Thinklogical Secure Console Server User Manual

Secure Console Servers
SCS, SCS-R and Sentinel Models
Product Manual
Thinklogical, LLC®
100 Washington Street
Milford, Connecticut 06460 U.S.A.
Telephone: 1-203-647-8700
Fax: 1-203-783-9949
www.thinklogical.com
Revision K, July, 2013
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Copyright Notice
Copyright © 2013. All Rights Reserved. Printed in the U.S.A.
Thinklogical, LLC®
100 Washington Street
Milford, Connecticut 06460 U.S.A.
Telephone: 1-203- 647-8700
All trademarks and services marks are property of their respective owners.
Appendix C copyright © 2003, by Multi-Tech Systems, Inc.
Subject: SCS80 / SCS160 / SCS320 / SCS480 / SCS80R / SCS160R /
SCS320R / SCS480R / Sentinel 32
Revision: K, July 2013.
Page 2
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
TABLE OF CONTENTS
PREFACE (Notes & Warnings) 7
1. Introduction 7
1.1 SCS Models Covered in this Manual 7
1.2 System Features 10
1.3 Software Features 10
1.4 Hardware Features 10
1.4.1 SCS80R, SCS160R, and SCS320R Hardware 11
1.4.2 SCS480R Hardware 11
1.4.3 Sentinel 32 Hardware 11
1.5 Technical Specifications 12
1.6 Documentation 13
2. Product Overview 13
2.1 Intended Application 13
2.2 System Chassis 14
2.2.1 SCS80 / SCS160 / SCS320 / SCS480 14
2.2.2 SCS80R / SCS160R / SCS320R / SCS480R 14
2.2.3 Sentinel 32 14
2.3 Connecting to the SCS 14
2.3.1 Serial Devices 15
2.3.1.1 Break Safe 15
2.3.2 IP Network 15
2.3.3 AC Power 16
2.3.3.1 SCS80 / SCS160 / SCS320 / SCS480 16
2.3.3.2 SCS80R / SCS160R / SCS320R / Sentinel 32 16
2.3.3.3 SCS480R 16
2.3.4 DC Power 16
2.4 User Access Control 16
2.4.1 User Sessions 17
2.5 Port buffers 17
2.5.1 How to Disable Buffering 17
3. Installation 17
3.1 Mounting the SCS 17
3.1.1 Rack Mount or Desktop 17
3.1.2 Front Panel Display and Buttons 18
3.1.3 Convection Cooled 18
3.2 Connections 18
3.2.1 Power 20
3.2.2 AC Input 20
3.2.3 Connecting to the Network Port 20
3.2.3.1 SCS-R and Sentinel 32 Dual NIC Interface 20
3.2.4 Connect your Console 21
3.2.4.1 SCS-R and Sentinel 32 Dual Console Interface 21
3.2.5 Connect to the Ports 21
3.2.5.1 Automated Port Configuration Tests 22
3.2.5.2 Port Adapters 22
3.2.5.3 Serial Port Pin-out 22
3.3 SCS-R and Sentinel Power Modules 23
3.3.1 Power Module Replacement 23
Page 3
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.4 SCS-R and Sentinel -48VDC Power Modules 24
3.4.1 Wiring the -48VDC Connector 25
3.4.2-48VDC Power Module Replacement 26
4. Initial Configuration 27
4.1 Default Configuration 27
4.2 Initial System Security Concerns 27
4.3 Front Panel Network Setup 27
4.3.1 Front Panel Edit Mode 27
4.3.1.1 Start Front Panel Edit Mode 28
4.3.1.2 Program Network 28
4.4 Initial Connection via Network 33
4.4.1 Network Connection Requirements 33
4.4.2 Route via Linux Workstation 33
4.4.3 Route via Windows Workstation 33
4.5 Initial Connection via Console port 35
4.6 How to Access the LSI SCS Web Setup Interface 35
5. System Overview 35
5.1 SCS Systems are Linux-based 35
5.1.1 Linux General Public License 35
5.1.2 SCS System Architecture 35
5.2 Initial System Administrator (sysadmin) Access 36
5.2.1 Enter Commands 36
5.2.2 Log Out 36
5.3 Default Services 36
5.3.1 Configure the Services 36
6. Commands 38
6.1 System Commands 38
6.1.1 save 38
6.1.2 reboot 38
6.1.3 power off 39
6.1.4 Other Linux Commands 39
6.2 Change Logging Level 41
7. System Administration 41
7.1 Security 41
7.2 Change Network Address 41
7.2.1 Run netconfig 41
7.2.1.1 Save your netconfig changes 42
7.2.2 More Than One Nameserver 43
7.3 Change Hostname 43
7.4 Time Configuration 43
7.5 Change NIC Speed 43
7.6 Configure Authentications 44
7.7 Front Panel Display Options 44
7.7.1 Display Mode Parameters 45
7.7.1.1 Edit 45
7.7.1.2 View 45
7.7.1.3 LINE_1= 45
7.7.1.4 LINE_2= 45
7.7.1.5 Display OFF 46
Page 4
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.8 Network Time Service 46
7.8.1 Configure NTP 46
7.8.2 Start the NTP Service 46
7.9 NIS and User Port Permissions 46
7.9.1 User Port Control 47
7.9.2 NIS Port Access 47
7.9.3 User Names and Groups 48
7.9.4 NIS Database file 48
7.9.5 NIS Make file 48
7.9.6 NIS Configuration File 49
7.10 NFS 49
7.10.1 Remote NFS Directory 49
7.11 SNMP 50
7.11.1Start SNMP 50
7.12 syslog 50
7.13 Timeouts 52
7.14 Changing Serial Port Settings 50
7.14.1 Disable Buffering while in Interactive 50
8. Administering Users 51
8.1 User Setup 51
8.1.1 adduser 51
8.1.2 edituser 52
8.1.3 deluser 52
8.1.4 Other Editing Commands 52
8.1.4.1 editbrk <name> 52
8.1.4.2 editesc <name> 52
9. User Operations 52
9.1 User Accounts 52
9.1.1 SCS users 52
9.1.2 root user 52
9.2 Port Identities 53
9.3 What Users Can Do 53
9.3.1 Access via Network 53
9.3.1.1 Secure Shell Host (ssh) to a Port 53
9.3.2 Access via console port 53
9.3.3 Interactive Mode 53
9.3.3.1 Break Sequence 53
9.3.3.2 Escape Sequence 54
9.4 Monitor Mode 54
9.5 Browse the buffers 54
9.6 Clear the Port buffers 54
10. Regulatory & Safety 55
10.1 Safety Requirements 55
10.1.1 Symbols found on the Product 55
10.2 Regulatory Compliance 55
10.2.1 North America 55
10.2.2 European Union 55
10.2.2.1 Declaration of Conformity 55
10.2.2.2 Standards to Which Our Products Comply 55
Page 5
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
10.2.2.3 Supplemental Information 56
10.3 Product Serial Number 56
10.4 Lithium Battery 57
10.5 SCS-R Models and Sentinel 32 Power Modules 57
11. How to Contact Us 57
11.1 Customer Support 57
11.1.1 Website 57
11.1.2 E-mail 58
11.1.3 Telephone 58
11.1.4 Fax 58
11.2 Product Support 58
11.2.1 Limited Warranty Information 58
APPENDICES A File System 60
B FAQ 61 C Sentinel 32 Modem Commands 62 D DC Power 83 E Assigning IP Addresses to a Device Port 85 F Adapter Pin-outs 85 G Quick Start Guide 90
Page 6
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
PREFACE
NOTES and WARNINGS
Throughout this manual you will notice certain highlighted conventions that bring your attention to important information. These are Notes and Warnings. Be sure to read each highlighted note and warning before proceeding. Examples are shown below.
!
Important Notes appear in blue text preceded by a yellow exclamation point symbol,
as shown here.
A note is meant to call the reader’s attention to helpful information at a point in the text that is relevant to the subject being discussed.
Warnings! appear in red text preceded by a red stop sign, as shown here.
A warning is meant to call the reader’s attention to critical information at a point in the text that is relevant to the subject being discussed.
1. Introduction
This document pertains to the Secure Console Server (SCS) line of products developed and built by Thinklogical®, Inc. of Milford, Connecticut, USA and covers the installation, configuration and operation of all SCS models. This document also covers User and Administrator Operations, Regulatory & Safety Requirements and Customer Support information.
1.1 SCS Models Covered in this Manual
All Thinklogical® Secure Console Server (SCS) models covered in this manual are similar in physical appearance, setup and functionality. Each available model is featured on the following pages.
Page 7
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
SCS80 - 8-Port 1U Secure Console Server
SCS160 - 16-Port 1U Secure Console Server
SCS320 - 32-Port 1U Secure Console Server
SCS480 - 48-Port 1U Secure Console Server
The SCS80R, SCS160R, SCS320R and SCS480R models are designed with dual hot­swappable Power Modules which operate redundantly and two network ports and console port connections. The ‘R’ models are otherwise similar to the SCS80, SCS160 and SCS320.
SCS80R - 8-Port 1U Redundant Power Secure Console Server
SCS1 60R - 16-Port 1U Redundant Power Secure Console Server
Page 8
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
SCS320R - 32-Port 1U Redundant Power
Secure Console Server
SCS480R - 48-Port 1U Redundant Power
Secure Console Server
The Sentinel 32 model is designed with dual hot-swappable redundant Power Modules. In addition, the Sentinel 32 offers field replaceable, modular eight-port circuit cards, modular network and console port connections, and an analog modem option.
Sentinel 32 - 32-Port 1U Modular, Redundant Power
Secure Console Server
International Models
The following SCS models are available for International customers and are shipped with regionally appropriate power cord sets. Otherwise, each international model is similar to the domestic SCS80 / SCS160 / SCS320 / SCS480 / SCS80R / SCS160R / SCS320R / SCS480R and Sentinel 32 models.
SCS801 - 8-Port 1 U Secure Console Server, International
SCS1601 - 16-Port 1U Secure Console Server, International
SCS3201 - 32-Port 1 U Secure Console Server, International
SCS4801 - 48-Port 1 U Secure Console Server, International
SCS801R - 8-Port 1 U Redundant Power Secure Console Server, International
SCS1601R - 16-Port 1 U Redundant Power Secure Console Server, International
SCS3201R - 32-Port 1 U Redundant Power Secure Console Server, International
SCS4801R - 48-Port 1 U Redundant Power Secure Console Server, International
Sovereign 32 - 32-Port 1 U Modular, Redundant Power Secure Console Server,
International
Page 9
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
1.2 System Features
Each SCS system includes the following features:
Linux operating system and command set
Connections for up to 16, 32 or 48 EIA-232 serial console ports
10 baseT/100 baseTX network compatibility
Pre-configured from the factory: User ready, right from the box
Open secure shell host (ssh)
NFS and NIS support
ssh to a Serial Port support
Break Safe - No undesired “break” signals are sent to connected servers.
The SCS-R models also offer the following additional features:
Dual Hot-Swappable, Redundant Power Modules
Dual 10 baseT/100 baseTX Network Port interfaces
Dual console port interfaces (one DTE, one DCE)
Power Monitoring with Module outage notification
The Sentinel 32 and Sovereign 32 include the all features of the SCS-R models plus:
Hot-swappable, modular console/network and serial port circuit cards
Optional analog modem in place of the second console port.
1.3 Software Features
All SCS Models are designed with network administrators in mind. No special administration tools, training or procedures required. You know Linux, we run Linux.
Open-source Linux Operating System (Red Hat compatible).
Proprietary SCS features command-line options that follow the standard Linux / UNIX
command formats for ease of administration.
Factory pre-configured to be operational out-of-the-box.
The SCS line allows up to 250 simultaneous user sessions to access up to 48 serial ports. The attached components may be any variety of network center servers, workstations or other devices with a serial port that must be monitored.
1.4 Hardware Features
SCS systems mount in industry-standard 19” equipment racks or can be placed on a shelf or table top. Each SCS operates independently and is accessible using a secure network connection or a local serial terminal (setup by your System Administrator or “sysadmin”).
Rack-mount (19 inch), 1U tall (1.75 in./ 4.5 cm) metal chassis
16, 32 or 48 serial ports (CAT5 cables with RJ45 connectors)
Front panel LCD with push buttons for network setup
10/100 BaseT Network Port
Console port (CAT5 cables with RJ45 connectors)
Universal AC power input (100-240V, 50/60 Hz)
Convection cooling
256KB-per-port Buffer for Port data
Page 10
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The SCS can help troubleshoot your networking environment. The SCS is a
"listening" system that monitors messages (ASCII data, server error information, etc.) from the serial ports of the device to which each Port is connected. The SCS captures the data by writing it to a port buffer that can hold 256K bytes of data per port. This buffered data gives the sysadmin a history of console port messages that can be reviewed for troubleshooting a connected device. Having access to the console port messages can make problems easier to identify, minimizing downtime. In most cases
the sysadmin can save the buffered data from each port buffer to another server (e.g., via NFS) in your network. This is important to note because the Port data
(buffered) is stored in RAM and will be lost if the SCS is powered down.
!
NOTE: Console port messages are stored in RAM and will be lost when the
SCS is powered down.
1.4.1 SCS80R, SCS160R and SCS320R Hardware
The SCS80R, SCS160R, and SCS320R models offer hardware redundancy for power, network and console ports. Features include dual NIC inputs, dual console port inputs and hot-swappable Power Modules with discrete inputs. This allows the customer to use redundant power sources with the SCS system and, if necessary, can be field-replaced. Power supply status alerts the system administrator in the event of a power failure from one of the power supplies.
1.4.2 SCS480R Hardware
The SCS480R offers redundant, hot-swappable, front-panel-accessible power supplies, dual NIC interfaces, dual console ports and 48 serial ports.
1.4.3 Sentinel 32 Hardware
The Sentinel 32 offers redundant power supplies as described in Section 1.4.1. The dual network and console ports are also field replaceable. A dual network/console/modem module is available which replaces the second console port with an analog modem. In addition, the Sentinel uses hot-swappable circuit modules that allow for field
replacement of groups of eight serial ports without affecting the other ports. Sentinel 32 modules:
Console/Network Module Console/Network/Modem Module 8 Port Interface Module
Page 11
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
1.5 Technical Specifications
Each Thinklogical® SCS system is designed to the following specifications:
Linux command-line access via ssh or local console port.
User Interface
Serial Interface
(Ports)
Serial Interface
(Console)
Backlit 2-line front-panel LCD display showing network configuration. Five front-panel push buttons with UI for network
SCS80/SCS80R = 8 Ports; SCS160/SCS160R = 16 Ports; SCS320/SCS320R/Sentinel 32 = 32 Ports; SCS480/SCS480R = 48 Ports. RJ45-type 8-conductor connector (DTE or DCE; software selectable). Software selectable data rate from 300-115K Baud. Software selectable EIA-232 parameters.
256KB FIFO Buffer in RAM (per Port). 80/160/320/480: RJ45-type 8-conductor connector (DCE configuration)
80R/160R/320R/Sentinel 32: Dual RJ45-type 8-conductor connector ­one DTE, one DCE
Software selectable data rate from 300-115K Baud Software selectable EIA-232 parameters
Network interface
(Network)
Modem
CPU & Memory
Power Supply
Dimensions
Weight
Temperature
Relative Humidity
80/160/320/480: 10/100 BaseT RJ45 8-conductor Ethernet 80R/160R/320R/480R/Sentinel 32: Dual 10/100 BaseT RJ45 8-conductor Ethernet TCP/IP
A V.92 analog modem is available as an option with the Sentinel 32 for those users who require a connection over a telephone network
AMD SC520 CPU, operating at 133MHz. 256MB Compact Flash (CF) memory (non­volatile). 128MB RAM for real time use.
Universal AC Power Input, 100-240VAC, 50/60 Hz, 0.5A each input IEC-type regional cord set(s) included. “R” Models are also available with a -48VDC Power Supply option.
1U: 1.75” H x 17.25” W x 14.75” D (4.5cm x 43.8cm x 37.5cm)
4.5 kg (10 lbs)
Operating: 0° to 50°C (32° to 122°F), 30-90% RH, non-condensi ng Storage: -20° to 70°C (-4° to 158°F), 10-90% RH, non-conden sing
Operating: 10- 90% non-condensing (40-60% recommended) Storage: 10-90% non-condensing
Page 12
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
1.6 Documentation
The SCS comes with the standard Linux manual pages (hereafter referred to as “man pages”) installed; English is the default language, but several other language versions (including German, French & Italian) are also available.
While this manual gives a brief description of some LSI programs, the SCS contains the latest man pages for the LSI programs, scripts and configuration files. If the man page conflicts with this manual, the man page should be followed. Therefore, the SCS is the primary source for software documentation, not the manual. We make every effort to keep the manual current, but if you find a discrepancy, please let us know.
If ‘standard’ Linux programs (sty is one) are modified by LSI, the corresponding man pages will reflect the changes.
Selected Linux HOWTOs and READMEs can be found at /usr/local/doc. More documentation can be found at www.tldp.org.
2. Product Overview
Optimize your System Administration and Network Resources
2.1 Intended Application
Thinklogical® Secure Console Servers are used to securely monitor and centrally manage up to 48 of your networking systems (servers, routers, switches, etc.). They do so by monitoring the console port of your network center’s devices and systems. Each attached component must have an EIA-232 compatible serial port. The SCS80 and SCS80R support 8 ports, SCS160 and SCS160R support 16 ports, SCS320, SCS320R, and Sentinel 32 support 32 ports and the SCS480 and SCS480R support 48 ports. Security is maintained through encryption and user passwords. The SCS80R, SCS160R, SCS320R, SCS480R, and Sentinel 32 systems are used where redundant power concerns exist, where hot-swap replacement of Power Modules is a concern or where more than one network connection or console port connection is required.
User accounts are set up by the root user, or sysadmin of the SCS. A user can access the attached servers using commands from a local terminal or through an ssh-protocol (secure) network connection. In order to interact with a device the user must have read, review or write access to that port.
Users can interact with each of the attached devices by logging into the SCS and entering the connect command and the Port number or Port name at the command prompt. The SCS acts as a conduit for the connection but does not interfere. When the user is not interacting with a network system, the SCS can log the output of the console port to a file so that data may be reviewed later.
User commands are discussed in Section 9, User Operations, beginning on page 52.
Page 13
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
2.2 System Chassis
Each SCS is housed in a rack-mountable metal chassis. Vents are found on both sides of the chassis. Removable 3-position rack mount brackets are provided. The front panel of the SCS features a two-line, backlit LCD display with five user buttons.
2.2.1. SCS80 / SCS160 / SCS320 / SCS480
Each SCS chassis has rear-panel connections for 8, 16, 32 or 48 serial ports, one console port, one network port and power input. The SCS has a built-in universal power supply, a rear-panel power switch and protective fuse.
2.2.2 SCS80R / SCS160R / SCS320R / SCS480R
Each SCS-R chassis has rear-panel connections for 8, 16, 32, or 48 serial ports, two console ports and two network ports. The SCS-R has two hot-swappable Universal Power Modules, each with its own power switch and protective fuse (located on the rear of the chassis of the SCS80R, SCS160R and SCS320R; located on the front of the chassis of the SCS480R). Each Power Module is secured with a captive mounting screw.
2.2.3 Sentinel 32
Each Sentinel 32 chassis has rear panel connections for 32 serial ports, two console ports, two network ports and two hot-swappable Universal Power Modules, each with its own power switch and protective fuse. The serial ports are arranged in four modules of eight ports each for easy field replacement. The two console and two network ports are in a single module. A module with two network ports, one console port and a V.92 modem port is available as an option. All the modules are hot-swappable.
2.3 Connecting to the SCS
All physical connections to the product are made on the rear panel using industry­standard cabling and connectors (purchased separately). All serial connections and network connections use conventional Category 5 cabling with RJ45 jacks. Power is connected using the cord set provided with each SCS system.
Page 14
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Rear View of SCS320 Chassis
Standard SCS models are similar in size and layout, offering a different number of port connectors. The SCS-R models and Sentinel 32 also have dual NIC, dual console ports and dual power inputs. The rack-mount brackets extending from both sides of each model, may be removed for desktop or shelf mounting (see page 17).
Rear View of Sentinel 32 Chassis
!
Note: Due to the modular design, the Sentinel 32 Serial Port connections on
the rear of the chassis are numbered differently from the other SCS models.
2.3.1 Serial Devices
All network components attach to both the Console Ports and must be compatible with the EIA-232 standard. CAT5 cabling with RJ45 connectors are used for the Port connections and for the console port. System ports (numbered from 1 to up to 48) are default-configured as DCE data ports and support a range of baud rates from 300-
115.2K. All Port parameters, including DTE or DCE type and other data parameters, are configurable on a per-port basis.
Each port may also be assigned a unique name: default port names are port1, port2, etc.
2.3.1.1 Break Safe
Thinklogical® SCS systems are “break-safe,” meaning they will not send a “break” command or other data on the serial ports connected to your servers unless initiated by a user. An unwanted “break” signal could cause problems with your servers.
2.3.2 IP Network
The SCS network interface is an auto-sensing 10 BaseT/1 00 BaseTX network connector (equipped with an RJ45 jack with dual LEDs) for use with a conventional TCP/IP network using standard RJ45 CAT5 cables. A default IP address is coded into the system (10.9.8.7), but the network settings should be configured by your system administrator for your site’s requirements and equipment. SCS products are
preconfigured for ssh (secure shell host) access.
Page 15
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
!
Note: The SCS-R and Sentinel 32 models offer two independent network
interface ports. Only the first port (NETWORK 1) is enabled by default.
2.3.3 AC Power
2.3.3.1 SCS80 / SCS160 / SCS320 / SCS480
A single IEC-type Power Entry Module is located on the rear of the chassis. The power entry module incorporates a replaceable protective fuse (2A) and an On/Off switch. An IEC cord set is provided with each SCS chassis. Connect the cord set to a local AC power source. Turn the power switch on.
2.3.3.2 SCS80R / SCS160R / SCS320R / Sentinel 32
Two removable AC Power Modules, identified as Left and Right are found on the rear of the chassis. Either AC module can fully support the system and, with both turned on, operate redundantly. The SCS-R and Sentinel 32 systems have an AC power monitoring capability to alert the system administrator in the event of an AC power outage.
Each AC Module has an IEC-type power entry module. The power entry module features a replaceable, protective fuse (2A) and an On/Off switch. Two IEC cord-sets are provided with each SCS-R and Sentinel 32 chassis. Connect both cord sets to a standard AC power source. Turn both power switches ON ( l ).
Warning! Turn the module POWER OFF and remove its power cord BEFORE
removing a power module. A hazardous voltage condition might otherwise exist.
2.3.3.3 SCS480R
Two removable AC Power Modules, identified as Left and Right are found on the front of the chassis. Either AC module can fully support the system and if both are turned on, will operate redundantly. The SCS-R and Sentinel 32 systems have an AC power monitoring capability to alert the system administrator in the event of an AC power outage. A 250VAC 2A fuse is provided on each SCS480R Power Module and can be replaced when the module is removed from the unit.
2.3.4 DC Power
The Sentinel and SCS-Rs can be equipped with optional removable -48 VDC Power Modules in place of the AC Power Modules described in paragraph 2.3.3. Either module will fully power the system and will operate redundantly if power is applied to both. The power monitoring circuitry of the SCS-R and Sentinel alert the system administrator in the event of power loss to either module.
2.4 User Access Control
Access to a Port is controlled on a per-user basis via a user profile which is stored as a file on the local SCS. This profile is created by the root user using the command ‘adduser’. See Section 8.1.1, adduser, on page 51. NIS support is also available.
Page 16
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
2.4.1 User Sessions
Each SCS supports up to 250 simultaneous user sessions.
2.5 Port Buffers
Thinklogical® Secure Console Servers provide real-time serial port data buffering. Each port buffer stores up to 256KB of data held in a separate RAM file for each attached device. The data may be viewed when no users are interacting with the attached port. Port buffers are enabled by default.
2.5.1 How to Disable Buffering
Buffering is always ON when no one is connected in Interactive mode. Buffering may be
disabled during an interactive session to ensure privacy after the session ends. (See the man page for stty --buffer option.)
3. Installation
3.1 Mounting the SCS
You may choose to rack mount your SCS unit or place it on a desktop. The front panel display should be visible and front panel buttons accessible. All connections are made to the rear of the chassis.
3.1.1 Rack Mount or Desktop
SCS products may be installed either in an EIA-standard 19-inch rack (1U tall) or on a shelf or desktop. For desktop use, rubber feet are provided and the rack mount brackets may be removed. The SCS chassis does not need to be opened or accessed and the sturdy metal case allows units to be stacked as required.
Each rack mount bracket is held on by 4 screws. The brackets may be positioned so that the unit sits forward, flush or recessed in your rack. If the brackets are removed or repositioned, it is not necessary to re-install the extra rack-mount screws.
Page 17
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.1.2 Front Panel Display and Buttons
The front-panel LCD display should be visible and accessible during system setup. It typically displays the current network settings and the date/time. The front panel buttons are only used during setup or to review existing SCS settings.
The LCD display can be customized by the root user. See Section 7.7, Front Panel Display Options, on page 44 for more information.
3.1.3 Convection Cooled
The SCS does not require special cooling or ventilation other than what is normally provided in a standard equipment rack. No fan means that it does not add to the ambient noise in your equipment room. Be sure not to block the air vents on the sides of the unit and leave at least 2” of space on both sides. If mounted in an enclosed rack, it is recommended that the rack have a ventilation fan to provide adequate airflow through the unit(s).
!
Note: Be sure to leave a minimum of 2” of space for ventilation on both sides
of the SCS chassis, especially if units are being stacked.
3.2 Connections
All connections are found on the rear panel of the SCS chassis.
Each port is clearly labeled as shown on the backpanel diagrams on page 19:
Page 18
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
SCS320 Secure Console Server
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
PORTS
SCS320R Secure Console Server
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 8 9 1 0 11 12 13 14 15 16
PORTS
SCS320M Secure Console Server
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
PORTS
SCS320RM Secure Console Server
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
PORTS
SCS480 Secure Console Server
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
NETWORK
CONSOLE
CAUTION! Replace with same
NETWORK
2
MODEM
NETWORK
2
MODEM
type and rating fuse.
CAUTION! Replace with same type and rating fuse.
www.thinklogical.com
1 NETWORK 2
1 CONSOLE 2
NETWORK
1
CONSOLE
NETWORK
1
CONSOLE
41 42 43 44 45 46 47 48
www.thinklogical.com
www.thinklogical.com
CAUTION!
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
CAUTION! Replace with same
0.5A, 50/60 Hz
type and
T2A, 250 VAC
rating fuse.
CAUTION! Replace with same type and rating fuse.
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
CAUTION! Replace with same
0.5A, 50/60 Hz
type and
T2A, 250 VAC
rating fuse.
CAUTION! Replace with same type and rating fuse.
NETWORK
Replace with same type and rating fuse.
100-240V -,
0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
0.5A, 50/60 Hz T2A, 250 VAC
1 2 3 4 5 6 7 8 9 1 0 11 12 13 14 15 16
PORTS
SCS480R Secure Console Server (ON/OFF Switch located on front panel)
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
1 2 3 4 5 6 7 8 9 1 0 11 12 13 14 15 16
PORTS
SCS80 Secure Console Server
1 2 3 4 5 6 7 8
PORTS
SCS80R Secure Console Server
1 2 3 4 5 6 7 8
PORTS
SCS160 Secure Console Server
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
PORTS
SCS160R Secure Console Server
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
PORTS
17 18 19 20 21 22 23 24
41 42 43 44 45 46 47 48
17 18 19 20 21 22 23 24
NETWORK
CONSOLE
1 NETWORK 2
www.thinklogical.com
1 CONSOLE 2
NETWORK
CONSOLE
NETWORK
NETWORK
1
2
www.thinklogical.com
CONSOLE
MODEM
www.thinklogical.com
CAUTION! Replace with same type and rating fuse.
www.thinklogical.com
CAUTION! Replace with same type and rating fuse.
CONSOLE
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
CAUTION!
NETWORK
NETWORK
1
2
1
2
CONSOLE
MODEM
CAUTION!
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
CAUTION! Replace with same
0.5A, 50/60 Hz
type and
T2A, 250 VAC
rating fuse.
CAUTION! Replace with same type and rating fuse.
100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
CAUTION! Replace with same
0.5A, 50/60 Hz
type and
T2A, 250 VAC
rating fuse.
Replace with same type and rating fuse.
100-240V -, 0.5A, 50/60 Hz
Replace with same type and rating fuse.
100-240V -,
0.5A, 50/60 Hz T2A, 250 VAC
0.5A, 50/60 Hz T2A, 250 VAC
100-240V -,
T2A, 250 VAC
Sentinel 32
PORTS:
PORTS:
5-8
5 6 7 8
1 2 3 4
PORTS
1-4
13-16 21-24 29-32
5 6 7 8
1 2 3 4
PORTS
5 6 7 8
1 2 3 4
PORTS
9-12 17-20 25-28
5 6 7 8
1 2 3 4
PORTS
NETWORK
1
CONSOLE
NETWORK
2
MODEM
CAUTION! Replace with same type and rating fuse.
100-240V -,
0.5A, 50/60 Hz T2A, 250 VAC
CAUTION! Replace with same type and rating fuse.
100-240V -,
0.5A, 50/60 Hz T2A, 250 VAC
Page 19
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.2.1 Power
SCS products have an internal universal Power Supply. Each SCS unit requires approximately 15W of electrical power. The switching power supply accepts nominal AC input voltage between 100-240 VAC with a frequency range of 50-60 Hz.
!
Note: The optional -48VDC Power Module is described in Section Appendix D,
DC Power, on page 83.
3.2.2 AC Input
A single IEC-type AC power entry module with an integral safety fuse and power switch is located on the rear of the chassis in each AC Power Module. The power input to the chassis uses a removable IEC-type cord set. One is provided with each AC Power Module. Be sure that your AC power source is properly grounded.
3.2.3 Connecting to the Network Port
Use a conventional, fully-pinned Category 5 cable (CAT5) to connect your network to the NETWORK (RJ45) jack on the rear of the chassis.
The SCS’s network port (auto-selecting 10/100) allows remote access to the attached networking components by the users and the sysadmin functions by the root user. You can change the network parameters from the front panel of the SCS or you may ssh into the default address and make changes using Linux commands.
3.2.3.1 SCS-R and Sentinel 32 Dual NIC Interface
The SCS80R / SCS160R / SCS320R / SCS480R / Sentinel 32 have dual network Ports. Initially, only the first NIC is functional (NETWORK 1 = device eth0 (NETWORK 2 = device eth1) must be enabled by the sysadmin.
To configure the second NIC, the sysadmin will log in and use one of the following commands:
).
The second NIC
netconfig -d eth1 or netconfig --device=eth1
Refer to Section 6 for other System Commands.
Page 20
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.2.4 Connect Your Console
The console port is used for local access to the SCS. Connect your terminal or computer to the console port with a terminal emulation package. The SCS’s console port has a DCE configuration with adjustable parameters.
The default communication parameters for the console port are:
9600 baud
••
8 data bits
••
No parity
••
1 stop bit
••
Xon/Xoff flow control
••
Use a conventional CAT5 cable to connect your terminal or computer to the CONSOLE jack (RJ45) on the rear of the chassis.
Login to the SCS: When connected to the SCS, the login as prompt will appear. Log in as root
.
Press Enter to continue.
The password: prompt comes up next. Enter root (the default root password) and press Enter.
3.2.4.1 SCS-R and Sentinel 32 Dual Console Interface
The SCS80R / SCS160R / SCS320R / SCS480R / Sentinel 32 have dual Console Ports, with Console Port 1 pinned as DCE and Console Port 2 pinned as DTE. Console Port 2 is disabled in the default configuration. To use the second console port, the sysadmin must enable it.
Console Port 2 is activated by editing the file /etc/inittab
.
Refer to Section 6 for other
System Commands.
3.2.5 Connect to the Ports
Any system (e.g., server, router, switch) with a serial port may be connected to the SCS for consolidated system administration. Server Ports are individually configurable. Consult your server documentation as needed.
Page 21
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The default communication parameters for the server Ports are:
9600 baud
••
8 data bits
••
No parity
••
1 stop bit
••
Xon/Xoff flow control
••
DCE Port type
••
Each Port can be individually configured for baud rates of 300-115K for specified data parameters and as DTE or DCE types.
!
Note: Ports may also be individually disabled if desired.
3.2.5.1 Automated Port Configuration Tests
A script named pm is available to test the device ports and report the correct DTE/DCE setting for each port. A man page exists for pm. This can be used to troubleshoot SCS to server connections. Hardware signals from the server are tested but Baud rates are not.
3.2.5.2 Port Adapters
You may need to adapt the cable connection for your server device. Thinklogical® offers serial­to-RJ45 adapters for serial ports, both DB9 and DB25, for many common network-equipment product applications. See Appendix F on page 85 for more information.
3.2.5.3 Serial Port Pin-out
Serial Port pin-out
Page 22
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.3 SCS-R and Sentinel Power Modules
The SCS80R, SCS160R, SCS320R, and Sentinel 32 provide dual AC Power Modules which are field-replaceable and connect to the rear panel of the SCS chassis. Each Power Module has a power entry connection with an IEC-type power connector.
The SCS80R, SCS160R, SCS320R, and Sentinel 32 have a power monitoring display shown on the front panel to indicate if one of the power supplies is not powering the system (either AC power failure, a Module is turned off or the supply has failed).
SCS Front Panel display: Left Power Supply failure
The SCS480R Power Module is mounted in the front panel of the SCS480R. It has the same capabilities as the SCSR and Sentinel Modules. It is not necessary to remove the AC power cord from the SCS480R when replacing a module.
!
Note: The Power Modules in the SCS160/320/480 are not field serviceable. This option applies to the SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 only.
Each Power Module can fully support the SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 system. However, the intended design is to have two power sources running your SCS system. When both supplies are active, they will share the system load. If one fails, the remaining supply can then take the full load.
The SCS80R, SCS160R, SCS320R, SCS480R, and Sentinel 32 ship with two AC power cords, one for each module, to allow separate AC power source connections. Plug the IEC connection into the SCS AC Power Module and connect the AC cord to a standard AC power source.
3.3.1 Power Module Replacement
The Power Modules of the SCS-R and Sentinel 32 Models may be hot-swapped. Each slide-in Power Module is held in place with a single captive screw and does not need to be removed except for replacement.
Page 23
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Captive Mounting
Handle
Screw
AC Power Module (removed from SCS Chassis)
SCS80R, SCS160R, SCS320R and Sentinel 32:
If the front panel display indicates that one of the power supply modules has failed, it may need to be replaced.
A single captive screw (visible from the rear of the SCS80R, SCS160R, SCS320R or Sentinel 32 chassis) holds the Power Module in place and also establishes a protective Earth ground. Be sure to turn off the failed power module and remove its power cord connection. Unscrew the module and remove it from the chassis using the built-in handle on the front of the module.
SCS480R:
If you need to replace one of the SC480R power supply modules, note that the module slides in and out from the front of the chassis.
A single captive screw (visible from the front of the SCS480R chassis) holds the Power Module in place and also establishes a protective Earth ground. Be sure to turn off the failed power module (press switch to O position). It is not necessary to remove the power cord. Unscrew the module and remove it from the chassis using the built-in handle on the front of the module.
Insert the replacement power module and tighten the screw. Reconnect the power cord if necessary and turn on the switch. When power is restored the failure message on the front panel display will clear.
3.4 SCS-R and Sentinel -48VDC Power Modules
The SCS80R, SC160R, SCS320R, and Sentinel 32 provide dual -48VDC Power Modules which are field-replaceable and connect to the rear panel of the SCS chassis. Each Power Module has a Power IN port with a WAGO MCS power connector. The SCS80R, SCS160R, SCS320R and Sentinel 32 have a front panel display to indicate if one of the power supplies is not powering the system (either DC power failure, a Module is turned off, or the supply has failed).
Page 24
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The SCS480R Power Module is mounted in the front panel of the SCS480R and has the
The WAGO DC Power
C
onnector
same capabilities as the SCSR and Sentinel Modules. It is not necessary to remove the DC power cord from the SCS480R when replacing a module.
!
Note: The Power Modules in the SCS160/320/480 are NOT FIELD
SERVICEABLE. This option only applies to the SCS80R, SCS160R, SCS320R,
SCS480R and Sentinel 32.
Each -48VDC Power Module can fully support the SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 systems. However, the intended design is to have two power sources running your SCS system. When both supplies are active, they will share the system load. If one fails, the remaining supply can then take the full load.
The SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 ship with two WAGO MCS connectors, one for each module, to allow separate DC power source connections. Plug the WAGO MCS connector into the SCS DC Power Module and connect to a regulated DC power source.
3.4.1 Wiring the -48Vdc Connector
consists of 3 pieces: The connector plug
and two halves of the strain-relief back
shell. After installing the wires as
depicted above, the three pieces fit
together as shown (right) and snap firmly
into place.
WAGO MCS DC Power Connector:
1. Brown = -48VDC
2. Green/Yellow = Chassis Ground
3. Blue = Common
Page 25
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
3.4.2 -48VDC Power Module Replacement
The Power Modules of the SCS-R and Sentinel 32 Models may be hot-swapped if necessary. Each slide-in Power Module is held in place with a single screw and does not need to be removed except for replacement.
-48VDC Power Module and WAGO Connector (shown removed from Sentinel 32)
SCS80R, SCS160R, SCS320R, and Sentinel 32:
If the front panel display indicates that one of the power supply modules has failed, it may need to be replaced.
A single captive screw (visible from the rear of the SCS80R, SCS160R, SCS320R, or Sentinel 32 chassis holds the Power Module in place and also establishes a protective Earth ground. Be certain to turn off the failed power module (press switch to O position), then remove its power cord connection. Unscrew the module and remove it from the chassis using the built­in handle.
SCS480R:
If the front panel display indicates that one of the power supply modules has failed, it may need to be replaced. The power modules insert from the front of the chassis.
A single captive screw, visible from the front of the SCS480R chassis, holds each Power Module in place and establishes a protective Earth ground. Be certain to turn OFF the failed power module by pressing the switch to the OFF (O) position). Unscrew the failed module and remove it from the chassis using the built-in handle. You may now Insert the replacement power module and tighten the captive screw. Connect the power cord to the module and turn the switch ON ( l ). When power is restored, the failure message on the front panel display will clear.
Page 26
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
4. Initial Configuration
The SCS is Pre-Configured. Just set your IP Address and add Users.
4.1 Default Configuration
The SCS is pre-configured right out of the box, ready to generate ssh keys with an IP address set to a generic default value of 10.9.8.7 / NetMask 255.0.0.0. It is likely that the sysadmin will want to change to a local IP address.
When you first connect the unit to your network and turn the power on it will take about two minutes for the SCS to perform the initial ssh key generation. The front panel display will show the following display after the SCS’s power-up is complete and the system is ready:
SCS Front Panel Display default, normal mode shown
The top line of the display is the SCS’s host and domain name and the second line is a clock display showing day and date (initially set to Eastern Time Zone).
4.2 Initial System Security Concerns
The first login will require several steps to fully secure the SCS.
When you first connect the SCS and turn it on, it will build the ssh keys during the first two minutes of system startup. During this time, the front panel LCD second line will read start
sshd, and the console port will read Starting sshd.
The root user should also configure the ntp and the ssh config files. Network 2 and the dual console/modem are disabled. Root is not allowed to login on console 2.
4.3 Front Panel Network Setup
If you changed the network settings via netconfig, you can skip this section.
The Front Panel Display and buttons can be used to set the basic network parameters. There are four arrow buttons (Left, Right, Up, Down) and one enter button. The front panel can be used to change the IP Address, Subnet Mask, and Gateway settings. By default, the front panel will show the Host name and the Date/Time.
4.3.1 Front Panel Edit Mode
By default the Front Panel Display’s Edit mode is enabled. The View mode is similar to Edit mode except that the front panel cannot be used to change the settings. This is described in Section 7.7, Front Panel Display Options on page 44 of this manual.
!
Note: The Front Panel Edit Mode can be disabled if desired. See Section 7.7, Front Panel Display Options beginning on page 44.
Page 27
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
With Edit mode enabled, use the arrow buttons on the front panel to access the front panel edit subroutine and change the default network settings (showing the IP address Netmask
and Gateway) for your SCS system. The front panel controls are self-prompting for the appropriate entries.
SCS Front Panel Display showing the Network Edit Mode
!
Note: Use the Enter button to ‘continue’ or to ‘accept’ the current setting. Your front panel entries must be NO LONGER THAN 30 SECONDS APART or the front panel entry program will time out and discard your entries.
An asterisk at the far right indicates there is a parameter that has changed from the currently-stored value. These entries will be accepted and held. As you exit this programming mode you are given the opportunity to Save or Cancel your new changes. If you do not Save your settings at this time, your new changes will be
discarded.
!
Note: Front panel changes are not written to the Compact Flash memory until the sysadmin uses the command-line ‘save’ command. Do NOT turn the system
power off or these changes will be lost.
4.3.1.1 Start Front Panel Edit Mode
To start the Edit mode, press the Up or Down Arrow button on the front panel. The display will change from the default Domain Name / Date & Time to the Edit Mode. You can scroll through the available Edit functions by pressing the Up or Down arrows: Program Network Settings or View SCS Settings
!
Note: If you do not press a button within 30 seconds the display will revert to the normal display and no changes will be made.
Scroll to the Program Network Settings display.
4.3.1.2 Program Network
When the Program Network Settings mode is selected, you will step through the parameter entry for Network IP Address, Net Mask and Gateway, then Exit to the previous menu. The Up and Down arrows are used to scroll through the available options.
Page 28
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Network IP Address
SCS Front Panel Display for Network Programming mode
Press the Enter button to continue.
SCS Front Panel Display showing the current IP Address
The current IP Address will be displayed with leading zeroes. The factory default is 10.9.8.7. If you do nothing, the display will revert to the previous display after 30 seconds and no changes will be made. To change the IP Address press the Enter button.
SCS Front Panel Display showing Edit IP Address
A cursor appears under the first character of the existing address. Press the Left or Right arrow button to move the cursor to the first digit to be changed. To change a digit, use the Up or Down arrows.
!
Note: Ignore any leading zeroes in the display entry. The SCS will adjust for them and will not store the leading zeroes when saving the data.
As soon as you change a digit an asterisk (*) will appear at the top-right indicating that a parameter has changed. Input the complete address.
SCS Front Panel Display (example) with an Asterisk indicating a change
Page 29
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
When the address input is complete, press the Enter button to accept the entry. The display will look like the following example:
SCS Front Panel Display after editing the IP Address
The new value will be stored when you finish setting all the Network parameters.
Net Mask
Press the Down Arrow once to advance to the Net Mask parameter.
SCS Front Panel Display showing the current Net Mask
Press the Enter button to change the Net Mask parameter. The current Net Mask setting will be displayed with a cursor under the first digit. The factory default is 255.000.000.000. Press the Left or Right arrow button to move the cursor to the first digit to be changed. To change a digit, use the Up or Down arrows.
SCS Front Panel Display editing the Net Mask setting
As soon as you change a digit an asterisk (*) will appear at the top-right indicating that a parameter has changed. Change the Net Mask as desired.
!
Note: Ignore any leading zeroes in the display entry. The SCS will adjust for them and will not store the leading zeroes when saving the data.
When you have completed entering the parameter values press the Enter button to accept the entry. The display will show the following:
SCS Front Panel Display showing the new Net Mask display.
Page 30
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The new value will be stored when all the Network parameters are set.
Gateway
You may now enter your Gateway parameter information. Press the Down arrow once to continue.
SCS Front Panel Display showing the current Gateway setting
Press the Enter button to edit the Gateway parameter. The current Gateway setting will be displayed with a cursor under the first digit.
SCS Front Panel Display to Edit the Gateway setting
Press the Left or Right arrow button to move the cursor to the first digit to be changed. To change a digit, use the Up or Down arrows. As soon as you change a digit an asterisk (*) will appear at the top-right indicating that a parameter has changed.
!
Note: Ignore any leading zeroes in the display entry. The SCS will adjust for them and will not store the leading zeroes when saving the data.
SCS Front Panel Display editing the Gateway setting
When you have the completed entering the parameter values, press the Enter button to accept the entry. The display will show the following:
SCS Front Panel Display showing new Gateway setting
Your new value will be stored when you are finished setting all the Network parameters.
Page 31
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Exit to Main Menu
You will now be prompted to Exit to the Main Menu. Press Enter to continue.
SCS Front Panel Display exiting the LCD Mode
You are given the choice to Save your changes or to Cancel them.
SCS Front Panel Display to Save or Cancel Changes
Press Enter to save your network changes or press the Up arrow to discard them. When you have completed the changes, the system must restart the Network Daemon. (The Network Daemon periodically connects to the network to check for updates and notifications.) This process will be displayed on the front panel display. The display will revert to a normal display when the network is restored.
SCS Front Panel Display - Saving and Restarting
When the system has restarted the network services, the following is displayed:
Returned to normal SCS Front Panel Display
To permanently save your new Network settings in the system, you must use the SAVE command to write the values to the Compact Flash memory.
!
NOTE: If the system loses power before using the command-line SAVE
command, the front-panel-entered network parameter changes will be lost.
Page 32
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
4.4 Initial Connection via Network
You can access the SCS using ssh (secure shell host) commands with your existing net­work. If you add a route to your workstation, you can connect to the SCS via its default address. For security reasons, a telnet server is not active on the SCS.
4.4.1 Network Connection Requirements
Have your SCS system connected to the network before you turn it on.
Know your computer’s IP address.
4.4.2 Route via Linux Workstation
If using a Windows workstation, you may go to section 4.4.3.
If you are accessing the network from your Linux / UNIX workstation, enter:
route add -net 10.9.8.7 netmask 255.255.255.255 gw <your workstation's IP address>.
To access the SCS system using ssh, from your command line, enter:
ssh root@10.9.8.7
Default root password is root. You should now be at the SCS’s root command prompt.
It is recommended that one of the first changes you make is to your SCS’s network address. See Section 7.2, Change Network Address, on page 41.
4.4.3 Route via Windows Workstation
If using a Linux workstation, you may skip this section.
If using Windows 9x/2000/XP you can connect to the SCS using your networked Windows PC and an ssh-capable terminal emulation package.
!
Note: If you don’t have an ssh-capable terminal emulation package, an available option is PuTTY, a freely-distributed package you can download at the following address: http://www.chiark.greenend.org.uk/~sgtatham/putty/.
(PuTTY is a client program for the ssh, Telnet and Rlogin network protocols. These protocols are all used to run a remote session on a computer over a network.)
If you use a Windows PC to login to the SCS:
1.
Determine your PC’s IP network address. One method: open a DOS prompt window and type ipconfig, then press Enter. Your PC’s IP address is listed, among other things.
2.
Add the route between the PC and the SCS. From a DOS prompt, enter:
route add 10.9.8.7 mask 255.255.255.255 <workstation's IP address>
then press Enter
3.
“Ping” the SCS to assure that your network connection is now functioning. (The ping
Page 33
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
command is a way to verify a network connection.) Type ping 10.9.8.7 at the DOS prompt, then press Enter. Check for a completed connection.
4.
Connect to the SCS with your terminal package using ssh. Launch your terminal
package and connect to the default IP address of the SCS of 10.9.8.7 using ssh. If using PuTTY (shown below), set the Session window IP address to 10.9.8.7, select the
ssh radio button and press Open.
PuTTY configuration Screen
The first time you connect using ssh you will get a warning about the ssh authentication keys. Accept the newly-generated keys by choosing yes.
5.
Login to the SCS. When connected to the SCS, the “login as:” prompt will appear. Log in as root. Press Enter to continue.
The “password:” prompt comes up next. Enter root (the default root password) and press
Enter.
Upon pressing Enter you will be at the SCS’s root command prompt. For this case, connect using PuTTY to ssh into 10.9.8.7:
Terminal screen showing a typical root login to SCS
When successfully logged in, you will see the command prompt ending with # followed by the cursor.
It is recommended that one of the first changes you make is to your SCS’s network address. See Section 7.2, Change Network Address, on page 41.
Page 34
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
4.5 Initial Connection via Console port
See Section 3.2.4, Connect your Console, on page 21.
4.6 How to Access the LSI SCS Web Setup Interface
Be sure to add the proper route statement (route add 10.9.8.7…) to your workstation (see paragraph 4.4.3, Step 2, on page 33).
1. From your browser, type: https://10.9.8.7:8098/
2. A predefined SSL (Secure Sockets Layer) certificate will be used. Your browser may warn you that the certificate does not match the host. You may continue using this certificate, but you should create a new certificate after setting up the SCS.
3. Refer to the file /usr/local/doc/ssl.cert.README for more information about creating certificates.
4. Press Start.
5. Enter root as the user name and root as the password.
6. The main configuration menu is displayed. Make your changes. Help is available for each page.
7. When all your changes are made, select Control Panel from the Main Menu and then select Shutdown/Reboot. Reboot the SCS and all your changes will take effect.
This interface is for setup only. It cannot be used to access the device ports. To disable the web interface, see the instructions located in /lsi/README.
5. System Overview
5.1 SCS Systems are Linux-based
Thinklogical® Secure Console Server products use the GNU/Linux operating system.
5.1.1 Linux General Public License
The GNU/Linux source code used in this product has been distributed under a General Public License (GPL) from the Free Software Foundation. You may read about the GNU GPL by reviewing the text version of the GPL at http://www.gnu.org/licenses/gpl.txt.
You will find additional GNU license information online at: http://www.gnu.org/licenses/licenses.html#GPL.
Please contact Thinklogical® Product Support (1-203-647-8700 or toll-free at 1-800­291-3211) if you need a copy of this source code.
5.1.2 SCS System Architecture
SCS software design uses both RAM (volatile) and Compact Flash (non-volatile) memory. All system changes are maintained in RAM until they are written to the Compact Flash memory. A read-only memory system is used since Compact Flash memory devices have a limited number of read-write cycles.
After making administrative changes to the system, the root user must run the SAVE command to write the changes to the non-volatile memory. If the data changes are not saved, the parameter changes will be lost in the event of a power failure or power-down.
Page 35
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
5.2 Initial System Administrator (sysadmin) Access
To customize the SCS configuration for your location,
we suggest
When the SCS is first powered up, you may need to configure it to operate with your network. Use ssh to access the SCS or the local console (Section 3.2.4, Connect Your Console, on page 21).
The SCS uses familiar Linux commands to administer the system. This manual lists those Linux commands that are important for the SCS sysadmin to know (See table on page 38).
5.2.1 Enter Commands
The system administrator enters Linux commands using the command-line interface. Unless otherwise shown, commands are all lower-case and may have modifiers. SCS commands are discussed in Section 6, Commands, beginning on page 38.
5.2.2 Log Out
To log out from a session, use the command logout. If logging out from a network session, the Console Server will disconnect the ssh session.
5.3 Default Services
The following Services are enabled by default:
network
ssh
syslog
cron
You may add other features and services, depending on your application. When you first log into the system, you will get the following reminder message for configuration:
you do the following:
CHANGE THE ROOT PASSWORD!!! reconfigure the network (netconfig) set the time zone, if not in the Eastern U.S. (timeconfig) add users (adduser)
edit the ntp.conf file and then enable the ntpd service
For extra security:
edit the sshd_config file to not allow root logins when all settings are changed, reboot the system to save the changes
SCS login advice (displayed on-screen when you first log in)
5.3.1 Configure the Services
When you first install the SCS system, you should configure the default services for your needs. This addresses network, date/time, authorizations and system hostname. The feature commands described below are discussed in Section 7, System Administration, beginning on page 41.
Page 36
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
In order to configure the basic services, you must:
1.
Run some or all of the following:
(netconfig, changehostname, timeconfig, authconfig).
2.
Run save
3.
Run service network restart to restart the network.
To configure the existing features, use the following commands:
For the Network parameters, use netconfig
To change the host and domain name, use changehostname
For the Date/Time, use timeconfig
To change the time zone for the authentication protocols, use authconfig
Page 37
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
6. Command s
A summary of special SCS Commands
6.1 System Commands
SCS products use Linux commands and man pages are available for all system commands. The root user can access the following commands to configure the special features of the SCS:
COMMAND PURPOSE CHPT.
adduser Add a User (creates a new user account) 8
deluser Delete a User account 8
editbrk Edit the 'break' sequence 8
editesc Edit Interactive mode 'escape' sequence 8
edituser Edit user settings for existing User accounts 8
save Commit programming changes to non-volatile memory
stty Configure Port parameters (see Linux commands) 6
versions Show version information 6
The commands are discussed in the chapter numbers noted on the right.
6
6.1.1 save
SCS systems will maintain your settings in RAM memory as long as system power is applied and the system remains in a normal operating condition. To permanently store your parameters, the root user must use the save command to write the data changes to the non-volatile Compact Flash memory card. This will ensure that your data is permanently saved.
The save command does not store buffered port data, which is held in RAM.
!
Note: The root user should run save any time that the system configuration has been changed. This includes user password changes and any command-line system administration changes
The save command is automatically run when you execute the reboot or the poweroff commands. It will copy files located in /etc, /home, /usr and /root to the Compact Flash and restore them when the system is restarted.
6.1.2 reboot
The
reboot
reboot process which occurs immediately after your data has been saved. A reboot takes a minute or so to complete. After the reboot has run the underlying commands, the system will reset and then begin the start-up process as it does at power on.
command may be run at any time. The
save
command is run as a part of the
Page 38
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
!
Note: No ‘break’ commands will be sent on the serial Ports during a SCS system reboot. Your servers will not be affected.
Thinklogical® SCS systems are “break-safe”, meaning that they will not send a ‘break’ command (unless user initiated) or other data on the serial ports connected to your servers. An unwanted ‘break’ could cause problems with your server.
6.1.3 poweroff
If you want to turn the SCS off, you must first run the poweroff command.
!
Note: No ‘break’ commands will be sent on the serial Ports during a SCS system poweroff cycle. Your servers will not be adversely affected.
poweroff may be run at any time. The save command is run as part of the poweroff process. Once you have entered the poweroff command, the operating system will shut down and the SCS will cease operating. The front panel display will show OK to Power Off. You may now turn the power switch off.
The only way to recover from a poweroff command is to turn the system power off and then turn the power back on.
6.1.4 Other Linux Commands
The following Linux commands, among others, will be used with the SCS systems.
logout
Use logout to quit your session with the system.
man
Use man <command name> to search for a help file (online manual pages) or descriptive information for that Linux / UNIX command.
Three general man pages are available for Thinklogical commands and files:
1.
lsi.1 for user commands
2.
lsi.8 for system commands
3. lsi.5 for Thinklogical file descriptions
passwd
The root user should change the default root password as soon as possible to prevent unauthorized access. To change the default root password, type passwd (all lower case) at
the root login prompt.
scp
Use scp for secure copy using ssh (secure shell host) between two hosts. The process is encrypted and inherently secure. Refer to the man pages for scp for a description and any command options.
Page 39
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
sftp
Use sftp for a secure file transfer transaction between two servers using ssh. This process is similar to ftp except that it is encrypted for security. Refer to the man pages for sftp for a description and any command options.
ssh
The SCS systems use ssh to establish secure connections over your network. The configuration file for the ssh server is /etc/ssh/sshd_config. This controls ssh connections to the SCS.
Use ssh to establish a secure connection between two hosts or to transfer files or data between the systems. The Secure Console Server is a client device and will be connected to an ssh elsewhere. The security keys for ssh may need to be generated using ssh-keygen, depending on your application of ssh. Refer to the man pages for ssh for a description and any command options.
ssh-keygen
Use ssh-keygen to create keys for users so passwords do not have to be used for ssh login. You can generate the security keys for your client system (in this case, the SCS is the client) to interact with an ssh host elsewhere. After the keys have been generated, the user can establish a secure shell connection using ssh over a network. Refer to the man pages for ssh for a description and any command options.
stty
Use stty to change the configuration for each Port. The system provides a default configuration for the system Ports (ttyB1 through ttyB48
),
and for the console port (ttyS0
).
!
Note: Port changes made using stty are temporary (not written to memory). In order to keep any changes, you must edit the configuration file in /etc/rc.d/rc.serial and then run save.
The Ports are identified as /dev/ttyB1 through /dev/ttyB48 for ports 1 through 48, respectively, and /dev/ttyS0 for the console port.
!
Note: For example, to administer Port 7 you would edit the file rc.serial and use stty -F /dev/ttyB7.
Refer to the
man
pages for
versions
Use versions to see a listing of the release versions of the LSI files in the SCS.
stty
for a description and any command options.
Page 40
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
6.2 Change Logging Level
The sysadmin may wish to change the logging level of syslog.
1.
Login as root
2.
Edit the file /etc/syslog.conf (vi/etc/syslog.conf)
3.
Restart the system logger by entering: service syslog restart
4.
Run save.
7. System Administration
This section outlines the administration functions and commands that are accessed using the network or console ports.
7.1 Security
Thinklogical® Secure Console Servers use ssh to provide encryption for a secure network connection. There is only one level of system administration access in the SCS and that is at the root level.
Warning!: Anyone with the root password has the ability to access all SCS features
and functions. Your root password should be carefully guarded.
In general, users cannot interact with the system-level features. Only users with permission to interact with a port can access the buffers or clear the buffered data.
7.2 Change Network Address
You may use the Front Panel setup (see Section 4.3, Front Panel Network Setup, beginning on page 27) to configure the SCS’s IP address. This will temporarily change the IP address to allow you to connect to the SCS. Front panel changes are temporary because there is no way to write the new parameters to non-volatile memory using the front panel keys.
You must run netconfig once you have accessed the SCS to change the network parameter options and then save the parameters to non-volatile memory.
7.2.1 Run netconfig
After you establish a connection to the SCS (either through your console port or via ssh using the default address of 10.9.8.7), you may need to change the IP address setting of the SCS to the desired address on your network, using netconfig a self-prompting program to set up your system’s network information. It supports DHCP/BOOTP setup or static addressing. Use the space bar to select/deselect a value (e.g., DHCP). Use the arrow keys to move up and down between the entry fields.
.
The netconfig command is
!
Note: Use of a static IP address is recommended with the SCS.
Page 41
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
You will need the following information before running netconfig
:
Using DHCP/BOOTP (yes/no)? If No, you will need the following:
IP Address
Net Mask
Default Gateway
Primary Nameserver
You can add the secondary and tertiary nameservers (if required) by editing the resolv.conf file at any time. After entering the requested information, you are returned to the root prompt. See Section 7.2.2: More Than One Nameserver on page 43.
7.2.1.1 Save your netconfig changes After running netconfig to set up your system, you must run the save command to
keep your changes. Then restart the network using the following steps:
1.
Make all changes
2.
Run save
3.
Run service network restart to restart the network
4.
Make a new ssh connection.
!
Note: If you are making several changes to the system configuration, you may complete all the changes and then run save.
Example of
netconfig
fill-in fields
When you have filled in the fields, arrow down to the OK button and press Enter to accept your entries.
Page 42
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.2.2 More Than One Nameserver
The netconfig command allows the user to set up one nameserver’s IP address. It is possible to have multiple nameservers, which must be done outside of the netconfig command. The nameserver data is in the file /etc/resov.conf. If you want to have more than one nameserver, you must edit the file. For more information, refer to the man page for resolv.conf
In this file, you will find the IP address you entered with netconfig. You can add the address of additional nameservers. (a maximum of 3 nameservers is allowed) to this file. The format of a line is: nameserver <IP address>.
.
7.3 Change Hostname
The SCS includes a command changehostname which allows the root user to change the long hostname of the SCS unit.
1. Log in as root.
2. Type changehostname. The current hostname is displayed and you are prompted to choose y/n to proceed.
3. If you select y (yes) to change, you are prompted to enter the new hostname.
!
Note: If you make a mistake in your entry, do not attempt to edit it. Reject the
incorrect entry and re-enter the value properly.
4. Enter your new hostname value. Press y to accept the new value.
5. Remember to run save when done to keep your new values.
6. After changing the hostname and/or clock settings, reboot to make the changes permanent. These two settings (clock and hostname) are only saved during an orderly shutdown. Loss of power before reboot will revert to the old values.
7.4 Time Configuration
Use the command timeconfig to set up the date/time and time coordinates. This is a self­prompting utility. To keep your values, run save when completed. After changing clock settings, reboot the SCS to make changes permanent.
!
Note: If changing the Time Zone (during timeconfig changes) restart the LCD display service so the front panel display can update. Use the command service lcd restart after completing the timeconfig options.
7.5 Change NIC Speed
You can change the NIC interface configuration to auto-sensing or fixed, to full or half duplex, and to 10Mb or 100Mb. The following file information is found in the file /etc/modules.conf with some additional instructions on to how to set the NIC speed.
Page 43
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
This file already has the various commands in place, but they are commented out (rendered inactive by the preceding #). Edit the /etc/modules.conf as required. Remove the leading # from one of the #options lines below to make it active, then reload the NIC driver.
alias eth0 eepro100 alias char-major-72 exser alias char-major-4 off options -k exser ## ## options to control NIC speed and mode ## remove the leading '#' from ONE of the options lines below ## ### 100Mbit half-duplex #options eepro100 options=0x20, 0x30 ### 10Mbit half-duplex #options eepro100 options=0x40, 0x50
The SCS system power should be cycled (using poweroff, not reboot). The power-off is done to inform the switch connected to the NIC that it is now off.
!
Note: In the SCS-R and Sentinel 32 Models, these changes affect BOTH network ports. It is not possible to change only one of the network ports.
7.6 Configure Authentications
Use authconfig to set up the authentication protocols. You may only need to run this if you need remote authentication such as NIS, LDAP, Kerberos, etc.
The first checkbox, cache information, will start the nscd daemon if selected. Refer to the
man page nscd for configuration options. This is not required for normal operation and need not
be selected. Other aspects of the authentication options in authconfig are self-prompting for parameters for
NIS, LDAP and/or Hesiod. Remember to run save to keep your new values.
7.7 Front Panel Display Options
The front panel display is a two-line, 24-character, backlit LCD. It displays system messages during various system events (e.g., network restart, poweroff shows the default display.
The default display shows the Hostname on the top line and the Date/Time on the lower line, but this can be customized to show other information in either line or both. This can be helpful in labeling each SCS in a rack with multiple units. Also, the default display can be turned off and the editing of IP address information using the front panel buttons can be disabled to prevent unauthorized changes.
),
but most of the time is idle and
Page 44
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Default Front Panel Display,
The front panel will display system messages during events such as reboot or save, but will return to the default display following these events.
7.7.1 Display Mode Parameters
The various LCD Display modes are controlled by entries maintained in the file:
/etc/sysconfig/lsi
LCD_LINE_1=
LCD_LINE_2=
LCD_DISPLAY_SETTING=
LCD_LINE_1= and LCD_LINE_2= (allows text entry of up to 24 characters to be displayed)
LCD_DISPLAY_SETTING= (can be set to EDIT [default], VIEW, or OFF)
7.7.1.1 Edit
The Edit mode ( information and allows anyone to use the front panel display to change the network parameters (IP Address, Net Mask, and Gateway).
7.7.1.2 View
The View mode ( information, but disables editing using the front panel buttons. This prohibits unauthorized changes to your network settings from the front panel.
LCD_DISPLAY=EDIT)
LCD_DISPLAY=VIEW)
allows the front panel display to show the current display
allows the front panel display to show the current
7.7.1.3 LINE_1=
LINE_1=
allows the user to customize data on the upper line of the display. The root user may
enter a left-justified text line of up to 24 characters to replace the SCS Host-name.
LINE_1 Changed in SCS Front Panel Display,
7.7.1.4 LINE_2=
LINE_2=
allows the customer to customize data on the lower line of the display. The root user
may enter a left-justified text line of up to 24 characters to replace the clock/date display.
Page 45
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
LINE_2 Changed in SCS Front Panel Display
7.7.1.5 Display OFF
LCD_DISPLAY=OFF
disables the front panel LCD display when no events are taking place. The
backlighting will remain on, but the display is blank.
7.8 Network Time Service
Network Time Service is supported. To use the network time service, the user must edit the files /etc/ntp.conf and /etc/ntp/step-tickers and start the ntpd service as described in the following paragraphs. (More information is available at www.ntp.org)
7.8.1 Configure NTP
The file /etc/ntp.conf has many options. To define the time server to be used, the hostname (or IP address) of the time server is needed. Using your editor, add the line: server <my time server name or IP address>to the end of the file.
Example: For the hostname ts1.mydomain your entry is server ts1.mydomain (The user will type the actual hostname [or IP address] of the time server in place of ts1.mydomain.)
The user should also add the server names to the file /etc/ntp/step-tickers. This file requires the name of the time server (the word 'server' as used in the file /etc/ntp.conf is not needed)
7.8.2 Start the NTP Service
To start the NTP service manually: service ntpd start To cause NTP to start automatically during startup: chkconfig ntpd on
7.9 NIS and User Port Permissions
The SCS can use NIS to control user access to the Ports in addition to controlling user access to the SCS itself. Since this is an extension to the normal NIS capabilities, some of the NIS files must be installed on your NIS server. The user must create/ modify the NIS database to include records containing user port permissions.
!
Note: Source documents, including this information, are stored on the SCS system. NIS information is located in /usr/local/doc/nis.
Page 46
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.9.1 User Port Control
The SCS can use NIS to control which user can access a port on the SCS. To use this feature, a database must be created on the NIS server. The following files are needed to set up the port access database:
lsi_port_access lsi_port_user lsi_port_awk Makefilenis.portAccess
Port Access Permission Definition file Port Access User Definition file Port Access AWK file (required for the Make file) Make file used to build the LSI database
7.9.2 NIS Port Access
The file lsi_port_access contains the port permissions for connect, monitor and clear and is referenced by a group. Users may define as many groups as needed. The following example, where perm = permission, illustrates how the group file is constructed:
group name:console server name:connect perm:monitor perm:clear perm
where: group name is the name of the user’s group
console server name is the SCS’s hostname connect perm is the port that a group can connect with
monitor perm are the ports that a group can monitor clear perm are the ports that a group is allowed to clear
For example: pbxgrp:tvscs320:1,2-6,13:5-9:1-7 itgrp:tvscs160:8-16:7:1,3,5,7-11
The above example shows two groups, pbxgrp and itgrp, that are allowed to access ports on a Secure Console Server.
The first group, pbxgrp, can access an SCS with the hostname of tvscs320. The group can connect to ports 1, 2, 3, 4, 5, 6 and 13. It can monitor ports 5, 6, 7, 8 and 9. This group is allowed to clear ports 1, 2, 3, 4, 5, 6 and 7.
The second group, itgrp, can access the SCS with a hostname of tvscs160. This group can connect to ports 8, 9, 10, 11, 12, 13, 14, 15 and 16. It can monitor port 7, and can clear ports 1, 3, 5, 7, 8, 9, 10 and 11.
LSI Port Access Permission file Port Access Permission for the user defined group names* are defined below.
Permissions can be any or all of the following forms:
decimal value decimal range using a dash (-) as the range indicator a comma (,) used to separate digits and/or ranges
a colon (:) used as the field separator, as in:
group name:console server name:connect perm:monitor perm:clear perm
* user_group1:scs160_milford:1-16:1-3,5,8,16:0
* user_group2:scs320_boston:1-6:12,15:3-7
Page 47
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.9.3 User Names and Groups
The LSI Port User Definition file (/nis/lsi_port_users) is used to assign a user to a given Port Access group. This file information is found in /usr/local/doc/nis.
The following example illustrates how it is set up:
User name:group name
where: user name is a valid SCS user
group name is a valid users’ group
For example:
tomv:pbxgrp billf:itgrp
The above example shows two users, tomv and billf. User tomv is in the group pbxgrp and billf is in the group itgrp. When used with the lsi_port_access file, it illustrates how tomv
can log into tvscs320 and be able to connect, monitor and clear the ports that were set up in the previous example. The same goes for billf.
LSI Port Access User definition file Port Access user and respective port access group names are defined below.
Users must be valid system usernames.
Group names are those defined in the lsi_port_access file.
lsiuser1:user_group1 lsiuser2:user_group1 lsiuser3:user_group2 lsiuser4:user_group2
Group Permissions
A user might not have access to a particular port, depending on group permissions. Only members of the scsusers group (group ID of 701) may access SCS ports. Only members of the monitor group (group ID of 702) may access SCS monitor ports.
7.9.4 NIS Database file
The lsi_port_awk file is used to create the lsi database file (lsiportdbase) on the NIS server. It contains the awk code that the Make file needs.
7.9.5 NIS Make file
The file Makefile.nis.portAccess is used to create the lsi port database. To build the database, the above files (listed in Section 7.9, NIS and User Port Permissions, on
page 46) need to be loaded onto the NIS server. The system has been tested on a Linux CPU running RedHat 8.0. The files were placed in the /var/yp directory. After executing the Make file, the lsi database file was placed in the NIS host directory.
Page 48
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.9.6 NIS Configuration File
The NIS configuration file (located at /etc/nsswitch.conf) must be edited by the user to support your NIS server. To do this:
1.
Open the file /etc/nsswitch.conf using your editor.
2.
Edit (add or modify) a line to your config file that supports local files for local users and, if not assigned locally, refers to the NIS database. The line should read: port_access:filesnis
3. Save your updated nsswitch.conf file.
7.10 NFS
NFS information can be obtained from the man pages, which is an overview of setup information for an NFS application as it pertains to the SCS. Refer to the following:
man pages:nfs, mount, fstab.
7.10.1 Remote NFS Directory
To mount a remote directory onto the SCS you must start the portmap and netfs services. To manually start portmap and netfs services, enter the commands
service portmap start service netfs start
:
To automatically start portmap and netfs services at Power On, enter the commands:
chkconfig portmap on chkconfig netfs on
Determine which local directory name you will use to refer to the remote directory. The standard name is /mnt. If you need more than one remote directory mounted, create the additional directories under the /mnt directory. (e.g., /mnt/dir1, /mnt/dir2, /mnt/dir3...)
To test the mounting, enter the following:
mount -t nfs <remote server name>:<remote directory name> <local directory name>
Example: mount -t nfs nyc:/usr/local/cvs/mnt/dir2
!
Note: To have this mount occur at startup, you must edit the file /etc/fstab. See the man pages noted above for details.
For example:
nyc:/isr/local/cvs/mnt/dir2nfshard,intr
Page 49
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
7.11 SNMP
Simple Network Management Protocol (SNMP) governs network management and the monitoring of network devices and their functions. Network management stations monitor and control the network components. SNMP is supported in the SCS as “read only”. Refer to the
man pages for more details.
7.11.1 Start SNMP
Start SNMP with the command
service snmpd start chkconfig snmpd on
7.12 syslog
Using default settings, the SCS will log all warnings and higher events. The SCS keeps a system log file called /var/log/messages. The level of logging is controlled by the file
/etc/syslog.conf.
SCS products can log the following:
Notice level events:
Port settings changed
Begin and end Interactive mode
Port buffer cleared
Info level events:
User settings modified
Port buffer accessed
The default file entry is *.notice, with lower level settings in *.info. (A lower level setting generates more messages.)
7.13 Timeouts
The SCS system supports timeout on the network port. Refer to the man page for timeout options. Use the commands timeoutd and timeouts
.
7.14 Changing Serial Port Settings
Use stty to change things like the port name, baud rate or hard/soft flow control. Note that these changes are temporary and will be lost on the next reboot. To make the changes perm­anent, edit the file /etc/rc.d/rc.serial. This file contains a list of stty commands (one for each port).
7.14.1 Disable buffering while in Interactive
To prevent unauthorized access, do not store data in the Port buffer while in Interactive mode. Under normal conditions, all data from the serial device is stored in the buffer and can be viewed at a later time. To disable buffering (only while the Interactive mode is in progress), use the command:
stty -F/dev/ttyBn -buffer
Page 50
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
8. Administering Users
The following commands are used to change settings for users. You can define as many
users as you wish, up to the memory capacity of the system. The limiting factor for users is not the number of users but the number of simultaneous sessions invoked by any number of users (250 sessions maximum).
8.1 User Setup
Each user account must have a unique name and its own password. Each User account has the following parameters:
PARAMETER CONSTRAINTS
A unique user name made up of contiguous characters that cannot be
Name
renamed. This name will be displayed at the command prompt when a user has
logged in.
Password
Port range or
Port group
(used below)
ESCAPE_SEQ
BREAK_SEQ
ALLOW_CLEAR
ALLOW_CONNECT
ALLOW_MONITOR
Linux password for this user account. Default is set to access all ports in the SCS chassis (1-16, 1-32 or 1-48).
Ports can be assigned individually (1), in a contiguous range (2-7), in random ports (3,6,9,15) or any combination of the above valid port numbers for
that chassis (1, 4-7, 12, 15-16). Escape sequence. Default is “Esc-A”. Displayed in ASCII (x1bA) Break sequence. Default is “Esc-B”. Displayed in ASCII (x1bB)
Range or group of Ports for which this User account can Clear the Port
Range or group of Ports to which this User account can connect Range or group of Ports which the User can monitor
There are three permissions in the user config files:
ALLOW_CONNECT: The user can enter Interactive mode. The file name is
/dev/ttyBnnn).
T
o browse a buffer a user must have connect permissions on that port.
ALLOW_MONITOR: The user can view a specified port. The file name is
/dev/monitor_portnnn and must be opened in Read-Only mode.
ALLOW_CLEAR: A user can clear a specified buffer. The file name is
/proc/port_buffers/nnn)
8.1.1 adduser
SCS users are identified with a user name and the adduser command is used to create a new user account. The user’s name, password and port access configurations are set, along with the escape and break command keystrokes. After a user has been added, this user can log into the system from a network or console port connection.
Page 51
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
8.1.2 edituser
The edituser command is used to change the parameters for an existing user. The user name cannot be edited using edituser
user account and enter the appropriate assignments. You should then delete the original user account (paragraph 8.1.3).
. I
n order to modify a user’s name you must generate a new
8.1.3 deluser
The del user command deletes an existing user account.
!
Note: The following command modifiers (options) apply to the add user and edituser commands.
8.1.4 Other Editing Commands
The following commands may be entered to change the following parameters. The root user may change the preset values for these parameters and a user may use this command to change the parameters for the Port they are connected to.
8.1.4.1 editbrk <name>
Use editbrk <name> to edit the break sequence for a user. The break sequence is presented in its ASCII form. (User key stroke default is ESC – B.)
8.1.4.2 editesc <name>
Use editesc <name> to edit the escape sequence for a user. The escape sequence is presented in its ASCII form. (User key stroke default is ESC – A.)
9. User Operations
Commands that End Users need to connect to their Servers through the SCS
9.1 User Accounts
The SCS has two types of user accounts: user and root and supports multiple user accounts, each having a unique combination of read, write and review privileges for each of the Ports. Each user account is password protected and a defined user may or may not have permission to interact with the attached servers.
9.1.1 SCS users
SCS users are the individuals that will connect to any or all of the attached networking devices for service, support or access needs. There can be many users defined and each user, when connecting to the system, establishes a session with a selected device by entering the connect command. There can be up to 250 simultaneous user sessions.
9.1.2 root user
The root user differs from other SCS users in that he root user will act as the System Administrator (sysadmin) for the full SCS system and has full access to the each of the SCS
Page 52
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Ports. There is only one root user for each SCS system. The root user defines the access rights of all users in the SCS system. The root user’s access is
secured with the root password (default password is root). The root password should be changed regularly and carefully guarded to prevent unauthorized access.
9.2 Port Identities
Each Port is numbered and has a default name (port1, port2, etc.) but may be given any name by the sysadmin. Each user interacts with the servers connected to ports by entering a command associated with either the port number or port name.
9.3 What Users Can Do
Remember: Use connect <Port number or name> to access a specific server or network device.
9.3.1 Access via Network
To access a connected server via the SCS network port, the user should use an ssh client to ssh to the IP address of the SCS.
9.3.1.1 Secure Shell Host (ssh) to a Port
You can ssh directly to a port by using the following command:
ssh user@scs -t -t connect <port number or name>
9.3.2 Access via console port
The console port is normally used by the System Administrator during service events. However, it can be used by any user that has access to the terminal and has a password to log into the system and access system Ports.
9.3.3 Interactive Mode
For a user to interact directly with an attached server, the user must enter the Interactive mode. Use connect <port name or number> to connect to a port (only applies to ports for which the user is allowed Connect access).
The user's terminal is then connected to the. The SCS displays the last page of the port buffer along with a system information message indicating which Port is selected as the user enters Interactive mode. If a user attempts to connect to a port that is in use, they will receive the message Device or Resource busy.
The Interactive Mode Escape Sequence is a series of two to ten characters that allows the user to exit Interactive Mode and return to the System Prompt. The default for the Interactive mode escape sequence is <ESC>A (escape key, then uppercase A). The user may change the sequence by using the command editesc.
9.3.3.1 Break Sequence
The user is not connected directly to the server, but rather is connected through the SCS, and therefore cannot use the break key. While a user is connected to a port in the Interactive mode the user can, however, send a break command to that port. The default sequence is <ESC>B
Page 53
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
editbrk
When not in the Interactive mode, a user can enter editbrk to edit or view their preset break sequence. The break sequence is presented in its ASCII form (x1bB). The user key stroke default is <ESC>B. Press Enter to keep the existing setting.
Warning!: Because the sysadmin is responsible for configuration changes, it is
recommended that only the sysadmin be allowed to change the break sequence.
9.3.3.2 Escape Sequence
A user-defined sequence of keys is used to leave the Interactive mode. The default sequence is <ESC>A
!
Note: Do NOT use combinations of the <CTRL> key and other keys for the escape sequence as these combinations are usually reserved for sending and receiving special characters through a terminal.
Edit Escape Sequence: It is recommended that only the sysadmin edit the escape command
sequence. When logged in, enter editesc to edit or view the preset escape sequence. The escape sequence is presented in its ASCII form (x1bA). The user key stroke default is
<ESC>A. Press Enter to keep the existing setting.
Warning!: Because the sysadmin is responsible for configuration changes, it is
recommended that only the sysadmin be allowed to change the escape sequence.
9.4 Monitor Mode
Monitor Mode allows a user to view the traffic on a port, but not to interact with it. Once in Monitor Mode, pressing any key will close the connection. Multiple users may monitor the same
port at one time, unlike Interactive mode, which is limited to one user. A port may be monitored while an interactive session is in progress. The monitor command uses the same syntax as the connect command.
9.5 Browse the Buffers
Any of the Linux text browsing commands (less, more, ftp, tftp, scp, etc.) may be used to view the Port buffers. These buffers are named:
/lsi/ports/buf_<name> or /proc/port_buffers/<number>
9.6 Clear the Port Buffers
Use the following commands to erase the data in a Port buffer:
stty --clear -F/proc/port_buffers/<n>
or
stty --clear -F/lsi/ports/buf_<name>
Page 54
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
10. Regulatory and Safety Compliance
10.1
Safety Requirements
10.1.1 Symbols Found on Our Products
Markings and labels on our products follow industry-standard conventions. Regulatory markings found on our products comply with all domestic and many international requirements.
10.2 R
Thinklogical® Secure Console Server products are designed and made in the USA. They have been tested by a nationally recognized testing laboratory and found to be compliant with the following standards (both domestic USA and many international locations).
egulatory Compliance
10.2.1 North America
These products comply with the following standards: Safety
ANSI/UL60950-1: 1st Edition (2003)
CAN/CSA C22.2 No. 60950-1-03
Electromagnetic Interference
FCC CFR47, Part 15, Class A
Industry Canada ICES-003 Issue 2, Revision 1
10.2.2 European Union
10.2.2.1. Declaration of Conformity
Product name
Model: SCS80 Secure Console Server, SCS801 Secure Console Server
Model: SCS160 Secure Console Server, SCS1601 Secure Console Server
Model: SCS320 Secure Console Server, SCS3201 Secure Console Server
Model SCS480 Secure Console Server, SCS4801 Secure Console Server
Model: SCS80R Secure Console Server, SCS801 R Secure Console Server
Model: SCS160R Secure Console Server, SCS1601 R Secure Console Server
Model: SCS320R Secure Console Server, SCS3201 R Secure Console Server
Model: SCS480R Secure Console Server, SCS4801 R Secure Console Server
Model: Sentinel 32 Secure Console Server, Sovereign 32 Secure Console Server
These products comply with the requirements of Low Voltage Directive 72/23/EEC and EMC Directive 89/336/EEC.
10.2.2.2 Standards to Which Our Products Comply
Safety
IEC60950:1992+A1, A2, A3, A4, A11
Electromagnetic Emissions
EN55022: 1994 (IEC/CSPIR22:1993)
EN61000-3-2/A14: 2000
EN61000-3-3: 1994
Page 55
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Electromagnetic Immunity
EN55024:1998 Information Technology Equipment-Immunity Characteristics
EN61000-4-2:1995 Electro-Static Discharge Test
EN61000-4-3:1996 Radiated Immunity Field Test
EN61000-4-4:1995 Electrical Fast Transient Test
EN61000-4-5:1995 Power Supply Surge Test
EN61000-4-6:1996 Conducted Immunity Test
EN61000-4-8:1993 Magnetic Field Test
EN61000-4-11:1994 Voltage Dips & Interrupts Test
10.2.2.3 Supplemental Information
The following statements may be appropriate for certain geographical regions but might not apply to your location.
!
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment uses, generates and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications, in which case the user may be required to correct the interference.
!
Note: This Class A digital apparatus complies with Canadian ICES-003 and has been verified as compliant within the Class A limits of the FCC Radio Frequency Device Rules (FCC Title 47, Part 15, Subpart B Class A), measured to CISPR 22: 1993 limits and methods of measurement of Radio Disturbance Characteristics of Information Technology Equipment.
This Class A digital apparatus meets all requirements of the Canadian Interference-Causing Equipment Regulations.
Cet appareil numérique de la classe A respecte toutes les exigencies du Règlement sur le matérial brouilleur du Canada.
!
Note: Users may notice degraded audio performance in the presence of electro-magnetic fields.
10.3 Product Serial Number
Secure Console Server products have a unique serial number, imprinted on a small silver label that is placed on the bottom of the chassis. The serial number includes a date-code. The format for
three digits for a unique unit number
shipping carton.
the date-code is two digits for the week; two digits for the year and two or
. This serial number is also found on the original
Page 56
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
10.4 Lithium Battery
The SCS products have a replaceable, long-life Lithium battery (CR2032, 3 volt) to support the system BIOS which will likely never need field replacement. However, if it ever does need to be replaced, the following caution statement applies:
Warning!: There is a risk that the battery could rupture if it is replaced by an incorrect type. Be sure to use only a CR2032, 3 volt lithium battery. Properly dispose of spent batteries.
10.5 SCS-R Models and Sentinel 32 Power Modules
The SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 systems have hot-swappable Power Modules that can be replaced in the field without interrupting service. Each Power Module is held in place with a single captive screw.
Warning!: When replacing a Power Module in the field, first turn the power switch off, then remove the Power Cord BEFORE loosening the captive screw and pulling the module out. When replacing the module, fully insert the module and tighten its screw before replacing the power cord.
11. How to Contact Us
11.1 Customer Support
11.1.1 Website
Visit our website at the full line of Thinklogical® products. Our internet website offers product information on all current systems, including technical specification sheets and Quick Start Guides (for viewing online or for download), product diagrams showing physical connections and other useful information.
be sure to update your browser when you visit us online.
We regularly update our website, so to see our most current information,
www.thinklogical.com for more product information, current updates and
!
Note: Most online documents are stored as Adobe Acrobat .pdf files. If you do not have the Adobe Acrobat reader needed to view .pdf files, visit www.adobe.com
for a download.
Page 57
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
11.1.2 Email
Thinklogical® is staffed Monday through Friday from 8:30am to 5:00pm, Eastern Time Zone. We will try to respond to your email inquiries promptly. Please use the following email addresses for your various needs:
Info@thinklogical.com sales@thinklogical.com support@thinklogical.com
and request for Return Merchandise Authorization.
– Information about Thinklogical® and our products.
– Sales Department: orders or questions
.
– Product support, technical issues or questions, product repairs
11.1.3 Telephone
Telephone Sales: Please c
in the continental US, use our toll-free number Friday from 8:30am to 5:00pm, Eastern Time Zone. Be sure to ask for your sales representative’s direct dial phone number when you call.
Telephone Product Support: Please c Connecticut at
1-203-647-8700
8:30am to 5:00pm, Eastern Time Zone.
International Sales: 203-647-8700
. We are here Monday through Friday, 8:30am to 5:00pm, Eastern Time Zone
Please contact our expert Sales Staff in Milford, Connecticut, USA at
(same as New York City). If leaving a voice message, please provide a preferred time to call back so we may reach you at your convenience.
Our switchboard attendant will direct your call during regular business hours. We have an automated attendant after regular business hours and on holidays. Please leave a voice message for any of our representatives at any time. Each of our sales and service representatives has a direct number to accommodate your calls.
ontact our expert sales staff in Milford, CT at
1-800-291-3211
. We are here Monday through
ontact our expert Product Support staff in Milford,
. The support lines are manned Monday through Friday,
1-203-647-8700
or, if
1-
11.1.4 Fax
Our company facsimile number is your cover sheet and provide return contact information, including your phone number.
1-203-783-9949
. Please indicate the nature of the fax on
11.2 Product Support
Thinklogical’s® support personnel are available Monday through Friday from 8:30am to 5:00pm, Eastern Time Zone. If you need assistance at some time outside of normal business hours, please contact us beforehand and we will do our best to make arrangements to assist you.
11.2.1. Limited Warranty Information
Thinklogical®, LLC (“Thinklogical”) warrants this product against defects in materials and workmanship for a period of one (1) year from the date of delivery (ordinary wear and tear excluded). This limited warranty does not cover defects resulting from (i) use of the product other than as described in the applicable documentation for the product; (ii) modifications to or repairs of the product that are made by any party other than Thinklogical® or a party acting on Thinklogical’s® behalf, or (iii) combination of the product with third party products that is not consented to by Thinklogical®. Occurrences of events described in (i) – (iii) shall void the foregoing warranty. This warranty gives you specific legal rights, and you may also have other
Page 58
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
rights which vary from state to state.
Except for the express warranty set forth above, to the fullest extent permitted under applicable law, Thinklogical®, LLC and its suppliers disclaim any and all other warranties, express and implied, including without limitation the implied warranties of merchantability, fitness for a particular purpose, title and non-infringement.
If the defective product is returned to the authorized dealer within one (1) year of the delivery date, repair or replacement of the product will be made. Repairs may be made with refurbished parts. If repair or replacement is not possible, Thinklogical® may keep the defective product and refund the amount that you paid for the defective product. These are Thinklogical’s® sole obligations, and your exclusive remedies, for a breach of the limited warranty set forth above.
To return a defective product, contact the Thinklogical® authorized dealer from whom you purchased the product. Do not return a product directly to Thinklogical® without prior authorization from your dealer.
If you have received prior authorization from your dealer and are returning a product directly to Thinklogical®:
1. Contact your sales representative, or call Customer Support at: 1-800-291–3211 or 1-203-647–8700.
2. Describe the product defect and Customer Support will issue a Return Merchandise Authorization Number (RMA#).
3. If possible, pack the product in all of its original packing and be sure to include the RMA number with the address, so it is clearly visible on the outside of the box.
4. Return the product to:
Thinklogical, LLC® Attn: RMA# (Insert the RMA# issued to you by Thinklogical®, here.) 100 Washington Street Milford, CT 06460 USA
If you have any issues with our products, have product questions or need technical assistance, please call us at
1-203-647-8700
and let us help.
Page 59
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix A: File System
A.1 Read-Only vs. Read-Write
In some instances you may need to interact directly with the SCS’s file system, in which case you must mount it for read-write (R/W) access before changes can be made to the system’s Compact Flash.
To mount R/W: mount -o remount,rw/
Warning!: Regular SCS use does not require changes to the Read-Write operation. The sysadmin may only need to use this to interact with the SCS’s Linux file system directly. Do not leave the system in Read-Write mode. Leaving the system in read-write mode could shorten the life span of the SCS.
The SCS’s file system is normally mounted in a read-only mode and is run from RAM to prolong the life (read-write cycles) of the system’s Compact Flash memory card. Leaving
the system in read-write mode could shorten the life span of the SCS.
To mount R/O: mount -o remount,ro/
A.1.1 Read-Only Mode for Normal Use
Warning!: It is VERY IMPORTANT to remount as Read-Only when you are done with any changes.
During system startup, the tar file is expanded into RAM. The root file system is then mounted as Read-Only. It must be remounted as Read-Write in order to make changes (e.g. mount –o remount,ro/
A.1.2 LSI Directories
The following LSI directories are those most often used with SCS products:
/etc /home /var /root /lsi
The save command tars these directories and stores the tar file in /misc
.
Page 60
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix B: FAQ
A few frequently-asked questions
B.1 How To…
This section is a collection of tips and hints for various setup items. The root user can change any of the following features using the given command steps:
B.1.1 Change Port Parameters
Serial Port settings are modified via the stty command (see man page stty
).
The serial port
settings are modified in the rc.serial file to be permanently changed. Note the following:
Changing port names is persistent over a reboot
Changing port communication settings (baud rate, parity etc.) is temporary. The file
/etc/rc.serial must be edited in order to save the settings.
To change the Port Parameters, edit the file: /etc/rc.d/rc.serial
For example, to change the baud rate for Port 5 to 19,200 baud, enter:
Stty -F/dev/ttyB5 19200 {other options}
B.1.2 Change the Name of a Port
You can change the name of a Port if you know the original name. For example, to change the Port <current name> to payroll, enter:
Stty --name=payroll -F/lsi/ports/<current name>
B.1.3 View a Buffer
Use less or cat to view a port’s buffer. There are at least two methods:
/lsi/ports/buf_<portname> or /proc/port_buffers/<portnumber>
Page 61
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix C: Sentinel 32 Modem Commands
The following modem commands information has been extracted, with the permission of the modem’s manufacturer, from the Multi-Tech Systems, Inc., Developer’s Guide (2003).
Introduction
The AT commands are used to control the operation of your modem. They are called AT commands because the characters AT must precede each command to get the ATtention of the modem. AT commands can be issued only when the modem is in command mode or online command mode. The modem is in command mode whenever it is not connected to another modem. The modem is in data mode whenever it is connected to another modem and ready to exchange data. Online command mode is a temporary state in which you can issue commands to the modem while connected to another modem.
To put the modem into online command mode from data mode, you must issue an escape sequence ( characters and the command, e.g., command To send AT commands to the modem you must use a communications program, such as the HyperTerminal applet in Windows 98/ 95 and NT
4.0, or some other available terminal program. You can issue commands to the modem either directly, by typing them in the terminal window of the communications program, or indirectly, by configuring the operating system or communications program to send the commands automatically. Fortunately, communications programs make daily operation of modems effortless by hiding the commands from the user. Most users, therefore, need to use AT commands only when reconfiguring the modem, e.g., to turn auto answer on or off.
The format for entering an AT command is command parameter. The value is always a number. If the value is zero, you can omit it from the command; thus, Most commands have a default value, which is the value that is set at the factory. The default values are shown in the “AT Command Summary” (See below). You must press ENTER (it could be some other key depending on the terminal program) to send the command to the modem. Any time the modem receives a command, it sends a response known as a result code. The most common result codes are OK, ERROR, and the CONNECT messages that the modem sends to the computer when it is connecting to another modem. See a table of valid result codes at the end of this chapter. You can issue several commands in one line, in what is called a command string. The command string begins with
ENTER. Spaces to separate the commands are optional; the command interpreter ignores them. The most familiar command string is the initialization string, which is used to configure the modem when it is turned on or reset, or when your communications software calls another modem.
ATO.
+++ATH
to hang up the modem. To return to data mode from online command mode, you must issue the
ATXn,
where X is the command and n is the specific value for the command, sometimes called the
+++)
followed immediately by the AT
AT&W
is equivalent to
AT
and ends when you press
AT&W0.
AT Command Summary
Organization of AT Commands on the following pages: 1st, by the initial command character (&, +, %) 2nd, alphabetized by the second command character (Except for listing of
Command Description
AT Attention Code
A Answer
A/ Repeat Last Command Bn Communication Standard Setting Ds Dial
DS=y Dial Stored Telephone Number
En Echo Command Mode Characters Fn Echo Online Data Characters Hn Hook Control
In Information Request
Mn Monitor Speaker Mode
Nn Modulation Handshake
AT)
Page 62
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command Description
On Return Online to Data Mode
P Pulse Dialing
Qn Result Codes Enable/Disable
Sr=n Set Register Value
Sr? Read Register Value
T Tone Dialing
Vn Result Code Format
Wn Result Code Options
Xn Result Code Selection Zn Modem Reset
&Cn Data Carrier Detect (DCD) Control &Dn Data Terminal Ready (DTR) Control &En XON/XOFF Pass-Through
&Fn Load Factory Settings &Gn V.22bis Guard Tone Control &Kn Flow Control Selection
&Ln Leased Line Operation &Pn Pulse Dial Make-to-Break Ratio Selection &Qn Asynchronous Communications Mode &Sn Data Set Ready (DSR) Control
&Tn Loopback Test (V.54 Test) Commands
&V Display Current Settings
&Wn Store Current Configuration
&Zy=x Store Dialing Command
\An Select Maximum MNP Block Size
\Bn Transmit Break \Kn Break Control \Nn Error Correction Mode Selection
\Qn Flow Control Selection
\Tn Inactivity Timer \Vn Protocol Result Code
-Cn Data Calling Tone %A Adaptive Answer Result Code Enable %B View Numbers in Blacklist
%Cn Data Compression Control
%DCn AT Command Control
%En Fallback and Fall Forward Control %Hn Direct Connect Enable %Rn Cisco Configuration
%Sn Command Speed Response
$EBn Asynchronous Word Length
$Dn DTR Dialing $MBn Online BPS Speed $SBn Serial Port Baud Rate
#CBAn Callback Attempts
#CBDn Callback Delay # CBF? Callback Failed Attempts Display # CBFR Callback Failed Attempts Reset
Page 63
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command Description
# CBIn Local Callback Inactivity Timer
# CBNy=n Store Callback Password
# CBPn Callback Parity # CBRy Callback Security Reset # CBSn Callback Enable/Disable
#Pn Set 11-bit Parity #Sx Enter Setup Password
#S=x Store Setup Password
+VDR=x, y Distinctive Ring Report
+++AT<CR> Escape Sequence
%%%ATMTSMODEM<CR> Remote Configuration Escape Sequence
V.92 Commands
AT Commands
Command: AT Attention Code Values: n/a
Description: The attention code precedes all command lines except A/, A: and escape sequences.
Command: ENTER Key Values: n/a
Description: Press the E
NTER (RETURN)
key to execute most commands.
Command: A Answer Values: n/a Description: Answer call before final ring.
Command: A/ Repeat Last Command Values: n/a
Description: Repeat the last command string. Do not precede this command with AT. Do not press E
Command: Bn Communication Standard Setting Values:
Default: 0 and 15 Description: B0 Select ITU-T V.22 mode when modem is at 1200 bps.
Command: Ds Dial Values: Default: none
Description: Dial telephone number
n
= 0–3, 15, 16
B1 Select Bell 212A when modem is at 1200 bps. B2 Deselect V.23 reverse channel (same as B3). B3 Deselect V.23 reverse channel (same as B2). B15 Select V.21 when the modem is at 300 bps. B16 Select Bell 103J when the modem is at 300 bps.
s
= dial string (phone number and dial modifiers)
s,
where s may up to 40 characters long and include the 0–9, *, #, , B, C, and D
characters, and the L, P, T, V, W, S, comma (,), semicolon (;), !, @, ^ and $ dial string modifiers. Dial
string modifiers:
L Redial last number. (Must be placed immediately after ATD.) P Pulse-dial following numbers in command. T Tone-dial following numbers in command (default).
Switch to speakerphone mode and dial the following number. Use ATH command to hang up. W Wait for a new dial tone before continuing to dial. (X2, X4, X5, X6, or X7 must be selected.)
, Pause during dialing for time set in register S8.
NTER
to execute.
Page 64
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
; Return to command mode after dialing. (Place at end of dial string.) ! Hook flash. Causes the modem to go on-hook for one-half second, then off-hook again. @ Wait for quiet answer. Causes modem to wait for a ringback, then 5 seconds of silence, before processing next
part of command. If silence is not detected, the modem returns a NO ANSWER code.
^ Disable data calling tone transmission. $ Detect AT&T call card “bong” tone. The character should follow the phone number and precede the
user’s call card number: ATDT1028806127853500$123456789
Command: DS=y Dial Stored Telephone Number Values:
n
= 0–2 (0–1 for SMI-Parallel {internal}) Default: none Description: Dial a number previously stored in directory number y by the &Zy=x command. Example: ATDS=2
Command: En Echo Command Mode Characters Values:
n
= 0 or 1 Default: 1 Description: E0 Do not echo keyboard input to the terminal. E1 Do echo keyboard input to the terminal.
Command: Fn Echo Online Data Characters Values:
n =
1 Default: 1 F0 Enable online data character echo. (Not supported.)
F1 Disable online data character echo (included for backward compatibility with some software).
Command: Hn Hook Control Values:
n
= 0 or 1 Default: 0 Description: H0 Go on-hook (hang up). H1 Go off-hook (make the phone line busy).
Command: In Information Request Values:
n
= 0–5, 9, 11 Default: None Description: I0 Display default speed and controller firmware version.
I1 Calculate and display ROM checksum (e.g., I2 Check ROM and verify the checksum, displaying
12AB).
OK
or
ERROR.
I3 Display default speed and controller firmware version. I4 Display firmware version for data pump (e.g., 94). I5 Display the board ID: software version, hardware version, and country ID I9 Display the country code (e.g.,
NA Ver. 1).
I11 Display diagnostic information for the last modem connection, such as DSP and firmware
version, link type, line speed, serial speed, type of error correction/data compression, number of past retrains, etc.
Command: Mn Monitor Speaker Mode Values:
n
= 0, 1, 2, or 3 Default: 1 Description: M0 Speaker always off. M1 Speaker on until carrier signal detected. M2 Speaker always on when modem is off-hook. M3 Speaker on until carrier is detected, except while dialing.
Command: Nn Modulation Handshake Values:
n
= 0 or 1
Page 65
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Default: 1 Description: N0 Modem performs handshake only at communication standard specified by S37 and the B
command.
N1 Modem begins handshake at communication standard specified by S37 and the B command. During handshake, fallback to a lower speed can occur.
Command: On Return Online to Data Mode Values:
0, 1, 3
Default:
None
Description: O0 Exit online command mode and return to data mode (see O1 Issue a retrain and return to online data mode. O3 Issue a rate renegotiation and return to data mode.
Command: P Pulse Dialing Values:
P, T
Default: T Description: Configures the modem for pulse (non-touch-tone) dialing. Dialed digits are pulsed until a T
command or dial modifier is received.
Command: Qn Result Codes Enable/Disable Values: Default: 0 Description: Q0 Enable result codes. Q1 Disable result codes.
Q2 Returns an
n
= 0 or 1
OK
for backward compatibility with some software.
+++AT<CR>
escape sequence).
Command: Sr=n Set Register Value Values: Default:
None
Description: Set value of register Sr to value of
Command: Sr? Read Register Value Values: r = S-register number Default: None
Description: Read value of register Sr and display it in 3-digit decimal form (e.g., S2? gives the response 043).
Command: T Tone Dialing Values: P, T
Default: T Description: Configures the modem for DTMF (touch-tone) dialing. Dialed digits are tone dialed until a P command or
Command: Vn Result Code Format Values: n = 0 or 1 Default: 1 Description: V0 Displays result codes as digits (terse response).
Command: Wn Result Code Options Values: n = 0, 1, or 2
Default: 2 Description: W0 CONNECT result code reports serial port speed, disables protocol result codes.
W1 CONNECT result code reports serial port speed, enables protocol result codes. W2 CONNECT result code reports line speed, enables protocol result codes.
r
= S-register number; n varies
n,
where n is entered in decimal format (e.g., S0=1).
dial modifier is received.
V1 Displays result codes as words (verbose response).
Command: Xn Result Code Selection Values: n = 0–7
Page 66
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Default: 4 Description: X0 Basic result codes (CONNECT); does not look for dial tone or busy signal.
X1 Extended result codes (CONNECT 46000 V42bis); does not look for dial tone or busy signal. X2 Extended result codes with NO DIALTONE; does not look for busy signal. X3 Extended result codes with BUSY; does not look for dial tone. X4 Extended result codes with NO DIALTONE and BUSY. X5 Extended result codes with NO DIALTONE and BUSY. X6 Extended result codes with NO DIALTONE and BUSY. X7 Basic result codes with NO DIAL TONE and BUSY.
Command: Zn Modem Reset Values: n = 0 or 1
Default: None Description: Z0 Reset modem to profile saved by the last &W command. Z1 Same as Z0.
Command: &Cn Data Carrier Detect (DCD) Control Values: n = 0, 1, 2
Default: 1 Description: &C0 Forces the DCD circuit to be always ON.
&C1 DCD goes ON when the remote modem’s carrier signal is detected, and goes OFF when the carrier signal is not detected. &C2 DCD turns OFF upon disconnect for time set by S18. It then goes high again (for some PBX phone systems).
Command: &Dn Data Terminal Ready (DTR) Control Values:
Default: 2 Description: &D0 Modem ignores true status of DTR signal and responds as if it is always on.
&D1 If DTR drops while in online data mode, the modem enters command mode, issues an
&D2 If DTR drops while in online data mode, the modem hangs up. If the signal is not
&D3 If DTR drops, modem hangs up and resets as if ATZ command were issued.
n
= 0, 1, 2, or 3
OK,
and remains connected.
present, the modem will not answer or dial.
Command: &En XON/XOFF Pacing Control Values:
Default: 12 Description: &E12 Disables XON/XOFF pacing. &E13 Enables XON/XOFF pacing.
Command: &Fn Load Factory Settings Values:
Default: None Description: &F0 Load factory settings as active configuration. Note: See also the Z command.
Command: &Gn V.22bis Guard Tone Control Values: Default: 0 Description: &G0 Disable guard tone. &G1 Set guard tone to 550 Hz. &G2 Set guard tone to 1800 Hz.
Note: The &G command is not used in North America.
Command: &Kn Flow Control Selection
n
= 12 or 13
n
= 0
n
= 0, 1, or 2
Page 67
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Values:
n
= 0, 3, or 4 Defaults: 3 Description: &K0 Disable flow control. &K3 Enable CTS/RTS hardware flow control. &K4 Enable XON/XOFF software flow control.
Command: &Ln Leased Line Operation Values:
n
= 0, 1, or 2 Defaults: 0 Description: &L0 The modem is set for standard dial-up operation. &L1 The modem is set for leased line operation in originate mode. &L2 The modem is set for leased line operation in answer mode. Note: For &L1 and &L2, there is a 30-second window between power up and the starting of the leased line handshake. During this time, you can turn off the command, if desired.
Command: &Pn Pulse Dial Make-to-Break Ratio Selection Values:
n
= 0, 1, or 2 Default: 0 Description: &P0 60/40 make-to-break ratio &P1 67/33 make-to-break ratio
&P2 20 pulses per second Note: The &P2 command is available only if the country code is set to Japan.
Command: &Qn Asynchronous Communications Mode Values:
n
= 0, 5, 6, 8, or 9 Default: 5 Description: &Q0 Asynchronous with data buffering. Same as \N0.
&Q5 Error control with data buffering. Same as \N3. &Q6 Asynchronous with data buffering. Same as \N0. &Q8 MNP error control mode. If MNP error control is not established, the modem falls back
according to the setting in S36.
&Q9 V.42 or MNP error control mode. If neither error control is established, the modem falls
back according to the setting in S36.
Command: &Sn Data Set Ready (DSR) Control Values:
n
= 0 or 1 Default: 0 Description: &S0 DSR is always ON.
&S1 DSR goes ON only during a connection.
Command: &Tn Loopback Test (V.54 Test) Commands Values:
n
= 0, 1, 3, 6 Default: None Description: The modem can perform selected test and diagnostic functions. A test can be run only when the
modem is operating in non-error-correction mode (normal or direct mode). For tests 3 and 6, a connection between the two modems must be established. To terminate a test in progress, the escape sequence (+++AT) must be entered.
&T0 Stops any test in progress.
&T1 Starts a local analog loopback, V.54 Loop 3, test. If a connection exists when this command is issued, the modem hangs up. When the test starts, a
CONNECT
message is displayed. &T3 Starts local digital loopback, V.54 Loop 2, test. If no connection exists,
ERROR
is returned.
&T6 Initiates a remote digital loopback, V.54 Loop 2, test without self-test. If no connection exists,
ERROR
is returned.
Page 68
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: &V Display Current Settings Values: n/a
Description: Displays the active modem settings.
Command: &Wn Store Current Configuration Values: Default: 1 Description: &W0 Stores current modem settings in non-volatile memory and causes them to be loaded at
Command: &Zy=x Store Dialing Command Values: x = Dialing command Default: None
Description: Stores dialing command x in memory location
Command: \An Select Maximum MNP Block Size Values: n = 0, 1, 2, or 3 Default: 3 Description: \A0 64-character maximum \A1 128-character maximum
\A2 192-character maximum \A3 256-character maximum
Command: \Bn Transmit Break
Values: n = 0–9 in 100 ms units Default: 3
Description: In non-error-correction mode only, sends a break signal of the specified length to a remote modem.
n
= 0 or 1
power-on or following the ATZ command instead of the factory defaults. See &F command. &W1 Clears user default settings from non-volatile memory and causes the factory defaults to be loaded at power-on or following the ATZ command.
y
= 0–2 (0–1SMI-Parallel {internal})
y.
Dial the stored number using the command
ATDS=y. See Also the #CBS command, a callback security command.
Works in conjunction with the \K command.
Command: \Kn Break Control Values: n = 0–5 Default: 5 Description: Controls the modem's response to a break received from: computer, remote modem, or \B
command. Response is different for each of three different states.
Data mode. Modem receives the break from the computer:
\K0 Enter online command mode, no break sent to the remote modem. \K1 Clear data buffers and send break to the remote modem.
\K2 Same as \K0. \K3 Send break immediately to the remote modem. \K4 Same as \K0. \K5 Send break to the remote modem in sequence with the transmitted data.
Data mode. Modem receives the break from the remote modem:
\K0 Clear data buffers and send break to the computer. \K1 Same as \K0.
\K2 Send break immediately to the computer. \K3 Same as \K2. \K4 Send break to the computer in sequence with the received data.
\K5 Same as \K4.
Online command mode. Modem receives a \Bn command from the computer:
\K0 Clear data buffers and send break to the remote modem. \K1 Same as \K0. \K2 Send break immediately to the remote modem. \K3 Same as \K2.
\K5Same as \K4. \K4 Send break to the remote modem in sequence with the transmitted data.
Page 69
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: \Nn Error Correction Mode Selection Values: n = 0–5, or 7 Default: 3 Description: \N0 Non-error correction mode with data buffering (buffer mode; same as &Q6). \N1 Direct mode. \N2 MNP reliable mode. If the modem cannot make an MNP connection, it disconnects.
\N3 V.42/MNP auto-reliable mode. The modem attempts first to connect in V.42 error correction mode, then in MNP mode, and finally in non-error correction (buffer) mode with continued operation.
\N4 V.42 reliable mode. If the modem cannot make a V.42 connection, it disconnects. \N5 V.42, MNP, or non-error correction (same as \ N3). \N7 V.42, MNP, or non-error correction
(same as \ N3).
Command: \Qn Flow Control Selection Values: n = 0, 1, or 3 Default: 3 Description: \Q0 Disable flow control (same as &K0). \Q1 XON/XOFF software flow control (same as &K4). \Q2 CTS-only flow control. Not supported. \Q3 RTS/CTS hardware flow control (same as &K3).
Command: \Tn Inactivity Timer Values: n = 0, 1–255
Default: 0 Description: Sets the time (in minutes) after the last character is sent or received that the modem waits before
disconnecting. A value of zero disables the timer. Applies only in buffer mode.
Note: You can also set the inactivity timer by changing the value of S30.
Command: \Vn Protocol Result Code Values: n = 0, 1, or 2 Default: 1 Description: \V0 Disables the appending of the protocol result code to the DCE speed. \V1 Enables the appending of the protocol result code to the DCE speed. \V2 Same as \V1.
Command: \Xn XON/XOFF Pass-Through Values: Default: 0
Description: \X0 Modem responds to and discards XON/XOFF characters. \X1 Modem responds to and
Command: -Cn Data Calling Tone Values:
Defaults: 1 Description: -C0 Disable V.25 data calling tone to deny remote data/fax/voice discrimination.
Command: %A Adaptive Answer Result Code Enable Values: Default: 0
Description: The %A command controls whether the DATA or FAX result codes will be sent by the modem.
%A1 Enables adaptive answer result codes.
n
= 0 or 1
passes XON/XOFF characters. Note: This is also controlled via &E6 and &E7.
n
= 0 or 1
-C1 Enable V.25 data calling tone to allow remote data/fax/voice discrimination.
n
= 0 or 1
The modem must be in fax mode for this command to work. Also, the modem must be set to +FAA=1, which enables the modem to distinguish between a fax and a data call. When these commands are enabled, the modem sends DATA to the computer when it detects data tones and FAX when it detects fax tones. These strings are used by some servers to select the appropriate communication program. %A0 Disables adaptive answer result codes.
Page 70
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: %B View Numbers in Blacklist Values: n/a Description: If blacklisting is in effect, AT%B displays the numbers for which the last call attempted in the
previous two hours failed. In countries that do not require blacklisting, the
ERROR
result code
appears.
Command: %Cn Data Compression Control Values:
n
= 0 or 1
Default: 1 Description: %C0 Disable V.42bis/MNP 5 data
compression. %C1 Enable V.42bis/MNP 5 data compression.
Command: %DCn AT Command Control Values:
n
= 0 or 1 Default: 0 Description: %DC0 The modem responds to AT commands. %DC1 The modem ignores AT commands. Note: The modem will respond to AT%DC for 10 seconds after power-up.
Command: %En Fallback and Fall Forward Control Values:
n
= 0, 1, or 2 Default: 2 Description: %E0 Disable fallback and fall forward. %E1 Enable fallback, disable fall forward. %E2 Enable fallback and fall forward.
Command: %Hn Direct Connect Enable Values:
n
= 0, 1 Default: 0 Description: %H0 Sets callback security to normal operation. %H1 All callback security calls will be direct connect regardless of whether the password or
phone number has the - character.
Command: %Rn Cisco Configuration Values:
n
= 0, 1 Default: 0 Description: %R0 Disables Cisco configuration. %R1 Sets E0, Q1, &D0, \N0, $SB9600, and %S1 for operation with a Cisco router.
Command: %Sn Command Speed Response Values:
n
= 0, 1 Default: 0 Description: %S0 Sets modem to respond to AT commands at all normal speeds.
%S1 AT commands accepted at 115200 bps only. Commands at other speeds are ignored.
Command: $Dn DTR Dialing Values:
n
= 0 or 1 Default: 0 Description: $D0 Disables DTR dialing. $D1 Dials the number in memory location 0 when DTR goes high.
Command: $EBn Asynchronous Word Length Values:
n
= 0 or 1 Default: 0 Description: $EB0 Enables 10-bit mode.
$EB1 Enables 11-bit mode.
Page 71
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: $MBn Online BPS Speed Values: Default: 28,800
Description: $MB75 Selects CCITT V.23 mode $MB300 Selects 300 bps on-line $MB1200 Selects 1200 bps on-line
Command: $RPn Ring Priority vs. AT Command Priority Values: Default: 1
$RP1 The ring will have priority over the AT command. S1 will increment even if an AT command and
Command: $SBn Serial Port Baud Rate Values: Default: 115200
Description: $SB300 Sets serial port to 300 bps
n
= speed in bits per second
$MB2400 Selects 2400 bps on-line $MB4800 Selects 4800 bps on-line $MB9600 Selects 9600 bps on-line $MB14400 Selects 14400 bps on-line $MB19200 Selects 19200 bps on-line $MB28800 Selects 28800 bps on-line $MB33600 Selects 33600 bps on-line
n
= 0 or 1
Description: $RP0 The AT command will have priority over the ring. S1 will be reset to 0 if an AT command is received. This command is storable to memory.
ring are received together and the incoming call will be answered when S1 is equal to S0. Note: SocketModems do not detect ring cadence of TelTone telephone line simulators as a valid ring.
n=
speed in bits per second
$SB1 200 Sets serial port to 1200 bps $SB2400 Sets serial port to 2400 bps $SB4800 Sets serial port to 4800 bps $SB9600 Sets serial port to 9600 bps $SB1 9200 Sets serial port to 19200 bps $SB38400 Sets serial port to 38400 bps $SB57600 Sets serial port to 57600 bps $SB1 15200 Sets serial port to 115200 bps $SB230400 Sets serial port to 230400 bps
Command: +VDR=x, y Distinctive Ring Report Values: x = 0, 1 Distinctive Ring report control. See description. y = 0–255 Minimum ring interval in 100 ms units. See description. Default: 0, 0
Description: Enables reporting of ring cadence information to the DTE and specifies the minimum ring
cadence that will be reported. The report format is one line per silence period and one line per ring period. The length of the silence period is in the form DROF=number in units of 100 ms<CR><LF>, and the length of the ring is in the form DRON=number in units of 100 ms<CR> <LF>. The modem may produce a Ring event code after the DRON message if enabled by the y parameter. The y parameter must be set to a value equal to or smaller than the expected ring cadence in order to pass the report to the DTE. +VDR=0, n/a Disables Distinctive Ring cadence reporting. +VDR=1, 0 Enables Distinctive Ring cadence reporting. Other call progress result codes
+VDR=1, >0 Enables Distinctive Ring cadence reporting. The RING result code is reported
+VDR=? Displays the allowed values. +VDR? Displays the current value.
(including RING) are reported as normal.
after the falling edge of the ring pulse (i.e., after the DRON report).
Page 72
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: #CBAn Callback Attempts Values: n = 1–255
Default: 4 Description: Sets the number of callback attempts that are allowed after passwords have been
exchanged between modems.
Command: #CBDn Callback Delay Values: n = 0–255 Default: 15
Description: Sets the length of time (in seconds) that the modem waits before calling back the remote modem.
Command: #CBF? Callback Failed Attempts Display Values: n/a
Default: n/a Description: Requests the number of failed callback passwords since reset or power-up. This number can be
stored to nonvolatile memory using the &W command.
Command: #CBFR Callback Failed Attempts Reset Values: n/a
Default: n/a Description: Resets the number of failed callback passwords to 0. This does not reset the number stored
in nonvola-tile memory.
Command: #CBIn Local Callback Inactivity Timer Values: n = 1–255
Default: 20 Description: Sets the time (in minutes) that the modem waits for a command before forcing the user to enter
the setup password again.
Command: #CBNy=x Store Callback Password Values: y = 0–29 x = password
Defaults: None Description: Sets the callback security password for the y memory location. The password must have 6
to 10 charac-ters, and cannot include the + or - characters.
Command: #CBPn Callback Parity Values: n = 0, 1, or 2
Default: 0 Description: Sets parity for the callback security messages. #CBP0 No parity. #CBP1 Odd parity. #CBP2 Even parity.
Command: #CBRy Callback Security Reset Values: y = 0–29
Default: None Description: Clears the password and phone number in the y memory location.
Command: #CBSn Callback Enable/Disable Values: n = 0, 1, 2, or 3 Default: 0 Description: #CBS0 Disables callback security. #CBS1 Enables local and remote callback security. #CBS2 Enables remote callback security only. #CBS3 Disables callback security until local hangup or reset.
Page 73
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: #Pn Set 11-bit Parity Values: n = 0 or 1
Default: 2 Description: #P0 No parity. #P1 Odd parity. #P2 Even parity.
Command: #Sx Enter Setup Password Values: Default: MTSMODEM Description: Enters the remote configuration setup password.
Command: #S=x Store Setup Password Values: Default: MTSMODEM Description: Stores a new remote configuration setup password.
x
= password (1–8 characters, case sensitive)
x
= password (1–8 characters, case sensitive)
Escape AT Commands
Command: +++AT<CR> Escape Sequence Values: n/a Description: Puts the modem in command mode (and optionally issues a command) while remaining online.
Type +++AT and up to six optional command characters; then press ENTER. Used mostly to issue the hang-up command: +++ATH<CR>.
Command: %%%ATMTSMODEM<CR> Remote Configuration Escape Sequence Values: n/a
Description: Initiates remote configuration mode while online with remote modem. The remote configuration escape character (%) is defined in register S13.
V.92 Commands
Command: +MS= Modulation Selection Values: See description. Defaults: See description. Description: This extended-format command selects modulation, enables or disables automode, and
specifies the highest downstream and upstream connection rates using one to four subparameters. The command syntax is
+MS=[mod][,[automode][,[0][,[max_rate][,[0][,[max_rx_rate]]]]]]<CR>
Subparameters that are not entered retain their current value. Commas separate optional subparameters, and must be inserted to skip a subparameter. Example: +MS=,0<CR> disables
+MS=? Reports supported options in the format (list of supported mod values),(list of supported
+MS? Reports current options in the format mod, automode, 0, max_rate, 0, max_rx_rate.
Subparameters
mod
automode and keeps all other settings at their current values.
automode values),(0),(list of supported max_rate values),(0),(list of supported max_rx_rate values). Example: +MS: (BELL103, V21, BELL212A, V22, V22B, V23C, V32, V32B, V34, V90, V92), (0, 1), (0), (0-33600), (0), (0- 56000)
Example: +MS: V92,1, 0, 31200, 0, 56000.
Specifies the preferred modulation (automode enabled) or the modulation to use in originating or answering a connection (automode disabled). The default is V92.
Page 74
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
V.32bis, etc.
Valid
9600,
mod
V922 V92
V903 V.90
V34 V.34 33600, 31200, 28800, 26400,
Modulation Possible rates (bps)1
50666, 49333, 48000, 46666, 45333, 44000,
50666, 49333, 48000, 46666, 45333, 44000,
24000, 21600,19200,16800, 14400, 12000,
V32B V.32bis 14400, 12000, 9600, 7200, or 4800
V32 V.32 9600 or 4800
V22B V.22bis 2400 or 1200
V22 V.22 1200
V23C V.23 1200
V21 V.21 300
Bell212A Bell 212A 1200
Bell103 Bell 103 300
Notes:
1.
See optional <automode>, <max_rate>, and
<max_RX_rate> subparameters.
2.
Selects V.92 modulation as first priority. If a V.92 connection
cannot be established, the modem attempts V.90, V.34,
automode
Annex A. Automode is disabled if values are specified for the max_rate and max_rx_rate parameters. The options are:
0 Disable automode 1 Enable automode (default)
max_rate
connection. The value is decimal coded in units of bps, for example, 33600 specifies the highest rate to be 33600 bps.
0 Maximum rate determined by the modulation selected in mod (default).
An optional numeric value that enables or disables automatic modulation negotiation using V.8 bis/V.8 or V.32 bis
An optional number that specifies the highest rate at which the modem may establish an upstream (transmit)
300–33600
Maximum rate value limited by the modulation selected in mod. For valid max_rate values for each mod value, see the following table.
mod value
V92, V90, V34 V32B V32 V22B V22, V23C, Bell212A
max_rx_rate:
V21, Bell103
An optional number that specifies the highest rate at which the modem may establish a downstream
(receive) connection. The value is decimal coded in units of bps, e.g., 28800 specifies the highest rate to be 28800 bps.
0 Maximum rate determined by the modulation selected in
300–56000 Maximum rate value limited by the modulation selected in
Command: +PCW=n Call Waiting Enable Values: n = 0, 1, or 2
Default: 2
max_rate values (bps)
31200, 28800, 26400, 24000, 21600,19200, 16800, 14400,
19200, 16800, 14400, 12000, 9600, 7200, 4800
14400, 12000, 9600, 7200, 4800
2400
1200
300
7200,
mod
(default).
mod.
See “Possible rates” in the
mod
table.
Page 75
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Description: Controls the action to be taken upon detection of a call waiting tone in V.92 mode. Values specified by
this command are not modified when an AT&F command is issued. +PCW=0 Toggles V.24 Circuit 125 and collects Caller ID if enabled by +VCID +PCW=1 Hangs up +PCW=2 Ignores V.92 call waiting +PCW=? Displays the allowed values +PCW? Displays the current value
Command: +PIG=n PCM Upstream Ignore Values: n = 0 or 1 Default: 1
Description: Controls the use of PCM upstream during V.92 operation. PCM upstream allows faster upload speeds to
a V.92 server. +PIG=0 Disables PCM upstream +PIG=1 Enables PCM upstream +PIG=? Displays the allowed values +PIG? Displays the current value
Command: +PMH=n Modem on Hold Enable Values: n = 0 or 1 Default: 1 Description: Controls if modem on hold procedures are enabled during V.92 operation. Normally controlled by a
modem on hold program. Values specified by this command are not modified when an AT&F command
is issued. +PMH=0 Enables V.92 modem on hold +PMH=1 Disables V.92 modem on hold +PMH=? Displays the allowed values +PMH? Displays the current value
Command: +PMHF V.92 Modem Hook Flash Values: n/a
Default: n/a
Description: Causes the DCE to go on-hook for a specified period of time, and then return off-hook
for at least a specified period of time. The specified period of time is normally one-half second, but
may be governed by national regulations. “ERROR” is returned if MOH is not enabled.
Command: +PMHR=n Modem on Hold Initiate Values: n = 0–13 Default: 0
Description: +PMHR is an action command that causes the modem to initiate MOH with the central site
modem. It returns the following values to indicate what has been negotiated. Valid only if MOH is
enabled and the modem is off-hook or in data mode. Otherwise, ERROR will be returned. +PMHR=0 Deny MOH request +PMHR=1 Grant MOH request with 10 second timeout
+PMHR=2 Grant MOH request with 20 second timeout +PMHR=3 Grant MOH request with 30 second timeout +PMHR=4 Grant MOH request with 40 second timeout +PMHR=5 Grant MOH request with 1 minute timeout +PMHR=6 Grant MOH request with 2 minute timeout +PMHR=7 Grant MOH request with 3 minute timeout +PMHR=8 Grant MOH request with 4 minute timeout +PMHR=9 Grant MOH request with 6 minute timeout +PMHR=10 Grant MOH request with 8 minute timeout +PMHR=1 1 Grant MOH request with 12 minute timeout +PMHR=12 Grant MOH request with 16 minute timeout +PMHR=13 Grant MOH request with indefinite timeout +PMHR=? Displays the allowed values +PMHR? Displays the current value
Page 76
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Command: +PMHT=n Modem on Hold Timer Values: Default: 0 Description: Determines if the modem will accept a V.92 Modem on Hold (MOH) request and will set the MoH timeout.
Command: +PQC=n Quick Connect Control Values: n = 0, 1, 2, or 3 Default: 3 Description: Controls V.92 shortened Phase 1 and Phase 2 startup procedures (Quick Connect). When line conditions are
stable, quick connect results in shortened connect times; however, significant fluctuation in line conditions from call to call can cause longer connect times; thus, it may be advisable to disable quick connect.
n
= 0–13
+PMHT=0 Deny MOH request +PMHT=1 Grant MOH request with 10 second timeout +PMHT=2 Grant MOH request with 20 second timeout +PMHT=3 Grant MOH request with 30 second timeout +PMHT=4 Grant MOH request with 40 second timeout +PMHT=5 Grant MOH request with 1 minute timeout +PMHT=6 Grant MOH request with 2 minute timeout +PMHT=7 Grant MOH request with 3 minute timeout +PMHT=8 Grant MOH request with 4 minute timeout +PMHT=9 Grant MOH request with 6 minute timeout +PMHT=10 Grant MOH request with 8 minute timeout +PMHT=11 Grant MOH request with 12 minute timeout +PMHT=12 Grant MOH request with 16 minute timeout +PMHT=13 Grant MOH request with indefinite timeout +PMHT=? Displays the allowed values +PMHT? Displays the current value
+PQC=0 Enables Short Phase 1 and Short Phase 2 (Quick Connect) +PQC=1 Enables Short Phase 1 +PQC=2 Enables Short Phase 2 +PQC=3 Disables Short Phase 1 and Short Phase 2 +PQC=? Displays the allowed values +PQC? Displays the current value
Command: +VCID=n Caller ID Selection Values: n = 0, 1, or 2 Default: 0 Description: Enables Caller ID detection and configures the reporting and presentation of the Caller ID data that is
detected after the first ring. The reported data includes the date and time of the call, the caller's name and number, and a message. Set S0=2.
+VCID=0 Disables Caller ID +VCID=1 Enables Caller ID with formatted data
+VCID=2 Enables Caller ID with unformatted data +VCID=? Displays the allowed values +VCID? Displays the current value
Command: +VDR=x, y Distinctive Ring Report Values: x = 0, 1 Distinctive Ring report control. See description.
y = 0–255 Minimum ring interval in 100 ms units. See description. Default: 0, 0 Description: Enables reporting of ring cadence information to the DTE and specifies the minimum ring cadence that
will be reported. Report format is one line per silence period and one line per ring period. The length of the silence period is in the form DROF=number in units of 100 ms<CR><LF>, and the length of the ring is in the form DRON=number in units of 100 ms<CR> <LF>. The modem may produce a Ring event code after the DRON message if enabled by the y parameter. The y parameter must be set to a value equal to or smaller than the expected ring cadence in order to pass the report to the DTE.
Page 77
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
+VDR=0, n/a Disables Distinctive Ring cadence reporting. +VDR=1, 0 Enables Distinctive Ring cadence reporting. Other call progress result codes
(including RING) are reported as normal.
+VDR=1, >0 Enables Distinctive Ring cadence reporting. RING result code is reported after falling
edge of the ring pulse (after the DRON report). +VDR=? Displays the allowed values. +VDR? Displays the current value.
Command: #CBAn Callback Attempts Values: n = 1–255
Default: 4 Description: Sets the number of callback attempts that are allowed after passwords have been exchanged between
modems.
Command: #CBDn Callback Delay Values: n = 0–255
Default: 15 Description: Sets the length of time (in seconds) that the modem waits before calling back the remote modem.
Command: #CBF? Callback Failed Attempts Display Values: n/a
Default: n/a Description: Requests the number of failed callback passwords since reset or power-up. This number can be
stored to nonvolatile memory using the &W command.
Command: #CBFR Callback Failed Attempts Reset Values: n/a
Default: n/a Description: Resets the number of failed callback passwords to 0. This does not reset the number stored in
nonvolatile memory.
Command: #CBIn Local Callback Inactivity Timer Values: n = 1–255
Default: 20 Description: Sets the time (in minutes) that the modem waits for a command before forcing the user to enter the
setup password again.
Command: #CBNy=x Store Callback Password Values: y = 0–29
x = password Defaults: None Description: Sets the callback security password for the y memory location. The password must have 6 to 10
characters, and cannot include the + or - characters.
Command: #CBPn Callback Parity Values: n = 0, 1, or 2
Default: 0 Description: Sets parity for the callback security messages.
#CBP0 No parity. #CBP1 Odd parity. #CBP2 Even parity.
Command: #CBRy Callback Security Reset Values: y = 0–29
Default: None Description: Clears the password and phone number in the y memory location.
Command: #CBSn Callback Enable/Disable Values: n = 0, 1, 2, or 3
Default: 0 Description: #CBS0 Disables callback security.
Page 78
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
#CBS1 Enables local and remote callback security. #CBS2 Enables remote callback security only. #CBS3 Disables callback security until local hangup or reset.
Command: #Pn Set 11-bit Parity Values: n = 0 or 1 Default: 2
Description: #P0 No parity.
#P1 Odd parity. #P2 Even parity.
Command: #Sx Enter Setup Password Values: x= password (1–8 characters, case sensitive)
Default: MTSMODEM Description: Enters the callback security setup password.
Command: #S=x Store Setup Password Values: x= password (1–8 characters, case sensitive)
Default: MTSMODEM Description: Stores a new callback security and remote configuration setup password.
S-Registers
Certain modem values, or parameters, are stored in memory locations called S-Registers. Use the S command to read or to alter the contents of S-Registers (see previous section).
Register Unit Range Default Description
S0 S1
S2
128–255 Values greater than 127 disable escape.
S3 S4 S5
33–1 27 Values greater than 32 disable backspace.
S6
S7
S8
S9
S10 S11 S28
S30
S35
S36
S37
1 ring 0, 1–255 1 1 ring 0–255 0 Counts the rings that have occurred.
decimal 0–127 43 (+) Sets ASCII code for the escape sequence character.
decimal 0–127 13 (^M) Sets the ASCII code for the carriage return character. decimal 0–127 10 (^J) Sets the ASCII code for the line feed character. decimal 0–32 8 (^H) Sets the ASCII code for the backspace character.
seconds 2–65* 2*
seconds 35-65* 50*
seconds 0–65 2
decimal 0, 1–127 37 (%)
100 ms 1–254 20 Sets how long a carrier signal must be lost before the modem disconnects.
1 ms 50–1 50* 95* Sets spacing and duration of dialing tones.
decimal 0, 1–255 1 0 disables, 1–255 enables V.34 modulation.
1 minute 0, 1–255 0
decimal 0–1 1
decimal 0–7 7
decimal 0–19 0
Sets the number of rings until the modem answers. ATS0=0 disables auto answer completely.
Sets the time the modem waits after it goes off-hook before it begins to dial the telephone number.
Sets the time the modem waits for a carrier signal before aborting a call. Also sets the wait for silence time for the @ dial modifier.
Sets the length of a pause caused by a comma character in a dialing com­mand.
Sets ASCII code for remote configuration escape character. S9=0 disables remote configuration.
Sets the length of time that the modem waits before disconnecting when no data is sent or received. A value of zero disables the timer. See also the \T command
0 disables, 1 enables the V.25 calling tone, which allows remote data/fax/voice discrimination.
Specifies the action to take in the event of a negotiation failure when error control is selected. (See S48.)
Sets the maximum V.34 “upstream” speed at which the modem attempts to connect.
Page 79
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
0 = maximum speed
1 = reserved
2 = 1200/75 bps
3 = 300 bps
4 = reserved
5 = 1200 bps
6 = 2400 bps
7 = 4800 bps
8 = 7200 bps
9 = 9600 bps
10 = 12000 bps
11 = 14400 bps
12 = 16800 bps
13 = 19200 bps
14 = 21600 bps
15 = 24000 bps
16 = 26400 bps
17 = 28800 bps
18 = 31200 bps
19 = 33600 bps
S38 decimal 0–23 1 Sets “downstream” data rate where V.90 provides rates of 28,000 to 56,000 bps in increments of 1,333 bps.
0 = V.90 disabled 1 = V.90 auto rate 2 = 28,000 bps
3 = 29,333 bps
4 = 30,666 bps
5 = 32,000 bps
6 = 33,333 bps
7 = 34,666 bps
8 = 36,000 bps
9 = 37,333 bps
10 = 38,666 bps
11 = 40,000 bps
12 = 41,333 bps
13 = 42,666 bps
14 = 44,000 bps
15 = 45,333 bps
16 = 46,666 bps
17 = 48,000 bps
18 = 49,333 bps
19 = 50,666 bps
20 = 52,000 bps
21 = 53,333 bps
22 = 54,666 bps
23 = 56,000 bps
Upstream data rates: Upstream V.90 data rates are 4800 to 33,600 bps in 2400 bps increments. S43 decimal 0–1 1For testing and debugging only. Enables/disables V.32bis start-up auto mode operation.
0 = disable; 1 = enable. S48 decimal 7 or 128 7Enables (7) or disables (128) LAPM negotiation. The following table lists the S36 and S48
configuration settings for certain types of connections.
S48=7 S48=128
S36=0, 2 LAPM or hang up Do not use S36=1, 3 LAPM or async Async S36=4, 6 LAPM, MNP, or hang up MNP or hang up S36=5, 7 LAPM, MNP, or async MNP or async
S89 seconds 0, 5–255 10 Sets the length of time in the off-line command mode before the modem goes
into standby mode or “sleep mode”. A value of zero prevents standby mode; a value of 1–4 sets the value to 5. Standby mode (sleep mode or low power mode) is controlled by S89. It programs the number of seconds of inactivity before the modem will go to sleep. The default value is 0. A value of 0 disables standby mode. The
Page 80
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
modem will wake on an incoming ring or an AT command.
S108 decimal 0–3, 6, 7 6 Selects the 56K digital loss if using the modem through a PBX line. The default
value is -6 dB loss, the value used when calling from a typical POTS line long distance.
0 = -0 dB digital loss, no robbed-bit signaling 1 = -3 dB PBX digital loss 2 = -2 dB digital loss 3 = -3 dB digital loss 6 = -6 dB digital loss 7 = -0 dB digital loss with robbed-bit signaling
Result Codes
In command mode your modem can send responses called Result Codes to your computer. Result codes are used by communications programs and can also appear on your monitor.
Terse Verbose Description
0 OK 1 CONNECT 2 RING 3 NO CARRIER 4 ERROR 5 * CONNECT 1200 6 NO DIALTONE 7 BUSY 8 NO ANSWER 9 CONNECT 75 10* CONNECT 2400 11* CONNECT 4800 12* CONNECT 9600 13* CONNECT 14400 14* CONNECT 19200 18 CONNECT 57600 24* CONNECT 7200 25* CONNECT 12000 28 CONNECT 38400 40* CONNECT 300 55* CONNECT 21600 56* CONNECT 24000 57* CONNECT 26400 58* CONNECT 28800 59* CONNECT 31200 60* CONNECT 33600 70 CONNECT 32000 71 CONNECT 34000 72 CONNECT 36000 73 CONNECT 38000 74 CONNECT 40000 75 CONNECT 42000 76 CONNECT 44000
Command executed Modem connected to line Ring signal detected Carrier signal lost or not detected Invalid command Connected at 1200 bps No dial tone detected Busy signal detected No answer at remote end Connected at 75 bps Connected at 2400 bps Connected at 4800 bps Connected at 9600 bps Connected at 14400 bps Connected at 19200 bps Connected at 57600 bps Connected at 7200 bps Connected at 12000 bps Connected at 38400 bps Connected at 300 bps Connected at 21600 bps Connected at 24000 bps Connected at 26400 bps Connected at 28800 bps Connected at 31200 bps Connected at 33600 bps Connected at 32000 bps Connected at 34000 bps Connected at 36000 bps Connected at 38000 bps Connected at 40000 bps Connected at 42000 bps Connected at 44000 bps
78 CONNECT 48000 79 CONNECT 50000 80 CONNECT 52000 81 CONNECT 54000 82 CONNECT 56000 83 CONNECT 58000 84 CONNECT 60000 86 CONNECT 16800
Connected at 48000 bps Connected at 50000 bps Connected at 52000 bps Connected at 54000 bps Connected at 56000 bps Connected at 58000 bps Connected at 60000 bps Connected at 16800 bps
Page 81
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Terse Verbose Description
87 CONNECT 115200 88 DELAYED 89 BLACKLISTED 90 BLACKLIST FULL 91 CONNECT 230400 100 CONNECT 28000 101 102 CONNECT 30666 103 CONNECT 33333 104 CONNECT 34666 105 CONNECT 37333 106 CONNECT 38666 107 CONNECT 41333 108 CONNECT 42666 109 CONNECT 45333 110 CONNECT 46666 111 112 CONNECT 50666 113 CONNECT 53333 114 CONNECT 54666 115 CONNECT 25333
* EC is added to these result codes when the extended result codes configuration option is enabled. EC is replaced by one of the following codes, depending on the type of error control connection:
V42bis
– V.42 error control (LAP-M) and V.42bis data compression
V42
– V.42 error control (LAP-M) only
MNP5
– MNP 4 error control and MNP 5 data compression
MNP4
– MNP 4 error control only
NoEC
– No error control protocol).
116 CONNECT 26666
CONNECT 29333
CONNECT 49333
Connected at 115200 bps Delay is in effect for the dialed number Dialed number is blacklisted Blacklist is full Connected at 230400 bps Connected at 28000 bps Connected at 29333 bps Connected at 30666 bps Connected at 33333 bps Connected at 34666 bps Connected at 37333 bps Connected at 38666 bps Connected at 41333 bps Connected at 42666 bps Connected at 45333 bps Connected at 46666 bps Connected at 49333 bps Connected at 50666 bps Connected at 53333 bps Connected at 54666 bps Connected at 25333 bps
Connected at 26666 bps
Page 82
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix D: DC Power
2
5
6
D.1: Assembly of the WAGO MCS DC Power Connector
What you will need: Small flat-blade screwdriver, Wire stripper, DC power connector kit
(provided with DC models), 48 VDC power cord (See Step 2, below and Appendix D.3)
4
WAGO MCS DC power connector:
1. Brown = -48VDC
2. Green/Yellow = Power Supply Ground
3. Blue = Common
1. Turn off the circuit breaker to the DC power supply.
2. Select a UL style 1028 or other UL 1581 (VW-1) compliant equivalent 16 AWG three-wire set
(-48V, Power Supply Ground and Common).
3. Strip 0.35 inches (9 mm) of installation from each wire.
4. Insert a small flat-blade screwdriver, one at a time, into each of the connector’s clamp slots
to depress the internal wire clamp.
5. Insert the appropriate wire into the connector. Remove the screwdriver. Check that the clamp has captured the wire. Repeat steps 4 and 5 for the other two wires.
6. Attach the provided strain relief to the connector. Be sure to use a tie-wrap to firmly attach the strain relief to the cable.
7. Attach the connector to the socket on the back of the Console Server. Repeat the above steps to attach each power module input.
Page 83
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
WAGO MCS DC power connector
-48VDC Power Supply (removed from back panel)
Input voltage: -48VDC
Minimum voltage: -40 VDC Maximum voltage: -60 VDC
Maximum operating current: 0.5A The DC power source must be:
Electrically isolated from any AC source
Reliably connected to earth ground
Capable of providing up to 100 Watts of continuous power
D.2: Over-Current Protection
Over-current protection requirements:
10 Amp fast trip
Double pole
DC rated
Over-current protection devices (e.g., circuit breakers) must be provided as part of each equipment rack and are not included with the Console Server. The device must be located between the DC power source and the Console Server.
D.3: DC Supply Connector
The supply input connectors are provided with each Console Server; the conductors are not.
Conductor specifications:
Material: copper only
Wire gauge: 16 AWG
Insulation rating: 75 °C minimum, low smoke-fume, flame retardant Branch
circuit cable.
Insulation color: per applicable national electrical codes.
Grounding cable insulation color: green/yellow
Page 84
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
The cable type should be one of the following:
UL style 1028 or other UL 1581 (VW-1) compliant equivalent
IEEE 383 compliant
IEEE 1202-1 991 compliant
Appendix E: Assign an IP Address to a Device Port
Version 1.7-9 of the SCS software can assign an IP address to the SCS’s device ports. The user can use ssh to access a port directly without having to first login to the SCS. If DNS is used to give names to each address it becomes easier to associate device ports with the corresponding server.
To do this, modify the openSSH server code. The SCS ships with the original ssh code installed and running. Several steps are taken to use the modified ssh program and to assign addresses to the device ports. There is a README file called: /usr/local/doc/README.lsisshd that explains the steps to use the feature.
The steps are:
1.
Run a makefile to replace the original ssh with our modified version
2.
Edit the configuration file that defines the IP addressing
3.
Run a makefile that creates the IP configuration
Appendix F: Adapter Pin-Outs
The following pages show the pin-out drawings for the adapters which are supplied in the accessory kit with each Console Server.
KIT-000001 contains:
ADP-000005, ADP-000006, ADP-000007, ADP-000008, ADP-000009, ADP-000010, ADP-000011, ADP-000012
Page 85
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
ADP-000005 RJ45 to 25-pin Male
ADP-000006 RJ45 to 25-pin Female
Wire key:
1-Blue
2-Orange
3-Black
4-Red
5-Green
6-Yellow
7-Brown
8-White
1
2
3
4/5
6
7
RJ
45
25-pin
4
20
2
7
3
6
8
1
8
RJ-45
5
Page 86
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
ADP-000007-R RJ45 to DB9 Male
ADP-000008-R RJ45 to DB9 Female
Wire key:
1-Blue
2-Orange
3-Black
4-Red
5-Green
6-Yellow
7-Brown
8-White
RJ-45
1
2
3
4/5
6
7
DB9
7
4
3
5
2
6
8
RJ- 45 Jack
Pin 1
ADP-
DB9 Male
000007
8
- R
Page 87
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
ADP-000009 RJ45 to 25-pin Male
ADP-000010 RJ45 to 25-pin Female
Wire key:
1-Blue
2-Orange
3-Black
4-Red
5-Green
6-Yellow
7-Brown
8-White
1
2
3
4/5
6
7
RJ
45
25-pin
4
20
2
7
3
6/8
8
1
8
RJ-45
5
Page 88
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
ADP-000011-R RJ45 to DB9 Male
ADP-000012-R RJ45 to DB9 Female
Wire key:
1-Blue
2-Orange
3-Black
4-Red
5-Green
6-Yellow
7-Brown
8-White
RJ-45
1
2
3
4/5
6
7
DB9
7
4
3
5
2
1/6
RJ- 45 Jack
Pin 1
8
ADP-
DB9 Male
000011
- R
8
Page 89
S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K
, J u l y , 2 0 1 3
Appendix G: Quick Start Guide
Page 90
Loading...