Lantronix and Lantronix Spider are registered trademarks of Lantronix, Inc. in the United States
and other countries. SLC and vSLM are trademarks of Lantronix, Inc.
Patented: patents.lantronix.com
Windows and Internet Explorer are registered trademarks of Microsoft Corporation. Firefox is a
registered trademark of the Mozilla Foundation. Chrome is a trademark of Google Inc. All other
trademarks and trade names are the property of their respective holders.
Warranty
For details on the Lantronix warranty policy, please go to our web site at
http://www.lantronix.com/support/warranty
Contacts
Lantronix Corporate Headquarters
7535 Irvine Center Drive
Suite100
Irvine, CA 92618, USA
For a current list of our domestic and international sales offices, go to the Lantronix web site at
www.lantronix.com/about/contact
.
GNU General Public License Notice
This product includes open source software, including software subject to the GNU General Public
Licenses (“GPL”). Lantronix will provide a CD-ROM containing the source files subject to the GPL
upon request by mail. To request a CD containing the source files, send a check payable to
“Lantronix, Inc.” for US $50.00 (per product) to the address below. This nominal charge covers
Lantronix’ costs for duplication, media, and postage. Your request should identify the Lantronix
product for which source code is desired, and the check must indicate “Open Source CD
Request”. Please allow 6-8 weeks for the CD to be shipped. For GPL source code requests or
inquiries please contact write to Lantronix, Inc., Attn: Open Source Request, 7535 Irvine Center
Drive, Irvine, CA 92618 USA. Any GPL Code made available is for informational purposes only
and distributed “As is" with no support and/or warranty of any kind intended, implied, or provided.
SLC™ 8000 Advanced Console Manager User Guide2
Disclaimer & Revisions
All information contained herein is provided “AS IS.” Lantronix undertakes no obligation to update
the information in this publication. Lantronix does not make, and specifically disclaims, all
warranties of any kind (express, implied or otherwise) regarding title, non-infringement, fitness,
quality, accuracy, completeness, usefulness, suitability or performance of the information provided
herein. Lantronix shall have no liability whatsoever to any user for any damages, losses and
causes of action (whether in contract or in tort or otherwise) in connection with the user’s access or
usage of any of the information or content contained herein. The information and specifications
contained in this document are subject to change without notice.
Operation of this equipment in a residential area is likely to cause interference, in which case the
user, at his or her own expense, will be required to take whatever measures may be required to
correct the interference.
Note:This equipment has been tested and found to comply with the limits for Class A digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with this user guide, may cause interference to radio
communications. Operation of this equipment in a residential area is likely to cause interference, in
which case the user will be required to correct the interference at his own expense.
User Information
Class A Equipment (Broadcasting and communication equipments for office work)
Seller and user shall be noticed that this equipment is suitable for electromagnetic equipments for
office work (Class A) and it can be used outside home.
Changes or modifications made to this device that are not explicitly approved by Lantronix will void
the user's authority to operate this device.
声明
此为 A 级产品,在生活环境中,该产品可能会造成无线电干扰。在这种情况下,
可能需要用户对其干扰采取切实可行的措施。
사용자안내문
기 종 별 사 용 자 안 내 문
A 급 기기
( 업무용방송통신기자재 )
이 기기는 업무용 (A 급 ) 전자파적합기기로서
판매자 또는 사용자는 이 점을 주의하시기
바라며 , 가정외의 지역에서 사용하는 것을
목적으로 합니다 .
SLC™ 8000 Advanced Console Manager User Guide3
Revision History
DateRev. Comments
March 2014APreliminary release.
October 2014BInitial document for firmware release 7.1.0.0.
June 2015CUpdated for firmware release 7.2.0.0.
June 2016DUpdated for firmware release 7.3.0.0.
January 2017EUpdated power cord information.
June 2017FUpdated for firmware release 7.4.0.0 and for new dual SFP transceiver port or
September 2017 GUpdated part number.
February 2018HUpdated for firmware release 7.5.0.0.
March 2018JUpdated to include additional SLC hardware and new trap information for firmware
June 2018KUpdated for firmware release 7.6.0.1R6.
August 2018LUpdated fail-over gateway details for Network Settings for firmware release
January 2019MUpdated for firmware release 7.7.0.0. Software changes include:
March 2019NUpdated for firmware release 7.8.0.0.
April 2019PUpdated for firmware release 7.9.0.0.
Changes include new operating atmosphere information and warning language in
Chinese and Korean. Software changes include additions in Telnet, SSH and TCP
timeout directions, number of sessions message, idle timeout message, VBUS
enabling, assert DTR, run web server, added mounted column information for
NFS Mounts, masked CHAP secret and DOD CHAP secret fields, USB devices in
diagnostics and addition of SSH bit option. SSL settings were removed so the
SSLv2 protocol option is no longer available.
dual Ethernet port capability options. Updated the following:
IPv6 Neighbor Table, Ethernet Bonding Status links, and IPv6 Forward Flag
under Network Settings.
IKE v2, x.509 Certificate, Certificate Authority/Certificate File for Remote Peer,
Certificate Authority/Certificate File/Key File for Local Peer, SA Lifetime,
Remote and Dead Peer settings under Network VPN.
Enable v1/v2c, Trap Version, Alarm Delay to SNMP, and Trap User Name,
Password and Passphrase under SNMP Services.
Added ability change and reset BootCount, BootDelay and BootLimit.
release 7.5.0.0.
7.6.0.1.
hostname resolution in local hosts table
extended device port timers range
new user notifications when connecting to a device port
support for iPerf3
support for dual channel USB devices
auto enable DTR on device ports
Xmodem support
device port baud rate can be set while connected to a device port
openSSH and openSSL upgraded
SNMP v3 SHA2 support
expanded support for HSPA+ gateway integration
Added support for custom Expect scripts that can be connected to the SLC CLI or
a device port.
Added support for custom Python and Tcl scripts.
SLC™ 8000 Advanced Console Manager User Guide4
Date
Rev. Comments
(continued)
November 2019RUpdated the following:
Starting with release 8.0.0.0, added support for CLI commands issued from
ConsoleFlow in bulk
Starting with release 8.1.0.0, added VPN interoperability and configuration.
Starting with release 8.3.0.0, newly manufactured factory default SLC units use
a device-unique default password for local user sysadmin accounts.
SLC™ 8000 Advanced Console Manager User Guide5
Table of Contents
Intellectual Property ________________________________________________________2
Warranty _________________________________________________________________2
Contacts _________________________________________________________________2
GNU General Public License Notice ____________________________________________ 2
Disclaimer & Revisions ______________________________________________________3
Revision History ___________________________________________________________4
Table of Contents __________________________________________________________6
List of Figures ____________________________________________________________16
List of Tables ____________________________________________________________20
1: About this Guide 21
Purpose and Audience _____________________________________________________21
Summary of Chapters ______________________________________________________21
Additional Documentation ___________________________________________________22
2: Introduction 23
Features ________________________________________________________________23
Console Management __________________________________________________23
Power _______________________________________________________________24
Integration with Other Secure Lantronix Products _____________________________24
Hardware ________________________________________________________________24
System Features __________________________________________________________26
Recommendations ________________________________________________________50
Method #1 Using the Front Panel Display _______________________________________51
Front Panel LCD Display and Keypads _____________________________________ 51
Limiting Sysadmin User Access ___________________________________________54
Method #2 Quick Setup on the Web Page ______________________________________ 55
Date & Time Settings ___________________________________________________ 57
Administrator Settings __________________________________________________57
Method #3 Quick Setup on the Command Line Interface ___________________________58
Next Step _______________________________________________________________61
5: Web and Command Line Interfaces 62
Web Manager ____________________________________________________________62
Logging in ____________________________________________________________64
Logging Out __________________________________________________________ 64
Web Page Help _______________________________________________________65
Command Line Interface ____________________________________________________65
Logging In ____________________________________________________________65
Logging Out __________________________________________________________ 66
Performance Monitoring Commands ______________________________________114
FQDN List ______________________________________________________________114
7: Services 116
System Logging and Other Services __________________________________________116
SSH/Telnet/Logging ______________________________________________________117
System Logging ______________________________________________________118
Web SSH/Telnet Copy and Paste ________________________________________132
Secure Lantronix Network Commands _____________________________________133
Date and Time ___________________________________________________________133
Date and Time Commands ______________________________________________ 135
Web Server _____________________________________________________________135
Admin Web Commands ________________________________________________ 137
Device Port - Sensorsoft Device __________________________________________ 175
Device Port Commands ________________________________________________ 176
Device Commands ____________________________________________________176
Interacting with a Device Port _______________________________________________176
Device Ports - Logging and Events ___________________________________________177
Local Logging ________________________________________________________177
Example Scripts ______________________________________________________ 206
Sites __________________________________________________________________222
Site Commands ______________________________________________________ 225
Modem Dialing States _____________________________________________________ 225
Dial In ______________________________________________________________225
Authentication Commands ______________________________________________253
User Rights _____________________________________________________________253
Local and Remote User Settings ____________________________________________255
User Attributes & Permissions from LDAP Schema or RADIUS VSA _____________ 273
Kerberos _______________________________________________________________274
Telnet/SSH to a Remote Device _____________________________________________319
Dial-in (Text Mode) to a Remote Device _______________________________________ 321
Local Serial Connection to Network Device via Telnet ____________________________322
15: Command Reference 324
Introduction to Commands _________________________________________________324
Table 9-22 Control Flow Commands ________________________________________________204
Table 12-2 User Types and Rights _________________________________________________254
Table 15-1 Actions and Category Options ___________________________________________ 324
SLC™ 8000 Advanced Console Manager User Guide20
1:About this Guide
Purpose and Audience
This guide provides the information needed to install, configure, and use the Lantronix SLC™
8000 advanced console manager. The SLC unit is for IT professionals who must remotely and
securely configure and administer servers, routers, switches, telephone equipment, or other
devices equipped with a serial port for facilities that are typically remote branch offices or
“distributed” IT locations.
Summary of Chapters
The remaining chapters in this guide include:
Chapter Description
Chapter 2: IntroductionDescribes the SLC 8000 models, their main features, and the protocols they
support.
Chapter 3: InstallationProvides technical specifications; describes connection form factors and
power supplies; provides instructions for installing the SLC 8000 advanced
console manager in a rack.
Chapter 4: Quick SetupProvides instructions for getting your SLC unit up and running and for
configuring required settings.
Chapter 5: Web and
Command Line Interfaces
Chapter 6: Basic Parameters Provides instructions for configuring network ports, firewall and routing
Chapter 7: ServicesProvides instructions for enabling and disabling system logging, SSH and
Chapter 8: USB/SD Card Port Provides instructions for using the USB port.
Chapter 9: Device PortsProvides instructions for configuring global device port settings, individual
Chapter 10: Remote Power
Managers
Chapter 11: ConnectionsProvides instructions for configuring connections and viewing, updating, or
Chapter 12: User
Authentication
Chapter 13: MaintenanceProvides instructions for upgrading firmware, viewing system logs and
Chapter 14: Application
Examples
Describes the web and command line interfaces available for configuring
the SLC 8000 advanced console manager.
The configuration chapters (6-12) provide detailed instructions for using the
web interface and include equivalent command line interface commands.
settings, and VPN.
Telnet logins, SNMP, SMTP, and the date and time.
device port settings, and console port settings.
Provides instructions for using RPMs.
disconnecting a connection.
Provides instructions for enabling or disabling methods that authenticate
users who attempt to log in via the web, SSH, Telnet, or the console port.
Provides instructions for creating custom menus.
diagnostics, generating reports, and defining events. Includes information
about web pages and commands used to shut down and reboot the SLC
8000 advanced console manager.
Shows how to set up and use the SLC unit in three different configurations.
SLC™ 8000 Advanced Console Manager User Guide21
Chapter (continued)Description
Chapter 15: Command
Reference
Appendix A: Security
Considerations
Appendix B: Safety
Information
Appendix C: Adapters and
Pinouts
Appendix D: Protocol
Glossary
Appendix E: Compliance
Information
Lists and describes all of the commands available on the SLC command line
interface
Provides tips for enhancing SLC security.
Lists safety precautions for using the SLC 8000 advanced console
manager.
Includes adapter pinout diagrams.
Lists the protocols supported by the SLC unit with brief descriptions.
Provides information about the SLC 8000 advanced console manager’s
compliance with industry standards.
Additional Documentation
Visit the Lantronix Web site at www.lantronix.com/support/documentation for the latest
documentation and the following additional documentation.
Provides accessories and part number information,
hardware installation instructions, directions to connect the
SLC unit, and network IP configuration information.
Provides product overview information and specifications.
SLC™ 8000 Advanced Console Manager User Guide22
2:Introduction
The SLC 8000 advanced console manager enables IT system administrators to manage remote
servers and IT infrastructure equipment securely over the Internet.
IT equipment can be configured, administered, and managed in a variety of ways, but most
devices have one of two methods in common: via USB port and/or via an RS-232 serial port,
sometimes called a console, auxiliary, or management port. These ports are often accessed
directly by connecting a terminal or laptop to them, meaning that the administrator must be in the
same physical location as the equipment. The SLC 8000 advanced console manager gives the
administrator a way to access them remotely from anywhere there is a network or modem
connection. The SLC 8000 unit can accommodate up to three I/O modules (16-port USB I/O
module and/or 16-port RJ45 I/O module.)
Many types of equipment can be accessed and administered using console managers including:
Other systems with serial interfaces: Heating/cooling systems, security/building access
systems, UPS, medical devices.
The key benefits of using console managers:
Saves money: Enables remote management and troubleshooting without sending a
technician onsite. Reduces travel costs and downtime costs.
Saves time: Provides instant access and reduces response time, improving efficiency.
Simplifies access: Enables you to access equipment securely and remotely after hours and
Protects assets: Security features provide encryption, authentication, authorization, and
Features
Console Management
Up to 48 serial RJ45 RS-232 and/or USB type A ports for console connectivity
Enables system administrators to remotely manage devices with serial and/or USB console
on weekends and holidays—without having to schedule visits or arrange for off-hour access.
firewall features to protect your IT infrastructure while providing flexible remote access.
The SLC advanced console manager provides features such as convenient text menu
systems, break-safe operation, port buffering (logging), remote authentication, and Secure
Shell (SSH) access. Dial-up modem support ensures access when the network is not
available.
Note:USB ports are generally intended to connect directly to USB console ports. It
is also possible to connect a USB to serial adapter to them to connect to serial
console ports, if needed.
ports, e.g., Linux, Unix, and recent versions of Windows servers, routers, telecom, and
switches with RS-232C (now EIA-232) or USB compatible serial consoles in a 1U-tall rack
space. All models have two Ethernet ports, called Eth1 and Eth2 in this document.
Provides data logging, monitoring, and secure access control via the Internet
SLC™ 8000 Advanced Console Manager User Guide23
Power
Universal AC power input (100-240V, 50/60 Hz) or 20-72 VDC power input hardware option
Convection cooled, silent operation, low power consumption
Integration with Other Secure Lantronix Products
Can integrate seamlessly with the ConsoleFlow™ or vSLM™ management appliance
software for a complete end-to-end Out-of-Band (OOB) management solution.
Hardware
SLC Chassis: The SLC 8000 advanced console manager has a 1U-tall (1.75 inch), self-
contained rack-mountable chassis.
Three I/O Module Bays are available on the back of the SLC unit, and able to accommodate
a combined total of 48 device ports depending on the number of I/O modules installed. See
Figure 2-2. Configuration possibilities are listed below. See Appendix C: Adapters and
Pinouts on page 419 for more information on serial adapters and pin-outs, and also Table 3-8
on page 41 which describes different I/O module configurations.
2: Introduction
-Up to three 16-port RJ45 I/O modules can be installed to provide a maximum of forty-
eight serial RS-232C (EIA-232) device ports. The serial RJ45 ports match the RJ45 pin-
outs of the console ports of many popular devices found in a network environment, and
where different can be converted using Lantronix adapters.
-Up to three 16-port USB I/O modules can be installed to provide a maximum of forty-
eight USB I/O device ports.
-A combination of 16-port USB I/O modules and 16-port RJ45 I/O modules can be
installed to provide up to forty-eight serial RJ45 ports and/or USB type A ports, according
to the type and number of I/O modules installed on the back of the SLC unit.
Note:The SLC8008 ships with an 8-port serial module that must be installed in
the first bay. This module is not available separately. See Table 3-8 on page 41
which describes different I/O module configurations.
Network Interface on the back left side of the SLC unit can accommodate either a factory-
installed:
-Dual 10/100/1000 Base-T Ethernet port I/F card. Ethernet ports are referred to as Eth1
and Eth2 in the user interface and this user guide.
-Dual SFP port I/F card to support 1 Gigabit-capable single or multi-mode fiber or copper
SFP transceiver modules. Single and multi-mode SFP transceiver modules are referred to
as F1 in the user interface and this user guide.
Notes:
1000 BASE-T SFP transceiver copper modules need to use RX_LOS signal within
SFP interface pins for the indicator on Link Status LED. Not all vendor 1000 Base-T
SFP modules provide this feature. Qualified copper SFP transceiver modules with this
feature include the following: the Finisar 1000 Base-T Copper SFP Transceiver
FCLF8250P2BTL and the Fiberstore Cisco SFP-GE-T Compatible 1000 Base-T SFP
RJ-45 100m Transceiver.
SFP transceiver modules are provided by users according to fiber mode and brand
preferences. Network ports and the SFP port have LEDs to indicate link and activity
SLC™ 8000 Advanced Console Manager User Guide24
2: Introduction
status. If a single mode and a multi-mode are both installed the SLC 8000 unit, the
device can be configured to utilize one mode at a time.
Front Console Panel Ports (see Figure 2-1)
-One serial console port (RJ45) for VT100 terminal or PC with emulation with LED for
activity indicators
-Two USB type A ports for use with flash drives or external USB modems
-Optional internal modem
-One Secure Digital (SD) memory card slot (SD card provided by the user)
-One RJ11 modem port on the front panel
Note:Use of the RJ11 modem port requires installation of an optional modem
card (Lantronix part number 56KINTMODEM-01) - see Modem Installation on
page 43.
-LCD display and keypad
256 KB-per-port buffer memory for serial device ports
Software reversible device port pinouts
Either universal AC power input (100-240V, 50/60 Hz) or DC power input (20-72 VDC)
Note:For more detailed information, see Chapter 4: Quick Setup on page 50.
Figure 2-1 SLC 8048 Unit (Front Side) - Part Number SLC 804812N-01-S
Front-mid-rear
Mounting Bracket
Indicator LEDLCDKeypadSD CardConsole
Dual USB Ports
Modem
(Optional)
SLC™ 8000 Advanced Console Manager User Guide25
Figure 2-2 SLC 8048 Unit Samples (Back Side) - Part Number SLC80482201S
Note:For the SFP modules that Lantronix resells or supports for operation with our SLC
console managers, please refer to https://www.lantronix.com/products/sfp/
Dual Ethernet Port
2: Introduction
OR
Dual SFP Port
Three I/O Modular Device Port Bays
The SLC 8000 supports the use of single mode, multimode fiber optic and copper SFP transceiver modules in
dual SFP port models. SFP modules are provided by the
user.
System Features
The SLC 8000 firmware has the following basic capabilities:
Software reversible device port pinouts (serial RJ45 ports only)
The back of the SLC unit appearance and function will
depend upon:
1) The type(s) of I/O modules installed in Bay 1, Bay 2
and Bay 3. See Table 3-8 on page 41.
2) The type of I/F card (dual Ethernet port or dual SFP
port) installed. If a dual SFP port is installed, then the
type of SFP transceiver module (single mode optic
fiber, multi-mode optic fiber, or copper) inserted into the
SFP port will also impact appearance and function.
Connects up to 48 RS-232 serial consoles or up to 48 USB consoles
Support use of simple straight-through cables for use with Cisco, Sun and other devices that
use the “Cisco” RJ-45 serial pinouts
10/100/1000 Base-T Ethernet network compatibility or SFP ports to support single or multi-
mode 1 Gigabit SFP transceiver modules
Buffer logging to file
Email and SNMP notification
ID/Password security, configurable access rights
Secure shell (SSH) security; supports numerous other security protocols
Network File System (NFS) and Common Internet File System (CIFS) support
RAW TCP, Telnet or SSH to a serial port by IP address per port or by IP address and TCP port
number
Configurable user rights for local and remotely authenticated users
Supports an external modem
SLC™ 8000 Advanced Console Manager User Guide26
2: Introduction
No unintentional break ever sent to attached servers (Solaris Ready)
Simultaneous access on the same port - “listen” and “direct” connect mode
Remote power manager (RPM) control of UPS and PDU devices
Local access through a dedicated front panel serial console port
Web administration (using most browsers)
Protocols Supported
The SLC 8000 advanced console manager supports the TCP/IP network protocol as well as:
SSH, Telnet, PPP, NFS, and CIFS for connections in and out of the SLC console manager
SMTP for mail transfer
DNS for text-to-IP address name resolution
SNMP for remote monitoring and management
SCP, FTP and SFTP for file transfers and firmware upgrades
TFTP for firmware upgrades
DHCP and BOOTP for IP address assignment
HTTPS (SSL) for secure browser-based configuration
NTP for time synchronization
LDAP with Group support, NIS, RADIUS with VSA support, CHAP, PAP, Kerberos, TACACS+
with Group support, and SecurID (via RADIUS) for user authentication
Callback Control Protocol (CBCP)
IPsec for VPN access
For brief descriptions of these protocols, see Appendix D: Protocol Glossary on page 422.
Access Control
The system administrator controls access to attached servers or devices by assigning access
rights to up to 128 user profiles. Each user has an assigned ID, password, and access rights.
Other user profile access options may include externally configured authentication methods such
as Radius, TACACS+, NIS, and LDAP. Groups are supported in LDAP, RADIUS (using VSA), and
TACACS+ (using priv_lvl).
Device Port Buffer
The SLC 8000 unit supports real-time data logging for each device port. The port can save the
data log to a file, send an email notification of an issue, or take no action.
You can define the path for logged data on a port-by-port basis, configure file size and number of
files per port for each logging event, and configure the device log to send an email alert message
automatically to the appropriate parties indicating a particular error.
Configuration Options
You may use the back lit front-panel LCD display for initial setup and configuration and to view
current network, console, and date/time settings, and get internal temperature status.
SLC™ 8000 Advanced Console Manager User Guide27
2: Introduction
Both a web interface viewed through a standard browser and a command line interface (CLI) are
available for configuring the SLC settings and monitoring performance.
Device Port and Console Port Interfaces
RS-232 RJ45 Interface
Device ports are located on the back of the SLC 8000 unit (please see Figure 2-2). The console
port is located on the front of the SLC 8000 unit (please see Figure 2-8). All devices attached to
the device ports and the console port must support the RS-232C (EIA-232) standard. For serial
RJ45 device ports and the console port, RJ45 cabling (e.g., category 5 or 6 patch cabling) is used.
Serial RJ45 device ports for the SLC 8000 advanced console manager are reversed by default so
that straight-through RJ45 patch cables may be used to connect to Cisco and Sun RJ45 serial
console ports. If you are replacing an SLC with an SLC 8000 you can either switch the ports to the
non-reversed pinout used by SLC units and use your original cables and adapters, or remove any
rolled cables or adapters and replace them with straight-through RJ45 cables, e.g. Ethernet patch
cables.
Note:RJ45 to DB9/DB25 adapters are available from Lantronix. For serial pinout
information, see the Appendix C: Adapters and Pinouts on page 419.
Device ports and the console port support the following baud-rate options: 300, 600, 1200, 2400,
4800, 9600, 19200, 38400, 57600, 115200 and 230400 baud.
USB Interface
The SLC unit can contain up to up to three I/O modules comprised of 16-port USB I/O module(s)
and/or 16-port RJ45 I/O module(s) installed in the three module bays available from the back of
the SLC 8000 unit. USB device ports can be used with a USB type A connector to serial adapter, if
needed.
Figure 2-3 shows an SLC unit containing two 16-port RJ45 I/O modules installed in Bay 1 and
Bay 2 for a total of 32 serial RJ45 device ports and one 16-port USB I/O module installed in Bay 3,
for a total of 48 device ports. Figure 2-4 shows an SLC unit containing three 16-port RJ45 I/O
modules installed in Bay 1, Bay 2 and Bay 3 for a total of 48 serial RJ45 device ports.
Note:When installing I/O modules into an SLC 8000 (Figure 2-2), Bay 1, Bay 2, and Bay
3 must be populated in order. The 8-port RJ45 serial module is supported on Bay 1 only.
I/F Card Slot: Dual Small Form-Factor Pluggable (SFP) or Dual Ethernet Port
On the left back side of the SLC 8000 unit, a dual SFP port or dual Ethernet port I/F card can be
installed. See Figure 2-5. If the dual SFP port is installed, copper or optic fiber 1 Gigabit SFP
transceiver modules may be used. The SLC 8000 supports use of single and multi-mode SFPs.
SLC™ 8000 Advanced Console Manager User Guide28
2: Introduction
Figure 2-3 Three 16-Port USB I/O Modules Installed in Bays 1, 2, & 3 with Dual Ethernet Port
Bay 1 Bay 2 Bay 3
Figure 2-4 One 16-Port USB I/O Module Installed in Bay 1 with Dual Ethernet Port
Bay 1 Bay 2 Bay 3
Figure 2-5 One 16 RJ-45 Serial Port I/O Module (Bay 1) & Two 16 USB I/O Module (Bays 2 & 3) with
Bay 1 Bay 2 Bay 3
Dual SFP Port
SLC™ 8000 Advanced Console Manager User Guide29
Figure 2-6 SFP Port LEDs
Table 2-7 Device (DCE Reversed & DTE) Port Pinout
DCE PinDTE PinDescription
81RTS (output)
72DTR (output)
63TXD (output)
54Ground
45Ground
36RXD (input)
27DSR (input)
18CTS (input)
2: Introduction
Figure 2-8 Console Port (Front Side)
Table 2-9 Console (DTE) Port Pinout
DTE PinDescription
1RTS (output)
2DTR (output)
3TXD (output)
4Ground
5Ground
6RXD (input)
7DSR (input)
8CTS (input)
SLC™ 8000 Advanced Console Manager User Guide30
2: Introduction
Network Connections
The SLC 8000 network interfaces are 10/100/1000 Base-T Ethernet for use with a conventional
Ethernet network as shown in Figure 2-10. Use standard RJ45-terminated cables, like Category 5
or 6 patch cable. CAT5E or better cables are recommended for 1000 Base Ethernet. Network
parameters must be configured before the SLC console manager can be accessed over the network.
Note:One possible use for the two Ethernet ports is to have one port on a private,
secure network and the other on a public, unsecured network. The SLC 8000 can also be
equipped with a factory-installed NIC (Ethernet RJ45 or SFP ports). The NIC with SFP
ports can support single/multi-mode fiber or copper SFP transceiver modules at 1 Gigabit
speed.
Figure 2-10 Dual Ethernet Network Connection
Figure 2-11 Inserting SFP Transceiver Module into the SFP Port
SLC™ 8000 Advanced Console Manager User Guide31
2: Introduction
Front Panel USB Ports
The SLC 8000 unit has two 2.0 USB ports (HS, FS, LS) on the front panel, as seen in Figure 2-12.
Figure 2-12 Dual USB Ports
Memory Card Port
The SLC unit has a memory card port on the front panel of the unit which accepts SD cards.
Figure 2-13 Memory Card Port
SLC™ 8000 Advanced Console Manager User Guide32
2: Introduction
Internal Modem
An internal modem can be installed in the SLC 8000 advanced console manager. See Modem
Installation on page 43 for instructions.
Figure 2-14 Internal Modem Location
SLC™ 8000 Advanced Console Manager User Guide33
3:Installation
This chapter provides a high-level procedure for installing the SLC advanced console manager
followed by more detailed information about the SLC connections and power supplies.
Caution:To avoid physical and electrical hazards, please read
Appendix A: Security Considerations on page 416 before installing the
SLC 8000 advanced console manager.
What's in the Box
Table 3-1 lists all included components that come in the box and their corresponding part
numbers.
Part NumberComponent Description
SLC 8000 Advanced Console Manager Models
Part number
depends on SLC
model.*
Cables
200.2070ARJ45 to DB9F Adapter
200.0062RJ45 to RJ45, Cat5, 6.6 ft (2 m)
500-153RJ45 Loopback Plug
North American Power Cords
500-041-RFor AC Supply Models, USA & Canada: 110V AC Power Cord,
083-152-RFor DC Supply Models, USA & Canada: the DC Installation Kit is included.
SLC 8000 Advanced Console Manager
Note: *Please visit https://www.lantronix.com/products/lantronix-slc-8000/#tab-order to
view available SLC models and configurations. See Customize an SLC 8000 on page 35.
Note: Not available with SFP fiber versions.
8 ft (2.43 m), RoHS.
Note: Power cords for other international regions are available and sold separately. See
Table 3-2.
Table 3-1 What’s in the Box
Notes:
Accessories that can be ordered separately are listed below in Table 3-2. Regional
power cords are available as accessories.
SLC 8000 single and dual AC supply variants ship with 110V North American AC
power cord(s).
* TAA Compliant models available, replace the “S” with “G” in the SKUs above, (e.g.
SLC80321201G for 16-Port RS-232 (RJ45) Single AC Supply).
Verify and inspect the contents of the SLC package using the enclosed packing slip or the table
above. If any item is missing or damaged, contact your place of purchase immediately.
Customize an SLC 8000
Build any combination up to 48 managed console ports by following these easy steps:
1. Pick a baseline configuration:
2. Add up to two modules:
3. Choose from Single AC, Dual AC or Dual DC power supply.
4. Choose from Ethernet Copper or SFP (Dual AC) variants.
6. Protect investment with various extended warranty and service options.
SLC™ 8000 Advanced Console Manager User Guide35
3: Installation
Product Label
The product label on the underside of the SLC 8000 advanced console manager contains the
following information about each SLC unit:
Part Number
Product Revision
Country of Manufacturing Origin
Serial Number
Manufacturing Date Code
Bar Code
Figure 3-3 Product Label
Technical Specifications
Table 3-4 SLC Technical Specifications
ComponentDescription
Serial Interface (Device)
USB 2.0 Interface
(Device)
Up to 48 RJ45-type 8-conductor connectors as up to three16-port RJ45 I/O
Speed software selectable (300 to 230400 baud)
are reversed by default. Do not use rolled cables and adapters when replacing
an SLC console manager with the SLC 8000 model.
Up to 48 USB type A (Host) as up to three 16-port USB I/O modules can be
HS, FS, and LS
Capable of providing VBUS 5V up to 100 mA per port, but not to exceed 600
May be used with a USB-to-serial adapter to connect a serial device, if
Caution:USB ports are designed for data traffic only. They are not
designed for charging or powering devices. Over-current conditions on
VBUS 5V may disrupt operations.
modules can be installed. These connectors have individually configurable
standard and reversible pinouts, 8 or 16 ports per I/O module.
Note: Serial RJ45 device ports for the SLC 8000 advanced console manager
installed
mA total per 16-port USB I/O module.
needed. Please contact Lantronix for the list of tested adapters.
SLC™ 8000 Advanced Console Manager User Guide36
Component (continued)Description
Serial Interface (Console) (1) RJ45-type 8-pin connector (DTE)
Speed software selectable (300 to 230400 baud)
LEDs:
Green light ON indicates data transmission activities
Yellow light ON indicates data receiving activities
Network Interface
(2) 10/100/1000 Base-T RJ45 Ethernet with LED indicators:
Green light ON indicates a link at 1000 Base-T.
Green light OFF indicates a link at other speeds or no link.
Yellow light ON indicates a link is established.
Yellow light blinking indicates activity.
OR
(2) SFP ports to support standard fiber or copper SFP transceiver modules
(single or multi-mode) at speed 1 Gigabit. LED indicators:
Green light ON indicates a link is established.
Green light OFF indicates no link.
Yellow light steady ON indicates no activity.
Yellow light blinking indicates activity.
Power Supply AC
(single or dual)
Universal AC power input: 100-240 VAC
50 or 60 Hz IEC 60320/C14
Power Supply DC (dual)20V to 72V input
Power Consumption
Less than 25W with 48 RS232 serial ports
Less than 45W with 48 USB ports
Dimensions1U, 1.75 in x 17.25 in x 12 in
Weight
Temperature
Relative Humidity
Front USB Ports
12.1 lbs with 48 serial ports
11.8 lbs with 48 USB ports
Operating: 0 to 50°C (32 to 122°F)
Storage: -30 to 80°C (-22 to 176°F)
Operating: 10% to 90% non-condensing
Storage: 10% to 95% non-condensing
(2) ports, type A, host USB 2.0 (HS, FS, LS)
Memory CardSingle memory card slot supporting:
SD
SDHC
Optional Internal Modem
300 bps to 56K bps data rate
Upstream 48K bps, downstream 56K bps
V.44 data compression (V92MB-U, V92HU)
V.42 bis and MNP-5 data compression
V.29 FastPOS support
Caller ID type I and II for select countries
Agency approvals: Transferable FCC68, CS03 and CTR21 certifications,
IEC60601-1 (Medical Electronics) compliant, CE Marking, IEC60950 approved
Operating Atmosphere
Caution:EQUIPMENT
For use at altitudes no more than 2000 meters above sea level only.
仅适用于海拔 2000m 以下地区安全使用
IS FOR INDOOR USE
ONLY!
For use in non-tropical conditions only.
仅适用于非热带气候条件下安全使用
3: Installation
SLC™ 8000 Advanced Console Manager User Guide37
Physical Installation
Install the SLC 8000 advanced console manager in an EIA-standard 19-inch rack (1U tall) or as a
desktop unit. The SLC module uses convection cooling to dissipate excess heat.
To install the SLC 8000 advanced console manager in a rack:
1. Place the SLC unit in a 19-inch rack.
Warning:Do not to block the air vents on the sides of the SLC module. If you
mount the SLC advanced console manager in an enclosed rack, we
recommend that the rack have a ventilation fan to provide adequate
airflow through the SLC unit.
2. Connect the serial device(s) to the SLC unit ports. See the section,
Connecting to a Device Port (on page 38).
3. Choose one of the following options:
-To configure the SLC 8000 advanced console manager using the network, or to monitor
serial devices on the network, connect at least one SLC network port to a network. See
Connecting to Network Ports (on page 41).
-To configure the SLC unit using a dumb terminal or a computer with terminal emulation,
connect the terminal or PC to the front panel SLC console port. See
Connecting Terminals (on page 41).
3: Installation
4. Connect the power cord, and apply power. See AC Input (on page 42).
5. Wait approximately one minute for the boot process to complete.
When the boot process ends, the SLC host name and the clock appear on the LCD display.
Now you are ready to configure the network settings as described in Chapter 4: Quick Setup.
Connecting to a Device Port
You can connect almost any device that has a serial console port to a device port on the SLC 8000
unit for remote administration. The console port must support the RS-232C interface.
Note:Many servers must either have the serial port enabled as a console or the
keyboard and mouse detached. Consult the server hardware and/or software
documentation for more information.
To connect to a serial RJ45 device port:
1. Connect one end of the Cat 5 cable to the device port.
2. Connect the other end of the Cat 5 cable to an RJ45 serial console port or to other port types
using a Lantronix serial console adapter.
Notes:
See Device Port Commands to enable or disable reverse pinouts through the CLI.
Table 3-5 and Table 3-6 provide additional information on reverse pinouts.
See Appendix C: Adapters and Pinouts for information about Lantronix adapters.
3. Connect the adapter to the serial console port on the serial device as shown in Figure 3-7.
SLC™ 8000 Advanced Console Manager User Guide38
Table 3-5 Console Port and Device Port - Reverse Pinout Disabled
Pin Number Description
1RTS (output)
2DTR (output)
3TXD (output)
4Ground
5Ground
6RXD (input)
7DSR (input)
8CTS (input)
Table 3-6 Device Port - Reverse Pinout Enabled (Default)
Pin Number Description
1CTS (input)
2DSR (input)
3RXD (input)
4Ground
5Ground
6TXD (output)
7DTR (output)
8RTS (output)
3: Installation
To connect to a USB device port:
1. Connect the USB type A connector of a USB cable to a device port.
2. Connect the other end of the USB cable to a USB console port.
Figure 3-7 shows a sample I/O module installation with two 16-port RJ45 I/O modules and one
16-port USB I/O module, and how the device ports correspond to the buttons on the Dashboard.
SLC™ 8000 Advanced Console Manager User Guide39
Figure 3-7 Sample Device Port Connections (Back Side)
Bay 1 Bay 2 Bay 3
3: Installation
16-Port RJ45
I/O Module
(Part Number
FRRJ451601)
16-Port RJ45
I/O Module
(Part Number
FRRJ451601)
16-Port USB
I/O Module
(Part Number
FRUSB1601)
Modular Expansion for I/O Module Bays
The SLC 8000 advanced console manager, which provides 3 separate bays, supports the
flexibility to change the I/O module configuration by offering a 16-port module for expansion. When
populating the bays, Bay 1, Bay 2 and Bay 3 must be populated in consecutive order. Bay 1 is the
slot next to the Ethernet ports and Bay 3 is the slot beside the power supply module. See
Figure 3-7 and Table 3-8. When device ports are unused or unsupported, they do not appear in
the Dashboard. See Sample Dashboards.
Note:See the SLC 8000 I/O Module Installation Guide for information on installing I/O
modules.
SLC™ 8000 Advanced Console Manager User Guide40
Table 3-8 Available I/O Module Configurations
3: Installation
Note:The 8-port RJ45 serial module is supported on Bay 1 only. The available I/O
module configurations in Table 3-8 are supported with either dual Gigabit Ethernet or dual
SFP ports.
Connecting to Network Ports
The SLC network ports, 10/100/1000 Base-T Ethernet, allow remote access to the attached
devices and the system administrative functions. Use a standard RJ45-terminated Category 5
cable to connect to the network port. A CAT5e or better cable is recommended for use with a
1000 Base-T Ethernet connection.
Note:One possible use for the two Ethernet ports is to have one port on a private,
secure network, and the other on an unsecured network.
Connecting Terminals
The console port is for local access to the SLC 8000 advanced console manager and the attached
devices. You may attach a dumb terminal or a computer with terminal emulation to the console
port. The SLC console port uses RS-232C protocol and supports VT100 emulation. The default
serial settings are 9600 baud, 8 bit data, No parity, 1 stop bit with no flow control.
To connect the console port to a terminal or computer with terminal emulation, Lantronix offers
optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector.
The console port is configured as DTE (non-reversed RJ45). See Appendix C: Adapters and
Pinouts on page 419 for more information.
SLC™ 8000 Advanced Console Manager User Guide41
3: Installation
To connect a terminal:
1. Attach the Lantronix adapter to your terminal (typically a PN 200.2066A adapter - see
Figure C-1) or your PC's serial port (use PN 200. adapter - see Figure C-4).
2. Connect the Cat 5 cable to the adapter, and connect the other end to the SLC console port.
3. Turn on the terminal or start your computer's communication program (e.g., PuTTY or
TeraTerm Pro).
4. Once the SLC 8000 advanced console manager is running, press Enter to establish
connection. You should see the model name and a login prompt on your terminal.
5. On a factory default SLC you may log in using sysadmin as the user name and the last 8
characters of the Device ID (for newly manufactured units that come installed with 8.3.0.0 or later)
or PASS (for all older units) as the password.
AC Input
The power supply module for the SLC controller accepts AC input voltage of 100-240 VAC, 50/60
HZ. Rear-mounted IEC-type AC power connectors are provided for universal AC power input.
(See What's in the Box on page 34.)
Warning:Risk of serious electric shock! Disconnect all power cords before
servicing the SLC.
Figure 3-9 AC Power Input
SLC™ 8000 Advanced Console Manager User Guide42
3: Installation
Modem Installation
Caution:TO REDUCE THE RISK OF FIRE, USE ONLY NO. 26 AWG OR LARGER
(e.g., 24 AWG) UL LISTED OR CSA CERTIFIED TELECOMMUNICATION
LINE CORD.
Attention: POUR RÉDUIRE LES RISQUES D'INCENDIE, UTILISER UNIQUEMENT DES
CONDUCTEURS DE TÉLÉCOMMUNICATIONS 26 AWG AU DE SECTION
SUPÉRLEURE.
Warning:RISK OF ELECTRICAL SHOCKS; DISCONNECT ALL POWER AND
PHONE LINES BEFORE SERVICING!
Caution:DEVICES INSIDE THE EQUIPMENT AND THE MODEM ARE
ELECTROSTATIC -SENSITIVE; DO NOT HANDLE EXCEPT AT A STATIC
FREE WORKPLACE.
MODEM PART NUMBER
Lantronix 56KINTMODEM-01
MODEM SERVICING INSTRUCTIONS
You will need a medium size Phillips screw driver.
1. Turn off power to the SLC 8000 advanced console manager.
2. Locate the battery modem door on the top of the SLC unit.
SLC™ 8000 Advanced Console Manager User Guide43
3: Installation
3. Carefully unscrew and lift the door off with the screw driver.
4. Take note of the orientation of the modem in the photograph so that you can install a new
modem correctly with the same orientation.
5. If there is a modem replacement, carefully lift the old modem out of its socket.
6. Install the new modem with correct orientation.
SLC™ 8000 Advanced Console Manager User Guide44
7. Make sure to have correct pin alignment.
8. Press the modem down to make sure it sits down all the way in the socket.
3: Installation
9. Double-check the new modem placement to make sure it is done properly.
10. Place the battery/modem door back.
11. Carefully tighten the door screw.
SLC™ 8000 Advanced Console Manager User Guide45
3: Installation
Battery Replacement
Caution:RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT
TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE
INSTRUCTIONS.
Attention: II Y A DANGER D'EXPLOSION S'IL Y A REMPLACEMENT INCORRECT DE LA
BATTERIE. REMPLACER UNIQUEMENT AVEC UNE BATTERIE DU MÊME TYPE
OU D'UN TYPE EQUIVALENT RECOMMANDÉ PAR LE CONSTRUCTEUR.
METTRE AU REBUT LES BATTERIES USAGÉES CONFORMÉMENT AUX
INSTRUCTIONS DU FABRICANT.
Caution:DEVICES INSIDE THE EQUIPMENT ARE ELECTROSTATIC -SENSITIVE;
DO NOT HANDLE EXCEPT AT A STATIC FREE WORKPLACE.
Battery Part Numbers
Panasonic BR2032 or equivalent (button cell lithium, non-rechargeable.)
Caution:DO NOT USE BATTERY TYPE CR2032 SINCE IT HAS A LOWER
OPERATING TEMPERATURE RANGE.
DISPOSAL OF USED BATTERIES (from battery data sheet)
If not in a large quantity, button cell batteries contain so little Lithium that they do not qualify as
reactive hazardous waste. These batteries are safe for disposal in the normal municipal waste
stream.
If in a large quantity, disposal of button cell batteries should be performed by permitted,
professional firms knowledgeable in Federal, State and local hazardous waste transportation
and disposal requirements.
Caution:RISK OF FIRE, EXPLOSION AND BURNS. DO NOT RECHARGE, CRUSH,
HEAT ABOVE 212°F (100°C) OR INCINERATE.
SLC™ 8000 Advanced Console Manager User Guide46
Battery Replacement Instructions
Warning:RISK OF ELECTRICAL SHOCKS; DISCONNECT ALL POWER AND
PHONE LINE BEFORE SERVICING!
You will need a medium size Phillips screw driver.
1. Turn off power to the SLC 8000 advanced console manager.
2. Locate the battery/modem door on the top of the SLC unit.
3. Carefully unscrew and lift the door off with the screw driver.
3: Installation
4. If there is a modem installed, note the orientation of the modem so that later you can install it
back correctly.
SLC™ 8000 Advanced Console Manager User Guide47
5. If there is a modem installed, carefully lift the modem out of its socket.
6. Use fingers to lift the battery out of the socket.
3: Installation
Caution:DO NOT USE A METAL OBJECT TO PRY OUT THE BATTERY. IT MAY
SHORT THE BATTERY AND DAMAGE THE BATTERY HOUSING.
7. Install the new battery with the (+) side up making sure the battery sits completely and
securely in the housing.
8. Re-install the modem with correct orientation.
a. Make sure also to have correct pin alignment.
SLC™ 8000 Advanced Console Manager User Guide48
3: Installation
b. Press the modem down to make sure it sits down all the way in the socket.
9. Double-check the battery and modem placements to make sure they are done properly.
10. Place the battery/modem door back.
11. Carefully tighten the door screw.
12. If necessary, reprogram the SLC system date-time after installing a new battery.
SLC™ 8000 Advanced Console Manager User Guide49
4:Quick Setup
This chapter helps get the IP network port up and running quickly, so you can administer the SLC
advanced console manager using your network. The setup procedures assume you are starting
with a factory default SLC unit.
Recommendations
To set up the network connections quickly, we suggest you do one of the following:
Use the front panel LCD display and keypad buttons to configure the IP address, subnet
mask, gateway address and DNS address(es), if applicable.
Complete the quick setup (see Figure 4-6) on the web interface.
SSH to the command line interface and follow the Quick Setup script on the command line
interface.
Connect to the console port and follow the Quick Setup script on the command line interface.
Note:The first time you power up the SLC unit, Eth1 tries to obtain its IP address via
DHCP. If you have connected Eth1 to the network, and Eth1 is able to acquire an IP
address, you can view this IP address on the LCD or by running the Lantronix Provisioning
Manager application. If Eth1 cannot acquire an IP address, you cannot use Telnet, SSH,
or the web interface to run Quick Setup.IP Address
Your SLC 8000 advanced console manager must have a unique IP address on your network. The
system administrator generally provides the IP address and corresponding subnet mask and
gateway. The IP address must be within a valid range and unique to your network. If a valid
gateway address has not been assigned the IP address must be on the same subnet as
workstations connecting to the SLC 8000 over the network.
The following table lists the options for assigning an IP address to your SLC unit.
Table 4-1 Methods of Assigning an IP Address
MethodDescription
DHCP A DHCP server automatically assigns the IP address and network settings.
The SLC 8000 advanced console manager is DHCP-enabled by default.
With the Eth1 network port connected to the network, and the SLC unit
powered up, Eth1 acquires an IP address, viewable on the LCD.
At this point, you can use SSH to connect to the SLC console manager or use
the web interface.
BOOTPNon-dynamic predecessor to DHCP.
Front panel LCD display
and keypads
Serial port login to
command line interface
You manually assign the IP address and other basic network, console, and
date/time settings. If desired, you can restore the factory defaults.
You assign an IP address and configure the SLC unit using a terminal or a PC
running a terminal emulation program to the SLC serial console port
connection.
SLC™ 8000 Advanced Console Manager User Guide50
Method #1 Using the Front Panel Display
Before you begin, ensure that you have:
Unique IP address that is valid on your network (unless automatically assigned)
Subnet mask (unless automatically assigned)
Gateway (unless automatically assigned)
DNS settings (unless automatically assigned)
Date, time, and time zone
Console port settings: baud rate, data bits, stop bits, parity, and flow control
Make sure the SLC advanced console manager is plugged into power and turned on.
Front Panel LCD Display and Keypads
With the SLC unit powered up, you can use the front panel display and buttons to set up the basic
parameters.
Figure 4-2 Front Panel LCD Display and Five Button Keypad (Enter, Up, Down, Left, Right)
4: Quick Setup
The front panel display initially shows the hostname (abbreviated to 14 letters) and the date and
time.
When you click the right-arrow button, the SLC network settings displays. Using the five buttons on
the keypad, you can change the network, console port, and date/time settings and view the
firmware release version. If desired, you can restore the factory defaults.
Note:Have your information handy as the display times out without accepting any
unsaved changes if you take more than 30 seconds between entries.
Any changes made to the network, console port, and date/time settings take effect immediately.
Navigating
The front panel keypad has one Enter button (in the center) and four arrow buttons (up, left, right,
and down). Press the arrow buttons to navigate from one option to another, or to increment or
decrement a numerical entry of the selected option. Use the Enter button to select an option to
edit or to save your settings.
SLC™ 8000 Advanced Console Manager User Guide51
4: Quick Setup
The following table lists the SLC navigation actions, buttons, and options.
Table 4-3 LCD Arrow Keypad Actions
ButtonAction
Right arrowTo move to the next option (e.g., from Network Settings to Console Settings)
Left arrowTo return to the previous option
Enter (center button)To enter edit mode
Up and down arrows Within edit mode, to increase or decrease a numerical entry
Right or left arrowsWithin edit mode, to move the cursor right or left
EnterTo exit edit mode
Up and down arrowsTo scroll up or down the list of parameters within an option (e.g., from IP
Address to Mask)
The following two tables list the SLC settings and parameters displayed on the LCD.
Table 4-4 Front Panel Setup Options with Associated Parameters
Left/Right Arrow
Current TimeEth1
Network
Settings
User ID &
Current Time
Eth1 IP
Address
Eth1 Subnet
Mask
Console
Port
Date / Time
Settings
Settings
Baud Rate,
Data Bits,
Stop Bits,
Parity, Flow
Control
Data BitsDate/TimeRestore
Time ZoneFirmware
Up/
Down
Arrow
GatewayStop Bits
DNS1Parity
DNS2Flow Control
DNS3
Table 4-5 Front Panel Setup Options, continued
Internal
Temperature
Reading in
Celsius &
Fahrenheit
User StringsLocationDevice Ports
Displays
configured user
string(s), if any.
Indicates the Rack
(RK), Row (RW),
& Cluster (CW)
locations.
ReleaseSerial
Number
Serial Number
version and
date code
(display only)
Factory
Defaults
Detects the
connection state
of each port:
0=No DSR input
signal detected on
device port
1=DSR input
signal detected on
device port
(display only)
ID
Device ID
(display only)
SLC™ 8000 Advanced Console Manager User Guide52
4: Quick Setup
Note:The individual screens listed from left to right in Table 4-4 and Table 4-5 can be
enabled or disabled for display on the SLC LCD screen. The order of appearance of the
screens, if enabled, along with the elected “Home Page” may vary on the LCD screen
according to configuration. The internal temperature, user strings, location and device
ports LCD menus are disabled by default. See LCD/Keypad (on page 316) for instructions
on enabling and disabling screens.
Entering the Settings
To enter setup information:
1. From the normal display (host name, date and time), press the right arrow button to display
Network Settings. The IP address for Eth1 displays.
Note:If you have connected Eth1 to the network, and Eth1 is able to acquire an IP
address through DHCP, this IP address displays, followed by the letter [D]. Otherwise, the
IP address displays as all zeros (000.000.000.000).
2. Press the Enter button on the keypad to enter edit mode. A cursor displays below one
character of the existing IP address setting.
3. To enter values:
- Use the left or right arrow to move the cursor to the left or to the right position.
- Use the up or down arrow to increment or decrement the numerical value.
4. When you have the IP address as you want it, press Enter to exit edit mode, and then press
the down arrow button. The Subnet Mask parameter displays.
Note:You must edit the IP address and the Subnet Mask together for a valid IP address
combination.
5. To save your entries for one or more parameters in the group, press the right arrow button.
The Save Settings? Yes/No prompt displays.
Note:If the prompt does not display, make sure you are no longer in edit mode.
6. Use the left/right arrow buttons to select Yes, and press the Enter button.
7. Press the right arrow button to move to the next option, Console Settings.
8. Repeat steps 2-7 for each setting.
9. Press the right arrow button to move to the next option, Date/Time Settings, and click Enter
to edit the time zone.
-To enter a US time zone, use the up/down arrow buttons to scroll through the US time
zones, and then press Enter to select the correct one.
-To enter a time zone outside the US, press the left arrow button to move up to the top level
of time zones. Press the up/down arrow button to scroll through the top level.
A time zone with a trailing slash (such as Africa/) has sub-time zones. Use the right arrow
button to select the Africa time zones, and then the up/down arrows to scroll through them.
Press Enter to select the correct time zone. To move back to the top-level time zone at
any time, press the left arrow.
10. To save your entries, press the right arrow button. The Save Settings? Yes/No prompt
SLC™ 8000 Advanced Console Manager User Guide53
4: Quick Setup
displays.
Note:If the prompt does not display, make sure you are no longer in edit mode.
11. Use the left/right arrow buttons to select Yes, and press the Enter button.
12. To review the saved settings, press the up or down arrows to step through the current settings.
When you are done, the front panel returns to the clock display. The network port resets to the
new settings, and you can connect to your IP network for further administration. You should be
able to SSH to the SLC 8000 advanced console manager through your network connection, or
access the Web interface through a Web browser.
Restoring Factory Defaults
To use the LCD display to restore factory default settings:
1. Press the right arrow button to move to the Release option.
2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit
Restore Factory Defaults password displays.
3. Press Enter to enter edit mode.
4. Using the left and right arrows to move between digits and the up and down arrows to change
digits, enter the password (the default password is 999999).
Note:The Restore Factory Defaults password is only for the LCD. You can change
it at the command line interface using the CLI admin keypad password command.
The front panel Factory Default password and sysadmin password should be
recorded and stored in a secure place accessible by at least two authorized system
administrators. Recovering an SLC if both of these passwords are unknown is
cumbersome and time consuming.
5. Press Enter to exit edit mode. If the password is valid, a Save Settings? Yes/No prompt
displays.
6. Select Yes and press Enter. When the process is complete, the SLC unit reboots.
Limiting Sysadmin User Access
For security purposes, full administrative access to the SLC via the default sysadmin local user
account can be limited to only the front console port of the SLC device.
To configure this:
1. Enable the Sysadmin access limited to Console Port option on the Local/Remote Users web
page.’
2. Enable a remote authentication method (such as TACACS+ or LDAP) and configure the
remote authentication method to be first in the order of methods used.
3. Create a remote user account with full administrative rights.
4. Uncheck the Attempt next method on authentication rejection checkbox on the
Authentication Methods web page.
These steps will prevent any local users from logging in, restrict the default sysadmin local user to
the front console port, and allow a user with administrative rights to login, as long as remote
authentication is working.
SLC™ 8000 Advanced Console Manager User Guide54
Method #2 Quick Setup on the Web Page
After the unit has an IP address, you can use the Quick Setup page to configure the remaining
network settings. This page displays the first time you log into the SLC 8000 advanced console
manager only. Otherwise, the SLC Home page displays.
To complete the Quick Setup page:
1. Open a web browser (Firefox, Chrome or Internet Explorer web browsers with the latest
browser updates).
2. In the URL field, type https:// followed by the IP address of your SLC console manager.
Note:The web server listens for requests on the unencrypted (HTTP) port (port 80) and
redirects all requests to the encrypted (HTTPS) port (port 443).
3. Log in using sysadmin as the user name and the last 8 characters of the Device ID (for newly
manufactured units that come installed with 8.3.0.0 or later) or PASS (for all older units) as the
password. The first time you log in to the SLC unit, the Quick Setup page automatically displays.
Note:If the Device ID is not set, the default sysadmin password is the last 8
characters of the serial number.
4: Quick Setup
Figure 4-6 Quick Setup
SLC™ 8000 Advanced Console Manager User Guide55
4: Quick Setup
4. To accept the defaults, select the Accept default Quick Setup settings checkbox on the top
portion of the page and click the Apply button at the bottom of the page. Otherwise, continue
with step 5.
Note:Once you click the Apply button on the Quick Setup page, you can continue using
the web interface to configure the SLC further.
5. Enter the following settings:
Network Settings
Note:Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Network SettingDescription
Eth 1 Settings
IP Address
(if specifying)
Subnet MaskIf specifying an IP address, enter the subnet mask for the network on which the SLC
Default GatewayThe IP address of the router for this network. There is no default.
Hostname
DomainIf desired, specify a domain name (for example, support.lantronix.com). The
Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway
from the DHCP server. (The DHCP server may not provide the hostname
gateway, depending on its setup.) This is the default setting. If you select this
option, skip to Gateway.
Obtain from BOOTP: Lets a network node request configuration information from
a BOOTP "server" node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.
Enter an IP address that is unique and valid on your network. There is no default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields
for dot-quad numbers less than 100. For example, if your IP address is
172.19.201.28, do not enter 028 for the last segment octet.
Note: Currently, the SLC 8000 advanced console manager does not support
configurations with the same IP subnet on multiple interfaces (Ethernet or PPP).
unit resides. There is no default.
The default host name is
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces).
Note: The host name becomes the prompt in the command line interface.
domain name is used for host name resolution within the SLC 8000 advanced
console manager. For example, if abcd is specified for the SMTP server, and
mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC unit
attempts to resolve abcd.mydomain.com for the SMTP server.
slcXXXX, where XXXX is the last 4 characters of the
SLC™ 8000 Advanced Console Manager User Guide56
4: Quick Setup
Date & Time Settings
Date & Time Setting Description
Change Date/TimeSelect the checkbox to manually enter the date and time at the SLC unit’s location.
DateFrom the drop-down lists, select the current month, day, and year.
TimeFrom the drop-down lists, select the current hour and minute.
Time ZoneFrom the drop-down list, select the appropriate time zone.
Administrator Settings
Administrator
Setting
Sysadmin Password To change the password (e.g., from the default) enter a Sysadmin Password of up
Retype PasswordRe-enter the Sysadmin Password above in this field as a confirmation.
Description
to 64 characters.
6. Click the Apply button to save your entries.
Figure 4-7 Quick Setup Completed in Web Manager
If Quick Setup has already been run the standard Home page will display.
SLC™ 8000 Advanced Console Manager User Guide57
Figure 4-8 Home
4: Quick Setup
Method #3 Quick Setup on the Command Line Interface
If the SLC 8000 advanced console manager does not have an IP address, you can connect a
dumb terminal or a PC running a terminal emulation program (VT100) to access the command line
interface. (See Connecting Terminals on page 41.) If the unit has an IP address, you can use SSH
or Telnet to connect to the SLC unit.
By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the
Services > SSH/Telnet/Logging (on page 117).
To complete the command line interface Quick Setup script:
1. Do one of the following:
-With a serial terminal connection, power up, and when the command line displays, press
Enter.
-With a network connection, use an SSH client or Telnet program (if Telnet has been
enabled) to connect to xx.xx.xx.xx (the IP address in dot quad notation), and press
Enter. You should be at the login prompt.
2. Enter sysadmin as the user name and press Enter.
3. Enter the last 8 characters of the Device ID (for newly manufactured units that come installed with
8.3.0.0 or later) or PASS (for all older units) as the password and press Enter. The first time you
log in, the Quick Setup script runs automatically. Normally, the command prompt displays.
Note:If the Device ID is not set, the default sysadmin password is the last 8
characters of the serial number.
Figure 4-9 Beginning of Quick Setup Script
Welcome to the Lantronix SLC8000 Advanced Console Manager
Model Number: SLC8032
SLC™ 8000 Advanced Console Manager User Guide58
4: Quick Setup
Quick Setup will now step you through configuring a few basic settings.
The current settings are shown in brackets ('[]').
You can accept the current setting for each question by pressing
<return>.
4. Enter the following information at the prompts:
Note:To accept a default or to skip an entry that is not required, press Enter.
CLI Quick Setup
Settings
Config Eth1Select one of the following:
IP Address (if
specifying)
Subnet MaskThe subnet mask specifies the network segment on which the SLC 8000 advanced
Default GatewayIP address of the router for this network. There is no default.
Hostname
DomainIf desired, specify a domain name (for example, support.lantronix.com). The domain
Time ZoneIf the time zone displayed is incorrect, enter the correct time zone and press Enter. If
Date/TimeIf the date and time displayed are correct, type n and continue. If the date and time
Sysadmin
password
Description
(1) obtain IP Address from DHCP: The unit will acquire the IP address, subnet
mask, hostname, and gateway from the DHCP server. (The DHCP server may or
may not provide the gateway and hostname, depending on its setup.) This is the
default setting.
(2) obtain IP Address from BOOTP: Permits a network node to request
configuration information from a BOOTP "server" node.
(3) static IP Address: Allows you to assign a static IP address manually. The IP
address is generally provided by the system administrator.
An IP address that is unique and valid on your network and in the same subnet as
your PC. There is no default.
If you selected DHCP or BOOTP, this prompt does not display.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields for
dot-quad numbers less than 100. For example, if your IP address is 172.19.201.28,
do not enter 028 for the last octet.
Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or
PPP) are not currently supported.
console manager resides. There is no default. If you selected DHCP or BOOTP, this
prompt does not display.
The default host name is
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces).
Note: The host name becomes the prompt in the command line interface.
name is used for host name resolution within the SLC unit. For example, if abcd is
specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLC 8000 advanced console manager attempts to
resolve abcd.mydomain.com for the SMTP server.
the entry is not a valid time zone, the system guides you through selecting a time
zone. A list of valid regions and countries displays. At the prompts, enter the correct
region and country.
are incorrect, type y and enter the correct date and time in the formats shown at the
prompts.
Enter a new sysadmin password.
slcXXXX, where XXXX is the last 4 characters of the
SLC™ 8000 Advanced Console Manager User Guide59
4: Quick Setup
After you complete the Quick Setup script, the changes take effect immediately.
Figure 4-10 Quick Setup Completed in CLI
Welcome to the Lantronix SLC8000 Advanced Console Manager
Model Number: SLC8032
Quick Setup will now step you through configuring a few basic settings.
The current settings are shown in brackets ('[]').
You can accept the current setting for each question by pressing
<return>.
____Ethernet Port and Default Gateway___________________________________
The SLC8032 has two ethernet ports, Eth1 and Eth2.
By default, both ports are configured for DHCP.
Configure Eth1: (1) obtain IP Address from DHCP
(2) obtain IP Address from BOOTP
(3) static IP Address
Enter 1-3: [1]
The SLC8032 can be configured to use a default gateway.
Enter gateway IP Address: [none]
____Hostname____________________________________________________________
The current hostname is 'slc0348', and the current domain is
'<undefined>'.
The hostname will be shown in the CLI prompt.
Specify a hostname: [slc0348]
Specify a domain: [<undefined>]
The current time zone is 'GMT'.
Enter time zone: [GMT]
____Date/Time___________________________________________________________
The current time is Wed May 18 20:51:04 2016
Change the current time? [n]
____Sysadmin Password___________________________________________________
Enter new password: [<current password>]
Quick Setup is now complete.
For a list of commands, type 'help'.
SLC™ 8000 Advanced Console Manager User Guide60
Next Step
After completing quick setup on the SLC 8000 advanced console manager, you may want to
configure other settings. You can use the web page or the command line interface for
configuration.
For information about the web and the command line interfaces, go to Chapter 5: Web and
Command Line Interfaces.
To continue configuring the SLC unit, go to Chapter 6: Basic Parameters.
4: Quick Setup
SLC™ 8000 Advanced Console Manager User Guide61
5:Web and Command Line Interfaces
The SLC advanced console manager offers three interfaces for configuring the SLC unit: a
command line interface (CLI), a web interface, and an LCD with keypad buttons on the front panel.
This chapter discusses the web and command line interfaces.
Note:See Chapter 4: Quick Setup on page 50 for instructions on using the LCD front
panel to configure basic network settings, Web Manager, and CLI to perform quick setup.
Web Manager
A Web Manager allows the system administrator and other authorized users to configure and
manage the SLC 8000 advanced console manager using most web browsers (Firefox, Chrome or
Internet Explorer web applications with the latest browser updates). The SLC unit provides a
secure, encrypted web interface over SSL (secure sockets layer).
Note:The web server listens for requests on the unencrypted (HTTP) port (port 80) and
redirects all requests to the encrypted (HTTPS) port (port 443). Web Telnet and Web SSH
features (utilized in SLC console managers with firmware 7.2.0.0 or earlier) require Java
1.1 (or later) support in the browser.
The following figure shows a typical web page:
Logout Button
Tabs
Options
Entry Fields
and Options
Figure 5-1 Web Page Layout
Dashboard
Icons
Help
Button
SLC™ 8000 Advanced Console Manager User Guide62
5: Web and Command Line Interfaces
The web page has the following components:
Tabs: Groups of settings to configure.
Options: Below each tab are options for specific types of settings.
Note:Only those options for which the currently logged-in user has rights display.
Figure 5-2 Sample Dashboards
Dashboard
The appearance of the user interface dashboard will differ according to the type of NIC card
and bay modules installed in the back of the SLC 8000. See Figure 2-2SLC 8048 Unit
Samples (Back Side) - Part Number SLC80482201S (on page 26), Figure 3-7 Sample Device
Port Connections (Back Side) (on page 40), and Figure 5-2 Sample Dashboards (on page 63).
-The light green LCD button allows you to configure the front panel LCD.
-The beige SD button allows you to configure the SD card, if a card is inserted. See
Chapter 8: USB/SD Card Port on page 146.
-The gray U1 button allows you to configure the upper USB device (flash drive or modem)
plugged into the front panel USB connector. The gray U2 button allows you to configure
the lower USB device plugged into the front panel USB connector. See Chapter 8: USB/
SD Card Port on page 146.
-The brown MD button allows you to configure the internal modem, if an internal modem is
installed.
-The blue E1 and E2 buttons display the Network > Network Settings (1 of 2) page for the
Ethernet port.
-The F1 and F2 buttons display the Network > Network Settings (1 of 2) page for the SFP
transceiver port.
-The number buttons allow you to select a port and display its settings. Only ports to which
the currently logged-in user has rights are enabled.
Below the bar are options for use with the port buttons. Selecting a port and the
Configuration option takes you to the Device Ports > Settings (1 of 2) page. Selecting a
port and the WebSSH option displays the WebSSH window for the device port --if Web
SSH is enabled, and if SSH is enabled for the device port. Selecting the port and the
Connected Device button allows access to supported devices such as remote power
SLC™ 8000 Advanced Console Manager User Guide63
5: Web and Command Line Interfaces
managers (RPMs) and/or SensorSoft temperature and humidity probes connected to the
device port.
-The yellow orange A and B buttons display the status of the power supplies.
Entry Fields and Options: Allow you to enter data and select options for the settings.
Note:For specific instructions on completing the fields on the web pages, see Chapters
5 through 12.
Apply Button: Apply on each web page makes the changes immediately and saves them so
they will be there when the SLC 8000 advanced console manager is rebooted.
Icons: The icon bar above the Main Menu has icons that display the following:
Home page.
Information about the SLC unit and Lantronix contact information.
Configuration site map.
Status of the SLC 8000 advanced console manager.
Help Button: Provides online Help for the specific web page.
Logging in
Only the system administrator or users with web access rights can log into the Web Manager.
More than one user at a time can log in, but the same user cannot login more than once.
To log in to the SLC Web Manager:
1. Open a web browser.
2. In the URL field, type https:// followed by the IP address of your SLC 8000 advanced
console manager.
3. To configure the SLC unit, log in using sysadmin as the user name and the last 8 characters of
the Device ID (for newly manufactured units that come installed with 8.3.0.0 or later) or PASS (for
all older units) as the password
Note:If the Device ID is not set, the default sysadmin password is the last 8
characters of the serial number.
Note:The system administrator may have changed the password using one of the
Quick Setup methods in the previous chapter.
The Lantronix SLC Quick Setup page displays automatically the first time you log in.
Subsequently, the Lantronix SLC Home page displays. (If you want to display the Quick Setup
page again, click Quick Setup on the main menu.)
Logging Out
To log off the SLC web interface:
1. Click the Logout button located on the upper left part of any Web Manager page. You are
brought back to the login screen when logout is complete.
SLC™ 8000 Advanced Console Manager User Guide64
Web Page Help
To view detailed information about an SLC web page:
1. Click the Help button to the right of any Web Manager page. Online Help contents will appear
in a new browser window.
Command Line Interface
A command line interface (CLI) is available for entering all the commands you can use with the
SLC 8000 advanced console manager. In this user guide, after each section of instructions for
using the web interface, you will find the equivalent CLI commands. You can access the command
line interface using Telnet, SSH, or a serial terminal connection.
Note:By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the
Services > SSH/Telnet/Logging web page, a serial terminal connection, or an SSH
connection. (See Chapter 7: Services.)
5: Web and Command Line Interfaces
The sysadmin user and users with who have full administrative rights have access to the complete
command set, while all other users have access to a reduced command set based on their
permissions.
Logging In
To log in to the SLC command line interface:
1. Do one of the following:
-With a serial terminal connection, power up, and when the command line displays, press
Enter.
-If the SLC 8000 advanced console manager already has an IP address (assigned
previously or assigned by DHCP), Telnet (if Telnet has been enabled) or SSH to
xx.xx.xx.xx (the IP address in dot quad notation) and press Enter. The login prompt
displays.
2. To log in as the system administrator for setup and configuration, enter sysadmin as the user
name and press Enter.
3. Enter the last 8 characters of the Device ID (for newly manufactured units that come installed with
8.3.0.0 or later) or PASS (for all older units) as the password and press Enter. The first time you
log in, the Quick Setup script runs automatically. Normally, the command prompt displays. (If
you want to display the Quick Setup script again, use the admin quicksetup command.)
Note:If the Device ID is not set, the default sysadmin password is the last 8
characters of the serial number.
Note:The system administrator may have changed the password using one of the
Quick Setup methods in the previous chapter.
SLC™ 8000 Advanced Console Manager User Guide65
5: Web and Command Line Interfaces
To log in any other user:
1. Enter your SLC user name and press Enter.
2. Enter your SLC password and press Enter.
Logging Out
To log out of the SLC command line interface, type logout and press Enter.
Command Syntax
Commands have the following format:
<action> <category> <parameter(s)>
where
<action> is set, show, connect, admin, diag, or logout.
<category> is a group of related parameters whose settings you want to configure or view.
Examples are ntp, deviceport, and network.
<parameter(s)> is one or more name-value pairs in one of the following formats:
<parameter name> <aa|bb>
<parameter name> <Value>
User must specify one of the values (aa or bb) separated by a
vertical line (
entered exactly as shown. Bold indicates a default value.
User must specify an appropriate value, for example, an IP address.
The parameter values are in mixed case. Square brackets
indicate optional parameters.
| ). The values are in all lowercase and must be
[ ]
Command Line Help
For general Help and to display the commands to which you have rights, type: help
For general command line Help, type: help command line
For release notes for the current firmware release, type: help release
For more information about a specific command, type help followed by the command. For
example: help set network or help admin firmware
Tips
Type enough characters to identify the action, category, or parameter name uniquely. For
parameter values, type the entire value. For example, you can shorten:
set network port 1 state static ipaddr 122.3.10.1 mask 255.255.0.0
to
se net po 1 st static ip 122.3.10.1 ma 255.255.0.0
Use the Tab key to automatically complete action, category, or parameter names. Type a
partial name and press Tab either to complete the name if only one is possible, or to display
the possible names if more than one is possible. Following a space after the preceding name,
Tab displays all possible names.
SLC™ 8000 Advanced Console Manager User Guide66
5: Web and Command Line Interfaces
Should you make a mistake while typing, backspace by pressing the Backspace key and/or
the Delete key, depending on how you accessed the interface. Both keys work if you use
VT100 emulation in your terminal access program when connecting to the console port. Use
the left and right arrow keys to move within a command.
Use the up and down arrows to scroll through previously entered commands. If desired, select
one and edit it. You can scroll through up to 100 previous commands entered in the session.
To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.
When the number of lines displayed by a command exceeds the size of the window (the
default is 25), the command output is halted until the user is ready to continue. To display the
next line, press Enter, and to display the page, press the space bar. You can override the
number of lines (or disable the feature altogether) with the set cli command.General CLI
Commands
The following commands relate to the CLI itself.
To configure the current command line session:
set cli scscommands <enable|disable>
Allows you to use SCS-compatible commands as shortcuts for executing commands:
Note:Settings are retained between CLI sessions for local users and users listed in the
remote users list.
Table 5-3 SCS Commands
SCS Commands Commands
info'show sysstatus'
version'admin version'
reboot'admin reboot'
poweroff'admin shutdown'
listdev'show deviceport names'
direct'connect direct deviceport'
listen'connect listen deviceport'
clear'set locallog clear'
telnet'connect direct telnet'
ssh'connect direct ssh'
To set the number of lines displayed by a command:
set cli terminallines <disable|Number of lines>
Sets the number of lines in the terminal emulation (screen) for paging through text one screenful at
a time, if the SLC 8000 unit cannot detect the size of the terminal automatically.
To show current CLI settings:
show cli
SLC™ 8000 Advanced Console Manager User Guide67
5: Web and Command Line Interfaces
To view the last 100 commands entered in the session:
show history
To clear the command history:
set history clear
To view the rights of the currently logged-in user:
show user
Note:For information about user rights, see Chapter 12: User Authentication.
Table 5-4 CLI Keyboard Shortcuts
Keyboard ShortcutDescription
Control + [a]Move to the start of the line.
Control + [e]Move to the end of the line.
Control + [b]Move back to the start of the current word.
Control + [f]Move forward to the end of the next word.
Control + [u]Erase from cursor to the beginning of the line.
Control + [k]Erase from cursor to the end of the line.
SLC™ 8000 Advanced Console Manager User Guide68
6:Basic Parameters
This chapter explains how to set the following basic configuration settings for the SLC advanced
console manager using the SLC web interface or the CLI:
Network parameters that determine how the SLC 8000 advanced console manager interacts
with the attached network
Firewall and routing
Date and time
Note:If you entered some of these settings using a Quick Setup procedure, you may
update them here.
Requirements
If you assign a different IP address from the current one, it must be within a valid range and unique
to your network. If a valid gateway address has not been assigned the IP address must be on the
same subnet as workstations connecting to the SLC 8000 over the network.
To configure the unit, you need the following information:
Network parameters determine how the SLC unit interacts with the attached network. Use this
page to set the following basic configuration settings for the network ports (Eth1 and Eth2).
The SLC supports the following types of network interfaces:
RJ-45 ports, as part of the standard SLC RJ45 NIC board. In the web UI port banner bar,
these are represented as and . These ports can be configured for speeds of 10Mbit,
100 Mbit or 1000 Mbit, at half-duplex or full-duplex. The RJ45 Ethernet NIC LEDs display the
following states:
-Green Light On: indicates a link at 1000 BASE-T
-Green Light Off: indicates a link at other speeds, or no link
-Yellow Light On: indicates a link is established
-Yellow Light Blinking: indicates link activity
A variety of SFP modules, installed in the SLC SFP NIC board. In the web UI port banner bar,
these are represented as and , in a variety of colors. Single mode 1000 BASE-LX
optical SFPs are shown in yellow as . Multi mode 1000 BASE-SX optical SFPs are shown
as . RJ45 1000 BASE-T SFPs are shown in blue as . A port with no SFP module is
shown in white as F1. A port with an unknown SFP module is shown as .
6: Basic Parameters
The SFP Ethernet NIC LEDs are located between the two SFP module slots; the LEDs for
Ethernet 1 are on the left, and the LEDs for Ethernet 2 are on the right. They display the
following states:
-Green Light On: indicates a link is established
-Green Light Off: indicates no link
-Yellow Light On: indicates no link activity
-Yellow Light Blinking: indicates link activity
These ports are fixed at 1000 Mbit full-duplex. Note that in some vendor's RJ45 1000 BASE-T
transceivers, the RX LOS is internally ground, so the link status feature may fail.
SLC™ 8000 Advanced Console Manager User Guide70
6: Basic Parameters
To enter settings for one or both network ports:
1. Click the Network tab and select the Network Settings option. Either the Network > Network
Settings (1 of 2) or the Network > Network Settings (2 of 2) displays depending on your SLC
8000 model.
Figure 6-1 Network > Network Settings (1 of 2)
Note:The SFP NIC Info & Diagnostics link in the Network > Network Settings (1 of 2)
image above only appears in SLC units equipped with an SFP NIC board. The SFP NIC
Info & Diagnostics link brings you to the Network Settings > SFP NIC Information &
Diagnostics page.
SLC™ 8000 Advanced Console Manager User Guide71
Figure 6-2 Network > Network Settings (2 of 2)
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide72
Figure 6-3 Network Settings > SFP NIC Information & Diagnostics
2. Enter the following information:
6: Basic Parameters
Ethernet Interfaces (Eth1 and Eth2)
Note:Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Eth 1 Settings
or
Eth 2 Settings
IP Address
(if specifying)
Subnet MaskIf specifying an IP address, enter the network segment on which the SLC unit
Disabled: If selected, disables the network port.
Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway
from the DHCP server. (The DHCP server may not provide the hostname
gateway, depending on its setup.) This is the default setting. If you select this
option, skip to Gateway.
Obtain from BOOTP: Lets a network node request configuration information
from a BOOTP "server" node. If you select this option, skip to Gateway.
Specify: Lets you manually assign a static IP address, generally provided by the
system administrator.
Enter an IP address that will be unique and valid on your network. There is no
default.
Enter all IP addresses in dot-quad notation. Do not use leading zeros in the
fields for dot-quad numbers less than 100. For example, if your IP address is
172.19.201.28, do not enter 028 for the last segment octet.
Note: Currently, the SLC unit does not support configurations with the same IP
subnet on multiple interfaces (Ethernet or PPP).
resides. There is no default.
SLC™ 8000 Advanced Console Manager User Guide73
6: Basic Parameters
IPv6 Address
(Static)
Address of the port in IPv6 format.
Note: The SLC 8000 advanced console manager supports IPv6 connections for
the following services: the web, SSH, Telnet, remote syslog, SNMP, NTP, LDAP,
Kerberos, RADIUS, TACACS+, connections to device ports, and diagnostic ping.
IPv6 addresses are written as 8 sets of 4-digit hexadecimal numbers separated by
colons. There are several rules for modifying the address. For example:
1234:0BCD:1D67:0000:0000:8375:BADD:0057 may be shortened to
1234:BCD:1D67::8375:BADD:57.
IPv6 Address
(Global)
IPv6 Address
(Link Local)
ModeSelect the direction, duplex mode (full duplex or half-duplex), and speed (10, 100,
MTUSpecifies the maximum transmission unit (MTU) or maximum packet size of
HW AddressDisplays the hardware address of the Ethernet port.
MulticastDisplays the multicast address of the Ethernet port.
Enable IPv6Select this box to enable the IPv6 protocol. If changed, the SLC unit will need to
IP ForwardingIf enabled, IP forwarding enables IPv4 network traffic received on one interface
IPv6 ForwardingIf enabled, IPv6 forwarding enables IPv6 network traffic received on one interface
SFP NIC Info &
Diagnostics (Link)
IPv6 address with global scope that is generated by address autoconfiguration. The
address is generated from a combination of router advertisements and MAC
address to create a unique IPv6 address. This field is read only.
Note: This field will not appear in the absence of an IPv6 global address.
An IPv6 address that is intended only for communications within the segment of a
local network. This field is read only.
or 1000 Mbit) of data transmission. The default is Auto, which allows the Ethernet
port to auto-negotiate the speed and duplex with the hardware endpoint to which it
is connected.
packets at the IP layer (OSI layer 3) for the Ethernet port. When fragmenting a
datagram, this is the largest number of bytes that can be used in a packet. The
minimum MTU size is 108 bytes (to conform with RFC 2460) and the maximum size
is 1500 bytes.
reboot. Enabled by default.
(Eth1, Eth2, or an external/USB modem attached to the SLC unit with an active
PPP connection) to be transferred out another interface (any of the above). The
default behavior (if IP forwarding is disabled) is for network traffic to be received but
not routed to another destination.
Enabling IP forwarding is required if you enable Network Address Translation
(NAT) for any device port modem or USB/ISDN modem. IP forwarding allows a
user accessing the SLC 8000 advanced console manager over a modem to access
the network connected to Eth1 or Eth2.
(Eth1, Eth2, or an external/USB modem attached to the SLC unit with an active
PPP connection) to be transferred out another interface (any of the above). The
default behavior (if IP forwarding is disabled) is for network traffic to be received but
not routed to another destination.
Clicking the link brings you to the Network Settings > SFP NIC Information &
Diagnostics page showing information and diagnostics about the SFP connection
port, temperature, voltage, current, output power, input power, LOS, and TX fault.
Click Back to Network Settings to return to the Network > Network Settings (1 of 2)
page.
Note: The SFP NIC Info & Diagnostics link in the Network > Network Settings (1 of
2) page only appears in SLC units equipped with an SFP NIC board.
SLC™ 8000 Advanced Console Manager User Guide74
6: Basic Parameters
Ethernet BondingEthernet 1 and Ethernet 2 can be bonded to support redundancy (Active Backup),
aggregation (802.3ad), and load balancing. Disabled by default. Note that if
Ethernet Bonding is enabled, assigning individual IP Addresses to Device Ports is
not supported.
Ethernet Bonding
Status (Link)
Click the link to access Ethernet bonding status information. Ethernet 1 and
Ethernet 2 can be bonded to support redundancy (Active Backup), aggregation
(802.3ad), and load balancing. Disabled by default. Note that if Ethernet Bonding is
enabled, assigning individual IP Addresses to Device Ports is not supported.
Click Back to Network Settings link to return to the Network Settings page.
Note:Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)
are not currently supported.
Hostname & Name Servers
Hostname
DomainIf desired, specify a domain name (for example, support.lantronix.com). The domain
The default host name is
hardware address of Ethernet Port 1. There is a 64-character limit (contiguous
characters, no spaces). The host name becomes the prompt in the command line
interface.
name is used for host name resolution within the SLC unit. For example, if abcd is
specified for the SMTP server, and mydomain.com is specified for the domain, if
abcd cannot be resolved, the SLC 8000 advanced console manager attempts to
resolve abcd.mydomain.com for the SMTP server.
slcXXXX, where XXXX is the last 4 characters of the
DNS Servers
#1 - #3Configure up to three name servers with an IPv4 or IPv6 address. #1 is required if
you choose to configure DNS (Domain Name Server) servers. The SLC will attempt
to contact each DNS server in the order that they are given. If a DNS server cannot
be reached, the next DNS server will be tried. If a DNS server is reachable, but does
not resolve a hostname, no other attempts will be mad to resolve the hostname using
the remaining DNS servers.
The first three DNS servers acquired via DHCP through Eth1 and/or Eth2 display
automatically.
DHCP-Acquired DNS Servers
#1 - #3Displays the IP address of the name servers if automatically assigned by DHCP.
Prefer IPv4 DNS
Records
If enabled, IPv4 DNS records will be preferred when DNS hostname lookups are
performed. Otherwise IPv6 records will be preferred (when IPv6 is enabled). Enabled
by default.
TCP Keepalive Parameters
Start ProbesNumber of seconds the SLC unit waits after the last transmission before sending the
first probe to determine whether a TCP session is still alive. The default is 600
seconds (10 minutes).
Number of ProbesNumber of probes the SLC 8000 advanced console manager sends before closing a
session. The default is 5.
IntervalThe number of seconds the SLC unit waits between probes. The default is 60
seconds.
SLC™ 8000 Advanced Console Manager User Guide75
6: Basic Parameters
Gateway
DefaultIP address of the IPv4 router for this network.
If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2
displays.
All network traffic that matches the Eth1 IP address and subnet mask is sent out
Eth1. All network traffic that matches the Eth2 IP address and subnet mask is sent
out Eth 2.
If you set a default gateway, any network traffic that does not match Eth1 or Eth2 is
sent to the default gateway for routing.
DHCP-AcquiredGateway acquired by DHCP for Eth1 or Eth2. View only.
PrecedenceIndicates whether the gateway acquired by DHCP or the default gateway takes
precedence. The default is DHCP Gateway. If the DHCP Gateway is selected and
both Eth1 and Eth2 are configured for DHCP, the SLC unit gives precedence to the
Eth1 gateway.
IPv6 DefaultIndicates the IP address of the IPv6 router for this network.
Fail-Over Settings
Fail-over Gateway
IP Address
IP Address to Ping to
Trigger Fail-over
Ethernet Port for
Ping
Delay between Pings Number of seconds between pings
Number of Failed
Pings
The fail-over gateway is a backup default gateway, used when it is determined
through a fail-over trigger that the primary default gateway is no longer a viable
route. A fail-over event happens when a Ping device reachable via an Ethernet
interface and the default gateway becomes unreachable. Fail-back occurs when the
Ping device becomes reachable again, causing the primary default route to be
restored.
Note: The fail-over gateway is not supported when DHCP is used.
IP address to ping to determine whether to use the fail-over gateway.
Ethernet port to use for the ping.
Number of pings that fail before the SLC 8000 advanced console manager uses the
fail-over gateway.
SLC™ 8000 Advanced Console Manager User Guide76
6: Basic Parameters
Fail-Over Cellular Gateway Configuration
Fail-over DeviceSelect an integrated device to be used as the fail-over gateway. Currently the
Lantronix PremierWave XC HSPA+ Cellular Gateway and the Sierra Wireless
AirLink ES450 are supported. The HSPA+ gateway must be configured in gateway
mode before it can be used as the fail-over gateway. It is recommended that the
HSPA+ Cellular Connection Mode be set to On Demand, which will leave the link
quiescent until an application attempts to make use of the cellular network
connection. It is also recommended that the SNTP protocol be disabled, as On
Demand mode uses the egress traffic as a trigger.
The Sierra gateway must be properly provisioned before first use by initializing the
APN of the installed SIM card. This is done by connecting the Sierra gateway to the
second ethernet port of the SLC, and assigning a static IP address to the SLC port
so that it is in the same subnet as the IP address of the Sierra gateway. Use the
console CLI or web GUI to set the APN of the SIM card. After setting the APN,
power cycle the Sierra gateway and allow it to reboot completely.
The failover feature requires that both Ethernet ports be configured with a static IP
address. Using DHCP on one of the Ethernet ports may overwrite the default route,
interfering with fail-over and fail-back.
Note: The commands sent to the fail-over device to retrieve status and update the
configuration are shown in the syslog (messages may be displayed under Network
syslog; at the Debug level). If there are errors retrieving status or updating the
configuration, check messages in the Network syslog, the device administrator
login/password, connectivity to the device and the firmware version of the fail-over
device (the minimum required firmware version for HSPA+ is 8.1.0.0 and for Sierra
Wireless ES450, it is 4.9.2). For the HSPA+ gateway, if the firmware is updated and
new items are added to the status output by the gateway, the new items will
automatically be displayed on the SLC.
When the SLC sends an updated configuration to the fail-over device, it is
recommended to check the SLC syslog, even if the SLC indicates that the update
was successful. Responses from the fail-over device indicating that the device
needs to be rebooted for configuration changes to take affect may also be in the
syslog. The configuration will be re-sent to the device if any of the fail-over device
settings are changed, or the selected fail-over device is changed from None to one
of the supported fail-over device types.
When a fail-over or fail-back occurs, running applications such as VPN tunnel and
ConsoleFlow will be restarted.
APN of Mobile
Carrier
Admin Login and
Password/Retype
Change Admin
Password (check
box)
For the HSPA+ and Sierra gateways, configure the Access Point Name for the
mobile carrier. May have up to 256 characters.
For the selected Fail-over Device, the administrator login and password used to
retrieve status from the device and send configuration updates to the device. The
login may have up to 32 characters, and the password may have up to 64
characters. The Admin Password displays the current password masked.
Select this check box if you wish to update the admin password for the selected
gateway Fail-over Device.
SLC™ 8000 Advanced Console Manager User Guide77
6: Basic Parameters
New Admin
Password/Retype
Reboot Gateway
When Making
Changes (check
box)
Fail-Over Cellular
Gateway Status
(link)
For the selected Fail-over Device, the administrator password can be changed on
the gateway. The password may have up to 64 characters.
To change the Admin Password, click the Change Admin Password checkbox and
enter the new password in the New Admin Password and Retype fields. Changing
the HSPA+ Admin password will save the password on the SLC for status and
configuration queries to the HSPA+ gateway. The password must match what is
stored on the HSPA+ gateway. Changing the Sierra Admin password will save the
password on the SLC for status and configuration queries to the Sierra gateway.
The new password will also be configured on the Sierra gateway. The Sierra
gateway login must be set as ‘user’.
For the selected Fail-over Device, the administrator can reboot the gateway.
Clicking the link opens the Fail-Over Cellular Gateway status window, showing
status and statistics about the fail-over gateway.
Click Back to Network Settings to return to the Network Settings page.
Advanced Cellular Gateway Configuration
SIM Card PIN Lock
(check box)
Pin # for SIM Card/
Retype
SIM PUK/RetypeFor the HSPA+ gateway, the SIM Personal Unblocking Key. May have up to 16
SIM UsernameFor the HSPA+ gateway, enter the username for dial up to the cellular carrier, if
SIM PasswordFor the HSPA+ gateway, enter the password for dial up to the cellular carrier, if
Dial-up StringFor the HSPA+ gateway, enter the modem string used for making a connection to
RoamingFor the HSPA+ gateway, enable or disable network roaming. The Sierra gateway
For the HSPA+ and Sierra gateways, enable a lock so that the SIM card used by the
gateway cannot be used by anyone who does not have the PIN.
For the HSPA+ and Sierra gateways, the PIN number for the SIM card used by the
gateway. May have up to 8 characters.
characters. The Sierra gateway does not have this feature.
required. May have up to 64 characters. The Sierra gateway does not have this
feature.
required. May have up to 64 characters. The Sierra gateway does not have this
feature.
the carrier. May have up to 64 characters. The Sierra gateway does not have this
feature.
does not have this feature.
Fail-Over Cellular Gateway Firmware
Note:The HSPA+ or Sierra fail-over device must be selected in order for you to be able
to update the firmware.
Update Firmware
(check box)
Functional Firmware
Filename
SLC™ 8000 Advanced Console Manager User Guide78
Select this option to update firmware on the HSPA+ gateway or the Sierra gateway.
The Functional Firmware file and the Radio Firmware file (required for the Sierra
gateway only) will be transferred to the SLC using the method selected by the Load Firmware via option. Once the file(s) have been transferred to the SLC, the SLC
will initiate the firmware update on the gateway.
Enter the name of the firmware filename exactly as it is represented.
6: Basic Parameters
Radio Firmware
Filename
Load Firmware viaSelect the method to load the firmware from the options in the drop-down menu.
Enter the name of the radio firmware filename exactly as it is represented.
Options are: FTP, TFTP, SCP, USB, SD Card, and HTTPS. FTP is the default.
If you select HTTPS, the Upload File link becomes active. Select the link to open
a popup window that allows you to browse to a firmware update file to upload.
If you select NFS, the mount directory must be specified.
Note: Connections available depend on the model of the SLC unit.
Load Cellular Gateway Firmware Options
USB PortSelect the USB port. The firmware files must be stored in the top level directory of
the USB flash drive.
FTP/SFTP/SCP
Server
PathEnter the path on the server for obtaining firmware update files.
LoginEnter the user login for the FTP/SFTP/SCP server to verify access. May be blank.
Password/
Retype Password
3. To save your entries, click the Apply button. Apply makes the changes immediately and
saves them so they will be there when the SLC 8000 advanced console manager is rebooted.
Enter the IP address or host name of the server used for obtaining the firmware
files. May have up to 64 alphanumeric characters; may include hyphens and
underscore characters.
Enter the FTP/SFTP/SCP user password. Retype the password in the Retype
Password field.
Ethernet Counters
The Network > Network Settings (1 of 2) page displays statistics for each of the SLC Ethernet
ports since boot-up. The system automatically updates them.
Note:For Ethernet statistics for a smaller time period, use the diag perfstat
command.
Network Commands
Go to Network Commands to view CLI commands which correspond to the web page entries
described above.
IP Filter
IP filters (also called a rule set) act as a firewall to allow or deny an individual MAC address or
individual or a range of IP addresses, ports, and protocols. When a network connection is
configured to use an IP filter, all network traffic through that connection is compared, in order, to
the rules of that filter. Network traffic may be allowed to pass, it may be dropped (without notice),
or it may be rejected (sends back an error packet) depending upon the rules of that filter rule set.
The administrator uses the Network > IP Filter page to view, add, edit, delete, and map IP filters.
Warning:IP filters configuration is a feature for advanced users. Adding and
enabling IP filter sets incorrectly can disable access to your SLC unit.
SLC™ 8000 Advanced Console Manager User Guide79
6: Basic Parameters
Viewing IP Filters
You can view a list of filters and a table showing how each filter is mapped to an interface.
To view a list of IP filters:
1. Click the Network tab and select the IP Filter option. The following page displays:
Figure 6-4 Network > IP Filter
Mapping Rulesets
The administrator can assign an IP Filter Rule Set to a network interface (Ethernet interface), a
modem connected to a device port, or a USB modem or an internal modem (if installed).
To map a ruleset to a network interface:
1. Click the Network tab and select the IP Filter option. The Network > IP Filter page displays.
2. Select the IP filter rule set to be mapped.
3. From the Interface drop-down list, select the desired network interface and click the Map Ruleset button. The Interface and rule set display in the IP Filter Mappings table.
To delete a mapping:
1. Click the Network tab and select the IP Filter option. The Network > IP Filter page displays.
2. Select the mapping from the list and click the Delete Mappings button. The mapping no
longer displays.
3. Click the Apply button.
Enabling IP Filters
On the Network > IP Filter page, you can enable all filters or disable all filters.
SLC™ 8000 Advanced Console Manager User Guide80
6: Basic Parameters
Note:There is no way to enable or disable individual filters.
To enable IP filters:
1. Enter the following:
Enable IP FilterSelect the Enable IP Filter checkbox to enable all filters, or clear the checkbox
to disable all filters. Disabled by default.
Packets DroppedDisplays the number of data packets that the filter ignored (did not respond to).
View only.
Packets RejectedDisplays the number of data packets that the filter sent a “rejected” response to.
View only.
Test TimerTimer for testing IP Filter rulesets. Select No to disable the timer. Select Yes,
minutes (1-120) to enable the timer and enter the number of minutes the timer
should run. The timer automatically disables the IP Filters when the time
expires.
Time RemainingIndicates how many minutes are left on the timer before it expires and IP Filters
disabled. View only.
SLC™ 8000 Advanced Console Manager User Guide81
6: Basic Parameters
Configuring IP Filters
The administrator can add, edit, delete, and map IP filters.
Note:A configured filter has no effect until it is mapped to a network interface.
See Mapping Rulesets on page 80.
To add an IP filter:
1. On the Network > IP Filter page, click the Add Ruleset button. The following page displays:
Figure 6-5 Network > IP Filter Ruleset (Adding/Editing Rulesets)
Rulesets can be added or updated on this page.
2. Enter the following:
Ruleset NameName that identifies a filter; may be composed of letters, numbers, and hyphens
only. (The name cannot start with a hyphen.)
Example:
FILTER-2
SLC™ 8000 Advanced Console Manager User Guide82
6: Basic Parameters
Rule Parameters
IP Address(es)Specify a single IP address to act as a filter.
Example:
Subnet MaskSpecify a subnet mask to act determine how much of the address should apply to
the filter.
Example:
MAC AddressSpecify a single MAC address to act as a filter.
Example: 10:7d:1a:33:5c:e1
ProtocolFrom the drop-down list, select the type of protocol through which the filter will
operate. The default setting is All.
Port RangeEnter a range of destination TCP or UDP port numbers to be tested. An entry is
required for TCP, TCP New, TCP Established, and UDP, and is not allowed for
other protocols. Separate multiple ports with commas. Separate ranges of ports by
colons.
Examples:
22 – filter on port 22 only
23,64,80 – filter on ports 23, 64 and 80
23:64,80,143:150 – filter on ports 23 through 64, port 80 and ports 143 through
ActionSelect whether to Drop, Reject, or Allow communications for the specified IP
address, subnet mask, protocol, and port range. Drop ignores the packet with no
notification. Reject ignores the packet and sends back an error message. Allow
permits the packet through the filter.
ClearClick the Clear button to clear any Rule Parameter information set above.
Generate rule to
allow service
You may wish to “punch holes” in your filter set for a particular protocol or service.
For instance, if you have configured your NIS server and wish to create an opening
in your filter set, select the NIS option and click the Add Rule button. This entry
adds a new rule to your filter set using the NIS -configured IP address. Other
services and protocols added automatically generate the necessary rule to allow
their use.
172.19.220.64 – this specific IP address only
255.255.255.255 to specify the whole address should apply.
150
3. Click the right arrow button to add the new rule to the bottom of the Rules list box on the
right. A maximum of 64 rules can be created for each ruleset.
4. To remove a rule from the filter set, highlight that line and click the left arrow. The rule
populates the rule definition fields, allowing you to make minor changes before reinserting the
rule. To clear the definition fields, click the Clear button.
5. To change the order of priority of the rules in the list box, select the rule to move and use the
up or down arrow buttons on the right side of the filter list box.
6. To save, click the Apply button. The new filter displays in the menu tree.
Note:To add another new filter rule set, click the Back to IP Filter link to return to the
Network > IP Filter page.
Updating an IP Filter
To update an IP filter rule set:
SLC™ 8000 Advanced Console Manager User Guide83
1. From the Network > IP Filter page, the administrator selects the IP filter ruleset to be edited
2. Edit the information as desired and click the Apply button.
Deleting an IP Filter
To delete an IP filter rule set:
1. On the Network > IP Filter page, the administrator selects the IP filter ruleset to be deleted and
IP Filter Commands
Go to IP Filter Commands to view CLI commands which correspond to the web page entries
described above.
Routing
6: Basic Parameters
and clicks the Edit Ruleset button to return to the Network > IP Filter Ruleset (Adding/Editing
Rulesets) page (see Figure 6-5).
clicks the Delete Ruleset button.
The SLC 8000 advanced console manager allows you to define static routes and, for networks
using Routing Information Protocol (RIP)-capable routes, to enable the RIP protocol to configure
the routes dynamically.
To configure routing settings:
1. Click the Network tab and select the Routing option. The following page displays:
Figure 6-6 Network > Routing
2. Enter the following:
SLC™ 8000 Advanced Console Manager User Guide84
6: Basic Parameters
Dynamic Routing
Enable RIPSelect to enable Dynamic Routing Information Protocol (RIP) to assign routes
automatically. Disabled by default.
RIP VersionSelect the RIP version. The default is 2.
Static Routing
Enable Static
Routing
3. Click the Apply button.
Note:To display the routing table, status or specific report, see the section,
Status/Reports on page 309.
Routing Commands
Go to Routing Commands to view CLI commands which correspond to the web page entries
described above.
VPN Settings
This page can be used to create a Virtual Private Network (VPN) tunnel to the SLC unit for secure
communication between the and a remote host or gateway. The SLC unit supports IPSec tunnels
using Encapsulated Security Payload (ESP). The supports host-to-host, net-to-net, host-to-net,
and roaming user tunnels.
Select to assign the routes manually. The system administrator usually provides the
routes. Disabled by default.
To add a static route, enter the IP Address, Subnet Mask, and Gateway for the
route and click the Add/Edit Route button. The route displays in the Static Routes
table. You can add up to 64 static routes.
To edit a static route, select the radio button to the right of the route, change the IP
Address, Subnet Mask, and Gateway fields as desired, and click the Add/Edit
Route button.
To delete a static route, select the radio button to the right of the route and click the
Delete Route button.
Note:To allow VPN tunnel access if the SLC firewall is enabled, traffic to UDP ports 500
and 4500 from the remote host should be allowed, as well as protocol ESP from the
remote host.
The SLC provides a strongSwan-based VPN implementation (version 5.6.3). The SLC UI provides
access to a subset of the strongSwan configuration options, and also allows upload of a custom
ipsec.conf file, which gives an administrator access to most strongSwan configuration options. For
more information on strongSwan, see https://www.strongswan.org
of Internet Key Exchange IKEv1
and IKEv2 cipher suites is available on the strongSwan Wiki. NAT
and the strongSwan FAQ. A list
Traversal is handled automatically without any special configuration. VPN related routes are
installed in a separate table and can be viewed in the detailed VPN status or in the IP Routes
table.
When a tunnel is up, the amount of data passed through the tunnel can be viewed in the status
with the bytes_i (bytes input) and bytes_o (bytes output) counters. An example of the VPN status
is below (the status will vary depending on the authentication, subnets and algorithms used). For
example, the status displays the IP addresses on either side of the tunnel (192.168.1.103 and
220.41.123.45), the type of authentication (pre-shared key authentication), the algorithms in use
SLC™ 8000 Advanced Console Manager User Guide85
6: Basic Parameters
(IKEv1 Aggressive and 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024), when the
tunnel will be rekeyed/SA Lifetime (rekeying in 7 hours), the bytes in and out (131 bytes_i (1 pkt,
93s ago), 72 bytes_o (1 pkt, 94s ago)), a dynamic address assigned to the console manager side
of the tunnel (child: dynamic and 172.28.28.188), and the subnets on both sides of the tunnel
(172.28.28.188/32 === 10.3.0.0/24 10.81.101.0/24 10.81.102.0/24 10.81.103.0/24).
The SLC loads a subset of the available strongSwan plugins
. If an option is given in a custom
ipsec.config file that requires a plugin that is not loaded by the SLC, this may cause an error during
tunnel negotiation. The loaded plugins can be viewed in the VPN Status when the VPN tunnel is
enabled.
Sample ipsec.conf Files are provided for a variety of tunnel configurations and peers. The
strongSwan Wiki also provides a variety of usable examples
addition to interoperability recommendations
.
and sample configurations, in
Depending on the VPN configuration, it may be necessary to enable IP Forwarding or to add static
routes; in some cases traffic may not be passed through the tunnel without enabling IP Forwarding
or static routes. Refer to the VPN routing table that is displayed with the VPN status.
A watchdog program is automatically run when the VPN tunnel is enabled. This program will
detect if the VPN tunnel goes down (for reasons other than the user disabling the tunnel). The
watchdog program will:
Generate a syslog message when the tunnel goes up or down
If traps are enabled, send a slcEventVPNTunnel SNMP trap when the tunnel goes up or down
If an email address is configured in the VPN configuration, send an email when the tunnel
goes up or down
If enabled, automatically restart the VPN tunnel
When using VPN with Network Fail-over, the Local IP Address should not be configured for the
VPN tunnel. This will allow strongSwan to automatically determine the IP address on the local
SLC™ 8000 Advanced Console Manager User Guide86
6: Basic Parameters
(console manager) side of the tunnel based on the network configuration during both fail-over and
fail-back.
VPN tunnels over an console manager Ethernet interfaces that is configured with an MTU less
than 256 may experience issues (traffic loss, etc).
To set up a VPN connection:
1. Click the Network tab and select the VPN option. The following page displays:
SLC™ 8000 Advanced Console Manager User Guide87
Figure 6-7 Network > VPN (1 of 2)
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide88
Figure 6-8 Network > VPN (2 of 2)
6: Basic Parameters
2. Enter the following:
Enable VPN TunnelSelect to create a tunnel. Disabling this option will terminate any currently
running tunnel.
Note: The VPN peer that sends the first packet in tunnel bringup is the
initiator or client; the VPN peer that listens for and responds to the first
packet is the responder or server. In general, the responder / server side
should be started before the initiator / client side. If it is desired to have the
console manager VPN tunnel automatically reconnect when the remote
peer disconnects and then reconnects, the console manager side of the
tunnel should be started first so that it will act as a responder or server. If
the console manager side of the tunnel is started after the remote peer, the
console manager will act as a initiator / client, and may not automatically
reconnect when the remote peer disconnects and is brought back up.
NameThe name assigned to the tunnel. Required to create a tunnel.
Remote PeerThe IP address or FQDN of the remote host's public network interface. The
special value of any can be entered to signify an address to be filled in by
automatic keying during negotiation. The console manager will act as a
responder/server.
Remote IdHow the remote host should be identified for authentication. The Id is used
to select the proper credentials for communicating with the remote host.
Remote Hop/RouterIf the remote host is behind a gateway, this specifies the IP address of the
gateway's public network interface. This option is deprecated and is no
longer supported.
SLC™ 8000 Advanced Console Manager User Guide89
6: Basic Parameters
Remote Subnet(s)One or more allowed subnets behind the remote host, expressed in CIDR
notation (IP address/mask bits). If multiple subnets are specified, the
subnets should be separated by a comma. Up to 10 local subnets
supported.
Configured subnets of the peers may differ, the protocol narrows it to the
greatest common subnet. In IKEv1, this may lead to problems with other
implementations. Make sure to configure identical subnets in such
configurations.
If the remote subnet is not defined, it will be assumed that the remote end of
the connection goes to the remote peer only.
Remote Source IP The internal source IP to use in a tunnel(Virtual IP). Currently the accepted
values are config, CIDR Notation, IP Address Range or poolname. If the
value is config on the responder side, the initiator must propose an address
which is then echoed back. The supported address pools are expressed as
CIDR notation and IP Address range as - or the use of an external IP
address pool using poolname is the name of the IP address pool used for
the lookup.
Local IP AddressThe IP address of the SLC (local) side of the tunnel, specifically the public-
network interface. If no IP address is given, the value %any will be used in
ipsec.conf (this is the default), signifying an address to be filled in (by
automatic keying) during negotiation. If the SLC initiates the connection
setup the routing table will be queried to determine the correct local IP
address. In case the SLC is responding to a connection setup then any IP
address that is assigned to a local interface will be accepted.
Local IdHow the SLC unit should be identified for authentication. The Id is used by
the remote host to select the proper credentials for communicating with the
SLC unit.
Local Hop/RouterIf the SLC unit is behind a gateway, this specifies the IP address of the
gateway's public network interface. This option is deprecated and is no
longer supported.
Local Subnet(s)One or more subnets behind the SLC unit, expressed in CIDR notation (IP
address/mask bits). If multiple subnets are specified, the subnets should be
separated by a comma. Up to 10 local subnets supported.
Configured subnets of the peers may differ, the protocol narrows it to the
greatest common subnet. In IKEv1, this may lead to problems with other
implementations. Make sure to configure identical subnets in such
configurations.
If the local subnet is not defined, it will be assumed that the local end of the
connection goes to the console manager only.
Local Source IPThe internal source IP to use in a tunnel (Virtual IP). Currently the accepted
values are config4, config6 or Valid IP Address. With config4 and config6
an address of the given address family will be requested explicitly. If an IP
address is configured, it will be requested from the responder, which is free
to respond with a different address.
SLC™ 8000 Advanced Console Manager User Guide90
6: Basic Parameters
IKE NegotiationThe Internet Key Exchange (IKE) protocol is used to exchange security
options between two hosts who want to communicate via IPSec. The first
phase of the protocol authenticates the two hosts to each other and
establishes the Internet Security Association Key Management Protocol
Security Association (ISAKMP SA). The second phase of the protocol
establishes the cryptographic parameters for protecting the data passed
through the tunnel, which is the IPSec Security Association (IPSec SA). The
IPSec SA can periodically be renegotiated to ensure security.
The IKE protocol can use one of two modes: Main Mode, which provides
identity protection and takes longer, or Aggressive Mode, which provides
no identity protection but is quicker. With Aggressive Mode, there is no
negotiation of which cryptographic parameters will be used; each side must
give the correct cryptographic parameters in the initial package of the
exchange, otherwise the exchange will fail. If Aggressive Mode is used, the
IKE Encryption, IKE Authentication, and IKE DH Group must be
specified.
IKE Version IKE Version settings to be used. Currently the accepted values are IKEv1,
IKEv2 and Any. Default is IKEv2. Any uses IKEv2 when initiating but will
accept any protocol version while responding.
It is recommended that any IKE Encryption or ESP Encryption parameters
that are selected be supported by the IKE Version that is used. Refer to the
list of
IKEv1 and IKEv2 cipher suites for more information.
IKE EncryptionThe type of encryption, 3DES, AES, AES192 or AES256, used for IKE
negotiation. Any can be selected if the two sides can negotiate which type of
encryption to use.
Note: If IKE Encryption, Authentication and DH Group are set to Any,
default cipher suite(s) will be used. If the console manager acts as an
initiator, the tunnel will use a default IKE cipher of aes128-sha256-ecp256
(for IKEv1). For IKEv2 or when the console manager is the responder in
tunnel initiation, it will propose a set of cipher suites and will accept the first
supported proposal received from the peer.
IKE Authentication The type of authentication, SHA2_256, SHA2_384, SHA2_512, SHA1, or
MD5, used for IKE negotiation. Any can be selected if the two sides can
15 (modp3072), 16 (modp4096), 17 (modp6144), 18 (modp8192) or 19
(ecp256) can be used for IKE negotiation. Any can be selected if the two
sides can negotiate which Diffie-Hellman Group to use.
SLC™ 8000 Advanced Console Manager User Guide91
6: Basic Parameters
ESP EncryptionThe type of encryption, 3DES , AES, AES192 or AES256, used for
encrypting the data sent through the tunnel. Any can be selected if the two
sides can negotiate which type of encryption to use.
Note: If ESP Encryption, Authentication and DH Group are set to Any,
default cipher suite(s) will be used. If the console manager acts as an
initiator, the tunnel will use a default ESP cipher of aes128-sha256 (for
IKEv1). For IKEv2 or when the console manager is the responder in tunnel
initiation, it will propose a set of cipher suites and will accept the first
supported proposal received from the peer. The proposal sent from the
remote peer and the proposal used by the console manager can be viewed
in the VPN logs. If there is no match between the two sets of proposals, the
tunnel will fail with the message
no matching proposal found,
sending NO_PROPOSAL_CHOSEN. If a matching proposal is found,
tunnel negotiation will proceed. Below is an example of no matching
proposal in the log messages:
charon: 04[CFG] received proposals:
ESP:AES_CBC_128/HMAC_SHA2_256_128/ECP_256/
NO_EXT_SEQ
15 (modp3072), 16 (modp4096), 17 (modp6144), 18 (modp8192) or 19
(ecp256) can be used for the key exchange for data sent through the tunnel.
Any can be selected if the two sides can negotiate which Diffie-Hellman
Group to use.
Note: PFS is automatically enabled by configuring ESP Encryption to use
a DH Group (ESP Encryption without a DH Group will disable PFS); see
Perfect Forward Secrecy below.
SLC™ 8000 Advanced Console Manager User Guide92
6: Basic Parameters
AuthenticationThe type of authentication used by the host on each side of the VPN tunnel
to verify the identity of the other host.
For RSA Public Key, each host generates a RSA public-private key pair,
and shares its public key with the remote host. The RSA Public Key for
the SLC unit (which has 4096 bits) can be viewed at either the web or
CLI.
For Pre-Shared Key, each host enters the same passphrase to be used
for authentication.
For X.509 Certificate, each host is configured with a Certificate Authority
certificate along with a X.509 certificate with a corresponding private key,
and shares the X.509 certificate with the remote host.
Before using RSA Public Key authentication, select Generate SLC RSA Key to generate the SLC’s RSA public/private key pair. This RSA key can
be regenerated at any time.
Note: strongSwan does not support IKEv1 aggressive mode with Pre-
Shared Key authorization without XAUTH enabled. If a tunnel is initiated
RSA Public Key for
Remote Peer
with this configuration the log message
disabled for security reasons
will not be initiated. It is possible to override this behavior, but it is not
recommended.
If RSA Public Key is selected for authentication, the remote peer's public
key can be uploaded or deleted. If a public key has been uploaded this field
will display key installed. The peer RSA public key must be in Privacy
Enhanced Mail (PEM) format, e.g.:
Aggressive Mode PSK
will be displayed, and a tunnel
-----BEGIN PUBLIC KEY----(certificate in base64 encoding)
-----END PUBLIC KEY-----
Pre-Shared KeyIf Pre-Shared Key is selected for authentication, enter the key.
Retype Pre-Shared KeyIf Pre-Shared Key is selected for authentication, re-enter the key.
Certificate Authority for
Remote Peer
Certificate File for Remote
Peer
A certificate can be uploaded to the SLC unit for peer authentication. The
certificate for the remote peer is used to authenticate the SLC to the remote
peer, and at a minimum contains the public certificate file of the remote
peer. The certificate may also contain a Certificate Authority file; if the
Certificate Authority file is omitted, the SLC may display "issuer cacert not
found" and "X.509 certificate rejected" messages, but still authenticate. The
Certificate Authority file and public certificate File must be in PEM format,
e.g.:
-----BEGIN CERTIFICATE----(certificate in base64 encoding)
-----END CERTIFICATE-----
SLC™ 8000 Advanced Console Manager User Guide93
6: Basic Parameters
Certificate Authority for
Local Peer
Certificate File for Local
Peer
Key File for Local Peer
A certificate can be uploaded to the SLC unit for peer authentication. The
certificate for the local peer is used to authenticate any remote peer to the
SLC, and contains a Certificate Authority file, a public certificate file, and a
private key file. The public certificate file can be shared with any remote
peer for authentication. The Certificate Authority and public certificate file
must be in PEM format, e.g.:
-----BEGIN CERTIFICATE----(certificate in base64 encoding)
-----END CERTIFICATE-----
The key file must be in RSA private key file (PKCS#1) format, eg:
-----BEGIN RSA PRIVATE KEY----(private key in base64 encoding)
-----END RSA PRIVATE KEY-----
Perfect Forward Secrecy
(PFS)
SA LifetimeHow long a particular instance of a connection should last, from successful
When a new IPSec SA is negotiated after the IPSec SA lifetime expires, a
new Diffie-Hellman key exchange can be performed to generate a new
session key to be used to encrypt the data being sent through the tunnel. If
this is enabled, it provides greater security, since the old session keys are
destroyed.
This option is deprecated and is no longer supported. With
strongSwan, PFS is automatically enabled by configuring ESP Encryption to
use a DH Group (ESP Encryption without a DH Group will disable PFS).
Using PFS introduces no significant performance overhead, unless
rekeying is done more than 80 IPsec SAs per second.
negotiation to expiry, in seconds. Normally, the connection is renegotiated
(via the keying channel) before it expires.
The formula for how frequently rekeying (renegotiation) is done is:
So the rekeying time will vary between 42 minutes and 51 minutes.
It is recommended that the SA Lifetime be set greater than 540 seconds;
any values less than 540 seconds may require adjustments to the
margintime and rekeyfuzz values (which can be set with a custom
ipsec.conf file). Some peer devices (Cisco, etc) may require that the SA
Lifetime be set to a minimum of 3600 seconds in order for the VPN tunnel to
come up and rekeying to function properly.
For more information see the
Mode Configuration ClientIf this is enabled, the SLC unit can receive network configuration from the
remote host. This allows the remote host to assign an IP address/netmask
to the SLC side of the VPN tunnel. This option is deprecated and is no
longer supported.
strongSwan Expiry documentation.
SLC™ 8000 Advanced Console Manager User Guide94
6: Basic Parameters
XAUTH ClientIf this is enabled, the SLC unit will send authentication credentials to the
remote host if they are requested. XAUTH, or Extended Authentication, can
be used as an additional security measure on top of the Pre-Shared Key or
RSA Public Key. This is typically used with Cisco peers, where the Cisco
peer is acting as an XAUTH server.
XAUTH Login (Client)If XAUTH Client is enabled, this is the login used for authentication.
XAUTH Password/Retype
Password
Remote Peer TypeDefines the type of the remote peer, either IETF (non-Cisco) or Cisco.
Cisco UnityIf enabled, sends the Cisco Unity vendor ID payload (IKEv1 only), indicating
Mode ConfigIn remote access scenarios, it is highly desirable to be able to push
Force EncapsulationIn some cases, for example when ESP packets are filtered or when a
Dead Peer DetectionSets the delay (in seconds) between Dead Peer Detection (RFC 3706)
Dead Peer Detection
Timeout
Dead Peer Detection Action When a Dead Peer Detection enabled peer is declared dead, the action that
If XAUTH Client is enabled, this is the password used for authentication.
When set to Cisco, support for Cisco IPsec gateway redirection and Cisco
obtained DNS and domainname are enabled. This option is deprecated
and is no longer supported.
that the SLC is acting as a Cisco Unity compliant peer. This indicates to the
remote peer that Mode Config is supported (an IKE configuration method
that is widely adopted, documented
configuration information such as the private IP address, a DNS server's IP
address, and so forth, to the client. This option defines which mode is used:
pull where the config is pulled from the peer (the default), or push where
the config is pushed to the peer. Push mode is not supported with IKEv2.
broken IPsec peer does not properly recognise NAT, it can be useful to
force RFC-3948 encapsulation.
keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for the tunnel
(default 30 seconds). Dead Peer Detection can also be disabled.
Sets the length of time (in seconds) the SLC will idle without hearing either
an R_U_THERE poll from the peer, or an R_U_THERE_ACK reply. The
default is 120 seconds. After this period has elapsed with no response and
no traffic, the SLC will declare the peer dead, remove the Security
Association (SA), and perform the action defined by Dead Peer Detection Action.
should be taken. Hold (the default) means the tunnel will be put into a hold
status. Clear means the Security Association (SA) will be cleared. Restart
means the SA will immediately be renegotiated.
here).
SLC™ 8000 Advanced Console Manager User Guide95
6: Basic Parameters
Custom ipsec.conf
Configuration
A custom ipsec.conf file can be uploaded to the SLC. This file can include
any of the strongSwan options which are not configurable from the UIs. The
ipsec.conf file should include one
defines the tunnel parameters. An ipsec.conf file containing more than one
conn <Tunnel Name> section which
conn section will be rejected for upload.
When a custom ipsec.conf file has been uploaded to the console manager,
any VPN options configured via the UIs (with the exception of authentication
tokens, see below) are ignored, and the UIs will not display the options
given in the custom ipsec.conf file.
A description of the format of the ipsec.conf file as well as all strongSwan
options is available
all options listed in the strongSwan ipsec.conf documentation will be
supported by the SLC.
Any authentication tokens (pre-shared keys, RSA keys, X.509 certificates)
required by the custom ipsec.conf must be configured through the SLC UIs,
and must be configured or installed before a tunnel is brought up with an
uploaded ipsec.conf file. When a tunnel is started with a custom ipsec.conf
file, the authentication tokens required for the
verified to exist before the tunnel is started. For example, if
here. The SLC uses strongSwan version 5.6.3, so not
authby parameter are
authby=rsasig, the SLC will verify that the SLC RSA public/private
key has been generated and that the peer RSA public key has been
uploaded.
To upload a custom ipsec.conf file, select the Upload File link next to the
Uploaded Configuration field.
To delete an uploaded custom ipsec.conf file, select the Delete Configuration File checkbox next to the Uploaded Configuration field.
To view an uploaded custom ipsec.conf file, select the View Configuration
link next to the Uploaded Configuration field. If a file has been uploaded it
will be displayed; otherwise the auto-generated file will be displayed if it
exists. The file is auto-generated when a tunnel is enabled (if a custom file
has not been uploaded).
To download the current in-use ipsec.conf file (either the ipsec.conf file
automatically generated by the SLC or an uploaded custom ipsec.conf file),
select the Download Configuration button. Downloading the ipsec.conf file
automatically generated by the SLC is a good starting point for adding extra
VPN options; the tunnel must be enabled in order for the SLC to autogenerate an ipsec.conf file that can be downloaded.
Tunnel RestartIf enabled, the watchdog program will automatically restart the VPN tunnel
when the tunnel goes down.
Email AddressEmail address to receive email alerts when the tunnel goes up or down.
3. To save, click Apply button.
More Actions on the VPN page:
To see details of the VPN tunnel connection, including the cryptographic algorithms used,
select the View Detailed Status link.
To see the last 200 lines of the logs associated with the VPN tunnel, select the View VPN
Logs link.
To see the RSA public key for the SLC unit (required for configuring the remote host if RSA
Public Keys are being used), and the RSA public key for the remote peer, select the View
console manager and Remote Peer RSA Public Key link.
To see the X.509 Certificates for the local peer and the remote peer, select the View X.509
Certificates link.
SLC™ 8000 Advanced Console Manager User Guide96
6: Basic Parameters
Sample ipsec.conf Files
Sample ipsec.conf files are provided for a variety of tunnel setups and peers. In all examples, any
left options are for the console manager/local side of the tunnel, and any right options are for the
remote side of the tunnel.
Cisco Pre-Shared Key / XAUTH / MODECFG / IKEv1
Cisco ASA5525x Pre-Shared Key / IKEv1
Cisco ASA5525x Pre-Shared Key / IKEv2
Cisco ISR 2921 Pre-Shared Key / XAUTH / IKEv2
Cisco Pre-Shared Key / XAUTH / MODECFG / IKEv1
This configuration is an example of a remote access connection to a Cisco VPN server / responder
that uses XAUTH and MODECFG
servers to a VPN client. The use of aggressive mode requires that ike and esp algorithms be
specified and exactly match what the Cisco server is expecting.
to authenticate and push dynamic IP addresses and DNS
Console manager configuration
The pre-shared key and the XAUTH password need to be configured via the console manager UI.
tunnel-group 192.168.1.204 type ipsec-l2l
tunnel-group 192.168.1.204 ipsec-attributes
ikev1 pre-shared-key *****
Cisco ASA5525x Pre-Shared Key / IKEv2
6: Basic Parameters
This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server /
responder. The aggressive setting can be either yes
configuration.
Console manager configuration
The pre-shared key needs to be configured via the console manager UI.