Thinklogical Secure Console Server User Manual

Download

Secure Console Servers

SCS, SCS-R and Sentinel Models

Product Manual

Thinklogical, LLC®

100 Washington Street

Milford, Connecticut 06460 U.S.A.

Telephone: 1-203-647-8700

Fax: 1-203-783-9949

www.thinklogical.com

Revision K, July, 2013

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Thinklogical, LLC®

100 Washington Street

Milford, Connecticut 06460 U.S.A.

Telephone: 1-203- 647-8700

All trademarks and services marks are property of their respective owners.

Subject: SCS80 / SCS160 / SCS320 / SCS480 / SCS80R / SCS160R /

SCS320R / SCS480R / Sentinel 32

Revision: K, July 2013.

Page 2

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

TABLE OF CONTENTS

PREFACE (Notes & Warnings) 7

1. Introduction 7

1.1 SCS Models Covered in this Manual 7

1.2 System Features 10

1.3 Software Features 10

1.4 Hardware Features 10

1.4.1 SCS80R, SCS160R, and SCS320R Hardware 11

1.4.2 SCS480R Hardware 11

1.4.3 Sentinel 32 Hardware 11

1.5 Technical Specifications 12

1.6 Documentation 13

2. Product Overview 13

2.1 Intended Application 13

2.2 System Chassis 14

2.2.1 SCS80 / SCS160 / SCS320 / SCS480 14

2.2.2 SCS80R / SCS160R / SCS320R / SCS480R 14

2.2.3 Sentinel 32 14

2.3 Connecting to the SCS 14

2.3.1 Serial Devices 15

2.3.1.1 Break Safe 15

2.3.2 IP Network 15

2.3.3 AC Power 16

2.3.3.1 SCS80 / SCS160 / SCS320 / SCS480 16

2.3.3.2 SCS80R / SCS160R / SCS320R / Sentinel 32 16

2.3.3.3 SCS480R 16

2.3.4 DC Power 16

2.4 User Access Control 16

2.4.1 User Sessions 17

2.5 Port buffers 17

2.5.1 How to Disable Buffering 17

3. Installation 17

3.1 Mounting the SCS 17

3.1.1 Rack Mount or Desktop 17

3.1.2 Front Panel Display and Buttons 18

3.1.3 Convection Cooled 18

3.2 Connections 18

3.2.1 Power 20

3.2.2 AC Input 20

3.2.3 Connecting to the Network Port 20

3.2.3.1 SCS-R and Sentinel 32 Dual NIC Interface 20

3.2.4 Connect your Console 21

3.2.4.1 SCS-R and Sentinel 32 Dual Console Interface 21

3.2.5 Connect to the Ports 21

3.2.5.1 Automated Port Configuration Tests 22

3.2.5.2 Port Adapters 22

3.2.5.3 Serial Port Pin-out 22

3.3 SCS-R and Sentinel Power Modules 23

3.3.1 Power Module Replacement 23

Page 3

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

3.4 SCS-R and Sentinel -48VDC Power Modules 24

3.4.1 Wiring the -48VDC Connector 25

3.4.2-48VDC Power Module Replacement 26

4. Initial Configuration 27

4.1 Default Configuration 27

4.2 Initial System Security Concerns 27

4.3 Front Panel Network Setup 27

4.3.1 Front Panel Edit Mode 27

4.3.1.1 Start Front Panel Edit Mode 28

4.3.1.2 Program Network 28

4.4 Initial Connection via Network 33

4.4.1 Network Connection Requirements 33

4.4.2 Route via Linux Workstation 33

4.4.3 Route via Windows Workstation 33

4.5 Initial Connection via Console port 35

4.6 How to Access the LSI SCS Web Setup Interface 35

5. System Overview 35

5.1 SCS Systems are Linux-based 35

5.1.1 Linux General Public License 35

5.1.2 SCS System Architecture 35

5.2 Initial System Administrator (sysadmin) Access 36

5.2.1 Enter Commands 36

5.2.2 Log Out 36

5.3 Default Services 36

5.3.1 Configure the Services 36

6. Commands 38

6.1 System Commands 38

6.1.1 save 38

6.1.2 reboot 38

6.1.3 power off 39

6.1.4 Other Linux Commands 39

6.2 Change Logging Level 41

7. System Administration 41

7.1 Security 41

7.2 Change Network Address 41

7.2.1 Run netconfig 41

7.2.1.1 Save your netconfig changes 42

7.2.2 More Than One Nameserver 43

7.3 Change Hostname 43

7.4 Time Configuration 43

7.5 Change NIC Speed 43

7.6 Configure Authentications 44

7.7 Front Panel Display Options 44

7.7.1 Display Mode Parameters 45

7.7.1.1 Edit 45

7.7.1.2 View 45

7.7.1.3 LINE_1= 45

7.7.1.4 LINE_2= 45

7.7.1.5 Display OFF 46

Page 4

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

7.8 Network Time Service 46

7.8.1 Configure NTP 46

7.8.2 Start the NTP Service 46

7.9 NIS and User Port Permissions 46

7.9.1 User Port Control 47

7.9.2 NIS Port Access 47

7.9.3 User Names and Groups 48

7.9.4 NIS Database file 48

7.9.5 NIS Make file 48

7.9.6 NIS Configuration File 49

7.10 NFS 49

7.10.1 Remote NFS Directory 49

7.11 SNMP 50

7.11.1Start SNMP 50

7.12 syslog 50

7.13 Timeouts 52

7.14 Changing Serial Port Settings 50

7.14.1 Disable Buffering while in Interactive 50

8. Administering Users 51

8.1 User Setup 51

8.1.1 adduser 51

8.1.2 edituser 52

8.1.3 deluser 52

8.1.4 Other Editing Commands 52

8.1.4.1 editbrk <name> 52

8.1.4.2 editesc <name> 52

9. User Operations 52

9.1 User Accounts 52

9.1.1 SCS users 52

9.1.2 root user 52

9.2 Port Identities 53

9.3 What Users Can Do 53

9.3.1 Access via Network 53

9.3.1.1 Secure Shell Host (ssh) to a Port 53

9.3.2 Access via console port 53

9.3.3 Interactive Mode 53

9.3.3.1 Break Sequence 53

9.3.3.2 Escape Sequence 54

9.4 Monitor Mode 54

9.5 Browse the buffers 54

9.6 Clear the Port buffers 54

10. Regulatory & Safety 55

10.1 Safety Requirements 55

10.1.1 Symbols found on the Product 55

10.2 Regulatory Compliance 55

10.2.1 North America 55

10.2.2 European Union 55

10.2.2.1 Declaration of Conformity 55

10.2.2.2 Standards to Which Our Products Comply 55

Page 5

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

10.2.2.3 Supplemental Information 56

10.3 Product Serial Number 56

10.4 Lithium Battery 57

10.5 SCS-R Models and Sentinel 32 Power Modules 57

11. How to Contact Us 57

11.1 Customer Support 57

11.1.1 Website 57

11.1.2 E-mail 58

11.1.3 Telephone 58

11.1.4 Fax 58

11.2 Product Support 58

11.2.1 Limited Warranty Information 58

APPENDICES A File System 60

B FAQ 61 C Sentinel 32 Modem Commands 62 D DC Power 83 E Assigning IP Addresses to a Device Port 85 F Adapter Pin-outs 85 G Quick Start Guide 90

Page 6

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

PREFACE

NOTES and WARNINGS

Throughout this manual you will notice certain highlighted conventions that bring your attention to important information. These are Notes and Warnings. Be sure to read each highlighted note and warning before proceeding. Examples are shown below.

Important Notes appear in blue text preceded by a yellow exclamation point symbol,

as shown here.

A note is meant to call the reader’s attention to helpful information at a point in the text that is relevant to the subject being discussed.

Warnings! appear in red text preceded by a red stop sign, as shown here.

A warning is meant to call the reader’s attention to critical information at a point in the text that is relevant to the subject being discussed.

1. Introduction

This document pertains to the Secure Console Server (SCS) line of products developed and built by Thinklogical®, Inc. of Milford, Connecticut, USA and covers the installation, configuration and operation of all SCS models. This document also covers User and Administrator Operations, Regulatory & Safety Requirements and Customer Support information.

1.1 SCS Models Covered in this Manual

All Thinklogical® Secure Console Server (SCS) models covered in this manual are similar in physical appearance, setup and functionality. Each available model is featured on the following pages.

Page 7

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

•

SCS80 - 8-Port 1U Secure Console Server

•

SCS160 - 16-Port 1U Secure Console Server

SCS320 - 32-Port 1U Secure Console Server

•

SCS480 - 48-Port 1U Secure Console Server

The SCS80R, SCS160R, SCS320R and SCS480R models are designed with dual hotswappable Power Modules which operate redundantly and two network ports and console port connections. The ‘R’ models are otherwise similar to the SCS80, SCS160 and SCS320.

• SCS80R - 8-Port 1U Redundant Power Secure Console Server

• SCS1 60R - 16-Port 1U Redundant Power Secure Console Server

Page 8

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

•

SCS320R - 32-Port 1U Redundant Power

Secure Console Server

•

SCS480R - 48-Port 1U Redundant Power

Secure Console Server

The Sentinel 32 model is designed with dual hot-swappable redundant Power Modules. In addition, the Sentinel 32 offers field replaceable, modular eight-port circuit cards, modular network and console port connections, and an analog modem option.

•

Sentinel 32 - 32-Port 1U Modular, Redundant Power

Secure Console Server

International Models

The following SCS models are available for International customers and are shipped with regionally appropriate power cord sets. Otherwise, each international model is similar to the domestic SCS80 / SCS160 / SCS320 / SCS480 / SCS80R / SCS160R / SCS320R / SCS480R and Sentinel 32 models.

• SCS801 - 8-Port 1 U Secure Console Server, International

• SCS1601 - 16-Port 1U Secure Console Server, International

• SCS3201 - 32-Port 1 U Secure Console Server, International

• SCS4801 - 48-Port 1 U Secure Console Server, International

• SCS801R - 8-Port 1 U Redundant Power Secure Console Server, International

• SCS1601R - 16-Port 1 U Redundant Power Secure Console Server, International

• SCS3201R - 32-Port 1 U Redundant Power Secure Console Server, International

• SCS4801R - 48-Port 1 U Redundant Power Secure Console Server, International

• Sovereign 32 - 32-Port 1 U Modular, Redundant Power Secure Console Server,

International

Page 9

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

1.2 System Features

Each SCS system includes the following features:

• Linux operating system and command set

• Connections for up to 16, 32 or 48 EIA-232 serial console ports

• 10 baseT/100 baseTX network compatibility

• Pre-configured from the factory: User ready, right from the box

• Open secure shell host (ssh)

• NFS and NIS support

• ssh to a Serial Port support

• Break Safe - No undesired “break” signals are sent to connected servers.

The SCS-R models also offer the following additional features:

• Dual Hot-Swappable, Redundant Power Modules

• Dual 10 baseT/100 baseTX Network Port interfaces

• Dual console port interfaces (one DTE, one DCE)

• Power Monitoring with Module outage notification

The Sentinel 32 and Sovereign 32 include the all features of the SCS-R models plus:

• Hot-swappable, modular console/network and serial port circuit cards

• Optional analog modem in place of the second console port.

1.3 Software Features

All SCS Models are designed with network administrators in mind. No special administration tools, training or procedures required. You know Linux, we run Linux.

• Open-source Linux Operating System (Red Hat compatible).

• Proprietary SCS features command-line options that follow the standard Linux / UNIX

command formats for ease of administration.

• Factory pre-configured to be operational out-of-the-box.

The SCS line allows up to 250 simultaneous user sessions to access up to 48 serial ports. The attached components may be any variety of network center servers, workstations or other devices with a serial port that must be monitored.

1.4 Hardware Features

SCS systems mount in industry-standard 19” equipment racks or can be placed on a shelf or table top. Each SCS operates independently and is accessible using a secure network connection or a local serial terminal (setup by your System Administrator or “sysadmin”).

• Rack-mount (19 inch), 1U tall (1.75 in./ 4.5 cm) metal chassis

• 16, 32 or 48 serial ports (CAT5 cables with RJ45 connectors)

• Front panel LCD with push buttons for network setup

• 10/100 BaseT Network Port

• Console port (CAT5 cables with RJ45 connectors)

• Universal AC power input (100-240V, 50/60 Hz)

• Convection cooling

• 256KB-per-port Buffer for Port data

Page 10

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

The SCS can help troubleshoot your networking environment. The SCS is a

"listening" system that monitors messages (ASCII data, server error information, etc.) from the serial ports of the device to which each Port is connected. The SCS captures the data by writing it to a port buffer that can hold 256K bytes of data per port. This buffered data gives the sysadmin a history of console port messages that can be reviewed for troubleshooting a connected device. Having access to the console port messages can make problems easier to identify, minimizing downtime. In most cases

the sysadmin can save the buffered data from each port buffer to another server (e.g., via NFS) in your network. This is important to note because the Port data

(buffered) is stored in RAM and will be lost if the SCS is powered down.

NOTE: Console port messages are stored in RAM and will be lost when the

SCS is powered down.

1.4.1 SCS80R, SCS160R and SCS320R Hardware

The SCS80R, SCS160R, and SCS320R models offer hardware redundancy for power, network and console ports. Features include dual NIC inputs, dual console port inputs and hot-swappable Power Modules with discrete inputs. This allows the customer to use redundant power sources with the SCS system and, if necessary, can be field-replaced. Power supply status alerts the system administrator in the event of a power failure from one of the power supplies.

1.4.2 SCS480R Hardware

The SCS480R offers redundant, hot-swappable, front-panel-accessible power supplies, dual NIC interfaces, dual console ports and 48 serial ports.

1.4.3 Sentinel 32 Hardware

The Sentinel 32 offers redundant power supplies as described in Section 1.4.1. The dual network and console ports are also field replaceable. A dual network/console/modem module is available which replaces the second console port with an analog modem. In addition, the Sentinel uses hot-swappable circuit modules that allow for field

replacement of groups of eight serial ports without affecting the other ports. Sentinel 32 modules:

Console/Network Module Console/Network/Modem Module 8 Port Interface Module

Page 11

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

1.5 Technical Specifications

Each Thinklogical® SCS system is designed to the following specifications:

Linux command-line access via ssh or local console port.

User Interface

Serial Interface

(Ports)

Serial Interface

(Console)

Backlit 2-line front-panel LCD display showing network configuration. Five front-panel push buttons with UI for network

SCS80/SCS80R = 8 Ports; SCS160/SCS160R = 16 Ports; SCS320/SCS320R/Sentinel 32 = 32 Ports; SCS480/SCS480R = 48 Ports. RJ45-type 8-conductor connector (DTE or DCE; software selectable). Software selectable data rate from 300-115K Baud. Software selectable EIA-232 parameters.

256KB FIFO Buffer in RAM (per Port). 80/160/320/480: RJ45-type 8-conductor connector (DCE configuration)

80R/160R/320R/Sentinel 32: Dual RJ45-type 8-conductor connector one DTE, one DCE

Software selectable data rate from 300-115K Baud Software selectable EIA-232 parameters

Network interface

(Network)

Modem

CPU & Memory

Power Supply

Dimensions

Weight

Temperature

Relative Humidity

80/160/320/480: 10/100 BaseT RJ45 8-conductor Ethernet 80R/160R/320R/480R/Sentinel 32: Dual 10/100 BaseT RJ45 8-conductor Ethernet TCP/IP

A V.92 analog modem is available as an option with the Sentinel 32 for those users who require a connection over a telephone network

AMD SC520 CPU, operating at 133MHz. 256MB Compact Flash (CF) memory (nonvolatile). 128MB RAM for real time use.

Universal AC Power Input, 100-240VAC, 50/60 Hz, 0.5A each input IEC-type regional cord set(s) included. “R” Models are also available with a -48VDC Power Supply option.

1U: 1.75” H x 17.25” W x 14.75” D (4.5cm x 43.8cm x 37.5cm)

4.5 kg (10 lbs)

Operating: 0° to 50°C (32° to 122°F), 30-90% RH, non-condensi ng Storage: -20° to 70°C (-4° to 158°F), 10-90% RH, non-conden sing

Operating: 10- 90% non-condensing (40-60% recommended) Storage: 10-90% non-condensing

Page 12

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

1.6 Documentation

The SCS comes with the standard Linux manual pages (hereafter referred to as “man pages”) installed; English is the default language, but several other language versions (including German, French & Italian) are also available.

While this manual gives a brief description of some LSI programs, the SCS contains the latest man pages for the LSI programs, scripts and configuration files. If the man page conflicts with this manual, the man page should be followed. Therefore, the SCS is the primary source for software documentation, not the manual. We make every effort to keep the manual current, but if you find a discrepancy, please let us know.

If ‘standard’ Linux programs (sty is one) are modified by LSI, the corresponding man pages will reflect the changes.

Selected Linux HOWTOs and READMEs can be found at /usr/local/doc. More documentation can be found at www.tldp.org.

2. Product Overview

Optimize your System Administration and Network Resources

2.1 Intended Application

Thinklogical® Secure Console Servers are used to securely monitor and centrally manage up to 48 of your networking systems (servers, routers, switches, etc.). They do so by monitoring the console port of your network center’s devices and systems. Each attached component must have an EIA-232 compatible serial port. The SCS80 and SCS80R support 8 ports, SCS160 and SCS160R support 16 ports, SCS320, SCS320R, and Sentinel 32 support 32 ports and the SCS480 and SCS480R support 48 ports. Security is maintained through encryption and user passwords. The SCS80R, SCS160R, SCS320R, SCS480R, and Sentinel 32 systems are used where redundant power concerns exist, where hot-swap replacement of Power Modules is a concern or where more than one network connection or console port connection is required.

User accounts are set up by the root user, or sysadmin of the SCS. A user can access the attached servers using commands from a local terminal or through an ssh-protocol (secure) network connection. In order to interact with a device the user must have read, review or write access to that port.

Users can interact with each of the attached devices by logging into the SCS and entering the connect command and the Port number or Port name at the command prompt. The SCS acts as a conduit for the connection but does not interfere. When the user is not interacting with a network system, the SCS can log the output of the console port to a file so that data may be reviewed later.

User commands are discussed in Section 9, User Operations, beginning on page 52.

Page 13

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

2.2 System Chassis

Each SCS is housed in a rack-mountable metal chassis. Vents are found on both sides of the chassis. Removable 3-position rack mount brackets are provided. The front panel of the SCS features a two-line, backlit LCD display with five user buttons.

2.2.1. SCS80 / SCS160 / SCS320 / SCS480

Each SCS chassis has rear-panel connections for 8, 16, 32 or 48 serial ports, one console port, one network port and power input. The SCS has a built-in universal power supply, a rear-panel power switch and protective fuse.

2.2.2 SCS80R / SCS160R / SCS320R / SCS480R

Each SCS-R chassis has rear-panel connections for 8, 16, 32, or 48 serial ports, two console ports and two network ports. The SCS-R has two hot-swappable Universal Power Modules, each with its own power switch and protective fuse (located on the rear of the chassis of the SCS80R, SCS160R and SCS320R; located on the front of the chassis of the SCS480R). Each Power Module is secured with a captive mounting screw.

2.2.3 Sentinel 32

Each Sentinel 32 chassis has rear panel connections for 32 serial ports, two console ports, two network ports and two hot-swappable Universal Power Modules, each with its own power switch and protective fuse. The serial ports are arranged in four modules of eight ports each for easy field replacement. The two console and two network ports are in a single module. A module with two network ports, one console port and a V.92 modem port is available as an option. All the modules are hot-swappable.

2.3 Connecting to the SCS

All physical connections to the product are made on the rear panel using industrystandard cabling and connectors (purchased separately). All serial connections and network connections use conventional Category 5 cabling with RJ45 jacks. Power is connected using the cord set provided with each SCS system.

Page 14

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Rear View of SCS320 Chassis

Standard SCS models are similar in size and layout, offering a different number of port connectors. The SCS-R models and Sentinel 32 also have dual NIC, dual console ports and dual power inputs. The rack-mount brackets extending from both sides of each model, may be removed for desktop or shelf mounting (see page 17).

Rear View of Sentinel 32 Chassis

Note: Due to the modular design, the Sentinel 32 Serial Port connections on

the rear of the chassis are numbered differently from the other SCS models.

2.3.1 Serial Devices

All network components attach to both the Console Ports and must be compatible with the EIA-232 standard. CAT5 cabling with RJ45 connectors are used for the Port connections and for the console port. System ports (numbered from 1 to up to 48) are default-configured as DCE data ports and support a range of baud rates from 300-

115.2K. All Port parameters, including DTE or DCE type and other data parameters, are configurable on a per-port basis.

Each port may also be assigned a unique name: default port names are port1, port2, etc.

2.3.1.1 Break Safe

Thinklogical® SCS systems are “break-safe,” meaning they will not send a “break” command or other data on the serial ports connected to your servers unless initiated by a user. An unwanted “break” signal could cause problems with your servers.

2.3.2 IP Network

The SCS network interface is an auto-sensing 10 BaseT/1 00 BaseTX network connector (equipped with an RJ45 jack with dual LEDs) for use with a conventional TCP/IP network using standard RJ45 CAT5 cables. A default IP address is coded into the system (10.9.8.7), but the network settings should be configured by your system administrator for your site’s requirements and equipment. SCS products are

preconfigured for ssh (secure shell host) access.

Page 15

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Note: The SCS-R and Sentinel 32 models offer two independent network

interface ports. Only the first port (NETWORK 1) is enabled by default.

2.3.3 AC Power

2.3.3.1 SCS80 / SCS160 / SCS320 / SCS480

A single IEC-type Power Entry Module is located on the rear of the chassis. The power entry module incorporates a replaceable protective fuse (2A) and an On/Off switch. An IEC cord set is provided with each SCS chassis. Connect the cord set to a local AC power source. Turn the power switch on.

2.3.3.2 SCS80R / SCS160R / SCS320R / Sentinel 32

Two removable AC Power Modules, identified as Left and Right are found on the rear of the chassis. Either AC module can fully support the system and, with both turned on, operate redundantly. The SCS-R and Sentinel 32 systems have an AC power monitoring capability to alert the system administrator in the event of an AC power outage.

Each AC Module has an IEC-type power entry module. The power entry module features a replaceable, protective fuse (2A) and an On/Off switch. Two IEC cord-sets are provided with each SCS-R and Sentinel 32 chassis. Connect both cord sets to a standard AC power source. Turn both power switches ON ( l ).

Warning! Turn the module POWER OFF and remove its power cord BEFORE

removing a power module. A hazardous voltage condition might otherwise exist.

2.3.3.3 SCS480R

Two removable AC Power Modules, identified as Left and Right are found on the front of the chassis. Either AC module can fully support the system and if both are turned on, will operate redundantly. The SCS-R and Sentinel 32 systems have an AC power monitoring capability to alert the system administrator in the event of an AC power outage. A 250VAC 2A fuse is provided on each SCS480R Power Module and can be replaced when the module is removed from the unit.

2.3.4 DC Power

The Sentinel and SCS-Rs can be equipped with optional removable -48 VDC Power Modules in place of the AC Power Modules described in paragraph 2.3.3. Either module will fully power the system and will operate redundantly if power is applied to both. The power monitoring circuitry of the SCS-R and Sentinel alert the system administrator in the event of power loss to either module.

2.4 User Access Control

Access to a Port is controlled on a per-user basis via a user profile which is stored as a file on the local SCS. This profile is created by the root user using the command ‘adduser’. See Section 8.1.1, adduser, on page 51. NIS support is also available.

Page 16

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

2.4.1 User Sessions

Each SCS supports up to 250 simultaneous user sessions.

2.5 Port Buffers

Thinklogical® Secure Console Servers provide real-time serial port data buffering. Each port buffer stores up to 256KB of data held in a separate RAM file for each attached device. The data may be viewed when no users are interacting with the attached port. Port buffers are enabled by default.

2.5.1 How to Disable Buffering

Buffering is always ON when no one is connected in Interactive mode. Buffering may be

disabled during an interactive session to ensure privacy after the session ends. (See the man page for stty --buffer option.)

3. Installation

3.1 Mounting the SCS

You may choose to rack mount your SCS unit or place it on a desktop. The front panel display should be visible and front panel buttons accessible. All connections are made to the rear of the chassis.

3.1.1 Rack Mount or Desktop

SCS products may be installed either in an EIA-standard 19-inch rack (1U tall) or on a shelf or desktop. For desktop use, rubber feet are provided and the rack mount brackets may be removed. The SCS chassis does not need to be opened or accessed and the sturdy metal case allows units to be stacked as required.

Each rack mount bracket is held on by 4 screws. The brackets may be positioned so that the unit sits forward, flush or recessed in your rack. If the brackets are removed or repositioned, it is not necessary to re-install the extra rack-mount screws.

Page 17

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

3.1.2 Front Panel Display and Buttons

The front-panel LCD display should be visible and accessible during system setup. It typically displays the current network settings and the date/time. The front panel buttons are only used during setup or to review existing SCS settings.

The LCD display can be customized by the root user. See Section 7.7, Front Panel Display Options, on page 44 for more information.

3.1.3 Convection Cooled

The SCS does not require special cooling or ventilation other than what is normally provided in a standard equipment rack. No fan means that it does not add to the ambient noise in your equipment room. Be sure not to block the air vents on the sides of the unit and leave at least 2” of space on both sides. If mounted in an enclosed rack, it is recommended that the rack have a ventilation fan to provide adequate airflow through the unit(s).

Note: Be sure to leave a minimum of 2” of space for ventilation on both sides

of the SCS chassis, especially if units are being stacked.

3.2 Connections

All connections are found on the rear panel of the SCS chassis.

Each port is clearly labeled as shown on the backpanel diagrams on page 19:

Page 18

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

SCS320 Secure Console Server

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

PORTS

SCS320R Secure Console Server

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

1 2 3 4 5 6 7 8 9 1 0 11 12 13 14 15 16

PORTS

SCS320M Secure Console Server

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

PORTS

SCS320RM Secure Console Server

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

PORTS

SCS480 Secure Console Server

25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

NETWORK

CONSOLE

CAUTION! Replace with same

NETWORK

MODEM

NETWORK

MODEM

type and rating fuse.

CAUTION! Replace with same type and rating fuse.

www.thinklogical.com

1 NETWORK 2

1 CONSOLE 2

NETWORK

CONSOLE

NETWORK

CONSOLE

41 42 43 44 45 46 47 48

www.thinklogical.com

CAUTION!

100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC

100-240V -,

CAUTION! Replace with same

0.5A, 50/60 Hz

type and

T2A, 250 VAC

rating fuse.

CAUTION! Replace with same type and rating fuse.

100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC

100-240V -,

CAUTION! Replace with same

0.5A, 50/60 Hz

type and

T2A, 250 VAC

rating fuse.

CAUTION! Replace with same type and rating fuse.

NETWORK

Replace with same type and rating fuse.

100-240V -,

0.5A, 50/60 Hz T2A, 250 VAC

100-240V -,

0.5A, 50/60 Hz T2A, 250 VAC

1 2 3 4 5 6 7 8 9 1 0 11 12 13 14 15 16

PORTS

SCS480R Secure Console Server (ON/OFF Switch located on front panel)

25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

1 2 3 4 5 6 7 8 9 1 0 11 12 13 14 15 16

PORTS

SCS80 Secure Console Server

1 2 3 4 5 6 7 8

PORTS

SCS80R Secure Console Server

1 2 3 4 5 6 7 8

PORTS

SCS160 Secure Console Server

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

PORTS

SCS160R Secure Console Server

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

PORTS

17 18 19 20 21 22 23 24

41 42 43 44 45 46 47 48

17 18 19 20 21 22 23 24

NETWORK

CONSOLE

1 NETWORK 2

www.thinklogical.com

1 CONSOLE 2

NETWORK

CONSOLE

NETWORK

www.thinklogical.com

CONSOLE

MODEM

www.thinklogical.com

CAUTION! Replace with same type and rating fuse.

www.thinklogical.com

CAUTION! Replace with same type and rating fuse.

CONSOLE

100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC

CAUTION!

NETWORK

CONSOLE

MODEM

CAUTION!

100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC

100-240V -,

CAUTION! Replace with same

0.5A, 50/60 Hz

type and

T2A, 250 VAC

rating fuse.

CAUTION! Replace with same type and rating fuse.

100-240V -, 0.5A, 50/60 Hz T2A, 250 VAC

100-240V -,

CAUTION! Replace with same

0.5A, 50/60 Hz

type and

T2A, 250 VAC

rating fuse.

Replace with same type and rating fuse.

100-240V -, 0.5A, 50/60 Hz

Replace with same type and rating fuse.

100-240V -,

0.5A, 50/60 Hz T2A, 250 VAC

100-240V -,

T2A, 250 VAC

Sentinel 32

PORTS:

5-8

5 6 7 8

1 2 3 4

PORTS

1-4

13-16 21-24 29-32

5 6 7 8

1 2 3 4

PORTS

5 6 7 8

1 2 3 4

PORTS

9-12 17-20 25-28

5 6 7 8

1 2 3 4

PORTS

NETWORK

CONSOLE

NETWORK

MODEM

CAUTION! Replace with same type and rating fuse.

100-240V -,

0.5A, 50/60 Hz T2A, 250 VAC

CAUTION! Replace with same type and rating fuse.

100-240V -,

0.5A, 50/60 Hz T2A, 250 VAC

Page 19

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

3.2.1 Power

SCS products have an internal universal Power Supply. Each SCS unit requires approximately 15W of electrical power. The switching power supply accepts nominal AC input voltage between 100-240 VAC with a frequency range of 50-60 Hz.

Note: The optional -48VDC Power Module is described in Section Appendix D,

DC Power, on page 83.

3.2.2 AC Input

A single IEC-type AC power entry module with an integral safety fuse and power switch is located on the rear of the chassis in each AC Power Module. The power input to the chassis uses a removable IEC-type cord set. One is provided with each AC Power Module. Be sure that your AC power source is properly grounded.

3.2.3 Connecting to the Network Port

Use a conventional, fully-pinned Category 5 cable (CAT5) to connect your network to the NETWORK (RJ45) jack on the rear of the chassis.

The SCS’s network port (auto-selecting 10/100) allows remote access to the attached networking components by the users and the sysadmin functions by the root user. You can change the network parameters from the front panel of the SCS or you may ssh into the default address and make changes using Linux commands.

3.2.3.1 SCS-R and Sentinel 32 Dual NIC Interface

The SCS80R / SCS160R / SCS320R / SCS480R / Sentinel 32 have dual network Ports. Initially, only the first NIC is functional (NETWORK 1 = device eth0 (NETWORK 2 = device eth1) must be enabled by the sysadmin.

To configure the second NIC, the sysadmin will log in and use one of the following commands:

The second NIC

netconfig -d eth1 or netconfig --device=eth1

Refer to Section 6 for other System Commands.

Page 20

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

3.2.4 Connect Your Console

The console port is used for local access to the SCS. Connect your terminal or computer to the console port with a terminal emulation package. The SCS’s console port has a DCE configuration with adjustable parameters.

The default communication parameters for the console port are:

•

• 9600 baud

••

•

• 8 data bits

••

•

• No parity

••

•

• 1 stop bit

••

•

• Xon/Xoff flow control

••

Use a conventional CAT5 cable to connect your terminal or computer to the CONSOLE jack (RJ45) on the rear of the chassis.

Press Enter to continue.

The password: prompt comes up next. Enter root (the default root password) and press Enter.

3.2.4.1 SCS-R and Sentinel 32 Dual Console Interface

The SCS80R / SCS160R / SCS320R / SCS480R / Sentinel 32 have dual Console Ports, with Console Port 1 pinned as DCE and Console Port 2 pinned as DTE. Console Port 2 is disabled in the default configuration. To use the second console port, the sysadmin must enable it.

Console Port 2 is activated by editing the file /etc/inittab

Refer to Section 6 for other

System Commands.

3.2.5 Connect to the Ports

Any system (e.g., server, router, switch) with a serial port may be connected to the SCS for consolidated system administration. Server Ports are individually configurable. Consult your server documentation as needed.

Page 21

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

The default communication parameters for the server Ports are:

•

• 9600 baud

••

•

• 8 data bits

••

•

• No parity

••

•

• 1 stop bit

••

•

• Xon/Xoff flow control

••

•

• DCE Port type

••

Each Port can be individually configured for baud rates of 300-115K for specified data parameters and as DTE or DCE types.

Note: Ports may also be individually disabled if desired.

3.2.5.1 Automated Port Configuration Tests

A script named pm is available to test the device ports and report the correct DTE/DCE setting for each port. A man page exists for pm. This can be used to troubleshoot SCS to server connections. Hardware signals from the server are tested but Baud rates are not.

3.2.5.2 Port Adapters

You may need to adapt the cable connection for your server device. Thinklogical® offers serialto-RJ45 adapters for serial ports, both DB9 and DB25, for many common network-equipment product applications. See Appendix F on page 85 for more information.

3.2.5.3 Serial Port Pin-out

Serial Port pin-out

Page 22

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

3.3 SCS-R and Sentinel Power Modules

The SCS80R, SCS160R, SCS320R, and Sentinel 32 provide dual AC Power Modules which are field-replaceable and connect to the rear panel of the SCS chassis. Each Power Module has a power entry connection with an IEC-type power connector.

The SCS80R, SCS160R, SCS320R, and Sentinel 32 have a power monitoring display shown on the front panel to indicate if one of the power supplies is not powering the system (either AC power failure, a Module is turned off or the supply has failed).

SCS Front Panel display: Left Power Supply failure

The SCS480R Power Module is mounted in the front panel of the SCS480R. It has the same capabilities as the SCSR and Sentinel Modules. It is not necessary to remove the AC power cord from the SCS480R when replacing a module.

Note: The Power Modules in the SCS160/320/480 are not field serviceable. This option applies to the SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 only.

Each Power Module can fully support the SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 system. However, the intended design is to have two power sources running your SCS system. When both supplies are active, they will share the system load. If one fails, the remaining supply can then take the full load.

The SCS80R, SCS160R, SCS320R, SCS480R, and Sentinel 32 ship with two AC power cords, one for each module, to allow separate AC power source connections. Plug the IEC connection into the SCS AC Power Module and connect the AC cord to a standard AC power source.

3.3.1 Power Module Replacement

The Power Modules of the SCS-R and Sentinel 32 Models may be hot-swapped. Each slide-in Power Module is held in place with a single captive screw and does not need to be removed except for replacement.

Page 23

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Captive Mounting

Handle

Screw

AC Power Module (removed from SCS Chassis)

SCS80R, SCS160R, SCS320R and Sentinel 32:

If the front panel display indicates that one of the power supply modules has failed, it may need to be replaced.

A single captive screw (visible from the rear of the SCS80R, SCS160R, SCS320R or Sentinel 32 chassis) holds the Power Module in place and also establishes a protective Earth ground. Be sure to turn off the failed power module and remove its power cord connection. Unscrew the module and remove it from the chassis using the built-in handle on the front of the module.

SCS480R:

If you need to replace one of the SC480R power supply modules, note that the module slides in and out from the front of the chassis.

A single captive screw (visible from the front of the SCS480R chassis) holds the Power Module in place and also establishes a protective Earth ground. Be sure to turn off the failed power module (press switch to O position). It is not necessary to remove the power cord. Unscrew the module and remove it from the chassis using the built-in handle on the front of the module.

Insert the replacement power module and tighten the screw. Reconnect the power cord if necessary and turn on the switch. When power is restored the failure message on the front panel display will clear.

3.4 SCS-R and Sentinel -48VDC Power Modules

The SCS80R, SC160R, SCS320R, and Sentinel 32 provide dual -48VDC Power Modules which are field-replaceable and connect to the rear panel of the SCS chassis. Each Power Module has a Power IN port with a WAGO MCS power connector. The SCS80R, SCS160R, SCS320R and Sentinel 32 have a front panel display to indicate if one of the power supplies is not powering the system (either DC power failure, a Module is turned off, or the supply has failed).

Page 24

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

The SCS480R Power Module is mounted in the front panel of the SCS480R and has the

The WAGO DC Power

onnector

same capabilities as the SCSR and Sentinel Modules. It is not necessary to remove the DC power cord from the SCS480R when replacing a module.

Note: The Power Modules in the SCS160/320/480 are NOT FIELD

SERVICEABLE. This option only applies to the SCS80R, SCS160R, SCS320R,

SCS480R and Sentinel 32.

Each -48VDC Power Module can fully support the SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 systems. However, the intended design is to have two power sources running your SCS system. When both supplies are active, they will share the system load. If one fails, the remaining supply can then take the full load.

The SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 ship with two WAGO MCS connectors, one for each module, to allow separate DC power source connections. Plug the WAGO MCS connector into the SCS DC Power Module and connect to a regulated DC power source.

3.4.1 Wiring the -48Vdc Connector

consists of 3 pieces: The connector plug

and two halves of the strain-relief back

shell. After installing the wires as

depicted above, the three pieces fit

together as shown (right) and snap firmly

into place.

WAGO MCS DC Power Connector:

1. Brown = -48VDC

2. Green/Yellow = Chassis Ground

3. Blue = Common

Page 25

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

3.4.2 -48VDC Power Module Replacement

The Power Modules of the SCS-R and Sentinel 32 Models may be hot-swapped if necessary. Each slide-in Power Module is held in place with a single screw and does not need to be removed except for replacement.

-48VDC Power Module and WAGO Connector (shown removed from Sentinel 32)

SCS80R, SCS160R, SCS320R, and Sentinel 32:

If the front panel display indicates that one of the power supply modules has failed, it may need to be replaced.

A single captive screw (visible from the rear of the SCS80R, SCS160R, SCS320R, or Sentinel 32 chassis holds the Power Module in place and also establishes a protective Earth ground. Be certain to turn off the failed power module (press switch to O position), then remove its power cord connection. Unscrew the module and remove it from the chassis using the builtin handle.

SCS480R:

If the front panel display indicates that one of the power supply modules has failed, it may need to be replaced. The power modules insert from the front of the chassis.

A single captive screw, visible from the front of the SCS480R chassis, holds each Power Module in place and establishes a protective Earth ground. Be certain to turn OFF the failed power module by pressing the switch to the OFF (O) position). Unscrew the failed module and remove it from the chassis using the built-in handle. You may now Insert the replacement power module and tighten the captive screw. Connect the power cord to the module and turn the switch ON ( l ). When power is restored, the failure message on the front panel display will clear.

Page 26

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

4. Initial Configuration

The SCS is Pre-Configured. Just set your IP Address and add Users.

4.1 Default Configuration

The SCS is pre-configured right out of the box, ready to generate ssh keys with an IP address set to a generic default value of 10.9.8.7 / NetMask 255.0.0.0. It is likely that the sysadmin will want to change to a local IP address.

When you first connect the unit to your network and turn the power on it will take about two minutes for the SCS to perform the initial ssh key generation. The front panel display will show the following display after the SCS’s power-up is complete and the system is ready:

SCS Front Panel Display default, normal mode shown

The top line of the display is the SCS’s host and domain name and the second line is a clock display showing day and date (initially set to Eastern Time Zone).

4.2 Initial System Security Concerns

The first login will require several steps to fully secure the SCS.

When you first connect the SCS and turn it on, it will build the ssh keys during the first two minutes of system startup. During this time, the front panel LCD second line will read start

sshd, and the console port will read Starting sshd.

The root user should also configure the ntp and the ssh config files. Network 2 and the dual console/modem are disabled. Root is not allowed to login on console 2.

4.3 Front Panel Network Setup

If you changed the network settings via netconfig, you can skip this section.

The Front Panel Display and buttons can be used to set the basic network parameters. There are four arrow buttons (Left, Right, Up, Down) and one enter button. The front panel can be used to change the IP Address, Subnet Mask, and Gateway settings. By default, the front panel will show the Host name and the Date/Time.

4.3.1 Front Panel Edit Mode

By default the Front Panel Display’s Edit mode is enabled. The View mode is similar to Edit mode except that the front panel cannot be used to change the settings. This is described in Section 7.7, Front Panel Display Options on page 44 of this manual.

Note: The Front Panel Edit Mode can be disabled if desired. See Section 7.7, Front Panel Display Options beginning on page 44.

Page 27

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

With Edit mode enabled, use the arrow buttons on the front panel to access the front panel edit subroutine and change the default network settings (showing the IP address Netmask

and Gateway) for your SCS system. The front panel controls are self-prompting for the appropriate entries.

SCS Front Panel Display showing the Network Edit Mode

Note: Use the Enter button to ‘continue’ or to ‘accept’ the current setting. Your front panel entries must be NO LONGER THAN 30 SECONDS APART or the front panel entry program will time out and discard your entries.

An asterisk at the far right indicates there is a parameter that has changed from the currently-stored value. These entries will be accepted and held. As you exit this programming mode you are given the opportunity to Save or Cancel your new changes. If you do not Save your settings at this time, your new changes will be

discarded.

Note: Front panel changes are not written to the Compact Flash memory until the sysadmin uses the command-line ‘save’ command. Do NOT turn the system

power off or these changes will be lost.

4.3.1.1 Start Front Panel Edit Mode

To start the Edit mode, press the Up or Down Arrow button on the front panel. The display will change from the default Domain Name / Date & Time to the Edit Mode. You can scroll through the available Edit functions by pressing the Up or Down arrows: Program Network Settings or View SCS Settings

Note: If you do not press a button within 30 seconds the display will revert to the normal display and no changes will be made.

Scroll to the Program Network Settings display.

4.3.1.2 Program Network

When the Program Network Settings mode is selected, you will step through the parameter entry for Network IP Address, Net Mask and Gateway, then Exit to the previous menu. The Up and Down arrows are used to scroll through the available options.

Page 28

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Network IP Address

SCS Front Panel Display for Network Programming mode

Press the Enter button to continue.

SCS Front Panel Display showing the current IP Address

The current IP Address will be displayed with leading zeroes. The factory default is 10.9.8.7. If you do nothing, the display will revert to the previous display after 30 seconds and no changes will be made. To change the IP Address press the Enter button.

SCS Front Panel Display showing Edit IP Address

A cursor appears under the first character of the existing address. Press the Left or Right arrow button to move the cursor to the first digit to be changed. To change a digit, use the Up or Down arrows.

Note: Ignore any leading zeroes in the display entry. The SCS will adjust for them and will not store the leading zeroes when saving the data.

As soon as you change a digit an asterisk (*) will appear at the top-right indicating that a parameter has changed. Input the complete address.

SCS Front Panel Display (example) with an Asterisk indicating a change

Page 29

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

When the address input is complete, press the Enter button to accept the entry. The display will look like the following example:

SCS Front Panel Display after editing the IP Address

The new value will be stored when you finish setting all the Network parameters.

Net Mask

Press the Down Arrow once to advance to the Net Mask parameter.

SCS Front Panel Display showing the current Net Mask

Press the Enter button to change the Net Mask parameter. The current Net Mask setting will be displayed with a cursor under the first digit. The factory default is 255.000.000.000. Press the Left or Right arrow button to move the cursor to the first digit to be changed. To change a digit, use the Up or Down arrows.

SCS Front Panel Display editing the Net Mask setting

As soon as you change a digit an asterisk (*) will appear at the top-right indicating that a parameter has changed. Change the Net Mask as desired.

Note: Ignore any leading zeroes in the display entry. The SCS will adjust for them and will not store the leading zeroes when saving the data.

When you have completed entering the parameter values press the Enter button to accept the entry. The display will show the following:

SCS Front Panel Display showing the new Net Mask display.

Page 30

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

The new value will be stored when all the Network parameters are set.

Gateway

You may now enter your Gateway parameter information. Press the Down arrow once to continue.

SCS Front Panel Display showing the current Gateway setting

Press the Enter button to edit the Gateway parameter. The current Gateway setting will be displayed with a cursor under the first digit.

SCS Front Panel Display to Edit the Gateway setting

Press the Left or Right arrow button to move the cursor to the first digit to be changed. To change a digit, use the Up or Down arrows. As soon as you change a digit an asterisk (*) will appear at the top-right indicating that a parameter has changed.

Note: Ignore any leading zeroes in the display entry. The SCS will adjust for them and will not store the leading zeroes when saving the data.

SCS Front Panel Display editing the Gateway setting

When you have the completed entering the parameter values, press the Enter button to accept the entry. The display will show the following:

SCS Front Panel Display showing new Gateway setting

Your new value will be stored when you are finished setting all the Network parameters.

Page 31

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Exit to Main Menu

You will now be prompted to Exit to the Main Menu. Press Enter to continue.

SCS Front Panel Display exiting the LCD Mode

You are given the choice to Save your changes or to Cancel them.

SCS Front Panel Display to Save or Cancel Changes

Press Enter to save your network changes or press the Up arrow to discard them. When you have completed the changes, the system must restart the Network Daemon. (The Network Daemon periodically connects to the network to check for updates and notifications.) This process will be displayed on the front panel display. The display will revert to a normal display when the network is restored.

SCS Front Panel Display - Saving and Restarting

When the system has restarted the network services, the following is displayed:

Returned to normal SCS Front Panel Display

To permanently save your new Network settings in the system, you must use the SAVE command to write the values to the Compact Flash memory.

NOTE: If the system loses power before using the command-line SAVE

command, the front-panel-entered network parameter changes will be lost.

Page 32

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

4.4 Initial Connection via Network

You can access the SCS using ssh (secure shell host) commands with your existing network. If you add a route to your workstation, you can connect to the SCS via its default address. For security reasons, a telnet server is not active on the SCS.

4.4.1 Network Connection Requirements

• Have your SCS system connected to the network before you turn it on.

• Know your computer’s IP address.

4.4.2 Route via Linux Workstation

If using a Windows workstation, you may go to section 4.4.3.

If you are accessing the network from your Linux / UNIX workstation, enter:

route add -net 10.9.8.7 netmask 255.255.255.255 gw <your workstation's IP address>.

To access the SCS system using ssh, from your command line, enter:

ssh root@10.9.8.7

Default root password is root. You should now be at the SCS’s root command prompt.

It is recommended that one of the first changes you make is to your SCS’s network address. See Section 7.2, Change Network Address, on page 41.

4.4.3 Route via Windows Workstation

If using a Linux workstation, you may skip this section.

If using Windows 9x/2000/XP you can connect to the SCS using your networked Windows PC and an ssh-capable terminal emulation package.

Note: If you don’t have an ssh-capable terminal emulation package, an available option is PuTTY, a freely-distributed package you can download at the following address: http://www.chiark.greenend.org.uk/~sgtatham/putty/.

(PuTTY is a client program for the ssh, Telnet and Rlogin network protocols. These protocols are all used to run a remote session on a computer over a network.)

If you use a Windows PC to login to the SCS:

Determine your PC’s IP network address. One method: open a DOS prompt window and type ipconfig, then press Enter. Your PC’s IP address is listed, among other things.

Add the route between the PC and the SCS. From a DOS prompt, enter:

route add 10.9.8.7 mask 255.255.255.255 <workstation's IP address>

then press Enter

“Ping” the SCS to assure that your network connection is now functioning. (The ping

Page 33

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

command is a way to verify a network connection.) Type ping 10.9.8.7 at the DOS prompt, then press Enter. Check for a completed connection.

Connect to the SCS with your terminal package using ssh. Launch your terminal

package and connect to the default IP address of the SCS of 10.9.8.7 using ssh. If using PuTTY (shown below), set the Session window IP address to 10.9.8.7, select the

ssh radio button and press Open.

PuTTY configuration Screen

The first time you connect using ssh you will get a warning about the ssh authentication keys. Accept the newly-generated keys by choosing yes.

Login to the SCS. When connected to the SCS, the “login as:” prompt will appear. Log in as root. Press Enter to continue.

The “password:” prompt comes up next. Enter root (the default root password) and press

Enter.

Upon pressing Enter you will be at the SCS’s root command prompt. For this case, connect using PuTTY to ssh into 10.9.8.7:

Terminal screen showing a typical root login to SCS

When successfully logged in, you will see the command prompt ending with # followed by the cursor.

It is recommended that one of the first changes you make is to your SCS’s network address. See Section 7.2, Change Network Address, on page 41.

Page 34

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

4.5 Initial Connection via Console port

See Section 3.2.4, Connect your Console, on page 21.

4.6 How to Access the LSI SCS Web Setup Interface

Be sure to add the proper route statement (route add 10.9.8.7…) to your workstation (see paragraph 4.4.3, Step 2, on page 33).

1. From your browser, type: https://10.9.8.7:8098/

2. A predefined SSL (Secure Sockets Layer) certificate will be used. Your browser may warn you that the certificate does not match the host. You may continue using this certificate, but you should create a new certificate after setting up the SCS.

3. Refer to the file /usr/local/doc/ssl.cert.README for more information about creating certificates.

4. Press Start.

5. Enter root as the user name and root as the password.

6. The main configuration menu is displayed. Make your changes. Help is available for each page.

7. When all your changes are made, select Control Panel from the Main Menu and then select Shutdown/Reboot. Reboot the SCS and all your changes will take effect.

This interface is for setup only. It cannot be used to access the device ports. To disable the web interface, see the instructions located in /lsi/README.

5. System Overview

5.1 SCS Systems are Linux-based

Thinklogical® Secure Console Server products use the GNU/Linux operating system.

5.1.1 Linux General Public License

The GNU/Linux source code used in this product has been distributed under a General Public License (GPL) from the Free Software Foundation. You may read about the GNU GPL by reviewing the text version of the GPL at http://www.gnu.org/licenses/gpl.txt.

You will find additional GNU license information online at: http://www.gnu.org/licenses/licenses.html#GPL.

Please contact Thinklogical® Product Support (1-203-647-8700 or toll-free at 1-800291-3211) if you need a copy of this source code.

5.1.2 SCS System Architecture

SCS software design uses both RAM (volatile) and Compact Flash (non-volatile) memory. All system changes are maintained in RAM until they are written to the Compact Flash memory. A read-only memory system is used since Compact Flash memory devices have a limited number of read-write cycles.

After making administrative changes to the system, the root user must run the SAVE command to write the changes to the non-volatile memory. If the data changes are not saved, the parameter changes will be lost in the event of a power failure or power-down.

Page 35

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

5.2 Initial System Administrator (sysadmin) Access

To customize the SCS configuration for your location,

we suggest

When the SCS is first powered up, you may need to configure it to operate with your network. Use ssh to access the SCS or the local console (Section 3.2.4, Connect Your Console, on page 21).

The SCS uses familiar Linux commands to administer the system. This manual lists those Linux commands that are important for the SCS sysadmin to know (See table on page 38).

5.2.1 Enter Commands

The system administrator enters Linux commands using the command-line interface. Unless otherwise shown, commands are all lower-case and may have modifiers. SCS commands are discussed in Section 6, Commands, beginning on page 38.

5.2.2 Log Out

To log out from a session, use the command logout. If logging out from a network session, the Console Server will disconnect the ssh session.

5.3 Default Services

The following Services are enabled by default:

•

network

•

ssh

•

syslog

•

cron

You may add other features and services, depending on your application. When you first log into the system, you will get the following reminder message for configuration:

you do the following:

∗ CHANGE THE ROOT PASSWORD!!! ∗ reconfigure the network (netconfig) ∗ set the time zone, if not in the Eastern U.S. (timeconfig) ∗ add users (adduser)

∗ edit the ntp.conf file and then enable the ntpd service

For extra security:

∗ edit the sshd_config file to not allow root logins ∗ when all settings are changed, reboot the system to save the changes

SCS login advice (displayed on-screen when you first log in)

5.3.1 Configure the Services

When you first install the SCS system, you should configure the default services for your needs. This addresses network, date/time, authorizations and system hostname. The feature commands described below are discussed in Section 7, System Administration, beginning on page 41.

Page 36

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

In order to configure the basic services, you must:

Run some or all of the following:

(netconfig, changehostname, timeconfig, authconfig).

Run save

Run service network restart to restart the network.

To configure the existing features, use the following commands:

• For the Network parameters, use netconfig

• To change the host and domain name, use changehostname

• For the Date/Time, use timeconfig

• To change the time zone for the authentication protocols, use authconfig

Page 37

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

6. Command s

A summary of special SCS Commands

6.1 System Commands

SCS products use Linux commands and man pages are available for all system commands. The root user can access the following commands to configure the special features of the SCS:

COMMAND PURPOSE CHPT.

adduser Add a User (creates a new user account) 8

deluser Delete a User account 8

editbrk Edit the 'break' sequence 8

editesc Edit Interactive mode 'escape' sequence 8

edituser Edit user settings for existing User accounts 8

save Commit programming changes to non-volatile memory

stty Configure Port parameters (see Linux commands) 6

versions Show version information 6

The commands are discussed in the chapter numbers noted on the right.

6.1.1 save

SCS systems will maintain your settings in RAM memory as long as system power is applied and the system remains in a normal operating condition. To permanently store your parameters, the root user must use the save command to write the data changes to the non-volatile Compact Flash memory card. This will ensure that your data is permanently saved.

The save command does not store buffered port data, which is held in RAM.

Note: The root user should run save any time that the system configuration has been changed. This includes user password changes and any command-line system administration changes

The save command is automatically run when you execute the reboot or the poweroff commands. It will copy files located in /etc, /home, /usr and /root to the Compact Flash and restore them when the system is restarted.

6.1.2 reboot

The

reboot

reboot process which occurs immediately after your data has been saved. A reboot takes a minute or so to complete. After the reboot has run the underlying commands, the system will reset and then begin the start-up process as it does at power on.

command may be run at any time. The

save

command is run as a part of the

Page 38

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Note: No ‘break’ commands will be sent on the serial Ports during a SCS system reboot. Your servers will not be affected.

Thinklogical® SCS systems are “break-safe”, meaning that they will not send a ‘break’ command (unless user initiated) or other data on the serial ports connected to your servers. An unwanted ‘break’ could cause problems with your server.

6.1.3 poweroff

If you want to turn the SCS off, you must first run the poweroff command.

Note: No ‘break’ commands will be sent on the serial Ports during a SCS system poweroff cycle. Your servers will not be adversely affected.

poweroff may be run at any time. The save command is run as part of the poweroff process. Once you have entered the poweroff command, the operating system will shut down and the SCS will cease operating. The front panel display will show OK to Power Off. You may now turn the power switch off.

The only way to recover from a poweroff command is to turn the system power off and then turn the power back on.

6.1.4 Other Linux Commands

The following Linux commands, among others, will be used with the SCS systems.

logout

Use logout to quit your session with the system.

man

Use man <command name> to search for a help file (online manual pages) or descriptive information for that Linux / UNIX command.

Three general man pages are available for Thinklogical commands and files:

lsi.1 for user commands

lsi.8 for system commands

3. lsi.5 for Thinklogical file descriptions

passwd

The root user should change the default root password as soon as possible to prevent unauthorized access. To change the default root password, type passwd (all lower case) at

the root login prompt.

scp

Use scp for secure copy using ssh (secure shell host) between two hosts. The process is encrypted and inherently secure. Refer to the man pages for scp for a description and any command options.

Page 39

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

sftp

Use sftp for a secure file transfer transaction between two servers using ssh. This process is similar to ftp except that it is encrypted for security. Refer to the man pages for sftp for a description and any command options.

ssh

The SCS systems use ssh to establish secure connections over your network. The configuration file for the ssh server is /etc/ssh/sshd_config. This controls ssh connections to the SCS.

Use ssh to establish a secure connection between two hosts or to transfer files or data between the systems. The Secure Console Server is a client device and will be connected to an ssh elsewhere. The security keys for ssh may need to be generated using ssh-keygen, depending on your application of ssh. Refer to the man pages for ssh for a description and any command options.

ssh-keygen

Use ssh-keygen to create keys for users so passwords do not have to be used for ssh login. You can generate the security keys for your client system (in this case, the SCS is the client) to interact with an ssh host elsewhere. After the keys have been generated, the user can establish a secure shell connection using ssh over a network. Refer to the man pages for ssh for a description and any command options.

stty

Use stty to change the configuration for each Port. The system provides a default configuration for the system Ports (ttyB1 through ttyB48

and for the console port (ttyS0

Note: Port changes made using stty are temporary (not written to memory). In order to keep any changes, you must edit the configuration file in /etc/rc.d/rc.serial and then run save.

The Ports are identified as /dev/ttyB1 through /dev/ttyB48 for ports 1 through 48, respectively, and /dev/ttyS0 for the console port.

Note: For example, to administer Port 7 you would edit the file rc.serial and use stty -F /dev/ttyB7.

Refer to the

man

pages for

versions

Use versions to see a listing of the release versions of the LSI files in the SCS.

stty

for a description and any command options.

Page 40

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

6.2 Change Logging Level

The sysadmin may wish to change the logging level of syslog.

Edit the file /etc/syslog.conf (vi/etc/syslog.conf)

Restart the system logger by entering: service syslog restart

Run save.

7. System Administration

This section outlines the administration functions and commands that are accessed using the network or console ports.

7.1 Security

Thinklogical® Secure Console Servers use ssh to provide encryption for a secure network connection. There is only one level of system administration access in the SCS and that is at the root level.

Warning!: Anyone with the root password has the ability to access all SCS features

and functions. Your root password should be carefully guarded.

In general, users cannot interact with the system-level features. Only users with permission to interact with a port can access the buffers or clear the buffered data.

7.2 Change Network Address

You may use the Front Panel setup (see Section 4.3, Front Panel Network Setup, beginning on page 27) to configure the SCS’s IP address. This will temporarily change the IP address to allow you to connect to the SCS. Front panel changes are temporary because there is no way to write the new parameters to non-volatile memory using the front panel keys.

You must run netconfig once you have accessed the SCS to change the network parameter options and then save the parameters to non-volatile memory.

7.2.1 Run netconfig

After you establish a connection to the SCS (either through your console port or via ssh using the default address of 10.9.8.7), you may need to change the IP address setting of the SCS to the desired address on your network, using netconfig a self-prompting program to set up your system’s network information. It supports DHCP/BOOTP setup or static addressing. Use the space bar to select/deselect a value (e.g., DHCP). Use the arrow keys to move up and down between the entry fields.

The netconfig command is

Note: Use of a static IP address is recommended with the SCS.

Page 41

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

You will need the following information before running netconfig

• Using DHCP/BOOTP (yes/no)? If No, you will need the following:

• IP Address

• Net Mask

• Default Gateway

• Primary Nameserver

You can add the secondary and tertiary nameservers (if required) by editing the resolv.conf file at any time. After entering the requested information, you are returned to the root prompt. See Section 7.2.2: More Than One Nameserver on page 43.

7.2.1.1 Save your netconfig changes After running netconfig to set up your system, you must run the save command to

keep your changes. Then restart the network using the following steps:

Make all changes

Run save

Run service network restart to restart the network

Make a new ssh connection.

Note: If you are making several changes to the system configuration, you may complete all the changes and then run save.

Example of

netconfig

fill-in fields

When you have filled in the fields, arrow down to the OK button and press Enter to accept your entries.

Page 42

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

7.2.2 More Than One Nameserver

The netconfig command allows the user to set up one nameserver’s IP address. It is possible to have multiple nameservers, which must be done outside of the netconfig command. The nameserver data is in the file /etc/resov.conf. If you want to have more than one nameserver, you must edit the file. For more information, refer to the man page for resolv.conf

In this file, you will find the IP address you entered with netconfig. You can add the address of additional nameservers. (a maximum of 3 nameservers is allowed) to this file. The format of a line is: nameserver <IP address>.

7.3 Change Hostname

The SCS includes a command changehostname which allows the root user to change the long hostname of the SCS unit.

1. Log in as root.

2. Type changehostname. The current hostname is displayed and you are prompted to choose y/n to proceed.

3. If you select y (yes) to change, you are prompted to enter the new hostname.

Note: If you make a mistake in your entry, do not attempt to edit it. Reject the

incorrect entry and re-enter the value properly.

4. Enter your new hostname value. Press y to accept the new value.

5. Remember to run save when done to keep your new values.

6. After changing the hostname and/or clock settings, reboot to make the changes permanent. These two settings (clock and hostname) are only saved during an orderly shutdown. Loss of power before reboot will revert to the old values.

7.4 Time Configuration

Use the command timeconfig to set up the date/time and time coordinates. This is a selfprompting utility. To keep your values, run save when completed. After changing clock settings, reboot the SCS to make changes permanent.

Note: If changing the Time Zone (during timeconfig changes) restart the LCD display service so the front panel display can update. Use the command service lcd restart after completing the timeconfig options.

7.5 Change NIC Speed

You can change the NIC interface configuration to auto-sensing or fixed, to full or half duplex, and to 10Mb or 100Mb. The following file information is found in the file /etc/modules.conf with some additional instructions on to how to set the NIC speed.

Page 43

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

This file already has the various commands in place, but they are commented out (rendered inactive by the preceding #). Edit the /etc/modules.conf as required. Remove the leading # from one of the #options lines below to make it active, then reload the NIC driver.

alias eth0 eepro100 alias char-major-72 exser alias char-major-4 off options -k exser ## ## options to control NIC speed and mode ## remove the leading '#' from ONE of the options lines below ## ### 100Mbit half-duplex #options eepro100 options=0x20, 0x30 ### 10Mbit half-duplex #options eepro100 options=0x40, 0x50

The SCS system power should be cycled (using poweroff, not reboot). The power-off is done to inform the switch connected to the NIC that it is now off.

Note: In the SCS-R and Sentinel 32 Models, these changes affect BOTH network ports. It is not possible to change only one of the network ports.

7.6 Configure Authentications

Use authconfig to set up the authentication protocols. You may only need to run this if you need remote authentication such as NIS, LDAP, Kerberos, etc.

The first checkbox, cache information, will start the nscd daemon if selected. Refer to the

man page nscd for configuration options. This is not required for normal operation and need not

be selected. Other aspects of the authentication options in authconfig are self-prompting for parameters for

NIS, LDAP and/or Hesiod. Remember to run save to keep your new values.

7.7 Front Panel Display Options

The front panel display is a two-line, 24-character, backlit LCD. It displays system messages during various system events (e.g., network restart, poweroff shows the default display.

The default display shows the Hostname on the top line and the Date/Time on the lower line, but this can be customized to show other information in either line or both. This can be helpful in labeling each SCS in a rack with multiple units. Also, the default display can be turned off and the editing of IP address information using the front panel buttons can be disabled to prevent unauthorized changes.

but most of the time is idle and

Page 44

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Default Front Panel Display,

The front panel will display system messages during events such as reboot or save, but will return to the default display following these events.

7.7.1 Display Mode Parameters

The various LCD Display modes are controlled by entries maintained in the file:

/etc/sysconfig/lsi

• LCD_LINE_1=

• LCD_LINE_2=

• LCD_DISPLAY_SETTING=

• LCD_LINE_1= and LCD_LINE_2= (allows text entry of up to 24 characters to be displayed)

• LCD_DISPLAY_SETTING= (can be set to EDIT [default], VIEW, or OFF)

7.7.1.1 Edit

The Edit mode ( information and allows anyone to use the front panel display to change the network parameters (IP Address, Net Mask, and Gateway).

7.7.1.2 View

The View mode ( information, but disables editing using the front panel buttons. This prohibits unauthorized changes to your network settings from the front panel.

LCD_DISPLAY=EDIT)

LCD_DISPLAY=VIEW)

allows the front panel display to show the current display

allows the front panel display to show the current

7.7.1.3 LINE_1=

LINE_1=

allows the user to customize data on the upper line of the display. The root user may

enter a left-justified text line of up to 24 characters to replace the SCS Host-name.

LINE_1 Changed in SCS Front Panel Display,

7.7.1.4 LINE_2=

LINE_2=

allows the customer to customize data on the lower line of the display. The root user

may enter a left-justified text line of up to 24 characters to replace the clock/date display.

Page 45

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

LINE_2 Changed in SCS Front Panel Display

7.7.1.5 Display OFF

LCD_DISPLAY=OFF

disables the front panel LCD display when no events are taking place. The

backlighting will remain on, but the display is blank.

7.8 Network Time Service

Network Time Service is supported. To use the network time service, the user must edit the files /etc/ntp.conf and /etc/ntp/step-tickers and start the ntpd service as described in the following paragraphs. (More information is available at www.ntp.org)

7.8.1 Configure NTP

The file /etc/ntp.conf has many options. To define the time server to be used, the hostname (or IP address) of the time server is needed. Using your editor, add the line: server <my time server name or IP address>to the end of the file.

Example: For the hostname ts1.mydomain your entry is server ts1.mydomain (The user will type the actual hostname [or IP address] of the time server in place of ts1.mydomain.)

The user should also add the server names to the file /etc/ntp/step-tickers. This file requires the name of the time server (the word 'server' as used in the file /etc/ntp.conf is not needed)

7.8.2 Start the NTP Service

To start the NTP service manually: service ntpd start To cause NTP to start automatically during startup: chkconfig ntpd on

7.9 NIS and User Port Permissions

The SCS can use NIS to control user access to the Ports in addition to controlling user access to the SCS itself. Since this is an extension to the normal NIS capabilities, some of the NIS files must be installed on your NIS server. The user must create/ modify the NIS database to include records containing user port permissions.

Note: Source documents, including this information, are stored on the SCS system. NIS information is located in /usr/local/doc/nis.

Page 46

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

7.9.1 User Port Control

The SCS can use NIS to control which user can access a port on the SCS. To use this feature, a database must be created on the NIS server. The following files are needed to set up the port access database:

lsi_port_access lsi_port_user lsi_port_awk Makefilenis.portAccess

Port Access Permission Definition file Port Access User Definition file Port Access AWK file (required for the Make file) Make file used to build the LSI database

7.9.2 NIS Port Access

The file lsi_port_access contains the port permissions for connect, monitor and clear and is referenced by a group. Users may define as many groups as needed. The following example, where perm = permission, illustrates how the group file is constructed:

group name:console server name:connect perm:monitor perm:clear perm

where: group name is the name of the user’s group

console server name is the SCS’s hostname connect perm is the port that a group can connect with

monitor perm are the ports that a group can monitor clear perm are the ports that a group is allowed to clear

For example: pbxgrp:tvscs320:1,2-6,13:5-9:1-7 itgrp:tvscs160:8-16:7:1,3,5,7-11

The above example shows two groups, pbxgrp and itgrp, that are allowed to access ports on a Secure Console Server.

The first group, pbxgrp, can access an SCS with the hostname of tvscs320. The group can connect to ports 1, 2, 3, 4, 5, 6 and 13. It can monitor ports 5, 6, 7, 8 and 9. This group is allowed to clear ports 1, 2, 3, 4, 5, 6 and 7.

The second group, itgrp, can access the SCS with a hostname of tvscs160. This group can connect to ports 8, 9, 10, 11, 12, 13, 14, 15 and 16. It can monitor port 7, and can clear ports 1, 3, 5, 7, 8, 9, 10 and 11.

LSI Port Access Permission file Port Access Permission for the user defined group names* are defined below.

Permissions can be any or all of the following forms:

 decimal value  decimal range using a dash (-) as the range indicator  a comma (,) used to separate digits and/or ranges

 a colon (:) used as the field separator, as in:

group name:console server name:connect perm:monitor perm:clear perm

* user_group1:scs160_milford:1-16:1-3,5,8,16:0

* user_group2:scs320_boston:1-6:12,15:3-7

Page 47

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

7.9.3 User Names and Groups

The LSI Port User Definition file (/nis/lsi_port_users) is used to assign a user to a given Port Access group. This file information is found in /usr/local/doc/nis.

The following example illustrates how it is set up:

User name:group name

where: user name is a valid SCS user

group name is a valid users’ group

For example:

tomv:pbxgrp billf:itgrp

The above example shows two users, tomv and billf. User tomv is in the group pbxgrp and billf is in the group itgrp. When used with the lsi_port_access file, it illustrates how tomv

can log into tvscs320 and be able to connect, monitor and clear the ports that were set up in the previous example. The same goes for billf.

LSI Port Access User definition file Port Access user and respective port access group names are defined below.



Users must be valid system usernames.



Group names are those defined in the lsi_port_access file.

lsiuser1:user_group1 lsiuser2:user_group1 lsiuser3:user_group2 lsiuser4:user_group2

Group Permissions

A user might not have access to a particular port, depending on group permissions. Only members of the scsusers group (group ID of 701) may access SCS ports. Only members of the monitor group (group ID of 702) may access SCS monitor ports.

7.9.4 NIS Database file

The lsi_port_awk file is used to create the lsi database file (lsiportdbase) on the NIS server. It contains the awk code that the Make file needs.

7.9.5 NIS Make file

The file Makefile.nis.portAccess is used to create the lsi port database. To build the database, the above files (listed in Section 7.9, NIS and User Port Permissions, on

page 46) need to be loaded onto the NIS server. The system has been tested on a Linux CPU running RedHat 8.0. The files were placed in the /var/yp directory. After executing the Make file, the lsi database file was placed in the NIS host directory.

Page 48

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

7.9.6 NIS Configuration File

The NIS configuration file (located at /etc/nsswitch.conf) must be edited by the user to support your NIS server. To do this:

Open the file /etc/nsswitch.conf using your editor.

Edit (add or modify) a line to your config file that supports local files for local users and, if not assigned locally, refers to the NIS database. The line should read: port_access:filesnis

3. Save your updated nsswitch.conf file.

7.10 NFS

NFS information can be obtained from the man pages, which is an overview of setup information for an NFS application as it pertains to the SCS. Refer to the following:

man pages:nfs, mount, fstab.

7.10.1 Remote NFS Directory

To mount a remote directory onto the SCS you must start the portmap and netfs services. To manually start portmap and netfs services, enter the commands

service portmap start service netfs start

To automatically start portmap and netfs services at Power On, enter the commands:

chkconfig portmap on chkconfig netfs on

Determine which local directory name you will use to refer to the remote directory. The standard name is /mnt. If you need more than one remote directory mounted, create the additional directories under the /mnt directory. (e.g., /mnt/dir1, /mnt/dir2, /mnt/dir3...)

To test the mounting, enter the following:

mount -t nfs <remote server name>:<remote directory name> <local directory name>

Example: mount -t nfs nyc:/usr/local/cvs/mnt/dir2

Note: To have this mount occur at startup, you must edit the file /etc/fstab. See the man pages noted above for details.

For example:

nyc:/isr/local/cvs/mnt/dir2nfshard,intr

Page 49

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

7.11 SNMP

Simple Network Management Protocol (SNMP) governs network management and the monitoring of network devices and their functions. Network management stations monitor and control the network components. SNMP is supported in the SCS as “read only”. Refer to the

man pages for more details.

7.11.1 Start SNMP

Start SNMP with the command

service snmpd start chkconfig snmpd on

7.12 syslog

Using default settings, the SCS will log all warnings and higher events. The SCS keeps a system log file called /var/log/messages. The level of logging is controlled by the file

/etc/syslog.conf.

SCS products can log the following:

Notice level events:

•

Port settings changed

•

Begin and end Interactive mode

•

Port buffer cleared

Info level events:

•

User settings modified

•

Port buffer accessed

The default file entry is *.notice, with lower level settings in *.info. (A lower level setting generates more messages.)

7.13 Timeouts

The SCS system supports timeout on the network port. Refer to the man page for timeout options. Use the commands timeoutd and timeouts

7.14 Changing Serial Port Settings

Use stty to change things like the port name, baud rate or hard/soft flow control. Note that these changes are temporary and will be lost on the next reboot. To make the changes permanent, edit the file /etc/rc.d/rc.serial. This file contains a list of stty commands (one for each port).

7.14.1 Disable buffering while in Interactive

To prevent unauthorized access, do not store data in the Port buffer while in Interactive mode. Under normal conditions, all data from the serial device is stored in the buffer and can be viewed at a later time. To disable buffering (only while the Interactive mode is in progress), use the command:

stty -F/dev/ttyBn -buffer

Page 50

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

8. Administering Users

The following commands are used to change settings for users. You can define as many

users as you wish, up to the memory capacity of the system. The limiting factor for users is not the number of users but the number of simultaneous sessions invoked by any number of users (250 sessions maximum).

8.1 User Setup

Each user account must have a unique name and its own password. Each User account has the following parameters:

PARAMETER CONSTRAINTS

A unique user name made up of contiguous characters that cannot be

Name

renamed. This name will be displayed at the command prompt when a user has

logged in.

Password

Port range or

Port group

(used below)

ESCAPE_SEQ

BREAK_SEQ

ALLOW_CLEAR

ALLOW_CONNECT

ALLOW_MONITOR

Linux password for this user account. Default is set to access all ports in the SCS chassis (1-16, 1-32 or 1-48).

Ports can be assigned individually (1), in a contiguous range (2-7), in random ports (3,6,9,15) or any combination of the above valid port numbers for

that chassis (1, 4-7, 12, 15-16). Escape sequence. Default is “Esc-A”. Displayed in ASCII (x1bA) Break sequence. Default is “Esc-B”. Displayed in ASCII (x1bB)

Range or group of Ports for which this User account can Clear the Port

Range or group of Ports to which this User account can connect Range or group of Ports which the User can monitor

There are three permissions in the user config files:

• ALLOW_CONNECT: The user can enter Interactive mode. The file name is

/dev/ttyBnnn).

o browse a buffer a user must have connect permissions on that port.

• ALLOW_MONITOR: The user can view a specified port. The file name is

/dev/monitor_portnnn and must be opened in Read-Only mode.

• ALLOW_CLEAR: A user can clear a specified buffer. The file name is

/proc/port_buffers/nnn)

8.1.1 adduser

SCS users are identified with a user name and the adduser command is used to create a new user account. The user’s name, password and port access configurations are set, along with the escape and break command keystrokes. After a user has been added, this user can log into the system from a network or console port connection.

Page 51

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

8.1.2 edituser

The edituser command is used to change the parameters for an existing user. The user name cannot be edited using edituser

user account and enter the appropriate assignments. You should then delete the original user account (paragraph 8.1.3).

. I

n order to modify a user’s name you must generate a new

8.1.3 deluser

The del user command deletes an existing user account.

Note: The following command modifiers (options) apply to the add user and edituser commands.

8.1.4 Other Editing Commands

The following commands may be entered to change the following parameters. The root user may change the preset values for these parameters and a user may use this command to change the parameters for the Port they are connected to.

8.1.4.1 editbrk <name>

Use editbrk <name> to edit the break sequence for a user. The break sequence is presented in its ASCII form. (User key stroke default is ESC – B.)

8.1.4.2 editesc <name>

Use editesc <name> to edit the escape sequence for a user. The escape sequence is presented in its ASCII form. (User key stroke default is ESC – A.)

9. User Operations

Commands that End Users need to connect to their Servers through the SCS

9.1 User Accounts

The SCS has two types of user accounts: user and root and supports multiple user accounts, each having a unique combination of read, write and review privileges for each of the Ports. Each user account is password protected and a defined user may or may not have permission to interact with the attached servers.

9.1.1 SCS users

SCS users are the individuals that will connect to any or all of the attached networking devices for service, support or access needs. There can be many users defined and each user, when connecting to the system, establishes a session with a selected device by entering the connect command. There can be up to 250 simultaneous user sessions.

9.1.2 root user

The root user differs from other SCS users in that he root user will act as the System Administrator (sysadmin) for the full SCS system and has full access to the each of the SCS

Page 52

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Ports. There is only one root user for each SCS system. The root user defines the access rights of all users in the SCS system. The root user’s access is

secured with the root password (default password is root). The root password should be changed regularly and carefully guarded to prevent unauthorized access.

9.2 Port Identities

Each Port is numbered and has a default name (port1, port2, etc.) but may be given any name by the sysadmin. Each user interacts with the servers connected to ports by entering a command associated with either the port number or port name.

9.3 What Users Can Do

Remember: Use connect <Port number or name> to access a specific server or network device.

9.3.1 Access via Network

To access a connected server via the SCS network port, the user should use an ssh client to ssh to the IP address of the SCS.

9.3.1.1 Secure Shell Host (ssh) to a Port

You can ssh directly to a port by using the following command:

ssh user@scs -t -t connect <port number or name>

9.3.2 Access via console port

The console port is normally used by the System Administrator during service events. However, it can be used by any user that has access to the terminal and has a password to log into the system and access system Ports.

9.3.3 Interactive Mode

For a user to interact directly with an attached server, the user must enter the Interactive mode. Use connect <port name or number> to connect to a port (only applies to ports for which the user is allowed Connect access).

The user's terminal is then connected to the. The SCS displays the last page of the port buffer along with a system information message indicating which Port is selected as the user enters Interactive mode. If a user attempts to connect to a port that is in use, they will receive the message Device or Resource busy.

The Interactive Mode Escape Sequence is a series of two to ten characters that allows the user to exit Interactive Mode and return to the System Prompt. The default for the Interactive mode escape sequence is <ESC>A (escape key, then uppercase A). The user may change the sequence by using the command editesc.

9.3.3.1 Break Sequence

The user is not connected directly to the server, but rather is connected through the SCS, and therefore cannot use the break key. While a user is connected to a port in the Interactive mode the user can, however, send a break command to that port. The default sequence is <ESC>B

Page 53

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

editbrk

When not in the Interactive mode, a user can enter editbrk to edit or view their preset break sequence. The break sequence is presented in its ASCII form (x1bB). The user key stroke default is <ESC>B. Press Enter to keep the existing setting.

Warning!: Because the sysadmin is responsible for configuration changes, it is

recommended that only the sysadmin be allowed to change the break sequence.

9.3.3.2 Escape Sequence

A user-defined sequence of keys is used to leave the Interactive mode. The default sequence is <ESC>A

Note: Do NOT use combinations of the <CTRL> key and other keys for the escape sequence as these combinations are usually reserved for sending and receiving special characters through a terminal.

Edit Escape Sequence: It is recommended that only the sysadmin edit the escape command

sequence. When logged in, enter editesc to edit or view the preset escape sequence. The escape sequence is presented in its ASCII form (x1bA). The user key stroke default is

<ESC>A. Press Enter to keep the existing setting.

Warning!: Because the sysadmin is responsible for configuration changes, it is

recommended that only the sysadmin be allowed to change the escape sequence.

9.4 Monitor Mode

Monitor Mode allows a user to view the traffic on a port, but not to interact with it. Once in Monitor Mode, pressing any key will close the connection. Multiple users may monitor the same

port at one time, unlike Interactive mode, which is limited to one user. A port may be monitored while an interactive session is in progress. The monitor command uses the same syntax as the connect command.

9.5 Browse the Buffers

Any of the Linux text browsing commands (less, more, ftp, tftp, scp, etc.) may be used to view the Port buffers. These buffers are named:

/lsi/ports/buf_<name> or /proc/port_buffers/<number>

9.6 Clear the Port Buffers

Use the following commands to erase the data in a Port buffer:

stty --clear -F/proc/port_buffers/<n>

stty --clear -F/lsi/ports/buf_<name>

Page 54

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

10. Regulatory and Safety Compliance

10.1

Safety Requirements

10.1.1 Symbols Found on Our Products

Markings and labels on our products follow industry-standard conventions. Regulatory markings found on our products comply with all domestic and many international requirements.

10.2 R

Thinklogical® Secure Console Server products are designed and made in the USA. They have been tested by a nationally recognized testing laboratory and found to be compliant with the following standards (both domestic USA and many international locations).

egulatory Compliance

10.2.1 North America

These products comply with the following standards: Safety

•

ANSI/UL60950-1: 1st Edition (2003)

•

CAN/CSA C22.2 No. 60950-1-03

Electromagnetic Interference

•

FCC CFR47, Part 15, Class A

•

Industry Canada ICES-003 Issue 2, Revision 1

10.2.2 European Union

10.2.2.1. Declaration of Conformity

Product name

• Model: SCS80 Secure Console Server, SCS801 Secure Console Server

• Model: SCS160 Secure Console Server, SCS1601 Secure Console Server

• Model: SCS320 Secure Console Server, SCS3201 Secure Console Server

• Model SCS480 Secure Console Server, SCS4801 Secure Console Server

• Model: SCS80R Secure Console Server, SCS801 R Secure Console Server

• Model: SCS160R Secure Console Server, SCS1601 R Secure Console Server

• Model: SCS320R Secure Console Server, SCS3201 R Secure Console Server

• Model: SCS480R Secure Console Server, SCS4801 R Secure Console Server

• Model: Sentinel 32 Secure Console Server, Sovereign 32 Secure Console Server

These products comply with the requirements of Low Voltage Directive 72/23/EEC and EMC Directive 89/336/EEC.

10.2.2.2 Standards to Which Our Products Comply

Safety

•

IEC60950:1992+A1, A2, A3, A4, A11

Electromagnetic Emissions

•

EN55022: 1994 (IEC/CSPIR22:1993)

•

EN61000-3-2/A14: 2000

•

EN61000-3-3: 1994

Page 55

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Electromagnetic Immunity

•

EN55024:1998 Information Technology Equipment-Immunity Characteristics

•

EN61000-4-2:1995 Electro-Static Discharge Test

•

EN61000-4-3:1996 Radiated Immunity Field Test

•

EN61000-4-4:1995 Electrical Fast Transient Test

•

EN61000-4-5:1995 Power Supply Surge Test

•

EN61000-4-6:1996 Conducted Immunity Test

•

EN61000-4-8:1993 Magnetic Field Test

•

EN61000-4-11:1994 Voltage Dips & Interrupts Test

10.2.2.3 Supplemental Information

The following statements may be appropriate for certain geographical regions but might not apply to your location.

Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment uses, generates and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications, in which case the user may be required to correct the interference.

Note: This Class A digital apparatus complies with Canadian ICES-003 and has been verified as compliant within the Class A limits of the FCC Radio Frequency Device Rules (FCC Title 47, Part 15, Subpart B Class A), measured to CISPR 22: 1993 limits and methods of measurement of Radio Disturbance Characteristics of Information Technology Equipment.

This Class A digital apparatus meets all requirements of the Canadian Interference-Causing Equipment Regulations.

Cet appareil numérique de la classe A respecte toutes les exigencies du Règlement sur le matérial brouilleur du Canada.

Note: Users may notice degraded audio performance in the presence of electro-magnetic fields.

10.3 Product Serial Number

Secure Console Server products have a unique serial number, imprinted on a small silver label that is placed on the bottom of the chassis. The serial number includes a date-code. The format for

three digits for a unique unit number

shipping carton.

the date-code is two digits for the week; two digits for the year and two or

. This serial number is also found on the original

Page 56

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

10.4 Lithium Battery

The SCS products have a replaceable, long-life Lithium battery (CR2032, 3 volt) to support the system BIOS which will likely never need field replacement. However, if it ever does need to be replaced, the following caution statement applies:

Warning!: There is a risk that the battery could rupture if it is replaced by an incorrect type. Be sure to use only a CR2032, 3 volt lithium battery. Properly dispose of spent batteries.

10.5 SCS-R Models and Sentinel 32 Power Modules

The SCS80R, SCS160R, SCS320R, SCS480R and Sentinel 32 systems have hot-swappable Power Modules that can be replaced in the field without interrupting service. Each Power Module is held in place with a single captive screw.

Warning!: When replacing a Power Module in the field, first turn the power switch off, then remove the Power Cord BEFORE loosening the captive screw and pulling the module out. When replacing the module, fully insert the module and tighten its screw before replacing the power cord.

11. How to Contact Us

11.1 Customer Support

11.1.1 Website

Visit our website at the full line of Thinklogical® products. Our internet website offers product information on all current systems, including technical specification sheets and Quick Start Guides (for viewing online or for download), product diagrams showing physical connections and other useful information.

be sure to update your browser when you visit us online.

We regularly update our website, so to see our most current information,

www.thinklogical.com for more product information, current updates and

Note: Most online documents are stored as Adobe Acrobat .pdf files. If you do not have the Adobe Acrobat reader needed to view .pdf files, visit www.adobe.com

for a download.

Page 57

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

11.1.2 Email

Thinklogical® is staffed Monday through Friday from 8:30am to 5:00pm, Eastern Time Zone. We will try to respond to your email inquiries promptly. Please use the following email addresses for your various needs:

Info@thinklogical.com sales@thinklogical.com support@thinklogical.com

and request for Return Merchandise Authorization.

– Information about Thinklogical® and our products.

– Sales Department: orders or questions

– Product support, technical issues or questions, product repairs

11.1.3 Telephone

Telephone Sales: Please c

in the continental US, use our toll-free number Friday from 8:30am to 5:00pm, Eastern Time Zone. Be sure to ask for your sales representative’s direct dial phone number when you call.

Telephone Product Support: Please c Connecticut at

1-203-647-8700

8:30am to 5:00pm, Eastern Time Zone.

International Sales: 203-647-8700

. We are here Monday through Friday, 8:30am to 5:00pm, Eastern Time Zone

Please contact our expert Sales Staff in Milford, Connecticut, USA at

(same as New York City). If leaving a voice message, please provide a preferred time to call back so we may reach you at your convenience.

Our switchboard attendant will direct your call during regular business hours. We have an automated attendant after regular business hours and on holidays. Please leave a voice message for any of our representatives at any time. Each of our sales and service representatives has a direct number to accommodate your calls.

ontact our expert sales staff in Milford, CT at

1-800-291-3211

. We are here Monday through

ontact our expert Product Support staff in Milford,

. The support lines are manned Monday through Friday,

1-203-647-8700

or, if

11.1.4 Fax

Our company facsimile number is your cover sheet and provide return contact information, including your phone number.

1-203-783-9949

. Please indicate the nature of the fax on

11.2 Product Support

Thinklogical’s® support personnel are available Monday through Friday from 8:30am to 5:00pm, Eastern Time Zone. If you need assistance at some time outside of normal business hours, please contact us beforehand and we will do our best to make arrangements to assist you.

11.2.1. Limited Warranty Information

Thinklogical®, LLC (“Thinklogical”) warrants this product against defects in materials and workmanship for a period of one (1) year from the date of delivery (ordinary wear and tear excluded). This limited warranty does not cover defects resulting from (i) use of the product other than as described in the applicable documentation for the product; (ii) modifications to or repairs of the product that are made by any party other than Thinklogical® or a party acting on Thinklogical’s® behalf, or (iii) combination of the product with third party products that is not consented to by Thinklogical®. Occurrences of events described in (i) – (iii) shall void the foregoing warranty. This warranty gives you specific legal rights, and you may also have other

Page 58

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

rights which vary from state to state.

Except for the express warranty set forth above, to the fullest extent permitted under applicable law, Thinklogical®, LLC and its suppliers disclaim any and all other warranties, express and implied, including without limitation the implied warranties of merchantability, fitness for a particular purpose, title and non-infringement.

If the defective product is returned to the authorized dealer within one (1) year of the delivery date, repair or replacement of the product will be made. Repairs may be made with refurbished parts. If repair or replacement is not possible, Thinklogical® may keep the defective product and refund the amount that you paid for the defective product. These are Thinklogical’s® sole obligations, and your exclusive remedies, for a breach of the limited warranty set forth above.

To return a defective product, contact the Thinklogical® authorized dealer from whom you purchased the product. Do not return a product directly to Thinklogical® without prior authorization from your dealer.

If you have received prior authorization from your dealer and are returning a product directly to Thinklogical®:

1. Contact your sales representative, or call Customer Support at: 1-800-291–3211 or 1-203-647–8700.

2. Describe the product defect and Customer Support will issue a Return Merchandise Authorization Number (RMA#).

3. If possible, pack the product in all of its original packing and be sure to include the RMA number with the address, so it is clearly visible on the outside of the box.

4. Return the product to:

Thinklogical, LLC® Attn: RMA# (Insert the RMA# issued to you by Thinklogical®, here.) 100 Washington Street Milford, CT 06460 USA

If you have any issues with our products, have product questions or need technical assistance, please call us at

1-203-647-8700

and let us help.

Page 59

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Appendix A: File System

A.1 Read-Only vs. Read-Write

In some instances you may need to interact directly with the SCS’s file system, in which case you must mount it for read-write (R/W) access before changes can be made to the system’s Compact Flash.

To mount R/W: mount -o remount,rw/

Warning!: Regular SCS use does not require changes to the Read-Write operation. The sysadmin may only need to use this to interact with the SCS’s Linux file system directly. Do not leave the system in Read-Write mode. Leaving the system in read-write mode could shorten the life span of the SCS.

The SCS’s file system is normally mounted in a read-only mode and is run from RAM to prolong the life (read-write cycles) of the system’s Compact Flash memory card. Leaving

the system in read-write mode could shorten the life span of the SCS.

To mount R/O: mount -o remount,ro/

A.1.1 Read-Only Mode for Normal Use

Warning!: It is VERY IMPORTANT to remount as Read-Only when you are done with any changes.

During system startup, the tar file is expanded into RAM. The root file system is then mounted as Read-Only. It must be remounted as Read-Write in order to make changes (e.g. mount –o remount,ro/

A.1.2 LSI Directories

The following LSI directories are those most often used with SCS products:

/etc /home /var /root /lsi

The save command tars these directories and stores the tar file in /misc

Page 60

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Appendix B: FAQ

A few frequently-asked questions

B.1 How To…

This section is a collection of tips and hints for various setup items. The root user can change any of the following features using the given command steps:

B.1.1 Change Port Parameters

Serial Port settings are modified via the stty command (see man page stty

The serial port

settings are modified in the rc.serial file to be permanently changed. Note the following:

• Changing port names is persistent over a reboot

• Changing port communication settings (baud rate, parity etc.) is temporary. The file

/etc/rc.serial must be edited in order to save the settings.

To change the Port Parameters, edit the file: /etc/rc.d/rc.serial

For example, to change the baud rate for Port 5 to 19,200 baud, enter:

Stty -F/dev/ttyB5 19200 {other options}

B.1.2 Change the Name of a Port

You can change the name of a Port if you know the original name. For example, to change the Port <current name> to payroll, enter:

Stty --name=payroll -F/lsi/ports/<current name>

B.1.3 View a Buffer

Use less or cat to view a port’s buffer. There are at least two methods:

/lsi/ports/buf_<portname> or /proc/port_buffers/<portnumber>

Page 61

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Appendix C: Sentinel 32 Modem Commands

The following modem commands information has been extracted, with the permission of the modem’s manufacturer, from the Multi-Tech Systems, Inc., Developer’s Guide (2003).

Introduction

The AT commands are used to control the operation of your modem. They are called AT commands because the characters AT must precede each command to get the ATtention of the modem. AT commands can be issued only when the modem is in command mode or online command mode. The modem is in command mode whenever it is not connected to another modem. The modem is in data mode whenever it is connected to another modem and ready to exchange data. Online command mode is a temporary state in which you can issue commands to the modem while connected to another modem.

To put the modem into online command mode from data mode, you must issue an escape sequence ( characters and the command, e.g., command To send AT commands to the modem you must use a communications program, such as the HyperTerminal applet in Windows 98/ 95 and NT

4.0, or some other available terminal program. You can issue commands to the modem either directly, by typing them in the terminal window of the communications program, or indirectly, by configuring the operating system or communications program to send the commands automatically. Fortunately, communications programs make daily operation of modems effortless by hiding the commands from the user. Most users, therefore, need to use AT commands only when reconfiguring the modem, e.g., to turn auto answer on or off.

The format for entering an AT command is command parameter. The value is always a number. If the value is zero, you can omit it from the command; thus, Most commands have a default value, which is the value that is set at the factory. The default values are shown in the “AT Command Summary” (See below). You must press ENTER (it could be some other key depending on the terminal program) to send the command to the modem. Any time the modem receives a command, it sends a response known as a result code. The most common result codes are OK, ERROR, and the CONNECT messages that the modem sends to the computer when it is connecting to another modem. See a table of valid result codes at the end of this chapter. You can issue several commands in one line, in what is called a command string. The command string begins with

ENTER. Spaces to separate the commands are optional; the command interpreter ignores them. The most familiar command string is the initialization string, which is used to configure the modem when it is turned on or reset, or when your communications software calls another modem.

ATO.

+++ATH

to hang up the modem. To return to data mode from online command mode, you must issue the

ATXn,

where X is the command and n is the specific value for the command, sometimes called the

+++)

followed immediately by the AT

AT&W

is equivalent to

and ends when you press

AT&W0.

AT Command Summary

Organization of AT Commands on the following pages: 1st, by the initial command character (&, +, %) 2nd, alphabetized by the second command character (Except for listing of

Command Description

AT Attention Code

A Answer

A/ Repeat Last Command Bn Communication Standard Setting Ds Dial

DS=y Dial Stored Telephone Number

En Echo Command Mode Characters Fn Echo Online Data Characters Hn Hook Control

In Information Request

Mn Monitor Speaker Mode

Nn Modulation Handshake

AT)

Page 62

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command Description

On Return Online to Data Mode

P Pulse Dialing

Qn Result Codes Enable/Disable

Sr=n Set Register Value

Sr? Read Register Value

T Tone Dialing

Vn Result Code Format

Wn Result Code Options

Xn Result Code Selection Zn Modem Reset

&Cn Data Carrier Detect (DCD) Control &Dn Data Terminal Ready (DTR) Control &En XON/XOFF Pass-Through

&Fn Load Factory Settings &Gn V.22bis Guard Tone Control &Kn Flow Control Selection

&Ln Leased Line Operation &Pn Pulse Dial Make-to-Break Ratio Selection &Qn Asynchronous Communications Mode &Sn Data Set Ready (DSR) Control

&Tn Loopback Test (V.54 Test) Commands

&V Display Current Settings

&Wn Store Current Configuration

&Zy=x Store Dialing Command

\An Select Maximum MNP Block Size

\Bn Transmit Break \Kn Break Control \Nn Error Correction Mode Selection

\Qn Flow Control Selection

\Tn Inactivity Timer \Vn Protocol Result Code

-Cn Data Calling Tone %A Adaptive Answer Result Code Enable %B View Numbers in Blacklist

%Cn Data Compression Control

%DCn AT Command Control

%En Fallback and Fall Forward Control %Hn Direct Connect Enable %Rn Cisco Configuration

%Sn Command Speed Response

$EBn Asynchronous Word Length

$Dn DTR Dialing $MBn Online BPS Speed $SBn Serial Port Baud Rate

#CBAn Callback Attempts

#CBDn Callback Delay # CBF? Callback Failed Attempts Display # CBFR Callback Failed Attempts Reset

Page 63

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command Description

# CBIn Local Callback Inactivity Timer

# CBNy=n Store Callback Password

# CBPn Callback Parity # CBRy Callback Security Reset # CBSn Callback Enable/Disable

#Pn Set 11-bit Parity #Sx Enter Setup Password

#S=x Store Setup Password

+VDR=x, y Distinctive Ring Report

+++AT<CR> Escape Sequence

%%%ATMTSMODEM<CR> Remote Configuration Escape Sequence

V.92 Commands

AT Commands

Command: AT Attention Code Values: n/a

Description: The attention code precedes all command lines except A/, A: and escape sequences.

Command: ENTER Key Values: n/a

Description: Press the E

NTER (RETURN)

key to execute most commands.

Command: A Answer Values: n/a Description: Answer call before final ring.

Command: A/ Repeat Last Command Values: n/a

Description: Repeat the last command string. Do not precede this command with AT. Do not press E

Command: Bn Communication Standard Setting Values:

Default: 0 and 15 Description: B0 Select ITU-T V.22 mode when modem is at 1200 bps.

Command: Ds Dial Values: Default: none

Description: Dial telephone number

= 0–3, 15, 16

B1 Select Bell 212A when modem is at 1200 bps. B2 Deselect V.23 reverse channel (same as B3). B3 Deselect V.23 reverse channel (same as B2). B15 Select V.21 when the modem is at 300 bps. B16 Select Bell 103J when the modem is at 300 bps.

= dial string (phone number and dial modifiers)

where s may up to 40 characters long and include the 0–9, *, #, , B, C, and D

characters, and the L, P, T, V, W, S, comma (,), semicolon (;), !, @, ^ and $ dial string modifiers. Dial

string modifiers:

L Redial last number. (Must be placed immediately after ATD.) P Pulse-dial following numbers in command. T Tone-dial following numbers in command (default).

 Switch to speakerphone mode and dial the following number. Use ATH command to hang up. W Wait for a new dial tone before continuing to dial. (X2, X4, X5, X6, or X7 must be selected.)

, Pause during dialing for time set in register S8.

NTER

to execute.

Page 64

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

; Return to command mode after dialing. (Place at end of dial string.) ! Hook flash. Causes the modem to go on-hook for one-half second, then off-hook again. @ Wait for quiet answer. Causes modem to wait for a ringback, then 5 seconds of silence, before processing next

part of command. If silence is not detected, the modem returns a NO ANSWER code.

^ Disable data calling tone transmission. $ Detect AT&T call card “bong” tone. The character should follow the phone number and precede the

user’s call card number: ATDT1028806127853500$123456789

Command: DS=y Dial Stored Telephone Number Values:

= 0–2 (0–1 for SMI-Parallel {internal}) Default: none Description: Dial a number previously stored in directory number y by the &Zy=x command. Example: ATDS=2

Command: En Echo Command Mode Characters Values:

= 0 or 1 Default: 1 Description: E0 Do not echo keyboard input to the terminal. E1 Do echo keyboard input to the terminal.

Command: Fn Echo Online Data Characters Values:

n =

1 Default: 1 F0 Enable online data character echo. (Not supported.)

F1 Disable online data character echo (included for backward compatibility with some software).

Command: Hn Hook Control Values:

= 0 or 1 Default: 0 Description: H0 Go on-hook (hang up). H1 Go off-hook (make the phone line busy).

Command: In Information Request Values:

= 0–5, 9, 11 Default: None Description: I0 Display default speed and controller firmware version.

I1 Calculate and display ROM checksum (e.g., I2 Check ROM and verify the checksum, displaying

12AB).

ERROR.

I3 Display default speed and controller firmware version. I4 Display firmware version for data pump (e.g., 94). I5 Display the board ID: software version, hardware version, and country ID I9 Display the country code (e.g.,

NA Ver. 1).

I11 Display diagnostic information for the last modem connection, such as DSP and firmware

version, link type, line speed, serial speed, type of error correction/data compression, number of past retrains, etc.

Command: Mn Monitor Speaker Mode Values:

= 0, 1, 2, or 3 Default: 1 Description: M0 Speaker always off. M1 Speaker on until carrier signal detected. M2 Speaker always on when modem is off-hook. M3 Speaker on until carrier is detected, except while dialing.

Command: Nn Modulation Handshake Values:

= 0 or 1

Page 65

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Default: 1 Description: N0 Modem performs handshake only at communication standard specified by S37 and the B

command.

N1 Modem begins handshake at communication standard specified by S37 and the B command. During handshake, fallback to a lower speed can occur.

Command: On Return Online to Data Mode Values:

0, 1, 3

Default:

None

Description: O0 Exit online command mode and return to data mode (see O1 Issue a retrain and return to online data mode. O3 Issue a rate renegotiation and return to data mode.

Command: P Pulse Dialing Values:

P, T

Default: T Description: Configures the modem for pulse (non-touch-tone) dialing. Dialed digits are pulsed until a T

command or dial modifier is received.

Command: Qn Result Codes Enable/Disable Values: Default: 0 Description: Q0 Enable result codes. Q1 Disable result codes.

Q2 Returns an

= 0 or 1

for backward compatibility with some software.

+++AT<CR>

escape sequence).

Command: Sr=n Set Register Value Values: Default:

None

Description: Set value of register Sr to value of

Command: Sr? Read Register Value Values: r = S-register number Default: None

Description: Read value of register Sr and display it in 3-digit decimal form (e.g., S2? gives the response 043).

Command: T Tone Dialing Values: P, T

Default: T Description: Configures the modem for DTMF (touch-tone) dialing. Dialed digits are tone dialed until a P command or

Command: Vn Result Code Format Values: n = 0 or 1 Default: 1 Description: V0 Displays result codes as digits (terse response).

Command: Wn Result Code Options Values: n = 0, 1, or 2

Default: 2 Description: W0 CONNECT result code reports serial port speed, disables protocol result codes.

W1 CONNECT result code reports serial port speed, enables protocol result codes. W2 CONNECT result code reports line speed, enables protocol result codes.

= S-register number; n varies

where n is entered in decimal format (e.g., S0=1).

dial modifier is received.

V1 Displays result codes as words (verbose response).

Command: Xn Result Code Selection Values: n = 0–7

Page 66

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Default: 4 Description: X0 Basic result codes (CONNECT); does not look for dial tone or busy signal.

X1 Extended result codes (CONNECT 46000 V42bis); does not look for dial tone or busy signal. X2 Extended result codes with NO DIALTONE; does not look for busy signal. X3 Extended result codes with BUSY; does not look for dial tone. X4 Extended result codes with NO DIALTONE and BUSY. X5 Extended result codes with NO DIALTONE and BUSY. X6 Extended result codes with NO DIALTONE and BUSY. X7 Basic result codes with NO DIAL TONE and BUSY.

Command: Zn Modem Reset Values: n = 0 or 1

Default: None Description: Z0 Reset modem to profile saved by the last &W command. Z1 Same as Z0.

Command: &Cn Data Carrier Detect (DCD) Control Values: n = 0, 1, 2

Default: 1 Description: &C0 Forces the DCD circuit to be always ON.

&C1 DCD goes ON when the remote modem’s carrier signal is detected, and goes OFF when the carrier signal is not detected. &C2 DCD turns OFF upon disconnect for time set by S18. It then goes high again (for some PBX phone systems).

Command: &Dn Data Terminal Ready (DTR) Control Values:

Default: 2 Description: &D0 Modem ignores true status of DTR signal and responds as if it is always on.

&D1 If DTR drops while in online data mode, the modem enters command mode, issues an

&D2 If DTR drops while in online data mode, the modem hangs up. If the signal is not

&D3 If DTR drops, modem hangs up and resets as if ATZ command were issued.

= 0, 1, 2, or 3

OK,

and remains connected.

present, the modem will not answer or dial.

Command: &En XON/XOFF Pacing Control Values:

Default: 12 Description: &E12 Disables XON/XOFF pacing. &E13 Enables XON/XOFF pacing.

Command: &Fn Load Factory Settings Values:

Default: None Description: &F0 Load factory settings as active configuration. Note: See also the Z command.

Command: &Gn V.22bis Guard Tone Control Values: Default: 0 Description: &G0 Disable guard tone. &G1 Set guard tone to 550 Hz. &G2 Set guard tone to 1800 Hz.

Note: The &G command is not used in North America.

Command: &Kn Flow Control Selection

= 12 or 13

= 0

= 0, 1, or 2

Page 67

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Values:

= 0, 3, or 4 Defaults: 3 Description: &K0 Disable flow control. &K3 Enable CTS/RTS hardware flow control. &K4 Enable XON/XOFF software flow control.

Command: &Ln Leased Line Operation Values:

= 0, 1, or 2 Defaults: 0 Description: &L0 The modem is set for standard dial-up operation. &L1 The modem is set for leased line operation in originate mode. &L2 The modem is set for leased line operation in answer mode. Note: For &L1 and &L2, there is a 30-second window between power up and the starting of the leased line handshake. During this time, you can turn off the command, if desired.

Command: &Pn Pulse Dial Make-to-Break Ratio Selection Values:

= 0, 1, or 2 Default: 0 Description: &P0 60/40 make-to-break ratio &P1 67/33 make-to-break ratio

&P2 20 pulses per second Note: The &P2 command is available only if the country code is set to Japan.

Command: &Qn Asynchronous Communications Mode Values:

= 0, 5, 6, 8, or 9 Default: 5 Description: &Q0 Asynchronous with data buffering. Same as \N0.

&Q5 Error control with data buffering. Same as \N3. &Q6 Asynchronous with data buffering. Same as \N0. &Q8 MNP error control mode. If MNP error control is not established, the modem falls back

according to the setting in S36.

&Q9 V.42 or MNP error control mode. If neither error control is established, the modem falls

back according to the setting in S36.

Command: &Sn Data Set Ready (DSR) Control Values:

= 0 or 1 Default: 0 Description: &S0 DSR is always ON.

&S1 DSR goes ON only during a connection.

Command: &Tn Loopback Test (V.54 Test) Commands Values:

= 0, 1, 3, 6 Default: None Description: The modem can perform selected test and diagnostic functions. A test can be run only when the

modem is operating in non-error-correction mode (normal or direct mode). For tests 3 and 6, a connection between the two modems must be established. To terminate a test in progress, the escape sequence (+++AT) must be entered.

&T0 Stops any test in progress.

&T1 Starts a local analog loopback, V.54 Loop 3, test. If a connection exists when this command is issued, the modem hangs up. When the test starts, a

CONNECT

message is displayed. &T3 Starts local digital loopback, V.54 Loop 2, test. If no connection exists,

ERROR

is returned.

&T6 Initiates a remote digital loopback, V.54 Loop 2, test without self-test. If no connection exists,

ERROR

is returned.

Page 68

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command: &V Display Current Settings Values: n/a

Description: Displays the active modem settings.

Command: &Wn Store Current Configuration Values: Default: 1 Description: &W0 Stores current modem settings in non-volatile memory and causes them to be loaded at

Command: &Zy=x Store Dialing Command Values: x = Dialing command Default: None

Description: Stores dialing command x in memory location

Command: \An Select Maximum MNP Block Size Values: n = 0, 1, 2, or 3 Default: 3 Description: \A0 64-character maximum \A1 128-character maximum

\A2 192-character maximum \A3 256-character maximum

Command: \Bn Transmit Break

Values: n = 0–9 in 100 ms units Default: 3

Description: In non-error-correction mode only, sends a break signal of the specified length to a remote modem.

= 0 or 1

power-on or following the ATZ command instead of the factory defaults. See &F command. &W1 Clears user default settings from non-volatile memory and causes the factory defaults to be loaded at power-on or following the ATZ command.

= 0–2 (0–1SMI-Parallel {internal})

Dial the stored number using the command

ATDS=y. See Also the #CBS command, a callback security command.

Works in conjunction with the \K command.

Command: \Kn Break Control Values: n = 0–5 Default: 5 Description: Controls the modem's response to a break received from: computer, remote modem, or \B

command. Response is different for each of three different states.

Data mode. Modem receives the break from the computer:

\K0 Enter online command mode, no break sent to the remote modem. \K1 Clear data buffers and send break to the remote modem.

\K2 Same as \K0. \K3 Send break immediately to the remote modem. \K4 Same as \K0. \K5 Send break to the remote modem in sequence with the transmitted data.

Data mode. Modem receives the break from the remote modem:

\K0 Clear data buffers and send break to the computer. \K1 Same as \K0.

\K2 Send break immediately to the computer. \K3 Same as \K2. \K4 Send break to the computer in sequence with the received data.

\K5 Same as \K4.

Online command mode. Modem receives a \Bn command from the computer:

\K0 Clear data buffers and send break to the remote modem. \K1 Same as \K0. \K2 Send break immediately to the remote modem. \K3 Same as \K2.

\K5Same as \K4. \K4 Send break to the remote modem in sequence with the transmitted data.

Page 69

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command: \Nn Error Correction Mode Selection Values: n = 0–5, or 7 Default: 3 Description: \N0 Non-error correction mode with data buffering (buffer mode; same as &Q6). \N1 Direct mode. \N2 MNP reliable mode. If the modem cannot make an MNP connection, it disconnects.

\N3 V.42/MNP auto-reliable mode. The modem attempts first to connect in V.42 error correction mode, then in MNP mode, and finally in non-error correction (buffer) mode with continued operation.

\N4 V.42 reliable mode. If the modem cannot make a V.42 connection, it disconnects. \N5 V.42, MNP, or non-error correction (same as \ N3). \N7 V.42, MNP, or non-error correction

(same as \ N3).

Command: \Qn Flow Control Selection Values: n = 0, 1, or 3 Default: 3 Description: \Q0 Disable flow control (same as &K0). \Q1 XON/XOFF software flow control (same as &K4). \Q2 CTS-only flow control. Not supported. \Q3 RTS/CTS hardware flow control (same as &K3).

Command: \Tn Inactivity Timer Values: n = 0, 1–255

Default: 0 Description: Sets the time (in minutes) after the last character is sent or received that the modem waits before

disconnecting. A value of zero disables the timer. Applies only in buffer mode.

Note: You can also set the inactivity timer by changing the value of S30.

Command: \Vn Protocol Result Code Values: n = 0, 1, or 2 Default: 1 Description: \V0 Disables the appending of the protocol result code to the DCE speed. \V1 Enables the appending of the protocol result code to the DCE speed. \V2 Same as \V1.

Command: \Xn XON/XOFF Pass-Through Values: Default: 0

Description: \X0 Modem responds to and discards XON/XOFF characters. \X1 Modem responds to and

Command: -Cn Data Calling Tone Values:

Defaults: 1 Description: -C0 Disable V.25 data calling tone to deny remote data/fax/voice discrimination.

Command: %A Adaptive Answer Result Code Enable Values: Default: 0

Description: The %A command controls whether the DATA or FAX result codes will be sent by the modem.

%A1 Enables adaptive answer result codes.

= 0 or 1

passes XON/XOFF characters. Note: This is also controlled via &E6 and &E7.

= 0 or 1

-C1 Enable V.25 data calling tone to allow remote data/fax/voice discrimination.

= 0 or 1

The modem must be in fax mode for this command to work. Also, the modem must be set to +FAA=1, which enables the modem to distinguish between a fax and a data call. When these commands are enabled, the modem sends DATA to the computer when it detects data tones and FAX when it detects fax tones. These strings are used by some servers to select the appropriate communication program. %A0 Disables adaptive answer result codes.

Page 70

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command: %B View Numbers in Blacklist Values: n/a Description: If blacklisting is in effect, AT%B displays the numbers for which the last call attempted in the

previous two hours failed. In countries that do not require blacklisting, the

ERROR

result code

appears.

Command: %Cn Data Compression Control Values:

= 0 or 1

Default: 1 Description: %C0 Disable V.42bis/MNP 5 data

compression. %C1 Enable V.42bis/MNP 5 data compression.

Command: %DCn AT Command Control Values:

= 0 or 1 Default: 0 Description: %DC0 The modem responds to AT commands. %DC1 The modem ignores AT commands. Note: The modem will respond to AT%DC for 10 seconds after power-up.

Command: %En Fallback and Fall Forward Control Values:

= 0, 1, or 2 Default: 2 Description: %E0 Disable fallback and fall forward. %E1 Enable fallback, disable fall forward. %E2 Enable fallback and fall forward.

Command: %Hn Direct Connect Enable Values:

= 0, 1 Default: 0 Description: %H0 Sets callback security to normal operation. %H1 All callback security calls will be direct connect regardless of whether the password or

phone number has the - character.

Command: %Rn Cisco Configuration Values:

= 0, 1 Default: 0 Description: %R0 Disables Cisco configuration. %R1 Sets E0, Q1, &D0, \N0, $SB9600, and %S1 for operation with a Cisco router.

Command: %Sn Command Speed Response Values:

= 0, 1 Default: 0 Description: %S0 Sets modem to respond to AT commands at all normal speeds.

%S1 AT commands accepted at 115200 bps only. Commands at other speeds are ignored.

Command: $Dn DTR Dialing Values:

= 0 or 1 Default: 0 Description: $D0 Disables DTR dialing. $D1 Dials the number in memory location 0 when DTR goes high.

Command: $EBn Asynchronous Word Length Values:

= 0 or 1 Default: 0 Description: $EB0 Enables 10-bit mode.

$EB1 Enables 11-bit mode.

Page 71

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command: $MBn Online BPS Speed Values: Default: 28,800

Description: $MB75 Selects CCITT V.23 mode $MB300 Selects 300 bps on-line $MB1200 Selects 1200 bps on-line

Command: $RPn Ring Priority vs. AT Command Priority Values: Default: 1

$RP1 The ring will have priority over the AT command. S1 will increment even if an AT command and

Command: $SBn Serial Port Baud Rate Values: Default: 115200

Description: $SB300 Sets serial port to 300 bps

= speed in bits per second

$MB2400 Selects 2400 bps on-line $MB4800 Selects 4800 bps on-line $MB9600 Selects 9600 bps on-line $MB14400 Selects 14400 bps on-line $MB19200 Selects 19200 bps on-line $MB28800 Selects 28800 bps on-line $MB33600 Selects 33600 bps on-line

= 0 or 1

Description: $RP0 The AT command will have priority over the ring. S1 will be reset to 0 if an AT command is received. This command is storable to memory.

ring are received together and the incoming call will be answered when S1 is equal to S0. Note: SocketModems do not detect ring cadence of TelTone telephone line simulators as a valid ring.

speed in bits per second

$SB1 200 Sets serial port to 1200 bps $SB2400 Sets serial port to 2400 bps $SB4800 Sets serial port to 4800 bps $SB9600 Sets serial port to 9600 bps $SB1 9200 Sets serial port to 19200 bps $SB38400 Sets serial port to 38400 bps $SB57600 Sets serial port to 57600 bps $SB1 15200 Sets serial port to 115200 bps $SB230400 Sets serial port to 230400 bps

Command: +VDR=x, y Distinctive Ring Report Values: x = 0, 1 Distinctive Ring report control. See description. y = 0–255 Minimum ring interval in 100 ms units. See description. Default: 0, 0

Description: Enables reporting of ring cadence information to the DTE and specifies the minimum ring

cadence that will be reported. The report format is one line per silence period and one line per ring period. The length of the silence period is in the form DROF=number in units of 100 ms<CR><LF>, and the length of the ring is in the form DRON=number in units of 100 ms<CR> <LF>. The modem may produce a Ring event code after the DRON message if enabled by the y parameter. The y parameter must be set to a value equal to or smaller than the expected ring cadence in order to pass the report to the DTE. +VDR=0, n/a Disables Distinctive Ring cadence reporting. +VDR=1, 0 Enables Distinctive Ring cadence reporting. Other call progress result codes

+VDR=1, >0 Enables Distinctive Ring cadence reporting. The RING result code is reported

+VDR=? Displays the allowed values. +VDR? Displays the current value.

(including RING) are reported as normal.

after the falling edge of the ring pulse (i.e., after the DRON report).

Page 72

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command: #CBAn Callback Attempts Values: n = 1–255

Default: 4 Description: Sets the number of callback attempts that are allowed after passwords have been

exchanged between modems.

Command: #CBDn Callback Delay Values: n = 0–255 Default: 15

Description: Sets the length of time (in seconds) that the modem waits before calling back the remote modem.

Command: #CBF? Callback Failed Attempts Display Values: n/a

Default: n/a Description: Requests the number of failed callback passwords since reset or power-up. This number can be

stored to nonvolatile memory using the &W command.

Command: #CBFR Callback Failed Attempts Reset Values: n/a

Default: n/a Description: Resets the number of failed callback passwords to 0. This does not reset the number stored

in nonvola-tile memory.

Command: #CBIn Local Callback Inactivity Timer Values: n = 1–255

Default: 20 Description: Sets the time (in minutes) that the modem waits for a command before forcing the user to enter

the setup password again.

Command: #CBNy=x Store Callback Password Values: y = 0–29 x = password

Defaults: None Description: Sets the callback security password for the y memory location. The password must have 6

to 10 charac-ters, and cannot include the + or - characters.

Command: #CBPn Callback Parity Values: n = 0, 1, or 2

Default: 0 Description: Sets parity for the callback security messages. #CBP0 No parity. #CBP1 Odd parity. #CBP2 Even parity.

Command: #CBRy Callback Security Reset Values: y = 0–29

Default: None Description: Clears the password and phone number in the y memory location.

Command: #CBSn Callback Enable/Disable Values: n = 0, 1, 2, or 3 Default: 0 Description: #CBS0 Disables callback security. #CBS1 Enables local and remote callback security. #CBS2 Enables remote callback security only. #CBS3 Disables callback security until local hangup or reset.

Page 73

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command: #Pn Set 11-bit Parity Values: n = 0 or 1

Default: 2 Description: #P0 No parity. #P1 Odd parity. #P2 Even parity.

Command: #Sx Enter Setup Password Values: Default: MTSMODEM Description: Enters the remote configuration setup password.

Command: #S=x Store Setup Password Values: Default: MTSMODEM Description: Stores a new remote configuration setup password.

= password (1–8 characters, case sensitive)

Escape AT Commands

Command: +++AT<CR> Escape Sequence Values: n/a Description: Puts the modem in command mode (and optionally issues a command) while remaining online.

Type +++AT and up to six optional command characters; then press ENTER. Used mostly to issue the hang-up command: +++ATH<CR>.

Command: %%%ATMTSMODEM<CR> Remote Configuration Escape Sequence Values: n/a

Description: Initiates remote configuration mode while online with remote modem. The remote configuration escape character (%) is defined in register S13.

V.92 Commands

Command: +MS= Modulation Selection Values: See description. Defaults: See description. Description: This extended-format command selects modulation, enables or disables automode, and

specifies the highest downstream and upstream connection rates using one to four subparameters. The command syntax is

+MS=[mod][,[automode][,[0][,[max_rate][,[0][,[max_rx_rate]]]]]]<CR>

Subparameters that are not entered retain their current value. Commas separate optional subparameters, and must be inserted to skip a subparameter. Example: +MS=,0<CR> disables

+MS=? Reports supported options in the format (list of supported mod values),(list of supported

+MS? Reports current options in the format mod, automode, 0, max_rate, 0, max_rx_rate.

Subparameters

mod

automode and keeps all other settings at their current values.

automode values),(0),(list of supported max_rate values),(0),(list of supported max_rx_rate values). Example: +MS: (BELL103, V21, BELL212A, V22, V22B, V23C, V32, V32B, V34, V90, V92), (0, 1), (0), (0-33600), (0), (0- 56000)

Example: +MS: V92,1, 0, 31200, 0, 56000.

Specifies the preferred modulation (automode enabled) or the modulation to use in originating or answering a connection (automode disabled). The default is V92.

Page 74

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

V.32bis, etc.

Valid

9600,

mod

V922 V92

V903 V.90

V34 V.34 33600, 31200, 28800, 26400,

Modulation Possible rates (bps)1

50666, 49333, 48000, 46666, 45333, 44000,

24000, 21600,19200,16800, 14400, 12000,

V32B V.32bis 14400, 12000, 9600, 7200, or 4800

V32 V.32 9600 or 4800

V22B V.22bis 2400 or 1200

V22 V.22 1200

V23C V.23 1200

V21 V.21 300

Bell212A Bell 212A 1200

Bell103 Bell 103 300

Notes:

See optional <automode>, <max_rate>, and

<max_RX_rate> subparameters.

Selects V.92 modulation as first priority. If a V.92 connection

cannot be established, the modem attempts V.90, V.34,

automode

Annex A. Automode is disabled if values are specified for the max_rate and max_rx_rate parameters. The options are:

0 Disable automode 1 Enable automode (default)

max_rate

connection. The value is decimal coded in units of bps, for example, 33600 specifies the highest rate to be 33600 bps.

0 Maximum rate determined by the modulation selected in mod (default).

An optional numeric value that enables or disables automatic modulation negotiation using V.8 bis/V.8 or V.32 bis

An optional number that specifies the highest rate at which the modem may establish an upstream (transmit)

300–33600

Maximum rate value limited by the modulation selected in mod. For valid max_rate values for each mod value, see the following table.

mod value

V92, V90, V34 V32B V32 V22B V22, V23C, Bell212A

max_rx_rate:

V21, Bell103

An optional number that specifies the highest rate at which the modem may establish a downstream

(receive) connection. The value is decimal coded in units of bps, e.g., 28800 specifies the highest rate to be 28800 bps.

0 Maximum rate determined by the modulation selected in

300–56000 Maximum rate value limited by the modulation selected in

Command: +PCW=n Call Waiting Enable Values: n = 0, 1, or 2

Default: 2

max_rate values (bps)

31200, 28800, 26400, 24000, 21600,19200, 16800, 14400,

19200, 16800, 14400, 12000, 9600, 7200, 4800

14400, 12000, 9600, 7200, 4800

2400

1200

300

7200,

mod

(default).

mod.

See “Possible rates” in the

mod

table.

Page 75

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Description: Controls the action to be taken upon detection of a call waiting tone in V.92 mode. Values specified by

this command are not modified when an AT&F command is issued. +PCW=0 Toggles V.24 Circuit 125 and collects Caller ID if enabled by +VCID +PCW=1 Hangs up +PCW=2 Ignores V.92 call waiting +PCW=? Displays the allowed values +PCW? Displays the current value

Command: +PIG=n PCM Upstream Ignore Values: n = 0 or 1 Default: 1

Description: Controls the use of PCM upstream during V.92 operation. PCM upstream allows faster upload speeds to

a V.92 server. +PIG=0 Disables PCM upstream +PIG=1 Enables PCM upstream +PIG=? Displays the allowed values +PIG? Displays the current value

Command: +PMH=n Modem on Hold Enable Values: n = 0 or 1 Default: 1 Description: Controls if modem on hold procedures are enabled during V.92 operation. Normally controlled by a

modem on hold program. Values specified by this command are not modified when an AT&F command

is issued. +PMH=0 Enables V.92 modem on hold +PMH=1 Disables V.92 modem on hold +PMH=? Displays the allowed values +PMH? Displays the current value

Command: +PMHF V.92 Modem Hook Flash Values: n/a

Default: n/a

Description: Causes the DCE to go on-hook for a specified period of time, and then return off-hook

for at least a specified period of time. The specified period of time is normally one-half second, but

may be governed by national regulations. “ERROR” is returned if MOH is not enabled.

Command: +PMHR=n Modem on Hold Initiate Values: n = 0–13 Default: 0

Description: +PMHR is an action command that causes the modem to initiate MOH with the central site

modem. It returns the following values to indicate what has been negotiated. Valid only if MOH is

enabled and the modem is off-hook or in data mode. Otherwise, ERROR will be returned. +PMHR=0 Deny MOH request +PMHR=1 Grant MOH request with 10 second timeout

+PMHR=2 Grant MOH request with 20 second timeout +PMHR=3 Grant MOH request with 30 second timeout +PMHR=4 Grant MOH request with 40 second timeout +PMHR=5 Grant MOH request with 1 minute timeout +PMHR=6 Grant MOH request with 2 minute timeout +PMHR=7 Grant MOH request with 3 minute timeout +PMHR=8 Grant MOH request with 4 minute timeout +PMHR=9 Grant MOH request with 6 minute timeout +PMHR=10 Grant MOH request with 8 minute timeout +PMHR=1 1 Grant MOH request with 12 minute timeout +PMHR=12 Grant MOH request with 16 minute timeout +PMHR=13 Grant MOH request with indefinite timeout +PMHR=? Displays the allowed values +PMHR? Displays the current value

Page 76

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Command: +PMHT=n Modem on Hold Timer Values: Default: 0 Description: Determines if the modem will accept a V.92 Modem on Hold (MOH) request and will set the MoH timeout.

Command: +PQC=n Quick Connect Control Values: n = 0, 1, 2, or 3 Default: 3 Description: Controls V.92 shortened Phase 1 and Phase 2 startup procedures (Quick Connect). When line conditions are

stable, quick connect results in shortened connect times; however, significant fluctuation in line conditions from call to call can cause longer connect times; thus, it may be advisable to disable quick connect.

= 0–13

+PMHT=0 Deny MOH request +PMHT=1 Grant MOH request with 10 second timeout +PMHT=2 Grant MOH request with 20 second timeout +PMHT=3 Grant MOH request with 30 second timeout +PMHT=4 Grant MOH request with 40 second timeout +PMHT=5 Grant MOH request with 1 minute timeout +PMHT=6 Grant MOH request with 2 minute timeout +PMHT=7 Grant MOH request with 3 minute timeout +PMHT=8 Grant MOH request with 4 minute timeout +PMHT=9 Grant MOH request with 6 minute timeout +PMHT=10 Grant MOH request with 8 minute timeout +PMHT=11 Grant MOH request with 12 minute timeout +PMHT=12 Grant MOH request with 16 minute timeout +PMHT=13 Grant MOH request with indefinite timeout +PMHT=? Displays the allowed values +PMHT? Displays the current value

+PQC=0 Enables Short Phase 1 and Short Phase 2 (Quick Connect) +PQC=1 Enables Short Phase 1 +PQC=2 Enables Short Phase 2 +PQC=3 Disables Short Phase 1 and Short Phase 2 +PQC=? Displays the allowed values +PQC? Displays the current value

Command: +VCID=n Caller ID Selection Values: n = 0, 1, or 2 Default: 0 Description: Enables Caller ID detection and configures the reporting and presentation of the Caller ID data that is

detected after the first ring. The reported data includes the date and time of the call, the caller's name and number, and a message. Set S0=2.

+VCID=0 Disables Caller ID +VCID=1 Enables Caller ID with formatted data

+VCID=2 Enables Caller ID with unformatted data +VCID=? Displays the allowed values +VCID? Displays the current value

Command: +VDR=x, y Distinctive Ring Report Values: x = 0, 1 Distinctive Ring report control. See description.

y = 0–255 Minimum ring interval in 100 ms units. See description. Default: 0, 0 Description: Enables reporting of ring cadence information to the DTE and specifies the minimum ring cadence that

will be reported. Report format is one line per silence period and one line per ring period. The length of the silence period is in the form DROF=number in units of 100 ms<CR><LF>, and the length of the ring is in the form DRON=number in units of 100 ms<CR> <LF>. The modem may produce a Ring event code after the DRON message if enabled by the y parameter. The y parameter must be set to a value equal to or smaller than the expected ring cadence in order to pass the report to the DTE.

Page 77

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

+VDR=0, n/a Disables Distinctive Ring cadence reporting. +VDR=1, 0 Enables Distinctive Ring cadence reporting. Other call progress result codes

(including RING) are reported as normal.

+VDR=1, >0 Enables Distinctive Ring cadence reporting. RING result code is reported after falling

edge of the ring pulse (after the DRON report). +VDR=? Displays the allowed values. +VDR? Displays the current value.

Command: #CBAn Callback Attempts Values: n = 1–255

Default: 4 Description: Sets the number of callback attempts that are allowed after passwords have been exchanged between

modems.

Command: #CBDn Callback Delay Values: n = 0–255

Default: 15 Description: Sets the length of time (in seconds) that the modem waits before calling back the remote modem.

Command: #CBF? Callback Failed Attempts Display Values: n/a

Default: n/a Description: Requests the number of failed callback passwords since reset or power-up. This number can be

stored to nonvolatile memory using the &W command.

Command: #CBFR Callback Failed Attempts Reset Values: n/a

Default: n/a Description: Resets the number of failed callback passwords to 0. This does not reset the number stored in

nonvolatile memory.

Command: #CBIn Local Callback Inactivity Timer Values: n = 1–255

Default: 20 Description: Sets the time (in minutes) that the modem waits for a command before forcing the user to enter the

setup password again.

Command: #CBNy=x Store Callback Password Values: y = 0–29

x = password Defaults: None Description: Sets the callback security password for the y memory location. The password must have 6 to 10

characters, and cannot include the + or - characters.

Command: #CBPn Callback Parity Values: n = 0, 1, or 2

Default: 0 Description: Sets parity for the callback security messages.

#CBP0 No parity. #CBP1 Odd parity. #CBP2 Even parity.

Command: #CBRy Callback Security Reset Values: y = 0–29

Default: None Description: Clears the password and phone number in the y memory location.

Command: #CBSn Callback Enable/Disable Values: n = 0, 1, 2, or 3

Default: 0 Description: #CBS0 Disables callback security.

Page 78

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

#CBS1 Enables local and remote callback security. #CBS2 Enables remote callback security only. #CBS3 Disables callback security until local hangup or reset.

Command: #Pn Set 11-bit Parity Values: n = 0 or 1 Default: 2

Description: #P0 No parity.

#P1 Odd parity. #P2 Even parity.

Command: #Sx Enter Setup Password Values: x= password (1–8 characters, case sensitive)

Default: MTSMODEM Description: Enters the callback security setup password.

Command: #S=x Store Setup Password Values: x= password (1–8 characters, case sensitive)

Default: MTSMODEM Description: Stores a new callback security and remote configuration setup password.

S-Registers

Certain modem values, or parameters, are stored in memory locations called S-Registers. Use the S command to read or to alter the contents of S-Registers (see previous section).

S0 S1

128–255 Values greater than 127 disable escape.

S3 S4 S5

33–1 27 Values greater than 32 disable backspace.

S10 S11 S28

S30

S35

S36

S37

1 ring 0, 1–255 1 1 ring 0–255 0 Counts the rings that have occurred.

decimal 0–127 43 (+) Sets ASCII code for the escape sequence character.

decimal 0–127 13 (^M) Sets the ASCII code for the carriage return character. decimal 0–127 10 (^J) Sets the ASCII code for the line feed character. decimal 0–32 8 (^H) Sets the ASCII code for the backspace character.

seconds 2–65* 2*

seconds 35-65* 50*

seconds 0–65 2

decimal 0, 1–127 37 (%)

100 ms 1–254 20 Sets how long a carrier signal must be lost before the modem disconnects.

1 ms 50–1 50* 95* Sets spacing and duration of dialing tones.

decimal 0, 1–255 1 0 disables, 1–255 enables V.34 modulation.

1 minute 0, 1–255 0

decimal 0–1 1

decimal 0–7 7

decimal 0–19 0

Sets the number of rings until the modem answers. ATS0=0 disables auto answer completely.

Sets the time the modem waits after it goes off-hook before it begins to dial the telephone number.

Sets the time the modem waits for a carrier signal before aborting a call. Also sets the wait for silence time for the @ dial modifier.

Sets the length of a pause caused by a comma character in a dialing command.

Sets ASCII code for remote configuration escape character. S9=0 disables remote configuration.

Sets the length of time that the modem waits before disconnecting when no data is sent or received. A value of zero disables the timer. See also the \T command

0 disables, 1 enables the V.25 calling tone, which allows remote data/fax/voice discrimination.

Specifies the action to take in the event of a negotiation failure when error control is selected. (See S48.)

Sets the maximum V.34 “upstream” speed at which the modem attempts to connect.

Page 79

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

0 = maximum speed

1 = reserved

2 = 1200/75 bps

3 = 300 bps

4 = reserved

5 = 1200 bps

6 = 2400 bps

7 = 4800 bps

8 = 7200 bps

9 = 9600 bps

10 = 12000 bps

11 = 14400 bps

12 = 16800 bps

13 = 19200 bps

14 = 21600 bps

15 = 24000 bps

16 = 26400 bps

17 = 28800 bps

18 = 31200 bps

19 = 33600 bps

S38 decimal 0–23 1 Sets “downstream” data rate where V.90 provides rates of 28,000 to 56,000 bps in increments of 1,333 bps.

0 = V.90 disabled 1 = V.90 auto rate 2 = 28,000 bps

3 = 29,333 bps

4 = 30,666 bps

5 = 32,000 bps

6 = 33,333 bps

7 = 34,666 bps

8 = 36,000 bps

9 = 37,333 bps

10 = 38,666 bps

11 = 40,000 bps

12 = 41,333 bps

13 = 42,666 bps

14 = 44,000 bps

15 = 45,333 bps

16 = 46,666 bps

17 = 48,000 bps

18 = 49,333 bps

19 = 50,666 bps

20 = 52,000 bps

21 = 53,333 bps

22 = 54,666 bps

23 = 56,000 bps

Upstream data rates: Upstream V.90 data rates are 4800 to 33,600 bps in 2400 bps increments. S43 decimal 0–1 1For testing and debugging only. Enables/disables V.32bis start-up auto mode operation.

0 = disable; 1 = enable. S48 decimal 7 or 128 7Enables (7) or disables (128) LAPM negotiation. The following table lists the S36 and S48

configuration settings for certain types of connections.

S48=7 S48=128

S36=0, 2 LAPM or hang up Do not use S36=1, 3 LAPM or async Async S36=4, 6 LAPM, MNP, or hang up MNP or hang up S36=5, 7 LAPM, MNP, or async MNP or async

S89 seconds 0, 5–255 10 Sets the length of time in the off-line command mode before the modem goes

into standby mode or “sleep mode”. A value of zero prevents standby mode; a value of 1–4 sets the value to 5. Standby mode (sleep mode or low power mode) is controlled by S89. It programs the number of seconds of inactivity before the modem will go to sleep. The default value is 0. A value of 0 disables standby mode. The

Page 80

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

modem will wake on an incoming ring or an AT command.

S108 decimal 0–3, 6, 7 6 Selects the 56K digital loss if using the modem through a PBX line. The default

value is -6 dB loss, the value used when calling from a typical POTS line long distance.

0 = -0 dB digital loss, no robbed-bit signaling 1 = -3 dB PBX digital loss 2 = -2 dB digital loss 3 = -3 dB digital loss 6 = -6 dB digital loss 7 = -0 dB digital loss with robbed-bit signaling

Result Codes

In command mode your modem can send responses called Result Codes to your computer. Result codes are used by communications programs and can also appear on your monitor.

Terse Verbose Description

0 OK 1 CONNECT 2 RING 3 NO CARRIER 4 ERROR 5 * CONNECT 1200 6 NO DIALTONE 7 BUSY 8 NO ANSWER 9 CONNECT 75 10* CONNECT 2400 11* CONNECT 4800 12* CONNECT 9600 13* CONNECT 14400 14* CONNECT 19200 18 CONNECT 57600 24* CONNECT 7200 25* CONNECT 12000 28 CONNECT 38400 40* CONNECT 300 55* CONNECT 21600 56* CONNECT 24000 57* CONNECT 26400 58* CONNECT 28800 59* CONNECT 31200 60* CONNECT 33600 70 CONNECT 32000 71 CONNECT 34000 72 CONNECT 36000 73 CONNECT 38000 74 CONNECT 40000 75 CONNECT 42000 76 CONNECT 44000

Command executed Modem connected to line Ring signal detected Carrier signal lost or not detected Invalid command Connected at 1200 bps No dial tone detected Busy signal detected No answer at remote end Connected at 75 bps Connected at 2400 bps Connected at 4800 bps Connected at 9600 bps Connected at 14400 bps Connected at 19200 bps Connected at 57600 bps Connected at 7200 bps Connected at 12000 bps Connected at 38400 bps Connected at 300 bps Connected at 21600 bps Connected at 24000 bps Connected at 26400 bps Connected at 28800 bps Connected at 31200 bps Connected at 33600 bps Connected at 32000 bps Connected at 34000 bps Connected at 36000 bps Connected at 38000 bps Connected at 40000 bps Connected at 42000 bps Connected at 44000 bps

78 CONNECT 48000 79 CONNECT 50000 80 CONNECT 52000 81 CONNECT 54000 82 CONNECT 56000 83 CONNECT 58000 84 CONNECT 60000 86 CONNECT 16800

Connected at 48000 bps Connected at 50000 bps Connected at 52000 bps Connected at 54000 bps Connected at 56000 bps Connected at 58000 bps Connected at 60000 bps Connected at 16800 bps

Page 81

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Terse Verbose Description

87 CONNECT 115200 88 DELAYED 89 BLACKLISTED 90 BLACKLIST FULL 91 CONNECT 230400 100 CONNECT 28000 101 102 CONNECT 30666 103 CONNECT 33333 104 CONNECT 34666 105 CONNECT 37333 106 CONNECT 38666 107 CONNECT 41333 108 CONNECT 42666 109 CONNECT 45333 110 CONNECT 46666 111 112 CONNECT 50666 113 CONNECT 53333 114 CONNECT 54666 115 CONNECT 25333

* EC is added to these result codes when the extended result codes configuration option is enabled. EC is replaced by one of the following codes, depending on the type of error control connection:

V42bis

– V.42 error control (LAP-M) and V.42bis data compression

V42

– V.42 error control (LAP-M) only

MNP5

– MNP 4 error control and MNP 5 data compression

MNP4

– MNP 4 error control only

NoEC

– No error control protocol).

116 CONNECT 26666

CONNECT 29333

CONNECT 49333

Connected at 115200 bps Delay is in effect for the dialed number Dialed number is blacklisted Blacklist is full Connected at 230400 bps Connected at 28000 bps Connected at 29333 bps Connected at 30666 bps Connected at 33333 bps Connected at 34666 bps Connected at 37333 bps Connected at 38666 bps Connected at 41333 bps Connected at 42666 bps Connected at 45333 bps Connected at 46666 bps Connected at 49333 bps Connected at 50666 bps Connected at 53333 bps Connected at 54666 bps Connected at 25333 bps

Connected at 26666 bps

Page 82

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Appendix D: DC Power

D.1: Assembly of the WAGO MCS DC Power Connector

What you will need: Small flat-blade screwdriver, Wire stripper, DC power connector kit

(provided with DC models), 48 VDC power cord (See Step 2, below and Appendix D.3)

WAGO MCS DC power connector:

1. Brown = -48VDC

2. Green/Yellow = Power Supply Ground

3. Blue = Common

1. Turn off the circuit breaker to the DC power supply.

2. Select a UL style 1028 or other UL 1581 (VW-1) compliant equivalent 16 AWG three-wire set

(-48V, Power Supply Ground and Common).

3. Strip 0.35 inches (9 mm) of installation from each wire.

4. Insert a small flat-blade screwdriver, one at a time, into each of the connector’s clamp slots

to depress the internal wire clamp.

5. Insert the appropriate wire into the connector. Remove the screwdriver. Check that the clamp has captured the wire. Repeat steps 4 and 5 for the other two wires.

6. Attach the provided strain relief to the connector. Be sure to use a tie-wrap to firmly attach the strain relief to the cable.

7. Attach the connector to the socket on the back of the Console Server. Repeat the above steps to attach each power module input.

Page 83

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

WAGO MCS DC power connector

-48VDC Power Supply (removed from back panel)

Input voltage: -48VDC

Minimum voltage: -40 VDC Maximum voltage: -60 VDC

Maximum operating current: 0.5A The DC power source must be:

• Electrically isolated from any AC source

• Reliably connected to earth ground

• Capable of providing up to 100 Watts of continuous power

D.2: Over-Current Protection

Over-current protection requirements:

• 10 Amp fast trip

• Double pole

• DC rated

Over-current protection devices (e.g., circuit breakers) must be provided as part of each equipment rack and are not included with the Console Server. The device must be located between the DC power source and the Console Server.

D.3: DC Supply Connector

The supply input connectors are provided with each Console Server; the conductors are not.

Conductor specifications:

• Material: copper only

• Wire gauge: 16 AWG

• Insulation rating: 75 °C minimum, low smoke-fume, flame retardant Branch

circuit cable.

• Insulation color: per applicable national electrical codes.

• Grounding cable insulation color: green/yellow

Page 84

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

The cable type should be one of the following:

• UL style 1028 or other UL 1581 (VW-1) compliant equivalent

• IEEE 383 compliant

• IEEE 1202-1 991 compliant

Appendix E: Assign an IP Address to a Device Port

Version 1.7-9 of the SCS software can assign an IP address to the SCS’s device ports. The user can use ssh to access a port directly without having to first login to the SCS. If DNS is used to give names to each address it becomes easier to associate device ports with the corresponding server.

To do this, modify the openSSH server code. The SCS ships with the original ssh code installed and running. Several steps are taken to use the modified ssh program and to assign addresses to the device ports. There is a README file called: /usr/local/doc/README.lsisshd that explains the steps to use the feature.

The steps are:

Run a makefile to replace the original ssh with our modified version

Edit the configuration file that defines the IP addressing

Run a makefile that creates the IP configuration

Appendix F: Adapter Pin-Outs

The following pages show the pin-out drawings for the adapters which are supplied in the accessory kit with each Console Server.

KIT-000001 contains:

ADP-000005, ADP-000006, ADP-000007, ADP-000008, ADP-000009, ADP-000010, ADP-000011, ADP-000012

Page 85

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

ADP-000005 RJ45 to 25-pin Male

ADP-000006 RJ45 to 25-pin Female

Wire key:

1-Blue

2-Orange

3-Black

4-Red

5-Green

6-Yellow

7-Brown

8-White

4/5

25-pin

RJ-45

Page 86

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

ADP-000007-R RJ45 to DB9 Male

ADP-000008-R RJ45 to DB9 Female

Wire key:

1-Blue

2-Orange

3-Black

4-Red

5-Green

6-Yellow

7-Brown

8-White

RJ-45

4/5

DB9

RJ- 45 Jack

Pin 1

ADP-

DB9 Male

000007

- R

Page 87

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

ADP-000009 RJ45 to 25-pin Male

ADP-000010 RJ45 to 25-pin Female

Wire key:

1-Blue

2-Orange

3-Black

4-Red

5-Green

6-Yellow

7-Brown

8-White

4/5

25-pin

6/8

RJ-45

Page 88

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

ADP-000011-R RJ45 to DB9 Male

ADP-000012-R RJ45 to DB9 Female

Wire key:

1-Blue

2-Orange

3-Black

4-Red

5-Green

6-Yellow

7-Brown

8-White

RJ-45

4/5

DB9

1/6

RJ- 45 Jack

Pin 1

ADP-

DB9 Male

000011

- R

Page 89

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K

, J u l y , 2 0 1 3

Appendix G: Quick Start Guide

Page 90

Thinklogical Secure Console Server User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual