Lantronix SecureLinx SLC8, SecureLinx SLC16, SecureLinx SLC32, SecureLinx SLC48 User Manual

SecureLinxTM Console Manager (SLC)

User Guide

 SecureLinx SLC8
 SecureLinx SLC16
 SecureLinx SLC32
 SecureLinx SLC48

Part No. 900-449

Rev. H March 2010

Copyright and Trademark

© 2004, 2005, 2006, 2007, 2008, 2009, and 2010 Lantronix. All rights re served. No part of the
contents of this book may be transmitted or reproduced in any form or by any means without the
written permission of Lantronix. Printed in the United States of America.

Ethernet is a trademark of XEROX Corporation. UNIX is a registered trademark of The Open
Group. Windows 95, Windows 98, Windows 2000, Windows 2003, and Windows NT are
trademarks of Microsoft Corporation. Netscape is a trademark of Netscape Communications
Corporation.

Warranty

For details on the Lantronix warranty replacement policy, please go to our web site at

http://www.lantronix.com/support/warranty.

Open Source Software

Some applications are Open Source software licensed under the Berkeley Software Distribution
(BSD) license or the GNU General Public License (GPL) as published by the Free Software
Foundation (FSF). Redistribution or incorporation of BSD or GPL licensed software into hosts
other than this product must be done under their terms. A machine readable copy of the
corresponding portions of GPL licensed so ur ce code is availa b le at th e co st of dis trib u tio n.

Such Open Source Software is distributed WITHOUT ANY WARRANTY, INCLUDING ANY
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
See the GPL and BSD for details.

A copy of the licenses is available from Lantronix. The GNU General Public License is available at

http://www.gnu.org/licenses/.

Contacts

Lantronix Corporate Headquarters

167 Technology Drive
Irvine, CA 92618, USA
Toll Free: 800-526-8766
Phone: 949-453-3990
Fax: 949-450-7249

Technical Support

Online: www.lantronix.com/support

Sales Offices

For a current list of our domestic and international sales offices, go to the Lantronix web site at

www.lantronix.com/about/contact.

Disclaimer and Revisions

Operation of this equipment in a residential area is likely to cause interference, in which case the
user, at his or her own expense, will be required to take whatever measures may be required to
correct the interference.

SecureLinx SLC User Guide 2

Notes:

 This equipment has been tested and found to comply with the limits for Class A digital device

pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment.

 This equipment generates, uses, and can radiate radio frequency energy an d, if not installed

and used in accordance with this User Guide, may clause interference to radio
communications. Operation of this equipment in a residential area is likely to cause
interference, in which case the user will be required to correct the interference at his own
expense.

 The user is cautioned that changes and modifications made to the equipment without approva l

of the manufacturer could void the user’s authority to operate this equipment.

Changes or modifications to this device not explicitly approved by Lantronix will void the user's
authority to operate this device.

The information in this guide may change without notice. The manufacturer assumes no
responsibility for any errors that may appear in this guide. For the latest revision of product
documents, please check our online documentation at www.lantronix.com/support/documentation

Revision History

.

Date Rev. Comments

6/06 A Initial Release
8/06 B Added event configuration, local/remote user authentication precedence, firmware

update via HTTPS, complex passwords, and port permissions for remote users.

1/07 C Added dial-in & dial-on-demand modem state, IP filters, active directory to LDAP

section, and additional TACACS+ servers.

4/07 D Added ability to import site-specific SSL certificates and SSH host keys, to display a

list of web sessions, to set an IP filter timer, and to save system logs across reboots.
Enabled dual boot-up.

8/07 E Added gateway page, phone home; alarm delay; SSH v1 logins; trap community;

configuration manage option; system logs beginning and end dates, device port
logging to syslog.

4/08 F New web page design with tabbed menus.

Added support for the following: Sensorsoft devices; SecureID over Radius;
command and status of the SLP expansion chassis; escape and break sequences for
remote users; password aging, iGoogle Gadget; SNMP v3 encryption; ability to copy
boot bank; host lists for outgoing modem and direct connection at the CLI; new option
for local users to display a custom menu at login.

1/10 G Added support for Interface and Batch Scripting, Ethernet Bonding, configurable LCD

screens and scrolling, redesigned SLC Network web page, Email Log, Firmware
Update vi PC Card and NFS, SLC Temperature, and PPP dialback (including
CallBack Control Protocol).

3/10 H Updated for USB support that was added in firmware 5.5.

SecureLinx SLC User Guide 3

Table of Contents

Copyright and Trademark ____________________________________________________2
Warranty _________________________________________________________________2
Open Source Software ______________________________________________________2
Contacts _________________________________________________________________2
Disclaimer and Revisions ____________________________________________________2
Revision History ______________________________ _____________________________3

1: About This Guide 14

Chapter Summaries________________________________________________________14
Conventions______________________________________________________________15
Additional Documentation ___________________________________________________16

2: Overview 17

SLC Models and Part Numbers ___________________________________________ ____17
System Features __________________________________________________________19

Protocols Supported ____________________________________________________20
Access Control ________________________________________________________20
Device Port Buffer ______________________________________________________20
Configuration Options ___________________________________________________20

Hardware Features ________________________________________________________21

Serial Connections _____________________________________________________21
Network Connections ___________________________________________________22
PC Card Interface ______________________________________________________22
USB Port _____________________________________________________________23

3: Installation 24

What’s in the Box______________________________________________________ ____24

Product Information Label ________________________________________________25
Technical Specifications_____________________________________________________25
Physical Installation ________________________________________________________25

Connecting to Device Ports_______________________________________________26

Connecting to Network Ports______________________________________________27

Connecting to Terminals _________________________________________________27

Power _______________________________________________________________27

4: Quick Setup 29

Recommendations_________________________________________________________29
IP Address _______________________________________________________________ 29

Front Panel LCD Display and Pushbuttons __________________________________30

Navigating ____________________________________________________________30

Entering the Settings____________________________________________________31

Restoring Factory Defaults _______________________________________________32
Next Step ________________________________________________________________38

SecureLinx SLC User Guide 4

Table of Contents

5: Web and Command Line Interfaces 39

Web Interface_____________________________________________________________39

Logging In ____________________________________________________________41

Logging Off ___________________________________________________________41

Web Page Help ________________________________________________________41
Command Line Interface _____________________________________ _______________41

Logging In ____________________________________________________________42

Logging Out___________________________________________________________42

Command Syntax ______________________________________________________42

Command Line Help ____________________________________________________43

Tips _________________________________________________________________43

General CLI Commands _________________________________________________44

6: Basic Parameters 46

Requirements for IP Address Assignment_______________________________________46
Network Settings __________________________________________________________46

Ethernet Bonding_______________________________________________________47

Ethernet Counters ______________________________________________________51

Network Commands ____________________________________________________52
IP Filters_________________________________________________________________ 52

Enabling IP Filters ______________________________________________________52

Configuring IP Filters Rulesets ____________________________________________53

Viewing IP Filter Rulesets and Mapping _____________________________________56

IP Filter Commands_____________________________________________________57
Routing__________________________________________________________________57

Routing Commands_____________________________________________________59

7: Services 60

SSH/Telnet/Logging________________________________________________________60

SSH, Telnet, and Logging Commands______________________________________63
SNMP ___________________________________________________________________64

SNMP Commands______________________________________________________66
NFS and SMB/CIFS____________________________________________________ ____66

NFS and SMB/CIFS Commands___________________________________________68
SecureLinx Network________________________________________________________68

SecureLinx Network Commands___________________________________________71
Date and Time ____________________________________________________________71

Date and Time Commands _______________________________________________73
Web Server ______________________________________________________________73

Web Server Commands _________________________________________________ 76
Google Gadgets___________________________________________________________76

8: Devices 78

Connection Methods _______________________________________________________78

SecureLinx SLC User Guide 5

Table of Contents

Permissions ______________________________________________________________79
Device Status_____________________________________________________________79
Device Ports______________________________________________________________80

Port Status and Counters ________________________________________________88

Device Port – SLP____________________________________ __________________89

Device Port – Sensorsoft Device___________________________________________90

Device Port Commands__________________________________________________92
Device Ports – Logging _____________________________________________________92

Local Logging _________________________________________________________92

NFS File Logging_______________________________________________________92

PC Card Logging_______________________________________________________93

USB Port Logging ______________________________________________________93

Email/SNMP Notification _________________________________________________93

Syslog Logging ________________________________________________________93

Logging Commands ____________________________________________________97
Console Port _____________________________________________________________97

Console Port Commands ________________________________________________98
Host Lists ________________________________________________________________99

Host List Commands___________________________________________________101
Scripts _________________________________________________________________101

Batch Script Syntax____________________________________________________104

Interface Script Syntax _________________________________________________105

Definitions ___________________________________________________________105

Primary Commands____________________________________________________106

Secondary Commands _________________________________________________107

Control Flow Commands________________________________________________109

Sample Scripts ______________________________ _________________________110

9: PC Cards 114

Set Up of PC Card Storage _________________________________________________114
Modem Settings__________________________________________________________ 115
PC Card Commands ______________________________________________________121

10: USB Port 122

Set Up of USB Storage ____________________________________________________122
Manage Firmware and Configuration Files _____________________________________124

USB Commands ______________________________________________________125

11: Connections 127

Types of Endpoints and Connections _________________________________________127
Typical Configurations of SLC Connections_____________________________________127

Terminal Server____________________________________ ___________________127

Remote Access Server _________________________________________________128

Reverse Terminal Server________________________________________________128

SecureLinx SLC User Guide 6

Table of Contents

Multiport Device Server_________________________________________________129

Console Server _______________________________________________________129
Connection Configuration___________________________________________________130

Connection Commands_________________________________________________133

12: User Authentication 134

Overview of Authentication _________________________________________________134
User Rights _____________________________________________________________135
Authentication Methods ____________________________________________________136

Authentication Commands ______________________________________________137
Local and Remote Users ___________________________________________________138
Local/Remote User Settings ________________________________________________139

Local/Remote Users Commands__________________________________________143
NIS____________________________________________________________________ 144

NIS Commands_______________________________________________________147
LDAP __________________________________________________________________147

Schema Permissions versus Default User Rights____ _________________________147

User Attributes and Permissions from LDAP Schema__________________________151

LDAP Commands _____________________________________________________151
RADIUS ________________________________________________________________151

RADIUS Commands ___________________________________________________154
Kerberos________________________________________________________________155

Kerberos Commands___________________________________________________158
TACACS+ ______________________________________________________________158

TACACS+ Commands__________________________________________________161
SSH Keys_______________________________________________________________161

Imported Keys ________________________________________________________161

Exported Keys________________________________________________________162

SSH Commands ______________________________________________________167
Custom User Menus ______________________________________________________167

Custom User Menus Commands__________________________________________169

13: Maintenance 170

Firmware and Configurations________________________________________________170

Firmware and Configurations Commands___________________________________175
System Logs ____________________________________________________________ 176

System Logs Commands _______________________________________________178
Audit Log _______________________________________________________________178

Audit Log Commands __________________________________________________178
Email Log_______________________________________________________________ 179

Email Log Commands__________________________________________________179
Diagnostics______________________________________________________________179

Diagnostics Commands_________________________________________________182
Status/Reports ___________________________________________________________182

SecureLinx SLC User Guide 7

Table of Contents

Status/Reports Commands ______________________________________________185
Events _________________________________________________________________185

Events Commands ____________________________________________________186
Banners ________________________________________________________________187

Banner Commands ____________________________________________________187
LCD and Keypad _________________________________________________________188

LCD/Keypad Commands________________________________________________189

14: Application Examples 190

Telnet/SSH to a Remote Device _____________________________________________190
Dial-in (Text Mode) to a Remote Device _______________________________________192
Local Serial Connection to Network Device via Telnet ____________________________193

15: Command Reference 195

Introduction to Commands__________________________________________________195

Command Syntax _____________________________________________________195

Command Line Actions and Categories ____________________________________196

Tips ________________________________________________________________196
Deprecated Commands____________________________________________________197
Administrative Commands__________________________________________________197
Audit Log Commands______________________________________________________205
Authentication Commands__________________________________________________205
CLI Commands __________________________________________________________206
Connection Commands ____________________________________________________207
Console Port Commands___________________________________________________210
Custom User Menu Commands______________________________________________211
Date and Time Commands _________________________________________________212
Device Commands________________________________________________________213
Device Port Commands____________________________________________________214
Diagnostic Commands_____________________________________________________218
Email Log Commands _____________________________________________________221
Events Commands_____________________________________________________ ___221
Host List Commands ______________________________________________________222
IP Filter Commands _______________________________________________________223
Kerberos Commands______________________________________________________225
LDAP Commands ________________________________________________________226
Local Users Commands____________________________________________________227
Log Commands __________________________________________________________230
Network Commands_______________________________________________________231
NFS and SMB/CIFS Commands _____________________________________________234
NIS Commands __________________________________________________________235
PC Card Commands ______________________________________________________236
RADIUS Commands ______________________________________________________239
Remote Users Commands__________________________________________________240

SecureLinx SLC User Guide 8

Table of Contents

Routing Commands _______________________________________________________241
Script Commands_________________________________________________________242
Services Commands ______________________________________________________243
SLC Network Commands___________________________________________________245
SSH Key Commands______________________________________________________245
Status Commands ________________________________________________________248
System Log Commands____________________________________________________248
TACACS+ Commands_____________________________________________________248
Temperature Commands___________________________________________________ 249
USB Commands _________________________________________________________250
User Permissions Commands _______________________________________________253

A: Bootloader 254

Accessing the Bootloader __________________________________________________254
Bootloader Commands ____________________________________________________254

User Commands ______________________________________________________254

Administrator Commands ______________________________________ _________255

B: Security Considerations 256

Security Practice _________________________________________________________256
Factors Affecting Security __________________________________________________256

C: Safety Information 257

Cover __________________________________________________________________257
Power Plug______________________________________________________________257
Input Supply_____________________________________________________________257
Grounding ______________________________________________________________ 258
Fuses __________________________________________________________________258
Rack___________________________________________________________________258
Port Connections _________________________________________________________ 259

D: Adapters and Pinouts 260
E: Protocol Glossary 265
F: Compliance Information 270
G: DC Connector Instructions 273
H: LDAP Schemas 276

Installing Schema Support in Window AD Server ________________________________276
Creating the Lantronix SecureLinx SLC Schema Attribute _________________________279
Adding the Attribute to the Users Group in Windows______________________________281
Adding the Permissions to the Individual User___________________________________283
Values to Use____________________________________________________________285
String Format _________________________________________ ___________________286

SecureLinx SLC User Guide 9

List of Figures

Figure 2-1 Lantronix SLC48 with PC Card Slots_________________________________________19
Figure 2-2 Lantronix SLC48 with USB Port_____________________________________________19
Figure 2-3 Device Port Connections__________________________________________________21
Figure 2-4 Console Port Connection__________________________________________________22
Figure 2-5 Network Connection _____________________________________________________22
Figure 2-6 PC Card Interface _______________________________________________________22
Figure 2-7 SLC with USB Interface___________________________________________________23
Figure 3-1 CAT 5 Cable Connection__________________________________________________27
Figure 3-2 AC Power Input and Power Switch (SLCxxxx2N) _______________________________28
Figure 3-3 DC Power Inputs and Power Switch (SLCxxx24T) ______________________________28
Figure 4-1 Front Panel LCD Display and Arrow Pushbuttons_______________________________30
Figure 4-2 Quick Setup Tab ________________________________________________________34
Figure 4-3 Quick Setup Screen Using CLI _____________________________________________36
Figure 4-4 Completed Quick Setup___________________________________________________38
Figure 5-1 Web Page Layout _______________________________________________________40
Figure 6-1 Network Web Page ______________________________________________________48
Figure 6-2 Ethernet Counters Example________________________________________________51
Figure 6-3 IP Filter Page___________________________________________________________53
Figure 6-4 Adding Network IP Filter Rulesets___________________________________________54
Figure 6-5 IP Filter Page Displaying Rulesets and Mappings_______________________________56
Figure 6-6 IP Filter Status__________________________________________________________57
Figure 6-7 Routing Page___________________________________________________________58
Figure 6-8 Status/Reports Page _____________________________________________________59
Figure 7-1 SSH/Telnet/Logging Page_________________________________________________61
Figure 7-2 SNMP Page____________________________________________________________64
Figure 7-3 NFS and SMB/CIFS Page_________________________________________________67
Figure 7-4 SecureLinx Network Page with Local Subnet Addressing_________________________69
Figure 7-5 Telnet Session__________________________________________________________70
Figure 7-6 SecureLinx Network - Search Options Page___________________________________70
Figure 7-7 Date & Time Page_______________________________________________________72
Figure 7-8 Web Server Page _____________________________________ __________________73
Figure 7-9 Web Server - Web Sessions Page __________________________________________74
Figure 7-10 Web Server - SSL Certificate Page_________________________________________75
Figure 7-11 iGoogle Gadget Page ___________________________________________________77
Figure 8-1 Device Status Page_______ _______________________________________________ 79
Figure 8-2 Device Ports Page_______________________________________________________80
Figure 8-3 Device Ports - Settings Page_______________________________________________82
Figure 8-4 Modem Log ____________________________________________________________88
Figure 8-5 Port Status and Counters Section___________________________________________89
Figure 8-6 Device Ports - SLP Page__________________________________________________89
Figure 8-7 Device Ports - Sensorsoft _________________________________________________91

SecureLinx SLC User Guide 10

List of Figures

Figure 8-8 Device Ports - Logging ___________________________________________________94
Figure 8-9 Console Port Page_______________________________________________________98
Figure 8-10 Host Lists Page ________________________________________________________99
Figure 8-11 Scripts Page ________________________________________ _________________102
Figure 8-12 Adding New Scripts Page _______________________________________________103
Figure 9-1 PC Card Page _________________________________________________________114
Figure 9-2 PC Card - Storage Page _________________________________________________115
Figure 9-3 PC Card - Modem/ISDN Page_____________________________________________116
Figure 10-1 USB Main Page_______________________________________________________122
Figure 10-2 USB - Storage Page ___________________________________________________123
Figure 10-3 Firmware and Configurations - Manage Files (Top of Page)_____________________124
Figure 10-4 Firmware and Configurations - Manage Files (Bottom of Page) __________________125
Figure 11-1 Terminal Server____________________________________ ___________________128
Figure 11-2 Remote Access Server _________________________________________________128
Figure 11-3 Reverse Terminal Server_______________________________________ _________128
Figure 11-4 Multiport Device Server______________________________ ___________________129
Figure 11-5 Console Server _______________________________________________________130
Figure 11-6 Connections Page_____________________________________________________131
Figure 11-7 Current Connections Section of the Connections Page ________________________132
Figure 12-1 Authentication Methods Page ____________________________________________136
Figure 12-2 Local/Remote Users Page_______________________________________________138
Figure 12-3 Local/Remote User Settings Page______________________ ___________________140
Figure 12-4 NIS Page____________________________________________________________144
Figure 12-5 LDAP Page __________________________________________________________148
Figure 12-6 RADIUS Page ________________________________________________________152
Figure 12-7 Kerberos Page________________________________________________________155
Figure 12-8 TACACS+ Page_______________________________________________________159
Figure 12-9 SSH Keys Page_______________________________________________________163
Figure 12-10 SSH Server/Host Keys Page____________________________________________166
Figure 13-1 Firmware & Configurations Page__________________________________________171
Figure 13-2 Firmware & Configurations - Manage Configuration Files Page __________________175
Figure 13-3 System Logs Page_____________________ ________________________________176
Figure 13-4 System Log Output Page________________________________________________177
Figure 13-5 Audit Log Page _______________________________________________________178
Figure 13-6 Email Log Page_______________________________________________________179
Figure 13-7 Diagnostics Page______________________________________________________180
Figure 13-8 Diagnostics Report Page________________________________________________181
Figure 13-9 Status/Reports Page ___________________________________________________183
Figure 13-10 Generated Reports Page_______________________________________________184
Figure 13-11 Events Page ________________________________________________________185
Figure 13-12 Banners Page _________________________________________________ ______187
Figure 13-13 LCD/Keypad Page____________________________________________________188
Figure 14-1 SLC Console Manager _________________________________________________190

SecureLinx SLC User Guide 11

List of Figures

Figure 14-2 Remote User Connected to a SUN Server via the SLC ________________________190
Figure 14-3 Connection to SUN UNIX Server__________________________________________192
Figure 14-4 Terminal Device Connection to the SLC ____________________________________193
Figure D-1 RJ45 Receptacle to DB25M DCE Adapter for the SLC (PN 200.2066A) ____________260
Figure D-2 RJ45 Receptacle to DB25F DCE Adapter for the SLC (PN 200.2067A) ____________261
Figure D-3 RJ45 Receptacle to DB9M DCE Adapter for the SLC (PN 200.2069A) _____________262
Figure D-4 RJ45 Receptacle to DB9F DCE Adapter for the SLC (PN 200.2070A) _____________263
Figure D-5 RJ45 to RJ45 Adapter for Netra/Sun/Cisco and SLP (PNs 200.2225 and

ADP010104-01) ________________________________________________________________264
Figure G-1 Connector Kit Contents__________________________________________________273
Figure G-2 Wire Connections ______________________________________________________273
Figure G-3 Plug Parts to Assemble__________________________________________________274
Figure G-4 Verification of the Power Source___________________________________________274
Figure G-5 DC Power Cord into the SLC _____________________________________________275
Figure H-1 Programs Window______________________________________________________277
Figure H-2 MMC Window _________________________________________________________277
Figure H-3 Snap-In Window _______________________________________________________278
Figure H-4 Active Directory Schema_________________________________________________278
Figure H-5 Console Root _________________________________________________________278
Figure H-6 Administrative Tools Folder_______________________________________________279
Figure H-7 Save As Window_______________________________________________________279
Figure H-8 New Attribute Window___________________________________________________280
Figure H-9 Create New Attribute Object Window _______________________________________280
Figure H-10 Classes Folder _______________________________________________________281
Figure H-11 User Class Window____________________________________________________281
Figure H-12 Class User Properties Window___________________________________________282
Figure H-13 User Properties Window________________________________________________282
Figure H-14 Select Schema Object Window___________________________________________283
Figure H-15 ADSI Edit Window ____________________________________________________284
Figure H-16 ADSI Edit Window, CN=Users Folder______________________________________284
Figure H-17 Properties Window ____________________________________________________285
Figure H-18 Atribute Editor Window _________________________________________________285
Figure H-19 String Attribute Editor Window ___________________________________________287

SecureLinx SLC User Guide 12

List of Tables

Table 1-1 Chapter/Appendix and Summary ____________________________________________14
Table 1-1 Conventions Used in This Book _____________________________________________15
Table 2-1 SLC Part Numbers, Models, and Descriptions__________________________________18
Table 3-1 Component Part Numbers and Descriptions ___________________________________24
Table 3-2 Components and Descriptions ______________________________________________25
Table 4-1 Methods of Assigning an IP Address _________________________________________29
Table 4-2 LCD Arrow Pushbutton Actions _____________________________________________31
Table 4-3 Front Panel Setup Options with Associated Parameters __________________________31
Table 5-1 Actions and Category Options ______________________________________________43
Table 5-2 SCS and SLC Commands _________________________________________________44
Table 12-1 User Group Rights _____________________________________________________135
Table 15-1 Actions and Category Options _________________________________________ ___196
Table F-1 Lantronix Product Family Names and Toxic/Hazardous Substances and Elements ____272

SecureLinx SLC User Guide 13

1: About This Guide

This guide provides the information needed to install, configure, and use the products in the
Lantronix SecureLinx

TM

remotely and securely configure and administer servers, routers, switches, telephone equipment,
or other devices equipped with a serial port.

Note: The features and functionality described in this document specific to PC Card use

are supported on SLC -02 part numbers. The features and functionality specific to USB
port use are supported on SLC -03 part numbers.

This chapter contains the following sections:

 Chapter Summaries
 Conventions
 Additional Documentation

Chapter Summaries

Table 1-1 lists and summarizes each chapter and appendix.

Table 1-1 Chapter/Appendix and Summary

Chapter/Appendix Summary

2: Overview

Console Manager (SLC) family. It is for IT professionals who must

Describes the SLC models, main features, and supported protocols.

3: Installation Provides technical specifications; describes connection formats and power

supplies; provides instructions for installing the unit in a rack.

4: Quick Setup Provides instructions for getting your unit up and running and for

configuring required settings.

5: Web and Command
Line Interfaces

6: Basic Parameters Provides instructions for configuring network ports, firewall and routing

7: Services Provides instructions for enabling and disabling system logging, SSH and

8: Devices Provides instructions for configuring global device port settings, individual

9: PC Cards Provides instructions for configuring storage (Compact Flash) and

10: USB Port Provides instructions for configuring USB storage devices (thumb drive) or

Describes the web and command line interfaces available for configuring
the unit.

Note: Chapters 7: Services, 8: Devices, 9: PC Cards, 10: USB Port,

11: Connections, and 12: User Authentication provide detailed

instructions for using the web interface and include command line
interface commands.

settings, and date and time.

Telnet logins, SNMP, SMTP, and the date and time.

device port settings, and console port settings.

modem/ISDN PC cards.

USB modems.

SecureLinx SLC User Guide 14

1: About This Guide

Table 1-1 Chapter/Appendix and Summary (continued)

Chapter/Appendix Summary

11: Connections Provides instructions for configuring connections and viewing, updating, or

disconnecting a connection.

12: User Authentication Provides instructions for enabling or disabling methods that authenticate

users who attempt to log in via SSH, Telnet, or the console port. Provides
instructions for creating custom menus.

13: Maintenance Provides instructions for upgrading firmware, viewing system logs and

diagnostics, generating reports, and defining events. Includes information
about web pages and commands used to shut down and reboot the SLC.

14: Application Examples Shows how to set up and use the SLC in three different configurations.
15: Command Reference Lists and describes all of the commands available on the SLC command

line interface

A: Bootloader Lists and describes the commands available for the bootloader command

line interface.

B: Security
Considerations

C: Safety Information Lists safety precautions for using the SLC.
D: Adapters and Pinouts Includes adapter pinout diagrams.
E: Protocol Glossary Lists the protocols supported by the SLC with brief descriptions.
F: Compliance Information Provides information about the SLC compliance with industry standards.
G: DC Connector

Instructions
H: LDAP Schemas Provides information about configuring LDAP schemas in Windows active

Conventions

Table 1-1 lists and describes the conventions used in this book.

Table 1-1 Conventions Used in This Book

Convention Description

Bold text Default parameters.
Brackets [ ] Optional parameters.

Provides tips for enhancing SLC security.

Provides -48VDC plug connector instructions for the SLC.

directory.

Angle Brackets < > Possible values for parameters.
Pipe | Choice of parameters.

SecureLinx SLC User Guide 15

1: About This Guide

Table 1-1 Conventions Used in This Book (continued)

Convention Description

Warning Warning: Means that you are in a situation that could

cause equipment damage or bodily injury. Befo re you work
on any equipment, you must be aware of the hazards
involved with electrical circuitry and familiar with standard
practices for preventing accidents.

Note Note: Means take notice. Notes contain helpful suggestions,

information, or references to material not covered in the publication.

Caution Caution: Means you might do something that could result in faulty

equipment operation, or loss of data.

Screen Font
(Courier New)

CLI terminal sessions and examples of CLI input.

Additional Documentation

Visit the Lantronix web site at www.lantronix.com/support/documentation for the latest
documentation and the following additional documentation:

 SLC Quick Start—Describes the steps for getting the SLC up and running; provided on the

CD and in printed form.

 SLC Online Help for the Command Line Interface—Provides online help for configuring the

SLC using commands.

 SLC Online Help for the We b In te rfa ce —Provid es onlin e help for con figur ing the SLC using

the web page.

 Detector™ Online Help—Provides online help for assigning a static IP address to the SLC

using the Detector™ tool on the product CD.

SecureLinx SLC User Guide 16

2: Overview

SecureLinx SLC Console Managers are members of the Lantronix SecureLinx IT Management
family of products. These products offer systems administrators and other IT professionals a
variety of tools to securely access and manage their resources. Lantr onix has been an innovator in
this market with terminal servers and secure console servers, as well as other remote access
devices. The SLC Console Managers build on that foundation and offer new features and
capabilities.

IT equipment can be configured, administered, and managed in a variety of ways, but most
devices have one method in common: an RS-232 serial port, sometimes called a console,
auxiliary, or management port. These ports are often accessed directly by connecting a terminal or
laptop to them, meaning that the administrator must be in the same physical location as the
equipment. SLC Console Managers give the administrator a way to access them remotely from
anywhere there is a network or modem connection.

Many types of equipment can be accessed and administered using Console Managers inclu din g:

 Servers: Unix, Linux, Windows 2003, and others.
 Networking equipment: Routers, switches, storage networking.
 Telecom: PBX, voice switches.
 Other systems with serial interfaces: Heating/cooling systems, security/building access

systems, UPS, medial devices.

The key benefits of using Console Managers:

 Saves money: Enables remote management and troubleshooting without sending a

technician onsite. Reduces travel costs and down tim e co sts .

 Saves time: Provides instant access and reduces response time, improving efficiency.
 Simplifies access: Enables you to access equipment securely and remotely after hours and

on weekends and holidays—without having to schedule visits or arrange for off-hour access.

 Protects assets: Security features provide encryption, authentication, authorization, and

firewall features to protect your IT infrastructure while providing flexible remote access.

SLC console servers provide features such as convenient text menu systems, break-safe
operation, port buffering (logging), remote authentication, an d Secure Shell (SSH) access. Dial -up
modem support ensures access when the network is not available.

This chapter contains the following sections:

 SLC Models and Part Numbers
 System Features
 Hardware Features

SLC Models and Part Numbers

The SLC models offer a compact solution for remote and local management of up to 48 devices,
for example, servers, routers, and switches with RS-232C (now EIA-232) compatible serial
consoles in a 1U-tall rack space. All models have two Ethernet ports called Eth1 and Eth2 in this
document. There are two groups of models with different part numbers - one group of models with
a USB port (part number -03) and one group of models with PC Card slots (part number -02).

SecureLinx SLC User Guide 17

2: Overview

Two Ethernet ports are useful when you want to use on e port on a private, secure network an d the
other on a public, unsecured network.

Table 2-1 lists the part numbers, models, and descriptions.

Table 2-1 SLC Part Numbers, Models, and Descriptions

Part Number
USB

SLC00812N-03 SLC00812N-02 SLC8: 8 port, Single AC Supply Secure Console Manager
SLC01612N-03 SLC01612N-02 SLC16: 16 Port, Single AC Supply Secure Console

SLC03212N-03 SLC03212N-02 SLC32: 32 Port, Single AC Supply Secure Console

SLC04812N-03 SLC04812N-02 SLC48: 48 Port, Single AC Supply Secure Console

SLC00822N-03 SLC00822N-02 SLC8: 8 Port, Dual AC Supply Secure Console Manager
SLC01622N-03 SLC01622N-02 SLC16: 16 Port, Dual AC Supply Secure Console

SLC03222N-03 SLC03222N-02 SLC32: 32 Port, Dual AC Supply Secure Console

SLC04822N-03 SLC04822N-02 SLC48: 48 Port, Dual AC Supply Secure Console

Part Number
PC Card Slots

Model and Description

Manager

Manager

Manager

Manager

Manager

Manager

SLC00824N-03 SLC00824N-02 SLC8: 8 Port, Dual DC Supply Secure Console Manager
SLC01624N-03 SLC01624N-02 SLC16: 16 Port, Dual DC Supply Secure Console

Manager

SLC03224N-03 SLC03224N-02 SLC32: 32 Port, Dual DC Supply Secure Console

Manager

SLC04824N-03 SLC04824N-02 SLC48: 48 Port, Dual DC Supply Secure Console

Manager

The products differ in the number of device ports provided, USB port or PC Card slots, and AC or
DC power availability. Some models have dual entry redundant power supplies for mission critical
applications. These models are available in AC or DC powered versions. Figure 2-1 depicts the
SLC48 with PC Card slot (a part number -02) and Figure 2-2 depicts the SLC48 with USB port (a
part number -03).

SecureLinx SLC User Guide 18

Figure 2-1 Lantronix SLC48 with PC Card Slots

1u Tall
Self-Contained
Rack-Mountable

Chassis

Two-line Display Front Panel Pushbuttons Two PC Card Slots RS232 Port

Two 10/100
Network Ports

RS-232 Device Ports

(1 - 48)

Dual DC
Power
Inputs

Two-line Display

Front Panel Pushbuttons

USB Port

RS232 Port

Figure 2-2 Lantronix SLC48 with USB Port

2: Overview

System Features

The SLC has the following capabilities:

 Connects up to 48 RS-232 serial consoles
 10Base-T/100Base-TX Ethernet network compatibility
 Buffer logging to file

SecureLinx SLC User Guide 19

 Email and SNMP notification
 ID/Password security, configurable access rights
 Secure shell (SSH) security; supports numerous other security protocols
 Network File System (NFS) and Comm on Internet File System (CIFS) support
 Telnet or SSH to a serial port by IP address per port or by IP address and TCP port number

 Configurable user rights for local and remotely authenticated users
 Supports an internal PC Card modem, USB modem, or an external modem
 No unintentional break ever sent to attached servers (Solaris Ready)
 Simultaneous access on the same port - “listen” and “direct” connect mode
 Local access through a console port
 Web administration (using most browsers)

Protocols Supported

The SLC supports the TCP/IP network protocol as well as:

 SSH, Telnet, PPP, NFS, and CIFS for connections in and out of the SLC
 SMTP for mail transfer
 DNS for text-to-IP address name resolution
 SNMP for remote monitoring and management
 FTP and SFTP for file transfers and firmware upgrades
 TFTP for firmware upgrades

2: Overview

 DHCP and BOOTP for IP address assignment
 HTTPS (SSL) for secure browser-based configuration
 NTP for time synchronization
 LDAP, NIS, RADIUS, CHAP, PAP, Kerberos, TACACS+, and SecurID (via RADIUS) for user

authentication

 Callback Control Protocol (CBCP)

For descriptions of the protocols, see E: Protocol Glossary.

Access Control

The system administrator controls access to attached servers or devices by assigning access
rights to up to 128 user profiles. Each user has an assigned ID, password, and access rights.
Other user profile access options may include externally configured authentication methods such
as NIS and LDAP.

Device Port Buffer

The SLC supports real-time data logging for each device port. The port can save the data log to a
file, send an email notification of an issue, or take no action.

You can define the path for logged data on a port-by-port basis, configure file size and number of
files per port for each logging event, and configure the device log to send an email alert message
automatically to the appropriate parties indicating a particular error.

Configuration Options

You may use the backlit front-panel LCD display for initial setup and later to view and configure
current network, console, and date/time settings.

Both a web interface viewed through a standard browser and a command line interface (CLI) are
available for configuring the SLC settings and monitoring performance.

SecureLinx SLC User Guide 20

Hardware Features

The SLC hardware includes the following:

 1U-tall (1.75 inches) rack-mountable secure console server
 Two 10Base-T/100Base- TX network ports
 Up to 48 RS-232 serial device ports connected via Category 5 (RJ45) wiring
 One serial console port for VT100 terminal or PC with emulation
 Two PC Card slots or one USB port
 256 Kbytes-per-port buffer memory for device ports
 LCD display and keypad on the front
 Universal AC power input (100-240V, 50/60 Hz); options include single input, single supply or

dual input, redundant supplies

 -48 VDC power input, dual input, redundant power supplies
 Convection cooled, silent operation, low power consumption

Note: For more detailed information, see Technical Specifications on page 25.

2: Overview

All physical connections use industry-standard cabling and connectors. The network and serial
ports are on the rear panel of the SLC, and the console port is on the front. Required cables and
adapters for certain servers, switches, and other produ cts are available from Lantronix at

www.lantronix.com.

Serial Connections

All devices attached to the device ports and the console port must support the RS-232C (EIA-232)
standard. Category 5 cabling with RJ45 connections i s used for the device port connections and
for the console port. For pinout information, see D: Adapters and Pinouts on page 260.

Note: RJ45 to DB9/DB25 adapters are available from Lantronix.

Device ports and the console port support eight baud-rate options: 300, 600, 1200, 2400, 4800,
9600, 19200, 38400, 57600, and 115200 baud. The ports are shown in Figure 2-3 and Figure 2-4.

Figure 2-3 Device Port Connections

SecureLinx SLC User Guide 21

2: Overview

Figure 2-4 Console Port Connection

Network Connections

The SLC network interfaces are 10Base-T/100Base-TX connectors for use with a conventional
Ethernet network as shown in Figure 2-5. Use standard RJ45-terminated Category 5 cables.
Network parameters must be configured before the SLC can be accessed over the network.

Figure 2-5 Network Connection

PC Card Interface

Note: This PC Card interface is only supported on SLC -02 part numbers.

The SLC has two PC Card slots as shown in F igure 2-6. Lantronix qualifies cards continuously and
publishes a list of qualified cards on the Lantronix web site.

Figure 2-6 PC Card Interface

SecureLinx SLC User Guide 22

USB Port

Note: This USB port is only supported on SLC -03 part numbers.

The SLC has a USB port as shown in Figure 2-7.

Figure 2-7 SLC with USB Interface

2: Overview

SecureLinx SLC User Guide 23

3: Installation

This chapter provides a high-level proc ed ur e fo r in stalling the SLC followed by more detailed
information about the SLC connections and power supplies.

Caution: To avoid physical and electrical hazards, please be sure to read C: Safety

Information on page 257 before installing the SLC.

It contains the following sections:

 What’s in the Box
 Technical Specifications
 Physical Installation

What’s in the Box

In addition to the SLC, Table 3-1 lists the components in the box and part numbers.

Table 3-1 Component Part Numbers and Descriptions

Component Part # Description

Adapters

200.2066A Adapter: DB25M (DCE), Sun w/DB25 female

200.2067A Adapter: DB25F (DCE) to RJ45, Sun w/DB25 male and some HP9000s

200.2069A Adapter: DB9M (DCE) to RJ45, SGI Onyx

200.2070A Adapter: DB9F (DCE) to RJ45, HP9000, SGI Origin, IBM RS6000, and PC-based
Linux servers

ADP010104-01 Adapter: RJ45 rolled serial, Cisco, and Sun Netra

Note: An optional adapter for an external modem is available from Lantronix. The part number is

200.2073 and description is DB25M (DCE) to RJ45.

Cables

200.0063 Cable: RJ45 to RJ45, 6.6 ft (2 m)

500-153 Cable: Loopback

Power Cords

500-041 For single AC models: one AC power cord

For dual AC models: two AC power cords

083-011 For dual DC models: one accessory kit, containing DC plug connectors and

instructions

Documentation

CD Case Quick Start Guide and SecureLinx Console Manager User Guide

SecureLinx SLC User Guide 24

Verify and inspect the contents of the SLC package using the enclosed packing slip or the table
above. If any item is missing or damaged, contact your place of purchase immediately.

Product Information Label

The product information label on the underside of the unit contains the following information about
each specific unit:

 Part Number
 Serial Numb er Bar Code
 Serial Number and Date Code
 Regulatory Certifications and Statements

Technical Sp ecifications

Table 3-2 lists the SLC technical specifications.

Table 3-2 Components and Descriptions

Component Description

Serial Interface (Device) RJ45-type 8-conductor connector (DTE) Speed software selectable (300

3: Installation

to 115,200 baud)

Serial Interface (Console) RJ45-type 8-pin connector (DTE) Speed software selectable (300 to

Network Interface 10Base-T/100Base-TX RJ45 Ethernet
Power Supply Universal AC power input: 100-240 VAC, 50 or 60 Hz IEC-type regional

Power Consumption Less than 20 watts
Dimensions 1U, 1.75 in x 17.25 in x 12 in
Weight 10 lbs or less, depending on the options
Temperature Operating: 0 to 50 °C (32 to 122 °F), 30 to 90% RH, non-condensing

Relative Humidity Operating: 10% to 90% non-condensing; 40% to 60% recommended

Heat Flow Rate 68 BTU per hour

Install the SLC in an EIA-standard 19-inch rack (1U tall) or as a desktop unit. The SLC uses
convection cooling to dissipate excess heat.

Physical Installation

115,200 baud)

cord set included
DC power input: -24 to -60 VDC

Storage: -20 to 70 °C (-4 to 158 °F), 10 to 90% RH, non-condensing

Storage: 10% to 90% non-condensing

To install the unit in a rack:

1. Place the unit in a 19-inch rack.

SecureLinx SLC User Guide 25

3: Installation

Warning: Be careful not to block the air vents on the sides of the unit. If you

mount the SLC in an enclosed rack, we recommended t hat the rack have
a ventilation fan to provide adequate airflow through the unit.

2. Connect serial devices to the SLC device ports. See Connecting to Device Ports on page 26.

3. Install any PC Cards or USB devices that you intend to use. If you install a modem card,
connect to the phone line. See 9: PC Cards or 10:USB Port. You have the following options:

a. To configure the SLC using the network, or to mo nitor serial devices on the network,

connect at least one SLC network port to a network. See Connecting to Network Ports on

page 27.

b. To configure the SLC using a dumb terminal or a computer with terminal emulation,

connect the terminal or PC to the SLC console port. See Connecting to Terminals on page

27.

4. Connect the power cord, and apply power. See Power on page 27.

5. Wait approximately a minute and a half for the boot process to complete. When the boot
process ends, the SLC host name and the clock appear on the LCD display.

Now you are ready to configure the network settings as described in 4: Quick Setup.

Connecting to Device Ports

You can connect any device that has a serial console port to a device port on the SLC for remote
administration. The console port must support the RS-232C interface.

Note: Many servers must have the serial port enabled as a console or the keyboard an d

mouse detached. Consult the server hardware and/or software documentation for more
information.

To connect to a device port:

1. Connect one end of the Cat 5 cable to the device port.

2. Connect the other end of the Cat 5 cable to a Lantronix serial console adapte r .

Note: To connect a device port to a Lantronix SLP, use the rolled serial cable provided

with the unit, a 200.2225 adapter and Cat 5 cabling, or the ADP010104 adapter that
eliminates the need for an additional Cat5 patch cable between the adapter and the
connected equipment. See D: Adapters and Pinouts on page 260 for more information
about Lantronix adapters.

3. Connect the adapter to the serial console of the serial device as shown in Figure 3-1.

SecureLinx SLC User Guide 26

3: Installation

Figure 3-1 CAT 5 Cable Connection

Connecting to Network Ports

The SLC network ports, 10Base-T/100Base-TX, allow remote a ccess to th e atta ched de vices a nd
the system administrative functions. Use a standard RJ45-terminated Category 5 cable to connect
to the network port.

Note: One possible use for the two Ethernet ports is to have one port on a private,

secure network, and the other on an unsecured network.

Connecting to Terminals

The console port is for local access to the SLC and the attached devices. Yo u ma y attach a d umb
terminal or a computer with terminal emulation to the console port. The SLC consol e port uses RS­232C protocol and supports VT100 emulation. The default baud rate is 9600.

To connect the console port to a terminal or computer with terminal emulation, Lantronix offers
optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector.
The console port is configured as DTE. For more information, see D: Adapters and Pinouts on

page 260 and go to the Lantronix web site at www.lantronix.com/support and click Cable/Adapter

Lookup on the Support menu.

To connect a terminal:

1. Attach the Lantronix adapter to your terminal (use PN 200.2066A adapter) or your PC's serial
port (use PN 200.2070A adapter).

2. Connect the Cat 5 cable to the adapter, and connect the other end to the SLC console port.

3. Turn on th e terminal or start your computer ’s communication progr am (e.g., HyperTermin al for
Windows).

4. Once the SLC is running, press Enter to establish connection. You should see the model
name and a login prompt on your terminal. You are connected.

Power

The SLC consumes less than 20W of electrical power.

AC Input

The SLC has a universal auto-switching AC power supply. The power supply accepts AC input
voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz. Rear-mounted IEC-type AC
power connector(s) are provided for universal AC power input (North American cord provided).

SecureLinx SLC User Guide 27

3: Installation

The SLC0xx12N models have a single supply/input, while the SLC0xx22N models have dual
inputs and dual supplies. The power connector also houses a replaceable protective fuse (fast­blow 4.0A, maximum 250V AC) and the on/off switch. In addition, we provide the SLC0xx22 N with
a “Y” cord. See the SLC models listed in Table 3-2 on page 25.

Figure 3-2 shows the AC power inputs and power switch.

Figure 3-2 AC Power Input and Power Switch (SLCxxxx2N)

Note: The SLC48 with dual AC does not have an on/off switch.

DC Input

The DC version of the SLC accepts standard –48 VDC power. The SLC0xx24T mod els accept two
DC power inputs for supply redundancy. Lantronix pr ovides the DC power connections using
industry standard Wago connectors. One set of connectors is included with the SLC. You can
order additional connectors (part number 721-103/031-000) from the Wago catalog at

http://www.wagocatalog.com/okv3/index.asp?lid=1&cid=1&str_from_home=first. Figure 3-3 shows

the DC power inputs and power switch.

Figure 3-3 DC Power Inputs and Power Switch (SLCxxx24T)

SecureLinx SLC User Guide 28

4: Quick Setup

This chapter helps get the IP network port up and running quickly, so you can administer the SLC
using your network. It contains the following sections:

 Recommendations
 IP Address
 Next Step

Recommendations

To set up the network connections quickly, we suggest you do one of the following:

 Use the front panel LCD display and pushbuttons.
 Complete the Quick Setup web page on the web interface.
 SSH to the command line interface and follow the Quick Setup script on the command line

interface.

 Connect to the console port and follow the Quick Setup script on the command line interface.

Note: The first time you power up the SLC, Eth1 tries to obtain its IP address via DHCP.

If you have connected Eth1 to the network, and Eth1 is able to acquire an IP address, you
can view this IP address on the LCD or by running the Detector tool on the product CD. If
Eth1 cannot acquire an IP address, you cannot use Telnet, SSH, or the web interface to
run Quick Setup.

IP Address

Your SLC must have a unique IP address on your network. The system administrator generally
provides the IP address and corresponding subnet mask and gateway. The IP address must be
within a valid range, unique to your network, and in the same subnet as your PC. Table 4-1 lists
the options for assigning an IP address to your unit.

Table 4-1 Methods of Assigning an IP Address

Method Description

DHCP A DHCP server automatically assigns the IP addres s and ne tw o r k

BOOTP Similar to DHCP but for smaller networks.
Detector™ A Windows-based application on the product CD for viewing a DHCP-

Front panel LCD display
and pushbuttons

settings. The SLC is DHCP-enabled by default.
With the Eth1 network port connected to the network, and the SLC

powered up, Eth1 acquires an IP address, viewable on the LCD.
At this point, you can Telnet into the SLC, or use the web interface.

provided IP address or for assigning a static IP address to the SLC. You
can use Detector only if you have not already assigned a static IP address
by another method. For more information, see Detector’s online help.

You manually assign the IP address and other basic network, console,
and date/time settings. If desired, you can restore the factory defaults.

SecureLinx SLC User Guide 29

Table 4-1 Methods of Assigning an IP Address (continued)

Method Description

4: Quick Setup

Serial port login to
command line interface

You assign an IP address and configure the SLC using a terminal or a PC
running a terminal emulation program to the unit’s serial console port
connection.

Method # 1 Using the Front Panel Display

Before you begin, ensure that you have:

 Unique IP address that is valid on your network (unless automatically assigned)
 Subnet mask (unless automatically assigned)
 Gateway
 DNS settings
 Date, time, and time zone
 Console port settings: baud rate, data bits, stop bits, parity, and flow control

Make sure the SLC is plugged into power and turned on.

Front Panel LCD Display and Pushbuttons

With the SLC powered up, you can use the front panel display and pushbuttons to set up th e basic
parameters. Figure 4-1 shows the front panel.

Figure 4-1 Front Panel LCD Display and Arrow Pushbuttons

The front panel display initially shows the host name and the date and time . Usin g th e five
pushbuttons, you can change the network, console port, and date/time settings an d view the
firmware release version. If desired, you can restore the factory defaults.

Note: Have your information handy as the display times out without accepting any

unsaved changes if you take more than 30 seconds between entries.

Any changes made to the network, console port, and date/time settings take effect immediately.

Navigating

The front panel has one Enter button (in the center) and four arrow buttons (up, left, right, and
down). Press the arrow buttons to navigate from one option to another, or to increment or

decrement a numerical entry of the selected option. Use the Enter button to select an option to
change or to save your settings. Table 4-2 and Table 4-3 list the actions, buttons, and options.

SecureLinx SLC User Guide 30

Table 4-2 LCD Arrow Pushbutton Actions

Action Button

4: Quick Setup

To move to the next option (e.g., from Network Settings to Console
Settings)

To return to the previous option Left arrow
To enter edit mode Enter (center button)
Within edit mode, to increase or decrease a numerical entry Up and down arrows
Within edit mode, to move the cursor right or left Right or left arrows
To exit edit mode Enter
To scroll up or down the list of parameters within an option (e.g., from IP

Address to Mask)

Table 4-3 Front Panel Setup Options with Associated Parameters

Right arrow

Up and down arrows

Entering the Settings

To enter setup information:

1. From the normal display (host name, date and time), press the right arrow button to display
Network Settings. The IP address for Eth1 displays.

Note: If you have connected Eth1 to the network, and Eth1 is able to acquire an IP

address through DHCP, this IP address displays, followed by the letter [D]. Otherwise, the
IP address displays as all zeros (000.000.000.000).

2. Press the Enter button on the keypad to enter edit mode. A cursor displays below one
character of the existing IP address setting.

3. To enter values:

 Use the left or right arrow to move the cursor to the left or to the right position.

SecureLinx SLC User Guide 31

4: Quick Setup

 Use the up or down arrow to increment or decrement the numerical value.

4. To toggle between a DHCP and static IP address, place the cursor over the [D] or [N] and
press the up and down arrows.

5. When you have the IP address as you want it, press Enter to exit edit mode, and then press
the down arrow button. The Subnet Mask parameter displays.

Note: You must edit the IP address and the Subnet Mask together for a val id IP address

combination.

6. To save your entries for one or more parameters in the group, press the right arrow button.
The Save Settings? Yes/No prompt displays.

Note: If the prompt does not display, make sure you are no longer in edit mode.

7. Use the left/right arrow buttons to select Yes, and press the Enter button.

8. Press the right arrow button to move to the next option, Console Settings.

9. Repeat steps 2-7 for each setting.

10. Press the right arrow button to move to the next option, Date/Time Settings, and click Enter
to edit the time zone.

a. To enter a US time zone, use the up/dow n arro w bu tto ns to scroll thr o ug h th e US time

zones, and then press Enter to select the correct one.

b. To enter a time zone outside the US, press the left arrow button to move up to the top

level of time zones. Press the up/down arrow button to scroll through the top level.
A time zone with a trailing slash (such as Africa/) has sub-time zones. Use the right arrow

button to select the Africa time zones, and then the up/down arrows to scroll through
them.

Press Enter to select the correct time zone. To move back to the top-level time zone at
any time, press the left arrow.

11. To save your entries, pr es s the right arrow button. The Save Settings? Yes/No prompt
displays.

Note: If the prompt does not display, make sure you are no longer in edit mode.

12. Use the left/right arrow buttons to select Yes, and press the Enter button.

13. To review the saved settings, press the up or down

arrows to step through the current

settings.

When you are done, the front panel returns to the clock display. The network port resets to the
new settings, and you can connect to your IP network for further administration. You should be
able to Telnet or SSH to the SLC through your network connection, or access the web interface
through a web browser.

Restoring Factory Defaults

To use the LCD display to restore factory default settings:

1. Press the right arrow button to move to the last option, Release.

2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit
Restore Factory Defaults password displays.

SecureLinx SLC User Guide 32

4: Quick Setup

3. Press Enter to enter edit mode.

4. Using the left and right arrows to move between digits and the up and down arrows to
change digits, enter the password (the default password is 999999).

Note: The Restore Factory Defaults password is only for the LCD. You can change it

at the command line interface using the admin keypad password command.

5. Press Enter to exit edit mode. If the password is valid, a Save Settings? Yes/No prompt
displays.

6. To initiate the process for restoring factory defaults, select Yes. When the process is
complete, the SLC reboots.

Method # 2 Quick Setup Using the Web

After the unit has an IP address, you can use the Quick Setup tab to configure the remaining
network settings. This page displays the first time you log into the SLC only. Otherwise, the SLC
Home Page displays. For information about the web interface, see 5: Web and Command Line

Interfaces.

To complete the Quick Setup tab:

1. Open a web browser (Netscape Navigator 6.x and above or Internet Explorer 5.5. and above,
with JavaScript enabled).

2. In the URL field, type https:// followed by the IP address of your SLC.

Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and

redirects all requests to the encrypted (HTTPS) port (port 443).

3. Log in using sysadmin as the user name and PASS as the password. The first time you log in
to the SLC, the Quick Setup tab automatically displays as shown in Figure 4-2. Otherwise,
the Home page displays.

SecureLinx SLC User Guide 33

Figure 4-2 Quick Setup Tab

4: Quick Setup

4. To accept the defaults, select the Accept default Quick Setup settings checkbox in the top
portion of the page and click the Apply button at the bottom of the page. Otherwise, continue
with step 5.

Note: Once you click Apply on the Quick Setup page, you can continue using the web

interface to configure the SLC.

5. Enter the following fields.

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)

are not currently supported.

Network Settings

Eth1 Settings Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway

from the DHCP server. (The DHCP server may not provide the hostname gateway,
depending on its setup.) This is the default setting. If you select this option, skip to
Gateway.

Obtain from BOOTP: Lets a network node request configuration information from a
BOOTP “server” node. If you select this option, skip to Gateway.

Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.

SecureLinx SLC User Guide 34

4: Quick Setup

IP Address If specifying an IP address, enter an IP address that will be unique and valid on your

network. There is no default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields for

dot-quad numbers less than 100. For example, if your IP address is 172.19.201.28,
do not enter 028 for the last segment.

Note: Currently, the SLC does not support configurations with the same IP subnet

on multiple interfaces (Ethernet or PPP).

Subnet Mask If specifying an IP address, enter the network segment on which the SLC resides.

There is no default.

Default Gateway The IP address of the router for this network. There is no default.
Hostname The default host name is slcXXXX, where XXXX is the last 4 characters of the

hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces). The host name becomes the prompt in the command line
interface.

Domain If desired, specify a domain name (for example, support.lantronix.com). The domain

name is used for host name resolution within the SLC. For example, if abcd is
specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLC attempts to resolve abcd.mydomain.com for the
SMTP server.

Date & Time Settings

Change Date/
Time

Date From the drop-down lists, select the current month, day, and year.
Time From the drop-down lists, select the current hour and minute.
Time Zone From the drop-down list, select the appropriate time zone.

Select the checkbox to manually enter the date and time at the SLC location.

Administrator Settings

Sysadmin
Password/
Retype
Password

6. To save your entries, click the Apply button.

To change the password (e.g., from the default), enter a password of up to 64
characters.

Method # 3 Quick Setup on the Command Line Interface

If the SLC does not have an IP address, you can connect a dumb terminal or a PC running a
terminal emulation program (VT100) to access the command line interface (CLI). See Connecting

to Terminals on page 27 If the unit has an IP address, you can use SSH or Telnet to co nnect to the

SLC.

Note: By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the

Services web page (see 7: Services), a serial term in al conn ection, or an SSH connection.

SecureLinx SLC User Guide 35

4: Quick Setup

Welcome to the SecureLinx Console
Manager

Model Number: SLC48
Quick Setup will now step you

through configuring a few basic
settings.

The current settings are shown in
brackets ('[]').

You can accept the current setting
for each question by pressing
<return>.

To complete the quick setup:

1. Do one of the following:

 With a serial terminal connection, power up, and when the command line displays,

press Enter.

 With a network connection, use an SSH program or Telnet program (if Telnet has

been enabled) to connect to xx.xx.xx.xx (the IP address in dot quad notation), and
press Enter. You should be at the login prompt.

2. Enter sysadmin as the user name and press Enter.

3. Enter PASS as th e password and press Enter. The first time you log in, the Quick Setup script
runs automatically. Normally, the command prompt displays.

Figure 4-3 Quick Setup Screen Using CLI

4. Enter the following fields.

Note: To accept a default or to skip an entry that is not required, press Enter.

Configure Eth1 Select one of the following:

<1> obtain IP Address from DHCP: The unit will acquire the IP address, subnet

mask, hostname and gateway from the DHCP server. (The DHCP server may or
may not provide the hostname and gateway, depending on its setup.) This is the
default setting.

<2> obtain IP Address from BOOTP: Permits a network node to request
configuration information from a BOOTP “server” node.

<3> static IP Address: Allows you to assign a static IP address manually. The IP
address is generally provided by the system administrator.

IP Address
(if specifying)

An IP address that will be unique and valid on your network and in the same
subnet as your PC. There is no default.

If you selected DHCP or BOOTP, this prompt does not display.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields

for dot-quad numbers less than 100. For example, if your IP address is

172.19.201.28, do not enter 028 for the last segment.

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or

PPP) are not currently supported.

SecureLinx SLC User Guide 36

4: Quick Setup

Subnet Mask The subnet mask specifies the network segment on which the SLC resides. There

is no default. If you selected DHCP or BOOTP, this prompt does not display.

Default Gateway IP address of the router for this network. There is no default.
Hostname The default host name is slcXXXX, where XXXX is the last 4 characters of the

hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces).

Note: T he host name beco mes the prompt in the command li ne interface.

Domain If desired, specify a domain name (for example, support.lantronix.com). The

domain name is used for host name resolution within the SLC. For example, if
abcd is specified for the SMTP server, and mydomain.com is specified for the
domain, if abcd cannot be resolved, the SLC attempts to resolve
abcd.mydomain.com for the SMTP server.

Time Zone If the time zone displayed is incorrect, enter the correct time zone and press Enter.

If the entry is not a valid time zone, the system guides you through selecting a time
zone. A list of valid regions and countries displays. At the prompts, enter the
correct region and country.

Date/Time If the date and time displayed are correct, type n and continue. If the date and time

are incorrect, type y and enter the correct date and time in the formats shown at
the prompts.

Sysadmin
password

Enter a new sysadmin password.

After you complete the Quick Setup script, the changes take effect immediately as shown in Figure

4-4.

SecureLinx SLC User Guide 37

Figure 4-4 Completed Quick Setup

4: Quick Setup

5. To logout, type logout at the prompt and press Enter.

Next Step

After quick starting the SLC, you may want to configure other settings. You can use the web page
or the command line interface for configuration.

 For information about the web and the command line interfaces, go to 5: Web and

Command Line Interfaces.

 To continue configuring the SLC, go to 6: Basic Parameters.

SecureLinx SLC User Guide 38

5: Web and Command Line Interfaces

This chapter describes the interfaces for configuring the SLC that are: command line interface
(CLI) and the Web Manager. You can also use the Front Panel LCD which is described in 4: Quick

Setup.

This chapter contains the following sections:

 Web Interface
 Command Line Interface

Note: The features and functionality described in this chapter specific to PC Card use

are supported on SLC -02 part numbers. The features and functionality specific to USB
port use are supported on SLC -03 part numbers.

Web Interface

A web interface shown in Figure 5-1 allows the system administrator and other authorized users to
configure and manage the SLC using most web browsers (Netscape Navigator 6.x and above or
Internet Explorer 5.5. and above, with JavaScript enabled). The Web Telnet and Web SSH
features require Java 1.1 (or later) support in the browser. The SLC provides a secure, encrypted
web interface over SSL (secure sockets layer).

Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and

redirects all requests to the encrypted (HTTPS) port (port 443).

SecureLinx SLC User Guide 39

Figure 5-1 Web Page Layout

5: Web and Command Line Interfaces

The web page has the following components:

 Tabs: Groups of settings to configure.
 Options: Below each tab are options for specific types of settings. Only those options for

which the currently logged-in user has rights display.

 Port Number Bar: Allows you to select a port and display its settings. The E1 and E2 buttons

display the Network – Settings page. The A and B buttons display the status of the power
supplies. Only ports to which the currently logged-in user has rights are enabled.

 Entry Fields and Options: Allow you to enter data and select options for the settings.

Note: For specific instructions on completing the fields on the web pages, see Chapters

6: Basic Parameters, 7: Services, 8: Devices, 9: PC Cards, 10: USB Port, 11:
Connections, and 12: User Authentication.

 Apply Button: Apply on each web page makes the changes immediately and saves them so

they will be there when the SLC is rebooted.

 Icons: The icons in the icon bar above the Main Me nu are (from left to

right):

- Home page.

- Information about the SLC and Lantronix contact information.

SecureLinx SLC User Guide 40

5: Web and Command Line Interfaces

- Configuration site map.

- Status of the SLC.

 Help Button: Provides online Help for the specific web page.
 Logout Button: Closes SLC.

Logging In

Only the system administrator or users with web access rights can log into the web page. More
than one user at a time can log in, but the same user cannot login more than once unless
configured for multiple logins. See 15: Command Reference for more information.

To log into the SLC web interface:

1. Open a web browser (Netsca pe Navigator 6.x and ab ove or Inter net Exp lor er 5. 5. and above ).

2. In the URL field, type https:// followed by the IP address of your SLC.

3. To configure the SLC, use sysadmin as the user name and PASS as the password. These
values are the defaults.

Notes:

 The administrator may have changed the password using the method described

in the previous chapter.

 When SecurID over RADIUS is used, the user must enter the passcode

corresponding to their RSA token. Depending on the state of the user, the login
pages may also require a new PIN number, the next passcode, or the next
tokencode.

The Lantronix SLC Quick Setup page displays automatically the first time you log in.
Subsequently, the Lantronix SLC Home page displays. (If you want to display the Quick Setup
page again, click Quick Setup on the main menu.)

Logging Off

To logoff the SLC web interface:
Click the Logoff button. The “Logging out” message, followed by the login page displays.

Web Page Help

To view detailed information about an SLC web page:
Click the Help button to the right of the web page title.

Command Line Interface

A command line interface (CLI) is available using Telnet, SSH, or a serial terminal connection to
enter SLC commands. Each command that corresponds to the web interface description in each
chapter gets listed as a cross-reference to the complete command syntax and description
contained in 15: Command Reference.

Note: By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the SSH/

Telnet/Logging tab, a serial terminal connection, or an SSH connection. See 7: Services
for more information.

SecureLinx SLC User Guide 41

5: Web and Command Line Interfaces

The sysadmin user and users with who have full administrative rights have ac cess to the complete
command set, while all other users have access to a reduced command set based on their
permissions.

Logging In

To log into the SLC command line interface:

1. Do one of the following:

 With a serial terminal connection, power up, and when the command line displays,

press Enter.

 If the SLC already has an IP address (assigned previously or assigned by DHCP),

Telnet (if Telnet has been enabled) or SSH to xx.xx.xx.xx (the IP address in dot quad
notation) and press Enter. The login prompt displays.

2. To login as the system administrator for setup and configuration :
a. Enter sysadmin as the user name and press Enter.
b. Enter PASS as the password and press Enter. The first time you log in, the Quick Setup

script runs automatically. Normally, the command prompt displays. (If you want to display
the Quick Setup script again, use the admin quicksetup command.)

Note: The system administrator may have changed the password using one of the Quick

Setup methods in the previous chapter.

3. To login any other user:
a. Enter your SLC user name and press Enter.
b. Enter your SLC password and press Enter.

Logging Out

To logout of the SLC command line interface:
Type logout and press Enter.

Command Syntax

Commands have the following syntax: <action> <category> <parameters>.
Action commands are: set, show, connect, admin, diag, pccard, or logout. Category commands

are groups of related parameters whose setting s you want to configure or view. Examples are ntp,
deviceport, and network. Parameters are one or more name-value pa irs in one of the following
formats:

 <aabb>—Specify one o f the values (aa or bb) sepa rated by a vertical line ( | ). The values are

in all lowercase and must be entered exactly as shown. Bold indicates a default value.

 <Value>—Specify an appropriate value, for example, an IP address. The parameter values

are in mixed case. Square brackets [ ] indicate optional parameters.

SecureLinx SLC User Guide 42

5: Web and Command Line Interfaces

Table 5-1 Actions and Category Options

Action Category

set auth | cifs | cli | command | consoleport | datetime | deviceport | history | hostlist | ipfilter |

kerberos | ldap | localusers | log | menu | network | nfs | nis | ntp | password | radius |
remoteusers | routing | script | services | slcnetwork | sshkey | tacacs+ | temperature | usb

show auth | auditlog | cifs | cli | connections | consoleport | datetime | deviceport | emaillog | history

| hostlist | ipfilter | kerberos | ldap | localusers | log | menu | network | nfs | nis | ntp | pccard |
portcounters | portstatus | radius | remoteusers | routing | script | services | slcnetwork |

sshkey | sysconfig | syslog | sysstatus | tacacs+ | temperature | user | usb
connect bidirection | direct | global | listen | script | terminate | unidirection
diag arp | internals | lookup | loopback | netstat | nettrace | perfstat | ping | ping6| sendpacket |

traceroute
pccard modem | storage
admin banner | clear | config | events | firmware | ftp | keypad | lcd | quicksetup | reboot| shutdown |

site | version | web

1

1

logout Terminates CLI session.

1. USB commands are only accessible on SLC USB part number -03.

Command Line Help

For general Help and to display the commands to which you have rights, type “help.” For general
CLI help, type “help command line”.

For more information about a specific command, type help followed by the command, for
example, “help set network or help admin firmware.”

Tips

 Type enough characters to uniquely identify the action, category, or parameter name. For

parameter values, type the entire value. For example, you can shorten:

set network port 1 state static ipaddr 122.3.10.1 mask 255.255.0.0

to:

se net po 1 st static ip 122.3.10.1 ma 255.255.0.0

 Use the Tab key to automatically complete action, category, or parameter names. Type a

partial name and press Tab either to complete the name if only one is possible, or to display
the possible names if more than one is possible. Following a space after the preceding name,
Tab displays all possible names.

 Should you make a mistake while typ ing, backspace by pressing the Backspace key and/or

the Delete key, depending on how you accessed the interface. Both keys work if you use
VT100 emulation in your terminal access program when connecting to the console port. Use
the left and right arrow keys to move within a command.

 Use the up and down arrows to scroll through previously entered commands. If desired,

select one and edit it. You can scroll through up to 100 previous commands entered in the
session.

SecureLinx SLC User Guide 43

5: Web and Command Line Interfaces

 To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.

When the number of lines displayed by a command exceeds the size of the window (the default is

25), the command output is halted until the user is ready to continue. To display the next line,
press Enter, and to display the page, press the space bar. You can override the number of lines
(or disable the feature altogether) with the set cli command.

General CLI Commands

The following commands relate to the CLI itself.

To configure the current command line session:

set cli scscommands <enable|disable>

Allows you to use SCS-compatible commands as shortcuts for executing commands.

Note: Settings are retained between CLI sessions for local and remote users.

Table 5-2 SCS and SLC Commands

SCS Commands SLC Commands

info show sysstatus
version admin version
reboot admin reboot
poweroff admin shutdown
listdev show deviceport names
direct connect direct devi ceport
listen connect listen deviceport
clear set locallog clear
telnet connect direct telnet
ssh connect direct ssh

To start a menu if a menu is associated with the current user and was not displayed at
login:

set cli menu start

To set the number of lines displayed by a command:

set cli terminallines <disable | Number of lines>

Sets the number of lines in the terminal emulation screen for paging through text one screen at a
time, if the SLC cannot detect the size of the terminal automatically.

To show current CLI settings:

show cli

SecureLinx SLC User Guide 44

5: Web and Command Line Interfaces

To view the last 100 commands entered in the session:

show history

To clear the command history:

set history clear

To view the rights of the currently logged-in user:

show user

Note: For information about user rights, see 12: User Authentication.

SecureLinx SLC User Guide 45

6: Basic Parameters

This chapter describes how to set the following basic configu ra tio n settin gs for th e SLC using the
SLC web interface or CLI:

 Network parameters that determine how the SLC interacts with the attached network
 Firewall and routing
 Date and time

Note: If you entered some of these settings using a Quick Setup procedure, you may

update them here.

This chapter contains the following sections:

 Requirements for IP Address Assignment
 Network Settings
 IP Filters
 Routing

Note: The features and functionality described in this chapter specific to PC Card use

are supported on SLC -02 part numbers. The features and functionality specific to USB
port use are supported on SLC -03 part numbers.

Requirements for IP Address Assignment

If you assign a different IP address from the current one, it must be within a valid range , unique to
your network, and with the same subnet mask as your workstation.

To configure the unit, you need the following information:

Eth1

IP address: ________. ________ . ________ .________
Subnet mask: ________. ________ . ________ .________

Eth2

IP address (optional): ________. ________ . ________ .________
Subnet mask (optional): ________. ________ . ________ .________

Gateway: ________. ________ . ________ .________
DNS: ________. ________ . ________ .________

Network Settings

Network parameters determine how the SLC interact s with the attache d network. Use this page to
set the basic configuration settings for the network ports (Eth1 and Eth2). If you entered some of
these settings using a Quick Setup procedure, you may update them here.

SecureLinx SLC User Guide 46

6: Basic Parameters

Ethernet Bonding

The SLC supports dual Ethernet interfaces. Typically both Ethernet interfaces are configured to
work as independent network interfaces and given unique IP addresses and fixed MAC
addresses. The Ethernet Bonding feature “bonds” the interfaces together to create a single virtual
Network interface to SLC network applications.

All network parameters get configured on the primary Ethernet interface (1). The network
application only registers with the Virtual interface (Bond0 ). In the case of a Ethernet link fault, the
Virtual Interface (Bond 0) remains up, the application is completely unaware of the network fault
and continues as if there was no fault. During Ethernet link faults an alert (interface trap) could be
generated to the System Administrator if SNMP is configured and enabled.

Note: You must configure Static IP addresses.

The virtual interface can be configured to ru n in on e of thre e mode s, an d th ey ar e:

 Active Backup—Uses Ethernet 2 as a backup to Ethernet 1. All network parameters get

configured on Ethernet 1. Both ports are connected to the network (preferably different
switches for increased network connection reliability), but the Virtual Interface Manager only
uses one interface. When the Virtual Interface Manager detects a link-down status on the
active port, it switches over to the backup interface making it the primary. When the switch
occurs to the backup interface, all Physical Layer communications with the SLC continue
using the MAC address of the active interface. The IP stack sees one interface (Virtual
Interface bond0) only.

 802.3ad Dynamic Link Aggregation (load-balancing protocol)—Uses both Ethernet interfaces

for transmission. The Virtual Interface (Bond0) Ma nager uses the p rotoc ol to deter min e which
Ethernet interface to use for transmission, based on the Source and Destination MAC address
pair and Ethernet interface number. All data continues to g et received on the primary Ethern et
Interface (1). Both interfaces are connected to the switch. When the Virtual In terface Manage r
detectes a link-down status on any active interface, it disables the 802.3ad Dynamic Link
Aggregation making the active interface the primary.

 Load Balancing (Transmit Load Balancing)—Uses both Ethernet interfaces for transmission

load balancing. The Virtual Interface Manager determines which Ethernet interface to use
based on the transmit load of the Ethernet interfaces (typically alternating). All data continues
to get received on primary Ethernet Interface (1). Both interfaces are connected to the switch.
When the Virtual Interface Manager detects a
link-down status on any active interface it disables Load Balancing making the active interface
the primary.

To enter settings for one or both network ports:

1. Click the Network tab and the Network Settings option. Figure 6-1 shows the page that
displays.

SecureLinx SLC User Guide 47

Figure 6-1 Network Web Page

6: Basic Parameters

SecureLinx SLC User Guide 48

6: Basic Parameters

2. Enter the following fields.

Ethernet Interfaces

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)

are not currently supported.

Eth1/Eth2
Settings

IP Address

(if specifying)

Subnet Mask

(if specifying)

Eth1/Eth2 IPv6
Address

Disabled: If selected, disables the network port. Defaults are Eth1 and Eth2

enabled.
Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway

from the DHCP server. (The DHCP server may not provide the hostname gateway,
depending on its setup.) This is the default setting. If you select this option, skip to

Gateway.
Obtain from BOOTP: Lets a network node request configuration information from

a BOOTP “server” node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the

system administrator.
Enter an IP address that will be unique and valid on your network. There is no

default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields

for dot-quad numbers less than 100. For example, if your IP address is

172.19.201.28, do not enter 028 for the last segment.

Note: Currently, the SLC does not support configurations with the same IP subnet

on multiple interfaces (Ethernet or PPP).

If specifying an IP address, enter the network segment on which the SLC resides.
There is no default.

Address of the port in IPv6 format.

Note: The SL C supports IPv6 connections for a limited set of services: the web,

ssh, and Telnet.

IPv6 addresses are written as 8 sets of 4-digit hexadecimal numbers separated by
colons. There are several rules for modifying the address. For example,
1234:0BCD:1D67:0000:0000:8375:BADD:0057 may be shortened to
1234:BCD:1D67::8375:BADD:57.

Eth1/Eth2 Mode Select the direction (full duplex or half-duplex) and speed (10 or 100Mbit) of data

transmission. The default is Auto, which allows the Ethernet port to auto-negotiate
the speed and duplex with the hardware endpoint to which it is connected.

Eth1/Eth2 MTU Specifies the Maximum Transmission Unit (MTU) or Maximum Packet Size of

packets at the IP layer (OSI layer 3) for the Ethernet port. When fragmenting a
datagram, this is the largest number of bytes that can be used in a packet.

Eth1/Eth2
Multicast

Enable IPv6 Check this box to enable IPv6. You must reboot the SLC to enable IPv6.

Displays the multicast address of the Ethernet port.

SecureLinx SLC User Guide 49

6: Basic Parameters

Ethernet Bonding Use the pull-down menu to select and configure one of the following:

 Disabled
 Active Backup
 802.3
 Transmit Load Balancing

Note: Bonding req uires a sta tic IP address.

Gateway

Default IP address of the router for this network.

If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2
displays.

All network traffic that matches the Eth1 IP address and subnet mask is sent out
Eth1. All network traffic that matches the Eth2 IP address and subnet mask is sent
out Eth 2.

If you set a default gateway, any network traffic that does not match Eth1 or Eth2 is
sent to the default gateway for routing.

DHCP-Acquired

Gateway acquired by DHCP for Eth1 or Eth2.

(view only)

GPRS-Acquired

(view only)

Displays the IP address of the router if it has been automatically assigned by
General Packet Radio Service (GPRS).

Precedence Indicates whether the gateway acquired by DHCP or the default gateway takes

precedence. The default is DHCP Gateway. If the DHCP Gateway is selected and
both Eth1 and Eth2 are configured for DHCP, the SLC gives precedence to the
Eth1 gateway.

Alternate An alternate IP address of the router for this network, to be used if an IP address

usually accessible through the default gateway fails to return one or more pings.

IP Address to

IP address to ping to determine whether to use the alternate gateway.

Ping
Ethernet Port to

Ethernet port to use for the ping.

Ping
Delay between

Number of seconds between pings

Pings
Number of Failed

Number of pings that fail before the SLB uses the alternate gateway.

Pings
Enable IP

Forwarding

IP forwarding enables network traffic received on one interface (Eth1, Eth2, or an
external/PC Card/USB modem attached to the SLC with an active PPP connection)
to be transferred out another interface (any of the above). The default behavior (if
IP forwarding is disabled) is for network traffic to be received but not routed to

another destination.
Enabling IP forwarding is required if you enable Network Address Translation (NAT)

for any device port modem or PC Card/USB/ISDN modem. IP forwarding allows a
user accessing the SLC over a modem to access the network connected to Eth1 or
Eth2.

SecureLinx SLC User Guide 50

6: Basic Parameters

Hostname & Name Servers

Hostname The default host name is slcXXXX, where XXXX is the last 4 characters of the

hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces). The host name becomes the prompt in the command line
interface.

Domain If desired, specify a domain name (for example, support.lantronix.com). The

domain name is used for host name resolution within the SLC. For example, if abcd
is specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLC attempts to resolve abcd.mydomain.com for
the SMTP server.

DNS Servers Configure up to three name servers. #1 is required if you choose to configure DNS

(Domain Name Server) servers.
The first three DNS servers acquired via DHCP through Eth1 and/or Eth2 display

automatically.

DHCP-Acquired
DNS Servers

GPRS-Acquired
DNS Servers

TCP Keepalive
Parameters

Displays the IP address of the name servers if automatically assigned by DHCP.

Displays the IP address of the name servers if automatically assigned by General
Packet Radio Service (GPRS).

Start Probes—Number of seconds the SLC waits after the last transmission before
sending the first probe to determine whether a TCP session is still alive. The default
is 600 seconds (10 minutes).

Number of Probes—Number of probes the SLC sends before closing a session.
The default is 5.

Interval—The number of seconds the SLC waits between probes. The default is 60
seconds.

3. Click the Apply button. Changes take effect immediately and are saved for the next session
after the SLC reboots.

Ethernet Counters

In the middle of the Network Settings page, statistics display for each SLC ethernet port since
boot-up as shown in Figure 6-2. The system automatically updates the statistics.

Note: For Ethernet statistics for a smaller time period, use the diag perfstat

command.

Figure 6-2 Ethernet Counters Example

SecureLinx SLC User Guide 51

6: Basic Parameters

Network Commands

The following CLI commands correspond to the Network Settings page. For more information,
see 15: Command Reference.

 set network (on page 231)
 set network bonding (on page 231)
 set network dns (on page 231)
 set network gateway (on page 232)
 set network host (on page 232)
 set network port (on page 232)
 set network ipv6 (on page 232)
 show network bonding (on page 233)
 show network dns (on page 233)
 show network gateway (on page 233)
 show network host (on page 233)
 show netwo rk port (on page 233)
 show network all (on page 233)

IP Filters

IP filters (also called rulesets) act as a firewall to allow or deny individual or a range of IP
addresses, ports, and protocols. When a network conne ction gets configured to use an IP filter, all
network traffic through that connection gets compared to the rulesets of that filter by precedence.
Network traffic may be allowed to pass, it may be dropped without notice, or it may be rejected
(sends back an error packet) depending upon the rulesets of the filter.

The administrator uses the IP Filter page to view, add, edit, delete, and map IP filters.

Warning: IP filters configuration is a feature for advanced users. Adding and

Enabling IP Filters

Enable or disable all filters by using the IP Filter page. There is no way to enable or disable
individual filters.

To enable IP filters:

1. Click the Network tab and IP Filter option. Figure 6-3 shows the page that displays.

enabling IP filter sets incorrectly can disable your SLC.

SecureLinx SLC User Guide 52

Figure 6-3 IP Filter Page

6: Basic Parameters

1. Enter the following fields.

Enable IP Filter Select the Enable IP Filter checkbox to enable all filters, or clear the

checkbox to disable all filters. Disabled by default.

Packets Dropped

(view only)

Packets Rejected

(view only)

Test Timer Timer for testing IP Filter rulesets. Select No to disable the timer. Select Yes,

Time Remaining

(view only)

Displays the number of data packets that the filter ignored (did not respond
to).

Displays the number of data packets that the filter sent a “rejected” response
to.

minutes (1-120) to enable the timer and enter the number of minutes the
timer should run. The timer automatically disables the IP Filters when the
time expires.

Indicates how many minutes are left on the timer before it expires and IP
Filters are disabled.

2. Click the Apply button.

Note: You cannot enable or disable individual filters.

Configuring IP Filters Rulesets

The administrator can add, edit, delete, and map IP filter ru lesets.

Note: A configured filter ruleset has no effect until it is mapped to a network interface.

See To map a ruleset: on page 55

To add an IP filter ruleset:

1. On the IP Filter page, click the Add Ruleset button. Figure 6-4 shows the page that displays.

SecureLinx SLC User Guide 53

Figure 6-4 Adding Network IP Filter Rulesets

6: Basic Parameters

2. Enter the Ruleset Name. The Ruleset Name identifies a filter. The name can be letters,
numbers, and hyphens only but cannot start with a hyphen. For example, FILTER-2.

3. Enter following fields.

Rule Parameters

IP Address Specify a single IP address to act as a filter.

Example: 172.19.220.64 – this specific IP address only

Subnet Mask Specify a subnet mask to act as a filter.

Example: 255.255.0.0

Protocol Select from the drop-down list the type of protocol through which the filter will

operate. The default setting is All.

Port Range Enter a range of destination TCP or UDP port numbers to be tested. An entry is

required for TCP, TCP New, TCP Established, and UDP, and is not allowed for
other protocols. Separate multiple ports with commas. Separate ranges of ports by
colons.

Examples:
22 – filter on port 22 only
23,64,80 – filter on ports 23, 64 and 80
23:64,80,143:150 – filter on ports 23 through 64, port 80 and ports 143 through 150

SecureLinx SLC User Guide 54

6: Basic Parameters

Action Select whether to drop, reject, or allow communications for the specified IP

address, subnet mask, protocol, and port range. Drop ignores the packet with no
notification. Reject ignores the packet and sends back an error message. Allow
permits the packet through the filter.

Generate rule to
allow service

Allow a particular protocol or service in your filter set. For example, if you have
configured your NIS server and want to allow traffic to pass, select the NIS option
and click the Add Rule button. This entry adds a new rule to your filter set using the
NIS -configured IP address. Other services and protocols that are added
automatically generate the necessary rule to allow usage.

4. Click the right arrow button to add the new rule and it s parameters to the bottom of the Rules
list box on the right.

5. To modify a ruleset, highlight its name in the Rules list box and click the left arrow. The rule
populates the rule definition fields, allowing you to make minor changes before reinsert ing the
rule. To clear the definition fields, click the Clear button.

6. To change the order of priority of the rules in the list box, select the rule to move and use the
up or down arrow buttons on the right side of the filter list box.

7. Click the Apply button. The new filter displays in the menu tree.

Note: To add another new filter ruleset, click the Back to IP Filter link to return to the IP

Filter page.

To update an IP filter ruleset:

The administrator can update an IP filter ruleset.

1. On the IP Filter page, select the IP filter ruleset to be edited and click the Edit Ruleset button.
The IP Filter Ruleset page displays.

2. Edit the information as desired and click the Apply button.

To delete an IP filter ruleset:

The administrator can delete an IP filter ruleset.

1. On the IP Filter page, select the IP filter ruleset to be deleted and click the Delete button.

To map a ruleset:

The administrator can assign an IP Filter ruleset to a network interface (Ethernet interface), a
modem connected to a Device Port, a PC Card slot, or a USB port.

1. On the IP Filter page, select the IP filter ruleset to be mapped.

2. From the Interface drop-down list, select the interface and click the Ma p Rule se t bu tton . The
Interface and ruleset display in the IP Filter Mappings table.

To delete a map:

1. On the IP Filter page, select the mapping from the list and click the Delete Mappings button.
The mapping no longer displays.

2. Click the Apply button.

SecureLinx SLC User Guide 55

6: Basic Parameters

Viewing IP Filter Rulesets and Mapping

You can view a list of filter rulesets and a table showing how each filter is mapped to an interface.
You can also view the status of the configured filter rulesets. The status page displays the number
of incoming, outgoing, and forwarded packets.

To view a list of IP filter rulesets and mappings:

1. Click the Network tab and select the IP Fi lter option. Figure 6-5 shows the page that displays.

Figure 6-5 IP Filter Page Displaying Rulesets and Mappings

To view IP Filter Status:

1. Click IP Filter Status link. Figure 6-6 shows the page that displays.

SecureLinx SLC User Guide 56

Figure 6-6 IP Filter Status

6: Basic Parameters

IP Filter Commands

The following CLI commands correspond to the Network - IP Filter Status page. For more
information, see 15: Command Reference.

 set ipfilter state (on page 224)
 set ipfilter mappin g (on page 223)
 set ip filter rules (on page 224)
 show ipfilter (on page 224)
 show ipfilter ruleset (on page 224)
 show ipfilter status (on page 225)

Routing

You can define static routes, and for networks using Routing Information Protocol (RIP), you can
configure dynamic routes.

To configure routing settings:

1. Click the Network tab and select the Routing option. Figure 6-7 shows the page that displays.

SecureLinx SLC User Guide 57

Figure 6-7 Routing Page

6: Basic Parameters

2. Enter the following fields.

Enable RIP Select to enable Dynamic Routing Information Pro tocol (RIP) to assign routes

automatically. Disabled by default.

RIP Version Sele ct the RIP version. The default is 2.
Enable Static

Routing

Select to assign the routes manually. The system administrator usually provides the
routes. Disabled by default.

 To add a static route, enter the IP Address, Subnet Mask, and Gateway for

the route and click the Add/Edit Route button. The route displays in the Static
Routes table. You can add up to 64 static routes.

 To edit a static route, select the radio button to the right of the route, change

the IP Address, Subnet Mask, and Gateway fields as desired, and click the
Add/Edit Route button.

 To delete a static route, select the radio button to the right of the route and

click the Delete Route button.

3. Click the Apply button.

To view the IP Routing Table:

1. Click the IP Routes Report link. Figure 6-8 shows the page that displays.

SecureLinx SLC User Guide 58

Figure 6-8 Status/Reports Page

6: Basic Parameters

2. Click the IP Routes checkbox and Generate Report. You can also generate reports for port
status and counters, connections, and system configurations in this page.

Routing Commands

The following CLI commands correspond to the Status/Reports page. For more information, see

15: Command Reference.

 set routing (on page 241)
 show routing (on page 242)

SecureLinx SLC User Guide 59

7: Services

This chapter describes how to use the Services web page to perform the following tasks:

 Configure the amount of data sent to the log s.
 Enable or disable SSH and Telnet logins.
 Enable a Simple Network Management Protocol (SNMP) agent.
 Identify a Simple Mail Transfer Protocol (SMTP) server.
 Enable or disable SSH and Telnet logins.
 Configure an audit log.
 View the status of and manage the SLC on the SecureLinx network.
 Set the date and time.
 Configure the web server.
 Import a site-spe cific SSL certificate.
 Enable an iGoogle gadget that displays the status of ports on multiple SLCs.
 View and terminate web sessions.

It contains the following sections:

 SSH/Telnet/Logging
 SNMP
 NFS and SMB/CIFS
 SecureLinx Network
 Date and Time
 Web Server
 Google Gadgets

Note: The SLC supports both MIB-II as defined by RFC 1213 and a private enterprise

MIB. The SLC product CD includes the MIB definition files for the private enterprise MIB.
The private enterprise MIB provides read-only access to all statistics and configurable
items provided by the SLC. It provides read-write access to a select set of functions for
controlling the SLC and device ports. See the MIB definition file for details.

Note: The features and functionality described in this chapter specific to PC Card use

are supported on SLC -02 part numbers. The features and functionality specific to USB
port use are supported on SLC -03 part numbers.

SSH/Telnet/Logging

To configure SSH, Telnet, and Logging settings:

1. Click the Services tab and select the SSH/Telnet /Logging option. Figure 7-1 shows the
page that displays.

SecureLinx SLC User Guide 60

Figure 7-1 SSH/Telnet/Logging Page

7: Services

2. Enter the following fields.

System Logging

In System Logging, select one of the following alert levels from the drop-down list for each
category:

 Off: Disables this type of logging.
 Info: Saves informative message, in addition to warning and error messages.
 Warning: Saves message output from a condition that may be cause for concern, in addition

to error messages. This is the default for all message types.

 Error: Saves messages that are output because of an error.
 Debug: Saves extraneous detail that may be helpful in tracking down a pro blem, in addition to

information, warning, and error messages.

Network Level Specifies that messages concerning the network activity get logged. For example,

messages regarding Ethernet and routing.

Services Specifies that messages about SNMP and SMTP get logged.

SecureLinx SLC User Guide 61

7: Services

Authentication Specifies that messages concerning user authentication get logged.
Device Ports Specifies that messages concerning device ports and connections get logged.
Diagnostics Specifies that messages concerning system status and problems get logged.
General Specifies that messages not in the categories above get logged.
Remote Servers

(#1 and #2)

Specifies the IP address of remote server 1 and 2 for logged messages. The
system log is always saved to local SLC storage. It is retained through SLC
reboots for files up to 200K. Saving the system log to a server that supports
remote logging services (see RFC 3164) allows the administrator to save the
complete system log history.

SSH

Enable Logins Enables or disables SSH logins to the SLC to allow users to access the CLI using

SSH. Enabled by default.
This setting does not control SSH access to individual device ports. (See Device

Ports on page 80 for information on enabling SSH access to individual ports.)
Most system administrators enable SSH logins, which is the preferred method of

accessing the system.

Web SSH Enables or disables the ability to access the SLC command Iine interface or

device ports (connect direct) through the Web SSH window. Disabled by default.

Timeout Enables a timeout if you enable SSH logins and an idle connection has

disconnected. Select Yes and enter a value of from 1 to 30 minutes.

SSH Port Allows you to change the SSH login port to a different value in the range of

1 - 65535. The default is 22.

SSH V1 Logins Enables or disables SSH version 1 connections to the SLC. Enabled by default.

Note: Disablin g SSH V1 blocks Web SSH CLI and Web SSH to device port

connections on the SLC Network page. Also, you must reboot the SLC before a
change will take effect.

Telnet

Enable Logins Enables or disables Telnet logins to the SLC to allow users to access the CLI

using Telnet. Disabled by default. This setting does not control Telnet access to
individual device ports. (See Device Ports on page 80 for information on enabling
Telnet access to individual ports.)

You may want to keep this option disabled for security reasons.

Web Telnet Enables or disables the ability to access the SLC command Iine interface or

device ports (connect direct) through the Web Telnet window. Disabled by default.

Timeout Specifies a timeout for disconnect when telnet logins are enabled. Select Yes and

enter a value of from 1 to 30 minutes.

Note: You must reboot the unit before a change will take effect.

Outgoing Telnet Enables or disables the ability to create Telnet out connections.

SecureLinx SLC User Guide 62

7: Services

Audit Log

Enable Log Select to save a history of all configuration changes in a circular log. Disabled by

default. The audit log is saved through SLC reboots.

Size Set the maximum size of a log from 1 to 500 Kbytes. The default maximum size of

a log is 50 Kbytes (approximately 500 entries).

Include CLI
Commands

Include In System
Log

Select to cause the audit log to include the CLI commands that have been
executed. Disabled by def au lt.

Enable to include the audit log contents in the system log (under the General/Info
category/level). Disabled by default.

Web SSH/Web Telnet

Java Terminal
Deployment

Java Terminal
Buffer Size

Method used to launch Java applications, either Java Web Start or Applet.

Number of lines in the Java terminal window that are available for scrolling back
through output. The valid range is 24 to 5000 and the default is 250.

SMTP

Server IP address of your network’s Simple Mail Transfer Protocol (SMTP) relay server.
Sender The email address of the sender of outgoing emails. The strings “$host” and

“$domain” can be part of the email address - they will be substituted with the
actual hostname and domain. The default is donotreply@$host.$domain.

Phone Home

Enable If enabled, the SLC will attempt to phone home every hour until it has contacted an

SLM and provided it with its configuration.

IP Address IP address of the SLM.
Last Attempt

(view only)

Results

(view only)

Date and time of last connection attempt.

Indicates whether the attempt was successful.

3. To save, click the Apply button.

SSH, Telnet, and Logging Commands

The following CLI commands correspond to the SSH/Telnet/Logging page. For more information,
see 15: Command Reference.

 set services (on page 243)
 set services trapenable (on page 244)
 show services (on page 245)

SecureLinx SLC User Guide 63

SNMP

7: Services

Simple Network Management Protocol (SNMP) is a set of protocols for managing complex
networks.

1. Click the Services tab and select the SNMP option. Figure 7-2 shows the page that displays.

Figure 7-2 SNMP Page

2. Enter the following fields.

Enable Agent Enables or disables SNMP agent, which allows read-only access to the system.

SecureLinx SLC User Guide 64

Disabled by default.

7: Services

Enable Traps Traps are notifications of certain critical events. Disabled by default. This feature is

applicable when SNMP is enabled. Examples of traps that the SLC sends include:

 Ethernet Port Link Up
 Ethernet Port Link Down
 Authentication Failure
 SLC Booted
 SLC Shutdown
 Device Port Logging
 Power Supply Status
 Sysadmin user password changed

The SLC sends the traps to the host identified in the NMS field.
NMS—When SNMP is enabled, an NMS (Network Management System) acts as

a central server, requesting and receiving SNMP-type information from any
computer using SNMP. The NMS can request information from the SLC and
receive traps from the SLC. Enter the IP address of the NMS server. Required if
you selected Enable Traps.

Location—Physical location of the SLC (optional). Useful for managing the SLC
using SNMP. Up to 20 characters.

Contact—Description of the person responsible for maintaining the SLC, for
example, a name (optional). Up to 20 characters.

Traps Enabled for
Sending

Enables the sending of SNMP trap messages. Click the types of trap messages

that you want to receive.
(Table listing types
of traps)

Communities

Read-Only A string that acts like a password for an SNMP manager to access the read-only

data the SLC SNMP agent provides. The default is public.
Read-Write A string that acts like a password for an SNMP manager to access the read-only

data the SLC SNMP agent provides and to modify data where permitted. The

default is private.
Trap The trap used for outgoing generic and enterprise traps. Traps sent with the Event

trigger mechanism still use the trap community specified with the Event action.

The default is public.

Alarm Delay Number of seconds delay between outgoing SNMP traps.

Version 3

Security Levels of security available with SNMP v. 3 are:

 No Auth/No Encrypt: No authentication or encryption.

 Auth/No Encrypt: Authentication but no encryption. (default)

 Auth/Encrypt: Authentication and encryption.

SecureLinx SLC User Guide 65

7: Services

Auth with For Auth/No Encryp or Auth/Encrypt, the authentication method:

 MD5: Message-Digest algorithm 5 (default)

 SHA: Secure Hash Algorithm

Encrypt with Encryption standard to use:

 DES: Data Encryption Standard (default)

 AES: Advanced Encryption Standard

V3 Read-Only User

User Name SNMP v3 is secure and requires user-based authorization to access SLC MIB

objects. Enter a user ID. The default is snmpuser. Up to 20 characters.
Password/Retype

Password
Passphrase/

Retype
Passphrase

Password for a user with read-only authority to use to access SNMP v3. The

default is SNMPPASS. Up to 20 characters.

Passphrase associated with the password for a user with read-only authority. Up

to 20 characters.

V3 Read-Write User

User Name SNMP v3 is secure and requires user-based authorization to access SLC MIB

objects. Enter a user ID for users with read-write authority. The default is

snmprwuser. Up to 20 characters.
Password/Retype

Password
Passphrase/

Retype
Passphrase

Password for the user with read-write authority to use to access SNMP v3. The

default is SNMPRWPASS. Up to 20 characters.

Passphrase associated with the password for a user with read-write authority. Up

to 20 characters.

3. Click the Apply button.

SNMP Commands

The following CLI commands correspond to the SNMP page. For more information, see 15:

Command Reference.

 set services (on page 243)
 set services trapenable (on page 244)

NFS and SMB/CIFS

If you want to save configuration and logging data to a remote NFS server, access the NFS &
Server Message Block/Common Internet File System (SMB/CIFS) page. You can also export
configuration and logging data by means of an exported CIFS share.

Mounting an NFS shared directory on a remote network ser ver onto a local SLC directory enables
the SLC to store device port logging data on that network server. This configuration avoids
possible limitations in the amount of disk space on the SLC available for logging files. You may
also save SLC configurations on the network server.

SecureLinx SLC User Guide 66

7: Services

Similarly use SMB/CIFS, Microsoft file-sharing protocol, to export a directory on the SLC as an
SMB/CIFS share. The SLC exports a single read-write CIFS share called “public,” with two
subdirectories:

 Logs directory, which contains the system logs and the device port local buffers (see System

Logs on page 176

 Config directory, which contains saved configurations and is read-write.

) and is read-only.

The share allows users to access the contents of the directory or map the directory onto a
Windows computer. Users can also access the device port local buffers from the CIF S sh are (se e

Device Ports – Logging on page 92).

To configure NFS and SMB/CIFS:

1. Click the Services tab and the NFS/CIFS option. Figure 7-3 shows the page that displays.

Figure 7-3 NFS and SMB/CIFS Page

2. Enter the following fields.

NFS Mounts

Remote Directory The remote NFS share directory in the format: nfs_server_hostname or ipaddr:/

Local Directory The local directory on the SLC on which to mount the remote directory. The SLC

SecureLinx SLC User Guide 67

exported/path

creates the local directory automatically.

7: Services

Read-Write If enabled, indicates that the SLC can write files to the remote directory. If you plan

to log port data or save configurations to this directory, you must enable this

option.
Mount Select the checkbox to enable the SLC to mount the file to the NFS server.

Disabled by default.

SMB/CIFS Share

Share SMB/CIFS
directory

Network Interfaces Select the network ports from which the share can be seen. The default is

CIFS User
Password/Retype
Password

Workgroup The Windows workgroup to which the SLC belongs. Every PC exporting a

Select the checkbox to enable the SLC to export an SMB/CIFS share

called “public.” Disabled by default.

for the share to be visible on Eth1 and Eth2.

Only one user special username (cifsuser) can access the CIFS share.

Enter the CIFS user password in both password fields. The default user

password is CIFSPASS.

More than one user can access the share with the cifsuser user name

and password at the same time.

CIFS share must belong to a workgroup. Can have up to 15 characters.

3. Click the Apply button.

NFS and SMB/CIFS Commands

The following CLI commands correspond to the NFS & SMB/CIFS page. For more information,
see 15: Command Reference.

 set nfs mount (on page 234)
 set nfs unmount (on page 234)
 set cifs (on page 234)
 set cifs password (on page 234)
 show cifs (on page 235)
 show nfs (on page 235)

SecureLinx Network

Use the SecureLinx Network option to view and manage SecureLi nx Managers and Spiders o n the
local subnet.

Note: Status and statistics shown on the web interface represent a snapshot in time. To

see the most recent data, reload the web page.

To view and manage SecureLinx Managers and Spiders on the local network:

1. Click the Services tab and click the SecureLinx Network option. Figure 7-4 shows the page
that displays.

SecureLinx SLC User Guide 68

Figure 7-4 SecureLinx Network Page with Local Subnet Addressing

7: Services

2. Click a device IP Address in the column labeled IP Address/Web Interface. A separate
browser opens at the device Home page after you have logged in. In the separate browser
page, you can manage the device.

3. To access a device port via SSH or Telnet, click on the bright green device ports in the Ports
column. SSH/Telnet access to the CLI or a device port requires that Web SSH or Web Telnet
is enabled. Figure 7-5 shows the Telnet window that displays.

SecureLinx SLC User Guide 69

Figure 7-5 Telnet Session

7: Services

To configure how SecureLinx devices are searched for on the network:

1. Click the Search Options link on the top right of the SecureLinx Network page. Figure 7-6
shows the page that displays.

Figure 7-6 SecureLinx Network - Search Options Page

SecureLinx SLC User Guide 70

2. Enter the following fields.

7: Services

SecureLinx
Network Search

IP Address If you selected Manually Entered IP Address List or Both, enter the IP address

Select the type of search you want to conduct.
Local Subnet: Performs a broadcast to detect SecureLinx devices on the local

subnet.
Manually Entered IP Address List: Provides a list of IP addresses that may not

respond to a broadcast because of how the network is configured.
The default is Both.

of the SecureLinx device you want to find and manage.

3. If you entered an IP address, click the Add IP Address button. The IP address displays in the
IP Address List.

4. Repeat steps 2 and 3 for each IP address you want to add.

5. To delete an IP address from the IP Address List, select the address and click the Delete IP
Address button.

6. Click the Apply button. When the confirmation message displays, click SecureLinx Network
on the main menu. The SecureLinx Network page displays the SecureLinx devices resulting
from the search. You can now manage these devices.

SecureLinx Network Commands

The following CLI commands correspond to the SecureLinx Network page. For more information,
see 15: Command Reference.

 set slcnetwork (on page 245)
 show slcnetwork ( on page 245)

Date and Time

You can specify the current date, time, and time zone at the SLC locatio n (default), or sp ecify NTP
to synchronize with other NTP devices on your network.

To set the local date, time, and time zone or enable NTP:

1. From the main menu, select Date & Time. Figure 7-7 shows the page that displays.

SecureLinx SLC User Guide 71

Figure 7-7 Date & Time Page

7: Services

1. Enter the following fields.

Change Date/
Time

Date Select the current month, day, and year from the drop-do wn lists.
Time Select the current hour and minute from the drop-down lists.
Time Zone Select the appropriate time zone.From the drop-down list.
Enable NTP Click the checkbox to enable NTP synchronization. NTP is disabled by default.
Synchronize via Select one of the following:

Select the checkbox to manually enter the date and time at the SLC location.

 Broadcast from NTP Server: Enables the SLC to accept time information

periodically transmitted by the NTP server. This is the default if you enable
NTP.

 Poll NTP Server: Enables the SLC to query the NTP Server for the correct

time. If you select this option, complete one of the following:

 Local: Select this option if the NTP servers are on a local network, and enter

the IP address of up to three NTP servers. This is the default, and it is highly
recommended.

 Public: Select this option if you want to use a public NTP server, and select

the address of the NTP server from the drop-down list. This is not
recommended because of the high load on many public NTP servers. All
servers in the drop-down list are stratum-2 servers. (See www.ntp.org for
more information.)

Each public NTP server has its own usage rules --please refer to the appropriate
web site before using one. Our listing them here is to provide easy configuration but
does not indicate any permission for use.

SecureLinx SLC User Guide 72

2. Click the Apply button.

Date and Time Commands

The following CLI commands correspond to the Date & Time page. For more information, see 15:

Command Reference.

 set datetime (on page 213)
 set ntp (on page 213)
 show ntp (on page 213)

Web Server

The Web Server page allows the system administrator to:

 Configure attributes of the web server.
 View and terminate current web sessions.
 Import a site-spe cific SSL certificate.
 Enable an iGoogle gadget that displays the status of ports on multiple SLCs.

To configure web server settings:

7: Services

1. Click the Services tab and the Web Server option. Figure 7-8 shows the page that displays.

Figure 7-8 Web Server Page

2. Enter the following fields.

Timeout Select the number of minutes (5-120) after which the SLC web session times out. The

default is 5. To avoid timeouts, select No. If the session times out, refresh the browser
page and enter your user ID and password to open another web session.

Note: If you close the browser without logging off the SLC first, you will have to wait for

the timeout time to expire. You can also end a web session by using the admin web
terminate command at the CLI or by asking your system administrator to terminate
your active web session.

SecureLinx SLC User Guide 73

7: Services

Enable
iGoogle
Gadget Web
Content

Allow SSLv2
Protocol

Cipher Click on e of the radi o buttons to configure the web to support low security (less than

Click the check box to enable an SLC iGoogle gadget. The iGoogle gadget allows an
iGoogle user to view the port status of many SLCs on one web page. See Google

Gadgets on page 76 for more information regarding the XML code.

Click the checkbox to support SSLv2 protocol. By default, the web supports the SSLv3/
TLSv1 protocol. Changing this option requires a reboot for the change to take effect.

128 bits) or High/Medium security (128 bits or higher) for the cipher. By default, the web
uses High/Medium. Changing this option requires a reboot for the change to take effect.

3. Click the Apply button.

To view or terminate web sessions:

1. Click the Web Sessions link. Figure 7-9 shows the page that displays.

Figure 7-9 Web Server - Web Sessions Page

2. To terminate, click the check box in the row of the session you want to terminate.

3. To return to the Web Server page, click the link.

To view import, or reset the SSL Certificate:

1. Click the SSL Certificate link. Figure 7-10 shows the page that displays.

SecureLinx SLC User Guide 74

Figure 7-10 Web Server - SSL Certificate Page

7: Services

2. Enter the following fields.

Reset to
Default
Certificate

Import SSL
Certificate

Import via Select the SCP, SFTP, or HTTPS method from the drop-down list. The default is SCP.
Certificate

Filename
Key Filename Assign a certificate filename that uses a private key. If HTTPS is selected as the import

Host Assign the host name or IP address of the host from which to import the file.
Path Assign the directory path where the certificate will be stored.
Login Assign the user ID to use to SCP or SFTP the file.

To reset to the default certificate, select the checkbox to reset to the default certificate.
Unselected by default.

To import your own SSL Certificate, select the checkbox. Unselected by default.

Assign a certificate filename. If HTTPS is selected as the import method, the Upload
File link is selectable to upload a certificate file.

method, the Upload File link is selectable to upload a key file.

SecureLinx SLC User Guide 75

7: Services

Password &
Retype
Password

Password to use to SCP or SFTP the file.

3. Click the Apply button.

4. Reboot the SLC for the update to take effect.

5. Click the Back to Web Server link to return to the Web Server page.

Web Server Commands

The following CLI commands correspond to the Web Server page. For more information, see 15:

Command Reference.

 admin web certificate (on page 204)
 admin web certificate reset (on page 204)
 admin web cipher (on page 204)
 admin web gad get (on page 204)
 admin web protocol (on page 204)
 admin web timeout (on page 205)
 admin web terminate (on page 205)
 admin web show (on page 205)

Google Gadgets

You can create iGoogle gadgets that enable viewing port status of many SLCs on one web page.
Anyone with a Google email account (gmail.com) can create an iGoogle gadget.

There are two types of iGoogle gadgets: public and private gadgets. Public g adgets are those that
are submitted to Google, becoming a part of the iGoogle public gadgets, and listed for import on
iGoogle web pages. Private gadgets are stored on a private server, stay private, and are usable
only by users who have the server address.

To set up an SLC iGoogle gadget:

1. Load the following XML code on a web server that is accessible over the Internet. This code
describes how to retrieve information and how to format the data for display.

<?xml version=”1.0” encoding=”UTF-8”?>

- <Module>

<ModulePrefs title=”__UP_model__ Devport Status” title_url=”http://

www.lantronix.com” directory_title=”SLC/SLB Status”

description=”Devport status and counters” scrolling=”true”
width=”400” height=”360” />

- <UserPref name=”model” display_name=”Model” datatype=”enum”

default_value=”slc”>

<EnumValue value=”SLC” display_value=”SLC” />
<EnumValue value=”SLB” display_value=”
</UserPref>
<UserPref name=”ip” display_name=”IP Address” required=”true” />

- <UserPref name=”rate” display_name=”Refresh Rate” datatype=”enum”

default_value=”10”>

SLB” />

SecureLinx SLC User Guide 76

7: Services

<EnumValue value=”1” display_value=”1 second” />
<EnumValue value=”5” display_value=”5 seconds” />
<EnumValue value=”10” display_value=”10 seconds” />
<EnumValue value=”30” display_value=”30 seconds” />
<EnumValue value=”60” display_value=”1 minute” />
<EnumValue value=”300” display_value=”5 minutes” />
<EnumValue value=”600” display_value=”10 minutes” />
</UserPref>
<Content

type=”url” href=”http://__UP_ip__/devstatus.htm” />

</Module>

2. On the iGoogle web page, click the Add stuff link.

3. On the new page, click the Add feed or gadget link.

4. In the field that displays, type the URL of the gadget location.

5. Return to the gadget viewing page and complete the SLC gadget configuration fields. Figure

7-11 shows the page that displays.

Figure 7-11 iGoogle Gadget Page

SecureLinx SLC User Guide 77

8: Devices

This chapter describes how to view the device status, configure devices, and use an SLC device
port connected to an external device, such as a server or a modem. 11: Connections describes
how to use the Connections page to connect external devices a nd outbound networ k connections
(such as Telnet or SSH) in various configurations. The Console Port page allows you to configure
the console port, if required.

This chapter contains the following sections:

 Connection Methods
 Permissions
 Device Status
 Device Ports
 Device Ports – Logging
 Console Port
 Host Lists
 Scripts

Note: The features and functionality described in this chapter specific to PC Card use

are supported on SLC -02 part numbers. The features and functionality specific to USB
port use are supported on SLC -03 part numbers.

Connection Methods

A user can connect to a device port in one of the following ways:

1. Telnet or SSH to the Eth1 or Eth2 IP address, or connect to the console port and log into the
command line interface. At the command line interface, type the connect direct or
connect listen command.

2. If Telnet is enabled for a device port, Telnet to <Eth1 IP address>:< telnet port number> or
<Eth2 IP address>:<telnet port number>. The Telnet port number is uniquely assigned for
each device port.

3. If SSH is enabled for a device port, SSH to <Eth1 IP a ddress>:<ssh port num ber> or <Eth2 IP
address>:<ssh port number>. The SSH port numb er is uniqu ely assigned for ea ch device p ort.

4. If TCP is enabled for a device port, establish a raw T CP connection to <Eth1 IP a ddress>:<tcp
port number> or <Eth2 IP address>:<tcp port number>, where tcp port number is uniquely
assigned for each device port.

5. If a device port has an IP address assigned to it, you can Telnet, SSH, or establish a raw TCP
connection to the IP address. For Telnet and SSH, use the default TCP port number (23 and
22, respectively) to connect to the device port. For r aw TCP, use the TCP port number define d
for TCP In to the device port. See Device Ports on page 80.

6. Connect a terminal or a terminal emulation program directly to the device port. If logins are
enabled, the user gets prompted for a username and password and logs into the command
line interface.

For #2, #3, #4, #5, and #6, if logins or authentication are not enabled, the user is directly
connected to the device port with no authentication.

SecureLinx SLC User Guide 78

For #1 and #6, if logins are enabled, the user is authenticated first, and then logged into the
command line interface. The user login determines permissions for accessing device ports.

Permissions

There are three types of permissions:

 Direct (or data) mode: The user can interact with and monitor the device port (connect

direct command).

 Listen mode: The user can only monitor the device port (connect listen command).
 Clear mode: The user can clear the contents of the device port buffer (set log <port>

clear buffer command).

The administrator and users with local user rights may assign individual port permissions to local
users. The administrator and users with remote authentication rights assign port access to users
authenticated by NIS, RADIUS, LDAP, Kerberos and TACACS+.

Device Status

The Device Status page displays the status of SLC ports and PC card slots.

1. Click the Devices tab and select the Device Status option. Figure 8-1 shows the page that
displays.

Figure 8-1 Device Status Page

8: Devices

SecureLinx SLC User Guide 79

Device Ports

On the Device Ports page, you can set up the numbering of Telnet, SSH, and TCP ports, view
current port modes, and select individual ports to configure.

1. Click the Devices tab and select the Device Ports option. Figure 8-2 shows the page that
displays.

Figure 8-2 Device Ports Page

8: Devices

Starting port numbers for Telnet, SSH, and TCP display on the left. The list of ports on the right
includes the individual ports and the current mode.

Note: To view additional ports and depending on the SLC model, click the 17-32 button

or the 33-48 button.

Icons that represent some of the possible modes include the following.

Idle The port is not in use.

The port is in data/text mode.

Note: You may set up ports to allo w Teln et access using the IP Settings on the Device Ports –

Settings page.

An external modem is connected to the port. The user may dial into or out of the port.

SecureLinx SLC User Guide 80

8: Devices

Telnet in or SSH in is enabled for the device port. The device port is either waiting for a Telnet or
SSH login or has received a Telnet or SSH login (a user has logged in).

To set up Telnet, SSH, and TCP port numbers:

1. Enter the following fields.

Starting Telnet
Port

Starting SSH Port Assign a starting Each port connecting via SSH. Enter a number between 1025

Starting TCP Port Assign a starting port for connecting through a raw TCP connection. Enter a

Assign a starting port number for connecting via Telnet. Enter a number between
1025 and 65535 that represents the first port. The default is 2000 plus the port
number. For example, if you enter 2001, subsequent ports are automatically
assigned numbers 2002, 2003, and so on.

and 65535 that represents the first port. The default is 3000 plus the port number.
For example, if you enter 3001, subsequent ports are automatically assigned
numbers 3002, 3003, and so on.

number between 1025 and 65535 that represents the first port. The default is 4000
plus the port number. For example, if you enter 4001, subsequent ports are
automatically numbered 4002, 4003, and so on.

You can use a raw TCP connection in which a TCP/IP connection communicates
with a serial device. For example, you can connect a serial printer to a device port
and use a raw TCP connection to spool print jobs to the printer over the network.

Note: When using raw TCP connections to transmit binary data, or when the

break command (escape sequence) is not required, set the Break Sequence of
the device port to null (clear it).

Caution: Ports 1-1024 are RFC-assigned and may conflict with services running

on the SLC. Avoid this range.

2. Click the Apply button.

To configure a specific port:

1. Select the port from the ports list and click the Configure button. Figure 8-3 shows the page
that displays.

SecureLinx SLC User Guide 81

8: Devices

Figure 8-3 Device Ports - Settings Page

OR

 Click the port number on the green bar at the top of each

page (shown here). The same page displays as in

Figure 8-3.

SecureLinx SLC User Guide 82

To enter device port settings:

1. Enter the following fields.

8: Devices

Port

Displays the port number.

(view only)

Mode

Displays the port status automatically.

(view only)
Name Assign the port name. Valid characters are letters, numbers, dashes (-), periods,

and underscores ( _ ).

Banner Input the text to display when a user connects to a device port by means of Telnet,

SSH, or TCP. If authentication is enabled for the device port, the banner displays
once the user successfully logs in. Blank is the default.

Break Sequence Enter a series of one to ten characters that users can enter on the command line

interface to send a break signal to the external device. A suggested value is
Esc+B (escape key, then uppercase “B” performed quickly but not
simultaneously). You would specify this value as \x1bB, which is hexadecimal (\x)
character 27 (1B) followed by a B.

View Port Log Seq Enter the key sequence used to view the Port Log while in Connect Direct mode.

Non-printing characters can be specified by giving their hexadecimal code (see

Break Sequence above). The default is Esc+V.

View Port Log Select to allow the user to enter the View Port Log Sequence to view the Port Log

during Connect Direct mode. The default is disabled.

Logging Click the Settings link to configure file logging, email logging, local logging, USB

logging, or PC Card logging. (See Device Ports – Logging on page 92.)

Zero Port Counters Resets all of the numerical values in the Port Counters table at the bottom of the

page to zero (0).

Connected to Select the type of device connected to the device port. The SLC supports the

Lantronix SecureLinx Remote Power Manager (SLP8 and SLP16) and Sensorsoft
devices. If the type of device is not listed, select undefined.

If you select anything other than undefined, click Device Commands. The web
page displays for the device you selected.

IP Settings

Telnet In Enables access to this port through Telnet. Disabled by default.

 Port: Automatically assigned Telnet, SSH, and TCP port numbers. You can

override the value.

 Timeout: To cause an idle Telnet, SSH or TCP connection to disconnect

after a specified number of seconds, select the checkbox and enter a value
from 1 to 1800 seconds. The default is 600 seconds.

 Authenticate: If selected, the SLC requires user authentication before

granting access to the port. Authenticate is selected by default for Telnet in
and SSH in, but not for TCP in.

SecureLinx SLC User Guide 83

8: Devices

SSH In Enables access to this port through SSH. Disabled by default.

 Port: Automatically assigned Telnet, SSH, and TCP port numbers. You can

override the value.

 Timeout: To cause an idle Telnet, SSH or TCP connection to disconnect

after a specified number of seconds, select the checkbox and enter a value
from 1 to 1800 seconds. The default is 600 seconds.

 Authenticate: If selected, the SLC requires user authentication before

granting access to the port. Authenticate is selected by default for Telnet in
and SSH in, but not for TCP in.

TCP in Enables access to this port through a raw TCP connection. Disabled by default.

 Port: Automatically assigned Telnet, SSH, and TCP port numbers. You can

override the value.

 Timeout: To cause an idle Telnet, SSH or TCP connection to disconnect

after a specified number of seconds, select the checkbox and enter a value
from 1 to 1800 seconds. The default is 600 seconds

 Authenticate: If selected, the SLC requires user authentication before

granting access to the port. Authenticate is selected by default for Telnet in
and SSH in, but not for TCP in.

Note: When using raw TCP connections to transmit binary data, or where th e

break command (escape sequence) is not required, set the Break Sequence of
the respective device port to null (clear it).

IP Address Enables an IP address used for this device port so a user can Telnet, SSH, or

establish a raw TCP connection to this address and connect directly to the device
port.

For Telnet and SSH, the default TCP port numbers (22 and 23, respectively) are
used to connect to the device port. For raw TCP, the TCP port number defined for

TCP In to the device port is used.

Web SSH/Telnet
Columns

Web SSH/Telnet
Rows

Specifies the number of columns in the Web SSH/Telnet applet when this device
port is accessed via the applet.

Specified the number of rows in the Web SSH/Telnet applet when this device port
is accessed via the applet.

Data Settings

Note: Check the serial device equipment settings and documentation for the proper

settings. The device port and the attached serial device must have the same settings.

Baud Enables the speed (baud rate) with which the device port exchanges data with the

attached serial device. From the drop-down list, select the baud rate. Most devices
use 9600 for the administration port, so the device port defaults to this value.
Check the equipment settings and documentation for the proper baud rate.

Data Bits Enables the number of data bits used to transmit a character. From the drop-down

list, select the number of data bits. The default is 8 data bits.

Stop Bits Enables the number of stop bits used to indicate that a byte of data has been

transmitted. From the drop-down list, select the number of stop bits. The default is

1.

Parity Select the parity for detecting simple, single-bit errors from the drop-down list. The

SecureLinx SLC User Guide 84

default is none.

8: Devices

Enable Logins Displays a login prompt and authenticates users for serial devices connected to the

device port. Successfully authenticated users are logged into the command line
interface. The default is disabled and is the correct setting if the device port is the
endpoint for a connection.

Flow Control Enables the method to prevent buffer overflow and loss of data. The available

methods include none, xon/xoff (software), and RTS/CTS (hardware). The default
is none.

Max Direct
Connects

Show Lines on
Connecting

Enables the maximum number of simultaneous connections for a device port from
1 to 10. The default is 1.

Enables a number of lines of buffered data when the serial port connects to the
SLC. When enabled, the user can use the connect direct command using CLI
or connect directly to the port using Telnet or SSH. The output is up to 24 lines.

For example, an SLC issues a connect direct device 1 command to
connect port 1 to a Linux server. Then the SLC user gets a directory with the ls
command exits the connection. When the SLC user issues another direct
connect device 1”, the output of the ls command (or some portion of it) is
output again, so the user can know what state the server was left in.

Hardware Signal Triggers

Check DSR on
Connect

Disconnect on
DSR

If this setting is enabled, the device port only establishes a connection if DSR (Data
Set Ready) is in an asserted state. DSR should already be in an asserted state, not
in transition, when a connection attempt is made. Disabled by default unless dial­in, dial-out, or dial-back is enabled for the device port.

If a connection to a device port is currently in session, and the DSR signal
transitions to a de-asserted state, the connection disconnects immediately.
Disabled is the default unless dial-in, dial-out, or dial-back is enabled for the device
port.

Modem Settings

Note: Depending on the State and Mode you select, different fields are available.

State Indicates whether an external modem is attached to the device port. If enabling,

set the modem to dial-out, dial-in, dial-back, CBCP server, CBCP client, dial-on­demand, dial in & dial-on-demand, or dial-in/host list. Disabled by default. For
more information, see Modem State Parameters on page 265.

Mode The format in which the data flows back and fort h:

Text: In this mode, the SLC assumes that the modem will be used for remotely

logging into the command line. Text mode can only be used for dialing in or dialing
back. Text is the default.

PPP: This mode establishes an IP-based link over the modem. PPP connections
can be used for dial-out (e.g., the SLC connects to an external network), dial-in
(e.g., the external computer connects to the network that the SLC is part of), dial­back (dial-in followed by dial-out), dial-on-demand, CBCP server or CBCP client.

SecureLinx SLC User Guide 85

8: Devices

Initialization Script Commands sent to configure the modem may have up to 100 characters. Consult

your modem’s documentation for recommended initialization options. If you do not
specify an initialization script, the SLC uses a default initialization string of AT
S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0.

Note: We recommend that the modem initialization script always be preceded

with AT and include E1 V1 x4 Q0 so that the SLC may properly control the
modem.

Modem Timeout Timeout for all modem connections. Select Yes (default) for the SLC to terminate

the connection if no traffic is received during the configured idle time. Enter a value
of from 1 to 9999 seconds. The default is 30 seconds.

Caller ID Logging Select to enable the SLC to log caller IDs on incoming calls. Disabled by default.

Note: For the Caller ID AT command, refer to the modem user guide.

Modem Command Modem AT command used to initiate caller ID logging by the modem.

Note: For the AT command, refer to the modem user guide.

Dial-back Number Users with dial-back access can dial into the SLC and enter their login and

password (for text mode) or authenticate via PAP or CHAP (for PPP mode). Once
the SLC authenticates them, the modem hangs up and dials them back.

Select the phone number the modem dials back on -a fixed number or a number
associated with their login. If you select Fixed Number, enter the number (in the
format 2123456789).

The dial-back number is also used for CBCP client as the number for a user­defined number. For more information, see Modem State Parameters on page

265.

Dial-back Delay For dial-back and CBCP Server, the number of seconds between the dial-in and

dial-out portions of the dialing sequence.

Modem Settings: Text Mode

Timeout Logins If you selected Text mode, you can enable logins to time out after the connection

is inactive for a specified number of minutes. The default is No. This setting is only
applicable for text mode connections. PPP mode connections stay connected until
either side drops the connection. Disabled by default.

Dial-in Host List From the drop-down list, select the desired host list. The host list is a prioritized list

of SSH, Telnet, and TCP hosts that are available for establishing outgoing modem
connections or for connect direct at the CLI. The hosts in the list are cycled
through until the SLC successfully connects to one.

To establish and configure host lists, click the Host Lists link.

Modem Settings: PPP Mode

Negotiate IP
Address

Authentication Enables PAP or CHAP authentication for modem logins. PAP is the default. With

If the SLC and/or the serial device have dynamic IP addresses (e.g., IP addresses
assigned by a DHCP server), select Yes. Yes is the default.

If the SLC or the modem have fixed IP addresses, select No, and enter the Local
IP (IP address of the port) and Remote IP

PAP, users are authenticated by means of the Local Users and any of the remote
authentication methods that are enabled. With CHAP, the CHAP Handshake fields
authenticate the user.

(IP address of the modem).

SecureLinx SLC User Guide 86

8: Devices

CHAP Handshake The host/username (for UNIX systems) or secret/user password (for Windows

systems) used for CHAP authentication. May have up to 128 characters.

Same
authentication for
Dial-in & Dial-on­Demand (DOD)

DOD
Authentication

DOD CHAP
Handshake

Enable NAT Select to enable Network Address Translation (NAT) for dial-in and dial-out PPP

Dial-out Number Phone number for dialing out to a remote system or serial device. May have up to

Dial-out Login User ID for dialing out to a remote system. May have up to 32 characters.
Dial-out Password

and Retype

Select this option to let incoming connections (dial-in) use the same authentication
settings as outgoing connections (dial-on-demand). If this option is not selected,
then the dial-on-demand connections take their authentication settings from the
DOD parameter settings. If DOD Authentication is PAP, then the DOD CHAP
Handshake field is not used.

Enables PAP or CHAP authentication for dial-in & dial-on-demand. PAP is the
default. With PAP, users are authenticated by means of the Local Users and any
of the remote authentication methods that are enabled. With CHAP, the DOD
CHAP Handshake fields authenticate the user.

For DOD Authentication, enter the host/username for UNIX systems) or secret/
user password (for Windows systems) used for CHAP authentication. May have
up to 128 characters.

connections on a per modem (device port, USB port, or PC Card) basis. Users
dialing into the SLC access the network connected to Eth1 and/or Eth2.

Note: IP forwarding must be enab led on the Network - Settings page for NAT to

work. See 6: Basic Parameters.

20 characters. Any format is acceptable.

Password for dialing out to a remote system. May have up to 64 characters.

Restart Delay The number of seconds after the timeout and before the SLC attempts another

connection. The default is 30 seconds.

2. Click the Apply button.

To save selected settings to ports other than the one you are configuring:

1. From the App ly Settings dr op -dow n box at the bottom o f th e Device Ports - Settings page,
select none, General, IP, Data, Modem, or All.

2. In to Device Ports, type the device p or t number s, se par at ed by commas; indicate a range of
port numbers with a hyphen (e.g., 2, 5, 7-10).

Note: It may take a few minutes for the system to apply the settings to multiple ports.

3. Click the Apply button.

To view logs of all modem activity:

1. Click the View Modem Log link on the Device Ports - Settings page.

SecureLinx SLC User Guide 87

Figure 8-4 Modem Log

8: Devices

Port Status and Counters

Port Status and Counters list the status of signals and interfaces . SLC updates and increments the
port counters as signals change and data flows in and out of the system. These counters help
troubleshoot connections or diagnose problems because they give the user an overview of the
state of various parameters. By setting them to zero and then re-checking them later, the user can
view changes in status. See Figure 8-5 for an example.

The chart in the middle of the page displays the flow control lines and port statistics for the device
port. The system automatically updates these values. To reset them to zeros, select the Zero port
counters checkbox in the IP Settings section of the page.

Note: Status and statistics shown on the web interface represent a snapshot in time. To

see the most recent data, you must reload the web page.

SecureLinx SLC User Guide 88

8: Devices

Figure 8-5 Port Status and Counters Section

Device Port – SLP

On the Device Ports – SLP page, configure commands to send to an SLP or SLP expansion
chassis that expands the number of power po rt s.

To open the Device Ports – SLP page:

1. In the Connected to field a bove the IP Settings se ction of the Device Ports – Settings page,
select an SLP or SLPEXP.

2. Click the Device Commands link. Figure 8-6 shows the page that displays.

Figure 8-6 Device Ports - SLP Page

SecureLinx SLC User Guide 89

To configure SLP:

1. Enter the following fields.

8: Devices

Port

(view only)

Name

(view only)

Device

(view only)

SLP Login User ID for logging into the SLP.
SLP Password/

Retype Password

Displays the port number.

Displays the port name.

Displays the device type.

Password for logging into the SLP.

SLP Status/Info

Outlet Status Note: If there is an SLP and an SLP Expansion chassis, the SLP is Tower A and

the Expansion chassis is Tower B.

For Tower A or Tower B, select All Outlets or Single Outlet to view the status of
all outlets or a single outlet of the SLP. If you select Single Outlet, enter a value of
1-8 for the SLP8 or 1-16 for the SLP16.

Click the Outlet Status link to see the status of the selected outlet(s).

Environmental
Status

Infeed Status Click the link to view the status of the data the SLP is receiving.

Click the link to view the environmental status (e.g., temperature and humidity) of
the SLP.

System Info Click the link to see system information pertaining to the SLP.

SLP Commands

Restart SLP To restart the SLP, select the checkbox.
Control Outlet For Tower A or Tower B, select All Outlets or Single Outlet and the number of the

outlet to be controlled (1-8 for the SLP8 or 1-16 for the SLP16) and select the
command for the outlet (No Action, Power On, Power Off, Cycle Power). No Action is
the default.

2. Click the Apply button.

Device Port – Sensorsoft Device

Devices made by Sensorsoft are used to monitor environmental conditions.

To access the Sensorsoft device:

1. In the Connected to field above the IP Settings sectio n of the Device Ports – Settings page,
select Sensorsoft.

2. Click the Device Commands link. Figure 8-7 shows the page that displays.

SecureLinx SLC User Guide 90

8: Devices

Figure 8-7 Device Ports - Sensorsoft

To configure Sensorsoft settings:

1. Select a port and enter the following fields.

Device Port

(view only)

Device Port Name

(view only)

Displays the port number.

Displays the port name.

Temp (°C) Displays the current temperature (Celsius).
Low Temp Enter the temperature (Celsius) permitted on the monitored device below which

the SLC sends a trap.

High Temp Enter the temperature (degrees Celsius) permitted on the monitored device above

which the SLC sends a trap.

Use °F Displays and sets the temperature for this device in degrees Fahrenheit, instead of

Celsius, which is the default.

Humidity (%) Displays the current relative humidity.
Low Humidity Enter the relative humidity permitted on the device the sensor is monitoring below

which the sensor sends a trap to the SLC.

High Humidity Enter the highest relative acceptable humidity permitted on the device above

which the sensor sends a trap to the SLC.

Traps Select to indicate the SLC should send a trap or configured Event Alert when the

sensor detects an out-of-range configured threshold. See SNMP on page 64.

2. Click the Apply button.

To view the status detected by the Sensorsoft:

1. Click the Sensorsoft Status link to the right of the table.

SecureLinx SLC User Guide 91

8: Devices

Device Port Commands

The following CLI commands correspond to the De vice Ports page. For more informa tion, see 15:

Command Reference.

 set deviceport port (on page 214)
 set deviceport global (on page 217)
 set command (on page 214)
 connect listen (on page 208)
 connect direct (on page 208)
 show deviceport global (on page 217)
 show deviceport port (on page 217)
 show deviceport names (on page 217)
 show portstatus (on page 218)
 show portcounters (on page 218)
 show portcounters zerocounters (on page 218)

Device Ports – Logging

The SLC products support port buffering of the data on the system's device ports as well as
notification of receiving data on a device port. Port logging is disabled by default. You can enable
more than one type of logging (local, NFS file, email/SNMP, USB port, or PC Card) at a time. The
buffer containing device port data is cleared when any type of logging is enabled.

Local Logging

If local logging is enabled, each device port stores 256 Kbytes (approximately 400 screens) of I/O
data in a true FIFO buffer. You may view this data (in ASCII format) at the CLI with the show
locallog command or on the Device Ports – Logging web page. Buffer ed data is normally stored
in RAM and is lost in the event of a power failure if it is not logged using an NFS mount solution. If
the buffer data overflows the buffer capacity, only the oldest data is lost, and only in the amount of
overrun (not in large blocks of memory).

NFS File Logging

Data can be logged to a file on a remote NFS server. Data logged locally to the SLC is limited to
256 Kbytes and may be lost in the event of a power loss. Data logged to a file on an NFS server
does not have these limitations. The system administrator can define the directory for saving
logged data on a port-by-port basis and configure file size and number of files per port.

The directory path must be the local directory for one of the NFS mounts. For each logging file,
once the file size reaches the maximum, a new file opens for logging. Once the number of files
reaches the maximum, the oldest file is overwritten. The file naming convention is: <Device Port
Number>_<Device Port Name>_<File number>.log.

Examples: 02_Port-2_1.log

02_Port-2_2.log
02_Port-2_3.log

SecureLinx SLC User Guide 92

8: Devices

02_Port-2_4.log
02_Port-2_5.log

PC Card Logging

Note: The PC Card logging feature is only supported on SLC -02 part numbers.

Data can be logged to a PC Card Compact Flash that is loaded into one of the PC Card slots on
the front of the SLC and properly mounted. Data log ged locally to th e SLC is limited to 256 Kbytes
and may be lost in the event of a power loss. Data logged to a PC Card Compact Flash does not
have these limitations. The system administrator can define the file size and number of files per
port. For each logging file, once the file size reaches the maximum, a new file opens for logging.
Once the number of files reaches the maximum, the oldest file is overwritten. The file naming
convention is: <Device Port Number>_<Device Port Name>_<File number>.log.

Examples: 02_Port-2_1.log

02_Port-2_2.log
02_Port-2_3.log
02_Port-2_4.log
02_Port-2_5.log

USB Port Logging

Note: The USB port logging feature is only supported on SLC -03 part numbers.

Data can also be logged to an thumb drive that is loaded in the USB port. Logged data to the USB
port is limited to 2048 bytes and 10 files. The system administrator can define the file size and
number of files per port. For each logging file, once the file size reaches the maximum, a new file
opens for logging. Once the number of files reaches the maximum, the oldest file is overwritten.
The file naming convention is: <Device Port Number>_<Device Port Name>_<File number>.log.
See 10: USB Port for configuration tasks and 15: Command Reference for the commands,
specifically the USB Commands section.

Email/SNMP Notification

The system administrator can configure the SLC to send an email alert message indicating a
particular condition detected in the device port log to the appropriate parties or an SNMP trap to
the designated NMS (see 7: Services). The email or trap is triggered when a u ser-defin ed numb er
of characters in the log from your server or device is exceeded, or a specific sequence of
characters is received.

Use the Device Ports – Logging page to set logging parameters on individual ports.

Syslog Logging

Data can be logged to the system log. If this feature is enabled, the data will appear in the Device
Ports log, under the Info level. The log level for the Device Ports log must be set to Info for the data
to be saved to the system log (see 7: Services).

To set logging parameters:

1. In the Device Ports – Settings page, click the Logging: Settings link. Figure 8-8 shows the
page that displays.

SecureLinx SLC User Guide 93

8: Devices

Figure 8-8 Device Ports - Logging

2. Enter the following fields.

Local Logging

Local Logging Enable local logging and each device port stores 256 Kbytes (approximately 400

screens) of I/O data in a true FIFO buffer. Disabled by default.
Clear Local Log Select the checkbox to clear the local log.
View Local Log Click this link to see the local log in text format.

Email Traps

Email/Traps Select the checkbox to enable email and SNMP logging. Email logging sends an

email message to pre-defined email addresses or an SNMP trap to the designated

NMS (see 7: Services) when alert criteria are met. Disabled by default.
Send Select notification type to send: Email, SNMP, or Both. Email is the default. Email

and SNMP logging must be enabled for this feature to work.

SecureLinx SLC User Guide 94

8: Devices

Trigger on Select the method of triggering a notification:

Byte Count: A specific number of bytes of data. This is the default.

Text String Recognition: A specific pa tt ern of characters, which you can define

by a regular expression.

Note: Text stri ng recognition may negatively impact SLC performance,

particularly when regular expressions are used.

Byte Threshold Sets the threshold for the number of bytes of data the port receives before the SLC

captures log data and sends a notification. The default is 100 bytes.

In most cases, the console port of your device does not send any data unless

there is an alarm condition. After the SLC receives a small number of bytes, it

perceives that your device needs some attention. The SLC notifies your technician

when that point has been passed, and the notification includes the logged data.

For example, a threshold preset at 30 characters means that as soon as the SLC

receives 30 bytes of data, it captures log data and sends an email regarding this

port.
Text String Sets the specific pattern of characters the SLC must recognize before sen ding a

notification to the technician about this port. The maximum is 100 characters. You

may use a regular expression to define the pattern. For example, the regular

expression “abc[def]g” recognizes the strings abcdg, abceg, abcfg.

The SLC supports GNU regular expressions; for more information, see:

 http://www.codeforge.com/help/GNURegularExpr.html

 http://www.delorie.com/gnu/docs/regex/regex.html

Email Delay Sets a time limit of how long (in seconds), after the SLC detects the trigger, that

the device port captures data before closing the log file (with a fixed internal buffer

maximum capacity of 1500 bytes) and sending a notification. The default is 60

seconds.
Restart Delay Sets the number of seconds for the period after the notification has been sent

during which the device port ignores additional characters received. The data is

simply ignored and does not trigger additional alarms until this time elapses. The

default is 60 seconds.
Email to Sets the complete email address of the message recipients for each device port.

Each device port has its own recipient list. To enter more than one email address,

separate the addresses with a single space. You can enter up to 128 characters.
Email Subject Input a subject text appropriate for your site. May have up to 128 characters.

The email subject line is pre-defined for each port with its port number. You can

use the email subject to inform the desired recipients of the problem on a certain

server or location (e.g., server location or other classification of your equipment).

This is helpful if the email message goes to the system administrator’s or service

technician's mobile or wireless device (e.g., text messaging by means of email).

Note: The character sequence%d anywhere in the email subject is replaced with

the device port number automatically.

Log Viewing Attributes

Display Select to view either the beginni ng (head) or end (tail) of the log.
Number of Lines Input the number of lines from the head or tail of the log to display.

SecureLinx SLC User Guide 95

8: Devices

NFS File Logging

NFS File Logging Select th e checkbox to log all data sent to the device port to one or more files on

an external NFS server. Disabled by default.

NFS Log to View A list of available log files saved to the selected directory to view.
Directory to Log to The path of the directory where the log files will be stored.

Note: This directory must be a directory exported from an NFS server mounted

on the SLC. Specify the local directory path for the NFS mount.

Max Number of
Files

Max Size of Files The maximum allowable file size in bytes. The default is 2048 bytes. Once the

The maximum number of files to create to contain log data to the port. These files

keep a history of the data received from the port. Once this limit is exceeded, the

oldest file is overwritten. The default is 10.

maximum size of a file is reached, the SLC begins generating a new file.

PC Card Logging

Note: This PC Card logging feature is only supported on SLC -02 part numbers.

PC Card Logging Select to enable PC Card logging. A PC Card Compact Flash must be loaded into

one of the PC Card slots on the front of the SLC and properly mounted (see PC

Card Logging on page 93). Disabled by default.

PC Card Log to
View

Log To Select the slot (Upper or Lower) in which the PC Card has been inserted. Upper

Max Number of
Files

Max Size of Files The maximum allowable file size in bytes. The default is 2048 bytes. Once the

A list of saved log files for the selected PC Card slot to view.

is the default for a PC Card.

The maximum number of files to create to contain log data to the port. These files

keep a history of the data received from the port. Once this limit is exceeded, the

oldest file is overwritten. The default is 10.

maximum size of a file is reached, the SLC begins generating a new file. The

default is 2048 bytes.

USB Logging

Note: This USB logging feature is only supported on SLC -03 part numbers.

USB Logging Select to enable USB logging. See USB Port Logging on page 93. Disabled by

USB Log to View A list of saved log files to view.
Log To Port U1 is the default and is automatically selected.
Max Number of

Files

Max Size of Files The maximum allowable file size in bytes. The default is 2048 bytes. Once the

SecureLinx SLC User Guide 96

default.

The maximum number of files to create to contain log data to the port. These files

keep a history of the data received from the port. Once this limit is exceeded, the

oldest file is overwritten. The default is 10.

maximum size of a file is reached, the SLC begins generating a new file. The

default is 2048 bytes.

8: Devices

Syslog Logging

Syslog Logging Select to enable system logging.

Note: The logging level for the device ports log must be set to Info to view Syslog

entries for Device Port logging on the Services page.

Note: To apply the settings to additional device ports, in the Apply settings to Device

Ports field, enter the additional ports, (e.g., 1-3, 5, 6)

3. To apply settings to other device ports in addition to the currently selected port, select the
Apply settings to Device Ports and enter port numbers separated by commas. Indicate a
range of port numbers with a hyphen (e.g., 2, 5, 7-10), and separate ranges with commas.

4. Click the Apply button.

Logging Commands

The following CLI commands correspond to the Device - Ports Logging page. For more
information, see 15: Command Reference.

 set deviceport port (on page 214)
 set log clear (on page 230)
 set log clear modem (on page 230)
 set log modem pppdebug (on page 230)
 show log modem (on page 231)
 show log local (on page 230)
 show log file s (on page 230)
 show syslog (on page 248)
 show syslog clear (on page 248)

Console Port

The console port initially has the same defaults as the device ports. Use the Console Port page to
change the settings, if desired.

To set console port parameters:

1. Click the Devices tab and select Console Port. Figure 8-9 shows the page that displays.

SecureLinx SLC User Guide 97

Figure 8-9 Console Port Page

2. Enter the following fields.

8: Devices

Status

(view only)

Baud Select the baud rate (speed) with which the device port exchanges data with the

Data Bits Select the number of data bits used to transmit a character. The default is 8 data

Stop Bits Select the number of stop bits that indicate that a byte of data has been transmitted.

Parity Select the parity checking which detects simple, single-bit errors. The default is

Flow Control Select a method of preventing buffer overflow and loss of data. The available

Timeout Click the No or Yes button. Input the number of minutes (1-30) if you clicked Yes

Show Lines on
Connecting

Displays the status of the console port.

attached serial device. Most devices use 9600 for the administration port, so the
console port defaults to this value.

bits.

The default is 1.

none.

methods include none, xon/xoff (software), and RTS/CTS (hardware). The default is
none.

after which an idle session on the console is automatically logged out. Disabled by
default.

Click the checkbox if you connect to the console port with a terminal emulator. You
will see the last lines of output to the console. For example, the SLC boot messages
or the last lines of output during a CLI session on the console.

3. Click the Apply button.

Console Port Commands

The following CLI commands correspond to the Console Port page. For more information, see

15: Command Reference.

SecureLinx SLC User Guide 98

 set consoleport (on page 210)
 show consoleport (on page 211)

Host Lists

A host list is a prioritized list of SSH, Telnet, and TCP hosts available for establishing incoming
modem connections or for the connect direct command on the CLI. The SLC cycles through
the list until it successfully connects to one.

To add a host list:

1. Click the Devices tab and the Host Lists option. Figure 8-10 shows the page that displays.

Figure 8-10 Host Lists Page

8: Devices

2. Enter the following fields.

Note: To clear fields in the lower part of the page, click the Clear Host List button.

Host Lists

(view only

Host List Id

(view only)

Host List Name Enter a name for the host list.
Retry Count Enter the number of times the SLC should attempt to retry connecting to the host

Authentication Select to require authentication when the SLC connects to a host.

Displays host lists by ID and Name.

Displays after a host list is saved.

list.

SecureLinx SLC User Guide 99

8: Devices

Host Parameters

Host Input the name or IP address of the host.
Protocol Select the protocol for connecting to the host (TCP, SSH, or Telnet).
Port Enter the port on the host to connect to.
Escape Sequence Enter the escape character or sequence of char acters used to get the attention of

the SSH or Telnet client. It is optional, and if not specified, Telnet and SSH use the
following default escape characters:

 Telnet—Single character or a two-character sequence consisting of '^'

followed by one character. If the second character is '?', the DEL character is
selected. Otherwise, the second character is converted to a control character
and used as the escape character.

 SSH—Single character.

3. Click the right arrow. The host displays in the Hosts box.

4. Repeat steps 2-4 to add more hosts to the host list.

Note: To clear fields before adding the next host, click the Clear Host Parameters

button.

5. Click the Add Host List button. After the process completes, a new window opens and when
the addition completes, the message “Host List configuration is complete.” displays.

6. After the process completes, you can click the Host Lists tab.

To remove a host from the host list:

1. Select the host in the Hosts box and click the left arrow.

To give the host a higher precedence:

1. Select the host in the Hosts box and click the up arrow.

To give the host a lower precedence:

1. Select the host in the Hosts box and click the down arrow.

To edit a host list:

1. Click the host list name and the radio button in the list table.

2. Click View Host Lists button. The parameters display in the Host List Parameters section.

3. Click the Edit Host List button. A new window opens and when the changes are complete,
the message “Host List configuration is complete.” displays.

4. After the process completes, you can click the Host Lists tab.

To delete a host list:

1. Select the host list in the Host Lists table.

2. Click the Delete Host List button. A new window opens to confirm the deletion. When the
deletion completes, the message “Host List configuration is complete.” displays.

3. After the process completes, you can click the Host Lists tab.

SecureLinx SLC User Guide 100