SLB™ Branch Office Manager User Guide Part Number 900-510 Revision C October 2013
Copyright & Trademark © 2013 Lantronix, Inc. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Lantronix is a registered trademark of Lantronix, Inc. in the United States and other countries. SLB, SLC, SLM, SLP, Detector and Spider are trademarks of Lantronix, Inc. Windows and Internet Explorer are registered trademarks of Microsoft Corporation.
Disclaimer & Revisions Operation of this equipment in a residential area is likely to cause interference, in which case the user, at his or her own expense, will be required to take whatever measures may be required to correct the interference. Note: This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules.
Table of Contents Copyright & Trademark ___________________________________________________ Open Source Software ___________________________________________________ Contacts ______________________________________________________________ Sales Offices ___________________________________________________________ Disclaimer & Revisions ___________________________________________________ Disclaimer & Revisions ___________________________________________________ Warranty __________________________________________
Connecting Devices to Power Outlets ___________________________________________ 26 Connecting Devices to the 8-Port Ethernet Switch _________________________________ 27 Typical Installations _____________________________________________________ 27 4: Quick Setup 29 IP Address ____________________________________________________________ 29 Method #1 Using the Front Panel Display ___________________________________ 30 Before You Begin __________________________________________________________ 30 Front Pan
NFS and SMB/CIFS ____________________________________________________ 69 NFS and SMB/CIFS Commands _______________________________________________ 71 Secure Lantronix Network ________________________________________________ 72 Secure Lantronix Network Commands __________________________________________ 76 Date and Time_________________________________________________________ 76 Date and Time Commands ___________________________________________________ 78 8: Device Ports 80 Connection Methods __________
Remote Access Server _____________________________________________________ 126 Reverse Terminal Server____________________________________________________ 127 Multiport Device Server _____________________________________________________ 127 Console Server ___________________________________________________________ 127 Connection Configuration _______________________________________________ 129 Connection Commands _____________________________________________________ 131 11: User Authentication 134 Authe
13: Application Examples 206 Telnet/SSH to a Remote Device __________________________________________ 207 Dial-in (Text Mode) to a Remote Device ____________________________________ 208 Local Serial Connection to Network Device via Telnet _________________________ 210 14: Command Reference 212 Introduction to Commands ______________________________________________ 212 Command Syntax _________________________________________________________ 212 Command Line Help _________________________________________
Accessing the Bootloader _______________________________________________ 264 Bootload Commands___________________________________________________ 264 User Commands __________________________________________________________ 264 Administrator Commands ___________________________________________________ 265 B: Security Considerations 266 Security Practice ______________________________________________________ 266 Factors Affecting Security _______________________________________________ 266 C: Safety Infor
1: About This Guide Purpose and Audience This guide provides the information needed to install, configure, and use the Lantronix® SLB™ branch office manager. The SLB branch office manager is for IT professionals who must remotely and securely configure and administer servers, routers, switches, telephone equipment, or other devices equipped with a serial port for facilities that are typically remote branch offices or "distributed" IT locations.
1: About This Guide Chapter Summary 12: Maintenance and Operation Provides instructions for upgrading firmware, viewing system logs and diagnostics, generating reports, and defining events. Includes information about web pages and commands used to shut down and reboot the SLB device. 13: Application Examples Shows how to set up and use the SLB branch office manager in three different configurations.
2: Overview The SLB branch office manager enables IT System Administrators to manage remote servers and IT infrastructure equipment securely over the Internet. This innovative device combines the capabilities of the award-winning Lantronix® SLC™ console manager with remote power management and an Ethernet switch into a compact, 1U rack-mountable appliance.
2: Overview Meets Needs of Branch Offices Designed to meet the specific needs of the remote branch office, the SLB branch office manager conserves rack space and reduces costs by enabling system administrators at a main corporate facility to manage the IT equipment distributed among branch offices simply and cost-effectively. Branch offices are facilities that are typically remote or “distributed IT” locations, likely located off-site of corporate headquarters or large-scale enterprise facilities.
2: Overview Typical Equipment You can configure, administer, and manage IT equipment in a variety of ways, but most devices have one method in common: an RS-232 serial port, sometimes called a console, auxiliary, or management port. These ports are often accessed directly by connecting a terminal or laptop to them, meaning that the user must be in the same physical location as the equipment. SLB devices give the user a way to access them remotely from anywhere there is a network or modem connection.
2: Overview The SLB device also provides features such as convenient text menu systems, breaksafe operation, port buffering (logging), remote authentication, and Secure Shell (SSH) access. Dial-up modem support ensures access when the network is not available.
2: Overview Figure 2-1. SLB 8 Front Two-Line LCD Display Front Panel Pushbuttons 1U Tall, Self-Contained Rack-Mountable Chassis Two PC Card Slots Console Port (RS-232) Figure 2-2.
2: Overview Protocols Supported The SLB branch office manager supports the TCP/IP network protocol as well as: SSH, Telnet, PPP, NFS, and CIFS for connections in and out of the SLB device SMTP for mail transfer DNS for text-to-IP address name resolution SNMP for remote monitoring and management FTP and SFTP for file transfers and firmware upgrades TFTP and HTTPS for firmware upgrades DHCP and BOOTP for IP address assignment HTTPS (SSL) for secure browser-based configuration
2: Overview Application Example The figure below is an example deployment. An SLB branch office manager is deployed in each branch office and an (optional) SLM management appliance at the main office. The branch offices are interconnected (always on) by VPN routers overlaid on the Internet, and also interconnected (on demand) through the analog phone system. Note: The SLB branch office manager can also be the authentication gateway to a network architecture that is not VPN-based.
2: Overview A system administrator, upon losing IP connectivity to a server, takes the following steps: Views the server’s Ethernet interface state information provided by the SLB branch office manager. If the Ethernet interface is faulty, connects to the server’s console port by means of the SLB web page or CLI (optionally via the SLM management appliance) and checks the server’s system parameters.
2: Overview 2 The max input/output current is de-rated to 16A when using the optional NEMA 5-20P (20A) cable (p/n SLPP012410-01, SLPP012510-01, SLPP012610-01). Serial Connections All devices attached to the device ports and the console port must support the RS-232C (EIA-232) standard. Category 5 cabling with RJ45 connections is used for the device port connections and for the console port. (For pinout information, see D: Adapters and Pinouts.) Note: RJ45 to DB9/DB25 adapters are available from Lantronix.
2: Overview Network Connections The SLB network interfaces are 10Base-T/100Base-TX connectors for use with a conventional Ethernet network. Use standard RJ45-terminated Category 5 cables. Network parameters must be configured before the SLB branch office manager can be accessed over the network. Note: One possible use for the two Ethernet ports is to have one port on a private, secure network and the other on a public, unsecured network. Figure 2-5.
3: Installation This chapter provides a high-level procedure for installing the SLB branch office manager followed by more detailed information about the SLB connections and power supplies. Caution: To avoid physical and electrical hazards, please be sure to read C: Safety Information before installing the SLB device. What’s in the Box In addition to the SLB branch office manager, the box contains the following items: Part # Component Description Adapters: 200.
3: Installation Verify and inspect the contents of the SLB package using the enclosed packing slip or the table above. If any item is missing or damaged, contact your place of purchase immediately.
3: Installation Relative Humidity Operating: 10% to 90% non-condensing Storage: 10% to 90% non-condensing Heat Flow Rate 68 BTU per hour Current measurement accuracy ± 12% 1 The max input/output current is de-rated to 12A when using the supplied NEMA 5-15P (15A) cable (p/n SLPP012310-01). 2 The max input/output current is de-rated to 16A when using the optional NEMA 5-20P (20A) cable (p/n SLPP012410-01, SLPP012510-01, SLPP012610-01).
3: Installation Connecting to a Device Port You can connect any device that has a serial console port to a device port on the SLB branch office manager for remote administration. The console port must support the RS232C interface. Note: Many servers must either have the serial port enabled as a console or the keyboard and mouse detached. Consult the server hardware and/or software documentation for more information. To connect to a device port: 1. Connect one end of the Cat 5 cable to the device port. 2.
3: Installation see D: Adapters and Pinouts and our web site at www.lantronix.com/support and click Cable/Adapter Lookup on the Support menu. To connect a terminal: 1. Attach the Lantronix adapter to your terminal (use PN 200.2066A adapter) or your PC's serial port (use PN 200.2070A adapter). 2. Connect the Cat 5 cable to the adapter, and connect the other end to the SLB console port. 3. Turn on the terminal or start your computer’s communication program (e.g., HyperTerminal for Windows). 4.
3: Installation The status of the power outlets displays on the front panel LCD display as the default display. Connecting Devices to the 8-Port Ethernet Switch To connect devices to the unmanaged Ethernet switch: 1. Use the included 1Ft Ethernet patch cable to connect Ethernet port 1 on the SLB branch office manager to one of the switch ports. Figure 3-3. 8-Port Ethernet Switch Note: The eight unmanaged Ethernet ports are not internally connected to the other two Ethernet ports. 2.
3: Installation Figure 3-4. SLB Installation Using the Integrated Ethernet Switch In Figure 3-5, the SLB branch office manager controls four serial devices and provides power to them. The devices use a managed switch to connect to the network. The figure also shows how Lantronix Spiders can be daisy chained. Figure 3-5.
4: Quick Setup This chapter helps get the IP network port up and running quickly, so you can administer the SLB branch office manager using your network. To set up the network connections quickly, we suggest you do one of the following: Use the front panel LCD display and pushbuttons. Complete the Quick Setup web page on the web interface. SSH to the command line interface and follow the Quick Setup script on the command line interface.
4: Quick Setup Method Description Front panel LCD display and pushbuttons You manually assign the IP address and other basic network, console, and date/time settings. If desired, you can restore the factory defaults. Serial port login to command line interface You assign an IP address and configure the SLB branch office manager using a terminal or a PC running a terminal emulation program to the SLB device’s serial console port connection.
4: Quick Setup Note: Have your information handy as the display times out without accepting any unsaved changes if you take more than 30 seconds between entries. Any changes made to the network, console port, and date/time settings take effect immediately. Navigating The front panel has one Enter button (in the center) and four arrow buttons (up, left, right, and down). Press the arrow buttons to navigate from one option to another, or to increment or decrement a numerical entry of the selected option.
4: Quick Setup Note: If you have connected Eth1 to the network, and Eth1 is able to acquire an IP address through DHCP, this IP address displays, followed by the letter [D]. Otherwise, the IP address displays as all zeros (000.000.000.000). 2. Press the Enter button on the keypad to enter edit mode. A cursor displays below one character of the existing IP address setting. 3. To enter values: Use the left or right arrow to move the cursor to the left or to the right position.
4: Quick Setup Restoring Factory Defaults To use the LCD display to restore factory default settings: 1. Press the right arrow button to move to the last option, Release. 2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit Restore Factory Defaults password displays. 3. Press Enter to enter edit mode. 4. Using the left and right arrows to move between digits and the up and down arrows to change digits, enter the password (the default password is 999999).
4: Quick Setup 4. To accept the defaults, select the Accept default Quick Setup settings checkbox in the top portion of the page and click the Apply button at the bottom of the page. Otherwise, continue with step 5. Note: Once you click the Apply button on the Quick Setup page, you can continue using the web interface to configure the SLB branch office manager further. 5.
4: Quick Setup Eth 1 Settings Disabled: If selected, disables the network port. Default is Eth1 enabled. Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway from the DHCP server. (The DHCP server may not provide the hostname gateway, depending on its setup.) This is the default setting. If you select this option, skip to Gateway. Obtain from BOOTP: Lets a network node request configuration information from a BOOTP "server" node. If you select this option, skip to Gateway.
4: Quick Setup Administrator Settings Sysadmin Password/ Retype Password To change the password (e.g., from the default) enter a password of up to 64 characters. 6. To save your entries, click the Apply button.
4: Quick Setup Method #3 Quick Setup on the Command Line Interface If the SLB branch office manager does not have an IP address, you can connect a dumb terminal or a PC running a terminal emulation program (VT100) to access the command line interface. (See Connecting a Terminal on page 25.) If the unit has an IP address, you can use SSH or Telnet to connect to the SLB device. Note: By default, Telnet is disabled and SSH is enabled.
4: Quick Setup IP Address (if specifying) An IP address that will be unique and valid on your network and in the same subnet as your PC. There is no default. If you selected DHCP or BOOTP, this prompt does not display. Enter all IP addresses in dot-quad notation. Do not use leading zeros in the fields for dot-quad numbers less than 100. For example, if your IP address is 172.19.201.28, do not enter 028 for the last segment.
4: Quick Setup Figure 4-3. Completed Quick Setup 5. To logout, type logout at the prompt and press Enter. Next Step After quick starting the SLB branch office manager, you may want to configure other settings. You can use the web page or the command line interface for configuration. For information about the web and the command line interfaces, go to 5: Web and Command Line Interfaces. To continue configuring the SLB device, go to 6: Basic Parameters.
5: Web and Command Line Interfaces The SLB branch office manager offers three interfaces for configuring the SLB device: a command line interface (CLI), a web interface, and an LCD with pushbuttons on the front panel. This chapter discusses the web and command line interfaces. (4: Quick Setup includes instructions for using the LCD to configure basic network settings.
5: Web and Command Line Interfaces Figure 5-1. Web Page Layout Port Number Bar Logout Button Icons Tabs Options Help Button Entry Fields and Optons Apply Button The web page has the following components: Tabs: Groups of settings to configure. Options: Below each tab are options for specific types of settings. Note: Only those options for which the currently logged-in user has rights display. Port, Switch, and Power Outlet Bar: The E1 and E2 buttons display the Network – Settings page.
5: Web and Command Line Interfaces Note: For specific instructions on completing the fields on the web pages, see Chapters 6 through 12. Apply Button: Apply on each web page makes the changes immediately and saves them so they will be there when the SLB branch office manager is rebooted. Icons: The icon bar above the Main Menu has icons that display the following (in order, from left to right) : Home page. Information about the SLB device and Lantronix contact information.
5: Web and Command Line Interfaces Command Line Interface A command line interface (CLI) is available for entering all the commands you can use with the SLB branch office manager. In this user guide, after each section of instructions for using the web interface, you will find the equivalent CLI commands. You can access the command line interface using Telnet, SSH, or a serial terminal connection. Note: By default, Telnet is disabled and SSH is enabled.
5: Web and Command Line Interfaces Command Syntax Commands have the following format: where is set, show, connect, admin, diag, pccard, or logout. is a group of related parameters whose settings you want to configure or view. Examples are ntp, deviceport, and network.
5: Web and Command Line Interfaces Command Line Help For general Help and to display the commands to which you have rights, type: help For general command line Help, type: help command line For more information about a specific command, type help followed by the command, for example: help set network or help admin firmware Tips Type enough characters to identify the action, category, or parameter name uniquely. For parameter values, type the entire value.
5: Web and Command Line Interfaces General CLI Commands The following commands relate to the CLI itself. To configure the current command line session: set cli scscommands Allows you to use SCS-compatible commands as shortcuts for executing commands: Note: Settings are retained between CLI sessions for local users and users listed in the remote users list.
6: Basic Parameters This chapter explains how to set the following basic configuration settings for the SLB branch office manager using the SLB web interface or the CLI: Network parameters that determine how the SLB interacts with the attached network Firewall and routing Date and time Note: If you entered some of these settings using a Quick Setup procedure, you may update them here.
6: Basic Parameters To enter settings for one or both network ports: 1. Click the Network tab and select the Network Settings option. The following page displays: 2. Enter the following information: Eth1 and Eth2 Settings Note: Configurations with the same IP subnet on multiple interfaces (Ethernet or PPP) are not currently supported.
6: Basic Parameters Eth 1 and/or Eth 2 Settings Disabled: If selected, disables the network port. Defaults are Eth1 and Eth2 enabled. Obtain from DHCP: Acquires IP address, subnet mask, hostname and gateway from the DHCP server. (The DHCP server may not provide the hostname gateway, depending on its setup.) This is the default setting. If you select this option, skip to Gateway. Obtain from BOOTP: Lets a network node request configuration information from a BOOTP "server" node.
6: Basic Parameters Gateway Default IP address of the router for this network. If this has not been set manually, any gateway acquired by DHCP for Eth1 or Eth2 displays. All network traffic that matches the Eth1 IP address and subnet mask is sent out Eth1. All network traffic that matches the Eth2 IP address and subnet mask is sent out Eth 2. If you set a default gateway, any network traffic that does not match Eth1 or Eth2 is sent to the default gateway for routing.
6: Basic Parameters Hostname & Name Servers Hostname The default host name is slbXXXX, where XXXX is the last 4 characters of the hardware address of Ethernet Port 1. There is a 64-character limit (contiguous characters, no spaces). The host name becomes the prompt in the command line interface. Domain If desired, specify a domain name (for example, support.lantronix.com). The domain name is used for host name resolution within the SLB branch office manager.
6: Basic Parameters Network Commands The following CLI commands correspond to the web page entries described above.
6: Basic Parameters To view all network settings: show network all To view Ethernet port settings and counters: show network port <1|2> To view DNS settings: show network dns To view gateway settings: show network gateway To view the host name of the SLB device: show network host IP Filter IP filters (also called a rule set) act as a firewall to allow or deny individual or a range of IP addresses, ports, and protocols.
6: Basic Parameters Enabling IP Filters On the IP Filter page, you can enable all filters or disable all filters. Note: There is no way to enable or disable individual filters. To enable IP filters: 1. Enter the following: Enable IP Filter Select the Enable IP Filter checkbox to enable all filters, or clear the checkbox to disable all filters. Disabled by default. Packets Dropped (view only) Displays the number of data packets that the filter ignored (did not respond to).
6: Basic Parameters To add an IP filter: 1. On the IP Filter page, click the Add Ruleset button. The following page displays: 2. Enter the following Ruleset Name Name that identifies a filter; may be composed of letters, numbers, and hyphens only. (The name cannot start with a hyphen.) Example: FILTER-2 Rule Parameters IP Address Specify a single IP address to act as a filter. Example: 172.19.220.64 – this specific IP address only Subnet Mask Specify a subnet mask to act as a filter. Example: 255.
6: Basic Parameters Port Range Enter a range of destination TCP or UDP port numbers to be tested. An entry is required for TCP, TCP New, TCP Established, and UDP, and is not allowed for other protocols. Separate multiple ports with commas. Separate ranges of ports by colons.
6: Basic Parameters To map a rule set to a network interface: 1. On the IP Filter page, select the IP filter rule set to be mapped. 2. From the Interface drop-down list, select the interface and click the Map Ruleset button. The Interface and rule set display in the IP Filter Mappings table. To delete a mapping: 1. On the IP Filter page, select the mapping from the list and click the Delete Mappings button. The mapping no longer displays. 2. Click the Apply button.
6: Basic Parameters Routing The SLB branch office manager allows you to define static routes and, for networks using Routing Information Protocol (RIP)-capable routes, to enable the RIP protocol to configure the routes dynamically. To configure routing settings: 1. Click the Network tab and select the Routing option. The following page displays: 2. Enter the following: Dynamic Routing Enable RIP Select to enable Dynamic Routing Information Protocol (RIP) to assign routes automatically.
6: Basic Parameters Note: To display the routing table, click the IP Routes Report link. The Status/Reports page displays. To view the report, select the IP Routes checkbox and click Generate Report. Equivalent Routing Commands The following CLI commands correspond to the web page entries described above.
7: Services System Logging and Other Services Use the Services page to: Configure the amount of data sent to the logs. Enable or disable SSH and Telnet logins. Enable a Simple Network Management Protocol (SNMP) agent. Note: The SLB branch office manager supports both MIB-II (as defined by RFC 1213) and a private enterprise MIB. MIB definition files for the private enterprise MIB are downloadable at http://www.lantronix.com/support/downloads/.
7: Services 2. Enter the following settings: System Logging In the System Logging section, select one of the following alert levels from the dropdown list for each message category: Off: Disables this type of logging. Info: Saves informative message, in addition to warning and error messages. Warning: Saves message output from a condition that may be cause for concern, in addition to error messages. This is the default for all message types.
7: Services Remote Servers (#1 and #2) IP address of the remote server(s) where system logs are stored. The system log is always saved to local SLB storage. It is retained through SLB branch office manager reboots for files up to 200K. Saving the system log to a server that supports remote logging services (see RFC 3164) allows the administrator to save the complete system log history.
7: Services Web Telnet Enables or disables the ability to access the SLB command Iine interface or device ports (connect direct) through the Web Telnet window. Disabled by default. Timeout If you enable Telnet logins, you can cause an idle connection to disconnect after a specified number of minutes. Select Yes and enter a value of from 1 to 30 minutes. Note: You must reboot the unit before a change will take effect.
7: Services SNMP Simple Network Management Protocol (SNMP) is a set of protocols for managing complex networks. 1. Click the Services tab and select the SNMP option. The following page displays: 2. Enter the following: Enable Agent Enables or disables SNMP agent, which allows readonly access to the system. Disabled by default. Enable Traps Traps are notifications of certain critical events. Disabled by default. This feature is applicable when SNMP is enabled.
7: Services NMS When SNMP is enabled, an NMS (Network Management System) acts as a central server, requesting and receiving SNMP-type information from any computer using SNMP. The NMS can request information from the SLB branch office manager and receive traps from the SLB device. Enter the IP address of the NMS server. Required if you selected Enable Traps. Location Physical location of the SLB branch office manager (optional). Useful for managing the SLB device using SNMP. Up to 20 characters.
7: Services V3 Read-Only User User Name SNMP v3 is secure and requires user-based authorization to access SLB MIB objects. Enter a user ID. The default is snmpuser. Up to 20 characters. V3 Password/Retype Password Password for a user with read-only authority to use to access SNMP v3. The default is SNMPPASS. Up to 20 characters. Passphrase/ Retype Passphrase Passphrase associated with the password for a user with read-only authority. Up to 20 characters.
7: Services location netlog nms phonehome phoneip portssh rocommunity rwcommunity servlog smtpserver snmp ssh syslogserver1 syslogserver2 telnet timeoutssh timeouttelnet
7: Services To view current services: show services SLB™ Branch Office Manager User Guide 68
7: Services NFS and SMB/CIFS Use the NFS & SMB/CIFS page if you want to save configuration and logging data onto a remote NFS server, or export configuration and logging data by means of an exported CIFS share. Mounting an NFS shared directory on a remote network server onto a local SLB directory enables the SLB branch office manager to store device port logging data on that network server.
7: Services 2. Enter the following for up to three directories: NFS Mounts Remote Directory The remote NFS share directory in the format: nfs_server_hostname or ipaddr:/exported/path Local Directory The local directory on the SLB branch office manager on which to mount the remote directory. The SLB device creates the local directory automatically. Read-Write If enabled, indicates that the SLB branch office manager can write files to the remote directory.
7: Services Network Interfaces Select the network ports from which the share can be seen. The default is for the share to be visible on both network ports. CIFS User Password/Retype Password Only one user special username (cifsuser) can access the CIFS share. Enter the CIFS user password in both password fields. The default user password is CIFSPASS. More than one user can access the share with the cifsuser user name and password at the same time.
7: Services To configure the SMB/CIFS share, which contains the system and device port logs: set cifs Parameters: eth1 eth2 state workgroup Note: The admin config command saves SLB configurations on the SMB/CIFS share.
7: Services 2. To manage a secure IT management device, click its IP Address. A separate browser page takes the user to the web interface for the selected Secure IT management device (login required). 3. For SLM management appliances, if SSH or Telnet is enabled for the device (to the CLI) or for a device port and you want to access the device or device port: a) Click the View link in the Telnet/SSH to Device Ports or CLI column.
7: Services Above the table, the Telnet to the CLI Enabled and SSH to the CLI Enabled fields indicate whether the unit has been set for Telnet or SSH access to the CLI. The table page lists all of the unit’s device ports (if applicable), indicates whether they are Telnet enabled or SSH enabled, and lists their Telnet and SSH port numbers. Note: For the links to work, you must enable Web Telnet or Web SSH for the secure IT management unit.
7: Services c) To open a Telnet session to a specific device port, click the Yes link in the Telnet Enabled column. d) To open an SSH session to the CLI, click Yes in the SSH to the CLI Enabled field above the table. e) To open an SSH session to a specific device port, click the Yes link in the SSH Enabled column. To configure how secure IT management devices are searched for on the network: 1. Click the Search Options link on the top right of the Secure Lantronix Network page.
7: Services Secure Lantronix Network Commands The following commands for the command line interface correspond to the web page entries described above.
7: Services 2. Enter the following: Change Date/Time Select the checkbox to manually enter the date and time at the SLB branch office manager’s location. Date From the drop-down lists, select the current month, day, and year. Time From the drop-down lists, select the current hour and minute. Time Zone From the drop-down list, select the appropriate time zone. 3. To save, click the Apply button. To synchronize the SLB branch office manager with a remote timeserver using NTP: 1.
7: Services Synchronize via Select one of the following: Broadcast from NTP Server: Enables the SLB branch office manager to accept time information periodically transmitted by the NTP server. This is the default if you enable NTP. Poll NTP Server: Enables the SLB device to query the NTP Server for the correct time. If you select this option, complete one of the following: Local: Select this option if the NTP servers are on a local network, and enter the IP address of up to three NTP servers.
7: Services To synchronize the SLB branch office manager with a remote time server using NTP: set ntp Parameters: localserver1 localserver2 localserver3 poll publicserver state sync To view NTP settings: show ntp SLB™ Branch Office Manager User Guide 79
8: Device Ports This chapter describes how to configure and use an SLB branch office manager device port connected to an external device, such as a server or a modem. The next chapter, 10: Connections, describes how to use the Connections web page to connect external devices and outbound network connections (such as Telnet or SSH) in various configurations. The Console Port page allows you to configure the console port, if desired.
8: Device Ports Permissions There are three types of permissions: Direct (or data) mode: The user can interact with and monitor the device port (connect direct command). Listen mode: The user can only monitor the device port (connect listen command). Clear mode: The user can clear the contents of the device port buffer (set locallog clear buffer command). The administrator and users with local user rights may assign individual port permissions to local users.
8: Device Ports Current port numbering schemes for Telnet, SSH, and TCP ports display on the left. The list of ports 1-8 on the right includes the individual ports and their current mode. Note: For units with more ports, click the buttons above the table to view additional ports. Icons that represent some of the possible modes include: Idle The port is not in use. The port is in data/text mode. Note: You may set up ports to allow Telnet access using the IP Settings on the Device Ports – Settings page.
8: Device Ports Starting SSH Port Each port is assigned a number for connecting via SSH. Enter a number (1025-65535) that represents the first port. The default is 3000 plus the port number. For example, if you enter 3001, subsequent ports are automatically assigned numbers 3002, 3003, and so on. Starting TCP Port Each port is assigned a number for connecting through a raw TCP connection. Enter a number (1025-65535) that represents the first port. The default is 4000 plus the port number.
8: Device Ports To configure settings for all or a group of device ports: set deviceport global Parameters: maxdirect <1-10> Sets the maximum number of direct connections for each device port. sshport tcpport telnetport Port is a port number between 1025 and 65535. To view global settings for device ports: show deviceport global Global Commands The following CLI commands correspond to the web page entries described above.
8: Device Ports Click the desired port number in the green bar (shown below) at the top of any page: The following page displays: SLB™ Branch Office Manager User Guide 85
8: Device Ports To enter device port settings: 1. Enter the following: Mode The status of the port; displays automatically. Name The name of the port. Valid characters are letters, numbers, dashes (-), periods, and underscores ( _ ). Banner Text to display when a user connects to a device port by means of Telnet, SSH, or TCP. If authentication is enabled for the device port, the banner displays once the user successfully logs in. Blank is the default.
8: Device Ports IP Address IP address used for this device port so a user can Telnet, SSH, or establish a raw TCP connection to this address and connect directly to the device port. For Telnet and SSH, the default TCP port numbers (22 and 23, respectively) are used to connect to the device port. For raw TCP, the TCP port number defined for TCP In to the device port is used. Web SSH/Telnet Columns Number of columns in the Web SSH/Telnet applet when this device port is accessed via the applet.
8: Device Ports Show Lines on Connecting If enabled, when the user either does a connect direct from the CLI or connects directly to the port using Telnet or SSH, the SLB outputs up to 24 lines of buffered data as soon as the serial port is connected. For example, an SLB branch office manager issues a connect direct device 1 command to connect port 1 to a Linux server. Then the SLB device user gets a directory with the ls command exits the connection.
8: Device Ports Initialization Script Commands sent to configure the modem may have up to 100 characters. Consult your modem’s documentation for recommended initialization options. If you do not specify an initialization script, the SLB device uses a default initialization string of AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0. Note: We recommend that the modem initialization script always be preceded with AT and include E1 V1 x4 Q0 so that the SLB branch office manager may properly control the modem.
8: Device Ports Modem Settings: PPP Mode Negotiate IP Address If the SLB branch office manager and/or the serial device have dynamic IP addresses (e.g., IP addresses assigned by a DHCP server), select Yes. Yes is the default. If the SLB branch office manager or the modem have fixed IP addresses, select No, and enter the local IP (IP address of the port) and remote IP (IP address of the modem). Authentication Enables PAP or CHAP authentication for modem logins. PAP is the default.
8: Device Ports Restart Delay The number of seconds after the timeout and before the SLB branch office manager attempts another connection. The default is 30 seconds. 2. To save settings for just this port, click the Apply button. 3. To save selected settings to ports other than the one you are configuring: a) From the Apply Settings drop-down box, select none, a group of settings, or All.
8: Device Ports To open the Device Ports – SLP page: 1. In the Connected to field above the IP Settings section of the Device Ports – Settings page, select an SLP or SLPEXP. 2. Click the Device Commands link. The following page displays: To enter SLP commands: 1. Enter the following: SLP Login User ID for logging into the SLP power manager. SLP Password/Retype Password Password for logging into the SLP power manager.
8: Device Ports Infeed Status Click the link to view the status of the data the SLP power manager is receiving. System Info Click the link to see system information pertaining to the SLP device. SLP Commands Restart SLP To restart the SLP power manager, select the checkbox.
8: Device Ports Humidity (%) Current relative humidity on the device the sensor is monitoring. Low Humidity Enter the relative humidity permitted on the device the sensor is monitoring below which the sensor sends a trap to the SLB branch office manager. High Humidity Enter the highest relative acceptable humidity permitted on the device above which the sensor sends a trap to the SLB device.
8: Device Ports dialoutpassword dialbacknumber dodauth dodchaphost dodchapsecret flowcontrol idletimeout ipaddr initscript A script that initializes a modem.
8: Device Ports To view the settings for one or more device ports: show deviceport port To view a list of all device port names: show deviceport names To view the modes and states of one or more device port(s): You can optionally email the displayed information. show portstatus [deviceport ] [email ] To view device port statistics and errors for one or more ports: You can optionally email the displayed information.
8: Device Ports single outlet. slp envmon Displays the environmental status (e.g., temperature and humidity) of the SLP power manager. slp infeedstatus Displays the infeed status and load of the SLP power manager. slp system Provides system information for the SLP power manager. sensorsoft lowtemp Sets the lowest temperature permitted for the port. sensorsoft hightemp Sets the hightest temperature permitted for the port.
8: Device Ports To connect to a device port to monitor and/or interact with it, or to establish an outbound network connection: connect direct endpoint is one of: deviceport ssh [port ][] where: is one or more of: user version <1|2> command tcp port telnet [port ] udp port hostlist Notes: To escape from the connect
8: Device Ports only the oldest data is lost, and only in the amount of overrun (not in large blocks of memory). NFS File Logging Data can be logged to a file on a remote NFS server. Data logged locally to the SLB branch office manager is limited to 256 Kbytes and may be lost in the event of a power loss. Data logged to a file on an NFS server does not have these limitations.
8: Device Ports Sylog Logging Data can be logged to the system log. If this feature is enabled, the data will appear in the Device Ports log, under the Info level. The log level for the Device Ports log must be set to Info for the data to be saved to the system log. (See 7: Services.) To set logging parameters: 1. In the top section of the Device Ports – Settings page, click the Settings link in the Logging field. The following page displays: 2.
8: Device Ports Email/SNMP Traps Email/Traps Select the checkbox to enable email and SNMP logging. Email logging sends an email message to pre-defined email addresses or an SNMP trap to the designated NMS (see 7: Services) when alert criteria are met. Disabled by default. Send If you enabled email and SNMP logging, select what type of notification log to send: Email, SNMP, or Both. Email is the default.
8: Device Ports Text String The specific pattern of characters the SLB branch office manager must recognize before sending a notification to the technician about this port. The maximum is 100 characters. You may use a regular expression to define the pattern. For example, the regular expression “abc[def]g” recognizes the strings abcdg, abceg, abcfg. The SLB device supports GNU regular expressions; for more information, see: http://www.codeforge.com/help/GNURegularExpr.html http://www.delorie.
8: Device Ports PC Card Logging PC Card Logging Select to enable PC Card logging. A PC Card Compact Flash must be loaded into one of the PC Card slots on the front of the SLB branch office manager and properly mounted ((see PC Card Logging on page 99). Disabled by default. Log To If port logging is to a PC Card, select the slot (Upper or Lower) in which the PC Card has been inserted. Upper is the default. Max Number of Files The maximum number of files to create to contain log data to the port.
8: Device Ports emailrestart emailsend emailstring emailsubj emailthreshold emailto filedir filelogging filemaxfiles filemaxsize locallogging name nfsdir nfslogging nfsmaxfiles nfsmaxsize pccardlogging pccardmaxfiles
8: Device Ports 2. Change the following as desired: Baud The speed with which the device port exchanges data with the attached serial device. From the drop-down list, select the baud rate. Most devices use 9600 for the administration port, so the console port defaults to this value. Data Bits Number of data bits used to transmit a character. From the drop-down list, select the number of data bits. The default is 8 data bits.
8: Device Ports To configure console port settings: set consoleport Parameters: baud <300-115200> databits <7|8> stopbits <1|2> parity flowcontrol showlines timeout To view console port settings: show consoleport Power Outlets The SLB branch office manager has four outlets that can provide power to other units in an IT environment. Each outlet can be configured and controlled through the SLB device.
8: Device Ports 2. Enter the following: Switching Delay Number of milliseconds the SLB branch office manager between subsequent switching. The range is 1000-2500 msec. The default is 2000 msec (2 sec). Over Current Alarm If SNMP traps are enabled (see 7:Services), a trap (alarm) is sent if the total current for all outlets exceeds a threshold. Enter the number of amps (measured in tenths of an amp) above which the SLB device sends a trap. The maximum is 180.
8: Device Ports should be on, off, or returned to the state it was in before the reboot. Default is Off. Last State Select whether to return the outlet to the state it was in before the reboot. Reboot To power cycle the outlet, select the checkbox. Default is unchecked. Note: You can reboot the SLB branch office manager on the Maintenance page, but after the reboot, the power outlet has the same power state as it did before the reboot. 4. To save, click Apply.
8: Device Ports 2. Enter the following: Note: To clear fields in the lower part of the page, click the Clear Host List button. Host List Id (view only) Displays after a host list is saved. Host List Name Enter a name for the host list. Retry Count Enter the number of times the SLB branch office manager should attempt to retry connecting to the host list. Authentication Select to require authentication when the SLB device connects to a host. 3.
8: Device Ports Escape Sequence The escape character used to get the attention of the SSH or Telnet client. It is optional, and if not specified, Telnet and SSH use their default escape character. For Telnet, the escape character is either a single character or a two-character sequence consisting of '^' followed by one character. If the second character is '?', the DEL character is selected. Otherwise, the second character is converted to a control character and used as the escape character.
8: Device Ports To view or update a host list: 1. In the Host Lists table, select the host list and click the View Host List button. The list of hosts display in the Hosts box. 2. View, add, or update the following: Host List Id (view only) Displays after a host list is saved. Host List Name Enter a name for the host list. Retry Count Enter the number of times the SLB branch office manager should attempt to retry connecting to the host list.
8: Device Ports Escape Sequence The escape character used to get the attention of the SSH or Telnet client. It is optional, and if not specified, Telnet and SSH use their default escape character. For Telnet, the escape character is either a single character or a two-character sequence consisting of '^' followed by one character. If the second character is '?', the DEL character is selected. Otherwise, the second character is converted to a control character and used as the escape character.
8: Device Ports To add a new host entry to a list or edit an existing entry: set hostlist add|edit entry [] Parameters: host protocol port escapeseq <1-10 Chars> To move a host entry to a new position in the host list: set hostlist edit move position To delete a host list, or a single host entry from a host list: set hostlist delete [entry ] To di
9: PC Cards You can use the PC Card page to configure storage (Compact Flash) and modem/ISDN PC cards. A Compact Flash is useful for saving and restoring configurations (see Configuration Management on page 182) and for Device Port Logging (see PC Card Logging on page 99). The SLB branch office manager supports a variety of Compact Flash-to-PC Card adapters, as well as modem and Basic Rate Interface (BRI) ISDN cards. (See the Lantronix web site for a complete list.
9: PC Cards 4. Enter the following settings for the selected PC Card: Storage Settings Mount Select the checkbox to mount the first partition of the Compact Flash on the SLB device (if not currently mounted). Once mounted, a Compact Flash is used for device port logging and saving/restoring configurations. Unmount To eject the Compact Flash from the SLB branch office manager, first unmount the Compact Flash. Select the checkbox to unmount it.
9: PC Cards Filesystem Select ext2 or FAT, the file systems the SLB device supports. 5. Click the Apply button. To enter modem settings for a PC Card: 1. Insert any of the supported modem or ISDN cards (see www.lantronix.com/slb) into either of the PC Card bays on the front of the SLB branch office manager. (You can do this before or after powering up the SLB device.) 2. Click the Devices tab and select the PC Card option. The PC Card page displays. 3.
9: PC Cards 4. Enter or view the following: State SLB™ Branch Office Manager User Guide Select to indicate whether to disable the PC Card or set it for dial-in, dial-out, dial-back, dial-on-demand, or dial-in & dial-on-demand. Disabled by default.
9: PC Cards Mode The format in which the data flows back and forth. With Text selected, the SLB branch office manager assumes that the modem will be used for remotely logging into the command line. Text mode is only for dialing in. This is the default. PPP establishes an IP-based link over the modem. PPP connections can be used in dial-out mode (e.g., the SLB device connects to an external network) or dial-in mode (e.g.
9: PC Cards Parity Parity checking is a rudimentary method of detecting simple, single-bit errors. From the drop-down list, select the parity. The default is none. Stop Bits The number of stop bit(s) used to indicate that a byte of data has been transmitted. From the drop-down list, select the number of stop bits. The default is 1. Flow Control A method of preventing buffer overflow and loss of data. The available methods include none, xon/xoff (software), and RTS/CTS (hardware). The default is none.
9: PC Cards Negotiated IP IP address associated with the GPRS connection. Text Mode Timeout Logins If you selected Text mode, you can enable logins to time out after the connection is inactive for a specified number of minutes. The default is No. This setting only applies to text mode connections. PPP mode connections stay connected until either side drops the connection. Disabled by default.
9: PC Cards DOD Authentication Enables PAP or CHAP authentication for dial-in & dial-ondemand. PAP is the default. With PAP, users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled. With CHAP, the DOD CHAP Handshake fields authenticate the user. DOD CHAP Handshake For DOD Authentication, enter the host/username for UNIX systems) or secret/user password (for Windows systems) used for CHAP authentication. May have up to 128 characters.
9: PC Cards TCP Port The TCP (raw) session port number to use if you selected TCP. Defaults: Upper PC Card Slot: 4049 Lower PC Card Slot: 4050 Range: 1025-65535 Authenticate If selected, the SLB branch office manager requires user authentication before granting access to the port. Authenticate is selected by default for Telnet Port and SSH Port, but not for TCP Port. 5. Click the Apply button.
9: PC Cards Removes a file on a Compact Flash card: pccard storage delete file PC Card Modem Commands To configure a currently loaded PC Card modem: pccard modem Parameters: auth baud <300-115200> 9600 is the default.
9: PC Cards modemmode modemstate modemtimeout nat parity remoteipaddr restartdelay service sshauth sshport stopbits <1|2> tcpauth tcpport telnetauth telnetport timeoutlogins SLB™ Branch Office Manag
10: Connections Chapter 8: Device Ports described how to configure and interact with an SLB branch office manager device port connected to an external device. This chapter describes how to use the Connections web page to connect external devices and outbound network connections (such as Telnet or SSH) in various configurations.
10: Connections Typical Setup Scenarios for the SLB Device Following are typical configurations in which SLB connections can be used, with references to settings on the Connections and Device Ports web pages. Terminal Server In this setup, the SLB branch office manager acts as a multiplexer of serial data to a single server computer. Terminal devices are connected to the serial ports of the SLB device and configured as a Device Port to Telnet out type connection on the Connections page.
10: Connections Reverse Terminal Server In this scenario, the SLB branch office manager has one or more device ports connected to one or more serial ports of a mainframe server. Users can access a terminal session by establishing a Telnet or SSH session to the SLB device. To configure the SLB branch office manager, select the Enable Telnet In or Enable SSH In option on the Device Ports – Settings web page.
10: Connections Modem Settings section of the Device Ports – Settings web page. A user could then dial into the SLB branch office manager using another modem and terminal emulation program at a remote location.
10: Connections Connection Configuration To create a connection: 1. Click the Devices tab and select the Connections opton. The following page displays: 2. For a device port, enter the following: Port The number of the device port you are connecting. This device port must be connected to an external serial device and must not have command line interface logins enabled, be connected to a modem, or be running a loopback test. Note: To see the current settings for this device port, click the Settings link.
10: Connections to From the drop-down list, select a destination for the connection: a device port connected to a serial device, a device port connected to a modem, or an outbound network connection (Telnet, SSH, TCP Port, or UDP Port). Note: To see the current settings for a selected device port, click the Settings link. Hostname The host name or IP Address of the destination. This entry is required if the to field is set to Telnet out, SSH out, TCP port, or UDP port.
10: Connections To view, update, or disconnect a current connection: The bottom of the Connections web page displays current connections. 4. To view details about a connection, hold the mouse over the arrow in the Flow column. 5. To disconnect (delete) a connection, select the connection in the Select column and click the Terminate button. 6. To reestablish the connection, create the connection again in the top part of the page. 7.
10: Connections To monitor a device port: connect listen deviceport To connect a device port to another device port or an outbound network connection (data flows in both directions): connect bidirection Endpoint is one of: charcount <# of Chars> charseq charxfer deviceport date exclusive ssh [port ] where
10: Connections ssh [port ] ] where is one or more of: user version <1|2> command tcp [port ] telnet [port udp [port ] Note: If the trigger is datetime (establish connection at a specified date/time), enter the date parameter.
11: User Authentication Users who attempt to log in to the SLB branch office manager by means of Telnet, SSH, the console port, or one of the device ports are granted access by one or more authentication methods. The User Authentication page provides a submenu of methods (Local Users, NIS, LDAP, RADIUS, Kerberos, and TACACS+) for authenticating users attempting to log in. Use this page to assign the order in which the SLB device will use the methods.
11: User Authentication 2. To enable a method currently in the Disabled methods list, select the method and press the left arrow to the left of the list. The methods include: NIS (Network Information System) A network naming and administration system developed by Sun Microsystems for smaller networks. Each host client or server computer in the system has knowledge about the entire system.
11: User Authentication TACACS+ (Terminal Access Controller Access Control System) TACACS+ allows a remote access server to communicate with an authentication server to determine whether the user has access to the network. TACACS+ is a completely new protocol and is not compatible with TACACS or XTACACS. The SLB branch office manager supports TACACS+ only. Local Users Local accounts authenticate users who attempt to log in via SSH, Telnet, the Web, or the console port. 3.
11: User Authentication Local and Remote Users The system administrator can configure the SLB device to use local accounts and remote accounts to authenticate users. 1. Click the User Authentication tab and select the Local/Remote Users option. The following page displays. The top of the page has entry fields for enabling local and remote users and for setting password requirements. The bottom of the page displays a table listing and describing all local and remote users.
11: User Authentication Local User Passwords Complex Passwords Select to enable the SLB branch office manager to enforce rules concerning the password structure (e.g., alphanumeric requirements, number of characters, punctuation marks). Disabled by default. Complexity rules: Passwords must be at least eight characters long. They must contain one upper case letter (A-Z), one lower case letter (a-z), one digit ( 0-9), and one punctuation character (()`~!@#$%%^&*-+=\{}[]:;"'<>,.?/_).
11: User Authentication 2. Enter the following information for the user: Login User ID of selected user. Authentication Select the type of authenticated user: Local: User listed in the SLB database. Remote: User not listed in the SLB database. UID A unique numeric identifier the system administrator assigns to each user. Valid UIDs are 101-4294967295. Note: The UID must be unique. If it is not, SLB branch office manager automatically increments it. Starting at 101, the SLB finds the next unused UID.
11: User Authentication Access Outlets The outlets the user may monitor and configure. Enable for Dial-back Select to grant a local user dial-back access (see page 84). Users with dial-back access can dial into the SLB branch office manager and enter their login and password. Once the SLB device authenticates them, the modem hangs up and dials them back. Disabled by default. Dial-back Number The phone number the modem dials back on depends on this setting for the device port.
11: User Authentication 3. Assign rights to users. Each user is a member of a group that has a predefined user rights associated with it. You can assign or remove additional rights to the individual user. Group Select the group to which the user will belong: Default Users: This group has only the most basic rights. You can specify additional rights for the individual user .
11: User Authentication 5. Click the Back to Local/Remote Users link to return to the Local/Remote User Settings page. 6. Add another user or click the Back to Local/Remote Users link. The Local/Remote Users page displays with the new user(s) listed in the table. Note: The logged-in user's name displays at the top of the web page. Only the tabs and options for which the user has rights display. Shortcut To add a user based on an existing user: 1.
11: User Authentication Local Users Commands The following CLI commands correspond to the web page entries described above.
11: User Authentication To view settings for all users or a local user: show localusers [user ] To block (lock out) a user's ability to log in: set localusers lock Note: This capability is not available on the web page. To allow (unlock) a user's ability to log in: set localusers unlock Note: This capability is not available on the web page. Local User Rights Commands The following CLI commands correspond to the web page entries described above.
11: User Authentication To configure attributes for users who log in by a remote authentication method: set remoteusers add|edit [] Parameters accessoutlets breakseq <1-10 Chars> clearports dataports escapeseq <1-10 Chars> group listenports permissions where is one or more of nt, sv, dt, lu, ra, sk, um, dp, pc, rs, rc, dr, wb, sn, ad To remove a permission, type a minus sign
11: User Authentication 2. Enter the following: Enable NIS Displays selected if you enabled this method on the Authentication Methods page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: You can enable NIS here or on the first User Authentication page. If you enable NIS here, it automatically displays at the end of the order of precedence on the User Authentication page.
11: User Authentication Custom Menu If custom menus have been created you can assign a default custom menu to NIS users. Escape Sequence A single character or a two-character sequence that causes the SLB branch office manager to leave direct (interactive) mode. (To leave listen mode, press any key.) A suggested value is Esc+A (escape key, then uppercase "A" performed quickly but not simultaneously). You would specify this value as \x1bA, which is hexadecimal (\x) character 27 (1B) followed by an A.
11: User Authentication Secure Lantronix Network Right to view and manage secure IT management units (e.g., SLP power managers, Spiders, SLC console managers, SLB branch office managers) on the local subnet. Local Users Right to add or delete local users on the system. Remote Authentication Right to assign a remote user to a user group and assign a set of rights to the user. SSH Keys Right to set SSH keys for authenticating users.
11: User Authentication To configure the SLB branch office manager to use NIS to authenticate users who log in via the Web, SSH, Telnet, or the console port: set nis Parameters: accessoutlets breakseq <1-10 Chars> broadcast clearports dataports domain escapeseq <1-10 Chars> listenports master slave1 slave2 slave3
11: User Authentication LDAP allows SLB users to authenticate using a wide variety of LDAP servers, such as OpenLDAP and Microsoft Active Directory. The LDAP implementation supports LDAP servers that do not allow anonymous queries. Users who are authenticated through LDAP are granted device port access through the port permissions on this page. All LDAP users are members of a group that has predefined user rights associated with it. You can add additional user rights that are not defined by the group.
11: User Authentication Base The name of the LDAP search base (e.g., dc=company, dc=com). May have up to 80 characters. Bind Name The name for a non-anonymous bind to an LDAP server. This item has the same format as LDAP Base. One example is cn=administrator,cn=Users,dc=domain,dc=com Bind Password and Retype Password Password for a non-anonymous bind. This entry is optional. Acceptable characters are a-z, A-Z, and 0-9. The maximum length is 127 characters. Active Directory Support Select to enable.
11: User Authentication Group Select the group to which the LDAP users will belong: Default Users: This group has only the most basic rights. You can specify additional rights for the individual user. Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot & Shutdown, and Diagnostics & Reports. Administrators: This group has all possible rights. 4.
11: User Authentication LDAP Commands These commands for the command line interface correspond to the web page entries described above. To configure the SLB branch office manager to use LDAP to authenticate users who log in via the Web, SSH, Telnet, or the console port: set ldap Parameters: accessoutlets adsupport Enables or disables active directory.
11: User Authentication RADIUS The system administrator can configure the SLB branch office manager to use RADIUS to authenticate users attempting to log in using the Web, Telnet, SSH, or the console port. Users who are authenticated through RADIUS are granted device port access through the port permissions on this page. All RADIUS users are members of a group that has predefined user rights associated with it. You can add additional user rights that are not defined by the group.
11: User Authentication Enable RADIUS Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: You can enable RADIUS here or on the first User Authentication page. If you enable RADIUS here, it automatically displays at the end of the order of precedence on the User Authentication page. RADIUS Server #1 IP address or hostname of the primary RADIUS server.
11: User Authentication Break Sequence A series of 1-10 characters users can enter on the command line interface to send a break signal to the external device. A suggested value is Esc+B (escape key, then uppercase “B” performed quickly but not simultaneously). You would specify this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B. Data Ports The ports users are able to monitor and interact with using the connect direct command.
11: User Authentication Reboot & Shutdown Right to use the CLI or shut down the SLB branch office manager and then reboot it. Firmware & Configuration Right to upgrade the firmware on the unit and save or restore a configuration (all settings). Selecting this option automatically selects Reboot & Shutdown. Diagnostics & Reports Right to obtain diagnostic information and reports about the unit. Web Access Right to access Web Manager. Device Ports Right to enter device port settings.
11: User Authentication To set user group and permissions for RADIUS users: set radius group To set permissions for RADIUS users not already defined by the user rights group: set radius permissions where is one or more of nt, sv, dt, lu, ra, sk, um, dp, pc, rs, rc, dr, wb, sn, ad To remove a permission, type a minus sign before the two-letter abbreviation for a user right.
11: User Authentication 2. Enter the following: Enable Kerberos Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: You can enable Kerberos here or on the first User Authentication page. If you enable Kerberos here, it automatically displays at the end of the order of precedence on the User Authentication page.
11: User Authentication KDC IP Address Enter the IP address of the Key Distribution Center (KDC). KDC Port Port on the KDC listening for requests. Enter an integer with a maximum value of 65535. The default is 88. Custom Menu If custom menus have been created, you can assign a default custom menu to RADIUS users. Escape Sequence A single character or a two-character sequence that causes the SLB branch office manager to leave direct (interactive) mode. (To leave listen mode, press any key.
11: User Authentication Full Administrative Right to add, update, and delete all editable fields. Networking Right to enter Network settings. Services Right to enable and disable system logging, SSH and Telnet logins, SNMP, and SMTP. Secure Lantronix Network Right to view and manage secure IT management units (e.g., SLP power managers, Spiders, SLB branch office managers) on the local subnet. Date/Time Right to set the date and time. Local Users Right to add or delete local users on the system.
11: User Authentication PC Card Right to enter modem settings for PC cards. Power Outlets Right to configure power outlets. 5. Click the Apply button. Note: You must reboot the unit before your changes will take effect. Kerberos Commands These commands for the command line interface correspond to the web page entries described above.
11: User Authentication To view Kerberos settings: show kerberos TACACS+ Similar to RADIUS, the main function of TACACS+ is to perform authentication for remote access. The SLB branch office manager supports the TACACS+ protocol (not the older TACACS or XTACACS protocols). The system administrator can configure the SLB device to use TACACS+ to authenticate users attempting to log in using the Web, Telnet, SSH, or the console port.
11: User Authentication 2. Enter the following: Enable TACACS+ Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. You can enable TACACS+ here or on the first User Authentication page. If you enable TACACS+ here, it automatically displays at the end of the order of precedence on the User Authentication page.
11: User Authentication Group Select the group to which the TACACS+ users will belong: Default Users: This group has only the most basic rights. You can specify additional rights for the individual user. Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot & Shutdown, and Diagnostics & Reports. Administrators: This group has all possible rights. 4.
11: User Authentication TACACS+ Commands These commands for the command line interface correspond to the web page entries described above.
11: User Authentication not used, a user can access multiple hosts without entering a password. In either case, the authentication is protected against security attacks because both the public key and the private key are required to authenticate. For both imported and exported SSH keys, the SLB device supports both RSA and DSA keys, and can import and export keys in OpenSSH and SECSH formats.
11: User Authentication 2. Enter the following: Imported Keys (SSH In) Host & User Associated with Key These entries are required in the following cases: The imported key file does not contain the host that the user will be making an SSH connection from, or The SLB local user login for the connection is different from the user name the key was generated from or is not included in the imported key file.
11: User Authentication ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAEEApUHCX9EWsHt+jmUGXa1YC3us ABYxIXUhSU1N+NU9HNaUADUFfd8LYz8/gUnUSH4Ksm8GRT7/8/Sn9jCVfGPh UQ== asallaway@winserver Host Host name or IP address from which the SSH connections to the SLB branch office manager will be made. User The User ID of the user being given secure access to the SLB device. Host & Login for Import Import via Select SCP or FTP as the method for importing the SSH keys. SCP is the default.
11: User Authentication Host and Login for Export Export via Select the method (SCP, FTP, or Cut and Paste) of exporting the key to the remote server. Cut and Paste, the default, requires no other parameters for export. Host IP address of the remote server to which the SLB branch office manager will SCP or FTP the public key file. Path Optional path of the file on the host to SCP or FTP the public key too. Login User ID to use to SCP or FTP the public key file.
11: User Authentication 2. View or enter the following: Reset to Default Host Key Select the All Keys checkbox to reset all default key(s), or select one or more checkboxes to reset defaults for RSA1, RSA, or DSA keys. All checkboxes are unselected by default. Import Host Key To import a site-specific host key, select the checkbox. Unselected by default. Type From the drop-down list, select the type of host key to import.
11: User Authentication Public Key Filename Filename of the public host key. Private Key Filename Filename of the private host key. Host Host name or IPaddress of the host from which to import the key. Path Path of the directory where the host key will be stored. Login User ID to use to SCP or SFTP the file. Password & Retype Password Password to use to SCP or SFTP the file. 3. Click the Apply button. 4. Repeat steps 2-3 for each key you want to import. 5.
11: User Authentication To export a key: set sshkey export Parameters: [format ] [host ] [login ] [path ] bits <512|1024> keyname keyuser type To export the public keys of all previously created SSH keys: set sshkey all export [pubfile ] [host ] [login ] [path ] To delete
11: User Authentication To display SSH keys that have been imported: show sshkey import Parameters: [keyhost ] [keyuser ] [viewkey ] To display SSH keys that have been exported: show sshkey export Parameters: [keyhost ] [keyuser ] [viewkey ] To display host keys (public key only): show sshkey server [type ] 6.
11: User Authentication Maximum of five nested menus can be called. No syntax checking (Enter each command correctly.
11: User Authentication Example The system administrator creates two custom user menus, with menu1 having a nested menu (menu2): [SLB]> set menu add menu1 Enter optional menu title ( for none): Menu1 Title Specify nickname for each command? [no] y Enter each command, up to 50 commands ('logout' is always the last command). Press when the menu command set is complete.
11: User Authentication __Custom User Menus___________________________________________________________ Menu: menu2 Title: Menu2 Title Show Nicknames: disabled Redisplay Menu: disabled Command 1: connect direct deviceport 3 Nickname 1: Command 2: connect direct deviceport 4 Nickname 2: Command 3: show datetime Nickname 3: Command 4: returnmenu Nickname 4: Command 5: logout Nickname 5: The system administrator 4 configures local user 'john' to use custom menu 'menu1': [SLB
11: User Authentication Menu1 Title ------------------------------------------------------------------------1) connect Port-1 3) menu2 2) connect Port-2 4) log off [Enter 1-4]> 4 Executing: logout Logging out...
12: Maintenance and Operation The system administrator performs maintenance activities and operates the SLB branch office manager using the options for the Maintenance tab and additional commands on the command line interface. SLB Maintenance The Firmware & Configurations page allows the system administrator to: Configure the FTP, SFTP, or TFTP server that will be used to provide firmware updates and save/restore configurations. (TFTP is only used for firmware updates.
12: Maintenance and Operation 2. Enter the following: General Reboot Select this option to reboot the SLB branch office manager immediately. The default is No. Note: The front panel LCD displays the “Rebooting the SLB” message, and the normal boot sequence occurs. Shutdown Select this option to shut down the SLB device. The default is No. Welcome Banner The text to display on the command line interface before the user logs in. Welcome to the SLB is the default.
12: Maintenance and Operation Login Banner The text to display on the command line interface after the user logs in. Default is blank. Note: To create more lines, use the \n character sequence. Logout Banner The text to display on the command line interface after the user logs out. Default is blank. Note: To create more lines use, the \n character sequence. Web Timeout Number of minutes (5-120) after which the SLB web session times out. The default is 5. To avoid timeouts, select No.
12: Maintenance and Operation Boot Banks Bank 1 Version of SLB firmware in bank 1. Note: The word "current" displays next to the bank the SLB branch office manager booted from. Bank 2 Version of SLB firmware in bank 2. Next Boot Bank Current setting for bank to boot from at next reboot. Switch to Bank If desired, select the alternate bank to boot from at next reboot.
12: Maintenance and Operation Location for Save, Restore, or Manage If you selected to save or restore a configuration, select one of the following options: Default – Saved Configurations: If restoring, select a saved configuration from the drop-down list. FTP Server: The FTP server specified in the FTP/SFTP/TFTP section. If you select this option, select FTP or SFTP to transfer the configuration file. NFS Mounted Directory: Local directory of the NFS server for mounting files.
12: Maintenance and Operation 2. To delete files, select one or more files and click the Delete button. Firmware & Configurations – Web Sessions The Firmware & Configurations - Web Sessions page enables you to view and terminate current web sessions. To view or terminate current web sessions: 1. On the Firmware & Configurations page, click the Web Sessions link.
12: Maintenance and Operation 2. If desired, enter the following: Reset to Default Certificate To reset to the default certificate, select the checkbox to reset to the default certificate. Unselected by default. Import SSL Certificate To import your own SSL Certificate, select the checkbox. Unselected by default. Import via From the drop-down list, select the method of importing the certificate (SCP or SFTP). The default is SCP. Certificate Filename Filename of the certificate.
12: Maintenance and Operation iGoogle Gadgets You can create an iGoogle gadgets that enables you to view the status of the ports of many SLB branch office managers on one web page. Anyone with a Google email account (gmail.com) can create an iGoogle gadget for viewing web pages. There are two types of iGoogle gadgets: public gadgets and private gadgets. The public gadgets are listed for import on iGoogle web pages. The SLB gadget is a private gadget, whose location is not publicly advertised.
12: Maintenance and Operation Administrative Commands These commands for the command line interface correspond to the web page entries described above. To copy the boot bank from the currently booted bank to the alternate bank (for dual-boot SLB branch office managers): admin firmware copybank To reboot the SLB device: admin reboot Note: The front panel LCD displays the “Rebooting the SLB” message, and the normal boot sequence occurs.
12: Maintenance and Operation To enable or disable iGoogle Gadget web content: admin web gadget To configure the timeout for web sessions: admin web timeout Timeouts are measured in minutes.
12: Maintenance and Operation To view keypad settings: admin keypad show To set the FTP/TFTP/SFTP server used for firmware updates and configuration save/restore: admin ftp server [login ] [path ] To view FTP settings: admin ftp show To set the FTP server password and prevent it from being echoed: admin ftp password To restore the SLB device to factory default settings: admin config factorydefaults [savesshkeys ] [savesSLBert ]
12: Maintenance and Operation To delete a saved configuration: admin config delete location [pccardslot ] To list the configurations saved to a location: admin config show [nfsdir ] [pccardslot ] To run the quick setup script: admin quicksetup To import an SSL certificate, or reset the web server certificate to the default: admin web certificate import via certfile
12: Maintenance and Operation 2. Enter the following: Log Select the type(s) of log you want to view. Level Select the alert level you want to view for the selected log. Starting at Select the starting point of the range you want to view: Beginning of Log: Beginning of the log. Date: Specific start date and time of the log. Ending at Select the endpoint of the range you want to view: End of Log: The end of the log. Date: Specific end date and time of the log. 3. Click the View Log button.
12: Maintenance and Operation 4. To email the system log to an individual: a) In the Comment field, enter a comment (if desired). b) Select to and enter the person’s email address. c) Press the Email Output button. 5. To email the system log to Lantronix Technical Support: a) In the Comment field, enter a comment (if desired). b) Select to: Lantronix Tech Support. c) Call Lantronix Tech Support and obtain a case number. Note: For contact information, click the Lantronix Tech Support link.
12: Maintenance and Operation System Log Command The following command for the command line interface corresponds to the web page entries described above.
12: Maintenance and Operation 2. To select a sort option (by Date/Time, User, Command/Action, click the appropriate button: To sort by date and time, click the Sort by Date/Time button. (This is the default.) To sort by user, click the Sort by User button. To sort by command/action, click the Command button. 3. To clear the log, click the Clear Log button.
12: Maintenance and Operation 2. Enter the following: Select Diagnostics Select one or more diagnostic methods you want to run, or select All to run them all. ARP Table Address Resolution Protocol (ARP) table used to view the IP address-to-hardware address mapping. Netstat Displays network connections. If you select the checkbox, select a protocol or select All for both protocols to control the output of the Netstat report.
12: Maintenance and Operation Send Packet This option sends an Ethernet packet out one of the Ethernet ports, mainly as a network connectivity test. Enter the following: Protocol: Select the type of packet to send. Hostname: Specify a host name or IPaddress of the host to send the packet to. Port: Specify a TCP or UDP port number of the host to send the packet to. String: Enter a set of up to 64 characters.
12: Maintenance and Operation 4. To view a report, click the link for that report. 5. To email the report(s) to an individual: a) In the Comment field, enter a comment (if desired). b) Select to and enter the person’s email address. c) Press the Email Output button. 6. To email the report(s) to Lantronix Technical Support: a) In the Comment field, enter a comment (if desired). b) Select to: Lantronix Tech Support c) Call Lantronix Tech Support and obtain a case number.
12: Maintenance and Operation Diagnostic Commands The following CLI commands correspond to the web page entries described above. To display the ARP table of IP address-to-hardware address mapping: diag arp [email ] You can optionally email the displayed information. To display a report of network connections: You can optionally email the displayed information.
12: Maintenance and Operation To generate and send Ethernet packets: diag sendpacket host port [string ] [protocol ] [count ] The default is 1.
12: Maintenance and Operation The top half of the page displays the status of each port, power supply, and power outlet. Green indicates that the port connection or power supply is active and functioning correctly. Red indicates an error or failure or that the device is off. 2. Enter the following: View Report View Report Select as many of the reports as desired, or select All. Port Status: Displays the status of each device port: mode, user, any related connections, and serial port settings.
12: Maintenance and Operation 4. To view a report, click the link for that report. 5. To email the report(s) to Lantronix Technical Support: a) In the Comment field, enter a comment (if desired). b) Select to: Lantronix Tech Support c) Call Lantronix Tech Support and obtain a case number. Note: For contact information, click the Lantronix Tech Support link. d) Enter the number in Case Number. e) Press the Email Output button. 6.
12: Maintenance and Operation Status Commands These commands for the command line interface correspond to the web page entries described above. To display device port modes and states for one or more ports: You can optionally email the displayed information. show portstatus [deviceport ] [email ] To display a snapshot of configurable parameters: You can optionally email the displayed information.
12: Maintenance and Operation 2. Enter the following: Event Trigger From the drop-down list, select the type of incident that triggers an event. Currently, the options are: Receive Trap Temperature Over/Under Limit: For Sensorsoft devices. Humidity Over/Under Limit: For Sensorsoft devices. Action From the drop-down list, select the action taken because of the trigger.
12: Maintenance and Operation SNMP Trap OID Enter a unique identifier for an SNMP object. (An SNMP object is anything that can hold a value and can be read using an SNMP "get" action.) The OID consists of a string of numbers separated by periods (for example, 1.1.3.2.1). Each number is part of a group represented by the number on its left. 3. You have the following options: To add the defined event, click the Add Event button. The event displays in the Events table at the bottom of the page.
12: Maintenance and Operation To update event definitions: admin events edit Parameters: community deviceport ethport <1|2> nms oid pccardslot To delete an event: admin events delete To view events: admin events show SLB™ Branch Office Manager User Guide 205
13: Application Examples Each SLB branch office manager has multiple serial ports and two network ports. Each serial port can be connected to the console port of an IT device. Using a network port (in-band) or a modem (out-of-band) for dial-up connection, an administrator can remotely access any of the connected IT devices using Telnet or SSH. Figure 13-1. SLB Branch Office Manager Configuration This chapter includes three typical scenarios for using the SLB branch office manager.
13: Application Examples Telnet/SSH to a Remote Device The following figure shows a Sun server connected to port 2 of the SLB device. Figure 13-2. Remote User Connected to a SUN Server via the SLB Device Sun Server Remote User Serial Cable to Device Port 2 Internet SLB Branch Office Manager In this example, the sysadmin would: 1.
13: Application Examples 3. Connect to the device port: [SLB]> connect direct deviceport 2 4. View messages from the SUN server console: Mar 15 09:09:44 tssf280r sendmail[292]: (8.12.2+Sun): SMTP+queueing@00:15:00 Mar 15 09:09:44 tssf280r sendmail[293]: (8.12.2+Sun): queueing@00:15:00 Mar 15 14:44:40 tssf280r sendmail[275]: (8.12.2+Sun): SMTP+queueing@00:15:00 Mar 15 14:44:40 tssf280r sendmail[276]: (8.12.2+Sun): queueing@00:15:00 [ID 702911 mail.info] starting daemon [ID 702911 mail.
13: Application Examples [SLB]> 2. Configure the device port that is connected to the console port of the Sun UNIX server: [SLB]> set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated. 3. Dial into the SLB branch office manager via the modem using a terminal emulation program on a remote PC. A command line prompt displays. 4. Log into the SLB device.
13: Application Examples Local Serial Connection to Network Device via Telnet This example shows a terminal device connected to an SLB device port, and a Sun server connected over the network to the SLB branch office manager. When a connection is established between the device port and an outbound Telnet session, users can access the Sun server as though they were directly connected to it. (See 10: Connections for more information).
13: Application Examples Byte Threshold: 100 Email Delay: 60 seconds Restart Delay: 60 seconds Email To: Email Subject: Port %d Logging Email String: NFS File Logging: disabled Directory to log to: Max number of files: 10 Max size of files: 2048 Max number of files: 10 Max size of files: 2048 2.
14: Command Reference After an introduction to using commands, this chapter lists and describes all of the commands available on the SLB command line interface accessed through Telnet, SSH, or a serial connection. The commands are in alphabetical order by category. Introduction to Commands Following is some information about command syntax, command line help, and tips for using commands.
14: Command Reference Table 14-1.
14: Command Reference Use the up and down arrows to scroll through previously entered commands. If desired, select one and edit it. You can scroll through up to 100 previous commands entered in the session. To clear an IP address, type 0.0.0.0, or to clear a non-IP address value, type CLEAR. When the number of lines displayed by a command exceeds the size of the window (the default is 25), the command output is halted until the user is ready to continue.
14: Command Reference admin config delete Syntax admin config delete location [pccardslot ] Description Deletes a configuration.
14: Command Reference Description Saves the current SLB configuration to a selected location. admin config show Syntax admin config show [nfsdir ] [pccardslot ] Description Lists the configurations saved to a location. admin firmware bootbank Syntax admin firmware bootbank <1|2> Description Sets the boot bank to be used at the next SLB reboot. Applies to dual-boot SLB branch office managers only.
14: Command Reference admin ftp password Syntax admin ftp password Description Sets the FTP server password and prevent it from being echoed. admin ftp server Syntax admin ftp server [login ] [path ] Description Sets the FTP/TFTP/SFTP server used for firmware updates and configuration save/restore. admin ftp show Syntax admin ftp show Description Displays FTP settings.
14: Command Reference Description Displays keypad settings. admin lcd reset Syntax admin lcd reset Description Restarts the program that controls the LCD. admin quicksetup Syntax admin quicksetup Description Runs the quick setup script. admin reboot Syntax admin reboot Description Reboots the SLB branch office manager. The front panel LCD displays the “Rebooting the SLB” message, and the normal boot sequence occurs.
14: Command Reference admin web certificate Syntax admin web certificate import via certfile privfile host login [path ] Description Imports an SSL certificate. admin web certificate reset Syntax admin web certificate reset Description Resets a web certificate. admin web certificate show Syntax admin web certificate show Description Displays a web certificate.
14: Command Reference admin web terminate Syntax admin web terminate Description Terminates a web session. admin web show Syntax admin web show Description Displays the current sessions and their ID. Add ‘admin web certificate’ commands Audit Log Commands show auditlog Syntax show auditlog [command|user|clear] Description Displays audit log. By default, shows the audit log sorted by date/time. You can sort it by user or command, or clear the audit log.
14: Command Reference Local Users authentication is always the first method used. Any methods omitted from the command are disabled. show auth Syntax show auth Description Displays authentication methods and their order of precedence. show user Syntax show user Description Displays attributes of the currently logged in user.
14: Command Reference Description Configures the SLB branch office manager to use Kerberos to authenticate users who log in via the Web, SSH, Telnet, or the console port. show kerberos Syntax show kerberos Description Displays Kerberos settings.
14: Command Reference show ldap Description Displays LDAP settings: Syntax show ldap Local Users Commands set localusers add|edit Syntax set localusers add|edit Parameters accessoutlets allowdialback breakseq <1-10 Chars> changenextlogin changepassword clearports dataports dialbacknumber displaymenu escapeseq <1-10 Chars> listenports c
14: Command Reference set localusers allowreuse Syntax set localusers allowreuse Description Sets whether a login password can be reused. set local users complexpasswords Syntax set localusers complexpasswords Description Sets whether a complex login password is required. set localusers state Syntax set localusers state Description Enables or disables authentication of local users.
14: Command Reference set localusers password Syntax set localusers password Description Sets a login password for the local user. set localusers periodlockout Syntax set localusers periodlockout Description Sets the number of minutes after a lockout before the user can try to log in again. Disabled by default.
14: Command Reference NIS Commands set nis Syntax set nis Parameters accessoutlets broadcast clearports custommenu
14: Command Reference RADIUS Commands set radius Syntax set radius Parameters: accessoutlets state clearports custommenu
14: Command Reference TACACS+ Commands set tacacs+ Syntax set tacacs+ Parameters accessoutlets clearports custommenu
14: Command Reference Description Adds a local user to a user group or changes the group the user belongs to. set localusers lock Syntax set local users unlock Description Blocks (locks) a user's ability to login. set localusers unlock Syntax set local users unlock Description Allows (unlocks) a user's ability to login.
14: Command Reference where is one or more of nt, sv, dt, lu, ra, sk, um, dp, pc, rs, rc, dr, wb, sn, ad, po To remove a permission, type a minus sign before the two-letter abbreviation for a user right. Description Sets attributes for users who log in by a remote authentication method. set remoteusers listonlyauth Syntax set remoteusers listonlyauth Description Sets whether remote users who are not part of the remote user list will be authenticated.
14: Command Reference Description Sets permissions not already defined by the assigned permissions group. show user Syntax show user Description Displays the rights of the currently logged-in user: CLI Commands set cli Syntax set cli scscommands Description Allows you to use SCS-compatible commands as shortcuts for executing commands. Enabling this feature enables it only for the current cli session. It is disabled by default.
14: Command Reference Description Allow (unlock) a user’s ability to log in. show cli Syntax show cli Description Displays current CLI settings. show user Syntax show user Description Displays attributes of the currently logged in user. set history Syntax set history clear Description Clears the commands that have been entered during the command line interface session. show history Syntax show history Description Displays the last 100 commands entered during the session.
14: Command Reference charxfer date deviceport exclusive ssh [port ][] where is one or more of: user version <1|2> command tcp [port ] telnet [port ] trigger If the trigger is datetime (establish connection at a specified date/time), enter the date parameter.
14: Command Reference connect global outgoingtimeout Syntax connect global outgoingtimeout Description Sets the amount of time the SLB branch office manager will wait for a response (sign of life) from an SSH/Telnet server that it is trying to connect to. Note: This is not a TCP timeout. connect listen deviceport Syntax connect listen deviceport Description Monitors a device port.
14: Command Reference telnet [port If the trigger is datetime (establish connection at a specified date/time), enter the date parameter. If the trigger is chars (establish connection on receipt of a specified number or characters or a character sequence), enter either the charcount or the charseq parameter.
14: Command Reference Description Configures console port settings. show consoleport Syntax show consoleport Description Displays console port settings. Custom User Menu Commands When creating a custom user menu, note the following limitations: Maximum of 20 custom user menus. Maximum of 50 commands per custom user menu (logout is always the last command). Maximum of 15 characters for menu names. Maximum of five nested menus can be called. No syntax checking.
14: Command Reference title
14: Command Reference show datetime Syntax show datetime Description Displays the local date, time, and time zone. set ntp Syntax set ntp Parameters localserver1 localserver2 localserver3 poll publicserver state sync Description Synchronizes the SLB branch office manager with a remote time server using NTP.
14: Command Reference slp outletcontrol state [outlet ][tower ] Outlet # is 1-8 for SLP8 power manager and 1-16 for SLP16 power manager. The outletcontrol parameters control individual outlets. slp outletstate [outlet ] The outletstate parameter shows the state of all outlets or a single outlet. slp envmon Displays the environmental status (e.g., temperature and humidity) of the SLP power manager.
14: Command Reference calleridcmd calleridlogging chaphost chapsecret The user defines the secret.
14: Command Reference remoteipaddr restartdelay slp infeedstatus Displays the infeed status and load of the SLP power manager. sshauth sshin sshport stopbits <1|2> telnetauth telnetin telnetport timeoutlogins webcolumns webrows Description Configures a single port or a group of ports.
14: Command Reference Description Displays a list of all device port names. show deviceport port Syntax show deviceport port Description Displays the settings for one or more device ports. show portcounters Syntax show portcounters [deviceport ] [email ] Description Displays device port statistics and errors for one or more ports. You can optionally email the displayed information.
14: Command Reference diag internals Syntax diag internals Description Displays information on the internal memory, storage and processes of the SLB branch office manager. Note: This command is available in the CLI but not the web. diag netstat Syntax diag netstat [protocol ] [email ] Description To display a report of network connections. You can optionally email the displayed information.
14: Command Reference xferdatasize Default is 1 Kbyte. Description Tests a device port by transmitting data out the port and verifying that it is received correctly. A special loopback cable comes with the SLB branch office manager. To test a device port, plug the cable into the device port and run this command. The command sends the specified Kbytes to the device port and reports success or failure. The test is performed at 9600 baud.
14: Command Reference Events Commands admin events add Syntax admin events add is one of: action ethport <1|2> nms community [oid ] action deviceport nms community [oid ] action pccardslot nms community [oid ] ac
14: Command Reference admin events show Syntax admin events show Description Displays event definitions. Host List Commands set hostlist add|edit Syntax set hostlist add|edit [] Parameters name (edit only) retrycount <1-10> Default is 3. auth Description Configures a prioritized list of hosts to be used for modem dial-in connections.
14: Command Reference set hostlist delete Syntax set hostlist delete [entry ] Description Deletes a host list, or a single host entry from a host list. show hostlist Syntax show hostlist Description Displays the members of a host list. IP Filter Commands set ipfilter state Syntax set ipfilter state Description Enables or disables IP filtering for incoming network traffic.
14: Command Reference edit Edit Parameters: append insert replace delete Description Sets IP filter rules.
14: Command Reference sysloglogging Description Configures logging settings for one or more device ports. Local logging must be enabled for a device port for the locallog commands to be executed. To use the set locallog clear command, the user must have permission to clear port buffers (see 11: User Authentication).
14: Command Reference set network dns Syntax set network dns <1|2|3> ipaddr Description Configures up to three DNS servers. set network gateway Syntax set network gateway Parameters default precedence alternate pingip ethport <1 or 2> pingdelay <1-250 seconds> failedpings <1-250> Description Sets default and alternate gateways.
14: Command Reference show network dns Syntax show network dns Description Displays DNS settings. show network gateway Syntax show network gateway Description Displays gateway settings. show network host Syntax show network host Description Displays the network host name of the SLB branch office manager. show network port Syntax show network port <1|2> Description Displays Ethernet port settings and counters. show network all Syntax show network all Description Displays all network settings.
14: Command Reference mount remdir rw Enables or disables read/write access to remote directory. Description Mounts a remote NFS share. The remdir and locdir parameters are required, but if they have been specified previously, you do not need to provide them again. set nfs unmount Syntax set nfs unmount <1|2|3> Description Unmounts a remote NFS share.
14: Command Reference show nfs Syntax show nfs Description Displays NFS share settings. PC Card Storage Commands pccard storage dir Syntax pccard storage dir Description Views a directory listing of a Compact Flash card. pccard storage format Syntax pccard storage format [filesystem ] Description Formats a Compact Flash card.
14: Command Reference PC Card Modem Commands pccard modem Syntax pccard modem Parameters auth baud <300-115200> 9600 is the default.
14: Command Reference remoteipaddr restartdelay service sshauth sshport stopbits <1|2> tcpauth tcpport telnetauth telnetport timeoutlogins Description Configures a currently loaded PC Card.
14: Command Reference set power switchingdelay Syntax set power switchingdelay Description Sets the delay after switching on an outlet before switching on the next. show power Syntax show power Description Displays power settings for all outlets or for a single outlet. Note: The screen displays PND when the outlet is powering up and is waiting for the delay period to expire.
14: Command Reference Services Commands set services Syntax set services Parameters alarmdelay <1-6000 Seconds> auditlog auditsize Limit is 1-500 Kbytes authlog clicommands contact devlog diaglog genlog includesyslog location netlog
14: Command Reference trapcommunity v1ssh v3password v3user v3user v3password v3phrase v3rwuser v3rwpassword v3rwphrase v3security v3auth v3encrypt webssh Description Configures services (system logging, SSH and Telnet access,
14: Command Reference show slcnetwork Syntax show slcnetwork [ipaddrlist ] Description Detects and displays all SLB devices on the local network. Without the ipaddrlist parameter, the command searches the SLB network. With the ipaddrlist parameter, the command displays a sorted list of all IP addresses or displays the IP addresses that match the mask (for example, 172.19.255.255 would display all IP addresses that start with 172.19).
14: Command Reference [path ] bits <512|1024> keyname keyuser type Description Exports an sshkey. set sshkey import set sshkey import Parameters [keyhost ] [keyuser ] [path ] file host login Description Imports an SSH key.
14: Command Reference Parameters [keyhost ] [keyuser ] [viewkey ] Description Displays all exported keys or keys for a specific user, IP address, or name. show sshkey import Syntax show sshkey import ] Parameters [keyhost ] [keyuser ] [viewkey ] Description Displays all keys that have been imported or keys for a specific user, IP address, or name.
14: Command Reference Description Provides details, for example, endpoint parameters and trigger, for a specific connection. Optionally emails the displayed information. Note: Use the basic show connections command to obtain the Connection ID. show portcounters Syntax show portcounters [deviceport ] [email ] Description Generates a report for one or more ports. Optionally emails the displayed information.
14: Command Reference level log display [numlines ] starttime endtime Description Displays the system logs containing information and error messages. Note: The level, display, and time parameters cannot be used simultaneously.
A: Bootloader The SLM management appliance provides a bootload command interface. This interface is only accessible through the SLB branch office manager’s console port. Accessing the Bootloader To access the bootloader CLI: To access the bootloader command line interface 1. Power up the SLB branch office manager. 2. Type x15 within 10 seconds of power up. The bootloader halts the boot procedure and displays a Lantronix command prompt.
A: Bootloader Displays information about the current user. Administrator Commands In addition to the commands that the user can issue, the administrator can issue the following commands: imagecopy Copies an image of the drive from the lower PCMCIA device to the internal CF card. passwd Provides a new password for user admin. The default password for user admin is admin. User cust does not have a password. ping Sends a ping request to the network host. printenv Prints bootloader variables.
B: Security Considerations The SLB branch office manager provides data path security by means of SSH or Web/SSL. Even with the use of SSH/SSL, however, do not assume you have complete security. Securing the data path is only one measure needed to ensure security. This appendix briefly discusses some important security considerations. Security Practice Develop and document a Security Practice. The Security Practice should state: The dos and don’ts of maintaining security.
C: Safety Information Safety Precautions Please follow the safety precautions described below when installing and operating the SLB branch office manager. Cover Do not remove the cover of the chassis. There are no user-serviceable parts inside. Opening or removing the cover may expose you to dangerous voltage that could cause fire or electric shock. Refer all servicing to Lantronix. Power Plug When disconnecting the power cable from the socket, pull on the plug, not the cord.
C: Safety Information − Install only in restricted access areas (dedicated equipment rooms, equipment closets or the like) in accordance with Articles 110-16, 110-17, and 110-18 of the National Electrical Code, ANSI/NFPA 70. − Route and secure input wiring to terminal block in such a manner that it is protected from damage and stress. Do not route wiring past sharp edges or moving parts. − Incorporate a readily accessible disconnect device, with a 3 mm minimum contact gap, in the fixed wiring.
D: Adapters and Pinouts The serial device ports of the SLB branch office manager products match the RJ45 pinouts of the console ports of many popular devices found in a network environment. The SLB device uses conventional straight-through Category 5 fully pinned network cables for all connections when used with Lantronix adapters. The cables are available in various lengths. In most cases, you will need an adapter for your serial devices.
D: Adapters and Pinouts RJ45 Receptacle to DB25M DCE Adapter for the SLB Device (PN 200.2066A) Pin 1 1 RJ45 RTS 1 DB25 Male 5 8 DTR 2 6 Tx 3 3 Gnd 4 7 Gnd 5 Rx 6 2 DSR 7 20 CTS 8 4 Use PN 200.2066A adapter with a dumb terminal or with many SUN applications.
D: Adapters and Pinouts RJ45 Receptacle to DB25F DCE Adapter for the SLB Device (PN 200.
D: Adapters and Pinouts RJ45 Receptacle to DB9M DCE Adapter for the SLB Device (PN 200.
D: Adapters and Pinouts RJ45 Receptacle to DB9F DCE Adapter for the SLB Device (PN 200.2070A) Pin 1 1 RJ45 RTS 1 1 DB9 Female 8 1 DTR 2 2 6 Tx 3 3 2 Gnd 4 4 5 Gnd 5 5 Rx 6 6 3 DSR 7 7 4 CTS 8 8 7 Use PN 200.2070A adapter with a PC's serial port.
D: Adapters and Pinouts RJ45 to RJ45 Adapter for Netra/Sun/Cisco and SLP Device (PNs 200.2225 and ADP010104-01) Note: The cable ends of the ADP010104-01 are an RJ45 socket on one end and a RJ45 plug on the other instead of RJ45 sockets on both ends. RTS 1 DTR 2 Tx 3 Gnd 4 Gnd 5 Rx 6 DSR 7 CTS 8 Use this adapter for the SLP power manager, Netra/SUN/CISCO, and others.
E: Protocol Glossary BOOTP (Bootstrap Protocol) Similar to DHCP, but for smaller networks. Automatically assigns the IP address for a specific duration of time. CHAP (Challenge Handshake Authentication Protocol) A secure protocol for connecting to a system; it is more secure than the PAP. DHCP (Dynamic Host Configuration Protocol) Internet protocol for automating the configuration of computers that use TCP/IP.
E: Protocol Glossary NMS (Network Management System) NMS acts as a central server, requesting and receiving SNMP-type information from any computer using SNMP. NTP (Network Time Protocol) A protocol used to synchronize time on networked computers and equipment. PAP (Password Authentication Protocol) A method of user authentication in which the username and password are transmitted over a network and compared to a table of name-password pairs.
E: Protocol Glossary TACACS+ (Terminal Access Controller Access Control System) A method of authentication used in UNIX networks. It allows a remote access server to communicate with an authentication server to determine whether the user has access to the network. Telnet A terminal protocol that provides an easy-to-use method of creating terminal connections to a network host.
F: Compliance Information Manufacturer’s Name & Address: Lantronix, Inc., 167 Technology Drive, Irvine, CA 92618 USA Declares that the following product: Product Name(s): SLB Branch Office Manager (SLB Series) Conforms to the following standards or other normative documents: SAFETY: • • • UL 60950-1 CAN/CSA-C22.2 No. 60950-1-03 EN 60950-1 (2001), Low Voltage Directive (73/23/EEC) FCC NOTICE (U.S.
F: Compliance Information • EN 55022 — “Limits and Methods of Measurement of Radio Interference Characteristics of Information Technology Equipment.” • EN 55024 — “Information technology equipment - Immunity characteristics Limits and methods of measurement.” • EN 61000-3-2 — “Electromagnetic compatibility (EMC) - Part 3: Limits Section 2: Limits for harmonic current emissions (Equipment input current up to and including 16 A per phase).
F: Compliance Information RoHS Notice: All Lantronix products in the following families are China RoHS-compliant and free of the following hazardous substances and elements: • Lead (Pb) • Mercury (Hg) • Polybrominated biphenyls (PBB) • Cadmium (Cd) • Hexavalent Chromium (Cr (VI)) • Polybrominated diphenyl ethers (PBDE) • Product Family Name UDS1100 and 2100 EDS MSS100 IntelliBox XPress DR & XPress-DR+ SecureBox 1101 WiBox UBox MatchPort SLC XPort WiPort SLB SLP SCS SLS Toxic or hazardous Substances and E