100-120 VAC
200-240 VAC
SLB™ Branch Office Manager
User Guide
Part Number 900-671-R
Revision K April 2019
Intellectual Property
© 2019 Lantronix, Inc. All rights reserved. No part of the contents of this publication may be
transmitted or reproduced in any form or by any means without the written permission of Lantronix.
Printed in the United States of America.
Lantronix is a registered trademark of Lantronix, Inc. in the U.S. and certain other countries.
Lantronix Spider is a registered trademark, and SLB, SLC, SLP, vSLM, Spider and
DeviceInstaller are trademarks of Lantronix, Inc.
Patented: http://patents.lantronix.com
Windows and Internet Explorer are registered trademarks of Microsoft Corporation. Mozilla and
Firefox are registered trademarks of the Mozilla Foundation. Chrome is a trademark of Google,
Inc. All other trademarks and trade names are the property of their respective holders.
Open Source Software
Some applications are Open Source software licensed under the Berkeley Software Distribution
(BSD) license or the GNU General Public License (GPL) as published by the Free Software
Foundation (FSF). Lantronix grants you no right to receive source code to the Open Source
software; however, in some cases, rights and access to source code for certain Open Source
software may be available directly from Lantronix’ licensors. Upon request, Lantronix will identify
the Open Source components and the licenses that apply to them. Your use of each Open Source
component or software is subject to the terms of the applicable license. The GNU General Public
License is available at http://www.gnu.org/licenses/gpl.html
Open Source Software is distributed WITHOUT ANY WARRANTY, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the
GPL and BSD for details.
Warranty
For details on the Lantronix warranty policy, please go to our Web site at
www.lantronix.com/support/warranty
; additional patents pending.
.
.
Contacts
Lantronix, Inc.
7535 Irvine Center Drive
Suite 100
Irvine, CA 92618, USA
Phone: 949-453-3990
Fax: 949-453-3995
Technical Support
Online: www.lantronix.com/support
Sales Offices
For a current list of our domestic and international sales offices, go to the Lantronix web site at
www.lantronix.com/about/contact
SLB™ Branch Office Manager User Guide 2
.
Disclaimer & Revisions
All information contained herein is provided “AS IS.” Lantronix undertakes no obligation to
update the information in this publication. Lantronix does not make, and specifically disclaims,
all warranties of any kind (express, implied or otherwise) regarding title, non-infringement, fitness,
quality, accuracy, completeness, usefulness, suitability or performance of the information provided
herein. Lantronix shall have no liability whatsoever to any user for any damages, losses and
causes of action (whether in contract or in tort or otherwise) in connection with the user’s access or
usage of any of the information or content contained herein. The information and specifications
contained in this document are subject to change without notice.
Operation of this equipment in a residential area is likely to cause interference, in which case the
user, at his or her own expense, will be required to take whatever measures may be required to
correct the interference.
Note: This equipment has been tested and found to comply with the limits for Class A
digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio
frequency energy and, if not installed and used in accordance with this user guide, may
clause interference to radio communications. Operation of this equipment in a residential
area is likely to cause interference, in which case the user will be required to correct the
interference at his own expense.
The user is cautioned that changes and modifications made to the equipment without approval of
the manufacturer could void the user's authority to operate this equipment.
Changes or modifications to this device not explicitly approved by Lantronix will void the user's
authority to operate this device.
Revision History
Date Rev. Comments
April 2013 A Initial Release (6.0).
June 2014 B Added the new 200-240 VAC SLB model.
August 2014 C Updated for firmware release 6.1.
January 2015 D Updated technical specification information.
May 2016 E Updated safety information.
December 2016 F Updated to firmware revision 6.3.0.0, which includes:
June 2018 G Updated to firmware revision 6.5.0.0RC19.
October 2018 H Updated to firmware revision 6.6, which includes:
Removal of java from the WebSSH and WebTelnet application
Addition of transport security layer (TLS) 1.1 and 1.2
Upgrade of web SSL certificate to 2048 bits
Option to disable SSH DSA keys
Zero touch provisioning
Custom SSL certificate for the web
Compliance information updates
Sierra gateway LTE modem integration
SLB™ Branch Office Manager User Guide 3
March 2019 J Updated to firmware revision 6.7.0.0RC12, which includes:
Support for custom Expect scripts that can be connected to the SLB CLI
or a device port
Web and SSH support for SHA2 and higher
ConsoleFlow access timeout settings
April 2019 K Updated to firmware revision 6.8.0.0RC8, which includes support for Tcl and
Python custom scripts.
SLB™ Branch Office Manager User Guide 4
Table of Contents
Intellectual Property ________________________________________________________2
Open Source Software ______________________________________________________2
Warranty _________________________________________________________________2
Contacts _________________________________________________________________2
Disclaimer & Revisions ______________________________________________________3
Revision History ___________________________________________________________3
List of Figures ____________________________________________________________14
List of Tables _____________________________________________________________17
1: About this Guide 18
Purpose and Audience _____________________________________________________18
Summary of Chapters ______________________________________________________18
Additional Documentation ___________________________________________________19
2: Introduction 20
Features ________________________________________________________________20
Console Management __________________________________________________20
Power Management Outlets for Power Connectivity ___________________________ 20
Power Inlets __________________________________________________________20
Integration with Other Secure Lantronix Products _____________________________20
Internal Temperature Sensor _____________________________________________ 21
Designed for Branch Offices and Similar Environments _________________________ 21
Typical Equipment _____________________________________________________ 22
Types of Business _____________________________________________________22
Benefits ______________________________________________________________ 22
Models __________________________________________________________________23
System Features __________________________________________________________24
Protocols Supported ____________________________________________________24
Access Control ________________________________________________________25
Power Outlet Control ___________________________________________________25
Device Port Buffer _____________________________________________________25
Configuration Options ___________________________________________________25
Application Example _______________________________________________________26
Hardware Features ________________________________________________________27
Serial Connections _____________________________________________________28
Network Connections ___________________________________________________29
USB Interface ________________________________________________________29
Modem Interface _______________________________________________________ 30
SLB™ Branch Office Manager User Guide 5
3: Installation 31
What's in the Box _________________________________________________________31
Product Information Label _______________________________________________32
Technical Specifications ____________________________________________________32
Safety Precautions ________________________________________________________33
Cover _______________________________________________________________ 33
Power Plug ___________________________________________________________33
Input Supply __________________________________________________________ 34
Grounding ____________________________________________________________34
Fuses _______________________________________________________________34
Rack ________________________________________________________________34
Port Connections ______________________________________________________ 35
Physical Installation ________________________________________________________35
Connecting to a Device Port ______________________________________________36
Connecting to Network Ports _____________________________________________36
Connecting Terminals ___________________________________________________ 37
Connecting to the Internal Modem _________________________________________37
Power _______________________________________________________________37
AC Input _____________________________________________________________ 37
Connecting Devices to Power Outlets ______________________________________ 38
Typical Installations ________________________________________________________39
4: Quick Setup 41
Recommendations ________________________________________________________41
IP Address _______________________________________________________________41
Method #1 Using the Front Panel Display _______________________________________42
Front Panel LCD Display and Keypads _____________________________________ 42
Navigating ____________________________________________________________ 43
Entering the Settings ___________________________________________________44
Restoring Factory Defaults _______________________________________________45
Limiting Sysadmin User Access ___________________________________________45
Method #2 Quick Setup on the Web Page ______________________________________ 46
Network Settings ______________________________________________________48
Date & Time Settings ___________________________________________________ 48
Administrator Settings __________________________________________________48
Method #3 Quick Setup on the Command Line Interface ___________________________49
Next Step _______________________________________________________________51
5: Web and Command Line Interfaces 52
Web Interface ____________________________________________________________52
Logging in ____________________________________________________________53
Logging Out __________________________________________________________ 54
SLB™ Branch Office Manager User Guide 6
Web Page Help _______________________________________________________54
Command Line Interface ____________________________________________________54
Logging In ____________________________________________________________54
Logging Out __________________________________________________________ 55
Command Syntax ______________________________________________________55
Command Line Help ____________________________________________________56
Tips _________________________________________________________________56
General CLI Commands _________________________________________________57
6: Basic Parameters 58
Requirements ____________________________________________________________58
Eth1 and Eth2 Settings __________________________________________________60
Hostname & Name Servers ______________________________________________61
DNS Servers __________________________________________________________61
DHCP-Acquired DNS Servers ____________________________________________ 62
GPRS-Acquired DNS Servers ____________________________________________ 62
TCP Keepalive Parameters ______________________________________________ 62
Gateway _____________________________________________________________62
Fail-Over Settings _____________________________________________________62
Fail-Over Cellular Gateway Configuration ___________________________________ 63
Advanced Cellular Gateway Configuration ___________________________________64
Fail-Over Cellular Gateway Firmware _______________________________________64
Load Cellular Gateway Firmware Options ___________________________________64
Ethernet Counters _____________________________________________________64
Network Commands ____________________________________________________64
IP Filter _________________________________________________________________65
Viewing IP Filters ______________________________________________________65
Enabling IP Filters _____________________________________________________65
Configuring IP Filters ___________________________________________________ 66
Rule Parameters _______________________________________________________ 67
Updating an IP Filter ____________________________________________________69
Deleting an IP Filter ____________________________________________________ 69
Mapping a Ruleset _____________________________________________________ 69
IP Filter Commands _______________________________________________________69
Routing _________________________________________________________________69
Dynamic Routing ______________________________________________________70
Static Routing _________________________________________________________70
Routing Commands ____________________________________________________70
VPN ____________________________________________________________________71
Performance Monitoring ____________________________________________________74
Performance Monitoring - Add/Edit Probe ___________________________________77
Performance Monitoring - Results _________________________________________ 79
Performance Monitoring Commands _______________________________________83
SLB™ Branch Office Manager User Guide 7
7: Services 84
System Logging and Other Services ___________________________________________84
SSH/Telnet/Logging _______________________________________________________85
System Logging _______________________________________________________85
Audit Log ____________________________________________________________86
SMTP _______________________________________________________________ 86
SSH ________________________________________________________________86
Telnet _______________________________________________________________ 87
Web SSH/Web Telnet Settings ___________________________________________87
Phone Home __________________________________________________________87
SNMP __________________________________________________________________88
Communities __________________________________________________________89
Version 3 ____________________________________________________________90
V3 Read-Only User ____________________________________________________90
V3 Read-Write User ____________________________________________________90
SNMP, SSH, Telnet, and Logging Commands ________________________________ 90
NFS and SMB/CIFS _______________________________________________________91
SMB/CIFS Share ______________________________________________________ 92
NFS and SMB/CIFS Commands __________________________________________ 92
Secure Lantronix Network ___________________________________________________92
Troubleshooting Browser Issues ______________________________________________96
Web SSH/Telnet Copy and Paste _________________________________________98
Secure Lantronix Network Commands ______________________________________98
Date and Time ____________________________________________________________99
Date and Time Commands ______________________________________________ 100
Web Server _____________________________________________________________100
Administrative Commands ______________________________________________ 102
Services - Web Sessions _______________________________________________ 102
Services - SSL Certificate _______________________________________________ 103
SSL Certificate Commands _____________________________________________105
ConsoleFlow ____________________________________________________________106
ConsoleFlow Commands _______________________________________________109
8: Device Ports 110
Connection Methods ______________________________________________________110
Permissions _____________________________________________________________110
Device Status ___________________________________________________________111
Global Port Settings ______________________________________________________111
Telnet/SSH/TCP in Port Numbers ________________________________________ 112
Global Commands ____________________________________________________113
Device Ports - Settings ____________________________________________________113
Device Port Settings ___________________________________________________115
SLB™ Branch Office Manager User Guide 8
IP Settings __________________________________________________________115
Data Settings ________________________________________________________ 116
Hardware Signal Triggers _______________________________________________117
Modem Settings ______________________________________________________ 117
Modem Settings: Text Mode _____________________________________________ 118
Modem Settings: PPP Mode ____________________________________________118
Port Status and Counters _______________________________________________120
Device Ports - SLP Units _______________________________________________ 120
Status/Info __________________________________________________________121
Commands __________________________________________________________122
Device Port - Sensorsoft Device __________________________________________ 122
Device Port Commands ________________________________________________ 123
Interacting with a Device Port _______________________________________________123
Device Ports - Logging ____________________________________________________124
Local Logging ________________________________________________________124
NFS File Logging _____________________________________________________124
USB Flash Drive Logging _______________________________________________124
Email/SNMP Notification _______________________________________________125
Sylogs Logging _______________________________________________________125
Local Logging ________________________________________________________126
Email/SNMP Traps ____________________________________________________126
Log Viewing Attributes _________________________________________________127
NFS File Logging _____________________________________________________128
USB Logging ________________________________________________________128
Syslog Logging _______________________________________________________128
Logging Commands ___________________________________________________128
Console Port ____________________________________________________________128
Console Port Commands _______________________________________________130
Power Outlets ___________________________________________________________130
Power Commands ____________________________________________________ 132
Host Lists ______________________________________________________________132
Host List Commands __________________________________________________134
Scripts _________________________________________________________________134
Scripts ______________________________________________________________ 136
User Rights __________________________________________________________137
Batch Script Syntax ___________________________________________________142
Interface Script Syntax _________________________________________________142
Custom Script Syntax __________________________________________________147
Example Scripts ______________________________________________________ 149
Sites __________________________________________________________________165
Site Commands ______________________________________________________ 167
Modem Dialing States _____________________________________________________ 167
Dial-In ______________________________________________________________167
SLB™ Branch Office Manager User Guide 9
Dial-Out ____________________________________________________________168
Dial-Back ___________________________________________________________168
Dial-On-Demand ______________________________________________________ 169
Dial-In & Dial-On-Demand ______________________________________________169
Dial-Back & Dial-On-Demand ____________________________________________169
Dial-In/Host List ______________________________________________________170
CBCP Server and CBCP Client __________________________________________170
CBCP Server ________________________________________________________ 170
CBCP Client _________________________________________________________171
9: USB Port 172
Set Up of USB Storage ____________________________________________________172
Data Settings ________________________________________________________ 175
GSM/GPRS Settings __________________________________________________175
Modem Settings ______________________________________________________ 175
Text Mode ___________________________________________________________ 177
PPP Mode __________________________________________________________177
IP Settings __________________________________________________________178
Manage Firmware and Configuration Files _____________________________________179
USB Commands ______________________________________________________179
10: Connections 180
Typical Setup Scenarios for the SLB _________________________________________180
Terminal Server ______________________________________________________ 180
Remote Access Server _________________________________________________181
Reverse Terminal Server _______________________________________________ 181
Multiport Device Server ________________________________________________182
Console Server _______________________________________________________182
Connection Configuration _______________________________________________183
Connection Commands ________________________________________________ 185
11: User Authentication 186
Authentication Commands ______________________________________________188
Local and Remote User Settings ____________________________________________189
Adding, Editing or Deleting a User ________________________________________191
Shortcut ____________________________________________________________194
Local Users Commands ________________________________________________194
NIS ___________________________________________________________________194
NIS Commands ______________________________________________________197
LDAP __________________________________________________________________197
LDAP Commands _____________________________________________________201
RADIUS ________________________________________________________________202
SLB™ Branch Office Manager User Guide 10
RADIUS Commands ___________________________________________________205
User Attributes & Permissions from LDAP Schema or RADIUS VSA _____________ 205
Kerberos _______________________________________________________________207
Kerberos Commands __________________________________________________ 209
TACACS+ ______________________________________________________________210
TACACS+ Groups ____________________________________________________210
TACACS+ Commands _________________________________________________213
Groups ________________________________________________________________214
SSH Keys ______________________________________________________________217
Imported Keys _______________________________________________________217
Exported Keys _______________________________________________________217
Imported Keys (SSH In) ________________________________________________ 219
Host & Login for Import _________________________________________________ 219
Exported Keys (SSH Out) _______________________________________________ 219
Host and Login for Export _______________________________________________220
SSH Key Commands __________________________________________________ 222
Custom Menus __________________________________________________________223
Custom User Menu Commands __________________________________________225
12: Maintenance 226
SLB Maintenance ________________________________________________________226
Internal Temperature __________________________________________________ 228
Site Information ______________________________________________________228
SLB Firmware ________________________________________________________228
Boot Banks __________________________________________________________229
Load Firmware Via Options _____________________________________________ 229
Configuration Management _____________________________________________230
Zero Touch Provisioning Configuration Restore ______________________________ 231
Administrative Commands ______________________________________________ 232
System Logs _________________________________________________________232
System Log Commands ________________________________________________234
Audit Log _______________________________________________________________234
Email Log ______________________________________________________________235
Diagnostics _____________________________________________________________236
Diagnostic Commands _________________________________________________238
Status/Reports __________________________________________________________238
View Report _________________________________________________________239
Status Commands ____________________________________________________ 241
Emailing Logs and Reports _________________________________________________ 241
Events _________________________________________________________________242
Events Commands ____________________________________________________244
LCD/Keypad ____________________________________________________________244
LCD/Keypad Commands _______________________________________________246
SLB™ Branch Office Manager User Guide 11
Banners ________________________________________________________________246
Banner Commands ____________________________________________________ 247
13: Application Examples 248
Telnet/SSH to a Remote Device _____________________________________________248
Dial-in (Text Mode) to a Remote Device _______________________________________ 250
Local Serial Connection to Network Device via Telnet ____________________________251
14: Command Reference 253
Introduction to Commands _________________________________________________253
Command Syntax _____________________________________________________253
Command Line Help ___________________________________________________254
Tips ________________________________________________________________254
Administrative Commands _________________________________________________255
Audit Log Commands _____________________________________________________266
Authentication Commands _________________________________________________267
ConsoleFlow Commands __________________________________________________268
Kerberos Commands _____________________________________________________269
LDAP Commands ________________________________________________________270
Local Users Commands ___________________________________________________271
NIS Commands __________________________________________________________275
RADIUS Commands ______________________________________________________276
TACACS+ Commands ____________________________________________________ 277
User Permissions Commands _______________________________________________278
CLI Commands __________________________________________________________281
Connection Commands ____________________________________________________283
Console Port Commands __________________________________________________286
Custom User Menu Commands _____________________________________________287
Date and Time Commands _________________________________________________289
Device Commands _______________________________________________________290
Device Port Commands ___________________________________________________291
Diagnostic Commands ____________________________________________________295
Top Command Synopsis ___________________________________________________297
End Device Commands ___________________________________________________298
Events Commands _______________________________________________________299
Global Commands _______________________________________________________300
Group Commands ________________________________________________________301
Host List Commands ______________________________________________________302
IP Filter Commands ______________________________________________________303
Logging Commands ______________________________________________________304
Network Commands ______________________________________________________307
NFS and SMB/CIFS Commands _____________________________________________310
Performance Monitoring Commands _________________________________________312
SLB™ Branch Office Manager User Guide 12
Power Commands ________________________________________________________316
Routing Commands ______________________________________________________318
Script Commands ________________________________________________________318
Services Commands ______________________________________________________ 321
Site Commands __________________________________________________________323
Secure Lantronix Network Commands ________________________________________324
SSH Key Commands ____________________________________________________325
Status Commands ________________________________________________________328
System Log Commands ___________________________________________________329
USB Storage Commands __________________________________________________330
USB Modem Commands __________________________________________________331
Appendix A: Bootloader 335
Accessing the Bootloader __________________________________________________335
Bootload Commands ______________________________________________________335
Appendix B: Security Considerations 337
Security Practice _________________________________________________________337
Factors Affecting Security __________________________________________________337
Appendix C: Adapters and Pinouts 338
Appendix D: Protocol Glossary 341
Appendix E: Compliance Information 343
SLB™ Branch Office Manager User Guide 13
List of Figures
Figure 2-1 Branch to Enterprise Integration Concept _____________________________________21
Figure 2-3 100-120 VAC SLB Unit ___________________________________________________23
Figure 2-4 200-240 VAC SLB Unit ___________________________________________________24
Figure 2-5 Example Deployment_____________________________________________________27
Figure 2-6 Device Port Connections _________________________________________________ 29
Figure 2-7 Console Port Connection__________________________________________________ 29
Figure 2-8 Network Connection _____________________________________________________29
Figure 2-9 USB Interface __________________________________________________________29
Figure 2-10 Modem Interface _______________________________________________________ 30
Figure 3-5 Inlet Pin Assignment _____________________________________________________34
Figure 3-6 CAT 5 Cable Connection__________________________________________________36
Figure 3-7 AC Power Input _________________________________________________________38
Figure 3-8 100-120 VAC SLB - Branch Office Manager Power Outlets _______________________38
Figure 3-9 200-240 VAC SLB - Branch Office Manager Power Outlets _______________________39
Figure 3-10 100-120 VAC SLB Installation Diagram______________________________________39
Figure 3-11 200-240 VAC SLB Installation Diagram______________________________________40
Figure 4-2 Front Panel LCD Display and Five Button Keypads (Enter, Up, Down, Left, Right) _____ 42
Figure 4-5 Quick Setup ___________________________________________________________47
Figure 4-6 Beginning of Quick Setup Script ____________________________________________49
Figure 4-7 Completed Quick Setup___________________________________________________ 50
Figure 5-1 Web Page Layout _______________________________________________________ 52
Figure 6-1 Network > Network Settings (top of page)_____________________________________59
Figure 6-2 Network > Network Settings (bottom of page)__________________________________60
Figure 6-3 Network > IP Filter ______________________________________________________65
Figure 6-4 Network > IP Filter Ruleset (Adding/Editing Rulesets) ___________________________67
Figure 6-5 Network > Routing _______________________________________________________70
Figure 6-6 Network > VPN _________________________________________________________71
Figure 6-7 Network > Perf Monitoring _________________________________________________ 75
Figure 6-8 Performance Monitoring - Add/Edit Probe_____________________________________77
Figure 6-10 Performance Monitoring - Operations _______________________________________82
Figure 7-1 Services > SSH/Telnet/Logging_____________________________________________85
Figure 7-2 Services > SNMP _______________________________________________________88
Figure 7-3 Services > NFS/CIFS ____________________________________________________91
Figure 7-4 Services > Secure Lantronix Network ________________________________________93
Figure 7-5 IP Address Login Page ___________________________________________________94
Figure 7-6 SSH or Telnet CLI Session ________________________________________________ 94
SLB™ Branch Office Manager User Guide 14
Figure 7-7 Disabled Port Number Popup Window _______________________________________95
Figure 7-8 Services > Secure Lantronix Network > Search Options__________________________96
Figure 7-9 Services > Date & Time __________________________________________________99
Figure 7-10 Services > Web Server ________________________________________________101
Figure 7-11 Web Sessions ________________________________________________________ 103
Figure 7-12 SSL Certificate________________________________________________________ 104
Figure 7-13 Services > ConsoleFlow ________________________________________________107
Figure 8-1 Devices > Device Status _________________________________________________111
Figure 8-2 Devices > Device Ports __________________________________________________112
Figure 8-3 Device Ports List _______________________________________________________ 113
Figure 8-4 Device Ports > Settings _________________________________________________114
Figure 8-6 Device Ports > SLP _____________________________________________________121
Figure 8-7 Devices > Device Ports > Sensorsoft _______________________________________122
Figure 8-8 Devices > Device Ports - Logging __________________________________________126
Figure 8-9 Devices > Console Port __________________________________________________ 129
Figure 8-10 Devices > Power Outlets ________________________________________________131
Figure 8-11 Devices > Host Lists ___________________________________________________133
Figure 8-12 Devices > Scripts______________________________________________________135
Figure 8-13 Adding or Editing New Scripts ____________________________________________136
Figure 8-14 Devices > Scripts - Scheduler ____________________________________________138
Figure 8-15 Custom Scripts - Operations _____________________________________________140
Figure 8-16 View Custom Script Results _____________________________________________141
Figure 8-21 Devices > Sites _______________________________________________________165
Figure 9-1 Devices > USB ________________________________________________________172
Figure 9-2 Devices > USB > Configure_______________________________________________ 173
Figure 9-3 Devices > USB > Modem ________________________________________________174
Figure 9-4 Firmware and Configurations - Manage Files (Top of Page)______________________ 179
Figure 10-1 Terminal Server _______________________________________________________181
Figure 10-2 Remote Access Server _________________________________________________181
Figure 10-3 Reverse Terminal Server________________________________________________ 181
Figure 10-4 Multiport Device Server _________________________________________________182
Figure 10-5 Devices > Connections _________________________________________________183
Figure 10-6 Current Connections ___________________________________________________184
Figure 11-1 User Authentication > Authentication Methods _______________________________187
Figure 11-2 User Authentication > Local/Remote Users__________________________________189
Figure 11-3 User Authentication > Local/Remote User > Settings __________________________191
Figure 11-4 User Authentication > NIS _______________________________________________195
Figure 11-5 User Authentication > LDAP _____________________________________________198
SLB™ Branch Office Manager User Guide 15
Figure 11-6 User Authentication > RADIUS ___________________________________________202
Figure 11-7 User Authentication > Kerberos___________________________________________207
Figure 11-8 User Authentication > TACACS+__________________________________________211
Figure 11-9 User Authentication > Group _____________________________________________215
Figure 11-10 User Authentication > SSH Keys_________________________________________218
Figure 11-11 Current Host Keys ____________________________________________________221
Figure 11-12 User Authentication > Custom Menus _____________________________________ 223
Figure 12-1 Maintenance > Firmware & Configurations __________________________________227
Figure 12-2 Manage Configuration Files______________________________________________231
Figure 12-3 Maintenance > System Logs _____________________________________________232
Figure 12-4 System Logs _________________________________________________________234
Figure 12-5 Maintenance > Audit Log________________________________________________235
Figure 12-6 Maintenance > Email Log _______________________________________________236
Figure 12-7 Maintenance > Diagnostics ______________________________________________237
Figure 12-8 Diagnostics Report ____________________________________________________238
Figure 12-9 Maintenance > Status/Reports ___________________________________________239
Figure 12-10 Generated Status/Reports______________________________________________240
Figure 12-11 Emailed Log or Report_________________________________________________ 242
Figure 12-12 Maintenance > Events _________________________________________________ 243
Figure 12-13 Maintenance > LCD/Keypad ____________________________________________245
Figure 12-14 Maintenance > Banners________________________________________________246
Figure 13-1 SLB - Branch Office Manager Configuration _________________________________248
Figure 13-2 Remote User Connected to a SUN Server via the SLB_________________________248
Figure 13-3 Dial-in (Text Mode) to a Remote Device ____________________________________250
Figure 13-4 Local Serial Connection to Network Device via Telnet _________________________251
Figure C-1 RJ45 Receptacle to DB25M DCE Adapter for the SLB (PN 200.2066A) ____________338
Figure C-2 RJ45 Receptacle to DB25F DCE Adapter for the SLB (PN 200.2067A) ____________339
Figure C-3 RJ45 Receptacle to DB9M DCE Adapter for the SLB (PN 200.2069A) _____________339
Figure C-4 RJ45 Receptacle to DB9F DCE Adapter for the SLB (PN 200.2070A) _____________340
Figure C-5 RJ45 to RJ45 Adapter for Netra/Sun/Cisco and SLP (PNs 200.2225 and ADP010104-01)
340
SLB™ Branch Office Manager User Guide 16
List of Tables
Table 2-2 SLB Models ____________________________________________________________23
Table 3-1 Part Numbers and Descriptions for Adapters and Cables _________________________31
Table 3-2 Part Numbers and Descriptions for Power Cords _______________________________31
Table 3-3 SLB Technical Specifications _______________________________________________32
Table 3-4 Max Current per Power Cord Used __________________________________________33
Table 4-1 Methods of Assigning an IP Address _________________________________________41
Table 4-3 LCD Arrow Keypad Actions ________________________________________________43
Table 4-4 Front Panel Setup Options with Associated Parameters __________________________43
Table 5-2 Actions and Category Options _____________________________________________55
Table 6-9 Error Conditions _________________________________________________________81
Table 8-5 Port Status and Counters _________________________________________________120
Table 8-17 Definitions ___________________________________________________________143
Table 8-18 Primary Commands ____________________________________________________144
Table 8-19 Secondary Commands _________________________________________________145
Table 8-20 Control Flow Commands ________________________________________________146
Table 14-1 Actions and Category Options ___________________________________________ 253
Table A-1 User Commands _______________________________________________________335
Table A-2 Administrator Commands ________________________________________________336
SLB™ Branch Office Manager User Guide 17
1: About this Guide
Purpose and Audience
This guide provides the information needed to install, configure, and use the Lantronix® SLB™
branch office manager. The SLB device is for IT professionals who must remotely and securely
configure and administer servers, routers, switches, telephone equipment, or other devices
equipped with a serial port for facilities that are typically remote branch offices or “distributed” IT
locations.
Summary of Chapters
The remaining chapters in this guide include:
Chapter Description
Chapter 2: Introduction Describes the SLB models, their main features, and the protocols they
support.
Chapter 3: Installation Provides technical specifications; describes connection formats and power
supplies; provides instructions for installing the SLB unit in a rack.
Chapter 4: Quick Setup Provides instructions for getting your SLB device up and running and for
configuring required settings.
Chapter 5: Web and
Command Line Interfaces
Chapter 6: Basic Parameters Provides instructions for configuring network ports, firewall and routing
Chapter 7: Services Provides instructions for enabling and disabling system logging, SSH and
Chapter 8: Device Ports Provides instructions for configuring global device port settings, individual
Chapter 9: USB Port Provides instructions for using the USB port.
Describes the web and command line interfaces available for configuring
the SLB branch office manager.
The configuration chapters (6-12) provide detailed instructions for using the
web interface and include equivalent command line interface commands.
settings, and the date and time.
Telnet logins, SNMP, SMTP, and the date and time.
device port settings, and console port settings.
Chapter 10: Connections Provides instructions for configuring connections and viewing, updating, or
disconnecting a connection.
Chapter 11: User
Authentication
Chapter 12: Maintenance Provides instructions for upgrading firmware, viewing system logs and
Chapter 13: Application
Examples
Chapter 14: Command
Reference
Provides instructions for enabling or disabling methods that authenticate
users who attempt to log in via SSH, Telnet, or the console port. Provides
instructions for creating custom menus.
diagnostics, generating reports, and defining events. Includes information
about web pages and commands used to shut down and reboot the SLB
unit.
Shows how to set up and use the SLB branch office manager in three
different configurations.
Lists and describes all of the commands available on the SLB command line
interface
SLB™ Branch Office Manager User Guide 18
Chapter (continued) Description
Appendix A: Bootloader Lists and describes the commands available for the bootloader command
line interface.
Appendix B: Security
Considerations
Appendix C: Adapters and
Pinouts
Appendix D: Protocol
Glossary
Appendix E: Compliance
Information
Provides tips for enhancing SLB security.
Includes adapter pinout diagrams.
Lists the protocols supported by the SLB unit with brief descriptions.
Provides information about the SLB device’s compliance with industry
standards.
Additional Documentation
Visit the Lantronix Web site at www.lantronix.com/support/documentation for the latest
documentation and the following additional documentation.
Document Description
SLB Branch Office Manager Quick Start Describes the steps for getting the SLB unit up and running.
SLB Branch Office Manager Online Help
for the Command Line Reference
SLB Branch Office Manager Online Help
for the Web Interface
1: About this Guide
Provides online help for configuring the SLB device using
commands.
Provides online help for configuring the SLB unit using the
web page.
SLB™ Branch Office Manager User Guide 19
2: Introduction
The SLB branch office manager enables IT system administrators to manage remote servers and
IT infrastructure equipment securely over the Internet. This innovative hybrid device combines the
capabilities of the award-winning secure console manager with an 8-port remote power
management solution into a compact, 1U rack-mountable appliance.
Features
Console Management
8 serial ports for console connectivity
Enables system administrators to remotely manage devices with serial console ports, e.g.,
Linux, Unix, and recent versions of Windows servers, routers, switches, telecom, and building
access equipment.
Provides data logging, monitoring, and secure access control via the Internet
Power Management Outlets for Power Connectivity
8 outlets for power connectivity
Provides ability to control power individually to all attached equipment
Provides on/off/reboot control
Per port power consumption monitoring
SLB882KIT-15P and SLB882KIT-20P outlets support NEMA 5-15P & 5-20P plugs
SLB8824KIT-AP and SLB8824KIT-EU outlets support C14 plugs
Ensures safe power distribution and reduces in-rush current overload
Power Inlets
SLB882KIT-xx Dual 100-120 VAC power inlets
SLB8824KIT-xx Dual 200-240 VAC power inlets
Provides automatic power switch-over when both primary and secondary power inlet sources
are used
Integration with Other Secure Lantronix Products
Can integrate seamlessly with the ConsoleFlow™ or vSLM™ management appliance
software for a complete end-to-end Out-of-Band (OOB) management solution.
SLB™ Branch Office Manager User Guide 20
Internal Temperature Sensor
System administrators can be alerted if temperature goes out of range.
Figure 2-1 Branch to Enterprise Integration Concept
2: Introduction
Designed for Branch Offices and Similar Environments
Designed to meet the specific needs of the remote branch offices and environments alike, the SLB
branch office manager conserves rack space and reduces costs by enabling system
administrators at a main corporate facility to manage the IT equipment distributed among branch
offices simply and cost-effectively.
Branch offices are facilities that are typically remote or "distributed IT" locations, likely located offsite of corporate headquarters or large-scale enterprise facilities. These distributed facilities
typically do not have an on-site maintenance staff or IT System Administrator.
Typically, the branch office environment has some of the following characteristics:
Space is limited to 1U rack space or shelf mounted desktop unit
Closet-mounted or wall-attached rack
Limited air and power conditioning
Limited number of network devices and servers
No on-site maintenance staff
Ethernet or dial-up modem access is required
SLB™ Branch Office Manager User Guide 21
2: Introduction
Typical Equipment
You can configure, administer, and manage IT equipment in a variety of ways, but most devices
have one method in common: an RS-232 serial port, sometimes called a console, auxiliary, or
management port. These ports are often accessed directly by connecting a terminal or laptop to
them, meaning that the user typically must be in the same physical location as the equipment.
Eliminating the need for a physical presence, the Lantronix SLB unit provides remote access to the
equipment from anywhere there is a network or modem connection.
The SLB branch office manager can access and administer many types of equipment, such as:
Servers: Unix, Linux, Windows Server 2003 or higher, and others
Networking equipment: Routers, switches, storage networking
Telecom: PBX, voice switches
Other systems with serial interfaces: Heating/cooling systems, security/building access
systems, UPS, medial device.
Types of Business
The SLB unit is used in many types of environments, for example:
Banking and finance
Insurance companies
Healthcare
Retail Sales
Information Technology
Education and campus style facilities
Hospitality
Manufacturing Facilities
Base Station Control and Management
Benefits
The key benefits of using the SLB branch office manager:
Saves space: Compact design merges the functionality of two solutions into a 1U rack
solution, reducing required rack space and total cost of ownership.
Saves money: Enables remote management and troubleshooting without sending a technician
onsite, resulting in reduced travel costs and increased network uptime.
Saves time: Provides instant access and reduces response time, improving efficiency.
Simplifies access: Enables 24/7 access to your equipment securely and remotely after hours
and on weekends and holidays-without having to schedule visits or arrange for off-hour
access.
Protects assets: Provides the highest levels of encryption and security features
(authentication, authorization, and IP filters) to ensure that your IT infrastructure and data
assets are protected.
The SLB unit also provides features such as convenient text menu systems, break-safe operation,
port buffering (logging), remote authentication, and Secure Shell (SSH) access. Dial-up modem
support ensures access when the network is not available.
SLB™ Branch Office Manager User Guide 22
Models
The SLB branch office manager has the following hardware components:
The 100-120 VAC SLB model is available in 100-120 VAC (50-60 Hz) NEMA 5-20R type
The 200-240 VAC SLB model is available in 200-240 VAC (50-60 Hz) IEC C13 type outlets.
Chassis: The SLB unit has a 1U tall, self-contained rack-mountable chassis.
Power Outlets: Eight outlets allow power management and control (on/off/reboot) of the
Serial Device Ports: Eight serial RS-232C (EIA-232) device ports are for remote console
2: Introduction
outlets. This model also includes a USB port.
This model also includes a USB port.
Note: This model is EU style with one switched hot line, not a US style with two hot
lines. It is intended for use on power systems where the 200-240VAC is provided
on a single hot line.
attached equipment using a simple web or command line interface.
management of the attached equipment. These match the RJ45 pin-outs of the console ports
of many popular devices found in a network environment, and where different can be
converted using Lantronix adapters. See the appendix, Appendix C: Adapters and Pinouts for
more information on serial adapters and pin-outs.
Ports and Modem: The SLB branch office manager has two 10/100 Ethernet ports (referred
to in this user guide as Eth1 and Eth2) in the back and a front panel serial console port (RJ45).
The SLB unit also includes a USB type A port in the front panel and an internal v.92 modem.
Table 2-2 SLB Models
Model Description
100-120 VAC SLB Branch Office Manager, 8 device ports, 8 power outlets (100-120 VAC, NEMA 5-
20R type), 2 AC power inlets
200-240 VAC SLB Branch Office Manager, 8 device ports, 8 power outlets (200-240 VAC, IEC C13
type), 2 AC power inlets
Figure 2-3 100-120 VAC SLB Unit
SLB™ Branch Office Manager User Guide 23
System Features
The SLB firmware has the following basic capabilities:
Connects up to eight RS-232 serial consoles
Controls power (on/off/reboot) of up to eight attached devices
Per port current consumption monitoring
Dual power inlets for failover. Both power inlets must be on the same phase.
2: Introduction
Figure 2-4 200-240 VAC SLB Unit
Dual 10Base-T/100Base-TX Ethernet network compatibility
Buffer logging to file
Email and SNMP notification
ID/Password security, configurable access rights
Secure shell (SSH) security; supports numerous other security protocols
Network File System (NFS) and Common Internet File System (CIFS) support for
configuration files
TCP, Telnet or SSH to a serial port by IP address per port or by IP address and TCP port
number
Configurable user rights for local and remotely authenticated users
Built-in internal modem
External USB modem and Flash Storage supported
Sun break-safe (no unintentional break ever sent to attached servers)
Simultaneous access on the same port-- "listen" and "direct" connect mode
Local access through a console port
Web administration (using most browsers)
Protocols Supported
The SLB branch office manager supports the TCP/IP network protocol as well as:
TCP, SSH, Telnet, PPP and NFS for connections in and out of, and CIFS for incoming
connections to the \\<hostname>\public\config directory of the SLB unit
SMTP for mail transfer
DNS for text-to-IP address name resolution
SLB™ Branch Office Manager User Guide 24
2: Introduction
SNMP with custom traps for remote monitoring and management
FTP and SFTP for file transfers and firmware upgrades
TFTP and HTTPS for firmware upgrades
DHCP and BOOTP for IP address assignment
HTTPS (SSL) for secure browser-based configuration
NTP for time synchronization
LDAP, NIS, RADIUS, CHAP, PAP, Kerberos, and TACACS+ for user authentication
IPsec for VPN access
For brief descriptions of these protocols, see Appendix D: Protocol Glossary.
Access Control
The system administrator controls access to attached servers or devices by assigning access
rights to up to 128 user profiles. Each user has an assigned ID, password, and access rights.
Other user profile access options may include externally configured authentication methods such
as RADIUS, TACACS+, NIS, and LDAP. Groups are supported in LDAP, RADIUS (via VSA), and
TACACS+ (using priv_lvl).
Power Outlet Control
With the SLB unit's built-in power management capability, system administrators can remotely
control the power (on/off/reboot) individually to all IT equipment in the branch office, ensure safe
power distribution, and reduce "in-rush" current overload. If SNMP traps are enabled, a trap
(alarm) is sent if the total current for all outlets exceeds a threshold.
Device Port Buffer
The SLB branch office manager supports real-time data logging for each device port. The port can
save the data log to a file, send an email notification of an issue, or take no action.
You can define the path for logged data on a port-by-port basis, configure file size and number of
files per port for each logging event, and configure the device log to send an email alert message
automatically to the appropriate parties indicating a particular error.
Configuration Options
You may use the backlit front-panel LCD display for initial setup and configuration and to view
current network, console, and date/time settings, and get power outlet status.
Both a web interface viewed through a standard browser and a command line interface (CLI) are
available for configuring the SLB settings and monitoring performance.
SLB™ Branch Office Manager User Guide 25
Application Example
The figure below is an example deployment. An SLB unit is deployed in each branch office and an
(optional) vSLM management appliance at the main office. The branch offices are interconnected
(always on) by VPN routers overlaid on the Internet, and also interconnected (on demand) through
the analog phone system.
2: Introduction
The SLB unit provides remotely controlled and monitored AC power (orange), console
management (green), and traditional, wired telephone network (PSTN) access (yellow).
SLB™ Branch Office Manager User Guide 26
Figure 2-5 Example Deployment
2: Introduction
A system administrator, upon losing IP connectivity to a server, takes the following steps:
1. Views the server's Ethernet interface state information provided by the SLB branch office
manager.
2. If the Ethernet interface is faulty, connects to the server's console port by means of the SLB
web page or CLI (optionally via the vSLM management appliance) and checks the server's
system parameters.
3. If the server is not responsive on the console port, commands the SLB to reboot the server's
power.
4. If the entire branch office loses IP connectivity, dial in to the SLB to perform the diagnostic
functions
Hardware Features
Caution: To avoid physical and electrical hazards, please read Safety Precautions
before installing the SLB unit.
The SLB hardware includes the following:
1U-tall (1.75 inch) rack-mountable appliance
SLB™ Branch Office Manager User Guide 27
2: Introduction
Two 10Base-T/100Base-TX network ports
One front panel serial console port for VT100 terminal or PC with emulation
One USB Port
Front panel LCD display and keypad
One RJ-11 Internal Modem Port
256 KB-per-port buffer memory for serial device ports
Eight RS-232 serial device ports connected via Category 5 (RJ45) wiring
Note: Max input/output is rated at 80% of the circuit max, per typical electrical codes.
Dual AC Power Input
100-120 VAC SLB Model Dual IEC-60320/C20 inlets, 100-120 VAC, 50/60Hz
(20A Branch Circuit) 16A max input current
200-240 VAC SLB Model
Power Outlets (Total Switched Power)
Dual IEC-60320/C20 inlets, 200-240 VAC, 50/60Hz
(20A Branch Circuit) 16A max input current
100-120 VAC SLB Model
200-240 VAC SLB Model
(8) NEMA 5-20R outlets, 100-120 VAC, 50/60Hz
16A max per outlet, 16A total for SLB
(8) IEC C13 outlets, 200-240 VAC, 50/60Hz
10A max per outlet, 16A total for SLB
(15.9A max total for China CCC)
Note: The outlet voltage equals the input voltage.
Convection cooled, silent operation, low power consumption
Note: For more detailed information, see Technical Specifications (on page 32).
Serial Connections
All devices attached to the device ports and the console port must support the RS-232C (EIA-232)
standard. Category 5 cabling with RJ45 connections is used for the device port connections and
for the console port. (For pinout information, see Adapters and Pinouts on page 338.)
Note: RJ45 to DB9/DB25 adapters are available from Lantronix.
Device ports and the console port support the following baud-rate options: 300, 600, 1200, 2400,
4800, 9600, 19200, 38400, 57600, 115200, and 230400 baud.
SLB™ Branch Office Manager User Guide 28
2: Introduction
Figure 2-6 Device Port Connections
Figure 2-7 Console Port Connection
Network Connections
The SLB network interfaces are 10Base-T/100Base-TX connectors for use with a conventional
Ethernet network. Use standard RJ45-terminated Category 5 cables. Network parameters must be
configured before the SLB branch office manager can be accessed over the network.
Note: One possible use for the two Ethernet ports is to have one port on a private,
secure network and the other on a public, unsecured network.
Figure 2-8 Network Connection
USB Interface
The SLB unit has a USB port. Lantronix qualifies USB devices continuously.
Figure 2-9 USB Interface
SLB™ Branch Office Manager User Guide 29
2: Introduction
Modem Interface
The SLB branch office manager has one v92 modem RJ11 interface to allow configuration and
control of the unit via dialing into the unit.
Caution: To reduce the risk of fire, use only No. 26 AWG or larger (e.g., 24 AWG)
UL Listed or CSA Certified Telecommunication Line Cord.
Attention: Pour réduire les risques d’incendie, utiliser uniquement des
conducteurs de télécommunications 26 AWG au de section supérleure.
Figure 2-10 Modem Interface
SLB™ Branch Office Manager User Guide 30
3: Installation
This chapter provides a high-level procedure for installing the SLB branch office manager followed
by more detailed information about the SLB connections and power supplies.
What's in the Box
In addition to the SLB branch office manager, the following table lists components in the box and
their corresponding part numbers.
Table 3-1 Part Numbers and Descriptions for Adapters and Cables
Part # Component Description
Adapters:
200.2066A Adapter: DB25M (DCE), Sun w/DB25 female
200.2067A Adapter: DB25F (DCE) to RJ45, Sun w/DB25 male and some HP9000’s
200.2069A Adapter: DB9M (DCE) to RJ45, SGI Onyx
200.2070A Adapter: DB9F (DCE) to RJ45, HP9000, SGI Origin, IBM RS6000, and PC-based
ADP010104-01 Adapter: RJ45 rolled serial, Cisco, and Sun Netra
Note: The following optional adapters are available from Lantronix:
200.2073 Adapter: DB25M (DTE) to RJ45, external modems.
200.2071 Adapter: DB9M (DTE) to convert the RJ45 serial connector to a PC style D-sub serial port
Cables:
200.0063 Cable: RJ45 to RJ45, Cat-5, 6.6 ft (2 m)
500-153 Cable: RJ45 Loopback
Linux servers
Table 3-2 Part Numbers and Descriptions for Power Cords
Model Part Number Description
100-120 VAC SLB* SLB882KIT-15P
SLB882KIT-20P
200-240 VAC SLB* SLB8824KIT-EU
SLB8824KIT-AP
* Included power cords vary for kit purchased. Please see www.lantronix.com
cords available.
SLPP12310-01 Inlet cord: IEC60320/C19 to NEMA 5-15P
(15A)
SLPP12410-01 Inlet cord: IEC60320/C19 to NEMA 5-20P
(20A)
SLPP12810-01 Inlet cord: IEC60320/C19 to Schuko (EU)
SLPP12910-01 Inlet cord: IEC60320/C19 to BS1363 (UK)
SLPP12A08-01 Inlet cord: IEC60320/C19 to AS/NZS 3112
(AU/NZ)
SLPP12C08-01 Inlet cord: IEC60320/C19 to CHINA/GB (CN)
for additional inlet power
Verify and inspect the contents of the SLB package using the enclosed packing slip or the table
above. If any item is missing or damaged, contact your place of purchase immediately.
SLB™ Branch Office Manager User Guide 31
Product Information Label
The product information label on the underside of the SLB branch office manager contains the
following information about each SLB unit:
Part Number
Serial Number Bar Code
Serial Number and Date Code
Regulatory Certifications and Statements
Technical Specifications
Note: The SLB branch office manager is intended for use in Single Phase systems.
Table 3-3 SLB Technical Specifications
Component Description
Serial Interface (Device) (8) RJ45-type 8-conductor connector (DTE)
Serial Interface (Console) (1) RJ45-type 8-pin connector (DTE)
Power Input 100-120 VAC SLB Model
Note: The max input current is de-rated to figures listed in Table 3-4 when using specified power cords.
Power Outlets 100-120 VAC SLB Model
Modem Interface RJ11 Jack for connection to internal v92 dial up modem.
Network Interface Dual 10Base-T/100Base-TX RJ45 Ethernet
Power Consumption Less than 30 watts. Applies only to the operation of the SLB branch
3: Installation
Speed software selectable (300 to 230,400 baud)
Speed software selectable (300 to 230,400 baud)
(2) IEC-60320/C20 inlet, 100-120 VAC, 50/60Hz
(20A Branch Circuit) 16A max input current
200-240 VAC SLB Model
(2) IEC-60320/C20 inlet, 200-240 VAC, 50/60Hz
(20A Branch Circuit) 16A max input current
(8) NEMA5-20R outlets, 100-120 VAC, 50/60Hz
(20A Branch Circuit) 16A max per outlet, 16A total
Individual current sensor for monitoring power draw on each outlet
Output power switchable via independent relay for each outlet
200-240 VAC SLB Model
(8) IEC C13 outlets, 200-240 VAC, 50/60Hz
(20A Branch Circuit) 10A max per outlet, 16A total
(15.9A max total for China CCC)
Individual current sensor for monitoring power draw on each outlet
Output power switchable via independent relay for each outlet.
Single pole only. Not suitable for two hot line power systems.
Note: To reduce the risk of fire, use only No. 26 AWG or larger (e.g.,
24 AWG) UL Listed or CSA Certified Telecommunication Line Cord.
office manager and not to the current it is switching.
SLB™ Branch Office Manager User Guide 32
Component (continued) Description
Dimensions 1U, 1.7 in x 18.9 in x 12.4 in
Weight 10 lb.
Temperature Operating: 0 to 50 °C (32 to 122 °F)
Storage: -20 to 70 °C (-4 to 158 °F)
Relative Humidity Operating: 10% to 90% non-condensing
Storage: 10% to 90% non-condensing
Current measurement accuracy 1A to 16A
Table 3-4 Max Current per Power Cord Used
Power Cord Used Description
SLPP12310-01 Inlet cord: IEC60320/C19 to NEMA 5-15P (15A)
Note: Unit input current is de-rated to 12A maximum when using this cable.
SLPP12410-01 Inlet cord: IEC60320/C19 to NEMA 5-20P (20A)
Note: Unit input current is de-rated to 16A maximum when using this cable.
SLPP12810-01 Inlet cord: IEC60320/C19 to Schuko (EU/16A)
SLPP12910-01 Inlet cord: IEC60320/C19 to BS1363 (UK/13A)
SLPP12A08-01 Inlet cord: IEC60320/C19 to AS/NZS 3112 (AU/NZ/15A)
SLPP12C08-01 Inlet cord: IEC60320/C19 to CHINA/GB (CN/16A)
3: Installation
Safety Precautions
Please follow the safety precautions described below when installing and operating the SLB
branch office manager.
Cover
Do not remove the cover of the chassis. There are no user-serviceable parts inside. Opening
or removing the cover may expose you to dangerous voltage that could cause fire or electric
shock.
Refer all servicing to Lantronix.
Power Plug
When disconnecting the power cable from the socket, pull on the plug, not the cord.
Always connect the power cord to a properly wired and grounded power source. Do not use
adapter plugs or remove the grounding prong from the cord.
Only use a power cord with a voltage and current rating greater than the voltage and current
rating marked on the SLB.
Install the SLB unit near an AC outlet that is easily accessible.
Always connect any equipment used with the product to properly wired and grounded power
sources.
SLB™ Branch Office Manager User Guide 33
3: Installation
Always connect the unit with the proper polarity at the inlet connector. See Figure 3-5. Failure
to do so may cause downstream hazards on connected devices.
Figure 3-5 Inlet Pin Assignment
Neutral
Line
Ground
To help protect the product from sudden, transient increases and decreases in electrical
power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS).
Do not connect or disconnect this product during an electrical storm.
Input Supply
Caution: This SLB device may have more than one power supply source.
Disconnect all power supply sources before servicing to avoid electric
shock. Disconnect downstream device power cables prior to servicing
the downstream device.
Note: The SLB branch office manager is intended for use in Single Phase systems.
Check nameplate ratings to assure there is no overloading of supply circuits that could affect
over current protection and supply wiring.
Grounding
1. Maintain reliable grounding of this product.
2. Pay particular attention to supply connections when connecting to power strips, rather than
directly to the branch circuit.
Fuses
For protection against fire, replace the power-input-module fuse with the same type and rating.
Rack
If rack mounted SLB branch office managers are installed in a closed or multi-unit rack assembly,
they may require further evaluation by Certification Agencies. The following items must be
considered:
SLB™ Branch Office Manager User Guide 34
3: Installation
Do not install the SLB unit in a rack in such a way that a hazardous stability condition results
because of uneven loading. A drop or fall could cause injury.
The ambient temperature (Tma) inside the rack may be greater than the room ambient
temperature. Make sure to install the SLB branch office manager in an environment with an
ambient temperature less than the maximum operating temperature of the SLB unit. (See
Technical Specifications on page 32.)
Install the equipment in a rack in such a way that the amount of airflow required for safe
operation of the equipment is not compromised.
Mount the equipment in the rack so that a hazardous condition is not achieved due to uneven
mechanical loading.
Maintain reliable earthing of rack-mounted equipment. Give particular attention to supply
connections other than direct connections to the branch circuit (e.g. use of power strips).
Before operating the SLB branch office manager, make sure the SLB unit is secured to the
rack.
Port Connections
Only connect the network port to an Ethernet network that supports 10Base-T/100Base-T.
Only connect device ports to equipment with serial ports that support EIA-232 (formerly RS-
232C).
Only connect the console port to equipment with serial ports that support EIA-232 (formerly RS232C).
Physical Installation
To install the SLB branch office manager in a rack:
1. Place the SLB unit in a 19-inch rack.
Warning: Do not to block the air vents on the sides of the SLB device. If you
mount the SLB branch office manager in an enclosed rack, we
recommended that the rack have a ventilation fan to provide adequate
airflow through the SLB unit.
2. Connect the serial device(s) to the SLB device ports. See the section, Connecting to a Device
Port (on page 36).
3. Choose one of the following options:
To configure the SLB branch office manager using the network, or to monitor serial
devices on the network, connect at least one SLB network port to a network. See
Connecting to Network Ports (on page 36).
To configure the SLB branch office manager using a dumb terminal or a computer with
terminal emulation, connect the terminal or PC to the SLB console port. See Connecting
Terminals (on page 37).
4. Connect the power cord, and apply power. See Power (on page 37).
5. Wait approximately a minute and a half for the boot process to complete. If a terminal is
connected to the front panel serial console port the boot messages will be displayed on the
SLB™ Branch Office Manager User Guide 35
3: Installation
terminal.
When the boot process ends, the SLB host name and the clock or the power supply status
appear on the LCD display. Now you are ready to configure the network settings as described
in Chapter 4: Quick Setup on page 41.
Connecting to a Device Port
You can connect almost any device that has a serial console port to a device port on the SLB unit
for remote administration. The console port must support the RS-232C interface.
Note: Many servers must either have the serial port enabled as a console or the
keyboard and mouse detached. Consult the server hardware and/or software
documentation for more information.
To connect to a device port:
1. Connect one end of the Cat 5 cable to a device port on the SLB unit front panel.
2. Connect the other end of the Cat 5 cable to a Lantronix serial console adapter.
Note: To connect a device port to a Lantronix SLP™ power management, use the
ADP010104 adapter and a Cat5 patch cable between the adapter and the connected
equipment. See the appendix, Adapters and Pinouts on page 338 for more information
about Lantronix adapters.
Figure 3-6 CAT 5 Cable Connection
Cat-5 Cable
Lantronix Serial
Console Adapter
3. Connect the adapter to the serial console port on the serial device.
Connecting to Network Ports
The SLB branch office manager's network ports, 10Base-T/100Base-TX, allow remote access to
the attached devices and the system administrative functions. Use a standard RJ45-terminated
Category 5 cable to connect to the network port.
SLB™ Branch Office Manager User Guide 36
3: Installation
Note: One possible use for the two Ethernet ports is to have one port on a private,
secure network, and the other on an unsecured network. Ethernet bonding is also
supported.
Connecting Terminals
The console port is for local access to the SLB unit and the attached devices. You may attach a
dumb terminal or a computer with terminal emulation to the console port. The SLB console port
uses RS-232C protocol and supports VT100 emulation. The default baud rate is 9600.
To connect the console port to a terminal or computer with terminal emulation, Lantronix offers
optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector.
The console port is configured as DTE. For more information, see the appendix, Adapters and
Pinouts on page 338 and our Web site at www.lantronix.com/support
Lookup on the Support menu.
To connect a terminal:
1. Attach the Lantronix adapter to your terminal (use PN 200.2066A adapter) or your PC's serial
port (use PN 200.2070A adapter).
2. Connect the Cat 5 cable to the adapter, and connect the other end to the SLB console port.
and click Cable/Adapter
3. Turn on the terminal or start your computer's communication program (e.g., HyperTerminal for
Windows XP or lower. For recent versions of Windows use a free terminal emulator such as
PuTTY or TeraTerm Pro).
4. Once the SLB branch office manager is running, press Enter to establish connection. You
should see the model name and a login prompt on your terminal. You are connected.
Connecting to the Internal Modem
1. Connect an RJ11 telecommunication cable to the modem port on the front of the unit.
2. Connect the other end of the cable to an analog phone connector on your telephone network.
Caution: To reduce the risk of fire, use only No. 26 AWG or larger (e.g., 24 AWG)
UL Listed or CSA Certified Telecommunication Line Cord.
Power
The SLB unit consumes less than 30W of electrical power.
Note: Switched currents may be 30W or greater.
AC Input
The SLB branch office manager has a universal auto-switching dual AC inlet power supply. The
power supply for the 100-120 VAC SLB controller accepts AC input voltage between 100 and 120
VAC with a frequency of 50 or 60 Hz. The power supply for the 200-240 VAC SLB controller
accepts AC input voltage between 200 and 240 VAC with a frequency of 50 or 60 Hz. Rearmounted IEC-type AC power connectors are provided for universal AC power input on a single hot
line. US style two hot line 200-240VAC power is not supported. (See What's in the Box on page
31.)
Caution: This unit may have more than one power supply source. Disconnect all
power supply sources before servicing to avoid electric shock.
SLB™ Branch Office Manager User Guide 37
3: Installation
Figure 3-7 AC Power Input
One of the SLB dual AC power inputs is the designated primary power source and the other is
designated as the secondary source. If both are used, the power will be drawn by the primary
power source. If the primary power source should fail, power will be drawn through the secondary
power source. Once power is restored to the primary power source, the power will be switched
back from the secondary power source to the primary power source. Both power sources must be
on the same phase. Using power from different phases will cause the relay to malfunction and
possibly cause damage to the SLB.
Connecting Devices to Power Outlets
To avoid the possibility of noise due to arcing:
1. Keep the device's on/off switch in the off position until after it is plugged into the outlet, or log in
to the SLB branch office manager and turn the outlets off before connecting the devices.
2. Connect devices to the outlets.
Figure 3-8 100-120 VAC SLB - Branch Office Manager Power Outlets
SLB™ Branch Office Manager User Guide 38
Figure 3-9 200-240 VAC SLB - Branch Office Manager Power Outlets
The default screen under Maintenance->LCD/Keypad can be modified, but by default, the status
of the power outlets displays on the front panel LCD.
Typical Installations
Following are illustrations showing some typical ways to install the SLB branch office manager. In
Figure 3-10, three serial devices (a server, a Cisco switch, and a firewall) connect to the SLB unit's
serial ports and power outlets. This setup enables the SLB branch office manager to manage the
devices and provide power to the devices. In addition, the SLB unit includes a built-in modem for
out-of-band dial-up access.
3: Installation
Figure 3-10 100-120 VAC SLB Installation Diagram
SLB™ Branch Office Manager User Guide 39
3: Installation
Figure 3-11 200-240 VAC SLB Installation Diagram
The SLB device controls up to eight serial devices and provides power to them. The devices use a
separate user supplied Ethernet switch to connect to the network.
SLB™ Branch Office Manager User Guide 40
4: Quick Setup
This chapter helps get the IP network port up and running quickly, so you can administer the SLB
branch office manager using your network.
Recommendations
To set up the network connections quickly, we suggest you do one of the following:
Use the front panel LCD display and keypads.
Complete the Quick Setup on the web interface.
SSH to the command line interface and follow the Quick Setup script on the command line
interface.
Connect to the console port and follow the Quick Setup script on the command line interface.
Note: The first time you power up the SLB unit, Eth1 tries to obtain its IP address via
DHCP. If you have connected Eth1 to the network, and Eth1 is able to acquire an IP
address, you can view this IP address on the LCD or by running the Lantronix®
DeviceInstaller™ utility. If Eth1 cannot acquire an IP address, you cannot use Telnet,
SSH, or the web interface to run Quick Setup.
IP Address
Your SLB unit must have a unique IP address on your network. The system administrator
generally provides the IP address and corresponding subnet mask and gateway. The IP address
must be within a valid range, unique to your network, and in the same subnet as your PC if you are
using the DeviceInstaller utility.
The following table lists the options for assigning an IP address to your SLB branch office
manager.
Method Description
DHCP A DHCP server automatically assigns the IP address and network settings.
BOOTP Similar to DHCP but for smaller networks.
DeviceInstaller™ The Lantronix DeviceInstaller utility is a Windows-based GUI application that
Front panel LCD display
and keypads
Table 4-1 Methods of Assigning an IP Address
The SLB unit is DHCP-enabled by default.
With the Eth1 network port connected to the network, and the SLB device
powered up, Eth1 acquires an IP address, viewable on the LCD.
At this point, you can use SSH or Telnet to connect to the SLB branch office
manager, or use the web interface.
provides an easy way to install and configure specific Lantronix device server
products. You may utilize DeviceInstaller to assign an IP and other network
specific addresses.
You manually assign the IP address and other basic network, console, and
date/time settings. If desired, you can restore the factory defaults.
SLB™ Branch Office Manager User Guide 41
Method (continued) Description
Serial port login to
command line interface
You assign an IP address and configure the SLB branch office manager using
a terminal or a PC running a terminal emulation program to the SLB unit’s
serial console port connection.
Method #1 Using the Front Panel Display
Before you begin, ensure that you have:
Unique IP address that is valid on your network (unless automatically assigned)
Subnet mask (unless automatically assigned)
Gateway
DNS settings
Date, time, and time zone
Console port settings: baud rate, data bits, stop bits, parity, and flow control
Make sure the SLB branch office manager is plugged into power and turned on.
4: Quick Setup
Front Panel LCD Display and Keypads
With the SLB unit powered up, you can use the front panel display and keypad buttons to set up
the basic parameters.
Figure 4-2 Front Panel LCD Display and Five Button Keypads (Enter, Up, Down, Left, Right)
Front Panel Five Button
LCD Keypad
The front panel display initially shows the hostname (abbreviated to 14 letters), total current level,
and state of the power supply.
When you click the right-arrow keypad buttons, the SLB network settings display. Using the five
keypad buttons, you can change the network, console port, and date/time settings and view the
firmware release version. If desired, you can restore the factory defaults.
Note: Have your information handy as the display times out without accepting any
unsaved changes if you take more than 30 seconds between entries.
Any changes made to the network, console port, and date/time settings take effect immediately.
SLB™ Branch Office Manager User Guide 42
4: Quick Setup
Navigating
The front panel keypad has one Enter button (in the center) and four arrow buttons (up, left, right,
and down). Press the arrow buttons to navigate from one option to another, or to increment or
decrement a numerical entry of the selected option. Use the Enter button to select an option to
change or to save your settings.
The following table lists the SLB navigation actions, buttons, and options.
Table 4-3 LCD Arrow Keypad Actions
Button Action
Right arrow To move to the next option (e.g., from Network Settings to Console Settings)
Left arrow To return to the previous option
Enter (center button) To enter edit mode
Up and down arrows Within edit mode, to increase or decrease a numerical entry
Right or left arrows Within edit mode, to move the cursor right or left
Enter To exit edit mode
Up and down arrows To scroll up or down the list of parameters within an option (e.g., from IP
Address to Mask)
Table 4-4 Front Panel Setup Options with Associated Parameters
Left/Right Arrow
Network
Settings
Eth1 IP
Address
Up/
Down
Arrow
Eth1
Subnet
Mask
Gateway Stop Bits Outlet
DNS1 Parity
DNS2 Flow
DNS3
Console
Settings
Baud
Rate
Data Bits Date/Time Restore
Control
Date /
Time
Settings
Time
Zone
Release Power Internal
Firmware
version
and date
code
(display
only)
Factory
Defaults
Power
Inlets
Oulet
1 - 8
On/Off
Status
1 - 8
Reading
Temp
Reading in
Celsius &
Fahrenheit
User
Strings
Displays
configured
user
string(s), if
any.
Location Device
Ports
Indicates
the Rack
(RK), Row
(RW) &
Cluster
(CW)
locations.
Detects the
connection
state of
each port:
0=No serial
connection
1=Serial
connection
detected.
Current
Time
User ID
&
Current
TIme
SLB™ Branch Office Manager User Guide 43
4: Quick Setup
Note: The individual screens listed from left to right in Table 4-4 can be enabled or
disabled for display on the SLB LCD screen. The order of appearance of the screens, if
enabled, along with the elected “Home Page” may vary on the LCD monitor according to
configuration. See LCD/Keypad (on page 244) for instructions on enabling and disabling
screens.
Entering the Settings
To enter setup information:
1. From the normal display (host name, date and time or power supply status), press the right
arrow button to display Network Settings. The IP address for Eth1 displays.
Note: If you have connected Eth1 to the network, and Eth1 is able to acquire an IP
address through DHCP, this IP address displays, followed by the letter [D]. Otherwise, the
IP address displays as all zeros (000.000.000.000).
2. Press the Enter button on the keypad to enter edit mode. A cursor displays below one
character of the existing IP address setting.
3. To enter values:
Use the left or right arrow to move the cursor to the left or to the right position.
Use the up or down arrow to increment or decrement the numerical value.
4. When you have the set IP address as you want it, press Enter to exit edit mode, and then
press the down arrow button. The Subnet Mask parameter displays.
Note: You must edit the IP address and the Subnet Mask together for a valid IP address
combination.
5. To save your entries for one or more parameters in the group, press the right arrow button.
The Save Settings? Yes/No prompt displays.
Note: If the prompt does not display, make sure you are no longer in edit mode.
6. Use the left/right arrow buttons to select Yes, and press the Enter button.
7. Press the right arrow button to move to the next option, Console Settings.
8. Repeat steps 2-7 for each setting.
9. Press the right arrow button to move to the next option, Date/Time Settings, and click Enter
to edit the time zone.
To enter a US time zone, use the up/down arrow buttons to scroll through the US time
zones, and then press Enter to select the correct one.
To enter a time zone outside the US, press the left arrow button to move up to the top level
of time zones. Press the up/down arrow button to scroll through the top level.
A time zone with a trailing slash (such as Africa/) has sub-time zones. Use the right arrow
button to select the Africa time zones, and then the up/down arrows to scroll through them.
Press Enter to select the correct time zone. To move back to the top-level time zone at
any time, press the left arrow.
10. To save your entries, press the right arrow button. The Save Settings? Yes/No prompt
displays.
SLB™ Branch Office Manager User Guide 44
4: Quick Setup
Note: If the prompt does not display, make sure you are no longer in edit mode.
11. Use the left/right arrow buttons to select Yes, and press the Enter button.
12. To review the saved settings, press the up or down arrows to step through the current settings.
When you are done, the front panel returns to the clock display. The network port resets to the
new settings, and you can connect to your IP network for further administration. You should be
able to SSH to the SLB branch office manager through your network connection, or access the
Web interface through a Web browser.
Restoring Factory Defaults
To use the LCD display to restore factory default settings:
1. Press the right arrow button to move to the last option, Release.
2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit
Restore Factory Defaults password displays.
3. Press Enter to enter edit mode.
4. Using the left and right arrows to move between digits and the up and down arrows to change
digits, enter the password (the default password is 999999).
Note: The Restore Factory Defaults password is only for the LCD. You can change it at
the command line interface using the admin keypad password command.
5. Press Enter to exit edit mode. If the password is valid, a Save Settings? Yes/No prompt
displays.
6. To initiate the process for restoring factory defaults, select Yes. When the process is
complete, the SLB branch office manager reboots.
Limiting Sysadmin User Access
For security purposes, full administrative access to the SLC or SLB via the default sysadmin local
user account can be limited to only the front console port of the SLC or SLB device.
To configure this:
1. Enable the Sysadmin access limited to Console Port option on the Local/Remote Users web
page.
2. Enable a remote authentication method (such as TACACS+ or LDAP) and configure the
remote authentication method to be first in the order of methods used.
3. Create a remote user account with full administrative rights.
4. Uncheck the Attempt next method on authentication rejection checkbox on the Authentication
Methods web page.
These steps will prevent any local users from logging in, restrict the default sysadmin local user to
the front console port, and allow a user with administrative rights to login, as long as remote
authentication is working.
SLB™ Branch Office Manager User Guide 45
To use DHCP to restore a configuration to a factory defaulted SLB:
Utilize the Zero Touch Provisioning Configuration Restore feature, to acquire a default
configuration from a DHCP server and TFTP server when it is booted.
1. At boot time, before the normal startup process, a unit will attempt to acquire network
parameters and a configuration file, first over Eth1.
2. A unit will then attempt to acquire network parameters and a configuration file over Eth2.
3. See SLB Maintenance (on page 226) for more information.
Method #2 Quick Setup on the Web Page
After the unit has an IP address, you can use the Quick Setup page to configure the remaining
network settings. This page displays the first time you log into the SLB unit only. Otherwise, the
SLB Home Page displays.
To complete the Quick Setup page:
1. Open a web browser (Firefox, Chrome or Internet Explorer with JavaScript enabled).
4: Quick Setup
2. In the URL field, type https:// followed by the IP address of your SLB.
Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and
redirects all requests to the encrypted (HTTPS) port (port 443).
3. Log in using sysadmin as the user name and PASS as the password. The first time you log in
to the SLB, the Quick Setup page automatically displays. Otherwise, the Home page displays.
Note: To open the Quick Setup page at another time, click the Quick Setup tab.
SLB™ Branch Office Manager User Guide 46
Figure 4-5 Quick Setup
4: Quick Setup
4. To accept the defaults, select the Accept default Quick Setup settings checkbox in the top
portion of the page and click the Apply button at the bottom of the page. Otherwise, continue
with step 5.
Note: Once you click the Apply button on the Quick Setup page, you can continue using
the web interface to configure the SLB branch office manager further.
5. Enter the following settings:
SLB™ Branch Office Manager User Guide 47
4: Quick Setup
Network Settings
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Network Setting Description
Eth 1 Settings
IP Address
(if specifying)
Subnet Mask If specifying an IP address, enter the subnet mask for the network on which the SLB
Default Gateway The IP address of the router for this network. There is no default.
Hostname The default host name is slbXXXX, where XXXX is the last 4 characters of the
Domain If desired, specify a domain name (for example, support.lantronix.com). The domain
Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway
from the DHCP server. (The DHCP server may not provide the hostname
gateway, depending on its setup.) This is the default setting. If you select this
option, skip to Gateway.
Obtain from BOOTP: Lets a network node request configuration information from
a BOOTP "server" node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.
Enter an IP address that is unique and valid on your network. There is no default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields
for dot-quad numbers less than 100. For example, if your IP address is
172.19.201.28, do not enter 028 for the last segment.
Note: Currently, the SLB unit does not support configurations with the same IP
subnet on multiple interfaces (Ethernet or PPP).
device resides. There is no default.
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces). The host name becomes the prompt in the command line
interface.
name is used for host name resolution within the SLB unit. For example, if abcd is
specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLB branch office manager attempts to resolve
abcd.mydomain.com for the SMTP server.
Date & Time Settings
Date & Time Setting Description
Change Date/Time Select the checkbox to manually enter the date and time at the SLB’s location.
Date From the drop-down lists, select the current month, day, and year.
Time From the drop-down lists, select the current hour and minute.
Time Zone From the drop-down list, select the appropriate time zone.
Administrator Settings
Administrator
Setting
Sysadmin Password To change the password (e.g., from the default) enter a Sysadmin Password of up
Retype Password Re-enter the Sysadmin Password above in this field as a confirmation.
6. Click the Apply button to save your entries.
SLB™ Branch Office Manager User Guide 48
Description
to 64 characters.
Method #3 Quick Setup on the Command Line Interface
If the SLB branch office manager does not have an IP address, you can connect a dumb terminal
or a PC running a terminal emulation program (VT100) to access the command line interface. (See
Connecting Terminals on page 37.) If the unit has an IP address, you can use SSH or Telnet to
connect to the SLB.
Note: By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the
Services > SSH/Telnet/Logging page (see Chapter 7: Services on page 84), a serial
terminal connection, or an SSH connection.
To complete the command line interface Quick Setup script:
1. Do one of the following:
With a serial terminal connection, power up, and when the command line displays, press
Enter.
With a network connection, use an SSH program or Telnet program (if Telnet has been
enabled) to connect to xx.xx.xx.xx (the IP address in dot quad notation), and press
Enter. You should be at the login prompt.
2. Enter sysadmin as the user name and press Enter.
4: Quick Setup
3. Enter PASS as the password and press Enter. The first time you log in, the Quick Setup script
runs automatically. Normally, the command prompt displays.
Figure 4-6 Beginning of Quick Setup Script
Quick Setup will now step you through configuring a few basic settings.
The current settings are shown in brackets ('[]').
You can accept the current setting for each question by pressing
<return>.
4. Enter the following information at the prompts:
Note: To accept a default or to skip an entry that is not required, press Enter.
CLI Quick Setup
Settings
Configure Eth1 Select one of the following:
Description
<1> obtain IP Address from DHCP: The unit will acquire the IP address, subnet
mask, hostname, and gateway from the DHCP server. (The DHCP server may or
may not provide the gateway and hostname, depending on its setup.) This is the
default setting.
<2> obtain IP Address from BOOTP: Permits a network node to request
configuration information from a BOOTP "server" node.
<3> static IP Address: Allows you to assign a static IP address manually. The IP
address is generally provided by the system administrator.
SLB™ Branch Office Manager User Guide 49
4: Quick Setup
CLI Quick Setup
Settings
IP Address (if
specifying)
Subnet Mask The subnet mask specifies the network segment on which the SLB branch office
Default Gateway IP address of the router for this network. There is no default.
Hostname The default host name is slbXXXX, where XXXX is the last 4 characters of the
Domain If desired, specify a domain name (for example, support.lantronix.com). The domain
Time Zone If the time zone displayed is incorrect, enter the correct time zone and press Enter. If
Date/Time If the date and time displayed are correct, type n and continue. If the date and time
Sysadmin
password
Description
An IP address that is unique and valid on your network and in the same subnet as
your PC. There is no default.
If you selected DHCP or BOOTP, this prompt does not display.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields for
dot-quad numbers less than 100. For example, if your IP address is 172.19.201.28,
do not enter 028 for the last segment.
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or
PPP) are not currently supported.
manager resides. There is no default. If you selected DHCP or BOOTP, this prompt
does not display.
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces).
Note: The host name becomes the prompt in the command line interface.
name is used for host name resolution within the SLB. For example, if abcd is
specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLB branch office manager attempts to resolve
abcd.mydomain.com for the SMTP server.
the entry is not a valid time zone, the system guides you through selecting a time
zone. A list of valid regions and countries displays. At the prompts, enter the correct
region and country.
are incorrect, type y and enter the correct date and time in the formats shown at the
prompts.
Enter a new sysadmin password.
After you complete the Quick Setup script, the changes take effect immediately.
Figure 4-7 Completed Quick Setup
Quick Setup will now step you through configuring a few basic settings.
The current settings are shown in brackets ('[]').
You can accept the current setting for each question by pressing
<return>.
____Ethernet Port and Default Gateway___________________________________
The SLB88 has two ethernet ports, Eth1 and Eth2.
By default, both ports are configured for DHCP.
Configure Eth1: (1) obtain IP Address from DHCP
(2) obtain IP Address from BOOTP
(3) static IP Address
Enter 1-3: [1]
The SLB88 can be configured to use a default gateway.
SLB™ Branch Office Manager User Guide 50
4: Quick Setup
Enter gateway IP Address: [none]
____Hostname____________________________________________________________
The current hostname is 'slb882/8824', and the current domain is
'<undefined>'.
The hostname will be shown in the CLI prompt.
Specify a hostname: [slb882/8824]
Specify a domain: [<undefined>]
____Time Zone___________________________________________________________
The current time zone is 'UTC'.
Enter time zone: [UTC]
____Date/Time___________________________________________________________
The current time is Mon April 30 02:33:17 2018
Change the current time? [n]
____Sysadmin Password___________________________________________________
Enter new password: [<current password>]
Quick Setup is now complete.
Next Step
After completing quick setup on the SLB, you may want to configure other settings. You can use
the web page or the command line interface for configuration.
For information about the web and the command line interfaces, go to Chapter 5: Web and
Command Line Interfaces.
To continue configuring the SLB, go to Chapter 6: Basic Parameters.
SLB™ Branch Office Manager User Guide 51
5: Web and Command Line Interfaces
The SLB branch office manager offers three interfaces for configuring the SLB command line
interface (CLI), a web interface, and an LCD with keypads on the front panel. This chapter
discusses the web and command line interfaces. (Chapter 4: Quick Setup on page 41 includes
instructions for using the LCD to configure basic network settings.)
Web Interface
A web interface allows the system administrator and other authorized users to configure and
manage the SLB unit using most web browsers (Firefox, Chrome or Internet Explorer with
JavaScript enabled). The SLB branch office manager provides a secure, encrypted web interface
over SSL (secure sockets layer).
Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and
redirects all requests to the encrypted (HTTPS) port (port 443).
The following figure shows a typical web page:
Figure 5-1 Web Page Layout
Logout
Button
Tabs
Port Number
Bar
Icons
Options
Entry Fields
and Options
Apply Button
Help Button
SLB™ Branch Office Manager User Guide 52
5: Web and Command Line Interfaces
The web page has the following components:
Tabs: Groups of settings to configure.
Options: Below each tab are options for specific types of settings.
Note: Only those options for which the currently logged-in user has rights display.
Port and Power Outlet Bar:
The light green LCD button allows you to configure the front panel LCD
The gray U1 button allows you to configure the USB device (flash drive or modem)
plugged into the front panel USB connector. The gray U2 button allows you to configure
the internal USB dial-up modem.
The blue E1 and E2 buttons display the Network > Network Settings (bottom of page)
page.
The eight green number buttons allow you to select a port and display its settings. Only
ports to which the currently logged-in user has rights are enabled.
Below the bar are three options for use with the port buttons. Selecting a port and the
Configuration option takes you to the Device Ports > Settings page. Selecting a port and
the WebSSH option displays the WebSSH window for the device port if Web SSH is
enabled, and if SSH is enabled for the device port. Selecting the port and the Connected
Device button allows access to supported devices such as SLP power managers and/or
SensorSoft temperature and humidity probes connected to the device port.
The red P1 - P8 buttons enable you to select a power outlet and display the Devices >
Power Outlets page with the selected outlet's information highlighted.
The yellow A and B buttons display the status of the power supplies.
Entry Fields and Options: Allow you to enter data and select options for the settings.
Note: For specific instructions on completing the fields on the web pages, see Chapters
5 through 12.
Apply Button: Apply on each web page makes the changes immediately and saves them so
they will be there when the SLB branch office manager is rebooted.
Icons: The icon bar above the Main Menu has icons that display the following:
Home page.
Information about the SLB unit and Lantronix contact information.
Configuration site map.
Status of the SLB device.
Help Button: Provides online Help for the specific web page.
Logging in
Only the system administrator or users with web access rights can log into the web page. More
than one user at a time can log in, but the same user cannot login more than once.
To log in to the SLB web interface:
SLB™ Branch Office Manager User Guide 53
5: Web and Command Line Interfaces
1. Open a web browser.
2. In the URL field, type https:// followed by the IP address of your SLB branch office
manager.
3. To configure the SLB unit, use sysadmin as the user name and PASS as the password.
(These are the default values.)
Note: The system administrator may have changed the password using one of the
Quick Setup methods in the previous chapter.
The Lantronix SLB Quick Setup page displays automatically the first time you log in.
Subsequently, the Lantronix SLB Home page displays. (If you want to display the Quick Setup
page again, click Quick Setup on the main menu.)
Logging Out
To log off the SLB web interface:
1. Click the Logout button located on the upper left part of any user interface page. You are
brought back to the login screen when logout is complete.
Web Page Help
To view detailed information about an SLB web page:
1. Click the Help button to the right of any user interface page. Online Help contents will appear
in a new browser.
Command Line Interface
A command line interface (CLI) is available for entering all the commands you can use with the
SLB. In this User Guide, after each section of instructions for using the web interface, you will find
the equivalent CLI commands. You can access the command line interface using Telnet, SSH, or
a serial terminal connection.
Note: By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the
Services > SSH/Telnet/Logging web page, a serial terminal connection, or an SSH
connection. (See Chapter 7: Services.)
The sysadmin user and users with who have full administrative rights have access to the complete
command set, while all other users have access to a reduced command set based on their
permissions.
Logging In
To log in to the SLB command line interface:
1. Do one of the following:
With a serial terminal connection, power up, and when the command line displays, press
Enter.
SLB™ Branch Office Manager User Guide 54
5: Web and Command Line Interfaces
If the SLB branch office manager already has an IP address (assigned previously or
assigned by DHCP), Telnet (if Telnet has been enabled) or SSH to xx.xx.xx.xx (the IP
address in dot quad notation) and press Enter. The login prompt displays.
2. To log in as the system administrator for setup and configuration, enter sysadmin as the user
name and press Enter.
3. Enter PASS as the password and press Enter. The first time you log in, the Quick Setup script
runs automatically. Normally, the command prompt displays. (If you want to display the Quick
Setup script again, use the admin quicksetup command.)
Note: The system administrator may have changed the password using one of the
Quick Setup methods in the previous chapter.
To log in any other user:
1. Enter your SLB user name and press Enter.
2. Enter your SLB password and press Enter.
Logging Out
To log out of the SLB command line interface, type logout and press Enter.
Command Syntax
Commands have the following format:
<action> <category> <parameter(s)>
where
<action> is set, show, connect, admin, diag, or logout.
<category> is a group of related parameters whose settings you want to configure or view.
Examples are ntp, deviceport, and network.
<parameter(s)> is one or more name-value pairs in one of the following formats:
<parameter name> <aa|bb>
<parameter name> <Value>
Table 5-2 Actions and Category Options
Action Category
set
auth|cflow|cifs|cli|command|consoleport|datetime|deviceport|
groups|history|hostlist|ipfilter|kerberos|ldap|localusers|
log|menu|network|nfs|nis|ntp|password|perfmon|power|radius|
remoteusers|routing|script|services|site|slcnetwork|sshkey|
tacacs+|temperature|usb|vpn
User must specify one of the values (aa or bb) separated by a
vertical line ( | ). The values are in all lowercase and must be
entered exactly as shown. Bold indicates a default value.
User must specify an appropriate value, for example, an IP address.
The parameter values are in mixed case. Square brackets [ ]
indicate optional parameters.
SLB™ Branch Office Manager User Guide 55
5: Web and Command Line Interfaces
Action Category
show
auth|auditlog|cflow|cifs|cli|connections|consoleport|datetime
|deviceport|emaillog|groups|history|hostlist|ipfilter|
kerberos|ldap|localusers|log|menu|network|nfs|nis|ntp|
perfmon|portcounters|portstatus|power|radius|remoteusers|
routing|script|services|site|slcnetwork|sshkey|sysconfig|
syslog|sysstatus|tacacs+|temperature|usb|user|vpn
connect
bidirection|direct|global|listen|restart|script|terminate
|unidirection
diag
arp|internals|lookup|loopback|netstat|nettrace|perfstat|ping|
ping6|sendpacket|traceroute
admin
banner|clear|config|events|firmware|ftp|keypad|lcd|memory
|quicksetup|reboot|shutdown|site|version|web
logout Terminates CLI session.
Command Line Help
For general Help and to display the commands to which you have rights, type: help
For general command line Help, type: help command line
For more information about a specific command, type help followed by the command. For
example: help set network or help admin firmware
Tips
Type enough characters to identify the action, category, or parameter name uniquely. For
parameter values, type the entire value. For example, you can shorten:
set network port 1 state static ipaddr 122.3.10.1 mask 255.255.0.0
to
se net po 1 st static ip 122.3.10.1 ma 255.255.0.0
Use the Tab key to automatically complete action, category, or parameter names. Type a
partial name and press Tab either to complete the name if only one is possible, or to display
the possible names if more than one is possible. Following a space after the preceding name,
Tab displays all possible names.
Should you make a mistake while typing, backspace by pressing the Backspace key and/or
the Delete key, depending on how you accessed the interface. Both keys work if you use
VT100 emulation in your terminal access program when connecting to the console port. Use
the left and right arrow keys to move within a command.
Use the up and down arrows to scroll through previously entered commands. If desired, select
one and edit it. You can scroll through up to 100 previous commands entered in the session.
To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.
When the number of lines displayed by a command exceeds the size of the window (the
default is 25), the command output is halted until the user is ready to continue. To display the
next line, press Enter, and to display the page, press the space bar. You can override the
number of lines (or disable the feature altogether) with the set cli command.
SLB™ Branch Office Manager User Guide 56
5: Web and Command Line Interfaces
General CLI Commands
The following commands relate to the CLI itself.
To configure the current command line session:
set cli scscommands <enable|disable>
Allows you to use SCS-compatible commands as shortcuts for executing commands:
Note: Settings are retained between CLI sessions for local users and users listed in the
remote users list.
SCS Commands SLB Commands
info 'show sysstatus'
version 'admin version'
reboot 'admin reboot'
poweroff 'admin shutdown'
listdev 'show deviceport names'
direct 'connect direct deviceport'
listen 'connect listen deviceport'
clear 'set locallog clear'
telnet 'connect direct telnet'
ssh 'connect direct ssh'
To set the number of lines displayed by a command:
set cli terminallines <disable|Number of lines>
Sets the number of lines in the terminal emulation (screen) for paging through text one screenful at
a time, if the SLB branch office manager cannot detect the size of the terminal automatically.
To show current CLI settings:
show cli
To view the last 100 commands entered in the session:
show history
To clear the command history:
set history clear
To view the rights of the currently logged-in user:
show user
Note: For information about user rights, see Chapter 11: User Authentication.
SLB™ Branch Office Manager User Guide 57
6: Basic Parameters
This chapter explains how to set the following basic configuration settings for the SLB branch
office manager using the SLB web interface or the CLI:
Network parameters that determine how the SLB branch office manager interacts with the
attached network
Firewall and routing
Date and time
Note: If you entered some of these settings using a Quick Setup procedure, you may
update them here.
Requirements
If you assign a different IP address from the current one, it must be within a valid range, unique to
your network, and with the same subnet mask as your workstation.
To configure the unit, you need the following information:
Eth1 IP address: ________ - ________ - ________ - ________
Subnet mask: ________ - ________ - ________ - ________
Eth2 IP address (optional): ________ - ________ - ________ - ________
Subnet mask (optional): ________ - ________ - ________ - ________
Gateway: ___________ - ___________ - ___________ - ___________
DNS: ___________ - ___________ - ___________ - ___________
SLB™ Branch Office Manager User Guide 58
6: Basic Parameters
To enter settings for one or both network ports:
1. Click the Network tab and select the Network Settings option. The following page displays:
Figure 6-1 Network > Network Settings (top of page)
SLB™ Branch Office Manager User Guide 59
Figure 6-2 Network > Network Settings (bottom of page)
6: Basic Parameters
2. Enter the following information:
Eth1 and Eth2 Settings
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Eth1 Settings
or
Eth2 Settings
IP Address
(if specifying)
Subnet Mask If specifying an IP address, enter the network segment on which the SLB unit
Disabled: If selected, disables the network port.
Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway
from the DHCP server. (The DHCP server may not provide the hostname
gateway, depending on its setup.) This is the default setting. If you select this
option, skip to Gateway.
Obtain from BOOTP: Lets a network node request configuration information
from a BOOTP "server" node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.
Enter an IP address that will be unique and valid on your network. There is no
default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the
fields for dot-quad numbers less than 100. For example, if your IP address is
172.19.201.28, do not enter 028 for the last segment.
Note: Currently, the SLB branch office manager does not support configurations
with the same IP subnet on multiple interfaces (Ethernet or PPP).
resides. There is no default.
SLB™ Branch Office Manager User Guide 60
6: Basic Parameters
IPv6 Address Address of the port in IPv6 format.
Note: The SLB branch office manager supports IPv6 connections for a limited set
of services: the web, SSH, and Telnet.
IPv6 addresses are written as 8 sets of 4-digit hexadecimal numbers separated by
colons. There are several rules for modifying the address. For example:
1234:0BCD:1D67:0000:0000:8375:BADD:0057 may be shortened to
1234:BCD:1D67::8375:BADD:57.
IPv6 Address
(Link Local)
Mode Select the direction (full duplex or half-duplex) and speed (10 or 100Mbit) of data
MTU Displays the multicast address of the Ethernet port.
Enable IPv6 Select this box to enable the IPv6 protocol. Disabled by default.
Ethernet Bonding Ethernet 1 and Ethernet 2 can be bonded to support redundancy (Active Backup),
Enable IP
Forwarding
An IPv6 address that is intended only for communications within the segment of a
local network.
transmission. The default is Auto, which allows the Ethernet port to auto-negotiate
the speed and duplex with the hardware endpoint to which it is connected.
aggregation (802.3ad), and load balancing. Disabled by default. Note that if
Ethernet Bonding is enabled, assigning individual IP Addresses to Device Ports is
not supported.
IP forwarding enables network traffic received on one interface (Eth1, Eth2, or an
external/USB modem attached to the SLB branch office manager with an active
PPP connection) to be transferred out another interface (any of the above). The
default behavior (if IP forwarding is disabled) is for network traffic to be received but
not routed to another destination.
Enabling IP forwarding is required if you enable Network Address Translation
(NAT) for any device port modem or USB/ISDN modem. IP forwarding allows a
user accessing the SLB unit over a modem to access the network connected to
Eth1 or Eth2.
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Hostname & Name Servers
Hostname
Domain If desired, specify a domain name (for example, support.lantronix.com
The default host name is
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces). The host name becomes the prompt in the command line
interface.
name is used for host name resolution within the SLB. For example, if abcd is
specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLB branch office manager attempts to resolve
abcd.mydomain.com for the SMTP server.
slbXXXX, where XXXX is the last 4 characters of the
). The domain
DNS Servers
DNS Servers
#1 - #3
Configure up to three name servers. #1 is required if you choose to configure DNS
(Domain Name Server) servers.
The first three DNS servers acquired via DHCP through Eth1 and/or Eth2 display
automatically.
SLB™ Branch Office Manager User Guide 61
6: Basic Parameters
DHCP-Acquired DNS Servers
#1 - #3 Displays the IP address of the name servers if automatically assigned by DHCP.
GPRS-Acquired DNS Servers
#1 - #3 Displays the IP address of the name servers if automatically assigned by General
Packet Radio Service (GPRS).
TCP Keepalive Parameters
Start Probes Number of seconds the SLB branch office manager waits after the last transmission
before sending the first probe to determine whether a TCP session is still alive. The
default is 600 seconds (10 minutes).
Number of Probes Number of probes the SLB unit sends before closing a session. The default is 5.
Interval The number of seconds the SLB device waits between probes. The default is 60
seconds.
Gateway
Default IP address of the router for this network.
If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2
displays.
All network traffic that matches the Eth1 IP address and subnet mask is sent out
Eth1. All network traffic that matches the Eth2 IP address and subnet mask is sent
out Eth 2.
If you set a default gateway, any network traffic that does not match Eth1 or Eth2 is
sent to the default gateway for routing.
DHCP-Acquired Gateway acquired by DHCP for Eth1 or Eth2. View only.
GPRS-Acquired Displays the IP address of the router if it has been automatically assigned by
General Packet Radio Service (GPRS). View only.
Precedence Indicates whether the gateway acquired by DHCP or the default gateway takes
precedence. The default is DHCP Gateway. If the DHCP Gateway is selected and
both Eth1 and Eth2 are configured for DHCP, the SLB unit gives precedence to the
Eth1 gateway.
Enable IP
Forwarding
IP forwarding enables network traffic received on one interface (Eth1, Eth2, or an
external/USB modem attached to the SLB branch office manager with an active
PPP connection) to be transferred out another interface (any of the above). The
default behavior (if IP forwarding is disabled) is for network traffic to be received but
not routed to another destination.
Enabling IP forwarding is required if you enable Network Address Translation (NAT)
for any device port modem or USB/ISDN modem. IP forwarding allows a user
accessing the SLB unit over a modem to access the network connected to Eth1 or
Eth2.
Fail-Over Settings
Fail-Over Gateway IP
Address
IP Address to Ping IP address to ping to determine whether to use the fail-over gateway.
SLB™ Branch Office Manager User Guide 62
An alternate IP address of the router for this network, to be used if an IP address
usually accessible through the default gateway fails to return one or more pings.
Note: The fail-over gateway is not supported when DHCP is used.
6: Basic Parameters
Ethernet Port to Ping Ethernet port to use for the ping.
Delay between Pings Number of seconds between pings.
Number of Failed
Pings
Number of pings that fail before the SLB branch office manager uses the fail-over
gateway.
Fail-Over Cellular Gateway Configuration
Fail-over Device Select an integrated device to be used as the fail-over gateway. Currently the
Sierra Wireless AirLink ES450 is supported.
The Sierra gateway must be properly provisioned before first use by initializing the
APN of the installed SIM card. This is done by connecting the Sierra gateway to the
second ethernet port of the SLB, and assigning a static IP address to the SLB port
so that it is in the same subnet as the IP address of the Sierra gateway. Use the
console CLI or web GUI to set the APN of the SIM card. After setting the APN,
power cycle the Sierra gateway and allow it to reboot completely.
The failover feature requires that both Ethernet ports be configured with a static IP
address. Using DHCP on one of the Ethernet ports may overwrite the default route,
interfering with fail-over and fail-back.
Note: The commands sent to the fail-over device to retrieve status and update the
configuration are shown in the syslog (messages may be displayed under Network
syslog; at the Debug level). If there are errors retrieving status or updating the
configuration, check messages in the Network syslog, the device administrator
login/password, connectivity to the device and the firmware version of the fail-over
device (the minimum required firmware version for Sierra Wireless ES450 is 4.9.2).
When the SLB sends an updated configuration to the fail-over device, it is
recommended to check the SLB syslog, even if the SLB indicates that the update
was successful. Responses from the fail-over device indicating that the device
needs to be rebooted for configuration changes to take effect may also be in the
syslog. The configuration will be resent to the device if any of the fail-over device
settings are changed, or the selected fail-over device is changed from None to one
of the supported fail-over device types.
When a fail-over or fail-back occurs, running applications such as VPN tunnel and
ConsoleFlow will be restarted.
APN of Mobile Carrier For the Sierra gateways, configure the Access Point Name for the mobile carrier.
May have up to 80 characters.
Admin Login and
Password/Retype
Change Admin
Password (check box)
New Admin
Password/Retype
Reboot Gateway
When Making
Changes (check box)
Fail-Over Cellular
Gateway Status (link)
For the selected Fail-over Device, the administrator login and password used to
retrieve status from the device and send configuration updates to the device. The
login may have up to 32 characters, and the password may have up to 64
characters. The Sierra gateway login must be set as 'user'.
Select this check box if you wish to update the admin password for the selected
gateway Fail-over Device.
For the selected Fail-over Device, the administrator password can be changed on
the gateway. The password may have up to 64 characters.
The administrator can reboot the gateway.
Clicking the link opens the Fail-Over Cellular Gateway status window, showing
status and statistics about the fail-over gateway.
Click Back to Network Settings to return to the Network Settings page.
SLB™ Branch Office Manager User Guide 63
6: Basic Parameters
Advanced Cellular Gateway Configuration
PIN Lock (check box) For the Sierra gateways, enable a lock so that the SIM card used by the gateway
cannot be used by anyone who does not have the PIN.
Pin # for SIM Card/
Retype
SIM PUK/Retype The Sierra gateway does not have this feature.
For the Sierra gateways, the PIN number for the SIM card used by the gateway.
May have up to 8 characters.
Fail-Over Cellular Gateway Firmware
Note: The Sierra fail-over device must be selected in order for you to be able to update
the firmware.
Update Firmware
(check box)
Firmware Filename Enter the name of the firmware filename exactly as it is represented.
Radio Firmware
Filename
Load Firmware via Select the method to load the firmware from the options in the drop-down menu.
Select this option to update firmware on the Sierra gateway. The Functional
Firmware file and the Radio Firmware file will be transferred to the SLB using the
method selected by the Load Firmware via option. Once the files have been
transferred to the SLB, the SLB will initiate the firmware update on the Sierra
gateway.
Enter the name of the radio firmware filename exactly as it is represented.
Load Cellular Gateway Firmware Options
FTP/SFTP/SCP
Server
Path Enter the server directory pathway to the files.
Login Enter the user login for the FTP/SFTP/SCP server to verify access rights to load
Password/Retype
Password
3. To save your entries, click the Apply button. Apply makes the changes immediately and
saves them so they will be there when the SLB branch office manager is rebooted.
Enter the server address from where to load the firmware.
new firmware.
Enter the password for the FTP/SFTP/SCP server to verify access rights to load
new firmware. Retype the password in the Retype Password field.
Ethernet Counters
The Network > Network Settings (bottom of page) page displays statistics for each of the SLB's
Ethernet ports since boot-up. The system automatically updates them.
Note: For Ethernet statistics for a smaller time period, use the diag perfstat
command.
Network Commands
Go to Network Commands (on page 307) to view CLI commands which correspond to the web
page entries described above.
SLB™ Branch Office Manager User Guide 64
IP Filter
IP filters (also called a rule set) act as a firewall to allow or deny individual or a range of IP
addresses, ports, and protocols. When a network connection is configured to use an IP filter, all
network traffic through that connection is compared, in order, to the rules of that filter. Network
traffic may be allowed to pass, it may be dropped (without notice), or it may be rejected (sends
back an error packet) depending upon the rules of that filter rule set.
The administrator uses the Network > IP Filter page to view, add, edit, delete, and map IP filters,
Warning: IP filters configuration is a feature for advanced users. Adding and
Viewing IP Filters
You can view a list of filters and a table showing how each filter is mapped to an interface.
To view a list of IP filters:
1. Click the Network tab and select the IP Filter option. The following page displays:
6: Basic Parameters
enabling IP filter sets incorrectly can disable your SLB.
Figure 6-3 Network > IP Filter
Enabling IP Filters
On the Network > IP Filter page, you can enable all filters or disable all filters.
Note: There is no way to enable or disable individual filters.
SLB™ Branch Office Manager User Guide 65
6: Basic Parameters
To enable IP filters:
1. Enter the following:
Enable IP Filter Select the Enable IP Filter checkbox to enable all filters, or clear the checkbox
to disable all filters. Disabled by default.
Packets Dropped Displays the number of data packets that the filter ignored (did not respond to).
View only.
Packets Rejected Displays the number of data packets that the filter sent a “rejected” response to.
View only.
Test Timer Timer for testing IP Filter rulesets. Select No to disable the timer. Select Yes,
minutes (1-120) to enable the timer and enter the number of minutes the timer
should run. The timer automatically disables the IP Filters when the time
expires.
Time Remaining Indicates how many minutes are left on the timer before it expires and IP Filters
disabled. View only.
Configuring IP Filters
The administrator can add, edit, delete, and map IP filters.
Note: A configured filter has no effect until it is mapped to a network interface. See
Mapping a Ruleset on page 69.
To add an IP filter:
1. On the Network > IP Filter page, click the Add Ruleset button. The following page displays:
SLB™ Branch Office Manager User Guide 66
6: Basic Parameters
Figure 6-4 Network > IP Filter Ruleset (Adding/Editing Rulesets)
Rulesets can be added or updated on this page.
2. Enter the following:
Ruleset Name Name that identifies a filter; may be composed of letters, numbers, and hyphens
only. (The name cannot start with a hyphen.)
Example:
FILTER-2
Rule Parameters
IP Address(es) Specify a single IP address to act as a filter.
Example:
Subnet Mask Specify a subnet mask to act determine how much of the address should apply to
the filter.
Example:
Protocol From the drop-down list, select the type of protocol through which the filter will
operate. The default setting is All.
172.19.220.64 – this specific IP address only
255.255.255.255 to specify the whole address should apply.
SLB™ Branch Office Manager User Guide 67
6: Basic Parameters
Port Range Enter a range of destination TCP or UDP port numbers to be tested. An entry is
required for TCP, TCP New, TCP Established, and UDP, and is not allowed for
other protocols. Separate multiple ports with commas. Separate ranges of ports by
colons.
Examples:
22 – filter on port 22 only
23,64,80 – filter on ports 23, 64 and 80
23:64,80,143:150 – filter on ports 23 through 64, port 80 and ports 143 through
150
Action Select whether to Drop, Reject, or Accept communications for the specified IP
address, subnet mask, protocol, and port range. Drop ignores the packet with no
notification. Reject ignores the packet and sends back an error message. Allow
permits the packet through the filter.
Generate rule to
allow service
You may wish to “punch holes” in your filter set for a particular protocol or service.
For instance, if you have configured your NIS server and wish to create an opening
in your filter set, select the NIS option and click the Add Rule button. This entry
adds a new rule to your filter set using the NIS -configured IP address. Other
services and protocols added automatically generate the necessary rule to allow
their use.
3. Click the right arrow button to add the new rule to the bottom of the Rules list box on the
right. A maximum of 64 rules can be created for each ruleset.
4. To remove a rule from the filter set, highlight that line and click the left arrow. The rule
populates the rule definition fields, allowing you to make minor changes before reinserting the
rule. To clear the definition fields, click the Clear button.
5. To change the order of priority of the rules in the list box, select the rule to move and use the
up or down arrow buttons on the right side of the filter list box.
6. To save, click the Apply button. The new filter displays in the menu tree.
Note: To add another new filter rule set, click the Back to IP Filter link to return to the
Network > IP Filter page.
SLB™ Branch Office Manager User Guide 68
6: Basic Parameters
Updating an IP Filter
To update an IP filter rule set:
1. From the Network > IP Filter page, the administrator selects the IP filter ruleset to be edited
and clicks the Edit Ruleset button to return to the Network > IP Filter Ruleset (Adding/Editing
Rulesets) page (see Figure 6-4).
2. Edit the information as desired and click the Apply button.
Deleting an IP Filter
To delete an IP filter rule set:
1. On the Network > IP Filter page, the administrator selects the IP filter ruleset to be deleted and
clicks the Delete Ruleset button.
Mapping a Ruleset
The administrator can assign an IP Filter Ruleset to a network interface (Ethernet interface) and a
modem connected to a Device Port.
To map a rule set to a network interface:
1. On the Network > IP Filter page, select the IP filter ruleset to be mapped.
2. From the Interface drop-down list, select the interface and click the Map Ruleset button. The
Interface and rule set display in the IP Filter Mappings table.
To delete a mapping:
1) On the Network > IP Filter page, select the mapping from the list and click the Delete
Mapping button. The mapping no longer displays.
2) Click the Apply button.
IP Filter Commands
Go to IP Filter Commands (on page 303) to view CLI commands which correspond to the web
page entries described above
Routing
The SLB branch office manager allows you to define static routes and, for networks using Routing
Information Protocol (RIP)-capable routes, to enable the RIP protocol to configure the routes
dynamically.
To configure routing settings:
1. Click the Network tab and select the Routing option. The following page displays:
SLB™ Branch Office Manager User Guide 69
Figure 6-5 Network > Routing
6: Basic Parameters
2. Enter the following:
Dynamic Routing
Enable RIP Select to enable Dynamic Routing Information Protocol (RIP) to assign routes
automatically. Disabled by default.
RIP Version Select the RIP version. The default is 2.
Static Routing
Enable Static
Routing
3. Click the Apply button.
Note: To display the routing table, status or specific report, see the section, Status/
Reports on page 238.
Select to assign the routes manually. The system administrator usually provides the
routes. Disabled by default.
To add a static route, enter the IP Address, Subnet Mask, and Gateway for the
route and click the Add/Edit Route button. The route displays in the Static Routes
table. You can add up to 64 static routes.
To edit a static route, select the radio button to the right of the route, change the IP
Address, Subnet Mask, and Gateway fields as desired, and click the Add/Edit
Route button.
To delete a static route, select the radio button to the right of the route and click the
Delete Route button.
Routing Commands
Go to Routing Commands (on page 318) to view CLI commands which correspond to the web
page entries described above.
SLB™ Branch Office Manager User Guide 70
VPN
6: Basic Parameters
This page can be used to create a Virtual Private Network (VPN) tunnel to the SLB branch office
manager for secure communication between the SLB device and a remote host or gateway. The
SLB unit supports IPSec tunnels using Encapsulated Security Payload (ESP). The SLB branch
office manager supports host-to-host, net-to-net, host-to-net, and roaming user tunnels.
Note: To allow VPN tunnel access if the SLB firewall is enabled, traffic to UDP ports 500
and 4500 from the remote host should be allowed, as well as protocol ESP from the
remote host.
To complete the VPN page:
1. Click the Network tab and select the VPN option. The following page displays:
Figure 6-6 Network > VPN
SLB™ Branch Office Manager User Guide 71
6: Basic Parameters
2. Enter the following:
Enable VPN Tunnel Select to create a tunnel.
Name The name assigned to the tunnel. Required to create a tunnel.
Ethernet Port Select ethernet port 1 or 2.
Remote Host The IP address of the remote host's public network interface. The special
value of any can be entered if the remote host is a roaming user who may
not have the same IP address each time a tunnel is created. In this case, it
is recommended that the Remote Id also be configured.
Remote Id How the remote host should be identified for authentication. The Id is used
to select the proper credentials for communicating with the remote host.
Remote Hop/Router If the remote host is behind a gateway, this specifies the IP address of the
gateway's public network interface.
Remote Subnet(s) One or more subnets behind the remote host, expressed in CIDR notation
(IP address/mask bits). If multiple subnets are specified, the subnets should
be separated by a comma.
Local Id How the SLB branch office manager should be identified for authentication.
The Id is used by the remote host to select the proper credentials for
communicating with the SLB.
Local Hop/
Router
Local Subnet(s) One or more subnets behind the SLB, expressed in CIDR notation (IP
IKE Negotiation The Internet Key Exchange (IKE) protocol is used to exchange security
IKE Encryption The type of encryption, 3DES or AES, used for IKE negotiation. Any can be
Authentication (Ike) The type of authentication, SHA1 or MD5, used for IKE negotiation. Any
DH Group (Ike) The Diffie-Hellman Group, 2 or 5, used for IKE negotiation. Any can be
ESP Encryption The type of encryption, 3DES or AES, used for encrypting the data sent
Authentication (Ike) The type of authentication, SHA1 or MD5, used for authenticating data sent
If the SLB unit is behind a gateway, this specifies the IP address of the
gateway's public network interface.
address/mask bits). If multiple subnets are specified, the subnets should be
separated by a comma.
options between two hosts who want to communicate via IPSec. The first
phase of the protocol authenticates the two hosts to each other and
establishes the Internet Security Association Key Management Protocol
Security Association (ISAKMP SA). The second phase of the protocol
establishes the cryptographic parameters for protecting the data passed
through the tunnel, which is the IPSec Security Association (IPSec SA). The
IPSec SA can periodically be renegotiated to ensure security. The IKE
protocol can use one of two modes: Main Mode, which provides identity
protection and takes longer, or Aggressive Mode, which provides no identity
protection but is quicker. With Aggressive Mode, there is no negotiation of
which cryptographic parameters will be used; each side must give the
correct cryptographic parameters in the initial package of the exchange,
otherwise the exchange will fail. If Aggressive Mode is used, the IKE
Encryption, IKE Authentication, and IKE DH Group must be specified.
selected if the two sides can negotiate which type of encryption to use.
can be selected if the two sides can negotiate which type of authentication
to use.
selected if the two sides can negotiate which Diffie-Hellman Group to use.
through the tunnel. Any can be selected if the two sides can negotiate
which type of encryption to use.
through the tunnel. Any can be selected if the two sides can negotiate
which type of authentication to use.
SLB™ Branch Office Manager User Guide 72
6: Basic Parameters
DH Group (Ike) The Diffie-Hellman Group, 2 or 5, used for the key exchange for data sent
through the tunnel. Any can be selected if the two sides can negotiate
which Diffie-Hellman Group to use.
Authentication The type of authentication used by the host on each side of the VPN tunnel
to verify the identity of the other host. For RSA Public Key, each host
generates a RSA public-private key pair, and shares its public key with the
remote host. The RSA Public Key for the SLB branch office manager (which
has 2192 bits) can be viewed at either the web or CLI. For Pre-Shared Key,
each host enters the same passphrase to be used for authentication.
RSA Public Key for
Remote Host
Pre-Shared Key If Pre-Shared Key is selected for authentication, enter the key.
Retype Pre-Shared Key If Pre-Shared Key is selected for authentication, re-enter the key.
Perfect Forward Secrecy When a new IPSec SA is negotiated after the IPSec SA lifetime expires, a
Mode Configuration Client If this is enabled, the SLB unit can receive network configuration from the
XAUTH Client If this is enabled, the SLB branch office manager will send authentication
XAUTH Login (Client) If XAUTH Client is enabled, this is the login used for authentication.
XAUTH Password If XAUTH Client is enabled, this is the password used for authentication.
Retype Password If XAUTH Client is enabled, this is the password used for authentication.
If RSA Public Key is selected for authentication, enter the public key for the
remote host.
new Diffie-Hellman key exchange can be performed to generate a new
session key to be used to encrypt the data being sent through the tunnel. If
this is enabled, it provides greater security, since the old session keys are
destroyed.
remote host. This allows the remote host to assign an IP address/netmask
to the SLB device side of the VPN tunnel.
credentials to the remote host if they are requested. XAUTH, or Extended
Authentication, can be used as an additional security measure on top of the
Pre-Shared Key or RSA Public Key.
3. To save, click Apply button.
4. To see a details of the VPN tunnel connection, including the cryptographic algorithms used,
select the View Detailed Status link.
5. To see the last 100 lines of the logs associated with the VPN tunnel, select the View VPN
Logs link.
6. To see the RSA public key for the SLB branch office manager (required for configuring the
remote host if RSA Public Keys are being used), select the View SLB RSA Public Key link.
SLB™ Branch Office Manager User Guide 73
Performance Monitoring
The SLB supports Performance Monitoring probes for analyzing network performance. Probes for
DNS Lookup, HTTP Get, ICMP Echo, TCP Connect, UDP Jitter and UDP Jitter VoIP are
supported. Up to 15 different probes can be configured. Each probe will run a series of operations,
each of which sends a series of packets to a destination host. The SLB will measure how long it
took to receive a response, and record the results. For each operation, the user can view the
results for each packet (round trip times), or the accumulated statistics for all packets - minimum,
average and maximum latency, and for jitter probes, minimum, average, maximum and standard
deviation of the jitter delay. Dropped packets and other error conditions are recorded for each
operation. This capability allows an administrator to analyze network efficiency across the
network.
An operation consists of sending a specified number of packets to a destination host and optional
port, with a specified amount of time between each packet. All results for each operation are
stored in one data file, and the results can be viewed later.
Repository and Operations Kept: The SLB can be configured to store probe results on the local
SLB storage or an external USB thumb drive. The number of operations that can be stored per
probe on the local SLB storage is 50 operations; for external USB thumb drive, 200 operations can
be stored per probe.
Responders: The SLB can act as a responder for probes that require a responder to answer
packets that are sent from the SLB (UDP jitter, UDP jitter VoIP, UDP Echo and TCP Connect). The
SLB UDP jitter responder can support packet responses for up to 15 UDP jitter or UDP jitter VoIP
probes. The UDP Echo and TCP Connect can support packets responses for one UDP Echo or
TCP Connect probe.
6: Basic Parameters
Jitter Probes and Clock Skew: For jitter probes, it is important to have both the sender and
responder synchronized to a reliable NTP server. Significant clock skew can greatly affect jitter
results, as timestamps are recorded in the sender probe and the responder, and these timestamps
are used to measure one-way latency for the packets. At the start of each jitter operation, the clock
skew between the sender and the responder will be output to the system log.
Compatibility with Cisco Responders: The SLB Performance Monitor sender is compatible with
Cisco IP SLA responders (IOS versions 12.2 and 15.0) for jitter probes. The SLB uses a simplified
version of the IP SLA v2 (Engine II) protocol to communicate with the Cisco IP SLA responders.
This compatibility gives the administrator a large number of devices with which to measure
network performance.
SLB™ Branch Office Manager User Guide 74
6: Basic Parameters
To manage or view status for a Performance Monitoring probe:
1. Click the Network tab and select the Perf Monitoring option. The following page displays.
Figure 6-7 Network > Perf Monitoring
2. In the upper section of the page, modify the global Performance Monitoring settings:
Number of operations
kept for each probe
Repository for
operations
UDP Jitter Responder Starts the UDP Jitter responder to reply to UDP jitter or UDP jitter VoIP packets.
UDP Echo Responder Starts the UDP Echo responder on the port configured in UDP Port to reply to
Specifies the number of operation set files to keep for each probe. The limit for
Local storage is 50 sets. The limit for external USB is 200 sets. While a probe is
running, the operation set files will be automatically culled to remove the oldest
operation set files.
The repository where the operation set files will be kept - Local storage, or a USB
thumb drive inserted in the upper USB Port U1. The data is stored in individual
directories under a directory called "perfmon". Once probes have been run and
operation set files have been generated, changing the repository will cause all of
the existing files to be moved from the old repository directory to the new
repository directory. It is recommended that the repository only be changed when
probes are not actively running. If external storage is used for the repository, it is
recommended that the external storage device not be removed from the SLB
while probes are actively running.
The responder will listen on UDP port 1967 for control messages requesting to
start individual responders on a specific UDP port. The SLB UDP jitter responder
can support up to 15 UDP jitter senders.
UDP echo packets. The SLB UDP Echo responder supports one UDP echo
sender.
When the UDP Echo responder is enabled, the SLB will verify that the responder
UDP port is not being used by any other SLB processes, including port 1967
which is reserved for the UDP Jitter responder.
SLB™ Branch Office Manager User Guide 75
6: Basic Parameters
TCP Connect
Responder
Starts the TCP Connect responder on the port configured in TCP Port to reply to
TCP connect requests. The SLB TCP Connect responder supports one TCP
connect sender.
When the TCP Connect responder is enabled, the SLB will verify that the
responder TCP port is not being used by any other SLB processes.
3. Click the Apply button.
4. In the lower section of the page, select a probe by clicking the radio button to the far right in
the probe's row. The options that are available for that probe will be ungreyed. Select one of
the following options:
Refresh Refreshes the information on the Performance Monitoring page.
Add Probe Displays the Performance Monitoring - Add/Edit Probe web page to add a new
probe.
Operations Displays a list of completed operations for the selected probe and allows the user
to view either raw packet results or accumulated statistics for any operation.
Latest Results Displays the latest raw packet results for the selected probe.
Latest Accumulated Displays the latest accumulated statistics for the selected probe.
State: Restart Allows the state of a probe to be controlled: the user can Restart a completed or
running probe. When a probe is added, it will automatically start running,
depending on how the probe start time is configured. Once a probe has run all of
its configured operations, it will be in the "Complete" state. If the SLB is rebooted,
all probes will automatically be restarted.
Edit Probe Displays the Performance Monitoring - Add/Edit Probe web page to edit the
currently selected probe.
Delete Deletes the selected probe, after a confirmation.
The table at the bottom of the page lists information about completed and running probes.
Id Unique identifier for the probe.
Name Name assigned to the probe.
State The current state of the probe: Complete if all operations have been run, or
Running if there are still operations that need to be run.
Start Time First Op The date and time that the first operation started.
Finish Time Last Op The date time that the most recently completed operation finished.
Error Any errors reported by the probe:
NMT: the current repository is an external source, but the USB thumb drive is
not mounted
NDR: the repository directory for the probe does not exist
OPF: failed to open an operation data file
SCT: error initializing a socket
CFG: error retrieving probe configuration
EXP: probe start time has expired
Operations Comp/
Total
The number of operations that have been completed and the total
number of operations that will be run.
SLB™ Branch Office Manager User Guide 76
6: Basic Parameters
Performance Monitoring - Add/Edit Probe
The Performance Monitoring - Add/Edit Probe web page allows a user to add a new Performance
Monitoring probe or edit an existing Performance Monitoring probe.
To add a new probe or edit an existing probe:
1. Click the Network tab and select the Perf Monitoring option. The Network > Perf Monitoring
page displays.
2. To add a new probe, in the lower section of the page, select the Add Probe link. To edit an
existing probe, select a probe by clicking the radio button to the right right in the probe's row,
then select the Edit Probe button. In both cases, the following page displays.
Figure 6-8 Performance Monitoring - Add/Edit Probe
SLB™ Branch Office Manager User Guide 77
6: Basic Parameters
3. Modify the probe settings:
Probe Type Select from one of the available probe types:
DNS Lookup - Performs a DNS lookup on the hostname specified in the
Destination Host using the Name Server. By default port 53 is always used as
the Destination Port.
HTTP Get - Performs an HTTP Get to the home (root) of the web server at the
Destination Host and Destination Port.
ICMP Echo - Sends ICMP Echo (ping) packets to the Destination Host.
TCP Connect - Performs a TCP Connection to the Destination Host and
Destination Port.
UDP Echo - Sends UDP Echo packets to the Destination Host and Destination
Port.
UDP Jitter - Sends UDP jitter packets using a simplified version of the Cisco IP
SLA v2 (Engine II) protocol to the Destination Host and Destination Port.
UDP Jitter VoIP - Sends UDP jitter packets configured to simulate Voice over
IP network traffic (VoIP) using a simplified version of the Cisco IP SLA v2
(Engine II) protocol to the Destination Host and Destination Port.
Name Probe name, up to 40 characters long. Valid characters are letters, numbers,
dashes (-), periods and underscores (_).
Number of Operations Number of operations to perform for the probe. Probes can for a specific number
of operations. The valid range is 1 - 1000, and the default is 100.
Frequency between
Operations
Number of Packets Number of packets to send for each probe. For DNS Lookup probes, this is the
Interval between
Packets
Start Time Schedule a time to start the probe: Now starts the probe immediately; At date/
Destination Host The hostname or IP address to send packets to. For DNS Lookup probes this is
Destination Port The TCP or UDP port to send packets to. For ICMP probes, the port setting is not
Precision The precision to view results in - milliseconds (the default) or microseconds. Jitter
Time between probe operations, in seconds. The valid range is 5 - 3600 seconds,
and the default is 60 seconds.
number of lookups to perform. For HTTP Get probes, this is the number of HTTP
Gets to perform. For TCP Connect probes, this is the number of TCP connections
to perform. The valid range is 1 - 1000 for the Local repository and 1 - 2000 for a
USB. The default is 10 packets.
Interval between packets in milliseconds. The valid range is 10 - 5000
milliseconds, and the default is 500 milliseconds. For HTTP Get, DNS Lookup and
TCP Connect probes, the timeout must be less than the interval due to a new
socket being created and destroyed for each packet.
time will start the probe at the specified date and time in the future; After waiting
will start the probe after waiting a period of time that is less than 24 hours. When
the SLB is rebooted, the probe will start according to the Start Time settings: (a)
immediately if it set to Now, (b) at a date and time in the future if it is set to At
date/time and the date and time is in the future, (c) after waiting a period of time if
it is set to After waiting.
the hostname to lookup.
used. For DNS Lookup probes, the destination port is always port 53. Port 1967 is
reserved for the UDP jitter responder. The valid range is 1 - 65535.
results are always displayed in milliseconds.
SLB™ Branch Office Manager User Guide 78
6: Basic Parameters
Data Size The size in bytes to use for the payload portion of the packet - this size is in
addition to the IPv4 header and the TCP, UDP or ICMP header. Any additional
space in the packet that is not used by the protocol will be padded with random
data that can be used for data verification (see below).
This parameter is only supported for ICMP Echo, TCP Connect, UDP Echo, UDP
Jitter, and UDP Jitter VoIP probes. The maximum payload for any probe is 1460
bytes. The minimum payload size for probes is: UDP Jitter VoIP G.729a codec
probes - 32 bytes; all other UDP Jitter probes - 64 bytes; ICMP Echo probes - 18
bytes; TCP Connect probes - 1 bytes; UDP Echo probes - 4 bytes.
If no data size is specified (e.g., it is set to zero), a default payload size will be
used for the probes as follows:
ICMP Echo - 56 bytes
UDP Jitter VoIP G.729A - 32 bytes
UDP Jitter (all others) - 64 bytes
TCP Connect and UDP Echo - 256 bytes
Verify Data If enabled, indicates that the SLB should verify if there is data corruption in the
reply packets. This parameter is only supported for ICMP Echo, UDP Echo, UDP
Jitter, and UDP Jitter VoIP probes.
Timeout How long the SLB will wait for a packet to arrive, in milliseconds. If the packet
arrives after the timeout it will be considered a Late Arrival error (see Error
Conditions). The valid range is 10 - 1000, and the default is 200 msec.
UDP Jitter VoIP Codec For UDP Jitter VoIP probes, the codec to simulate. The following codecs are
available:
G.729A - 32 byte packets sent 20 msec apart, 1000 packets per operation, 60
seconds between operations
G.711 A-law - 172 byte packets sent 20 msec apart, 1000 packets per
operation, 60 seconds between operations
G.711 mu-law - 172 byte packets sent 20 msec apart, 1000 packets per
operation, 60 seconds between operations
The default values for the VoIP probes can be overridden to use different packet
sizes, intervals, etc.
ICMP Ethernet
Interface
TOS (Type of Service) Sets the IPv4 Type of Service field in the IPv4 header. This is available for UDP
DNS Name Server IP
Address
For ICMP Echo probes, which Ethernet interface can be used for the probe: both
interfaces, Ethernet Port 1, or Ethernet Port 2.
Jitter and UDP Jitter VoIP probes only. The range is 0 - 255, and the default value
is 0.
For DNS Lookup probes, the IP address of the DNS name server to use for
lookups.
4. Click the Apply button.
Performance Monitoring - Results
The Performance Monitoring - Operations page displays all of the operations that have been
saved for a selected probe. The probe ID and name are shown at the top of the web page. From
this page, the user may select any operation to view its round trip time (RTT) results, or the
accumulated statistics for all round trip times in an operation.
An operation consists of sending a specified number of packets to a destination host and optional
port, with a specified amount of time between each packet. All results for each operation are
stored in one data file.
SLB™ Branch Office Manager User Guide 79
6: Basic Parameters
Round Trip Times
The results for each packet in an operation can be displayed with the RTT Results link. Each
packet will be displayed with the packet start time and any error that resulted from sending the
packet. For non-jitter probes, the total round trip time is displayed in either millisconds or
microseconds, depending on how the probe's precision setting:
Probe 6/icmp-probe, operation icmp_170627_235709.dat:
Pkt Time RT Time Result
1 17-06-27 23:57:09.171 0.419 ms OK
2 17-06-27 23:57:09.211 0.378 ms OK
3 17-06-27 23:57:09.251 0.366 ms OK
4 17-06-27 23:57:09.291 0.354 ms OK
5 17-06-27 23:57:09.332 0.448 ms OK
6 17-06-27 23:57:09.372 0.382 ms OK
7 17-06-27 23:57:09.412 0.308 ms OK
8 17-06-27 23:57:09.452 0.334 ms OK
9 17-06-27 23:57:09.492 0.365 ms OK
10 17-06-27 23:57:09.532 0.361 ms OK
For jitter probes, the source to destination and destination times are displayed in the probe's
configured precision:
Probe 7/udp-jitter-probe, operation udpjitter_170628_002049.dat:
Pkt Time Src To Dst Time Dst To Src Time Result
1 17-06-28 00:20:49.621 31029 usec 44191 usec OK
2 17-06-28 00:20:49.717 35409 usec 44170 usec OK
3 17-06-28 00:20:49.808 35558 usec 34120 usec OK
4 17-06-28 00:20:49.898 25500 usec 34175 usec OK
5 17-06-28 00:20:49.988 35210 usec 34196 usec OK
6 17-06-28 00:20:50.079 25517 usec 34177 usec OK
7 17-06-28 00:20:50.169 35210 usec 54166 usec Late Arrival
8 17-06-28 00:20:50.259 25549 usec 34170 usec OK
9 17-06-28 00:20:50.350 25313 usec 34255 usec OK
10 17-06-28 00:20:50.440 24848 usec 34351 usec OK
Accumulated Statistics
A summary of all round trip time and any error conditions is displayed. The display will vary for
non-jitter and jitter results. For example, non-jitter accumulated results will show:
Probe 6/icmp-probe, operation icmp_170627_235709.dat:
Operation Type:
ICMP Echo to 10.0.1.162, Ethernet Port: both
30 packets sent 40 ms apart, timeout 1000 ms
Operation Start Time: 17-06-27 23:57:09.171
Last Packet RTT: 0.340 msec
Round Trip Time Results:
Number of RTT: 30
RTT Min/Avg/Max: 0.306/0.362/0.448 msec
Number of Successes: 30
Number of Errors: 0
Lost Packet: 0 (0%)
Out of Sequence: 0
Late Arrival: 0
Miscellaneous Error: 0
SLB™ Branch Office Manager User Guide 80
6: Basic Parameters
For jitter probes, positive (increasing latency) and negative (decreasing latency) statistics are
shown, as well as the number of positive or negative jitter samples in each direction, and the sum
and (and sum squared) of the positive or negative jitter times. These numbers give a summary of
how much variation there was in latency times and if the variation was small or large.
Probe 7/udp-jitter-probe, operation udpjitter_170628_002049.dat:
Operation Type:
UDP Jitter to 10.0.1.93:50505
50 packets sent 60 ms apart, timeout 1000 msec
Operation Start Time: 17-06-28 00:20:49.071
Last Packet RTT: 69.334 msec
Round Trip Time Results:
Number of RTT: 50
RTT Min/Avg/Max: 57.327/63.863/89.376 msec
One-way Latency Results:
Number of samples: 50
Source to Destination Min/Avg/Max: 23.174/27.467/45.206 msec
Destination to Source Min/Avg/Max: 34.068/36.396/54.166 msec
Jitter, Source to Destination:
Number of Samples: 49
Positive and Negative Min/Avg/Max: 1/4/20 msec
Positive Min/Avg/Max: 1/7/20 msec
Positive Number Of/Sum of All/Sum of All Squared: 13/100/1090 msec
Negative Min/Avg/Max: 1/5/20 msec
Negative Number Of/Sum of All/Sum of All Squared: 17/96/1018 msec
Jitter, Destination to Source:
Number of Samples: 49
Positive and Negative Min/Avg/Max: 10/3/20 msec
Positive Min/Avg/Max: 10/12/20 msec
Positive Number Of/Sum of All/Sum of All Squared: 7/90/1300 msec
Negative Min/Avg/Max: 10/12/20 msec
Negative Number Of/Sum of All/Sum of All Squared: 8/100/1400 msec
Number of Successes: 49
Number of Errors: 1
Lost Packet: 0 (0%)
Out of Sequence: 0
Late Arrival: 1
Miscellaneous Error: 0
Table 6-9 Error Conditions
The following error conditions are detected by the probes. Except where noted, the RTT results for
a packet with errors will not be counted in the accumulated statistics.
Error Condition Description
Timeout A response was never received for the packet. These packets are listed as
Lost Packets under the accumulated statistics.
Late Arrival A response was received for a packet, but the response was received after
the timeout configured for the probe. The SLB will wait at most 2 times the
probe's timeout for late arrival packets. The RTT results will be included in
the accumulated statistics.
SLB™ Branch Office Manager User Guide 81
6: Basic Parameters
Error Condition Description
Not Connected A packet could not be sent because the connection to the destination host
could not be established, or because the attempt to send the packet failed.
Sequence Error A packet response was received with an unexpected sequence number.
Possible reasons are: a duplicate packet was received, a response was
received after it timed out, a corrupted packet was received and was not
detected.
Verify Data Error A response was received for a packet with payload data that does not match
the expected data.
DNS Server Timeout A DNS lookup could not be completed because the SLB could not connect to
the DNS name server.
DNS Lookup Error A DNS lookup failed - the requested hostname could not be resolved. This is
not considered a protocol error, but rather an expected result, depending on
the hostname being resolved. The RTT results will be included in the
accumulated statistics.
TCP Connect Timeout A TCP connect could not be completed because a connection to the TCP
server could not be established.
HTTP Transaction Timeout An HTTP Get that failed because no response was received from the HTTP
server before the timeout expired.
HTTP Error An HTTP Get succeeded, but the HTTP content (base page) that was
downloaded had errors: missing "HTTP/" header string, missing
"Connection: close" string, or response has an HTTP error code (the code
was not 200/OK). This is not considered a protocol error. The RTT results
will be included in the accumulated statistics.
Generic Error Any error that does fall into any of the above error conditions.
To view results for a Performance Monitoring probe:
1. Click the Network tab and select the Perf Monitoring option. The Network > Perf Monitoring
page displays.
2. Select a probe from the table in the lower part of the page and select the Operations link. The
Performance Monitoring - Operations page displays.
Figure 6-10 Performance Monitoring - Operations
3. A table will list all available operations for the selected probe, with the most recent operation
listed first. The table may be empty if no operations have been run for the probe or the
operations for the probe have been deleted. Select an operation by clicking the radio button to
SLB™ Branch Office Manager User Guide 82
6: Basic Parameters
the far right in the operation's row. The options that are available for that operation will be
ungreyed. Select one of the following options:
Refresh Refreshes the information on the Performance Monitoring - Operations page.
RTT Results Displays the round trip time (RTT) results for the selected operation in a
separate window. The results show:
The time that the packet was sent,
The total round trip time for non-jitter probes or the source to destination
time and destination to source time for jitter probes, and
The status for the packet - OK/successful or an error condition.
For more information, see Round Trip Times or Error Conditions).
Accumulated Results Displays the accumulated statistics for the selected operation in a separate
window. The results show parameters used for the selected operation, and the
minimum, average and maximum round trip times for all probes. For jitter
probes, the results show minimum, average and maximum one way latency
times, as well as jitter results for source to destination and destination to
source. For all probes, a summary of lost packets and error conditions is
displayed.
Performance Monitoring Commands
Go to Performance Monitoring Commands to view CLI commands which correspond to the web
page entries described above.
SLB™ Branch Office Manager User Guide 83
7: Services
System Logging and Other Services
Use the Services > SSH/Telnet/Logging page to:
Configure the amount of data sent to the logs.
Enable or disable SSH and Telnet logins.
Enable a Simple Network Management Protocol (SNMP) agent.
Note: The SLB branch office manager supports both MIB-II (as defined by RFC 1213)
and a private enterprise MIB. The private enterprise MIB provides read-only access to all
statistics and configurable items provided by the SLB unit. It provides read-write access to
a select set of functions for controlling the SLB unit and device ports. See the MIB
definition file for details.
Identify a Simple Mail Transfer Protocol (SMTP) server.
Enable or disable SSH and Telnet logins.
Configure an audit log.
View the status of and manage the SLB units on the secure Lantronix network.
Set the date and time.
SLB™ Branch Office Manager User Guide 84
SSH/Telnet/Logging
To configure SSH, Telnet, and Logging settings:
1. Click the Services tab and select the SSH/Telnet/Logging option. The following page
displays.
7: Services
Figure 7-1 Services > SSH/Telnet/Logging
2. Enter the following settings:
System Logging
Alert Levels Select one of the following alert levels from the drop-down list for each message
category:
Off: Disables this type of logging.
Error: Saves messages that are output because of an error.
Warning: Saves message output from a condition that may be cause for concern, in
addition to error messages. This is the default for all message types.
Info: Saves informative message, in addition to warning and error messages.
Debug: Saves extraneous detail that may be helpful in tracking down a problem, in
addition to information, warning, and error messages.
SLB™ Branch Office Manager User Guide 85
7: Services
Network Level Messages concerning the network activity, for example about Ethernet and routing.
Services Messages concerning services such as SNMP and SMTP.
Authentication Messages concerning user authentication.
Device Ports Messages concerning device ports and connections.
Diagnostics Messages concerning system status and problems.
General Any message not in the categories above.
Remote Servers
(#1 and #2)
IP address of the remote server(s) where system logs are stored.
The system log is always saved to local SLB storage. It is retained through SLB branch
office manager reboots for files up to 200K. Saving the system log to a server that
supports remote logging services (see RFC 3164) allows the administrator to save the
complete system log history.
Audit Log
Enable Log Select to save a history of all configuration changes in a circular log. Disabled by
default. The audit log is saved through SLB reboots.
Size The log has a default maximum size of 50 Kbytes (approximately 500 entries). You
can set the maximum size of the log from 1 to 500 Kbytes.
Include CLI
Commands
Include In System
Log
Select to cause the audit log to include the CLI commands that have been executed.
Disabled by default.
If enabled, the contents of the audit log are added to the system log (under the
General/Info category/level). Disabled by default.
SMTP
Server IP address of your network’s Simple Mail Transfer Protocol (SMTP) relay server.
Sender The email address of the sender of outgoing emails. The strings "$host" and "$domain"
can be part of the email address - they will be substituted with the actual hostname and
domain. The default is donotreply@$host.$domain.
SSH
Enable Logins Enables or disables SSH logins to the SLB branch office manager to allow users to
access the CLI using SSH. Enabled by default.
This setting does not control SSH access to individual device ports. (See Device Ports
- Settings (on page 113) for information on enabling SSH access to individual ports.)
Most system administrators enable SSH logins, which is the preferred method of
accessing the system.
Web SSH Enables or disables the ability to access the SLB command Iine interface or device
ports (connect direct) through the Web SSH window. Disabled by default.
Timeout If you enable SSH logins, you can cause an idle connection to disconnect after a
specified number of minutes. Select Yes and enter a value of from 1 to 30 minutes.
Note: You must reboot the unit before a change will take effect.
SSH Port Allows you to change the SSH login port to a different value in the range of 1 - 65535.
The default is 22.
Note: You must reboot the unit before a change will take effect.
SLB™ Branch Office Manager User Guide 86
7: Services
DSA Keys Enables or disables support for DSA keys for incoming and outgoing connections for
the StLB unit. Any imported or exported DSA keys will be retained but will not be visible
on the web or the CLI. Enabled by default.
Use only SHA2
and Higher
Enables or disables support for only SHA2 and higher ciphers for incoming connections
for the SLC unit. Disabled by default. Enabling this option will also disable MACs with
tag sizes lower than 128 bits (e.g. umac-64-etm@openssh.com and umac64@openssh.com).
Telnet
Enable Logins Enables or disables Telnet logins to the SLB branch office manager to allow users to
access the CLI using Telnet. Disabled by default.
This setting does not control Telnet access to individual device ports. (See Device
Ports - Settings (on page 113) for information on enabling Telnet access to individual
ports.) You may want to keep this option disabled for security reasons.
Web Telnet Enables or disables the ability to access the SLB command Iine interface or device
ports (connect direct) through the Web Telnet window. Disabled by default.
Timeout If you enable Telnet logins, you can cause an idle connection to disconnect after a
specified number of minutes. Select Yes and enter a value of from 1 to 30 minutes.
Note: You must reboot the unit before a change will take effect.
Escape Sequence A single character or a two-character sequence that causes the SLB unit to terminate a
Telnet client. Currently the Escape Sequence is only used for Web Telnet sessions.
The default value is Esc+T (escape key, then uppercase "T" performed quickly but not
simultaneously). You would specify this value as \x1bT, which is hexadecimal (\x)
character 27 (1B) followed by a T. A control character can be specified with the
hexidecimal number for the control character; for example, Control-E can be specified
as \x05. Note that some browsers do not report key press events if Control is pressed
for non-alphanumeric keys, so it is recommended to only use letters with Control
character sequences.
Outgoing Telnet Enables or disables the ability to create Telnet out connections.
Web SSH/Web Telnet Settings
Terminal Buffer
Size
Number of lines in the Web SSH or Web Telnet terminal window that are available for
scrolling back through output.
Phone Home
Enable If enabled, allows SLB branch office manager to directly contact a vSLM management
appliance and request addition to the database
IP Address IP address of the vSLM management appliance.
Last Attempt
(view only)
Results
(view only)
3. To save, click the Apply button.
SLB™ Branch Office Manager User Guide 87
Displays the date and time of last connection attempt.
Indicates whether the attempt was successful.
SNMP
7: Services
Simple Network Management Protocol (SNMP) is a set of protocols for managing complex
networks.
1. Click the Services tab and select the SNMP option. The following page displays:
Figure 7-2 Services > SNMP
SLB™ Branch Office Manager User Guide 88
7: Services
2. Enter the following:
Enable Agent Enables or disables SNMP agent, which allows read-only access to the system.
Disabled by default.
Enable Traps Traps are notifications of certain critical events. Disabled by default. This feature is
applicable when SNMP is enabled. Traps that the SLB unit sends include:
coldStart (generic trap 0, OID 1.3.6.1.6.3.1.1.5.1)
linkDown (generic trap 2, OID 1.3.6.1.6.3.1.1.5.3)
linkUp (generic trap 3, OID 1.3.6.1.6.3.1.1.5.4
authenticationFailure (generic trap 4, OID 1.3.6.1.6.3.1.1.5.5)
slbEventPowerSupply (1.3.6.1.4.1.244.1.12.0.1)
slbEventSysadminPassword (1.3.6.1.4.1.244.1.12.0.2)
slbEventSLCShutdown (1.3.6.1.4.1.244.1.12.0.3)
slbEventDevicePortData (1.3.6.1.4.1.244.1.12.0.4)
slbEventDevicePortSLMData (1.3.6.1.4.1.244.1.12.0.5)
slbEventDevicePortSLMConfig (1.3.6.1.4.1.244.1.12.0.6)
slbEventOverCurrentAlarm (1.3.6.1.4.1.244.1.12.0.7)
slbEventPowerOutletStateChange (1.3.6.1.4.1.244.1.12.0.8)
slbEventDevicePortDeviceLowTemp (1.3.6.1.4.1.244.1.12.0.9)
slbEventDevicePortDeviceHighTemp (1.3.6.1.4.1.244.1.12.0.10)
slbEventDevicePortDeviceLowHumidity (1.3.6.1.4.1.244.1.12.0.11)
slbEventDevicePortDeviceHighHumidity (1.3.6.1.4.1.244.1.12.0.12)
slbEventDevicePortDeviceError (1.3.6.1.4.1.244.1.12.0.13)
slbEventInternalTemp (1.3.6.1.4.1.244.1.12.0.15)
slbEventUSBAction (1.3.6.1.4.1.244.1.12.0.16)
slbEventDevicePortError (1.3.6.1.4.1.244.1.12.0.17)
slbEventNoDialToneAlarm (1.3.6.1.4.1.244.1.12.0.18)
slbEventNetworkFailover (1.3.6.1.4.1.244.1.12.0.23)
The SLC or SLB unit sends the traps to the host identified in the NMS #1 and NMS #2
field.
NMS #1 (or #2) When SNMP is enabled, an NMS (Network Management System) acts as a central
server, requesting and receiving SNMP-type information from any computer using
SNMP. The NMS can request information from the SLB unit and receive traps from the
SLB device. Enter the IP address of the NMS server. Required if you selected Enable
Traps.
Location Physical location of the SLB branch office manager (optional). Useful for managing the
SLB device using SNMP. Up to 20 characters.
Contact Description of the person responsible for maintaining the SLB, for example, a name
(optional). Up to 20 characters.
Communities
Read-Only A string that acts like a password for an SNMP manager to access the read-only data
the SLB unit the SNMP agent provides. The Read-Only Community is used for SNMP
v1 and v2c. The default is public.
Read-Write A string that acts like a password for an SNMP manager to access the read-only data
the SLB SNMP agent provides and to modify data where permitted. The Read-Write
Community is used for SNMP v1 and v2c. The default is private.
Trap The trap used for outgoing generic and enterprise traps. Traps sent with the Event
trigger mechanism still use the trap community specified with the Event action. The
default is public.
SLB™ Branch Office Manager User Guide 89
7: Services
Enable v1 If checked, SNMP version 1 (which uses the Read-Only and Read-Write Communities)
is enabled. The default is disabled.
Enable v2c If checked, SNMP version 2c (which uses the Read-Only and Read-Write
Communities) is enabled. The default is enabled.
Alarm Delay Number of seconds delay between outgoing SNMP traps.
Version 3
Security Levels of security available with SNMP v3.
No Auth/No Encrypt: No authentication or encryption.
Auth/No Encrypt: Authentication but no encryption. (default)
Auth/Encrypt: Authentication and encryption.
Auth with For Auth/No Encryp or Auth/Encrypt, the authentication method:
MD5: Message-Digest algorithm 5 (default)
SHA: Secure Hash Algorithm
Encrypt with Encryption standard to use:
DES: Data Encryption Standard (default)
AES: Advanced Encryption Standard
V3 Read-Only User
User Name SNMP v3 is secure and requires user-based authorization to access SLB MIB objects.
Enter a user ID. The default is snmpuser. Up to 20 characters.
Password/Retype
Password
Passphrase/
Retype
Passphrase
Password for a user with read-only authority to use to access SNMP v3. The default is
SNMPPASS. Up to 20 characters.
Passphrase associated with the password for a user with read-only authority. Up to 20
characters. If this is not specified it will default to the V3 Password.
V3 Read-Write User
User Name SNMP v3 is secure and requires user-based authorization to access SLB MIB objects.
Enter a user ID for users with read-write authority. The default is snmprwuser. Up to
20 characters.
Password/
Retype Password
Passphrase/
Retype
Passphrase
Password for the user with read-write authority to use to access SNMP v3. The default
is SNMPRWPASS. Up to 20 characters.
Passphrase associated with the password for a user with read-write authority. Up to 20
characters.
3. To save, click the Apply button.
SNMP, SSH, Telnet, and Logging Commands
Go to Services Commands (on page 321) and Logging Commands (on page 304) to view CLI
commands which correspond to the web page entries described above.
SLB™ Branch Office Manager User Guide 90
NFS and SMB/CIFS
Use the Services > NFS/CIFS page if you want to save configuration and logging data onto a
remote NFS server, or export configuration by means of an exported CIFS share.
Mounting an NFS shared directory on a remote network server onto a local SLB directory enables
the SLB branch office manager to store device port logging data on that network server. This
configuration avoids possible limitations in the amount of disk space on the SLB unit available for
the logging file(s). You may also save SLB configurations on the network server.
Similarly, use SMB/CIFS (Server Message Block/Common Internet File System), Microsoft's filesharing protocol, to export a directory on the SLB branch office manager as an SMB/CIFS share.
The SLB exports a single read-write CIFS share called "public," with the subdirectory The config
directory, which contains saved configurations and is read-write.
The share allows users to access the contents of the directory or map the directory onto a
Windows computer.
To configure NFS and SMB/CIFS:
7: Services
1. Click the Services tab and select the NFS/CIFS option. The following page displays:
Figure 7-3 Services > NFS/CIFS
SLB™ Branch Office Manager User Guide 91
7: Services
2. Enter the following for up to three directories:
NFS Mounts
Remote Directory The remote NFS share directory in the format: nfs_server_hostname or ipaddr:/
exported/path
Local Directory The local directory on the SLB unit on which to mount the remote directory. The SLB
device creates the local directory automatically.
Read-Write If enabled, indicates that the SLB device can write files to the remote directory. If you
plan to log port data or save configurations to this directory, you must enable this
option.
Mount Select the checkbox to enable the SLB branch office manager to mount the file to the
NFS server. Disabled by default.
3. Enter the following:
SMB/CIFS Share
Share SMB/CIFS
directory
Network
Interfaces
CIFS User
Password/Retype
Password
Workgroup The Windows workgroup to which the SLB branch office manager belongs. Every PC
Select the checkbox to enable the SLB unit to export an SMB/CIFS share called
“public.” Disabled by default.
Select the network ports from which the share can be seen. The default is for the share
to be visible on both network ports.
Only one user special username (cifsuser) can access the CIFS share. Enter the CIFS
user password in both password fields. The default user password is CIFSPASS.
More than one user can access the share with the cifsuser user name and password
at the same time.
exporting a CIFS share must belong to a workgroup. Can have up to 15 characters.
4. To save, click the Apply button.
NFS and SMB/CIFS Commands
Go to NFS and SMB/CIFS Commands (on page 310) to view CLI commands which correspond to
the web page entries described above.
Secure Lantronix Network
Use the Secure Lantronix Network option to view and manage Lantronix console servers,
branch office managers and Spider devices on the local subnet.
Note: Status and statistics shown on the web interface represent a snapshot in time. To
see the most recent data, reload the web page by clicking the Refresh link.
To access Lantronix console servers, branch office managers and Spider devices on the
local network:
1. Click the Services tab and select the Secure Lantronix Network option. The following page
displays with an entry for each device discovered on the network. If Web SSH is enabled,
device ports that have SSH In enabled are shown in a bright green.
SLB™ Branch Office Manager User Guide 92
7: Services
Settings that control the behavior of Web SSH and Web Telnet are on the SSH/Telnet/Logging
web page. For tips on troubleshooting browser issues, see Troubleshooting Browser Issues.
For tips on Web SSH or Web Telnet copy and paste functionality, see Web SSH/Telnet Copy
and Paste.
Figure 7-4 Services > Secure Lantronix Network
2. Access your device or device port through any of the methods below.
To directly access the web interface for a secure Lantronix device:
1. Make sure Web Telnet and Web SSH is enabled for the specific device or device port.
2. Click the IP address of a specific secure Lantronix device to open a new browser page with
the web interface for the selected secure Lantronix device.
3. Log in as usual.
SLB™ Branch Office Manager User Guide 93
7: Services
Figure 7-5 IP Address Login Page
To directly access the CLI interface for a device:
1. Make sure Web Telnet and/or Web SSH is enabled for the specific device or device port you
wish to access.
2. Click the SSH or Telnet link in the SSH/Telnet to CLI column directly beside the port you
would like to access.
If Web SSH and SSH to the CLI are enabled, an SSH link will display and be accessible
beside the specific port(s). Clicking this link will open a new Web SSH session.
If Web Telnet and Telnet to the CLI are enabled, a Telnet link will display and be
accessible beside the specific port(s). Clicking this link will open a new Web Telnet
session.
If neither Web Telnet and/or Web SSH are enabled, “N/A” will display beside the ports.
The Web SSH or Web Telnet session appears. See Figure 7-6 below.
Figure 7-6 SSH or Telnet CLI Session
SLB™ Branch Office Manager User Guide 94
To directly access a specific port on a particular device:
1. Click a port number in a green square beside the specific device.
a. Enabled port numbers are in a bright green box and will allow you to select either a
WebSSH or a WebTelnet session. If enabled, an SSH or Telnet popup window appears
depending on what is clicked. See Figure 7-6.
b. Disabled port numbers are in a dark green box and you will see a popup:
Figure 7-7 Disabled Port Number Popup Window
7: Services
2. Click OK and login to the CLI interface which appears. See Figure 7-6.
To configure how secure Lantronix devices are searched for on the network:
1. Click the Search Options link on the top right of the Services > Secure Lantronix Network
page. The following web page displays:
SLB™ Branch Office Manager User Guide 95
Figure 7-8 Services > Secure Lantronix Network > Search Options
2. Enter the following:
7: Services
Secure Lantronix
Network Search
IP Address If you selected Manually Entered IP Address List or Both, enter the IP address of
Select the type of search you want to conduct.
Local Subnet performs a broadcast to detect secure Lantronix devices on the
local subnet.
Manually Entered IP Address List provides a list of IP addresses that may not
respond to a broadcast because of how the network is configured.
Both is the default selection.
the secure Lantronix device you want to find and manage.
3. If you entered an IP address, click the Add IP Address button. The IP address displays in the
IP Address List.
4. Repeat steps 2 and 3 for each IP address you want to add.
5. To delete an IP address from the IP Address List, select the address and click the Delete IP
Address button.
6. Click the Apply button. When the confirmation message displays, click Secure Lantronix
Network on the main menu. The Services > Secure Lantronix Network page displays the
secure Lantronix devices resulting from the search. You can now manage these devices.
Troubleshooting Browser Issues
Depending on which browser you are using and what type of SSL certificate the SLB web server is
configured with, there may be errors connecting to a Web SSH or Web Telnet session. These
errors may be the standard browser error displayed for self-signed or untrusted certificates ("There
is a problem with this website's security certificate." or "Your connection is not private.").
The SSL server that handles Web SSH and Web Telnet sessions is accessible on port 8000,
instead of the standard port 443 for SSL connections. It is recommended that the SLB be
configured to use a SSL certificate from a Certificate Authority to prevent issues accessing Web
SSH and Web Telnet terminals. If your SLB web server is configured to use a self-signed or
SLB™ Branch Office Manager User Guide 96
7: Services
untrusted SSL certificate, refer to the notes below for how to work around this for various
browsers.
When an SLB is configured with a SSL certificate that is either a wildcard certificate or associated
with a specific name, in order to establish a Web SSH or Web Telnet session to the SLB unit, the
unit must be able to successfully perform a reverse lookup on any IP address to which Web SSH
or Web Telnet requests are sent. For example, if a unit is configured with a SSL certficate for the
name "slbXYZ.lantronix.com", and the unit website is being accessed in a browser with "https://
slbXYZ.lantronix.com", the unit needs to be configured with a name server that will allow the unit to
perform a reverse lookup on the IP address associated with slbXYZ.lantronix.com. Failure to
perform a reverse lookup on a name may result in name mismatch errors in the browser when it
attempts to open the Web SSH or Web Telnet window.
If you are unable to connect to a Web SSH or Web Telnet session for a reason other than a
browser SSL certificate issue, restarting the SSL server on port 8000 may resolve the connection
problem. This can be done by restarting the web server (with the CLI command "admin web
restart") or by disabling both Web SSH and Web Telnet on the SSH/Telnet/Logging web page,
and then re-enabling them.
Chrome - For the greatest ease of use with Web SSH and Web Telnet, when the SLB web
server is using a self-signed SSL certificate, use the Chrome browser. When the user accepts
the self-signed SSL certificate in the browser for the primary SLB website, the self-signed SSL
certificate is accepted for all ports - including port 8000 - for the SLB website.
Firefox - When accessing the SLB website with Firefox, and when the SLB web server is
using a self-signed SSL certificate, accepting the self-signed SSL certificate in the browser for
the primary SLB website will only accept the certificate for port 443. It will not accept the
certificate for port 8000. This may result in a popup being displayed in the Web SSH or Web
Telnet window indicating that the browser needs to accept a certificate. To accept the selfsigned certificate for port 8000, go to Firefox -> Options (or Preferences) -> Advanced ->
Certificates -> View Certificates -> Servers, and add an exception for the SLB IP address or
hostname, with port 8000.
Internet Explorer - When accessing the SLB website with Internet Explorer, and when the
SLB web server is using a self-signed SSL certificate, Explorer will grant access to the Web
SSH and Web Telnet terminals if (a) the host name or common name in the self-signed
certificate matches the name (or IP address) being used to access the SLB website, and (b)
Explorer has imported and trusted the self-signed certficate. A custom self-signed certificate
with the SLB name can be generated via the Services - SSL Certificate web page or the admin
web certificate custom CLI command.
Once the SLB web server has been configured to use the custom self-signed certificate, follow
these steps for Internet Explorer to trust the custom certificate:
In Internet Explorer, browse to the SLB website whose certificate you want to trust.
When the message "There is a problem with this website's security certificate.", choose
Continue to this website (not recommended).
In Internet Explorer, select Tools -> Internet Options.
Select Security -> Trusted Sites -> Sites.
Verify or fill in the SLB website URL in the Add this website field, click Add, and then Close.
Close the Internet Options dialog with either OK or Cancel.
Refresh the Internet Explorer web page with the SLB website.
When the message "There is a problem with this website's security certificate", choose
Continue to this website (not recommended).
SLB™ Branch Office Manager User Guide 97
7: Services
Click on the red Certificate Error at the right of the URL address bar and select View
certificates.
In the dialog that displays, click on Install Certificate, then in the Certificate Import Wizard,
click Next.
On the next page select Place all certificates in the following store.
Click Browse, select Trusted Root Certification Authorities, and click OK.
Back in the Certificate Import Wizard, click Next, then Finish.
If you get a Security Warning message box, click Yes.
Dismiss the Import was successful message box with OK.
In Internet Explorer, select Tools -> Internet Options.
Select Security -> Trusted Sites -> Sites.
Select the SLB website URL you just added, click Remove, then Close.
Now shut down all running instances of Internet Explorer, and start up Internet Explorer again.
The SLB website's certificate should now be trusted.
Web SSH/Telnet Copy and Paste
There are security issues with letting a web page access the system clipboard, which is the main
clipboard on a system that is shared between all applications. Because of this, browsers limit
access to the system clipboard. The Web SSH and Web Telnet window provide copy and paste
functionality via a right-click menu: the Copy option will copy what is highlighted in the Web SSH or
Web Telnet window into an internal (non-system) clipboard, and the contents can be pasted into
the Web SSH or Web Telnet window with the Paste.
Support for copying and pasting content between the system clipboard and the Web SSH or Web
Telnet window will vary from browser to browser. With the exception of Internet Explorer, most
browsers will not allow highlighted content from the Web SSH or Web Telnet window to be copied
to the system clipboard (Internet Explorer will display a prompt confirming the copy). Likewise,
most browsers will not allow content from the system clipboard to be directly pasted into the Web
SSH or Web Telnet window with the standard Control-V paste key sequence. With some
browsers, the user will be able to use the Paste from browser option in the right-click menu to
paste content from the system clipboard into a text field in a popup, and after hitting Enter, the
content will be sent to the Web SSH or Web Telnet window.
Secure Lantronix Network Commands
Go to Secure Lantronix Network Commands (on page 324) to view CLI commands which
correspond to the web page entries described above.
SLB™ Branch Office Manager User Guide 98
Date and Time
You can specify the current date, time, and time zone at the SLB's location (default), or the SLB
branch office manager can use NTP to synchronize with other NTP devices on your network.
To set the local date, time, and time zone:
1. Click the Services tab and select the Date & Time option. The following page displays:
7: Services
Figure 7-9 Services > Date & Time
2. Enter the following:
Change Date/Time
Date From the drop-down lists, select the current month, day, and year.
Time From the drop-down lists, select the current hour and minute.
Time Zone From the drop-down list, select the appropriate time zone.
Select the checkbox to manually enter the date and time at the
SLB’s location.
3. To save, click the Apply button.
To synchronize the SLB unit with a remote timeserver using NTP:
1. Enter the following:
Enable NTP Select the checkbox to enable NTP synchronization. NTP is disabled by default.
SLB™ Branch Office Manager User Guide 99
7: Services
Synchronize via Select one of the following:
Broadcast from NTP Server: Enables the SLB branch office manager to
accept time information periodically transmitted by the NTP server. This is the
default if you enable NTP.
Poll NTP Server: Enables the SLB unit to query the NTP Server for the
correct time. If you select this option, complete one of the following:
Local: Select this option if the NTP servers are on a local network, and
enter the IP address of up to three NTP servers. This is the default, and it is
highly recommended.
Public: Select this option if you want to use a public NTP server, and select
the address of the NTP server from the drop-down list. This is not
recommended because of the high load on many public NTP servers. All
servers in the drop-down list are stratum-2 servers. (See www.ntp.org
more information.) Each public NTP server has its own usage rules --please
refer to the appropriate web site before using one. Our listing them here is
to provide easy configuration but does not indicate any permission for use.
for
2. To save, click the Apply button.
Date and Time Commands
Go to Date and Time Commands (on page 289) to view CLI commands which correspond to the
web page entries described above.
Web Server
The Web Server supports all versions of the TLS protocol, but due to security concerns, does not
support any versions of the SSL protocol. The Web Server page allows the system administrator
to:
Configure attributes of the web server.
View and terminate current web sessions.
Import a site-specific SSL certificate.
Enable an iGoogle gadget that displays the status of ports on multiple SLBs.
To configure the Web Server:
1. Click the Services tab and select the Web Server option. The following page appears:
SLB™ Branch Office Manager User Guide 100
Loading...