In the lower section of the page, enter the following:
Note: To clear fields in the lower part of the page, click the Clear Custom Menu button.
Menu Name Enter a name for the custom menu.
Title Enter an optional title which will be displayed about the menu at the CLI.
tE ommand/n elec INickna E /or th E ands a 1 liste p E in (he F
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 277
3. You have the following options:
-To save the custom menu without any more commands than the default logout
command, click the Add Custom Menu button.
-To add menu commands, select the QuickEdit Mode box. This will move the cursor from
Command to Nickname and back to Command (if Nicknames is selected), or keep the
cursor on Command (if Nicknames is not selected). Commands (and the optional
nicknames) are added to the Menu Commands/Nicknames list when carriage return is
entered at the Command field (if Nicknames is not selected) or the Nickname field (if
Nicknames is selected). Most browsers have a "Select All" keystroke (such as Control-A)
which allow you to select all of the text in a field; this can be used in conjunction with the
Delete key to clear the contents of a field before entering a new command or nickname.
The Clear Command & Nickname button can also be used to delete the contents of the
Command and Nickname fields.
Commands can also be added to the list when QuickEdit Mode is not selected. Enter the
command and the optional nickname and click the right arrow. The command will be
added before the logout command (if a command/nickname is not selected in the list) or
will replace the currently selected command/nickname in the list. The Unselect
Command & Nickname button can be used to unselect the currently selected command/
nickname in the list.
4. To add more commands to the custom menu, repeat step 3.
5. You also have the following options:
-To edit a command/nickname in the custom menu, select the command in the
Commands/Nicknames List box and select the left arrow button. Change the
command and/or the nickname, and with the same command still selected in the list,
select the right arrow button.
-To remove a command/nickname from the custom menu, select the command in the
Commands/Nicknames List box and select the Delete Command & Nickname button.
-To move a command higher up in the menu (the commands are shown in the order they
will be presented in the custom menu, with command #1 listed first), select the command
in the Commands/Nicknames List box and click the up arrow.
-To move a command further down in the menu, select the menu in the Commands/
Nicknames List and click the down arrow.
6. Click the Add Custom Menu button.
To view or update a custom menu:
1. In the Custom Menus table, select the custom menu and click the View Custom Menu
button. The custom menu attributes appear in the lower part of the page.
2. Update the menu attributes following the instructions for adding a menu above.
3. Click the Edit Custom Menu button.
Nicknames Select to enable nicknames to be displayed in the menu instead of the
commands. If the custom menu will have nicknames, this should also be
selected prior to entering the commands in the web page, as this will facilitate
entry of the nicknames.
Redisplay Menu Select to redisplay the custom menu each time before the CLI prompt is
displayed.
12: User Authentication
SLC™ 8000 Advanced Console Manager User Guide 278
To delete a custom menu:
1. Select the custom menu in the Custom Menus table.
2. Click the Delete Custom Menu button.
To create a new custom menu from an existing custom menu:
1. Select the custom menu in the Custom Menus table.
2. Enter a name for the new menu in the New Menu Name field.
3. Click the Copy Custom Menu button.
Custom User Menu Commands
From the current menu, a user can display another menu, thus allowing menus to be nested. The
special command showmenu <Menu Name> displays a specified menu. The special command
returnmenu redisplays the parent menu if the current menu was displayed from a showmenu
command.
The user with appropriate rights creates and manages custom user menus from the command line
interface, but can assign a custom user menu to a user from either the command line or the web
interface.
When creating a custom user menu, note the following limitations:
Maximum of 20 custom user menus
Maximum of 50 commands per custom user menu (logout is always the last command)
Maximum of 15 characters for menu names
Maximum of five nested menus can be called.
No syntax checking (Enter each command correctly.)
Go to Custom User Menu Commands to view CLI commands which correspond to the web page
entries described above.
SLC™ 8000 Advanced Console Manager User Guide 279
13: Maintenance
The system administrator performs maintenance activities and operates the SLC advanced
console manager using the options for the Maintenance tab and additional commands on the
command line interface.
Firmware & Configurations
The Firmware & Configuration page allows the system administrator to:
Configure the FTP, SFTP, or TFTP server that will be used to provide firmware updates and
save/restore configurations. (TFTP is only used for firmware updates and configurations
restored via DHCP/TFTP Zero Touch Provisioning Configuration Restore.)
Set up the location or method that will be used to save or restore configurations (Local Disk,
FTP, SFTP, NFS, CIFS, USB, HTTPS or SD card). Update the version of the firmware running
on the SLC unit.
Save a snapshot of all settings on the SLC device (save a configuration).
Restore the configuration, either to a previously saved configuration, or to the factory defaults.
Configurations can also be pushed to the SLC via the HTTPS Push Configuration Restore
feature.
Zero Touch Provisioning Configuration Restore
The Zero Touch Provisioning feature allows a factory defaulted SLC to acquire a default
configuration from a DHCP server and TFTP server when it is booted. At boot-time, before the
normal startup process, a unit will attempt to acquire network parameters and a configuration file,
first over Eth1, and then over Eth2:
The unit will broadcast on the Eth1 network port for a DHCP server on the local subnet,
requesting DHCP options "TFTP Server" (DHCP option #66) and "Boot Filename" (DHCP
option #67).
If it receives both options from the DHCP server, and the Boot Filename is a valid SLC
configuration filename ending in "-slccfg.tgz", it will attempt to download the Boot Filename
from the TFTP Server.
If it is able to download the Boot Filename from the TFTP Server, it will restore the
configuration onto the SLC, and begin the normal startup process.
If any of these steps fail for the Eth1 network port, it will repeat the process of trying to acquire
a configuration over the Eth2 network port.
After attempting to acquire a configuration over the Eth2 network port, the unit will begin the
normal startup process.
Any results of attempting to acquire and restore a configuration file will be output to the console
port and the system log. Configurations for firmware versions that are newer than the firmware
version running on the unit will not be restored. Spaces are not supported in either the directory or
filename portion of the Boot Filename path.
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 280
HTTPS Push Configuration Restore
The HTTPS Push Configuration feature allows a saved configuration to be pushed to a SLC via a
command line tool such as "curl" that includes the configuration to upload:
% curl --insecure --request POST --form "file=@/home/users/admin/
current-slccfg.tgz" ‘https://myslc.company.com/
cfgupdate.htm?login=sysadmin&password=PASS&config=all&comment=FirmwareUp
date’
The arguments that are passed with the URL are:
login - Login token to use for authentication. This must be a local user with firmware/config
and reboot/shutdown rights.
password - Clear text password for the login token.
config - Indicates the portion of the configuration to restore, either all, or any combination of
the following separated by commas: network, datetime, services, localusers, devports, usb,
rpms, remoteauth, connections, events, ipfilter, groups, hostlist, nfscifs, maintenance, sites,
scripts, slcnetwork, consoleport, menus, sshkeys, or sslcerts.
comment - optional comment to include in the system log and audit log. If spaces are included
in the comment they should be URL encoded as shown in this bash script:
#!/bin/bash
url="https://myslc.company.com/
cfgupdate.htm?login=sysadmin&password=PASS&config=all&comment=Update
myslc.company.com with default configuration"
curl --insecure --request POST --form "file=@/home/users/admin/current-
slccfg.tgz" "$( echo $url | sed 's/ /%20/g' )"
If an HTTPS Push Config command is accepted and initiated by the SLC, the SLC will respond
with "Configuration restore initiated; SLC will reboot.", the restore will be performed, a message
will be logged to the audit log and the system log, and the SLC will reboot. Any errors in the
process will result in an error message being displayed.
1135791112151: LANTQONIX SLOW“ I 2 4 5 510121416 n 5:; glgjgn Sdmpanrm woman msnmpmm cmmmmemmn m-m- m 6’ 7 E3 E‘ rumwmrcannn System Lou AMIILHH Emanlnw Dlawnnsncs sumsmepans Emu Lao/Keypad Banner: Firmware a Configurations «mm s mral Rama! ‘ Smxduwn A Immal lemvemme Sm Immuuon . . Data Cenlzr Rack Cunenl u cl11| F Row Law a @132 ,F Data Canter Rack 1 ‘ mumr Hwyv 65 12/149 D213 CenlelRacK 1 ‘ Calwm owm u ’c /0 ”F sue Tau Mule WWW; m as “bad .. a»... GE‘s-As ur Famenhed, a mum anMB a mum 5998"! me my“: m... an F 159 '15P mm Load Firmware VI: caucus CunEMVelsmn 7 a u um HITFS plaad r a > mmwunm mg ‘ mum um, um Mrs mm n" was Mm ‘ usa Pan . mm mm “mm meme ‘ ‘ Fmsmmp 5m, :| Kev |:| “’3'" \—1 m. Mm. ‘:HTTPS . my." |:| um mmmmm sncmm usa mmmmwmmmm ”MM ‘ W mm |:| Bow! Banks and Bnmloadev Se‘tillw Bank1 7 a n DRS Dap/ :unfigmz‘nn hum Bank 2 m M Bank 2 7 a u 0R7 (mum) Bank 1 dun-w “ma-2 updam NexlBam Bank 2 menu": a Swncma Baum ‘ 3mm“ 3 wzxcnung Tuner 90D seconds Bum Delay 3 sewnds Hm Resnlumn Time's \ Reqmm manna unnum qum . No Save/Resume Configurawm Name In Save Tu W Resmre me ‘ Save canfiguamn TamaWIFonnallfll'WSm-M Locananmrsave Resmre nrManlne> Resmve Fatmvv mums . Locax stk 52m: Configulaumvs seleclane v Resume Saved Configumnun FTP Server Use 0 FTP SFTP 5m Mm Mg m Mme m Rem NFS mm mm 1: SSH Km 55L name an 5m 5m magnum Z SERVE USE Use - Furl U1 Fun U2 Preserve sonugummn aner new: Saved canngumunm Sclcct one . \ Nelwomng anal Users HTTFS ) We wi‘ mvmmwmc: Dsk Meme 9mm; so cm Savedconngulaunns E gems uss Remus mm
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 281
To configure settings:
1. Click the Maintenance tab. The Maintenance > Firmware & Configurations page displays.
Figure 13-1 Maintenance > Firmware & Configurations
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 282
2. Enter the following:
Internal Temperature
Site Information
SLC Firmware
Note: The non-active boot bank is updated during the firmware update, without requiring
a reboot. The configuration on the current boot bank may optionally be copied to the non-
active boot bank during the firmware update.
Reboot Select this option to reboot the SLC 8000 advanced console manager
immediately. The default is No.
Note: The front panel LCD displays the “Rebooting the SLC” message, and the
normal boot sequence occurs.
Shutdown Select this option to shut down the SLC unit. The default is No.
Current Displays current temperature.
Low Sets the acceptable minimum for the internal temperature of the SLC 8000
advanced console manager. If the temperature of the SLC device changes to be
outside of this range, the SLC console manager will issue an SNMP trap.
High Sets the acceptable maximum for the internal temperature of the SLC unit. If the
temperature of the SLC 8000 advanced console manager changes to be outside
of this range, the SLC unit will issue an SNMP trap.
Calibrate Offset An offset for calibrating the internal temperature of the SLC console manager. The
offset will be applied one hour after setting the calibration value. Zeroing the
offset will take effect immediately and will cancel any current and/or pending
calibration.
Data Center Rack Row Set these fields to define the rack row the SLC unit is located within a large data
center. The default for these fields is 1.
Data Center Rack
Cluster
Set these fields to define the rack cluster the SLC 8000 advanced console
manager is located within a large data center. The default for these fields is 1.
Data Center Rack Set these fields to define the rack the SLC unit is located within a large data
center. The default for these fields is 1.
Site Tag Tag or description used to identify the location or some other attribute of the SLC.
Current Version Displays the current firmware version.
Clear FW Update Log
(checkbox)
Clears the contents of the Firmware Update log file.
Firmware Update Log
(link)
To view a log of all prior firmware updates, click the Firmware Update Log link.
Update Firmware To update the SLC firmware, select the checkbox. If you select this option, the
SLC unit reboots after you apply the update. The first time boot for each bank
may take up to 5 minutes. Subsequent boot times will be approximately 2
minutes.
To view a log of all prior firmware updates, click the Firmware Update Log
link.
Firmware Filename The name of the firmware update file downloaded from the Lantronix web site.
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 283
Boot Banks and Bootloader Settings
Key A key for validating the firmware file. The key is provided with the firmware file
(32 hex characters).
Load Firmware Via From the drop-down list, select the method of loading the firmware. Options are
FTP, TFTP, HTTPS, NFS, USB, and SD Card. FTP is the default.
If you select HTTPS, the Upload File link becomes active. Select the link to
open a popup window that allows you to browse to a firmware update file to
upload.
If you select NFS, the mount directory must be specified.
The SD Card option must be selected if an SD card is to be used.
Note: Connections available depend on the model of the SLC unit.
Bank 1 Displays the version of SLC firmware in bank 1.
Note: The word "current" displays next to the bank from which the SLC
booted.
Bank 2 Displays the version of SLC firmware in bank 2.
Next Boot Bank Displays the current setting for bank to boot from at next reboot.
Switch to Bank 2 If desired, select the alternate bank to boot from at next reboot.
Copy configuration
from Bank 1 to Bank 2
during firmware update
If checked, will copy the configuration from the current bank to the bank being
updated. The two numbers are automatically generated so that the first
number is the current bank.
Boot Count, Boot Delay,
Boot Limit
Parameters that control how the SLC boots and when it switches to the
alternate boot bank.
Boot Delay - how many seconds the bootloader pauses before booting the
SLC. Default is 3 seconds, range is 3 - 1800 seconds.
Boot Limit - how many times the SLC will fail to boot before switching to the
alternate boot bank. After the SLC fails to boot 2 times Boot limit (so it has
attempted to boot Boot Limit times on each bank), the SLC will go into
advanced recovery mode, which may require support from Technical
Support to resolve so that the SLC can be booted again. Default is 3 boots,
range is 3 - 20.
Boot Count - how many times the SLC has failed to boot. If this value
reaches Boot Limit, the SLC will switch to the alternate boot bank. The SLC
will switch to the alternate boot bank only once. For example, if it fails to
boot Boot Limit times on bank 1, it will automatically switch to bank 2; if it
fails to boot Boot Limit times on bank 2, it will enter advanced recovery
mode. If Boot Count has reached Boot Limit, setting this value to 0 will
enable the SLC to boot again. Default is 0, range is 0 - 1.
High Resolution Timers Enables or disables timers with a high degree of accuracy. High resolution
timers are required for Performance Monitoring, but may affect SLC
performance if they are enabled. Off by default. Changing this value requires a
reboot for the change to take effect.
Watchdog Timer Timer that will reboot the SLC if the boot fails to properly complete. If the timer
expires without a successful boot of the SLC, the timer will automatically reboot
the SLC. The default is 300 seconds. A value of zero will disable the watchdog
timer.
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 284
Load Firmware Via Options
Note: Prior to firmware update, the current configuration is saved to the Local Disk
location with the name "before_MMDDYY_HHMM".
Configuration Management
HTTPS Click Upload File to update the SLC firmware.
NFS Mounted Dir Select the NFS mounted directory from the drop-down menu.
USB Port Click to select USB port.
FTP/SFTP/TFTP
Server
The IP address or host name of the server used for obtaining updates and saving
or restoring configurations. May have up to 64 alphanumeric characters; may
include hyphens and underscores.
Path The default path on the server for obtaining firmware update files and getting and
putting configuration save files.
Login The userid for accessing the FTP server. May be blank.
Password /
Retype Password
The FTP user password.
Configuration
Management
From the option list, select one of the following:
No Save/Restore: Does not save or restore a configuration.
Save Configuration: Saves all settings to file, which can be backed up to a
location that is not on the SLC 8000 advanced console manager. If Tarball
Format is checked, the configuration will be saved in the old (insecure)
compressed tar file format, instead of the password protected zip file format.
Restore Factory Defaults: Restores factory defaults. If you select this
option, the SLC unit reboots after you apply the update.
Restore Saved Configuration: Returns the SLC settings to a previously
saved configuration. If you select this option, the SLC console manager
reboots after you apply the update.
Save with Config or
Preserve with Restore
Select the SSH Keys checkbox to save any imported or exported SSH keys.
Select the SSL Certificate checkbox to save an imported certificate.
Select the Scripts checkbox to save any interface or batch scripts. Disabled
by default.
Preserve Configuration
after Restore
Allows the user to keep a subset of the current configuration after restoring a
configuration or resetting to factory defaults.
Select the checkbox for each part of the current configuration you want to keep,
for example, Networking, Services, or Device Ports.
Configuration Name to
Save to or Restore From
If you selected to save or restore a configuration, enter a name for the
configuration file (up to 12 characters).
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 285
3. To view a log of all prior firmware updates, click the Firmware Update Log (blue link near the
center of the web page).
4. Click Apply.
Note: If you selected an option that forces a reboot (restore configuration, update
firmware, or reset factory defaults), the SLC unit automatically reboots at the end of the
process.
Location for Save,
Restore, or Manage
If you selected to save or restore a configuration, select one of the following
options:
Manage: This link allows you to view and delete all configurations saved to
the selected location. This feature is available for the Local Disk, NFS
Mounts, CIFS Share, USB, and SD Card locations. See Manage Files on
page 286.
Local Disk – Saved Configurations: If restoring, select a saved
configuration from the drop-down list.
FTP Server: The FTP server specified in the FTP/SFTP/TFTP section. If you
select this option, select FTP or SFTP to transfer the configuration file.
NFS Mounted Directory: Local directory of the NFS server for mounting
files.
CIFS Share – Saved Configurations: If restoring, select a saved
configuration from the drop-down list.
USB: If a USB device is loaded into one of the USB ports of the SLC 8000
advanced console manager, and properly mounted, the configuration can be
saved to or restored from this location.If you select this option, select the port
in which the USB thumb drive is mounted; then click a saved configuration
from the drop-down list.
HTTPS: For saving, the browser will prompt the user to save the
configuration. For restoring, the configuration will be uploaded to the Local
Disk location.
SD Card: If an SD card is loaded into a card slots of the SLC and properly
mounted, the configuration can be saved to or restored from this location.
:41: 5 1 9 v1131517192‘235272;“33353719414350 A LANT?ONIX sw am mm U1 E2 2 t 6 a10121416”20222426233912“BBSENHMOGM 9 533533;." sammm-mwm Webssmpmm cmneneaumceDme mmmm m-w-m» m 9 7 33 E anwarelcanfig SystemLog AudrlLag EmlilLog Dilgwshcs Sniuslflepons sums LCWKIyp-d ammrs Firmware & Configurations - Manage Flles cmgunmm . Lml am Name Dmemme Saved 55H Keys SSL cm. Dale Scripts \ \ schEYBRLZSDIZBAII- ‘ 5mg ‘91 omens 2: 29 an v v v ‘ hmrejmztagzzz ‘ “mg m nsnzns 22 22 54 v v v syan-slcdg ‘91 05/20/1516 D718 v v v \ \ slcfiflhcp-slcdg Igz own/1519 5215 v v v w \ beflorejfitztfijus- . 5mg ‘91 nsnzns 22.“ n5 v v v ‘Deleie F'ue ‘Download File ‘Raname File‘ Niw Fug Nama'
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 286
Figure 13-2 Network > Firmware/Config > Manage
Manage Files
The Manage Files web page allows you to view the firmware and configuration files saved to the
selected location and rename, download or delete any of the files. This feature is available for the
Local Disk, NFS Mounts, CIFS Share, USB, and SD card locations.
To manage files:
1. On the Maintenance > Firmware & Configurations page, click the Manage link. The Network >
Firmware/Config > Manage (on page 286) page appears and displays the name and the time
and date the file was saved.
2. To rename a file, select a file, enter the New File Name, and click the Rename File button.
3. To download a file, select a file and click the Download File button.
4. To delete files, select one, multiple files, or all files, and click the Delete File button. A
verification message showing files deleted will appear. Click Back to Manage Files to return
to the Network > Firmware/Config > Manage page.
Note: When deleting multiple files with a single command, the list of files that have
been deleted will only be shown if 10 or fewer files are deleted.
Administrative Commands
Go to Administrative Commands to view CLI commands which correspond to the web page entries
described above.
LANTQONIX SLC 8048 “WEI." Et 1 a 5 7 a nu151719212325272931naasavaaauusu A ‘ U2 5: z A 5 ato12u"Mazuuzuazasnazzassaawazuwa a :::::';::g,:,.,. WWW-WWW wmsswnpmvm Camwemmm mam—m Wm m a ? 6* nnnwamrcunng SystemLog AudnLug Ema-neg Dtignostms sums/Reports Events LCDlKn'ypad Bannevs system Logs Helz’fl Log . All stnmng fll . Baglnnlng otLag New/ark Data Sen/lens lMay vl 24 v :2015 v l Authenucallon ‘05 . t, 101 ‘22 , ‘ a," , l Devuze Fons magnasncs Enflmg at . End at Lag Geneva! DIE Sultware lMay vl 24 v l2016vl lDEVl'lDtvl"22Vl amv Level . Ermr Wamma lnlo Debug VIEW Lag Cleaang l Log Select the type(s) cl log you want to view: Level Select the alert level you want to vlew for the selected log: Startlng at Select the starting point cl the range you want to View:
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 287
System Logs
The Maintenance > System Logs page allows you to view various system logs. (See Chapter 7:
Services on page 103 for more information about system logs.) You can also clear logs on this
page.
To view system logs:
1. Click the Maintenance tab and select the System Logs option. The following page displays:
Figure 13-3 Maintenance > System Logs
2. Enter the following to define the parameters of the log you would like to view:
Log Select the type(s) of log you want to view:
All
Network
Services
Authentication
Device Ports
Diagnostics
General
Software
Level Select the alert level you want to view for the selected log:
Error
Warning
Info
Debug
Starting at Select the starting point of the range you want to view:
Beginning of Log: to view the log from the earliest available beginning time and
date.
Date: to view the log starting from a specific starting date and time.
Endlng a! LANRONIX sw am we: m-—m mum <1? 7="" 83="" %="" flnnw-mcomlg="" syslemlag="" audnlog="" emlfllng="" dlngmnflcl="" scum/rum“="" emu="" lcdikvypld="" amm-="" select="" the="" endpoint="" loe="" range="" you="" wan:="" m="" view:=""><3 5="" 7="" 9="" 11131511192‘zazsznom3335:139‘1434541="" a="" e:="" 2="" u="" s="" a="" minus1:202:ztzaznanzz14353014042444“:="" a="" 3:325:3th="" aamm.aaauam="" ww="" amaaamewu="" log.="" all="" -="" error="" level="" system="" logs="" m="" |="" email="" oqum="" cammam="" —‘="" 1="" sup="" fielresh="" r="" .="" may="" 22="" 21="" 55:2;="" zms="" 51:4331="" chssls:="" last="" message="" repeatad="" 2="" umas="" 5‘="" may="" m="" zr5a="" 7="" 1015="" 51:43])="" slcsstb/std‘="" sm/errsr-etvfmm="" mar:="" mrennupreu="" system="" (all="" may="" 22="" 155mg="" 2on="" 51min="" stsslb/lzd:="" sw/em'sr’ower="" supply="" a="" flailed="" may="" m="" 1953="" 5="" 1015="" 51:43:)="" seem/kernel="" (annot="" fina="" map="" file.="" may="" 12="" 1552="" 3="" ms="" (none)="" sltsslb/kerne="" em="" link="" uv:="" mam="" may="" 29="" ”‘53="" 3="" 2016="" (none)="" sl(ss|b/kern2="" ms="" addwonfwudevjhange):="" etn="" .="" link="" hemmes="" ready="" may="" 29="" 1461="" 6="" 2916="" (home)="" sluhb/kerne="" xhriimd="" kn(i="" hnst="" (nntraller="" may="" m="" 15="" 52="" 5="" ms="" (name)="" smsra/kenne="" xhuihcd="" xm="" hast="" (antruller="" may="" in="" 1552.="" s="" 1015="" (wane)="" slcssla/kerne="" .="" xnean="" euo]="" u).ae.u.="" neu="" usa="" bus="" negesreneu,="" asslgned="" nus="" number="" 4="" may="" 2::="" 15:52:55="" 1916="" (none)="" slusle/kernel:="" xndjm="" wemmem="" new="" use="" bus="" registered,="" assagneu="" bus="" number="" a="" may="" 29="" ”‘52-="" a="" 2er="" (none)="" sl(sslb/kerne="" -="" xhzi="" hcd="" we]="" m-ae.e-="" in:="" m,="" in="" men="" exwooeoea="" may="" 2a="" 15="" 52="" 5="" mm="" (name)="" sllsle/karne="" xhu'="" neu="" xhoehcd="" mu="" husk="" (untruller="" may="" m="" 15="" 52="" s="" 2015="" (hans)="" smsra/kenne="" thshtd="" thst="" um="" um="" (dulraller="" may="" in="" 1951="" 5="" ms="" (naive)="" slcssla/kzrne="" x‘iushcd="" xhrlslnd.="" neu="" usa="" bus="" reglgreved‘="" asssgneu="" bus="" number="" 5="" may="" m="" 19:52:55="" ms="" (none)="" sm5la/kenne="" xmishcd="" xhnshcd:="" neu="" use="" bus="" reglsteredy="" assigned="" bus="" number="" 5="" 5="" may="" 2a="" 1952:55="" 2016="" m)="" moniker":="" xhri="" nm="" xhclshcd:="" ”luz,="" )0="" men="" 9x13913691)="">
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 288
3. Click the View Log button. Your specified system log displays. For example, if you select the
type All and the level Error, the SLC unit displays a log similar to this:
Figure 13-4 System Logs
From a queried system log (e.g., Figure 13-4), you may email this information to a specific
individual or to Lantronix Technical Support. See Emailing Logs and Reports (on page 296).
To clear system logs:
1. From the Maintenance > System Logs page, select Maintenance - System Logs.
2. Click the Clear Log button to clear all log information.
System Log Commands
Go to System Log Commands to view CLI commands which correspond to the web page entries
described above.
Ending at Select the endpoint of the range you want to view:
End of Log: to view the log from the latest available ending time and date.
Date: to view the log up to the last available log ending date and time.
LANT?ONIX SLC 8048 Laws; :1 1 J 5 1 9 111:1517mm2:2527293i3335373941434541 A :2 2 1 a a1012141613202221zszuoazauasuaudueu e d::::'y°:::,‘n.n swam nesenuaamu eddy -m—m «me-mn- 4* 7 G g Flmlwlrucomln sysoenmag AudnLog End-rung nugnosues Sums/Rem: Eur“: LEDIKcyp-d Sinners Audlt Log Served by Drklfime Can-imam San ny \User \cdmmand Ema" “’9 \ciear Log] Stop Refresh \ '° may 24 emsm 2ais sysadmin mes: List any upaated may 24 es:24:i4 2eis sysadmin Heb Authentitatmn Suuess for user sysadmin may 24 2am sysadmin ueb nutmeneisati’on sueeess For user sysadmin ‘may 24 zeis sysadmin wen Authentitdtion sucsess For user sysadmin May 24 2816 User sysadmin IDEEEd Off of 35H SSSSiDn may i4 a eeis sysadmin uen muenensimidn SMKESS rdr user sysadmin may 24 ms sysadmin luIaI user serrings updated may 24 IEJE sysadmin Auth emer Lmdl user e NIS:0 ewe RADIUS=B xeruerose may 24 2dis ssm Authentizauon sueeess for user sysadmin may 24 2eis sysadmin Heb nuthentitatlon railure for user sysadmin may 24 2515 sysadmin yen mnthentitation suesess For user sysadmin ‘may 23 2916 sysadmin web Authentication Snuess For user sysadmin may ia idis sysadmin uen Authemkatinn Failure rdr user sysadmin may ii ems sysadmin Heb Authrntuahnn suseess rar user sysadmin may ii ms sysadmin uen Authenntatmn Suuess for user sysadmin may 2i mis sysadmin Nab Authen kduon Suuess for user sysadmin may 2i 2m sysadmin ueb Authenritatlon suseess for user sysadmin may as may 2e may, 26, a mis sysadmin uen Authentitation Suuess far user sysadmin 2315 sysadmin web Authemitation Snuess For user sysadmin zeis sysadmin meal user 'sysadnin' amihutes detin
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 289
Audit Log
The Maintenance > Audit Log page displays a log of all actions that have changed the
configuration of the SLC 8000 advanced console manager. The audit log is disabled by default.
Use the Services > SSH/Telnet/Logging page (Chapter 7: Services) to enable the audit log and to
configure its maximum size.
Each entry in the log file contains a date/time stamp, user login, and the action performed by the
user. The user may clear the log file and sort the log by date/time, user, and command. The audit
log is saved through SLC reboots.
1. Click the Maintenance tab and select the Audit Log option. The following page displays:
Figure 13-5 Maintenance > Audit Log
2. To select a sort option, click the appropriate button:
-To sort by date and time, click the sort by Date/Time button (this is the default.)
-To sort by user, click the sort by User button.
-To sort by command/action, click the sort by Command button.
3. To email this log, follow the instructions in Emailing Logs and Reports (on page 296).
4. To clear the log, click the Clear Log button.
5. To freeze or stop automatic refreshing of the log, click the Stop Refresh button.
LANTENIX SLC 8048 ”Hum a 1: 5 1 9 1|13‘5171921212527291133.215113851434547 A 2 e a a1111214161320112425211:ng3436134042444545 . fizz: $334..“ Wm, . Wm WeasstPmm Come‘epmememm mm—- mm- m G 7 a E FImwm/canng symmuog Mann-q Emllang Diagnostic: summapom Evorm Len/Kama Bum-vs Email Log Mele’ ClearLog Ema» Log 1 Cummem Slop Refresh mi 52nd FailurEs: J Emails Sent us Bytas Sent 2954 nS/Js/Is 19 21 gemmmgxenmm.eem Message Sent ( ( Internal Yfimpsratura m of Range) awe/es 19-12 geeeunmnmamom.eum Message Sent (m Internal Temperature out af mge) 85/18/16 19:19 gemmainmanuonix.mm Menage sent (su Internal Yemperature out of Range) asums 15:13 geeeumainmancronimnm Message Sent (5L: Internal Temperature on of Range) 25/13/15 1;.” geFountain®1antronix.mm Message sem (SLE mernal Yemperature But of Range) 85/13/15 NJo gefnuntaznmantronixmm Message Sent (su Internal Temperature mrt of Range) 05/13/16 JS‘IS gefnuntammamrunix.com Message >Ent (Slt DIWrna] YempEraturE Wt 0f Rang?) ewe/m 19 u geemmngxenmm.m Message Sent (5L: Internal Temparatura m uf Range) 95/13/15 1m; gefnunmlmlantrmux.mm Message Sen! (su meme; Yempm‘amre m of Range) as/Ja/Is 19-12 geeoumainmamom.em Message Sent (le Internal Temperature out or mge) as/JE/Js Jy‘n geFountain®lantronix.tnm Message 521K (su Internal Yemperature out of Range) asums 19:15 gefnumainfilantronixmnm Message Sent (St: Internal Temuerature m or mge) ems/us 1mg gefnuntainfilanvanixmom Menage sem (51: moms] vemperature But of Range) 05/13/16 19 68 gefnumalnfilantronixmom (annot Innate host loathlantrnniXJOW Namz ur servire nut known Esme/15 m as gefnunta)n@lantrnmx.[nm Message Sent (51: Internal Yemparalura m 3f Range)
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 290
Audit Log Commands
Go to Audit Log Commands to view CLI commands which correspond to the web page entries
described above.
Email Log
The Maintenance > Email Log page displays a log of all attempted emails. The log file can be
cleared from here. The email log is saved through SLC reboots.
1. Click the Maintenance tab and select the Email Log option. The following page displays:
Figure 13-6 Maintenance > Email Log
2. To email this log, follow the instructions in Emailing Logs and Reports (on page 296).
3. To clear the log, click the Clear Log button.
Logging Commands
Go to Logging Commands, USB Device Commands, USB Storage Commands, and USB Modem
Commands to view CLI commands which correspond to the web page entries described above.
LANRONIX 5mm Hcsi siwm User sysaflmln icii sn uz Seizdwn I" - may mam—m Wm. m fimm'lre/Cmfig sysmm Lon AudltLog EmallLon Diagnosucs sumsmepuns aims LODIKeypad Banners Diagnostics :1 2 A 5 310121416 U1|E11 3579111315! .. H wwssh mph-m w Dunnedbd umeiw nnlyY Q?F3EV "all sum Diagnasiis F Aii ipim Arp Tame IPVS Neignmirame Netsiai nus Loflkup Ping 52m Fania LoopmcK SLC lmemab usa Dante‘s Protocol um _,TCP _,UDP mm |:| mm |:| Eineiiieiwim mBom Ham wEmz IPv6 i, Pmmml QTCP _,uni2 Him mum |:| De'incePon |:| Tes: ., imam M Exieiiial Yreeusplzy H. MapDev/Iae i IPe1Mude \, Sewer quiem Rm Diagmsi
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 291
Diagnostics
The Maintenance > Diagnostics page provides methods for diagnosing problems such as network
connectivity and device port input/output problems. You can use equivalent commands on the
command line interface.
1. Click the Maintenance tab and select the Diagnostics option. The following page displays:
Figure 13-7 Maintenance > Diagnostics
2. Select Diagnostics from checklist (one or more diagnostic methods you want to run, or select
All to run them all):
IPv4 ARP Table The IPv4 Address Resolution Protocol (ARP) table used to view the IP address-to-
hardware address mapping.
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 292
IPv6 Neighbor
Table
The IPv6 Neighbor table is used to view a list of neighbor's IPv6 addresses on the same
network, and their corresponding MAC addresses.
Netstat Displays network connections. If you select the checkbox, select the TCP or UDP protocol,
or select All for both protocols to control the output of the Netstat report.
Host Lookup Select to verify that the SLC 8000 advanced console manager can resolve the host
name into an IP address (if DNS is enabled). If selected, also enter a host name in the
corresponding Hostname field,
Ping Select to verify that the host is up and running. If selected, also do the following:
Enter a host name in the corresponding Hostname field
Specify Ethernet Port (Both, Eth1 or Eth2)
Check if the IPv6 version of ping should be used.
Send Packet This option sends an Ethernet packet out one of the Ethernet ports, mainly as a network
connectivity test. For UDP, the number of times the string is sent is equal to the number
of packets sent. For TCP, the number of times the string is sent may (or may not) be
equal to the number of packets sent, because TCP controls how data is packetized and
sent out. Enter the following:
Protocol: Select the type of packet to send (TCP or UDP).
Hostname: Specify a host name or IPaddress of the host to send the packet to.
Port: Specify a TCP or UDP port number of the host to send the packet to.
String: Enter a set of up to 64 characters. The string is encapsulated in the packet (so
you could use a network sniffer to track the packet and, by looking at its contents,
verify that it was sent).
Count: The count is the number of times the string is sent.
Loopback Specify loopback information:
Device Port
Select either an Internal or External test
Note: The External test is currently not supported for USB device ports
SLC Internals Select to display information on the internal memory, storage and processes of the SLC
8000 advanced console manager.
USB Devices Select to display information about USB buses and the devices connected to them,
including a mapping between a USB device and the SLC ports.
EIII57SIH-‘M5A u 2 4 Hummus LANT?ONIX swam m3; fig: $33,?“ 5mm.“ lcunnguvm w-bssflmnonm unflmnmunpw‘ m 7 E:- E1 mafia—w win-m m nmmmconng system Lou AudnLna Email Lug Dianmsucs Statuslkapnfls Events Lcnlmpaa same-s Diagnostics mm nagnmcmmuwur m: I?“ M! Nnor EmmIOmDIfl Thme Mush! 1m Somme!“ Mphack su: mmals u 55 D: ces
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 293
3. Click the Run Diagnostics button. The Maintenance > Diagnostics page displays.
Figure 13-8 Maintenance > Diagnostics
4. To view a report, click the link for that report.
5. To email this report, follow the instructions in Emailing Logs and Reports (on page 296).
iPerf Select to start an iPerf3 server or client to measure network throughput. The server will
run in “one-off” mode. This means that it will handle one client connection and then
terminate. The server will wait indefinitely for the client to connect. The client will time out
if a connection is not made to a server within 15 seconds. For more information, visit the
iPerf website.
iPerf Mode: Select the mode (Server or Client). Two SLCs can be used to measure
network throughput, one running in server mode and one running in client mode.
iPerf Server: Specify the server name or IP address that the client connects to.
iPerf Options: Enter options to configure the packets sent by the server or client. If
no options are specified, the server or client will run with a default set of TCP packets.
Set server port to listen on/connect to (default 5201): -p, --port n
Format to report: -f, --format [kmgtKMGT]
Pause n seconds between reports: -i, --interval n
Bind to a host, an interface or multicast address: -B, --bind
More detailed output: -V, --verbose
Output in JSON format: -J, --json
Note: The options below are supported on the client only:
Set length of buffer to n (default 8 KB): -l, --length n[KMG]
Use UDP rather than TCP: -u, --udp
TCP window size (socket buffer size): -w, --window n[KMG]
Set TCP/SCTP maximum segment size (MTU): -M, --set-mss n
Set TCP/SCTP no delay, disabling Nagle’s Algorithm: -N, --no-delay
Set bandwidth to n bits/sec (default 1Mbit/sec, unlimited for TCP): -b, --bitrate
n[KMG]
Number of bytes to transmit (instead of -t): -n, --bytes n[KMG]
Time in seconds to transmit for (default 10 secs): -t, --time n
Set the IPv6 flow label: -L, --flowlabel n
Omit the first n seconds: -O, --omit n
Prefix every output line with this string: -T, --title str
Number of blocks (packets) to transmit (instead of -t/-n): -k, --blockcount
Set the IP type of service, 0-255. The usual prefixes for octal and hex can be used,
i.e. 52, 064 and 0x34 all specify the same value: -S, --tos n
Set the IP dscp value, either 0-63 or symbolic: --dscp n
Note: The SLC uses iPerf version 3.x, which is incompatible with older iPerf versions.
E11] 5 7 91111‘s17192123252729311135273941435541 A ANT?ON1X mm m“ ngznwggkn wwwww WWW Wmmmw mm—m mm- m a ? *3 El FInnwau/Cunng systoang AumlLDg EmanLog magnasngs smus/Reuem Emu: Lchoypau Banners Status/Reports 1:31! nmu Fan: am up. 50k. 17 Dkl 25 9k. 33 Okl AI Dk. ”‘2 “W“ . 1.3 3:: 15 3:: i5 3:: 32 3:: 2: 3:: Fm’ “W“ F'"'“ ' 3:: o 12 ok a 2n ck I 25 ck I as ok a 44 ok u ”N “PW 5 °" 0 s a 29 ak - 31 ok 0 45 ck. Cnnsn‘e Pan not Connected - 5 9k . 3.) m g 35 ox . 45 ox . \msma‘ Maaam Nvl Imam I 7 ok I 23 wk I 31 ck o as 0k a 410k 0 \NsmaWampamure 52”: 1125 'F) I 5 uk n 24 aka :2 uk a 4n Dk o 45 0k. mew Riven All ‘ ‘ Syslem Conflywmmn - cumpm. Fan Slums ‘ \ Syslem canngurmn- Bun: For! Caumars ‘ ‘ Syslsm Conflgurmmn-Aumenllcamon u: Rome; ‘ ‘ Syslem Conflgurahun- Dames Connsmlons Generate Repun
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 294
Diagnostic Commands
Go to Diagnostic Commands to view CLI commands which correspond to the web page entries
described above.
Status/Reports
On this page, you can view the status of the SLC ports and power supplies and generate a
selection of reports.
Note: Status and statistics shown on the web interface represent a snapshot in time. To
see the most recent data, you must reload the web page.
1. Click the Maintenance tab and select the Status/Reports option. The following page
displays:
Figure 13-9 Maintenance > Status/Reports
The top half of the page displays the status of each port, power supply, and the internal modem:
-Green indicates that the port connection or power supply is active and functioning correctly.
-Red indicates an error or failure or that the device is off.
2. Select the desired reports to view under View Report:
View Report
All Displays all reports.
LANTQON|X SL680“ mmm n 3 a 5 7 an«mu«mmsnmmmnmumv A Hz [2 2 a s amummmmmumzmmumuum a 5:; $1153“ Se‘engmfir - Wigwam Msmohmw mm m-_m mm m 7 +3 E FirmwnrdConfia sysanoq AudilLog EmlilLug Diagnostics Stimiseporls Evans LCDIKeypad Hillier: 3 mummy menus/Reports Repmks} Emanompm Comment \ m \ sonnemans xv lwus mm 1p mung (able nemmm Gateway (lemmask Fiags M55 mm“ xr‘tt 153:2 a.e.o.a 171.333,; 0 a.a.a Us e a a EUIB 372.19.“ 172.321.1031»; 155.255.e.a u e a a ma Kama) 1M mung mm Desunatlon um Hm) Flags mm m Use Ifate :u/Jza u a 2 3 in max nuBB‘anli‘dflxe 256:3]ff:fu96:a331,’123 u a a 1 in we) UA 256 a a me fefie zamvmess 4331/12: u a a I‘m mm (M u 156 a a me "e: mm m a 3 e ewe we :/a 1: u 255 u a me "/a e: 29ff:r'ee9:uzzfi mm mu a e ewe remnssee HH.FEI76:SE$e um my a a me (“mum to Pm/sem a m musmne User thlme 2 (mime Pm m (ummaufl Una 34:22:31 Tara] (nnnettjons: :
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 295
3. Click the Generate Report button. In the upper left of the Generated Status/Reports page
displays a list of reports generated.
Figure 13-10 Generated Status/Reports
Port Status Displays the status of each device port: mode, user, any related connections,
and serial port settings.
Port Counters Displays statistics related to the flow of data through each device port.
IP Routes Displays the routing table.
Connections Displays all active connections for the SLC unit: Telnet, SSH, TCP, UDP,
device port, and modem.
System Configuration –
Complete
Displays a complete snapshot of the SLC settings.
System Configuration –
Basic
Displays a snapshot of the SLC unit's basic settings (for example, network,
date/time, routing, services, console port).
System Configuration –
Authentication
Displays a snapshot of authentication settings only (including a list of all
localusers).
System Configuration -
Devices
Displays a snapshot of settings for each device port, USB Port, Modem, and
Host Lists.
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 296
4. To email these report(s), follow the instructions in Emailing Logs and Reports (on page 296).
Status Commands
Go to Status Commands to view CLI commands which correspond to the web page entries
described above.
Emailing Logs and Reports
The following logs and reports can be directly emailed to a specific individual or to Lantronix
Technical Support directly from the log page:
System Log (Figure 13-4)
Audit Log (Figure 13-5)
Email Log (Figure 13-6)
Diagnostic Reports (Figure 13-8)
Status/Reports (Figure 13-10)
To email a log to an individual:
1. In the Comment field of a particular log or report page, enter a comment (if desired).
2. Select the to field beside the empty field where you then enter the person's email address.
3. Press the Email Output button. An email is immediately sent out and a confirmation appears
on the screen.
I REVIEVIS a n, We, ‘ S 7.... PM a a my X am“ 3 am.“ '* ‘ mum W... m mwm 10. m an! a; 5mm; mums [rpm «W 5 V mm gm Ships Sm my 5124:2015 us my Suzanna nepnn(s|c4331) Genevaled 05/24/2016 Ha 15:09 GMT Repurl: IP mules Kernel IP rmllinq [wk Deal'naliun Gateway Genmaak Flags M55 Wmdow im lfme 0.0.0.0 172.19.01 0.0.0.0 U6 00 0 61“] 17219.01) 172,19.100,143155.255.u.o U on new) @ dnwtrEpstQSSl
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 297
Figure 13-11 Emailed Log or Report
To view information about the SLC unit and contact information for Lantronix:
1. Click the button on the upper right portion of any web page to access the About SLC page
(see Figure 13-12).
LANT?ONIX 51-0 3°15 azéz‘zm... mm_mmm 1115111519111315‘ LCDSII U2 :1 4 5 910121415 szwmwnm QEnnfigummn ,wmssMDFnr-M cannzmnmempmn mung About SLC 8016 mew ch mm mum muse Fans 2 lmemal Modem ”mininllnd PowerSIADW Ac. 1 nmsuwly s/N amucmu Mammy m us Flash $129 512 us Em HWAmrrss comm-cam” Em HWAmress on.m=:.czm.7s mo Scam Type um name 1 ms. 0 noursmmmm Hmmre Version 1.1mm: 05 Version Elmnoadevversnn 2 an m Mam Beam Ramon nmwmnm-R men; we menu‘s Type(57 1153.1: , I/o Madme Remsmm mum, Sorlwzle Reusms kernel 3.55 SSWSSL DMnSsLLEpLflnenssLHUMAAW 2m mm 11411114511“. 1 NT}? mpuzsps SMEICIFS Venivn as.“ mp xm:vussan1.2.n Webserva mmlJIltudHJA PAM/NIS 1.3.1 LDAP 153 mus 14a Kernelos u.) TACACSo 1.41 snemnAch 2.15 Elmflaadevcanfigumm NurVDSianDns 11 Model Number 91 Frame! Name as opuons wmwwwmwammmmmmz n 2111321313, Lammmx AH 11g“: resemefl Lanuonix curpmu Ibadqnarbrs 7535 \Mne Cenler Dme. sule mu “we a 92513 USA Yew +1 [5497 4533951: Fax .1 (939)4513995 Mhnlul suppon Hours a BM . 5 nap pm: me Mama,» Fmay {mummy mums) w (3139142277045 (us sum 16‘ (54914537195 Fax (949) 4517221; FTP "D \amrawxmm
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 298
Figure 13-12 About SLC
E11] 5 7 a nu‘5171921232521293:23353719414355" A ANT?ONIX swam mm,“ ng:;;';::g,‘mn sypmmmw WWW; sumsqnmmanm mam—m Wm. m 4,, 7 a E Fllmwam/ccmflg sysnmLog AuunLog EmauLog Diagnosllcs sums/Rams Sums LCD/Keypad Banrms Events m Trigger \ RE '7 ‘ Amen 5% g Home PM \ Emmet . Em Em RPM §e\ec|9n’ . USE Pun U1 mm“ ‘7 10mm) Madam Cannecuon U55 PM U2 ‘7, Duwce Fan m n m ms 5 Ampsuanad ya NMS/me mwam van in 5mm: cammumry SNMF Wan om EmaH Addrsss To em uv de‘ete an evem mam. mam. magnum sexemmmmn m the ”gm mm mm Evlnk rd mag-v opuons Acnon opunns Apply
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 299
Events
On this Maintenance > Events page, you can define what action you want to take for events that
may occur in the SLC unit.
1. Click the Maintenance tab and select the Events option. The following page displays:
Figure 13-13 Maintenance > Events
2. Enter the following:
Event Trigger From the drop-down list, select the type of incident that triggers an event. Currently,
the options are:
Receive Trap
Temperature Over/Under Limit (for Sensorsoft devices)
Humidity Over/Under Limit (for Sensorsoft devices)
Device Port Data Drop
No Internal Modem Dial Tone
Ping Host Fails
RPM Load Over Threshold
Host to Ping When the trigger is set to Ping Host Fails, enter the hostname, IPv4 address or
IPv6 address of the host to ping. The host will be pinged every 2 minutes.
RPM When the trigger is set to RPM Load over Threshold, select the RPM that will be
monitored for a current that exceeds a defined threshold. The RPM needs to
support providing a current level as part of its status information. The RPM current
will be checked every 2 minutes.
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 300
3. You have the following options:
-To add the defined event, click the Add Event button. The event displays in the Events
table at the bottom of the page.
-To edit an event, select the event from the Events table and click the Edit Event button.
The Maintenance > Events page displays the event.
-To delete an event, select the event from the Events table and click the Delete Event
button. A message asks for confirmation. Click OK.
4. To save, click Apply.
Events Commands
Go to Events Commands to view CLI commands which correspond to the web page entries
described above.
Outlet When the trigger is set to RPM Load over Threshold, select the outlet that will be
monitored for a current that exceeds a defined threshold. The RPM needs to
support providing a current level for the selected outlet as part of its status
information. If an outlet is not specified, the current level for the entire device will be
monitored. The RPM current will be checked every 2 minutes.
Threshold When the trigger is set to RPM Load over Threshold, specify the maximum
allowable threshold for the current; any current readings over this threshold will
trigger the selected action. The threshold can be specified in Amps (e.g. 8.5) or as
a percentage (e.g. 90%).
Action From the drop-down list, select the action taken because of the trigger. For
example, the action can be writing an entry into the syslog with details of the event
or sending the trap(s) to the Ethernet or modem connection.
Syslog
Forward All Traps to Ethernet
Forward Selected Trap to Ethernet
Forward all Traps to a Modem Connection
Forward Selected Trap to a Modem Connection
Email Alert
SNMP Trap
Ethernet For actions that require an Ethernet connection (for example, Forward All Traps to
Ethernet), select the Ethernet port to use.
Modem Connection
on
For actions that require a modem connection (for example, Forward All Traps to a
Modem Connection, select which modem connection to use (Device Port, USB
Port U1, USB Port U2, or the Internal Modem). Connections available depend on
the model of the SLC unit.
NMS/Host to forward
trap to
For actions that forward a trap, enter the IP address of the computer to forward the
trap to. The computer does not have to be an SNMP NMS; it just has to be capable
of receiving SNMP traps.
SNMP Community Forwarded traps are sent with this SNMP community value
There is no default.
SNMP Trap OID Enter a unique identifier for an SNMP object. (An SNMP object is anything that can
hold a value and can be read using an SNMP "get" action.) The OID consists of a
string of numbers separated by periods (for example, 1.1.3.2.1). Each number is
part of a group represented by the number on its left.
Email Addresses Enter an email address to receive email alerts.
:41: 5 1 9 111315\n92‘232527293‘33353739114345" A a 2 A s E111121415“2021NZEZEJIIJZJAJBSEIUHMAEM s LANT?ONIX swam m3; $235533“ Wm WWW, Cannmmmw “mm mum-m» m 4* 7 I? % Flrmw-mcomlq sysumLog AudnLug Emlllboq Dlagnowc: W 5mm women)»: 31an LCD/Keypad 13mm Kan-aiming: Enabled screens Keypad Lacked 1m disp‘uy um” Disabled screens Gwen, “me Dame Fans 7 Resinr: Funmy Damn: Pusswnrd Nelwork Lacatianv my“ Passww . Consu‘e User smngs Da(emme \nlemal Temp i ‘Re‘ease : L 1 User Suings - Lma I ma 2* Ame-Scroll LCD scream. 5cm“ Delay 5 szmnds m: Delay, 10 semnds Apply \
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 301
LCD/Keypad
The LCD has a series of screens, consisting of 2 lines of 24 characters each. Specific screens and
the display order can be configured. The keypad associated with the LCD can also be configured.
The types of screens include: current time, network settings, console settings, date and time,
release version, location, and custom user strings.
Enabling the Auto-Scroll LCD Screens option enables scrolling through the screens and pausing
the number of seconds specified by the Scroll Delay between each screen. After any input to the
keypad, the LCD waits until the keypad has been idle for the number of seconds specified by the
Idle Delay before scrolling of the screens continues.
To configure the LCD and Keypad:
1. Click the Maintenance tab and select the LCD/Keypad option.
Figure 13-14 Maintenance > LCD/Keypad
To configure the LCD:
The screens that are currently enabled are displayed in order in the left Enabled screens list.
1. Select a screen to be removed from the Enabled Screens and click the button. The
screen moves to the Disabled Screens list to the right.
2. Select a screen to be added from the Disabled Screens list and click the button. The
screen is added to the Enabled Screens to the left.
heE E
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 302
3. Select a screen in the Enabled Screens list and click the or button to change the
order of the screens.
Note: The User Strings screen displays the 2 lines defined by the User Strings - Line 1
and Line 2 fields. By default, these user strings are blank.
4. Click Apply to save.
To configure the Keypad:
1. Enter the following fields.
2. Click Apply to save.
Administrative LCD/Keypad Commands
Go to Administrative Commands to view CLI commands which correspond to the web page entries
described above.
Banners
The Maintenance > Banners page allows the system administrator to customize text messages
that display to users.
To configure banner settings:
1. Click the Maintenance tab and select Banners option.
Keypad Locked Select this to lock out any input to the keypad. The default is for
the keypad to be unlocked.
Restore Factory Defaults Password /
Retype Password
Enter the 6 digit key sequence entered at the keypad to restore
the SLC unit to factory defaults. The default is 999999.
:11: 5 7 9 111:15171921232527293111353139414345" A LANT?ONIX m 8048 mm ‘12 E2 2 1 5 B1012H16132022242628SDSZIIJBSBOII‘ZMlG“ B dzznwfl." WWWWW WWW WWWWM man—m W m G 7 w % Flmwumcqnflq Syslem Log AudRLny Em-nLog magnosms sums/Regan: Evenls LCD/Keypad Banners Banners Wamama Banner Welcome (a the SM: ‘ Logln Ennner. Lagam Emmet SSH Emmet ‘ Nate: Lms muss can ha lncwded \n m- banner: Mm ma ‘w wumnorsequanu Tha wsb bannsr can he cannguma hm APPW
13: Maintenance
SLC™ 8000 Advanced Console Manager User Guide 303
Figure 13-15 Maintenance > Banners
2. Enter the following fields.
3. Click Apply to save.
Administrative Banner Commands
Go to Administrative Commands to view CLI commands which correspond to the web page entries
described above.
Welcome Banner The text to display on the command line interface before the user logs in. May
contain up to 1024 characters. Single quote and double quote characters are not
supported. Welcome to the SLC is the default.
Note: To create more lines use the \n character sequence.
Login Banner The text to display on the command line interface after the user logs in. May
contain up to 1024 characters. Single quote and double quote characters are not
supported. Default is blank.
Note: To create more lines, use the \n character sequence.
Logout Banner The text to display on the command line interface after the user logs out. May
contain up to 1024 characters. Single quote and double quote characters are not
supported. Default is blank.
Note: To create more lines use, the \n character sequence.
SSH Banner The text to display when a user logs into the SLC via SSH, prior to authentication.
May contain up to 1024 characters. Single quote and double quote characters are
not supported. Blank by default.
Note: To create more lines use the \n character sequence.
ger Conflgurallon thne Lme Phune System Remote User R5232 Sefial Cames or USB Local user
SLC™ 8000 Advanced Console Manager User Guide 304
14: Application Examples
Each SLC advanced console manager has multiple serial ports and two network ports. Each serial
port can be connected to the console port of an IT device. Using a network port (in-band) or a
modem (out-of-band) for dial-up connection, an administrator can remotely access any of the
connected IT devices using Telnet or SSH.
Figure 14-1 SLC - Console Manager Configuration
This chapter includes three typical scenarios for using the SLC unit. The scenarios assume that
the SLC 8000 advanced console manager is connected to the network and has already been
assigned an IP address. In the examples, we use the command line interface. You can do the
same things using the web page interface except for directly interacting with the SLC unit (direct
command).
Telnet/SSH to a Remote Device
The following figure shows a Sun server connected to port 2 of the SLC 8000 advanced console
manager.
Figure 14-2 Remote User Connected to a SUN Server via the SLC unit
In this example, the sysadmin would:
1. Display the current settings for device port 2:
SLC 8000 Advanced Console Manager
Remote User
Internet
Sun Server
SLC 8000 Advanced Console Manager
14: Application Examples
SLC™ 8000 Advanced Console Manager User Guide 305
[SLC]> show deviceport port 2
___Current Device Port
Settings________________________________________________
Number: 2 Name: Port-2
Modem Settings-------------Data Settings----------IP Settings-------
Modem State: disabled Baud Rate: 9600 Telnet: disabled
Modem Mode: text Data Bits: 8 Telnet Port: 2002
Timeout Logins: disabled Stop Bits: 1 SSH: disabled
Local IP: negotiate Parity: none SSH Port: 3002
Remote IP: negotiate Flow Control: xon/xoff IP: <none>
Authentication: PAP Logins: disabled
CHAP Host: <none> Break Sequence: \x1bB
CHAP Secret: <none> Check DSR: disabled
NAT: disabled Close DSR: disabled
Dial-out Login: <none>
Dial-out Password: <none>
Dial-out Number: <none>
Dial-back Number: usernumber
Initialization Script: <none>
Logging Settings----------------------------------------------------
Local Logging: disabled USB Logging: disabled
Email Logging: disabled Log to: upper slot
Byte Threshold: 100 Max number of files: 10
Email Delay: 60 seconds Max size of files: 2048
Restart Delay: 60 seconds
Email To: <none>
Email Subject: Port %d Logging
Email String: <none>
NFS File Logging: disabled
Directory to log to: <none>
Max number of files: 10
Max size of files: 2048
2. Change the baud to 57600 and disable flow control:
[SLC]> set deviceport port 2 baud 57600 flowcontrol none
Device Port settings successfully updated.
3. Connect to the device port:
[SLC]> connect direct deviceport 2
4. View messages from the SUN server console:
Mar 15 09:09:44 tssf280r sendmail[292]: [ID 702911 mail.info] starting
daemon (8.12.2+Sun): SMTP+queueing@00:15:00
Mar 15 09:09:44 tssf280r sendmail[293]: [ID 702911 mail.info] starting
daemon (8.12.2+Sun): queueing@00:15:00
Mar 15 14:44:40 tssf280r sendmail[275]: [ID 702911 mail.info] starting
daemon (8.12.2+Sun): SMTP+queueing@00:15:00
Mar 15 14:44:40 tssf280r sendmail[276]: [ID 702911 mail.info] starting
daemon (8.12.2+Sun): queueing@00:15:00
5. Reboot the SUN server:
Reboot
Mfilfifififlfifififififi : .fi—E
14: Application Examples
SLC™ 8000 Advanced Console Manager User Guide 306
<shutdown messages from SUN>
6. Use the escape sequence to escape from direct mode back to the command line interface.
Dial-in (Text Mode) to a Remote Device
This example shows a phone line connection to the internal modem of the SLC, and a Sun server
connected to a device port. You can configure the modem for text mode dial-in, so a remote user
can dial into the modem using a terminal emulation program and access the Sun server.
Figure 14-3 Dial-in (Text Mode) to a Remote Device
In this example, the sysadmin would:
1. Configure the device port that the modem is connected to for dial-in:
[SLC]> set deviceport port 1 modemmode text
Device Port settings successfully updated.
[SLC]> set deviceport port 1 initscript "AT&F&K3&C1&D2%C0A"
Device Port settings successfully updated.
[SLC]> set deviceport port 1 auth pap
Device Port settings successfully updated.
[SLC]> set deviceport port 1 localsecret "password"
Device Port settings successfully updated.
[SLC]> set deviceport port 1 modemstate dialin
Device Port settings successfully updated.
[SLC]>
2. Configure the device port that is connected to the console port of the Sun UNIX server:
[SLC]> set deviceport port 2 baud 57600 flowcontrol none
Device Port settings successfully updated.
3. Dial into the SLC 8000 advanced console manager via the modem using a terminal emulation
program on a remote PC. A command line prompt displays.
4. Log into the SLC unit.
CONNECT 57600
Welcome to the SLC
login: sysadmin
Password:
Welcome to the SLC Console Manager
Model Number: SLC 8048
For a list of commands, type 'help'.
[SLC]>
Phone System
Remote User
Phone
Line
Sun UNIX Server
SLC 8000 Advanced Console Manager
Serial Cable to Port 2
Flgure 14-4 Local Serlal Connectlon to Network Devlce vla Telnet %E—© _ A;.1‘.‘[;::':::4 <‘>
14: Application Examples
SLC™ 8000 Advanced Console Manager User Guide 307
5. Connect to the SUN Unix server using the direct command.
[SLC]> connect direct deviceport 2
SunOS 5.7
login: frank
Password:
Last login: Wed Jul 14 16:07:49 from computer
Sun Microsystems Inc.SunOS 5.7Generic October 1998
SunOS computer 5.7 Generic_123485-05 sun4m sparc SUNW,SPARCstation-20
$
6. Use the escape sequence to escape from direct mode back to the command line interface.
Local Serial Connection to Network Device via Telnet
This example shows a terminal device connected to an SLC device port, and a Sun server
connected over the network to the SLC device. When a connection is established between the
device port and an outbound Telnet session, users can access the Sun server as though they
were directly connected to it. (See Chapter 11: Connections on page 231).
Figure 14-4 Local Serial Connection to Network Device via Telnet
In this example, the sysadmin would:
1. Display the current settings for device port 2:
[SLC]> show deviceport port 2
___Current Device Port
Settings________________________________________________
Number: 2 Name: Port-2
Modem Settings-------------Data Settings-----------IP Settings-------
Modem State: disabled Baud Rate: 9600 Telnet: disabled
Modem Mode: text Data Bits: 8 Telnet Port: 2002
Timeout Logins: disabled Stop Bits: 1 SSH: disabled
Local IP: negotiate Parity: none SSH Port: 3002
Remote IP: negotiate Flow Control: xon/xoff IP: <none>
Authentication: PAP Logins: disabled
CHAP Host: <none> Break Sequence: \x1bB
CHAP Secret: <none> Check DSR: disabled
NAT: disabled Close DSR: disabled
Dial-out Login: <none>
Dial-out Password: <none>
Dial-out Number: <none>
Dial-back Number: usernumber
Initialization Script: <none>
Internet
Serial Cable
to Device Port 2
Sun UNIX Server
SLC 8000 Advanced Console Manager
14: Application Examples
SLC™ 8000 Advanced Console Manager User Guide 308
Logging Settings----------------------------------------------------
Local Logging: disabled USB Logging: disabled
Email Logging: disabled Log to: upper slot
Byte Threshold: 100 Max number of files: 10
Email Delay: 60 seconds Max size of files: 2048
Restart Delay: 60 seconds
Email To: <none>
Email Subject: Port %d Logging
Email String: <none>
NFS File Logging: disabled
Directory to log to: <none>
Max number of files: 10
Max size of files: 2048
2. Change the serial settings to match the serial settings for the vt100 terminal - changes baud to
57600 and disables flow control:
[SLC]> set deviceport port 2 baud 57600 flowcontrol none
Device Port settings successfully updated.
3. Create a connection between the vt100 terminal connected to device port 2 and an outbound
telnet session to the server. (The IP address of the server is 192.168.1.1):
[SLC]> connect bidirection 2 telnet 192.168.1.1
Connection settings successfully updated.
4. At the VT100 terminal, hit <return> a couple of times. The Telnet prompt from the server
displays:
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
Sun OS 8.0
login:
At this point, a user can log in and interact with the Sun server at the VT100 terminal as if directly
connected to the server.
SLC™ 8000 Advanced Console Manager User Guide 309
15: Command Reference
After an introduction to using commands, this chapter lists and describes all of the commands
available on the SLC command line interface accessed through Telnet, SSH, or a serial
connection. The commands are in alphabetical order by category.
Introduction to Commands
Following is some information about command syntax, command line help, and tips for using
commands.
Command
Syntax
Commands have the following format:
<action> <category> <parameter(s)>
where
<action> is set, show, connect, admin, diag, or logout.
<category> is a group of related parameters whose settings you want to
configure or view. Examples are ntp, deviceport, and network.
<parameter(s)> is one or more name-value pairs in one of the following
formats:
Table 15-1 Actions and Category Options
<parameter name> <aa|bb> User must specify one of the values (aa or bb) separated by a
vertical line ( | ). The values are in all lowercase and must be
entered exactly as shown. Bold indicates a default value.
<parameter name> <Value> User must specify an appropriate value, for example, an IP
address. The parameter values are in mixed case. Square brackets
[ ] indicate optional parameters.
Action Category
set auth|cflow|cifs|cli|command|consoleport|datetime|deviceport
|groups|history|hostlist|ipfilter|kerberos|ldap|localusers|
log|menu|network|nfs|nis|ntp|password|perfmon|radius
|remoteusers|routing|rpm|script|sdcard|security|services
|site|slcnetwork|sshkey|tacacs+|temperature|usb|vpn|xmodem
show auth|auditlog|cflow|cifs|cli|connections|consoleport|
datetime|deviceport|emaillog|groups|history|hostlist|
ipfilter|kerberos|ldap|localusers|log|menu|network|nfs|nis|
ntp|perfmon|portcounters|portstatus|radius|remoteusers|
routing|rpm|script|sdcard|security|services|site|slcnetwork|
sshkey|sysconfig|syslog|sysstatus|tacacs+|temperature|usb|
user|vpn|xmodem
Should you m a mxsta the Delete k endm T100 emu you F F pl ownW
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 310
Command Line Help
For general Help and to display the commands to which you have rights, type:
help
For general command line Help, type:
help command line
For release notes for the current firmware release, type:
help release
For more information about a specific command, type help followed by the command, for
example:
help set network or help admin firmware
Tips
Type enough characters to identify the action, category, or parameter name uniquely. For
parameter values, type the entire value. For example, you can shorten:
set network port 1 state static ipaddr 122.3.10.1 mask 255.255.0.0
to
se net po 1 st static ip 122.3.10.1 ma 255.255.0.0
Use the Tab key to automatically complete action, category, or parameter names. Type a
partial name and press Tab either to complete the name if only one is possible, or to display
the possible names if more than one is possible. Following a space after the preceding name,
Tab displays all possible names.
Should you make a mistake while typing, backspace by pressing the Backspace key and/or
the Delete key, depending on how you accessed the interface. Both keys work if you use
VT100 emulation in your terminal access program when connecting to the console port. Use
the left and right arrow keys to move within a command.
Use the up and down arrows to scroll through previously entered commands. If desired,
select one and edit it. You can scroll through up to 100 previous commands entered in the
session.
To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.
connect bidirection|direct|global|listen|restart|script|terminate
|unidirection
diag arp|arp6|internals|iperf|lookup|loopback|netstat|nettrace|pe
rfstat|ping|ping6|sendpacket|top|traceroute|usb
admin banner|chip|clear|config|events|feature|firmware|ftp|keypad|
lcd|memory|quicksetup|reboot|shutdown|site|version|web
logout Terminates CLI session.
Action Category
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 311
When the number of lines displayed by a command exceeds the size of the window (the
default is 25), the command output is halted until the user is ready to continue. To display the
next line, press Enter, and to display the page, press the space bar. You can override the
number of lines (or disable the feature altogether) with the set cli command.
Keyboard Shortcuts:
Control-a: move to the start of the line
Control-e: move to the end of the line
Control-b: move back to the start of the current word
Control-f: move forward to the end of the next word
Control-u: erase from cursor to the beginning of the line
Control-k: erase from cursor to end of the line
Administrative Commands
admin banner login
Syntax
admin banner login <Banner Text>
Description
Configures the banner displayed after the user logs in.
Note: To go to the next line, type \n and press Enter.
admin banner logout0
Syntax
admin banner logout <Banner Text>
Description
Configures the banner displayed after the user logs out.
Note: To go to the next line, type \n and press Enter.
admin banner show
Syntax
admin banner show
Description
Displays the welcome, SSH, login, and logout banners.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 312
admin banner ssh
Syntax
admin banner ssh <Banner Text>
Description
Configures the banner that displays prior to SSH authorization.
admin banner welcome
Syntax
admin banner welcome <Banner Text>
Description
Configures the banner displayed before the user logs in.
Note: To go to the next line, type \n and press Enter.
admin config checksum
Syntax
admin config checksum
Description
Displays a checksum for the current configuration. Can be used to determine if the configuration
has changed.
admin config copy
Syntax
admin config copy <current|Config Name>
[location <local|nfs|cifs|usb|sdcard>
[nfsdir <NFS Mounted Directory>] [usbport <U1|U2>] ]
Description
Copies the current configuration (or optionally, a configuration from another location) to the other
bank (for dual-boot SLCs).
admin config rename|delete
Syntax
admin config delete <Config Name> location <local|nfs|cifs|usb|sdcard>
[usbport <U1|U2>] [nfsdir <NFS Mounted Directory>]
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 313
admin config rename <Config Name> location <local|nfs|cifs|usb|sdcard>
[usbport <U1|U2>] [nfsdir <NFS Mounted Directory>]
Description
Deletes or renames a configuration.
admin config factorydefaults
Syntax
admin config factorydefaults [savesshkeys <enable|disable>] [savesslcert
<enable|disable>] [preserveconfig <Config Params to Preserve>]
[savescripts <enable|disable>]
<Config Params to Preserve> is a comma-separated list of current configuration
parameters to retain after the config restore or factorydefaults:
Description
Restores the SLC unit to factory default settings.
admin config restore
Syntax
admin config restore <Config Name> location
<local|ftp|sftp|nfs|cifs|usb|sdcard> [nfsdir <NFS Mounted Directory>]
[usbport <U1|U2>] [preserveconfig <Config Params to Preserve>]
[savesshkeys <enable|disable>]
[savesslcert <enable|disable>]
[savescripts <enable|disable>]
<Config Params to Preserve> is a comma-separated list of current configuration
parameters to retain after the config restore or factorydefaults:
nt Networking
sv Services
dt Date/Time
lu Local Users
dp Device Ports
ra Remote Authentication
ub USB Port/SD Card
nt Networking
sv Services
dt Date/Time
lu Local Users
ra Remote Authentication
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 314
Description
Restores a saved configuration to the SLC 8000 advanced console manager.
admin config save
Syntax
admin config save <Config Name> location
<local|ftp|sftp|nfs|cifs|usb|sdcard> [nfsdir <NFS Mounted Dir>] [usbport
<U1|U2>]
[savesshkeys <enable|disable>]
[savesslcert <enable|disable>]
[savescripts <enable|disable>]
Description
Saves the current SLC configuration to a selected location.
admin config show
Syntax
admin config show <local|ftp|sftp|nfs|cifs|usb|sdcard> [nfsdir <NFS
Mounted Dir>] [usbport <U1|U2>]
Description
Lists the configurations saved to a location.
admin firmware bootbank
Syntax
admin firmware bootbank <1|2>
Description
Sets the boot bank to be used at the next SLC reboot.
admin firmware bootcount
Syntax
admin firmware bootcount <0|1>
dp Device Ports
ub USB Port/SD Card
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 315
Description
Configures bootcount parameter that control how many times the SLC has failed to boot. If this
value reaches Boot Limit, the SLC will switch to the alternate boot bank. The SLC will switch to the
alternate boot bank only once. For example, if it fails to boot Boot Limit times on bank 1, it will
automatically switch to bank 2; if it fails to boot Boot Limit times on bank 2, it will enter advanced
recovery mode. If Boot Count has reached Boot Limit, setting this value to 0 will enable the SLC to
boot again. Default is 0, range is 0 - 1.
admin firmware bootlimit
Syntax
admin firmware bootlimit <3-20>
Description
Configures bootlimit parameters that control how many times the SLC will fail to boot before
switching to the alternate boot bank. After the SLC fails to boot 2 times Boot limit (so it has
attempted to boot Boot Limit times on each bank), the SLC will go into advanced recovery mode,
which may require support from Technical Support to resolve so that the SLC can be booted
again. Default is 3 boots, range is 3 - 20.
admin firmware bootdelay
Syntax
admin firmware bootdelay <3-1800>
Description
Configures bootcount parameters that control how seconds the bootloader pauses before booting
the SLC. The default is 3 seconds and the range is between 3 and 1800 seconds.
admin firmware highrestimers
Syntax
admin firmware highrestimers <enable|disable>
Description
Enables high resolution timers required for Performance Monitoring or disables high resolution
timers (the default). Changing this setting requires a reboot in order for the change to take effect.
admin firmware watchdog
Syntax
admin firmware watchdog <disable|180-1800 seconds>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 316
Description
Configures how long the SLC waits for boot completion before forcing a reboot.
admin firmware show
Syntax
admin firmware show [viewlog <enable|disable>]
Description
Lists the current firmware revision, the boot bank status, and optionally
displays the log containing details about firmware updates.
admin firmware update
Syntax
admin firmware update <ftp|tftp|sftp|nfs|usb|sdcard> file <Firmware
File> key <Checksum Key> [nfsdir <NFS Mounted Dir>] [usbport <U1|U2>]
Description
Updates SLC firmware to a new revision.
You should be able to access the firmware file using the settings admin ftp show displays if
FTP, TFTP or SFTP are used to load the firmware file. The SLC 8000 advanced console manager
automatically reboots after successful update.
admin firmware clearlog
Syntax
admin firmware clearlog
Description
Clears the firmware update log.
admin ftp password
Syntax
admin ftp password
Description
Sets the FTP server password and prevent it from being echoed.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 317
admin ftp server
Syntax
admin ftp server <IP Address or Hostname> [login <User Login>] [path
<Directory>]
Description
Sets the FTP/TFTP/SFTP server used for firmware updates and configuration save/restore.
admin ftp show
Syntax
admin ftp show
Description
Displays FTP settings.
admin keypad
Syntax
admin keypad <lock|unlock>
Description
Locks or unlocks the LCD keypad.
If the keypad is locked, you can scroll through settings but not change them.
admin keypad password
Syntax
admin keypad password
Must be 6 digits.
Description
Changes the Restore Factory Defaults password used at the LCD to return the SLC advanced
console server to the factory settings.
admin keypad show
Syntax
admin keypad show
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 318
Description
Displays keypad settings.
admin lcd reset
Syntax
admin lcd reset
Description
Restarts the program that controls the LCD.
admin lcd default
Syntax
admin lcd default
Description
Restores the LCD screens to their factory default settings.
admin lcd screens
Syntax
admin lcd screens
<zero or more parameters>
Parameters
currtime <1-9>
network <1-9>
console <1-9>
datetime <1-9>
release <1-9>
devports <1-9>
location <1-9>
temp <1-9>
userstrings <1-9>
Description
Sets which screens will be displayed on the LCD, and their order.
admin lcd line1
Syntax
admin lcd line1
<1-24 Chars> line2 <1-24 Chars>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 319
Description
Sets the strings displayed on the LCD user string screen.
admin lcd scrolling
Syntax
admin lcd scrolling <enable|disable>
[scrolldelay <Delay in Seconds>] [idledelay <Delay in Seconds>]
Description
Configures auto-scroll of the LCD screens, including the number of
seconds after keypad input before auto-scrolling restarts.
admin memory show
Syntax
admin memory show
Description
Displays information about SLC memory usage.
admin memory swap add
Syntax
admin memory swap add <Size of Swap in MB> usbport <U1|U2>
Description
Creates a swap space from an external storage device.
admin memory swap delete
Syntax
admin memory swap delete
Description
Deletes the swap space from an external storage device.
admin quicksetup
Syntax
admin quicksetup
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 320
Description
Runs the quick setup script.
admin reboot
Syntax
admin reboot
Description
Immediately terminates all connections and reboots the SLC 8000 advanced console manager.
The front panel LCD displays the “Rebooting the SLC” message, and the normal boot sequence
occurs.
admin shutdown
Syntax
admin shutdown
Description
Prepares the SLC 8000 advanced console manager to be powered off.
When you use this command to shut down the SLC console manager, the LCD front panel
displays the “Shutting down the SLC” message, followed by a pause, and then “Shutdown
complete.” When “Shutdown complete” displays, it is safe to power off the SLC 8000 advanced
console manager.
admin site
Syntax
admin site row <Data Center Rack Row Number>
admin site cluster <Data Center Rack Group Number>
admin site rack <Data Center Rack Number>
admin site tag <Site Description>
admin site show
Description
Configures information about the site where the SLC 8000 advanced console manager is located.
admin version
Syntax
admin version
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 321
Description
Displays current hardware and firmware information.
admin web certificate import
Syntax
admin web certificate import via <sftp|scp> [rootfile
<Cert Authority File>]
certfile <Certificate File> privfile <Private Key File>
host <IP Address or Name> login <User Login> [path <Path to Files>]
Description
Imports an SSL certificate.
admin web certificate reset
Syntax
admin web certificate reset
Description
Resets the web server to the default SSL certificate.
admin web certificate custom
Syntax
admin web certificate custom
Description
Generates a custom self-signed SSL certificate. The SHA256 hashing algorithm will be used to
generate the certificate.
admin web certificate show
Syntax
admin web certificate show
Description
Displays the web server SSL certificate.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 322
admin web group
Syntax
admin web group <Local or Remote Group Name>
Description
Configures the group that can access the web.
admin web server
Syntax
admin web server <enable|disable>
Description
Enables or disables running the web server (TCP ports 80 and 443).
admin web sha2
Syntax
admin web sha2 <enable|disable>
Description
Enables using only SHA2 and higher ciphers.
admin web timeout
Syntax
admin web timeout <disable|5-120>
Description
Configures the timeout for web sessions.
admin web terminate
Syntax
admin web terminate <Session ID>
Description
Terminates a web session.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 323
admin web show
Syntax
admin web show [viewcipherlist <enable|disable>]
Description
Displays the current sessions, with optional extra sessions or current ciphers.
admin web banner
Syntax
admin web banner
Description
Configures the banner displayed on the web home page.
admin web iface
Syntax
admin web iface <none,eth1,eth2,ppp>
Description
Defines a list of network interfaces the web is available on.
admin web cipher
Syntax
admin web cipher <high|himed|fips>
Description
Configures the strength of the cipher used by the web server (high is 256, 168 and some 128 bit,
medium is 128 bit).
admin web sha2
Syntax
admin web sha2 <enable|disable>
Description
Enable using only SHA2 and higher ciphers.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 324
admin web tlsv10
Syntax
admin web tlsv10 <enable|disable>
Description
Enables or disables TLS v1.0.
admin web tlsv11
Syntax
admin web tlsv11 <enable|disable>
Description
Enables or disables TLS v1.1.
admin web restart
Syntax
admin web restart
Description
Restarts the web server.
Warning: The following admin chip commands should only be used under the
direction of Lantronix Technical Support.
admin chip resetmodem
Description
Resets the internal modem chip in key system chips.
Syntax
admin chip resetmodem
admin chip reseti2cmux
Description
Resets the I2C Mux chip in key system chips.
Syntax
admin chip reseti2cmux
admin chip resetsfp ethport <1|2>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 325
Description
Resets the SFP chip in key system chips.
Syntax
admin chip resetsfp ethport <1|2>
Audit Log Commands
show auditlog
Syntax
show auditlog [command|user|clear]
Description
Displays audit log. By default, shows the audit log sorted by date/time. You can sort it by user or
command, or clear the audit log.
Authentication Commands
set auth
Syntax
set auth <one or more parameters>
Parameters
authusenextmethod <enable|disable>
kerberos <1-6>
ldap <1-6>
localusers <1-6>
nis <1-6>
radius <1-6>
tacacs+ <1-6>
Description
Sets ordering of authentication methods.
Local Users authentication is always the first method used. Any methods omitted from the
command are disabled.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 326
show auth
Syntax
show auth
Description
Displays authentication methods and their order of precedence.
show user
Syntax
show user
Description
Displays attributes of the currently logged in user.
Kerberos Commands
set kerberos
Syntax
set kerberos <one or more parameters>
Parameters
allowdialback <enable|disable>
clearports <Port List>
custommenu <Menu Name>
dataports <Port List>
dialbacknumber <Phone Number>
breakseq <1-10 Chars>
escapeseq <1-10 Chars>
group <default|power|admin>
ipaddr <Key Distribution Center IP Address>
kdc <Key Distribution Center>
listenports <Port List>
permissions <Permission List>
Note: See User Permissions Commands (on page 336) for information on groups and user
rights.
port <Key Distribution Center TCP Port>
realm <Kerberos Realm>
state <enable|disable>
useldapforlookup <enable|disable>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 327
Description
Configures the SLC 8000 advanced console manager to use Kerberos to authenticate users who
log in via the Web, SSH, Telnet, or the console port.
show kerberos
Syntax
show kerberos
Description
Displays Kerberos settings.
LDAP Commands
set ldap
Syntax
set ldap <one or more parameters>
Parameters
state <enable|disable>
server1 <IP Address or Name>
server2 <IP Address or Name>
port <TCP Port>
base <LDAP Base>
bindname <Bind Name>
bindwithlogin <enable|disable>
useldapschema <enable|disable>
adsupport <enable|disable>
filteruser <User Login Attribute>
filtergroup <Group Objectclass>
grmemberattr <Group Membership Attribute>
grmembervalue <dn|name>
encrypt <starttls|ssl|disable>
dataports <Port List>
listenports <Port List>
clearports <Port List>
escapeseq <1-10 Chars>
breakseq <1-10 Chars>
custommenu <Menu Name>
allowdialback <enable|disable>
dialbacknumber <Phone Number>
group <default|power|admin>
permissions <Permission List>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 328
Note: See User Permissions Commands (on page 336) for information on groups and
user rights.
Description
Configures the SLC 8000 advanced console manager to use LDAP to authenticate users who log
in via the Web, SSH, Telnet, or the console port.
set ldap bindpassword
Description
Set the LDAP bind password.
Syntax
set ldap bindpassword
set ldap certificate import
Description
To upload X.509/PEM certificate for Start TLS encrypted connections:
Syntax
set ldap certificate import via <sftp|scp> rootfile <Cert Auth File>
certfile <Certificate File> keyfile <Key File>
host <IP Address or Name> login <User Login> [path <Path to Files>]
set ldap certificate delete
Description
To delete an LDAP certificate.
Syntax
set ldap certificate delete
show ldap
Syntax
show ldap
Description
Displays LDAP settings.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 329
Local Users Commands
set localusers add|edit
Syntax
set localusers add|edit <User Login> <one or more parameters>
Parameters
allowdialback <enable|disable>
breakseq <1-10 Chars>
changenextlogin <enable|disable>
changepassword <enable|disable>
clearports <Port List>
dataports <Port List>
dialbacknumber <Phone Number>
displaymenu <enable|disable>
escapeseq <1-10 Chars>
listenports <Port List>
custommenu <Menu Name>
uid <User Identifier>
group <default|power|admin|Custom Group Name>
passwordexpires <enable|disable>
permissions <Permission List>
Note: See User Permissions Commands (on page 336) for information on groups and
user rights. Remove Escape & Break Sequences for users making raw binary connections
to Device Ports.
Description
Configures local accounts (including sysadmin) who log in to the SLC 8000 advanced console
manager by means of the Web, SSH, Telnet, or the console port.
set localusers allowreuse
Syntax
set localusers allowreuse <enable|disable>
Description
Sets whether a login password can be reused.
set local users complexpasswords
Syntax
set localusers complexpasswords <enable|disable>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 330
Description
Sets whether a complex login password is required. Complex passwords require at least one
uppercase character, one lowercase character, one digit, and one non-alphanumeric character.
set localusers state
Syntax
set localusers state <enable|disable>
Description
Enables or disables authentication of local users.
set localusers delete
Syntax
set localusers delete <User Login>
Description
Deletes a local user.
set localusers lifetime
Syntax
set localusers lifetime <Number of Days>
Description
Sets the number of days the login password may be used. The default is 90 days.
set localusers maxloginattempts
Syntax
set localusers maxloginattempts <Number of Logins>
Description
Sets the maximum number of login attempts before the account is locked. Disabled by default.
set localusers password
Syntax
set localusers password <User Login>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 331
Description
Sets a login password for the local user.
set localusers periodlockout
Syntax
set localusers periodlockout <Number of Minutes>
Description
Sets the number of minutes after a lockout before the user can try to log in again. Disabled by
default.
set localusers periodwarning
Syntax
set localusers periodwarning <Number of Days>
Description
Sets the number of days the system warns the user that the password will be expiring. The default
is 7 days.
set localusers reusehistory
Syntax
set localusers reusehistory <Number of Passwords>
Description
Sets the number of passwords the user must use before reusing an old password. The default is 4.
set localusers multipleadminlogins
Syntax
set localusers multipleadminlogins <enable|disable>
Description
Allows multiple admin logins among local users to the web server.
set localusers consoleonlyadmin
Syntax
set localusers consoleonlyadmin <enable|disable>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 332
Description
Sets local users. to console only admin setting. If enabled, the admin user can only log into the
SLC via the console, and will be prevented from logging in via the web, SSH or Telnet.
show localusers
Syntax
show localusers [display <brief|extended>] [user <User Login>]
Description
Displays local users.
set localusers lock
Syntax
set localusers lock <User Login>
Description
Blocks (locks) a user's ability to login.
set localusers unlock
Syntax
set localusers unlock <User Login>
Description
Allows (unlocks) a user's ability to login.
set localusers permissions
Syntax
set localusers add|edit <user> permissions <Permission List>
where
<Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, do,
ub, rp, rs, rc, dr, wb, sn, ad, md, sd
To remove a permission, type a minus sign before the two-letter abbreviation for a user
permission.
Description
Sets a local user's permissions (not defined by the user group).
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 333
NIS Commands
set nis
Syntax
set nis <one or more parameters>
Parameters
allowdialback <enable|disable>
broadcast <enable|disable>
clearports <Port List>
custommenu <Menu Name>
dialbacknumber <Phone Number>
dataports <Port List>
domain <NIS Domain Name>
breakseq <1-10 Chars>
escapeseq <1-10 Chars>
group <default|power|admin>
listenports <Port List>
master <IP Address or Hostname>
permissions <Permission List>
Note: See User Permissions Commands on page 336 for information on groups and
user rights.
slave1 <IP Address or Hostname>
slave2 <IP Address or Hostname>
slave3 <IP Address or Hostname>
slave4 <IP Address or Hostname>
slave5 <IP Address or Hostname>
state <enable|disable>
Description
Configures the SLC 8000 advanced console manager to use NIS to authenticate users who log in
via the Web, SSH, Telnet, or the console port.
show nis
Syntax
show nis
Description
Displays NIS settings.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 334
RADIUS Commands
set radius
Syntax
set radius <one or more parameters>
Parameters
state <enable|disable>
allowdialback <enable|disable>
clearports <Port List>
custommenu <Menu Name>
dataports <Port List>
dialbacknumber <Phone Number>
breakseq <1-10 Chars>
escapeseq <1-10 Chars>
group <default|power|admin>
listenports <Port List>
permissions <Permission List>
Note: See User Permissions Commands on page 336 for information on groups and
user rights.
timeout <enable|1-30>
Note: Sets the number of seconds after which the connection attempt times out. It may
be 1-30 seconds.
Description
Configures the SLC 8000 advanced console manager to use RADIUS to authenticate users who
log in via the Web, SSH, Telnet, or the console port.
set radius server
Syntax
set radius server <1|2> host <IP Address or Hostname> secret <Secret>
[port <TCP Port>]
Description
Identifies the RADIUS server(s), the text secret, and the number of the TCP port on the RADIUS
server.
Note: The default port is 1812.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 335
show radius
Syntax
show radius
Description
Displays RADIUS settings.
TACACS+ Commands
set tacacs+
Syntax
set tacacs+ <one or more parameters>
Parameters
state <enable|disable>
server1 <IP Address or Name>
server2 <IP Address or Name>
server3 <IP Address or Name>
encrypt <enable|disable>
authservice <login|pap|chap>
service <Service to Authorize>
protocol <Protocol for Service>
timeout <1-10 seconds>
dataports <Port List>
listenports <Port List>
clearports <Port List>
escapeseq <1-10 Chars>
breakseq <1-10 Chars>
custommenu <Menu Name>
allowdialback <enable|disable>
dialbacknumber <Phone Number>
group <default|power|admin>
permissions <Permission List>
Note: See User Permissions Commands (on page 336) for information on groups and
user rights.
Set the TACACS+ secret (any extra parameters will be ignored):
set tacacs+ secret
Description
Configures the SLC 8000 advanced console manager to use TACACS+ to authenticate users who
log in via the Web, SSH, Telnet, or the console port.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 336
show tacacs+
Syntax
show tacacs+
Description
Displays TACACS+ settings.
User Permissions Commands
set localusers group
Syntax
set localusers add|edit <user> group <default|power|admin|custom group
name>
Description
Adds a local user to a user group or changes the group the user belongs to.
set localusers lock
Syntax
set localusers lock <User Login>
Description
Blocks (locks) a user's ability to login.
set localusers unlock
Syntax
set local users unlock <User Login>
Description
Allows (unlocks) a user's ability to login.
set localusers permissions
Syntax
set localusers add|edit <user> permissions <Permission List>
where
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 337
<Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, do,
ub, rp, rs, rc, dr, wb, sn, ad, md, sd
To remove a permission, type a minus sign before the two-letter abbreviation for a user
permission.
Description
Sets a local user's permissions (not defined by the user group).
set <nis|ldap|radius|kerberos|tacacs+> permissions
Syntax
set <nis|ldap|radius|kerberos|tacacs> permissions <Permission List>
where
<Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, do,
ub, rp, rs, rc, dr, wb, sn, ad, md, sd
Description
Sets permissions not already defined by the assigned permissions group.
show user
Syntax
show user
Description
Displays the rights of the currently logged-in user.
Remote User Commands
set remoteusers add|edit
Syntax
set remoteusers add|edit <User Login> [<parameters>]
Parameters
dataports <Port List>
breakseq <1-10 Chars>
escapeseq <1-10 Chars>
listenports <Port List>
clearports <Port List>
custommenu <Menu Name>
displaymenu <enable|disable>
allowdialback <enable|disable>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 338
dialbacknumber <Phone Number>
group <default|power|admin|Custom Group Name>
permissions <Permissions List>
where
<Permission List> is one or more of nt, sv, dt, lu, ra, sk, um, dp, do,
ub, rp, rs, rc, dr, wb, sn, ad, md, sd
To remove a permission, type a minus sign before the two-letter abbreviation for a user right.
Note: See 'help user permissions' for information on groups and user rights.
Description
Sets attributes for users who log in by a remote authentication method. Access to authenticated
remote users whose LDAP group or TACACS+ priv_lvl map to a SLC custom group.
set remoteusers listonlyauth
Syntax
set remoteusers listonlyauth <enable|disable>
Description
Configure whether remote users who are not part of the remote user list will be authenticated.
set remoteusers denyaccessnocustomgroup
Syntax
set remoteusers denyaccessnocustomgroup <enable|disable>
Description
Access to authenticated remote users whose LDAP group or TACACS+ priv_lvl map to a SLC
custom group:.
set remoteusers lock|unlock
Syntax
set remoteusers lock|unlock <User Login>
Description
Allow (unlock) or block (lock) a user's ability to login.
set remoteusers delete
Syntax
set remoteusers delete <User Login>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 339
Description
Removes a remote user.
show remoteusers
Syntax
show remoteusers [display <brief|extended>] [user <User Login>]
Description
Displays settings for all remote users.
set <nis|ldap|radius|kerberos|tacacs+> group
Syntax
set <nis|ldap|radius|kerberos|tacacs> group <default|power|admin>
Description
Sets a permission group for remotely authorized users.
ConsoleFlow Commands
set cflow client
Syntax
set cflow client <enable|disable>
Description
Configure interaction with ConsoleFlow management server. The communication with the server
is enabled by default, and can be disabled.
set cflow statusinterval
Syntax
set cflow statusinterval <1-60 minutes> fwconfiginterval <1-72 hours>
Description
Set interval between status updates, and firmware and configuration checks.
set cflow fwupdate
Syntax
set cflow fwupdate <enable|disable> configupdate <enable|disable>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 340
Description
Enable or disable firmware and configuration updates via ConsoleFlow.
set cflow rebootafterupdate
Syntax
set cflow rebootafterupdate <enable|disable>
Description
Enable or disable reboots after firmware or configuration updates.
set cflow connection
Syntax
set cflow connection <cloud|onpremise> <one or more parameters>
Parameters
host <IP Address or Name>
port <TCP Port>
secureport <enable|disable>
validatecerts <enable|disable>
mqttstate <enable|disable>
mqtthost <IP Address or Name>
mqttport <TCP Port>
mqttsecurity <enable|disable>
projecttag <Project Tag>
Description
Configure ConsoleFlow Cloud or On-Premise settings.
set cflow devicename
Syntax
set cflow devicename <Device Name> description <Device Description>
Description
Configure the device name and description used for registration.
set cflow timeoutcli
Syntax
set cflow timeoutcli <1-1800 seconds>
set cflow timeoutdp <1-1800 seconds>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 341
Description
Configure the timeout for the ConsoleFlow Web Terminal sessions.
set cflow digitalprobe
Syntax
set cflow digitalprobe <Device Port # or List or Name>
frequency <disable|15-3600 seconds>
Description
Configures the device port digital probe for determining managed device connection status.
set cflow id
Syntax
set cflow id
Description
Set the device ID.
set cflow key
Syntax
set cflow key
Description
Set the ConsoleFlow key
show cflow
Syntax
show cflow
show cflow status
show cflow perfmon
show cflow scripts
show cflow probes
Description
Show ConsoleFlow settings
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 342
CLI Commands
set cli
Syntax
set cli scscommands <enable|disable>
Parameters
set cli scscommands <enable|disable>
set cli terminallines <disable|Number of Lines>
set cli menu <start|Menu Name>
show cli
Description
Allows you to use SCS-compatible commands as shortcuts for executing commands. It is
disabled by default.
Note: Settings are retained between CLI sessions for local users and users listed in the
remote users list.
set cli menu
Description
If a menu is associated with the current user and the menu was not displayed at login, 'start' will
run the menu. Users with full administrative or menu user rights can also specify the name of any
menu to run.
Syntax
set cli menu <start|Menu Name>
set cli terminallines
set cli terminallines <disable|Number of lines>
Description
Sets the number of lines in the terminal emulation (screen) for paging through text one screenful at
a time, if the SLC 8000 advanced console manager cannot detect the size of the terminal
automatically.
Note: Settings are retained between CLI sessions for local users and users listed in the
remote users list.
show cli
Syntax
show cli
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 343
Description
Displays current CLI settings.
show user
Syntax
show user
Description
Displays attributes of the currently logged in user.
set history
Syntax
set history clear
Description
Clears the commands that have been entered during the command line interface session.
show history
Syntax
show history
Description
Displays the last 100 commands entered during the session.
Connection Commands
connect bidirection
Syntax
connect bidirection <Port # or Name> <endpoint> <one or more Parameters>
Parameters
Endpoint is one of:
charcount <# of Chars>
charseq <Char Sequence>
charxfer <toendpoint|fromendpoint>
date <MMDDYYhhmm[ss]>
deviceport <Device Port # or Name>
exclusive <enable|disable>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 344
ssh <IP Address or Name> [port <TCP Port>][<SSH flags>]
where <SSH flags> is one or more of:
user <Login Name>
version <1|2>
command <Command to Execute>
tcp <IP Address> [port <TCP Port>]
telnet <IP Address or Name> [port <TCP Port>]
trigger <now|datetime|chars>
If the trigger is datetime (establish connection at a specified date/time), enter the date
parameter. If the trigger is chars (establish connection on receipt of a specified number or
characters or a character sequence), enter the charxfer parameter and either the charcount
or the charseq parameter.
udp <IP Address> [port <UDP Port>]
Description
Connects a device port to another device port or an outbound network connection (data flows in
both directions).
connect direct
Syntax
connect direct <endpoint>
Parameters
Endpoint is one of:
deviceport <Device Port # or Name>
ssh <IP Address or Name> [port <TCP Port>][<SSH flags>]
where <SSH flags> is one or more of:
user <Login Name>
version <1|2>
command <Command to Execute>
tcp <IP Address> [port <TCP Port>]
telnet <IP Address or Name> [port <TCP Port>]
udp <IP Address> [port <UDP Port>
hostlist <Host List>
Description
Connects to a device port to monitor and/or interact with it, or establishes an outbound network
connection.
connect global outgoingtimeout
Syntax
connect global outgoingtimeout <disable|1-9999 seconds>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 345
Description
Sets the amount of time the SLC 8000 advanced console manager will wait for a response (sign of
life) from an SSH/Telnet server that it is trying to connect to.
Note: This is not a TCP timeout.
connect listen deviceport
Syntax
connect listen deviceport <Device Port # or Name>
Description
Monitors a device port.
connect terminate
Syntax
connect terminate <Connection ID>
Description
Terminates a connection.
connect unidirection
Syntax
connect unidirection <Device Port # or Name> dataflow
<toendpointfromendpoint> <endpoint>
Parameters
Endpoint is one of:
charcount <# of Chars>
charseq <Char Sequence>
datetime <MMDDYYhhmm[ss]>
deviceport <Port # or Name>
exclusive <enable|disable>
ssh <IP Address or Name> [port <TCP Port][<SSH flags>]
where <SSH flags> is one or more of:
user <Login Name>
version <1|2>
command <Command to Execute>
tcp <IP Address> [port <TCP Port>]
telnet <IP Address or Name> [port <TCP Port]
trigger <now|datetime|chars>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 346
If the trigger is datetime (establish connection at a specified date/time), enter the date
parameter. If the trigger is chars (establish connection on receipt of a specified number or
characters or a character sequence), enter either the charcount or the charseq parameter.
udp <IP Address> [port <UDP Port>]
Description
Connects a device port to another device port or an outbound network connection (data flows in
one direction).
show connections
Syntax
show connections [email <Email Address>]
Description
Displays connections and their IDs. You can optionally email the displayed information.
The connection IDs are in the left column of the resulting table. The connection ID associated with
a particular connection may change if the connection times out and is restarted.
show connections connid
Syntax
show connections connid <Connection ID> [email <Email Address>]
Description
Displays details for a single connection. You can optionally email the displayed information.
Console Port Commands
set consoleport
Syntax
set consoleport <one or more parameters>
Parameters
baud <300-230400>
databits <7|8>
flowcontrol <none|xon/xoff|rts/cts>
group <Local or Remote Group Name>
parity <none|odd|even>
showlines <disable|1-50 lines>
stopbits <1|2>
timeout <disable|1-30>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 347
Description
Configures console port settings.
show consoleport
Syntax
show consoleport
Description
Displays console port settings.
Custom User Menu Commands
When creating a custom user menu, note the following limitations:
Maximum of 20 custom user menus.
Maximum of 50 commands per custom user menu (logout is always the last command).
Maximum of 15 characters for menu names.
Maximum of five nested menus can be called.
No syntax checking. (Enter each command correctly.)
set localusers
Syntax
set localusers add|edit <User Login> custom menu <Menu Name>
Description
Assigns a custom user menu to a local user.
set menu add
Syntax
set menu add <Menu Name> [command <Command Number>]
Description
Creates a new custom user menu or adds a command to an existing custom user menu.
set menu edit
Syntax
set menu edit <Menu Name> <parameter>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 348
Parameters
command <Command Number>
nickname <Command Number>
redisplaymenu <enable|disable>
shownicknames <enable|disable>
title <Menu Title>
Description
Changes a command within an existing custom user menu. Changes a nickname within an
existing custom user menu. Enables or disables the redisplay of the menu before each prompt.
Enables or disables the display of command nicknames instead of commands. Sets the optional
title for a menu.
set menu delete
Syntax
set menu delete <Menu Name> [command <Command Number>]
Description
Deletes a custom user menu or one command within a custom user menu.
set <nis|ldap|radius|kerberos|tacacs+> custommenu
Syntax
set <nis|ldap|radius|kerberos|tacacs> custommenu <Menu Name>
Description
Assigns a custom menu to users who authenticate via NIS, LDAP, Radius, Kerberos, or
TACACS+.
set remoteusers add|edit
Syntax
set remoteusers add|edit <User Login> custommenu <Menu Name>
Description
Sets a default custom menu for remotely authorized users.
show menu
Syntax
show menu <all|Menu Name>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 349
Description
Displays a list of all menu names or all commands for a specific menu.
Date and Time Commands
set datetime
Syntax
set datetime <one parameter>
Parameters
date <MMDDYYhhmm[ss]>
timezone <Time Zone>
Note: If you do not know a valid <Time Zone>, enter 'timezone <invalid time zone>' and
you will be guided through selecting one from the available time zones.
Description
Sets the local date, time, and local time zone (one parameter at a time).
show datetime
Syntax
show datetime
Description
Displays the local date, time, and time zone.
set ntp
Syntax
set ntp <one or more ntp parameters>
Parameters
localserver1 <IP Address or Hostname>
localserver2 <IP Address or Hostname>
localserver3 <IP Address or Hostname>
poll <local|public>
publicserver <IP Address or Hostname>
state <enable|disable>
sync <broadcast|poll>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 350
Description
Synchronizes the SLC 8000 advanced console manager with a remote time server using NTP.
show ntp
Syntax
show ntp
Description
Displays NTP settings.
Device Commands
set command
Syntax
set command <Device Port # or Name or List> <one or more parameters>
Parameters
sensorsoft lowtemp <Low Temperature>
Sets the lowest temperature permitted for the port.
sensorsoft hightemp <High Temperature>
Sets the hightest temperature permitted for the port.
sensorsoft lowhumidity <Low Humidity %>
Sets the lowest humidity pemitted for the port.
sensorsoft highhumidity <High Humidity %>
Sets the lowest humidity permitted for the port.
sensorsoft degrees <celsius|fahrenheit>
Enables or disables temperature settings as celcius or fahrenheit.
sensorsoft traps <enable|disable>
Enables or disables traps when specified conditions are met.
sensorsoft status
Displays the status of the port.
sensorsoft showall
Displays the status for all connected Sensorsoft devices and ignores the device port\nlist.
Note: The Sensorsoft lowtemp and hightemp settings are given in the scale specified by
the degrees setting.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 351
Description
Sends commands to (or control) a device connected to an SLC device port over the serial port.
Note: Currently the only devices supported for this type of interaction are Sensorsoft
devices.
Device Port Commands
set deviceport port
Description
Sets the dialout password.
Syntax
set deviceport port <Device Port # or List or Name> <one or more device
port parameters>
Example: set deviceport port 2-5,6,12,15-16 baud 2400
Parameters
actiondelay <Action Delay>
actionrestart <Restart Delay>
assertdtr <enable|disable>
auth <pap|chap>
banner <Banner Text>
baud <300-230400>
breakseq <1-10 Chars>
bytethreshold <# of Characters>
calleridcmd <Modem Command String>
calleridlogging <enable| disable>
cbcptype <admin|user>
cbcpnocallback <enable|disable>
chapauth <chaphost|localusers>
chaphost <CHAP Host or User Name>
checkdsr <enable|disable>
closedsr <enable|disable>
connectedmsg <enable|disable>
databits <7|8>
device <none|sensorsoft|rpm>
detectname <enable|disable>
detecttokens <Name Detection Tokens>
dialbackdelay <PPP Dial-back Delay>
dialbacknumber <usernumber|Phone Number>
dialbackretries <1-10>
dialinlist <Host List for Dial-in>
dialoutlogin <Remote User Login>
dialoutnumber <Phone Number>
dodauth <pap|chap>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 352
dodchaphost <CHAP Host or User Name>
dtrcontrol <none|toggledtr|autodtr>
emailsubj <Email Subject>
emailto <Email Address>
flowcontrol <none|xon/xoff|rts/cts>
group <Local or Remote Group Name>
idletimeoutmsg <enable|disable>
initscript <Modem Initialization Script>
ipaddr <IP Address[/Mask Bits]>
locallogging <enable|disable>
maxdirect <1-15>
Note: We recommend preceding the initscript with AT and include E1 V1 x4 Q0 so that
the SLC 8000 advanced console manager may properly control the modem.
localipaddr <negotiate|IP Address>
logins <enable|disable>
minimizelatency <enable|disable>
modemmode <text|ppp>
modemstate <disable|dialin|dialout|dialback|dialinhostlist|dialondemand|
dialin+ondemand|dialback+ondemand|cbcpclient|cbcpserver>
modemtimeout <disable|1-9999 seconds>
name <Device Port Name>
nat <enable|disable>
newusermsg <enable|disable>
nfsdir <Logging Directory>
nfslogging <enable|disable>
nfsmaxfiles <Max # of Files>
nfsmaxsize <Size in Bytes>
numsessionsmsg <enable|disable>
parity <none|odd|even>
portlogseq <1-10 Chars>
poweraction <on|off|cycle>
powermgmtseq <1-10 Chars>
powersupply <Managed Power Supply Name>
remoteipaddr <negotiate|IP Address>
restartdelay <PPP Restart Delay>
reversepinout<enable|disable>
sendstring <String to Send|QUOTEDSTRING>
sendtermstr <enable|disable>
showlines <disable|1-50 lines>
slmlogging <enable|disable>
slmnms <NMS IP Address>
slmthreshold <Threshold>
slmtime <Time Frame>
sshauth <enable|disable>
sshdatadir <netin|netout|both>
sshin <enable|disable>
sshport <TCP Port>
sshtimeout <disable|1-3600 seconds>
stopbits <1|2>
sysloglogging <enable|disable>
tcpauth <enable|disable>
tcpdatadir <netin|netout|both>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 353
tcpin <enable|disable>
tcpport <TCP Port>
tcptimeout <disable|1-3600 seconds>
telnetauth <enable|disable>
telnetdatadir <netin|netout|both>
telnetin <enable|disable>
telnetport <TCP Port>
telnetsoftiac <enable|disable>
telnettimeout <disable|1-3600 sec>
termstr <Termination String>
timeoutlogins <disable or 1-30 minutes>
tokenaction <List of none,log,trap,email,string,power>
tokendatadetect <enable|disable>
tokenstring <Regex String>
tokentrigger <bytecnt|charstr>
usbchannel <1-2>
usblogging <enable|disable>
usbmaxfiles <Max # of Files>
usbmaxsize <Size in Bytes>
usbport <U1|U2|SD>
usbvbus <enable|disable>
usesites <enable|disable>
viewportlog <enable|disable>
Description
Configures a single port or a group of ports.
Set the modem password and CHAP secrets (any extra parameters will be ignored):
set deviceport port <Device Port # or List or Name> dialoutpassword
set deviceport port <Device Port # or List or Name> chapsecret
set deviceport port <Device Port # or List or Name> dodchapsecret
Reset a device port, terminating and restarting all relevant connections:
set deviceport port <Device Port # or List or Name> reset
Configure up to 4 managed power supplies for device connected to a device port:
set deviceport port <Device Port # or Name> managepower
Reset a device port, terminating and restarting all relevant connections:
set deviceport port <Device Port # or List or Name> reset
Note: A group of device ports can be configured by specifying a comma-separated list of
ports (i.e., '1-4,8,10-12') or 'ALL'. Remove breakseq for Device Ports connected to raw
binary connections.The logging level for the Device Ports log must be set to 'Info' to view
Syslog entries for Device Port logging. It is recommended that the 'initscript' be
prepended with 'AT' and include 'E1 V1 x4 Q0' so that the SLC may properly control
the modem.
set deviceport global
Syntax
set deviceport global <one or more parameters>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 354
Parameters
sshport <TCP Port>
telnetport <TCP Port>
tcpport <TCP Port>
Description
Configures settings for all or a group of device ports.
show deviceport global
Syntax
show deviceport global
Description
Displays global settings for device ports.
show deviceport names
Syntax
show deviceport names
Description
Displays a list of all device port names.
show deviceport port
Syntax
show deviceport port <Device Port List or Name>
[display <ip|data|modem|logging|device>]
Description
Displays the settings for one or more device ports.
show deviceport types
Syntax
show deviceport types
Description
Displays the list of port types (RJ45 or USB) for all device ports.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 355
show portcounters
Syntax
show portcounters [deviceport <Device Port List or Name>] [email <Email
Address>]
Description
Displays device port statistics and errors for one or more ports. You can optionally email the
displayed information.
show portcounters zerocounters
Syntax
show portcounters zerocounters <Device Port List or Name>
Description
Zeros the port counters for one or more device ports.
show portstatus
Syntax
show portstatus [deviceport <Device Port List or Name>] [email <Email
Address>]
Description
Displays the modes and states of one or more device port(s). You can optionally email the
displayed information.
Diagnostic Commands
diag arp
Syntax
diag arp|arp6 [email <Email Address>]
Description
Displays the Address Resolution Protocol table (for IPv4) or the Neighbor table (for IPv6) for
mapping IP Addresses to hardware addresses.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 356
diag internals
Syntax
diag internals [email <Email Address>]
Enable debug printing on the next SLC reboot:
diag internals [printapplication <enable|disable>
printconnection <enable|disable>
printmanagement <enable|disable>
Description
Displays information on the internal memory, storage and processes of the SLC 8000 advanced
console manager. You can optionally email the displayed information.
diag iperf
Syntax
diag iperf mode <server|client> [host <iPerf Server IP Address or Name>]
[options <iPerf options>] [email <Email Address>]
Options
iPerf Options (enclose all options in quotes):
Set server port to listen on/connect to (default 5201): -p, --port n
Format to report: -f, --format [kmgtKMGT]
Pause n seconds between reports: -i, --interval n
Bind to a host, an interface or multicast address -B, --bind <host>
More detailed output: -V, --verbose
Output in JSON format: -J, --json
Options below are supported on client only:
Set length of buffer to n (default 8 KB): -l, --length n[KMG]
Use UDP rather than TCP: -u, --udp
TCP window size (socket buffer size): -w, --window n[KMG]
Set TCP/SCTP maximum segment size (MTU): -M, --set-mss n
Set TCP/SCTP no delay, disabling Nagle's Algorithm: -N, --no-delay
Set bandwith to n bits/sec (default 1Mbit/sec,unlimited for TCP);
-b, --bitrate n[KMG]
Number of bytes to transmit (instead of -t): -n, --bytes n[KMG]
Time in seconds to transmit for (default 10 secs): -t, --time n
Set the IPv6 flow label: -L, --flowlabel n
Use a 'zero copy' method of sending data: -Z, --zerocopy
Omit the first n seconds: -O, --omit n
Prefix every output line with this string: -T, --title str
# of blocks (packets) to transmit (instead of -t/-n): -k, --blockcount
Set the IP type of service, 0-255.
The usual prefixes for octal and hex can be used,
i.e. 52, 064 and 0x34 all specify the same value: -S, --tos n
Set the IP dscp value, either 0-63 or symbolic: --dscp n
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 357
Description
Runs an iPerf server or client to measure network throughput. You can optionally email the output.
The SLC uses iPerf version 3.X, which is incompatible with older versions (2.x).
diag lookup
Syntax
diag lookup <Name> [email <Email Address>]
Description
Resolves a host name into an IP address. You can optionally email the displayed information.
diag loopback
Syntax
diag loopback <Device Port Number or Name>[<parameters>]
Parameters
test <internal|external>
xferdatasize <Size In Kbytes to Transfer>
Defaults: test=external, xferdatasize=1K
Description
Tests a device port by transmitting data out the port and verifying that it is received correctly.
A special loopback cable comes with the SLC 8000 advanced console manager. To test a device
port, plug the cable into the device port and run this command. The command sends the specified
Kbytes to the device port and reports success or failure. The test is performed at 9600 baud. Only
an external test requires a loopback cable. The External test is currently not supported for USB
device ports.
diag netstat
Syntax
diag netstat [protocol <all|tcp|udp>] [email <Email Address>]
Defaults: protocol=all
Description
To display a report of network connections. You can optionally email the displayed information.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 358
diag nettrace
Syntax
diag nettrace <one or more parameters>
Parameters
ethport <1|2>
protocol <tcp|udp|icmp|esp>
host <IP Address or Name>
numpackets <Number of Packets>
verbose <low|medium|high|disable>
pcapfile <File Name> location <usb:sdcard> [usbport <U1:U2>]
Description
Displays all network traffic, applying optional filters (the output can be saved to a Wireshark pcap
file on external storage). This command is available in the CLI but not the web.
diag perfstat
Description
Display performance statistics for an Ethernet Port or Device Port, averaged over the last 5
seconds. Must specify an Ethernet Port or Device Port.
Syntax
diag perfstat [ethport <1|2>] [deviceport <Device Port # or Name>]
diag ping|ping6
Description
Verifies if the SLC can reach a host over the network.
diag ping|ping6 <IP Address or Name> [<parameters>]
Parameters
count <Number Of Times To Ping>
packetsize <Size In Bytes>
ethport <1|2>
Defaults: count=5, packetsize=64
diag sendpacket host
Description
Generate and send Ethernet packets.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 359
Syntax
diag sendpacket host <IP Address or Name> port <TCP or UDP Port Number>
[string <Packet String>] [protocol <tcp|udp>]
[count <Number of Packets>]
diag top
Syntax
diag top [parameters]
Description
Displays CPU usage, memory usage and tasks.
Parameters
continuous <enable|disable>
count <Number of Iterations to Display>
delay <Delay in Seconds>
numlines <Number of Lines to Display>
Defaults:
count=1, delay = 5 seconds
diag traceroute
Syntax
diag traceroute <IP Address or Hostname>
Description
Displays the route that packets take to get to a network host.
diag usb
Syntax
diag usb [<parameters>]
Description
To display information about USB buses and the devices connected to them, including the
mapping between a USB device and the SLC port. For "mapdevice enable", the port numbers will
displayed at the end of the line in square brackets.
Parameters
treedisplay <enable|disable>
mapdevice <enable|disable>
email <Email Address>
Defaults: treedisplay=enable
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 360
Events Commands
admin events add
Syntax
admin events add <trigger> <response>
<trigger> is one of:
dpdatadrop, humidlimit, pingfails, receivetrap, rpmload,
nomodemdialor templimit.
<response> is one of:
action syslog
action emailalert emailaddress <destination email address>
action snmptrap nms <SNMP NMS> community <SNMP Community>
action <fwdalltrapseth|fwdseltrapeth> ethport <1|2> nms <SNMP NMS>
community <SNMP Community> [oid <SNMP OID>]
action <fwdalltrapsmodem|fwdseltrapmodem> deviceport <Device Port #
or Name> nms <SNMP NMS> community <SNMP Community> [oid <SNMP Trap
OID>]
action <fwdalltrapsmodem|fwdseltrapmodem> usbport <U1|U2>
nms <SNMP NMS> community <SNMP Community> [oid <SNMP Trap OID>]
action <fwdalltrapsmodem|fwdseltrapmodem> internal modem
nms <SNMP NMS> community <SNMP Community> [oid <SNMP Trap OID>]
Description
Defines events.
admin events delete
Syntax
admin events delete <Event ID>
Description
Deletes an event definition.
admin events edit
Syntax
admin events edit <Event ID> <parameters>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 361
Parameters
community <SNMP Community>
deviceport <Device Port # or Name>
ethport <1|2>
nms <SNMP NMS>
host <IP Address or Name>
oid <SNMP Trap OID>
outlet <Outlet #>
rpm <RPM Id or Name>
threshold <Load Percentage|Current in Amps>usbport <u1|u2>
internal modem
emailaddress <destination email address>
Description
Edits event definitions.
admin events show
Syntax
admin events show
Description
Displays event definitions.
Group Commands
set groups add|edit <Group Name> [<parameters>]
Syntax
set groups add|edit <Group Name> [<parameters>]
Parameters
dataports <Port List>
listenports <Port List>
clearports <Port List>
escapeseq <1-10 Chars>
breakseq <1-10 Chars>
custommenu <Menu Name>
displaymenu <enable|disable>
allowdialback <enable|disable>
dialbacknumber <Phone Number>
permissions <Permission List>
Note: See 'help user permissions' for information on user rights.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 362
Rename a group:
set groups rename <Group Name> newname <New Group Name>
Delete a group:
set groups delete <Group Name>
Show one or more groups:
show groups [name <Group Name>] members <enable|disable>
Host List Commands
set hostlist add|edit <Host List Name>
Syntax
set hostlist add|edit <Host List Name> [<parameters>]
Parameters
name <Host List Name> (edit only)
retrycount <1-10>
Default: retrycount=3, auth=enable.
auth <enable|disable>
Description
Configures a prioritized list of hosts to be used for modem dial-in connections.
set hostlist add|edit <Host List Name> entry
Syntax
set hostlist add|edit <Host List Name> entry <Host Number>
[<parameters>]
Parameters
host <IP Address or Name>
protocol <ssh|telnet|tcp>
port <TCP Port>
escapeseq <1-10 Chars>
Description
Adds a new host entry to a list or edit an existing entry.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 363
set hostlist edit <Host List Name> move
Syntax
set hostlist edit <Host List Name> move <Host Number> position <Host
Number>
Description
Moves a host entry to a new position in the host list.
set hostlist delete
Syntax
set hostlist delete <Host List> [entry <Host Number>]
Description
Deletes a host list, or a single host entry from a host list.
show hostlist
Syntax
show hostlist <all|names|Host List Name>
Description
Displays the members of a host list.
Internal Modem Commands
Configure the internal modem:
set intmodem <parameters>
Parameters
auth <pap|chap>
calleridcmd <Modem Command String>
calleridlogging <enable|disable>
modemstate <disable|dialin|dialout|dialback>
usesites <enable|disable>
modemmode <text|ppp>
group <Local or Remote Group Name>
timeoutlogins <disable|1-30 minutes>
modemtimeout <disable|1-9999 sec>
localipaddr <negotiate|IP Address>
restartdelay <PPP Restart Delay>
remoteipaddr <negotiate|IP Address>
chaphost <CHAP Host or User Name>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 364
initscript <Modem Init Script>
nat <enable|disable>
chapauth <chaphost|localusers>
checkdialtone <disable|5-600 min>
dialbacknumber <usernumber|Phone Number>
dialoutnumber <Phone Number>
dialbackdelay <PPP Dialback Delay>
dialoutlogin <Remote User Login>
dialbackretries <1-10>
Set the modem password and CHAP secret (any extra parameters will be ignored):
set intmodem dialoutpassword
set intmodem chapsecret
Note: It is recommended that the initscript be prepended with 'AT' and include
'E1 V1 x4 Q0' so that the SLC may properly control the modem.
Display settings for the internal modem:
show intmodem
IP Filter Commands
set ipfilter state
Syntax
set ipfilter state <enable|disable> [testtimer <disable|1-120 minutes>]
Description
Enables or disables IP filtering for incoming network traffic.
set ipfilter mapping
Syntax
set ipfilter mapping <parameters>
Parameters
ethernet <1|2|bond0> state <disable>
ethernet <1|2|bond0> state <enable> ruleset <Ruleset Name>
deviceport <1..48> state <disable>
deviceport <1..48> state <enable> ruleset <Ruleset Name>
usbport <U1|U2> state <disable>
usbport <U1|U2> state <enable> ruleset <Ruleset Name>
internal modem state <disable>
internal modem state <enable> ruleset <Ruleset Name>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 365
Description
Maps an IP filter to an interface.
set ip filter rules
Syntax
set ipfilter rules <parameters>
Parameters
add <Ruleset Name>
delete <Ruleset Name>
edit <Ruleset Name> <Edit Parameters>
Edit Parameters
append
insert <Rule Number>
replace <Rule Number>
delete <Rule Number>
Description
Sets IP filter rules.
Logging Commands
set deviceport port
Syntax
set deviceport port <Device Port List or Name> <one or more deviceport
parameters>
Parameters
actiondelay <Action Delay>
actionrestart <Restart Delay>
bytethreshold <# of Characters>
emailsubj <Email Subject>
emailto <Email Address>
locallogging <enable|disable>
nfsdir <Logging Directory>
nfslogging <enable|disable>
nfsmaxfiles <Max # of Files>
nfsmaxsize <Size in Bytes>
poweraction <on|off|cycle>
powersupply <Managed Power Supply Name>
sendstring <String to Send|QUOTEDSTRING>
tokenaction <List of none,log,trap,email,string,power>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 366
tokendatadetect <enable|disable>
tokenstring <Regex String>
tokentrigger <bytecnt|charstr>
usblogging <enable|disable>
usbmaxfiles <Max # of Files>
usbmaxsize <Size in Bytes>
usbport <u1|u2|sd>
sysloglogging <enable|disable>
Description
Configures logging settings for one or more device ports.
Local logging must be enabled for a device port for the locallog commands to be executed. To
use the set locallog clear command, the user must have permission to clear port buffers
(see Chapter 12: User Authentication.)
Example
set deviceport port 2-5,6,12,15-16 locallogging enable
show locallog
Syntax
show locallog <Device Port # or Name> [bytes <Bytes To Display>]
[startbyte <Byte Index>]
Description
Displays a specific number of bytes of data for a device port. 1K is the default.
set locallog clear
Syntax
set locallog clear <Device Port # or Name>
Description
Clears the local log for a device port.
The locallog commands can only be executed for a device port if local logging is enabled for
the port. The set locallog clear command can only be executed if the user has permission
to clear port buffers (see Chapter 12: User Authentication).
set log clear modem
Syntax
set log clear modem
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 367
Description
Clear the modem log (the modem log is automatically pruned when it reaches 50K):
set log modem ppplog
Syntax
set log modem ppplog <enable|disable>
Description
Enables PPP activity messages in the modem log.
set log modem ppplog <enable|disable>
Syntax
set log modem pppdebug
Description
Enables PPP debugging messages in the modem log:
set log modem pppdebug <enable|disable>
Syntax
show log modem
Description
View the modem activity log for external modems and USB modems:
show log modem [display <head|tail>][numlines <Number of Lines>]
show log local
Syntax
show log local
Description
View the log for local, NFS, or USB logging (NFS and USB use the current logging settings for the
Device Port). Default is to show the log tail:
show log local|nfs|usb|sdcard <Device Port # or Name> [<parameters>]
Parameters
display <head|tail>
numlines <Number of Lines>
bytes <Bytes to Display>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 368
startbyte <Byte Index>
logfile <NFS, USB or SD card Log File>
Defaults: bytes=1000, startbyte=1, numlines=40
Lists the NFS, USB, or SD card log files, either for a specific device port, or all log files in a USB,
NFS, or SD card location:
show log files nfs|usb|sdcard [localdir <NFS Mount Local Directory>]
[usbport <U1|U2>]
[deviceport <Device Port # or name>]
Network Commands
set network
Syntax
set network <parameters>
Parameters
startprobes <1-99999 Seconds>
probes <Number of Probes>
interval <1-99999 Seconds>
ipforwarding <enable|disable>
ip6forwarding <enable|disable>
Description
Sets TCP Keepalive and IP Forwarding network parameters.
set network bonding
Syntax
set network bonding <disabled|active-backup|802.3ad|load-balancing>
Description
Configure Ethernet Bonding.
set network dns
Syntax
set network dns <1|2|3> ipaddr <IP Address>
Description
Configures up to three DNS servers.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 369
set network dnsipv4prec
Syntax
set network dnsipv4prec <enable|disable>
Description
Configures IPv4/IPv6 lookup precedence.
set network gateway
Syntax
set network gateway <parameters>
Parameters
default <IP Address>
ipv6default <IPv6 Address>
precedence <dhcp|default>
failover <IP Address>
pingip <IP Address>
ethport <1|2>
pingdelay <1-250 seconds>
failedpings <1-250>
faildevice <none|hspa|sierra>
faildevapn <Fail-over Device: APN of Mobile Carrier>
faildevlockpin <enable|disable>
faildevlogin <Fail-over Device: Admin Login>
faildevcelluser <Fail-over Device: SIM Login>
faildevcellpwd <Fail-over Device: SIM Password>
faildevcelldialstr <Fail-over Device: Dialup Str>
faildevcellroam <enable|disable>
Transfer firmware update files to the SLC to initiate a firmware update on the fail-over device:
set network gateway faildevupdate <ftp|sftp|scp|usb|sdcard>
gwfile <Firmware File> radiofile <Radio File> [usbport <U1|U2>]
[host <IP Address or Name>] [login <User Login>] [path <File
Path>]
Reboot the fail-over device, or set the fail-over device SIM Card PIN #, SIM Personal Unblocking
Key or Admin Password (any extra parameters will be ignored):
set network gateway reboot
set network gateway faildevpin
set network gateway faildevpuk
set network gateway faildevpassword
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 370
Description
Set default & fail-over gateways (the fail-over gateway is used if an IP address usually accessible
through the default gateway fails to return 1 or more pings), and configure settings for supported
fail-over devices.
set network host
Syntax
set network host <Hostname> [domain <Domain Name>]
Description
Sets the SLC host name and domain name.
set network fqdnlist
Syntax
set network fqdnlist <1-15> ipaddr <IP Address> fqdn <hostname>
Description
Updates the local hosts table for DNS lookup of FQDNs.
set network port
Syntax
set network port <1|2> <parameters>
Parameters
state <dhcp|bootp|static|disable> [ipaddr <IP Address> mask <Mask>]
ipv6addr <IPv6 Address/Prefix>
mode <auto|10mbit-half|100mbit-half|10mbit-full|100mbit-full|
1000mbit-full>
mtu <Maximum Transmission Unit>
set network ipv6 <enable|disable>
Description
Displays DNS settings.
show network dns
Syntax
show network dns
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 371
Description
Displays DNS settings.
show network gateway
Syntax
show network gateway
Description
Displays gateway settings.
show network host
Syntax
show network host
Description
Displays the network host name of the SLC 8000 advanced console manager.
show network port
Syntax
show network port <1|2>
Description
Displays Ethernet port settings and counters.
show network ipv6
Syntax
show network ipv6
Description
Displays all ipv6 settings.
show network sfp
Syntax
show network sfp
Description
Displays network port 1 and port 2 SFP diagnostics.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 372
show network all
Syntax
show network all
Description
Displays all network settings.
NFS and SMB/CIFS Commands
set nfs mount
Syntax
set nfs mount <one or more parameters>
Parameters
locdir <Directory>
mount <enable|disable>
remdir <Remote NFS Directory>
rw <enable|disable>
Enables or disables read/write access to remote directory.
Description
Mounts a remote NFS share.
The remdir and locdir parameters are required, but if they have been specified previously, you
do not need to provide them again.
set nfs unmount
Syntax
set nfs unmount <1|2|3>
Description
Unmounts a remote NFS share.
set cifs
Syntax
set cifs <one or more parameters>
Parameters
eth1 <enable|disable>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 373
eth2 <enable|disable>
state <enable|disable>
workgroup <Windows workgroup>
Description
Configures the SMB/CIFS share, which contains the system and device port logs.
The admin config command saves SLC configurations on the SMB/CIFS share.
set cifs password
Syntax
set cifs password
Description
Changes the password for the SMB/CIFS share login (default is cifsuser).
show cifs
Syntax
show cifs
Description
Displays SMB/CIFS settings.
show nfs
Syntax
show nfs
Description
Displays NFS share settings.
Performance Monitoring Commands
show perfmon
Syntax
show perfmon
Parameters
show perfmon [probe <all|Probe Id or Name>]
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 374
Description
Display global settings and all probes, or a selected probe.
show perfmon status
Syntax
show perfmon status
Parameters
show perfmon status [probe <Probe Id or Name>]
Description
Display the running status of all probes or a selected probe.
show perfmon operations
Syntax
show perfmon operations
Parameters
show perfmon operations <Probe Id or Name>
Description
Display list of completed operation sets for a probe.
set perfmon results
Syntax
set perfmon results
Parameters
show perfmon results <Probe Id or Name> [set <Operation Set Number>]
[display <head|tail>] [numlines <Number of Lines>]
[email <Email Address>]
Description
Display round trip times (RTT) for last completed operation set or selected set, and optionally
email the complete results.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 375
show perfmon accumulated
Syntax
show perfmon accumulated
Parameters
show perfmon accumulated <Probe Id or Name> [set <Operation Set Number>]
[email <Email Address>]
Description
Display accumulated statistics for last completed operation set or selected set, and optionally
email the statistics.
set perfmon repo
Syntax
set perfmon repo <local|usb|sdcard> [usbport <U1|U2>]
Description
Set repository where probe operations are stored.
set perfmon keep
Syntax
set perfmon keep <Number of Operations to Keep>
Description
Set number of operations stored for each probe.
set perfmon udpjitterresp
Syntax
set perfmon udpjitterresp <enable|disable>
Description
Enable responders for UDP jitter.
set perfmon udpechoresp
Syntax
set perfmon udpechoresp <UDP Port Number|disable>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 376
Description
Enable responders for UDP echo.
set perfmon tcpconnectresp
Syntax
set perfmon tcpconnectresp <TCP Port Number|disable>
Description
Enable responders for TCP connect.
set perfmon add
Syntax
set perfmon add <Probe Name>
type <dns|http|icmp|tcpconnect|udpecho|udpjitter|udpjittervoip>
Parameters
name <Probe Name>
starttime <now|HH:MM[:SS][MMDD]|afterHH:MM:SS>
operations <Number of Operations to Perform>
frequency <Seconds between Operations>
packets <Number of Packets to Send>
interval <Milliseconds between Packets>
timeout <Milliseconds to Wait for Response>
host <Destination IP Address or Name>
port <Destination Port>
precision <milli|micro>
datasize <Payload Data Size in Bytes>
verifydata <enable|disable>
codec <g729a|g711alaw|g711mulaw>
tos <none|Type of Service>
interface <none|eth1|eth2>
nameserver <IPv4 Address>
Description
Add a new probe.
set perfmon edit
Syntax
set perfmon edit <Probe Id or Name> [<parameters>]
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 377
Parameters
name <Probe Name>
starttime <now|HH:MM[:SS][MMDD]|afterHH:MM:SS>
operations <Number of Operations to Perform>
frequency <Seconds between Operations>
packets <Number of Packets to Send>
interval <Milliseconds between Packets>
timeout <Milliseconds to Wait for Response>
host <Destination IP Address or Name>
port <Destination Port>
precision <milli|micro>
datasize <Payload Data Size in Bytes>
verifydata <enable|disable>
codec <g729a|g711alaw|g711mulaw>
tos <none|Type of Service>
interface <none|eth1|eth2>
nameserver <IPv4 Address>
Description
Edit an existing probe.
set perfmon delete
Syntax
set perfmon delete <Probe Id or Name> [data <all|# of Sets to Keep>]
Description
Delete a probe, or delete all operation data for a probe, or delete all but the most recent operation
sets for a probe.
set perfmon state
Syntax
set perfmon state <all|Probe Id or Name> action <restart>
Description
Set the running state of all probes or a single a probe.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 378
Routing Commands
set routing
Syntax
set routing [parameters]
Parameters
rip <enable|disable>
route <1-64> ipaddr <IP Address> mask <Netmask> gateway <IP Address>
static <enable|disable>
version <1|2|both>
Description
Configures static or dynamic routing.
To delete a static route, set the IP address, mask, and gateway parameters to 0.0.0.0.
show routing
Syntax
show routing [resolveip <enable|disable>] [email <Email Address>]
Description
Sets the routing table to display IP addresses (disable) or the corresponding host names (enable).
You can optionally email the displayed information.
RPM Commands
set rpm add
Syntax
set rpm add <RPM Name>
Description
Adds an RPM to be managed (prompts will guide selection of RPM vendor and model).
set RPM command
Syntax
set rpm command <RPM Id or Name>
outlet <all|Outlet # or List> state <on|off|cyclepower>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 379
Description
Sends a command to control one or more outlets on an RPM.
Syntax
set rpm command <RPM Id or Name> device <reboot|shutdown>
Description
Sends a command to control an RPM device.
Syntax
set rpm command <RPM Id or Name> beeper <mute|enable|disable>
Description
Sends a command to control an RPM beeper.
set rpm delete
Syntax
set rpm delete <RPM Id or Name>
Description
Deletes an RPM.
set rpm driver
Syntax
set rpm driver <RPM Id or Name> action restart
set rpm driver <RPM Id or Name> action debug [level <1|2|3>]
set rpm driver <RPM Id or Name> action show
set rpm driver <RPM Id or Name> action viewoutput [email <Email Address>]
[display <head|tail>] [numlines <Number of Lines>]
Description
Control and debug the RPM driver if the driver is not properly communicating with the PDU or
UPS: restart the driver; restart the driver with debug output to a file; show the running driver; view
and email the driver debug output.
Note: Drivers running in debug mode will generate copious output and for disk space
reasons should not be left running in debug mode for long periods of time.
set rpm edit
Syntax
set rpm edit <RPM Id or Name> <one or more parameters>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 380
Parameters
name <New RPM Name>
outlets <# of Outlets>
ipaddr <IP Address>
port <TCP or Device Port>
login <RPM Admin Login>
rocommunity <SNMP Read-Only Community>
rwcommunity <SNMP Read-Write Community>
logstatus <disable|1-60 minutes>
snmptraps <enable|disable>
emailaddress <Email Address>
upslowbattery <shutdown|shutdownall|shutdownboth|allowfailure>
sdorder <disable|1-49>
powertoslc <enable|disable>
driveropts <Driver Options Override>
Description
Configure and control Remote Power Managers (RPMs), including PDUs and UPSes.
set rpm password
Syntax
set rpm password <RPM Id or Name>
Description
Set RPM administrative password.
show RPM
Syntax
show rpm [type <ups|pdu>]
[config <sdorder|notify>]
[device <RPM Name or Id> [data <raw|logs|envmon>]]
Note: The show rpm envmon command for RPM-configured ServerTech Serial/Network
Mode is not supported by NUT/Powerman.
Description
Display a list of all RPMs, RPMs of a specific type, UPS shutdown and notification configuration, or
details and outlets for a single RPM device.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 381
Script Commands
set script import
Syntax
set script import <interface|batch|custom> via <ftp|scp|copypaste>
[file <Script File>] [name <Script Name>] [host <IP Address
or Name>]
[login <User Login>] [path <Path to Script File>]
[filetype <expect|tcl|python>]
Note: Interface scripts will be given default/do user rights; Batch and Custom scripts will
be given admin/ad user rights. The name of the script will be the same as the file name (if
it is a valid script name), otherwise a script name must be specified for import.
Description
Import a script.
set script update
Syntax
set script update <interface|batch|custom> name <Script Name>
[group <default|power|admin>] [permissions <Permission List>]
Note: See 'help user permissions' for information on groups and user rights.
Description
Update a script.
set script rename
Syntax
set script rename <interface|batch|custom> name <Script Name>
newname <New Script Name>
Description
Rename a script.
set script delete
Syntax
set script delete <interface|batch|custom> name <Script Name>
Description
Delete a script.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 382
set script runcli
Syntax
set script runcli <Script Name> [parameters <Command Line Parameters>]
[debug <enable|disable>]
Description
Run a CLI batch or custom script one time (script output will be displayed in the current terminal;
custom script output will be saved in the repository).
connect script
Syntax
connect script <Script Name> deviceport <Device Port # or Name>
[parameters <Command Line Parameters>] debug
<enable|disable>]
Description
Connect an interface or custom script to a Device Port and run it one time (script output will be
displayed in the current terminal; custom script output will be saved in the repository).
set script schedule
Syntax
set script schedule <Script Name> [device <cli|Device Port # or Name>]
[state <enable|disable|delete>] [parameters
<Cmd Line Parameters>]
[starttime <now|HH:MM[MMDD]|afterHH:MM>]
[frequency <Hours/Days between each operation>]
[stoptime <forever|HH:MM[MMDD]|afterHH:MM>]
Description
Schedule a custom script to be run at a certain time, either once or recurring; frequency is
specified as hours (4H for 4 hours) or days (2D for 2 days).
show script
Syntax
show script [type <interface|batch|custom> [name <Script Name>]]
Description
Display list of scripts, or view the details and contents of a script.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 383
show script status
Syntax
show script status [script <Script Name>]
Description
Display the running status of all custom scripts or a single custom script.
show script operations
Syntax
show script operations <Script Name>
Description
Display list of completed results for a custom script.
show script results
show script results <Script Name> [set <all|Operation Set Number>]
[display <head|tail>] [numlines <Number of Lines>]
[email <Email Address>]
Description
Display the results for the last completed custom script operation or a selected operation, and
optionally email the results.
SD Card Commands
Enables or disables access to SD Card devices:
set sdcard access <enable|disable>
Mounts a SD Card for use as a storage device. The SD Card can be used for saving
configurations, firmware updates and device logging.
set sdcard mount
Unmounts a SD Card:
set sdcard unmount
Formats a SD Card:
set sdcard format [filesystem <ext2|fat16|fat32>]
Defaults: filesystem=ext2
Runs a filesystem check on a SD Card (recommended if it does not mount):
set sdcard fsck
Displays a directory listing of a SD Card:
set sdcard dir [subdir <Directory Path>]
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 384
Renames a file on a SD Card:
set sdcard rename <Filename> newfile <New Filename>
Copies a file on a SD Card:
set sdcard copy <Filename> newfile <New Filename>
Removes a file on a SD Card:
set sdcard delete <Current Filename>
Displays information about the SD Card device:
show sdcard
Security Commands
set security
Description
Configures SLC security and FIPS settings.
Parameters
set security <parameters>
fipsmode
Parameters
fipsmode <enable|disable>
show security
Description
Displays security settings and current status.
Parameters
show security
Services Commands
set services
Syntax
set services <one or more services parameters>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 385
Parameters
netlog <off|error|warning|info|debug> auditlog <enable|disable>
authlog <off|error|warning|info|debug> auditsize <1-500 Kbytes>
diaglog <off|error|warning|info|debug> clicommands <enable|disable>
servlog <off|error|warning|info|debug> includesyslog <enable|disable>
devlog <off|error|warning|info|debug> snmp <enable|disable>
genlog <off|error|warning|info|debug> v1 <enable|disable>
syslogserver1 <IP Address or Name> v2c <enable|disable>
syslogserver2 <IP Address or Name> traps <enable|disable>
rpmlogsize <5-40 Kbytes> trapversion <1|2|3>
otherlogsize <5-400 Kbytes> nms1 <IP Address or Name>
telnet <enable|disable> nms2 <IP Address or Name>;
timeouttelnet <disable|1-30 minutes> alarmdelay <1-6000 Seconds>
telnetdatadir <netin|netout|both> location <Physical Location>
webtelnet <enable|disable> contact <Admin Contact Info>
escapeseqtelnet <1-10 Chars> rocommunity <Read-Only Community>
outgoingtelnet <enable|disable> rwcommunity <Read-Write Community>
ssh <enable|disable> trapcommunity <Trap Community>
portssh <TCP Port> v3user <v3 RO User>
timeoutssh <disable|1-30 minutes> v3rwuser <v3 RW User>
sshdatadir <netin|netout|both> v3trapuser <v3 Trap User>
dsakeys <enable|disable> v3security <noauth|auth|authencrypt>
sha2 <enable|disable> v3auth <md5|sha|sha2_224|sha2_256|
webssh <enable|disable> sha2_384|sha2_512>
smtpserver <IP Address or Name> v3encrypt <des|aes>
smtpsender <Email Address> phonehome <enable|disable>
termbufsize <Number of Lines> phoneip <IP Address>
Description
Configures services (system logging, SSH and Telnet access, SSH and Telnet timeout, SNMP
agent, email [SMTP] server, and audit log.)
set services v3password
Syntax
set services v3password|v3phrase|v3rwpassword|v3rwphrase|v3trappassword
|v3trapphrase
Description
Set SNMP v3 read-only, read-write and trap password/passphrase.
show services
Syntax
show services
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 386
Description
Displays current service settings.
Site Commands
Configure a set of site-oriented modem parameters that can be activated by various modem-
related events (authentication, outbound network traffic for DOD connections, etc.). The site
parameters will override any parameters configured for the modem. To use sites with a modem,
enable 'usesites'. Sites can be used with the following modem states: dialin, dialback, cbcpserver,
dialondemand, dialin+ondemand, and dialback+ondemand.
set site add|edit
Syntax
set site add|edit <Site Name> [<parameters>]
Parameters
name <Site Name> (edit only)
deviceport <Device Port # or Name or none> dialoutnumber <Phone Number>
usbport <U1|U2> dialoutlogin <User Login>
internal modem allowdialback <enable|disable>
auth <pap|chap> dialbacknumber <Phone Number>
loginhost <User Login/CHAP Host> dialbackdelay <Dial-back Delay>
localipaddr <negotiate|IP Address> dialbackretries <1-10>
remoteipaddr <negotiate|IP Address> timeoutlogins <disable|1-30 minutes>
routeipaddr <IP Address> modemtimeout <disable|1-9999 secs>
routemask <Mask> restartdelay <PPP Restart Delay>
routegateway <Gateway> cbcpnocallback <enable|disable>
nat <enable|disable>
Set the site password and CHAP secret (any extra parameters will be ignored):
set site dialoutpassword <Site Name>
set site chapsecret <Site Name>
Deletes a site:
set site delete <Site Name>
show site <all|names|Site Name>
SLC Network Commands
set slcnetwork
Syntax
set slcnetwork <one or more parameters>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 387
Parameters
add <IP Address>
delete <IP Address>
search <localsubnet|ipaddrlist|both>
Description
Detects and displays all SLC 8000 advanced console manager or user-defined IP addresses on
the local network.
show slcnetwork
Syntax
show slcnetwork [ipaddrlist <all|Address Mask>]
Description
Detects and displays all SLC 8000 advanced console managers on the local network.
Without the ipaddrlist parameter, the command searches the SLC network. With the
ipaddrlist parameter, the command displays a sorted list of all IP addresses or displays the IP
addresses that match the mask (for example, 172.19.255.255 would display all IP addresses that
start with 172.19).
SSH Key Commands
set sshkey all export
Syntax
set sshkey allexport <ftp|sftp|scp|copypaste> [pubfile <Public Key
File>][host <IP Address or Name>] [login <User Login>][path <Path to Copy
Keys>]
Description
Exports the public keys all of the previously created SSH keys.
set sshkey delete
Syntax
set sshkey delete <one or more parameters>
Parameters
keyhost <SSH Key Host>
keyname <SSH Key Name>
keyuser <SSH Key User>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 388
Description
Deletes an ssh key.
Specify the keyuser and keyhost to delete an imported key; specify the keyuser and keyname
to delete exported key.
set sshkey export
Syntax
set sshkey export <ftp|sftp|scp|copypaste> <one or more parameters>
Parameters
[format <openssh|secsh>]
[host <IP Address or Name>]
[login <User Login>]
[path <Path to Copy Key>]
[bits <1024|2048|3072|4096>]
keyname <SSH Key Name>
keyuser <SSH Key User>
type <rsa|dsa>
Description
Exports an sshkey.
set sshkey import
Syntax
set sshkey import
Description
set sshkey import <ftp|sftp|scp|copypaste> <one or more parameters>
Parameters
[keyhost <SSH Key IP Address or Name>]
[keyuser <SSH Key User>]
[path <Path to Public Key File>]
file <Public Key File>
host <IP Address or Name>
login <User Login>
Description
Imports an SSH key.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 389
set sshkey server import type
Syntax
set sshkey server import type <rsa|dsa> via <sftp|scp>
pubfile <Public Key File> privfile <Private Key File>
host <IP Address or Name> login <User Login> [path <Path to Key File>]
Description
Imports an SLC host key.
set sshkey server reset
Syntax
set sshkey server reset [type <all|rsa|dsa>]
Description
Resets defaults for all or selected host keys.
show sshkey export
Syntax
show sshkey export <one or more parameters>
Parameters
[keyhost <SSH Key IP Address or Name>]
[keyname <SSH Key Name>]
[keyuser <SSH Key User>]
[viewkey <enable|disable>]
Description
Displays all exported keys or keys for a specific user, IP address, or name.
show sshkey import
Syntax
show sshkey import <one or more parameters>]
Parameters
[keyhost <SSH Key IP Address or Name>]
[keyuser <SSH Key User>]
[viewkey <enable|disable>]
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 390
Description
Displays all keys that have been imported or keys for a specific user, IP address, or name.
show sshkey server
Syntax
show sshkey server [type <all|rsa|dsa>]
Description
Displays host keys (public key only).
Status Commands
show connections
Syntax
show connections [email <Email Address>]
Description
Displays a list of current connections. Optionally emails the displayed information. The connection
IDs are in the left column of the resulting table. The connection ID associated with a particular
connection may change if the connection times out and is restarted.
show connections connid
Syntax
show connections connid <Connection ID> [email <Email Address>]
Description
Provides details, for example, endpoint parameters and trigger, for a specific connection.
Optionally emails the displayed information.
Note: Use the basic show connections command to obtain the Connection ID.
show portcounters
Syntax
show portcounters [deviceport <Device Port List or Name>]
[email <Email Address>]
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 391
Description
Generates a device port statistics report for one or more ports. Optionally emails the displayed
information.
show portstatus
Syntax
show portstatus [deviceport <Device Port List or Name>] [email <Email
Address>]
Description
Displays device port modes and states for one or more ports. Optionally emails the displayed
information.
show sysconfig
Syntax
show sysconfig [display <basic|auth|devices>] [email <Email Address>]
Description
Displays a snapshot of all configurable parameters. Optionally emails the displayed information.
show sysstatus
Syntax
show sysstatus [email <Email Address>]
Description
To display the overall status of all SLC units. Optionally emails the displayed information.
System Log Commands
show syslog
Syntax
show syslog [<parameters>]
Parameters
[email <Email Address>]
level <error|warning|info|debug>
log <all|netlog|servlog|authlog|devlog|diaglog|genlog>
display <head|tail> [numlines <Number of Lines>]
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 392
starttime <MMDDYYhhmm[ss]>
endtime <MMDDYYhhmm[ss]>
Description
Displays the system logs containing information and error messages.
Note: The level, display, and time parameters cannot be used simultaneously.
show syslog clear
Syntax
show syslog clear <all|netlog|servlog|authlog|devlog|diaglog|genlog>
Description
Clears one or all of the system logs.
USB Access Commands
set usb access
Syntax
set usb access <enable|disable>
Description
Enables or disables access to USB devices.
USB Device Commands
show usb devices
Syntax
show usb devices
Description
Displays all usb devices with the port each device is connected to.
diag usb
Syntax
diag usb [<parameters>]
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 393
Parameters
treedisplay <enable|disable>
mapdevice <enable|disable>
email <Email Address>
Defaults: treedisplay=enable
Description
Displays information about USB buses and the devices connected to them, including the mapping
between a USB device and the SLC port.
Note: For "mapdevice enable", the port names will displayed at the end of the line in
square brackets. To see a list of USB devices with vendor id and product id, use
'treedisplay disable'.
USB Storage Commands
set usb storage dir
Syntax
set usb storage dir <U1|U2> [subdir <Directory Path>]
Description
Views a directory listing of a USB flash drive.
set usb storage fsck
Syntax
set usb storage fsck <U1|U2>
Description
Runs a file system check on a thumb drive (recommended if it does not mount).
set usb storage format
Syntax
set usb storage format <U1|U2> [filesystem <ext2|fat16|fat32>]
Description
Formats a USB flash drive.
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 394
set usb storage mount
Syntax
set usb storage mount <U1|U2>
Description
Mounts a USB flash drive in the SLC 8000 advanced console manager for use as a storage
device.
The USB flash drive must be formatted with an ext2 or FAT file system before you mount it.
set usb storage unmount
Syntax
set usb storage unmount <U1|U2>
Description
Unmounts a USB flash drive. Enter this command before removing the USB device.
set usb storage rename
Description
Renames a file on a thumb drive.
Syntax
set usb storage rename <U1|U2> file <Filename> newfile <New Filename>
set usb storage copy
Description
Copies a file on a thumb drive.
Syntax
set usb storage copy <U1|U2> file <Filename> newfile <New Filename>
set usb storage delete
Description
Removes a file on a thumb drive.
Syntax
set usb storage delete <U1|U2> file <Current Filename>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 395
show usb storage
Description
Display product information and settings for any USB thumb drive.
Syntax
show usb storage
show usb
Description
Display currently attached USB devices with product information and settings.
Syntax
show usb
show usb modem
Description
Display product information and settings for any USB modem:
Syntax
show usb modem
USB Modem Commands
set usb modem
Syntax
set usb modem <u1|u2> <parameters>
Parameters
auth <pap|chap>
baud <300-115200>
9600 is the default.
calleridcmd <Modem Command String>
calleridlogging <enable|disable>
cbcpnocallback <enable|disable>
cbcptype <admin|user>
chapauth <chaphost|localusers>
chaphost <CHAP Host or User Name>
checkdialtone <disable|5-600 minutes>
databits <7|8>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 396
dialbackdelay <PPP Dialback Delay>
dialbacknumber <usernumber|Phone Number>
dialbackretries <1-10>
dialinlist <Host List for Dial-in>
dialoutlogin <Remote User Login>
dialoutnumber <Phone Number>
dodauth <pap|chap>
dodchaphost <CHAP Host or User Name>
flowcontrol <none|xon/xoff|rts/cts>
group <Local or Remote Group Name>
initscript <Modem Init Script>
localipaddr <negotiate|IP Address>
modemmode <text|ppp>
modemstate
<disable|dialin|dialout|dialback|cbcpserver|cbcpclient|dialondemand|
dialin+ondemand|dialback+ondemand|dialinhostlist>
modemtimeout <disable|1-9999 sec>
nat <enable|disable>
parity <none|odd|even>
remoteipaddr <negotiate|IP Address>
restartdelay <PPP Restart Delay>
service <none|telnet|ssh|tcp>
sshauth <enable|disable>
sshport <TCP Port>
stopbits <1|2>
tcpauth <enable|disable>
tcpport <TCP Port>
telnetauth <enable|disable>
telnetport <TCP Port>
timeoutlogins <disable|1-30 minutes>
usesites <enable|disable>
Description
Configures a currently loaded USB Modem.
Note: It is recommended that the initscript be prepended with 'AT' and include
'E1 V1 x4 Q0' so that the SLC may properly control the modem.
Set the dialout password and CHAP secrets:
set usb modem <U1|U2> dialoutpassword
set usb modem <U1|U2> chapsecret
set usb modem <U1|U2> dodchapsecret
show usb modem
Description
Display product information and settings for any USB modem:
Syntax
show usb modem
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 397
VPN Commands
set vpn
Syntax
set vpn
Description
Configures setting for an IPsec VPN tunnel.
Parameters
set vpn <parameters>
name <VPN Tunnel Name>
ethport <1|2|defaultroute>
auth <rsa|psk>
auth <rsa|psk|x509>
remotehost <Remote Host IP Address or Name>
remoteid <Authentication Name>
remotehop <IP Address>
remotesubnet <one or more subnets in CIDR notation>
localid <Authentication name>
localhop <IP Address>
localsubnet <one or more subnets in CIDR notation>
ikenegotation <main|aggressive>
ikeenc <any|3des|aes>
ikeauth <any|sha1|md5|sha2_256|sha2_512>
ikedhgroup <any|dh2|dh5|dh14|dh15>
espec <any|3des|aes>
espauth <any|sha1|md5|sha2_256|sha2_512>
espdhgroup <any|dh2|dh5|dh14|dh15>
pfs <enable|disable>
lifetime <SA Lifetime in Seconds>
modeconfig <enable|disable>
xauthclient <enable|disable>
xauthlogin <User Login>
remotepeertype <ietf|cisco>
forceencaps <enable|disable>
deadpeerdelay <disable|1-300 seconds>
deadpeertimeout <5-1200 seconds>
deadpeeraction <restart|hold|clear>
Enter RSA public key or Pre-Shared Key of remote host:
set vpn key
Configure X.509 certificate for remote peer or local peer.
set vpn certificate local via <sftp|scp> rootfile <Cert Authority File>
certfile <Certificate File> keyfile <Private Key File>
host <IP Address or Name> login <User Login> [path <Path to Files>
set vpn certificate remote via <sftp|scp> [rootfile
<Cert Authority File>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 398
certfile <Certificate File> host <IP Address or Name>
login <User Login> [path <Path to Files>]
Delete X.509 certificate for local and/or remote peer.
set vpn certificate delete
Enter XAUTH password:
set vpn xauthpassword
show vpn
Syntax
show vpn
Description
Shows the settings for the IPsec VPN tunnel.
Parameters
Display all VPN settings and current status:
show vpn [email <Email Address>]
Display detailed VPN status:
show vpn status [email <Email Address>]
Display VPN logs:
show vpn viewlog [numlines <Number of Lines] [email <Email Address>]
Display RSA public key of the SLC:
show vpn rsakey
Temperature Commands
set temperature
Syntax
set temperature
Description
Sets the acceptable range for the internal temperature sensor (an SNMP trap is sent if the
temperature is outside of this range). Temperatures can be entered in either Celsius or
Fahrenheit; to indicate a temperature is Fahrenheit, append the degrees with an ‘F’, i.e., “75F”.
Parameter
set temperature <one or more parameters>
Parameters: low <Low Temperature in C. or F.>
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 399
high <High Temperature in C. or F.>
calibrate <Temperature Calibration in C. or F.|cancel>
Note: The calibration offset will be applied one hour after setting the value.
Description
Displays the acceptable range and the current reading from the internal temperature sensor.
show temperature
Syntax
show temperature
Description
Shows the temperature.
Xmodem Commands
set xmodem repo
Syntax
set xmodem repo import <Xmodem File> via <ftp|sftp|scp>
host <IP Address or Name> login <User Login>
[path <Path to Xmodem File>]
set xmodem repo rename <Xmodem File> newfile <New Filename>
set xmodem repo delete <Xmodem File>
Description
Manages a repository of files that can be sent to or received from a device port with Xmodem,
Ymodem, or Zmodem. The maximum file size is 20 MB, and the maximum total repository size is
25 MB.
set xmodem send/receive
Syntax
set xmodem send <Device Port # or Name> file <Xmodem File>
protocol <xmodem|ymodem|zmodem> xfer <binary|ascii>
set xmodem receive <Device Port # or Name> [file <Xmodem File>]
protocol <xmodem|ymodem|zmodem> xfer <binary|ascii>
[overwrite <enable|disable>]
Description
Send or receive files with Xmodem, Ymodem or Zmodem (by default receive will not overwrite a
file in the repository with the same name).
15: Command Reference
SLC™ 8000 Advanced Console Manager User Guide 400
show xmodem
Syntax
show xmodem
Description
Shows the Xmodem repository files.
SLC™ 8000 Advanced Console Manager User Guide 401
Appendix A: Security Considerations
The SLC advanced console manager provides data path security by means of SSH or Web/SSL.
Even with the use of SSH/SSL, however, do not assume you have complete security. Securing the
data path is only one measure needed to ensure security. This appendix briefly discusses some
important security considerations.
Security Practice
Develop and document a Security Practice. The Security Practice should state:
The dos and don'ts of maintaining security. For example, the power of SSH and SSL is
compromised if users leave sessions open or advertise their password.
The assumptions that users can make about the facility and network infrastructure, for
example, how vulnerable the CAT 5 wiring is to tapping.
Factors Affecting Security
External factors affect the security provided by the SLC unit, for example:
Telnet sends the login exchange as clear text across Ethernet. A person snooping on a subnet
may read your password.
A terminal to the SLC may be secure, but the path from the SLC 8000 advanced console
manager to the end device may not be secure.
With the right tools, a person with physical access to open the SLC unit may be able to read
the encryption keys.
There is no true test for a denial-of-service attack. There is always a legitimate scenario for a
request storm. A denial-of-service filter locks out some high-performance automated/scripted
requests. The SLC 8000 advanced console manager will attempt to service all requests and
will not filter out potential denial-of-service attacks.
SLC™ 8000 Advanced Console Manager User Guide 402
Appendix B: Safety Information
Safety Precautions
Please follow the safety precautions described below when installing and operating the SLC
advanced console manager.
Caution: EQUIPMENT IS FOR INDOOR USE ONLY!
Fuse Caution Statement
For protection against fire, replace the power-input-module fuse with the same type and rating.
Pour préserver la protection contre l'incendie, remplacez toujours le fusible du module
d'alimentation électrique par un modèle du même type et de la même capacité.
Ersetzen Sie die Netzteilsicherung nur durch eine Sicherung desselben Typs und derselben
Nennstromstärke um die Gefahr eines Brandes zu vermeiden.
Para proteger la unidad contra el fuego, sustituya el fusible del módulo de entrada de alimentación
por otro del mismo tipo y capacidad.
주의전원 입력 모듈 퓨즈를 교환할 때는 화재 예방을 위해 형식과 정격 전압 전류가 동일
퓨즈를 사용하십시오 .
Предупреждение : Для защиты от пoжapa заменяйтe предохранитель блoкa
питания нa предохранитель тaкого же типа и c такой же хaрактериcтикой.
Cover
Do not remove the cover of the chassis. There are no user-serviceable parts inside. Opening
or removing the cover may expose you to dangerous voltage that could cause fire or electric
shock. The exception is access to the internal modem and RTC battery. For these you don't
have to remove the chassis cover, but just the battery/modem door.
Refer all servicing to Lantronix.
Power Plug
When disconnecting the power cable from the socket, pull on the plug, not the cord.
Always connect the power cord to a properly wired and grounded power source. Do not use
adapter plugs or remove the grounding prong from the cord.
Only use a power cord with a voltage and current rating greater than the voltage and current
rating marked on the SLC unit.
The SLC 8000 unit must be connected to a branch circuit provided with 15A or 20A, single
pole circuit breaker.
Install the SLC 8000 advanced console manager near an AC outlet that is easily accessible.
Always connect any equipment used with the product to properly wired and grounded power
sources.
To help protect the product from sudden, transient increases and decreases in electrical
power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS).
Appendix B: Safety Information
SLC™ 8000 Advanced Console Manager User Guide 403
Do not connect or disconnect this product during an electrical storm.
Input Supply
Caution: Disconnect all power supply sources before servicing to avoid electric
shock.
Check nameplate ratings to assure there is no overloading of supply circuits that could affect
over current protection and supply wiring.
Grounding
1. Maintain reliable grounding of this product.
2. Pay particular attention to supply connections when connecting to power strips, rather than
directly to the branch circuit.
Rack
If rack mounted SLC 8000 advanced console managers are installed in a closed or multi-unit rack
assembly, they may require further evaluation by Certification Agencies. The following items must
be considered:
Do not install the SLC unit in a rack in such a way that a hazardous stability condition results
because of uneven loading. A drop or fall could cause injury.
The ambient temperature (Tma) inside the rack may be greater than the room ambient
temperature. Make sure to install the SLC 8000 advanced console manager in an environment
with an ambient temperature less than the maximum operating temperature of the SLC unit.
See Technical Specifications (on page 35).
Install the equipment in a rack in such a way that the amount of airflow required for safe
operation of the equipment is not compromised.
Mount the equipment in the rack so that a hazardous condition is not achieved due to uneven
mechanical loading.
Maintain reliable earthing of rack-mounted equipment. Give particular attention to supply
connections other than direct connections to the branch circuit (e.g. use of power strips).
Before operating the SLC 8000 advanced console manager, make sure the SLC unit is
secured to the rack.
Port Connections
Only connect the network port to an Ethernet network that supports 10/100/1000 Base-T.
Only connect device ports to equipment with serial ports that support EIA-232 (formerly RS-
232C).
Only connect the console port to equipment with serial ports that support EIA-232 (formerly
RS-232C).
Only connect a telephone line to the MODEM port.
Caution: To reduce the risk of fire, use only number 26 AWG or larger (e.g., 24
AWG) UL-listed or CSA-certified telecommunication line cord.
NJ“ 3325 Male emu :j—h 7 Gnds RxE 0—4—' 2 DSR7 0—4—0 2“ CTSB n—4—O "
SLC™ 8000 Advanced Console Manager User Guide 404
Appendix C: Adapters and Pinouts
The serial device ports of the SLC products match the RJ45 pinouts of the console ports of many
popular devices found in a network environment. The SLC advanced console manager uses
conventional straight-through Category 5 fully pinned network cables for all connections when
used with Lantronix adapters. The cables are available in various lengths.
In most cases, you will need an adapter for your serial devices. Lantronix offers a variety of RJ45-
to-serial connector adapters for many devices. These adapters convert the RJ45 connection on
the SLC unit to a 9-pin or 25-pin serial connector found on other manufacturers' serial devices or
re-route the serial signals for connections to other devices that use RJ45 serial connectors.
The console port is wired the same way as the device ports and has the same signal options.
Note: You can view or change the console port settings using the LCDs and keypads on
the front panel, the Devices > Console Port page, or the command line interface show
console port and set consoleport commands.
The adapters illustrated below are compatible with the Lantronix SLC models.
Figure C-1 RJ45. Receptacle to DB25M DCE Adapter for the SLC unit (PN 200.2066A)
Use PN 200.2066A adapter with a dumb terminal or with many SUN applications.
"WW M45 D525 Female RTS1 .—>—. 5 DSR 7 20 CTS a 4 ‘ u 1 “‘5 D39 Mile RTS 1 3 [—C 1 NR 2 a 1x 3 2
Appendix C: Adapters and Pinouts
SLC™ 8000 Advanced Console Manager User Guide 405
Figure C-2 RJ45 Receptacle to DB25F DCE Adapter for the SLC unit (PN 200.2067A)
Figure C-3 RJ45 Receptacle to DB9M DCE Adapter for the SLC unit (PN 200.2069A)
W L4 RJ45 DB! Femal: RTS1.—>—.a um: D—E c 1 4. u Tx3 ~—>—‘ 2 and: :j—. 5 arms Rxao—4—13 DSR7 D—‘—‘ 4 ms 8 nlzs MALE 2g—020
Appendix C: Adapters and Pinouts
SLC™ 8000 Advanced Console Manager User Guide 406
Figure C-4 RJ45 Receptacle to DB9F DCE Adapter for the SLC unit (PN 200.2070A)
Use PN 200.2070A adapter with a PC's serial port.
Figure C-5 RJ45 Receptacle to DB25M DTE Adapter (PN 200.2073)
SLC™ 8000 Advanced Console Manager User Guide 407
Appendix D: Protocol Glossary
BOOTP (Bootstrap Protocol)
Similar to DHCP, but for smaller networks. Automatically assigns the IP address for a specific
duration of time.
CHAP (Challenge Handshake Authentication Protocol)
A secure protocol for connecting to a system; it is more secure than the PAP.
DHCP (Dynamic Host Configuration Protocol)
Internet protocol for automating the configuration of computers that use TCP/IP.
DNS (Domain Name Servers)
A system that allows a network nameserver to translate text host names into numeric IP addresses.
IPsec
A protocol suite for securing Internet Protocol (IP) communications by authenticating and
encrypting each IP packet of a communication session.
Kerberos
A network authentication protocol that provides strong authentication for client/server applications
by using secret-key cryptography.
LDAP (Lightweight Directory Access Protocol)
A protocol for accessing directory information.
NAT (Network Address Translation)
An Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a
second set of addresses for external traffic. This enables a company to shield internal addresses
from the public Internet.
NFS (Network File System)
A protocol that allows file sharing across a network. Users can view, store, and update files on a
remote computer. You can use NFS to mount all or a portion of a file system. Users can access
the portion mounted with the same privileges as the user's access to each file.
NIS (Network Information System)
System developed by Sun Microsystems for distributing system data such as user and host names
among computers on a network.
NMS (Network Management System)
NMS acts as a central server, requesting and receiving SNMP-type information from any computer
using SNMP.
Appendix D: Protocol Glossary
SLC™ 8000 Advanced Console Manager User Guide 408
NTP (Network Time Protocol)
A protocol used to synchronize time on networked computers and equipment.
PAP (Password Authentication Protocol)
A method of user authentication in which the username and password are transmitted over a
network and compared to a table of name-password pairs.
PPP (Point-to-Point Protocol)
A protocol for creating and running IP and other network protocols over a serial link.
RADIUS (Remote Authentication Dial-In User Service)
An authentication and accounting protocol. Enables remote access servers to communicate with a
central server to authenticate dial-in users and their access permissions. A company stores user
profiles in a central database that all remote servers can share.
SMB/CIFS
(Server Message Block/Common Internet File System): Microsoft's protocol for allowing all
applications as well as Web browsers to share files across the Internet. CIFS runs on TCP/IP and
uses the SMB protocol in Microsoft Windows for accessing files. With CIFS, users with different
platforms and computers can share files without having to install new software.
SNMP (Simple Network Management Protocol)
A protocol that system administrators use to monitor networks and connected devices and to
respond to queries from other network hosts.
SMTP (Simple Mail Transfer Protocol)
TCP/IP protocol for sending email between servers.
SSL (Secure Sockets Layer)
A protocol that provides authentication and encryption services between a web server and a web
browser.
SSH (Secure Shell)
A secure transport protocol based on public-key cryptography.
TACACS+ (Terminal Access Controller Access Control System)
A method of authentication used in UNIX networks. It allows a remote access server to
communicate with an authentication server to determine whether the user has access to the
network.
Telnet
A terminal protocol that provides an easy-to-use method of creating terminal connections to a
network host.
SLC™ 8000 Advanced Console Manager User Guide 409
Appendix E: Compliance Information
Manufacturer’s Name & Address
Lantronix Inc., 7535 Irvine Center Drive, Suite100, Irvine, CA 92618 USA
Declares that the following product:
Product Name(s): SLC™ 8000 Advanced Console Manager
Conforms to the following standards or other normative documents:
Safety
IEC 60950-1:2005 (2nd Edition); Am 1:2009 + A2:2013
EN 60950-1:2006 + A11:2009 + A1:2010 + + A12:2011 + A2:2013
UL 60950-1, 2nd Edition, 2014-10-14 (Information Technology Equipment - Safety - Part 1:
General Requirements)
CAN/CSA C22.2 No. 60950-1-07, 2nd Edition, 2014-10 (Information Technology Equipment -
Safety - Part 1: General Requirements)
GB4943.1: 2011 China Product Safety Compliance for ITE
Electromagnetic Emissions
FCC Part 15, Subpart B, Class A EN 55022: 2011 (IEC/CISPR 22: 2009), class A
EN 55032: 2012 + AC: 2013 (IEC/CISPR 32: 2015), class A
KN 22: 2008 and KN 32: 2015 Korea Radio Disturbance Characteristics Compliance for ITE
GB9254: 2008 China Radio Disturbance Characteristics Compliance for ITE
Electromagnetic Immunity
EN 55024: 2010 Information Technology Equipment-Immunity Characteristics
EN 61000-4-2: 2008, KN 61000-4-2 Electro-Static Discharge Test
EN 61000-4-3: 2010, KN 61000-4-3 Radiated Immunity Field Test
EN 61000-4-4: 2012, KN 61000-4-4 Electrical Fast Transient Test
EN 61000-4-5: 2014, KN 61000-4-5 Power Supply Surge Test
EN 61000-4-6: 2013, KN 61000-4-6 Conducted Immunity Test
EN 61000-4-8: 2009, KN 61000-4-8 Magnetic Field Test
EN 61000-4-11: 2004, KN 61000-4-11 Voltage Dips & Interrupts
KN 24:2008 and KN 35: 2015 Korea Immunity Characteristics Compliance for ITE
Supplementary Information
This Class A digital apparatus complies with Canadian ICES-003 (CSA) and has been verified as
being compliant within the Class A limits of the FCC Radio Frequency Device Rules (FCC Title 47,
Part 15, Subpart B CLASS A), measured to CISPR 22: 2008 limits and methods of measurement
of Radio Disturbance Characteristics of Information Technology Equipment. The product complies
with the requirements of the Low Voltage Directive 72/23/EEC and the EMC Directive 89/336/
EEC.
http://www.Iantronix.com/legal/rohs/
Appendix E: Compliance Information
SLC™ 8000 Advanced Console Manager User Guide 410
Additional Agency Approvals and Certifications
VCCI
UL/CUL
RCM
CB Scheme
NIST-certified implementation of AES as specified by FIPS 197
CCC*
KC*
Note: *Not available in some hardware configurations.
This product carries the CE mark since it has been tested and found compliant with the following
standards:
Safety: EN 60950-1
Emissions: EN 55022, EN 55032 Class A
Immunity: EN 55024
RoHS, REACH and WEEE Compliance Statement
Please visit http://www.lantronix.com/legal/rohs/ for Lantronix’s statement about RoHS, REACH
and WEEE compliance.