3.2.3.1 SCS-R and Sentinel 32 Dual NIC Interface 20
3.2.4 Connect your Console 21
3.2.4.1 SCS-R and Sentinel 32 Dual Console Interface 21
3.2.5 Connect to the Ports 21
3.2.5.1 Automated Port Configuration Tests 22
3.2.5.2 Port Adapters 22
3.2.5.3 Serial Port Pin-out 22
3.3 SCS-R and Sentinel Power Modules 23
3.3.1 Power Module Replacement 23
Page 3
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.4 SCS-R and Sentinel -48VDC Power Modules 24
3.4.1 Wiring the -48VDC Connector 25
3.4.2-48VDC Power Module Replacement 26
4. Initial Configuration 27
4.1 Default Configuration 27
4.2 Initial System Security Concerns 27
4.3 Front Panel Network Setup 27
4.3.1 Front Panel Edit Mode 27
4.3.1.1 Start Front Panel Edit Mode 28
4.3.1.2 Program Network 28
4.4 Initial Connection via Network 33
4.4.1 Network Connection Requirements 33
4.4.2 Route via Linux Workstation 33
4.4.3 Route via Windows Workstation 33
4.5 Initial Connection via Console port 35
4.6 How to Access the LSI SCS Web Setup Interface 35
5. System Overview 35
5.1 SCS Systems are Linux-based 35
5.1.1 Linux General Public License 35
5.1.2 SCS System Architecture 35
5.2 Initial System Administrator (sysadmin) Access 36
5.2.1 Enter Commands 36
5.2.2 Log Out 36
5.3 Default Services 36
5.3.1 Configure the Services 36
6. Commands 38
6.1 System Commands 38
6.1.1 save 38
6.1.2 reboot 38
6.1.3 power off 39
6.1.4 Other Linux Commands 39
6.2 Change Logging Level 41
7. System Administration 41
7.1 Security 41
7.2 Change Network Address 41
7.2.1 Run netconfig 41
7.2.1.1 Save your netconfig changes 42
7.2.2 More Than One Nameserver 43
7.3 Change Hostname 43
7.4 Time Configuration 43
7.5 Change NIC Speed 43
7.6 Configure Authentications 44
7.7 Front Panel Display Options 44
7.7.1 Display Mode Parameters 45
7.7.1.1 Edit 45
7.7.1.2 View 45
7.7.1.3 LINE_1= 45
7.7.1.4 LINE_2= 45
7.7.1.5 Display OFF 46
Page 4
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.8 Network Time Service 46
7.8.1 Configure NTP 46
7.8.2 Start the NTP Service 46
7.9 NIS and User Port Permissions 46
7.9.1 User Port Control 47
7.9.2 NIS Port Access 47
7.9.3 User Names and Groups 48
7.9.4 NIS Database file 48
7.9.5 NIS Make file 48
7.9.6 NIS Configuration File 49
7.10 NFS 49
7.10.1 Remote NFS Directory 49
7.11 SNMP 50
7.11.1Start SNMP 50
7.12 syslog 50
7.13 Timeouts 52
7.14 Changing Serial Port Settings 50
7.14.1 Disable Buffering while in Interactive 50
8. Administering Users 51
8.1 User Setup 51
8.1.1 adduser 51
8.1.2 edituser 52
8.1.3 deluser 52
8.1.4 Other Editing Commands 52
8.1.4.1 editbrk <name> 52
8.1.4.2 editesc <name> 52
9. User Operations 52
9.1 User Accounts 52
9.1.1 SCS users 52
9.1.2 root user 52
9.2 Port Identities 53
9.3 What Users Can Do 53
9.3.1 Access via Network 53
9.3.1.1 Secure Shell Host (ssh) to a Port 53
9.3.2 Access via console port 53
9.3.3 Interactive Mode 53
9.3.3.1 Break Sequence 53
9.3.3.2 Escape Sequence 54
9.4 Monitor Mode 54
9.5 Browse the buffers 54
9.6 Clear the Port buffers 54
10. Regulatory & Safety 55
10.1 Safety Requirements 55
10.1.1 Symbols found on the Product 55
10.2 Regulatory Compliance 55
10.2.1 North America 55
10.2.2 European Union 55
10.2.2.1 Declaration of Conformity 55
10.2.2.2 Standards to Which Our Products Comply 55
Page 5
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
10.2.2.3 Supplemental Information 56
10.3 Product Serial Number 56
10.4 Lithium Battery 57
10.5 SCS-R Models and Sentinel 32 Power Modules 57
11. How to Contact Us 57
11.1 Customer Support 57
11.1.1 Website 57
11.1.2 E-mail 58
11.1.3 Telephone 58
11.1.4 Fax 58
11.2 Product Support 58
11.2.1 Limited Warranty Information 58
APPENDICES
A File System 60
B FAQ 61
C Sentinel 32 Modem Commands 62
D DC Power 83
E Assigning IP Addresses to a Device Port 85
F Adapter Pin-outs 85
G Quick Start Guide 90
Page 6
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
PREFACE
NOTES and WARNINGS
Throughout this manual you will notice certain highlighted conventions that bring your attention to
important information. These are Notes and Warnings. Be sure to read each highlighted note and
warning before proceeding. Examples are shown below.
!
Important Notes appear in blue text preceded by a yellow exclamation point symbol,
as shown here.
A note is meant to call the reader’s attention to helpful information at a point in the text that is
relevant to the subject being discussed.
Warnings! appear in red text preceded by a red stop sign, as shown here.
A warning is meant to call the reader’s attention to critical information at a point in the text that is
relevant to the subject being discussed.
1. Introduction
This document pertains to the Secure Console Server (SCS) line of products
developed and built by Thinklogical®, Inc. of Milford, Connecticut, USA and covers
the installation, configuration and operation of all SCS models. This document also
covers User and Administrator Operations, Regulatory & Safety Requirements and
Customer Support information.
1.1 SCS Models Covered in this Manual
All Thinklogical® Secure Console Server (SCS) models covered in this manual are similar
in physical appearance, setup and functionality. Each available model is featured on the
following pages.
Page 7
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
•
•
SCS80 - 8-Port 1U Secure Console Server
•
SCS160 - 16-Port 1U Secure Console Server
SCS320 - 32-Port 1U Secure Console Server
•
SCS480 - 48-Port 1U Secure Console Server
The SCS80R, SCS160R, SCS320R and SCS480R models are designed with dual hotswappable Power Modules which operate redundantly and two network ports and console
port connections. The ‘R’ models are otherwise similar to the SCS80, SCS160 and SCS320.
•SCS80R - 8-Port 1U Redundant Power
Secure Console Server
•SCS1 60R - 16-Port 1U Redundant Power
Secure Console Server
Page 8
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
•
SCS320R - 32-Port 1U Redundant Power
Secure Console Server
•
SCS480R - 48-Port 1U Redundant Power
Secure Console Server
The Sentinel 32 model is designed with dual hot-swappable redundant Power Modules.
In addition, the Sentinel 32 offers field replaceable, modular eight-port circuit cards,
modular network and console port connections, and an analog modem option.
•
Sentinel 32 - 32-Port 1U Modular, Redundant Power
Secure Console Server
International Models
The following SCS models are available for International customers and are shipped
with regionally appropriate power cord sets. Otherwise, each international model is
similar to the domestic SCS80 / SCS160 / SCS320 / SCS480 / SCS80R / SCS160R / SCS320R / SCS480R and Sentinel 32 models.
• SCS801 - 8-Port 1 U Secure Console Server, International
• SCS1601 - 16-Port 1U Secure Console Server, International
• SCS3201 - 32-Port 1 U Secure Console Server, International
• SCS4801 - 48-Port 1 U Secure Console Server, International
• SCS801R - 8-Port 1 U Redundant Power Secure Console Server, International
• SCS1601R - 16-Port 1 U Redundant Power Secure Console Server, International
• SCS3201R - 32-Port 1 U Redundant Power Secure Console Server, International
• SCS4801R - 48-Port 1 U Redundant Power Secure Console Server, International
• Sovereign 32 - 32-Port 1 U Modular, Redundant Power Secure Console Server,
International
Page 9
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
1.2 System Features
Each SCS system includes the following features:
• Linux operating system and command set
• Connections for up to 16, 32 or 48 EIA-232 serial console ports
• 10 baseT/100 baseTX network compatibility
• Pre-configured from the factory: User ready, right from the box
• Open secure shell host (ssh)
• NFS and NIS support
• ssh to a Serial Port support
• Break Safe - No undesired “break” signals are sent to connected servers.
The SCS-R models also offer the following additional features:
• Dual Hot-Swappable, Redundant Power Modules
• Dual 10 baseT/100 baseTX Network Port interfaces
• Dual console port interfaces (one DTE, one DCE)
• Power Monitoring with Module outage notification
The Sentinel 32 and Sovereign 32 include the all features of the SCS-R models plus:
• Hot-swappable, modular console/network and serial port circuit cards
• Optional analog modem in place of the second console port.
1.3 Software Features
All SCS Models are designed with network administrators in mind. No special administration
tools, training or procedures required. You know Linux, we run Linux.
• Open-source Linux Operating System (Red Hat compatible).
• Proprietary SCS features command-line options that follow the standard Linux / UNIX
command formats for ease of administration.
• Factory pre-configured to be operational out-of-the-box.
The SCS line allows up to 250 simultaneous user sessions to access up to 48 serial ports. The
attached components may be any variety of network center servers, workstations or other
devices with a serial port that must be monitored.
1.4 Hardware Features
SCS systems mount in industry-standard 19” equipment racks or can be placed on a shelf
or table top. Each SCS operates independently and is accessible using a secure network
connection or a local serial terminal (setup by your System Administrator or
“sysadmin”).
• 16, 32 or 48 serial ports (CAT5 cables with RJ45 connectors)
• Front panel LCD with push buttons for network setup
• 10/100 BaseT Network Port
• Console port (CAT5 cables with RJ45 connectors)
• Universal AC power input (100-240V, 50/60 Hz)
• Convection cooling
• 256KB-per-port Buffer for Port data
Page 10
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The SCS can help troubleshoot your networking environment. The SCS is a
"listening" system that monitors messages (ASCII data, server error information, etc.)
from the serial ports of the device to which each Port is connected. The SCS captures
the data by writing it to a port buffer that can hold 256K bytes of data per port. This
buffered data gives the sysadmin a history of console port messages that can be
reviewed for troubleshooting a connected device. Having access to the console port
messages can make problems easier to identify, minimizing downtime. In most cases
the sysadmin can save the buffered data from each port buffer to another server
(e.g., via NFS) in your network. This is important to note because the Port data
(buffered) is stored in RAM and will be lost if the SCS is powered down.
!
NOTE: Console port messages are stored in RAM and will be lost when the
SCS is powered down.
1.4.1 SCS80R, SCS160R and SCS320R Hardware
The SCS80R, SCS160R, and SCS320R models offer hardware redundancy for power,
network and console ports. Features include dual NIC inputs, dual console port inputs
and hot-swappable Power Modules with discrete inputs. This allows the customer to use
redundant power sources with the SCS system and, if necessary, can be field-replaced.
Power supply status alerts the system administrator in the event of a power failure from
one of the power supplies.
1.4.2 SCS480R Hardware
The SCS480R offers redundant, hot-swappable, front-panel-accessible power supplies,
dual NIC interfaces, dual console ports and 48 serial ports.
1.4.3 Sentinel 32 Hardware
The Sentinel 32 offers redundant power supplies as described in Section 1.4.1. The dual
network and console ports are also field replaceable. A dual network/console/modem module is available which replaces the second console port with an analog modem. In
addition, the Sentinel uses hot-swappable circuit modules that allow for field
replacement of groups of eight serial ports without affecting the other ports.
Sentinel 32 modules:
Console/Network Module Console/Network/Modem Module 8 Port Interface Module
Page 11
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
1.5 Technical Specifications
Each Thinklogical® SCS system is designed to the following specifications:
Linux command-line access via ssh or local console port.
User Interface
Serial Interface
(Ports)
Serial Interface
(Console)
Backlit 2-line front-panel LCD display showing network
configuration. Five front-panel push buttons with UI for network
A V.92 analog modem is available as an option with the Sentinel 32 for
those users who require a connection over a telephone network
AMD SC520 CPU, operating at 133MHz.
256MB Compact Flash (CF) memory (nonvolatile). 128MB RAM for real time use.
Universal AC Power Input, 100-240VAC, 50/60 Hz, 0.5A each input
IEC-type regional cord set(s) included. “R” Models are also
available with a -48VDC Power Supply option.
1U: 1.75” H x 17.25” W x 14.75” D (4.5cm x 43.8cm x 37.5cm)
4.5 kg (10 lbs)
Operating: 0° to 50°C (32° to 122°F), 30-90% RH, non-condensi ng
Storage: -20° to 70°C (-4° to 158°F), 10-90% RH, non-conden sing
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
1.6 Documentation
The SCS comes with the standard Linux manual pages (hereafter referred to as “man
pages”) installed; English is the default language, but several other language versions
(including German, French & Italian) are also available.
While this manual gives a brief description of some LSI programs, the SCS contains the
latest man pages for the LSI programs, scripts and configuration files. If the man page
conflicts with this manual, the man page should be followed. Therefore, the SCS is the
primary source for software documentation, not the manual. We make every effort to
keep the manual current, but if you find a discrepancy, please let us know.
If ‘standard’ Linux programs (sty is one) are modified by LSI, the corresponding man pages
will reflect the changes.
Selected Linux HOWTOs and READMEs can be found at /usr/local/doc. More
documentation can be found at www.tldp.org.
2. Product Overview
Optimize your System Administration and Network Resources
2.1 Intended Application
Thinklogical® Secure Console Servers are used to securely monitor and centrally
manage up to 48 of your networking systems (servers, routers, switches, etc.). They
do so by monitoring the console port of your network center’s devices and systems.
Each attached component must have an EIA-232 compatible serial port. The SCS80 and
SCS80R support 8 ports, SCS160 and SCS160R support 16 ports, SCS320, SCS320R,
and Sentinel 32 support 32 ports and the SCS480 and SCS480R support 48 ports.
Security is maintained through encryption and user passwords.
The SCS80R, SCS160R, SCS320R, SCS480R, and Sentinel 32 systems are used
where redundant power concerns exist, where hot-swap replacement of Power Modules is
a concern or where more than one network connection or console port connection is
required.
User accounts are set up by the root user, or sysadmin of the SCS. A user can access
the attached servers using commands from a local terminal or through an ssh-protocol
(secure) network connection. In order to interact with a device the user must have read, review or write access to that port.
Users can interact with each of the attached devices by logging into the SCS and entering
the connect command and the Port number or Port name at the command prompt. The
SCS acts as a conduit for the connection but does not interfere. When the user is not
interacting with a network system, the SCS can log the output of the console port to a
file so that data may be reviewed later.
User commands are discussed in Section 9, User Operations, beginning on page 52.
Page 13
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
2.2 System Chassis
Each SCS is housed in a rack-mountable metal chassis. Vents are found on both sides of
the chassis. Removable 3-position rack mount brackets are provided. The front panel of
the SCS features a two-line, backlit LCD display with five user buttons.
2.2.1. SCS80 / SCS160 / SCS320 / SCS480
Each SCS chassis has rear-panel connections for 8, 16, 32 or 48 serial ports, one
console port, one network port and power input. The SCS has a built-in universal power
supply, a rear-panel power switch and protective fuse.
2.2.2 SCS80R / SCS160R / SCS320R / SCS480R
Each SCS-R chassis has rear-panel connections for 8, 16, 32, or 48 serial ports, two
console ports and two network ports. The SCS-R has two hot-swappable Universal
Power Modules, each with its own power switch and protective fuse (located on the rear
of the chassis of the SCS80R, SCS160R and SCS320R; located on the front of the
chassis of the SCS480R). Each Power Module is secured with a captive mounting screw.
2.2.3 Sentinel 32
Each Sentinel 32 chassis has rear panel connections for 32 serial ports, two console
ports, two network ports and two hot-swappable Universal Power Modules, each with its own
power switch and protective fuse. The serial ports are arranged in four modules of eight
ports each for easy field replacement. The two console and two network ports are in a
single module. A module with two network ports, one console port and a V.92 modem
port is available as an option. All the modules are hot-swappable.
2.3 Connecting to the SCS
All physical connections to the product are made on the rear panel using industrystandard cabling and connectors (purchased separately). All serial connections and
network connections use conventional Category 5 cabling with RJ45 jacks. Power is
connected using the cord set provided with each SCS system.
Page 14
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Rear View of SCS320 Chassis
Standard SCS models are similar in size and layout, offering a different number of port
connectors. The SCS-R models and Sentinel 32 also have dual NIC, dual console ports
and dual power inputs. The rack-mount brackets extending from both sides of each
model, may be removed for desktop or shelf mounting (see page 17).
Rear View of Sentinel 32 Chassis
!
Note: Due to the modular design, the Sentinel 32 Serial Port connections on
the rear of the chassis are numbered differently from the other SCS models.
2.3.1 Serial Devices
All network components attach to both the Console Ports and must be compatible with
the EIA-232 standard. CAT5 cabling with RJ45 connectors are used for the Port
connections and for the console port. System ports (numbered from 1 to up to 48) are
default-configured as DCE data ports and support a range of baud rates from 300-
115.2K. All Port parameters, including DTE or DCE type and other data parameters,
are configurable on a per-port basis.
Each port may also be assigned a unique name: default port names are port1, port2, etc.
2.3.1.1 Break Safe
Thinklogical® SCS systems are “break-safe,” meaning they will not send a “break” command
or other data on the serial ports connected to your servers unless initiated by a user. An
unwanted “break” signal could cause problems with your servers.
2.3.2 IP Network
The SCS network interface is an auto-sensing 10 BaseT/1 00 BaseTX network connector
(equipped with an RJ45 jack with dual LEDs) for use with a conventional TCP/IP
network using standard RJ45 CAT5 cables. A default IP address is coded into the
system (10.9.8.7), but the network settings should be configured by your system
administrator for your site’s requirements and equipment. SCS products are
preconfigured for ssh (secure shell host) access.
Page 15
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
!
Note: The SCS-R and Sentinel 32 models offer two independent network
interface ports. Only the first port (NETWORK 1) is enabled by default.
2.3.3 AC Power
2.3.3.1 SCS80 / SCS160 / SCS320 / SCS480
A single IEC-type Power Entry Module is located on the rear of the chassis. The power
entry module incorporates a replaceable protective fuse (2A) and an On/Off switch. An
IEC cord set is provided with each SCS chassis. Connect the cord set to a local AC
power source. Turn the power switch on.
2.3.3.2 SCS80R / SCS160R / SCS320R / Sentinel 32
Two removable AC Power Modules, identified as Left and Right are found on the rear
of the chassis. Either AC module can fully support the system and, with both turned
on, operate redundantly. The SCS-R and Sentinel 32 systems have an AC power
monitoring capability to alert the system administrator in the event of an AC power
outage.
Each AC Module has an IEC-type power entry module. The power entry module features a
replaceable, protective fuse (2A) and an On/Off switch. Two IEC cord-sets are provided
with each SCS-R and Sentinel 32 chassis. Connect both cord sets to a standard AC
power source. Turn both power switches ON ( l ).
Warning! Turn the module POWER OFF and remove its power cord BEFORE
removing a power module. A hazardous voltage condition might otherwise exist.
2.3.3.3 SCS480R
Two removable AC Power Modules, identified as Left and Right are found on the front of
the chassis. Either AC module can fully support the system and if both are turned on,
will operate redundantly. The SCS-R and Sentinel 32 systems have an AC power
monitoring capability to alert the system administrator in the event of an AC power
outage. A 250VAC 2A fuse is provided on each SCS480R Power Module and can be
replaced when the module is removed from the unit.
2.3.4 DC Power
The Sentinel and SCS-Rs can be equipped with optional removable -48 VDC Power
Modules in place of the AC Power Modules described in paragraph 2.3.3. Either
module will fully power the system and will operate redundantly if power is applied to
both. The power monitoring circuitry of the SCS-R and Sentinel alert the system
administrator in the event of power loss to either module.
2.4 User Access Control
Access to a Port is controlled on a per-user basis via a user profile which is stored as a file
on the local SCS. This profile is created by the root user using the command ‘adduser’. See
Section 8.1.1, adduser, on page 51. NIS support is also available.
Page 16
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
2.4.1 User Sessions
Each SCS supports up to 250 simultaneous user sessions.
2.5 Port Buffers
Thinklogical® Secure Console Servers provide real-time serial port data buffering. Each
port buffer stores up to 256KB of data held in a separate RAM file for each attached device.
The data may be viewed when no users are interacting with the attached port. Port buffers
are enabled by default.
2.5.1 How to Disable Buffering
Buffering is always ON when no one is connected in Interactive mode. Buffering may be
disabled during an interactive session to ensure privacy after the session ends. (See the man
page for stty --buffer option.)
3. Installation
3.1 Mounting the SCS
You may choose to rack mount your SCS unit or place it on a desktop. The front panel
display should be visible and front panel buttons accessible. All connections are made to the
rear of the chassis.
3.1.1 Rack Mount or Desktop
SCS products may be installed either in an EIA-standard 19-inch rack (1U tall) or on a shelf
or desktop. For desktop use, rubber feet are provided and the rack mount brackets may be
removed. The SCS chassis does not need to be opened or accessed and the sturdy metal
case allows units to be stacked as required.
Each rack mount bracket is held on by 4 screws. The brackets may be positioned so that the
unit sits forward, flush or recessed in your rack. If the brackets are removed or repositioned, it
is not necessary to re-install the extra rack-mount screws.
Page 17
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.1.2 Front Panel Display and Buttons
The front-panel LCD display should be visible and accessible during system setup. It
typically displays the current network settings and the date/time. The front panel buttons
are only used during setup or to review existing SCS settings.
The LCD display can be customized by the root user. See Section 7.7, Front Panel Display Options, on page 44 for more information.
3.1.3 Convection Cooled
The SCS does not require special cooling or ventilation other than what is normally
provided in a standard equipment rack. No fan means that it does not add to the
ambient noise in your equipment room. Be sure not to block the air vents on the sides
of the unit and leave at least 2” of space on both sides. If mounted in an enclosed
rack, it is recommended that the rack have a ventilation fan to provide adequate
airflow through the unit(s).
!
Note: Be sure to leave a minimum of 2” of space for ventilation on both sides
of the SCS chassis, especially if units are being stacked.
3.2 Connections
All connections are found on the rear panel of the SCS chassis.
Each port is clearly labeled as shown on the backpanel diagrams on page 19:
Page 18
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
SCS320 Secure Console Server
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 89 10 11 12 13 14 15 16
PORTS
SCS320R Secure Console Server
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 89 1 0 11 12 13 14 15 16
PORTS
SCS320M Secure Console Server
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 89 10 11 12 13 14 15 16
PORTS
SCS320RM Secure Console Server
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 89 10 11 12 13 14 15 16
PORTS
SCS480 Secure Console Server
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
NETWORK
CONSOLE
CAUTION! Replace with same
NETWORK
2
MODEM
NETWORK
2
MODEM
type and
rating fuse.
CAUTION! Replace with same
type and
rating fuse.
www.thinklogical.com
1 NETWORK 2
1 CONSOLE 2
NETWORK
1
CONSOLE
NETWORK
1
CONSOLE
41 42 43 44 45 46 47 48
www.thinklogical.com
www.thinklogical.com
CAUTION!
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
CAUTION! Replace with same
0.5A, 50/60 Hz
type and
T2A, 250 VAC
rating fuse.
CAUTION! Replace with same type and rating fuse.
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
CAUTION! Replace with same
0.5A, 50/60 Hz
type and
T2A, 250 VAC
rating fuse.
CAUTION! Replace with same type and rating fuse.
NETWORK
Replace with same type and rating fuse.
100-240V -,
0.5A, 50/60 Hz
T2A, 250 VAC
100-240V -,
0.5A, 50/60 Hz
T2A, 250 VAC
1 2 3 4 5 6 7 89 1 0 11 12 13 14 15 16
PORTS
SCS480R Secure Console Server (ON/OFF Switch located on front panel)
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
1 2 3 4 5 6 7 89 1 0 11 12 13 14 15 16
PORTS
SCS80 Secure Console Server
1 2 3 4 5 6 7 8
PORTS
SCS80R Secure Console Server
1 2 3 4 5 6 7 8
PORTS
SCS160 Secure Console Server
1 2 3 4 5 6 7 89 10 11 12 13 14 15 16
PORTS
SCS160R Secure Console Server
1 2 3 4 5 6 7 89 10 11 12 13 14 15 16
PORTS
17 18 19 20 21 22 23 24
41 42 43 44 45 46 47 48
17 18 19 20 21 22 23 24
NETWORK
CONSOLE
1 NETWORK 2
www.thinklogical.com
1 CONSOLE 2
NETWORK
CONSOLE
NETWORK
NETWORK
1
2
www.thinklogical.com
CONSOLE
MODEM
www.thinklogical.com
CAUTION! Replace with same
type and
rating fuse.
www.thinklogical.com
CAUTION! Replace with same
type and
rating fuse.
CONSOLE
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
CAUTION!
NETWORK
NETWORK
1
2
1
2
CONSOLE
MODEM
CAUTION!
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
CAUTION! Replace with same
0.5A, 50/60 Hz
type and
T2A, 250 VAC
rating fuse.
CAUTION! Replace with same type and rating fuse.
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
CAUTION! Replace with same
0.5A, 50/60 Hz
type and
T2A, 250 VAC
rating fuse.
Replace with same type and rating fuse.
100-240V -, 0.5A, 50/60 Hz
Replace with same type and rating fuse.
100-240V -,
0.5A, 50/60 Hz
T2A, 250 VAC
0.5A, 50/60 Hz
T2A, 250 VAC
100-240V -,
T2A, 250 VAC
Sentinel 32
PORTS:
PORTS:
5-8
5 6 7 8
1 2 3 4
PORTS
1-4
13-1621-2429-32
5 6 7 8
1 2 3 4
PORTS
5 6 7 8
1 2 3 4
PORTS
9-1217-2025-28
5 6 7 8
1 2 3 4
PORTS
NETWORK
1
CONSOLE
NETWORK
2
MODEM
CAUTION! Replace with same
type and
rating fuse.
100-240V -,
0.5A, 50/60 Hz
T2A, 250 VAC
CAUTION! Replace with same
type and
rating fuse.
100-240V -,
0.5A, 50/60 Hz
T2A, 250 VAC
Page 19
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.2.1 Power
SCS products have an internal universal Power Supply. Each SCS unit requires approximately
15W of electrical power. The switching power supply accepts nominal AC input voltage
between 100-240 VAC with a frequency range of 50-60 Hz.
!
Note: The optional -48VDC Power Module is described in Section Appendix D,
DC Power, on page 83.
3.2.2 AC Input
A single IEC-type AC power entry module with an integral safety fuse and power switch is
located on the rear of the chassis in each AC Power Module. The power input to the chassis
uses a removable IEC-type cord set. One is provided with each AC Power Module. Be sure
that your AC power source is properly grounded.
3.2.3 Connecting to the Network Port
Use a conventional, fully-pinned Category 5 cable (CAT5) to connect your network to the
NETWORK (RJ45) jack on the rear of the chassis.
The SCS’s network port (auto-selecting 10/100) allows remote access to the attached
networking components by the users and the sysadmin functions by the root user. You
can change the network parameters from the front panel of the SCS or you may ssh into
the default address and make changes using Linux commands.
3.2.3.1 SCS-R and Sentinel 32 Dual NIC Interface
The SCS80R / SCS160R / SCS320R / SCS480R / Sentinel 32 have dual network Ports.
Initially, only the first NIC is functional (NETWORK 1 = device eth0
(NETWORK 2 = device eth1) must be enabled by the sysadmin.
To configure the second NIC, the sysadmin will log in and use one of the following
commands:
).
The second NIC
netconfig -d eth1 or netconfig --device=eth1
Refer to Section 6 for other System Commands.
Page 20
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.2.4 Connect Your Console
The console port is used for local access to the SCS. Connect your terminal or computer to
the console port with a terminal emulation package. The SCS’s console port has a DCE
configuration with adjustable parameters.
The default communication parameters for the console port are:
•
• 9600 baud
••
•
• 8 data bits
••
•
• No parity
••
•
• 1 stop bit
••
•
• Xon/Xoff flow control
••
Use a conventional CAT5 cable to connect your terminal or computer to the CONSOLE
jack (RJ45) on the rear of the chassis.
Login to the SCS: When connected to the SCS, the login as prompt will appear. Log
in as root
.
Press Enter to continue.
The password: prompt comes up next. Enter root (the default root password) and
press Enter.
3.2.4.1 SCS-R and Sentinel 32 Dual Console Interface
The SCS80R / SCS160R / SCS320R / SCS480R / Sentinel 32 have dual Console Ports, with
Console Port 1 pinned as DCE and Console Port 2 pinned as DTE. Console Port 2 is
disabled in the default configuration. To use the second console port, the sysadmin must
enable it.
Console Port 2 is activated by editing the file /etc/inittab
.
Refer to Section 6 for other
System Commands.
3.2.5 Connect to the Ports
Any system (e.g., server, router, switch) with a serial port may be connected to the SCS
for consolidated system administration. Server Ports are individually configurable. Consult
your server documentation as needed.
Page 21
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The default communication parameters for the server Ports are:
•
• 9600 baud
••
•
• 8 data bits
••
•
• No parity
••
•
• 1 stop bit
••
•
• Xon/Xoff flow control
••
•
• DCE Port type
••
Each Port can be individually configured for baud rates of 300-115K for specified data
parameters and as DTE or DCE types.
!
Note: Ports may also be individually disabled if desired.
3.2.5.1 Automated Port Configuration Tests
A script named pm is available to test the device ports and report the correct DTE/DCE
setting for each port. A man page exists for pm. This can be used to troubleshoot SCS to
server connections. Hardware signals from the server are tested but Baud rates are not.
3.2.5.2 Port Adapters
You may need to adapt the cable connection for your server device. Thinklogical® offers serialto-RJ45 adapters for serial ports, both DB9 and DB25, for many common network-equipment
product applications. See Appendix F on page 85 for more information.
3.2.5.3 Serial Port Pin-out
Serial Port pin-out
Page 22
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.3 SCS-R and Sentinel Power Modules
The SCS80R, SCS160R, SCS320R, and Sentinel 32 provide dual AC Power Modules
which are field-replaceable and connect to the rear panel of the SCS chassis. Each Power
Module has a power entry connection with an IEC-type power connector.
The SCS80R, SCS160R, SCS320R, and Sentinel 32 have a power monitoring display
shown on the front panel to indicate if one of the power supplies is not powering the
system (either AC power failure, a Module is turned off or the supply has failed).
SCS Front Panel display: Left Power Supply failure
The SCS480R Power Module is mounted in the front panel of the SCS480R. It has the
same capabilities as the SCSR and Sentinel Modules. It is not necessary to remove the AC
power cord from the SCS480R when replacing a module.
!
Note: The Power Modules in the SCS160/320/480 are not field serviceable.
This option applies to the SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32
only.
Each Power Module can fully support the SCS80R, SCS160R, SCS320R, SCS480R and
Sentinel 32 system. However, the intended design is to have two power sources running
your SCS system. When both supplies are active, they will share the system load. If one
fails, the remaining supply can then take the full load.
The SCS80R, SCS160R, SCS320R, SCS480R, and Sentinel 32 ship with two AC power
cords, one for each module, to allow separate AC power source connections. Plug the IEC
connection into the SCS AC Power Module and connect the AC cord to a standard AC
power source.
3.3.1 Power Module Replacement
The Power Modules of the SCS-R and Sentinel 32 Models may be hot-swapped. Each
slide-in Power Module is held in place with a single captive screw and does not need to be
removed except for replacement.
Page 23
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Captive Mounting
Handle
Screw
AC Power Module (removed from SCS Chassis)
SCS80R, SCS160R, SCS320R and Sentinel 32:
If the front panel display indicates that one of the power supply modules has failed, it may
need to be replaced.
A single captive screw (visible from the rear of the SCS80R, SCS160R, SCS320R or
Sentinel 32 chassis) holds the Power Module in place and also establishes a protective
Earth ground. Be sure to turn off the failed power module and remove its power cord
connection. Unscrew the module and remove it from the chassis using the built-in handle
on the front of the module.
SCS480R:
If you need to replace one of the SC480R power supply modules, note that the module
slides in and out from the front of the chassis.
A single captive screw (visible from the front of the SCS480R chassis) holds the Power
Module in place and also establishes a protective Earth ground. Be sure to turn off the
failed power module (press switch to O position). It is not necessary to remove the power
cord. Unscrew the module and remove it from the chassis using the built-in handle on the
front of the module.
Insert the replacement power module and tighten the screw. Reconnect the power cord if
necessary and turn on the switch. When power is restored the failure message on the front
panel display will clear.
3.4 SCS-R and Sentinel -48VDC Power Modules
The SCS80R, SC160R, SCS320R, and Sentinel 32 provide dual -48VDC Power Modules
which are field-replaceable and connect to the rear panel of the SCS chassis. Each Power Module has a Power IN port with a WAGO MCS power connector. The SCS80R,
SCS160R, SCS320R and Sentinel 32 have a front panel display to indicate if one of the
power supplies is not powering the system (either DC power failure, a Module is turned off,
or the supply has failed).
Page 24
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The SCS480R Power Module is mounted in the front panel of the SCS480R and has the
The WAGO DC Power
C
onnector
same capabilities as the SCSR and Sentinel Modules. It is not necessary to remove the DC
power cord from the SCS480R when replacing a module.
!
Note: The Power Modules in the SCS160/320/480 areNOT FIELD
SERVICEABLE.This option only applies to the SCS80R, SCS160R, SCS320R,
SCS480R and Sentinel 32.
Each -48VDC Power Module can fully support the SCS80R, SCS160R, SCS320R, SCS480R
and Sentinel 32 systems. However, the intended design is to have two power sources
running your SCS system. When both supplies are active, they will share the system load. If
one fails, the remaining supply can then take the full load.
The SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 ship with two WAGO
MCS connectors, one for each module, to allow separate DC power source connections.
Plug the WAGO MCS connector into the SCS DC Power Module and connect to a regulated
DC power source.
3.4.1 Wiring the -48Vdc Connector
consists of 3 pieces: The connector plug
and two halves of the strain-relief back
shell. After installing the wires as
depicted above, the three pieces fit
together as shown (right) and snap firmly
into place.
WAGO MCS DC Power Connector:
1. Brown = -48VDC
2. Green/Yellow = Chassis Ground
3. Blue = Common
Page 25
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.4.2 -48VDC Power Module Replacement
The Power Modules of the SCS-R and Sentinel 32 Models may be hot-swapped if
necessary. Each slide-in Power Module is held in place with a single screw and does not
need to be removed except for replacement.
-48VDC Power Module and WAGO Connector (shown removed from Sentinel 32)
SCS80R, SCS160R, SCS320R, and Sentinel 32:
If the front panel display indicates that one of the power supply modules has failed, it may
need to be replaced.
A single captive screw (visible from the rear of the SCS80R, SCS160R, SCS320R, or Sentinel
32 chassis holds the Power Module in place and also establishes a protective Earth ground.
Be certain to turn off the failed power module (press switch to O position), then remove its
power cord connection. Unscrew the module and remove it from the chassis using the builtin handle.
SCS480R:
If the front panel display indicates that one of the power supply modules has failed, it may
need to be replaced. The power modules insert from the front of the chassis.
A single captive screw, visible from the front of the SCS480R chassis, holds each Power
Module in place and establishes a protective Earth ground. Be certain to turn OFF the failed
power module by pressing the switch to the OFF (O) position). Unscrew the failed module
and remove it from the chassis using the built-in handle.
You may now Insert the replacement power module and tighten the captive screw. Connect
the power cord to the module and turn the switch ON ( l ). When power is restored, the
failure message on the front panel display will clear.
Page 26
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
4. Initial Configuration
The SCS is Pre-Configured. Just set your IP Address and add Users.
4.1 Default Configuration
The SCS is pre-configured right out of the box, ready to generate ssh keys with an IP address
set to a generic default value of 10.9.8.7 / NetMask 255.0.0.0. It is likely that the sysadmin will
want to change to a local IP address.
When you first connect the unit to your network and turn the power on it will take about two minutes for the SCS to perform the initial ssh key generation. The front panel display will
show the following display after the SCS’s power-up is complete and the system is ready:
SCS Front Panel Display default, normal mode shown
The top line of the display is the SCS’s host and domain name and the second line is a clock
display showing day and date (initially set to Eastern Time Zone).
4.2 Initial System Security Concerns
The first login will require several steps to fully secure the SCS.
When you first connect the SCS and turn it on, it will build the ssh keys during the first two
minutes of system startup. During this time, the front panel LCD second line will read start
sshd, and the console port will read Starting sshd.
The root user should also configure the ntp and the ssh config files. Network 2 and
the dual console/modem are disabled. Root is not allowed to login on console 2.
4.3 Front Panel Network Setup
If you changed the network settings via netconfig, you can skip this section.
The Front Panel Display and buttons can be used to set the basic network parameters. There
are four arrow buttons (Left, Right, Up, Down) and one enter button. The front panel can be
used to change the IP Address, Subnet Mask, and Gateway settings. By default, the front
panel will show the Host name and the Date/Time.
4.3.1 Front Panel Edit Mode
By default the Front Panel Display’s Edit mode is enabled. The View mode is similar to Edit
mode except that the front panel cannot be used to change the settings. This is described in
Section 7.7, Front Panel Display Options on page 44 of this manual.
!
Note: The Front Panel Edit Mode can be disabled if desired. See Section 7.7,
Front Panel Display Options beginning on page 44.
Page 27
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
With Edit mode enabled, use the arrow buttons on the front panel to access the front panel
edit subroutine and change the default network settings (showing the IP address Netmask
and Gateway) for your SCS system. The front panel controls are self-prompting for the
appropriate entries.
SCS Front Panel Display showing the Network Edit Mode
!
Note: Use the Enter button to ‘continue’ or to ‘accept’ the current setting. Your
front panel entries must be NO LONGER THAN 30 SECONDS APART or the front
panel entry program will time out and discard your entries.
An asterisk at the far right indicates there is a parameter that has changed from the
currently-stored value. These entries will be accepted and held. As you exit this
programming mode you are given the opportunity to Save or Cancel your new
changes. If you do not Save your settings at this time, your new changes will be
discarded.
!
Note: Front panel changes are not written to the Compact Flash memory
until the sysadmin uses the command-line ‘save’ command.Do NOT turn the system
power off or these changes will be lost.
4.3.1.1 Start Front Panel Edit Mode
To start the Edit mode, press the Up or Down Arrow button on the front panel. The display
will change from the default Domain Name / Date & Time to the Edit Mode. You can
scroll through the available Edit functions by pressing the Up or Down arrows: Program Network Settings or View SCS Settings
!
Note: If you do not press a button within 30 seconds the display will revert to
the normal display and no changes will be made.
Scroll to the Program Network Settings display.
4.3.1.2 Program Network
When the Program Network Settings mode is selected, you will step through the parameter
entry for Network IP Address, Net Mask and Gateway, then Exit to the previous menu. The
Up and Down arrows are used to scroll through the available options.
Page 28
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Network IP Address
SCS Front Panel Display for Network Programming mode
Press the Enter button to continue.
SCS Front Panel Display showing the current IP Address
The current IP Address will be displayed with leading zeroes. The factory default is 10.9.8.7.
If you do nothing, the display will revert to the previous display after 30 seconds and no
changes will be made. To change the IP Address press the Enter button.
SCS Front Panel Display showing Edit IP Address
A cursor appears under the first character of the existing address. Press the Left or Right
arrow button to move the cursor to the first digit to be changed. To change a digit, use the Up
or Down arrows.
!
Note: Ignore any leading zeroes in the display entry. The SCS will adjust for
them and will not store the leading zeroes when saving the data.
As soon as you change a digit an asterisk (*) will appear at the top-right indicating that a
parameter has changed. Input the complete address.
SCS Front Panel Display (example) with an Asterisk indicating a change
Page 29
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
When the address input is complete, press the Enter button to accept the entry. The
display will look like the following example:
SCS Front Panel Display after editing the IP Address
The new value will be stored when you finish setting all the Network parameters.
Net Mask
Press the Down Arrow once to advance to the Net Mask parameter.
SCS Front Panel Display showing the current Net Mask
Press the Enter button to change the Net Mask parameter. The current Net Mask setting will be
displayed with a cursor under the first digit. The factory default is 255.000.000.000. Press
the Left or Right arrow button to move the cursor to the first digit to be changed. To change
a digit, use the Up or Down arrows.
SCS Front Panel Display editing the Net Mask setting
As soon as you change a digit an asterisk (*) will appear at the top-right indicating that a
parameter has changed. Change the Net Mask as desired.
!
Note: Ignore any leading zeroes in the display entry. The SCS will adjust for
them and will not store the leading zeroes when saving the data.
When you have completed entering the parameter values press the Enter button to accept
the entry. The display will show the following:
SCS Front Panel Display showing the new Net Mask display.
Page 30
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The new value will be stored when all the Network parameters are set.
Gateway
You may now enter your Gateway parameter information. Press the Down arrow once to
continue.
SCS Front Panel Display showing the current Gateway setting
Press the Enter button to edit the Gateway parameter. The current Gateway setting will be
displayed with a cursor under the first digit.
SCS Front Panel Display to Edit the Gateway setting
Press the Left or Right arrow button to move the cursor to the first digit to be changed. To
change a digit, use the Up or Down arrows. As soon as you change a digit an asterisk (*)
will appear at the top-right indicating that a parameter has changed.
!
Note: Ignore any leading zeroes in the display entry. The SCS will adjust for
them and will not store the leading zeroes when saving the data.
SCS Front Panel Display editing the Gateway setting
When you have the completed entering the parameter values, press the Enter button to
accept the entry. The display will show the following:
SCS Front Panel Display showing new Gateway setting
Your new value will be stored when you are finished setting all the Network parameters.
Page 31
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Exit to Main Menu
You will now be prompted to Exit to the Main Menu. Press Enter to continue.
SCS Front Panel Display exiting the LCD Mode
You are given the choice to Save your changes or to Cancel them.
SCS Front Panel Display to Save or Cancel Changes
Press Enter to save your network changes or press the Up arrow to discard them. When
you have completed the changes, the system must restart the Network Daemon. (The
Network Daemon periodically connects to the network to check for updates and
notifications.) This process will be displayed on the front panel display. The display will
revert to a normal display when the network is restored.
SCS Front Panel Display - Saving and Restarting
When the system has restarted the network services, the following is displayed:
Returned to normal SCS Front Panel Display
To permanently save your new Network settings in the system, you must use the SAVE
command to write the values to the Compact Flash memory.
!
NOTE: If the system loses power before using the command-line SAVE
command, the front-panel-entered network parameter changes will be lost.
Page 32
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
4.4 Initial Connection via Network
You can access the SCS using ssh (secure shell host) commands with your existing network. If you add a route to your workstation, you can connect to the SCS via its default
address. For security reasons, a telnet server is not active on the SCS.
4.4.1 Network Connection Requirements
• Have your SCS system connected to the network before you turn it on.
• Know your computer’s IP address.
4.4.2 Route via Linux Workstation
If using a Windows workstation, you may go to section 4.4.3.
If you are accessing the network from your Linux / UNIX workstation, enter:
To access the SCS system using ssh, from your command line, enter:
ssh root@10.9.8.7
Default root password is root.
You should now be at the SCS’s root command prompt.
It is recommended that one of the first changes you make is to your SCS’s network
address. See Section 7.2, Change Network Address, on page 41.
4.4.3 Route via Windows Workstation
If using a Linux workstation, you may skip this section.
If using Windows 9x/2000/XP you can connect to the SCS using your networked
Windows PC and an ssh-capable terminal emulation package.
!
Note: If you don’t have an ssh-capable terminal emulation package, an
available option is PuTTY, a freely-distributed package you can download at the
following address:http://www.chiark.greenend.org.uk/~sgtatham/putty/.
(PuTTY is a client program for the ssh, Telnet and Rlogin network protocols. These
protocols are all used to run a remote session on a computer over a network.)
If you use a Windows PC to login to the SCS:
1.
Determine your PC’s IP network address. One method: open a DOS prompt window
and type ipconfig, then press Enter. Your PC’s IP address is listed, among other
things.
2.
Add the route between the PC and the SCS. From a DOS prompt, enter:
route add 10.9.8.7 mask 255.255.255.255 <workstation's IP address>
then press Enter
3.
“Ping” the SCS to assure that your network connection is now functioning. (The ping
Page 33
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
command is a way to verify a network connection.) Type ping 10.9.8.7 at the DOS
prompt, then press Enter. Check for a completed connection.
4.
Connect to the SCS with your terminal package using ssh. Launch your terminal
package and connect to the default IP address of the SCS of 10.9.8.7 using ssh.
If using PuTTY (shown below), set the Session window IP address to 10.9.8.7, select the
ssh radio button and press Open.
PuTTY configuration Screen
The first time you connect using ssh you will get a warning about the ssh authentication
keys. Accept the newly-generated keys by choosing yes.
5.
Login to the SCS. When connected to the SCS, the “login as:” prompt will appear. Log
in as root. Press Enter to continue.
The “password:” prompt comes up next. Enter root (the default root password) and press
Enter.
Upon pressing Enter you will be at the SCS’s root command prompt. For this case,
connect using PuTTY to ssh into 10.9.8.7:
Terminal screen showing a typical root login to SCS
When successfully logged in, you will see the command prompt ending with # followed by the
cursor.
It is recommended that one of the first changes you make is to your SCS’s network
address. See Section 7.2, Change Network Address, on page 41.
Page 34
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
4.5 Initial Connection via Console port
See Section 3.2.4, Connect your Console, on page 21.
4.6 How to Access the LSI SCS Web Setup Interface
Be sure to add the proper route statement (route add 10.9.8.7…) to your
workstation (see paragraph 4.4.3, Step 2, on page 33).
1. From your browser, type: https://10.9.8.7:8098/
2. A predefined SSL (Secure Sockets Layer) certificate will be used. Your browser may
warn you that the certificate does not match the host. You may continue using this
certificate, but you should create a new certificate after setting up the SCS.
3. Refer to the file /usr/local/doc/ssl.cert.README for more information about
creating certificates.
4. Press Start.
5. Enter root as the user name and root as the password.
6. The main configuration menu is displayed. Make your changes. Help is available for
each page.
7. When all your changes are made, select Control Panel from the Main Menu and then
select Shutdown/Reboot. Reboot the SCS and all your changes will take effect.
This interface is for setup only. It cannot be used to access the device ports. To disable
the web interface, see the instructions located in /lsi/README.
5. System Overview
5.1 SCS Systems are Linux-based
Thinklogical® Secure Console Server products use the GNU/Linux operating system.
5.1.1 Linux General Public License
The GNU/Linux source code used in this product has been distributed under a General
Public License (GPL) from the Free Software Foundation. You may read about the GNU
GPL by reviewing the text version of the GPL at http://www.gnu.org/licenses/gpl.txt.
You will find additional GNU license information online at:
http://www.gnu.org/licenses/licenses.html#GPL.
Please contact Thinklogical® Product Support (1-203-647-8700 or toll-free at 1-800291-3211) if you need a copy of this source code.
5.1.2 SCS System Architecture
SCS software design uses both RAM (volatile) and Compact Flash (non-volatile) memory. All
system changes are maintained in RAM until they are written to the Compact Flash
memory. A read-only memory system is used since Compact Flash memory devices have
a limited number of read-write cycles.
After making administrative changes to the system, the root user must run the SAVE
command to write the changes to the non-volatile memory. If the data changes are not
saved, the parameter changes will be lost in the event of a power failure or power-down.
Page 35
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
5.2 Initial System Administrator (sysadmin) Access
To customize the SCS configuration for your location,
we suggest
When the SCS is first powered up, you may need to configure it to operate with your network.
Use ssh to access the SCS or the local console (Section 3.2.4, Connect Your Console, on
page 21).
The SCS uses familiar Linux commands to administer the system. This manual lists those
Linux commands that are important for the SCS sysadmin to know (See table on page 38).
5.2.1 Enter Commands
The system administrator enters Linux commands using the command-line interface. Unless
otherwise shown, commands are all lower-case and may have modifiers. SCS commands are
discussed in Section 6, Commands, beginning on page 38.
5.2.2 Log Out
To log out from a session, use the command logout. If logging out from a network
session, the Console Server will disconnect the ssh session.
5.3 Default Services
The following Services are enabled by default:
•
network
•
ssh
•
syslog
•
cron
You may add other features and services, depending on your application. When you first log
into the system, you will get the following reminder message for configuration:
you do the following:
∗ CHANGE THE ROOT PASSWORD!!!
∗ reconfigure the network (netconfig)
∗ set the time zone, if not in the Eastern U.S. (timeconfig)
∗ add users (adduser)
∗ edit the ntp.conf file and then enable the ntpd service
For extra security:
∗ edit the sshd_config file to not allow root logins
∗ when all settings are changed, reboot the system to save the changes
SCS login advice (displayed on-screen when you first log in)
5.3.1 Configure the Services
When you first install the SCS system, you should configure the default services for your
needs. This addresses network, date/time, authorizations and system hostname. The feature
commands described below are discussed in Section 7, System Administration, beginning on
page 41.
Page 36
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
In order to configure the basic services, you must:
Run service network restart to restart the network.
To configure the existing features, use the following commands:
• For the Network parameters, use netconfig
• To change the host and domain name, usechangehostname
• For the Date/Time, use timeconfig
• To change the time zone for the authentication protocols, use authconfig
Page 37
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
6. Command s
A summary of special SCS Commands
6.1 System Commands
SCS products use Linux commands and man pages are available for all system commands. The
root user can access the following commands to configure the special features of the SCS:
COMMAND PURPOSE CHPT.
adduser Add a User (creates a new user account) 8
deluser Delete a User account 8
editbrk Edit the 'break' sequence 8
editesc Edit Interactive mode 'escape' sequence 8
edituser Edit user settings for existing User accounts 8
save Commit programming changes to non-volatile memory
stty Configure Port parameters (see Linux commands) 6
versions Show version information 6
The commands are discussed in the chapter numbers noted on the right.
6
6.1.1 save
SCS systems will maintain your settings in RAM memory as long as system power is applied and
the system remains in a normal operating condition. To permanently store your parameters, the
root user must use the save command to write the data changes to the non-volatile Compact
Flash memory card. This will ensure that your data is permanently saved.
The save command does not store buffered port data, which is held in RAM.
!
Note: The root user should run save any time that the system configuration has
been changed. This includes user password changes and any command-line system
administration changes
The save command is automatically run when you execute the reboot or the poweroff
commands. It will copy files located in /etc, /home, /usr and /root to the Compact Flash
and restore them when the system is restarted.
6.1.2 reboot
The
reboot
reboot process which occurs immediately after your data has been saved. A reboot takes a
minute or so to complete. After the reboot has run the underlying commands, the system will
reset and then begin the start-up process as it does at power on.
command may be run at any time. The
save
command is run as a part of the
Page 38
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
!
Note: No ‘break’ commands will be sent on the serial Ports during a SCS system
reboot. Your servers will not be affected.
Thinklogical® SCS systems are “break-safe”, meaning that they will not send a ‘break’ command
(unless user initiated) or other data on the serial ports connected to your servers. An unwanted
‘break’ could cause problems with your server.
6.1.3 poweroff
If you want to turn the SCS off, you must first run the poweroff command.
!
Note: No ‘break’ commands will be sent on the serial Ports during a SCS system
poweroff cycle. Your servers will not be adversely affected.
poweroff may be run at any time. The save command is run as part of the poweroff
process. Once you have entered the poweroff command, the operating system will shut down
and the SCS will cease operating. The front panel display will show OK to Power Off. You
may now turn the power switch off.
The only way to recover from a poweroff command is to turn the system power off and then
turn the power back on.
6.1.4 Other Linux Commands
The following Linux commands, among others, will be used with the SCS systems.
logout
Use logout to quit your session with the system.
man
Use man <command name> to search for a help file (online manual pages) or descriptive
information for that Linux / UNIX command.
Three general man pages are available for Thinklogical commands and files:
1.
lsi.1 for user commands
2.
lsi.8 for system commands
3. lsi.5 for Thinklogical file descriptions
passwd
The root user should change the default root password as soon as possible to prevent
unauthorized access. To change the default root password, type passwd (all lower case) at
the root login prompt.
scp
Use scp for secure copy using ssh (secure shell host) between two hosts. The process is
encrypted and inherently secure. Refer to the man pages for scp for a description and any
command options.
Page 39
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
sftp
Use sftp for a secure file transfer transaction between two servers using ssh. This process
is similar to ftp except that it is encrypted for security. Refer to the man pages for sftp for
a description and any command options.
ssh
The SCS systems use ssh to establish secure connections over your network. The
configuration file for the ssh server is /etc/ssh/sshd_config. This controls ssh
connections to the SCS.
Use ssh to establish a secure connection between two hosts or to transfer files or data between
the systems. The Secure Console Server is a client device and will be connected to an ssh
elsewhere. The security keys for ssh may need to be generated using ssh-keygen, depending
on your application of ssh. Refer to the man pages for ssh for a description and any command
options.
ssh-keygen
Use ssh-keygen to create keys for users so passwords do not have to be used for ssh login.
You can generate the security keys for your client system (in this case, the SCS is the client) to
interact with an ssh host elsewhere. After the keys have been generated, the user can establish a
secure shell connection using ssh over a network. Refer to the man pages for ssh for a
description and any command options.
stty
Use stty to change the configuration for each Port. The system provides a default
configuration for the system Ports (ttyB1 through ttyB48
),
and for the console port (ttyS0
).
!
Note: Port changes made using stty are temporary (not written to memory). In
order to keep any changes, you must edit the configuration file in /etc/rc.d/rc.serial
and then run save.
The Ports are identified as /dev/ttyB1 through /dev/ttyB48 for ports 1 through 48,
respectively, and /dev/ttyS0 for the console port.
!
Note: For example, to administer Port 7 you would edit the file rc.serial and use
stty -F /dev/ttyB7.
Refer to the
man
pages for
versions
Use versions to see a listing of the release versions of the LSI files in the SCS.
stty
for a description and any command options.
Page 40
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
6.2 Change Logging Level
The sysadmin may wish to change the logging level of syslog.
1.
Login as root
2.
Edit the file /etc/syslog.conf (vi/etc/syslog.conf)
3.
Restart the system logger by entering: service syslog restart
4.
Run save.
7. System Administration
This section outlines the administration functions and commands that are accessed using
the network or console ports.
7.1 Security
Thinklogical® Secure Console Servers use ssh to provide encryption for a secure network
connection. There is only one level of system administration access in the SCS and that is at the
root level.
Warning!: Anyone with the root password has the ability to access all SCS features
and functions. Your root password should be carefully guarded.
In general, users cannot interact with the system-level features. Only users with permission to
interact with a port can access the buffers or clear the buffered data.
7.2 Change Network Address
You may use the Front Panel setup (see Section 4.3, Front Panel Network Setup, beginning
on page 27) to configure the SCS’s IP address. This will temporarily change the IP address to
allow you to connect to the SCS. Front panel changes are temporary because there is no way to
write the new parameters to non-volatile memory using the front panel keys.
You must run netconfig once you have accessed the SCS to change the network parameter
options and then save the parameters to non-volatile memory.
7.2.1 Run netconfig
After you establish a connection to the SCS (either through your console port or via ssh
using the default address of 10.9.8.7), you may need to change the IP address setting of the
SCS to the desired address on your network, using netconfig
a self-prompting program to set up your system’s network information. It supports DHCP/BOOTP
setup or static addressing. Use the space bar to select/deselect a value (e.g., DHCP). Use the
arrow keys to move up and down between the entry fields.
.
The netconfig command is
!
Note: Use of a static IP address is recommended with the SCS.
Page 41
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
You will need the following information before running netconfig
:
• Using DHCP/BOOTP (yes/no)? If No, you will need the following:
• IP Address
• Net Mask
• Default Gateway
• Primary Nameserver
You can add the secondary and tertiary nameservers (if required) by editing the resolv.conf
file at any time. After entering the requested information, you are returned to the root prompt.
See Section 7.2.2: More Than One Nameserver on page 43.
7.2.1.1 Save your netconfig changes
After running netconfig to set up your system, you must run the save command to
keep your changes. Then restart the network using the following steps:
1.
Make all changes
2.
Run save
3.
Run service network restart to restart the network
4.
Make a new ssh connection.
!
Note: If you are making several changes to the system configuration, you may
complete all the changes and then run save.
Example of
netconfig
fill-in fields
When you have filled in the fields, arrow down to the OK button and press Enter to accept
your entries.
Page 42
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.2.2 More Than One Nameserver
The netconfig command allows the user to set up one nameserver’s IP address. It is
possible to have multiple nameservers, which must be done outside of the netconfig
command. The nameserver data is in the file /etc/resov.conf. If you want to have more
than one nameserver, you must edit the file. For more information, refer to the man page
forresolv.conf
In this file, you will find the IP address you entered with netconfig. You can add the
address of additional nameservers. (a maximum of 3 nameservers is allowed) to this file.
The format of a line is: nameserver <IP address>.
.
7.3 Change Hostname
The SCS includes a command changehostname which allows the root user to change the
long hostname of the SCS unit.
1. Log in as root.
2. Type changehostname. The current hostname is displayed and you are prompted to
choose y/n to proceed.
3. If you select y (yes) to change, you are prompted to enter the new hostname.
!
Note: If you make a mistake in your entry, do not attempt to edit it. Reject the
incorrect entry and re-enter the value properly.
4. Enter your new hostname value. Press y to accept the new value.
5. Remember to run save when done to keep your new values.
6. After changing the hostname and/or clock settings, reboot to make the changes
permanent. These two settings (clock and hostname) are only saved during an
orderly shutdown. Loss of power before reboot will revert to the old values.
7.4 Time Configuration
Use the command timeconfig to set up the date/time and time coordinates. This is a selfprompting utility. To keep your values, run save when completed. After changing clock
settings, reboot the SCS to make changes permanent.
!
Note: If changing the Time Zone (during timeconfig changes) restart the LCD
display service so the front panel display can update. Use the command service lcd restart after completing the timeconfig options.
7.5 Change NIC Speed
You can change the NIC interface configuration to auto-sensing or fixed, to full or half duplex,
and to 10Mb or 100Mb. The following file information is found in the file /etc/modules.conf
with some additional instructions on to how to set the NIC speed.
Page 43
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
This file already has the various commands in place, but they are commented out (rendered
inactive by the preceding #). Edit the /etc/modules.conf as required. Remove the leading #
from one of the #options lines below to make it active, then reload the NIC driver.
alias eth0 eepro100
alias char-major-72 exser
alias char-major-4 off
options -k exser
##
## options to control NIC speed and mode
## remove the leading '#' from ONE of the options lines below
##
### 100Mbit half-duplex
#options eepro100 options=0x20, 0x30
### 10Mbit half-duplex
#options eepro100 options=0x40, 0x50
The SCS system power should be cycled (using poweroff, not reboot). The power-off is done to
inform the switch connected to the NIC that it is now off.
!
Note: In the SCS-R and Sentinel 32 Models, these changes affect BOTH network
ports. It is not possible to change only one of the network ports.
7.6 Configure Authentications
Use authconfig to set up the authentication protocols. You may only need to run this if you
need remote authentication such as NIS, LDAP, Kerberos, etc.
The first checkbox, cache information, will start the nscd daemon if selected. Refer to the
man page nscd for configuration options. This is not required for normal operation and need not
be selected.
Other aspects of the authentication options in authconfig are self-prompting for parameters for
NIS, LDAP and/or Hesiod.
Remember to run save to keep your new values.
7.7 Front Panel Display Options
The front panel display is a two-line, 24-character, backlit LCD. It displays system messages
during various system events (e.g., network restart, poweroff
shows the default display.
The default display shows the Hostname on the top line and the Date/Time on the lower line, but this can be customized to show other information in either line or both. This can be
helpful in labeling each SCS in a rack with multiple units. Also, the default display can be
turned off and the editing of IP address information using the front panel buttons can be disabled to prevent unauthorized changes.
),
but most of the time is idle and
Page 44
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Default Front Panel Display,
The front panel will display system messages during events such as reboot or save, but will
return to the default display following these events.
7.7.1 Display Mode Parameters
The various LCD Display modes are controlled by entries maintained in the file:
/etc/sysconfig/lsi
• LCD_LINE_1=
• LCD_LINE_2=
• LCD_DISPLAY_SETTING=
• LCD_LINE_1= and LCD_LINE_2= (allows text entry of up to 24 characters to be displayed)
• LCD_DISPLAY_SETTING= (can be set to EDIT [default], VIEW, or OFF)
7.7.1.1 Edit
The Edit mode (
information and allows anyone to use the front panel display to change the network parameters
(IP Address, Net Mask, and Gateway).
7.7.1.2 View
The View mode (
information, but disables editing using the front panel buttons. This prohibits unauthorized
changes to your network settings from the front panel.
LCD_DISPLAY=EDIT)
LCD_DISPLAY=VIEW)
allows the front panel display to show the current display
allows the front panel display to show the current
7.7.1.3 LINE_1=
LINE_1=
allows the user to customize data on the upper line of the display. The root user may
enter a left-justified text line of up to 24 characters to replace the SCS Host-name.
LINE_1 Changed in SCS Front Panel Display,
7.7.1.4 LINE_2=
LINE_2=
allows the customer to customize data on the lower line of the display. The root user
may enter a left-justified text line of up to 24 characters to replace the clock/date display.
Page 45
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
LINE_2 Changed in SCS Front Panel Display
7.7.1.5 Display OFF
LCD_DISPLAY=OFF
disables the front panel LCD display when no events are taking place. The
backlighting will remain on, but the display is blank.
7.8 Network Time Service
Network Time Service is supported. To use the network time service, the user must edit the
files /etc/ntp.conf and /etc/ntp/step-tickers and start the ntpd service as described
in the following paragraphs. (More information is available at www.ntp.org)
7.8.1 Configure NTP
The file /etc/ntp.conf has many options. To define the time server to be used, the hostname
(or IP address) of the time server is needed. Using your editor, add the line: server <my time server name or IP address>to the end of the file.
Example: For the hostname ts1.mydomain your entry is server ts1.mydomain
(The user will type the actual hostname [or IP address] of the time server in place of
ts1.mydomain.)
The user should also add the server names to the file /etc/ntp/step-tickers. This file
requires the name of the time server (the word 'server' as used in the file /etc/ntp.conf is
not needed)
7.8.2 Start the NTP Service
To start the NTP service manually: service ntpd start
To cause NTP to start automatically during startup: chkconfig ntpd on
7.9 NIS and User Port Permissions
The SCS can use NIS to control user access to the Ports in addition to controlling user access
to the SCS itself. Since this is an extension to the normal NIS capabilities, some of the NIS files
must be installed on your NIS server. The user must create/ modify the NIS database to include
records containing user port permissions.
!
Note: Source documents, including this information, are stored on the SCS system.
NIS information is located in /usr/local/doc/nis.
Page 46
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.9.1 User Port Control
The SCS can use NIS to control which user can access a port on the SCS. To use this
feature, a database must be created on the NIS server. The following files are needed to set up the port access database:
Port Access Permission Definition file
Port Access User Definition file
Port Access AWK file (required for the Make file)
Make file used to build the LSI database
7.9.2 NIS Port Access
The file lsi_port_access contains the port permissions for connect, monitor and clear and
is referenced by a group. Users may define as many groups as needed. The following example,
where perm = permission, illustrates how the group file is constructed:
group name:console server name:connect perm:monitor perm:clear perm
where: group name is the name of the user’s group
console server name is the SCS’s hostname connect perm is the port that a group can connect with
monitor perm are the ports that a group can monitor clear perm are the ports that a group is allowed to clear
For example: pbxgrp:tvscs320:1,2-6,13:5-9:1-7
itgrp:tvscs160:8-16:7:1,3,5,7-11
The above example shows two groups, pbxgrp and itgrp, that are allowed to access ports on a
Secure Console Server.
The first group, pbxgrp, can access an SCS with the hostname of tvscs320. The group can
connect to ports 1, 2, 3, 4, 5, 6 and 13. It can monitor ports 5, 6, 7, 8 and 9. This group is
allowed to clear ports 1, 2, 3, 4, 5, 6 and 7.
The second group, itgrp, can access the SCS with a hostname of tvscs160. This group can
connect to ports 8, 9, 10, 11, 12, 13, 14, 15 and 16. It can monitor port 7, and can clear ports 1, 3,
5, 7, 8, 9, 10 and 11.
LSI Port Access Permission file
Port Access Permission for the user defined group names* are defined below.
Permissions can be any or all of the following forms:
decimal value
decimal range using a dash (-) as the range indicator
a comma (,) used to separate digits and/or ranges
a colon (:) used as the field separator, as in:
group name:console server name:connect perm:monitor perm:clear perm
* user_group1:scs160_milford:1-16:1-3,5,8,16:0
* user_group2:scs320_boston:1-6:12,15:3-7
Page 47
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.9.3 User Names and Groups
The LSI Port User Definition file (/nis/lsi_port_users) is used to assign a user to a given
Port Access group. This file information is found in /usr/local/doc/nis.
The following example illustrates how it is set up:
User name:group name
where: user name is a valid SCS user
group name is a valid users’ group
For example:
tomv:pbxgrp
billf:itgrp
The above example shows two users, tomv and billf. User tomv is in the group pbxgrp and
billf is in the group itgrp. When used with the lsi_port_access file, it illustrates how tomv
can log into tvscs320 and be able to connect, monitor and clear the ports that were set up in
the previous example. The same goes for billf.
LSI Port Access User definition file
Port Access user and respective port access group names are defined below.
Users must be valid system usernames.
Group names are those defined in the lsi_port_access file.
A user might not have access to a particular port, depending on group permissions. Only members
of the scsusers group (group ID of 701) may access SCS ports. Only members of the monitor
group (group ID of 702) may access SCS monitor ports.
7.9.4 NIS Database file
The lsi_port_awk file is used to create the lsi database file (lsiportdbase) on the NIS
server. It contains the awk code that the Make file needs.
7.9.5 NIS Make file
The file Makefile.nis.portAccess is used to create the lsi port database.
To build the database, the above files (listed in Section 7.9, NIS and User Port Permissions, on
page 46) need to be loaded onto the NIS server. The system has been tested on a Linux CPU
running RedHat 8.0. The files were placed in the /var/yp directory. After executing the Make
file, the lsi database file was placed in the NIS host directory.
Page 48
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.9.6 NIS Configuration File
The NIS configuration file (located at /etc/nsswitch.conf) must be edited by the user to
support your NIS server. To do this:
1.
Open the file /etc/nsswitch.conf using your editor.
2.
Edit (add or modify) a line to your config file that supports local files for local users and,
if not assigned locally, refers to the NIS database. The line should read:
port_access:filesnis
3. Save your updated nsswitch.conf file.
7.10 NFS
NFS information can be obtained from the man pages, which is an overview of setup
information for an NFS application as it pertains to the SCS. Refer to the following:
man pages:nfs, mount, fstab.
7.10.1 Remote NFS Directory
To mount a remote directory onto the SCS you must start the portmap and netfs services.
To manually start portmap and netfs services, enter the commands
service portmap start
service netfs start
:
To automatically start portmap and netfs services at Power On, enter the commands:
chkconfig portmap on
chkconfig netfs on
Determine which local directory name you will use to refer to the remote directory. The standard
name is /mnt. If you need more than one remote directory mounted, create the additional
directories under the /mnt directory. (e.g., /mnt/dir1, /mnt/dir2, /mnt/dir3...)
To test the mounting, enter the following:
mount -t nfs <remote server name>:<remote directory name> <local
directory name>
Example: mount -t nfs nyc:/usr/local/cvs/mnt/dir2
!
Note: To have this mount occur at startup, you must edit the file /etc/fstab.
See the man pages noted above for details.
For example:
nyc:/isr/local/cvs/mnt/dir2nfshard,intr
Page 49
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.11 SNMP
Simple Network Management Protocol (SNMP) governs network management and the
monitoring of network devices and their functions. Network management stations monitor and
control the network components. SNMP is supported in the SCS as “read only”. Refer to the
man pages for more details.
7.11.1 Start SNMP
Start SNMP with the command
service snmpd start chkconfig snmpd on
7.12 syslog
Using default settings, the SCS will log all warnings and higher events. The SCS keeps a system
log file called /var/log/messages. The level of logging is controlled by the file
/etc/syslog.conf.
SCS products can log the following:
Notice level events:
•
Port settings changed
•
Begin and end Interactive mode
•
Port buffer cleared
Info level events:
•
User settings modified
•
Port buffer accessed
The default file entry is *.notice, with lower level settings in *.info. (A lower level setting
generates more messages.)
7.13 Timeouts
The SCS system supports timeout on the network port. Refer to the man page for timeout
options. Use the commands timeoutd and timeouts
.
7.14 Changing Serial Port Settings
Use stty to change things like the port name, baud rate or hard/soft flow control. Note that
these changes are temporary and will be lost on the next reboot. To make the changes permanent, edit the file /etc/rc.d/rc.serial. This file contains a list of stty commands (one for
each port).
7.14.1 Disable buffering while in Interactive
To prevent unauthorized access, do not store data in the Port buffer while in Interactive mode.
Under normal conditions, all data from the serial device is stored in the buffer and can be
viewed at a later time. To disable buffering (only while the Interactive mode is in progress), use
the command:
stty -F/dev/ttyBn -buffer
Page 50
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
8. Administering Users
The following commands are used to change settings for users. You can define as many
users as you wish, up to the memory capacity of the system. The limiting factor for users is not
the number of users but the number of simultaneous sessions invoked by any number of users
(250 sessions maximum).
8.1 User Setup
Each user account must have a unique name and its own password. Each User account has
the following parameters:
PARAMETER CONSTRAINTS
A unique user name made up of contiguous characters that cannot be
Name
renamed.
This name will be displayed at the command prompt when a user has
logged in.
Password
Port range or
Port group
(used below)
ESCAPE_SEQ
BREAK_SEQ
ALLOW_CLEAR
ALLOW_CONNECT
ALLOW_MONITOR
Linux password for this user account.
Default is set to access all ports in the SCS chassis (1-16, 1-32 or 1-48).
Ports can be assigned individually (1), in a contiguous range (2-7),
in random ports (3,6,9,15) or any combination of the above valid port numbers for
that chassis (1, 4-7, 12, 15-16).
Escape sequence. Default is “Esc-A”. Displayed in ASCII (x1bA)
Break sequence. Default is “Esc-B”. Displayed in ASCII (x1bB)
Range or group of Ports for which this User account can Clear the Port
Range or group of Ports to which this User account can connect
Range or group of Ports which the User can monitor
There are three permissions in the user config files:
•ALLOW_CONNECT: The user can enter Interactive mode. The file name is
/dev/ttyBnnn).
T
o browse a buffer a user must have connect permissions on that port.
•ALLOW_MONITOR: The user can view a specified port. The file name is
/dev/monitor_portnnn and must be opened in Read-Only mode.
• ALLOW_CLEAR: A user can clear a specified buffer. The file name is
/proc/port_buffers/nnn)
8.1.1 adduser
SCS users are identified with a user name and the adduser command is used to create a new
user account. The user’s name, password and port access configurations are set, along with
the escape and break command keystrokes. After a user has been added, this user can log
into the system from a network or console port connection.
Page 51
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
8.1.2 edituser
The edituser command is used to change the parameters for an existing user. The user name
cannot be edited using edituser
user account and enter the appropriate assignments. You should then delete the original user
account (paragraph 8.1.3).
. I
n order to modify a user’s name you must generate a new
8.1.3 deluser
The del user command deletes an existing user account.
!
Note: The following command modifiers (options) apply to the add user and
edituser commands.
8.1.4 Other Editing Commands
The following commands may be entered to change the following parameters. The root user
may change the preset values for these parameters and a user may use this command to
change the parameters for the Port they are connected to.
8.1.4.1 editbrk <name>
Use editbrk <name> to edit the break sequence for a user. The break sequence is
presented in its ASCII form. (User key stroke default is ESC – B.)
8.1.4.2 editesc <name>
Use editesc <name> to edit the escape sequence for a user. The escape sequence is
presented in its ASCII form. (User key stroke default is ESC – A.)
9. User Operations
Commands that End Users need to connect to their Servers through the SCS
9.1 User Accounts
The SCS has two types of user accounts: user and root and supports multiple user accounts,
each having a unique combination of read, write and review privileges for each of the Ports. Each
user account is password protected and a defined user may or may not have permission to
interact with the attached servers.
9.1.1 SCS users
SCS users are the individuals that will connect to any or all of the attached networking devices
for service, support or access needs. There can be many users defined and each user, when
connecting to the system, establishes a session with a selected device by entering the connect
command. There can be up to 250 simultaneous user sessions.
9.1.2 root user
The root user differs from other SCS users in that he root user will act as the System
Administrator (sysadmin) for the full SCS system and has full access to the each of the SCS
Page 52
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Ports. There is only one root user for each SCS system.
The root user defines the access rights of all users in the SCS system. The root user’s access is
secured with the root password (default password is root). The root password should be changed
regularly and carefully guarded to prevent unauthorized access.
9.2 Port Identities
Each Port is numbered and has a default name (port1, port2, etc.) but may be given any
name by the sysadmin. Each user interacts with the servers connected to ports by entering a
command associated with either the port number or port name.
9.3 What Users Can Do
Remember: Use connect <Port number or name> to access a specific server or
network device.
9.3.1 Access via Network
To access a connected server via the SCS network port, the user should use an ssh client to
ssh to the IP address of the SCS.
9.3.1.1 Secure Shell Host (ssh) to a Port
You can ssh directly to a port by using the following command:
ssh user@scs -t -t connect <port number or name>
9.3.2 Access via console port
The console port is normally used by the System Administrator during service events. However, it
can be used by any user that has access to the terminal and has a password to log into the system
and access system Ports.
9.3.3 Interactive Mode
For a user to interact directly with an attached server, the user must enter the Interactive mode.
Use connect <port name or number> to connect to a port (only applies to ports for which
the user is allowed Connect access).
The user's terminal is then connected to the. The SCS displays the last page of the port buffer
along with a system information message indicating which Port is selected as the user enters
Interactive mode. If a user attempts to connect to a port that is in use, they will receive the
message Device or Resource busy.
The Interactive Mode Escape Sequence is a series of two to ten characters that allows the user
to exit Interactive Mode and return to the System Prompt. The default for the Interactive mode
escape sequence is <ESC>A (escape key, then uppercase A). The user may change the
sequence by using the command editesc.
9.3.3.1 Break Sequence
The user is not connected directly to the server, but rather is connected through the SCS, and
therefore cannot use the break key. While a user is connected to a port in the Interactive
mode the user can, however, send a break command to that port. The default sequence is
<ESC>B
Page 53
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
editbrk
When not in the Interactive mode, a user can enter editbrk to edit or view their preset break
sequence. The break sequence is presented in its ASCII form (x1bB). The user key stroke
default is <ESC>B. Press Enter to keep the existing setting.
Warning!: Because the sysadmin is responsible for configuration changes, it is
recommended that only the sysadmin be allowed to change the break sequence.
9.3.3.2 Escape Sequence
A user-defined sequence of keys is used to leave the Interactive mode. The default
sequence is <ESC>A
!
Note: Do NOT use combinations of the <CTRL> key and other keys for the escape
sequence as these combinations are usually reserved for sending and receiving special
characters through a terminal.
Edit Escape Sequence: It is recommended that only the sysadmin edit the escape command
sequence. When logged in, enter editesc to edit or view the preset escape sequence. The
escape sequence is presented in its ASCII form (x1bA). The user key stroke default is
<ESC>A. Press Enter to keep the existing setting.
Warning!: Because the sysadmin is responsible for configuration changes, it is
recommended that only the sysadmin be allowed to change the escape sequence.
9.4 Monitor Mode
Monitor Mode allows a user to view the traffic on a port, but not to interact with it. Once in
Monitor Mode, pressing any key will close the connection. Multiple users may monitor the same
port at one time, unlike Interactive mode, which is limited to one user. A port may be monitored
while an interactive session is in progress. The monitor command uses the same syntax as
the connect command.
9.5 Browse the Buffers
Any of the Linux text browsing commands (less, more, ftp, tftp, scp, etc.) may be
used to view the Port buffers. These buffers are named:
/lsi/ports/buf_<name> or /proc/port_buffers/<number>
9.6 Clear the Port Buffers
Use the following commands to erase the data in a Port buffer:
stty --clear -F/proc/port_buffers/<n>
or
stty --clear -F/lsi/ports/buf_<name>
Page 54
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
10. Regulatory and Safety Compliance
10.1
Safety Requirements
10.1.1 Symbols Found on Our Products
Markings and labels on our products follow industry-standard conventions. Regulatory markings
found on our products comply with all domestic and many international requirements.
10.2 R
Thinklogical® Secure Console Server products are designed and made in the USA. They have
been tested by a nationally recognized testing laboratory and found to be compliant with
the following standards (both domestic USA and many international locations).
egulatory Compliance
10.2.1 North America
These products comply with the following standards:
Safety
•
ANSI/UL60950-1: 1st Edition (2003)
•
CAN/CSA C22.2 No. 60950-1-03
Electromagnetic Interference
•
FCC CFR47, Part 15, Class A
•
Industry Canada ICES-003 Issue 2, Revision 1
10.2.2 European Union
10.2.2.1. Declaration of Conformity
Product name
• Model: SCS80 Secure Console Server, SCS801 Secure Console Server
• Model: SCS160 Secure Console Server, SCS1601 Secure Console Server
• Model: SCS320 Secure Console Server, SCS3201 Secure Console Server
• Model SCS480 Secure Console Server, SCS4801 Secure Console Server
• Model: SCS80R Secure Console Server, SCS801 R Secure Console Server
• Model: SCS160R Secure Console Server, SCS1601 R Secure Console Server
• Model: SCS320R Secure Console Server, SCS3201 R Secure Console Server
• Model: SCS480R Secure Console Server, SCS4801 R Secure Console Server
• Model: Sentinel 32 Secure Console Server, Sovereign 32 Secure Console Server
These products comply with the requirements of Low Voltage Directive 72/23/EEC and EMC Directive
89/336/EEC.
10.2.2.2 Standards to Which Our Products Comply
Safety
•
IEC60950:1992+A1, A2, A3, A4, A11
Electromagnetic Emissions
•
EN55022: 1994 (IEC/CSPIR22:1993)
•
EN61000-3-2/A14: 2000
•
EN61000-3-3: 1994
Page 55
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Electromagnetic Immunity
•
EN55024:1998 Information Technology Equipment-Immunity Characteristics
•
EN61000-4-2:1995 Electro-Static Discharge Test
•
EN61000-4-3:1996 Radiated Immunity Field Test
•
EN61000-4-4:1995 Electrical Fast Transient Test
•
EN61000-4-5:1995 Power Supply Surge Test
•
EN61000-4-6:1996 Conducted Immunity Test
•
EN61000-4-8:1993 Magnetic Field Test
•
EN61000-4-11:1994 Voltage Dips & Interrupts Test
10.2.2.3 Supplemental Information
The following statements may be appropriate for certain geographical regions but might
not apply to your location.
!
Note: This equipment has been tested and found to comply with the limits for a
Class A digital device, pursuant to part 15 of the FCC Rules. These limits are
designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment uses,
generates and can radiate radio frequency energy and, if not installed and used in
accordance with the instruction manual, may cause harmful interference to radio
communications, in which case the user may be required to correct the interference.
!
Note: This Class A digital apparatus complies with Canadian ICES-003 and
has been verified as compliant within the Class A limits of the FCC Radio Frequency
Device Rules (FCC Title 47, Part 15, Subpart B Class A), measured to CISPR 22: 1993
limits and methods of measurement of Radio Disturbance Characteristics of
Information Technology Equipment.
This Class A digital apparatus meets all requirements of the Canadian Interference-Causing
Equipment Regulations.
Cet appareil numérique de la classe A respecte toutes les exigencies du Règlement sur le
matérial brouilleur du Canada.
!
Note: Users may notice degraded audio performance in the presence of
electro-magnetic fields.
10.3 Product Serial Number
Secure Console Server products have a unique serial number, imprinted on a small silver label
that is placed on the bottom of the chassis. The serial number includes a date-code. The
format for
three digits for a unique unit number
shipping carton.
the date-code is two digits for the week; two digits for the year and two or
. This serial number is also found on the original
Page 56
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
10.4 Lithium Battery
The SCS products have a replaceable, long-life Lithium battery (CR2032, 3 volt) to support the
system BIOS which will likely never need field replacement. However, if it ever does need to be
replaced, the following caution statement applies:
Warning!: There is a risk that the battery could rupture if it is replaced by an incorrect
type. Be sure to use only a CR2032, 3 volt lithium battery. Properly dispose of spent
batteries.
10.5 SCS-R Models and Sentinel 32 Power Modules
The SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 systems have hot-swappable
Power Modules that can be replaced in the field without interrupting service. Each Power Module
is held in place with a single captive screw.
Warning!: When replacing a Power Module in the field, first turn the power switch
off, then remove the Power Cord BEFORE loosening the captive screw and pulling the
module out. When replacing the module, fully insert the module and tighten its screw
before replacing the power cord.
11. How to Contact Us
11.1 Customer Support
11.1.1 Website
Visit our website at
the full line of Thinklogical® products. Our internet website offers product information on all
current systems, including technical specification sheets and Quick Start Guides (for viewing
online or for download), product diagrams showing physical connections and other useful
information.
be sure to update your browser when you visit us online.
We regularly update our website, so to see our most current information,
www.thinklogical.com for more product information, current updates and
!
Note: Most online documents are stored as Adobe Acrobat .pdf files. If you
do not have the Adobe Acrobat reader needed to view .pdf files, visit
www.adobe.com
for a download.
Page 57
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
11.1.2 Email
Thinklogical® is staffed Monday through Friday from 8:30am to 5:00pm, Eastern Time Zone.
We will try to respond to your email inquiries promptly. Please use the following email
addresses for your various needs:
– Information about Thinklogical® and our products.
– Sales Department: orders or questions
.
– Product support, technical issues or questions, product repairs
11.1.3 Telephone
Telephone Sales: Please c
in the continental US, use our toll-free number
Friday from 8:30am to 5:00pm, Eastern Time Zone. Be sure to ask for your sales
representative’s direct dial phone number when you call.
Telephone Product Support: Please c
Connecticut at
1-203-647-8700
8:30am to 5:00pm, Eastern Time Zone.
International Sales:
203-647-8700
. We are here Monday through Friday, 8:30am to 5:00pm, Eastern Time Zone
Please contact our expert Sales Staff in Milford, Connecticut, USA at
(same as New York City). If leaving a voice message, please provide a preferred time to call
back so we may reach you at your convenience.
Our switchboard attendant will direct your call during regular business hours. We have an
automated attendant after regular business hours and on holidays. Please leave a voice
message for any of our representatives at any time. Each of our sales and service
representatives has a direct number to accommodate your calls.
ontact our expert sales staff in Milford, CT at
1-800-291-3211
. We are here Monday through
ontact our expert Product Support staff in Milford,
. The support lines are manned Monday through Friday,
1-203-647-8700
or, if
1-
11.1.4 Fax
Our company facsimile number is
your cover sheet and provide return contact information, including your phone number.
1-203-783-9949
. Please indicate the nature of the fax on
11.2 Product Support
Thinklogical’s® support personnel are available Monday through Friday from 8:30am to 5:00pm,
Eastern Time Zone. If you need assistance at some time outside of normal business hours,
please contact us beforehand and we will do our best to make arrangements to assist you.
11.2.1. Limited Warranty Information
Thinklogical®, LLC (“Thinklogical”) warrants this product against defects in materials and
workmanship for a period of one (1) year from the date of delivery (ordinary wear and tear
excluded). This limited warranty does not cover defects resulting from (i) use of the product other
than as described in the applicable documentation for the product; (ii) modifications to or repairs
of the product that are made by any party other than Thinklogical® or a party acting on
Thinklogical’s® behalf, or (iii) combination of the product with third party products that is not
consented to by Thinklogical®. Occurrences of events described in (i) – (iii) shall void the
foregoing warranty. This warranty gives you specific legal rights, and you may also have other
Page 58
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
rights which vary from state to state.
Except for the express warranty set forth above, to the fullest extent permitted under
applicable law, Thinklogical®, LLC and its suppliers disclaim any and all other warranties,
express and implied, including without limitation the implied warranties of
merchantability, fitness for a particular purpose, title and non-infringement.
If the defective product is returned to the authorized dealer within one (1) year of the delivery
date, repair or replacement of the product will be made. Repairs may be made with refurbished
parts. If repair or replacement is not possible, Thinklogical® may keep the defective product and
refund the amount that you paid for the defective product. These are Thinklogical’s® sole
obligations, and your exclusive remedies, for a breach of the limited warranty set forth above.
To return a defective product, contact the Thinklogical® authorized dealer from whom you
purchased the product. Do not return a product directly to Thinklogical® without prior
authorization from your dealer.
If you have received prior authorization from your dealer and are returning a product directly to
Thinklogical®:
1. Contact your sales representative, or call Customer Support at:
1-800-291–3211 or 1-203-647–8700.
2. Describe the product defect and Customer Support will issue a Return Merchandise Authorization Number (RMA#).
3. If possible, pack the product in all of its original packing and be sure to include the RMA
number with the address, so it is clearly visible on the outside of the box.
4. Return the product to:
Thinklogical, LLC®
Attn: RMA# (Insert the RMA# issued to you by Thinklogical®, here.)
100 Washington Street
Milford, CT 06460 USA
If you have any issues with our products, have product questions or need technical
assistance, please call us at
1-203-647-8700
and let us help.
Page 59
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix A: File System
A.1 Read-Only vs. Read-Write
In some instances you may need to interact directly with the SCS’s file system, in which
case you must mount it for read-write (R/W) access before changes can be made to the
system’s Compact Flash.
To mount R/W: mount -o remount,rw/
Warning!: Regular SCS use does not require changes to the Read-Write
operation. The sysadmin may only need to use this to interact with the SCS’s Linux
file system directly. Do not leave the system in Read-Write mode. Leaving the system
in read-write mode could shorten the life span of the SCS.
The SCS’s file system is normally mounted in a read-only mode and is run from RAM to
prolong the life (read-write cycles) of the system’s Compact Flash memory card. Leaving
the system in read-write mode could shorten the life span of the SCS.
To mount R/O: mount -o remount,ro/
A.1.1 Read-Only Mode for Normal Use
Warning!: It is VERY IMPORTANT to remount as Read-Only when you are done
with any changes.
During system startup, the tar file is expanded into RAM. The root file system is then
mounted as Read-Only. It must be remounted as Read-Write in order to make changes
(e.g. mount –o remount,ro/
A.1.2 LSI Directories
The following LSI directories are those most often used with SCS products:
/etc
/home
/var
/root
/lsi
The save command tars these directories and stores the tar file in /misc
.
Page 60
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix B: FAQ
A few frequently-asked questions
B.1 How To…
This section is a collection of tips and hints for various setup items. The root user can change
any of the following features using the given command steps:
B.1.1 Change Port Parameters
Serial Port settings are modified via the stty command (see man page stty
).
The serial port
settings are modified in the rc.serial file to be permanently changed. Note the following:
• Changing port names is persistent over a reboot
• Changing port communication settings (baud rate, parity etc.) is temporary. The file
/etc/rc.serial must be edited in order to save the settings.
To change the Port Parameters, edit the file: /etc/rc.d/rc.serial
For example, to change the baud rate for Port 5 to 19,200 baud, enter:
Stty -F/dev/ttyB5 19200 {other options}
B.1.2 Change the Name of a Port
You can change the name of a Port if you know the original name. For example, to change the
Port <current name> to payroll, enter:
Stty --name=payroll -F/lsi/ports/<current name>
B.1.3 View a Buffer
Use less or cat to view a port’s buffer. There are at least two methods:
/lsi/ports/buf_<portname> or /proc/port_buffers/<portnumber>
Page 61
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix C: Sentinel 32 Modem Commands
The following modem commands information has been extracted, with the permission of the
modem’s manufacturer, from the Multi-Tech Systems, Inc., Developer’s Guide (2003).
Introduction
The AT commands are used to control the operation of your modem. They are called AT commands because the characters AT must precede each
command to get the ATtention of the modem.
AT commands can be issued only when the modem is in command mode or online command mode.
The modem is in command mode whenever it is not connected to another modem.
The modem is in data mode whenever it is connected to another modem and ready to exchange data. Online command mode is a temporary
state in which you can issue commands to the modem while connected to another modem.
To put the modem into online command mode from data mode, you must issue an escape sequence (
characters and the command, e.g.,
command
To send AT commands to the modem you must use a communications program, such as the HyperTerminal applet in Windows 98/ 95 and NT
4.0, or some other available terminal program. You can issue commands to the modem either directly, by typing them in the terminal window of
the communications program, or indirectly, by configuring the operating system or communications program to send the commands automatically.
Fortunately, communications programs make daily operation of modems effortless by hiding the commands from the user. Most users,
therefore, need to use AT commands only when reconfiguring the modem, e.g., to turn auto answer on or off.
The format for entering an AT command is
command parameter. The value is always a number. If the value is zero, you can omit it from the command; thus,
Most commands have a default value, which is the value that is set at the factory. The default values are shown in the “AT Command
Summary” (See below).
You must press ENTER (it could be some other key depending on the terminal program) to send the command to the modem. Any time the
modem receives a command, it sends a response known as a result code. The most common result codes are OK, ERROR, and the CONNECT
messages that the modem sends to the computer when it is connecting to another modem. See a table of valid result codes at the end of this
chapter.
You can issue several commands in one line, in what is called a command string. The command string begins with
ENTER. Spaces to separate the commands are optional; the command interpreter ignores them. The most familiar command string is the initialization string, which is used to configure the modem when it is turned on or reset, or when your communications software calls another modem.
ATO.
+++ATH
to hang up the modem. To return to data mode from online command mode, you must issue the
ATXn,
where X is the command and n is the specific value for the command, sometimes called the
+++)
followed immediately by the AT
AT&W
is equivalent to
AT
and ends when you press
AT&W0.
AT Command Summary
Organization of AT Commands on the following pages: 1st, by the initial command character (&, +, %) 2nd,
alphabetized by the second command character (Except for listing of
Command Description
AT Attention Code
A Answer
A/ Repeat Last Command
BnCommunication Standard Setting
DsDial
DS=yDial Stored Telephone Number
EnEcho Command Mode Characters
FnEcho Online Data Characters
HnHook Control
InInformation Request
MnMonitor Speaker Mode
NnModulation Handshake
AT)
Page 62
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command Description
OnReturn Online to Data Mode
P Pulse Dialing
QnResult Codes Enable/Disable
Sr=n Set Register Value
Sr? Read Register Value
T Tone Dialing
VnResult Code Format
WnResult Code Options
XnResult Code Selection
ZnModem Reset
&CnData Carrier Detect (DCD) Control
&DnData Terminal Ready (DTR) Control
&EnXON/XOFF Pass-Through
&FnLoad Factory Settings
&GnV.22bis Guard Tone Control
&KnFlow Control Selection
&LnLeased Line Operation
&PnPulse Dial Make-to-Break Ratio Selection
&QnAsynchronous Communications Mode
&SnData Set Ready (DSR) Control
&TnLoopback Test (V.54 Test) Commands
&V Display Current Settings
&WnStore Current Configuration
&Zy=xStore Dialing Command
\AnSelect Maximum MNP Block Size
\BnTransmit Break
\KnBreak Control
\NnError Correction Mode Selection
\QnFlow Control Selection
\TnInactivity Timer
\VnProtocol Result Code
-CnData Calling Tone
%A Adaptive Answer Result Code Enable
%B View Numbers in Blacklist
%CnData Compression Control
%DCnAT Command Control
%EnFallback and Fall Forward Control
%HnDirect Connect Enable
%RnCisco Configuration
%SnCommand Speed Response
$EBnAsynchronous Word Length
$DnDTR Dialing
$MBnOnline BPS Speed
$SBnSerial Port Baud Rate
Description: The attention code precedes all command lines except A/, A: and escape sequences.
Command: ENTER Key
Values: n/a
Description: Press the E
NTER (RETURN)
key to execute most commands.
Command: A Answer
Values: n/a
Description: Answer call before final ring.
Command: A/ Repeat Last Command
Values: n/a
Description: Repeat the last command string. Do not precede this command with AT. Do not press E
Command: Bn Communication Standard Setting
Values:
Default: 0 and 15
Description: B0 Select ITU-T V.22 mode when modem is at 1200 bps.
Command: Ds Dial
Values:
Default: none
Description: Dial telephone number
n
= 0–3, 15, 16
B1 Select Bell 212A when modem is at 1200 bps.
B2 Deselect V.23 reverse channel (same as B3).
B3 Deselect V.23 reverse channel (same as B2).
B15 Select V.21 when the modem is at 300 bps.
B16 Select Bell 103J when the modem is at 300 bps.
s
= dial string (phone number and dial modifiers)
s,
where s may up to 40 characters long and include the 0–9, *, #, , B, C, and D
characters, and the L, P, T, V, W, S, comma (,), semicolon (;), !, @, ^ and $ dial string modifiers. Dial
string modifiers:
L Redial last number. (Must be placed immediately after ATD.)
P Pulse-dial following numbers in command.
T Tone-dial following numbers in command (default).
Switch to speakerphone mode and dial the following number. Use ATH command to hang up. W
Wait for a new dial tone before continuing to dial. (X2, X4, X5, X6, or X7 must be selected.)
, Pause during dialing for time set in register S8.
NTER
to execute.
Page 64
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
; Return to command mode after dialing. (Place at end of dial string.)
! Hook flash. Causes the modem to go on-hook for one-half second, then off-hook again.
@ Wait for quiet answer. Causes modem to wait for a ringback, then 5 seconds of silence, before processing next
part of command. If silence is not detected, the modem returns a NO ANSWER code.
^ Disable data calling tone transmission.
$ Detect AT&T call card “bong” tone. The character should follow the phone number and precede the
Command: DS=y Dial Stored Telephone Number
Values:
n
= 0–2 (0–1 for SMI-Parallel {internal})
Default: none
Description: Dial a number previously stored in directory number y by the &Zy=x command. Example: ATDS=2
Command: En Echo Command Mode Characters
Values:
n
= 0 or 1
Default: 1
Description: E0 Do not echo keyboard input to the terminal.
E1 Do echo keyboard input to the terminal.
Command: Fn Echo Online Data Characters
Values:
n =
1
Default: 1
F0 Enable online data character echo. (Not supported.)
F1 Disable online data character echo (included for backward compatibility with some software).
Command: Hn Hook Control
Values:
n
= 0 or 1
Default: 0
Description: H0 Go on-hook (hang up).
H1 Go off-hook (make the phone line busy).
I1 Calculate and display ROM checksum (e.g.,
I2 Check ROM and verify the checksum, displaying
12AB).
OK
or
ERROR.
I3 Display default speed and controller firmware version.
I4 Display firmware version for data pump (e.g., 94).
I5 Display the board ID: software version, hardware version, and country ID
I9 Display the country code (e.g.,
NA Ver. 1).
I11 Display diagnostic information for the last modem connection, such as DSP and firmware
version, link type, line speed, serial speed, type of error correction/data compression,
number of past retrains, etc.
Command: Mn Monitor Speaker Mode
Values:
n
= 0, 1, 2, or 3
Default: 1
Description: M0 Speaker always off.
M1 Speaker on until carrier signal detected.
M2 Speaker always on when modem is off-hook.
M3 Speaker on until carrier is detected, except while dialing.
Command: Nn Modulation Handshake
Values:
n
= 0 or 1
Page 65
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Default: 1
Description: N0 Modem performs handshake only at communication standard specified by S37 and the B
command.
N1 Modem begins handshake at communication standard specified by S37 and the B command. During handshake, fallback to a lower
speed can occur.
Command: On Return Online to Data Mode
Values:
0, 1, 3
Default:
None
Description: O0 Exit online command mode and return to data mode (see
O1 Issue a retrain and return to online data mode.
O3 Issue a rate renegotiation and return to data mode.
Command: P Pulse Dialing
Values:
P, T
Default: T
Description: Configures the modem for pulse (non-touch-tone) dialing. Dialed digits are pulsed until a T
command or dial modifier is received.
Command: Qn Result Codes Enable/Disable
Values:
Default: 0
Description: Q0 Enable result codes.
Q1 Disable result codes.
Q2 Returns an
n
= 0 or 1
OK
for backward compatibility with some software.
+++AT<CR>
escape sequence).
Command: Sr=n Set Register Value
Values:
Default:
None
Description: Set value of register Sr to value of
Command: Sr? Read Register Value
Values: r = S-register number
Default: None
Description: Read value of register Srand display it in 3-digit decimal form (e.g., S2? gives the response 043).
Command: T Tone Dialing
Values: P, T
Default: T
Description: Configures the modem for DTMF (touch-tone) dialing. Dialed digits are tone dialed until a P command or
Command: VnResult Code Format
Values: n = 0 or 1
Default: 1
Description: V0 Displays result codes as digits (terse response).
Command: WnResult Code Options
Values: n = 0, 1, or 2
Default: 2
Description: W0 CONNECT result code reports serial port speed, disables protocol result codes.
W1 CONNECT result code reports serial port speed, enables protocol result codes.
W2 CONNECT result code reports line speed, enables protocol result codes.
r
= S-register number; n varies
n,
where n is entered in decimal format (e.g., S0=1).
dial modifier is received.
V1 Displays result codes as words (verbose response).
Command: XnResult Code Selection
Values: n = 0–7
Page 66
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Default: 4
Description: X0 Basic result codes (CONNECT); does not look for dial tone or busy signal.
X1 Extended result codes (CONNECT 46000 V42bis); does not look for dial tone or busy signal.
X2 Extended result codes with NO DIALTONE; does not look for busy signal.
X3 Extended result codes with BUSY; does not look for dial tone.
X4 Extended result codes with NO DIALTONE and BUSY.
X5 Extended result codes with NO DIALTONE and BUSY.
X6 Extended result codes with NO DIALTONE and BUSY.
X7 Basic result codes with NO DIAL TONE and BUSY.
Command: ZnModem Reset
Values: n = 0 or 1
Default: None
Description: Z0 Reset modem to profile saved by the last &W command.
Z1 Same as Z0.
Command: &CnData Carrier Detect (DCD) Control
Values: n = 0, 1, 2
Default: 1
Description: &C0 Forces the DCD circuit to be always ON.
&C1 DCD goes ON when the remote modem’s carrier signal is detected, and goes OFF when the carrier
signal is not detected.
&C2 DCD turns OFF upon disconnect for time set by S18. It then goes high again (for some PBX
phone systems).
Command: &Dn Data Terminal Ready (DTR) Control
Values:
Default: 2
Description: &D0 Modem ignores true status of DTR signal and responds as if it is always on.
&D1 If DTR drops while in online data mode, the modem enters command mode, issues an
&D2 If DTR drops while in online data mode, the modem hangs up. If the signal is not
&D3 If DTR drops, modem hangs up and resets as if ATZ command were issued.
Default: None
Description: &F0 Load factory settings as active configuration.
Note: See also the Z command.
Command: &Gn V.22bis Guard Tone Control
Values:
Default: 0
Description: &G0 Disable guard tone.
&G1 Set guard tone to 550 Hz.
&G2 Set guard tone to 1800 Hz.
Note: The &G command is not used in North America.
Command: &Kn Flow Control Selection
n
= 12 or 13
n
= 0
n
= 0, 1, or 2
Page 67
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
= 0, 1, or 2
Defaults: 0
Description: &L0 The modem is set for standard dial-up operation.
&L1 The modem is set for leased line operation in originate mode.
&L2 The modem is set for leased line operation in answer mode.
Note: For &L1 and &L2, there is a 30-second window between power up and the starting of the leased line handshake. During this
time, you can turn off the command, if desired.
Command: &Pn Pulse Dial Make-to-Break Ratio Selection
Values:
n
= 0, 1, or 2
Default: 0
Description: &P0 60/40 make-to-break ratio
&P1 67/33 make-to-break ratio
&P2 20 pulses per second
Note: The &P2 command is available only if the country code is set to Japan.
= 0, 5, 6, 8, or 9
Default: 5
Description: &Q0 Asynchronous with data buffering. Same as \N0.
&Q5 Error control with data buffering. Same as \N3. &Q6 Asynchronous with data buffering. Same as \N0. &Q8 MNP error control mode. If MNP error control is not established, the modem falls back
according to the setting in S36.
&Q9 V.42 or MNP error control mode. If neither error control is established, the modem falls
back according to the setting in S36.
Command: &Sn Data Set Ready (DSR) Control
Values:
n
= 0 or 1
Default: 0
Description: &S0 DSR is always ON.
&S1 DSR goes ON only during a connection.
Command: &Tn Loopback Test (V.54 Test) Commands
Values:
n
= 0, 1, 3, 6
Default: None
Description: The modem can perform selected test and diagnostic functions. A test can be run only when the
modem is operating in non-error-correction mode (normal or direct mode). For tests 3 and 6, a
connection between the two modems must be established. To terminate a test in progress, the
escape sequence (+++AT) must be entered.
&T0 Stops any test in progress.
&T1 Starts a local analog loopback, V.54 Loop 3, test. If a connection exists when this
command is issued, the modem hangs up. When the test starts, a
CONNECT
message is
displayed.
&T3 Starts local digital loopback, V.54 Loop 2, test. If no connection exists,
ERROR
is returned.
&T6 Initiates a remote digital loopback, V.54 Loop 2, test without self-test. If no connection exists,
ERROR
is returned.
Page 68
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: &V Display Current Settings
Values: n/a
Description: Displays the active modem settings.
Command: &Wn Store Current Configuration
Values:
Default: 1
Description: &W0 Stores current modem settings in non-volatile memory and causes them to be loaded at
Command: &Zy=x Store Dialing Command
Values:
x = Dialing command
Default: None
Description: Stores dialing command x in memory location
Command: \AnSelect Maximum MNP Block Size
Values: n = 0, 1, 2, or 3
Default: 3
Description: \A0 64-character maximum
\A1 128-character maximum
\A2 192-character maximum
\A3 256-character maximum
Command: \BnTransmit Break
Values: n = 0–9 in 100 ms units
Default: 3
Description: In non-error-correction mode only, sends a break signal of the specified length to a remote modem.
n
= 0 or 1
power-on or following the ATZ command instead of the factory defaults. See &F command.
&W1 Clears user default settings from non-volatile memory and causes the factory defaults to
be loaded at power-on or following the ATZ command.
y
= 0–2 (0–1SMI-Parallel {internal})
y.
Dial the stored number using the command
ATDS=y. See Also the #CBS command, a callback security command.
Works in conjunction with the \K command.
Command: \Kn Break Control
Values: n = 0–5
Default: 5
Description: Controls the modem's response to a break received from: computer, remote modem, or \B
command. Response is different for each of three different states.
Data mode. Modem receives the break from the computer:
\K0 Enter online command mode, no break sent to the remote modem.
\K1 Clear data buffers and send break to the remote modem.
\K2 Same as \K0.
\K3 Send break immediately to the remote modem.
\K4 Same as \K0.
\K5 Send break to the remote modem in sequence with the
transmitted data.
Data mode. Modem receives the break from the remote
modem:
\K0 Clear data buffers and send break to the computer.
\K1 Same as \K0.
\K2 Send break immediately to the computer.
\K3 Same as \K2.
\K4 Send break to the computer in sequence with the received data.
\K5 Same as \K4.
Online command mode. Modem receives a \Bn command from the computer:
\K0 Clear data buffers and send break to the remote modem.
\K1 Same as \K0.
\K2 Send break immediately to the remote modem.
\K3 Same as \K2.
\K5Same as \K4. \K4 Send break to the remote modem in sequence with the transmitted data.
Page 69
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: \NnError Correction Mode Selection
Values: n = 0–5, or 7
Default: 3
Description: \N0 Non-error correction mode with data buffering (buffer mode; same as &Q6). \N1 Direct mode.
\N2 MNP reliable mode. If the modem cannot make an MNP connection, it disconnects.
\N3 V.42/MNP auto-reliable mode. The modem attempts first to connect in V.42 error
correction mode, then in MNP mode, and finally in non-error correction (buffer) mode with
continued operation.
\N4 V.42 reliable mode. If the modem cannot make a V.42 connection, it disconnects.
\N5 V.42, MNP, or non-error correction (same as \ N3). \N7 V.42, MNP, or non-error correction
(same as \ N3).
Command: \Qn Flow Control Selection
Values: n = 0, 1, or 3
Default: 3
Description: \Q0 Disable flow control (same as &K0). \Q1 XON/XOFF software flow control (same as &K4). \Q2 CTS-only flow control. Not supported.
\Q3 RTS/CTS hardware flow control (same as &K3).
Command: \Tn Inactivity Timer
Values: n = 0, 1–255
Default: 0
Description: Sets the time (in minutes) after the last character is sent or received that the modem waits before
disconnecting. A value of zero disables the timer. Applies only in buffer mode.
Note: You can also set the inactivity timer by changing the value of S30.
Command: \Vn Protocol Result Code
Values: n = 0, 1, or 2
Default: 1
Description: \V0 Disables the appending of the protocol result code to the DCE speed.
\V1 Enables the appending of the protocol result code to the DCE speed.
\V2 Same as \V1.
Description: \X0 Modem responds to and discards XON/XOFF characters. \X1 Modem responds to and
Command: -Cn Data Calling Tone
Values:
Defaults: 1
Description: -C0 Disable V.25 data calling tone to deny remote data/fax/voice discrimination.
Command: %A Adaptive Answer Result Code Enable
Values:
Default: 0
Description: The %A command controls whether the DATA or FAX result codes will be sent by the modem.
%A1 Enables adaptive answer result codes.
n
= 0 or 1
passes XON/XOFF characters. Note: This is also controlled via &E6 and &E7.
n
= 0 or 1
-C1 Enable V.25 data calling tone to allow remote data/fax/voice discrimination.
n
= 0 or 1
The modem must be in fax mode for this command to work. Also, the modem must be set to +FAA=1,
which enables the modem to distinguish between a fax and a data call. When these commands
are enabled, the modem sends DATA to the computer when it detects data tones and FAX when it
detects fax tones. These strings are used by some servers to select the appropriate
communication program. %A0 Disables adaptive answer result codes.
Page 70
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: %B View Numbers in Blacklist
Values: n/a
Description: If blacklisting is in effect, AT%B displays the numbers for which the last call attempted in the
previous two hours failed. In countries that do not require blacklisting, the
ERROR
result code
appears.
Command: %Cn Data Compression Control
Values:
n
= 0 or 1
Default: 1
Description: %C0 Disable V.42bis/MNP 5 data
compression. %C1 Enable
V.42bis/MNP 5 data compression.
Command: %DCn AT Command Control
Values:
n
= 0 or 1
Default: 0
Description: %DC0 The modem responds to AT commands.
%DC1 The modem ignores AT commands.
Note: The modem will respond to AT%DC for 10 seconds after power-up.
Command: %En Fallback and Fall Forward Control
Values:
n
= 0, 1, or 2
Default: 2
Description: %E0 Disable fallback and fall forward.
%E1 Enable fallback, disable fall forward.
%E2 Enable fallback and fall forward.
Command: %Hn Direct Connect Enable
Values:
n
= 0, 1
Default: 0
Description: %H0 Sets callback security to normal operation.
%H1 All callback security calls will be direct connect regardless of whether the password or
phone number has the - character.
Command: %Rn Cisco Configuration
Values:
n
= 0, 1
Default: 0
Description: %R0 Disables Cisco configuration.
%R1 Sets E0, Q1, &D0, \N0, $SB9600, and %S1 for operation with a Cisco router.
Command: %Sn Command Speed Response
Values:
n
= 0, 1
Default: 0
Description: %S0 Sets modem to respond to AT commands at all normal speeds.
%S1 AT commands accepted at 115200 bps only. Commands at other speeds are ignored.
Command: $Dn DTR Dialing
Values:
n
= 0 or 1
Default: 0
Description: $D0 Disables DTR dialing.
$D1 Dials the number in memory location 0 when DTR goes high.
Description: $RP0 The AT command will have priority over the ring. S1 will be reset to 0 if
an AT command is received. This command is storable to memory.
ring are received together and the incoming call will be answered when S1 is equal to S0. Note:
SocketModems do not detect ring cadence of TelTone telephone line simulators as a valid ring.
n=
speed in bits per second
$SB1 200 Sets serial port to 1200 bps
$SB2400 Sets serial port to 2400 bps
$SB4800 Sets serial port to 4800 bps
$SB9600 Sets serial port to 9600 bps
$SB1 9200 Sets serial port to 19200 bps
$SB38400 Sets serial port to 38400 bps
$SB57600 Sets serial port to 57600 bps
$SB1 15200 Sets serial port to 115200 bps
$SB230400 Sets serial port to 230400 bps
Command: +VDR=x, y Distinctive Ring Report
Values: x = 0, 1 Distinctive Ring report control. See description.
y = 0–255 Minimum ring interval in 100 ms units. See description.
Default: 0, 0
Description: Enables reporting of ring cadence information to the DTE and specifies the minimum ring
cadence that will be reported.
The report format is one line per silence period and one line per ring period. The length of the
silence period is in the form DROF=number in units of 100 ms<CR><LF>, and the length of the ring is in
the form DRON=number in units of 100 ms<CR> <LF>. The modem may produce a Ring event
code after the DRON message if enabled by the y parameter. The y parameter must be set to
a value equal to or smaller than the expected ring cadence in order to pass the report to the DTE.
+VDR=0, n/a Disables Distinctive Ring cadence reporting.
+VDR=1, 0 Enables Distinctive Ring cadence reporting. Other call progress result codes
+VDR=1, >0 Enables Distinctive Ring cadence reporting. The RING result code is reported
+VDR=? Displays the allowed values.
+VDR? Displays the current value.
(including RING) are reported as normal.
after the falling edge of the ring pulse (i.e., after the DRON report).
Page 72
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: #CBAn Callback Attempts
Values: n = 1–255
Default: 4
Description: Sets the number of callback attempts that are allowed after passwords have been
exchanged between modems.
Command: #CBDn Callback Delay
Values: n = 0–255
Default: 15
Description: Sets the length of time (in seconds) that the modem waits before calling back the remote modem.
Description: Initiates remote configuration mode while online with remote modem. The remote
configuration escape character (%) is defined in register S13.
V.92 Commands
Command: +MS= Modulation Selection
Values: See description.
Defaults: See description.
Description: This extended-format command selects modulation, enables or disables automode, and
specifies the highest downstream and upstream connection rates using one to four
subparameters. The command syntax is
Subparameters that are not entered retain their current value. Commas separate optional
subparameters, and must be inserted to skip a subparameter. Example: +MS=,0<CR> disables
+MS=? Reports supported options in the format (list of supported mod values),(list of supported
+MS? Reports current options in the format mod, automode, 0, max_rate, 0, max_rx_rate.
Subparameters
mod
automode and keeps all other settings at their current values.
Specifies the preferred modulation (automode enabled) or the modulation to use in
originating or answering a connection (automode disabled). The default is V92.
Page 74
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
V.32bis, etc.
Valid
9600,
mod
V922 V92
V903 V.90
V34 V.34 33600, 31200, 28800, 26400,
Modulation Possible rates (bps)1
50666, 49333, 48000,46666, 45333, 44000,
50666, 49333, 48000,46666, 45333, 44000,
24000, 21600,19200,16800, 14400, 12000,
V32B V.32bis 14400, 12000, 9600, 7200, or 4800
V32 V.32 9600 or 4800
V22B V.22bis 2400 or 1200
V22 V.22 1200
V23C V.23 1200
V21 V.21 300
Bell212A Bell 212A 1200
Bell103 Bell 103 300
Notes:
1.
See optional <automode>, <max_rate>, and
<max_RX_rate> subparameters.
2.
Selects V.92 modulation as first priority. If a V.92 connection
cannot be established, the modem attempts V.90, V.34,
automode
Annex A. Automode is disabled if values are specified for the max_rate and max_rx_rate parameters. The options are:
0 Disable automode
1 Enable automode (default)
max_rate
connection. The value is decimal coded in units of bps, for example, 33600 specifies the highest rate to be 33600 bps.
0 Maximum rate determined by the modulation selected in mod (default).
An optional numeric value that enables or disables automatic modulation negotiation using V.8 bis/V.8 or V.32 bis
An optional number that specifies the highest rate at which the modem may establish an upstream (transmit)
300–33600
Maximum rate value limited by the modulation selected in mod. For valid max_rate values for each mod
value, see the following table.
mod value
V92, V90, V34
V32B
V32
V22B
V22, V23C, Bell212A
max_rx_rate:
V21, Bell103
An optional number that specifies the highest rate at which the modem may establish a downstream
(receive) connection. The value is decimal coded in units of bps, e.g., 28800 specifies the highest rate to
be 28800 bps.
0 Maximum rate determined by the modulation selected in
300–56000 Maximum rate value limited by the modulation selected in
Command: +PCW=n Call Waiting Enable
Values: n = 0, 1, or 2
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Description: Controls the action to be taken upon detection of a call waiting tone in V.92 mode. Values specified by
this command are not modified when an AT&F command is issued. +PCW=0 Toggles V.24 Circuit 125 and collects Caller ID if enabled by +VCID
+PCW=1 Hangs up
+PCW=2 Ignores V.92 call waiting
+PCW=? Displays the allowed values
+PCW? Displays the current value
Command: +PIG=n PCM Upstream Ignore
Values: n = 0 or 1
Default: 1
Description: Controls the use of PCM upstream during V.92 operation. PCM upstream allows faster upload speeds to
a V.92 server.
+PIG=0 Disables PCM upstream
+PIG=1 Enables PCM upstream
+PIG=? Displays the allowed values
+PIG? Displays the current value
Command: +PMH=n Modem on Hold Enable
Values: n = 0 or 1
Default: 1
Description: Controls if modem on hold procedures are enabled during V.92 operation. Normally controlled by a
modem on hold program. Values specified by this command are not modified when an AT&F command
is issued.
+PMH=0 Enables V.92 modem on hold
+PMH=1 Disables V.92 modem on hold
+PMH=? Displays the allowed values
+PMH? Displays the current value
Command: +PMHF V.92 Modem Hook Flash
Values: n/a
Default: n/a
Description: Causes the DCE to go on-hook for a specified period of time, and then return off-hook
for at least a specified period of time. The specified period of time is normally one-half second, but
may be governed by national regulations. “ERROR” is returned if MOH is not enabled.
Command: +PMHR=n Modem on Hold Initiate
Values: n = 0–13
Default: 0
Description: +PMHR is an action command that causes the modem to initiate MOH with the central site
modem. It returns the following values to indicate what has been negotiated. Valid only if MOH is
enabled and the modem is off-hook or in data mode. Otherwise, ERROR will be returned.
+PMHR=0 Deny MOH request
+PMHR=1 Grant MOH request with 10 second timeout
+PMHR=2 Grant MOH request with 20 second timeout
+PMHR=3 Grant MOH request with 30 second timeout
+PMHR=4 Grant MOH request with 40 second timeout
+PMHR=5 Grant MOH request with 1 minute timeout
+PMHR=6 Grant MOH request with 2 minute timeout
+PMHR=7 Grant MOH request with 3 minute timeout
+PMHR=8 Grant MOH request with 4 minute timeout
+PMHR=9 Grant MOH request with 6 minute timeout
+PMHR=10 Grant MOH request with 8 minute timeout
+PMHR=1 1 Grant MOH request with 12 minute timeout
+PMHR=12 Grant MOH request with 16 minute timeout
+PMHR=13 Grant MOH request with indefinite timeout
+PMHR=? Displays the allowed values
+PMHR? Displays the current value
Page 76
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: +PMHT=n Modem on Hold Timer
Values:
Default: 0
Description: Determines if the modem will accept a V.92 Modem on Hold (MOH) request and will set the MoH timeout.
Command: +PQC=n Quick Connect Control
Values: n = 0, 1, 2, or 3
Default: 3
Description: Controls V.92 shortened Phase 1 and Phase 2 startup procedures (Quick Connect). When line conditions are
stable, quick connect results in shortened connect times; however, significant fluctuation in line conditions from call to call can
cause longer connect times; thus, it may be advisable to disable quick connect.
n
= 0–13
+PMHT=0 Deny MOH request
+PMHT=1 Grant MOH request with 10 second timeout
+PMHT=2 Grant MOH request with 20 second timeout
+PMHT=3 Grant MOH request with 30 second timeout
+PMHT=4 Grant MOH request with 40 second timeout
+PMHT=5 Grant MOH request with 1 minute timeout
+PMHT=6 Grant MOH request with 2 minute timeout
+PMHT=7 Grant MOH request with 3 minute timeout
+PMHT=8 Grant MOH request with 4 minute timeout
+PMHT=9 Grant MOH request with 6 minute timeout
+PMHT=10 Grant MOH request with 8 minute timeout
+PMHT=11 Grant MOH request with 12 minute timeout
+PMHT=12 Grant MOH request with 16 minute timeout
+PMHT=13 Grant MOH request with indefinite timeout
+PMHT=? Displays the allowed values
+PMHT? Displays the current value
+PQC=0 Enables Short Phase 1 and Short Phase 2 (Quick Connect)
+PQC=1 Enables Short Phase 1
+PQC=2 Enables Short Phase 2
+PQC=3 Disables Short Phase 1 and Short Phase 2
+PQC=? Displays the allowed values
+PQC? Displays the current value
Command: +VCID=n Caller ID Selection
Values: n = 0, 1, or 2
Default: 0
Description: Enables Caller ID detection and configures the reporting and presentation of the Caller ID data that is
detected after the first ring. The reported data includes the date and time of the call, the caller's name and number, and a
message. Set S0=2.
+VCID=0 Disables Caller ID
+VCID=1 Enables Caller ID with formatted data
+VCID=2 Enables Caller ID with unformatted data
+VCID=? Displays the allowed values
+VCID? Displays the current value
Command: +VDR=x, y Distinctive Ring Report
Values: x = 0, 1 Distinctive Ring report control. See description.
y = 0–255 Minimum ring interval in 100 ms units. See description.
Default: 0, 0
Description: Enables reporting of ring cadence information to the DTE and specifies the minimum ring cadence that
will be reported.
Report format is one line per silence period and one line per ring period. The length of the silence period is
in the form DROF=number in units of 100 ms<CR><LF>, and the length of the ring is in the form
DRON=number in units of 100 ms<CR> <LF>. The modem may produce a Ring event code after the
DRON message if enabled by the y parameter. The y parameter must be set to a value equal to or
smaller than the expected ring cadence in order to pass the report to the DTE.
Page 77
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
+VDR=0, n/a Disables Distinctive Ring cadence reporting.
+VDR=1, 0 Enables Distinctive Ring cadence reporting. Other call progress result codes
(including RING) are reported as normal.
+VDR=1, >0 Enables Distinctive Ring cadence reporting. RING result code is reported after falling
edge of the ring pulse (after the DRON report).
+VDR=? Displays the allowed values.
+VDR? Displays the current value.
Command: #CBAn Callback Attempts
Values: n = 1–255
Default: 4
Description: Sets the number of callback attempts that are allowed after passwords have been exchanged between
modems.
Command: #CBDn Callback Delay
Values: n = 0–255
Default: 15
Description: Sets the length of time (in seconds) that the modem waits before calling back the remote modem.
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
#CBS1 Enables local and remote callback security.
#CBS2 Enables remote callback security only.
#CBS3 Disables callback security until local hangup or reset.
Command: #Pn Set 11-bit Parity
Values: n = 0 or 1
Default: 2
Description: #P0 No parity.
#P1 Odd parity.
#P2 Even parity.
Command: #Sx Enter Setup Password
Values: x= password (1–8 characters, case sensitive)
Default: MTSMODEM
Description: Enters the callback security setup password.
Command: #S=x Store Setup Password
Values: x= password (1–8 characters, case sensitive)
Default: MTSMODEM
Description: Stores a new callback security and remote configuration setup password.
S-Registers
Certain modem values, or parameters, are stored in memory locations called S-Registers. Use
the S command to read or to alter the contents of S-Registers (see previous section).
Register Unit Range Default Description
S0
S1
S2
128–255 Values greater than 127 disable escape.
S3
S4
S5
33–1 27 Values greater than 32 disable backspace.
S6
S7
S8
S9
S10
S11
S28
S30
S35
S36
S37
1 ring 0, 1–255 1
1 ring 0–255 0 Counts the rings that have occurred.
decimal 0–127 43 (+) Sets ASCII code for the escape sequence character.
decimal 0–127 13 (^M) Sets the ASCII code for the carriage return character.
decimal 0–127 10 (^J) Sets the ASCII code for the line feed character.
decimal 0–32 8 (^H) Sets the ASCII code for the backspace character.
seconds 2–65* 2*
seconds 35-65* 50*
seconds 0–65 2
decimal 0, 1–127 37 (%)
100 ms 1–254 20 Sets how long a carrier signal must be lost before the modem disconnects.
1 ms 50–1 50* 95* Sets spacing and duration of dialing tones.
Sets the length of time that the modem waits before disconnecting when no
data is sent or received. A value of zero disables the timer. See also the \T
command
0 disables, 1 enables the V.25 calling tone, which allows remote data/fax/voice
discrimination.
Specifies the action to take in the event of a negotiation failure when error control
is selected. (See S48.)
Sets the maximum V.34 “upstream” speed at which the modem attempts to
connect.
Page 79
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
0 = maximum speed
1 = reserved
2 = 1200/75 bps
3 = 300 bps
4 = reserved
5 = 1200 bps
6 = 2400 bps
7 = 4800 bps
8 = 7200 bps
9 = 9600 bps
10 = 12000 bps
11 = 14400 bps
12 = 16800 bps
13 = 19200 bps
14 = 21600 bps
15 = 24000 bps
16 = 26400 bps
17 = 28800 bps
18 = 31200 bps
19 = 33600 bps
S38 decimal 0–23 1 Sets “downstream” data rate where V.90 provides rates of 28,000 to 56,000 bps in increments of
1,333 bps.
Upstream data rates: Upstream V.90 data rates are 4800 to 33,600 bps in 2400 bps increments.
S43 decimal 0–1 1For testing and debugging only. Enables/disables V.32bis start-up auto mode operation.
0 = disable; 1 = enable.
S48 decimal 7 or 128 7Enables (7) or disables (128) LAPM negotiation. The following table lists the S36 and S48
configuration settings for certain types of connections.
S48=7 S48=128
S36=0, 2 LAPM or hang up Do not use
S36=1, 3 LAPM or async Async
S36=4, 6 LAPM, MNP, or hang up MNP or hang up
S36=5, 7 LAPM, MNP, or async MNP or async
S89 seconds 0, 5–255 10 Sets the length of time in the off-line command mode before the modem goes
into standby mode or “sleep mode”. A value of zero prevents standby mode; a value of
1–4 sets the value to 5. Standby mode (sleep mode or low power mode) is
controlled by S89. It programs the number of seconds of inactivity before the modem
will go to sleep. The default value is 0. A value of 0 disables standby mode. The
Page 80
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
modem will wake on an incoming ring or an AT command.
S108 decimal 0–3, 6, 7 6 Selects the 56K digital loss if using the modem through a PBX line. The default
value is -6 dB loss, the value used when calling from a typical POTS line long
distance.
0 = -0 dB digital loss, no robbed-bit signaling
1 = -3 dB PBX digital loss
2 = -2 dB digital loss
3 = -3 dB digital loss
6 = -6 dB digital loss
7 = -0 dB digital loss with robbed-bit signaling
Result Codes
In command mode your modem can send responses called Result Codes to your computer. Result codes are used by communications programs
and can also appear on your monitor.
Command executed
Modem connected to line
Ring signal detected
Carrier signal lost or not detected
Invalid command
Connected at 1200 bps
No dial tone detected
Busy signal detected
No answer at remote end
Connected at 75 bps
Connected at 2400 bps
Connected at 4800 bps
Connected at 9600 bps
Connected at 14400 bps
Connected at 19200 bps
Connected at 57600 bps
Connected at 7200 bps
Connected at 12000 bps
Connected at 38400 bps
Connected at 300 bps
Connected at 21600 bps
Connected at 24000 bps
Connected at 26400 bps
Connected at 28800 bps
Connected at 31200 bps
Connected at 33600 bps
Connected at 32000 bps
Connected at 34000 bps
Connected at 36000 bps
Connected at 38000 bps
Connected at 40000 bps
Connected at 42000 bps
Connected at 44000 bps
Connected at 48000 bps
Connected at 50000 bps
Connected at 52000 bps
Connected at 54000 bps
Connected at 56000 bps
Connected at 58000 bps
Connected at 60000 bps
Connected at 16800 bps
Page 81
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
* EC is added to these result codes when the extended result codes configuration option is enabled. EC is replaced by one of the
following codes, depending on the type of error control connection:
V42bis
– V.42 error control (LAP-M) and V.42bis data compression
V42
– V.42 error control (LAP-M) only
MNP5
– MNP 4 error control and MNP 5 data compression
MNP4
– MNP 4 error control only
NoEC
– No error control protocol).
116 CONNECT 26666
CONNECT 29333
CONNECT 49333
Connected at 115200 bps
Delay is in effect for the dialed number
Dialed number is blacklisted
Blacklist is full
Connected at 230400 bps
Connected at 28000 bps
Connected at 29333 bps
Connected at 30666 bps
Connected at 33333 bps
Connected at 34666 bps
Connected at 37333 bps
Connected at 38666 bps
Connected at 41333 bps
Connected at 42666 bps
Connected at 45333 bps
Connected at 46666 bps
Connected at 49333 bps
Connected at 50666 bps
Connected at 53333 bps
Connected at 54666 bps
Connected at 25333 bps
Connected at 26666 bps
Page 82
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix D: DC Power
2
5
6
D.1: Assembly of the WAGO MCS DC Power Connector
What you will need: Small flat-blade screwdriver, Wire stripper, DC power connector kit
(provided with DC models), 48 VDC power cord (See Step 2, below and Appendix D.3)
4
WAGO MCS DC power connector:
1. Brown = -48VDC
2. Green/Yellow = Power Supply Ground
3. Blue = Common
1. Turn off the circuit breaker to the DC power supply.
2. Select a UL style 1028 or other UL 1581 (VW-1) compliant equivalent 16 AWG three-wire set
(-48V, Power Supply Ground and Common).
3. Strip 0.35 inches (9 mm) of installation from each wire.
4. Insert a small flat-blade screwdriver, one at a time, into each of the connector’s clamp slots
to depress the internal wire clamp.
5. Insert the appropriate wire into the connector. Remove the screwdriver.
Check that the clamp has captured the wire. Repeat steps 4 and 5 for the other two wires.
6. Attach the provided strain relief to the connector. Be sure to use a tie-wrap to firmly attach
the strain relief to the cable.
7. Attach the connector to the socket on the back of the Console Server. Repeat the above
steps to attach each power module input.
Page 83
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
WAGO MCS DC power connector
-48VDC Power Supply (removed from back panel)
Input voltage: -48VDC
Minimum voltage: -40 VDC
Maximum voltage: -60 VDC
Maximum operating current: 0.5A
The DC power source must be:
• Electrically isolated from any AC source
• Reliably connected to earth ground
• Capable of providing up to 100 Watts of continuous power
D.2: Over-Current Protection
Over-current protection requirements:
• 10 Amp fast trip
• Double pole
• DC rated
Over-current protection devices (e.g., circuit breakers) must be provided as part of each
equipment rack and are not included with the Console Server. The device must be
located between the DC power source and the Console Server.
D.3: DC Supply Connector
The supply input connectors are provided with each Console Server; the conductors
are not.
• Insulation color: per applicable national electrical codes.
• Grounding cable insulation color: green/yellow
Page 84
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The cable type should be one of the following:
• UL style 1028 or other UL 1581 (VW-1) compliant equivalent
• IEEE 383 compliant
• IEEE 1202-1 991 compliant
Appendix E: Assign an IP Address to a Device Port
Version 1.7-9 of the SCS software can assign an IP address to the SCS’s device ports.
The user can use ssh to access a port directly without having to first login to the SCS. If
DNS is used to give names to each address it becomes easier to associate device ports
with the corresponding server.
To do this, modify the openSSH server code. The SCS ships with the original ssh code
installed and running. Several steps are taken to use the modified ssh program and to
assign addresses to the device ports. There is a README file called:
/usr/local/doc/README.lsisshd that explains the steps to use the feature.
The steps are:
1.
Run a makefile to replace the original ssh with our modified version
2.
Edit the configuration file that defines the IP addressing
3.
Run a makefile that creates the IP configuration
Appendix F: Adapter Pin-Outs
The following pages show the pin-out drawings for the adapters which are supplied
in the accessory kit with each Console Server.