Lantronix SLC 8000, SLC 8048, SLC 8016 User Manual

SLC™ 8000
Advanced Console Manager
User Guide
Part Number 900-704-R
Revision R November 2019

Intellectual Property

Lantronix and Lantronix Spider are registered trademarks of Lantronix, Inc. in the United States and other countries. SLC and vSLM are trademarks of Lantronix, Inc.
Patented: patents.lantronix.com
Windows and Internet Explorer are registered trademarks of Microsoft Corporation. Firefox is a registered trademark of the Mozilla Foundation. Chrome is a trademark of Google Inc. All other trademarks and trade names are the property of their respective holders.

Warranty

For details on the Lantronix warranty policy, please go to our web site at
http://www.lantronix.com/support/warranty

Contacts

Lantronix Corporate Headquarters
7535 Irvine Center Drive Suite100 Irvine, CA 92618, USA
Toll Free: 800-526-8766 Phone: 949-453-3990 Fax: 949-453-3995
Technical Support
Online: www.lantronix.com/support
; additional patents pending.
.
Sales Offices
For a current list of our domestic and international sales offices, go to the Lantronix web site at
www.lantronix.com/about/contact
.

GNU General Public License Notice

This product includes open source software, including software subject to the GNU General Public Licenses (“GPL”). Lantronix will provide a CD-ROM containing the source files subject to the GPL upon request by mail. To request a CD containing the source files, send a check payable to “Lantronix, Inc.” for US $50.00 (per product) to the address below. This nominal charge covers Lantronix’ costs for duplication, media, and postage. Your request should identify the Lantronix product for which source code is desired, and the check must indicate “Open Source CD Request”. Please allow 6-8 weeks for the CD to be shipped. For GPL source code requests or inquiries please contact write to Lantronix, Inc., Attn: Open Source Request, 7535 Irvine Center Drive, Irvine, CA 92618 USA. Any GPL Code made available is for informational purposes only and distributed “As is" with no support and/or warranty of any kind intended, implied, or provided.
SLC™ 8000 Advanced Console Manager User Guide 2

Disclaimer & Revisions

All information contained herein is provided “AS IS.” Lantronix undertakes no obligation to update the information in this publication. Lantronix does not make, and specifically disclaims, all warranties of any kind (express, implied or otherwise) regarding title, non-infringement, fitness, quality, accuracy, completeness, usefulness, suitability or performance of the information provided herein. Lantronix shall have no liability whatsoever to any user for any damages, losses and causes of action (whether in contract or in tort or otherwise) in connection with the user’s access or usage of any of the information or content contained herein. The information and specifications contained in this document are subject to change without notice.
Operation of this equipment in a residential area is likely to cause interference, in which case the user, at his or her own expense, will be required to take whatever measures may be required to correct the interference.
Note: This equipment has been tested and found to comply with the limits for Class A digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with this user guide, may cause interference to radio communications. Operation of this equipment in a residential area is likely to cause interference, in which case the user will be required to correct the interference at his own expense.
User Information
Class A Equipment (Broadcasting and communication equipments for office work)
Seller and user shall be noticed that this equipment is suitable for electromagnetic equipments for office work (Class A) and it can be used outside home.
Changes or modifications made to this device that are not explicitly approved by Lantronix will void the user's authority to operate this device.
声明
此为 A 级产品,在生活环境中,该产品可能会造成无线电干扰。在这种情况下, 可能需要用户对其干扰采取切实可行的措施。
사용자안내문
기 종 별 사 용 자 안 내 문
A 급 기기 ( 업무용방송통신기자재 )
이 기기는 업무용 (A 급 ) 전자파적합기기로서 판매자 또는 사용자는 이 점을 주의하시기 바라며 , 가정외의 지역에서 사용하는 것을 목적으로 합니다 .
SLC™ 8000 Advanced Console Manager User Guide 3

Revision History

Date Rev. Comments
March 2014 A Preliminary release.
October 2014 B Initial document for firmware release 7.1.0.0.
June 2015 C Updated for firmware release 7.2.0.0.
June 2016 D Updated for firmware release 7.3.0.0.
January 2017 E Updated power cord information.
June 2017 F Updated for firmware release 7.4.0.0 and for new dual SFP transceiver port or
September 2017 G Updated part number.
February 2018 H Updated for firmware release 7.5.0.0.
March 2018 J Updated to include additional SLC hardware and new trap information for firmware
June 2018 K Updated for firmware release 7.6.0.1R6.
August 2018 L Updated fail-over gateway details for Network Settings for firmware release
January 2019 M Updated for firmware release 7.7.0.0. Software changes include:
March 2019 N Updated for firmware release 7.8.0.0.
April 2019 P Updated for firmware release 7.9.0.0.
Changes include new operating atmosphere information and warning language in Chinese and Korean. Software changes include additions in Telnet, SSH and TCP timeout directions, number of sessions message, idle timeout message, VBUS enabling, assert DTR, run web server, added mounted column information for NFS Mounts, masked CHAP secret and DOD CHAP secret fields, USB devices in diagnostics and addition of SSH bit option. SSL settings were removed so the SSLv2 protocol option is no longer available.
dual Ethernet port capability options. Updated the following:
IPv6 Neighbor Table, Ethernet Bonding Status links, and IPv6 Forward Flag
under Network Settings.
IKE v2, x.509 Certificate, Certificate Authority/Certificate File for Remote Peer,
Certificate Authority/Certificate File/Key File for Local Peer, SA Lifetime, Remote and Dead Peer settings under Network VPN.
Enable v1/v2c, Trap Version, Alarm Delay to SNMP, and Trap User Name,
Password and Passphrase under SNMP Services.
Added ability change and reset BootCount, BootDelay and BootLimit.
release 7.5.0.0.
7.6.0.1.
hostname resolution in local hosts table extended device port timers rangenew user notifications when connecting to a device portsupport for iPerf3 support for dual channel USB devicesauto enable DTR on device portsXmodem supportdevice port baud rate can be set while connected to a device port openSSH and openSSL upgradedSNMP v3 SHA2 supportexpanded support for HSPA+ gateway integration
Added support for custom Expect scripts that can be connected to the SLC CLI or a device port.
Added support for custom Python and Tcl scripts.
SLC™ 8000 Advanced Console Manager User Guide 4
Date
Rev. Comments
(continued)
November 2019 R Updated the following:
Starting with release 8.0.0.0, added support for CLI commands issued from
ConsoleFlow in bulk
Starting with release 8.1.0.0, added VPN interoperability and configuration.Starting with release 8.3.0.0, newly manufactured factory default SLC units use
a device-unique default password for local user sysadmin accounts.
SLC™ 8000 Advanced Console Manager User Guide 5

Table of Contents

Intellectual Property ________________________________________________________2 Warranty _________________________________________________________________2 Contacts _________________________________________________________________2 GNU General Public License Notice ____________________________________________ 2 Disclaimer & Revisions ______________________________________________________3 Revision History ___________________________________________________________4 Table of Contents __________________________________________________________6 List of Figures ____________________________________________________________16 List of Tables ____________________________________________________________20
1: About this Guide 21
Purpose and Audience _____________________________________________________21 Summary of Chapters ______________________________________________________21 Additional Documentation ___________________________________________________22
2: Introduction 23
Features ________________________________________________________________23
Console Management __________________________________________________23 Power _______________________________________________________________24
Integration with Other Secure Lantronix Products _____________________________24 Hardware ________________________________________________________________24 System Features __________________________________________________________26
Protocols Supported ____________________________________________________27
Access Control ________________________________________________________27
Device Port Buffer _____________________________________________________27
Configuration Options ___________________________________________________27
Device Port and Console Port Interfaces ____________________________________28
Network Connections ___________________________________________________31
Front Panel USB Ports __________________________________________________32
Memory Card Port _____________________________________________________32
Internal Modem ________________________________________________________ 33
3: Installation 34
What's in the Box _________________________________________________________34
Customize an SLC 8000 _________________________________________________ 35
Product Label _________________________________________________________36 Technical Specifications ____________________________________________________36 Physical Installation ________________________________________________________38
Connecting to a Device Port ______________________________________________38
SLC™ 8000 Advanced Console Manager User Guide 6
Modular Expansion for I/O Module Bays ____________________________________ 40
Connecting to Network Ports _____________________________________________41
Connecting Terminals ___________________________________________________ 41
AC Input _____________________________________________________________ 42
Modem Installation _____________________________________________________43
Battery Replacement ___________________________________________________ 46
4: Quick Setup 50
Recommendations ________________________________________________________50 Method #1 Using the Front Panel Display _______________________________________51
Front Panel LCD Display and Keypads _____________________________________ 51
Navigating ____________________________________________________________ 51
Entering the Settings ___________________________________________________53
Restoring Factory Defaults _______________________________________________54
Limiting Sysadmin User Access ___________________________________________54 Method #2 Quick Setup on the Web Page ______________________________________ 55
Network Settings ______________________________________________________56
Date & Time Settings ___________________________________________________ 57
Administrator Settings __________________________________________________57 Method #3 Quick Setup on the Command Line Interface ___________________________58 Next Step _______________________________________________________________61
5: Web and Command Line Interfaces 62
Web Manager ____________________________________________________________62
Logging in ____________________________________________________________64
Logging Out __________________________________________________________ 64
Web Page Help _______________________________________________________65 Command Line Interface ____________________________________________________65
Logging In ____________________________________________________________65
Logging Out __________________________________________________________ 66
Command Syntax ______________________________________________________66
Command Line Help ____________________________________________________66
Tips _________________________________________________________________66
6: Basic Parameters 69
Requirements ____________________________________________________________69 Network Port Settings ______________________________________________________70
Ethernet Interfaces (Eth1 and Eth2) ________________________________________73
Hostname & Name Servers ______________________________________________75
DNS Servers __________________________________________________________75
DHCP-Acquired DNS Servers ____________________________________________ 75
TCP Keepalive Parameters ______________________________________________ 75
SLC™ 8000 Advanced Console Manager User Guide 7
Gateway _____________________________________________________________76
Fail-Over Settings ______________________________________________________76
Fail-Over Cellular Gateway Configuration ___________________________________ 77
Advanced Cellular Gateway Configuration ___________________________________78
Fail-Over Cellular Gateway Firmware _______________________________________78
Load Cellular Gateway Firmware Options ___________________________________79
Ethernet Counters _____________________________________________________79
Network Commands ____________________________________________________79 IP Filter _________________________________________________________________79
Viewing IP Filters ______________________________________________________80
Mapping Rulesets ______________________________________________________80
Enabling IP Filters _____________________________________________________80
Configuring IP Filters ___________________________________________________ 82
Rule Parameters _______________________________________________________ 83
Updating an IP Filter ____________________________________________________83
Deleting an IP Filter ____________________________________________________ 84
IP Filter Commands ____________________________________________________84 Routing _________________________________________________________________84
Dynamic Routing ______________________________________________________85
Static Routing _________________________________________________________85
Routing Commands ____________________________________________________85 VPN Settings _____________________________________________________________85
Sample ipsec.conf Files _________________________________________________ 97
VPN Commands ______________________________________________________102 Security ________________________________________________________________102 Performance Monitoring ___________________________________________________105
Performance Monitoring - Add/Edit Probe __________________________________108
Performance Monitoring - Results ________________________________________ 110
Performance Monitoring Commands ______________________________________114 FQDN List ______________________________________________________________114
7: Services 116
System Logging and Other Services __________________________________________116 SSH/Telnet/Logging ______________________________________________________117
System Logging ______________________________________________________118
Audit Log ___________________________________________________________118
SMTP ______________________________________________________________ 118
SSH _______________________________________________________________119
Telnet ______________________________________________________________ 119
Web SSH/Web Telnet Settings __________________________________________120
Phone Home _________________________________________________________120
SSH Commands ______________________________________________________120
Logging Commands ___________________________________________________120
SLC™ 8000 Advanced Console Manager User Guide 8
SNMP _________________________________________________________________120
v1/v2c Communities ___________________________________________________123
Version 3 ___________________________________________________________123
V3 User Read-Only ___________________________________________________123
V3 User Read-Write ___________________________________________________124
V3 User Trap ________________________________________________________124
Services Commands __________________________________________________124 NFS and SMB/CIFS ______________________________________________________124
SMB/CIFS Share _____________________________________________________ 126
NFS and SMB/CIFS Commands _________________________________________ 126 Secure Lantronix Network __________________________________________________127
Browser Issues _______________________________________________________130 Troubleshooting Browser Issues _____________________________________________131
Web SSH/Telnet Copy and Paste ________________________________________132
Secure Lantronix Network Commands _____________________________________133 Date and Time ___________________________________________________________133
Date and Time Commands ______________________________________________ 135 Web Server _____________________________________________________________135
Admin Web Commands ________________________________________________ 137
Services - SSL Certificate _______________________________________________ 137
Services - Web Sessions _______________________________________________ 140 ConsoleFlow ____________________________________________________________140
ConsoleFlow Commands _______________________________________________145
8: USB/SD Card Port 146
Set Up of USB/SD Card Storage ____________________________________________146
Data Settings ________________________________________________________ 150
Modem Settings ______________________________________________________ 150
Text Mode ___________________________________________________________ 151
PPP Mode __________________________________________________________152
IP Settings __________________________________________________________153 Manage Files ____________________________________________________________153
USB Commands ______________________________________________________154
SD Card Commands __________________________________________________154
9: Device Ports 155
Connection Methods ______________________________________________________155 Permissions _____________________________________________________________155 I/O Modules _____________________________________________________________156 Device Status ___________________________________________________________157 Device Ports ____________________________________________________________158
Telnet/SSH/TCP in Port Numbers ________________________________________ 159
DevicePort Global Commands ___________________________________________159
SLC™ 8000 Advanced Console Manager User Guide 9
Device Ports - Settings ____________________________________________________160
Device Port Settings ___________________________________________________162
IP Settings __________________________________________________________164
Data Settings ________________________________________________________ 165
Hardware Signal Triggers _______________________________________________166
Modem Settings (Device Ports) __________________________________________167
Modem Settings: Text Mode _____________________________________________ 168
Modem Settings: PPP Mode ____________________________________________169
Port Status and Counters _______________________________________________170
Device Ports - Power Management _______________________________________170
Device Ports - RPMs - Add Device ________________________________________ 173
Device Port - Sensorsoft Device __________________________________________ 175
Device Port Commands ________________________________________________ 176
Device Commands ____________________________________________________176 Interacting with a Device Port _______________________________________________176 Device Ports - Logging and Events ___________________________________________177
Local Logging ________________________________________________________177
NFS File Logging _____________________________________________________177
USB and SD Card Logging ______________________________________________ 178
Token/Data Detection __________________________________________________178
Syslog Logging _______________________________________________________178
Token & Data Detection ________________________________________________179
Local Logging ________________________________________________________181
Log Viewing Attributes _________________________________________________181
NFS File Logging _____________________________________________________181
USB / SD Card Logging ________________________________________________ 181
Syslog Logging _______________________________________________________181
Logging Commands ___________________________________________________182 Console Port ____________________________________________________________182
Console Port Commands _______________________________________________183 Internal Modem Settings ___________________________________________________183
Setting Up Internal Modem Storage _______________________________________183
Internal Modem Commands _____________________________________________187 Xmodem _______________________________________________________________187 Host Lists ______________________________________________________________190
Host Parameters ______________________________________________________ 191
Host Parameters ______________________________________________________ 192
Host List Commands __________________________________________________193 Scripts _________________________________________________________________193
Scripts ______________________________________________________________ 195
Script Commands _____________________________________________________200
Batch Script Syntax ___________________________________________________200
Interface Script Syntax _________________________________________________200
SLC™ 8000 Advanced Console Manager User Guide 10
Primary Commands ___________________________________________________201
Secondary Commands _________________________________________________203
Control Flow Commands _______________________________________________ 204
Custom Script Syntax __________________________________________________205
Example Scripts ______________________________________________________ 206 Sites __________________________________________________________________222
Site Commands ______________________________________________________ 225 Modem Dialing States _____________________________________________________ 225
Dial In ______________________________________________________________225
Dial-back ____________________________________________________________ 226
Dial-on-demand ______________________________________________________ 227
Dial-in & Dial-on-demand _______________________________________________227
Dial-back & Dial-on-demand _____________________________________________ 228
CBCP Server and CBCP Client __________________________________________229
CBCP Server ________________________________________________________ 229
CBCP Client _________________________________________________________229
Key Sequences ______________________________________________________230
10: Remote Power Managers 231
Devices - RPMs _________________________________________________________231
RPMs - Add Device ___________________________________________________234 RPMs - Manage Device ___________________________________________________237 RPMs - Outlets __________________________________________________________240 RPM Shutdown Procedure _________________________________________________241 Optimizing and Troubleshooting RPM Behavior _________________________________243
RPM Commands _____________________________________________________244
11: Connections 245
Typical Setup Scenarios for the SLC Unit ______________________________________245
Terminal Server ______________________________________________________ 245
Remote Access Server _________________________________________________246
Reverse Terminal Server _______________________________________________ 246
Multiport Device Server ________________________________________________247
Console Server _______________________________________________________247
Connection Configuration _______________________________________________248
Connection Commands ________________________________________________ 250
12: User Authentication 251
Authentication Commands ______________________________________________253 User Rights _____________________________________________________________253 Local and Remote User Settings ____________________________________________255
Sysadmin Account Default Login Values ___________________________________ 256
SLC™ 8000 Advanced Console Manager User Guide 11
Adding, Editing or Deleting a User ________________________________________257
Shortcut ____________________________________________________________261
Local Users Commands ________________________________________________261
Remote User Rights Commands _________________________________________261 NIS ___________________________________________________________________262
NIS Commands ______________________________________________________265 LDAP __________________________________________________________________265
LDAP Commands _____________________________________________________269 RADIUS ________________________________________________________________270
RADIUS Commands ___________________________________________________273
User Attributes & Permissions from LDAP Schema or RADIUS VSA _____________ 273 Kerberos _______________________________________________________________274
Kerberos Commands __________________________________________________ 277 TACACS+ ______________________________________________________________277
TACACS+ Groups ____________________________________________________278
TACACS+ Commands _________________________________________________281 Groups ________________________________________________________________282
Group Commands ____________________________________________________285 SSH Keys ______________________________________________________________285
Imported Keys _______________________________________________________285
Exported Keys _______________________________________________________285
Imported Keys (SSH In) ________________________________________________ 287
Host & Login for Import _________________________________________________ 287
Exported Keys (SSH Out) _______________________________________________ 287
Host and Login for Export _______________________________________________288
SSH Commands ______________________________________________________290 Custom Menus __________________________________________________________290
Custom User Menu Commands __________________________________________293
13: Maintenance 294
Firmware & Configurations _________________________________________________294
Zero Touch Provisioning Configuration Restore ______________________________ 294
HTTPS Push Configuration Restore _______________________________________ 295
Internal Temperature __________________________________________________ 297
Site Information ______________________________________________________297
SLC Firmware ________________________________________________________ 297
Boot Banks and Bootloader Settings ______________________________________298
Load Firmware Via Options _____________________________________________ 299
Configuration Management _____________________________________________299
Manage Files ________________________________________________________ 301
Administrative Commands ______________________________________________ 301
System Logs _________________________________________________________302
System Log Commands ________________________________________________303
SLC™ 8000 Advanced Console Manager User Guide 12
Audit Log _______________________________________________________________304
Audit Log Commands __________________________________________________305 Email Log ______________________________________________________________305
Logging Commands ___________________________________________________305 Diagnostics _____________________________________________________________306
Diagnostic Commands _________________________________________________309 Status/Reports __________________________________________________________309
View Report _________________________________________________________309
Status Commands ____________________________________________________ 311 Emailing Logs and Reports _________________________________________________ 311 Events _________________________________________________________________314
Events Commands ____________________________________________________315 LCD/Keypad ____________________________________________________________316
Administrative LCD/Keypad Commands ___________________________________317 Banners ________________________________________________________________317
Administrative Banner Commands ________________________________________318
14: Application Examples 319
Telnet/SSH to a Remote Device _____________________________________________319 Dial-in (Text Mode) to a Remote Device _______________________________________ 321 Local Serial Connection to Network Device via Telnet ____________________________322
15: Command Reference 324
Introduction to Commands _________________________________________________324
Command ___________________________________________________________324
Command Line Help ___________________________________________________325
Tips ________________________________________________________________325 Administrative Commands _________________________________________________326 Audit Log Commands _____________________________________________________340 Authentication Commands _________________________________________________340 Kerberos Commands _____________________________________________________341 LDAP Commands ________________________________________________________342 Local Users Commands ___________________________________________________344 NIS Commands __________________________________________________________348 RADIUS Commands ______________________________________________________349 TACACS+ Commands ____________________________________________________350 User Permissions Commands _______________________________________________351 Remote User Commands __________________________________________________352 ConsoleFlow Commands __________________________________________________354 CLI Commands __________________________________________________________357 Connection Commands ____________________________________________________358 Console Port Commands __________________________________________________361 Custom User Menu Commands _____________________________________________362
SLC™ 8000 Advanced Console Manager User Guide 13
Date and Time Commands _________________________________________________364 Device Commands _______________________________________________________365 Device Port Commands ___________________________________________________366 Diagnostic Commands ____________________________________________________370 Events Commands _______________________________________________________375 Group Commands ________________________________________________________376 Host List Commands ______________________________________________________377 Internal Modem Commands ________________________________________________378 IP Filter Commands ______________________________________________________379 Logging Commands ______________________________________________________380 Network Commands ______________________________________________________383 NFS and SMB/CIFS Commands _____________________________________________387 Performance Monitoring Commands _________________________________________388 Routing Commands ______________________________________________________393 RPM Commands _________________________________________________________393 Script Commands ________________________________________________________396 SD Card Commands ______________________________________________________ 398 Security Commands ______________________________________________________399 Services Commands ______________________________________________________ 399 Site Commands __________________________________________________________401 SLC Network Commands __________________________________________________401 SSH Key Commands _____________________________________________________402 Status Commands ________________________________________________________405 System Log Commands ___________________________________________________406 USB Access Commands ___________________________________________________407 USB Device Commands ___________________________________________________407 USB Storage Commands __________________________________________________408 USB Modem Commands __________________________________________________410 VPN Commands _________________________________________________________412 Temperature Commands __________________________________________________414 Xmodem Commands _____________________________________________________415
Appendix A: Security Considerations 416
Security Practice _________________________________________________________416 Factors Affecting Security __________________________________________________416
Appendix B: Safety Information 417
Safety Precautions _______________________________________________________417
Fuse Caution Statement ________________________________________________417
Cover ______________________________________________________________ 417
Power Plug __________________________________________________________417
Input Supply _________________________________________________________ 418
Grounding ___________________________________________________________418
SLC™ 8000 Advanced Console Manager User Guide 14
Rack _______________________________________________________________418
Port Connections _____________________________________________________ 418
Appendix C: Adapters and Pinouts 419
Appendix D: Protocol Glossary 422
Appendix E: Compliance Information 424
RoHS, REACH and WEEE Compliance Statement ______________________________425
SLC™ 8000 Advanced Console Manager User Guide 15

List of Figures

Figure 2-1 SLC 8048 Unit (Front Side) - Part Number SLC 804812N-01-S ____________________25
Figure 2-2 SLC 8048 Unit Samples (Back Side) - Part Number SLC80482201S________________ 26
Figure 2-3 Three 16-Port USB I/O Modules Installed in Bays 1, 2, & 3 with Dual Ethernet Port____29
Figure 2-4 One 16-Port USB I/O Module Installed in Bay 1 with Dual Ethernet Port _____________29
Figure 2-5 One 16 RJ-45 Serial Port I/O Module (Bay 1) & Two 16 USB I/O Module (Bays 2 & 3) with
Dual SFP Port ______________________________________________________________________29
Figure 2-6 SFP Port LEDs _________________________________________________________30
Figure 2-8 Console Port (Front Side) _________________________________________________30
Figure 2-10 Dual Ethernet Network Connection _________________________________________31
Figure 2-11 Inserting SFP Transceiver Module into the SFP Port ___________________________31
Figure 2-12 Dual USB Ports ________________________________________________________32
Figure 2-13 Memory Card Port ______________________________________________________32
Figure 2-14 Internal Modem Location _________________________________________________33
Figure 3-3 Product Label___________________________________________________________36
Figure 3-7 Sample Device Port Connections (Back Side) _________________________________40
Figure 3-9 AC Power Input _________________________________________________________42
Figure 4-2 Front Panel LCD Display and Five Button Keypad (Enter, Up, Down, Left, Right) ______51
Figure 4-6 Quick Setup ____________________________________________________________55
Figure 4-7 Quick Setup Completed in Web Manager _____________________________________57
Figure 4-8 Home _________________________________________________________________58
Figure 4-9 Beginning of Quick Setup Script ____________________________________________58
Figure 4-10 Quick Setup Completed in CLI ____________________________________________60
Figure 5-1 Web Page Layout _______________________________________________________ 62
Figure 5-2 Sample Dashboards _____________________________________________________63
Figure 6-1 Network > Network Settings (1 of 2) _________________________________________ 71
Figure 6-2 Network > Network Settings (2 of 2) _________________________________________ 72
Figure 6-3 Network Settings > SFP NIC Information & Diagnostics __________________________ 73
Figure 6-4 Network > IP Filter ______________________________________________________80
Figure 6-5 Network > IP Filter Ruleset (Adding/Editing Rulesets) ___________________________82
Figure 6-6 Network > Routing _______________________________________________________84
Figure 6-7 Network > VPN (1 of 2) ___________________________________________________88
Figure 6-8 Network > VPN (2 of 2) ___________________________________________________89
Figure 6-9 Network > Security _____________________________________________________104
Figure 6-10 Network > Perf Monitoring _______________________________________________106
Figure 6-11 Performance Monitoring - Add/Edit Probe___________________________________108
SLC™ 8000 Advanced Console Manager User Guide 16
Figure 6-13 Performance Monitoring - Operations ______________________________________113
Figure 6-14 FQDN List ___________________________________________________________114
Figure 7-1 Services > SSH/Telnet/Logging____________________________________________117
Figure 7-2 Services > SNMP ______________________________________________________121
Figure 7-3 Services > NFS & SMB/CIFS _____________________________________________125
Figure 7-4 Services > Secure Lantronix Network _______________________________________127
Figure 7-5 IP Address Login Page __________________________________________________128
Figure 7-6 SSH and Telnet Opening File Popups_______________________________________128
Figure 7-7 SSH or Telnet CLI Session _______________________________________________ 129
Figure 7-8 Disabled Port Number Popup Window ______________________________________130
Figure 7-9 Services > Secure Lantronix Network > Search Options_________________________130
Figure 7-10 Services > Date & Time ________________________________________________ 134
Figure 7-11 Services > Web Server ________________________________________________ 136
Figure 7-12 SSL Certificate________________________________________________________ 138
Figure 7-13 Web Sessions ________________________________________________________ 140
Figure 7-14 Services > ConsoleFlow ________________________________________________143
Figure 8-1 Devices > USB / SD Card ________________________________________________147
Figure 8-2 Devices > SD Card > Configure ___________________________________________147
Figure 8-3 Devices > USB > Configure_______________________________________________ 148
Figure 8-4 Devices > USB > Modem ________________________________________________149
Figure 8-5 Firmware and Configurations - Manage Files _________________________________153
Figure 9-2 Devices > Device Status _________________________________________________157
Figure 9-3 Devices > Device Ports __________________________________________________158
Figure 9-4 Device Ports > Settings (1 of 2)____________________________________________161
Figure 9-5 Device Ports > Settings (2 of 2)____________________________________________162
Figure 9-7 Device Ports - Power Management_________________________________________172
Figure 9-8 Device Ports > RPMs - Add Device_________________________________________174
Figure 9-9 Devices > Device Ports > Sensorsoft _______________________________________175
Figure 9-10 Sensorsoft Status _____________________________________________________176
Figure 9-11 Devices > Device Ports - Logging & Events _________________________________179
Figure 9-12 Devices > Console Port _________________________________________________ 182
Figure 9-13 Devices > Internal Modem_______________________________________________184
Figure 9-14 Devices > Host Lists ___________________________________________________190
Figure 9-15 View Host Lists _______________________________________________________ 192
Figure 9-16 Devices > Scripts______________________________________________________194
Figure 9-17 Adding or Editing New Scripts ____________________________________________195
Figure 9-18 Custom Scripts - Scheduler______________________________________________198
Figure 9-23 Devices > Sites _______________________________________________________ 223
SLC™ 8000 Advanced Console Manager User Guide 17
Figure 10-1 Devices > RPMs ______________________________________________________231
Figure 10-2 RPM Shutdown Order __________________________________________________232
Figure 10-3 RPM Notifications _____________________________________________________233
Figure 10-4 RPM Raw Data Log____________________________________________________233
Figure 10-5 RPM Logs ___________________________________________________________234
Figure 10-6 RPM Environmental Log ________________________________________________ 234
Figure 10-7 Device Ports > RPMs - Add Device________________________________________235
Figure 10-8 RPMs - Managed Device________________________________________________ 238
Figure 10-9 RPMs - Outlets _______________________________________________________241
Figure 11-1 Terminal Server _______________________________________________________246
Figure 11-2 Remote Access Server _________________________________________________246
Figure 11-3 Reverse Terminal Server________________________________________________ 246
Figure 11-4 Multiport Device Server _________________________________________________247
Figure 11-5 Console Server _______________________________________________________247
Figure 11-6 Devices > Connections _________________________________________________ 248
Figure 11-7 Current Connections ___________________________________________________250
Figure 12-1 User Authentication > Authentication Methods _______________________________252
Figure 12-3 User Authentication > Local/Remote Users__________________________________255
Figure 12-4 User Authentication > Local/Remote User > Add/Edit User _____________________ 258
Figure 12-5 User Authentication > NIS _______________________________________________262
Figure 12-6 User Authentication > LDAP _____________________________________________ 266
Figure 12-7 User Authentication > RADIUS ___________________________________________270
Figure 12-8 User Authentication > Kerberos___________________________________________275
Figure 12-9 User Authentication > TACACS+__________________________________________279
Figure 12-10 User Authentication > Groups ___________________________________________283
Figure 12-11 User Authentication > SSH Keys_________________________________________286
Figure 12-12 Current Host Keys ____________________________________________________289
Figure 12-13 User Authentication > Custom Menus _____________________________________ 291
Figure 13-1 Maintenance > Firmware & Configurations __________________________________296
Figure 13-2 Network > Firmware/Config > Manage _____________________________________301
Figure 13-3 Maintenance > System Logs _____________________________________________302
Figure 13-4 System Logs _________________________________________________________303
Figure 13-5 Maintenance > Audit Log________________________________________________304
Figure 13-6 Maintenance > Email Log _______________________________________________305
Figure 13-7 Maintenance > Diagnostics ______________________________________________306
Figure 13-8 Maintenance > Diagnostics ______________________________________________308
Figure 13-9 Maintenance > Status/Reports ___________________________________________309
Figure 13-10 Generated Status/Reports______________________________________________310
SLC™ 8000 Advanced Console Manager User Guide 18
Figure 13-11 Emailed Log or Report_________________________________________________ 312
Figure 13-12 About SLC __________________________________________________________313
Figure 13-13 Maintenance > Events _________________________________________________ 314
Figure 13-14 Maintenance > LCD/Keypad ____________________________________________316
Figure 13-15 Maintenance > Banners________________________________________________317
Figure 14-1 SLC - Console Manager Configuration _____________________________________ 319
Figure 14-2 Remote User Connected to a SUN Server via the SLC unit _____________________319
Figure 14-3 Dial-in (Text Mode) to a Remote Device ____________________________________321
Figure 14-4 Local Serial Connection to Network Device via Telnet _________________________322
Figure C-1 RJ45. Receptacle to DB25M DCE Adapter for the SLC unit (PN 200.2066A) ________ 419
Figure C-2 RJ45 Receptacle to DB25F DCE Adapter for the SLC unit (PN 200.2067A) _________420
Figure C-3 RJ45 Receptacle to DB9M DCE Adapter for the SLC unit (PN 200.2069A)__________ 420
Figure C-4 RJ45 Receptacle to DB9F DCE Adapter for the SLC unit (PN 200.2070A) __________421
Figure C-5 RJ45 Receptacle to DB25M DTE Adapter (PN 200.2073) _______________________421
SLC™ 8000 Advanced Console Manager User Guide 19

List of Tables

Table 2-7 Device (DCE Reversed & DTE) Port Pinout ___________________________________30
Table 2-9 Console (DTE) Port Pinout ________________________________________________30
Table 3-1 What’s in the Box ________________________________________________________34
Table 3-2 Optional Accessories _____________________________________________________35
Table 3-4 SLC Technical Specifications ______________________________________________36
Table 3-5 Console Port and Device Port - Reverse Pinout Disabled _________________________ 39
Table 3-6 Device Port - Reverse Pinout Enabled (Default) ________________________________39
Table 3-8 Available I/O Module Configurations _________________________________________41
Table 4-1 Methods of Assigning an IP Address _________________________________________50
Table 4-3 LCD Arrow Keypad Actions ________________________________________________52
Table 4-4 Front Panel Setup Options with Associated Parameters __________________________52
Table 4-5 Front Panel Setup Options, continued ________________________________________52
Table 5-3 SCS Commands ________________________________________________________ 67
Table 5-4 CLI Keyboard Shortcuts ___________________________________________________ 68
Table 6-12 Error Conditions _______________________________________________________112
Table 9-1 Supported I/O Module Configurations _______________________________________156
Table 9-6 Port Status and Counters _________________________________________________170
Table 9-19 Definitions ___________________________________________________________201
Table 9-20 Primary Commands ____________________________________________________202
Table 9-21 Secondary Commands _________________________________________________203
Table 9-22 Control Flow Commands ________________________________________________204
Table 12-2 User Types and Rights _________________________________________________254
Table 15-1 Actions and Category Options ___________________________________________ 324
SLC™ 8000 Advanced Console Manager User Guide 20

1: About this Guide

Purpose and Audience

This guide provides the information needed to install, configure, and use the Lantronix SLC™ 8000 advanced console manager. The SLC unit is for IT professionals who must remotely and securely configure and administer servers, routers, switches, telephone equipment, or other devices equipped with a serial port for facilities that are typically remote branch offices or “distributed” IT locations.

Summary of Chapters

The remaining chapters in this guide include:
Chapter Description
Chapter 2: Introduction Describes the SLC 8000 models, their main features, and the protocols they
support.
Chapter 3: Installation Provides technical specifications; describes connection form factors and
power supplies; provides instructions for installing the SLC 8000 advanced console manager in a rack.
Chapter 4: Quick Setup Provides instructions for getting your SLC unit up and running and for
configuring required settings.
Chapter 5: Web and Command Line Interfaces
Chapter 6: Basic Parameters Provides instructions for configuring network ports, firewall and routing
Chapter 7: Services Provides instructions for enabling and disabling system logging, SSH and
Chapter 8: USB/SD Card Port Provides instructions for using the USB port.
Chapter 9: Device Ports Provides instructions for configuring global device port settings, individual
Chapter 10: Remote Power Managers
Chapter 11: Connections Provides instructions for configuring connections and viewing, updating, or
Chapter 12: User Authentication
Chapter 13: Maintenance Provides instructions for upgrading firmware, viewing system logs and
Chapter 14: Application Examples
Describes the web and command line interfaces available for configuring the SLC 8000 advanced console manager.
The configuration chapters (6-12) provide detailed instructions for using the web interface and include equivalent command line interface commands.
settings, and VPN.
Telnet logins, SNMP, SMTP, and the date and time.
device port settings, and console port settings.
Provides instructions for using RPMs.
disconnecting a connection.
Provides instructions for enabling or disabling methods that authenticate users who attempt to log in via the web, SSH, Telnet, or the console port. Provides instructions for creating custom menus.
diagnostics, generating reports, and defining events. Includes information about web pages and commands used to shut down and reboot the SLC 8000 advanced console manager.
Shows how to set up and use the SLC unit in three different configurations.
SLC™ 8000 Advanced Console Manager User Guide 21
Chapter (continued) Description
Chapter 15: Command Reference
Appendix A: Security Considerations
Appendix B: Safety Information
Appendix C: Adapters and Pinouts
Appendix D: Protocol Glossary
Appendix E: Compliance Information
Lists and describes all of the commands available on the SLC command line interface
Provides tips for enhancing SLC security.
Lists safety precautions for using the SLC 8000 advanced console manager.
Includes adapter pinout diagrams.
Lists the protocols supported by the SLC unit with brief descriptions.
Provides information about the SLC 8000 advanced console manager’s compliance with industry standards.

Additional Documentation

Visit the Lantronix Web site at www.lantronix.com/support/documentation for the latest documentation and the following additional documentation.
1: About this Guide
Document Description
SLC 8000 Advanced Console Manager Quick Start Guide
SLC 8000 Advanced Console Manager Product Brief
Provides accessories and part number information, hardware installation instructions, directions to connect the SLC unit, and network IP configuration information.
Provides product overview information and specifications.
SLC™ 8000 Advanced Console Manager User Guide 22

2: Introduction

The SLC 8000 advanced console manager enables IT system administrators to manage remote servers and IT infrastructure equipment securely over the Internet.
IT equipment can be configured, administered, and managed in a variety of ways, but most devices have one of two methods in common: via USB port and/or via an RS-232 serial port, sometimes called a console, auxiliary, or management port. These ports are often accessed directly by connecting a terminal or laptop to them, meaning that the administrator must be in the same physical location as the equipment. The SLC 8000 advanced console manager gives the administrator a way to access them remotely from anywhere there is a network or modem connection. The SLC 8000 unit can accommodate up to three I/O modules (16-port USB I/O module and/or 16-port RJ45 I/O module.)
Many types of equipment can be accessed and administered using console managers including:
Servers: Unix, Linux, Windows, and others.
Networking equipment: Routers, switches, storage networking.
Telecom: PBX, voice switches.
Other systems with serial interfaces: Heating/cooling systems, security/building access
systems, UPS, medical devices.
The key benefits of using console managers:
Saves money: Enables remote management and troubleshooting without sending a
technician onsite. Reduces travel costs and downtime costs.
Saves time: Provides instant access and reduces response time, improving efficiency.
Simplifies access: Enables you to access equipment securely and remotely after hours and
Protects assets: Security features provide encryption, authentication, authorization, and

Features

Console Management

Up to 48 serial RJ45 RS-232 and/or USB type A ports for console connectivity
Enables system administrators to remotely manage devices with serial and/or USB console
on weekends and holidays—without having to schedule visits or arrange for off-hour access.
firewall features to protect your IT infrastructure while providing flexible remote access.
The SLC advanced console manager provides features such as convenient text menu systems, break-safe operation, port buffering (logging), remote authentication, and Secure Shell (SSH) access. Dial-up modem support ensures access when the network is not available.
Note: USB ports are generally intended to connect directly to USB console ports. It
is also possible to connect a USB to serial adapter to them to connect to serial console ports, if needed.
ports, e.g., Linux, Unix, and recent versions of Windows servers, routers, telecom, and switches with RS-232C (now EIA-232) or USB compatible serial consoles in a 1U-tall rack space. All models have two Ethernet ports, called Eth1 and Eth2 in this document.
Provides data logging, monitoring, and secure access control via the Internet
SLC™ 8000 Advanced Console Manager User Guide 23

Power

Universal AC power input (100-240V, 50/60 Hz) or 20-72 VDC power input hardware option
Convection cooled, silent operation, low power consumption

Integration with Other Secure Lantronix Products

Can integrate seamlessly with the ConsoleFlow™ or vSLM™ management appliance
software for a complete end-to-end Out-of-Band (OOB) management solution.

Hardware

SLC Chassis: The SLC 8000 advanced console manager has a 1U-tall (1.75 inch), self-
contained rack-mountable chassis.
Three I/O Module Bays are available on the back of the SLC unit, and able to accommodate
a combined total of 48 device ports depending on the number of I/O modules installed. See
Figure 2-2. Configuration possibilities are listed below. See Appendix C: Adapters and Pinouts on page 419 for more information on serial adapters and pin-outs, and also Table 3-8 on page 41 which describes different I/O module configurations.
2: Introduction
- Up to three 16-port RJ45 I/O modules can be installed to provide a maximum of forty-
eight serial RS-232C (EIA-232) device ports. The serial RJ45 ports match the RJ45 pin-
outs of the console ports of many popular devices found in a network environment, and
where different can be converted using Lantronix adapters.
- Up to three 16-port USB I/O modules can be installed to provide a maximum of forty-
eight USB I/O device ports.
- A combination of 16-port USB I/O modules and 16-port RJ45 I/O modules can be
installed to provide up to forty-eight serial RJ45 ports and/or USB type A ports, according
to the type and number of I/O modules installed on the back of the SLC unit.
Note: The SLC8008 ships with an 8-port serial module that must be installed in
the first bay. This module is not available separately. See Table 3-8 on page 41
which describes different I/O module configurations.
Network Interface on the back left side of the SLC unit can accommodate either a factory-
installed:
- Dual 10/100/1000 Base-T Ethernet port I/F card. Ethernet ports are referred to as Eth1
and Eth2 in the user interface and this user guide.
- Dual SFP port I/F card to support 1 Gigabit-capable single or multi-mode fiber or copper
SFP transceiver modules. Single and multi-mode SFP transceiver modules are referred to
as F1 in the user interface and this user guide.
Notes:
1000 BASE-T SFP transceiver copper modules need to use RX_LOS signal within
SFP interface pins for the indicator on Link Status LED. Not all vendor 1000 Base-T SFP modules provide this feature. Qualified copper SFP transceiver modules with this feature include the following: the Finisar 1000 Base-T Copper SFP Transceiver FCLF8250P2BTL and the Fiberstore Cisco SFP-GE-T Compatible 1000 Base-T SFP RJ-45 100m Transceiver.
SFP transceiver modules are provided by users according to fiber mode and brand
preferences. Network ports and the SFP port have LEDs to indicate link and activity
SLC™ 8000 Advanced Console Manager User Guide 24
2: Introduction
status. If a single mode and a multi-mode are both installed the SLC 8000 unit, the device can be configured to utilize one mode at a time.
Front Console Panel Ports (see Figure 2-1)
- One serial console port (RJ45) for VT100 terminal or PC with emulation with LED for
activity indicators
- Two USB type A ports for use with flash drives or external USB modems
- Optional internal modem
- One Secure Digital (SD) memory card slot (SD card provided by the user)
- One RJ11 modem port on the front panel
Note: Use of the RJ11 modem port requires installation of an optional modem
card (Lantronix part number 56KINTMODEM-01) - see Modem Installation on
page 43.
- LCD display and keypad
256 KB-per-port buffer memory for serial device ports
Software reversible device port pinouts
Either universal AC power input (100-240V, 50/60 Hz) or DC power input (20-72 VDC)
Note: For more detailed information, see Chapter 4: Quick Setup on page 50.
Figure 2-1 SLC 8048 Unit (Front Side) - Part Number SLC 804812N-01-S
Front-mid-rear
Mounting Bracket
Indicator LED LCD Keypad SD Card Console
Dual USB Ports
Modem (Optional)
SLC™ 8000 Advanced Console Manager User Guide 25
Figure 2-2 SLC 8048 Unit Samples (Back Side) - Part Number SLC80482201S
Note: For the SFP modules that Lantronix resells or supports for operation with our SLC
console managers, please refer to https://www.lantronix.com/products/sfp/
Dual Ethernet Port
2: Introduction
OR
Dual SFP Port
Three I/O Modular Device Port Bays
The SLC 8000 supports the use of single mode, multi­mode fiber optic and copper SFP transceiver modules in dual SFP port models. SFP modules are provided by the user.

System Features

The SLC 8000 firmware has the following basic capabilities:
Software reversible device port pinouts (serial RJ45 ports only)
The back of the SLC unit appearance and function will depend upon:
1) The type(s) of I/O modules installed in Bay 1, Bay 2 and Bay 3. See Table 3-8 on page 41.
2) The type of I/F card (dual Ethernet port or dual SFP port) installed. If a dual SFP port is installed, then the type of SFP transceiver module (single mode optic fiber, multi-mode optic fiber, or copper) inserted into the SFP port will also impact appearance and function.
Connects up to 48 RS-232 serial consoles or up to 48 USB consoles
Support use of simple straight-through cables for use with Cisco, Sun and other devices that
use the “Cisco” RJ-45 serial pinouts
10/100/1000 Base-T Ethernet network compatibility or SFP ports to support single or multi-
mode 1 Gigabit SFP transceiver modules
Buffer logging to file
Email and SNMP notification
ID/Password security, configurable access rights
Secure shell (SSH) security; supports numerous other security protocols
Network File System (NFS) and Common Internet File System (CIFS) support
RAW TCP, Telnet or SSH to a serial port by IP address per port or by IP address and TCP port
number
Configurable user rights for local and remotely authenticated users
Supports an external modem
SLC™ 8000 Advanced Console Manager User Guide 26
2: Introduction
No unintentional break ever sent to attached servers (Solaris Ready)
Simultaneous access on the same port - “listen” and “direct” connect mode
Remote power manager (RPM) control of UPS and PDU devices
Local access through a dedicated front panel serial console port
Web administration (using most browsers)

Protocols Supported

The SLC 8000 advanced console manager supports the TCP/IP network protocol as well as:
SSH, Telnet, PPP, NFS, and CIFS for connections in and out of the SLC console manager
SMTP for mail transfer
DNS for text-to-IP address name resolution
SNMP for remote monitoring and management
SCP, FTP and SFTP for file transfers and firmware upgrades
TFTP for firmware upgrades
DHCP and BOOTP for IP address assignment
HTTPS (SSL) for secure browser-based configuration
NTP for time synchronization
LDAP with Group support, NIS, RADIUS with VSA support, CHAP, PAP, Kerberos, TACACS+
with Group support, and SecurID (via RADIUS) for user authentication
Callback Control Protocol (CBCP)
IPsec for VPN access
For brief descriptions of these protocols, see Appendix D: Protocol Glossary on page 422.

Access Control

The system administrator controls access to attached servers or devices by assigning access rights to up to 128 user profiles. Each user has an assigned ID, password, and access rights. Other user profile access options may include externally configured authentication methods such as Radius, TACACS+, NIS, and LDAP. Groups are supported in LDAP, RADIUS (using VSA), and TACACS+ (using priv_lvl).

Device Port Buffer

The SLC 8000 unit supports real-time data logging for each device port. The port can save the data log to a file, send an email notification of an issue, or take no action.
You can define the path for logged data on a port-by-port basis, configure file size and number of files per port for each logging event, and configure the device log to send an email alert message automatically to the appropriate parties indicating a particular error.

Configuration Options

You may use the back lit front-panel LCD display for initial setup and configuration and to view current network, console, and date/time settings, and get internal temperature status.
SLC™ 8000 Advanced Console Manager User Guide 27
2: Introduction
Both a web interface viewed through a standard browser and a command line interface (CLI) are available for configuring the SLC settings and monitoring performance.

Device Port and Console Port Interfaces

RS-232 RJ45 Interface
Device ports are located on the back of the SLC 8000 unit (please see Figure 2-2). The console port is located on the front of the SLC 8000 unit (please see Figure 2-8). All devices attached to the device ports and the console port must support the RS-232C (EIA-232) standard. For serial RJ45 device ports and the console port, RJ45 cabling (e.g., category 5 or 6 patch cabling) is used.
Serial RJ45 device ports for the SLC 8000 advanced console manager are reversed by default so that straight-through RJ45 patch cables may be used to connect to Cisco and Sun RJ45 serial console ports. If you are replacing an SLC with an SLC 8000 you can either switch the ports to the non-reversed pinout used by SLC units and use your original cables and adapters, or remove any rolled cables or adapters and replace them with straight-through RJ45 cables, e.g. Ethernet patch cables.
Note: RJ45 to DB9/DB25 adapters are available from Lantronix. For serial pinout
information, see the Appendix C: Adapters and Pinouts on page 419.
Device ports and the console port support the following baud-rate options: 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200 and 230400 baud.
USB Interface
The SLC unit can contain up to up to three I/O modules comprised of 16-port USB I/O module(s) and/or 16-port RJ45 I/O module(s) installed in the three module bays available from the back of the SLC 8000 unit. USB device ports can be used with a USB type A connector to serial adapter, if needed.
Figure 2-3 shows an SLC unit containing two 16-port RJ45 I/O modules installed in Bay 1 and
Bay 2 for a total of 32 serial RJ45 device ports and one 16-port USB I/O module installed in Bay 3, for a total of 48 device ports. Figure 2-4 shows an SLC unit containing three 16-port RJ45 I/O modules installed in Bay 1, Bay 2 and Bay 3 for a total of 48 serial RJ45 device ports.
Note: When installing I/O modules into an SLC 8000 (Figure 2-2), Bay 1, Bay 2, and Bay
3 must be populated in order. The 8-port RJ45 serial module is supported on Bay 1 only.
I/F Card Slot: Dual Small Form-Factor Pluggable (SFP) or Dual Ethernet Port
On the left back side of the SLC 8000 unit, a dual SFP port or dual Ethernet port I/F card can be installed. See Figure 2-5. If the dual SFP port is installed, copper or optic fiber 1 Gigabit SFP transceiver modules may be used. The SLC 8000 supports use of single and multi-mode SFPs.
SLC™ 8000 Advanced Console Manager User Guide 28
2: Introduction
Figure 2-3 Three 16-Port USB I/O Modules Installed in Bays 1, 2, & 3 with Dual Ethernet Port
Bay 1 Bay 2 Bay 3
Figure 2-4 One 16-Port USB I/O Module Installed in Bay 1 with Dual Ethernet Port
Bay 1 Bay 2 Bay 3
Figure 2-5 One 16 RJ-45 Serial Port I/O Module (Bay 1) & Two 16 USB I/O Module (Bays 2 & 3) with
Bay 1 Bay 2 Bay 3
Dual SFP Port
SLC™ 8000 Advanced Console Manager User Guide 29
Figure 2-6 SFP Port LEDs
Table 2-7 Device (DCE Reversed & DTE) Port Pinout
DCE Pin DTE Pin Description
8 1 RTS (output)
7 2 DTR (output)
6 3 TXD (output)
5 4 Ground
4 5 Ground
3 6 RXD (input)
2 7 DSR (input)
1 8 CTS (input)
2: Introduction
Figure 2-8 Console Port (Front Side)
Table 2-9 Console (DTE) Port Pinout
DTE Pin Description
1 RTS (output)
2 DTR (output)
3 TXD (output)
4 Ground
5 Ground
6 RXD (input)
7 DSR (input)
8 CTS (input)
SLC™ 8000 Advanced Console Manager User Guide 30
2: Introduction

Network Connections

The SLC 8000 network interfaces are 10/100/1000 Base-T Ethernet for use with a conventional Ethernet network as shown in Figure 2-10. Use standard RJ45-terminated cables, like Category 5 or 6 patch cable. CAT5E or better cables are recommended for 1000 Base Ethernet. Network parameters must be configured before the SLC console manager can be accessed over the network.
Note: One possible use for the two Ethernet ports is to have one port on a private,
secure network and the other on a public, unsecured network. The SLC 8000 can also be equipped with a factory-installed NIC (Ethernet RJ45 or SFP ports). The NIC with SFP ports can support single/multi-mode fiber or copper SFP transceiver modules at 1 Gigabit speed.
Figure 2-10 Dual Ethernet Network Connection
Figure 2-11 Inserting SFP Transceiver Module into the SFP Port
SLC™ 8000 Advanced Console Manager User Guide 31
2: Introduction

Front Panel USB Ports

The SLC 8000 unit has two 2.0 USB ports (HS, FS, LS) on the front panel, as seen in Figure 2-12.
Figure 2-12 Dual USB Ports

Memory Card Port

The SLC unit has a memory card port on the front panel of the unit which accepts SD cards.
Figure 2-13 Memory Card Port
SLC™ 8000 Advanced Console Manager User Guide 32
2: Introduction

Internal Modem

An internal modem can be installed in the SLC 8000 advanced console manager. See Modem
Installation on page 43 for instructions.
Figure 2-14 Internal Modem Location
SLC™ 8000 Advanced Console Manager User Guide 33

3: Installation

This chapter provides a high-level procedure for installing the SLC advanced console manager followed by more detailed information about the SLC connections and power supplies.
Caution: To avoid physical and electrical hazards, please read
Appendix A: Security Considerations on page 416 before installing the
SLC 8000 advanced console manager.

What's in the Box

Table 3-1 lists all included components that come in the box and their corresponding part
numbers.
Part Number Component Description
SLC 8000 Advanced Console Manager Models
Part number depends on SLC model.*
Cables
200.2070A RJ45 to DB9F Adapter
200.0062 RJ45 to RJ45, Cat5, 6.6 ft (2 m)
500-153 RJ45 Loopback Plug
North American Power Cords
500-041-R For AC Supply Models, USA & Canada: 110V AC Power Cord,
083-152-R For DC Supply Models, USA & Canada: the DC Installation Kit is included.
SLC 8000 Advanced Console Manager
Note: *Please visit https://www.lantronix.com/products/lantronix-slc-8000/#tab-order to
view available SLC models and configurations. See Customize an SLC 8000 on page 35.
Note: Not available with SFP fiber versions.
8 ft (2.43 m), RoHS.
Note: Power cords for other international regions are available and sold separately. See
Table 3-2.
Table 3-1 What’s in the Box
Notes:
Accessories that can be ordered separately are listed below in Table 3-2. Regional
power cords are available as accessories.
SLC 8000 single and dual AC supply variants ship with 110V North American AC
power cord(s).
* TAA Compliant models available, replace the “S” with “G” in the SKUs above, (e.g.
SLC80321201G for 16-Port RS-232 (RJ45) Single AC Supply).
SLC™ 8000 Advanced Console Manager User Guide 34
Table 3-2 Optional Accessories
Part Number Component Description
International Power Cords:
930-077-R Power Cord, Israel, 250VAC 10A, 8FT, RoHS
930-075-R Power Cord, UK, 250VAC 10A, 8FT, RoHS
930-074-R Power Cord, European, 250VAC 10A, 8FT, RoHS
User Swappable Modules
FRRJ451601 16 Device Port RS-232 (RJ45) I/O Device Port Module
FRUSB1601 16 Device Port USB I/O Device Port Module
FR1ACPS01 100 to 240V AC Single Power Supply Module
FR2ACPS01 100 to 240V AC Dual Power Supply Module
FR2DCPS01 -20 to -72V DC Dual Power Supply Module
Secondary Connectivity Accessories for SLC 8000
56KINTMODEM-0156K v.92 Internal Modem for Dial-UP Out-of-Band Connection
PXC2102H2-01-S 3.5G Cellular Out-of-Band Connectivity Intelligent Gateway
Note: Wireless data plan sold separately.
3: Installation
Verify and inspect the contents of the SLC package using the enclosed packing slip or the table above. If any item is missing or damaged, contact your place of purchase immediately.

Customize an SLC 8000

Build any combination up to 48 managed console ports by following these easy steps:
1. Pick a baseline configuration:
2. Add up to two modules:
3. Choose from Single AC, Dual AC or Dual DC power supply.
4. Choose from Ethernet Copper or SFP (Dual AC) variants.
5. Select secondary out-of-band options (PSTN modem, cellular gateway.)
6. Protect investment with various extended warranty and service options.
SLC™ 8000 Advanced Console Manager User Guide 35
3: Installation

Product Label

The product label on the underside of the SLC 8000 advanced console manager contains the following information about each SLC unit:
Part Number
Product Revision
Country of Manufacturing Origin
Serial Number
Manufacturing Date Code
Bar Code
Figure 3-3 Product Label

Technical Specifications

Table 3-4 SLC Technical Specifications
Component Description
Serial Interface (Device)
USB 2.0 Interface (Device)
Up to 48 RJ45-type 8-conductor connectors as up to three16-port RJ45 I/O
Speed software selectable (300 to 230400 baud)
are reversed by default. Do not use rolled cables and adapters when replacing an SLC console manager with the SLC 8000 model.
Up to 48 USB type A (Host) as up to three 16-port USB I/O modules can be
HS, FS, and LSCapable of providing VBUS 5V up to 100 mA per port, but not to exceed 600
May be used with a USB-to-serial adapter to connect a serial device, if
Caution: USB ports are designed for data traffic only. They are not
designed for charging or powering devices. Over-current conditions on VBUS 5V may disrupt operations.
modules can be installed. These connectors have individually configurable standard and reversible pinouts, 8 or 16 ports per I/O module.
Note: Serial RJ45 device ports for the SLC 8000 advanced console manager
installed
mA total per 16-port USB I/O module.
needed. Please contact Lantronix for the list of tested adapters.
SLC™ 8000 Advanced Console Manager User Guide 36
Component (continued) Description
Serial Interface (Console) (1) RJ45-type 8-pin connector (DTE)
Speed software selectable (300 to 230400 baud)LEDs:
Green light ON indicates data transmission activitiesYellow light ON indicates data receiving activities
Network Interface
(2) 10/100/1000 Base-T RJ45 Ethernet with LED indicators:
Green light ON indicates a link at 1000 Base-T.Green light OFF indicates a link at other speeds or no link.Yellow light ON indicates a link is established.Yellow light blinking indicates activity.
OR
(2) SFP ports to support standard fiber or copper SFP transceiver modules
(single or multi-mode) at speed 1 Gigabit. LED indicators:
Green light ON indicates a link is established.Green light OFF indicates no link.Yellow light steady ON indicates no activity.Yellow light blinking indicates activity.
Power Supply AC
(single or dual)
Universal AC power input: 100-240 VAC50 or 60 Hz IEC 60320/C14
Power Supply DC (dual) 20V to 72V input
Power Consumption
Less than 25W with 48 RS232 serial portsLess than 45W with 48 USB ports
Dimensions 1U, 1.75 in x 17.25 in x 12 in
Weight
Temperature
Relative Humidity
Front USB Ports
12.1 lbs with 48 serial ports11.8 lbs with 48 USB ports
Operating: 0 to 50°C (32 to 122°F)Storage: -30 to 80°C (-22 to 176°F)
Operating: 10% to 90% non-condensingStorage: 10% to 95% non-condensing
(2) ports, type A, host USB 2.0 (HS, FS, LS)
Memory Card Single memory card slot supporting:
SDSDHC
Optional Internal Modem
300 bps to 56K bps data rateUpstream 48K bps, downstream 56K bpsV.44 data compression (V92MB-U, V92HU)V.42 bis and MNP-5 data compressionV.29 FastPOS supportCaller ID type I and II for select countriesAgency approvals: Transferable FCC68, CS03 and CTR21 certifications,
IEC60601-1 (Medical Electronics) compliant, CE Marking, IEC60950 approved
Operating Atmosphere
Caution: EQUIPMENT
For use at altitudes no more than 2000 meters above sea level only.
仅适用于海拔 2000m 以下地区安全使用
IS FOR INDOOR USE ONLY!
For use in non-tropical conditions only.
仅适用于非热带气候条件下安全使用
3: Installation
SLC™ 8000 Advanced Console Manager User Guide 37

Physical Installation

Install the SLC 8000 advanced console manager in an EIA-standard 19-inch rack (1U tall) or as a desktop unit. The SLC module uses convection cooling to dissipate excess heat.
To install the SLC 8000 advanced console manager in a rack:
1. Place the SLC unit in a 19-inch rack.
Warning: Do not to block the air vents on the sides of the SLC module. If you
mount the SLC advanced console manager in an enclosed rack, we recommend that the rack have a ventilation fan to provide adequate airflow through the SLC unit.
2. Connect the serial device(s) to the SLC unit ports. See the section,
Connecting to a Device Port (on page 38).
3. Choose one of the following options:
- To configure the SLC 8000 advanced console manager using the network, or to monitor
serial devices on the network, connect at least one SLC network port to a network. See
Connecting to Network Ports (on page 41).
- To configure the SLC unit using a dumb terminal or a computer with terminal emulation,
connect the terminal or PC to the front panel SLC console port. See
Connecting Terminals (on page 41).
3: Installation
4. Connect the power cord, and apply power. See AC Input (on page 42).
5. Wait approximately one minute for the boot process to complete.
When the boot process ends, the SLC host name and the clock appear on the LCD display. Now you are ready to configure the network settings as described in Chapter 4: Quick Setup.

Connecting to a Device Port

You can connect almost any device that has a serial console port to a device port on the SLC 8000 unit for remote administration. The console port must support the RS-232C interface.
Note: Many servers must either have the serial port enabled as a console or the
keyboard and mouse detached. Consult the server hardware and/or software documentation for more information.
To connect to a serial RJ45 device port:
1. Connect one end of the Cat 5 cable to the device port.
2. Connect the other end of the Cat 5 cable to an RJ45 serial console port or to other port types using a Lantronix serial console adapter.
Notes:
See Device Port Commands to enable or disable reverse pinouts through the CLI.
Table 3-5 and Table 3-6 provide additional information on reverse pinouts.
See Appendix C: Adapters and Pinouts for information about Lantronix adapters.
3. Connect the adapter to the serial console port on the serial device as shown in Figure 3-7.
SLC™ 8000 Advanced Console Manager User Guide 38
Table 3-5 Console Port and Device Port - Reverse Pinout Disabled
Pin Number Description
1 RTS (output)
2 DTR (output)
3 TXD (output)
4 Ground
5 Ground
6 RXD (input)
7 DSR (input)
8 CTS (input)
Table 3-6 Device Port - Reverse Pinout Enabled (Default)
Pin Number Description
1 CTS (input)
2 DSR (input)
3 RXD (input)
4 Ground
5 Ground
6 TXD (output)
7 DTR (output)
8 RTS (output)
3: Installation
To connect to a USB device port:
1. Connect the USB type A connector of a USB cable to a device port.
2. Connect the other end of the USB cable to a USB console port.
Figure 3-7 shows a sample I/O module installation with two 16-port RJ45 I/O modules and one
16-port USB I/O module, and how the device ports correspond to the buttons on the Dashboard.
SLC™ 8000 Advanced Console Manager User Guide 39
Figure 3-7 Sample Device Port Connections (Back Side)
Bay 1 Bay 2 Bay 3
3: Installation
16-Port RJ45
I/O Module
(Part Number
FRRJ451601)
16-Port RJ45
I/O Module
(Part Number
FRRJ451601)
16-Port USB
I/O Module
(Part Number FRUSB1601)

Modular Expansion for I/O Module Bays

The SLC 8000 advanced console manager, which provides 3 separate bays, supports the flexibility to change the I/O module configuration by offering a 16-port module for expansion. When populating the bays, Bay 1, Bay 2 and Bay 3 must be populated in consecutive order. Bay 1 is the slot next to the Ethernet ports and Bay 3 is the slot beside the power supply module. See
Figure 3-7 and Table 3-8. When device ports are unused or unsupported, they do not appear in
the Dashboard. See Sample Dashboards.
Note: See the SLC 8000 I/O Module Installation Guide for information on installing I/O
modules.
SLC™ 8000 Advanced Console Manager User Guide 40
Table 3-8 Available I/O Module Configurations
3: Installation
Note: The 8-port RJ45 serial module is supported on Bay 1 only. The available I/O
module configurations in Table 3-8 are supported with either dual Gigabit Ethernet or dual SFP ports.

Connecting to Network Ports

The SLC network ports, 10/100/1000 Base-T Ethernet, allow remote access to the attached devices and the system administrative functions. Use a standard RJ45-terminated Category 5 cable to connect to the network port. A CAT5e or better cable is recommended for use with a 1000 Base-T Ethernet connection.
Note: One possible use for the two Ethernet ports is to have one port on a private,
secure network, and the other on an unsecured network.

Connecting Terminals

The console port is for local access to the SLC 8000 advanced console manager and the attached devices. You may attach a dumb terminal or a computer with terminal emulation to the console port. The SLC console port uses RS-232C protocol and supports VT100 emulation. The default serial settings are 9600 baud, 8 bit data, No parity, 1 stop bit with no flow control.
To connect the console port to a terminal or computer with terminal emulation, Lantronix offers optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector. The console port is configured as DTE (non-reversed RJ45). See Appendix C: Adapters and
Pinouts on page 419 for more information.
SLC™ 8000 Advanced Console Manager User Guide 41
3: Installation
To connect a terminal:
1. Attach the Lantronix adapter to your terminal (typically a PN 200.2066A adapter - see
Figure C-1) or your PC's serial port (use PN 200. adapter - see Figure C-4).
2. Connect the Cat 5 cable to the adapter, and connect the other end to the SLC console port.
3. Turn on the terminal or start your computer's communication program (e.g., PuTTY or TeraTerm Pro).
4. Once the SLC 8000 advanced console manager is running, press Enter to establish connection. You should see the model name and a login prompt on your terminal.
5. On a factory default SLC you may log in using sysadmin as the user name and the last 8 characters of the Device ID (for newly manufactured units that come installed with 8.3.0.0 or later) or PASS (for all older units) as the password.

AC Input

The power supply module for the SLC controller accepts AC input voltage of 100-240 VAC, 50/60 HZ. Rear-mounted IEC-type AC power connectors are provided for universal AC power input. (See What's in the Box on page 34.)
Warning: Risk of serious electric shock! Disconnect all power cords before
servicing the SLC.
Figure 3-9 AC Power Input
SLC™ 8000 Advanced Console Manager User Guide 42
3: Installation

Modem Installation

Caution: TO REDUCE THE RISK OF FIRE, USE ONLY NO. 26 AWG OR LARGER
(e.g., 24 AWG) UL LISTED OR CSA CERTIFIED TELECOMMUNICATION LINE CORD.
Attention: POUR RÉDUIRE LES RISQUES D'INCENDIE, UTILISER UNIQUEMENT DES
CONDUCTEURS DE TÉLÉCOMMUNICATIONS 26 AWG AU DE SECTION SUPÉRLEURE.
Warning: RISK OF ELECTRICAL SHOCKS; DISCONNECT ALL POWER AND
PHONE LINES BEFORE SERVICING!
Caution: DEVICES INSIDE THE EQUIPMENT AND THE MODEM ARE
ELECTROSTATIC -SENSITIVE; DO NOT HANDLE EXCEPT AT A STATIC FREE WORKPLACE.
MODEM PART NUMBER
Lantronix 56KINTMODEM-01
MODEM SERVICING INSTRUCTIONS
You will need a medium size Phillips screw driver.
1. Turn off power to the SLC 8000 advanced console manager.
2. Locate the battery modem door on the top of the SLC unit.
SLC™ 8000 Advanced Console Manager User Guide 43
3: Installation
3. Carefully unscrew and lift the door off with the screw driver.
4. Take note of the orientation of the modem in the photograph so that you can install a new modem correctly with the same orientation.
5. If there is a modem replacement, carefully lift the old modem out of its socket.
6. Install the new modem with correct orientation.
SLC™ 8000 Advanced Console Manager User Guide 44
7. Make sure to have correct pin alignment.
8. Press the modem down to make sure it sits down all the way in the socket.
3: Installation
9. Double-check the new modem placement to make sure it is done properly.
10. Place the battery/modem door back.
11. Carefully tighten the door screw.
SLC™ 8000 Advanced Console Manager User Guide 45
3: Installation

Battery Replacement

Caution: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT
TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Attention: II Y A DANGER D'EXPLOSION S'IL Y A REMPLACEMENT INCORRECT DE LA
BATTERIE. REMPLACER UNIQUEMENT AVEC UNE BATTERIE DU MÊME TYPE OU D'UN TYPE EQUIVALENT RECOMMANDÉ PAR LE CONSTRUCTEUR. METTRE AU REBUT LES BATTERIES USAGÉES CONFORMÉMENT AUX INSTRUCTIONS DU FABRICANT.
Caution: DEVICES INSIDE THE EQUIPMENT ARE ELECTROSTATIC -SENSITIVE;
DO NOT HANDLE EXCEPT AT A STATIC FREE WORKPLACE.
Battery Part Numbers
Panasonic BR2032 or equivalent (button cell lithium, non-rechargeable.)
Caution: DO NOT USE BATTERY TYPE CR2032 SINCE IT HAS A LOWER
OPERATING TEMPERATURE RANGE.
DISPOSAL OF USED BATTERIES (from battery data sheet)
If not in a large quantity, button cell batteries contain so little Lithium that they do not qualify as
reactive hazardous waste. These batteries are safe for disposal in the normal municipal waste stream.
If in a large quantity, disposal of button cell batteries should be performed by permitted,
professional firms knowledgeable in Federal, State and local hazardous waste transportation and disposal requirements.
Caution: RISK OF FIRE, EXPLOSION AND BURNS. DO NOT RECHARGE, CRUSH,
HEAT ABOVE 212°F (100°C) OR INCINERATE.
SLC™ 8000 Advanced Console Manager User Guide 46
Battery Replacement Instructions
Warning: RISK OF ELECTRICAL SHOCKS; DISCONNECT ALL POWER AND
PHONE LINE BEFORE SERVICING!
You will need a medium size Phillips screw driver.
1. Turn off power to the SLC 8000 advanced console manager.
2. Locate the battery/modem door on the top of the SLC unit.
3. Carefully unscrew and lift the door off with the screw driver.
3: Installation
4. If there is a modem installed, note the orientation of the modem so that later you can install it back correctly.
SLC™ 8000 Advanced Console Manager User Guide 47
5. If there is a modem installed, carefully lift the modem out of its socket.
6. Use fingers to lift the battery out of the socket.
3: Installation
Caution: DO NOT USE A METAL OBJECT TO PRY OUT THE BATTERY. IT MAY
SHORT THE BATTERY AND DAMAGE THE BATTERY HOUSING.
7. Install the new battery with the (+) side up making sure the battery sits completely and securely in the housing.
8. Re-install the modem with correct orientation.
a. Make sure also to have correct pin alignment.
SLC™ 8000 Advanced Console Manager User Guide 48
3: Installation
b. Press the modem down to make sure it sits down all the way in the socket.
9. Double-check the battery and modem placements to make sure they are done properly.
10. Place the battery/modem door back.
11. Carefully tighten the door screw.
12. If necessary, reprogram the SLC system date-time after installing a new battery.
SLC™ 8000 Advanced Console Manager User Guide 49

4: Quick Setup

This chapter helps get the IP network port up and running quickly, so you can administer the SLC advanced console manager using your network. The setup procedures assume you are starting with a factory default SLC unit.

Recommendations

To set up the network connections quickly, we suggest you do one of the following:
Use the front panel LCD display and keypad buttons to configure the IP address, subnet
mask, gateway address and DNS address(es), if applicable.
Complete the quick setup (see Figure 4-6) on the web interface.
SSH to the command line interface and follow the Quick Setup script on the command line
interface.
Connect to the console port and follow the Quick Setup script on the command line interface.
Note: The first time you power up the SLC unit, Eth1 tries to obtain its IP address via
DHCP. If you have connected Eth1 to the network, and Eth1 is able to acquire an IP address, you can view this IP address on the LCD or by running the Lantronix Provisioning Manager application. If Eth1 cannot acquire an IP address, you cannot use Telnet, SSH, or the web interface to run Quick Setup.IP Address
Your SLC 8000 advanced console manager must have a unique IP address on your network. The system administrator generally provides the IP address and corresponding subnet mask and gateway. The IP address must be within a valid range and unique to your network. If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the SLC 8000 over the network.
The following table lists the options for assigning an IP address to your SLC unit.
Table 4-1 Methods of Assigning an IP Address
Method Description
DHCP A DHCP server automatically assigns the IP address and network settings.
The SLC 8000 advanced console manager is DHCP-enabled by default. With the Eth1 network port connected to the network, and the SLC unit
powered up, Eth1 acquires an IP address, viewable on the LCD. At this point, you can use SSH to connect to the SLC console manager or use
the web interface.
BOOTP Non-dynamic predecessor to DHCP.
Front panel LCD display and keypads
Serial port login to command line interface
You manually assign the IP address and other basic network, console, and date/time settings. If desired, you can restore the factory defaults.
You assign an IP address and configure the SLC unit using a terminal or a PC running a terminal emulation program to the SLC serial console port connection.
SLC™ 8000 Advanced Console Manager User Guide 50

Method #1 Using the Front Panel Display

Before you begin, ensure that you have:
Unique IP address that is valid on your network (unless automatically assigned)
Subnet mask (unless automatically assigned)
Gateway (unless automatically assigned)
DNS settings (unless automatically assigned)
Date, time, and time zone
Console port settings: baud rate, data bits, stop bits, parity, and flow control
Make sure the SLC advanced console manager is plugged into power and turned on.

Front Panel LCD Display and Keypads

With the SLC unit powered up, you can use the front panel display and buttons to set up the basic parameters.
Figure 4-2 Front Panel LCD Display and Five Button Keypad (Enter, Up, Down, Left, Right)
4: Quick Setup
The front panel display initially shows the hostname (abbreviated to 14 letters) and the date and time.
When you click the right-arrow button, the SLC network settings displays. Using the five buttons on the keypad, you can change the network, console port, and date/time settings and view the firmware release version. If desired, you can restore the factory defaults.
Note: Have your information handy as the display times out without accepting any
unsaved changes if you take more than 30 seconds between entries.
Any changes made to the network, console port, and date/time settings take effect immediately.

Navigating

The front panel keypad has one Enter button (in the center) and four arrow buttons (up, left, right, and down). Press the arrow buttons to navigate from one option to another, or to increment or decrement a numerical entry of the selected option. Use the Enter button to select an option to edit or to save your settings.
SLC™ 8000 Advanced Console Manager User Guide 51
4: Quick Setup
The following table lists the SLC navigation actions, buttons, and options.
Table 4-3 LCD Arrow Keypad Actions
Button Action
Right arrow To move to the next option (e.g., from Network Settings to Console Settings)
Left arrow To return to the previous option
Enter (center button) To enter edit mode
Up and down arrows Within edit mode, to increase or decrease a numerical entry
Right or left arrows Within edit mode, to move the cursor right or left
Enter To exit edit mode
Up and down arrows To scroll up or down the list of parameters within an option (e.g., from IP
Address to Mask)
The following two tables list the SLC settings and parameters displayed on the LCD.
Table 4-4 Front Panel Setup Options with Associated Parameters
Left/Right Arrow
Current Time Eth1
Network Settings
User ID & Current Time
Eth1 IP Address
Eth1 Subnet Mask
Console Port
Date / Time Settings
Settings
Baud Rate, Data Bits, Stop Bits, Parity, Flow Control
Data Bits Date/Time Restore
Time Zone Firmware
Up/ Down Arrow
Gateway Stop Bits
DNS1 Parity
DNS2 Flow Control
DNS3
Table 4-5 Front Panel Setup Options, continued
Internal Temperature
Reading in Celsius & Fahrenheit
User Strings Location Device Ports
Displays configured user string(s), if any.
Indicates the Rack (RK), Row (RW), & Cluster (CW) locations.
Release Serial
Number
Serial Number version and date code (display only)
Factory Defaults
Detects the connection state of each port: 0=No DSR input signal detected on device port 1=DSR input signal detected on device port
(display only)
ID
Device ID (display only)
SLC™ 8000 Advanced Console Manager User Guide 52
4: Quick Setup
Note: The individual screens listed from left to right in Table 4-4 and Table 4-5 can be
enabled or disabled for display on the SLC LCD screen. The order of appearance of the screens, if enabled, along with the elected “Home Page” may vary on the LCD screen according to configuration. The internal temperature, user strings, location and device ports LCD menus are disabled by default. See LCD/Keypad (on page 316) for instructions on enabling and disabling screens.

Entering the Settings

To enter setup information:
1. From the normal display (host name, date and time), press the right arrow button to display Network Settings. The IP address for Eth1 displays.
Note: If you have connected Eth1 to the network, and Eth1 is able to acquire an IP
address through DHCP, this IP address displays, followed by the letter [D]. Otherwise, the IP address displays as all zeros (000.000.000.000).
2. Press the Enter button on the keypad to enter edit mode. A cursor displays below one character of the existing IP address setting.
3. To enter values:
- Use the left or right arrow to move the cursor to the left or to the right position.
- Use the up or down arrow to increment or decrement the numerical value.
4. When you have the IP address as you want it, press Enter to exit edit mode, and then press the down arrow button. The Subnet Mask parameter displays.
Note: You must edit the IP address and the Subnet Mask together for a valid IP address
combination.
5. To save your entries for one or more parameters in the group, press the right arrow button. The Save Settings? Yes/No prompt displays.
Note: If the prompt does not display, make sure you are no longer in edit mode.
6. Use the left/right arrow buttons to select Yes, and press the Enter button.
7. Press the right arrow button to move to the next option, Console Settings.
8. Repeat steps 2-7 for each setting.
9. Press the right arrow button to move to the next option, Date/Time Settings, and click Enter to edit the time zone.
- To enter a US time zone, use the up/down arrow buttons to scroll through the US time
zones, and then press Enter to select the correct one.
- To enter a time zone outside the US, press the left arrow button to move up to the top level
of time zones. Press the up/down arrow button to scroll through the top level.
A time zone with a trailing slash (such as Africa/) has sub-time zones. Use the right arrow button to select the Africa time zones, and then the up/down arrows to scroll through them.
Press Enter to select the correct time zone. To move back to the top-level time zone at any time, press the left arrow.
10. To save your entries, press the right arrow button. The Save Settings? Yes/No prompt
SLC™ 8000 Advanced Console Manager User Guide 53
4: Quick Setup
displays.
Note: If the prompt does not display, make sure you are no longer in edit mode.
11. Use the left/right arrow buttons to select Yes, and press the Enter button.
12. To review the saved settings, press the up or down arrows to step through the current settings.
When you are done, the front panel returns to the clock display. The network port resets to the new settings, and you can connect to your IP network for further administration. You should be able to SSH to the SLC 8000 advanced console manager through your network connection, or access the Web interface through a Web browser.

Restoring Factory Defaults

To use the LCD display to restore factory default settings:
1. Press the right arrow button to move to the Release option.
2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit Restore Factory Defaults password displays.
3. Press Enter to enter edit mode.
4. Using the left and right arrows to move between digits and the up and down arrows to change digits, enter the password (the default password is 999999).
Note: The Restore Factory Defaults password is only for the LCD. You can change
it at the command line interface using the CLI admin keypad password command. The front panel Factory Default password and sysadmin password should be recorded and stored in a secure place accessible by at least two authorized system administrators. Recovering an SLC if both of these passwords are unknown is cumbersome and time consuming.
5. Press Enter to exit edit mode. If the password is valid, a Save Settings? Yes/No prompt displays.
6. Select Yes and press Enter. When the process is complete, the SLC unit reboots.

Limiting Sysadmin User Access

For security purposes, full administrative access to the SLC via the default sysadmin local user account can be limited to only the front console port of the SLC device.
To configure this:
1. Enable the Sysadmin access limited to Console Port option on the Local/Remote Users web page.’
2. Enable a remote authentication method (such as TACACS+ or LDAP) and configure the remote authentication method to be first in the order of methods used.
3. Create a remote user account with full administrative rights.
4. Uncheck the Attempt next method on authentication rejection checkbox on the Authentication Methods web page.
These steps will prevent any local users from logging in, restrict the default sysadmin local user to the front console port, and allow a user with administrative rights to login, as long as remote authentication is working.
SLC™ 8000 Advanced Console Manager User Guide 54

Method #2 Quick Setup on the Web Page

After the unit has an IP address, you can use the Quick Setup page to configure the remaining network settings. This page displays the first time you log into the SLC 8000 advanced console manager only. Otherwise, the SLC Home page displays.
To complete the Quick Setup page:
1. Open a web browser (Firefox, Chrome or Internet Explorer web browsers with the latest browser updates).
2. In the URL field, type https:// followed by the IP address of your SLC console manager.
Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and
redirects all requests to the encrypted (HTTPS) port (port 443).
3. Log in using sysadmin as the user name and the last 8 characters of the Device ID (for newly manufactured units that come installed with 8.3.0.0 or later) or PASS (for all older units) as the password. The first time you log in to the SLC unit, the Quick Setup page automatically displays.
Note: If the Device ID is not set, the default sysadmin password is the last 8
characters of the serial number.
4: Quick Setup
Figure 4-6 Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 55
4: Quick Setup
4. To accept the defaults, select the Accept default Quick Setup settings checkbox on the top portion of the page and click the Apply button at the bottom of the page. Otherwise, continue with step 5.
Note: Once you click the Apply button on the Quick Setup page, you can continue using
the web interface to configure the SLC further.
5. Enter the following settings:

Network Settings

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Network Setting Description
Eth 1 Settings
IP Address
(if specifying)
Subnet Mask If specifying an IP address, enter the subnet mask for the network on which the SLC
Default Gateway The IP address of the router for this network. There is no default.
Hostname
Domain If desired, specify a domain name (for example, support.lantronix.com). The
Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway
from the DHCP server. (The DHCP server may not provide the hostname gateway, depending on its setup.) This is the default setting. If you select this option, skip to Gateway.
Obtain from BOOTP: Lets a network node request configuration information from
a BOOTP "server" node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.
Enter an IP address that is unique and valid on your network. There is no default. Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields
for dot-quad numbers less than 100. For example, if your IP address is
172.19.201.28, do not enter 028 for the last segment octet.
Note: Currently, the SLC 8000 advanced console manager does not support
configurations with the same IP subnet on multiple interfaces (Ethernet or PPP).
unit resides. There is no default.
The default host name is hardware address of Ethernet Port 1. There is a 64-character limit (contiguous characters, no spaces).
Note: The host name becomes the prompt in the command line interface.
domain name is used for host name resolution within the SLC 8000 advanced console manager. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC unit attempts to resolve abcd.mydomain.com for the SMTP server.
slcXXXX, where XXXX is the last 4 characters of the
SLC™ 8000 Advanced Console Manager User Guide 56
4: Quick Setup

Date & Time Settings

Date & Time Setting Description
Change Date/Time Select the checkbox to manually enter the date and time at the SLC unit’s location.
Date From the drop-down lists, select the current month, day, and year.
Time From the drop-down lists, select the current hour and minute.
Time Zone From the drop-down list, select the appropriate time zone.

Administrator Settings

Administrator Setting
Sysadmin Password To change the password (e.g., from the default) enter a Sysadmin Password of up
Retype Password Re-enter the Sysadmin Password above in this field as a confirmation.
Description
to 64 characters.
6. Click the Apply button to save your entries.
Figure 4-7 Quick Setup Completed in Web Manager
If Quick Setup has already been run the standard Home page will display.
SLC™ 8000 Advanced Console Manager User Guide 57
Figure 4-8 Home
4: Quick Setup

Method #3 Quick Setup on the Command Line Interface

If the SLC 8000 advanced console manager does not have an IP address, you can connect a dumb terminal or a PC running a terminal emulation program (VT100) to access the command line interface. (See Connecting Terminals on page 41.) If the unit has an IP address, you can use SSH or Telnet to connect to the SLC unit.
By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the
Services > SSH/Telnet/Logging (on page 117).
To complete the command line interface Quick Setup script:
1. Do one of the following:
- With a serial terminal connection, power up, and when the command line displays, press
Enter.
- With a network connection, use an SSH client or Telnet program (if Telnet has been
enabled) to connect to xx.xx.xx.xx (the IP address in dot quad notation), and press Enter. You should be at the login prompt.
2. Enter sysadmin as the user name and press Enter.
3. Enter the last 8 characters of the Device ID (for newly manufactured units that come installed with
8.3.0.0 or later) or PASS (for all older units) as the password and press Enter. The first time you log in, the Quick Setup script runs automatically. Normally, the command prompt displays.
Note: If the Device ID is not set, the default sysadmin password is the last 8
characters of the serial number.
Figure 4-9 Beginning of Quick Setup Script
Welcome to the Lantronix SLC8000 Advanced Console Manager Model Number: SLC8032
SLC™ 8000 Advanced Console Manager User Guide 58
4: Quick Setup
Quick Setup will now step you through configuring a few basic settings.
The current settings are shown in brackets ('[]'). You can accept the current setting for each question by pressing <return>.
4. Enter the following information at the prompts:
Note: To accept a default or to skip an entry that is not required, press Enter.
CLI Quick Setup Settings
Config Eth1 Select one of the following:
IP Address (if specifying)
Subnet Mask The subnet mask specifies the network segment on which the SLC 8000 advanced
Default Gateway IP address of the router for this network. There is no default.
Hostname
Domain If desired, specify a domain name (for example, support.lantronix.com). The domain
Time Zone If the time zone displayed is incorrect, enter the correct time zone and press Enter. If
Date/Time If the date and time displayed are correct, type n and continue. If the date and time
Sysadmin password
Description
(1) obtain IP Address from DHCP: The unit will acquire the IP address, subnet
mask, hostname, and gateway from the DHCP server. (The DHCP server may or may not provide the gateway and hostname, depending on its setup.) This is the default setting.
(2) obtain IP Address from BOOTP: Permits a network node to request
configuration information from a BOOTP "server" node.
(3) static IP Address: Allows you to assign a static IP address manually. The IP
address is generally provided by the system administrator.
An IP address that is unique and valid on your network and in the same subnet as your PC. There is no default.
If you selected DHCP or BOOTP, this prompt does not display. Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields for
dot-quad numbers less than 100. For example, if your IP address is 172.19.201.28, do not enter 028 for the last octet.
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or
PPP) are not currently supported.
console manager resides. There is no default. If you selected DHCP or BOOTP, this prompt does not display.
The default host name is hardware address of Ethernet Port 1. There is a 64-character limit (contiguous characters, no spaces).
Note: The host name becomes the prompt in the command line interface.
name is used for host name resolution within the SLC unit. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC 8000 advanced console manager attempts to resolve abcd.mydomain.com for the SMTP server.
the entry is not a valid time zone, the system guides you through selecting a time zone. A list of valid regions and countries displays. At the prompts, enter the correct region and country.
are incorrect, type y and enter the correct date and time in the formats shown at the prompts.
Enter a new sysadmin password.
slcXXXX, where XXXX is the last 4 characters of the
SLC™ 8000 Advanced Console Manager User Guide 59
4: Quick Setup
After you complete the Quick Setup script, the changes take effect immediately.
Figure 4-10 Quick Setup Completed in CLI
Welcome to the Lantronix SLC8000 Advanced Console Manager Model Number: SLC8032
Quick Setup will now step you through configuring a few basic settings.
The current settings are shown in brackets ('[]'). You can accept the current setting for each question by pressing <return>.
____Ethernet Port and Default Gateway___________________________________ The SLC8032 has two ethernet ports, Eth1 and Eth2. By default, both ports are configured for DHCP. Configure Eth1: (1) obtain IP Address from DHCP (2) obtain IP Address from BOOTP (3) static IP Address Enter 1-3: [1]
The SLC8032 can be configured to use a default gateway. Enter gateway IP Address: [none]
____Hostname____________________________________________________________ The current hostname is 'slc0348', and the current domain is '<undefined>'. The hostname will be shown in the CLI prompt. Specify a hostname: [slc0348] Specify a domain: [<undefined>]
____Time Zone___________________________________________________________
The current time zone is 'GMT'. Enter time zone: [GMT]
____Date/Time___________________________________________________________ The current time is Wed May 18 20:51:04 2016 Change the current time? [n]
____Sysadmin Password___________________________________________________ Enter new password: [<current password>]
Quick Setup is now complete.
For a list of commands, type 'help'.
SLC™ 8000 Advanced Console Manager User Guide 60

Next Step

After completing quick setup on the SLC 8000 advanced console manager, you may want to configure other settings. You can use the web page or the command line interface for configuration.
For information about the web and the command line interfaces, go to Chapter 5: Web and
Command Line Interfaces.
To continue configuring the SLC unit, go to Chapter 6: Basic Parameters.
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide 61

5: Web and Command Line Interfaces

The SLC advanced console manager offers three interfaces for configuring the SLC unit: a command line interface (CLI), a web interface, and an LCD with keypad buttons on the front panel. This chapter discusses the web and command line interfaces.
Note: See Chapter 4: Quick Setup on page 50 for instructions on using the LCD front
panel to configure basic network settings, Web Manager, and CLI to perform quick setup.

Web Manager

A Web Manager allows the system administrator and other authorized users to configure and manage the SLC 8000 advanced console manager using most web browsers (Firefox, Chrome or Internet Explorer web applications with the latest browser updates). The SLC unit provides a secure, encrypted web interface over SSL (secure sockets layer).
Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and
redirects all requests to the encrypted (HTTPS) port (port 443). Web Telnet and Web SSH features (utilized in SLC console managers with firmware 7.2.0.0 or earlier) require Java
1.1 (or later) support in the browser.
The following figure shows a typical web page:
Logout Button
Tabs
Options
Entry Fields
and Options
Figure 5-1 Web Page Layout
Dashboard
Icons
Help Button
SLC™ 8000 Advanced Console Manager User Guide 62
5: Web and Command Line Interfaces
The web page has the following components:
Tabs: Groups of settings to configure.
Options: Below each tab are options for specific types of settings.
Note: Only those options for which the currently logged-in user has rights display.
Figure 5-2 Sample Dashboards
Dashboard
The appearance of the user interface dashboard will differ according to the type of NIC card and bay modules installed in the back of the SLC 8000. See Figure 2-2 SLC 8048 Unit
Samples (Back Side) - Part Number SLC80482201S (on page 26), Figure 3-7 Sample Device Port Connections (Back Side) (on page 40), and Figure 5-2 Sample Dashboards (on page 63).
- The light green LCD button allows you to configure the front panel LCD.
- The beige SD button allows you to configure the SD card, if a card is inserted. See
Chapter 8: USB/SD Card Port on page 146.
- The gray U1 button allows you to configure the upper USB device (flash drive or modem)
plugged into the front panel USB connector. The gray U2 button allows you to configure the lower USB device plugged into the front panel USB connector. See Chapter 8: USB/
SD Card Port on page 146.
- The brown MD button allows you to configure the internal modem, if an internal modem is
installed.
- The blue E1 and E2 buttons display the Network > Network Settings (1 of 2) page for the
Ethernet port.
- The F1 and F2 buttons display the Network > Network Settings (1 of 2) page for the SFP
transceiver port.
- The number buttons allow you to select a port and display its settings. Only ports to which
the currently logged-in user has rights are enabled.
Below the bar are options for use with the port buttons. Selecting a port and the Configuration option takes you to the Device Ports > Settings (1 of 2) page. Selecting a port and the WebSSH option displays the WebSSH window for the device port --if Web SSH is enabled, and if SSH is enabled for the device port. Selecting the port and the Connected Device button allows access to supported devices such as remote power
SLC™ 8000 Advanced Console Manager User Guide 63
5: Web and Command Line Interfaces
managers (RPMs) and/or SensorSoft temperature and humidity probes connected to the device port.
- The yellow orange A and B buttons display the status of the power supplies.
Entry Fields and Options: Allow you to enter data and select options for the settings.
Note: For specific instructions on completing the fields on the web pages, see Chapters
5 through 12.
Apply Button: Apply on each web page makes the changes immediately and saves them so
they will be there when the SLC 8000 advanced console manager is rebooted.
Icons: The icon bar above the Main Menu has icons that display the following:
Home page.
Information about the SLC unit and Lantronix contact information.
Configuration site map.
Status of the SLC 8000 advanced console manager.
Help Button: Provides online Help for the specific web page.

Logging in

Only the system administrator or users with web access rights can log into the Web Manager. More than one user at a time can log in, but the same user cannot login more than once.
To log in to the SLC Web Manager:
1. Open a web browser.
2. In the URL field, type https:// followed by the IP address of your SLC 8000 advanced console manager.
3. To configure the SLC unit, log in using sysadmin as the user name and the last 8 characters of the Device ID (for newly manufactured units that come installed with 8.3.0.0 or later) or PASS (for all older units) as the password
Note: If the Device ID is not set, the default sysadmin password is the last 8
characters of the serial number.
Note: The system administrator may have changed the password using one of the
Quick Setup methods in the previous chapter.
The Lantronix SLC Quick Setup page displays automatically the first time you log in. Subsequently, the Lantronix SLC Home page displays. (If you want to display the Quick Setup page again, click Quick Setup on the main menu.)

Logging Out

To log off the SLC web interface:
1. Click the Logout button located on the upper left part of any Web Manager page. You are brought back to the login screen when logout is complete.
SLC™ 8000 Advanced Console Manager User Guide 64

Web Page Help

To view detailed information about an SLC web page:
1. Click the Help button to the right of any Web Manager page. Online Help contents will appear in a new browser window.

Command Line Interface

A command line interface (CLI) is available for entering all the commands you can use with the SLC 8000 advanced console manager. In this user guide, after each section of instructions for using the web interface, you will find the equivalent CLI commands. You can access the command line interface using Telnet, SSH, or a serial terminal connection.
Note: By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the
Services > SSH/Telnet/Logging web page, a serial terminal connection, or an SSH
connection. (See Chapter 7: Services.)
5: Web and Command Line Interfaces
The sysadmin user and users with who have full administrative rights have access to the complete command set, while all other users have access to a reduced command set based on their permissions.

Logging In

To log in to the SLC command line interface:
1. Do one of the following:
- With a serial terminal connection, power up, and when the command line displays, press
Enter.
- If the SLC 8000 advanced console manager already has an IP address (assigned
previously or assigned by DHCP), Telnet (if Telnet has been enabled) or SSH to xx.xx.xx.xx (the IP address in dot quad notation) and press Enter. The login prompt displays.
2. To log in as the system administrator for setup and configuration, enter sysadmin as the user name and press Enter.
3. Enter the last 8 characters of the Device ID (for newly manufactured units that come installed with
8.3.0.0 or later) or PASS (for all older units) as the password and press Enter. The first time you log in, the Quick Setup script runs automatically. Normally, the command prompt displays. (If you want to display the Quick Setup script again, use the admin quicksetup command.)
Note: If the Device ID is not set, the default sysadmin password is the last 8
characters of the serial number.
Note: The system administrator may have changed the password using one of the
Quick Setup methods in the previous chapter.
SLC™ 8000 Advanced Console Manager User Guide 65
5: Web and Command Line Interfaces
To log in any other user:
1. Enter your SLC user name and press Enter.
2. Enter your SLC password and press Enter.

Logging Out

To log out of the SLC command line interface, type logout and press Enter.

Command Syntax

Commands have the following format:
<action> <category> <parameter(s)>
where
<action> is set, show, connect, admin, diag, or logout.
<category> is a group of related parameters whose settings you want to configure or view.
Examples are ntp, deviceport, and network.
<parameter(s)> is one or more name-value pairs in one of the following formats:
<parameter name> <aa|bb>
<parameter name> <Value>
User must specify one of the values (aa or bb) separated by a vertical line ( entered exactly as shown. Bold indicates a default value.
User must specify an appropriate value, for example, an IP address. The parameter values are in mixed case. Square brackets indicate optional parameters.
| ). The values are in all lowercase and must be
[ ]

Command Line Help

For general Help and to display the commands to which you have rights, type: help
For general command line Help, type: help command line
For release notes for the current firmware release, type: help release
For more information about a specific command, type help followed by the command. For
example: help set network or help admin firmware

Tips

Type enough characters to identify the action, category, or parameter name uniquely. For
parameter values, type the entire value. For example, you can shorten:
set network port 1 state static ipaddr 122.3.10.1 mask 255.255.0.0
to
se net po 1 st static ip 122.3.10.1 ma 255.255.0.0
Use the Tab key to automatically complete action, category, or parameter names. Type a
partial name and press Tab either to complete the name if only one is possible, or to display the possible names if more than one is possible. Following a space after the preceding name, Tab displays all possible names.
SLC™ 8000 Advanced Console Manager User Guide 66
5: Web and Command Line Interfaces
Should you make a mistake while typing, backspace by pressing the Backspace key and/or
the Delete key, depending on how you accessed the interface. Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port. Use the left and right arrow keys to move within a command.
Use the up and down arrows to scroll through previously entered commands. If desired, select
one and edit it. You can scroll through up to 100 previous commands entered in the session.
To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.
When the number of lines displayed by a command exceeds the size of the window (the
default is 25), the command output is halted until the user is ready to continue. To display the next line, press Enter, and to display the page, press the space bar. You can override the number of lines (or disable the feature altogether) with the set cli command.General CLI Commands
The following commands relate to the CLI itself.
To configure the current command line session:
set cli scscommands <enable|disable>
Allows you to use SCS-compatible commands as shortcuts for executing commands:
Note: Settings are retained between CLI sessions for local users and users listed in the
remote users list.
Table 5-3 SCS Commands
SCS Commands Commands
info 'show sysstatus'
version 'admin version'
reboot 'admin reboot'
poweroff 'admin shutdown'
listdev 'show deviceport names'
direct 'connect direct deviceport'
listen 'connect listen deviceport'
clear 'set locallog clear'
telnet 'connect direct telnet'
ssh 'connect direct ssh'
To set the number of lines displayed by a command:
set cli terminallines <disable|Number of lines>
Sets the number of lines in the terminal emulation (screen) for paging through text one screenful at a time, if the SLC 8000 unit cannot detect the size of the terminal automatically.
To show current CLI settings:
show cli
SLC™ 8000 Advanced Console Manager User Guide 67
5: Web and Command Line Interfaces
To view the last 100 commands entered in the session:
show history
To clear the command history:
set history clear
To view the rights of the currently logged-in user:
show user
Note: For information about user rights, see Chapter 12: User Authentication.
Table 5-4 CLI Keyboard Shortcuts
Keyboard Shortcut Description
Control + [a] Move to the start of the line.
Control + [e] Move to the end of the line.
Control + [b] Move back to the start of the current word.
Control + [f] Move forward to the end of the next word.
Control + [u] Erase from cursor to the beginning of the line.
Control + [k] Erase from cursor to the end of the line.
SLC™ 8000 Advanced Console Manager User Guide 68

6: Basic Parameters

This chapter explains how to set the following basic configuration settings for the SLC advanced console manager using the SLC web interface or the CLI:
Network parameters that determine how the SLC 8000 advanced console manager interacts
with the attached network
Firewall and routing
Date and time
Note: If you entered some of these settings using a Quick Setup procedure, you may
update them here.

Requirements

If you assign a different IP address from the current one, it must be within a valid range and unique to your network. If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the SLC 8000 over the network.
To configure the unit, you need the following information:
Eth1 IP address: ________ - ________ - ________ - ________
Subnet mask: ________ - ________ - ________ - ________
Eth2 IP address (optional): ________ - ________ - ________ - ________
Subnet mask (optional): ________ - ________ - ________ - ________
Gateway: ___________ - ___________ - ___________ - ___________
DNS: ___________ - ___________ - ___________ - ___________
SLC™ 8000 Advanced Console Manager User Guide 69

Network Port Settings

Network parameters determine how the SLC unit interacts with the attached network. Use this page to set the following basic configuration settings for the network ports (Eth1 and Eth2).
The SLC supports the following types of network interfaces:
RJ-45 ports, as part of the standard SLC RJ45 NIC board. In the web UI port banner bar,
these are represented as and . These ports can be configured for speeds of 10Mbit, 100 Mbit or 1000 Mbit, at half-duplex or full-duplex. The RJ45 Ethernet NIC LEDs display the following states:
- Green Light On: indicates a link at 1000 BASE-T
- Green Light Off: indicates a link at other speeds, or no link
- Yellow Light On: indicates a link is established
- Yellow Light Blinking: indicates link activity
A variety of SFP modules, installed in the SLC SFP NIC board. In the web UI port banner bar,
these are represented as and , in a variety of colors. Single mode 1000 BASE-LX optical SFPs are shown in yellow as . Multi mode 1000 BASE-SX optical SFPs are shown as . RJ45 1000 BASE-T SFPs are shown in blue as . A port with no SFP module is shown in white as F1. A port with an unknown SFP module is shown as .
6: Basic Parameters
The SFP Ethernet NIC LEDs are located between the two SFP module slots; the LEDs for Ethernet 1 are on the left, and the LEDs for Ethernet 2 are on the right. They display the following states:
- Green Light On: indicates a link is established
- Green Light Off: indicates no link
- Yellow Light On: indicates no link activity
- Yellow Light Blinking: indicates link activity
These ports are fixed at 1000 Mbit full-duplex. Note that in some vendor's RJ45 1000 BASE-T transceivers, the RX LOS is internally ground, so the link status feature may fail.
SLC™ 8000 Advanced Console Manager User Guide 70
6: Basic Parameters
To enter settings for one or both network ports:
1. Click the Network tab and select the Network Settings option. Either the Network > Network
Settings (1 of 2) or the Network > Network Settings (2 of 2) displays depending on your SLC
8000 model.
Figure 6-1 Network > Network Settings (1 of 2)
Note: The SFP NIC Info & Diagnostics link in the Network > Network Settings (1 of 2)
image above only appears in SLC units equipped with an SFP NIC board. The SFP NIC Info & Diagnostics link brings you to the Network Settings > SFP NIC Information &
Diagnostics page.
SLC™ 8000 Advanced Console Manager User Guide 71
Figure 6-2 Network > Network Settings (2 of 2)
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 72
Figure 6-3 Network Settings > SFP NIC Information & Diagnostics
2. Enter the following information:
6: Basic Parameters

Ethernet Interfaces (Eth1 and Eth2)

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Eth 1 Settings
or
Eth 2 Settings
IP Address
(if specifying)
Subnet Mask If specifying an IP address, enter the network segment on which the SLC unit
Disabled: If selected, disables the network port. Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway
from the DHCP server. (The DHCP server may not provide the hostname gateway, depending on its setup.) This is the default setting. If you select this option, skip to Gateway.
Obtain from BOOTP: Lets a network node request configuration information
from a BOOTP "server" node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.
Enter an IP address that will be unique and valid on your network. There is no
default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the
fields for dot-quad numbers less than 100. For example, if your IP address is
172.19.201.28, do not enter 028 for the last segment octet.
Note: Currently, the SLC unit does not support configurations with the same IP
subnet on multiple interfaces (Ethernet or PPP).
resides. There is no default.
SLC™ 8000 Advanced Console Manager User Guide 73
6: Basic Parameters
IPv6 Address (Static)
Address of the port in IPv6 format.
Note: The SLC 8000 advanced console manager supports IPv6 connections for
the following services: the web, SSH, Telnet, remote syslog, SNMP, NTP, LDAP, Kerberos, RADIUS, TACACS+, connections to device ports, and diagnostic ping.
IPv6 addresses are written as 8 sets of 4-digit hexadecimal numbers separated by colons. There are several rules for modifying the address. For example:
1234:0BCD:1D67:0000:0000:8375:BADD:0057 may be shortened to 1234:BCD:1D67::8375:BADD:57.
IPv6 Address (Global)
IPv6 Address (Link Local)
Mode Select the direction, duplex mode (full duplex or half-duplex), and speed (10, 100,
MTU Specifies the maximum transmission unit (MTU) or maximum packet size of
HW Address Displays the hardware address of the Ethernet port.
Multicast Displays the multicast address of the Ethernet port.
Enable IPv6 Select this box to enable the IPv6 protocol. If changed, the SLC unit will need to
IP Forwarding If enabled, IP forwarding enables IPv4 network traffic received on one interface
IPv6 Forwarding If enabled, IPv6 forwarding enables IPv6 network traffic received on one interface
SFP NIC Info & Diagnostics (Link)
IPv6 address with global scope that is generated by address autoconfiguration. The address is generated from a combination of router advertisements and MAC address to create a unique IPv6 address. This field is read only.
Note: This field will not appear in the absence of an IPv6 global address.
An IPv6 address that is intended only for communications within the segment of a local network. This field is read only.
or 1000 Mbit) of data transmission. The default is Auto, which allows the Ethernet port to auto-negotiate the speed and duplex with the hardware endpoint to which it is connected.
packets at the IP layer (OSI layer 3) for the Ethernet port. When fragmenting a datagram, this is the largest number of bytes that can be used in a packet. The minimum MTU size is 108 bytes (to conform with RFC 2460) and the maximum size is 1500 bytes.
reboot. Enabled by default.
(Eth1, Eth2, or an external/USB modem attached to the SLC unit with an active PPP connection) to be transferred out another interface (any of the above). The default behavior (if IP forwarding is disabled) is for network traffic to be received but not routed to another destination.
Enabling IP forwarding is required if you enable Network Address Translation (NAT) for any device port modem or USB/ISDN modem. IP forwarding allows a user accessing the SLC 8000 advanced console manager over a modem to access the network connected to Eth1 or Eth2.
(Eth1, Eth2, or an external/USB modem attached to the SLC unit with an active PPP connection) to be transferred out another interface (any of the above). The default behavior (if IP forwarding is disabled) is for network traffic to be received but not routed to another destination.
Clicking the link brings you to the Network Settings > SFP NIC Information &
Diagnostics page showing information and diagnostics about the SFP connection
port, temperature, voltage, current, output power, input power, LOS, and TX fault. Click Back to Network Settings to return to the Network > Network Settings (1 of 2) page.
Note: The SFP NIC Info & Diagnostics link in the Network > Network Settings (1 of
2) page only appears in SLC units equipped with an SFP NIC board.
SLC™ 8000 Advanced Console Manager User Guide 74
6: Basic Parameters
Ethernet Bonding Ethernet 1 and Ethernet 2 can be bonded to support redundancy (Active Backup),
aggregation (802.3ad), and load balancing. Disabled by default. Note that if Ethernet Bonding is enabled, assigning individual IP Addresses to Device Ports is not supported.
Ethernet Bonding Status (Link)
Click the link to access Ethernet bonding status information. Ethernet 1 and Ethernet 2 can be bonded to support redundancy (Active Backup), aggregation (802.3ad), and load balancing. Disabled by default. Note that if Ethernet Bonding is enabled, assigning individual IP Addresses to Device Ports is not supported.
Click Back to Network Settings link to return to the Network Settings page.
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.

Hostname & Name Servers

Hostname
Domain If desired, specify a domain name (for example, support.lantronix.com). The domain
The default host name is hardware address of Ethernet Port 1. There is a 64-character limit (contiguous characters, no spaces). The host name becomes the prompt in the command line interface.
name is used for host name resolution within the SLC unit. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC 8000 advanced console manager attempts to resolve abcd.mydomain.com for the SMTP server.
slcXXXX, where XXXX is the last 4 characters of the

DNS Servers

#1 - #3 Configure up to three name servers with an IPv4 or IPv6 address. #1 is required if
you choose to configure DNS (Domain Name Server) servers. The SLC will attempt to contact each DNS server in the order that they are given. If a DNS server cannot be reached, the next DNS server will be tried. If a DNS server is reachable, but does not resolve a hostname, no other attempts will be mad to resolve the hostname using the remaining DNS servers.
The first three DNS servers acquired via DHCP through Eth1 and/or Eth2 display automatically.

DHCP-Acquired DNS Servers

#1 - #3 Displays the IP address of the name servers if automatically assigned by DHCP.
Prefer IPv4 DNS Records
If enabled, IPv4 DNS records will be preferred when DNS hostname lookups are performed. Otherwise IPv6 records will be preferred (when IPv6 is enabled). Enabled by default.

TCP Keepalive Parameters

Start Probes Number of seconds the SLC unit waits after the last transmission before sending the
first probe to determine whether a TCP session is still alive. The default is 600 seconds (10 minutes).
Number of Probes Number of probes the SLC 8000 advanced console manager sends before closing a
session. The default is 5.
Interval The number of seconds the SLC unit waits between probes. The default is 60
seconds.
SLC™ 8000 Advanced Console Manager User Guide 75
6: Basic Parameters

Gateway

Default IP address of the IPv4 router for this network.
If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2 displays.
All network traffic that matches the Eth1 IP address and subnet mask is sent out Eth1. All network traffic that matches the Eth2 IP address and subnet mask is sent out Eth 2.
If you set a default gateway, any network traffic that does not match Eth1 or Eth2 is sent to the default gateway for routing.
DHCP-Acquired Gateway acquired by DHCP for Eth1 or Eth2. View only.
Precedence Indicates whether the gateway acquired by DHCP or the default gateway takes
precedence. The default is DHCP Gateway. If the DHCP Gateway is selected and both Eth1 and Eth2 are configured for DHCP, the SLC unit gives precedence to the Eth1 gateway.
IPv6 Default Indicates the IP address of the IPv6 router for this network.

Fail-Over Settings

Fail-over Gateway IP Address
IP Address to Ping to Trigger Fail-over
Ethernet Port for Ping
Delay between Pings Number of seconds between pings
Number of Failed Pings
The fail-over gateway is a backup default gateway, used when it is determined through a fail-over trigger that the primary default gateway is no longer a viable route. A fail-over event happens when a Ping device reachable via an Ethernet interface and the default gateway becomes unreachable. Fail-back occurs when the Ping device becomes reachable again, causing the primary default route to be restored.
Note: The fail-over gateway is not supported when DHCP is used.
IP address to ping to determine whether to use the fail-over gateway.
Ethernet port to use for the ping.
Number of pings that fail before the SLC 8000 advanced console manager uses the fail-over gateway.
SLC™ 8000 Advanced Console Manager User Guide 76
6: Basic Parameters

Fail-Over Cellular Gateway Configuration

Fail-over Device Select an integrated device to be used as the fail-over gateway. Currently the
Lantronix PremierWave XC HSPA+ Cellular Gateway and the Sierra Wireless AirLink ES450 are supported. The HSPA+ gateway must be configured in gateway mode before it can be used as the fail-over gateway. It is recommended that the HSPA+ Cellular Connection Mode be set to On Demand, which will leave the link quiescent until an application attempts to make use of the cellular network connection. It is also recommended that the SNTP protocol be disabled, as On Demand mode uses the egress traffic as a trigger.
The Sierra gateway must be properly provisioned before first use by initializing the APN of the installed SIM card. This is done by connecting the Sierra gateway to the second ethernet port of the SLC, and assigning a static IP address to the SLC port so that it is in the same subnet as the IP address of the Sierra gateway. Use the console CLI or web GUI to set the APN of the SIM card. After setting the APN, power cycle the Sierra gateway and allow it to reboot completely.
The failover feature requires that both Ethernet ports be configured with a static IP address. Using DHCP on one of the Ethernet ports may overwrite the default route, interfering with fail-over and fail-back.
Note: The commands sent to the fail-over device to retrieve status and update the
configuration are shown in the syslog (messages may be displayed under Network syslog; at the Debug level). If there are errors retrieving status or updating the configuration, check messages in the Network syslog, the device administrator login/password, connectivity to the device and the firmware version of the fail-over device (the minimum required firmware version for HSPA+ is 8.1.0.0 and for Sierra Wireless ES450, it is 4.9.2). For the HSPA+ gateway, if the firmware is updated and new items are added to the status output by the gateway, the new items will automatically be displayed on the SLC.
When the SLC sends an updated configuration to the fail-over device, it is recommended to check the SLC syslog, even if the SLC indicates that the update was successful. Responses from the fail-over device indicating that the device needs to be rebooted for configuration changes to take affect may also be in the syslog. The configuration will be re-sent to the device if any of the fail-over device settings are changed, or the selected fail-over device is changed from None to one of the supported fail-over device types.
When a fail-over or fail-back occurs, running applications such as VPN tunnel and ConsoleFlow will be restarted.
APN of Mobile Carrier
Admin Login and Password/Retype
Change Admin Password (check box)
For the HSPA+ and Sierra gateways, configure the Access Point Name for the mobile carrier. May have up to 256 characters.
For the selected Fail-over Device, the administrator login and password used to retrieve status from the device and send configuration updates to the device. The login may have up to 32 characters, and the password may have up to 64 characters. The Admin Password displays the current password masked.
Select this check box if you wish to update the admin password for the selected gateway Fail-over Device.
SLC™ 8000 Advanced Console Manager User Guide 77
6: Basic Parameters
New Admin Password/Retype
Reboot Gateway When Making Changes (check box)
Fail-Over Cellular Gateway Status (link)
For the selected Fail-over Device, the administrator password can be changed on the gateway. The password may have up to 64 characters.
To change the Admin Password, click the Change Admin Password checkbox and enter the new password in the New Admin Password and Retype fields. Changing the HSPA+ Admin password will save the password on the SLC for status and configuration queries to the HSPA+ gateway. The password must match what is stored on the HSPA+ gateway. Changing the Sierra Admin password will save the password on the SLC for status and configuration queries to the Sierra gateway. The new password will also be configured on the Sierra gateway. The Sierra gateway login must be set as ‘user’.
For the selected Fail-over Device, the administrator can reboot the gateway.
Clicking the link opens the Fail-Over Cellular Gateway status window, showing status and statistics about the fail-over gateway.
Click Back to Network Settings to return to the Network Settings page.

Advanced Cellular Gateway Configuration

SIM Card PIN Lock (check box)
Pin # for SIM Card/ Retype
SIM PUK/Retype For the HSPA+ gateway, the SIM Personal Unblocking Key. May have up to 16
SIM Username For the HSPA+ gateway, enter the username for dial up to the cellular carrier, if
SIM Password For the HSPA+ gateway, enter the password for dial up to the cellular carrier, if
Dial-up String For the HSPA+ gateway, enter the modem string used for making a connection to
Roaming For the HSPA+ gateway, enable or disable network roaming. The Sierra gateway
For the HSPA+ and Sierra gateways, enable a lock so that the SIM card used by the gateway cannot be used by anyone who does not have the PIN.
For the HSPA+ and Sierra gateways, the PIN number for the SIM card used by the gateway. May have up to 8 characters.
characters. The Sierra gateway does not have this feature.
required. May have up to 64 characters. The Sierra gateway does not have this feature.
required. May have up to 64 characters. The Sierra gateway does not have this feature.
the carrier. May have up to 64 characters. The Sierra gateway does not have this feature.
does not have this feature.

Fail-Over Cellular Gateway Firmware

Note: The HSPA+ or Sierra fail-over device must be selected in order for you to be able
to update the firmware.
Update Firmware (check box)
Functional Firmware Filename
SLC™ 8000 Advanced Console Manager User Guide 78
Select this option to update firmware on the HSPA+ gateway or the Sierra gateway. The Functional Firmware file and the Radio Firmware file (required for the Sierra gateway only) will be transferred to the SLC using the method selected by the Load Firmware via option. Once the file(s) have been transferred to the SLC, the SLC will initiate the firmware update on the gateway.
Enter the name of the firmware filename exactly as it is represented.
6: Basic Parameters
Radio Firmware Filename
Load Firmware via Select the method to load the firmware from the options in the drop-down menu.
Enter the name of the radio firmware filename exactly as it is represented.
Options are: FTP, TFTP, SCP, USB, SD Card, and HTTPS. FTP is the default.
If you select HTTPS, the Upload File link becomes active. Select the link to open
a popup window that allows you to browse to a firmware update file to upload.
If you select NFS, the mount directory must be specified.
Note: Connections available depend on the model of the SLC unit.

Load Cellular Gateway Firmware Options

USB Port Select the USB port. The firmware files must be stored in the top level directory of
the USB flash drive.
FTP/SFTP/SCP Server
Path Enter the path on the server for obtaining firmware update files.
Login Enter the user login for the FTP/SFTP/SCP server to verify access. May be blank.
Password/ Retype Password
3. To save your entries, click the Apply button. Apply makes the changes immediately and saves them so they will be there when the SLC 8000 advanced console manager is rebooted.
Enter the IP address or host name of the server used for obtaining the firmware files. May have up to 64 alphanumeric characters; may include hyphens and underscore characters.
Enter the FTP/SFTP/SCP user password. Retype the password in the Retype
Password field.

Ethernet Counters

The Network > Network Settings (1 of 2) page displays statistics for each of the SLC Ethernet ports since boot-up. The system automatically updates them.
Note: For Ethernet statistics for a smaller time period, use the diag perfstat
command.

Network Commands

Go to Network Commands to view CLI commands which correspond to the web page entries described above.

IP Filter

IP filters (also called a rule set) act as a firewall to allow or deny an individual MAC address or individual or a range of IP addresses, ports, and protocols. When a network connection is configured to use an IP filter, all network traffic through that connection is compared, in order, to the rules of that filter. Network traffic may be allowed to pass, it may be dropped (without notice), or it may be rejected (sends back an error packet) depending upon the rules of that filter rule set.
The administrator uses the Network > IP Filter page to view, add, edit, delete, and map IP filters.
Warning: IP filters configuration is a feature for advanced users. Adding and
enabling IP filter sets incorrectly can disable access to your SLC unit.
SLC™ 8000 Advanced Console Manager User Guide 79
6: Basic Parameters

Viewing IP Filters

You can view a list of filters and a table showing how each filter is mapped to an interface.
To view a list of IP filters:
1. Click the Network tab and select the IP Filter option. The following page displays:
Figure 6-4 Network > IP Filter

Mapping Rulesets

The administrator can assign an IP Filter Rule Set to a network interface (Ethernet interface), a modem connected to a device port, or a USB modem or an internal modem (if installed).
To map a ruleset to a network interface:
1. Click the Network tab and select the IP Filter option. The Network > IP Filter page displays.
2. Select the IP filter rule set to be mapped.
3. From the Interface drop-down list, select the desired network interface and click the Map Ruleset button. The Interface and rule set display in the IP Filter Mappings table.
To delete a mapping:
1. Click the Network tab and select the IP Filter option. The Network > IP Filter page displays.
2. Select the mapping from the list and click the Delete Mappings button. The mapping no longer displays.
3. Click the Apply button.

Enabling IP Filters

On the Network > IP Filter page, you can enable all filters or disable all filters.
SLC™ 8000 Advanced Console Manager User Guide 80
6: Basic Parameters
Note: There is no way to enable or disable individual filters.
To enable IP filters:
1. Enter the following:
Enable IP Filter Select the Enable IP Filter checkbox to enable all filters, or clear the checkbox
to disable all filters. Disabled by default.
Packets Dropped Displays the number of data packets that the filter ignored (did not respond to).
View only.
Packets Rejected Displays the number of data packets that the filter sent a “rejected” response to.
View only.
Test Timer Timer for testing IP Filter rulesets. Select No to disable the timer. Select Yes,
minutes (1-120) to enable the timer and enter the number of minutes the timer should run. The timer automatically disables the IP Filters when the time expires.
Time Remaining Indicates how many minutes are left on the timer before it expires and IP Filters
disabled. View only.
SLC™ 8000 Advanced Console Manager User Guide 81
6: Basic Parameters

Configuring IP Filters

The administrator can add, edit, delete, and map IP filters.
Note: A configured filter has no effect until it is mapped to a network interface.
See Mapping Rulesets on page 80.
To add an IP filter:
1. On the Network > IP Filter page, click the Add Ruleset button. The following page displays:
Figure 6-5 Network > IP Filter Ruleset (Adding/Editing Rulesets)
Rulesets can be added or updated on this page.
2. Enter the following:
Ruleset Name Name that identifies a filter; may be composed of letters, numbers, and hyphens
only. (The name cannot start with a hyphen.) Example:
FILTER-2
SLC™ 8000 Advanced Console Manager User Guide 82
6: Basic Parameters

Rule Parameters

IP Address(es) Specify a single IP address to act as a filter.
Example:
Subnet Mask Specify a subnet mask to act determine how much of the address should apply to
the filter.
Example:
MAC Address Specify a single MAC address to act as a filter.
Example: 10:7d:1a:33:5c:e1
Protocol From the drop-down list, select the type of protocol through which the filter will
operate. The default setting is All.
Port Range Enter a range of destination TCP or UDP port numbers to be tested. An entry is
required for TCP, TCP New, TCP Established, and UDP, and is not allowed for other protocols. Separate multiple ports with commas. Separate ranges of ports by colons.
Examples:
22 – filter on port 22 only23,64,80 – filter on ports 23, 64 and 8023:64,80,143:150 – filter on ports 23 through 64, port 80 and ports 143 through
Action Select whether to Drop, Reject, or Allow communications for the specified IP
address, subnet mask, protocol, and port range. Drop ignores the packet with no notification. Reject ignores the packet and sends back an error message. Allow permits the packet through the filter.
Clear Click the Clear button to clear any Rule Parameter information set above.
Generate rule to allow service
You may wish to “punch holes” in your filter set for a particular protocol or service. For instance, if you have configured your NIS server and wish to create an opening
in your filter set, select the NIS option and click the Add Rule button. This entry adds a new rule to your filter set using the NIS -configured IP address. Other services and protocols added automatically generate the necessary rule to allow their use.
172.19.220.64 – this specific IP address only
255.255.255.255 to specify the whole address should apply.
150
3. Click the right arrow button to add the new rule to the bottom of the Rules list box on the right. A maximum of 64 rules can be created for each ruleset.
4. To remove a rule from the filter set, highlight that line and click the left arrow. The rule populates the rule definition fields, allowing you to make minor changes before reinserting the rule. To clear the definition fields, click the Clear button.
5. To change the order of priority of the rules in the list box, select the rule to move and use the up or down arrow buttons on the right side of the filter list box.
6. To save, click the Apply button. The new filter displays in the menu tree.
Note: To add another new filter rule set, click the Back to IP Filter link to return to the
Network > IP Filter page.

Updating an IP Filter

To update an IP filter rule set:
SLC™ 8000 Advanced Console Manager User Guide 83
1. From the Network > IP Filter page, the administrator selects the IP filter ruleset to be edited
2. Edit the information as desired and click the Apply button.

Deleting an IP Filter

To delete an IP filter rule set:
1. On the Network > IP Filter page, the administrator selects the IP filter ruleset to be deleted and

IP Filter Commands

Go to IP Filter Commands to view CLI commands which correspond to the web page entries described above.

Routing

6: Basic Parameters
and clicks the Edit Ruleset button to return to the Network > IP Filter Ruleset (Adding/Editing
Rulesets) page (see Figure 6-5).
clicks the Delete Ruleset button.
The SLC 8000 advanced console manager allows you to define static routes and, for networks using Routing Information Protocol (RIP)-capable routes, to enable the RIP protocol to configure the routes dynamically.
To configure routing settings:
1. Click the Network tab and select the Routing option. The following page displays:
Figure 6-6 Network > Routing
2. Enter the following:
SLC™ 8000 Advanced Console Manager User Guide 84
6: Basic Parameters

Dynamic Routing

Enable RIP Select to enable Dynamic Routing Information Protocol (RIP) to assign routes
automatically. Disabled by default.
RIP Version Select the RIP version. The default is 2.

Static Routing

Enable Static Routing
3. Click the Apply button.
Note: To display the routing table, status or specific report, see the section,
Status/Reports on page 309.

Routing Commands

Go to Routing Commands to view CLI commands which correspond to the web page entries described above.

VPN Settings

This page can be used to create a Virtual Private Network (VPN) tunnel to the SLC unit for secure communication between the and a remote host or gateway. The SLC unit supports IPSec tunnels using Encapsulated Security Payload (ESP). The supports host-to-host, net-to-net, host-to-net, and roaming user tunnels.
Select to assign the routes manually. The system administrator usually provides the routes. Disabled by default.
To add a static route, enter the IP Address, Subnet Mask, and Gateway for the
route and click the Add/Edit Route button. The route displays in the Static Routes table. You can add up to 64 static routes.
To edit a static route, select the radio button to the right of the route, change the IP
Address, Subnet Mask, and Gateway fields as desired, and click the Add/Edit Route button.
To delete a static route, select the radio button to the right of the route and click the
Delete Route button.
Note: To allow VPN tunnel access if the SLC firewall is enabled, traffic to UDP ports 500
and 4500 from the remote host should be allowed, as well as protocol ESP from the remote host.
The SLC provides a strongSwan-based VPN implementation (version 5.6.3). The SLC UI provides access to a subset of the strongSwan configuration options, and also allows upload of a custom ipsec.conf file, which gives an administrator access to most strongSwan configuration options. For more information on strongSwan, see https://www.strongswan.org of Internet Key Exchange IKEv1
and IKEv2 cipher suites is available on the strongSwan Wiki. NAT
and the strongSwan FAQ. A list
Traversal is handled automatically without any special configuration. VPN related routes are
installed in a separate table and can be viewed in the detailed VPN status or in the IP Routes table.
When a tunnel is up, the amount of data passed through the tunnel can be viewed in the status with the bytes_i (bytes input) and bytes_o (bytes output) counters. An example of the VPN status is below (the status will vary depending on the authentication, subnets and algorithms used). For example, the status displays the IP addresses on either side of the tunnel (192.168.1.103 and
220.41.123.45), the type of authentication (pre-shared key authentication), the algorithms in use
SLC™ 8000 Advanced Console Manager User Guide 85
6: Basic Parameters
(IKEv1 Aggressive and 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024), when the tunnel will be rekeyed/SA Lifetime (rekeying in 7 hours), the bytes in and out (131 bytes_i (1 pkt, 93s ago), 72 bytes_o (1 pkt, 94s ago)), a dynamic address assigned to the console manager side of the tunnel (child: dynamic and 172.28.28.188), and the subnets on both sides of the tunnel (172.28.28.188/32 === 10.3.0.0/24 10.81.101.0/24 10.81.102.0/24 10.81.103.0/24).
Connections: MyVPNConn: 192.168.1.103...220.41.123.45 IKEv1 Aggressive, dpddelay=30s MyVPNConn: local: [vpnid] uses pre-shared key authentication MyVPNConn: local: [vpnid] uses XAuth authentication: any with XAuth identity 'gfountain' MyVPNConn: remote: [220.41.123.45] uses pre-shared key authentication MyVPNConn: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=restart Security Associations (1 up, 0 connecting): MyVPNConn[1]: ESTABLISHED 26 minutes ago,
192.168.1.103[vpnid]...220.41.123.45[220.41.123.45]
MyVPNConn[1]: IKEv1 SPIs: 62c06b5b5fc3c5de_i* 74300552060118f6_r, pre-shared key+XAuth reauthentication in 2 hours MyVPNConn[1]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ MODP_1024 MyVPNConn{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c6b71deb_i 95f877ec_o MyVPNConn{1}: 3DES_CBC/HMAC_MD5_96/MODP_1024, 131 bytes_i (1 pkt, 93s ago), 72 bytes_o (1 pkt, 94s ago), rekeying in 7 hours MyVPNConn{1}: 172.28.28.188/32 === 10.3.0.0/24 10.81.101.0/24
10.81.102.0/24 10.81.103.0/24
The SLC loads a subset of the available strongSwan plugins
. If an option is given in a custom ipsec.config file that requires a plugin that is not loaded by the SLC, this may cause an error during tunnel negotiation. The loaded plugins can be viewed in the VPN Status when the VPN tunnel is enabled.
Sample ipsec.conf Files are provided for a variety of tunnel configurations and peers. The
strongSwan Wiki also provides a variety of usable examples addition to interoperability recommendations
.
and sample configurations, in
Depending on the VPN configuration, it may be necessary to enable IP Forwarding or to add static routes; in some cases traffic may not be passed through the tunnel without enabling IP Forwarding or static routes. Refer to the VPN routing table that is displayed with the VPN status.
A watchdog program is automatically run when the VPN tunnel is enabled. This program will detect if the VPN tunnel goes down (for reasons other than the user disabling the tunnel). The watchdog program will:
Generate a syslog message when the tunnel goes up or down
If traps are enabled, send a slcEventVPNTunnel SNMP trap when the tunnel goes up or down
If an email address is configured in the VPN configuration, send an email when the tunnel
goes up or down
If enabled, automatically restart the VPN tunnel
When using VPN with Network Fail-over, the Local IP Address should not be configured for the VPN tunnel. This will allow strongSwan to automatically determine the IP address on the local
SLC™ 8000 Advanced Console Manager User Guide 86
6: Basic Parameters
(console manager) side of the tunnel based on the network configuration during both fail-over and fail-back.
VPN tunnels over an console manager Ethernet interfaces that is configured with an MTU less than 256 may experience issues (traffic loss, etc).
To set up a VPN connection:
1. Click the Network tab and select the VPN option. The following page displays:
SLC™ 8000 Advanced Console Manager User Guide 87
Figure 6-7 Network > VPN (1 of 2)
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 88
Figure 6-8 Network > VPN (2 of 2)
6: Basic Parameters
2. Enter the following:
Enable VPN Tunnel Select to create a tunnel. Disabling this option will terminate any currently
running tunnel.
Note: The VPN peer that sends the first packet in tunnel bringup is the
initiator or client; the VPN peer that listens for and responds to the first packet is the responder or server. In general, the responder / server side should be started before the initiator / client side. If it is desired to have the console manager VPN tunnel automatically reconnect when the remote peer disconnects and then reconnects, the console manager side of the tunnel should be started first so that it will act as a responder or server. If the console manager side of the tunnel is started after the remote peer, the console manager will act as a initiator / client, and may not automatically reconnect when the remote peer disconnects and is brought back up.
Name The name assigned to the tunnel. Required to create a tunnel.
Remote Peer The IP address or FQDN of the remote host's public network interface. The
special value of any can be entered to signify an address to be filled in by automatic keying during negotiation. The console manager will act as a responder/server.
Remote Id How the remote host should be identified for authentication. The Id is used
to select the proper credentials for communicating with the remote host.
Remote Hop/Router If the remote host is behind a gateway, this specifies the IP address of the
gateway's public network interface. This option is deprecated and is no
longer supported.
SLC™ 8000 Advanced Console Manager User Guide 89
6: Basic Parameters
Remote Subnet(s) One or more allowed subnets behind the remote host, expressed in CIDR
notation (IP address/mask bits). If multiple subnets are specified, the subnets should be separated by a comma. Up to 10 local subnets supported.
Configured subnets of the peers may differ, the protocol narrows it to the greatest common subnet. In IKEv1, this may lead to problems with other implementations. Make sure to configure identical subnets in such configurations.
If the remote subnet is not defined, it will be assumed that the remote end of the connection goes to the remote peer only.
Remote Source IP The internal source IP to use in a tunnel(Virtual IP). Currently the accepted
values are config, CIDR Notation, IP Address Range or poolname. If the value is config on the responder side, the initiator must propose an address which is then echoed back. The supported address pools are expressed as CIDR notation and IP Address range as - or the use of an external IP address pool using poolname is the name of the IP address pool used for the lookup.
Local IP Address The IP address of the SLC (local) side of the tunnel, specifically the public-
network interface. If no IP address is given, the value %any will be used in ipsec.conf (this is the default), signifying an address to be filled in (by automatic keying) during negotiation. If the SLC initiates the connection setup the routing table will be queried to determine the correct local IP address. In case the SLC is responding to a connection setup then any IP address that is assigned to a local interface will be accepted.
Local Id How the SLC unit should be identified for authentication. The Id is used by
the remote host to select the proper credentials for communicating with the SLC unit.
Local Hop/Router If the SLC unit is behind a gateway, this specifies the IP address of the
gateway's public network interface. This option is deprecated and is no
longer supported.
Local Subnet(s) One or more subnets behind the SLC unit, expressed in CIDR notation (IP
address/mask bits). If multiple subnets are specified, the subnets should be separated by a comma. Up to 10 local subnets supported.
Configured subnets of the peers may differ, the protocol narrows it to the greatest common subnet. In IKEv1, this may lead to problems with other implementations. Make sure to configure identical subnets in such configurations.
If the local subnet is not defined, it will be assumed that the local end of the connection goes to the console manager only.
Local Source IP The internal source IP to use in a tunnel (Virtual IP). Currently the accepted
values are config4, config6 or Valid IP Address. With config4 and config6 an address of the given address family will be requested explicitly. If an IP address is configured, it will be requested from the responder, which is free to respond with a different address.
SLC™ 8000 Advanced Console Manager User Guide 90
6: Basic Parameters
IKE Negotiation The Internet Key Exchange (IKE) protocol is used to exchange security
options between two hosts who want to communicate via IPSec. The first phase of the protocol authenticates the two hosts to each other and establishes the Internet Security Association Key Management Protocol Security Association (ISAKMP SA). The second phase of the protocol establishes the cryptographic parameters for protecting the data passed through the tunnel, which is the IPSec Security Association (IPSec SA). The IPSec SA can periodically be renegotiated to ensure security.
The IKE protocol can use one of two modes: Main Mode, which provides identity protection and takes longer, or Aggressive Mode, which provides no identity protection but is quicker. With Aggressive Mode, there is no negotiation of which cryptographic parameters will be used; each side must give the correct cryptographic parameters in the initial package of the exchange, otherwise the exchange will fail. If Aggressive Mode is used, the IKE Encryption, IKE Authentication, and IKE DH Group must be specified.
IKE Version IKE Version settings to be used. Currently the accepted values are IKEv1,
IKEv2 and Any. Default is IKEv2. Any uses IKEv2 when initiating but will accept any protocol version while responding.
It is recommended that any IKE Encryption or ESP Encryption parameters that are selected be supported by the IKE Version that is used. Refer to the list of
IKEv1 and IKEv2 cipher suites for more information.
IKE Encryption The type of encryption, 3DES, AES, AES192 or AES256, used for IKE
negotiation. Any can be selected if the two sides can negotiate which type of encryption to use.
Note: If IKE Encryption, Authentication and DH Group are set to Any,
default cipher suite(s) will be used. If the console manager acts as an initiator, the tunnel will use a default IKE cipher of aes128-sha256-ecp256 (for IKEv1). For IKEv2 or when the console manager is the responder in tunnel initiation, it will propose a set of cipher suites and will accept the first supported proposal received from the peer.
IKE Authentication The type of authentication, SHA2_256, SHA2_384, SHA2_512, SHA1, or
MD5, used for IKE negotiation. Any can be selected if the two sides can
negotiate which type of authentication to use.
IKE DH Group The Diffie-Hellman Group, 2 (modp1024), 5 (modp1536), 14 (modp2048),
15 (modp3072), 16 (modp4096), 17 (modp6144), 18 (modp8192) or 19 (ecp256) can be used for IKE negotiation. Any can be selected if the two sides can negotiate which Diffie-Hellman Group to use.
SLC™ 8000 Advanced Console Manager User Guide 91
6: Basic Parameters
ESP Encryption The type of encryption, 3DES , AES, AES192 or AES256, used for
encrypting the data sent through the tunnel. Any can be selected if the two sides can negotiate which type of encryption to use.
Note: If ESP Encryption, Authentication and DH Group are set to Any,
default cipher suite(s) will be used. If the console manager acts as an initiator, the tunnel will use a default ESP cipher of aes128-sha256 (for IKEv1). For IKEv2 or when the console manager is the responder in tunnel initiation, it will propose a set of cipher suites and will accept the first supported proposal received from the peer. The proposal sent from the remote peer and the proposal used by the console manager can be viewed in the VPN logs. If there is no match between the two sets of proposals, the tunnel will fail with the message
no matching proposal found,
sending NO_PROPOSAL_CHOSEN. If a matching proposal is found,
tunnel negotiation will proceed. Below is an example of no matching proposal in the log messages:
charon: 04[CFG] received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/ECP_256/ NO_EXT_SEQ
charon: 04[CFG] configured proposals: ESP:AES_CBC_128/AES_CBC_192/ AES_CBC_256/ HMAC_SHA2_256_128/ HMAC_SHA2_384_192/ HMAC_SHA2_512_256/ HMAC_SHA1_96/AES_XCBC_96/ NO_EXT_SE
charon: 04[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN
ESP Authentication The type of authentication, SHA2_256, SHA2_384, SHA2_512,
SHA2_256_96, SHA1, or MD5, used for authenticating data sent through
the tunnel. Any can be selected if the two sides can negotiate which type of authentication to use.
ESP DH Group The Diffie-Hellman Group, 2 (modp1024), 5 (modp1536), 14 (modp2048),
15 (modp3072), 16 (modp4096), 17 (modp6144), 18 (modp8192) or 19 (ecp256) can be used for the key exchange for data sent through the tunnel. Any can be selected if the two sides can negotiate which Diffie-Hellman Group to use.
Note: PFS is automatically enabled by configuring ESP Encryption to use
a DH Group (ESP Encryption without a DH Group will disable PFS); see Perfect Forward Secrecy below.
SLC™ 8000 Advanced Console Manager User Guide 92
6: Basic Parameters
Authentication The type of authentication used by the host on each side of the VPN tunnel
to verify the identity of the other host.
For RSA Public Key, each host generates a RSA public-private key pair,
and shares its public key with the remote host. The RSA Public Key for the SLC unit (which has 4096 bits) can be viewed at either the web or CLI.
For Pre-Shared Key, each host enters the same passphrase to be used
for authentication.
For X.509 Certificate, each host is configured with a Certificate Authority
certificate along with a X.509 certificate with a corresponding private key, and shares the X.509 certificate with the remote host.
Before using RSA Public Key authentication, select Generate SLC RSA Key to generate the SLC’s RSA public/private key pair. This RSA key can be regenerated at any time.
Note: strongSwan does not support IKEv1 aggressive mode with Pre-
Shared Key authorization without XAUTH enabled. If a tunnel is initiated
RSA Public Key for Remote Peer
with this configuration the log message
disabled for security reasons
will not be initiated. It is possible to override this behavior, but it is not recommended.
If RSA Public Key is selected for authentication, the remote peer's public key can be uploaded or deleted. If a public key has been uploaded this field will display key installed. The peer RSA public key must be in Privacy Enhanced Mail (PEM) format, e.g.:
Aggressive Mode PSK
will be displayed, and a tunnel
-----BEGIN PUBLIC KEY----­(certificate in base64 encoding)
-----END PUBLIC KEY-----
Pre-Shared Key If Pre-Shared Key is selected for authentication, enter the key.
Retype Pre-Shared Key If Pre-Shared Key is selected for authentication, re-enter the key.
Certificate Authority for Remote Peer
Certificate File for Remote Peer
A certificate can be uploaded to the SLC unit for peer authentication. The certificate for the remote peer is used to authenticate the SLC to the remote peer, and at a minimum contains the public certificate file of the remote peer. The certificate may also contain a Certificate Authority file; if the Certificate Authority file is omitted, the SLC may display "issuer cacert not found" and "X.509 certificate rejected" messages, but still authenticate. The Certificate Authority file and public certificate File must be in PEM format, e.g.:
-----BEGIN CERTIFICATE----­(certificate in base64 encoding)
-----END CERTIFICATE-----
SLC™ 8000 Advanced Console Manager User Guide 93
6: Basic Parameters
Certificate Authority for Local Peer
Certificate File for Local Peer
Key File for Local Peer
A certificate can be uploaded to the SLC unit for peer authentication. The certificate for the local peer is used to authenticate any remote peer to the SLC, and contains a Certificate Authority file, a public certificate file, and a private key file. The public certificate file can be shared with any remote peer for authentication. The Certificate Authority and public certificate file must be in PEM format, e.g.:
-----BEGIN CERTIFICATE----­(certificate in base64 encoding)
-----END CERTIFICATE-----
The key file must be in RSA private key file (PKCS#1) format, eg:
-----BEGIN RSA PRIVATE KEY----­(private key in base64 encoding)
-----END RSA PRIVATE KEY-----
Perfect Forward Secrecy (PFS)
SA Lifetime How long a particular instance of a connection should last, from successful
When a new IPSec SA is negotiated after the IPSec SA lifetime expires, a new Diffie-Hellman key exchange can be performed to generate a new session key to be used to encrypt the data being sent through the tunnel. If this is enabled, it provides greater security, since the old session keys are destroyed.
This option is deprecated and is no longer supported. With strongSwan, PFS is automatically enabled by configuring ESP Encryption to use a DH Group (ESP Encryption without a DH Group will disable PFS). Using PFS introduces no significant performance overhead, unless rekeying is done more than 80 IPsec SAs per second.
negotiation to expiry, in seconds. Normally, the connection is renegotiated (via the keying channel) before it expires.
The formula for how frequently rekeying (renegotiation) is done is:
rekeytime = lifetime - (margintime + random(0, margintime * rekeyfuzz))
where the default margintime is 9m (or 540 seconds) and the default rekeyfuzz is 100%. For example, if the SA Lifetime is set to 3600 seconds
(1 hour), how often the tunnel is rekeyed is calculated as:
rekeytime minimum = 1h - (9m + 9m) = 42m rekeytime maximum = 1h - (9m + 0m) = 51m
So the rekeying time will vary between 42 minutes and 51 minutes. It is recommended that the SA Lifetime be set greater than 540 seconds;
any values less than 540 seconds may require adjustments to the margintime and rekeyfuzz values (which can be set with a custom ipsec.conf file). Some peer devices (Cisco, etc) may require that the SA Lifetime be set to a minimum of 3600 seconds in order for the VPN tunnel to come up and rekeying to function properly.
For more information see the
Mode Configuration Client If this is enabled, the SLC unit can receive network configuration from the
remote host. This allows the remote host to assign an IP address/netmask to the SLC side of the VPN tunnel. This option is deprecated and is no
longer supported.
strongSwan Expiry documentation.
SLC™ 8000 Advanced Console Manager User Guide 94
6: Basic Parameters
XAUTH Client If this is enabled, the SLC unit will send authentication credentials to the
remote host if they are requested. XAUTH, or Extended Authentication, can be used as an additional security measure on top of the Pre-Shared Key or RSA Public Key. This is typically used with Cisco peers, where the Cisco peer is acting as an XAUTH server.
XAUTH Login (Client) If XAUTH Client is enabled, this is the login used for authentication.
XAUTH Password/Retype Password
Remote Peer Type Defines the type of the remote peer, either IETF (non-Cisco) or Cisco.
Cisco Unity If enabled, sends the Cisco Unity vendor ID payload (IKEv1 only), indicating
Mode Config In remote access scenarios, it is highly desirable to be able to push
Force Encapsulation In some cases, for example when ESP packets are filtered or when a
Dead Peer Detection Sets the delay (in seconds) between Dead Peer Detection (RFC 3706)
Dead Peer Detection Timeout
Dead Peer Detection Action When a Dead Peer Detection enabled peer is declared dead, the action that
If XAUTH Client is enabled, this is the password used for authentication.
When set to Cisco, support for Cisco IPsec gateway redirection and Cisco obtained DNS and domainname are enabled. This option is deprecated
and is no longer supported.
that the SLC is acting as a Cisco Unity compliant peer. This indicates to the remote peer that Mode Config is supported (an IKE configuration method that is widely adopted, documented
configuration information such as the private IP address, a DNS server's IP address, and so forth, to the client. This option defines which mode is used: pull where the config is pulled from the peer (the default), or push where the config is pushed to the peer. Push mode is not supported with IKEv2.
broken IPsec peer does not properly recognise NAT, it can be useful to force RFC-3948 encapsulation.
keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for the tunnel (default 30 seconds). Dead Peer Detection can also be disabled.
Sets the length of time (in seconds) the SLC will idle without hearing either an R_U_THERE poll from the peer, or an R_U_THERE_ACK reply. The default is 120 seconds. After this period has elapsed with no response and no traffic, the SLC will declare the peer dead, remove the Security Association (SA), and perform the action defined by Dead Peer Detection Action.
should be taken. Hold (the default) means the tunnel will be put into a hold status. Clear means the Security Association (SA) will be cleared. Restart means the SA will immediately be renegotiated.
here).
SLC™ 8000 Advanced Console Manager User Guide 95
6: Basic Parameters
Custom ipsec.conf Configuration
A custom ipsec.conf file can be uploaded to the SLC. This file can include any of the strongSwan options which are not configurable from the UIs. The ipsec.conf file should include one defines the tunnel parameters. An ipsec.conf file containing more than one
conn <Tunnel Name> section which
conn section will be rejected for upload.
When a custom ipsec.conf file has been uploaded to the console manager, any VPN options configured via the UIs (with the exception of authentication tokens, see below) are ignored, and the UIs will not display the options given in the custom ipsec.conf file.
A description of the format of the ipsec.conf file as well as all strongSwan options is available all options listed in the strongSwan ipsec.conf documentation will be supported by the SLC.
Any authentication tokens (pre-shared keys, RSA keys, X.509 certificates) required by the custom ipsec.conf must be configured through the SLC UIs, and must be configured or installed before a tunnel is brought up with an uploaded ipsec.conf file. When a tunnel is started with a custom ipsec.conf file, the authentication tokens required for the verified to exist before the tunnel is started. For example, if
here. The SLC uses strongSwan version 5.6.3, so not
authby parameter are
authby=rsasig, the SLC will verify that the SLC RSA public/private
key has been generated and that the peer RSA public key has been uploaded.
To upload a custom ipsec.conf file, select the Upload File link next to the Uploaded Configuration field.
To delete an uploaded custom ipsec.conf file, select the Delete Configuration File checkbox next to the Uploaded Configuration field.
To view an uploaded custom ipsec.conf file, select the View Configuration link next to the Uploaded Configuration field. If a file has been uploaded it will be displayed; otherwise the auto-generated file will be displayed if it exists. The file is auto-generated when a tunnel is enabled (if a custom file has not been uploaded).
To download the current in-use ipsec.conf file (either the ipsec.conf file automatically generated by the SLC or an uploaded custom ipsec.conf file), select the Download Configuration button. Downloading the ipsec.conf file automatically generated by the SLC is a good starting point for adding extra VPN options; the tunnel must be enabled in order for the SLC to auto­generate an ipsec.conf file that can be downloaded.
Tunnel Restart If enabled, the watchdog program will automatically restart the VPN tunnel
when the tunnel goes down.
Email Address Email address to receive email alerts when the tunnel goes up or down.
3. To save, click Apply button.
More Actions on the VPN page:
To see details of the VPN tunnel connection, including the cryptographic algorithms used,
select the View Detailed Status link.
To see the last 200 lines of the logs associated with the VPN tunnel, select the View VPN
Logs link.
To see the RSA public key for the SLC unit (required for configuring the remote host if RSA
Public Keys are being used), and the RSA public key for the remote peer, select the View console manager and Remote Peer RSA Public Key link.
To see the X.509 Certificates for the local peer and the remote peer, select the View X.509
Certificates link.
SLC™ 8000 Advanced Console Manager User Guide 96
6: Basic Parameters

Sample ipsec.conf Files

Sample ipsec.conf files are provided for a variety of tunnel setups and peers. In all examples, any left options are for the console manager/local side of the tunnel, and any right options are for the remote side of the tunnel.
Cisco Pre-Shared Key / XAUTH / MODECFG / IKEv1
Cisco ASA5525x Pre-Shared Key / IKEv1
Cisco ASA5525x Pre-Shared Key / IKEv2
Cisco ISR 2921 Pre-Shared Key / XAUTH / IKEv2
Cisco Pre-Shared Key / XAUTH / MODECFG / IKEv1
This configuration is an example of a remote access connection to a Cisco VPN server / responder that uses XAUTH and MODECFG servers to a VPN client. The use of aggressive mode requires that ike and esp algorithms be specified and exactly match what the Cisco server is expecting.
to authenticate and push dynamic IP addresses and DNS
Console manager configuration
The pre-shared key and the XAUTH password need to be configured via the console manager UI.
conn Cisco keyexchange=ikev1 ike=3des-md5-modp1024! esp=3des-md5-modp1024! aggressive=yes lifetime=28800s forceencaps=no authby=xauthpsk left=10.0.1.55 leftsourceip=%config4 leftid=@vpnid xauth=client xauth_identity=username modeconfig=pull right=220.41.123.45 rightsubnet=0.0.0.0/0 dpddelay=30 dpdtimeout=120 dpdaction=hold auto=start type=tunnel
SLC™ 8000 Advanced Console Manager User Guide 97
6: Basic Parameters
Cisco ASA5525x Pre-Shared Key / IKEv1
This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server / responder.
Console manager configuration
The pre-shared key needs to be configured via the console manager UI.
conn ASA5525 keyexchange=ikev1 ike=aes-sha1-modp1536! esp=aes-sha1-modp1536! aggressive=yes lifetime=86400s forceencaps=no authby=secret left=%any leftsubnet=192.168.0.0/24 modeconfig=pull right=192.168.1.130 rightsubnet=192.168.3.0/24 dpddelay=10 dpdtimeout=5 dpdaction=restart auto=start type=tunnel
Cisco configuration
Note: Main or aggressive mode is determined by the SLC side of the tunnel, and does
not require any change in the Cisco configuration:
interface GigabitEthernet0/0 nameif outside security-level 0 ip address 192.168.1.130 255.255.255.0
interface GigabitEthernet0/3 nameif inside security-level 100 ip address 192.168.3.130 255.255.255.0
object-group network local-network network-object 192.168.3.0 255.255.255.0 object-group network remote-network network-object 192.168.0.0 255.255.255.0
access-list asa-router-vpn extended permit ip object-group local-network object-group remote-network
route outside 192.168.0.0 255.255.255.0 192.168.1.204 1 route inside 192.168.3.250 255.255.255.255 192.168.3.250 1
crypto ipsec ikev1 transform-set ipsecvpn esp-aes esp-sha-hmac
SLC™ 8000 Advanced Console Manager User Guide 98
crypto ipsec security-association pmtu-aging infinite
crypto map site2site 10 match address asa-router-vpn set pfs group5 set peer 192.168.1.204 set ikev1 transform-set ipsecvpn crypto map site2site interface outside
crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes hash sha group 5 lifetime 86400
tunnel-group 192.168.1.204 type ipsec-l2l tunnel-group 192.168.1.204 ipsec-attributes ikev1 pre-shared-key *****
Cisco ASA5525x Pre-Shared Key / IKEv2
6: Basic Parameters
This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server / responder. The aggressive setting can be either yes configuration.
Console manager configuration
The pre-shared key needs to be configured via the console manager UI.
conn ASA5525 keyexchange=ikev2 ike=3des-sha2_256-modp1536! esp=3des-sha2_256-modp1536! aggressive=no lifetime=86400s forceencaps=no authby=secret left=%any leftsubnet=192.168.0.0/24 modeconfig=pull right=192.168.1.130 rightsubnet=192.168.3.0/24 dpddelay=0 dpdtimeout=5 dpdaction=restart auto=start type=tunnel
or no; the Cisco ASA will honor the peer
SLC™ 8000 Advanced Console Manager User Guide 99
6: Basic Parameters
Cisco configuration
interface GigabitEthernet0/0 nameif outside security-level 0 ip address 192.168.1.130 255.255.255.0
interface GigabitEthernet0/3 nameif inside security-level 100 ip address 192.168.3.130 255.255.255.0
object-group network local-network network-object 192.168.3.0 255.255.255.0 network-object 192.168.3.250 255.255.255.255 object-group network remote-network network-object 192.168.0.0 255.255.255.0 network-object 192.168.0.222 255.255.255.255
access-list asa-router-vpn extended permit ip object-group local-network object-group remote-network access-list ASA-SLC-ACCESS extended permit ip object-group local-network object-group remote-network
route outside 192.168.0.0 255.255.255.0 192.168.1.204 1 route inside 192.168.3.250 255.255.255.255 192.168.3.250 1
crypto ipsec ikev2 ipsec-proposal IPSECv2 protocol esp encryption 3des protocol esp integrity sha-256 crypto ipsec security-association pmtu-aging infinite
crypto map CM 20 match address ASA-SLC-ACCESS set pfs group5 set peer 192.168.1.204 set ikev2 ipsec-proposal IPSECv2 crypto map CM interface outside
crypto ikev2 policy 20 encryption 3des integrity sha256 group 5 prf sha256 lifetime seconds 86400 crypto ikev2 enable outside
tunnel-group 192.168.1.204 type ipsec-l2l tunnel-group 192.168.1.204 ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key *****
SLC™ 8000 Advanced Console Manager User Guide 100
Loading...