Lantronix SLC 8000, SLC 8048, SLC 8016 User Manual

Download

SLC™ 8000

Advanced Console Manager

User Guide

Part Number 900-704-R

Revision R November 2019

Intellectual Property

Lantronix and Lantronix Spider are registered trademarks of Lantronix, Inc. in the United States and other countries. SLC and vSLM are trademarks of Lantronix, Inc.

Patented: patents.lantronix.com

Windows and Internet Explorer are registered trademarks of Microsoft Corporation. Firefox is a registered trademark of the Mozilla Foundation. Chrome is a trademark of Google Inc. All other trademarks and trade names are the property of their respective holders.

Warranty

For details on the Lantronix warranty policy, please go to our web site at

http://www.lantronix.com/support/warranty

Contacts

Lantronix Corporate Headquarters

7535 Irvine Center Drive Suite100 Irvine, CA 92618, USA

Toll Free: 800-526-8766 Phone: 949-453-3990 Fax: 949-453-3995

Technical Support

Online: www.lantronix.com/support

; additional patents pending.

Sales Offices

For a current list of our domestic and international sales offices, go to the Lantronix web site at

www.lantronix.com/about/contact

GNU General Public License Notice

This product includes open source software, including software subject to the GNU General Public Licenses (“GPL”). Lantronix will provide a CD-ROM containing the source files subject to the GPL upon request by mail. To request a CD containing the source files, send a check payable to “Lantronix, Inc.” for US $50.00 (per product) to the address below. This nominal charge covers Lantronix’ costs for duplication, media, and postage. Your request should identify the Lantronix product for which source code is desired, and the check must indicate “Open Source CD Request”. Please allow 6-8 weeks for the CD to be shipped. For GPL source code requests or inquiries please contact write to Lantronix, Inc., Attn: Open Source Request, 7535 Irvine Center Drive, Irvine, CA 92618 USA. Any GPL Code made available is for informational purposes only and distributed “As is" with no support and/or warranty of any kind intended, implied, or provided.

SLC™ 8000 Advanced Console Manager User Guide 2

Disclaimer & Revisions

All information contained herein is provided “AS IS.” Lantronix undertakes no obligation to update the information in this publication. Lantronix does not make, and specifically disclaims, all warranties of any kind (express, implied or otherwise) regarding title, non-infringement, fitness, quality, accuracy, completeness, usefulness, suitability or performance of the information provided herein. Lantronix shall have no liability whatsoever to any user for any damages, losses and causes of action (whether in contract or in tort or otherwise) in connection with the user’s access or usage of any of the information or content contained herein. The information and specifications contained in this document are subject to change without notice.

Operation of this equipment in a residential area is likely to cause interference, in which case the user, at his or her own expense, will be required to take whatever measures may be required to correct the interference.

Note: This equipment has been tested and found to comply with the limits for Class A digital

device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with this user guide, may cause interference to radio communications. Operation of this equipment in a residential area is likely to cause interference, in which case the user will be required to correct the interference at his own expense.

User Information

Class A Equipment (Broadcasting and communication equipments for office work)

Seller and user shall be noticed that this equipment is suitable for electromagnetic equipments for office work (Class A) and it can be used outside home.

Changes or modifications made to this device that are not explicitly approved by Lantronix will void the user's authority to operate this device.

声明

此为 A 级产品，在生活环境中，该产品可能会造成无线电干扰。在这种情况下，可能需要用户对其干扰采取切实可行的措施。

사용자안내문

기 종 별 사 용 자 안 내 문

A 급 기기 ( 업무용방송통신기자재 )

이 기기는 업무용 (A 급 ) 전자파적합기기로서 판매자 또는 사용자는 이 점을 주의하시기 바라며 , 가정외의 지역에서 사용하는 것을 목적으로 합니다 .

SLC™ 8000 Advanced Console Manager User Guide 3

Revision History

Date Rev. Comments

March 2014 A Preliminary release.

October 2014 B Initial document for firmware release 7.1.0.0.

June 2015 C Updated for firmware release 7.2.0.0.

June 2016 D Updated for firmware release 7.3.0.0.

January 2017 E Updated power cord information.

June 2017 F Updated for firmware release 7.4.0.0 and for new dual SFP transceiver port or

September 2017 G Updated part number.

February 2018 H Updated for firmware release 7.5.0.0.

March 2018 J Updated to include additional SLC hardware and new trap information for firmware

June 2018 K Updated for firmware release 7.6.0.1R6.

August 2018 L Updated fail-over gateway details for Network Settings for firmware release

January 2019 M Updated for firmware release 7.7.0.0. Software changes include:

March 2019 N Updated for firmware release 7.8.0.0.

April 2019 P Updated for firmware release 7.9.0.0.

Changes include new operating atmosphere information and warning language in Chinese and Korean. Software changes include additions in Telnet, SSH and TCP timeout directions, number of sessions message, idle timeout message, VBUS enabling, assert DTR, run web server, added mounted column information for NFS Mounts, masked CHAP secret and DOD CHAP secret fields, USB devices in diagnostics and addition of SSH bit option. SSL settings were removed so the SSLv2 protocol option is no longer available.

dual Ethernet port capability options. Updated the following:

 IPv6 Neighbor Table, Ethernet Bonding Status links, and IPv6 Forward Flag

under Network Settings.

 IKE v2, x.509 Certificate, Certificate Authority/Certificate File for Remote Peer,

Certificate Authority/Certificate File/Key File for Local Peer, SA Lifetime, Remote and Dead Peer settings under Network VPN.

 Enable v1/v2c, Trap Version, Alarm Delay to SNMP, and Trap User Name,

Password and Passphrase under SNMP Services.

 Added ability change and reset BootCount, BootDelay and BootLimit.

release 7.5.0.0.

7.6.0.1.

 hostname resolution in local hosts table  extended device port timers range  new user notifications when connecting to a device port  support for iPerf3  support for dual channel USB devices  auto enable DTR on device ports  Xmodem support  device port baud rate can be set while connected to a device port  openSSH and openSSL upgraded  SNMP v3 SHA2 support  expanded support for HSPA+ gateway integration

Added support for custom Expect scripts that can be connected to the SLC CLI or a device port.

 Added support for custom Python and Tcl scripts.

SLC™ 8000 Advanced Console Manager User Guide 4

Date

Rev. Comments

(continued)

November 2019 R Updated the following:

 Starting with release 8.0.0.0, added support for CLI commands issued from

ConsoleFlow in bulk

 Starting with release 8.1.0.0, added VPN interoperability and configuration.  Starting with release 8.3.0.0, newly manufactured factory default SLC units use

a device-unique default password for local user sysadmin accounts.

SLC™ 8000 Advanced Console Manager User Guide 5

Intellectual Property ________________________________________________________2 Warranty _________________________________________________________________2 Contacts _________________________________________________________________2 GNU General Public License Notice ____________________________________________ 2 Disclaimer & Revisions ______________________________________________________3 Revision History ___________________________________________________________4 Table of Contents __________________________________________________________6 List of Figures ____________________________________________________________16 List of Tables ____________________________________________________________20

1: About this Guide 21

Purpose and Audience _____________________________________________________21 Summary of Chapters ______________________________________________________21 Additional Documentation ___________________________________________________22

2: Introduction 23

Features ________________________________________________________________23

Console Management __________________________________________________23 Power _______________________________________________________________24

Integration with Other Secure Lantronix Products _____________________________24 Hardware ________________________________________________________________24 System Features __________________________________________________________26

Protocols Supported ____________________________________________________27

Access Control ________________________________________________________27

Device Port Buffer _____________________________________________________27

Configuration Options ___________________________________________________27

Device Port and Console Port Interfaces ____________________________________28

Network Connections ___________________________________________________31

Front Panel USB Ports __________________________________________________32

Memory Card Port _____________________________________________________32

Internal Modem ________________________________________________________ 33

3: Installation 34

What's in the Box _________________________________________________________34

Customize an SLC 8000 _________________________________________________ 35

Product Label _________________________________________________________36 Technical Specifications ____________________________________________________36 Physical Installation ________________________________________________________38

Connecting to a Device Port ______________________________________________38

SLC™ 8000 Advanced Console Manager User Guide 6

Modular Expansion for I/O Module Bays ____________________________________ 40

Connecting to Network Ports _____________________________________________41

Connecting Terminals ___________________________________________________ 41

AC Input _____________________________________________________________ 42

Modem Installation _____________________________________________________43

Battery Replacement ___________________________________________________ 46

4: Quick Setup 50

Recommendations ________________________________________________________50 Method #1 Using the Front Panel Display _______________________________________51

Front Panel LCD Display and Keypads _____________________________________ 51

Navigating ____________________________________________________________ 51

Entering the Settings ___________________________________________________53

Restoring Factory Defaults _______________________________________________54

Limiting Sysadmin User Access ___________________________________________54 Method #2 Quick Setup on the Web Page ______________________________________ 55

Network Settings ______________________________________________________56

Date & Time Settings ___________________________________________________ 57

Administrator Settings __________________________________________________57 Method #3 Quick Setup on the Command Line Interface ___________________________58 Next Step _______________________________________________________________61

5: Web and Command Line Interfaces 62

Web Manager ____________________________________________________________62

Logging in ____________________________________________________________64

Logging Out __________________________________________________________ 64

Web Page Help _______________________________________________________65 Command Line Interface ____________________________________________________65

Logging In ____________________________________________________________65

Logging Out __________________________________________________________ 66

Command Syntax ______________________________________________________66

Command Line Help ____________________________________________________66

Tips _________________________________________________________________66

6: Basic Parameters 69

Requirements ____________________________________________________________69 Network Port Settings ______________________________________________________70

Ethernet Interfaces (Eth1 and Eth2) ________________________________________73

Hostname & Name Servers ______________________________________________75

DNS Servers __________________________________________________________75

DHCP-Acquired DNS Servers ____________________________________________ 75

TCP Keepalive Parameters ______________________________________________ 75

SLC™ 8000 Advanced Console Manager User Guide 7

Gateway _____________________________________________________________76

Fail-Over Settings ______________________________________________________76

Fail-Over Cellular Gateway Configuration ___________________________________ 77

Advanced Cellular Gateway Configuration ___________________________________78

Fail-Over Cellular Gateway Firmware _______________________________________78

Load Cellular Gateway Firmware Options ___________________________________79

Ethernet Counters _____________________________________________________79

Network Commands ____________________________________________________79 IP Filter _________________________________________________________________79

Viewing IP Filters ______________________________________________________80

Mapping Rulesets ______________________________________________________80

Enabling IP Filters _____________________________________________________80

Configuring IP Filters ___________________________________________________ 82

Rule Parameters _______________________________________________________ 83

Updating an IP Filter ____________________________________________________83

Deleting an IP Filter ____________________________________________________ 84

IP Filter Commands ____________________________________________________84 Routing _________________________________________________________________84

Dynamic Routing ______________________________________________________85

Static Routing _________________________________________________________85

Routing Commands ____________________________________________________85 VPN Settings _____________________________________________________________85

Sample ipsec.conf Files _________________________________________________ 97

VPN Commands ______________________________________________________102 Security ________________________________________________________________102 Performance Monitoring ___________________________________________________105

Performance Monitoring - Add/Edit Probe __________________________________108

Performance Monitoring - Results ________________________________________ 110

Performance Monitoring Commands ______________________________________114 FQDN List ______________________________________________________________114

7: Services 116

System Logging and Other Services __________________________________________116 SSH/Telnet/Logging ______________________________________________________117

System Logging ______________________________________________________118

Audit Log ___________________________________________________________118

SMTP ______________________________________________________________ 118

SSH _______________________________________________________________119

Telnet ______________________________________________________________ 119

Web SSH/Web Telnet Settings __________________________________________120

Phone Home _________________________________________________________120

SSH Commands ______________________________________________________120

Logging Commands ___________________________________________________120

SLC™ 8000 Advanced Console Manager User Guide 8

SNMP _________________________________________________________________120

v1/v2c Communities ___________________________________________________123

Version 3 ___________________________________________________________123

V3 User Read-Only ___________________________________________________123

V3 User Read-Write ___________________________________________________124

V3 User Trap ________________________________________________________124

Services Commands __________________________________________________124 NFS and SMB/CIFS ______________________________________________________124

SMB/CIFS Share _____________________________________________________ 126

NFS and SMB/CIFS Commands _________________________________________ 126 Secure Lantronix Network __________________________________________________127

Browser Issues _______________________________________________________130 Troubleshooting Browser Issues _____________________________________________131

Web SSH/Telnet Copy and Paste ________________________________________132

Secure Lantronix Network Commands _____________________________________133 Date and Time ___________________________________________________________133

Date and Time Commands ______________________________________________ 135 Web Server _____________________________________________________________135

Admin Web Commands ________________________________________________ 137

Services - SSL Certificate _______________________________________________ 137

Services - Web Sessions _______________________________________________ 140 ConsoleFlow ____________________________________________________________140

ConsoleFlow Commands _______________________________________________145

8: USB/SD Card Port 146

Set Up of USB/SD Card Storage ____________________________________________146

Data Settings ________________________________________________________ 150

Modem Settings ______________________________________________________ 150

Text Mode ___________________________________________________________ 151

PPP Mode __________________________________________________________152

IP Settings __________________________________________________________153 Manage Files ____________________________________________________________153

USB Commands ______________________________________________________154

SD Card Commands __________________________________________________154

9: Device Ports 155

Connection Methods ______________________________________________________155 Permissions _____________________________________________________________155 I/O Modules _____________________________________________________________156 Device Status ___________________________________________________________157 Device Ports ____________________________________________________________158

Telnet/SSH/TCP in Port Numbers ________________________________________ 159

DevicePort Global Commands ___________________________________________159

SLC™ 8000 Advanced Console Manager User Guide 9

Device Ports - Settings ____________________________________________________160

Device Port Settings ___________________________________________________162

IP Settings __________________________________________________________164

Data Settings ________________________________________________________ 165

Hardware Signal Triggers _______________________________________________166

Modem Settings (Device Ports) __________________________________________167

Modem Settings: Text Mode _____________________________________________ 168

Modem Settings: PPP Mode ____________________________________________169

Port Status and Counters _______________________________________________170

Device Ports - Power Management _______________________________________170

Device Ports - RPMs - Add Device ________________________________________ 173

Device Port - Sensorsoft Device __________________________________________ 175

Device Port Commands ________________________________________________ 176

Device Commands ____________________________________________________176 Interacting with a Device Port _______________________________________________176 Device Ports - Logging and Events ___________________________________________177

Local Logging ________________________________________________________177

NFS File Logging _____________________________________________________177

USB and SD Card Logging ______________________________________________ 178

Token/Data Detection __________________________________________________178

Syslog Logging _______________________________________________________178

Token & Data Detection ________________________________________________179

Local Logging ________________________________________________________181

Log Viewing Attributes _________________________________________________181

NFS File Logging _____________________________________________________181

USB / SD Card Logging ________________________________________________ 181

Syslog Logging _______________________________________________________181

Logging Commands ___________________________________________________182 Console Port ____________________________________________________________182

Console Port Commands _______________________________________________183 Internal Modem Settings ___________________________________________________183

Setting Up Internal Modem Storage _______________________________________183

Internal Modem Commands _____________________________________________187 Xmodem _______________________________________________________________187 Host Lists ______________________________________________________________190

Host Parameters ______________________________________________________ 191

Host Parameters ______________________________________________________ 192

Host List Commands __________________________________________________193 Scripts _________________________________________________________________193

Scripts ______________________________________________________________ 195

Script Commands _____________________________________________________200

Batch Script Syntax ___________________________________________________200

Interface Script Syntax _________________________________________________200

SLC™ 8000 Advanced Console Manager User Guide 10

Primary Commands ___________________________________________________201

Secondary Commands _________________________________________________203

Control Flow Commands _______________________________________________ 204

Custom Script Syntax __________________________________________________205

Example Scripts ______________________________________________________ 206 Sites __________________________________________________________________222

Site Commands ______________________________________________________ 225 Modem Dialing States _____________________________________________________ 225

Dial In ______________________________________________________________225

Dial-back ____________________________________________________________ 226

Dial-on-demand ______________________________________________________ 227

Dial-in & Dial-on-demand _______________________________________________227

Dial-back & Dial-on-demand _____________________________________________ 228

CBCP Server and CBCP Client __________________________________________229

CBCP Server ________________________________________________________ 229

CBCP Client _________________________________________________________229

Key Sequences ______________________________________________________230

10: Remote Power Managers 231

Devices - RPMs _________________________________________________________231

RPMs - Add Device ___________________________________________________234 RPMs - Manage Device ___________________________________________________237 RPMs - Outlets __________________________________________________________240 RPM Shutdown Procedure _________________________________________________241 Optimizing and Troubleshooting RPM Behavior _________________________________243

RPM Commands _____________________________________________________244

11: Connections 245

Typical Setup Scenarios for the SLC Unit ______________________________________245

Terminal Server ______________________________________________________ 245

Remote Access Server _________________________________________________246

Reverse Terminal Server _______________________________________________ 246

Multiport Device Server ________________________________________________247

Console Server _______________________________________________________247

Connection Configuration _______________________________________________248

Connection Commands ________________________________________________ 250

12: User Authentication 251

Authentication Commands ______________________________________________253 User Rights _____________________________________________________________253 Local and Remote User Settings ____________________________________________255

Sysadmin Account Default Login Values ___________________________________ 256

SLC™ 8000 Advanced Console Manager User Guide 11

Adding, Editing or Deleting a User ________________________________________257

Shortcut ____________________________________________________________261

Local Users Commands ________________________________________________261

Remote User Rights Commands _________________________________________261 NIS ___________________________________________________________________262

NIS Commands ______________________________________________________265 LDAP __________________________________________________________________265

LDAP Commands _____________________________________________________269 RADIUS ________________________________________________________________270

RADIUS Commands ___________________________________________________273

User Attributes & Permissions from LDAP Schema or RADIUS VSA _____________ 273 Kerberos _______________________________________________________________274

Kerberos Commands __________________________________________________ 277 TACACS+ ______________________________________________________________277

TACACS+ Groups ____________________________________________________278

TACACS+ Commands _________________________________________________281 Groups ________________________________________________________________282

Group Commands ____________________________________________________285 SSH Keys ______________________________________________________________285

Imported Keys _______________________________________________________285

Exported Keys _______________________________________________________285

Imported Keys (SSH In) ________________________________________________ 287

Host & Login for Import _________________________________________________ 287

Exported Keys (SSH Out) _______________________________________________ 287

Host and Login for Export _______________________________________________288

SSH Commands ______________________________________________________290 Custom Menus __________________________________________________________290

Custom User Menu Commands __________________________________________293

13: Maintenance 294

Firmware & Configurations _________________________________________________294

Zero Touch Provisioning Configuration Restore ______________________________ 294

HTTPS Push Configuration Restore _______________________________________ 295

Internal Temperature __________________________________________________ 297

Site Information ______________________________________________________297

SLC Firmware ________________________________________________________ 297

Boot Banks and Bootloader Settings ______________________________________298

Load Firmware Via Options _____________________________________________ 299

Configuration Management _____________________________________________299

Manage Files ________________________________________________________ 301

Administrative Commands ______________________________________________ 301

System Logs _________________________________________________________302

System Log Commands ________________________________________________303

SLC™ 8000 Advanced Console Manager User Guide 12

Audit Log _______________________________________________________________304

Audit Log Commands __________________________________________________305 Email Log ______________________________________________________________305

Logging Commands ___________________________________________________305 Diagnostics _____________________________________________________________306

Diagnostic Commands _________________________________________________309 Status/Reports __________________________________________________________309

View Report _________________________________________________________309

Status Commands ____________________________________________________ 311 Emailing Logs and Reports _________________________________________________ 311 Events _________________________________________________________________314

Events Commands ____________________________________________________315 LCD/Keypad ____________________________________________________________316

Administrative LCD/Keypad Commands ___________________________________317 Banners ________________________________________________________________317

Administrative Banner Commands ________________________________________318

14: Application Examples 319

Telnet/SSH to a Remote Device _____________________________________________319 Dial-in (Text Mode) to a Remote Device _______________________________________ 321 Local Serial Connection to Network Device via Telnet ____________________________322

15: Command Reference 324

Introduction to Commands _________________________________________________324

Command ___________________________________________________________324

Command Line Help ___________________________________________________325

Tips ________________________________________________________________325 Administrative Commands _________________________________________________326 Audit Log Commands _____________________________________________________340 Authentication Commands _________________________________________________340 Kerberos Commands _____________________________________________________341 LDAP Commands ________________________________________________________342 Local Users Commands ___________________________________________________344 NIS Commands __________________________________________________________348 RADIUS Commands ______________________________________________________349 TACACS+ Commands ____________________________________________________350 User Permissions Commands _______________________________________________351 Remote User Commands __________________________________________________352 ConsoleFlow Commands __________________________________________________354 CLI Commands __________________________________________________________357 Connection Commands ____________________________________________________358 Console Port Commands __________________________________________________361 Custom User Menu Commands _____________________________________________362

SLC™ 8000 Advanced Console Manager User Guide 13

Date and Time Commands _________________________________________________364 Device Commands _______________________________________________________365 Device Port Commands ___________________________________________________366 Diagnostic Commands ____________________________________________________370 Events Commands _______________________________________________________375 Group Commands ________________________________________________________376 Host List Commands ______________________________________________________377 Internal Modem Commands ________________________________________________378 IP Filter Commands ______________________________________________________379 Logging Commands ______________________________________________________380 Network Commands ______________________________________________________383 NFS and SMB/CIFS Commands _____________________________________________387 Performance Monitoring Commands _________________________________________388 Routing Commands ______________________________________________________393 RPM Commands _________________________________________________________393 Script Commands ________________________________________________________396 SD Card Commands ______________________________________________________ 398 Security Commands ______________________________________________________399 Services Commands ______________________________________________________ 399 Site Commands __________________________________________________________401 SLC Network Commands __________________________________________________401 SSH Key Commands _____________________________________________________402 Status Commands ________________________________________________________405 System Log Commands ___________________________________________________406 USB Access Commands ___________________________________________________407 USB Device Commands ___________________________________________________407 USB Storage Commands __________________________________________________408 USB Modem Commands __________________________________________________410 VPN Commands _________________________________________________________412 Temperature Commands __________________________________________________414 Xmodem Commands _____________________________________________________415

Appendix A: Security Considerations 416

Security Practice _________________________________________________________416 Factors Affecting Security __________________________________________________416

Appendix B: Safety Information 417

Safety Precautions _______________________________________________________417

Fuse Caution Statement ________________________________________________417

Cover ______________________________________________________________ 417

Power Plug __________________________________________________________417

Input Supply _________________________________________________________ 418

Grounding ___________________________________________________________418

SLC™ 8000 Advanced Console Manager User Guide 14

Rack _______________________________________________________________418

Port Connections _____________________________________________________ 418

Appendix C: Adapters and Pinouts 419

Appendix D: Protocol Glossary 422

Appendix E: Compliance Information 424

RoHS, REACH and WEEE Compliance Statement ______________________________425

SLC™ 8000 Advanced Console Manager User Guide 15

List of Figures

Figure 2-1 SLC 8048 Unit (Front Side) - Part Number SLC 804812N-01-S ____________________25

Figure 2-2 SLC 8048 Unit Samples (Back Side) - Part Number SLC80482201S________________ 26

Figure 2-3 Three 16-Port USB I/O Modules Installed in Bays 1, 2, & 3 with Dual Ethernet Port____29

Figure 2-4 One 16-Port USB I/O Module Installed in Bay 1 with Dual Ethernet Port _____________29

Figure 2-5 One 16 RJ-45 Serial Port I/O Module (Bay 1) & Two 16 USB I/O Module (Bays 2 & 3) with

Dual SFP Port ______________________________________________________________________29

Figure 2-6 SFP Port LEDs _________________________________________________________30

Figure 2-8 Console Port (Front Side) _________________________________________________30

Figure 2-10 Dual Ethernet Network Connection _________________________________________31

Figure 2-11 Inserting SFP Transceiver Module into the SFP Port ___________________________31

Figure 2-12 Dual USB Ports ________________________________________________________32

Figure 2-13 Memory Card Port ______________________________________________________32

Figure 2-14 Internal Modem Location _________________________________________________33

Figure 3-3 Product Label___________________________________________________________36

Figure 3-7 Sample Device Port Connections (Back Side) _________________________________40

Figure 3-9 AC Power Input _________________________________________________________42

Figure 4-2 Front Panel LCD Display and Five Button Keypad (Enter, Up, Down, Left, Right) ______51

Figure 4-6 Quick Setup ____________________________________________________________55

Figure 4-7 Quick Setup Completed in Web Manager _____________________________________57

Figure 4-8 Home _________________________________________________________________58

Figure 4-9 Beginning of Quick Setup Script ____________________________________________58

Figure 4-10 Quick Setup Completed in CLI ____________________________________________60

Figure 5-1 Web Page Layout _______________________________________________________ 62

Figure 5-2 Sample Dashboards _____________________________________________________63

Figure 6-1 Network > Network Settings (1 of 2) _________________________________________ 71

Figure 6-2 Network > Network Settings (2 of 2) _________________________________________ 72

Figure 6-3 Network Settings > SFP NIC Information & Diagnostics __________________________ 73

Figure 6-4 Network > IP Filter ______________________________________________________80

Figure 6-5 Network > IP Filter Ruleset (Adding/Editing Rulesets) ___________________________82

Figure 6-6 Network > Routing _______________________________________________________84

Figure 6-7 Network > VPN (1 of 2) ___________________________________________________88

Figure 6-8 Network > VPN (2 of 2) ___________________________________________________89

Figure 6-9 Network > Security _____________________________________________________104

Figure 6-10 Network > Perf Monitoring _______________________________________________106

Figure 6-11 Performance Monitoring - Add/Edit Probe___________________________________108

SLC™ 8000 Advanced Console Manager User Guide 16

Figure 6-13 Performance Monitoring - Operations ______________________________________113

Figure 6-14 FQDN List ___________________________________________________________114

Figure 7-1 Services > SSH/Telnet/Logging____________________________________________117

Figure 7-2 Services > SNMP ______________________________________________________121

Figure 7-3 Services > NFS & SMB/CIFS _____________________________________________125

Figure 7-4 Services > Secure Lantronix Network _______________________________________127

Figure 7-5 IP Address Login Page __________________________________________________128

Figure 7-6 SSH and Telnet Opening File Popups_______________________________________128

Figure 7-7 SSH or Telnet CLI Session _______________________________________________ 129

Figure 7-8 Disabled Port Number Popup Window ______________________________________130

Figure 7-9 Services > Secure Lantronix Network > Search Options_________________________130

Figure 7-10 Services > Date & Time ________________________________________________ 134

Figure 7-11 Services > Web Server ________________________________________________ 136

Figure 7-12 SSL Certificate________________________________________________________ 138

Figure 7-13 Web Sessions ________________________________________________________ 140

Figure 7-14 Services > ConsoleFlow ________________________________________________143

Figure 8-1 Devices > USB / SD Card ________________________________________________147

Figure 8-2 Devices > SD Card > Configure ___________________________________________147

Figure 8-3 Devices > USB > Configure_______________________________________________ 148

Figure 8-4 Devices > USB > Modem ________________________________________________149

Figure 8-5 Firmware and Configurations - Manage Files _________________________________153

Figure 9-2 Devices > Device Status _________________________________________________157

Figure 9-3 Devices > Device Ports __________________________________________________158

Figure 9-4 Device Ports > Settings (1 of 2)____________________________________________161

Figure 9-5 Device Ports > Settings (2 of 2)____________________________________________162

Figure 9-7 Device Ports - Power Management_________________________________________172

Figure 9-8 Device Ports > RPMs - Add Device_________________________________________174

Figure 9-9 Devices > Device Ports > Sensorsoft _______________________________________175

Figure 9-10 Sensorsoft Status _____________________________________________________176

Figure 9-11 Devices > Device Ports - Logging & Events _________________________________179

Figure 9-12 Devices > Console Port _________________________________________________ 182

Figure 9-13 Devices > Internal Modem_______________________________________________184

Figure 9-14 Devices > Host Lists ___________________________________________________190

Figure 9-15 View Host Lists _______________________________________________________ 192

Figure 9-16 Devices > Scripts______________________________________________________194

Figure 9-17 Adding or Editing New Scripts ____________________________________________195

Figure 9-18 Custom Scripts - Scheduler______________________________________________198

Figure 9-23 Devices > Sites _______________________________________________________ 223

SLC™ 8000 Advanced Console Manager User Guide 17

Figure 10-1 Devices > RPMs ______________________________________________________231

Figure 10-2 RPM Shutdown Order __________________________________________________232

Figure 10-3 RPM Notifications _____________________________________________________233

Figure 10-4 RPM Raw Data Log____________________________________________________233

Figure 10-5 RPM Logs ___________________________________________________________234

Figure 10-6 RPM Environmental Log ________________________________________________ 234

Figure 10-7 Device Ports > RPMs - Add Device________________________________________235

Figure 10-8 RPMs - Managed Device________________________________________________ 238

Figure 10-9 RPMs - Outlets _______________________________________________________241

Figure 11-1 Terminal Server _______________________________________________________246

Figure 11-2 Remote Access Server _________________________________________________246

Figure 11-3 Reverse Terminal Server________________________________________________ 246

Figure 11-4 Multiport Device Server _________________________________________________247

Figure 11-5 Console Server _______________________________________________________247

Figure 11-6 Devices > Connections _________________________________________________ 248

Figure 11-7 Current Connections ___________________________________________________250

Figure 12-1 User Authentication > Authentication Methods _______________________________252

Figure 12-3 User Authentication > Local/Remote Users__________________________________255

Figure 12-4 User Authentication > Local/Remote User > Add/Edit User _____________________ 258

Figure 12-5 User Authentication > NIS _______________________________________________262

Figure 12-6 User Authentication > LDAP _____________________________________________ 266

Figure 12-7 User Authentication > RADIUS ___________________________________________270

Figure 12-8 User Authentication > Kerberos___________________________________________275

Figure 12-9 User Authentication > TACACS+__________________________________________279

Figure 12-10 User Authentication > Groups ___________________________________________283

Figure 12-11 User Authentication > SSH Keys_________________________________________286

Figure 12-12 Current Host Keys ____________________________________________________289

Figure 12-13 User Authentication > Custom Menus _____________________________________ 291

Figure 13-1 Maintenance > Firmware & Configurations __________________________________296

Figure 13-2 Network > Firmware/Config > Manage _____________________________________301

Figure 13-3 Maintenance > System Logs _____________________________________________302

Figure 13-4 System Logs _________________________________________________________303

Figure 13-5 Maintenance > Audit Log________________________________________________304

Figure 13-6 Maintenance > Email Log _______________________________________________305

Figure 13-7 Maintenance > Diagnostics ______________________________________________306

Figure 13-8 Maintenance > Diagnostics ______________________________________________308

Figure 13-9 Maintenance > Status/Reports ___________________________________________309

Figure 13-10 Generated Status/Reports______________________________________________310

SLC™ 8000 Advanced Console Manager User Guide 18

Figure 13-11 Emailed Log or Report_________________________________________________ 312

Figure 13-12 About SLC __________________________________________________________313

Figure 13-13 Maintenance > Events _________________________________________________ 314

Figure 13-14 Maintenance > LCD/Keypad ____________________________________________316

Figure 13-15 Maintenance > Banners________________________________________________317

Figure 14-1 SLC - Console Manager Configuration _____________________________________ 319

Figure 14-2 Remote User Connected to a SUN Server via the SLC unit _____________________319

Figure 14-3 Dial-in (Text Mode) to a Remote Device ____________________________________321

Figure 14-4 Local Serial Connection to Network Device via Telnet _________________________322

Figure C-1 RJ45. Receptacle to DB25M DCE Adapter for the SLC unit (PN 200.2066A) ________ 419

Figure C-2 RJ45 Receptacle to DB25F DCE Adapter for the SLC unit (PN 200.2067A) _________420

Figure C-3 RJ45 Receptacle to DB9M DCE Adapter for the SLC unit (PN 200.2069A)__________ 420

Figure C-4 RJ45 Receptacle to DB9F DCE Adapter for the SLC unit (PN 200.2070A) __________421

Figure C-5 RJ45 Receptacle to DB25M DTE Adapter (PN 200.2073) _______________________421

SLC™ 8000 Advanced Console Manager User Guide 19

List of Tables

Table 2-7 Device (DCE Reversed & DTE) Port Pinout ___________________________________30

Table 2-9 Console (DTE) Port Pinout ________________________________________________30

Table 3-1 What’s in the Box ________________________________________________________34

Table 3-2 Optional Accessories _____________________________________________________35

Table 3-4 SLC Technical Specifications ______________________________________________36

Table 3-5 Console Port and Device Port - Reverse Pinout Disabled _________________________ 39

Table 3-6 Device Port - Reverse Pinout Enabled (Default) ________________________________39

Table 3-8 Available I/O Module Configurations _________________________________________41

Table 4-1 Methods of Assigning an IP Address _________________________________________50

Table 4-3 LCD Arrow Keypad Actions ________________________________________________52

Table 4-4 Front Panel Setup Options with Associated Parameters __________________________52

Table 4-5 Front Panel Setup Options, continued ________________________________________52

Table 5-3 SCS Commands ________________________________________________________ 67

Table 5-4 CLI Keyboard Shortcuts ___________________________________________________ 68

Table 6-12 Error Conditions _______________________________________________________112

Table 9-1 Supported I/O Module Configurations _______________________________________156

Table 9-6 Port Status and Counters _________________________________________________170

Table 9-19 Definitions ___________________________________________________________201

Table 9-20 Primary Commands ____________________________________________________202

Table 9-21 Secondary Commands _________________________________________________203

Table 9-22 Control Flow Commands ________________________________________________204

Table 12-2 User Types and Rights _________________________________________________254

Table 15-1 Actions and Category Options ___________________________________________ 324

SLC™ 8000 Advanced Console Manager User Guide 20

1: About this Guide

Purpose and Audience

This guide provides the information needed to install, configure, and use the Lantronix SLC™ 8000 advanced console manager. The SLC unit is for IT professionals who must remotely and securely configure and administer servers, routers, switches, telephone equipment, or other devices equipped with a serial port for facilities that are typically remote branch offices or “distributed” IT locations.

Summary of Chapters

The remaining chapters in this guide include:

Chapter Description

Chapter 2: Introduction Describes the SLC 8000 models, their main features, and the protocols they

support.

Chapter 3: Installation Provides technical specifications; describes connection form factors and

power supplies; provides instructions for installing the SLC 8000 advanced console manager in a rack.

Chapter 4: Quick Setup Provides instructions for getting your SLC unit up and running and for

configuring required settings.

Chapter 5: Web and Command Line Interfaces

Chapter 6: Basic Parameters Provides instructions for configuring network ports, firewall and routing

Chapter 7: Services Provides instructions for enabling and disabling system logging, SSH and

Chapter 8: USB/SD Card Port Provides instructions for using the USB port.

Chapter 9: Device Ports Provides instructions for configuring global device port settings, individual

Chapter 10: Remote Power Managers

Chapter 11: Connections Provides instructions for configuring connections and viewing, updating, or

Chapter 12: User Authentication

Chapter 13: Maintenance Provides instructions for upgrading firmware, viewing system logs and

Chapter 14: Application Examples

Describes the web and command line interfaces available for configuring the SLC 8000 advanced console manager.

The configuration chapters (6-12) provide detailed instructions for using the web interface and include equivalent command line interface commands.

settings, and VPN.

Telnet logins, SNMP, SMTP, and the date and time.

device port settings, and console port settings.

Provides instructions for using RPMs.

disconnecting a connection.

Provides instructions for enabling or disabling methods that authenticate users who attempt to log in via the web, SSH, Telnet, or the console port. Provides instructions for creating custom menus.

diagnostics, generating reports, and defining events. Includes information about web pages and commands used to shut down and reboot the SLC 8000 advanced console manager.

Shows how to set up and use the SLC unit in three different configurations.

SLC™ 8000 Advanced Console Manager User Guide 21

Chapter (continued) Description

Chapter 15: Command Reference

Appendix A: Security Considerations

Appendix B: Safety Information

Appendix C: Adapters and Pinouts

Appendix D: Protocol Glossary

Appendix E: Compliance Information

Lists and describes all of the commands available on the SLC command line interface

Provides tips for enhancing SLC security.

Lists safety precautions for using the SLC 8000 advanced console manager.

Includes adapter pinout diagrams.

Lists the protocols supported by the SLC unit with brief descriptions.

Provides information about the SLC 8000 advanced console manager’s compliance with industry standards.

Additional Documentation

Visit the Lantronix Web site at www.lantronix.com/support/documentation for the latest documentation and the following additional documentation.

1: About this Guide

Document Description

SLC 8000 Advanced Console Manager Quick Start Guide

SLC 8000 Advanced Console Manager Product Brief

Provides accessories and part number information, hardware installation instructions, directions to connect the SLC unit, and network IP configuration information.

Provides product overview information and specifications.

SLC™ 8000 Advanced Console Manager User Guide 22

2: Introduction

The SLC 8000 advanced console manager enables IT system administrators to manage remote servers and IT infrastructure equipment securely over the Internet.

IT equipment can be configured, administered, and managed in a variety of ways, but most devices have one of two methods in common: via USB port and/or via an RS-232 serial port, sometimes called a console, auxiliary, or management port. These ports are often accessed directly by connecting a terminal or laptop to them, meaning that the administrator must be in the same physical location as the equipment. The SLC 8000 advanced console manager gives the administrator a way to access them remotely from anywhere there is a network or modem connection. The SLC 8000 unit can accommodate up to three I/O modules (16-port USB I/O module and/or 16-port RJ45 I/O module.)

Many types of equipment can be accessed and administered using console managers including:

 Servers: Unix, Linux, Windows, and others.

 Networking equipment: Routers, switches, storage networking.

 Telecom: PBX, voice switches.

 Other systems with serial interfaces: Heating/cooling systems, security/building access

systems, UPS, medical devices.

The key benefits of using console managers:

 Saves money: Enables remote management and troubleshooting without sending a

technician onsite. Reduces travel costs and downtime costs.

 Saves time: Provides instant access and reduces response time, improving efficiency.

 Simplifies access: Enables you to access equipment securely and remotely after hours and

 Protects assets: Security features provide encryption, authentication, authorization, and

Features

Console Management

 Up to 48 serial RJ45 RS-232 and/or USB type A ports for console connectivity

 Enables system administrators to remotely manage devices with serial and/or USB console

on weekends and holidays—without having to schedule visits or arrange for off-hour access.

firewall features to protect your IT infrastructure while providing flexible remote access.

The SLC advanced console manager provides features such as convenient text menu systems, break-safe operation, port buffering (logging), remote authentication, and Secure Shell (SSH) access. Dial-up modem support ensures access when the network is not available.

Note: USB ports are generally intended to connect directly to USB console ports. It

is also possible to connect a USB to serial adapter to them to connect to serial console ports, if needed.

ports, e.g., Linux, Unix, and recent versions of Windows servers, routers, telecom, and switches with RS-232C (now EIA-232) or USB compatible serial consoles in a 1U-tall rack space. All models have two Ethernet ports, called Eth1 and Eth2 in this document.

 Provides data logging, monitoring, and secure access control via the Internet

SLC™ 8000 Advanced Console Manager User Guide 23

Power

 Universal AC power input (100-240V, 50/60 Hz) or 20-72 VDC power input hardware option

 Convection cooled, silent operation, low power consumption

Integration with Other Secure Lantronix Products

 Can integrate seamlessly with the ConsoleFlow™ or vSLM™ management appliance

software for a complete end-to-end Out-of-Band (OOB) management solution.

Hardware

 SLC Chassis: The SLC 8000 advanced console manager has a 1U-tall (1.75 inch), self-

contained rack-mountable chassis.

 Three I/O Module Bays are available on the back of the SLC unit, and able to accommodate

a combined total of 48 device ports depending on the number of I/O modules installed. See

Figure 2-2. Configuration possibilities are listed below. See Appendix C: Adapters and Pinouts on page 419 for more information on serial adapters and pin-outs, and also Table 3-8 on page 41 which describes different I/O module configurations.

2: Introduction

- Up to three 16-port RJ45 I/O modules can be installed to provide a maximum of forty-

eight serial RS-232C (EIA-232) device ports. The serial RJ45 ports match the RJ45 pin-

outs of the console ports of many popular devices found in a network environment, and

where different can be converted using Lantronix adapters.

- Up to three 16-port USB I/O modules can be installed to provide a maximum of forty-

eight USB I/O device ports.

- A combination of 16-port USB I/O modules and 16-port RJ45 I/O modules can be

installed to provide up to forty-eight serial RJ45 ports and/or USB type A ports, according

to the type and number of I/O modules installed on the back of the SLC unit.

Note: The SLC8008 ships with an 8-port serial module that must be installed in

the first bay. This module is not available separately. See Table 3-8 on page 41

which describes different I/O module configurations.

 Network Interface on the back left side of the SLC unit can accommodate either a factory-

installed:

- Dual 10/100/1000 Base-T Ethernet port I/F card. Ethernet ports are referred to as Eth1

and Eth2 in the user interface and this user guide.

- Dual SFP port I/F card to support 1 Gigabit-capable single or multi-mode fiber or copper

SFP transceiver modules. Single and multi-mode SFP transceiver modules are referred to

as F1 in the user interface and this user guide.

Notes:

 1000 BASE-T SFP transceiver copper modules need to use RX_LOS signal within

SFP interface pins for the indicator on Link Status LED. Not all vendor 1000 Base-T SFP modules provide this feature. Qualified copper SFP transceiver modules with this feature include the following: the Finisar 1000 Base-T Copper SFP Transceiver FCLF8250P2BTL and the Fiberstore Cisco SFP-GE-T Compatible 1000 Base-T SFP RJ-45 100m Transceiver.

 SFP transceiver modules are provided by users according to fiber mode and brand

preferences. Network ports and the SFP port have LEDs to indicate link and activity

SLC™ 8000 Advanced Console Manager User Guide 24

2: Introduction

status. If a single mode and a multi-mode are both installed the SLC 8000 unit, the device can be configured to utilize one mode at a time.

 Front Console Panel Ports (see Figure 2-1)

- One serial console port (RJ45) for VT100 terminal or PC with emulation with LED for

activity indicators

- Two USB type A ports for use with flash drives or external USB modems

- Optional internal modem

- One Secure Digital (SD) memory card slot (SD card provided by the user)

- One RJ11 modem port on the front panel

Note: Use of the RJ11 modem port requires installation of an optional modem

card (Lantronix part number 56KINTMODEM-01) - see Modem Installation on

page 43.

- LCD display and keypad

 256 KB-per-port buffer memory for serial device ports

 Software reversible device port pinouts

 Either universal AC power input (100-240V, 50/60 Hz) or DC power input (20-72 VDC)

Note: For more detailed information, see Chapter 4: Quick Setup on page 50.

Figure 2-1 SLC 8048 Unit (Front Side) - Part Number SLC 804812N-01-S

Front-mid-rear

Mounting Bracket

Indicator LED LCD Keypad SD Card Console

Dual USB Ports

Modem (Optional)

SLC™ 8000 Advanced Console Manager User Guide 25

Figure 2-2 SLC 8048 Unit Samples (Back Side) - Part Number SLC80482201S

Note: For the SFP modules that Lantronix resells or supports for operation with our SLC

console managers, please refer to https://www.lantronix.com/products/sfp/

Dual Ethernet Port

2: Introduction

Dual SFP Port

Three I/O Modular Device Port Bays

The SLC 8000 supports the use of single mode, multimode fiber optic and copper SFP transceiver modules in dual SFP port models. SFP modules are provided by the user.

System Features

The SLC 8000 firmware has the following basic capabilities:

 Software reversible device port pinouts (serial RJ45 ports only)

The back of the SLC unit appearance and function will depend upon:

1) The type(s) of I/O modules installed in Bay 1, Bay 2 and Bay 3. See Table 3-8 on page 41.

2) The type of I/F card (dual Ethernet port or dual SFP port) installed. If a dual SFP port is installed, then the type of SFP transceiver module (single mode optic fiber, multi-mode optic fiber, or copper) inserted into the SFP port will also impact appearance and function.

 Connects up to 48 RS-232 serial consoles or up to 48 USB consoles

 Support use of simple straight-through cables for use with Cisco, Sun and other devices that

use the “Cisco” RJ-45 serial pinouts

 10/100/1000 Base-T Ethernet network compatibility or SFP ports to support single or multi-

mode 1 Gigabit SFP transceiver modules

 Buffer logging to file

 Email and SNMP notification

 ID/Password security, configurable access rights

 Secure shell (SSH) security; supports numerous other security protocols

 Network File System (NFS) and Common Internet File System (CIFS) support

 RAW TCP, Telnet or SSH to a serial port by IP address per port or by IP address and TCP port

number

 Configurable user rights for local and remotely authenticated users

 Supports an external modem

SLC™ 8000 Advanced Console Manager User Guide 26

2: Introduction

 No unintentional break ever sent to attached servers (Solaris Ready)

 Simultaneous access on the same port - “listen” and “direct” connect mode

 Remote power manager (RPM) control of UPS and PDU devices

 Local access through a dedicated front panel serial console port

 Web administration (using most browsers)

Protocols Supported

The SLC 8000 advanced console manager supports the TCP/IP network protocol as well as:

 SSH, Telnet, PPP, NFS, and CIFS for connections in and out of the SLC console manager

 SMTP for mail transfer

 DNS for text-to-IP address name resolution

 SNMP for remote monitoring and management

 SCP, FTP and SFTP for file transfers and firmware upgrades

 TFTP for firmware upgrades

 DHCP and BOOTP for IP address assignment

 HTTPS (SSL) for secure browser-based configuration

 NTP for time synchronization

 LDAP with Group support, NIS, RADIUS with VSA support, CHAP, PAP, Kerberos, TACACS+

with Group support, and SecurID (via RADIUS) for user authentication

 Callback Control Protocol (CBCP)

 IPsec for VPN access

For brief descriptions of these protocols, see Appendix D: Protocol Glossary on page 422.

Access Control

The system administrator controls access to attached servers or devices by assigning access rights to up to 128 user profiles. Each user has an assigned ID, password, and access rights. Other user profile access options may include externally configured authentication methods such as Radius, TACACS+, NIS, and LDAP. Groups are supported in LDAP, RADIUS (using VSA), and TACACS+ (using priv_lvl).

Device Port Buffer

The SLC 8000 unit supports real-time data logging for each device port. The port can save the data log to a file, send an email notification of an issue, or take no action.

You can define the path for logged data on a port-by-port basis, configure file size and number of files per port for each logging event, and configure the device log to send an email alert message automatically to the appropriate parties indicating a particular error.

Configuration Options

You may use the back lit front-panel LCD display for initial setup and configuration and to view current network, console, and date/time settings, and get internal temperature status.

SLC™ 8000 Advanced Console Manager User Guide 27

2: Introduction

Both a web interface viewed through a standard browser and a command line interface (CLI) are available for configuring the SLC settings and monitoring performance.

Device Port and Console Port Interfaces

RS-232 RJ45 Interface

Device ports are located on the back of the SLC 8000 unit (please see Figure 2-2). The console port is located on the front of the SLC 8000 unit (please see Figure 2-8). All devices attached to the device ports and the console port must support the RS-232C (EIA-232) standard. For serial RJ45 device ports and the console port, RJ45 cabling (e.g., category 5 or 6 patch cabling) is used.

Serial RJ45 device ports for the SLC 8000 advanced console manager are reversed by default so that straight-through RJ45 patch cables may be used to connect to Cisco and Sun RJ45 serial console ports. If you are replacing an SLC with an SLC 8000 you can either switch the ports to the non-reversed pinout used by SLC units and use your original cables and adapters, or remove any rolled cables or adapters and replace them with straight-through RJ45 cables, e.g. Ethernet patch cables.

Note: RJ45 to DB9/DB25 adapters are available from Lantronix. For serial pinout

information, see the Appendix C: Adapters and Pinouts on page 419.

Device ports and the console port support the following baud-rate options: 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200 and 230400 baud.

USB Interface

The SLC unit can contain up to up to three I/O modules comprised of 16-port USB I/O module(s) and/or 16-port RJ45 I/O module(s) installed in the three module bays available from the back of the SLC 8000 unit. USB device ports can be used with a USB type A connector to serial adapter, if needed.

Figure 2-3 shows an SLC unit containing two 16-port RJ45 I/O modules installed in Bay 1 and

Bay 2 for a total of 32 serial RJ45 device ports and one 16-port USB I/O module installed in Bay 3, for a total of 48 device ports. Figure 2-4 shows an SLC unit containing three 16-port RJ45 I/O modules installed in Bay 1, Bay 2 and Bay 3 for a total of 48 serial RJ45 device ports.

Note: When installing I/O modules into an SLC 8000 (Figure 2-2), Bay 1, Bay 2, and Bay

3 must be populated in order. The 8-port RJ45 serial module is supported on Bay 1 only.

I/F Card Slot: Dual Small Form-Factor Pluggable (SFP) or Dual Ethernet Port

On the left back side of the SLC 8000 unit, a dual SFP port or dual Ethernet port I/F card can be installed. See Figure 2-5. If the dual SFP port is installed, copper or optic fiber 1 Gigabit SFP transceiver modules may be used. The SLC 8000 supports use of single and multi-mode SFPs.

SLC™ 8000 Advanced Console Manager User Guide 28

2: Introduction

Figure 2-3 Three 16-Port USB I/O Modules Installed in Bays 1, 2, & 3 with Dual Ethernet Port

Bay 1 Bay 2 Bay 3

Figure 2-4 One 16-Port USB I/O Module Installed in Bay 1 with Dual Ethernet Port

Bay 1 Bay 2 Bay 3

Figure 2-5 One 16 RJ-45 Serial Port I/O Module (Bay 1) & Two 16 USB I/O Module (Bays 2 & 3) with

Bay 1 Bay 2 Bay 3

Dual SFP Port

SLC™ 8000 Advanced Console Manager User Guide 29

Figure 2-6 SFP Port LEDs

Table 2-7 Device (DCE Reversed & DTE) Port Pinout

DCE Pin DTE Pin Description

8 1 RTS (output)

7 2 DTR (output)

6 3 TXD (output)

5 4 Ground

4 5 Ground

3 6 RXD (input)

2 7 DSR (input)

1 8 CTS (input)

2: Introduction

Figure 2-8 Console Port (Front Side)

Table 2-9 Console (DTE) Port Pinout

DTE Pin Description

1 RTS (output)

2 DTR (output)

3 TXD (output)

4 Ground

5 Ground

6 RXD (input)

7 DSR (input)

8 CTS (input)

SLC™ 8000 Advanced Console Manager User Guide 30

2: Introduction

Network Connections

The SLC 8000 network interfaces are 10/100/1000 Base-T Ethernet for use with a conventional Ethernet network as shown in Figure 2-10. Use standard RJ45-terminated cables, like Category 5 or 6 patch cable. CAT5E or better cables are recommended for 1000 Base Ethernet. Network parameters must be configured before the SLC console manager can be accessed over the network.

Note: One possible use for the two Ethernet ports is to have one port on a private,

secure network and the other on a public, unsecured network. The SLC 8000 can also be equipped with a factory-installed NIC (Ethernet RJ45 or SFP ports). The NIC with SFP ports can support single/multi-mode fiber or copper SFP transceiver modules at 1 Gigabit speed.

Figure 2-10 Dual Ethernet Network Connection

Figure 2-11 Inserting SFP Transceiver Module into the SFP Port

SLC™ 8000 Advanced Console Manager User Guide 31

2: Introduction

Front Panel USB Ports

The SLC 8000 unit has two 2.0 USB ports (HS, FS, LS) on the front panel, as seen in Figure 2-12.

Figure 2-12 Dual USB Ports

Memory Card Port

The SLC unit has a memory card port on the front panel of the unit which accepts SD cards.

Figure 2-13 Memory Card Port

SLC™ 8000 Advanced Console Manager User Guide 32

2: Introduction

Internal Modem

An internal modem can be installed in the SLC 8000 advanced console manager. See Modem

Installation on page 43 for instructions.

Figure 2-14 Internal Modem Location

SLC™ 8000 Advanced Console Manager User Guide 33

3: Installation

This chapter provides a high-level procedure for installing the SLC advanced console manager followed by more detailed information about the SLC connections and power supplies.

Caution: To avoid physical and electrical hazards, please read

Appendix A: Security Considerations on page 416 before installing the

SLC 8000 advanced console manager.

What's in the Box

Table 3-1 lists all included components that come in the box and their corresponding part

numbers.

Part Number Component Description

SLC 8000 Advanced Console Manager Models

Part number depends on SLC model.*

Cables

200.2070A RJ45 to DB9F Adapter

200.0062 RJ45 to RJ45, Cat5, 6.6 ft (2 m)

500-153 RJ45 Loopback Plug

North American Power Cords

500-041-R For AC Supply Models, USA & Canada: 110V AC Power Cord,

083-152-R For DC Supply Models, USA & Canada: the DC Installation Kit is included.

SLC 8000 Advanced Console Manager

Note: *Please visit https://www.lantronix.com/products/lantronix-slc-8000/#tab-order to

view available SLC models and configurations. See Customize an SLC 8000 on page 35.

Note: Not available with SFP fiber versions.

8 ft (2.43 m), RoHS.

Note: Power cords for other international regions are available and sold separately. See

Table 3-2.

Table 3-1 What’s in the Box

Notes:

 Accessories that can be ordered separately are listed below in Table 3-2. Regional

power cords are available as accessories.

 SLC 8000 single and dual AC supply variants ship with 110V North American AC

power cord(s).

 * TAA Compliant models available, replace the “S” with “G” in the SKUs above, (e.g.

SLC80321201G for 16-Port RS-232 (RJ45) Single AC Supply).

SLC™ 8000 Advanced Console Manager User Guide 34

Table 3-2 Optional Accessories

Part Number Component Description

International Power Cords:

930-077-R Power Cord, Israel, 250VAC 10A, 8FT, RoHS

930-075-R Power Cord, UK, 250VAC 10A, 8FT, RoHS

930-074-R Power Cord, European, 250VAC 10A, 8FT, RoHS

User Swappable Modules

FRRJ451601 16 Device Port RS-232 (RJ45) I/O Device Port Module

FRUSB1601 16 Device Port USB I/O Device Port Module

FR1ACPS01 100 to 240V AC Single Power Supply Module

FR2ACPS01 100 to 240V AC Dual Power Supply Module

FR2DCPS01 -20 to -72V DC Dual Power Supply Module

Secondary Connectivity Accessories for SLC 8000

56KINTMODEM-0156K v.92 Internal Modem for Dial-UP Out-of-Band Connection

PXC2102H2-01-S 3.5G Cellular Out-of-Band Connectivity Intelligent Gateway

Note: Wireless data plan sold separately.

3: Installation

Verify and inspect the contents of the SLC package using the enclosed packing slip or the table above. If any item is missing or damaged, contact your place of purchase immediately.

Customize an SLC 8000

Build any combination up to 48 managed console ports by following these easy steps:

1. Pick a baseline configuration:

2. Add up to two modules:

3. Choose from Single AC, Dual AC or Dual DC power supply.

4. Choose from Ethernet Copper or SFP (Dual AC) variants.

5. Select secondary out-of-band options (PSTN modem, cellular gateway.)

6. Protect investment with various extended warranty and service options.

SLC™ 8000 Advanced Console Manager User Guide 35

3: Installation

Product Label

The product label on the underside of the SLC 8000 advanced console manager contains the following information about each SLC unit:

 Part Number

 Product Revision

 Country of Manufacturing Origin

 Serial Number

 Manufacturing Date Code

 Bar Code

Figure 3-3 Product Label

Technical Specifications

Table 3-4 SLC Technical Specifications

Component Description

Serial Interface (Device)

USB 2.0 Interface (Device)

 Up to 48 RJ45-type 8-conductor connectors as up to three16-port RJ45 I/O

 Speed software selectable (300 to 230400 baud)

are reversed by default. Do not use rolled cables and adapters when replacing an SLC console manager with the SLC 8000 model.

 Up to 48 USB type A (Host) as up to three 16-port USB I/O modules can be

 HS, FS, and LS  Capable of providing VBUS 5V up to 100 mA per port, but not to exceed 600

 May be used with a USB-to-serial adapter to connect a serial device, if

Caution: USB ports are designed for data traffic only. They are not

designed for charging or powering devices. Over-current conditions on VBUS 5V may disrupt operations.

modules can be installed. These connectors have individually configurable standard and reversible pinouts, 8 or 16 ports per I/O module.

Note: Serial RJ45 device ports for the SLC 8000 advanced console manager

installed

mA total per 16-port USB I/O module.

needed. Please contact Lantronix for the list of tested adapters.

SLC™ 8000 Advanced Console Manager User Guide 36

Component (continued) Description

Serial Interface (Console)  (1) RJ45-type 8-pin connector (DTE)

 Speed software selectable (300 to 230400 baud)  LEDs:

 Green light ON indicates data transmission activities  Yellow light ON indicates data receiving activities

Network Interface

 (2) 10/100/1000 Base-T RJ45 Ethernet with LED indicators:

 Green light ON indicates a link at 1000 Base-T.  Green light OFF indicates a link at other speeds or no link.  Yellow light ON indicates a link is established.  Yellow light blinking indicates activity.

 (2) SFP ports to support standard fiber or copper SFP transceiver modules

(single or multi-mode) at speed 1 Gigabit. LED indicators:

 Green light ON indicates a link is established.  Green light OFF indicates no link.  Yellow light steady ON indicates no activity.  Yellow light blinking indicates activity.

Power Supply AC

(single or dual)

 Universal AC power input: 100-240 VAC  50 or 60 Hz IEC 60320/C14

Power Supply DC (dual) 20V to 72V input

Power Consumption

 Less than 25W with 48 RS232 serial ports  Less than 45W with 48 USB ports

Dimensions 1U, 1.75 in x 17.25 in x 12 in

Weight

Temperature

Relative Humidity

Front USB Ports

 12.1 lbs with 48 serial ports  11.8 lbs with 48 USB ports

 Operating: 0 to 50°C (32 to 122°F)  Storage: -30 to 80°C (-22 to 176°F)

 Operating: 10% to 90% non-condensing  Storage: 10% to 95% non-condensing

 (2) ports, type A, host USB 2.0 (HS, FS, LS)

Memory Card Single memory card slot supporting:

 SD  SDHC

Optional Internal Modem

 300 bps to 56K bps data rate  Upstream 48K bps, downstream 56K bps  V.44 data compression (V92MB-U, V92HU)  V.42 bis and MNP-5 data compression  V.29 FastPOS support  Caller ID type I and II for select countries  Agency approvals: Transferable FCC68, CS03 and CTR21 certifications,

IEC60601-1 (Medical Electronics) compliant, CE Marking, IEC60950 approved

Operating Atmosphere

Caution: EQUIPMENT

For use at altitudes no more than 2000 meters above sea level only.

仅适用于海拔 2000m 以下地区安全使用

IS FOR INDOOR USE ONLY!

For use in non-tropical conditions only.

仅适用于非热带气候条件下安全使用

3: Installation

SLC™ 8000 Advanced Console Manager User Guide 37

Physical Installation

Install the SLC 8000 advanced console manager in an EIA-standard 19-inch rack (1U tall) or as a desktop unit. The SLC module uses convection cooling to dissipate excess heat.

To install the SLC 8000 advanced console manager in a rack:

1. Place the SLC unit in a 19-inch rack.

Warning: Do not to block the air vents on the sides of the SLC module. If you

mount the SLC advanced console manager in an enclosed rack, we recommend that the rack have a ventilation fan to provide adequate airflow through the SLC unit.

2. Connect the serial device(s) to the SLC unit ports. See the section,

Connecting to a Device Port (on page 38).

3. Choose one of the following options:

- To configure the SLC 8000 advanced console manager using the network, or to monitor

serial devices on the network, connect at least one SLC network port to a network. See

Connecting to Network Ports (on page 41).

- To configure the SLC unit using a dumb terminal or a computer with terminal emulation,

connect the terminal or PC to the front panel SLC console port. See

Connecting Terminals (on page 41).

3: Installation

4. Connect the power cord, and apply power. See AC Input (on page 42).

5. Wait approximately one minute for the boot process to complete.

When the boot process ends, the SLC host name and the clock appear on the LCD display. Now you are ready to configure the network settings as described in Chapter 4: Quick Setup.

Connecting to a Device Port

You can connect almost any device that has a serial console port to a device port on the SLC 8000 unit for remote administration. The console port must support the RS-232C interface.

Note: Many servers must either have the serial port enabled as a console or the

keyboard and mouse detached. Consult the server hardware and/or software documentation for more information.

To connect to a serial RJ45 device port:

1. Connect one end of the Cat 5 cable to the device port.

2. Connect the other end of the Cat 5 cable to an RJ45 serial console port or to other port types using a Lantronix serial console adapter.

Notes:

 See Device Port Commands to enable or disable reverse pinouts through the CLI.

 Table 3-5 and Table 3-6 provide additional information on reverse pinouts.

 See Appendix C: Adapters and Pinouts for information about Lantronix adapters.

3. Connect the adapter to the serial console port on the serial device as shown in Figure 3-7.

SLC™ 8000 Advanced Console Manager User Guide 38

Table 3-5 Console Port and Device Port - Reverse Pinout Disabled

Pin Number Description

1 RTS (output)

2 DTR (output)

3 TXD (output)

4 Ground

5 Ground

6 RXD (input)

7 DSR (input)

8 CTS (input)

Table 3-6 Device Port - Reverse Pinout Enabled (Default)

Pin Number Description

1 CTS (input)

2 DSR (input)

3 RXD (input)

4 Ground

5 Ground

6 TXD (output)

7 DTR (output)

8 RTS (output)

3: Installation

To connect to a USB device port:

1. Connect the USB type A connector of a USB cable to a device port.

2. Connect the other end of the USB cable to a USB console port.

Figure 3-7 shows a sample I/O module installation with two 16-port RJ45 I/O modules and one

16-port USB I/O module, and how the device ports correspond to the buttons on the Dashboard.

SLC™ 8000 Advanced Console Manager User Guide 39

Figure 3-7 Sample Device Port Connections (Back Side)

Bay 1 Bay 2 Bay 3

3: Installation

16-Port RJ45

I/O Module

(Part Number

FRRJ451601)

16-Port RJ45

I/O Module

(Part Number

FRRJ451601)

16-Port USB

I/O Module

(Part Number FRUSB1601)

Modular Expansion for I/O Module Bays

The SLC 8000 advanced console manager, which provides 3 separate bays, supports the flexibility to change the I/O module configuration by offering a 16-port module for expansion. When populating the bays, Bay 1, Bay 2 and Bay 3 must be populated in consecutive order. Bay 1 is the slot next to the Ethernet ports and Bay 3 is the slot beside the power supply module. See

Figure 3-7 and Table 3-8. When device ports are unused or unsupported, they do not appear in

the Dashboard. See Sample Dashboards.

Note: See the SLC 8000 I/O Module Installation Guide for information on installing I/O

modules.

SLC™ 8000 Advanced Console Manager User Guide 40

Table 3-8 Available I/O Module Configurations

3: Installation

Note: The 8-port RJ45 serial module is supported on Bay 1 only. The available I/O

module configurations in Table 3-8 are supported with either dual Gigabit Ethernet or dual SFP ports.

Connecting to Network Ports

The SLC network ports, 10/100/1000 Base-T Ethernet, allow remote access to the attached devices and the system administrative functions. Use a standard RJ45-terminated Category 5 cable to connect to the network port. A CAT5e or better cable is recommended for use with a 1000 Base-T Ethernet connection.

Note: One possible use for the two Ethernet ports is to have one port on a private,

secure network, and the other on an unsecured network.

Connecting Terminals

The console port is for local access to the SLC 8000 advanced console manager and the attached devices. You may attach a dumb terminal or a computer with terminal emulation to the console port. The SLC console port uses RS-232C protocol and supports VT100 emulation. The default serial settings are 9600 baud, 8 bit data, No parity, 1 stop bit with no flow control.

To connect the console port to a terminal or computer with terminal emulation, Lantronix offers optional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector. The console port is configured as DTE (non-reversed RJ45). See Appendix C: Adapters and

Pinouts on page 419 for more information.

SLC™ 8000 Advanced Console Manager User Guide 41

3: Installation

To connect a terminal:

1. Attach the Lantronix adapter to your terminal (typically a PN 200.2066A adapter - see

Figure C-1) or your PC's serial port (use PN 200. adapter - see Figure C-4).

2. Connect the Cat 5 cable to the adapter, and connect the other end to the SLC console port.

3. Turn on the terminal or start your computer's communication program (e.g., PuTTY or TeraTerm Pro).

4. Once the SLC 8000 advanced console manager is running, press Enter to establish connection. You should see the model name and a login prompt on your terminal.

5. On a factory default SLC you may log in using sysadmin as the user name and the last 8 characters of the Device ID (for newly manufactured units that come installed with 8.3.0.0 or later) or PASS (for all older units) as the password.

AC Input

The power supply module for the SLC controller accepts AC input voltage of 100-240 VAC, 50/60 HZ. Rear-mounted IEC-type AC power connectors are provided for universal AC power input. (See What's in the Box on page 34.)

Warning: Risk of serious electric shock! Disconnect all power cords before

servicing the SLC.

Figure 3-9 AC Power Input

SLC™ 8000 Advanced Console Manager User Guide 42

3: Installation

Modem Installation

Caution: TO REDUCE THE RISK OF FIRE, USE ONLY NO. 26 AWG OR LARGER

(e.g., 24 AWG) UL LISTED OR CSA CERTIFIED TELECOMMUNICATION LINE CORD.

Attention: POUR RÉDUIRE LES RISQUES D'INCENDIE, UTILISER UNIQUEMENT DES

CONDUCTEURS DE TÉLÉCOMMUNICATIONS 26 AWG AU DE SECTION SUPÉRLEURE.

Warning: RISK OF ELECTRICAL SHOCKS; DISCONNECT ALL POWER AND

PHONE LINES BEFORE SERVICING!

Caution: DEVICES INSIDE THE EQUIPMENT AND THE MODEM ARE

ELECTROSTATIC -SENSITIVE; DO NOT HANDLE EXCEPT AT A STATIC FREE WORKPLACE.

MODEM PART NUMBER

Lantronix 56KINTMODEM-01

MODEM SERVICING INSTRUCTIONS

You will need a medium size Phillips screw driver.

1. Turn off power to the SLC 8000 advanced console manager.

2. Locate the battery modem door on the top of the SLC unit.

SLC™ 8000 Advanced Console Manager User Guide 43

3: Installation

3. Carefully unscrew and lift the door off with the screw driver.

4. Take note of the orientation of the modem in the photograph so that you can install a new modem correctly with the same orientation.

5. If there is a modem replacement, carefully lift the old modem out of its socket.

6. Install the new modem with correct orientation.

SLC™ 8000 Advanced Console Manager User Guide 44

7. Make sure to have correct pin alignment.

8. Press the modem down to make sure it sits down all the way in the socket.

3: Installation

9. Double-check the new modem placement to make sure it is done properly.

10. Place the battery/modem door back.

11. Carefully tighten the door screw.

SLC™ 8000 Advanced Console Manager User Guide 45

3: Installation

Battery Replacement

Caution: RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT

TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.

Attention: II Y A DANGER D'EXPLOSION S'IL Y A REMPLACEMENT INCORRECT DE LA

BATTERIE. REMPLACER UNIQUEMENT AVEC UNE BATTERIE DU MÊME TYPE OU D'UN TYPE EQUIVALENT RECOMMANDÉ PAR LE CONSTRUCTEUR. METTRE AU REBUT LES BATTERIES USAGÉES CONFORMÉMENT AUX INSTRUCTIONS DU FABRICANT.

Caution: DEVICES INSIDE THE EQUIPMENT ARE ELECTROSTATIC -SENSITIVE;

DO NOT HANDLE EXCEPT AT A STATIC FREE WORKPLACE.

Battery Part Numbers

Panasonic BR2032 or equivalent (button cell lithium, non-rechargeable.)

Caution: DO NOT USE BATTERY TYPE CR2032 SINCE IT HAS A LOWER

OPERATING TEMPERATURE RANGE.

DISPOSAL OF USED BATTERIES (from battery data sheet)

 If not in a large quantity, button cell batteries contain so little Lithium that they do not qualify as

reactive hazardous waste. These batteries are safe for disposal in the normal municipal waste stream.

 If in a large quantity, disposal of button cell batteries should be performed by permitted,

professional firms knowledgeable in Federal, State and local hazardous waste transportation and disposal requirements.

Caution: RISK OF FIRE, EXPLOSION AND BURNS. DO NOT RECHARGE, CRUSH,

HEAT ABOVE 212°F (100°C) OR INCINERATE.

SLC™ 8000 Advanced Console Manager User Guide 46

Battery Replacement Instructions

Warning: RISK OF ELECTRICAL SHOCKS; DISCONNECT ALL POWER AND

PHONE LINE BEFORE SERVICING!

You will need a medium size Phillips screw driver.

1. Turn off power to the SLC 8000 advanced console manager.

2. Locate the battery/modem door on the top of the SLC unit.

3. Carefully unscrew and lift the door off with the screw driver.

3: Installation

4. If there is a modem installed, note the orientation of the modem so that later you can install it back correctly.

SLC™ 8000 Advanced Console Manager User Guide 47

5. If there is a modem installed, carefully lift the modem out of its socket.

6. Use fingers to lift the battery out of the socket.

3: Installation

Caution: DO NOT USE A METAL OBJECT TO PRY OUT THE BATTERY. IT MAY

SHORT THE BATTERY AND DAMAGE THE BATTERY HOUSING.

7. Install the new battery with the (+) side up making sure the battery sits completely and securely in the housing.

8. Re-install the modem with correct orientation.

a. Make sure also to have correct pin alignment.

SLC™ 8000 Advanced Console Manager User Guide 48

3: Installation

b. Press the modem down to make sure it sits down all the way in the socket.

9. Double-check the battery and modem placements to make sure they are done properly.

10. Place the battery/modem door back.

11. Carefully tighten the door screw.

12. If necessary, reprogram the SLC system date-time after installing a new battery.

SLC™ 8000 Advanced Console Manager User Guide 49

4: Quick Setup

This chapter helps get the IP network port up and running quickly, so you can administer the SLC advanced console manager using your network. The setup procedures assume you are starting with a factory default SLC unit.

Recommendations

To set up the network connections quickly, we suggest you do one of the following:

 Use the front panel LCD display and keypad buttons to configure the IP address, subnet

mask, gateway address and DNS address(es), if applicable.

 Complete the quick setup (see Figure 4-6) on the web interface.

 SSH to the command line interface and follow the Quick Setup script on the command line

interface.

 Connect to the console port and follow the Quick Setup script on the command line interface.

Note: The first time you power up the SLC unit, Eth1 tries to obtain its IP address via

DHCP. If you have connected Eth1 to the network, and Eth1 is able to acquire an IP address, you can view this IP address on the LCD or by running the Lantronix Provisioning Manager application. If Eth1 cannot acquire an IP address, you cannot use Telnet, SSH, or the web interface to run Quick Setup.IP Address

Your SLC 8000 advanced console manager must have a unique IP address on your network. The system administrator generally provides the IP address and corresponding subnet mask and gateway. The IP address must be within a valid range and unique to your network. If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the SLC 8000 over the network.

The following table lists the options for assigning an IP address to your SLC unit.

Table 4-1 Methods of Assigning an IP Address

Method Description

DHCP A DHCP server automatically assigns the IP address and network settings.

The SLC 8000 advanced console manager is DHCP-enabled by default. With the Eth1 network port connected to the network, and the SLC unit

powered up, Eth1 acquires an IP address, viewable on the LCD. At this point, you can use SSH to connect to the SLC console manager or use

the web interface.

BOOTP Non-dynamic predecessor to DHCP.

Front panel LCD display and keypads

Serial port login to command line interface

You manually assign the IP address and other basic network, console, and date/time settings. If desired, you can restore the factory defaults.

You assign an IP address and configure the SLC unit using a terminal or a PC running a terminal emulation program to the SLC serial console port connection.

SLC™ 8000 Advanced Console Manager User Guide 50

Method #1 Using the Front Panel Display

Before you begin, ensure that you have:

 Unique IP address that is valid on your network (unless automatically assigned)

 Subnet mask (unless automatically assigned)

 Gateway (unless automatically assigned)

 DNS settings (unless automatically assigned)

 Date, time, and time zone

 Console port settings: baud rate, data bits, stop bits, parity, and flow control

Make sure the SLC advanced console manager is plugged into power and turned on.

Front Panel LCD Display and Keypads

With the SLC unit powered up, you can use the front panel display and buttons to set up the basic parameters.

Figure 4-2 Front Panel LCD Display and Five Button Keypad (Enter, Up, Down, Left, Right)

4: Quick Setup

The front panel display initially shows the hostname (abbreviated to 14 letters) and the date and time.

When you click the right-arrow button, the SLC network settings displays. Using the five buttons on the keypad, you can change the network, console port, and date/time settings and view the firmware release version. If desired, you can restore the factory defaults.

Note: Have your information handy as the display times out without accepting any

unsaved changes if you take more than 30 seconds between entries.

Any changes made to the network, console port, and date/time settings take effect immediately.

Navigating

The front panel keypad has one Enter button (in the center) and four arrow buttons (up, left, right, and down). Press the arrow buttons to navigate from one option to another, or to increment or decrement a numerical entry of the selected option. Use the Enter button to select an option to edit or to save your settings.

SLC™ 8000 Advanced Console Manager User Guide 51

4: Quick Setup

The following table lists the SLC navigation actions, buttons, and options.

Table 4-3 LCD Arrow Keypad Actions

Button Action

Right arrow To move to the next option (e.g., from Network Settings to Console Settings)

Left arrow To return to the previous option

Enter (center button) To enter edit mode

Up and down arrows Within edit mode, to increase or decrease a numerical entry

Right or left arrows Within edit mode, to move the cursor right or left

Enter To exit edit mode

Up and down arrows To scroll up or down the list of parameters within an option (e.g., from IP

Address to Mask)

The following two tables list the SLC settings and parameters displayed on the LCD.

Table 4-4 Front Panel Setup Options with Associated Parameters

Left/Right Arrow

Current Time Eth1

Network Settings

User ID & Current Time

Eth1 IP Address

Eth1 Subnet Mask

Console Port

Date / Time Settings

Settings

Baud Rate, Data Bits, Stop Bits, Parity, Flow Control

Data Bits Date/Time Restore

Time Zone Firmware

Up/ Down Arrow

Gateway Stop Bits

DNS1 Parity

DNS2 Flow Control

DNS3

Table 4-5 Front Panel Setup Options, continued

Internal Temperature

Reading in Celsius & Fahrenheit

User Strings Location Device Ports

Displays configured user string(s), if any.

Indicates the Rack (RK), Row (RW), & Cluster (CW) locations.

Release Serial

Number

Serial Number version and date code (display only)

Factory Defaults

Detects the connection state of each port: 0=No DSR input signal detected on device port 1=DSR input signal detected on device port

(display only)

Device ID (display only)

SLC™ 8000 Advanced Console Manager User Guide 52

4: Quick Setup

Note: The individual screens listed from left to right in Table 4-4 and Table 4-5 can be

enabled or disabled for display on the SLC LCD screen. The order of appearance of the screens, if enabled, along with the elected “Home Page” may vary on the LCD screen according to configuration. The internal temperature, user strings, location and device ports LCD menus are disabled by default. See LCD/Keypad (on page 316) for instructions on enabling and disabling screens.

Entering the Settings

To enter setup information:

1. From the normal display (host name, date and time), press the right arrow button to display Network Settings. The IP address for Eth1 displays.

Note: If you have connected Eth1 to the network, and Eth1 is able to acquire an IP

address through DHCP, this IP address displays, followed by the letter [D]. Otherwise, the IP address displays as all zeros (000.000.000.000).

2. Press the Enter button on the keypad to enter edit mode. A cursor displays below one character of the existing IP address setting.

3. To enter values:

- Use the left or right arrow to move the cursor to the left or to the right position.

- Use the up or down arrow to increment or decrement the numerical value.

4. When you have the IP address as you want it, press Enter to exit edit mode, and then press the down arrow button. The Subnet Mask parameter displays.

Note: You must edit the IP address and the Subnet Mask together for a valid IP address

combination.

5. To save your entries for one or more parameters in the group, press the right arrow button. The Save Settings? Yes/No prompt displays.

Note: If the prompt does not display, make sure you are no longer in edit mode.

6. Use the left/right arrow buttons to select Yes, and press the Enter button.

7. Press the right arrow button to move to the next option, Console Settings.

8. Repeat steps 2-7 for each setting.

9. Press the right arrow button to move to the next option, Date/Time Settings, and click Enter to edit the time zone.

- To enter a US time zone, use the up/down arrow buttons to scroll through the US time

zones, and then press Enter to select the correct one.

- To enter a time zone outside the US, press the left arrow button to move up to the top level

of time zones. Press the up/down arrow button to scroll through the top level.

A time zone with a trailing slash (such as Africa/) has sub-time zones. Use the right arrow button to select the Africa time zones, and then the up/down arrows to scroll through them.

Press Enter to select the correct time zone. To move back to the top-level time zone at any time, press the left arrow.

10. To save your entries, press the right arrow button. The Save Settings? Yes/No prompt

SLC™ 8000 Advanced Console Manager User Guide 53

4: Quick Setup

displays.

Note: If the prompt does not display, make sure you are no longer in edit mode.

11. Use the left/right arrow buttons to select Yes, and press the Enter button.

12. To review the saved settings, press the up or down arrows to step through the current settings.

When you are done, the front panel returns to the clock display. The network port resets to the new settings, and you can connect to your IP network for further administration. You should be able to SSH to the SLC 8000 advanced console manager through your network connection, or access the Web interface through a Web browser.

Restoring Factory Defaults

To use the LCD display to restore factory default settings:

1. Press the right arrow button to move to the Release option.

2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit Restore Factory Defaults password displays.

3. Press Enter to enter edit mode.

4. Using the left and right arrows to move between digits and the up and down arrows to change digits, enter the password (the default password is 999999).

Note: The Restore Factory Defaults password is only for the LCD. You can change

it at the command line interface using the CLI admin keypad password command. The front panel Factory Default password and sysadmin password should be recorded and stored in a secure place accessible by at least two authorized system administrators. Recovering an SLC if both of these passwords are unknown is cumbersome and time consuming.

5. Press Enter to exit edit mode. If the password is valid, a Save Settings? Yes/No prompt displays.

6. Select Yes and press Enter. When the process is complete, the SLC unit reboots.

Limiting Sysadmin User Access

For security purposes, full administrative access to the SLC via the default sysadmin local user account can be limited to only the front console port of the SLC device.

To configure this:

1. Enable the Sysadmin access limited to Console Port option on the Local/Remote Users web page.’

2. Enable a remote authentication method (such as TACACS+ or LDAP) and configure the remote authentication method to be first in the order of methods used.

3. Create a remote user account with full administrative rights.

4. Uncheck the Attempt next method on authentication rejection checkbox on the Authentication Methods web page.

These steps will prevent any local users from logging in, restrict the default sysadmin local user to the front console port, and allow a user with administrative rights to login, as long as remote authentication is working.

SLC™ 8000 Advanced Console Manager User Guide 54

Method #2 Quick Setup on the Web Page

After the unit has an IP address, you can use the Quick Setup page to configure the remaining network settings. This page displays the first time you log into the SLC 8000 advanced console manager only. Otherwise, the SLC Home page displays.

To complete the Quick Setup page:

1. Open a web browser (Firefox, Chrome or Internet Explorer web browsers with the latest browser updates).

2. In the URL field, type https:// followed by the IP address of your SLC console manager.

Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and

redirects all requests to the encrypted (HTTPS) port (port 443).

3. Log in using sysadmin as the user name and the last 8 characters of the Device ID (for newly manufactured units that come installed with 8.3.0.0 or later) or PASS (for all older units) as the password. The first time you log in to the SLC unit, the Quick Setup page automatically displays.

Note: If the Device ID is not set, the default sysadmin password is the last 8

characters of the serial number.

4: Quick Setup

Figure 4-6 Quick Setup

SLC™ 8000 Advanced Console Manager User Guide 55

4: Quick Setup

4. To accept the defaults, select the Accept default Quick Setup settings checkbox on the top portion of the page and click the Apply button at the bottom of the page. Otherwise, continue with step 5.

Note: Once you click the Apply button on the Quick Setup page, you can continue using

the web interface to configure the SLC further.

5. Enter the following settings:

Network Settings

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)

are not currently supported.

Network Setting Description

Eth 1 Settings

IP Address

(if specifying)

Subnet Mask If specifying an IP address, enter the subnet mask for the network on which the SLC

Default Gateway The IP address of the router for this network. There is no default.

Hostname

Domain If desired, specify a domain name (for example, support.lantronix.com). The

 Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway

from the DHCP server. (The DHCP server may not provide the hostname gateway, depending on its setup.) This is the default setting. If you select this option, skip to Gateway.

 Obtain from BOOTP: Lets a network node request configuration information from

a BOOTP "server" node. If you select this option, skip to Gateway.

 Specify: Lets you manually assign a static IP address, generally provided by the

system administrator.

 Enter an IP address that is unique and valid on your network. There is no default.  Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields

for dot-quad numbers less than 100. For example, if your IP address is

172.19.201.28, do not enter 028 for the last segment octet.

Note: Currently, the SLC 8000 advanced console manager does not support

configurations with the same IP subnet on multiple interfaces (Ethernet or PPP).

unit resides. There is no default.

The default host name is hardware address of Ethernet Port 1. There is a 64-character limit (contiguous characters, no spaces).

Note: The host name becomes the prompt in the command line interface.

domain name is used for host name resolution within the SLC 8000 advanced console manager. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC unit attempts to resolve abcd.mydomain.com for the SMTP server.

slcXXXX, where XXXX is the last 4 characters of the

SLC™ 8000 Advanced Console Manager User Guide 56

4: Quick Setup

Date & Time Settings

Date & Time Setting Description

Change Date/Time Select the checkbox to manually enter the date and time at the SLC unit’s location.

Date From the drop-down lists, select the current month, day, and year.

Time From the drop-down lists, select the current hour and minute.

Time Zone From the drop-down list, select the appropriate time zone.

Administrator Settings

Administrator Setting

Sysadmin Password To change the password (e.g., from the default) enter a Sysadmin Password of up

Retype Password Re-enter the Sysadmin Password above in this field as a confirmation.

Description

to 64 characters.

6. Click the Apply button to save your entries.

Figure 4-7 Quick Setup Completed in Web Manager

If Quick Setup has already been run the standard Home page will display.

SLC™ 8000 Advanced Console Manager User Guide 57

Figure 4-8 Home

4: Quick Setup

Method #3 Quick Setup on the Command Line Interface

If the SLC 8000 advanced console manager does not have an IP address, you can connect a dumb terminal or a PC running a terminal emulation program (VT100) to access the command line interface. (See Connecting Terminals on page 41.) If the unit has an IP address, you can use SSH or Telnet to connect to the SLC unit.

By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the

Services > SSH/Telnet/Logging (on page 117).

To complete the command line interface Quick Setup script:

1. Do one of the following:

- With a serial terminal connection, power up, and when the command line displays, press

Enter.

- With a network connection, use an SSH client or Telnet program (if Telnet has been

enabled) to connect to xx.xx.xx.xx (the IP address in dot quad notation), and press Enter. You should be at the login prompt.

2. Enter sysadmin as the user name and press Enter.

3. Enter the last 8 characters of the Device ID (for newly manufactured units that come installed with

8.3.0.0 or later) or PASS (for all older units) as the password and press Enter. The first time you log in, the Quick Setup script runs automatically. Normally, the command prompt displays.

Note: If the Device ID is not set, the default sysadmin password is the last 8

characters of the serial number.

Figure 4-9 Beginning of Quick Setup Script

Welcome to the Lantronix SLC8000 Advanced Console Manager Model Number: SLC8032

SLC™ 8000 Advanced Console Manager User Guide 58

4: Quick Setup

Quick Setup will now step you through configuring a few basic settings.

The current settings are shown in brackets ('[]'). You can accept the current setting for each question by pressing <return>.

4. Enter the following information at the prompts:

Note: To accept a default or to skip an entry that is not required, press Enter.

CLI Quick Setup Settings

Config Eth1 Select one of the following:

IP Address (if specifying)

Subnet Mask The subnet mask specifies the network segment on which the SLC 8000 advanced

Default Gateway IP address of the router for this network. There is no default.

Hostname

Domain If desired, specify a domain name (for example, support.lantronix.com). The domain

Time Zone If the time zone displayed is incorrect, enter the correct time zone and press Enter. If

Date/Time If the date and time displayed are correct, type n and continue. If the date and time

Sysadmin password

Description

 (1) obtain IP Address from DHCP: The unit will acquire the IP address, subnet

mask, hostname, and gateway from the DHCP server. (The DHCP server may or may not provide the gateway and hostname, depending on its setup.) This is the default setting.

 (2) obtain IP Address from BOOTP: Permits a network node to request

configuration information from a BOOTP "server" node.

 (3) static IP Address: Allows you to assign a static IP address manually. The IP

address is generally provided by the system administrator.

An IP address that is unique and valid on your network and in the same subnet as your PC. There is no default.

If you selected DHCP or BOOTP, this prompt does not display. Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields for

dot-quad numbers less than 100. For example, if your IP address is 172.19.201.28, do not enter 028 for the last octet.

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or

PPP) are not currently supported.

console manager resides. There is no default. If you selected DHCP or BOOTP, this prompt does not display.

The default host name is hardware address of Ethernet Port 1. There is a 64-character limit (contiguous characters, no spaces).

Note: The host name becomes the prompt in the command line interface.

name is used for host name resolution within the SLC unit. For example, if abcd is specified for the SMTP server, and mydomain.com is specified for the domain, if abcd cannot be resolved, the SLC 8000 advanced console manager attempts to resolve abcd.mydomain.com for the SMTP server.

the entry is not a valid time zone, the system guides you through selecting a time zone. A list of valid regions and countries displays. At the prompts, enter the correct region and country.

are incorrect, type y and enter the correct date and time in the formats shown at the prompts.

Enter a new sysadmin password.

slcXXXX, where XXXX is the last 4 characters of the

SLC™ 8000 Advanced Console Manager User Guide 59

4: Quick Setup

After you complete the Quick Setup script, the changes take effect immediately.

Figure 4-10 Quick Setup Completed in CLI

Welcome to the Lantronix SLC8000 Advanced Console Manager Model Number: SLC8032

Quick Setup will now step you through configuring a few basic settings.

The current settings are shown in brackets ('[]'). You can accept the current setting for each question by pressing <return>.

____Ethernet Port and Default Gateway___________________________________ The SLC8032 has two ethernet ports, Eth1 and Eth2. By default, both ports are configured for DHCP. Configure Eth1: (1) obtain IP Address from DHCP (2) obtain IP Address from BOOTP (3) static IP Address Enter 1-3: [1]

The SLC8032 can be configured to use a default gateway. Enter gateway IP Address: [none]

____Hostname____________________________________________________________ The current hostname is 'slc0348', and the current domain is '<undefined>'. The hostname will be shown in the CLI prompt. Specify a hostname: [slc0348] Specify a domain: [<undefined>]

____Time Zone___________________________________________________________

The current time zone is 'GMT'. Enter time zone: [GMT]

____Date/Time___________________________________________________________ The current time is Wed May 18 20:51:04 2016 Change the current time? [n]

____Sysadmin Password___________________________________________________ Enter new password: [<current password>]

Quick Setup is now complete.

For a list of commands, type 'help'.

SLC™ 8000 Advanced Console Manager User Guide 60

Next Step

After completing quick setup on the SLC 8000 advanced console manager, you may want to configure other settings. You can use the web page or the command line interface for configuration.

 For information about the web and the command line interfaces, go to Chapter 5: Web and

Command Line Interfaces.

 To continue configuring the SLC unit, go to Chapter 6: Basic Parameters.

4: Quick Setup

SLC™ 8000 Advanced Console Manager User Guide 61

5: Web and Command Line Interfaces

The SLC advanced console manager offers three interfaces for configuring the SLC unit: a command line interface (CLI), a web interface, and an LCD with keypad buttons on the front panel. This chapter discusses the web and command line interfaces.

Note: See Chapter 4: Quick Setup on page 50 for instructions on using the LCD front

panel to configure basic network settings, Web Manager, and CLI to perform quick setup.

Web Manager

A Web Manager allows the system administrator and other authorized users to configure and manage the SLC 8000 advanced console manager using most web browsers (Firefox, Chrome or Internet Explorer web applications with the latest browser updates). The SLC unit provides a secure, encrypted web interface over SSL (secure sockets layer).

Note: The web server listens for requests on the unencrypted (HTTP) port (port 80) and

redirects all requests to the encrypted (HTTPS) port (port 443). Web Telnet and Web SSH features (utilized in SLC console managers with firmware 7.2.0.0 or earlier) require Java

1.1 (or later) support in the browser.

The following figure shows a typical web page:

Logout Button

Tabs

Options

Entry Fields

and Options

Figure 5-1 Web Page Layout

Dashboard

Icons

Help Button

SLC™ 8000 Advanced Console Manager User Guide 62

5: Web and Command Line Interfaces

The web page has the following components:

 Tabs: Groups of settings to configure.

 Options: Below each tab are options for specific types of settings.

Note: Only those options for which the currently logged-in user has rights display.

Figure 5-2 Sample Dashboards

 Dashboard

The appearance of the user interface dashboard will differ according to the type of NIC card and bay modules installed in the back of the SLC 8000. See Figure 2-2 SLC 8048 Unit

Samples (Back Side) - Part Number SLC80482201S (on page 26), Figure 3-7 Sample Device Port Connections (Back Side) (on page 40), and Figure 5-2 Sample Dashboards (on page 63).

- The light green LCD button allows you to configure the front panel LCD.

- The beige SD button allows you to configure the SD card, if a card is inserted. See

Chapter 8: USB/SD Card Port on page 146.

- The gray U1 button allows you to configure the upper USB device (flash drive or modem)

plugged into the front panel USB connector. The gray U2 button allows you to configure the lower USB device plugged into the front panel USB connector. See Chapter 8: USB/

SD Card Port on page 146.

- The brown MD button allows you to configure the internal modem, if an internal modem is

installed.

- The blue E1 and E2 buttons display the Network > Network Settings (1 of 2) page for the

Ethernet port.

- The F1 and F2 buttons display the Network > Network Settings (1 of 2) page for the SFP

transceiver port.

- The number buttons allow you to select a port and display its settings. Only ports to which

the currently logged-in user has rights are enabled.

Below the bar are options for use with the port buttons. Selecting a port and the Configuration option takes you to the Device Ports > Settings (1 of 2) page. Selecting a port and the WebSSH option displays the WebSSH window for the device port --if Web SSH is enabled, and if SSH is enabled for the device port. Selecting the port and the Connected Device button allows access to supported devices such as remote power

SLC™ 8000 Advanced Console Manager User Guide 63

5: Web and Command Line Interfaces

managers (RPMs) and/or SensorSoft temperature and humidity probes connected to the device port.

- The yellow orange A and B buttons display the status of the power supplies.

 Entry Fields and Options: Allow you to enter data and select options for the settings.

Note: For specific instructions on completing the fields on the web pages, see Chapters

5 through 12.

 Apply Button: Apply on each web page makes the changes immediately and saves them so

they will be there when the SLC 8000 advanced console manager is rebooted.

 Icons: The icon bar above the Main Menu has icons that display the following:

Home page.

Information about the SLC unit and Lantronix contact information.

Configuration site map.

Status of the SLC 8000 advanced console manager.

 Help Button: Provides online Help for the specific web page.

Logging in

Only the system administrator or users with web access rights can log into the Web Manager. More than one user at a time can log in, but the same user cannot login more than once.

To log in to the SLC Web Manager:

1. Open a web browser.

2. In the URL field, type https:// followed by the IP address of your SLC 8000 advanced console manager.

3. To configure the SLC unit, log in using sysadmin as the user name and the last 8 characters of the Device ID (for newly manufactured units that come installed with 8.3.0.0 or later) or PASS (for all older units) as the password

Note: If the Device ID is not set, the default sysadmin password is the last 8

characters of the serial number.

Note: The system administrator may have changed the password using one of the

Quick Setup methods in the previous chapter.

The Lantronix SLC Quick Setup page displays automatically the first time you log in. Subsequently, the Lantronix SLC Home page displays. (If you want to display the Quick Setup page again, click Quick Setup on the main menu.)

Logging Out

To log off the SLC web interface:

1. Click the Logout button located on the upper left part of any Web Manager page. You are brought back to the login screen when logout is complete.

SLC™ 8000 Advanced Console Manager User Guide 64

Web Page Help

To view detailed information about an SLC web page:

1. Click the Help button to the right of any Web Manager page. Online Help contents will appear in a new browser window.

Command Line Interface

A command line interface (CLI) is available for entering all the commands you can use with the SLC 8000 advanced console manager. In this user guide, after each section of instructions for using the web interface, you will find the equivalent CLI commands. You can access the command line interface using Telnet, SSH, or a serial terminal connection.

Note: By default, Telnet is disabled and SSH is enabled. To enable Telnet, use the

Services > SSH/Telnet/Logging web page, a serial terminal connection, or an SSH

connection. (See Chapter 7: Services.)

5: Web and Command Line Interfaces

The sysadmin user and users with who have full administrative rights have access to the complete command set, while all other users have access to a reduced command set based on their permissions.

Logging In

To log in to the SLC command line interface:

1. Do one of the following:

- With a serial terminal connection, power up, and when the command line displays, press

Enter.

- If the SLC 8000 advanced console manager already has an IP address (assigned

previously or assigned by DHCP), Telnet (if Telnet has been enabled) or SSH to xx.xx.xx.xx (the IP address in dot quad notation) and press Enter. The login prompt displays.

2. To log in as the system administrator for setup and configuration, enter sysadmin as the user name and press Enter.

3. Enter the last 8 characters of the Device ID (for newly manufactured units that come installed with

8.3.0.0 or later) or PASS (for all older units) as the password and press Enter. The first time you log in, the Quick Setup script runs automatically. Normally, the command prompt displays. (If you want to display the Quick Setup script again, use the admin quicksetup command.)

Note: If the Device ID is not set, the default sysadmin password is the last 8

characters of the serial number.

Note: The system administrator may have changed the password using one of the

Quick Setup methods in the previous chapter.

SLC™ 8000 Advanced Console Manager User Guide 65

5: Web and Command Line Interfaces

To log in any other user:

1. Enter your SLC user name and press Enter.

2. Enter your SLC password and press Enter.

Logging Out

To log out of the SLC command line interface, type logout and press Enter.

Command Syntax

Commands have the following format:

where

<action> is set, show, connect, admin, diag, or logout.

<category> is a group of related parameters whose settings you want to configure or view.

Examples are ntp, deviceport, and network.

<parameter(s)> is one or more name-value pairs in one of the following formats:

User must specify one of the values (aa or bb) separated by a vertical line ( entered exactly as shown. Bold indicates a default value.

User must specify an appropriate value, for example, an IP address. The parameter values are in mixed case. Square brackets indicate optional parameters.

| ). The values are in all lowercase and must be

[ ]

Command Line Help

 For general Help and to display the commands to which you have rights, type: help

 For general command line Help, type: help command line

 For release notes for the current firmware release, type: help release

 For more information about a specific command, type help followed by the command. For

example: help set network or help admin firmware

Tips

 Type enough characters to identify the action, category, or parameter name uniquely. For

parameter values, type the entire value. For example, you can shorten:

set network port 1 state static ipaddr 122.3.10.1 mask 255.255.0.0

se net po 1 st static ip 122.3.10.1 ma 255.255.0.0

 Use the Tab key to automatically complete action, category, or parameter names. Type a

partial name and press Tab either to complete the name if only one is possible, or to display the possible names if more than one is possible. Following a space after the preceding name, Tab displays all possible names.

SLC™ 8000 Advanced Console Manager User Guide 66

5: Web and Command Line Interfaces

 Should you make a mistake while typing, backspace by pressing the Backspace key and/or

the Delete key, depending on how you accessed the interface. Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port. Use the left and right arrow keys to move within a command.

 Use the up and down arrows to scroll through previously entered commands. If desired, select

one and edit it. You can scroll through up to 100 previous commands entered in the session.

 To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR.

 When the number of lines displayed by a command exceeds the size of the window (the

default is 25), the command output is halted until the user is ready to continue. To display the next line, press Enter, and to display the page, press the space bar. You can override the number of lines (or disable the feature altogether) with the set cli command.General CLI Commands

The following commands relate to the CLI itself.

To configure the current command line session:

set cli scscommands <enable|disable>

Allows you to use SCS-compatible commands as shortcuts for executing commands:

Note: Settings are retained between CLI sessions for local users and users listed in the

remote users list.

Table 5-3 SCS Commands

SCS Commands Commands

info 'show sysstatus'

version 'admin version'

reboot 'admin reboot'

poweroff 'admin shutdown'

listdev 'show deviceport names'

direct 'connect direct deviceport'

listen 'connect listen deviceport'

clear 'set locallog clear'

telnet 'connect direct telnet'

ssh 'connect direct ssh'

To set the number of lines displayed by a command:

set cli terminallines <disable|Number of lines>

Sets the number of lines in the terminal emulation (screen) for paging through text one screenful at a time, if the SLC 8000 unit cannot detect the size of the terminal automatically.

To show current CLI settings:

show cli

SLC™ 8000 Advanced Console Manager User Guide 67

5: Web and Command Line Interfaces

To view the last 100 commands entered in the session:

show history

To clear the command history:

set history clear

To view the rights of the currently logged-in user:

show user

Note: For information about user rights, see Chapter 12: User Authentication.

Table 5-4 CLI Keyboard Shortcuts

Keyboard Shortcut Description

Control + [a] Move to the start of the line.

Control + [e] Move to the end of the line.

Control + [b] Move back to the start of the current word.

Control + [f] Move forward to the end of the next word.

Control + [u] Erase from cursor to the beginning of the line.

Control + [k] Erase from cursor to the end of the line.

SLC™ 8000 Advanced Console Manager User Guide 68

6: Basic Parameters

This chapter explains how to set the following basic configuration settings for the SLC advanced console manager using the SLC web interface or the CLI:

 Network parameters that determine how the SLC 8000 advanced console manager interacts

with the attached network

 Firewall and routing

 Date and time

Note: If you entered some of these settings using a Quick Setup procedure, you may

update them here.

Requirements

If you assign a different IP address from the current one, it must be within a valid range and unique to your network. If a valid gateway address has not been assigned the IP address must be on the same subnet as workstations connecting to the SLC 8000 over the network.

To configure the unit, you need the following information:

Eth1 IP address: ________ - ________ - ________ - ________

Subnet mask: ________ - ________ - ________ - ________

Eth2 IP address (optional): ________ - ________ - ________ - ________

Subnet mask (optional): ________ - ________ - ________ - ________

Gateway: ___________ - ___________ - ___________ - ___________

DNS: ___________ - ___________ - ___________ - ___________

SLC™ 8000 Advanced Console Manager User Guide 69

Network Port Settings

Network parameters determine how the SLC unit interacts with the attached network. Use this page to set the following basic configuration settings for the network ports (Eth1 and Eth2).

The SLC supports the following types of network interfaces:

 RJ-45 ports, as part of the standard SLC RJ45 NIC board. In the web UI port banner bar,

these are represented as and . These ports can be configured for speeds of 10Mbit, 100 Mbit or 1000 Mbit, at half-duplex or full-duplex. The RJ45 Ethernet NIC LEDs display the following states:

- Green Light On: indicates a link at 1000 BASE-T

- Green Light Off: indicates a link at other speeds, or no link

- Yellow Light On: indicates a link is established

- Yellow Light Blinking: indicates link activity

 A variety of SFP modules, installed in the SLC SFP NIC board. In the web UI port banner bar,

these are represented as and , in a variety of colors. Single mode 1000 BASE-LX optical SFPs are shown in yellow as . Multi mode 1000 BASE-SX optical SFPs are shown as . RJ45 1000 BASE-T SFPs are shown in blue as . A port with no SFP module is shown in white as F1. A port with an unknown SFP module is shown as .

6: Basic Parameters

The SFP Ethernet NIC LEDs are located between the two SFP module slots; the LEDs for Ethernet 1 are on the left, and the LEDs for Ethernet 2 are on the right. They display the following states:

- Green Light On: indicates a link is established

- Green Light Off: indicates no link

- Yellow Light On: indicates no link activity

- Yellow Light Blinking: indicates link activity

These ports are fixed at 1000 Mbit full-duplex. Note that in some vendor's RJ45 1000 BASE-T transceivers, the RX LOS is internally ground, so the link status feature may fail.

SLC™ 8000 Advanced Console Manager User Guide 70

6: Basic Parameters

To enter settings for one or both network ports:

1. Click the Network tab and select the Network Settings option. Either the Network > Network

Settings (1 of 2) or the Network > Network Settings (2 of 2) displays depending on your SLC

8000 model.

Figure 6-1 Network > Network Settings (1 of 2)

Note: The SFP NIC Info & Diagnostics link in the Network > Network Settings (1 of 2)

image above only appears in SLC units equipped with an SFP NIC board. The SFP NIC Info & Diagnostics link brings you to the Network Settings > SFP NIC Information &

Diagnostics page.

SLC™ 8000 Advanced Console Manager User Guide 71

Figure 6-2 Network > Network Settings (2 of 2)

6: Basic Parameters

SLC™ 8000 Advanced Console Manager User Guide 72

Figure 6-3 Network Settings > SFP NIC Information & Diagnostics

2. Enter the following information:

6: Basic Parameters

Ethernet Interfaces (Eth1 and Eth2)

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)

are not currently supported.

Eth 1 Settings

Eth 2 Settings

IP Address

(if specifying)

Subnet Mask If specifying an IP address, enter the network segment on which the SLC unit

 Disabled: If selected, disables the network port.  Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway

from the DHCP server. (The DHCP server may not provide the hostname gateway, depending on its setup.) This is the default setting. If you select this option, skip to Gateway.

 Obtain from BOOTP: Lets a network node request configuration information

from a BOOTP "server" node. If you select this option, skip to Gateway.

 Specify: Lets you manually assign a static IP address, generally provided by the

system administrator.

 Enter an IP address that will be unique and valid on your network. There is no

default.

 Enter all IP addresses in dot-quad notation. Do not use leading zeros in the

fields for dot-quad numbers less than 100. For example, if your IP address is

172.19.201.28, do not enter 028 for the last segment octet.

Note: Currently, the SLC unit does not support configurations with the same IP

subnet on multiple interfaces (Ethernet or PPP).

resides. There is no default.

SLC™ 8000 Advanced Console Manager User Guide 73

6: Basic Parameters

IPv6 Address (Static)

Address of the port in IPv6 format.

Note: The SLC 8000 advanced console manager supports IPv6 connections for

the following services: the web, SSH, Telnet, remote syslog, SNMP, NTP, LDAP, Kerberos, RADIUS, TACACS+, connections to device ports, and diagnostic ping.

IPv6 addresses are written as 8 sets of 4-digit hexadecimal numbers separated by colons. There are several rules for modifying the address. For example:

1234:0BCD:1D67:0000:0000:8375:BADD:0057 may be shortened to 1234:BCD:1D67::8375:BADD:57.

IPv6 Address (Global)

IPv6 Address (Link Local)

Mode Select the direction, duplex mode (full duplex or half-duplex), and speed (10, 100,

MTU Specifies the maximum transmission unit (MTU) or maximum packet size of

HW Address Displays the hardware address of the Ethernet port.

Multicast Displays the multicast address of the Ethernet port.

Enable IPv6 Select this box to enable the IPv6 protocol. If changed, the SLC unit will need to

IP Forwarding If enabled, IP forwarding enables IPv4 network traffic received on one interface

IPv6 Forwarding If enabled, IPv6 forwarding enables IPv6 network traffic received on one interface

SFP NIC Info & Diagnostics (Link)

IPv6 address with global scope that is generated by address autoconfiguration. The address is generated from a combination of router advertisements and MAC address to create a unique IPv6 address. This field is read only.

Note: This field will not appear in the absence of an IPv6 global address.

An IPv6 address that is intended only for communications within the segment of a local network. This field is read only.

or 1000 Mbit) of data transmission. The default is Auto, which allows the Ethernet port to auto-negotiate the speed and duplex with the hardware endpoint to which it is connected.

packets at the IP layer (OSI layer 3) for the Ethernet port. When fragmenting a datagram, this is the largest number of bytes that can be used in a packet. The minimum MTU size is 108 bytes (to conform with RFC 2460) and the maximum size is 1500 bytes.

reboot. Enabled by default.

(Eth1, Eth2, or an external/USB modem attached to the SLC unit with an active PPP connection) to be transferred out another interface (any of the above). The default behavior (if IP forwarding is disabled) is for network traffic to be received but not routed to another destination.

Enabling IP forwarding is required if you enable Network Address Translation (NAT) for any device port modem or USB/ISDN modem. IP forwarding allows a user accessing the SLC 8000 advanced console manager over a modem to access the network connected to Eth1 or Eth2.

Clicking the link brings you to the Network Settings > SFP NIC Information &

Diagnostics page showing information and diagnostics about the SFP connection

port, temperature, voltage, current, output power, input power, LOS, and TX fault. Click Back to Network Settings to return to the Network > Network Settings (1 of 2) page.

Note: The SFP NIC Info & Diagnostics link in the Network > Network Settings (1 of

2) page only appears in SLC units equipped with an SFP NIC board.

SLC™ 8000 Advanced Console Manager User Guide 74

6: Basic Parameters

Ethernet Bonding Ethernet 1 and Ethernet 2 can be bonded to support redundancy (Active Backup),

aggregation (802.3ad), and load balancing. Disabled by default. Note that if Ethernet Bonding is enabled, assigning individual IP Addresses to Device Ports is not supported.

Ethernet Bonding Status (Link)

Click the link to access Ethernet bonding status information. Ethernet 1 and Ethernet 2 can be bonded to support redundancy (Active Backup), aggregation (802.3ad), and load balancing. Disabled by default. Note that if Ethernet Bonding is enabled, assigning individual IP Addresses to Device Ports is not supported.

Click Back to Network Settings link to return to the Network Settings page.

Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP)

are not currently supported.

Hostname & Name Servers

Hostname

Domain If desired, specify a domain name (for example, support.lantronix.com). The domain

The default host name is hardware address of Ethernet Port 1. There is a 64-character limit (contiguous characters, no spaces). The host name becomes the prompt in the command line interface.

slcXXXX, where XXXX is the last 4 characters of the

DNS Servers

#1 - #3 Configure up to three name servers with an IPv4 or IPv6 address. #1 is required if

you choose to configure DNS (Domain Name Server) servers. The SLC will attempt to contact each DNS server in the order that they are given. If a DNS server cannot be reached, the next DNS server will be tried. If a DNS server is reachable, but does not resolve a hostname, no other attempts will be mad to resolve the hostname using the remaining DNS servers.

The first three DNS servers acquired via DHCP through Eth1 and/or Eth2 display automatically.

DHCP-Acquired DNS Servers

#1 - #3 Displays the IP address of the name servers if automatically assigned by DHCP.

Prefer IPv4 DNS Records

If enabled, IPv4 DNS records will be preferred when DNS hostname lookups are performed. Otherwise IPv6 records will be preferred (when IPv6 is enabled). Enabled by default.

TCP Keepalive Parameters

Start Probes Number of seconds the SLC unit waits after the last transmission before sending the

first probe to determine whether a TCP session is still alive. The default is 600 seconds (10 minutes).

Number of Probes Number of probes the SLC 8000 advanced console manager sends before closing a

session. The default is 5.

Interval The number of seconds the SLC unit waits between probes. The default is 60

seconds.

SLC™ 8000 Advanced Console Manager User Guide 75

6: Basic Parameters

Gateway

Default IP address of the IPv4 router for this network.

If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2 displays.

All network traffic that matches the Eth1 IP address and subnet mask is sent out Eth1. All network traffic that matches the Eth2 IP address and subnet mask is sent out Eth 2.

If you set a default gateway, any network traffic that does not match Eth1 or Eth2 is sent to the default gateway for routing.

DHCP-Acquired Gateway acquired by DHCP for Eth1 or Eth2. View only.

Precedence Indicates whether the gateway acquired by DHCP or the default gateway takes

precedence. The default is DHCP Gateway. If the DHCP Gateway is selected and both Eth1 and Eth2 are configured for DHCP, the SLC unit gives precedence to the Eth1 gateway.

IPv6 Default Indicates the IP address of the IPv6 router for this network.

Fail-Over Settings

Fail-over Gateway IP Address

IP Address to Ping to Trigger Fail-over

Ethernet Port for Ping

Delay between Pings Number of seconds between pings

Number of Failed Pings

The fail-over gateway is a backup default gateway, used when it is determined through a fail-over trigger that the primary default gateway is no longer a viable route. A fail-over event happens when a Ping device reachable via an Ethernet interface and the default gateway becomes unreachable. Fail-back occurs when the Ping device becomes reachable again, causing the primary default route to be restored.

Note: The fail-over gateway is not supported when DHCP is used.

IP address to ping to determine whether to use the fail-over gateway.

Ethernet port to use for the ping.

Number of pings that fail before the SLC 8000 advanced console manager uses the fail-over gateway.

SLC™ 8000 Advanced Console Manager User Guide 76

6: Basic Parameters

Fail-Over Cellular Gateway Configuration

Fail-over Device Select an integrated device to be used as the fail-over gateway. Currently the

Lantronix PremierWave XC HSPA+ Cellular Gateway and the Sierra Wireless AirLink ES450 are supported. The HSPA+ gateway must be configured in gateway mode before it can be used as the fail-over gateway. It is recommended that the HSPA+ Cellular Connection Mode be set to On Demand, which will leave the link quiescent until an application attempts to make use of the cellular network connection. It is also recommended that the SNTP protocol be disabled, as On Demand mode uses the egress traffic as a trigger.

The Sierra gateway must be properly provisioned before first use by initializing the APN of the installed SIM card. This is done by connecting the Sierra gateway to the second ethernet port of the SLC, and assigning a static IP address to the SLC port so that it is in the same subnet as the IP address of the Sierra gateway. Use the console CLI or web GUI to set the APN of the SIM card. After setting the APN, power cycle the Sierra gateway and allow it to reboot completely.

The failover feature requires that both Ethernet ports be configured with a static IP address. Using DHCP on one of the Ethernet ports may overwrite the default route, interfering with fail-over and fail-back.

Note: The commands sent to the fail-over device to retrieve status and update the

configuration are shown in the syslog (messages may be displayed under Network syslog; at the Debug level). If there are errors retrieving status or updating the configuration, check messages in the Network syslog, the device administrator login/password, connectivity to the device and the firmware version of the fail-over device (the minimum required firmware version for HSPA+ is 8.1.0.0 and for Sierra Wireless ES450, it is 4.9.2). For the HSPA+ gateway, if the firmware is updated and new items are added to the status output by the gateway, the new items will automatically be displayed on the SLC.

When the SLC sends an updated configuration to the fail-over device, it is recommended to check the SLC syslog, even if the SLC indicates that the update was successful. Responses from the fail-over device indicating that the device needs to be rebooted for configuration changes to take affect may also be in the syslog. The configuration will be re-sent to the device if any of the fail-over device settings are changed, or the selected fail-over device is changed from None to one of the supported fail-over device types.

When a fail-over or fail-back occurs, running applications such as VPN tunnel and ConsoleFlow will be restarted.

APN of Mobile Carrier

Admin Login and Password/Retype

Change Admin Password (check box)

For the HSPA+ and Sierra gateways, configure the Access Point Name for the mobile carrier. May have up to 256 characters.

For the selected Fail-over Device, the administrator login and password used to retrieve status from the device and send configuration updates to the device. The login may have up to 32 characters, and the password may have up to 64 characters. The Admin Password displays the current password masked.

Select this check box if you wish to update the admin password for the selected gateway Fail-over Device.

SLC™ 8000 Advanced Console Manager User Guide 77

6: Basic Parameters

New Admin Password/Retype

Reboot Gateway When Making Changes (check box)

Fail-Over Cellular Gateway Status (link)

For the selected Fail-over Device, the administrator password can be changed on the gateway. The password may have up to 64 characters.

To change the Admin Password, click the Change Admin Password checkbox and enter the new password in the New Admin Password and Retype fields. Changing the HSPA+ Admin password will save the password on the SLC for status and configuration queries to the HSPA+ gateway. The password must match what is stored on the HSPA+ gateway. Changing the Sierra Admin password will save the password on the SLC for status and configuration queries to the Sierra gateway. The new password will also be configured on the Sierra gateway. The Sierra gateway login must be set as ‘user’.

For the selected Fail-over Device, the administrator can reboot the gateway.

Clicking the link opens the Fail-Over Cellular Gateway status window, showing status and statistics about the fail-over gateway.

Click Back to Network Settings to return to the Network Settings page.

Advanced Cellular Gateway Configuration

SIM Card PIN Lock (check box)

Pin # for SIM Card/ Retype

SIM PUK/Retype For the HSPA+ gateway, the SIM Personal Unblocking Key. May have up to 16

SIM Username For the HSPA+ gateway, enter the username for dial up to the cellular carrier, if

SIM Password For the HSPA+ gateway, enter the password for dial up to the cellular carrier, if

Dial-up String For the HSPA+ gateway, enter the modem string used for making a connection to

Roaming For the HSPA+ gateway, enable or disable network roaming. The Sierra gateway

For the HSPA+ and Sierra gateways, enable a lock so that the SIM card used by the gateway cannot be used by anyone who does not have the PIN.

For the HSPA+ and Sierra gateways, the PIN number for the SIM card used by the gateway. May have up to 8 characters.

characters. The Sierra gateway does not have this feature.

required. May have up to 64 characters. The Sierra gateway does not have this feature.

the carrier. May have up to 64 characters. The Sierra gateway does not have this feature.

does not have this feature.

Fail-Over Cellular Gateway Firmware

Note: The HSPA+ or Sierra fail-over device must be selected in order for you to be able

to update the firmware.

Update Firmware (check box)

Functional Firmware Filename

SLC™ 8000 Advanced Console Manager User Guide 78

Select this option to update firmware on the HSPA+ gateway or the Sierra gateway. The Functional Firmware file and the Radio Firmware file (required for the Sierra gateway only) will be transferred to the SLC using the method selected by the Load Firmware via option. Once the file(s) have been transferred to the SLC, the SLC will initiate the firmware update on the gateway.

Enter the name of the firmware filename exactly as it is represented.

6: Basic Parameters

Radio Firmware Filename

Load Firmware via Select the method to load the firmware from the options in the drop-down menu.

Enter the name of the radio firmware filename exactly as it is represented.

Options are: FTP, TFTP, SCP, USB, SD Card, and HTTPS. FTP is the default.

 If you select HTTPS, the Upload File link becomes active. Select the link to open

a popup window that allows you to browse to a firmware update file to upload.

 If you select NFS, the mount directory must be specified.

Note: Connections available depend on the model of the SLC unit.

Load Cellular Gateway Firmware Options

USB Port Select the USB port. The firmware files must be stored in the top level directory of

the USB flash drive.

FTP/SFTP/SCP Server

Path Enter the path on the server for obtaining firmware update files.

Password/ Retype Password

3. To save your entries, click the Apply button. Apply makes the changes immediately and saves them so they will be there when the SLC 8000 advanced console manager is rebooted.

Enter the IP address or host name of the server used for obtaining the firmware files. May have up to 64 alphanumeric characters; may include hyphens and underscore characters.

Enter the FTP/SFTP/SCP user password. Retype the password in the Retype

Password field.

Ethernet Counters

The Network > Network Settings (1 of 2) page displays statistics for each of the SLC Ethernet ports since boot-up. The system automatically updates them.

Note: For Ethernet statistics for a smaller time period, use the diag perfstat

command.

Network Commands

Go to Network Commands to view CLI commands which correspond to the web page entries described above.

IP Filter

IP filters (also called a rule set) act as a firewall to allow or deny an individual MAC address or individual or a range of IP addresses, ports, and protocols. When a network connection is configured to use an IP filter, all network traffic through that connection is compared, in order, to the rules of that filter. Network traffic may be allowed to pass, it may be dropped (without notice), or it may be rejected (sends back an error packet) depending upon the rules of that filter rule set.

The administrator uses the Network > IP Filter page to view, add, edit, delete, and map IP filters.

Warning: IP filters configuration is a feature for advanced users. Adding and

enabling IP filter sets incorrectly can disable access to your SLC unit.

SLC™ 8000 Advanced Console Manager User Guide 79

6: Basic Parameters

Viewing IP Filters

You can view a list of filters and a table showing how each filter is mapped to an interface.

To view a list of IP filters:

1. Click the Network tab and select the IP Filter option. The following page displays:

Figure 6-4 Network > IP Filter

Mapping Rulesets

The administrator can assign an IP Filter Rule Set to a network interface (Ethernet interface), a modem connected to a device port, or a USB modem or an internal modem (if installed).

To map a ruleset to a network interface:

1. Click the Network tab and select the IP Filter option. The Network > IP Filter page displays.

2. Select the IP filter rule set to be mapped.

3. From the Interface drop-down list, select the desired network interface and click the Map Ruleset button. The Interface and rule set display in the IP Filter Mappings table.

To delete a mapping:

1. Click the Network tab and select the IP Filter option. The Network > IP Filter page displays.

2. Select the mapping from the list and click the Delete Mappings button. The mapping no longer displays.

3. Click the Apply button.

Enabling IP Filters

On the Network > IP Filter page, you can enable all filters or disable all filters.

SLC™ 8000 Advanced Console Manager User Guide 80

6: Basic Parameters

Note: There is no way to enable or disable individual filters.

To enable IP filters:

1. Enter the following:

Enable IP Filter Select the Enable IP Filter checkbox to enable all filters, or clear the checkbox

to disable all filters. Disabled by default.

Packets Dropped Displays the number of data packets that the filter ignored (did not respond to).

View only.

Packets Rejected Displays the number of data packets that the filter sent a “rejected” response to.

View only.

Test Timer Timer for testing IP Filter rulesets. Select No to disable the timer. Select Yes,

minutes (1-120) to enable the timer and enter the number of minutes the timer should run. The timer automatically disables the IP Filters when the time expires.

Time Remaining Indicates how many minutes are left on the timer before it expires and IP Filters

disabled. View only.

SLC™ 8000 Advanced Console Manager User Guide 81

6: Basic Parameters

Configuring IP Filters

The administrator can add, edit, delete, and map IP filters.

Note: A configured filter has no effect until it is mapped to a network interface.

See Mapping Rulesets on page 80.

To add an IP filter:

1. On the Network > IP Filter page, click the Add Ruleset button. The following page displays:

Figure 6-5 Network > IP Filter Ruleset (Adding/Editing Rulesets)

Rulesets can be added or updated on this page.

2. Enter the following:

Ruleset Name Name that identifies a filter; may be composed of letters, numbers, and hyphens

only. (The name cannot start with a hyphen.) Example:

FILTER-2

SLC™ 8000 Advanced Console Manager User Guide 82

6: Basic Parameters

Rule Parameters

IP Address(es) Specify a single IP address to act as a filter.

Example:

Subnet Mask Specify a subnet mask to act determine how much of the address should apply to

the filter.

Example:

MAC Address Specify a single MAC address to act as a filter.

Example: 10:7d:1a:33:5c:e1

Protocol From the drop-down list, select the type of protocol through which the filter will

operate. The default setting is All.

Port Range Enter a range of destination TCP or UDP port numbers to be tested. An entry is

required for TCP, TCP New, TCP Established, and UDP, and is not allowed for other protocols. Separate multiple ports with commas. Separate ranges of ports by colons.

Examples:

 22 – filter on port 22 only  23,64,80 – filter on ports 23, 64 and 80  23:64,80,143:150 – filter on ports 23 through 64, port 80 and ports 143 through

Action Select whether to Drop, Reject, or Allow communications for the specified IP

address, subnet mask, protocol, and port range. Drop ignores the packet with no notification. Reject ignores the packet and sends back an error message. Allow permits the packet through the filter.

Clear Click the Clear button to clear any Rule Parameter information set above.

Generate rule to allow service

You may wish to “punch holes” in your filter set for a particular protocol or service. For instance, if you have configured your NIS server and wish to create an opening

in your filter set, select the NIS option and click the Add Rule button. This entry adds a new rule to your filter set using the NIS -configured IP address. Other services and protocols added automatically generate the necessary rule to allow their use.

172.19.220.64 – this specific IP address only

255.255.255.255 to specify the whole address should apply.

150

3. Click the right arrow button to add the new rule to the bottom of the Rules list box on the right. A maximum of 64 rules can be created for each ruleset.

4. To remove a rule from the filter set, highlight that line and click the left arrow. The rule populates the rule definition fields, allowing you to make minor changes before reinserting the rule. To clear the definition fields, click the Clear button.

5. To change the order of priority of the rules in the list box, select the rule to move and use the up or down arrow buttons on the right side of the filter list box.

6. To save, click the Apply button. The new filter displays in the menu tree.

Note: To add another new filter rule set, click the Back to IP Filter link to return to the

Network > IP Filter page.

Updating an IP Filter

To update an IP filter rule set:

SLC™ 8000 Advanced Console Manager User Guide 83

1. From the Network > IP Filter page, the administrator selects the IP filter ruleset to be edited

2. Edit the information as desired and click the Apply button.

Deleting an IP Filter

To delete an IP filter rule set:

1. On the Network > IP Filter page, the administrator selects the IP filter ruleset to be deleted and

IP Filter Commands

Go to IP Filter Commands to view CLI commands which correspond to the web page entries described above.

Routing

6: Basic Parameters

and clicks the Edit Ruleset button to return to the Network > IP Filter Ruleset (Adding/Editing

Rulesets) page (see Figure 6-5).

clicks the Delete Ruleset button.

The SLC 8000 advanced console manager allows you to define static routes and, for networks using Routing Information Protocol (RIP)-capable routes, to enable the RIP protocol to configure the routes dynamically.

To configure routing settings:

1. Click the Network tab and select the Routing option. The following page displays:

Figure 6-6 Network > Routing

2. Enter the following:

SLC™ 8000 Advanced Console Manager User Guide 84

6: Basic Parameters

Dynamic Routing

Enable RIP Select to enable Dynamic Routing Information Protocol (RIP) to assign routes

automatically. Disabled by default.

RIP Version Select the RIP version. The default is 2.

Static Routing

Enable Static Routing

3. Click the Apply button.

Note: To display the routing table, status or specific report, see the section,

Status/Reports on page 309.

Routing Commands

Go to Routing Commands to view CLI commands which correspond to the web page entries described above.

VPN Settings

This page can be used to create a Virtual Private Network (VPN) tunnel to the SLC unit for secure communication between the and a remote host or gateway. The SLC unit supports IPSec tunnels using Encapsulated Security Payload (ESP). The supports host-to-host, net-to-net, host-to-net, and roaming user tunnels.

Select to assign the routes manually. The system administrator usually provides the routes. Disabled by default.

 To add a static route, enter the IP Address, Subnet Mask, and Gateway for the

route and click the Add/Edit Route button. The route displays in the Static Routes table. You can add up to 64 static routes.

 To edit a static route, select the radio button to the right of the route, change the IP

Address, Subnet Mask, and Gateway fields as desired, and click the Add/Edit Route button.

 To delete a static route, select the radio button to the right of the route and click the

Delete Route button.

Note: To allow VPN tunnel access if the SLC firewall is enabled, traffic to UDP ports 500

and 4500 from the remote host should be allowed, as well as protocol ESP from the remote host.

The SLC provides a strongSwan-based VPN implementation (version 5.6.3). The SLC UI provides access to a subset of the strongSwan configuration options, and also allows upload of a custom ipsec.conf file, which gives an administrator access to most strongSwan configuration options. For more information on strongSwan, see https://www.strongswan.org of Internet Key Exchange IKEv1

and IKEv2 cipher suites is available on the strongSwan Wiki. NAT

and the strongSwan FAQ. A list

Traversal is handled automatically without any special configuration. VPN related routes are

installed in a separate table and can be viewed in the detailed VPN status or in the IP Routes table.

When a tunnel is up, the amount of data passed through the tunnel can be viewed in the status with the bytes_i (bytes input) and bytes_o (bytes output) counters. An example of the VPN status is below (the status will vary depending on the authentication, subnets and algorithms used). For example, the status displays the IP addresses on either side of the tunnel (192.168.1.103 and

220.41.123.45), the type of authentication (pre-shared key authentication), the algorithms in use

SLC™ 8000 Advanced Console Manager User Guide 85

6: Basic Parameters

(IKEv1 Aggressive and 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024), when the tunnel will be rekeyed/SA Lifetime (rekeying in 7 hours), the bytes in and out (131 bytes_i (1 pkt, 93s ago), 72 bytes_o (1 pkt, 94s ago)), a dynamic address assigned to the console manager side of the tunnel (child: dynamic and 172.28.28.188), and the subnets on both sides of the tunnel (172.28.28.188/32 === 10.3.0.0/24 10.81.101.0/24 10.81.102.0/24 10.81.103.0/24).

Connections: MyVPNConn: 192.168.1.103...220.41.123.45 IKEv1 Aggressive, dpddelay=30s MyVPNConn: local: [vpnid] uses pre-shared key authentication MyVPNConn: local: [vpnid] uses XAuth authentication: any with XAuth identity 'gfountain' MyVPNConn: remote: [220.41.123.45] uses pre-shared key authentication MyVPNConn: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=restart Security Associations (1 up, 0 connecting): MyVPNConn[1]: ESTABLISHED 26 minutes ago,

192.168.1.103[vpnid]...220.41.123.45[220.41.123.45]

MyVPNConn[1]: IKEv1 SPIs: 62c06b5b5fc3c5de_i* 74300552060118f6_r, pre-shared key+XAuth reauthentication in 2 hours MyVPNConn[1]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ MODP_1024 MyVPNConn{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c6b71deb_i 95f877ec_o MyVPNConn{1}: 3DES_CBC/HMAC_MD5_96/MODP_1024, 131 bytes_i (1 pkt, 93s ago), 72 bytes_o (1 pkt, 94s ago), rekeying in 7 hours MyVPNConn{1}: 172.28.28.188/32 === 10.3.0.0/24 10.81.101.0/24

10.81.102.0/24 10.81.103.0/24

The SLC loads a subset of the available strongSwan plugins

. If an option is given in a custom ipsec.config file that requires a plugin that is not loaded by the SLC, this may cause an error during tunnel negotiation. The loaded plugins can be viewed in the VPN Status when the VPN tunnel is enabled.

Sample ipsec.conf Files are provided for a variety of tunnel configurations and peers. The

strongSwan Wiki also provides a variety of usable examples addition to interoperability recommendations

and sample configurations, in

Depending on the VPN configuration, it may be necessary to enable IP Forwarding or to add static routes; in some cases traffic may not be passed through the tunnel without enabling IP Forwarding or static routes. Refer to the VPN routing table that is displayed with the VPN status.

A watchdog program is automatically run when the VPN tunnel is enabled. This program will detect if the VPN tunnel goes down (for reasons other than the user disabling the tunnel). The watchdog program will:

 Generate a syslog message when the tunnel goes up or down

 If traps are enabled, send a slcEventVPNTunnel SNMP trap when the tunnel goes up or down

 If an email address is configured in the VPN configuration, send an email when the tunnel

goes up or down

 If enabled, automatically restart the VPN tunnel

When using VPN with Network Fail-over, the Local IP Address should not be configured for the VPN tunnel. This will allow strongSwan to automatically determine the IP address on the local

SLC™ 8000 Advanced Console Manager User Guide 86

6: Basic Parameters

(console manager) side of the tunnel based on the network configuration during both fail-over and fail-back.

VPN tunnels over an console manager Ethernet interfaces that is configured with an MTU less than 256 may experience issues (traffic loss, etc).

To set up a VPN connection:

1. Click the Network tab and select the VPN option. The following page displays:

SLC™ 8000 Advanced Console Manager User Guide 87

Figure 6-7 Network > VPN (1 of 2)

6: Basic Parameters

SLC™ 8000 Advanced Console Manager User Guide 88

Figure 6-8 Network > VPN (2 of 2)

6: Basic Parameters

2. Enter the following:

Enable VPN Tunnel Select to create a tunnel. Disabling this option will terminate any currently

running tunnel.

Note: The VPN peer that sends the first packet in tunnel bringup is the

initiator or client; the VPN peer that listens for and responds to the first packet is the responder or server. In general, the responder / server side should be started before the initiator / client side. If it is desired to have the console manager VPN tunnel automatically reconnect when the remote peer disconnects and then reconnects, the console manager side of the tunnel should be started first so that it will act as a responder or server. If the console manager side of the tunnel is started after the remote peer, the console manager will act as a initiator / client, and may not automatically reconnect when the remote peer disconnects and is brought back up.

Name The name assigned to the tunnel. Required to create a tunnel.

Remote Peer The IP address or FQDN of the remote host's public network interface. The

special value of any can be entered to signify an address to be filled in by automatic keying during negotiation. The console manager will act as a responder/server.

Remote Id How the remote host should be identified for authentication. The Id is used

to select the proper credentials for communicating with the remote host.

Remote Hop/Router If the remote host is behind a gateway, this specifies the IP address of the

gateway's public network interface. This option is deprecated and is no

longer supported.

SLC™ 8000 Advanced Console Manager User Guide 89

6: Basic Parameters

Remote Subnet(s) One or more allowed subnets behind the remote host, expressed in CIDR

notation (IP address/mask bits). If multiple subnets are specified, the subnets should be separated by a comma. Up to 10 local subnets supported.

Configured subnets of the peers may differ, the protocol narrows it to the greatest common subnet. In IKEv1, this may lead to problems with other implementations. Make sure to configure identical subnets in such configurations.

If the remote subnet is not defined, it will be assumed that the remote end of the connection goes to the remote peer only.

Remote Source IP The internal source IP to use in a tunnel(Virtual IP). Currently the accepted

values are config, CIDR Notation, IP Address Range or poolname. If the value is config on the responder side, the initiator must propose an address which is then echoed back. The supported address pools are expressed as CIDR notation and IP Address range as - or the use of an external IP address pool using poolname is the name of the IP address pool used for the lookup.

Local IP Address The IP address of the SLC (local) side of the tunnel, specifically the public-

network interface. If no IP address is given, the value %any will be used in ipsec.conf (this is the default), signifying an address to be filled in (by automatic keying) during negotiation. If the SLC initiates the connection setup the routing table will be queried to determine the correct local IP address. In case the SLC is responding to a connection setup then any IP address that is assigned to a local interface will be accepted.

Local Id How the SLC unit should be identified for authentication. The Id is used by

the remote host to select the proper credentials for communicating with the SLC unit.

Local Hop/Router If the SLC unit is behind a gateway, this specifies the IP address of the

gateway's public network interface. This option is deprecated and is no

longer supported.

Local Subnet(s) One or more subnets behind the SLC unit, expressed in CIDR notation (IP

address/mask bits). If multiple subnets are specified, the subnets should be separated by a comma. Up to 10 local subnets supported.

If the local subnet is not defined, it will be assumed that the local end of the connection goes to the console manager only.

Local Source IP The internal source IP to use in a tunnel (Virtual IP). Currently the accepted

values are config4, config6 or Valid IP Address. With config4 and config6 an address of the given address family will be requested explicitly. If an IP address is configured, it will be requested from the responder, which is free to respond with a different address.

SLC™ 8000 Advanced Console Manager User Guide 90

6: Basic Parameters

IKE Negotiation The Internet Key Exchange (IKE) protocol is used to exchange security

options between two hosts who want to communicate via IPSec. The first phase of the protocol authenticates the two hosts to each other and establishes the Internet Security Association Key Management Protocol Security Association (ISAKMP SA). The second phase of the protocol establishes the cryptographic parameters for protecting the data passed through the tunnel, which is the IPSec Security Association (IPSec SA). The IPSec SA can periodically be renegotiated to ensure security.

The IKE protocol can use one of two modes: Main Mode, which provides identity protection and takes longer, or Aggressive Mode, which provides no identity protection but is quicker. With Aggressive Mode, there is no negotiation of which cryptographic parameters will be used; each side must give the correct cryptographic parameters in the initial package of the exchange, otherwise the exchange will fail. If Aggressive Mode is used, the IKE Encryption, IKE Authentication, and IKE DH Group must be specified.

IKE Version IKE Version settings to be used. Currently the accepted values are IKEv1,

IKEv2 and Any. Default is IKEv2. Any uses IKEv2 when initiating but will accept any protocol version while responding.

It is recommended that any IKE Encryption or ESP Encryption parameters that are selected be supported by the IKE Version that is used. Refer to the list of

IKEv1 and IKEv2 cipher suites for more information.

IKE Encryption The type of encryption, 3DES, AES, AES192 or AES256, used for IKE

negotiation. Any can be selected if the two sides can negotiate which type of encryption to use.

Note: If IKE Encryption, Authentication and DH Group are set to Any,

default cipher suite(s) will be used. If the console manager acts as an initiator, the tunnel will use a default IKE cipher of aes128-sha256-ecp256 (for IKEv1). For IKEv2 or when the console manager is the responder in tunnel initiation, it will propose a set of cipher suites and will accept the first supported proposal received from the peer.

IKE Authentication The type of authentication, SHA2_256, SHA2_384, SHA2_512, SHA1, or

MD5, used for IKE negotiation. Any can be selected if the two sides can

negotiate which type of authentication to use.

IKE DH Group The Diffie-Hellman Group, 2 (modp1024), 5 (modp1536), 14 (modp2048),

15 (modp3072), 16 (modp4096), 17 (modp6144), 18 (modp8192) or 19 (ecp256) can be used for IKE negotiation. Any can be selected if the two sides can negotiate which Diffie-Hellman Group to use.

SLC™ 8000 Advanced Console Manager User Guide 91

6: Basic Parameters

ESP Encryption The type of encryption, 3DES , AES, AES192 or AES256, used for

encrypting the data sent through the tunnel. Any can be selected if the two sides can negotiate which type of encryption to use.

Note: If ESP Encryption, Authentication and DH Group are set to Any,

default cipher suite(s) will be used. If the console manager acts as an initiator, the tunnel will use a default ESP cipher of aes128-sha256 (for IKEv1). For IKEv2 or when the console manager is the responder in tunnel initiation, it will propose a set of cipher suites and will accept the first supported proposal received from the peer. The proposal sent from the remote peer and the proposal used by the console manager can be viewed in the VPN logs. If there is no match between the two sets of proposals, the tunnel will fail with the message

no matching proposal found,

sending NO_PROPOSAL_CHOSEN. If a matching proposal is found,

tunnel negotiation will proceed. Below is an example of no matching proposal in the log messages:

charon: 04[CFG] received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/ECP_256/ NO_EXT_SEQ

charon: 04[CFG] configured proposals: ESP:AES_CBC_128/AES_CBC_192/ AES_CBC_256/ HMAC_SHA2_256_128/ HMAC_SHA2_384_192/ HMAC_SHA2_512_256/ HMAC_SHA1_96/AES_XCBC_96/ NO_EXT_SE

charon: 04[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN

ESP Authentication The type of authentication, SHA2_256, SHA2_384, SHA2_512,

SHA2_256_96, SHA1, or MD5, used for authenticating data sent through

the tunnel. Any can be selected if the two sides can negotiate which type of authentication to use.

ESP DH Group The Diffie-Hellman Group, 2 (modp1024), 5 (modp1536), 14 (modp2048),

15 (modp3072), 16 (modp4096), 17 (modp6144), 18 (modp8192) or 19 (ecp256) can be used for the key exchange for data sent through the tunnel. Any can be selected if the two sides can negotiate which Diffie-Hellman Group to use.

Note: PFS is automatically enabled by configuring ESP Encryption to use

a DH Group (ESP Encryption without a DH Group will disable PFS); see Perfect Forward Secrecy below.

SLC™ 8000 Advanced Console Manager User Guide 92

6: Basic Parameters

Authentication The type of authentication used by the host on each side of the VPN tunnel

to verify the identity of the other host.

 For RSA Public Key, each host generates a RSA public-private key pair,

and shares its public key with the remote host. The RSA Public Key for the SLC unit (which has 4096 bits) can be viewed at either the web or CLI.

 For Pre-Shared Key, each host enters the same passphrase to be used

for authentication.

 For X.509 Certificate, each host is configured with a Certificate Authority

certificate along with a X.509 certificate with a corresponding private key, and shares the X.509 certificate with the remote host.

Before using RSA Public Key authentication, select Generate SLC RSA Key to generate the SLC’s RSA public/private key pair. This RSA key can be regenerated at any time.

Note: strongSwan does not support IKEv1 aggressive mode with Pre-

Shared Key authorization without XAUTH enabled. If a tunnel is initiated

RSA Public Key for Remote Peer

with this configuration the log message

disabled for security reasons

will not be initiated. It is possible to override this behavior, but it is not recommended.

If RSA Public Key is selected for authentication, the remote peer's public key can be uploaded or deleted. If a public key has been uploaded this field will display key installed. The peer RSA public key must be in Privacy Enhanced Mail (PEM) format, e.g.:

Aggressive Mode PSK

will be displayed, and a tunnel

-----BEGIN PUBLIC KEY----(certificate in base64 encoding)

-----END PUBLIC KEY-----

Pre-Shared Key If Pre-Shared Key is selected for authentication, enter the key.

Retype Pre-Shared Key If Pre-Shared Key is selected for authentication, re-enter the key.

Certificate Authority for Remote Peer

Certificate File for Remote Peer

A certificate can be uploaded to the SLC unit for peer authentication. The certificate for the remote peer is used to authenticate the SLC to the remote peer, and at a minimum contains the public certificate file of the remote peer. The certificate may also contain a Certificate Authority file; if the Certificate Authority file is omitted, the SLC may display "issuer cacert not found" and "X.509 certificate rejected" messages, but still authenticate. The Certificate Authority file and public certificate File must be in PEM format, e.g.:

-----BEGIN CERTIFICATE----(certificate in base64 encoding)

-----END CERTIFICATE-----

SLC™ 8000 Advanced Console Manager User Guide 93

6: Basic Parameters

Certificate Authority for Local Peer

Certificate File for Local Peer

Key File for Local Peer

A certificate can be uploaded to the SLC unit for peer authentication. The certificate for the local peer is used to authenticate any remote peer to the SLC, and contains a Certificate Authority file, a public certificate file, and a private key file. The public certificate file can be shared with any remote peer for authentication. The Certificate Authority and public certificate file must be in PEM format, e.g.:

-----BEGIN CERTIFICATE----(certificate in base64 encoding)

-----END CERTIFICATE-----

The key file must be in RSA private key file (PKCS#1) format, eg:

-----BEGIN RSA PRIVATE KEY----(private key in base64 encoding)

-----END RSA PRIVATE KEY-----

Perfect Forward Secrecy (PFS)

SA Lifetime How long a particular instance of a connection should last, from successful

When a new IPSec SA is negotiated after the IPSec SA lifetime expires, a new Diffie-Hellman key exchange can be performed to generate a new session key to be used to encrypt the data being sent through the tunnel. If this is enabled, it provides greater security, since the old session keys are destroyed.

This option is deprecated and is no longer supported. With strongSwan, PFS is automatically enabled by configuring ESP Encryption to use a DH Group (ESP Encryption without a DH Group will disable PFS). Using PFS introduces no significant performance overhead, unless rekeying is done more than 80 IPsec SAs per second.

negotiation to expiry, in seconds. Normally, the connection is renegotiated (via the keying channel) before it expires.

The formula for how frequently rekeying (renegotiation) is done is:

rekeytime = lifetime - (margintime + random(0, margintime * rekeyfuzz))

where the default margintime is 9m (or 540 seconds) and the default rekeyfuzz is 100%. For example, if the SA Lifetime is set to 3600 seconds

(1 hour), how often the tunnel is rekeyed is calculated as:

rekeytime minimum = 1h - (9m + 9m) = 42m rekeytime maximum = 1h - (9m + 0m) = 51m

So the rekeying time will vary between 42 minutes and 51 minutes. It is recommended that the SA Lifetime be set greater than 540 seconds;

any values less than 540 seconds may require adjustments to the margintime and rekeyfuzz values (which can be set with a custom ipsec.conf file). Some peer devices (Cisco, etc) may require that the SA Lifetime be set to a minimum of 3600 seconds in order for the VPN tunnel to come up and rekeying to function properly.

For more information see the

Mode Configuration Client If this is enabled, the SLC unit can receive network configuration from the

remote host. This allows the remote host to assign an IP address/netmask to the SLC side of the VPN tunnel. This option is deprecated and is no

longer supported.

strongSwan Expiry documentation.

SLC™ 8000 Advanced Console Manager User Guide 94

6: Basic Parameters

XAUTH Client If this is enabled, the SLC unit will send authentication credentials to the

remote host if they are requested. XAUTH, or Extended Authentication, can be used as an additional security measure on top of the Pre-Shared Key or RSA Public Key. This is typically used with Cisco peers, where the Cisco peer is acting as an XAUTH server.

XAUTH Login (Client) If XAUTH Client is enabled, this is the login used for authentication.

XAUTH Password/Retype Password

Remote Peer Type Defines the type of the remote peer, either IETF (non-Cisco) or Cisco.

Cisco Unity If enabled, sends the Cisco Unity vendor ID payload (IKEv1 only), indicating

Mode Config In remote access scenarios, it is highly desirable to be able to push

Force Encapsulation In some cases, for example when ESP packets are filtered or when a

Dead Peer Detection Sets the delay (in seconds) between Dead Peer Detection (RFC 3706)

Dead Peer Detection Timeout

Dead Peer Detection Action When a Dead Peer Detection enabled peer is declared dead, the action that

If XAUTH Client is enabled, this is the password used for authentication.

When set to Cisco, support for Cisco IPsec gateway redirection and Cisco obtained DNS and domainname are enabled. This option is deprecated

and is no longer supported.

that the SLC is acting as a Cisco Unity compliant peer. This indicates to the remote peer that Mode Config is supported (an IKE configuration method that is widely adopted, documented

configuration information such as the private IP address, a DNS server's IP address, and so forth, to the client. This option defines which mode is used: pull where the config is pulled from the peer (the default), or push where the config is pushed to the peer. Push mode is not supported with IKEv2.

broken IPsec peer does not properly recognise NAT, it can be useful to force RFC-3948 encapsulation.

keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for the tunnel (default 30 seconds). Dead Peer Detection can also be disabled.

Sets the length of time (in seconds) the SLC will idle without hearing either an R_U_THERE poll from the peer, or an R_U_THERE_ACK reply. The default is 120 seconds. After this period has elapsed with no response and no traffic, the SLC will declare the peer dead, remove the Security Association (SA), and perform the action defined by Dead Peer Detection Action.

should be taken. Hold (the default) means the tunnel will be put into a hold status. Clear means the Security Association (SA) will be cleared. Restart means the SA will immediately be renegotiated.

here).

SLC™ 8000 Advanced Console Manager User Guide 95

6: Basic Parameters

Custom ipsec.conf Configuration

A custom ipsec.conf file can be uploaded to the SLC. This file can include any of the strongSwan options which are not configurable from the UIs. The ipsec.conf file should include one defines the tunnel parameters. An ipsec.conf file containing more than one

conn <Tunnel Name> section which

conn section will be rejected for upload.

When a custom ipsec.conf file has been uploaded to the console manager, any VPN options configured via the UIs (with the exception of authentication tokens, see below) are ignored, and the UIs will not display the options given in the custom ipsec.conf file.

A description of the format of the ipsec.conf file as well as all strongSwan options is available all options listed in the strongSwan ipsec.conf documentation will be supported by the SLC.

Any authentication tokens (pre-shared keys, RSA keys, X.509 certificates) required by the custom ipsec.conf must be configured through the SLC UIs, and must be configured or installed before a tunnel is brought up with an uploaded ipsec.conf file. When a tunnel is started with a custom ipsec.conf file, the authentication tokens required for the verified to exist before the tunnel is started. For example, if

here. The SLC uses strongSwan version 5.6.3, so not

authby parameter are

authby=rsasig, the SLC will verify that the SLC RSA public/private

key has been generated and that the peer RSA public key has been uploaded.

To upload a custom ipsec.conf file, select the Upload File link next to the Uploaded Configuration field.

To delete an uploaded custom ipsec.conf file, select the Delete Configuration File checkbox next to the Uploaded Configuration field.

To view an uploaded custom ipsec.conf file, select the View Configuration link next to the Uploaded Configuration field. If a file has been uploaded it will be displayed; otherwise the auto-generated file will be displayed if it exists. The file is auto-generated when a tunnel is enabled (if a custom file has not been uploaded).

To download the current in-use ipsec.conf file (either the ipsec.conf file automatically generated by the SLC or an uploaded custom ipsec.conf file), select the Download Configuration button. Downloading the ipsec.conf file automatically generated by the SLC is a good starting point for adding extra VPN options; the tunnel must be enabled in order for the SLC to autogenerate an ipsec.conf file that can be downloaded.

Tunnel Restart If enabled, the watchdog program will automatically restart the VPN tunnel

when the tunnel goes down.

Email Address Email address to receive email alerts when the tunnel goes up or down.

3. To save, click Apply button.

More Actions on the VPN page:

 To see details of the VPN tunnel connection, including the cryptographic algorithms used,

select the View Detailed Status link.

 To see the last 200 lines of the logs associated with the VPN tunnel, select the View VPN

Logs link.

 To see the RSA public key for the SLC unit (required for configuring the remote host if RSA

Public Keys are being used), and the RSA public key for the remote peer, select the View console manager and Remote Peer RSA Public Key link.

 To see the X.509 Certificates for the local peer and the remote peer, select the View X.509

Certificates link.

SLC™ 8000 Advanced Console Manager User Guide 96

6: Basic Parameters

Sample ipsec.conf Files

Sample ipsec.conf files are provided for a variety of tunnel setups and peers. In all examples, any left options are for the console manager/local side of the tunnel, and any right options are for the remote side of the tunnel.

 Cisco Pre-Shared Key / XAUTH / MODECFG / IKEv1

 Cisco ASA5525x Pre-Shared Key / IKEv1

 Cisco ASA5525x Pre-Shared Key / IKEv2

 Cisco ISR 2921 Pre-Shared Key / XAUTH / IKEv2

Cisco Pre-Shared Key / XAUTH / MODECFG / IKEv1

This configuration is an example of a remote access connection to a Cisco VPN server / responder that uses XAUTH and MODECFG servers to a VPN client. The use of aggressive mode requires that ike and esp algorithms be specified and exactly match what the Cisco server is expecting.

to authenticate and push dynamic IP addresses and DNS

Console manager configuration

The pre-shared key and the XAUTH password need to be configured via the console manager UI.

conn Cisco keyexchange=ikev1 ike=3des-md5-modp1024! esp=3des-md5-modp1024! aggressive=yes lifetime=28800s forceencaps=no authby=xauthpsk left=10.0.1.55 leftsourceip=%config4 leftid=@vpnid xauth=client xauth_identity=username modeconfig=pull right=220.41.123.45 rightsubnet=0.0.0.0/0 dpddelay=30 dpdtimeout=120 dpdaction=hold auto=start type=tunnel

SLC™ 8000 Advanced Console Manager User Guide 97

6: Basic Parameters

Cisco ASA5525x Pre-Shared Key / IKEv1

This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server / responder.

Console manager configuration

The pre-shared key needs to be configured via the console manager UI.

conn ASA5525 keyexchange=ikev1 ike=aes-sha1-modp1536! esp=aes-sha1-modp1536! aggressive=yes lifetime=86400s forceencaps=no authby=secret left=%any leftsubnet=192.168.0.0/24 modeconfig=pull right=192.168.1.130 rightsubnet=192.168.3.0/24 dpddelay=10 dpdtimeout=5 dpdaction=restart auto=start type=tunnel

Cisco configuration

Note: Main or aggressive mode is determined by the SLC side of the tunnel, and does

not require any change in the Cisco configuration:

interface GigabitEthernet0/0 nameif outside security-level 0 ip address 192.168.1.130 255.255.255.0

interface GigabitEthernet0/3 nameif inside security-level 100 ip address 192.168.3.130 255.255.255.0

object-group network local-network network-object 192.168.3.0 255.255.255.0 object-group network remote-network network-object 192.168.0.0 255.255.255.0

access-list asa-router-vpn extended permit ip object-group local-network object-group remote-network

route outside 192.168.0.0 255.255.255.0 192.168.1.204 1 route inside 192.168.3.250 255.255.255.255 192.168.3.250 1

crypto ipsec ikev1 transform-set ipsecvpn esp-aes esp-sha-hmac

SLC™ 8000 Advanced Console Manager User Guide 98

crypto ipsec security-association pmtu-aging infinite

crypto map site2site 10 match address asa-router-vpn set pfs group5 set peer 192.168.1.204 set ikev1 transform-set ipsecvpn crypto map site2site interface outside

crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes hash sha group 5 lifetime 86400

tunnel-group 192.168.1.204 type ipsec-l2l tunnel-group 192.168.1.204 ipsec-attributes ikev1 pre-shared-key *****

Cisco ASA5525x Pre-Shared Key / IKEv2

6: Basic Parameters

This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server / responder. The aggressive setting can be either yes configuration.

Console manager configuration

The pre-shared key needs to be configured via the console manager UI.

conn ASA5525 keyexchange=ikev2 ike=3des-sha2_256-modp1536! esp=3des-sha2_256-modp1536! aggressive=no lifetime=86400s forceencaps=no authby=secret left=%any leftsubnet=192.168.0.0/24 modeconfig=pull right=192.168.1.130 rightsubnet=192.168.3.0/24 dpddelay=0 dpdtimeout=5 dpdaction=restart auto=start type=tunnel

or no; the Cisco ASA will honor the peer

SLC™ 8000 Advanced Console Manager User Guide 99

6: Basic Parameters

Cisco configuration

interface GigabitEthernet0/0 nameif outside security-level 0 ip address 192.168.1.130 255.255.255.0

interface GigabitEthernet0/3 nameif inside security-level 100 ip address 192.168.3.130 255.255.255.0

object-group network local-network network-object 192.168.3.0 255.255.255.0 network-object 192.168.3.250 255.255.255.255 object-group network remote-network network-object 192.168.0.0 255.255.255.0 network-object 192.168.0.222 255.255.255.255

access-list asa-router-vpn extended permit ip object-group local-network object-group remote-network access-list ASA-SLC-ACCESS extended permit ip object-group local-network object-group remote-network

route outside 192.168.0.0 255.255.255.0 192.168.1.204 1 route inside 192.168.3.250 255.255.255.255 192.168.3.250 1

crypto ipsec ikev2 ipsec-proposal IPSECv2 protocol esp encryption 3des protocol esp integrity sha-256 crypto ipsec security-association pmtu-aging infinite

crypto map CM 20 match address ASA-SLC-ACCESS set pfs group5 set peer 192.168.1.204 set ikev2 ipsec-proposal IPSECv2 crypto map CM interface outside

crypto ikev2 policy 20 encryption 3des integrity sha256 group 5 prf sha256 lifetime seconds 86400 crypto ikev2 enable outside

tunnel-group 192.168.1.204 type ipsec-l2l tunnel-group 192.168.1.204 ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key *****

SLC™ 8000 Advanced Console Manager User Guide 100

Lantronix SLC 8000, SLC 8048, SLC 8016 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Intellectual Property

Warranty

Contacts

GNU General Public License Notice

Disclaimer & Revisions

Revision History

Table of Contents

List of Figures

List of Tables

1: About this Guide

Purpose and Audience

Summary of Chapters

Additional Documentation

2: Introduction

Features

Console Management

Power

Integration with Other Secure Lantronix Products

Hardware

System Features

Protocols Supported

Access Control

Device Port Buffer

Configuration Options

Device Port and Console Port Interfaces

Network Connections

Front Panel USB Ports

Memory Card Port

Internal Modem

3: Installation

What's in the Box

Customize an SLC 8000

Product Label

Technical Specifications

Physical Installation

Connecting to a Device Port

Modular Expansion for I/O Module Bays

Connecting to Network Ports

Connecting Terminals

AC Input

Modem Installation

Battery Replacement

4: Quick Setup

Recommendations

Method #1 Using the Front Panel Display

Front Panel LCD Display and Keypads

Navigating

Entering the Settings

Restoring Factory Defaults

Limiting Sysadmin User Access

Method #2 Quick Setup on the Web Page

Network Settings

Date & Time Settings

Administrator Settings

Method #3 Quick Setup on the Command Line Interface

Next Step

5: Web and Command Line Interfaces

Web Manager

Logging in

Logging Out

Web Page Help

Command Line Interface

Logging In

Logging Out

Command Syntax

Command Line Help

Tips

6: Basic Parameters

Requirements

Network Port Settings

Ethernet Interfaces (Eth1 and Eth2)

Hostname & Name Servers

DNS Servers

DHCP-Acquired DNS Servers

TCP Keepalive Parameters

Gateway