SCS Reference Manual For the Lantronix SCS Family of Secure Console Servers
The information in this guide may change without notice. The manufacturer assumes no responsibility for any errors which may appear in this guide. Copyright 2001, Lantronix. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Printed in the United States of America. The revision date for this manual is September 14, 2001.
Contents 1: Introduction............................................................................................................. 1-1 1.1 What’s New ................................................................................................................................1-1 1.2 How To Use This Manual...........................................................................................................1-1 2: Getting Started.......................................................................
Contents 4: Basic Remote Networking ..................................................................................... 4-1 4.1 Remote Connection Types..........................................................................................................4-1 4.1.1 Remote Dial-in ...........................................................................................................4-1 4.1.2 LAN to LAN....................................................................................................
Contents 5.4 Increasing Performance ..............................................................................................................5-9 5.4.1 Filtering Unwanted Data.............................................................................................5-9 5.4.2 Compressing Data and Correcting Errors...................................................................5-9 5.4.3 Adding Bandwidth..................................................................................................
Contents 7: PPP........................................................................................................................... 7-1 7.1 LCP .............................................................................................................................................7-1 7.1.1 Packet Sizes ................................................................................................................7-1 7.1.2 Header Compression........................................................
Contents 8.9.3 Notification of Character Loss..................................................................................8-13 8.9.4 Padding Return Characters .......................................................................................8-13 8.9.5 Setting the Device Type............................................................................................8-13 8.9.6 Specifying a Terminal Type .....................................................................................8-13 8.9.
Contents 10: Modem Sharing................................................................................................... 10-1 10.1 Services ...................................................................................................................................10-1 10.1.1 Creating a Service...................................................................................................10-1 10.1.2 Associating Ports with a Service .............................................................
Contents 11.8 Examples ..............................................................................................................................11-27 11.8.1 Database Search Order..........................................................................................11-27 11.8.2 Terminal User Forced to Execute Command .......................................................11-28 11.8.3 Multiple-User Authentication ...............................................................................11-28 11.
Contents 12.5.21 Set/Define IP NBNS ...........................................................................................12-37 12.5.22 Set/Define IP Route ............................................................................................12-37 12.5.23 Set/Define IP Routing.........................................................................................12-38 12.5.24 Set/Define IP Security ........................................................................................12-39 12.
Contents 12.6.38 Set/Define Ports Security....................................................................................12-76 12.6.39 Set/Define Ports Serial Log ................................................................................12-76 12.6.40 Set/Define Ports Session Limit ...........................................................................12-77 12.6.41 Set/Define Ports Signal Check............................................................................12-78 12.6.
Contents 12.8.3 Set/Define Service ..............................................................................................12-108 12.8.4 Set/Define Service Banner..................................................................................12-109 12.8.5 Set/Define Service Binary ..................................................................................12-109 12.8.6 Set/Define Service EOJ ......................................................................................12-109 12.8.
Contents 12.10.4 Define Site Chat................................................................................................12-138 12.10.5 Define Site Filter...............................................................................................12-140 12.10.6 Define Site Idle .................................................................................................12-141 12.10.7 Define Site IP................................................................................................
Contents C: SNMP Support ........................................................................................................C-1 C.1 Support ......................................................................................................................................C-1 C.2 Security......................................................................................................................................C-1 D: Supported RADIUS Attributes ..............................................
1: Introduction The Lantronix SCS family of Secure Console Servers provides secure communication for remote users to access local network resources. Our Servers enable IT professionals to configure and administer servers, routers, switches, telephone equipment, or any device with a serial port. In addition to remote networking capabilities, the SCS includes traditional terminal server functionality such as security features and modem control.
Introduction How To Use This Manual ◆ Chapter 10, Modem Sharing, describes how to configure the attached modems if they are to be shared. ◆ Chapter 11, Security, offers a comprehensive description of all security features. ◆ Chapter 12, Command Reference, is divided into sections for Navigation/Help, IP/Network, Port, Modem, Service, Server, Site, and Security commands.
2: Getting Started This chapter covers basic configuration that should get you started using the SCS. Topics include methods for setting up the SCS and ongoing maintenance issues such as restoring factory default settings. You can perform almost all of these configurations using EZWebCon (the recommended method for initial configuration), the web browser interface (recommended for further configurations), or by issuing commands at the command line (Local> prompt).
Getting Started Configuration Methods 2.1.2 Web Browser Interface The web browser interface allows you to log into and configure your SCS using a standard web browser. To connect to your SCS using the web browser interface, do one of the following: ◆ From EZWebCon, select your device and choose Manage from the Actions menu. OR ◆ Type your SCS’s IP address or resolvable text name into your web browser’s URL/Location field.
Getting Started Configuration Methods ◆ Establish a Telnet, SSH, or Rlogin connection to the SCS from a TCP/IP host. See Establishing Sessions on page 6-8 for more information. ◆ In EZWebCon, select Telnet To Device from the Actions menu. 2.1.3.1 Entering Commands In examples throughout the manual, SCS commands and keywords are displayed in upper case for clarity. They may be entered in upper, lower, or mixed case.
Getting Started Configuration Methods Table 2-1: Command Editing Keys Key Purpose Down Arrow or Ctrl-N Recalls the next command !text Recalls the last command starting with text !! Recalls the last command 2.1.3.2 Command Types The following types of commands appear frequently throughout this manual. There are subtle differences between each group of commands. The Set and Define commands make configuration changes to your SCS.
Getting Started Rebooting By default, the SCS prompt changes from Local> to Local>> to reflect privileged user status. 2.1.3.4 Abbreviating Commands When configuring the Server via the command line, you only need to enter as many characters as are needed to distinguish the keywords from one another.
Getting Started System Passwords To perform a TFTP boot after restoring the factory defaults, you must enter the SCS IP and loadhost information. (If a BOOTP server will provide this information, this step is not required.) Refer to your Installation Guide for instructions. When initialized, the SCS sets local authentication in the first precedence slot. For more information on authentication and precedence, see Database Configuration on page 11-8. 2.2.
Getting Started System Passwords When you click on a link in the left navigation column of the SCS web browser interface, you are prompted for the privileged password. Once you enter the password, you can access all of the configuration pages. If you are at the command line, become the privileged user by entering the following command.
Getting Started Note: Basic Configuration The login password is case-insensitive, so it does not need to be enclosed in quotes. To enable the use of the login password on a particular port, use the following command: Figure 2-10: Enabling the Login Password Local>> DEFINE PORT 3 PASSWORD ENABLED Note: To enable the password on virtual ports, which are used for incoming connections, use the Set/Define Server Incoming command. Login passwords are also discussed in Character Mode Logins on page 11-1. 2.
Getting Started Basic Configuration Figure 2-13 displays a few examples of commands used to change prompts. In the examples, the first command line results in the prompt used in the second command line, and so on. Figure 2-13: Prompt Examples Local> SET SERVER PROMPT "Port %n: " Port 5: SET SERVER PROMPT "%D:%s: " SCS:LabServ: SET SERVER PROMPT "%p%s_%n%P%% " Port_5[NoSession]_5>% 2.4.
Getting Started Note: Basic Configuration Specifying time change information is optional. Figure 2-17 shows an example of how to set the timezone. Figure 2-17: Manual Timezone Configuration Local>> DEFINE SERVER TIMEZONE EST -3:00 EST 1 Mar Sun>=1 3:00 Oct lastSun 2:00 The first EST specifies that Eastern Standard Time will be used as the reference point. The second value of -3:00 indicates that this timezone is 3 hours behind Eastern Standard Time.
Getting Started Basic Configuration Any time you enable or disable 802.11 networking, you must reboot the SCS before the change takes effect. Any other changes you request with the Set/Define 80211 commands will not take place until you have entered the Set 80211 Reset command. You can enter the Show/Monitor/List 80211 command to see the current 802.11 settings. To use the web browser interface to configure 802.11 settings, select the 802.11 link under the Advanced Settings section. 2.4.5.1 802.
Getting Started Basic Configuration 2.4.5.2 Enabling 802.11 Networking The SCS has 802.11 networking enabled by default. This allows the SCS to check for a compatible wireless networking card at startup. If a compatible card is present, the SCS will use the wireless network and ignore any wired Ethernet settings. If no compatible PC card is present, the SCS will use the 10/100BASE-T Ethernet interface. If you want the SCS to only look for a wired Ethernet connection, you must disable 802.11.
Getting Started Basic Configuration To tell the SCS which ESS it belongs to, enter the Set/Define 80211 ESSID command. The exact string you enter will be determined by the settings of the AP with which you want the SCS to communicate. Figure 2-23: Configuring the ESS ID Local>> SET 80211 ESSID “floor3” Local>> SET 80211 RESET Setting the ESSID to none (Set/Define 80211 ESSID None) allows the SCS to associate with any AP within range. 2.4.5.6 Network Mode There are two types of 802.
Getting Started Configuration Files When WEP is enabled and a WEP key is set, the SCS will only connect to an AP (in infrastructure mode) or communicate with other ad-hoc peers (in ad-hoc mode) that have been programmed with the same WEP key as the SCS. For a key to match, both the key data and the index number must be identical. Enter a WEP key if you have not previously done so. The key can be either 40-bits or 128-bits. Each key is also assigned an index number, which is an integer between 1 and 4.
Getting Started Configuration Files The configuration file must not contain any initialization commands (such as Initialize Server). Because the file is read when the SCS boots, a “reboot” command in the file would cause the SCS to boot perpetually. You would then have to flush the NVR to correct the error. 2 Test the configuration file. To test the file, use the Source command, discussed on page 12-133. An example of a configuration file is displayed below.
Getting Started Disk Management If Retry is set to zero, the SCS can no longer be used; it will wait indefinitely for the configuration file to download. 2.6 Disk Management The SCS contains three filesystems: /flash Flash is rewriteable memory that allows you to customize your SCS. Any data that you want the SCS to save after it is rebooted should be stored on the Flash disk. /ram The RAM disk stores temporary information.
Getting Started Disk Management 2.6.2 ATA Cards Once an ATA flash disk or hard-drive PC card is formatted (using the Disk Format /pccard command), the card can be used the same as the on-board Flash disk. Files on the card can be references as “/pccard1/ directory/filename.” Note: The SCS does not support PC card hot-swapping. Any time you insert a PC card into an SCS PC card slot, you must reboot the SCS.
3: Console Server Features This chapter describes how to configure your SCS to serve as a console server. The SCS features both inband management for access to connected devices over IP (e.g. through Telnet and SSH connections directly to the SCS), and out-of-band management for access through a connected modem. This chapter is divided as follows: ◆ Overview of Console Servers on page 3-1 introduces the functions of a console server.
Console Server Features Event Port Logging 3.2 Event Port Logging Port logging saves all idle data from an SCS serial port in a log file. This log file can be accessed by a system administrator after a system crash, and can provide valuable information about the cause of and solution for any problems with the attached serial device. If email notification (discussed in Email Alerts for Serial Events on page 3-2) is enabled, the serial log can be sent via email to the system administrator.
Console Server Features Configuring Menu Mode The following example configures an emailsite for the second serial port. Figure 3-3: Configuring an Email Site Local>> Local>> Local>> Local>> Local>> DEFINE DEFINE DEFINE DEFINE DEFINE EMAIL EMAIL EMAIL EMAIL EMAIL port2 port2 port2 port2 port2 TO “admin@strut.com” FROM “Conserv2” SUBJECT “System Crash” MAILHOST “mail.strut.com” REPLYTO “managers@strut.com” Dynamic print variables can be used with all of these command strings.
Console Server Features Configuring Menu Mode 3.4.1 Menu Configuration at the Command Line Use the Set/Define Menu command to create entries for your menu. For each menu entry, specify the option’s numbered position in the table, the entry description that will be displayed in the menu, and the actual command invoked when the user chooses that option. Enclose option and command names in quotes.
Console Server Features Note: 4 Configuring Menu Mode For a list of dynamic print variables, see Set/Define Menu on page 12-116. Define the items that will appear in the menu. The items will be numbered in the order entered. Up to 36 items can be defined in one menu. ITEM "Cisco Router" "telnet 192.0.1.250" ITEM "Sun Server" "telnet 192.0.1.251" ITEM “Linux Server” “connect local port_4” ITEM “Exit” “Logout” ENDMENU End the Menu with the line ENDMENU.
Console Server Features Managing the Attached Devices Once the file is set and stored on the /flash disk, a user logging into the SCS will be presented with the appropriate menu. The menu configured above, for one of the defined users (sandy, dave bob, kathy, default), would look like the one shown below: Figure 3-11: Menu Example Lantronix Console Server 3) Linux Server 4) Exit 1) Cisco Router 2) Sun Server Enter Selection: 3.
Console Server Features 3 Serial Port Configurations When the connection is complete, press . The username and password prompt appear. 4 Enter your username and password. You are now logged in to the SCS serial port. For instructions on dialing in with PPP, read Chapter 4, Basic Remote Networking. Instructions on attaching modems are included in Chapter 9, Modems. 3.5.3 Connecting from the Local> Prompt Before you connect to a serial port, make sure that you have a way to exit the connection.
Console Server Features Serial Port Configurations The login password is discussed in System Passwords on page 2-6. 3.6.2 Setting the Port Access Mode A port’s access may be set to one of the following: dynamic, local, remote, or none. Dynamic (the default) permits both local and remote logins, local allows only local logins, and remote permits only remote logins. None prevents all incoming and outgoing connections, rendering the port unusable.
4: Basic Remote Networking The SCS allows remote users to securely connect to local network resources, or two Local Area Networks (LANs) to connect to each other. This chapter describes how to initialize, maintain, and disconnect individual remote user dial-ins and LAN to LAN remote connections.
Basic Remote Networking Managing Connections With Sites The SCS cannot initiate connections to remote nodes. Remote nodes must call the SCS when they wish to communicate with the network. 4.1.2 LAN to LAN In LAN to LAN connections, the SCS provides a link between two networks. The SCS will communicate with a remote router, which may be another access server, a UNIX machine capable of PPP routing, or another SCS.
Basic Remote Networking Managing Connections With Sites 2 To enforce specific network requirements. For example, compression may be required for all connections. 3 To manage a connection once it is in place. For example, it may be desirable to control the amount of bandwidth used for a connection. 4 To enable a system administrator to monitor a single connection. For example, a system administrator may wish to restrict remote node users to a particular range of IP addresses.
Basic Remote Networking Managing Connections With Sites Table 4-1: Default Site Configuration Characteristic Configuration in Default Site IP packet forwarding Enabled Maximum idle time 10:00 (10 minutes) Remote host’s IP configuration Undefined IP compression slots 16 Maximum packet size (MTU): PPP 1522 Ports defined None PPP Enabled SLIP Disabled Telephone number of remote site None defined Outgoing packet filter None defined Incoming packet filter None defined Idle time filter
Basic Remote Networking Note: Managing Connections With Sites Site Commands are discussed on page 12-134. Currently active sites can be edited, but changes will not take effect until the site is logged out. 4.2.4 Testing Sites The Test Site command causes a site to start as if outgoing traffic for the site had come into the SCS. It allows users to test sites without having to generate packet traffic. To test a site, enter a command similar to the following.
Basic Remote Networking Note: IP Address Negotiation The default site configuration is listed in Table 4-1 on page 4-3. When an incoming caller is allocated a temporary site, the name of the site is based on the port receiving the call. For example, an incoming call to port 3 may be allocated a temporary site named Port3. 4.2.7 Using Sites for Outgoing Connections Note: The SCS does not support outgoing remote node connections. A site must be configured for each outgoing LAN to LAN connection.
Basic Remote Networking IP Routing Local routes The network that is directly attached. This route is automatically determined from the SCS IP address and network mask, and is never deleted. Static routes Routes that were manually entered in the routing table by a system administrator. These routes are used when the dynamic routes cannot be. Dynamic routes Routes learned through the receipt of RIP (Routing Information Protocol) packets. RIP is discussed in more detail on page 4-8.
Basic Remote Networking Note: IP Routing To configure authentication, see Configuring Incoming Connections on page 413 or Chapter 11, Security. 4.4.3 Routes for Remote User Dial-ins The SCS automatically generates routes for remote nodes when the node connects. These routes are deleted when the connection is terminated. If the remote node receives a dynamic address from the SCS’s IP address pool, a host route is entered for that address.
Basic Remote Networking Incoming Connections 4.4.4.2 Interval Between RIP Updates When RIP sending is enabled, the SCS sends RIP updates every thirty seconds. This number can be adjusted; for example, the update interval may be raised so that RIP updates are sent every minute to reduce network traffic. To configure the update interval, use the Define Site IP RIP Update command. The interval must be specified in seconds; intervals between 10 and 255 seconds are permitted.
Basic Remote Networking Incoming Connections PPP is enabled by default, while SLIP is disabled by default. To change these settings, use the Define Ports PPP and Define Ports SLIP commands. For more information on these commands, see Port Modes on page 8-3. Figure 4-15: PPP and SLIP Local>> DEFINE PORT 2 PPP DISABLED Local>> DEFINE PORT 2 SLIP ENABLED 4.5.
Basic Remote Networking Incoming Connections 4.5.1.2 Starting PPP or SLIP Using Automatic Protocol Detection You can configure an SCS port to automatically detect a PPP or SLIP packet and, if PPP or SLIP is enabled on the port, run the appropriate protocol when the packet is received. This eliminates the need for callers to explicitly start PPP or SLIP. Enable the PPP autodetection feature with the Define Ports PPPdetect command. This starts PPP with a temporary copy of the default site.
Basic Remote Networking Incoming Connections 4.5.2.1 Ports Using Automatic Protocol Detection If the port receiving the call is using automatic protocol detection, or is dedicated to SLIP or PPP, the following sequence of events take place: 1 If automatic protocol detection (for PPP, SLIP, or both) is enabled, the link layer starts up when a PPP or SLIP character is received from the incoming call. If the port is dedicated, the link layer starts upon the receipt of any character.
Basic Remote Networking 3 Incoming Connections To start the link layer, the caller has to enter commands to start PPP or SLIP (Set PPP or Set SLIP). One of two scenarios occurs: A If the caller specifies a site to be started when PPP or SLIP is started, the user is attached to that site. If the site is configured to prompt for its local password, the user must enter the site’s local password. At this point, the caller is unable to run another site.
Basic Remote Networking Incoming Connections By default, incoming Telnet and Rlogin connections are not required to enter the login password. To require the login password, use the Set/Define Server Incoming command, described on page 12-121. ❍ Username/Password Authentication Enable authentication on the appropriate ports.
Basic Remote Networking Outgoing Connections 4.6 Outgoing Connections Note: The SCS does not support outgoing remote node connections. When the SCS receives a packet, it consults its routing table to determine the best route to the packet’s destination. If the specified route points to a site, a connection to the site may be initiated. The connection will be subject to any restrictions defined for the site, such as a startup filter or time of day restrictions.
Basic Remote Networking Outgoing Connections 4.6.2 Telephone Numbers Each site may specify one port-independent telephone number and one or more port-specific telephone numbers. A port-independent telephone number is typically used if all ports are configured to call the same number; for example, if the ports are calling a telephone hunt group.
Basic Remote Networking Outgoing Connections 4.6.4.2 Configure Modems Enable modem operation on the port(s) used for outgoing calls. Then, assign a modem profile to the port using the Define Ports Modem Type command. Figure 4-25: Enabling Modem Operation Local>> DEFINE PORT 2 MODEM ENABLED Local>> DEFINE PORT 2 MODEM TYPE 5 Note: A modem profile automatically sets up a port for a specific type of modem. Define Ports Modem Type is listed on page 12-105.
Basic Remote Networking Outgoing Connections A port-specific telephone number will override a site telephone number. For example, site irvine may be configured to use the number 635-9202 on any port it’s using, but only the number 845-7000 when it’s using port 3. 4.6.4.6 Configure Authentication When an outgoing connection is attempted, the remote router may or may not require the SCS to authenticate itself.
Basic Remote Networking Monitoring Networking Activity 4.7 Monitoring Networking Activity To monitor current remote networking activity, use the Show Site or Monitor Site command. Show Site displays the activity associated with a particular site, including the number of packets received and transferred, idle time, current state of the site’s ports, and configuration of its associated protocols (for example, IP). Monitor Site will update and redisplay this information at three-second intervals.
Basic Remote Networking Examples The possible port states of ports assigned to the sites are listed in Table 4-4 Table 4-4: State of Ports Assigned to a Site Port State Activity During State Idle The site is not currently using this port. The port may be in use by other sites. Dial The remote modem is being dialed. Chat The chat script defined in the site is being executed. See Chapter 5, Additional Remote Networking, for a definition of chat scripts.
Basic Remote Networking Examples This SCS must be configured for outgoing LAN to LAN connections.
Basic Remote Networking Examples ◆ Both servers are to be dedicated to this purpose. No other applications are supported. ◆ After 60 seconds of idle time, the connection between Dallas and Seattle should be timed out. ◆ The SCS in Seattle expects the username dallas and the password xyz. The SCS in Dallas expects the username seattle and the password abc.
Basic Remote Networking Examples The Seattle SCS will have different authentication, telephone, site and router information than the SCS in Dallas. In all other respects, it is configured identically to the Dallas SCS.
Basic Remote Networking Examples To display a list of modem profiles, enter the List Modem command. Once you identify the appropriate profile for the attached modems, assign it to the port using the Define Port Modem Type command. Figure 4-37: Configuring the Modems Local>> Local>> Local>> Local>> DEFINE PORT 2-3 MODEM CONTROL ENABLED LIST MODEM DEFINE PORT 2 MODEM TYPE 1 DEFINE PORT 3 MODEM TYPE 2 4.8.3.
5: Additional Remote Networking This chapter discusses how to “fine-tune” remote networking and related features on your SCS. Performance and cost issues are covered, as well as how to manage bandwidth on demand, use direct connections and leased lines, and restrict access to the SCS. Topics discussed in this chapter include: ◆ Basic Security, page 5-1, describes how to set up basic authentication and filter lists. ◆ Chat Scripts, page 5-3, details how to define chat scripts.
Additional Remote Networking 3 Basic Security Enable authentication on each port that will be used for incoming logins. Figure 5-2: Enabling Port Authentication Local>> DEFINE PORT 2 AUTHENTICATE ENABLED 5.1.2 Filter Lists Filters enable the SCS to restrict packet traffic. Each filter specifies a particular rule, for example, only IP packets are permitted passage. Packets that pass the filter are forwarded; all others are discarded. Filters are organized into ordered filter lists, referenced by name.
Additional Remote Networking Chat Scripts 1 Deny all IP traffic matching a particular rule 2 Allow any packet When this filter list is used, all IP traffic matching the specified rule is discarded. Therefore, some IP packets are discarded without being compared to the second filter. To prevent all packet traffic from the IP protocol, use the Define Site IP Disabled command instead of a filter list.
Additional Remote Networking Chat Scripts 5.2.2 Editing and Adding Entries To replace, delete, or insert entries, specify the line numbers. Figure 5-5 displays a few examples.
Additional Remote Networking Bandwidth On Demand 5.3 Bandwidth On Demand Note: Remote Node sites have a fixed bandwidth. The SCS cannot add or remote bandwidth for Remote Node connections. This section discusses bandwidth for LAN to LAN connections only. The following sections outline the basic configuration needed to utilize SCS bandwidth on demand functionality for LAN to LAN connections.
Additional Remote Networking Bandwidth On Demand The SCS will always use at least one port for a connection, even if the traffic is below the “remove bandwidth” threshold. If this is not desired behavior, the last connection can be controlled by the idle timer. Note: To configure the idle timer, see Set/Define Server Inactivity on page 12-120. 5.3.2 Disadvantages of Additional Bandwidth Increasing bandwidth by bringing up additional links has two disadvantages: increased cost and reduced resources.
Additional Remote Networking Bandwidth On Demand 5.3.3.2 Assign Port Priority Numbers Priority numbers enable a site to determine which of its assigned ports it should use first for outgoing calls. The highest priority ports, those with higher priority numbers, will be used first. As additional bandwidth is needed, lower priority ports will be used in descending order of priority.
Additional Remote Networking Bandwidth On Demand 5.3.4 Displaying Current Bandwidth Settings To display a site’s current bandwidth settings, use the List Site Bandwidth command. Figure 5-13: Current Bandwidth Settings Local>> LIST SITE irvine BANDWIDTH SCS Version 1.
Additional Remote Networking Increasing Performance 5.4 Increasing Performance 5.4.1 Filtering Unwanted Data To reduce the use of bandwidth for unwanted packet traffic, each site may configure an incoming and an outgoing filter list. Packets will be compared to these filter lists as they are received or generated. If they do not pass the filter, they will be discarded. See Filter Lists on page 5-2 for more details. 5.4.
Additional Remote Networking Reducing Cost 5.4.4 IP Header Compression Each site may be configured to compress the header information on IP (TCP only) packets before they are forwarded. When a site is created, IP header compression will be enabled by default. Header compression is most useful for interactive traffic such as Telnet sessions. Compressing the header information for interactive traffic decreases the delay before data is transferred.
Additional Remote Networking Reducing Cost 5.5.3 Reducing the Number of Ports Used When additional links are brought up to increase bandwidth, phone charges will increase. Reducing the number of ports or reducing the site’s maximum bandwidth can reduce total cost; see Purge Site on page 12-150 and Define Site Bandwidth on page 12-136 for details. 5.5.4 Using Higher Speed Modems The time used to transfer data can be reduced by using the highest speed modems available.
Additional Remote Networking Reducing Cost 5.5.5.3 Getting Timesetting Information In order to restrict packet traffic during the specified times, the SCS must get accurate time information from one of two sources: an IP timeserver or from the SCS’ internal clock. To configure an IP timeserver, see Set/Define IP Timeserver on page 12-41. To set the SCS internal clock, see Set/Define Server Clock on page 12-119. To configure the SCS timezone, see Set/Define Server Timezone on page 12-129.
Additional Remote Networking Using the SCS Without Dialup Modems If the last connection attempt succeeded and the success timer is set to a high value (for example, 20 minutes), the SCS will wait for a longer period of time before attempting a new connection. If the SCS was not able to connect for some reason, setting the failure timer to a low value (for example, 5 seconds) will cause the SCS to retry the connection at short intervals until it succeeds.
Additional Remote Networking Using the SCS Without Dialup Modems ACCM is discussed in detail in Character Escaping on page 7-2 Note: 5.6.1.3 Synchronous Leased Lines The SCS supports asynchronous serial connections. Many leased lines are synchronous. Devices which convert between synchronous and asynchronous serial signals exist, but they may result in some performance loss. The current SCS units are not always the best solution for synchronous leased line applications. 5.6.1.
Additional Remote Networking Examples If static routing is to be used on the line, routes pointing to the site port2 will be required. Figure 5-22: Configuring Static Routing Local>> DEFINE SITE port2 IP RIP DISABLED Local>> DEFINE SITE IP ROUTE 192.99.99.0 SITE port2 2 5.6.2.2 SLIP Figure 5-23 displays the commands required if SLIP is used. Both sides of the leased line should be configured using these commands.
Additional Remote Networking Examples 5.7.2 Creating a Simple Firewall Firewalls are used to protect a network or networks from unauthorized access. To set up a firewall, a filter list is used; packet traffic is compared to the filters in the list to determine whether or not it will be forwarded. In general, firewalls prevent all packet traffic, with the exception of traffic to a particular service or services.
6: IP This chapter explains some important concepts about IP addressing, configuration, and routing. To configure IP for remote networking, see Chapter 4, Basic Remote Networking, and Chapter 5, Additional Remote Networking. For specific IP commands, see IP/Network Commands on page 12-16. This chapter is divided as follows: ◆ IP Addresses, page 6-1, describes how the SCS handles IP address assignment. ◆ Subnet Masks, page 6-5, explains how the SCS works with subnetworks.
IP IP Addresses In most network examples, the host portion of the address is set to zero. Table 6-2: Available IP Addresses Class Reserved Available A 0.0.0.0 127.0.0.0 1.0.0.0 to 126.0.0.0 B 128.0.0.0 191.255.0.0 128.1.0.0 to 191.254.0.0 C 192.0.0.0 223.255.255.0 192.0.1.0 to 223.255.254.0 D, E 224.0.0.0 to 255.255.255.254 255.255.255.255 None Consider the IP address 36.1.3.4. This address is a class A address, therefore, the network portion of the address is 36.0.0.
IP IP Addresses To avoid routing and security problems, the SCS should restrict incoming callers to a particular address or range of addresses. This restriction may be defined in each site to force each caller to use a unique IP address; see Specifying a Site’s IP Address Range on page 6-3 for configuration instructions. 6.1.1.1 Defining an IP Address Pool An address pool is a range of IP addresses that have been reserved for allocation to incoming callers.
IP IP Addresses 6.1.1.3 Assigning a Specific IP Address for a Site To require that incoming callers to a particular site use a specific IP address, use the Define Site IP Remoteaddress command. Figure 6-3: Specifying a Specific IP Address Local>> DEFINE SITE irvine IP REMOTEADDRESS 192.0.1.108W When an incoming caller requests an IP address, the requested address is compared to this address. If they match, the caller will use the address. If the addresses do not match, the SCS terminates the call. 6.1.
IP Subnet Masks All incoming SLIP users that do not use a custom site will use the default site for the connection. To require that default site users use an IP address from the pool, use the Define Site Default IP Remoteaddress command. Figure 6-8: Using the Address Pool for the Default Site Local>> DEFINE SITE DEFAULT IP REMOTEADDRESS 192.0.1.100 192.0.1.105 6.1.2.2 Dialing Out to an ISP An SCS site can be configured to dial out to an ISP that uses PPP, such as Earthlink.
IP Name Resolving To display the subnet mask, use the Show IP command. Figure 6-11: Show IP Output Local>> SHOW IP SCS Version B1.1/102int(951128) Hardware Addr: 00-80-a3-0b-00-5b IP Address: 192.0.1.221 Name: Uptime: Subnet Mask: DOC_SERVER 1 Day 22:49 255.255.255.0 The SCS will not change the subnet mask once it is set. If the SCS IP address is changed to a different class, for example, from a class B to a class C address, the subnet mask will remain a class B address.
IP Name Resolving To use the DNS, the SCS must know the IP address of the DNS server. 6.3.1 Configuring the Domain Name Service (DNS) To use the DNS for name resolution, use the Set/Define IP Nameserver command. Figure 6-13: Setting the Domain Name Server Local.>> DEFINE IP NAMESERVER 192.0.1.166 To specify a backup nameserver, use the Set/Define IP Secondary Nameserver command. If the first nameserver isn’t available, the request will be sent to the secondary server. 6.3.
IP Header Compression 6.4 Header Compression Each site may enable or disable compression of IP header information. When a site is created, IP header compression will be enabled by default. When IP headers are compressed, the SCS replaces the packet’s header with a slot number. This number is assigned dynamically, and denotes that the packet originated from a particular connection (for example, a Telnet session).
IP Establishing Sessions 6.5.1 Telnet and Rlogin Sessions Telnet is an industry-standard protocol that enables users anywhere on a network to access a remote host and start a terminal session. Telnet connections do not require that either end of the connection know the hardware/software used on the other end; for example, if user Bob connects to host athena’s platform (see Figure 6-20), athena doesn’t know what terminal type Bob is using, and Bob doesn’t know athena’s platform or operating system.
IP Establishing Sessions If the SCS port has been configured with a terminal type (such as VT100), this information will be sent to the remote host during the session. To configure the terminal type, use the Set/Define Ports TermType command. Figure 6-23: Setting Terminal Type Local>> DEFINE PORT 2 TERMTYPE VT100 Rlogin can be a security problem. When the SCS attempts an outgoing Rlogin connection, the SCS will send the username specified when the user logs into the SCS.
IP Establishing Sessions When the SCS first powers on, it generates an ephemeral host key which is regenerated every hour. Incoming SSH connections will not be permitted until this key generation is complete. Outgoing SSH is not affected. To form an SSH connection to an SCS, start your SSH client software. On UNIX, the appropriate command is ssh followed by the SCS name. To connect to a specific SCS port, use serial network port 22xx, where xx is the port number.
IP Establishing Sessions 6.5.2.3 Username/Password Authentication If RSA authentication fails, the SCS prompts the user for a password. The user’s name and password are then checked against the Kerberos, TFTP, and Local authentication databases, in order of their precedence settings if configured. Figure 6-28: Username/Password Authentication % ssh scs2 paul@scs2's password: Note: The RADIUS and SecurID databases will not be checked.
IP Establishing Sessions If you are the privileged user, the host’s key is permanently added to the table of known hosts (stored in / flash/ssh/known_hosts). Figure 6-31: Outgoing SSH Connections for Privileged User Local_9>> ssh athena %Info: The authenticity of host ‘athena’ can't be established. RSA key fingerprint is 5f:d0:d7:69:39:d1:ca:fb:71:eb:g4:33:b1:ba:8c:e9. %Warning: Added ‘athena’ (RSA) to the list of known hosts.
IP IP Security To help track down problems, try printing verbose debugging information from your SSH client (for example, on some UNIX clients you could enter ssh -v scsname). The SCS also tracks important SSH activity to the authentication log, so you may want to enable and view that as well. The following commands enable you to view the log, which is set to an authentication level of 5, from the console.
IP IP Routing Note: If the user making the connection is the privileged user (see the Set Privileged/ Noprivileged command), the connection will be allowed regardless of the entries in the table. A trailing zero in any address segment is shorthand for “all addresses in this range, both incoming and outgoing disabled, for all ports.” For example, the following two commands are equal. Figure 6-36: Set/Define IP Security Commands Local>> DEFINE IP SECURITY 192.0.1.0 Local>> DEFINE IP SECURITY 192.0.1.
IP IP Routing The SCS must be positioned between two networks in order for routing to work correctly. If two or more SCSs are used, the units cannot be on the same network (as in Figure 6-39). Figure 6-39: Two Units Used to Link the Same Network 192.1.1.1 192.1.1.
IP IP Routing An SCS in a small sales office might have a default route that points to the corporate headquarters. The SCS doesn’t need to know about all of the routes on the headquarters network. It only knows to send all otherwise unspecified traffic to the central location, where it will be routed to the final destination. 6.7.2.2 Adding Routes to the Table Entries may be added to the routing table in three ways: locally, statically, or dynamically.
IP IP Routing Dynamically These routes are automatically learned from other routers on the network and are managed by a dynamic routing protocol. The SCS currently supports one dynamic routing protocol, RIP. Routes are automatically entered when new networks come online, and automatically removed if the networks are no longer reachable. Dynamic routes learned via sites are the exception; they are never timed out. The SCS assumes that these networks are reachable by bringing up a link.
IP IP Routing 6.7.5 Using the NetBIOS Nameserver (NBNS) Microsoft Windows users can run NetBIOS over IP and use the DNS for name resolution, or a primary or secondary NetBIOS nameserver (NBNS). This allows Windows clients to use the Network Neighborhood browser without any additional configuration on the Windows host. To specify a NetBIOS nameserver, use the following command. A secondary NetBIOS nameserver can be configured if desired.
IP Displaying the IP Configuration 6.8 Displaying the IP Configuration The Show IP commands display IP configuration information, including information about the IP router, IP interfaces, and IP address of the remote host. To display the basic IP configuration, use the Show IP command without any additional parameters. Figure 6-45: Show IP Output Local>> SHOW IP SCS Version B1.
IP Displaying the IP Configuration When used in conjunction with a particular site’s name, the Show IP Interface command displays information about the site’s interface, including its IP address, subnet mask, IP address of the remote host, and RIP statistics. Figure 6-47: Show IP Interface for a Particular Site Local>> SHOW IP INTERFACE irvine SCS Version B1.
IP Examples 6.9 Examples 6.9.1 IP Address Assignment for Remote Networking An SCS handles incoming calls from a series of remote node users. Two of these users, Bob and Frank, have special IP address requirements. The SCS must be configured to do the following: ◆ Assign the same IP address to Bob each time he logs in. ◆ Permit Frank to select his own IP address. Note: ◆ In general, allowing user-selected IP addresses is not recommended.
IP Examples 6.9.2 General IP Setup The following figure illustrates the commands required for the average IP setup: Figure 6-53: General IP Configuration Local>> Local>> Local>> Local>> Local>> Local>> Local>> DEFINE DEFINE DEFINE DEFINE DEFINE DEFINE DEFINE IP IP IP IP IP IP IP ADDRESS 192.0.1.11 SUBNET 255.255.255.0 NAMESERVER 192.0.1.45 SECONDARY NAMESERVER 192.0.1.184 DOMAIN “ctcorp.com” TIMESERVER 192.0.1.45 SECONDARY TIMESERVER 192.0.1.455 6.9.
7: PPP The SCS can use PPP, the Point-to-Point Protocol, to transmit high layer protocols over a serial link, ISDN connection, or other point-to-point based connection. Unlike SLIP (the Serial Line Internet Protocol), which can also be used with the SCS, PPP supports authentication, escape sequences for flow control characters, loopback detection, and per-packet checksums. Two major components of PPP are discussed in the following sections: ◆ LCP on page 7-1 discusses the Link Control Protocol (LCP).
PPP LCP 7.1.3 Character Escaping PPP can be configured to substitute a two byte sequence of characters for specific characters. The substituted characters are sent instead and the recipient translates them back into the original characters. This substitution is called character escaping. Escaping characters is often used with XON/XOFF flow control. This method of flow control, used with many modems, involves treating two characters (hex 0x11 and hex 0x13) in a special manner.
PPP NCP PAP and CHAP may be enabled on each port and each site. If both CHAP and PAP are configured for authentication, CHAP authentication will be attempted first. If the peer does not support CHAP, PAP will be attempted instead. On incoming connections, the port’s CHAP or PAP configuration will be used to determine the authentication required for the connection.
PPP Multilink PPP 7.3.1 User-Initiated PPP If PPP is enabled for a port, you can start a PPP session from Local> mode using the Set PPP command. You can specify a site to connect to by appending the site name to the command. 7.3.2 Automatic Detection of PPP A port may be configured to automatically detect a PPP packet and, if PPP is enabled on the port, run PPP when the packet is received. This eliminates the need for callers to explicitly start PPP.
PPP Multilink PPP Note: 2 Ensure that other port parameters (such as speed, parity, and flow control) are properly configured for the connection. Create a site for the outgoing multilink PPP connection. Figure 7-5: Creating the Calling Site Local>> DEFINE SITE irvine Note: 3 All other desired site parameters should be set up, and a static route should be defined for the site, before the site is used for connections. Configure the ports associated with the multilink site.
PPP Multilink PPP A Specify the initial and maximum bandwidths. The maximum bandwidth should not exceed the sum of the bandwidths for all of the ports. Figure 7-9: Configuring Initial and Maximum Bandwidths Local>> DEFINE SITE irvine BANDWIDTH INITIAL 2800 Local>> DEFINE SITE irvine BANDWIDTH MAXIMUM 11500 For more information about site bandwidth settings and how to fine-tune them, see Configuring Bandwidth Allocated to Sites on page 5-6. B Specify when to add and remove bandwidth from a connection.
PPP Restoring Default PPP Settings C Enable PPP CHAP and/or PAP authentication on the ports. Figure 7-13: Enabling PPP Authentication Local>> DEFINE PORT 1-4 PPP CHAP REMOTE Local>> DEFINE PORT 1-4 PPP PAP REMOTE 2 Create a site to receive the multilink traffic. The site’s name must match that of the incoming multilink user (see Figure 7-11). Figure 7-14: Creating the Receiving Site Local>> DEFINE SITE "sidney" 3 Configure site authentication.
PPP Troubleshooting Once a connection is made, problems may be monitored using the Show/Monitor/List Ports command. The following table explains the counters useful for PPP troubleshooting. Table 7-1: Port Counters Counter(s) Information Displayed Packets Input Packets from the remote host to the SCS. Packets Output Packets from the SCS to the remote host. Packet-Too-Long Number of packets longer than the Maximum Receive Unit (MRU) negotiated with LCP. In most situations, this counter will be 0.
8: Ports Each SCS port can be configured in a number of ways. Configuration options include a port’s start method, available sessions, access, serial parameters, and flow control. 8.1 Using Port Commands Most port commands require you to be the privileged user. To become the privileged user, use the Set Privileged/Noprivileged command. This command is discussed in detail on page 12-84. Many port commands require that the Define commands be used instead of the Set commands.
Ports Starting a Port 8.3.1 Waiting for Character Input By default, each SCS port is idle until character input is received (e.g. if a remote user presses the Return key). If automatic protocol detection is enabled (see Automatic Protocol Detection on page 8-4), and the SCS recognizes a PPP or SLIP character in a packet for an enabled protocol, the SCS automatically runs that protocol. 8.3.
Ports Port Modes 8.4 Port Modes An SCS port can be used in one of three modes: character mode, PPP mode, or SLIP mode. The default port mode is character mode.To configure a port to run PPP or SLIP, see the corresponding sections below. Note: Enabling PPP or SLIP on the serial console port is not recommended. 8.4.1 Character Mode By default, the SCS ports will start character mode when the Return or Line Feed key is pressed at startup.
Ports Automatic Protocol Detection To enable a port to run SLIP, use the following commands. Figure 8-5: Enabling SLIP Local>> DEFINE PORT 2 SLIP ENABLED 8.5 Automatic Protocol Detection An SCS port may be configured to automatically detect a PPP or SLIP packet and, if PPP or SLIP is enabled on the port, run the appropriate protocol when the first packet is received. This eliminates the need for callers to explicitly start PPP or SLIP. In some situations, autodetection should be disabled.
Ports Port-Specific Session Configuration 8.6.1 Multiple Sessions Each port may have a number of sessions running at once. By default, each port is configured to permit up to 4 simultaneous sessions. The maximum number of simultaneous sessions, called the session limit, may be changed; up to 8 sessions may be run on each port. To change the session limit, use the Set/Define Ports Session Limit command. Figure 8-7: Changing the Session Limit Local>> DEFINE PORT 2 SESSION LIMIT 6 8.6.
Ports Port-Specific Session Configuration To configure the processing of the Break key, use the Set/Define Ports Break command. Break can be set to one of the following: Local, Remote, or None. Figure 8-10: Configuring Break Key Processing Local>> DEFINE PORT 3 BREAK LOCAL If your keyboard doesn’t have a Break key, an equivalent can be specified with the Set/Define Ports Local Switch command. Figure 8-11: Specifying Local Switch Local>> DEFINE PORT 2 LOCAL SWITCH ’ 8.6.3.
Ports Preferred/Dedicated Protocols & Hosts To use an environment string with the Connect command, specify the host, TCP port, or service to connect to, then specify the environment string prefaced by a colon.
Ports Port Restrictions Note: If you cannot log into the SCS, you’ll need to restore the server to its factory default settings. See Initialize Server on page 12-115. 8.7.2 Preferred/Dedicated Hosts A port can be assigned a preferred or dedicated SSH, Telnet, or Rlogin host using the Set/Define Ports Preferred and Define Ports Dedicated commands. By entering a sequence of key letters (environment strings) after the TCP parameter, you can specify the type of connection (e.g. SSH, Telnet, etc.).
Ports Port Restrictions 8.8.1 Locking a Port The Lock command may be used to secure a port without disconnecting sessions. When you enter Lock, you will be prompted to enter a password. The port will then be locked until that same password is used to unlock it. Figure 8-19 displays an example.
Ports Port Restrictions 8.8.3.1 Login Password The login password can be required of users who want to log in to the Server from the serial ports or the network. The password is defined with the Set/Define Server Login Password command. Figure 8-21: Setting the Login Password Local>> SET SERVER LOGIN PASSWORD Password> platyp (not echoed) Verification> platyp (not echoed) Local>> The Set/Define Ports Password command controls whether or not the login password is required to log into the specified port.
Ports Port Restrictions 8.8.4.2 Inactivity Logouts To configure a port to log out after a specified period of inactivity, use the Set/Define Ports Inactivity Logout command. This command works in conjunction with the Set/Define Server Inactivity command. The latter defines a particular number of minutes; after this period of time, a port with Inactivity Logout enabled will be considered inactive and automatically logged out. Note: Set/Define Server Inactivity is described on page 12-120.
Ports Serial Port Configuration 8.8.7 Dialback The Dialback feature allows a system manager to set up a dialback list of authorized users for incoming modem connections. When a username matching one in the list is entered, the port is logged out and the phone number will be sent out the serial port using the port’s modem profile. For a complete description of dialback, see Dialback on page 11-6. 8.8.
Ports Serial Port Configuration 8.9.2 Specifying a Username A username can be specified for a port using the Set/Define Ports Username command. When the username is specified with the Define Port Username command, users will not be prompted for a username upon login. Figure 8-31: Specifying a Username Local>> DEFINE PORT 3 USERNAME fred 8.9.
Ports Serial Port Configuration Termtype information is used for outbound sessions; the SCS doesn’t use this information. For example, a remote host might use the terminal type to configure your terminal to run a particular application. 8.9.7 Transmitting Serial Data Serial data can be handled a couple of different ways. The default settings will discard all data. Other options include setting various triggers to transmit the accumulated data to a host.
Ports RS-485 Configuration 8.9.8 Restoring Default Port Settings To restore all ports to their default settings, use the Purge Port command. Use caution with this command; any changes that you’ve made with the Set and Define commands will be erased. Figure 8-38: Restoring Default Port Settings Local>> PURGE PORT 2 If the Purge Port command cannot be used (for example, if authentication has been defined on all ports), the settings can only be restored by using the Boot Configuration Program.
Ports RS-485 Configuration 8.10.1 Two-wire Mode In two-wire mode, the SCS operates in half duplex: one pair of wires shares transmit and receive signals, and an optional third wire can be used for shield/ground. The main advantage of using two-wire mode is reduced cabling costs.
Ports RS-485 Configuration 8.10.2 Four-wire Mode In four-wire mode, the SCS operates in full duplex: one pair of wires functions as the transmit pair, another pair of wires functions as the receive pair, and there is a shield/ground wire for each pair. The SCS is able to send and receive data simultaneously. In a four-wire RS-485 network, one device acts as a master while the other devices are slaves.
Ports Flow Control 8.10.3 Termination RS-485 connections must be terminated properly in order to work. Termination is necessary when using long cable runs, although only end nodes should be terminated. The termination option is disabled by default. Figure 8-45: Enabling RS-485 Termination Local>> DEFINE PROTOCOLS RS485 TERMINATION ENABLED 8.10.4 RS-422 Networking The SCS is compatible with RS-422 networks in four-wire RS-485 mode.
Ports Flow Control For example, the SCS will assert RTS when it is ready to accept data. When it can no longer accept data (its buffers are full) it will deassert this signal. A connected modem will monitor the assertion and deassertion of this signal; it will only send data when RTS is asserted. A modem will assert CTS when it is ready to accept data. When its buffers are full, it will deassert CTS to indicate to the SCS that it should stop sending data. The SCS will only send data when CTS is asserted.
Ports 3 Serial Signals Determine the Appropriate Flow Control Method Refer to Flow Control on page 8-18 for a description of the different methods. Choose the method that’s most compatible with the modem and applications you’ll be using. 4 Configure Flow Control To configure your modem, refer to the modem’s documentation. To configure flow control on the SCS, use the Set/Define Ports Flow Control command. Figure 8-48 displays an example.
Ports Serial Signals All of the SCS’s DB24 and RJ45 signals are displayed in the following figures.
Ports Serial Signals 8.12.1 DSR (Data Set Ready) 8.12.1.1 DSR for Automatic Logouts An SCS port can be configured to automatically log itself out when DSR is no longer asserted; in other words, the port will log out when the modem is disconnected. This can help ensure port security; users will be prevented from unplugging terminal lines and using sessions that are still active. See Automatic Logouts on page 8-10 for more information. 8.12.1.
Ports Virtual Ports 8.13 Virtual Ports Incoming SSH, Telnet, and Rlogin connections are not associated with a physical port. Instead, they are associated with a virtual port which serves for the duration of the connection. Virtual port connections can be made only if incoming connections are enabled on the SCS.
9: Modems This chapter discusses how to configure your modem and the SCS to work together. If you have an SCS200, you can configure a supported modem card to form PPP dialup connections.An installed modem card on the SCS200 can be accessed using port number 3. Because the SCS does not support PC card hot swapping, you must reboot the SCS anytime you remove a modem card. Note: For a current list of supported modem cards, see the Lantronix web site, www.lantronix.com.
Modems Modem Speeds 9.2 Modem Speeds The modem’s serial speed, measured in bits per second (bps), is the rate at which the modem sends data to a host computer or other device (such as the SCS) over its serial port. The modem’s line speed, also measured in bits per second, is the rate at which the modem sends data through a telephone line to another modem or communications server. Although the two are related, they are not the same thing. 9.2.
Modems Modem Profiles 9.3.1 Using a Profile Preconfigured profiles are available for a number of modem types. Each profile contains all settings necessary to appropriately configure that type of modem. To display the list of available profiles, use the Show Modem command. If your modem is listed, copy it to the port using the Define Ports Modem Type command.
Modems Modem Profiles 9.3.2.1 Examine the Profile Display the modem profile by entering the List Port Modem command. Figure 9-3: Displaying Modem Configuration Local>> LIST PORT 3 MODEM A series of settings will be displayed. For example, the Attention string may be currently set to at, and Error Correction may be enabled. Read through the configuration options discussed in Typical Modem Configuration on page 9-13 and determine which options you’ll need to enable or disable to meet your needs.
Modems Modem Profiles 9.3.2.3 Edit Other Settings All settings in a modem profile can be edited with the Define Ports Modem commands. For example, to configure the Dial string, use the Define Ports Modem Dial command. Figure 9-5: Configuring a String Local>> DEFINE PORT 3 MODEM DIAL "DT" 9.3.2.4 Enable Modem Control Before a port can control a modem, modem control must be enabled. Use the following command. Figure 9-6: Enabling Modem Control Local>> DEFINE PORT 3 MODEM CONTROL ENABLED 9.3.2.
Modems Modem Profiles Commandprefix string This string is placed before all commands sent to the modem except for the Attention string. In the unlikely event that your modem doesn’t use a common command prefix for all commands, this string should be left blank; include the appropriate command prefix in every string sent to the modem. It is commonly set to "at." Compression Enabled/Disabled This setting enables or disables the modem’s data compression.
Modems Modem Profiles Note: The AT&T Paradyne Comsphere and AT&T Dataport pose this problem. Use caution when configuring Get Setup in this manner. A modem’s NVR can only be written a particular number of times; if the SCS is rebooted too often, setting Get Setup to “” could wear out the modem’s NVR. Init string The initialization (Init) string must be configured in a specific manner in order for your modem to work with the SCS. See Editing a Profile on page 9-3 for instructions.
Modems Modem and SCS Interaction 9.3.4 Profiles for Modems with External Switches Some modems, such as USRobotics Sportster and Courier, have external switches that control the modem’s behavior. Modems that have external switches but do not have predefined modem profiles on the SCS should be set not to autoanswer. The SCS answers the phone; the modem should never pick up the phone on its own. Sometimes the switch settings can be overridden by command strings, but sometimes they cannot.
Modems Modem and SCS Interaction If the modem responds with the Connect String, the call will succeed. If the modem responds with the No Carrier, Error, No Dial Tone, or Busy strings, or if no response is received in 60 seconds, the call will fail and the modem will be reset (60 seconds is the default wait period; this can be configured using the Define Ports Modem Carrierwait command). Note: Define Ports Modem Carrierwait is discussed on page 12-94. 9.4.
Modems Modem and SCS Interaction Before compression can be enabled, flow control must be enabled (see Flow Control on page 8-18). In addition, the modem’s serial speed must be set higher than the line speed. This enables the SCS to keep the modem’s internal data buffer filled with data to compress. As lower compression ratios decrease the effective line speed, the modem will flow control the SCS more often.
Modems Modem and SCS Interaction To enable error correction, use the following command: Figure 9-11: Enabling Error Correction Local>> DEFINE PORT 2 MODEM ERRORCORRECTION ENABLED Note: For this command’s complete syntax, see Define Ports Modem Errorcorrection on page 12-98. When error correction is enabled on a port, the SCS will send a string to the modem to instruct it to enable error correction. When error correction should be disabled, a disable string may be sent.
Modems Terminal Adapters 9.4.9 Dialback Dialback allows a system manager to set up a dialback of authorized users for incoming modem connections. When a username matching one in the list is entered, the port will be logged out and the user will be called back at the predefined number. For a complete discussion of Dialback, see Dialback on page 11-6. 9.5 Terminal Adapters ISDN Terminal adapters (TAs) are similar to modems.
Modems Examples Define Ports Modem Answer Rings configures the number of rings, either 1 or 3, that the SCS will wait for before answering the line. The telephone company sends Caller-ID information between the first and second rings, so the SCS must be set to wait for 3 rings before answering in order for Caller-ID functionality to work.
Modems Examples Port 2’s speed must be set properly for the modem. To determine the appropriate port speed, examine the following table: Table 9-2: Maximum Baud Rates Modem Typical Maximum Line Rate V.32 19200 V.32bis 57600 V.fast 115200 V.34 115200 To determine the maximum baud rate supported by the modem, the port speed must be set and tested. Modem handling must be disabled on the port; if it is enabled, the SCS will attempt to initialize the modem when the port is logged out.
Modems Examples The generic modem profile made a series of configurations to port 2. To determine the current configuration of port 2, use the List Port or List Port Modem command.
Modems Troubleshooting 9.8 Troubleshooting To help diagnose any difficulty with your modem setup, it is a good idea to do the following: ◆ Install a breakout box between the modem and the SCS. Set all modem switches to the “normal” position, and remove all jumpers. When the modem and SCS are powered on, the box’s LEDs will display the state of the signals, enabling you to more easily diagnose the problem. ◆ Enable event logging for modems. Event Logging is discussed on page 11-24.
Modems Troubleshooting Table 9-3: Modem Troubleshooting, cont. Problem Possible Cause(s) Remedy All data is corrupted. The ground pins aren’t wired correctly. Verify the wiring. Ensure that the ground pins on the RJ45 ports are wired together. The modem’s serial speed does not match the serial speed on the SCS port used. Ensure that the serial speeds of the modem and SCS port match. Flow control isn’t working properly.
10: Modem Sharing Modem sharing provides users with individual modem/phone line functionality at a reduced cost. When modems are shared, a group of IP users may use a modem pool to dial out of a LAN and connect to a remote host; for example, to connect to a bulletin board service (BBS). This eliminates the need for phone lines for each user’s computer. 10.1 Services A service represents a resource accessible to network users, such as a modem or a pool of modems attached to the SCS.
Modem Sharing Sharing Modems Ports associated with a service used for modem sharing must support outgoing connections. To support outgoing connections, the port access must be set to Dynamic or Remote. Figure 10-4: Configuring a Port for Outgoing Connections Local>> DEFINE PORT 2 ACCESS DYNAMIC A port associated with a service used for modem sharing must also be configured to operate the modem attached to it.
Modem Sharing Sharing Modems ◆ Form a TCP connection directly to an SCS serial port. ◆ Log into the SCS and connect to a local service or port. These methods are discussed in the following sections. 10.2.1 Configuring an IP Modem Pool Service Creating a service allows you to set up a modem pool on several SCS ports. To create an IP modem pool service, enter the Set/Define Service Ports command.
Modem Sharing Examples 10.2.4 Connecting to a Serial Port To connect directly to an SCS serial port, specify a port number of 30nn or 200nn. The nn represents the number of the SCS serial port; for example, port 2002 represents SCS serial port 2. If you’re using Telnet to connect to the SCS, connect to port 20nn. The 2000 port is intended for Telnet connections; it performs Telnet IAC character-escaping negotiations on the data stream.
Modem Sharing Examples The modems are connected to an SCS as follows: Table 10-1: Modems Connected to the SCS Speed Connected to SCS Modem Type 28,800 bps (2) Ports 2 and 3 6 14,400 bps (4) Ports 4 through 7 5 9,600 bps (1) Port 8 4 Three services will be created for the modems: fastmodems, slowmodems, and slowestmodem. These will be used for the 28,800, 14,400, and 9,600 modems, respectively.
Modem Sharing Examples 10.3.
11: Security The SCS enables you to secure your network in a number of ways. Supported security features include: ◆ Authentication of incoming connections, discussed on page 11-1. ◆ Authentication of outgoing LAN to LAN connections, discussed on page 11-4. ◆ Dialback during incoming connection attempts, discussed on page 11-6. ◆ Databases which store authentication information, discussed on page 11-8. ◆ Restriction of user access to commands and functions, discussed on page 11-18.
Security Incoming Authentication Note: The login password can be up to 16 characters long. The default password is “access.” To require that users enter the login password when logging into a particular port from another serial port, use the Set/Define Ports Password Enabled command. Figure 11-2: Requiring Login Password on a Port Local>> DEFINE PORT 2 PASSWORD ENABLED By default, incoming Telnet and Rlogin connections are not required to enter the login password.
Security Incoming Authentication 11.1.2 PPP Logins This section covers authentication on ports dedicated to PPP or with PPPdetect enabled. If PPP will be started from character mode, see Character Mode Logins on page 11-1. Note: To dedicate a port to PPP or enable PPPdetect, see Chapter 8, Ports. 11.1.2.1 CHAP and PAP The username and password may be transmitted using CHAP (Challenge Handshake Authentication Protocol) or PAP (Password Authentication Protocol).
Security Outgoing Authentication 11.1.2.3 Offering Authentication Information to the Incoming Caller If the incoming caller must authenticate the SCS, the port must have PAP Local or CHAP Local configured. Use the Define Ports PPP CHAP Local or Define Ports PPP PAP Local command. Figure 11-9: Enabling CHAP and PAP Local Local>> DEFINE PORT 2 PPP CHAP LOCAL Local>> DEFINE PORT 2 PPP PAP LOCAL During CHAP/PAP negotiation, the SCS will send the site’s username and remote password to the incoming caller.
Security Outgoing Authentication 11.2.1 Outgoing Character Mode Connections If the remote device is expecting the information in character mode, the username and password must be sent in a chat script. The chat script should expect the username prompt, send the appropriate username, expect the password prompt, and send the appropriate password. See Chapter 5, Additional Remote Networking,for information on configuring chat scripts. 11.2.
Security Dialback 11.3 Dialback When dialback is used, the SCS verifies the identity of incoming users by logging the port out and dialing the user back at a specified number.
Security 5 Dialback Add users to the dialback database. To add a user to the dialback database, use the Set/Define Dialback command and specify a username and a telephone number. If the user must bypass dialback (regardless of whether Dialback Bypass is enabled or disabled), specify the Bypass parameter.
Security Database Configuration ◆ If dialback is disabled for the site, the connection will proceed without the dialback step. ◆ If normal dialback authentication is enabled for the site, the SCS will offer to call the PPP client back at the site-specific telephone number listed in the dialback database. If the client refuses, the connection will be terminated.
Security Database Configuration ◆ SecurID ACE/Server ◆ UNIX password file, via TFTP You must assign a precedence number to each database method you wish to use. Precedence specifies the search order in which the configured databases will be checked. The database location with the most username/password pairs is usually given the highest precedence (1), setting it as the primary database. By default, the local authentication database has a precedence of 1.
Security Database Configuration 11.4.1.1 Changing the Precedence By default, the precedence for the local database is set to 1. To change the precedence number, use the Set/ Define Authentication Local command. Figure 11-19: Specifying the Precedence Local>> DEFINE AUTHENTICATION LOCAL PRECEDENCE 3 11.4.1.2 Adding Username/Password Pairs To add a username/password pair to the local database, use the Set/Define Authentication Local command.
Security Database Configuration 11.4.1.6 Displaying the Local Database Local database entries can be checked with the Show/Monitor/List Authentication User command. All users, their passwords, and other parameters are listed. Note: See Show/Monitor/List Authentication on page 12-178. 11.4.1.7 Purging the Local Database To remove a particular user from the database, use the Clear/Purge Authentication User command. See Clear/Purge Authentication on page 12-153 for a complete description of this command.
Security Database Configuration To synchronize the SCS and the Kerberos clock, use the Set/Define IP Timeserver command: Figure 11-24: Synchronizing the Clocks Local>> DEFINE IP TIMESERVER 192.0.1.110 2 Designate a precedence number for the Kerberos server.
Security Database Configuration To configure the SCS KVNO, use the Set/Define Authentication Kerberos KVNO command. Figure 11-29: Configuring the SCS KVNO Local>> DEFINE AUTHENTICATION KERBEROS KVNO 1 Note: By default, the KVNO is set to 1. For additional Kerberos configuration instructions, see Set/Define Authentication on page 12-155. 11.4.3 RADIUS The SCS supports the Remote Authentication for Dial-In User Services (RADIUS) protocol. RADIUS is a centrally-located client-server security system.
Security 2 Database Configuration The SCS creates an Access-Request packet that includes the username/password pair, an identification string for the SCS, the port being used for the modem connection, the port type, and other information as needed (see Authentication Attributes in Appendix D for more information). The SCS then encrypts the password and sends the packet to the RADIUS authentication server.
Security Database Configuration For security reasons, it is recommended that you choose a secret string of at least 16 characters containing no obvious or easily-guessable items (such as names, phone numbers, or words that can be found in a dictionary). 11.4.3.2 RADIUS and Character Logins When a user attempts to log into the SCS via a character-mode session (i.e. not through PPP or SLIP), the SCS reports a Service-Type of Login: to the RADIUS server.
Security Database Configuration Accounting-On Sent each time accounting is enabled or re-enabled on the SCS, and when the SCS boots with accounting enabled. Accounting-Start Send when a user logs into the SCS. This type of packet includes the user’s name, port number, and current configuration. Note: EZWebCon users are logged as administrators. Accounting-Stop Send when a connection is logged out or otherwise terminated.
Security Database Configuration SecurID advantages include the following: ◆ Three items are required for authentication: the token card, PIN, and user ID. ◆ The card’s cardcode is constantly changing, thus changing the passcode that the user enters. ◆ If someone eavesdrops on a connection attempt and obtains a passcode, the passcode will not be useful; a new passcode will be required in a few minutes. This enhances the security of Telnet connections.
Security User Restrictions If SecurID receives repeated authentication requests for an invalid username/password pair, it assumes that a login attack is taking place. SecurID will react by continually slowing its responses to the SCS. This problem can be avoided by ensuring that SecurID has the highest precedence number. For example, if you’re using SecurID, Kerberos, and a UNIX password file, set SecurID’s precedence to 3.
Security User Restrictions 11.5.1 Privileged Commands Many of the SCS commands require privileged user (superuser) status. To become the privileged user, use the Set Privileged command. The default privileged password is system. Figure 11-36: Set Privileged Command Local>> SET PRIVILEGED Password> system (not echoed) Local>> Note: To change the privileged password, use the Set/Define Server Privileged Password command, described on page 12-124. Only one user may have privileged status at any time.
Security User Restrictions To enable or disable PPP or SLIP on a port, use the Define Ports PPP/Define Ports SLIP commands: Figure 11-38: Disabling PPP and SLIP Local>> DEFINE PORT 2 PPP DISABLED Local>> DEFINE PORT 2 SLIP DISABLED 11.5.4 Securing a Port When a port is secure, users on that port will be prevented from editing many of the port’s settings. In addition, they will only be able to display a limited amount of information using Show/Monitor/List commands.
Security Network Restrictions To execute commands when the user logs into the SCS, first ensure that authentication databases have been configured; see Database Configuration on page 11-8 for instructions. Then associate commands with the username using the Set/Define Authentication User Command command. The commands you specify will be executed when the user is successfully authenticated.
Security Network Restrictions In Figure 11-43, the first command prevents all incoming Telnet and Rlogin connections. The second command permits the connections, but requires that the login password be entered before the connection is permitted. When Incoming None is specified, incoming SSH connections are also denied. The other parameters do not affect incoming SSH connections. 11.6.
Security Network Restrictions Filter lists are associated with sites. Sites use filter lists for the following purposes: Table 11-1: Types of Filter Lists Type of Filter List Purpose Idle Determines whether the site will remain active. Packets that pass the filter will reset the site’s idle timer, preventing the site from being timed out. Incoming Determines whether to forward incoming packets received from a remote site. Packets that pass the filter will be forwarded.
Security Event Logging 11.6.4.2 Preventing All IP Traffic To prevent all IP packet traffic, you do not need to use a filter list. Instead, use the Define Site IP Disabled command. Figure 11-46: Preventing IP Packet Traffic Local>> DEFINE SITE irvine IP DISABLED 11.6.4.3 Setting Up a Filter List Configuring filter lists involves two primary steps: creating the filter list, and associating the list with a particular site.
Security Event Logging 11.7.1 Setting the Destination In order to use logging, the SCS must be configured to send logging information to one of the following destinations: ◆ A TCP/IP host running syslog ◆ SCS memory ◆ The SCS serial console port, typically port 1 ◆ A file stored locally on the SCS. The default disk location is /ram. To specify the logging destination, use the Set/Define LoggingDestination command. A colon must be appended to the IP address or IP host name.
Security Event Logging Table 11-2: Events Logged by the SCS, To Log Events Associated With: IP Modems The Following Options are Available: (Numbers Reflect Logging Level) 2 Unauthorized Users 3 Dialback Failures 4 Dialback Successes 5 Dialback Attempts 6 Modem Chat 1 Errors 2 Packets that Trigger Remote Connections 3 Routing Table/Interface Changes 4 Incoming/Outgoing RIP Packets 5 Resulting Routing Table 6 Contents of All RIP Packets 7 Routed Packets 1 Problems 2 Call Statis
Security Examples Table 11-2: Events Logged by the SCS, To Log Events Associated With: cont. The Following Options are Available: (Numbers Reflect Logging Level) System 7 Chat Scripts 8 Modems and Dialback Enabled Disabled For example, to record all logins and send the information to the console port, use the following command: Figure 11-51: Logging All Logins Local>> DEFINE LOGGING AUTHENTICATION 3 Note: Logging passwords may compromise security.
Security Examples Figure 11-53 shows how to configure the SCS in this situation: Figure 11-53: Configuring Database Order Local>> Local>> Local>> Local>> Local>> Local>> Local>> Local>> DEFINE DEFINE DEFINE DEFINE DEFINE DEFINE DEFINE DEFINE AUTHENTICATION AUTHENTICATION AUTHENTICATION AUTHENTICATION AUTHENTICATION AUTHENTICATION AUTHENTICATION AUTHENTICATION RADIUS PRECEDENCE 2 RADIUS PRIMARY 192.0.1.55 PORT 1640 TFTP PRECEDENCE 3 TFTP PRIMARY 192.0.1.87 TFTP SECONDARY 192.0.1.
Security ◆ Examples There is one SLIP user that will use site SlipMan. This site has password exception; once the password is entered, the site must automatically enter SLIP mode. Port 2 must be configured to automatically detect PPP so that it can begin running PPP and CHAP when necessary. The port must not be dedicated to PPP, however, because other connections will be using the same port. In order to authenticate the SLIP user, SLIPdetect must be disabled.
Security Examples ◆ Prevents IP spoofing ◆ Permits outgoing Telnet connections ◆ Permits SMTP (Simple Mail Transfer Protocol) traffic to the local SMTP server, 192.0.1.102. The backup SMTP server is 192.0.1.103 ◆ Permits NNTP (Network News Transfer Protocol) traffic between the local NNTP server, 192.0.1.104, and the remote NNTP server, 192.0.2.100 ◆ Permits outgoing FTP connections ◆ Denies X-Windows traffic, but permits incoming TCP/IP traffic to ports 1023 and higher.
Security Examples To permit SMTP traffic between the SCS and the local and backup SMTP servers, the following commands are required: Figure 11-61: Permitting SMTP Traffic to SMTP Servers Local>> DEF 192.0.1.102 Local>> DEF 192.0.1.102 Local>> DEF 192.0.1.103 Local>> DEF 192.0.1.103 FILT fw_i ADD ALLOW IP TCP DPORT EQ SMTP SPORT GT 1023 DST 255.255.255.255 FILT fw_i ADD ALLOW IP TCP SPORT EQ SMTP DPORT GT 1023 ACK DST 255.255.255.255. FILT fw_i ADD ALLOW IP TCP DPORT EQ SMTP SPORT GT 1023 DST 255.255.255.
Security Troubleshooting Outgoing finger requests are permitted and incoming requests are prevented using this command: Figure 11-67: Permitting Outgoing Finger Requests Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ FINGER DPORT GT 1023 ACK To use firewall fw_i as an incoming filter list for site irvine, the Define Site Filter Incoming command is used: Figure 11-68: Configuring a Firewall Local>> DEF SITE irvine FILTER INCOMING fw_i 11.8.
Security Troubleshooting The following example assumes the terminal is connected to the console port (port 1). Figure 11-71: Configuring Authentication Event Logging Local>> SET LOGGING Local>> SET LOGGING Fri Jan 26 13:44:40 Fri Jan 26 13:44:40 Fri Jan 26 13:44:49 Method Local Fri Jan 26 13:45:27 Method Local Fri Jan 26 13:45:39 denied. Fri Jan 26 13:45:49 granted.
12: Command Reference This chapter describes all commands that can be used with the SCS. To recap the types of commands (Set/ Define, Show/Monitor/List, Clear/Purge), see Chapter 2, Getting Started. Most Define commands are documented with their corresponding Set commands, but some are listed separately under the Define keyword. Monitor and List commands are documented with their corresponding Show commands.
Command Reference ◆ Default settings, where applicable ◆ Examples of the command ◆ Cross-references to related commands About Strings 12.2 About Strings When a command calls for a string, the following two things must be taken into consideration. First, any user-entered strings should be enclosed in quotes to retain the case entered.
Command Reference Navigation/Help Commands 12.4 Navigation/Help Commands 12.4.1 Apropos APROPOS keyword Displays commands containing the specified keyword. If a command containing the keyword cannot be found, the SCS will display “nothing appropriate.” The SCS will not display all relevant commands. If there are any logout commands, such as Set Ports and Define Ports, only one will be shown (in this case, Set Ports).
Command Reference Restrictions Navigation/Help Commands You must be the privileged user to use the All parameter. Secure users may not send broadcasts. Errors An error will be returned if the port broadcasted to is flow controlled or if the server does not have broadcast enabled. The sender is notified if a message was not received. Parameters All Sends the message to all ports. Ports Specifies a particular port as recipient of the message. Must be used with the PortNum parameter.
Command Reference Navigation/Help Commands 12.4.
Command Reference Navigation/Help Commands Errors For the /pccard1 and /pccard 2 parameter, you will receive an error if either the specified card is not a storage card or if there is no card in the slot. Parameters Cat Displays an entire file in your terminal window. Cd Changes your current working directory. Chmod Changes permissions for a file or directory. To assign permissions, enter a 3digit number. The first digit represents the owner’s permissions.
Command Reference Navigation/Help Commands /PCCard1 Formats an ATA flash card for use in an SCS PC card slot. An unformatted card can not be used by the SCS. name Names the specified disk Fsck Checks the SCS filesystem and corrects any problems. Head Outputs the beginning of a string. Ln Creates a hard or soft link for files, linking a file or set of files to another file. using no flag creates a hard link. Adding the -s flag creates a soft link. Ls Displays the contents of a directory.
Command Reference Navigation/Help Commands Rm Removes files and/or directories from the RAM and Flash disks. The possible flags are: -i Prompts for a Y (yes) or N (no) before the file is removed. -r Removes an entire directory and all of its subdirectories. Rmdir Removes a directory from the specified disks. The command can only be used if the directory is empty. If the directory is full, you must add the DISK RM rf command.
Command Reference Navigation/Help Commands 12.4.6 Finger FINGER username @host FINGER This command is based on the UNIX Finger command that displays local and remote users. If a username is specified, information about that username will be displayed. If the user@hostname parameters are specified, information regarding user user on TCP/IP host host will be displayed. Using the Finger command without any parameters will display all current logins. Restrictions Secure users cannot use the finger command.
Command Reference See Also Navigation/Help Commands Backwards, page 12-3;Set/Define Ports Forward Switch , page 12-65; Show/ Monitor Sessions, page 12-90; Port-Specific Session Configuration, page 8-4 12.4.8 Help HELP command parameter Accesses the SCS Help system. Using the Help command without any parameters displays all available commands. Specifying a command gives information about that command a list of its parameters.
Command Reference Navigation/Help Commands 12.4.11 Ping PING hostname num Sends a TCP/IP request for an echo packet to another network host. This provides an easy way to test network connections to other TCP/IP hosts. In general, any host that supports TCP/IP will respond to the request if it is able, regardless of login restrictions, job load, or operating system. If there is no reply from the host, this may indicate a network or TCP/IP configuration problem.
Command Reference Navigation/Help Commands 12.4.13 Save AUTHENTICATION FILTER filtername ROUTER IP SECURITY PortList PORT ALL SAVE SERVER name SERVICE ALL SNMP LOGGING MENU Saves current configurations (made with the Set command) into the permanent database. This treats configurations as if they were made using the Define command.
Command Reference Navigation/Help Commands PortList A port number or list of ports. Port numbers should be separated with commands (for lists) or dashes (for ranges). All Saves the settings for all ports or services to the permanent database. Server Save all the server characteristics to the permanent database. Service Save the current characteristics of a local service to the permanent database.
Command Reference Navigation/Help Commands Node Displays information for all queue entries requested from the specified node. Must be used in conjunction with the nodename parameter. nodename Specifies a particular node. All Displays information for all ports and nodes. Note: All is the default setting for Show/Monitor Queue. Service Displays information for all queue entries for the local service specified with the ServiceName parameter. ServiceName Specifies a service name of up to 16 characters.
Command Reference Note: Examples Navigation/Help Commands In the absence of a PortNum or the All or Ethernet parameters, the configuration will affect the current port.
Command Reference IP/Network Commands 12.5 IP/Network Commands 12.5.1 Clear/Purge Hosts CLEAR ALL TELNET HOSTS PURGE username Removes a TCP/IP host entry from the SCS table of known hosts. If Clear is used and the host was seen through the rwho facility, it will reappear as soon as that machine broadcasts again. A host will also reappear if a user Connects to it. Restrictions Requires privileged user status.
Command Reference IP/Network Commands 12.5.3 Clear/Purge IP Route DEFAULT CLEAR IP ROUTE address PURGE ALL Removes a static IP route. Restrictions Requires privileged user status. Parameters Default Clears or purges default IP routes. address An IP address in standard numeric format (for example, 193.53.2.2). All Clears or purges static IP routes. Examples Local>> PURGE IP ROUTE 192.0.1.
Command Reference IP/Network Commands 12.5.5 Clear/Purge IP Trusted CLEAR IPTRUSTED address PURGE ALL Removes all entries from the trusted router table. Restrictions You must be the privileged user to use this command. Parameters address An IP address in standard numeric format (for example, 193.53.2.2). All Clears or purges the entire security table. Examples Local>> PURGE IP TRUSTED 192.0.1.
Command Reference IP/Network Commands A colon and session environment string can be added to the connect request (see Setting Session Characteristics on page 8-6). A colon and a port number can be added to the hostname for TCP/Telnet/ Rlogin sessions; in this case, the specified port number will be used for the connection. There should be no spaces between the hostname, colon, and port number or environment string.
Command Reference Examples See Also IP/Network Commands Local> Local> Local> Local> Local> Local> CONNECT CONNECT CONNECT CONNECT CONNECT CONNECT TELNET 145.34.35.11:245 TCP labsun RLOGIN 145.34.35.14 RLOGIN docserver mary SSH ogun nathan “ls -l” Set/Define Ports Password, page 12-70; Disconnect, page 12-20; Preferred/ Dedicated Protocols & Hosts, page 8-7 12.5.
Command Reference IP/Network Commands 12.5.9 Rlogin RLOGIN hostname username Requests an Rlogin connection to a specified host, or the preferred TCP host if no host is specified. Note: Rlogin is an abbreviation for Connect Rlogin, described on page -18. Errors An error is returned if Rlogin is not enabled. Secure users may only use the Rlogin command if it has been enabled by the server by a privileged user.
Command Reference IP/Network Commands EC Erase Character EL Erase Line GA Go Ahead IP Interrupt Process NOP No Operation SYNCH Synchronize 12.5.11 Set/Define 80211 After you enter an 80211 configuration command, you must reboot the unit for the changes to take effect. You can also enter the Set 80211 Reset command for all configuration commands except the Set/Define 802.11 Enabled/Disabled command, which requires a reboot. Note: These commands are only valid on the SCS200. 12.5.11.
Command Reference IP/Network Commands Disabled Prompts the SCS to only look for a compatible 10/100BASE-T wired Ethernet connection at startup. You must reboot the SCS after entering this command. Defaults Enabled See Also Show 80211, page 12-42; 802.11 Configuration, page 2-10 12.5.11.2 Set/Define 80211 Antenna SET RX list 80211 ANTENNA TX DEFAULT DEFINE Controls the antenna(s), if any, on the installed wireless card.
Command Reference IP/Network Commands 12.5.11.3 Set/Define 80211 Channel SET num 80211 CHANNEL DEFINE ANY Sets the SCS operating frequency within the 2.4 GHz band allotted to wireless networking. A directsequence 802.11 network on one channel will affect reception on channels up to two numbers away. For best performance on collocated wireless networks, you should select channels that are at least five channels apart from each other.
Command Reference Restrictions IP/Network Commands Requires privileged user status. Only applies to the SCS200. Errors If you enter a command that is not applicable to the 802.11 card currently in use, you will receive an Error message. Parameters name Enter a string of up to 32 characters. If the string contains lowercase letters or non-alphanumerics, it may need to be enclosed in double-quotes to be processed properly.
Command Reference IP/Network Commands 12.5.11.6 Set/Define 80211 MAC Address SET CARD 80211 MACADDRESS DEFINE SCS Configures which of the two available MAC addresses the SCS will use on the network—its own or that of the attached 802.11 wireless networking PC card. The SCS MAC address, which is the same as its hardware address, is printed on bottom label of the SCS.
Command Reference IP/Network Commands Errors If you enter a command that is not applicable to the 802.11 card currently in use, you will receive an Error message. Parameters AdHoc Specifies that the SCS is communicating with other wireless devices in a peerto-peer capacity. Infrastructure Specifies that the SCS is communicating with an Access Point (AP). Defaults Infrastructure Examples Local>> DEFINE 80211 NETWORKMODE ADHOC Local>> SET 80211 RESET See Also Show 80211, page 12-42; 802.
Command Reference IP/Network Commands 12.5.11.9 Set/Define 80211 Region FCC IC SET ETSI 80211 REGION DEFINE SPAIN FRANCE MKK Sets the regulatory region under which you will operate the SCS. Users in the United States can leave this at the default setting (FCC). Other users should set it to correspond with their region.
Command Reference IP/Network Commands Parameters Reset Resets the SCS to make all 802.11 changes take effect immediately. This command should be entered anytime you make an 802.11 configuration change. It also clears out any previous errors and starts over with the current 802.11 parameters. See Also Show 80211, page 12-42; 802.11 Configuration, page 2-10 12.5.11.11 Set/Define 80211 RTS SET 80211 RTS num DEFINE Changes the RTS threshold value.
Command Reference IP/Network Commands 12.5.11.12 Set/Define 80211 WEP ENABLED DISABLED SET INDEX num 80211 WEP KEY keydata DEFINE ALL RECEIVE ENCRYPTED Enabling WEP (Wireless Equivalent Privacy) means the SCS will only connect to an AP (in infrastructure mode) or communicate with other ad-hoc peers (in ad-hoc mode) that have been programmed with the same WEP key as the SCS.
Command Reference IP/Network Commands Receive Determines whether the SCS will receive unencrypted data while WEP is enabled. All Allows reception of encrypted traffic while WEP is enabled. The SCS will accept unencrypted wireless network frames, as well as frames encrypted with its WEP key. This is the default setting once WEP has been enabled. Encrypted Refuses to accept unencrypted data while WEP is enabled.
Command Reference IP/Network Commands 12.5.
Command Reference IP/Network Commands TTLnum An integer between 1 and 127, inclusive. Default If enabled, IP routing updates will advertise this router as the “default” route. Default is commonly used to avoid large routing tables when there is only one possible path to a large number of networks. MTU Sets the maximum Transmission Unit, or “packet size” for this interface. Packets larger than this value will be IP fragmented when transmitted.
Command Reference IP/Network Commands num An integer between 1 and 16, inclusive. Commonly used to make a given interface less desirable for backup routing situations. Trusted When enabled, this interface will only listen to routing updates from routers specified by the Set/Define IP Trusted command. Otherwise, this interface will listen to all routing updates.
Command Reference IP/Network Commands 12.5.15 Set/Define IP Domain DomainName SET PROTOCOLS IP DOMAIN NONE DEFINE Sets the default domain suffix. This suffix is appended to host names during IP name resolution. Restrictions Requires privileged user status. Parameters DomainName A string of up to 64 characters. None Clears an existing domain suffix. Defaults None (no domain defined) Examples Local>> SET IP DOMAIN your.domain.
Command Reference IP/Network Commands 12.5.18 Set/Define IP IPaddress SET PROTOCOLS IP IPADDRESS address DEFINE Specifies the server’s IP address for TCP/IP connections. The address must be specified using the address parameter, described below. Restrictions Requires privileged user status. Errors An error is returned if there are active connections to the SCS. An error is returned if the address is in use by another node.
Command Reference IP/Network Commands Parameters address An IP address in standard numeric format (for example, 193.0.1.5). See Also Configuring the Domain Name Service (DNS), page 6-7 12.5.21 Set/Define IP NBNS SET PROTOCOLS IP DEFINE SECONDARY NBNS address Specifies the address of the NetBIOS Name Server (NBNS) used for NetBIOS over an IP network. NBNS addresses are passed via PPP to remote users who want to locate the name server dynamically.
Command Reference Parameters IP/Network Commands Default Configures a default route. If an explicit route to a destination network doesn’t exist, the packet will be routed according to the default route. Static default routes are used when another router is the designated default route. If this router is to advertise itself as the default router, see Set/Define IP All/Ethernet Default, page 12-32. destination An IP address in standard numeric form.
Command Reference IP/Network Commands Restrictions Requires privileged user status. Defaults Enabled See Also IP Routing, page 6-15 12.5.24 Set/Define IP Security SET PROTOCOLS IP SECURITY DEFINE ADDRESS address BOTH ENABLED INCOMING DISABLED OUTGOING PORTS PortList ENABLED PRINTER DISABLED Adds or changes entries in the IP security table. Restrictions Requires privileged user status.
Command Reference IP/Network Commands PortList A port or series of ports to be restricted. Multiple ports must be specified with a comma; ranges of ports must be specified with a dash (-). Printer Enables or disables LPR and RTEL printing from the specified host(s). Defaults Both Enabled, Printing Enabled Examples Local>> SET IP SECURITY ADDRESS 192.0.1.255 INCOMING ENABLED OUTGOING DISABLED Local>> SET IP SECURITY 134.0.1.
Command Reference IP/Network Commands 12.5.26 Set/Define IP Timeserver DAYTIME address BROADCAST SET PROTOCOLS IP TIMESERVER NTP IP ipaddress DEFINE PASSIVE NONE Configures a timeserver for the SCS to use to update its internal clock. The SCS can communicate with either Daytime or Network Timeserver Protocol (NTP) servers.
Command Reference IP/Network Commands 12.5.27 Set/Define IP Trusted SET PROTOCOLS IP TRUSTED address RIP ENABLED DEFINE DISABLED Configures a list of trusted routers. When Set/Define IP All/Ethernet Trusted is enabled, the SCS will only listen to RIP updates from routers in this list. Restrictions Requires privileged user status. Parameters address An IP address in standard numeric format (for example, 193.0.1.50).
Command Reference IP/Network Commands 12.5.29 Show/Monitor/List Hosts SHOW MONITOR TELNET HOSTS LIST hostname ALL LOCAL Displays either the currently available TCP/IP (Telnet/Rlogin) hosts (Show) or the ones that have been Defined locally in the host table (List). Hosts will be shown with the method of discovery (rwho, connection, host table, etc.) and will also be marked if they are the current nameserver and/or gateway.
Command Reference IP/Network Commands Restrictions You must be the privileged user to use the Monitor command. Parameters [No Parameters] Entering the Show IP command without additional keywords will display general IP protocol information, including the following counters. The Reasons fields show counters in hexadecimal with the rightmost bit being 0. For example, a Connect Failure Reason of 0040 represents 0000 0000 0100 0000 in binary, which means that bit 6 is set.
Command Reference IP/Network Commands Ethernet Displays information about a particular Ethernet interface. To specify the interface, use the num parameter. num An integer specifying a particular Ethernet interface. SiteName A particular site whose IP information will be displayed. Cache Displays cache statistics. Trusted Displays trusted IP routers. Timeserver Displays the timeserver. Hashtable Displays the routing table's hash table statistics.
Command Reference Port Commands 12.6 Port Commands 12.6.1 List Email LIST EMAIL emailsite ALL When entered without any parameters, displays all emailsite configurations that will take place the next time that emailsite is used. Using the emailsite parameter will show the configurations for that specific site, while the All parameter will show a detailed listing of all emailsites. Restrictions Requires privileged user status. Parameters emailsite Enter the name of an emailsite.
Command Reference Port Commands 12.6.3 Logout Port LOGOUT PORTPortlist Logs out a port. Active sessions are disconnected, and all site circuits are closed. Restrictions Only privileged users can log out a port or site other than their own. Parameters Port Logs out the list of ports specified with the PortList parameter. PortList Specifies a port or series of ports to be logged out. Multiple ports must be separated by commas (for lists) or dashes (for ranges).
Command Reference Port Commands 12.6.5 Purge Email PURGE EMAIL emailsite Removes an emailsite. Restrictions Requires privileged user status. Parameters emailsite Enter the name of an emailsite. See Also Define Email, page 12-49; Define Ports Event Email Serialdata, page 12-64; Event Port Logging, page 3-2 12.6.6 Resume RESUME SESSION number Leaves character (Local>) mode and resumes the current (active) session.
Command Reference Port Commands 12.6.8 Define Email TO address FROM string DEFINE EMAIL emailsite SUBJECT subject MAILHOST mailhost REPLYTO address Configures email notification in a format known as an emailsite, which contains all of the information needed when email notification for port buffering is enabled. Emailsites can be named default or portxx, where xx is the port number. The portxx sites will be used for email notification on that port, e.g.
Command Reference Parameters Port Commands emailsite Enter the emailsite name. The only valid names are “default” and “portxx,“ where xx is the port number. To Sets the recipient(s) of the email. address Enter an email address, or a series of email addresses separated by commas. Enclose the address in quotes to preserve case and spaces. The max number of characters for this field is 64 characters. Most SMTP mail servers require a domain name on the To/From names, e.g. admin@strut.
Command Reference Port Commands Restrictions Requires privileged user status. Errors If a port is active, its access cannot be set. Autobaud must be disabled for Remote and Dynamic ports. Parameters Note: PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the current port only.
Command Reference Port Commands Defaults Disabled See Also Clear/Purge Authentication, page 12-153; Set/Define Authentication, page 12155; Show/Monitor/List Authentication, page 12-178; Ports Not Using Automatic Protocol Detection, page 4-12; Port Restrictions, page 8-8 12.6.11 Set/Define Ports Autobaud SET PortList AUTOBAUD ENABLED PORTS ALL DISABLED DEFINE Enables a port to detect the incoming baud rate and change its own to match at login time.
Command Reference Port Commands 12.6.12 Set/Define Ports Autoconnect SET PortList AUTOCONNECT ENABLED PORTS ALL DISABLED DEFINE If enabled, the port connects automatically to the preferred service upon login. To exit to character (Local> ) mode, the Break command can be used. To attach other services, the Connect command can be used. Restrictions Requires privileged user status to use this command on ports other than your own. Secure users may not use this command.
Command Reference Port Commands If the port is in Dedicated mode, the autostart characters can be sent to the host as the first bytes of data. In all other modes, autostart characters are discarded. Restrictions Requires privileged user status. Errors Autostart and Autobaud are incompatible. If the port is set for Autobaud, enabling Autostart will disable Autobaud and produce an error message. The Save parameter is only applicable when the port is configured with a dedicated host.
Command Reference Port Commands Defaults Disabled Examples Local> DEFINE PORTS 2 AUTOSTART ENABLED Local> DEFINE PORT 1 AUTOSTART CHARACTER A Local> DEFINE PORT 1 AUTOSTART SAVE 1 See Also Starting Automatically, page 8-2 12.6.14 Set/Define Ports Backward Switch character SET PortList BACKWARD PORTS SWITCH ALL NONE DEFINE Defines a “backward” key.
Command Reference See Also Port Commands Backwards, page 12-3; Set/Define Ports Forward Switch, page 12-65; Set/ Define Ports Local Switch, page 12-67; Switching Between Sessions, page 8-5 12.6.15 Set/Define Ports Break LOCAL SET PortList BREAK REMOTE PORTS ALL DEFINE NONE Determines where processing of the Break key will take place. Restrictions Requires privileged user status if you want to use this command on ports other than your own.
Command Reference Port Commands 12.6.16 Set/Define Ports Broadcast SET PortList BROADCAST ENABLED PORTS ALL DEFINE DISABLED Enables or disables other users’ broadcasts to this port. Broadcasts are typically disabled when extra messages are not desired on the port’s output device. Restrictions Requires privileged user status if you want to use this command on ports other than your own. Secure users may not use this command.
Command Reference Port Commands 7 or 8 Character size must be either 7 or 8 bits. Defaults 8 bits Examples Local>> SET PORTS CHARACTER SIZE 7 See Also Set/Define Ports Autobaud, page 12-52; Set/Define Ports Parity, page 12-69; Chapter 9, Modems 12.6.18 Set/Define Ports Command Completion SET ENABLED PortList COMMAND PORTS COMPLETION ALL DEFINE DISABLED Enables or disables the command completion feature.
Command Reference Port Commands 12.6.19 Set/Define Ports Datasend IDLE num TIMEOUT FRAME num NONE x SET PortList DATASEND y PORTS CHARACTER ANY ALL DEFINE ANY NONE 1 SAVE 2 NONE Changes the amount of time the SCS will allow serial characters to accumulate before sending them to the host.
Command Reference Port Commands Frame Defines the timeout as the time since the current “character burst” was started. None Clears previous timeout settings, so the transmission takes place whenever the SCS decides to send the data. Character Sets a trigger that transmits any accumulated data as soon as the specified one or two byte character sequence is detected in the data stream. x Enter the desired alphanumeric character. To specify a control character, use escaped hex (\xx).
Command Reference Port Commands 12.6.20 Define Ports Dedicated DEFINE PORTS PortList DEDICATED ALL RLOGIN host SSH :EnvString TCP NONE Sets up a dedicated Rlogin, SSH, or Telnet host or service that the specified port will connect to whenever it is logged in. The type of dedicated connection is specified with the environment string. If no environment string is specified, the connection will be Telnet by default.
Command Reference Port Commands envstring Sets up the connection environment before the session is started. For a description of all available environment strings, see Appendix A, Environment Strings. If no environment string is specified with the TCP parameter, the connection will default to a Telnet connection. Examples Local>> DEFINE PORT 5 DEDICATED 192.0.1.
Command Reference Port Commands 12.6.22 Set/Define Ports DSRLogout SET PortList DSRLOGOUT ENABLED PORTS ALL DISABLED DEFINE When enabled, the port will be logged out when the port’s DSR signal is dropped. This usually only occurs when the attached terminal device is powered off or disconnected; it is intended to keep users from switching terminal lines to access other sessions. Any open connections will be closed before logging out. Restrictions Requires privileged user access.
Command Reference See Also Port Commands Define Ports Modem Control, page 12-97; Set/Define Ports Flow Control, page 12-64; DTR (Data Terminal Ready), page 8-22 12.6.24 Define Ports Event Email Serialdata DEFINE PORTS PortList EVENT EMAIL SERIALDATA ENABLED ALL DISABLED Enables email notification for the serial buffering feature. This command automatically changes the specified port’s access to Remote if not already set.
Command Reference Parameters Note: Port Commands PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the current port only. None No flow control will be performed. CTSRTS Sets the flow control type to RTS/CTS. XONXOFF Sets the flow control type to XON/XOFF.
Command Reference Port Commands character The character to be used as the forward switch. To specify a control character, use escaped hex (\xx). For example, Ctrl-B (ASCII character 0x02) would be specified as \02. None Clears the current switch character.
Command Reference Port Commands 12.6.28 Set/Define Ports Local Switch SET character PortList LOGOUT PORTS SWITCH ALL DEFINE NONE Defines a “local switch” key. From character (Local>) mode, typing this key functions as if the Forward command was entered; the user may switch to the previous session without entering character mode. Any key can be specified unless it conflicts with SCS line editing or the Break or Forward/Backward keys.
Command Reference Port Commands 12.6.29 Set/Define Ports Loss Notification SET ENABLED PortList LOSS PORTS NOTIFICATION ALL DEFINE DISABLED Sends the terminal device a Ctrl-G (Bell) when a typed character is lost due to a data error or an overrun on the SCS. Restrictions Requires privileged user status if you want to use this command on a port other than your own. Secure users may not use this command.
Command Reference See Also Port Commands Clear/Purge Menu, page 12-115; Set/Define Menu, page 12-116; Show/ Monitor/List Menu, page 12-130; Enabling Menu Mode, page 8-12; Configuring Menu Mode, page 3-3 12.6.31 Set/Define Ports Name SET PortList NAME portname PORTS ALL DEFINE Sets a unique name for each port, or a common name for a group of ports.
Command Reference Port Commands Errors Autobaud will not work unless the port is using 8 bit characters, or 7 bit characters with even parity. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). Note: In the absence of a PortList or the All parameter, the configuration will affect the current port only.
Command Reference Port Commands 12.6.34 Set/Define Ports Preferred RLOGIN SET host :EnvString PortList PREFERRED PORTS SSH ALL DEFINE NONE TCP Specifies a default service for this port. The SCS will attempt to use the preferred service for Autoconnecting, as well as when no service name is specified in a Connect, Telnet, SSH, or Rlogin command. If no environment string is specified, the service will be a Telnet connection by default.
Command Reference Port Commands Examples Local>> SET PORT 2 PREFERRED TELNET 192.0.1.3 Local>> SET PORT 3 PREFERRED todd See Also Connect, page 12-18; Rlogin, page 12-21; Set/Define Ports Autoconnect, page 12-53; Define Ports Dedicated, page 12-61; Setting Session Characteristics, page 8-6 12.6.
Command Reference Port Commands Dedicated Configures a port to always be in PPP mode. The port will automatically run PPP when it is started. No other protocol can be run on the port; it will continue to run until it is logged out. ACCM Enters an asynchronous control map in hexadecimal. Bits turned on represent ASCII characters that will be escaped in the PPP data stream. See Character Escaping on page 7-2 for more information. map A hexadecimal value between 0x00000000 and 0xffffffff.
Command Reference Port Commands HeaderCompression Enables or disables compression of PPP headers. See Header Compression on page 7-1 for more information. MagicNumber Controls PPP magic numbers. ProtocolCompression Configures the compression of protocol information in PPP. Timeout Sets the timeout value, in tenths of seconds, for the Link Control Protocol and all Network Control protocols. time An integer between 1 and 255, representing a length of time in tenths of seconds.
Command Reference Port Commands 12.6.36 Define Ports PPPdetect DEFINE PORTS PortList PPPDETECT ENABLED ALL DISABLED Automatically detects incoming PPP characters and starts running PPP. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges).
Command Reference Port Commands 12.6.38 Set/Define Ports Security SET PortList SECURITY ENABLED PORTS ALL DISABLED DEFINE Setting a port to Secure status restricts its access to SCS commands and the ability to get information about other ports using Show/List commands. Privileged commands are not available to secure users. Certain other commands cannot be entered for a port other than the secure user’s own port. Restrictions Requires privileged user status.
Command Reference Port Commands number The maximum size, in KB, of the log file. Enter an integer between 0 and 250. A value of 0 turns logging off. Defaults No logging See Also Set/Define Ports Access, page 12-50; Define Email, page 12-49; Define Ports Event Email Serialdata, page 12-64 12.6.40 Set/Define Ports Session Limit SET PortList SESSION LIMIT limit PORTS ALL NONE DEFINE Limits the number of active sessions on a port.
Command Reference Port Commands 12.6.41 Set/Define Ports Signal Check ENABLED SET PortList SIGNAL PORTS CHECK ALL DISABLED DEFINE Determines whether or not the DSR signal will be checked for when remote connections to the port are made. If enabled, remote connections to the port will not be permitted unless the DSR signal is asserted. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports.
Command Reference See Also Port Commands Set/Define Ports SLIPdetect, page 12-79; Set SLIP, page 12-87; Show/ Monitor/List Ports SLIP, page 12-88; Starting PPP/Slip for Incoming Connections, page 4-10 12.6.43 Set/Define Ports SLIPdetect SET PortList SLIPDETECT ENABLED PORTS ALL DISABLED DEFINE Automatically detects and starts running SLIP. Be aware that automatically running SLIP is a potential security hazard. Restrictions Requires privileged user status.
Command Reference Port Commands speed One of the following baud rates: 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200, and 230400. Defaults 9600 baud Examples Local>> SET PORTS SPEED 2400 See Also Set/Define Ports Autobaud, page 12-52; Modem Speeds, page 9-2 12.6.45 Set/Define Ports Stop SET PortList STOP 1 PORTS ALL 2 DEFINE Specifies the stop bit count for the port. The default is to use one stop bit.
Command Reference Parameters Note: Port Commands PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the current port only. Defaults Enabled See Also Padding Return Characters, page 8-13 12.6.
Command Reference Port Commands 12.6.48 Set/Define Ports Type ANSI SET PortList TYPE PORTS SOFTCOPY ALL DEFINE HARDCOPY Describes the type of device connected to the port. Restrictions Requires privileged user status to use this command on ports other than your own. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges).
Command Reference Parameters Note: Port Commands PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the current port only. username A name of up to 16 characters in length, converted to all uppercase unless enclosed in quotes. None Clears a current username. Defaults None See Also Specifying a Username, page 8-13 12.
Command Reference Port Commands 12.6.51 Set Privileged/Noprivileged SET PRIVILEGED OVERRIDE NOPRIVILEGED Changes the current port’s privilege status. Only one port on the server can be privileged at any time. The Override parameter is provided to force your current port to become the privileged port (and the previously privileged port loses the privilege). When changing your port to privileged status, you will be queried for the privileged password.
Command Reference Parameters Port Commands Enabled/Disabled Enables or Disables RS-485 mode. By default, the SCS is configured for RS232 networking. Mode When RS-485 Mode is enabled, you must choose either two-wire or four-wire mode. If you do not explicitly set a mode with this command, the SCS will default to four-wire mode. 2Wire Sets the SCS to use two-wire mode. 4Wire Sets the SCS to use four-wire mode.
Command Reference Port Commands 12.6.53 Set Session DELETE DELETE BACKSPACE ENABLED ECHO DISABLED SET SESSION CR NEWLINE LF CRLF INTERACTIVE PASSALL PASTHRU Specifies the characteristics for the current session. Parameters Delete Specifies which character to send as the delete character. Set Session Delete sends a delete character (ASCII 0x7f).
Command Reference Port Commands Passall Disables server interpretation of switch characters, messages, and XON/XOFF flow control. Used for binary transfers, such as executable files and graphics. Pasthru Disables server interpretation of switch characters and server messages, but not XON/XOFF flow control. Used for ASCII file transfers.
Command Reference Parameters Port Commands SiteName A site name of up to 12 characters. If no site name is given, a site with the default site characteristics will be used. IPaddress Defines the non-negotiable remote IP address. address An IP address in standard numeric format (for example, 192.75.2.0). Examples Local> SET SLIP irvine Local> SET SLIP allison IPADDRESS 192.0.1.221 See Also Set/Define Ports SLIPdetect, page 12-79; Starting PPP/Slip for Incoming Connections, page 4-10 12.6.
Command Reference Port Commands Local Displays ports set to Local access. Local access restricts logins on the port to local users. Dynamic Displays ports set to Dynamic access. Dynamic access permits local or remote users to log into the port. Remote Displays ports set to Remote access. Remote access restricts logins on the port to remote (network) users. None Displays ports with access set to None. None prevents all access to the port, including user logins.
Command Reference Port Commands 12.6.57 Show RS485 SHOW RS485 Displays the current RS-485 networking settings, including wire mode, termination, and TXDrive. Restrictions Only applies to the SCS200. See Also Define Protocols RS485, page 12-84; RS-485 Configuration, page 8-15 12.6.58 Show/Monitor Sessions SHOW SESSIONS MONITOR PORT PortNum ALL Displays information about the specified sessions. Restrictions You must be the privileged user to use the Monitor command.
Command Reference Restrictions Port Commands Non-privileged users may only test their own port. Virtual and multisession-enabled ports can only be tested by the user on that port. Parameters PortNum Specifies a particular SCS port. PostScript Sends a Postscript test page to the port instead of ASCII data. Count Specifies the number of test lines to be send, or if in postscript mode, the number of pages to print. Any character will terminate the test.
Command Reference Modem Commands 12.7 Modem Commands 12.7.1 Define Ports Modem Answer COMMAND string DisableString EnableString ENABLED PortList DEFINE PORTS MODEM ANSWER DISABLED ALL RINGS 1 3 Permits or prevents a modem from automatically answering the line, optionally after a specified number of rings. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports.
Command Reference Modem Commands 12.7.2 Define Ports Modem Attention DEFINE PORTS PortList MODEM ATTENTION string ALL Defines a string to get the modem’s attention. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). Note: In the absence of a PortList or the All parameter, the configuration will affect the current port only.
Command Reference Modem Commands 12.7.4 Define Ports Modem CallerID DEFINE PORTS PortList MODEM CALLERID ENABLED ALL DISABLED Configures whether the SCS will look for and attempt to decode Caller-ID information for incoming calls. The SCS should be set to wait for three rings before answering the line so that it has enough time to gather the Caller-ID information. The ring setting can be configured with the Rings command. Restrictions Requires privileged user status.
Command Reference Modem Commands Examples Local>> DEFINE PORT 2 MODEM CARRIERWAIT 40 See Also Profile Settings—Carrierwait String, page 9-5 12.7.6 Define Ports Modem Commandprefix DEFINE PORTS PortList MODEM COMMANDPREFIX sec onds ALL Defines a string to send before the “Init” and other configuration strings. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports.
Command Reference Note: Modem Commands In the absence of a PortList or the All parameter, the configuration will affect the current port only. DisableString A string of up to 12 characters. When this string is received by the modem, data compression will be disabled Note: The DisableString and the EnableString must be entered together. EnableString A string up to 12 characters. When this string is received by the modem, data compression will be enabled.
Command Reference Modem Commands 12.7.9 Define Ports Modem Control DEFINE PORTS PortList MODEM CONTROL ENABLED ALL DISABLED Enables or disables modem handling on the specified port(s). When modem handling is enabled, the assertion and deassertion of modem signals (DSR, DTR, and DCD) control the port’s interaction with the modem, including initializing the modem upon booting and resetting the modem between uses. The SCS monitors DCD to determine if a connection exists.
Command Reference Modem Commands DialString A string of up to 12 characters. Often touch tone dialing is activated with “dt” and pulse dialing is activated with “dp.” Defaults Depends on modem and modem profile. Examples Local>> DEFINE PORT 2 MODEM DIAL “dt” See Also Define Ports Modem Commandprefix, page 12-95; Profile Settings, page 9-5 12.7.11 Define Ports Modem Error DEFINE PORTS PortList MODEM ERROR string ALL Defines a string to expect on outbound calls when the modem encounters an error.
Command Reference Parameters Note: Modem Commands PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the current port only. DisableString A string of up to 12 characters. When the modem receives this string, automatic answering will be disabled. EnableString A string of up to 12 characters.
Command Reference See Also Modem Commands Define Ports Modem Commandprefix, page 12-95; Profile Settings, page 9-5 12.7.14 Define Ports Modem Init DEFINE PORTS PortList MODEM INIT string ALL Defines an initialization string to send to the modem. The string is preceded by the Commandprefix string. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports.
Command Reference Modem Commands Defaults Depends on modem and modem profile. Examples Local>> DEFINE PORT 2 MODEM NOCARRIER “NO CARRIER” See Also Profile Settings, page 9-5 12.7.16 Define Ports Modem Nodialtone DEFINE PORTS PortList MODEM NODIALTONE string ALL Defines a string to expect on outbound calls when the modem can’t detect a dial tone. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports.
Command Reference Note: Modem Commands In the absence of a PortList or the All parameter, the configuration will affect the current port only. string A string of up to 12 characters. Commonly set to “OK.” Defaults Depends on modem and modem profile. Examples Local>> DEFINE PORT 2 MODEM OK “OK” See Also Define Ports Modem Attention, page 12-93; Profile Settings, page 9-5 12.7.
Command Reference Parameters Note: Modem Commands PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the current port only. string A string of up to 12 characters. Commonly set to “RING.” Defaults Depends on modem and modem profile.
Command Reference Modem Commands 12.7.21 Define Ports Modem Speaker ENABLED PortList DEFINE PORTS MODEM SPEAKER DISABLED ALL EnableString DisableString Enables or disables the modem’s speaker. The speaker allows the user to hear the modem’s dialup and connect sequences for debugging purposes. Restrictions Requires privileged user status. Parameters PortList/All Specifies a particular port or group of ports, or all ports.
Command Reference Parameters Note: Modem Commands PortList/All Specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). In the absence of a PortList or the All parameter, the configuration will affect the current port only. string A string of up to 12 characters. Defaults Depends on modem and modem profile.
Command Reference Modem Commands 12.7.24 Show/Monitor/List Modem SHOW MONITOR MODEM num LIST Displays a list of modem profiles. Restrictions You must be the privileged user to use the Monitor command. Parameters num A particular modem profile type to display.
Command Reference Service Commands 12.8 Service Commands 12.8.1 Clear/Purge Service CLEAR LOCAL SERVICE PURGE ServiceName Removes an SCS service. Clearing a service only disables it until re-initialization of the SCS. For a permanent removal, the Purge command must be used. Restrictions Requires privileged user status. Errors Clear Service fails when there are sessions connected to the service or when there are connect requests in the service’s queue.
Command Reference Service Commands number A queue entry number. Node Specifies a particular node from which all connection requests will be removed. Must be used in conjunction with the name parameter. Service Specifies a particular local service; all entries queued to this service will be deleted. Must be used in conjunction with the name parameter. name A node or service name. All Removes all entries in the local service queue.
Command Reference Service Commands 12.8.4 Set/Define Service Banner ENABLED SET SERVICE ServiceName BANNER DISABLED DEFINE Specifies whether the SCS should print a banner page before starting the job. Banners should be disabled (the default) for all PostScript and plotter (binary) data. Restrictions Requires privileged user status. Defaults Enabled See Also Clear/Purge Service, page 12-107 12.8.
Command Reference Parameters Service Commands EndString Any ASCII characters, or non-ASCII characters entered as hexadecimal digits (e.g. \45). The combined length of the SOJ and EOJ strings must not exceed 62 characters. None Clears any previously-configured string. Defaults No string configured See Also Clear/Purge Service, page 12-107 12.8.
Command Reference Service Commands 12.8.9 Set/Define Service Ports PortList ENABLED SET SERVICE ServiceName PORTS ALL DISABLED DEFINE Specifies a list of ports that will support or offer this service. If Enabled or Disabled is specified, the ports listed will be added to or removed from the current list, respectively. If neither option is specified, the new port list will replace the old port list.
Command Reference Service Commands 12.8.11 Set/Define Service PSConvert ENABLED SET SERVICE ServiceName PSCONVERT DEFINE DISABLED Controls whether the SCS will place a PostScript wrapper around each job. The SCS will try to detect if it is already a PostScript job, in which case it would not add an additional wrapper. See Also Clear/Purge Service, page 12-107 12.8.
Command Reference Service Commands 12.8.14 Set/Define Service TCPport SocketNum SET SERVICE ServiceName TCPPORT NONE DEFINE Associates a TCP listener socket with the given service. TCP connections to this socket will be connected to the service. Restrictions Requires privileged user status. Parameters SocketNum A particular socket. The socket number can be an integer from 4000 to 4999. None Clears the current socket number.
Command Reference Service Commands 12.8.16 Show/Monitor/List Services SHOW MONITOR SERVICES LIST LOCAL service ALL CHARACTERISTICS SUMMARY STATUS This command is used to display the characteristics of the services on the network. Remember that this list is masked by the services that this port is eligible to see—users will not see services they cannot connect to. Restrictions You must be the privileged user to use the Monitor command.
Command Reference Server Commands 12.9 Server Commands 12.9.1 Clear/Purge Menu CLEAR ALL MENU PURGE MenuNum Removes a specified menu entry or all menu entries. Restrictions Requires privileged user status. Parameters All Clears all menu entries. MenuNum An integer from 1 through 36 specifying a particular menu entry to be removed.
Command Reference Server Commands Delay Schedules the initialization to take place after a specified number of minutes. Must be used in conjunction with the delay parameter. delay An integer between zero and 120, representing seconds before the initialization. Zero specifies an immediate reboot. Note: Show/Monitor/List Server will display the time remaining before a scheduled initialization. Factory Reloads the factory settings.
Command Reference Parameters Server Commands ItemNum A number (1 through 36) and corresponds to the menu entry you are changing. String A text string, up to 32 characters long, that is displayed to users in the menu screen. Command A string of text, up to 32 characters long, that is displayed to users in the menu screen. TitleString An optional title for the entire menu, up to 48 characters long. This string accepts dynamic print variables, as shown in the table below.
Command Reference Server Commands 12.9.4 Set/Define Server Altprompt ENABLED SET SERVER ALTPROMPT DISABLED DEFINE Enables or disables the alternate UNIX-like prompts at login time. When enabled, the “Username>” prompt is changed to “login:” and the “Password>” prompt is changed to “Password:.” Defaults Disabled See Also Set/Define Server Prompt, page 12-125 12.9.
Command Reference Server Commands 12.9.7 Set/Define Server Buffering SET SERVER BUFFERING buffersize DEFINE Specifies the size of the buffer (in bytes) used for TCP/IP connections. The size can be increased for large data transfers such as file transfers. Restrictions Requires privileged user status. Parameters buffersize Specify the buffer size in bytes between 128 and 8192. Defaults 4096 bytes Examples Local>> SET SERVER BUFFERING 1024 12.9.
Command Reference Server Commands 12.9.9 Set/Define Server Host Limit limit SET SERVER HOST LIMIT NONE DEFINE Sets the maximum number of TCP/IP hosts learned from Rwho that the server will keep information for. Hosts from the preset host table are exempt from this limit. If the new limit is less than the current limit and the host table is full, the limit will be slowly weeded down to the new value. Restrictions Requires privileged user status.
Command Reference Server Commands 12.9.11 Set/Define Server Incoming TELNET SET NONE SERVER INCOMING PASSWORD DEFINE NOPASSWORD Allows or denies incoming connections and enforces password protection if desired. If None is applied, incoming SSH connections will also be denied. The Show Server command shows the status of incoming connection parameters.
Command Reference Server Commands 12.9.12 Set/Define Server Loadhost SET SERVER SECONDARY LOADHOST IPaddress DEFINE Specifies the host to be used for downloads from TCP/IP hosts. The host name must be a numeric IP-style address. The SCS requests its run-time code from this host. Restrictions Requires privileged user status. Parameters IPaddress An IP address in standard numeric format (for example, 193.0.1.50). Examples Local>> DEFINE SERVER LOADHOST 193.23.71.
Command Reference Server Commands Restrictions Requires privileged user status. Parameters passwd Enter a password of 16 or fewer characters. Note: SCS passwords are case-independent, even when enclosed in quotes. Defaults “access” Examples Local>> SET SERVER LOGIN PASSWORD Password> platyp (not echoed) Verification> platyp (not echoed) Local>> See Also Set/Define Server Incoming Password, page 12-121; Login Password, page 810 12.9.
Command Reference Server Commands Parameters IPaddress The network address of the nameserving host, in numeric IP format. Examples Local>> SET SERVER NAMESERVER 192.0.1.49 See Also Set/Define IP Host Limit, page 12-35; Set/Define IP Nameserver, page 12-36; Configuring the Domain Name Service (DNS), page 6-7 12.9.
Command Reference Server Commands Restrictions Requires privileged user status. Parameters passwd Enter a password of 16 or fewer characters. Note: SCS passwords are case-independent, even when enclosed in quotes. Defaults “system” Examples Local>> SET SERVER PRIVILEGED PASSWORD “yodel” Local>> SET SERVER PRIVILEGED Password: ok2bin (not echoed) Verify: ok2bin (not echoed) See Also Set Privileged/Noprivileged, page 12-84; Privileged Password, page 2-6 12.9.
Command Reference Examples Server Commands (shown with the prompt that might result on the next line) Local>> SET SERVER PROMPT “Port %n:” Port 3: SET SERVER PROMPT “%D:%S!” SCS1600:LabServ! SET SERVER PROMPT “%p%S_%n%P%%” Port_5[NoSession]_5>% SET SERVER PROMPT “Lcl_%n>%P” Lcl_3>> See Also Changing the Local Prompt, page 2-8 12.9.20 Set/Define Server RARP ENABLED SET SERVER RARP DISABLED DEFINE Enables or disables querying for a RARP host at system boot time.
Command Reference Server Commands 12.9.22 Set/Define Server Rlogin ENABLED SET SERVER RLOGIN DISABLED DEFINE Restricts the use of the Rlogin command from the server. If Rlogins are disabled, you may not Rlogin to remote hosts. Incoming Rlogin connections may still be permitted, depending on the current Set/Define Server Incoming setting. Restrictions Requires privileged user status. Defaults Disabled 12.9.
Command Reference Server Commands Restrictions Requires privileged user status. Defaults Disabled 12.9.25 Set/Define Server Software SET SERVER SOFTWARE filename DEFINE Specifies the name of the download software file (if any) the server will attempt to load at boot time. For IP-loading hosts, this is the file that will be requested at boot time. This command is only useful if it is Defined; if it is Set, it will be cleared/reset at boot time.
Command Reference Parameters Server Commands host An IP address, or a text host name that is resolvable at boot time. filename A startup file name of up to 47 characters. Retry Configures the server retry limit. Must be used with the retrynum parameter. retrynum The number of times to retry the download attempt. The maximum number of retries is 1000. If a retrynum is not specified, the SCS will retry 5 times (the default). None Clears any specified startup file.
Command Reference Server Commands time The time difference from Greenwich Mean Time, entered as h:mm. Entering the minutes is optional. ChangeTime Enter the month, day, and time of day that the change to DST occurs, separating each element by a space (see the examples below). For the month, enter the first three letters of the month.
Command Reference Server Commands See Also Clear/Purge Menu, page 12-115; Set/Define Menu, page 12-116; Enabling Menu Mode, page 8-12; Configuring Menu Mode, page 3-3 12.9.29 Show/Monitor/List Server SHOW MONITOR SERVER LIST BOOTPARAMS CLOCK COUNTERS TIMEZONE This command is used to display the global attributes or counters for the server itself. Restrictions You must be the privileged user to use the Monitor command.
Command Reference Server Commands Table 12-5: Server Failure Reasons Bit Send Failure Reason Receive Failure Reason 5 FIFO underrun: Ethernet controller could not access transmit data in time to send it out Received a packet larger than the maximum Ethernet size (1536 bytes) 6 CD heartbeat not received after transmission Unused, should be 0 7 Out-of-window collision detected 8-15 Unused, should be 0 Timezone Displays the timezone if a timezone has been specified.
Command Reference Server Commands 12.9.32 Source SOURCE host:filename VERIFY Source attempts to download a configuration file from a TFTP host. The file is assumed to be lines of server commands which will be executed. The Source command is most useful for trying out a configuration file before using the Set/Define Server Startupfile command, page 12-128. Restrictions Requires privileged user status. Parameters host Enter a TFTP host (text host name or IP address).
Command Reference Site Commands 12.10 Site Commands 12.10.1 Define Site DEFINE SITE SiteName option Creates a new site with the given name. See the following Define Site commands for additional site configuration options. Restrictions Requires privileged user status. Examples Local>> DEFINE SITE irvine See Also The following Define Site commands 12.10.
Command Reference Site Commands Prompt When Prompt is enabled, incoming callers will be prompted for the local password before starting PPP or SLIP. Dialback If Dialback is enabled, when the site receives an incoming connection, the SCS will hang up and initiate an outgoing connection to verify the caller’s identity. If Insecure dialback is enabled, the caller may be given the option of specifying the dialback telephone number.
Command Reference Site Commands 12.10.3 Define Site Bandwidth ADD utilization REMOVE DEFAULT DEFINE SITE SiteName BANDWIDTH INITIAL BytesPerSecond MAXIMUM PERIOD seconds HOLDDOWN Sets the initial or maximum amount of bandwidth that should be used when connecting to the specified site. Also controls how the SCS calculates the bandwidth needed, and how often it is checked to see if it is within the desired range.
Command Reference Site Commands BytesPerSecond The precise bandwidth amount, up to 6,550,000 bytes per second. The server will add ports until it reaches the specified amount. BytesPerSecond is truncated to the nearest 100. For example, a setting of 3840 is truncated to 3800. A BytesPerSecond value below of 99 or less truncates to zero, disabling bandwidth. Period Sets the number of seconds (specified by the seconds parameter) used to calculate average utilization statistics.
Command Reference Site Commands 12.10.4 Define Site Chat AFTER LineNum BEFORE LineNum DEFINE SITE SiteName CHAT REPLACE LineNum EXPECT string FAIL TIMEOUT seconds SEND string DELETE LineNum Configures a chat script to automate the login sequence when connecting to a remote site.
Command Reference Site Commands string The following special characters can be used in CHAT script expect strings, which are case-sensitive. Table 12-6: String Meaning String Meaning \N (0x0 hex) Newline \b (0x8 hex) Backspace \r (0xd hex) Return \n (0xda hex) Newline \t (0x14 hex) Tab \\ (0x5c hex) \ \s (0x20 hex) Space \octal Octal value (i.e.
Command Reference Site Commands 12.10.5 Define Site Filter IDLE INCOMING DEFINE SITE SiteName FILTER OUTGOING STARTUP filtername NONE Configures packet filters for the site. If a particular packet filter is not configured, all packets are considered matches of that filter type and are accepted. For example, if no incoming packet filter is configured, all packets will be accepted as incoming packets and will be allowed in.
Command Reference See Also Site Commands Set/Define Filter, page 12-168; Show/Monitor/List Filter, page 12-179; Filter Lists, page 5-2 12.10.6 Define Site Idle DEFINE SITE SiteName IDLE sec onds Sets the maximum time, in seconds, that the specified site may be idle before the link is shut down (“timed out”). Note: The SCS must be idle for at least 10 seconds before the link can be shut down. Restrictions Requires privileged user status. Parameters SiteName Enter a site name of up to 12 characters.
Command Reference Site Commands 12.10.
Command Reference Site Commands Dynamic Allows the SCS to be dynamically assigned an IP address by a remote host. Default Advertises this server as the default route to the remote host. Netmask Sets the IP Netmask on this server's IP interface. mask A value that is used to remove bits that you do not want. Remoteaddress Sets the IP address (specified with the address parameter) of the remote host. If two address are specified, it indicates an acceptable range of addresses for the remote host.
Command Reference Site Commands Update Configures the time, in seconds, between sending a RIP packet. Must be used in conjunction with the time parameter. time An integer between 10 and 255 representing the number of seconds between updates. Slots Configures the number of header compression slots. Must be used in conjunction with the SlotNum parameter. SlotNum An integer between 1 and 254.
Command Reference Site Commands Default 1522 bytes. Examples Local>> DEFINE SITE irvine MTU 256 See Also Set/Define IP All/Ethernet MTU, page 12-32; Chapter 4, Basic Remote Networking 12.10.9 Define Site Permanent DEFINE SITE SiteName PERMANENT ENABLED DISABLED Configures a permanently connected site. When enabled, the site connects immediately after the SCS boots. If the connection is interrupted and the site goes down, the site will reconnect as soon as it is able.
Command Reference Note: Site Commands A port must be defined before the Bandwidth, BytesPerSecond, and Telephone parameters can be used. Bandwidth Gives the SCS a bandwidth estimate for the device (for example, a modem) that is attached to the port. Must be used in conjunction with the BytesPerSecond parameter. Note: See Estimate Each Port’s Bandwidth on page 5-6 for more information on how to use the port bandwidth setting. BytesPerSecond The bandwidth value.
Command Reference Site Commands Restrictions Requires privileged user status. Parameters SiteName Enter a site name of up to 12 characters. PPP PPP will be used for outgoing calls. SLIP SLIP will be used for outgoing calls. Defaults PPP. See Also Incoming Connections, page 4-9 12.10.12 Define Site Telephone DEFINE SITE SiteNameTELEPHONE number NONE Defines the telephone number of the remote site.
Command Reference Site Commands 12.10.13 Define Site Time ADD day starttime day endtime DEFAULT ENABLED DISABLED CLEAR number DEFINE SITE SiteName TIME ALL FORCEDIAL time NONE SESSION limit FAILURE seconds SUCCESS seconds Configures the time ranges during which outgoing connections are allowed from this site, and during which bandwidth can be adjusted for this site.
Command Reference Site Commands Clear Remove a time range. number A time range to be removed. Time ranges are listed in numerical order. Forcedial Configures the site to dial at a particular time of day. If a time is assigned with this command, the site will always attempt to create a connection at that specified time, every day. time Enter a time for the Forcedial feature. All Remove all time ranges. Forcedial Creates a connection, every day, at the time set with the other parameters.
Command Reference Site Commands Examples Local>> DEFINE SITE irvine TIME ADD mon 8:00 mon 17:00 Local>> DEFINE SITE irvine CLEAR TIME 3 See Also Set/Define Server Clock, page 12-119; Set/Define Server Timezone, page 12129; Show/Monitor/List Sites Time, page 12-151; Getting Timesetting Information, page 5-12 12.10.14 Logout Site LOGOUT SITESiteName Logs out a site on the server. Active sessions are disconnected, and all site circuits are closed.
Command Reference Site Commands Port Removes a port from a site. Must be used in conjunction with the PortNum or All parameters. PortNum An integer between 1 and 16. Chat Clears the specified site’s chat scripts. Examples Local>> PURGE SITE irvine PORT 2 See Also Define Site Port, page 12-145 12.10.16 Show/Monitor/List Sites SHOW MONITOR SITES LIST ALL BANDWIDTH CHAT COUNTERS SiteName IP PORTS STATUS TIME STATUS SiteName In general, displays information about a specified site.
Command Reference Site Commands Ports Displays a site's ports. Time Displays time configuration for the specified site, including. Status Displays statistics for sites that have been active since booting. Examples Local> SHOW SITE irvine CHAT Local> SHOW SITE irvine IP See Also Define Site commands, page 12-134 12.10.17 Test Site TEST SITE SiteName Tests a site without having to force packet traffic. When the command is issued, the SCS will attempt a connection to the site and return basic status.
Command Reference Security Commands 12.11 Security Commands 12.11.1 Clear/Purge Authentication ALL CLEAR USER AUTHENTICATION username PURGE PRECEDENCE num Removes information stored in the local authentication database. Restrictions Requires privileged user status. Parameters User Clears or purges a user from the local authentication database. All Clears or purges all users. username A specific username to clear or purge. Precedence Clears or purges a given precedence slot.
Command Reference Security Commands Restrictions Requires privileged user status. Errors Clear Dialback will return an error if the specified username isn’t found, or if All is specified and no entries are configured. Parameters All Clears dialback settings for all usernames. username Clears dialback settings for the specified username.
Command Reference Parameters Security Commands All Removes all SNMP table entries. CommunityName Enter the name of the SNMP community to be removed. Examples Local>> CLEAR SNMP “nycomm” See Also Set/Define SNMP, page 12-178; Set/Define Filter IP, page 12-171; Show/ Monitor/List SNMP, page 12-180; Appendix C, SNMP Support 12.11.
Command Reference Security Commands 12.11.
Command Reference Security Commands address A text host name (if a DNS is available for name resolution) or an IP address in standard numeric format (for example, 192.23.71.49). None Clears the current server address. Precedence Sets the precedence in which this database or server is checked. The precedence number must be specified using the prec_num parameter. prec_num A precedence number between 1 and 6.
Command Reference Security Commands Timeout Specifies the timeout period for a response from the Kerberos server. Must be used in conjunction with the seconds parameter. seconds An integer between 1 and 255, inclusive. Maxtries Specifies the maximum number of times that the SCS will attempt to contact the Kerberos server. tries An integer between 1 and 255, inclusive. Realm Sets the Kerberos realm that the SCS resides in. Often set to a name that mirrors the Internet domain name system.
Command Reference Parameters Security Commands Precedence Sets the precedence in which this database or server is checked. Must be used in conjunction with the prec_num parameter. prec_num A precedence number between 1 and 6, usually set to 1. Defaults Precedence: 1 Examples Local>> DEFINE AUTHENTICATION LOCAL PRECEDENCE 2 See Also Define Site Authentication, page 12-134; Set/Define Authentication Unique, page 12-165; Local (NVR) Database, page 11-9 12.11.
Command Reference Parameters Security Commands Primary Specifies the first server to be checked. A specific address must be set with the address parameter, or the None parameter may be used to indicate that the database or file will not be used. If the SCS fails to authenticate the user using the primary database or server (due to network failure, server failure, missing or incorrect username/ password), the secondary database will be checked.
Command Reference Note: Security Commands For accounting, the SCS has to hold onto packets until they can be verified. If the Maxtries and Timeout values are too large, you can overflow the SCS and it will begin to drop accounting packets. This can be avoided by setting retries and timeouts to lower values. Secret Specifies the Secret to be Shared between the RADIUS client and server. Must be used in conjunction with the string parameter. string A string of up to 64 characters.
Command Reference Security Commands 12.11.9 Set/Define Authentication SecurID address PRIMARY NONE address SECONDARY NONE SET AUTHENTICATION SECURID PRECEDENCE prec_num DEFINE SID ENCRYPTION DES MAXTRIES tries PORT PortNum TIMEOUT num Specifies that a Security Dynamics ACE/SecurID server will be used for authentication. Restrictions Requires privileged user status.
Command Reference Security Commands prec_num A precedence number between 1and 6. Encryption SecurID (SID) or DES encryption will be used for authentication. SID Enables use of SecurID encryption. DES Enables use of DES encryption. Maxtries Specifies the maximum number of times the SCS will attempt to contact the SecurID server. Must be used in conjunction with the tries parameter. tries An integer between 1 and 255, inclusive.
Command Reference Security Commands 12.11.10 Set/Define Authentication Strictfail SET ENABLED AUTHENTICATION STRICTFAIL DEFINE DISABLED Strict fail mode aborts the authentication process if any method returns an error of “invalid error” or “invalid password.” Restrictions Requires privileged user status. Defaults Disabled See Also Show/Monitor/List Authentication, page 12-178; Database Configuration, page 11-8 12.11.
Command Reference Security Commands Secondary If the SCS fails to authenticate the user using the primary database or server (due to network failure, server failure, missing or incorrect username/ password), the secondary database or server will be checked. A specific address may be set with the address parameter, or the None parameter may be used to indicate that the server will not be used.
Command Reference Security Commands 12.11.13 Set/Define Authentication User password command EXPIRED SET AUTHENTICATION USER username DEFINE ALTER ENABLED DISABLED ALTCOMMAND ENABLED DISABLED Configures entries to the local database. To indicate which username entry will be modified, a username must be specified using the username parameter. Restrictions Requires privileged user status. Parameters username A username of up to 16 characters.
Command Reference Security Commands 12.11.14 Set/Define Dialback phonenum username SET BYPASS DIALBACK DEFINE BYPASS ENABLED DISABLED The Dialback feature enables a system manager to set up a dialback list of authorized users for incoming modem connections. Dialback lists include usernames and corresponding phone numbers.
Command Reference Security Commands 12.11.15 Set/Define Filter SET FILTER filtername DEFINE CREATE DELETE ruleNum ADD AFTER ANY ALLOW BEFORE pos GENERIC { options } DENY IP { options } CONTINUE REPLACE Creates or deletes a packet filter, or configures a rule in that filter that is used to manage network traffic.
Command Reference Security Commands Before Inserts a rule before another rule. If no position is specified, the rule is added to the beginning of the list of rules. Continue Continues a long filter that won’t fit in the 132-character line limit for commands. Replace Replaces an existing rule with a new one. If no position is specified, the first rule in the list is replaced. pos A location in the filter list to perform a specific function, such as Add.
Command Reference See Also Security Commands Define Site Filter, page 12-140; Clear/Purge IP Security, page 12-17; Define Ports Dialback, page 12-62; Packet Filters and Firewalls, page 11-22 12.11.17 Set/Define Filter Generic EQ GE SET GT FILTER filtername ... GENERIC OFFSET offset MASK mask value DEFINE LE LT NE Specifies a general filter rule that applies to any packet regardless of protocol.
Command Reference Security Commands 12.11.18 Set/Define Filter IP EQ GE IPGENERIC OFFSET offset MASK mask GT LE LT NE DST ipMask address SRC ipMask address protocolNum ICMP EQ SET FILTER filtername ...
Command Reference Security Commands offset Defines where in the data packet to apply the mask. May be a decimal value from 0 to 1500, where 0 indicates the first data position in the data packet. mask A hexadecimal or decimal number. The mask is applied to the data using the operator and the result is compared with the value. In the case of TOS, the operator EQ is implied.
Command Reference Security Commands UDP Allows or denies User Datagram Protocol (UDP) based packets which match criteria specified by subsequent parameters. Applications that use UDP include DNS (Domain Name Service), TFTP (a variant of FTP), and BOOTP (used by some computer systems to acquire IP addresses). DPort Defines the destination protocol port. Data packets are filtered based on both the protocol and on the protocol port of the data packet. SPort Defines the source protocol port.
Command Reference Security Commands 12.11.19 Set/Define Logging SET LOGGING DEFINE DESTINATION location NONE AUTHENTICATION DIALBACK num IP MAX MODEM NONE PPP SITE COMMANDS NETWORK ENABLED PRINTER DISABLED SYSTEM Controls error and event logging on the SCS.
Command Reference Security Commands None Disables logging. Authentication Logs events associated with authentication. Must be used with the num parameter or the None parameter. Level Information 1 System Problems 2 Failures and Successes 3 All Logins and Logouts 4 Incorrect Passwords 5 All Passwords, RADIUS Warnings Dialback Logs events associated with dialback functionality. Must be used with the num parameter or the None parameter.
Command Reference Note: Security Commands Setting the IP logging level to 2 or greater results in a syslog that prints the source/destination IP address, protocol, and TCP/UDP source/destination ports. Modem Logs modem activity, including modem jobs (incoming and outgoing). Must be used with the num parameter or the None parameter. Level Information 1 Problems 2 Call Statistics Dump From Modem 3 Setup PPP Logs events associated with PPP. Must be used with the num parameter or the None parameter.
Command Reference Security Commands Max Sets logging to the maximum value. Commands When enabled, logs all commands users type. Network When enabled, logs network events. This is useful for diagnosing networkrelated problems. Printer When enabled, logs printer related events including online/offline conditions and job status at the end of job. System When enabled, logs server boots, log file open/closes, and other system related activity.
Command Reference Security Commands 12.11.21 Set/Define SNMP BOTH SET SNMP COMMUNITY community ACCESS NONE DEFINE READ Configures a community name and access mode for SNMP access. Each name has an access restriction associated with it; if an SNMP command comes in with an unknown name or an unauthorized command, an SNMP error reply will be sent. Community names are not case-sensitive. Restrictions You must be the privileged user to use this command.
Command Reference Security Commands 12.11.23 Show/Monitor/List Dialback SHOW MONITOR DIALBACK LIST Displays the currently configured dialback strings, as well as the number of connect attempts with that string the number of connect failures. Restrictions Requires privileged user status. See Also Clear/Purge Dialback, page 12-153; Define Ports Dialback, page 12-62; Set/ Define Dialback, page 12-167; Dialback, page 8-12; Dialback from Character Mode, page 11-6 12.11.
Command Reference Security Commands Parameters Memory Displays the memory log. See Also Set/Define Logging, page 12-174; Event Logging, page 11-24 12.11.26 Show/Monitor/List SNMP SHOW MONITOR SNMP LIST Displays the current or saved SNMP security table entries. Restrictions Requires privileged user status.
A: Environment Strings A.1 Usage An environment string is a sequence of key letters, sometimes prefixed by a plus (+) or minus (-). Environment strings can be used with certain commands to configure connections. The keys are added after the hostname (if one is given) and a colon. Key letters are not case-sensitive, and no white space is allowed in the environment string.
Environment Strings Usage Examples A.2.1.1 nnnn Sets a socket number. For SSH and TCP connections only. The most common socket numbers are 20xx (for Telnet IAC interpretation), 30xx (for raw TCP/IP), and 22xx (for SSH connections), where xx is the number of the desired serial port. Examples % telnet 192.0.1.66:3001 (forms a raw TCP/IP connection to the unit’s first serial port) Local> TELNET 192.0.1.45:2003 (forms a connection with Telnet IAC interpretation to the unit’s third serial port) A.2.1.
B: Show 802.11 Errors B.1 Introduction Note: This appendix applies only to the SCS200. When you enter the Show 80211 command without any other parameters, the resulting screen includes a field for errors. The “Errors:” field displays two eight-digit numbers, separated by a comma. These numbers are a 64-bit wide bitfield of error bits, each one indicating whether or not the given error has occurred at least once. For example, suppose you're using an SCS200 with a ZoomAir card in Infrastructure mode.
Show 802.11 Errors Leftmost Number 08000000 Fragment reassembly timed out. Failed to receive all the fragments of a fragmented 802.11 packet before the reassembly window expired. Dropped some correctly received fragments. 04000000 Received an 802.11 packet with invalid subtype code. 02000000 Received an 802.11 packet with invalid type code. 01000000 Received an 802.11 packet with invalid version code. 00800000 Dropped a correctly received 802.
Show 802.11 Errors Rightmost Number 00000080 Authentication with the AP failed because either the unit or the AP sent an incorrect authentication packet. Some APs will erroneously return this error code when the problem is actually "authentication type not allowed". 00000040 Authentication with the AP failed because the AP does not allow the authentication type requested by the unit. 00000020 Authentication or association with the AP failed for administrative reasons.
Show 802.11 Errors Rightmost Number 00040000 Unassigned. 00020000 Internal error. May occur on some cards in conjunction with other described error codes. 00010000 The 802.11 card in use is not compatible with the regulatory region to which the unit has been programmed. 00008000 Internal error. 00004000 Internal error. May occur on some cards in conjunction with authentication or association failures, or other configuration mismatches. 00002000 Received an 802.
C: SNMP Support SNMP is an abbreviation for Single Network Management Protocol. SNMP commands enable users (usually system administrators) to get information from and control other nodes on a local area network. Information about SNMP can be obtained in RFCs (Request For Comments) which can be obtained via anonymous FTP from nisc.jvnc.net. To obtain a specific RFC, use the pathname pub/RFC/ rfcnnn, where nnn is the name of the desired RFC. To obtain the RFC index, use the pathname pub/RFC/rfc-index.txt.
SNMP Support Security To change, add, or delete community names in the table, Set/Define SNMP and Clear/Purge SNMP are used. Set SNMP requires specification of a community name and an access type. Available access types are Readonly, Both (allows read and write), or None. Clear SNMP requires either a community name to remove a single entry or the All parameter to clear the entire table.
D: Supported RADIUS Attributes This appendix lists and explains the RADIUS attributes currently supported by the SCS. The SCS transmits these attributes whenever they are appropriate for the given connection. Users cannot directly specify which attributes the SCS will transmit—this is negotiated for each connection based on the connection type and requirements. For example, CHAP-Challenge packets are only needed for PPP connections that authenticate via CHAP. D.1 Authentication Attributes D.1.
Supported RADIUS Attributes Access-Accept Framed A PPP or SLIP connection is started. Callback-Login The user is disconnected and called back, then connected to a host. Callback-Framed The user is disconnected and called back, then begins a PPP or SLIP mode connection. Prompt The user is provided with a command line prompt on the SCS from which it is possible to enter privileged commands.
Supported RADIUS Attributes Framed-IP-Address D.1.2.1 Framed-IP-Address Using this attribute is equivalent to setting the remote address range of a site to “undefined.” Two values are available: ◆ 255.255.255.255 (0xFFFFFFFF) allows the user to choose and IP address ◆ 255.255.255.254 (0xFFFFFFFE) assigns the user an address from the SCS IP address pool If an IP address pool is defined for the SCS and the incoming user asks for an address, one will be assigned from the pool.
Supported RADIUS Attributes Accounting Attributes If Login-Service is Rlogin and the Login-IP-Host value is not set, the SCS makes an Rlogin connection to the preferred Telnet host. D.2 Accounting Attributes For all Accounting packets, the SCS transmits Acct-Status-Type (On, Off, Start, or Stop) and the SCS’s NAS-Identifier. For individual Accounting-Start and Accounting-Stop packets, the SCS can also transmit the attributes listed in Table C-2.
Supported RADIUS Attributes Configuring Authenticated PPP Connections If you are using a different server, please note that the file format for the Merit and Livingston RADIUS servers are of following form: username check-item1, check-item2, ..., check-itemN reply-item1, reply-item2, ..., reply-itemN Check-items are attribute/value pairs that must be received from the authentication client (for example, the SCS) for authentication to occur.
Supported RADIUS Attributes Forcing a Telnet Connection to a Specific Port D.3.3 Forcing a Telnet Connection to a Specific Port To force the user to Telnet to a particular port on the specified host, add the Login-IP-Port attribute: froggy Password = “ribbit” Service-Type = Login, Login-IP-Host = 192.0.1.155, Login-IP-Service = Telnet, Login-IP-Port = 1000 The Connect Telnet 192.0.1.155:1000 command is forced as soon as authentication is complete.
Index Numerics 802.11 2-10– 2-14, 12-22, 12-42 Antenna 12-23 Channel 2-13, 12-24 Errors B-1 ESSID 12-24 Extended Service Set ID 2-12 Fragmentation 12-25 MAC address 2-12, 12-26 Network mode 2-13, 12-26 Power 12-27, 12-28 Region 2-12, 12-28 RTS 12-29 WEP 2-13, 12-30 A Abbreviation 2-5 Access Dynamic 8-1, 12-50 Local 8-1, 12-50 None 12-50 Ports 8-1 Remote 8-1, 12-50 Access Point (AP) 2-11, 2-13 ACCM 7-2 Accounting 11-15 Analog leased lines 5-13, 5-14 ANSI 8-13 Antenna, 802.
Index C Caller-ID 9-12, 12-94 Carrierwait 9-8, 9-9, 12-94 CBCP 7-3, 11-7 Channel, 802.
Index Modem 12-47 PPP 7-7, 12-47 Routes 6-16, 6-23 Settings 8-15 Define commands 2-4 Device type 8-13, 12-82 Dial string 12-97 Dialback 9-12, 11-6, 11-32, 12-62, 12-135 CBCP 11-7 Configuring 12-167 Database 11-6 Displaying 12-179 Drawbacks 11-8 Local mode 11-6 PPP 11-7 Process 11-6 Removing 12-153 SLIP 11-7 Direct connections 5-13 Disable string 9-10 Disk management 12-5 DNS 6-6, 6-7, 12-36, 12-37 Default domain 6-7 DSR 8-9, 8-22 Automatic logout 8-22 Logouts 8-10, 12-63 Remote logins 8-22 DTE 9-1 DTR 8-22
Index I Idle time 5-10 Filter list 5-10 Maximum time 12-141 Inactivity logouts 5-10, 12-66, 12-120 In-Band 3-6 Incoming connections 4-11 Authentication 4-13 Configuring 4-13 Independent Basic Service Set (IBSS) 2-11 Init string 9-4, 9-8, 12-100 Instance 11-11 IP Commands 12-16 Configuration 6-20 Domain 12-35 Filter 11-23, 12-171 Header compression 6-8 Headers 5-10 Interface 6-20 Interfaces 12-34 Loadhost 12-36 Nameserver 12-36 Packet traffic 11-24 Packets 6-16 Security 6-14 Security table 6-14, 6-15 Settin
Index Logins Character mode 11-1, 11-5 PPP 11-3, 11-5 SLIP 11-4 Logouts Automatic 8-10 Command 8-9 Idle 8-11 Inactivity 5-10, 12-66 Loss notification 8-13, 12-68 M Mac address 2-12 MAC address, 802.
Index Networking, wireless 12-22 Nocarrier string 12-100 NTP 2-10, 12-41 NVR 9-8, 9-9 Database 11-9, 12-158 Modem configurations 12-103 O OK string 9-9 Outgoing connections 4-15 Authentication 4-18, 11-29 Configuring 4-16 Frequency 5-12 Modems 4-17 Packets 4-15 Port priority 4-15 Routing 4-18 Sites 4-17 Time restrictions 5-11 Out-of-band 3-6 P Packet filter 11-22, 12-179 Creating 12-168 Deleting 12-168 Removing 12-140 Packets 4-15 Filters. See Packet filter.
Index Priority numbers 5-7 Privilege status 12-84 Purge 12-47 RADIUS 11-13 Reducing used 5-11 Restrictions 8-8, 8-11 RJ45 8-22 Securing 11-20 Security 8-11, 12-76 Serial data 12-76 Services 10-1, 12-111 Session limit 12-127 Signal check 8-9, 12-78 Sites 12-145 SLIP 12-78 Speed 12-79 SSH connections 6-10 Starting 8-1, 8-2 States 4-19 Stop bits 12-80 Telephone numbers 4-17 Testing 12-90 Unlocking 12-91 Username 8-13, 12-82 Verification 8-6, 12-83 Virtual 8-23, 11-1 Zero 6-14, 8-23, 11-1 Power 802.
Index RARP Enabling 12-126 Realm 11-11 Rebooting 2-5, 12-115 Restoring defaults 2-5, 12-115 Redirector 10-2, 10-3 Example 10-5 Region, 802.
Index Inactivity timer 12-120 Incoming connections 12-121 Initialize 12-115 Loadhost 12-122 Locking ports 12-122 Name 6-7, 12-123 Privileged user 12-124 Prompt 12-125 RARP 12-126 Retransmit limit 12-126 Rlogin 12-127 Session limit 12-127 Silentboot 12-127 Software file 12-128 Startup file 12-128 Timezone 12-129 Services 10-1 Banner page 12-109 Binary 12-109 Creating 10-1, 12-108 Displaying 10-2, 12-114 EOJ 12-109 Formfeed 12-110 Identification string 12-110 Modem pool 10-3 Ports 10-1, 12-111 Postscript 12-
Index Sites 12-146 SLIPDetect 4-14, 12-79 Starting 4-10, 12-87 Static routing 5-15 Without modems 5-15 Slot number 5-10 SNMP 3-8, 12-154, C-1 Configuring 12-178 Displaying 12-180 Sockets A-2 TCP listener 10-3 Softcopy 8-13 Software 8-19, 12-14 File name 12-128 Reloading 2-6 Startup file 12-128 Source command 12-133 SSH 12-45, A-2 Compression 6-10 Connections 6-10 Encryption 6-10 Host key 6-11 Outgoing 6-12 Password 6-12 RSA authentication 6-11 Static routes 6-23 Static routing 5-14, 5-15 Statistical multip
Index Username/password pair 11-2, 11-10 Users Privileged 11-19, 12-84 Restrictions 11-18 Secure 12-76 V v.32 9-2 v.32bis 9-2 v.42bis 9-9 Virtual ports 8-23, 11-1 Defaults 8-23 W Web browser interface 2-2 WEP 2-11, 2-13 Enabling 12-30 Index Number 2-13 Key 2-13 WINS See NBNS Wireless 12-22, 12-42 Wireless. See 802.11.
