Lantronix Switch 900-510 User's Manual
Contents
1. DB25 Female oe p o0 5 SLB Branch Office Manager User Guide 271 D Adapters and Pinouts RJ45 Receptacle to DB9M DCE Adapter for the SLB Device PN 200 2069A DB9 Male 8 SLB Branch Office Manager User Guide 272 D Adapters and Pinouts RJ45 Receptacle to DB9F DCE Adapter for the SLB Device PN 200 2070A Use PN 200 2070A adapter with a PC s serial port SLB Branch Office Manager User Guide 273 D Adapters and Pinouts RJ45 to RJ45 Adapter for Netra Sun Cisco and SLP Device PNs 200 2225 and ADP010104 01 Note The cable ends of the ADP010104 01 are an RJ45 socket on one end and a RJ45 plug on the other instead of RJ45 sockets on both ends Use this adapter for the SLP power manager Netra SUN CISCO and others SLB Branch Office Manager User Guide 274 E Protocol Glossary BOOTP Bootstrap Protocol Similar to DHCP but for smaller networks Automatically assigns the IP address for a specific duration of time CHAP Challenge Handshake Authentication Protocol A secure protocol for connecting to a system it is more secure than the PAP DHCP Dynamic Host Configuration Protocol Internet protocol for automating the configuration of computers that use TCP IP DNS Domain Name Servers A system that allows a network nameserver to translate text host names into numeric IP addresses Kerberos A network authenticati2. seconds None Telnet SSH TCP 2049 Authenticate 3049 Authenticate 4049 Authenticate 4 Enter or view the following State Select to indicate whether to disable the PC Card or set it for dial in dial out dial back dial on demand or dial in amp dial on demand Disabled by default SLB Branch Office Manager User Guide 117 9 PC Cards Mode The format in which the data flows back and forth With Text selected the SLB branch office manager assumes that the modem will be used for remotely logging into the command line Text mode is only for dialing in This is the default PPP establishes an IP based link over the modem PPP connections can be used in dial out mode e g the SLB device connects to an external network or dial in mode e g the external computer connects to the network that the SLB branch office manager is part of or dial on demand For ISDN cards only PPP connections are allowed Initialization Script Commands sent to configure the modem may have up to 100 characters Consult your modem s documentation for recommended initialization options If you do not specify an initialization script the SLB device uses a uses a default initialization string of AT S7 45 SO 0 L1 V1 X4 amp D2 amp c1 E1 QO Note We recommend that the modem initialization script always be preceded with AT and include E1 V1 x4 Q0 so that the SLB bra
3. Public Key Filename of the public host key Filename Private Key Filename of the private host key Filename Host Host name or Paddress of the host from which to import the key Path Path of the directory where the host key will be stored Login User ID to use to SCP or SFTP the file Password amp Retype Password to use to SCP or SFTP the file Password 3 Click the Apply button 4 Repeat steps 2 3 for each key you want to import 5 Toreturn to the SSH Keys page click the Back to SSH Keys link SSH Commands These commands for the command line interface correspond to the web page entries described above To import an SSH key set sshkey import lt ftp lscp gt lt one or more parameters gt Parameters keyhost lt SSH Key IP Address or Name gt keyuser lt SSH Key User gt path lt Path to Public Key File gt file lt Public Key File gt host lt IP Address or Name gt login lt User Login gt SLB Branch Office Manager User Guide 172 11 User Authentication To export a key set sshkey export lt ftp scp copypaste gt lt one or more parameters gt Parameters format lt openssh secsh gt host lt IP Address or Name gt login lt User Login gt path lt Path to Copy Key gt bits lt 512 1024 gt keyname lt SSH Key Name gt keyuser lt SSH Key User gt type lt rsa dsa gt To export the public keys of all previously created SSH keys s
4. __Custom User Menus Menu menu2 Title Menu2 Title Show Nicknames disabled Redisplay Menu disabled Command 1 connect direct deviceport 3 Nickname 1 lt none gt Command 2 connect direct deviceport 4 Nickname 2 lt none gt Command 3 show datetime Nickname 3 lt none gt Command 4 returnmenu Nickname 4 lt none gt Command 5 Logout Nickname 5 lt none gt The system administrator 4 configures local user john to use custom menu menut SLB gt set localusers edit john custommenu menul Local users settings successfully updated SLB gt show localusers user john Current Local Users Settings Login john Password lt set gt UID 101 Listen Ports 1 32 Data Ports 1 32 Clear Ports 1 32 Escape Sequence xlbA Break Sequence x1bB Custom Menu menul Allow Dialback disabled Dialback Number lt none gt User john logs into the command line interface initially sees menu1 executes the command to jump to nested menu menu2 and then returns to menu1 Welcome to the SLB Branch Office Manager Model Number SLB32 For a list of commands type help Enter 1 4 gt help Menul Title 1 connect Port 1l 3 menu2 2 connect Port 2 4 log off Enter 1 4 gt 3 Executing showmenu menu2 Enter 1 5 gt help Menu2 Title 1 connect direct deviceport 3 2 connect direct deviceport 4 3 show datetime 4 returnmenu 5 logout Enter 1 5 gt 3 Executin
5. To delete a local user set localusers delete lt User Login gt SLB Branch Office Manager User Guide 143 11 User Authentication To view settings for all users or a local user show localusers user lt User Login gt To block lock out a user s ability to log in set localusers lock lt User Login gt Note This capability is not available on the web page To allow unlock a user s ability to log in set localusers unlock lt User Login gt Note This capability is not available on the web page Local User Rights Commands The following CLI commands correspond to the web page entries described above To add a local user to a user group or to change the group the user belongs to set localusers add edit lt user gt group lt default power admin gt To set a local user s permissions not defined by the user group set localusers add edit lt user gt permissions lt Permission List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad To remove a permission type a minus sign before the two letter abbreviation for a user right To view the rights of the currently logged in user show user Remote User Commands The following CLI commands correspond to the web page entries described above To configure whether remote users who are not part of the remote user list will be authenticated set remoteusers listonlyauth
6. Description Resolves a host name into an IP address You can optionally email the displayed information diag loopback Syntax diag loopback lt Device Port Number or Name gt lt parameters gt Parameters test lt internal external gt SLB Branch Office Manager User Guide 243 14 Command Reference xferdatasize lt Size In Kbytes to Transfer gt Default is 1 Kbyte Description Tests a device port by transmitting data out the port and verifying that it is received correctly A special loopback cable comes with the SLB branch office manager To test a device port plug the cable into the device port and run this command The command sends the specified Kbytes to the device port and reports success or failure The test is performed at 9600 baud Only an external test requires a loopback cable diag traceroute Syntax diag traceroute lt IP Address or Hostname gt Description Displays the route that packets take to get to a network host End Device Commands set command Syntax set command lt Device Port or Name or List gt lt one or more parameters gt Parameters slp auth login lt User Login gt Establishes the authentication information to log into the SLP power manager attached to the device port slp envmon Displays the environmental status e g temperature and humidity of the SLP power manager slp outletcontrol state lt on loff cyclepower gt outlet lt Outlet gt Outlet is 1 8 f
7. Install DC rated equipment only under the following conditions Connect the equipment to a DC supply source that is electrically isolated from the AC source and reliably connected to ground or connect it to a DC SELV source SLB Branch Office Manager User Guide 267 C Safety Information Install only in restricted access areas dedicated equipment rooms equipment closets or the like in accordance with Articles 110 16 110 17 and 110 18 of the National Electrical Code ANSI NFPA 70 Route and secure input wiring to terminal block in such a manner that it is protected from damage and stress Do not route wiring past sharp edges or moving parts Incorporate a readily accessible disconnect device with a 3 mm minimum contact gap in the fixed wiring Provide a listed circuit breaker suitable for protection of the branch circuit wiring and rated 60 VDC minimum Fuses For protection against fire replace the power input module fuse with the same type and rating Rack If rack mounted SLB devices are installed in a closed or multi unit rack assembly they may require further evaluation by Certification Agencies The following items must be considered Do not install the SLB branch office manager in a rack in such a way that a hazardous stability condition results because of uneven loading A drop or fall could cause injury The ambient temperature Tma inside the rack may be greater than the
8. telnet lt enable disable gt timeoutssh lt disable or 1 30 gt timeouttelnet lt disable or 1 30 gt traps lt enable disable gt trapcommunity lt Trap Community gt vissh lt enable disable gt v3user lt V3 RO User gt v3password lt V3 RO User Password gt v3phrase lt V3 RO User Passphrase gt v3rwuser lt V3 RW User gt v3rwpassword lt V3 RW User Password gt v3rwphrase lt V3 RW User Passphrase gt v3security lt noauth auth authencrypt gt v3auth lt md5 sha gt v3encrypt lt des aes gt v3password lt Password for v3 auth gt v3user lt User for v3 auth gt webssh lt enable disable gt webtelnet lt enable disable gt SLB Branch Office Manager User Guide 67 7 Services To view current services show services SLB Branch Office Manager User Guide 68 7 Services NFS and SMB CIFS Use the NFS amp SMB CIFS page if you want to save configuration and logging data onto a remote NFS server or export configuration and logging data by means of an exported CIFS share Mounting an NFS shared directory on a remote network server onto a local SLB directory enables the SLB branch office manager to store device port logging data on that network server This configuration avoids possible limitations in the amount of disk space on the SLB device available for the logging file s You may also save SLB configurations on the network server Similarly use SMB CIFS Server Message Block Common
9. 3 To log in any other user a Enter your SLB branch office manager user name and press Enter b Enter your SLB branch office manager password and press Enter Logging out To log out of the SLB command line interface 1 Type logout and press Enter SLB Branch Office Manager User Guide 43 Command Syntax Commands have the following format 5 Web and Command Line Interfaces lt action gt lt category gt lt parameter s gt where lt action gt is set show connect admin diag pccard or logout lt category gt is a group of related parameters whose settings you want to configure or view Examples are ntp deviceport and network lt parameter s gt is one or more name value pairs in one of the following formats lt parameter name gt lt aa bb gt lt parameter name gt lt Value gt User must specify one of the values aa or bb separated by a vertical line The values are in all lowercase and must be entered exactly as shown Bold indicates a default value User must specify an appropriate value for example an IP address The parameter values are in mixed case Square brackets indicate optional parameters Table 5 1 Actions and Category Options set network ipfilter routing datetime ntp services nfs cifs menu hostlist auth localusers remoteusers ldap radius kerberos tacacs consoleport deviceport nis slcnetwork
10. admin web gadget Syntax admin web gadget lt enable disable gt Description Enables or disables iGoogle Gadget web content admin web timeout Syntax admin web timeout lt disable 5 120 gt Description Configures the timeout for web sessions SLB Branch Office Manager User Guide 219 14 Command Reference admin web terminate Syntax admin web terminate lt Session ID gt Description Terminates a web session admin web show Syntax admin web show Description Displays the current sessions and their ID Add admin web certificate commands Audit Log Commands show auditlog Syntax show auditlog command user clear Description Displays audit log By default shows the audit log sorted by date time You can sort it by user or command or clear the audit log Authentication Commands set auth Syntax set auth lt one or more parameters gt Parameters authusenextmethod lt enable disable gt kerberos lt 1 6 gt ldap lt 1 6 gt localusers lt 1 6 gt nis lt 1 6 gt radius lt 1 6 gt tacacs lt 1 6 gt Description Sets ordering of authentication methods SLB Branch Office Manager User Guide 220 14 Command Reference Local Users authentication is always the first method used Any methods omitted from the command are disabled show auth Syntax show auth Description Displays authentication methods and their order of precedence show user Syntax show
11. lt usernumber Phone Number gt dialoutlogin lt User Login gt dialoutnumber lt Phone Number gt dialoutpassword lt Password gt dodauth lt pap chap gt dodchaphost lt CHAP Host or User Name gt dodchapsecret lt CHAP Secret or User Password gt flowcontrol lt none xon xoff rts cts gt gsmautodns lt enable disable gt gsmbearerservice lt GSM Bearer Service gt gsmcompression lt enable disable gt gsmcontext lt GPRS Context Id gt gsmdialoutmode lt gprs gsm gt gsmpin lt GSM GPRS PIN Number gt initscript lt Initialization Script gt A script that initializes a modem Note We recommend preceding the initscript with AT and include E1 V1 x4 QO so that the SLB branch office manager may properly control the modem ipaddr lt IP Address gt localipaddr lt negotiate IP Address gt logins lt enable disable gt modemmode lt text ppp gt 14 Command Reference modemstate lt disable dialout dialin dialback dialondemand dialin dialondemand gt modemtimeout lt disable 1 9999 seconds gt name lt Port Name gt nat lt enable disable gt parity lt none odd even gt SLB Branch Office Manager User Guide 240 14 Command Reference remoteipaddr lt negotiate IP Address gt restartdelay lt PPP Restart Delay gt slp infeedstatus Displays the infeed status and load of the SLP power manager sshauth lt enable disable gt sshin lt enable disable gt
12. A protocol for creating and running IP and other network protocols over a serial link RADIUS Remote Authentication Dial In User Service An authentication and accounting protocol Enables remote access servers to communicate with a central server to authenticate dial in users and their access permissions A company stores user profiles in a central database that all remote servers can share SMB CIFS Server Message Block Common Internet File System Microsoft s protocol for allowing all applications as well as Web browsers to share files across the Internet CIFS runs on TCP IP and uses the SMB protocol in Microsoft Windows for accessing files With CIFS users with different platforms and computers can share files without having to install new software SNMP Simple Network Management Protocol A protocol that system administrators use to monitor networks and connected devices and to respond to queries from other network hosts SMTP Simple Mail Transfer Protocol TCP IP protocol for sending email between servers SSL Secure Sockets Layer A protocol that provides authentication and encryption services between a web server and a web browser SSH Secure Shell A secure transport protocol based on public key cryptography SLB Branch Office Manager User Guide 276 E Protocol Glossary TACACS Terminal Access Controller Access Control System A method of authentication used in UNIX networks It allows a re
13. Levels of security available with SNMP v 3 No Auth No Encrypt No authentication or encryption Auth No Encrypt Authentication but no encryption default Auth Encrypt Authentication and encryption Auth with For Auth No Encryp or Auth Encrypt the authentication method MD5 Message Digest algorithm 5 default SHA Secure Hash Algorithm Encrypt with Encryption standard to use DES Data Encryption Standard default AES Advanced Encryption Standard SLB Branch Office Manager User Guide 65 V3 Read Only User 7 Services User Name SNMP v3 is secure and requires user based authorization to access SLB MIB objects Enter a user ID The default is snmpuser Up to 20 characters V3 Password for a user with read only authority to use to Password Retype access SNMP v3 The default is SNMPPASS Up to 20 Password characters Passphrase Passphrase associated with the password for a user Retype with read only authority Up to 20 characters Passphrase V3 Read Write User User Name SNMP v3 is secure and requires user based authorization to access SLB MIB objects Enter a user ID for users with read write authority The default is snmprwuser Up to 20 characters V3 Password for the user with read write authority to use Password Retype to access SNMP v3 The default is SNMPRWPASS Up Password to 20 characters Passphrase Passphrase associated with the password for a use
14. Meets Needs of Branch Offices Designed to meet the specific needs of the remote branch office the SLB branch office manager conserves rack space and reduces costs by enabling system administrators at a main corporate facility to manage the IT equipment distributed among branch offices simply and cost effectively Branch offices are facilities that are typically remote or distributed IT locations likely located off site of corporate headquarters or large scale enterprise facilities These distributed facilities typically do not have an on site maintenance staff or IT System Administrator Typically the branch office environment has some of the following characteristics Space is limited to 1U rack space or shelf mounted desktop unit Closet mounted or wall attached rack Limited air and power conditioning Limited number of network devices and servers No on site maintenance staff 6 Ethernet or dial up modem access is required SLB Branch Office Manager User Guide 13 2 Overview Typical Equipment You can configure administer and manage IT equipment in a variety of ways but most devices have one method in common an RS 232 serial port sometimes called a console auxiliary or management port These ports are often accessed directly by connecting a terminal or laptop to them meaning that the user must be in the same physical location as the equipment SLB devices give the user a way to access them rem
15. Networking Right to perform any function on the SLB branch office manager Right to enter network and routing settings Services Right to enable and disable system and audit logging SSH and Telnet logins SNMP and SMTP Includes NFS and CIFS Secure Lantronix Network Right to view and manage secure IT management units e g SLP power managers Spiders SLB branch office managers on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Right to assign a remote user to a user group and assign a Authentication set of rights to the user Includes configuring remote authentication methods and ordering SSH Keys Right to set SSH keys for authenticating users User Menus Right to create or edit a custom user menu for the CLI Web Access Right to access Web Manager Reboot amp Right to shutdown or reboot the SLB branch office manager Shutdown Firmware amp Right to upgrade the firmware on the unit and save or restore Configuration Diagnostics amp Reports a configuration all settings Right to obtain diagnostic information and reports about the unit Device Ports Right to enter device port settings Includes creating bidirectional and unidirection connections PC Card Right to enter modem settings for PC cards Includes managing storage PC Cards Power Outlets 4 Click the Apply butto
16. count lt Number of Times to Ping gt The default is 5 packetsize lt Size in Bytes gt The default is 64 To display performance statistics for an Ethernet port or a device port averaged over the last 5 seconds diag perfstat ethport lt 1 2 gt deviceport lt Device Port or Name gt SLB Branch Office Manager User Guide 198 12 Maintenance and Operation To generate and send Ethernet packets diag sendpacket host lt IP Address or Name gt port lt TCP or UDP Port Number gt string lt Packet String gt protocol lt tep udp gt count lt Number of Packets gt The default is 1 To display all network traffic applying optional filters Note This command is not available diag nettrace lt one or more parameters gt Parameters ethport lt 1 2 gt host lt IP Address or Name gt numpackets lt Number of Packets gt protocol lt tcp udp icmp gt verbose lt enable disable gt To display information on the internal memory storage and processes of the SLB branch office manager diag internals Note This command is available in the CLI but not the web Status Reports On this page you can view the status of the SLB ports and power supplies and generate a selection of reports Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page 1 Click the Maintenance tab and select the Status Reports op
17. show routing resolveip lt enable disable gt email lt Email Address gt Note You can optionally email the displayed information SLB Branch Office Manager User Guide 59 7 Services System Logging and Other Services Use the Services page to Configure the amount of data sent to the logs Enable or disable SSH and Telnet logins Enable a Simple Network Management Protocol SNMP agent Note The SLB branch office manager supports both MIB II as defined by RFC 1213 and a private enterprise MIB MIB definition files for the private enterprise MIB are downloadable at http www lantronix com support downloads The private enterprise MIB provides read only access to all statistics and configurable items provided by the SLB It provides read write access to a select set of functions for controlling the SLB and device ports See the MIB definition file for details Identify a Simple Mail Transfer Protocol SMTP server Enable or disable SSH and Telnet logins Configure an audit log View the status of and manage the SLB branch office managers on the Secure Lantronix Network Set the date and time SSH Telnet Logging To configure SSH Telnet and Logging settings 1 Click the Services tab and select the SSH Telnet Logging option The following page displays SLB Branch Office Manager User Guide 60 2 7 Services LANTRON X SLB884 7 Gees P1 P2 P3 P4
18. Description Restarts the program that controls the LCD admin quicksetup Syntax admin quicksetup Description Runs the quick setup script admin reboot Syntax admin reboot Description Reboots the SLB branch office manager The front panel LCD displays the Rebooting the SLB message and the normal boot sequence occurs admin shutdown Syntax admin shutdown Description Prepares the SLB branch office manager to be powered off When you use this command to shut down the SLB device the LCD front panel displays the Shutting down the SLB message followed by a pause and then Shutdown complete When Shutdown complete displays it is safe to power off the SLB branch office manager This command is not available on the Web page admin version Syntax admin version Description Displays current hardware and firmware information SLB Branch Office Manager User Guide 218 14 Command Reference admin web certificate Syntax admin web certificate import via lt sftp scp gt certfile lt Certificate File gt privfile lt Private Key File gt host lt IP Address or Name gt login lt User Login gt path lt Path to Files gt Description Imports an SSL certificate admin web certificate reset Syntax admin web certificate reset Description Resets a web certificate admin web certificate show Syntax admin web certificate show Description Displays a web certificate
19. Device Port settings successfully updated SLB gt set deviceport port 1 modemstate dialin Device Port settings successfully updated SLB Branch Office Manager User Guide 208 13 Application Examples SLB gt 2 Configure the device port that is connected to the console port of the Sun UNIX server SLB gt set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated 3 Dial into the SLB branch office manager via the modem using a terminal emulation program on a remote PC A command line prompt displays 4 Log into the SLB device CONNECT 57600 Welcome to the SLB login sysadmin Password Welcome to the SLB Branch Office Manager Model Number SLB48 For a list of commands type help SLB gt 5 Connect to the SUN Unix server using the direct command SLB gt connect direct deviceport 2 SunOS 5 7 login frank Password Last login Wed Jul 14 16 07 49 from computer Sun Microsystems Inc SunOS 3 7 Generic October 1998 SunOS computer 5 7 Generic_123485 05 sun4m sparc SUNW SPARCstation 20 6 Use the escape sequence to escape from direct mode back to the command line interface SLB Branch Office Manager User Guide 209 13 Application Examples Local Serial Connection to Network Device via Telnet This example shows a terminal device connected to an SLB device port and
20. Enables or disables read write access to remote directory Description Mounts a remote NFS share The remdir and locdir parameters are required but if they have been specified previously you do not need to provide them again set nfs unmount Syntax set nfs unmount lt 1 2 3 gt Description Unmounts a remote NFS share set cifs Syntax set cifs lt one or more parameters gt Parameters ethl lt enable disable gt eth2 lt enable disable gt state lt enable disable gt workgroup lt Windows workgroup gt Description Configures the SMB CIFS share which contains the system and device port logs Note The admin config command saves SLB configurations on the SMB CIFS share set cifs password Syntax set cifs password Description Changes the password for the SMB CIFS share login default is cifsuser show cifs Syntax show cifs Description Displays SMB CIFS settings SLB Branch Office Manager User Guide 252 14 Command Reference show nfs Syntax show nfs Description Displays NFS share settings PC Card Storage Commands pcecard storage dir Syntax pccard storage dir lt upper lower gt Description Views a directory listing of a Compact Flash card pccard storage format Syntax pecard storage format lt upper lower gt filesystem lt ext2 fat gt Description Formats a Compact Flash card pccard storage mount Syntax pccard storage mount lt upp
21. If you have the same user name defined in multiple authentication methods the result is unknown Example There is an LDAP user joe and an NIS user joe and the order of authentication methods is 1 Local Users 2 LDAP 3 NIS User joe tries to log in Because there is an LDAP user joe the SLB branch office manager tries to authenticate him against his LDAP password first If he fails to log in then the SLB device may or may not try to authenticate him against his NIS joe user password To enable disable and set the precedence of authentication methods 1 From the main menu select User Authentication The following page displays SLB Branch Office Manager User Guide 134 11 User Authentication H1357 8 s P1 P2 P3 P4 LANTRONIX SLB884 E 3 E Select port for configuration or O webssH Device Port only User sysadmin gt Authentication Methods Local Remote Users NIS LDAP RADIUS Kerberos TACACS SSH Keys Authentication Methods Help The SLB can be configured to use one or more authentication methods Each authentication method is assigned a precedence indicating the order that the method is used to authenticate a user who logins to the SLB via SSH Telnet the Web or the Console Port Enabled methods in order of precedence LDAP Local Users Disabled methods NIS RADIUS Kerberos TACACS KJ Authentication can occur using all methods in the order of
22. Note Depending on the State and Mode you select different fields are available State Indicates whether an external modem is attached to the device port If enabling set the modem to dial out dial in dial back dial on demand dial in host list or dial in amp dial on demand Disabled by default Mode The format in which the data flows back and forth Text In this mode the SLB branch office manager assumes that the modem will be used for remotely logging into the command line Text mode can only be used for dialing in or dialing back Text is the default PPP This mode establishes an IP based link over the modem PPP connections can be used in dial out mode e g the SLB device connects to an external network dial in mode e g the external computer connects to the network that the SLB branch office manager is part of or dial on demand SLB Branch Office Manager User Guide 88 8 Device Ports Initialization Script Commands sent to configure the modem may have up to 100 characters Consult your modem s documentation for recommended initialization options If you do not specify an initialization script the SLB device uses a default initialization string of AT S7 45 SO 0 L1 V1 X4 amp D2 amp c1 E1 QO Note We recommend that the modem initialization script always be preceded with AT and include E1 V1 x4 Q0 so that the SLB branch office manager may properly control the modem
23. PC Card Right to enter modem settings for PC cards Power Outlets Right to configure power outlets 5 Click the Apply button Note You must reboot the unit before your changes will take effect NIS Commands These commands for the command line interface correspond to the web page entries described above SLB Branch Office Manager User Guide 148 11 User Authentication To configure the SLB branch office manager to use NIS to authenticate users who log in via the Web SSH Telnet or the console port set nis lt one or more parameters gt Parameters accessoutlets lt Outlet List gt breakseq lt 1 10 Chars gt broadcast lt enable disable gt clearports lt Port List gt dataports lt Port List gt domain lt NIS Domain Name gt scapeseq lt 1 10 Chars gt listenports lt Port List gt master lt IP Address or Hostname gt slavel lt IP Address or Hostname gt slave2 lt IP Address or Hostname gt slave3 lt IP Address or Hostname gt slave4 lt IP Address or Hostname gt slave5 lt IP Address or Hostname gt state lt enable disable gt To set group and permissions for NIS users set nis group lt default power admin gt To set permissions for NIS users not already defined by the user rights group set nis permissions lt Permission List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad To remove a permission type a
24. sshport lt TCP Port gt stopbits lt 1 2 gt telnetauth lt enable disable gt telnetin lt enable disable gt telnetport lt TCP Port gt timeoutlogins lt disable or 1 30 gt webcolumns lt Web SSH Telnet Cols gt webrows lt Web SSH Telnet Rows gt Description Configures a single port or a group of ports set deviceport global Syntax set deviceport global lt one or more parameters gt Parameters sshport lt TCP Port gt telnetport lt TCP Port gt tcpport lt TCP Port gt maxdirect lt 1 10 gt Description Configures settings for all or a group of device ports show deviceport global Syntax show deviceport global Description Displays global settings for device ports show deviceport names Syntax show deviceport names SLB Branch Office Manager User Guide 241 14 Command Reference Description Displays a list of all device port names show deviceport port Syntax show deviceport port lt Device Port List or Name gt Description Displays the settings for one or more device ports show portcounters Syntax show portcounters deviceport lt Device Port List or Name gt email lt Email Address gt Description Displays device port statistics and errors for one or more ports You can optionally email the displayed information show portcounters zerocounters Syntax show portcounters zerocounters lt Device Port List or Name gt Description Zeros the
25. 8 Ft Notes Included with SLB088411E 01 Included with SLB088412E 01 SLB Branch Office Manager User Guide 22 3 Installation Verify and inspect the contents of the SLB package using the enclosed packing slip or the table above If any item is missing or damaged contact your place of purchase immediately Product Information Label The product information label on the underside of the SLB branch office manager contains the following information about each SLB device Part Number Serial Number Bar Code Serial Number and Date Code Regulatory Certifications and Statements Technical Specifications Table 3 1 SLB Technical Specifications Serial Interface Device 8 RJ45 type 8 conductor connector DTE Speed software selectable 300 to 115 200 baud 1 RJ45 type 8 pin connector DTE Speed software selectable 300 to 115 200 baud Model SLB088411 01 1 IEC 60320 C20 inlet 100 120 VAC 50 60Hz 20A Branch Circuit 16A max input current 15A Branch Circuit 12A max input current f Model SLB088412 01 1 IEC 60320 C20 inlet 100 240 VAC 50 60Hz 20A Branch Circuit 15A max input current Model SLB088411 01 4 NEMA5 15R outlets 100 120 VAC 50 60Hz 20A Branch Circuit 15A max per outlet 16A total 15A Branch Circuit 12A max per outlet 12A total Model SLB088412 01 4 IEC60320 C13 outlets 208 240 VAC 50 60Hz 20A Branch Circuit
26. Device Ports Settings Help Connected to undefined v gt IP Settings Enable Telnet in 7 Port 2003 Authenticate Enable SSH In V Port 3003 Authenticate Enable TCP In C Port 4003 Authenticate 7 IP Address Web SSH Telnet Columns 80 Rows 24 Modem Settings State Disabled Mode Text PPP Initialization Script Modem Timeout No Yes seconds 1 9999 Caller ID Logging Modem Command Text Mode Timeout Logins No Yes minutes 1 30 Local User Number Fixed Number Dial back Number Dial in Host List Host Lists gt PPP Mode Yes Local IP Negotiate IP Address No Remote IP Authentication PAP CHAP HostUser Name CHAP Handshake SecretUser Password Same authentication for Dial in amp Dial on Demand DOD DOD Authentication PAP CHAP Host User Name DOD CHAP Handshake SecretUser Password Enable NAT Note Enabling NAT requires IP Forwarding to be enabled Dial out Number Dial out Login Dial out Password Retype Restart Delay seconds Apply Apply Settings none w to Device Ports Note In addition to applying settings to the currently selected Device Port all orsome of the settings can also be applied to other Device Ports SLB Branch Office Manager User Guide 85 8 Device Ports To ente
27. Mapping a Rule Set The administrator can assign an IP Filter Rule Set to a network interface Ethernet interface a modem connected to a Device Port or a PC Card modem SLB Branch Office Manager User Guide 56 6 Basic Parameters To map a rule set to a network interface 1 Onthe IP Filter page select the IP filter rule set to be mapped 2 From the Interface drop down list select the interface and click the Map Ruleset button The Interface and rule set display in the IP Filter Mappings table To delete a mapping 1 On the IP Filter page select the mapping from the list and click the Delete Mappings button The mapping no longer displays 2 Click the Apply button IP Filter Commands The following CLI commands correspond to the web page entries described above To enable or disable IP filtering for incoming network traffic set ipfilter state To set IP filter mapping set ipfilter mapping lt parameters gt Parameters ethernet lt 1 2 gt state lt disable gt ethernet lt 1 2 gt state lt enable gt ruleset lt Ruleset Name gt deviceport lt 1 48 gt state lt disable gt deviceport lt 1 48 gt state lt enable gt ruleset lt Ruleset Name gt pccardslot lt upper lower gt state lt disable gt pecardslot lt upper lower gt state lt enable gt ruleset lt Ruleset Name gt To set IP filter rules set ipfilter rules lt parameters gt Parameters add lt Ruleset Nam
28. Mode Idle CTS No RTS Yes Device Port 2 DSR CD No Name Port 2 DTR Yes Mode Idle CTS No RTS Yes Device Port 3 DSR CD No Name Port 3 DTR Yes Mode Idle CTS No RTS Yes Device Port 4 DSR CD No Name Port 4 DTR Yes Mode Idle CTS No RTS Yes Device Port 5 DSR CD No 4 To view a report click the link for that report To email the report s to Lantronix Technical Support a Inthe Comment field enter a comment if desired b Select to Lantronix Tech Support c Call Lantronix Tech Support and obtain a case number Note For contact information click the Lantronix Tech Support link d Enter the number in Case Number e Press the Email Output button 6 To email the report s to an individual a Inthe Comment field enter a comment if desired b Select to and enter the person s email address c Press the Email Output button SLB Branch Office Manager User Guide 201 12 Maintenance and Operation Status Commands These commands for the command line interface correspond to the web page entries described above To display device port modes and states for one or more ports You can optionally email the displayed information show portstatus deviceport lt Device Port List or Name gt email lt Email Address gt To display a snapshot of configurable parameters You can optionally email the displayed information show sysconfig display lt basic auth devices gt email
29. Power Outlet 2 Reboot Q Outlet P3 Status On Power State on Oof Name PowerOutlet3 Wakeup Mode Oon off O Last State Description Power Outlet 3 Reboot Outlet P4 Status On Power State on Ooff Name PowerOutlet 4 Wakeup Mode Oon off OLast State Description Power Outlet 4 Reboot Apply 2 Enter the following Switching Delay Number of milliseconds the SLB branch office manager between subsequent switching The range is 1000 2500 msec The default is 2000 msec 2 sec Over Current If SNMP traps are enabled see 7 Services a trap alarm is Alarm sent if the total current for all outlets exceeds a threshold Enter CLI Current Level for Displays the total load carried by the outlets all Outlets the number of amps measured in tenths of an amp above which the SLB device sends a trap The maximum is 180 Note If the alarm goes off a warning message displays on the 3 View or enter the following information for each outlet Outlet Displays the number of the outlet being configured Status Displays the current state of the outlet Name User configurable name identifying the outlet Description User configurable text describing the outlet optional Power State Select whether the power should be on or off Default is Off Wakeup Mode Select whether after a reboot the power state for the outlet SLB Branch Office Manager User Guide 107 8 Device Ports
30. Secure shell SSH security supports numerous other security protocols Network File System NFS and Common Internet File System CIFS support Telnet or SSH to a serial port by IP address per port or by IP address and TCP port number Configurable user rights for local and remotely authenticated users Support for an internal PC Card modem or an external modem Sun break safe no unintentional break ever sent to attached servers Simultaneous access on the same port listen and direct connect mode Local access through a console port Web administration using most browsers SLB Branch Office Manager User Guide 16 2 Overview Protocols Supported The SLB branch office manager supports the TCP IP network protocol as well as SSH Telnet PPP NFS and CIFS for connections in and out of the SLB device SMTP for mail transfer DNS for text to IP address name resolution SNMP for remote monitoring and management FTP and SFTP for file transfers and firmware upgrades TFTP and HTTPS for firmware upgrades DHCP and BOOTP for IP address assignment HTTPS SSL for secure browser based configuration NTP for time synchronization LDAP NIS RADIUS CHAP PAP Kerberos and TACACS for user authentication o o o o For brief descriptions of these protocols see Appendix Protocol Glossary Access Control The system administrator controls access to attached servers or devices by assigning access rights to up to 128 us
31. belong Group Select the group to which the Kerberos users will belong Default Users This group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Networking Date Time Reboot amp Shutdown and Diagnostics amp Reports Administrators This group has all possible rights 4 Select or clear the checkboxes for the following rights SLB Branch Office Manager User Guide 160 11 User Authentication Full Administrative Right to add update and delete all editable fields Networking Services Right to enter Network settings Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure IT management units e g SLP power managers Spiders SLB branch office managers on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Right to assign a remote user to a user group and assign a Authentication set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for Kerberos users Reboot amp Right to use the CLI or shut down the SLB branch office Shutdown manager and then reboot it Firmware amp Right to upgrade the firmware on th
32. boot Boot default runs boot cmd bootcheck Checks boot bank information bootinfo Displays boot bank information bootsel 1 2 Selects boot bank 1 or boot bank 2 IDE Accesses the IDE sub system mtest Performs a simple test of the RAM su cust admin Switches to another user from cust customer to adm administrator and vice versa version Prints the bootloader version whoami SLB Branch Office Manager User Guide 264 A Bootloader Displays information about the current user Administrator Commands In addition to the commands that the user can issue the administrator can issue the following commands imagecopy Copies an image of the drive from the lower PCMCIA device to the internal CF card passwd Provides a new password for user admin The default password for user admin is admin User cust does not have a password ping Sends a ping request to the network host printenv Prints bootloader variables setenv Sets environment variables SLB Branch Office Manager User Guide 265 B Security Considerations The SLB branch office manager provides data path security by means of SSH or Web SSL Even with the use of SSH SSL however do not assume you have complete security Securing the data path is only one measure needed to ensure security This appendix briefly discusses some important security considerations Security Practice Develop and document a Security Practice The Sec
33. lt Email Address Displays a report of all configurable parameters or a shorter report with basic system settings authentication settings or device settings To generate a report for one or more ports You can optionally email the displayed information show portcounters deviceport lt Device Port List or Name gt email lt Email Address gt To display the overall status of all SLB devices You can optionally email the displayed information show sysstatus email lt Email Address gt To display a list of all current connections You can optionally email the displayed information show connections email lt Email Address gt To provide details e g endpoint parameters and trigger for a specific connection You can optionally email the displayed information show connections connid lt Connection ID gt email lt Email Address gt Note Use the basic show connections command to obtain the Connection ID Events On this page you can define what action you want to take for events that may occur in the SLB branch office manager 1 Click the Maintenance tab and select the Events option The following page displays SLB Branch Office Manager User Guide 202 12 Maintenance and Operation ANIT2C YN X ee P LANTRONIX SLB884 2460 ENNE User sysadmin Select port for configuration or O webssH Device Port only Preto semces Userhuentcaton or cnc seu o7 8 Firmware amp
34. lt IP Address gt port lt UDP Port gt hostlist lt Host List gt lt SSH To configure initial timeout for outgoing connections Note This is not a TCP timeout connect global outgoingtimeout lt disable 1 9999 seconds gt SLB Branch Office Manager User Guide 131 10 Connections To monitor a device port connect listen deviceport lt Device Port or Name gt To connect a device port to another device port or an outbound network connection data flows in both directions connect bidirection lt Port or Name gt lt endpoint gt Endpoint is one of charcount lt of Chars gt charsegq lt Char Sequence gt charxfer lt toendpoint fromendpoint gt deviceport lt Device Port or Name gt date lt MMDDYYhhmm ss gt exclusive lt enable disable gt ssh lt IP Address or Name gt port lt TCP Port lt SSH flags gt where lt SSH flags gt is one or more of user lt Login Name gt version lt 1 2 gt command lt Command to Execute gt tcp lt IP Address gt port lt TCP Port gt telnet lt IP Address or Name gt port lt TCP Port gt trigger lt now datetime chars gt udp lt IP Address gt port lt UDP Port gt Note If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or characters or a character sequence enter the charxfer parameter and either th
35. lt enable disable gt SLB Branch Office Manager User Guide 144 11 User Authentication To configure attributes for users who log in by a remote authentication method set remoteusers add edit lt User Login gt lt parameters gt Parameters accessoutlets lt Outlet List gt breakseq lt 1 10 Chars gt clearports lt Port List gt dataports lt Port List gt scapeseq lt 1 10 Chars gt group lt default power admin gt listenports lt Port List gt permissions lt Permissions List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad To remove a permission type a minus sign before the two letter abbreviation for a user right To remove a remote user set remoteusers delete lt User Login gt To view settings for all remote users show remoteusers To view the rights of the currently logged in user show user NIS The system administrator can configure the SLB branch office manager to use NIS to authenticate users attempting to log in to the SLB device through the Web SSH Telnet or the Console port If NIS does not provide port permissions you can use this page to grant device port access to users who are authenticated through NIS All NIS users are members of a group that has predefined user rights associated with it You can assign additional user rights that are not defined by the group To configure the SLB branch office manager
36. Configuration Name to Save To or Restore From E Save Configuration Location for Save Restore or Manage Restore Factory Defaults Default Saved Configurations selectone Y Restore Saved Configuration FTP Server Use FTP SFTP Save with Config or Preserve with Restore NFS Mounted Directory O SSHKeys FJ SSL Certificate CIFS Share Saved Configurations select one Y Preserve Configuration after Restore PC Card Use Upper Slot Lower Slot Networking Local Users Saved Configurations select one Date Time Device Ports Services PC Card Remote Auth Power Outlets 2 Enter the following General Reboot Select this option to reboot the SLB branch office manager immediately The default is No Note The front panel LCD displays the Rebooting the SLB message and the normal boot sequence occurs Shutdown Select this option to shut down the SLB device The default is No Welcome Banner The text to display on the command line interface before the user logs in Welcome to the SLB is the default Note To create more lines use the n character sequence SLB Branch Office Manager User Guide 180 12 Maintenance and Operation Login Banner The text to display on the command line interface after the user logs in Default is blank Note To create more lines use the n character sequence Logout Banner The text to display on the command line interfa
37. Configurations SystemLogs AuditLog Diagnostics Status Reports Events Events Help Event Tigger x Action Syslog Ethernet Eth1 Eth2 Modem Connection on Upper PC Card Slot Lower PC Card Slot Device Port NMSiHost to forward trap to SNMP Community O SNMP Trap OID Email Address To edit or delete an event Add Event Edit Event Delete Event select the radio button in the right column below Events id Event Trigger Action Alarm Options Enter the following Event Trigger From the drop down list select the type of incident that triggers an event Currently the options are Receive Trap Temperature Over Under Limit For Sensorsoft devices Humidity Over Under Limit For Sensorsoft devices Action From the drop down list select the action taken because of the trigger For example the action can be writing an entry into the syslog with details of the event or sending the trap s to the Ethernet or modem connection Ethernet For actions that require an Ethernet connection for example Forward All Traps to Ethernet select the Ethernet port to use Modem For actions that require a modem connection for example Connection on Forward All Traps to a Modem Connection select which device port or PC Card slot with a modem connection to use NMS Host to For actions that forward a trap enter the IP address of the forward trap to computer to forward the trap to The computer does not
38. Devices made by Sensorsoft are used to monitor environmental conditions 1 Inthe Connected to field above the IP Settings section of the Device Ports Settings page select Sensorsoft 2 Click the Device Commands link The following page displays ANT2O 11357 Sf LANTRONIX SLB884 22468 Mim 2 7 User sysadmin Select port for configuration or webSSH Device Port only Network J Services User Authentication e Maintenance duck setup a 8 Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists Device Ports Sensorsoft Help Sensorsoft Devices Sensorsoft Status gt Device Device Port Temp Low High Humidity Low High Traps Port Name Cc Temp Temp Humidity Humidity 3 Port 3 0 0 lo 25 0 0 o 100 o lt Back to Device Port Settings 3 Select a port and enter or view the following information Device Port view Number of the SLB port only Device Name view Name of the SLB port only Temp C Current temperature degrees Celsius on the device the sensor is monitoring Low Temp Enter the temperature degrees Celsius permitted on the monitored device below which the SLB branch office manager sends a trap High Temp Enter the temperature degrees Celsius permitted on the monitored device above which the SLB device sends a trap SLB Branch Office Manager User Guide 93 8 Device Ports Humidity Current relative humidity on the device th
39. Filter rulesets Select No to disable the timer Select Yes minutes 1 120 to enable the timer and enter the number of minutes the timer should run The timer automatically disables the IP Filters when the time expires Time Remaining Indicates how many minutes are left on the timer before it view only expires and IP Filters are disabled Configuring IP Filters The administrator can add edit delete and map IP filters Note A configured filter has no effect until it is mapped to a network interface See Mapping a Rule Set on page 56 SLB Branch Office Manager User Guide 54 6 Basic Parameters To add an IP filter 1 On the IP Filter page click the Add Ruleset button The following page displays LANTRONIX siBse4 mzao MEME Logout User sysadmin Select port for configuration or O webssH Device Port only Network Settings IP Filter Routing Network IP Filter Ruleset Help Ruleset Name Rule Parameters Rules in order of precedence IP Address 0 0 0 0 0 All Drop Subnet Mask gt g Protocol All hz Port Range Action Drop Reject Accept BOOTP DHCP O Telnet O HTTP O FTP DNS O SNMP Ons SFTP Generate rule to allow service O RIP SMTP LDAP TFTP NTP O NFS RaDIUS LDP Syslog SMBICIFS Kerberos SLB Logging 88H HTTPS O TACACS lt Back to IP Filter 2 Enter the following Ruleset N
40. IP Forwarding network parameters set network lt parameters gt Parameters interval lt 1 99999 Seconds gt ipforwarding lt enable disable gt probes lt Number of Probes gt startprobes lt 1 99999 Seconds gt SLB Branch Office Manager User Guide 52 6 Basic Parameters To view all network settings show network all To view Ethernet port settings and counters show network port lt 1 2 gt To view DNS settings show network dns To view gateway settings show network gateway To view the host name of the SLB device show network host IP Filter IP filters also called a rule set act as a firewall to allow or deny individual or a range of IP addresses ports and protocols When a network connection is configured to use an IP filter all network traffic through that connection is compared in order to the rules of that filter Network traffic may be allowed to pass it may be dropped without notice or it may be rejected sends back an error packet depending upon the rules of that filter rule set The administrator uses the Network IP Filter page to view add edit delete and map IP filters Warning IP filters configuration is a feature for advanced users Adding and enabling IP filter sets incorrectly can disable your SLB branch office manager Viewing IP Filters You can view a list of filters and a table showing how each filter is mapped to an interface To view a list
41. Internet File System Microsoft s file sharing protocol to export a directory on the SLB branch office manager as an SMB CIFS share The SLB device exports a single read write CIFS share called public with two subdirectories The logs directory which contains the system logs and the device port local buffers see System Logs on page 190 and is read only The config directory which contains saved configurations and is read write The share allows users to access the contents of the directory or map the directory onto a Windows computer Users can also access the device port local buffers from the CIFS share see Device Ports Logging on page 98 To configure NFS and SMB CIFS 1 Click the Services tab and select the NFS CIFS option The following page displays SLB Branch Office Manager User Guide 69 7 Services LANTRONIX SLB884 User sysadmin NFS Mounts Remote Directory NFS amp SMBICIFS Local Directory 414357 BESS ae2ass amp Select port for configuration or O webssH Device Port only SSH Telnet Logging SNMP NFS CIFS SecureLinx Network Date amp Time Help Read Write Mo i 1 2 a N 3 q SMB CIFS Share Share SMB CIFS directory Network Interfaces Eth1 172 18 21 64 CIFS User Password Retype Password Workgroup Eth2 The SLB can be configured to share a d
42. Lantronix web site Figure 2 6 PC Card Interface SLB Branch Office Manager User Guide 21 3 Installation This chapter provides a high level procedure for installing the SLB branch office manager followed by more detailed information about the SLB connections and power supplies Caution To avoid physical and electrical hazards please be sure to read C Safety Information before installing the SLB device What s in the Box In addition to the SLB branch office manager the box contains the following items Adapters 200 2066A Adapter DB25M DCE Sun w DB25 female 200 2067A Adapter DB25F DCE to RJ45 Sun w DB25 male and some HP9000 s 200 2069A Adapter DB9M DCE to RJ45 SGI Onyx 200 2070A Adapter DB9F DCE to RJ45 HP9000 SGI Origin IBM RS6000 and PC based Linux servers ADP010104 01 Adapter RJ45 rolled serial Cisco and Sun Netra Note An optional adapter for external modems is also available from Lantronix 200 2073 Adapter DB25M DCE to RJ45 external modems Cables 500 184 R Cable RJ45 to RU45 Cat 5 1 Ft 3m 200 0063 Cable RJ45 to RJ45 Cat 5 6 6 ft 2 m 500 153 Cable RJ45 Loopback Power Cords SLPP12310 01 Inlet cord IEC60320 C19 to NEMA 5 15P 15A 8 FT SLPP12810 01 Inlet cord IEC60320 C19 to Schuko EU 8 Ft SLPP12910 01 Inlet cord IEC60320 C19 to BS1363 Uk 8 Ft SLPP12A08 01 Inlet cord IEC60320 C19 to AS3112 AUS NZ
43. Manager User Guide 158 11 User Authentication LANTRONIX SLB884 135 7 MD 5 be bbs ips 22463 BRS User sysadmin Select port for configuration or webSSH Device Port only OE oe nonca vovees J wartonance P cucr sep e788 Authentication Methods Local Remote Users NIS LDAP RADIUS Kerberos TACACS SSHKeys Kerberos Help Enable Kerberos The SLB can be configured to use Kerberos to authenticate users who Realm login to the SLB via SSH Telnet the Web or the Console Port Kerberos users are granted Device Port KDC access through the port permissions below KDC IP Address KDC Port 88 Custom Menu lt none gt Data Ports 1 8 U L Use LDAP Escape Sequence x1bA Listen Parts 1 8 U L Note If LDAP is used for user lookup ia please configur the LDAP settings gt Break Sequence x1bB Clear Port Buffers 1 8 U L Access Outlets 1 4 User Rights Default Users All Kerberos users are members of a group which Groun Power Users u O Administrators defined by the group can be added Full Administrative 7 Local Users Reboot amp Shutdown C Networking C Remote Authentication Firmware amp Configuration C Services SSH Keys Diagnostics amp Reports C SecureLinx Network C User Menus Device Ports C Date Time C Web Access PC Card C Power Outlets C 2 Enter the following Enable Kerber
44. Reference set deviceport port lt Device Port List or Name gt lt one or more deviceport parameters gt Parameters emaildelay lt Email Delay gt emaillogging lt disable bytecnt charstr gt emailrestart lt Restart Delay gt emailsend lt email trap both gt emailstring lt Regex String gt emailsubj lt Email Subject gt emailthreshold lt Byte Threshold gt emailto lt Email Address gt filedir lt Logging Directory gt filelogging lt enable disable gt filemaxfiles lt Max of Files gt filemaxsize lt Max Size of Files gt locallogging lt enable disable gt name lt Device Port Name gt nfsdir lt Logging Directory gt nfslogging lt enable disable gt nfsmaxfiles lt Max of Files gt nfsmaxsize lt Size in Bytes gt pccardlogging lt enable disable gt pccardmaxfiles lt Max of Files gt pccardmaxsize lt Size in Bytes gt pccardslot lt upper lower gt SLB Branch Office Manager User Guide 248 14 Command Reference sysloglogging lt enable disable gt Description Configures logging settings for one or more device ports Local logging must be enabled for a device port for the Locallog commands to be executed To use the set locallog clear command the user must have permission to clear port buffers see 11 User Authentication Example set deviceport port 2 5 6 12 15 16 baud 2400 locallogging enable show locallog Syntax sh
45. Right to configure power outlets 5 Click the Apply button Note You must reboot the unit before your changes will take effect SLB Branch Office Manager User Guide 152 11 User Authentication LDAP Commands These commands for the command line interface correspond to the web page entries described above To configure the SLB branch office manager to use LDAP to authenticate users who log in via the Web SSH Telnet or the console port set ldap lt one or more parameters gt Parameters accessoutlets lt Outlet List gt adsupport lt enable disable gt Enables or disables active directory base lt LDAP Base gt bindname lt Bind Name gt breakseq lt 1 10 Chars gt dataports lt Ports List gt listenports lt Port List gt clearports lt Port List gt scapeseq lt 1 10 Chars gt bindpassword lt Bind Password gt encrypt lt enable disable gt port lt TCP Port gt Default is 389 server lt IP Address or Hostname gt state lt enable disable gt To set user group and permissions for LDAP users group lt default power admin gt To set permissions for LDAP users not already defined by the user rights group permissions lt Permission List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad To remove a permission type a minus sign before the two letter abbreviation for a user right To set a default custom menu for LDA
46. SLPP012310 01 SLB Branch Office Manager User Guide 19 2 Overview The max input output current is de rated to 16A when using the optional NEMA 5 20P 20A cable p n SLPP012410 01 SLPP012510 01 SLPP012610 01 Serial Connections All devices attached to the device ports and the console port must support the RS 232C EIA 232 standard Category 5 cabling with RJ45 connections is used for the device port connections and for the console port For pinout information see D Adapters and Pinouts Note RJ45 to DB9 DB25 adapters are available from Lantronix Device ports and the console port support eight baud rate options 300 600 1200 2400 4800 9600 19200 38400 57600 and 115200 baud Figure 2 3 Device Port Connections Figure 2 4 Console Port Connection SLB Branch Office Manager User Guide 20 2 Overview Network Connections The SLB network interfaces are 10Base T 100Base TX connectors for use with a conventional Ethernet network Use standard RJ45 terminated Category 5 cables Network parameters must be configured before the SLB branch office manager can be accessed over the network Note One possible use for the two Ethernet ports is to have one port on a private secure network and the other on a public unsecured network Figure 2 5 Network Connection PC Card Interface The SLB has two PC Card slots Lantronix qualifies cards continuously and publishes a list of qualified cards on the
47. Status and Counters DSRICD No DTR Yes CTS No RTS Yes Bytes input 0 Bytes output 0 Framing errors 0 Parity errors 0 Overrun errors 0 Flow Control errors 0 Seconds since zeroed 84127 Device Ports SLP Power Manager On the Device Ports SLP page configure commands to send to an SLP power manager or SLP expansion chassis that expands the number of power ports SLB Branch Office Manager User Guide 91 8 Device Ports To open the Device Ports SLP page 1 Inthe Connected to field above the IP Settings section of the Device Ports Settings page select an SLP or SLPEXP 2 Click the Device Commands link The following page displays ANITOO NI X ZE 57 BESS A L I IT 9 ii SLB884 22468 BSSS P1 P2 P3 P4 E User sysadmin Select port for contiguration or O webssH Device Port only id Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists Device Ports SLP Help Port 3 SLP Status nfo Name Port 3 Outlet Status gt TowerA TowerB Device SLP8 all Outlets SLP Login Single Outlet r Environmental Status gt SLP Password Infeed Status gt Retype Password System Info gt SLP Commands Restart SLP Control Outlet No Action x TowerA O TowerB All Outlets O Single Outlet lt Back to Device Port Settings Apply To enter SLP commands 1 Enter the following SLP Login User ID for logging into the SLP power
48. Support Contact Lantronix Tech Support gt to receive a case number Case Number Arp Table Address Hultype Huaddress 172 186 100 26 ether 00 01 02 4F D6 D5 172 16 100 29 incompl eth0 172 18 21 68 ether 00 40 05 35 F0 6E 172 18 21 68 ether 00 40 05 35 F0 6E Netstat All Ip 1262989 total packets received 22 with invalid headers 0 forwarded 0 incoming packets discarded 1256160 incoming packets delivered 47793 requests sent out 66 reassemblies required 33 packets reassembled ok 32 fragments received ok Icmp 11840 ICMP messages received 11338 input ICMP message failed ICMP input histogram destination unreachable 11840 11841 ICMP messages sent 0 ICMP messages failed ICMP output histogram destination unreachable 11841 Tep 5 artive rannertiana nneninna 4 To view a report click the link for that report 5 To email the report s to an individual a Inthe Comment field enter a comment if desired b Select to and enter the person s email address c Press the Email Output button 6 To email the report s to Lantronix Technical Support a Inthe Comment field enter a comment if desired b Select to Lantronix Tech Support c Call Lantronix Tech Support and obtain a case number Note For contact information click the Lantronix Tech Support link d Enter the number in Case Number e Press the Email Output button SLB Branch Office Manager User Guide 197 12 Maintenance and Operatio
49. TCP Port gt Description Identifies the RADIUS server s the text secret and the number of the TCP port on the RADIUS server Note The default port is 1812 show radius Syntax show radius Description Displays RADIUS settings SLB Branch Office Manager User Guide 227 14 Command Reference TACACS Commands set tacacs Syntax set tacacs lt one or more parameters gt Parameters accessoutlets lt Outlet List gt clearports lt Port List gt custommenu lt Menu Name gt dataports lt Port List gt encrypt lt enable disable gt breakseq lt 1 10 Chars gt escapeseq lt 1 10 Chars gt group lt default power admin gt listenports lt Port List gt permissions lt Permission List gt Note See User Permissions Commands on page 228 for information on groups and user rights secret lt TACACS Secret gt serverl lt IP Address or Name gt server2 lt IP Address or Name gt server3 lt IP Address or Name gt state lt enable disable gt Description Configures the SLB branch office manager to use TACACS to authenticate users who log in via the Web SSH Telnet or the console port show tacacs Syntax show tacacst Description Displays TACACS settings User Permissions Commands set localusers group Syntax set localusers add edit lt user gt group lt default power admin gt SLB Branch Office Manager User Guide 228 14 Command Reference Description Adds a
50. Telnet into the SLB branch office manager or use the web interface BOOTP Similar to DHCP but for smaller networks Detector A Windows based application downloadable at hittp www lantronix com support downloads for viewing a DHCP provided IP address or for assigning a static IP address to the SLB branch office manager You can use Detector only if you have not already assigned a static IP address by another method For more information see Detector s online help SLB Branch Office Manager User Guide 29 4 Quick Setup Front panel LCD You manually assign the IP address and other basic network display and console and date time settings If desired you can restore the pushbuttons factory defaults Serial port login to You assign an IP address and configure the SLB branch office command line manager using a terminal or a PC running a terminal emulation interface program to the SLB device s serial console port connection Method 1 Using the Front Panel Display Before You Begin Make sure you know An IP address that will be unique and valid on your network unless automatically assigned Subnet mask unless automatically assigned Gateway DNS settings Date time and time zone Console port settings baud rate data bits stop bits parity and flow control Make sure the SLB branch office manager is plugged in to power and turned on Front Panel LCD Display and Pu
51. Within edit mode to increase or decrease a numerical up and down arrows entry Within edit mode to move the cursor right or left right or left arrows To exit edit mode Enter To scroll up or down the list of parameters within an option up and down arrows e g from IP Address to Mask Table 4 2 Front Panel Setup Options with Associated Parameters right left arrow el Eth1 IP Address Baud Rate Time Zone Firmware version and Eth1 Subnet Mask _ pata Bits Date Time date code display only Gateway Parity Restore Factory DNS1 Flow Control Defaults DNS2 DNS3 Entering the Settings To enter setup information 1 From the normal display host name date and time press the right arrow button to display Network Settings The IP address for Eth1 displays SLB Branch Office Manager User Guide 31 4 Quick Setup Note If you have connected Eth to the network and Eth is able to acquire an IP address through DHCP this IP address displays followed by the letter D Otherwise the IP address displays as all zeros 000 000 000 000 2 Press the Enter button on the keypad to enter edit mode A cursor displays below one character of the existing IP address setting 3 To enter values Use the left or right arrow to move the cursor to the left or to the right position Use the up or down arrow to increment or decrement the numerical value 4 When you have the IP addr
52. an old password after using 4 other passwords Password Lifetime days The number of days until the password expires The default setting is 90 Warning Period days The number of days ahead that the system warns that the user s password will expire The default setting is 7 Max Login Attempts The number of times up to 8 the user can attempt to log in unsuccessfully before the system locks the user out The default setting is 0 disabled Lockout Period minutes The number of minutes up to 90 the locked out user must wait before trying to log in to the web interface again The default setting is 0 disabled 3 Click the Apply button To add edit or delete a user You can delete a user listed in the table on this page or open the page for adding or editing a user You have the following options To add a user click the Add Edit User button The Local Remote User Settings page displays See Local Remote User Settings below To edit a user select the user in the table and click the Add Edit User button The Local Remote User Settings page displays To delete a user select the user in the table click the Delete button and then click the Apply button Local Remote User Settings On this page you can add edit or delete a local or remote user To add a user 1 On the Local Remote Users page described above click the Add Edit User button The Local Rem
53. and Audience Chapter Summaries Additional Documentation 2 Overview Features Console Management 10 10 11 12 12 12 Power Management Outlets for Power Connectivity 12 Ethernet Switch 12 Integration with Other Secure IT Management Products Meets Needs of Branch Offices 12 13 Typical Equipment 14 Types of Business 14 Benefits Models System Features Protocols Supported 14 15 16 17 Access Control 17 Power Outlet Control 17 Device Port Buffer 17 Configuration Options 17 Application Example Hardware Features Serial Connections 18 19 20 Network Connections 21 PC Card Interface 21 3 Installation What s in the Box Product Information Label 22 22 23 Technical Specifications Physical Installation Connecting to a Device Port 23 24 25 Connecting to a Network Port 25 Connecting a Terminal 25 Connecting to a Power Source 26 SLB Branch Office Manager User Guide Connecting Devices to Power Outlets 26 Connecting Devices to the 8 Port Ethernet Switch 27 Typical Installations 27 4 Quick Setup 29 IP Address 29 Method 1 Using the Front Panel Display 30 Before You Begin 30 Front Panel LCD Displa
54. and press Enter admin banner show Syntax admin banner show Description Displays the welcome login and logout banners admin banner welcome Syntax admin banner welcome lt Banner Text gt Description Configures the banner displayed before the user logs in Note To go to the next line type n and press Enter SLB Branch Office Manager User Guide 214 14 Command Reference admin config delete Syntax admin config delete lt Config Name gt location lt default cifs pccard gt pccardslot lt upper lower gt Description Deletes a configuration admin config factorydefaults Syntax admin config factorydefaults savesshkeys lt enable disable gt savesSLBert lt enable disable gt preserveconfig lt Config Params to Preserve gt lt Config Params to Preserve gt is a comma separated list of current configuration parameters to retain after the config restore or factorydefaults nt Networking lu Local Users sv Services dp Device Ports dt Date Time pe PC Card po Power Outlets Description Restores the SLB branch office manager to factory default settings admin config restore Syntax admin config restore lt Config Name gt location lt default ftp sftp lnfs cifs pccard gt nfsdir lt NFS Mounted Dir gt pccardslot lt upper lower gt preserveconfig lt Config Params to Preserve gt lt Config Params to Preserve gt is acomma separated list of current configurati
55. can cause an idle connection to disconnect after a specified number of minutes Select Yes and enter a value of from 1 to 30 minutes Note You must reboot the unit before a change will take effect Allows you to change the SSH login port to a different value in the range of 1 65535 The default is 22 Note You must reboot the unit before a change will take effect SSH Enable Logins Web SSH Timeout SSH Port SSH V1 Logins Telnet Enables or disables SSH version 1 connections to the SLB branch office manager Enabled by default Note Disabling SSH V1 blocks Web SSH CLI and Web SSH to device port connections on the SLB Network page Also you must reboot the SLB device before a change will take effect Enable Logins Enables or disables Telnet logins to the SLB branch office manager to allow users to access the CLI using Telnet Disabled by default This setting does not control Telnet access to individual device ports See Device Ports Settings on page 84 for information on enabling Telnet access to individual ports You may want to keep this option disabled for security reasons SLB Branch Office Manager User Guide 62 7 Services Web Telnet Enables or disables the ability to access the SLB command line interface or device ports connect direct through the Web Telnet window Disabled by default Timeout If you enable Telnet logins you can cause an idle connection to dis
56. command sshkey password history cli locallog power show network ipfilter routing datetime ntp services nfs cifs menu hostlist auth localusers nis ldap radius kerberos tacacs consoleport deviceport locallog sysstatus syslog auditlog portstatus sysconfig portcounters connections slcnetwork sshkey history cli user remoteusers power connect direct listen bidirection unidirection terminate diag ping loopback traceroute arp lookup netstat perfstat sendpacket nettrace internals pecard storage modem admin reboot shutdown ftp config firmware version banner keypad quicksetup web events lcd logout Terminates CLI session SLB Branch Office Manager User Guide 44 5 Web and Command Line Interfaces Command Line Help For general Help and to display the commands to which you have rights type help For general command line Help type help command line For more information about a specific command type help followed by the command for example help set network Orhelp admin firmware Tips Type enough characters to identify the action category or parameter name uniquely For parameter values type the entire value For example you can shorten set network port 1 state static ipaddr 122 3 10 1 mask 455255040 to se net po 1 st static ip 122 3 10 1 ma 255 255 0 0 Use the Tab key to automatica
57. each device port IP Routes Displays the routing table Connections Displays all active connections for the SLB branch office manager Telnet SSH TCP UDP device port and modem System Configuration Complete Displays a complete snapshot of the SLB settings System Configuration Basic Displays a snapshot of the SLB device s basic settings for example network date time routing services console port System Configuration Authentication Displays a snapshot of authentication settings only including a list of all localusers System Configuration Devices Displays a snapshot of settings for each device port and each PC Card slot for a PC Card 3 Click the Generate Report button In the upper left the report page displays a list of reports generated SLB Branch Office Manager User Guide 200 12 Maintenance and Operation Go to the Google home page Google home page SLB884 P1 P2 P3 P4 User sysadmin Select port for configuration or O WebSSH Device Port only a m Firmware amp Configurations SystemLogs AuditLog Diagnostics Status Reports Events 2 Status Reports Help Email Output Comment 2 i Note A valid case number is Report s i 5 port s to required to submit an e mail to Tech Support Port Status to Lantronix Tech Support Contact Lantronix Tech Support gt Case to receive a case number Number Port Status Device Port 1 DSR CD No Name Port 1l DTR Yes
58. email and SNMP logging select what type of notification log to send Email SNMP or Both Email is the default Trigger on Byte Threshold Email Delay Select the method of triggering a notification Byte Count A specific number of bytes of data This is the default Text String Recognition A specific pattern of characters which you can define by a regular expression Note Text string recognition may negatively impact the SLB device s performance particularly when regular expressions are used The number of bytes of data the port receives before the SLB branch office manager captures log data and sends a notification regarding this port The default is 100 bytes In most cases the console port of your device does not send any data unless there is an alarm condition After the SLB device receives a small number of bytes it perceives that your device needs some attention The SLB branch office manager notifies your technician when that point has been passed and the notification includes the logged data For example a threshold preset at 30 characters means that as soon as the SLB device receives 30 bytes of data it captures log data and sends an email regarding this port A time limit of how long in seconds after the SLB branch office manager detects the trigger that the device port captures data before closing the log file with a fixed internal buffer maximum capacity of 1500 bytes and sending a notifica
59. find any symbols turning off symbol lookups Aug 21 15 58 38 2007 tsslb8 kernel klogd 1 4 1 log source proc kmsg started Aug 21 22 02 45 2007 slb423d xdd net err cannot open message queues No such file or directory retrying Aug 21 22 02 46 2007 slb423d xld dev err cannot open message queues No such file or directory retrying Aug 21 22 03 42 2007 slb423d kernel MAX_COUPLER 256 MAX_OPENS 64 Aug 21 22 03 42 2007 slb423d kernel IO window 00001000 00001fff Aug 21 22 03 42 2007 slb423d kernel I0 window 00002000 00002fff Aug 21 22 03 42 2007 slb423d kernel I0 window 00003000 00003fff Aug 21 22 03 42 2007 slb423d kernel I0 window 00004000 00004fff Aug 21 22 03 42 2007 slb423d kernel MEM window 42000000 43ffffff Aug 21 22 03 42 2007 slb423d kernel MEM window 46000000 47ffffff Aug 21 22 03 42 2007 slb423d kernel PREFETCH window 40000000 41ffffff Aug 21 22 03 42 2007 slb423d kernel PREFETCH window 44000000 45ffffff Aug 21 22 03 42 2007 slb423d kernel memory 08000000 00000000 usable Aug 21 22 03 42 2007 slb423d kernel PRId 01030202 396MHZ Aug 21 22 03 42 2007 slb423d kernel BCLK switching enabled LJ To email the system log to an individual a Inthe Comment field enter a comment if desired b Select to and enter the person s email address c Press the Email Output button To email the system log to Lantronix Technical Support a Inthe Comment field enter a comment if desired b Selec
60. for the administration port so the console port defaults to this value Data Bits Number of data bits used to transmit a character From the drop down list select the number of data bits The default is 8 data bits Stop Bits The number of stop bits that indicate that a byte of data has been transmitted From the drop down list select the number of stop bits The default is 1 Parity Parity checking is a rudimentary method of detecting simple single bit errors From the drop down list select the parity The default is none Flow Control A method of preventing buffer overflow and loss of data The available methods include none xon xoff software and RTS CTS hardware The default is none Timeout The number of minutes 1 30 after which an idle session on the console is automatically logged out Disabled by default Show Lines on If selected when you connect to the console port with a terminal Connecting emulator you will see the last lines output to the console for example the SLB boot messages or the last lines output during a CLI session on the console 3 Click the Apply button to save the changes Console Port Commands The following CLI commands correspond to the web page entries described above SLB Branch Office Manager User Guide 105 8 Device Ports To configure console port settings set consoleport lt one or more parameters gt Parameters baud lt 300 115200 gt databits lt 7 8 gt stopbits lt 1 2
61. g server location or other classification of your equipment This is helpful if the email message goes to the system administrator s or service technician s mobile or wireless device e g text messaging by means of email Note The character sequence d anywhere in the email subject is replaced with the device port number automatically NFS File Logging NFS File Logging Select the checkbox to log all data sent to the device port to one or more files on an external NFS server Disabled by default Directory to Log to The path of the directory where the log files will be stored Note This directory must be a directory exported from an NFS server mounted on the SLB branch office manager Specify the local directory path for the NFS mount Max Number of Files The maximum number of files to create to contain log data to the port These files keep a history of the data received from the port Once this limit is exceeded the oldest file is overwritten The default is 10 Max Size of Files The maximum allowable file size in bytes The default is 2048 bytes Once the maximum size of a file is reached the SLB device begins generating a new file SLB Branch Office Manager User Guide 102 8 Device Ports PC Card Logging PC Card Logging Select to enable PC Card logging A PC Card Compact Flash must be loaded into one of the PC Card slots on the front of the SLB branch office manager and pr
62. gt dialoutnumber lt Phone Number gt dialoutlogin lt User Login gt SLB Branch Office Manager User Guide 94 8 Device Ports dialoutpassword lt Password gt dialbacknumber lt usernumber Phone Number gt dodauth lt pap chap gt dodchaphost lt CHAP Host or User Name gt dodchapsecret lt CHAP Secret or User Password gt flowcontrol lt none xon xoff rts cts gt idletimeout lt disable 1 9999 seconds gt ipaddr lt IP Address gt initscript lt Initialization Script gt A script that initializes a modem localipaddr lt negotiate IP Address gt logins lt enable disable gt modemmode lt text ppp gt modemstate lt disable dialout dialin dialback dialondemand dialint dialondemand dialinhostlist gt modemtimeout lt disable 1 9999 seconds gt name lt Device Port Name gt nat lt enable disable gt parity lt none odd even gt remoteipaddr lt negotiate IP Address gt restartdelay lt PPP Restart Delay gt showlines lt enable disable gt sshauth lt enable disable gt sshin lt enable disable gt sshport lt TCP Port gt stopbits lt 1 2 gt tcpauth lt enable disable gt tcpin lt enable disable gt tcpport lt TCP Port gt telnetauth lt enable disable gt telnetin lt enable disable gt telnetport lt TCP Port gt timeoutlogins lt disable or 1 30 gt webcolumns lt Web SSH Telnet Cols gt webrows lt Web SSH Telnet Rows gt SLB
63. in the command line interface Domain Time Zone If desired specify a domain name for example support lantronix com The domain name is used for host name resolution within the SLB branch office manager For example if abcd is specified for the SMTP server and mydomain com is specified for the domain if abcd cannot be resolved the SLB device attempts to resolve abcd mydomain com for the SMTP server If the time zone displayed is incorrect enter the correct time zone and press Enter If the entry is not a valid time zone the system guides you through selecting a time zone A list of valid regions and countries displays At the prompts enter the correct region and country Date Time If the date and time displayed are correct type n and continue If the date and time are incorrect type y and enter the correct date and time in the formats shown at the prompts Sysadmin password Enter a new sysadmin password After you complete the Quick Setup script the changes take effect immediately SLB Branch Office Manager User Guide 38 4 Quick Setup Figure 4 3 Completed Quick Setup Quick Setup will now step you through configuring a few basic settings The current settings are shown in brackets You can accept the current setting for each question by pressing lt return gt Ethernet Port and Default Gateway The SLBO884 has two ethernet ports Ethi and Eth2 By default both ports ar
64. local or remote user set localusers add edit lt User Login gt menu lt Menu Name gt To create a new custom user menu or add a command to an existing custom user menu set menu add lt Menu Name gt command lt Command Number gt To change a command or nickname within an existing custom user menu set menu edit lt Menu Name gt command lt Command Number gt set menu edit lt Menu Name gt nickname lt Command Number gt To set the optional title for a menu set menu edit lt Menu Name gt title lt Menu Title gt To enable or disable the display of command nicknames instead of commands set menu edit lt Menu Name gt shownicknames lt enable disable gt To enable or disable the redisplay of the menu before each prompt set menu edit lt Menu Name gt redisplaymenu lt enable disable gt To delete a custom user menu or one command within a custom user menu set menu delete lt Menu Name gt command lt Command Number gt To view a list of all menu names or all commands for a specific menu show menu lt all Menu Name gt SLB Branch Office Manager User Guide 175 Example 11 User Authentication The system administrator creates two custom user menus with menu1 having a nested menu menu2 SLB gt set menu add menul Enter optional menu title Specify nickname for each Enter each command up to Custom User Menu settings SLB gt set menu add menu2 Enter optional me
65. manager SLP Password for logging into the SLP power manager Password Retype Password SLP Status Info Outlet Status Note If there is an SLP power manager and an SLP Expansion chassis the SLP power manager is Tower A and the Expansion chassis is Tower B For Tower A or Tower B select All Outlets or Single Outlet to view the status of all outlets or a single outlet of the SLP power manager If you select Single Outlet enter a value of 1 8 for the SLP8 power manager or 1 16 for the SLP16 power manager Click the Outlet Status link to see the status of the selected outlet s Environmental Click the link to view the environmental status e g Status temperature and humidity of the SLP power manager SLB Branch Office Manager User Guide 92 8 Device Ports Infeed Status Click the link to view the status of the data the SLP power manager is receiving System Info SLP Commands Click the link to see system information pertaining to the SLP device Restart SLP Control Outlet To restart the SLP power manager select the checkbox For Tower A or Tower B select All Outlets or Single Outlet and the number of the outlet to be controlled 1 8 for the SLP8 power manager or 1 16 for the SLP16 power manager and select the command for the outlet No Action Power On Power Off Cycle Power No Action is the default 2 Click the Apply button Device Port Sensorsoft Device
66. may change if the connection times out and is restarted show connections email lt Email Address gt You can optionally email the displayed information To display details for a single connection You can optionally email the displayed information show connections connid lt Connection ID gt email lt Email Address gt To display global connections connect global show SLB Branch Office Manager User Guide 133 11 User Authentication Users who attempt to log in to the SLB branch office manager by means of Telnet SSH the console port or one of the device ports are granted access by one or more authentication methods The User Authentication page provides a submenu of methods Local Users NIS LDAP RADIUS Kerberos and TACACS for authenticating users attempting to log in Use this page to assign the order in which the SLB device will use the methods By default local user authentication is enabled and is the first method the SLB branch office manager uses to authenticate users If desired you can disable local user authentication or assign it a lower precedence Note Regardless of whether local user authentication is enabled the local user sysadmin account is always available for login Authentication can occur using all methods in the order of precedence until a successful authentication is obtained or using only the first authentication method that responds in the event that a server is down
67. minus sign before the two letter abbreviation for a user right To set a default custom menu for NIS users set nis custommenu lt Menu Name gt To view NIS settings show nis LDAP The system administrator can configure the SLB branch office manager to use LDAP to authenticate users attempting to log in using the Web Telnet SSH or the console port SLB Branch Office Manager User Guide 149 11 User Authentication LDAP allows SLB users to authenticate using a wide variety of LDAP servers such as OpenLDAP and Microsoft Active Directory The LDAP implementation supports LDAP servers that do not allow anonymous queries Users who are authenticated through LDAP are granted device port access through the port permissions on this page All LDAP users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLB branch office manager to use LDAP to authenticate users 1 Click the User Authentication tab and select LDAP The following page displays Enable LDAP Server Port Base Bind Name Bind Password Retype Password Active Directory Support Encrypt Messages Group Full Administrative Networking Services SecureLinx Network Date Time LANTRONIX SLB884 User sysadmin Mzaa 389 de thematrix de lantron example do domain dc com on administrator cn Us
68. one of the following endpoints Another device port attached to an external device Another device port with a modem attached An outgoing Telnet or SSH session An outgoing TCP or UDP network connection This enables the user to set up connections such as those described in the next section You can establish a connection at various times Immediately These connections are always re established after reboot Ata specified date and time These connections connect if the date and time have already passed After a specified amount of data or a specified sequence of data passes through the connection Following reboot the connection is not reestablished until the specified data passes through the connection SLB Branch Office Manager User Guide 125 10 Connections Typical Setup Scenarios for the SLB Device Following are typical configurations in which SLB connections can be used with references to settings on the Connections and Device Ports web pages Terminal Server In this setup the SLB branch office manager acts as a multiplexer of serial data to a single server computer Terminal devices are connected to the serial ports of the SLB device and configured as a Device Port to Telnet out type connection on the Connections page The users of the terminals can access the server as if they were connected directly to it by local serial ports or a console VT100 Terminals Server SLB Branch Office Manager T p
69. or O WebSsH Device Port only SSH Telnet Logging SNMP NFS CIFS SecureLinx Network Date amp Time SecureLinx Network Help Device Ports on a SecureLinx Manager on the local subnet If Telnet or SSH is enabled for the host to the CLI or for a Device Port a Telnet or SSH session can be opened by selecting the Yes link If Web Telnet or Web SSH for the hostis disabled the Yes links will be disabled Telnet to the CLI Enabled Yes SSH to the CLI Enabled Yes gt name ka rey ae a Ena css 1 Port 1 Yes 2001 Yes gt 3001 NIA 2 Port 2 No 2002 No 3002 NIA 3 Port 3 No 2003 No 3003 NIA 4 Paort 4 No 2004 No 3004 NIA 5 Ports No 2005 No 3005 NIA 6 Port 6 No 2006 No 3006 NIA 7 Port 7 No 2007 No 3007 NIA 8 Port 8 No 2008 No 3008 NIA Above the table the Telnet to the CLI Enabled and SSH to the CLI Enabled fields indicate whether the unit has been set for Telnet or SSH access to the CLI The table page lists all of the unit s device ports if applicable indicates whether they are Telnet enabled or SSH enabled and lists their Telnet and SSH port numbers Note For the links to work you must enable Web Telnet or Web SSH for the secure IT management unit b To open a Telnet session to the CLI click Yes in the Telnet to the CLI Enabled field above the table Edit Terminal Help alkal G8 A a Welcome to the ommands type help SLB Branch Office Manager User G
70. packet out one of the Ethernet ports mainly as a network connectivity test Enter the following Protocol Select the type of packet to send Hostname Specify a host name or IPaddress of the host to send the packet to Port Specify a TCP or UDP port number of the host to send the packet to String Enter a set of up to 64 characters The string is encapsulated in the packet so you could use a network sniffer to track the packet and by looking at its contents verify that it was sent Count The count is the number of times the string is sent For UDP the number of times the string is sent is equal to the number of packets sent For TCP the number of times the string is sent may or may not be equal to the number of packets sent because TCP controls how data is packetized and sent out 3 Click the Run Diagnostics button The Diagnostics report page displays SLB Branch Office Manager User Guide 196 12 Maintenance and Operation SLB884 m1357 p p ps p E LANTRONIX 2246s MENE User sysadmin Select port for configuration or O webSSH Device Port only fnetore servces UserAuenicaton en cc eu a7 8 Firmware amp Configurations SystemLogs AuditLog Diagnostics Status Reports Events Diagnostics Help Diagnostic Output Arp Table Email Output Comment Netstat All Note A valid case number SLB Internals to is required to submit an e mail to Tech Support O to Lantronix Tech
71. port 2 Connect the other end of the Cat 5 cable to a Lantronix serial console adapter Note To connect a device port to a Lantronix SLP management appliance use the rolled serial cable provided with the SLB branch office manager a 200 2225 adapter and Cat 5 cabling or the ADP010104 adapter that eliminates the need for an additional Cat5 patch cable between the adapter and the connected equipment See D Adapters and Pinouts for more information about Lantronix adapters 3 Connect the adapter to the serial console of the serial device Figure 3 1 CAT 5 Cable Connection TT TE g j Lantronix Cat 5 Qy Serial Console CABLE Adapter Connecting to a Network Port The SLB device s network ports 10Base T 100Base TX allow remote access to the attached devices and the system administrative functions Use a standard RJ45 terminated Category 5 cable to connect to the network port Note One possible use for the two Ethernet ports is to have one port on a private secure network and the other on an unsecured network Connecting a Terminal The console port is for local access to the SLB branch office manager and the attached devices You may attach a dumb terminal or a computer with terminal emulation to the console port The SLB console port uses RS 232C protocol and supports VT 100 emulation The default baud rate is 9600 To connect the console port to a terminal or computer with terminal emulation Lantronix offers op
72. rack mountable appliance Features Console Management 8serial ports for console connectivity Enables system administrators to remotely manage Linux Unix and Windows 2003 servers routers switches telecom and building access equipment Provides data logging monitoring and secure access control via the Internet Power Management Outlets for Power Connectivity 4 outlets for power connectivity Provides ability to control power individually to all attached equipment Provides on off reboot control Ensures safe power distribution and reduces in rush current overload Ethernet Switch 8 ports for network connectivity Provides additional flexibility and scalability Offers convenience Reduces rack space Integration with Other Secure IT Management Products Can be combined with the Lantronix Spider Distributed KVM to provide a complete all in one distributed IT management solution Can integrate seamlessly with the Lantronix SLM management appliance and brings the Branch to the Enterprise for a complete end to end OOBI enterprise management solution SLB Branch Office Manager User Guide 12 2 Overview Internet e d _ A wA Closet lt BRANCH OFFICE Branch Office z Manager SLB System Administrator Server VPN Router PBX Teleco HEADQUARTERS Switch Console Management Power Management Ethernet Connection KVM over IP
73. remote users To enable local and or remote users 1 Enter the following Enable Local Select to enable all local users except sysadmin The Users sysadmin is always available regardless of how you set the check box Enabled by default Authenticate only Select the check box to authenticate users listed in the users who are in Remote Users list in the lower part of the page Disabled by the remote users default list 2 Click the Apply button To set password requirements for local users SLB Branch Office Manager User Guide 137 Local User Passwords 11 User Authentication Complex Passwords Select to enable the SLB branch office manager to enforce rules concerning the password structure e g alphanumeric requirements number of characters punctuation marks Disabled by default Complexity rules Passwords must be at least eight characters long They must contain one upper case letter A Z one lower case letter a z one digit 0 9 and one punctuation character amp f j lt gt _ Allow Reuse Select to enable users to continue to reuse old passwords If you disable the check box they cannot use any of the Reuse History number of passwords Enabled by default Reuse History The number of passwords the user must use before reusing an old password The default is 4 For example if you set reuse history to 4 the user may reuse
74. reside on an external NFS server Specify the local directory for the NFS mount gt Local Logging C Clear Local Log view Local Log gt EmailTraps C NFS File Logging Email Directory to Log to Send SNMP Trap ee Entry Fields and Both Max Number of Files 10 Optons Byte Count Max Size ofFiles 2048 bytes Trigger on O Text String Recognition Byte Threshold 100 PC Card Logging C Log to Upper Slot Lower Slot Email Delay 60 seconds 5 Max Number of Files 10 Restart Delay 60 seconds Max Size of Files 2048 bytes Text String DO Email To Syslog Logging Note The logging level for the Device Ports log must be set to Info to view Syslog entries for Device Port logging Apply O Apply settings to Device Ports Note In addition to applying settings to the currently selected Device Port the settings can also be applied to other Device Ports Email Subject Port d Logging Apply Button The web page has the following components Tabs Groups of settings to configure Options Below each tab are options for specific types of settings Note Only those options for which the currently logged in user has rights display Port Switch and Power Outlet Bar The E1 and E2 buttons display the Network Settings page The left most number buttons allow you to select a port and display its settings Only ports to whi
75. server to which the SLB branch office manager talks The default is 389 SLB Branch Office Manager User Guide 150 11 User Authentication Base The name of the LDAP search base e g dc company dc com May have up to 80 characters Bind Name The name for a non anonymous bind to an LDAP server This item has the same format as LDAP Base One example is cn administrator cn Users dc domain dc com Bind Password and Retype Password Password for a non anonymous bind This entry is optional Acceptable characters are a z A Z and 0 9 The maximum length is 127 characters Active Directory Support Select to enable Active Directory is a directory service from Microsoft that is a part of Windows 2000 and later versions of Windows It is LDAP and Kerberos compliant Disabled by default Encrypt Messages Select to encrypt messages between the SLB branch office manager and the LDAP server Disabled by default Custom Menu If custom menus have been created see Custom User Menus on page 774 you can assign a default custom menu to LDAP users Escape Sequence A single character or a two character sequence that causes the SLB branch office manager to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x characte
76. services lt one or more services parameters gt Parameters alarmdelay lt 1 6000 Seconds gt auditlog lt enable disable gt auditsize lt Size in Kbytes gt Limit is 1 500 Kbytes authlog lt off error warning info debug gt clicommands lt enable disable gt contact lt Admin contact info gt devlog lt off error warning info debug gt diaglog lt off error warning info debug gt genlog lt off error warning info debug gt includesyslog lt enable disable gt location lt Physical Location gt netlog lt off error warning info debug gt nms lt IP Address or Name gt phonehome lt enable disable gt phoneip lt IP Address gt portssh lt TCP Port gt rocommunity lt Read Only Community Name gt rwcommunity lt Read Write Community Name gt 14 Command Reference Sets a password for an SNMP manager to access the read only data the SLB SNMP agent provides and to modify data where permitted servlog lt off error warning info debug gt smtpserver lt IP Address or Hostname gt snmp lt enable disable gt ssh lt enable disable gt syslogserverl lt IP Address or Name gt syslogserver2 lt IP Address or Name gt telnet lt enable disable gt timeoutssh lt disable or 1 30 gt timeouttelnet lt disable or 1 30 gt traps lt enable disable gt SLB Branch Office Manager User Guide 257 14 Command Reference trapcommunity lt Trap Community gt vissh lt enable
77. share Enter the CIFS user password in both password fields The default user password is CIFSPASS More than one user can access the share with the cifsuser user name and password at the same time Workgroup The Windows workgroup to which the SLB branch office manager belongs Every PC exporting a CIFS share must belong to a workgroup Can have up to 15 characters 4 To save click the Apply button NFS and SMB CIFS Commands The following CLI commands correspond to the web page entries described above To mount a remote NFS share set nfs mount lt one or more parameters gt Parameters locdir lt Directory gt mount lt enable disable gt remdir lt Remote NFS Directory gt rw lt enable disable gt Enables read write access to remote directory Note The remdir and locdir parameters are required but if you specified them previously you do not need to provide them again To unmount a remote NFS share set nfs unmount lt 1 2 3 gt To view NFS share settings show nfs SLB Branch Office Manager User Guide 71 7 Services To configure the SMB CIFS share which contains the system and device port logs set cifs lt one or more parameters gt Parameters ethl lt enable disable gt eth2 lt enable disable gt state lt enable disable gt workgroup lt Windows workgroup gt Note The admin config command saves SLB configurations on the SMB CIFS share To change
78. should be on off or returned to the state it was in before the reboot Default is Off Last State Select whether to return the outlet to the state it was in before the reboot Reboot To power cycle the outlet select the checkbox Default is unchecked Note You can reboot the SLB branch office manager on the Maintenance page but after the reboot the power outlet has the same power state as it did before the reboot 4 To save click Apply Power Outlet Commands The following CLI commands correspond to the web page entries described above To configure and control power outlets set power switchingdelay lt Delay in msec gt set power alarmthreshold lt disable Tenths of Amps gt set power outlet lt Outlet or List or Name gt lt one or more parameters gt Parameters name lt Outlet Name gt description lt Outlet Description gt state lt on off gt wakeup lt on off laststate gt reboot Example set power outlet 1 2 4 state on To view power outlet settings show power outlet lt Outlet or Name gt Note The screen displays PND when the outlet is powering up and is waiting for the delay period to expire It displays RBT when an outlet has been told to reboot and is waiting for the reboot interval to expire default is 20 seconds The switching delay and the reboot interval are completely independent of each other Host Lists A host list is a prioritized list of SSH Telnet and TCP h
79. specific number of bytes of data for a device port show locallog lt Device Port or Name gt bytes lt Bytes To Display gt 1 Kbyte is the default To clear the local log for a device port set locallog clear lt Device Port or Name gt Note The locallog commands can only be executed for a device port if local logging is enabled for the port The set locallog clear command can only be executed if the user has permission to clear port buffers see 11 User Authentication Console Port The console port initially has the same defaults as the device ports Use the Console Port page to change the settings if desired To set console port parameters 1 Click the Devices tab and select Console Port The following page displays SLB Branch Office Manager User Guide 104 8 Device Ports LANTRONIX 15884 2215s aaa ee User sysadmin Select port for configuration or webSSH Device Port only Cy SS mcs Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists Console Port Help Baud 9600 x Data Bits 8 v Stop Bits 1 Parity none x Flow Control none J Timeout No O Yes minutes a 30 Show Lines On Connecting C 2 Change the following as desired Baud The speed with which the device port exchanges data with the attached serial device From the drop down list select the baud rate Most devices use 9600
80. the password for the SMB CIFS share login default is cifsuser set cifs password To view SMB CIFS settings show cifs Secure Lantronix Network Use the Secure Lantronix Network option to view and manage SLC console manager and Spiders on the local subnet Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data reload the web page To view and manage SLB branch office managers and Lantronix Spiders on the local network 1 Click the Services tab and select the Secure Lantronix Network option The following page displays SLB Branch Office Manager User Guide 72 cE Lii LANTRONIX SLB884 User sysadmin SecureLinx Managers and Spiders on the local subnet Each host can be managed by selecting its IP address Telnet SSH to Firmware Version IP Address Web Interface HW Address 22468 eae 172 18 18 75 gt 172 18 12 200 gt 172 18 11 210 gt 172 18 18 55 gt 172 18 21 61 gt 172 18 18 56 gt 172 18 0 107 gt 172 18 26 100 gt 172 18 21 63 gt 172 18 23 110 gt 172 18 19 50 gt 172 18 21 64 gt 172 18 18 45 gt 172 18 37 4 gt 172 18 21 77 gt 172 18 21 75 gt 172 18 18 44 gt 172 18 11 18 gt S s Is s S G viviviviviviviviviviv S S IS FE S lS lS 00 80 a3 80 00 c0 00 80 a3 89 0b 6d 00 80 a3 89 01 a7 00 80 a3 89 00 fb 00 30 31 ff ff 4
81. the routes manually The system Routing administrator usually provides the routes Disabled by default To add a static route enter the IP Address Subnet Mask and Gateway for the route and click the Add Edit Route button The route displays in the Static Routes table You can add up to 64 static routes To edit a static route select the radio button to the right of the route change the IP Address Subnet Mask and Gateway fields as desired and click the Add Edit Route button To delete a static route select the radio button to the right of the route and click the Delete Route button 3 Click the Apply button SLB Branch Office Manager User Guide 58 6 Basic Parameters Note To display the routing table click the IP Routes Report link The Status Reports page displays To view the report select the IP Routes checkbox and click Generate Report Equivalent Routing Commands The following CLI commands correspond to the web page entries described above To configure static or dynamic routing set routing parameters Parameters rip lt enable disable gt route lt 1 64 gt ipaddr lt IP Address gt mask lt Netmask gt gateway lt IP Address gt static lt enable disable gt version lt 1 2 both gt Note To delete a static route set the IP address mask and gateway parameters to 0 0 0 0 To set the routing table to display IP addresses disable or the corresponding host names enable
82. to correct the interference at his own expense The user is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the user s authority to operate this equipment Changes or modifications to this device not explicitly approved by Lantronix will void the user s authority to operate this device The information in this guide may change without notice The manufacturer assumes no responsibility for any errors that may appear in this guide September 2007 A Initial Release May 2008 B New web page design with tabbed menus Added support for the following Sensorsoft devices SecurelD over Radius command and status of the SLP power manager expansion chassis escape and break sequences for remote users password aging iGoogle Gadget SNMP v3 encryption ability to copy boot bank host lists for outgoing modem and direct connection at the CLI new option for local users to display a custom menu at login October 2013 C Updated product name and trademark information For details on the Lantronix warranty replacement policy please go to our web site at http www lantronix com support warranty index html SLB Branch Office Manager User Guide Table of Contents Copyright amp Trademark Open Source Software Contacts Sales Offices Disclaimer amp Revisions Disclaimer amp Revisions Ow hMN ND DY Warranty 1 About This Guide Purpose
83. to reboot the SLB branch office manager to restore PC Card functionality Format Select to unmount the Compact Flash if it is mounted remove all existing partitions create one partition on the Compact Flash format it with the selected file system ext2 or FAT and mount it SLB Branch Office Manager User Guide 115 9 PC Cards Filesystem Select ext2 or FAT the file systems the SLB device supports 5 Click the Apply button To enter modem seitings for a PC Card 1 Insert any of the supported modem or ISDN cards see www lantronix com slb into either of the PC Card bays on the front of the SLB branch office manager You can do this before or after powering up the SLB device 2 Click the Devices tab and select the PC Card option The PC Card page displays Select the PC Card you want to configure from the PC Card Slots table and click the Configure button The PC Card Modem ISDN page displays SLB Branch Office Manager User Guide 116 9 PC Cards LANTRONIX sLe884 User sysadmin HAYES CORPORATION TYP saaYES ACCURA V90 PC CARD State N A replace the default route and DNS entries Static Routes gt may be required to maintain access to subnets that are not directly attached to the SLB Data Settings Baud 9600 Data Bits Parity Stop Bits Flow Control ISDN Settings Channel Phone GSM GPRS
84. to the appropriate parties or an SNMP trap to the designated NMS see 7 Services The email or trap is triggered when a user defined number of characters in the log from your server or device is exceeded or a specific sequence of characters is received Use the Device Ports Logging page to set logging parameters on individual ports SLB Branch Office Manager User Guide 99 Sylog Logging 8 Device Ports Data can be logged to the system log If this feature is enabled the data will appear in the Device Ports log under the Info level The log level for the Device Ports log must be set to Info for the data to be saved to the system log See 7 Services To set logging parameters 1 Inthe top section of the Device Ports Settings page click the Settings link in the Logging field The following page displays LANTRONIX Device Status Device Ports Port 3 Name Port 3 Local Logging Clear Local Log C Email Traps Trigger on Email Delay fso Restart Delay lso Text String lt Back to Device Port Settings 2 Enter the following Local Logging SLB884 User sysadmin gt Console Port PC Card Power Outlets Connections Host Lists View Local Log gt Email Send SNMP Trap O Bath Byte Count O Text String Recognition Byte Threshold 100 seconds seconds P1 P2 P3 P4 Select port for configuration or O webssH Device Port
85. user Description Displays attributes of the currently logged in user Kerberos Commands set kerberos Syntax set kerberos lt one or more parameters gt Parameters accessoutlets lt Outlet List gt clearports lt Port List gt custommenu lt Menu Name gt dataports lt Port List gt breakseq lt 1 10 Chars gt scapeseq lt 1 10 Chars gt group lt default power admin gt ipaddr lt Key Distribution Center IP Address gt kde lt Key Distribution Center gt listenports lt Port List gt permissions lt Permission List gt Note See User Permissions Commands on page 228 for information on groups and user rights port lt Key Distribution Center TCP Port gt realm lt Kerberos Realm gt state lt enable disable gt useldapforlookup lt enable disable gt SLB Branch Office Manager User Guide 221 14 Command Reference Description Configures the SLB branch office manager to use Kerberos to authenticate users who log in via the Web SSH Telnet or the console port show kerberos Syntax show kerberos Description Displays Kerberos settings LDAP Commands set ldap Syntax set ldap lt one or more parameters gt Parameters accessoutlets lt Outlet List gt adsupport lt enable disable gt base lt LDAP Base gt bindname lt Bind Name gt bindpassword lt Bind Password gt clearports lt Port List gt custommenu lt Menu Name gt dataports lt Port List gt breaks
86. v 10 W 35 m 47 m am Leve Error Warning Info Debug Gearlog 2 Enter the following Log Select the type s of log you want to view Level Select the alert level you want to view for the selected log Starting at Select the starting point of the range you want to view Beginning of Log Beginning of the log Date Specific start date and time of the log Ending at Select the endpoint of the range you want to view End of Log The end of the log Date Specific end date and time of the log 3 Click the View Log button The log displays For example if you select the type All and the level Error the SLB device displays a log similar to this SLB Branch Office Manager User Guide 191 6 12 Maintenance and Operation LANTRONIX SLB884 B H P2 P3 m S User sysadmin Select port for configuration or O WebSSH Device Port only f Firmware amp Configurations System Logs Audit Log Diagnostics StatusReports Events System Logs Help Log All Error Level Email Output Comment Note A valid case number is to required ta submit an e mail to Tech Support O to Lantronix Tech Support Contact Lantronix Tech Support gt to receive a case number Case Number Aug 21 15 58 38 2007 tsslb8 kernel Cannot find map file A Aug 21 15 58 38 2007 tsslb8 kernel No module symbols loaded kernel modules not enabled Aug 21 15 58 38 2007 tsslb8 kernel cannot
87. will be there when the SLB branch office manager is rebooted Ethernet Counters The Network Settings page displays statistics for each of the SLB Ethernet ports since boot up The system automatically updates them Note For Ethernet statistics for a smaller time period use the diag perfstat command SLB Branch Office Manager User Guide 51 6 Basic Parameters Network Commands The following CLI commands correspond to the web page entries described above To configure Ethernet port 1 or 2 set network port lt 1 2 gt lt parameters gt Parameters mode lt auto 10mbit half 100mbit half 10mbit full 100mbit full gt state lt dhcp bootp static disable gt ipaddr lt IP Address gt mask lt Mask gt ipv addr lt IP v6 Address Prefix gt To configure up to three DNS servers set network dns lt 1 2 3 gt ipaddr lt IP Address gt To set the default and alternate network gateways set network gateway lt parameters gt Parameters default lt IP Address gt precedence lt dhep gprs default gt alternate lt IP Address gt pingip lt IP Address gt ethport lt 1 or 2 gt pingdelay lt 1 250 seconds gt failedpings lt 1 25 gt The alternate gateway is used if an IP address usually accessible through the default gateway fails to return one or more pings To set the SLB host name and domain name set network host lt Hostname gt domain lt Domain Name gt To set TCP Keepalive and
88. 051QHEL70ijxZU0EVTIGFqQUuQTSq Ls3 v31KUJEXS1n Z2AlQxO0F401SwNECO m3d5QE FKe sysadmin DaveSLMh 3 To delete the key click the Delete button To view reset or import SSH RSA1 RSA And DSA host keys 1 On the User Authentication SSH Keys page click the SSH Server Host Keys link at the top right The following page displays the current host keys In the example below the current keys are the defaults SLB Branch Office Manager User Guide 170 11 User Authentication LANTRONIX SLB884 ESSE p p ps p4 User sysadmin Authentication Methods LocalRemote Users NIS LDAP RADIUS Kerberos TACACS SSH Keys Select port for configuration or O webssH Device Port only Fingerprint 1024 71 3b e3 69 5d 5 83 36 12 06 a7 78 58 5 64 37 ssh_host_key pub Current Host RSA Public Key Default Key Issh rsa AAAABSNzaClyc2EAAAABIWAAAIEAz 7 6e1F CKhOSJHCHMo4zrF7r l4mfUIT4BeyIPv6XxXPx FQO906sVaYY snmUNLOES1xKUG60CPEwuLIKf hiExiyxF ltxyZhng AmZVdiwxeuGhKDS lpxqg9adq9 IfD6p3 QEcTnhC5x320Guabdbdalymzp9jqpisYbboY fyWj9s root SLCXXYy Fingerprint 1024 19 44 90 37 be 04 c1 11 2 16 47 bb 83 04 6b 84 ssh_host_rsa_key pub Current Host DSA Public Key Default Key Issh dss AAAAB3NzaC1kc3 MAAACBAPAQadse UODW4 4cCpESQs 1EC47 cjKCUSpNx 7VUCHPCNJ sse28s ObXSBfx1 OnN ZLOSHKOS 6d ce4uC Svpaln WniwZ4Eo4aoEBoEYJISiYXBeU BM OZ YwYSbK6HBvsez CA561y5245RSF3 ullV1NzSmBgoLD 6QMGNAMVNgt ndaAAFODIXI OULF3 wht YGnEBISeF
89. 1 8 U L Server 2 Secret Break Sequence x1bB Clear Port Buffers 1 8 U L Timeout 30 E seconds Access Outlets 1 4 g i User Rights All RADIUS users are members of a group which has predefined user rights associated with it Additional rights which are not defined by the group can be added Default Users Group Power Users O Administrators Full Administrative Local Users Reboot amp Shutdown C Networking C Remote Authentication C Firmware amp Configuration C Services SSH Keys Diagnostics amp Reports SecureLinx Network User Menus Device Parts Date Time Web Access PC Card O Power Outlets 7 Enter the following SLB Branch Office Manager User Guide 154 11 User Authentication Enable RADIUS Displays selected if you enabled this method on the User Authentication page If you want to set up this authentication method but not enable it immediately clear the checkbox Note You can enable RADIUS here or on the first User Authentication page If you enable RADIUS here it automatically displays at the end of the order of precedence on the User Authentication page RADIUS Server 1 IP address or hostname of the primary RADIUS server This RADIUS server may be a proxy for SecurlD SecurlD is a two factor authentication method based on the user s SecurlD token and pin number The SecurID t
90. 10A max per outlet 15A total Serial Interface Console Power Input Power Outlets Ethernet Switch 8 Ethernet switch ports unmanaged with auto MDI MDIX Network Interface 10Base T 100Base TX RJ45 Ethernet Power Supply 1 Universal AC power input 100 240 VAC 50 or 60 Hz IEC type regional cord set included Power Consumption Less than 20 watts Dimensions 1U 1 75 in x 17 25 in x 12 in Weight 10 Ib Temperature Operating 0 to 50 C 32 to 122 F Storage 20 to 70 C 4 to 158 F SLB Branch Office Manager User Guide 23 3 Installation Relative Humidity Operating 10 to 90 non condensing Storage 10 to 90 non condensing Heat Flow Rate 68 BTU per hour Current measurement 12 accuracy The max input output current is de rated to 12A when using the supplied NEMA 5 15P 15A cable p n SLPP012310 01 The max input output current is de rated to 16A when using the optional NEMA 5 20P 20A cable p n SLPP012410 01 SLPP012510 01 SLPP012610 01 Physical Installation To install the SLB branch office manager in a rack 1 Place the SLB device in a 19 inch rack Warning Be careful not to block the air vents on the sides of the SLB branch office manager If you mount the SLB in an enclosed rack we recommended that the rack have a ventilation fan to provide adequate airflow through the SLB Connect the serial device s to the SLB device p
91. 2 00 80 a3 89 0e f9 00 30 31 ff P54 00 80 a3 89 12 7d 00 80 a3 89 1e 29 00 80 a3 89 25 37 00 80 a3 89 2d a1 00 80 a3 89 42 3d 00 80 a3 8 1c f9 00 80 a3 8 1 94 00 80 a3 de fa ce 00 20 44 80 8 0a 00 80 a3 8 0d dd 00 80 a3 8c 0fb2 5 2 5 3 52 5 2 5 3 5 3 5 2 5 2 5 3 5 2 5 2 53 2 1 2 1 2 1 2 1 2 0 2 1 7 Services _ _ p P2 P3 P4 S Select port for configuration or O webssH Device Port only SSH Telnet Logging SNMP NFS CIFS SecureLinx Network Date amp Time SecureLinx Network Help Search Options gt Serial Number 0080A38D00C0 0080A3890B6D 008043890147 O080A38900FB 003031FFFF42 OO80A3890EF9 003031 FFFF54 00804389127D 008043891E29 008043892537 008043892DA1 00804389423D 008014007417 008014007316 OO80EF44E10D 002048447B1B 008033353439 008014004018 2 To manage a secure IT management device click its IP Address A separate browser page takes the user to the web interface for the selected Secure IT management device login required 3 For SLM management appliances if SSH or Telnet is enabled for the device to the CLI or for a device port and you want to access the device or device port a Click the View link in the Telnet SSH to Device Ports or CLI column The following page displays SLB Branch Office Manager User Guide 73 7 Services X SLB884 EEA P1 P2 P3 P4 22468 BESS Logout User sysadmin Select port tor configuration
92. 22468 SS Logout User sysadmin Select port for configuration or O webssH Device Port only SSHTelnetLogging SNMP NFS CIFS SecureLinx Network Date amp Time SSHTelnetiLogging Help System Logging SH Network Level Enable Logins V Web SSH v E Services Info Timeout No Oves 0 minutes Authentication Info v SSH Port 22 Device Ports Info v SSH 1 Logins V Diagnostics Info v 1 Telnet General Info v E meek Enable Logins Web Telnet C Remote Server 1 172 18 100 29 Timeout No Yes 0 minutes 2 SMTP Audit Log Server Enable Log Size 50 Kbytes Phone Home ER Enable Include CLI Commands v Include in System Log V trades as Last Attempt N A Results N A Apply Enter the following settings System Logging In the System Logging section select one of the following alert levels from the drop down list for each message category Off Disables this type of logging Info Saves informative message in addition to warning and error messages Warning Saves message output from a condition that may be cause for concern in addition to error messages This is the default for all message types Error Saves messages that are output because of an error Debug Saves extraneous detail that may be helpful in tracking down a problem in addition to information wa
93. 46 14 Command Reference set hostlist delete Syntax set hostlist delete lt Host List gt entry lt Host Number gt Description Deletes a host list or a single host entry from a host list show hostlist Syntax show hostlist lt all names Host List Name gt Description Displays the members of a host list IP Filter Commands set ipfilter state Syntax set ipfilter state Description Enables or disables IP filtering for incoming network traffic set ipfilter mapping Syntax set ipfilter mapping lt parameters gt Parameters ethernet lt 1 2 gt state lt disable gt ethernet lt 1 2 gt state lt enable gt ruleset lt Ruleset Name gt deviceport lt 1 48 gt state lt disable gt deviceport lt 1 48 gt state lt enable gt ruleset lt Ruleset Name gt pccardslot lt upper lower gt state lt disable gt pcecardslot lt upper lower gt state lt enable gt ruleset lt Ruleset Name gt Description Maps an IP filter to an interface set ip filter rules Syntax set ipfilter rules lt parameters gt Parameters add lt Ruleset Name gt delete lt Ruleset Name gt SLB Branch Office Manager User Guide 247 edit lt Ruleset Name gt lt Edit Parameters gt Edit Parameters append insert lt Rule Number gt replace lt Rule Number gt delete lt Rule Number gt Description Sets IP filter rules Logging Commands set deviceport port Syntax 14 Command
94. 74 Example 176 12 Maintenance and Operation 179 SLB Maintenance 179 Firmware amp Configurations Web Sessions 184 Firmware amp Configurations SSL Certificate 184 iGoogle Gadgets 186 Administrative Commands 187 System Logs 190 System Log Command 193 Audit Log 193 Diagnostics 194 Diagnostic Commands 198 Status Reports 199 Status Commands 202 Events 202 Events Commands 204 SLB Branch Office Manager User Guide 7 13 Application Examples 206 Telnet SSH to a Remote Device 207 Dial in Text Mode to a Remote Device 208 Local Serial Connection to Network Device via Telnet 210 14 Command Reference 212 Introduction to Commands 212 Command Syntax 212 Command Line Help 213 Tips 213 Administrative Commands 214 Audit Log Commands 220 Authentication Commands 220 Kerberos Commands 221 LDAP Commands 222 Local Users Commands 223 NIS Commands 226 RADIUS Commands 227 TACACS Commands 228 User Permissions Commands 228 CLI Commands 231 Connection Commands 232 Console Port Commands 235 Custom User Menu Commands 236 Date and Time Commands 237 Device Commands 238 Device Port Commands 239 Diagnostic Commands 242 End Device Commands 244 Events Commands 245 Host List Commands 246 IP Filter Commands 247 Logging Commands 248 Network Commands 249 NFS and SMB CIFS Commands 251 PC Card Storage Commands 253 PC
95. AKAAA AB On the iGoogle web page click the Add stuff link On the new page click the Add feed or gadget link In the field that displays type the URL of the gadget location a Fe Nn Return to the gadget viewing page and complete the SLB gadget configuration fields You should see an iGoogle gadget similar to the following SLB Branch Office Manager User Guide 186 12 Maintenance and Operation l 7 Advanced Search l oog e __ Search Preferences Google Search I m Feeling Lucky Language Tools Home Lantronix Add a tab Boer artist themes Select theme Add Lantronix SLB Device Port Status HostModel 10 0 0 203 SLB1684 Bytes z No Name DSR Input Output Errors Connection Status Port 1 No 0 0 Port 2 No 00 Port 3 Yes 0 0 Port 4 Yes 0 0 Port 5 No 0 0 Port 6 No o0 Port No O0 Port 8 No 0 0 Idle Idle Idle Idle Idle Idle Idle Idle w oN oon e wn efofofofofofojto Administrative Commands These commands for the command line interface correspond to the web page entries described above To copy the boot bank from the currently booted bank to the alternate bank for dual boot SLB branch office managers admin firmware copybank To reboot the SLB device admin reboot Note The front panel LCD displays the Rebooting the SLB message and the normal boot sequence occurs To add welcome login and logout banners
96. ANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE See the GPL and BSD for details A copy of the licenses is available from Lantronix The GNU General Public License is available at http www gnu org licenses Lantronix Inc Corporate Headquarters 167 Technology Drive Irvine CA 92618 USA Toll Free 800 526 8766 Phone 949 453 3990 Fax 949 453 3995 Technical Support Online www lantronix com support Sales Offices SLB Branch Office Manager User Guide For a current list of our domestic and international sales offices go to the Lantronix web site at www lantronix com about contact Disclaimer amp Revisions Warranty Operation of this equipment in a residential area is likely to cause interference in which case the user at his or her own expense will be required to take whatever measures may be required to correct the interference Note This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with this User Guide may clause interference to radio communications Operation of this equipment in a residential area is likely to cause interference in which case the user will be required
97. B branch office manager sends the traps to the host identified in the NMS field SLB Branch Office Manager User Guide 64 7 Services NMS When SNMP is enabled an NMS Network Management System acts as a central server requesting and receiving SNMP type information from any computer using SNMP The NMS can request information from the SLB branch office manager and receive traps from the SLB device Enter the IP address of the NMS server Required if you selected Enable Traps Location Physical location of the SLB branch office manager optional Useful for managing the SLB device using SNMP Up to 20 characters Contact Description of the person responsible for maintaining the SLB branch office manager for example a name optional Up to 20 characters Alarm Delay Communities Number of seconds delay between outgoing SNMP traps Trap Read Only Read Write The trap used for outgoing generic and enterprise traps Traps sent with the Event trigger mechanism still use the trap community specified with the Event action The default is public A string that acts like a password for an SNMP manager to access the read only data the SLB SNMP agent provides The default is public A string that acts like a password for an SNMP manager to access the read only data the SLB SNMP agent provides and to modify data where permitted The default is private Version 3 Security
98. Branch Office Manager User Guide 95 8 Device Ports To view the settings for one or more device ports show deviceport port lt Device Port List or Name gt To view a list of all device port names show deviceport names To view the modes and states of one or more device port s You can optionally email the displayed information show portstatus deviceport lt Device Port List or Name gt email lt Email Address gt To view device port statistics and errors for one or more ports You can optionally email the displayed information show portcounters deviceport lt Device Port List or Name gt email lt Email Address gt To zero the port counters for one or more device ports show portcounters zerocounters lt Device Port List or Name gt Device Commands The following CLI commands correspond to the web page entries described above To send commands to or control a device connected to an SLB device port over the serial port Note Currently the only devices supported for this type of interaction are the SLP and Sensorsoft devices set command lt Device Port or Name or List gt lt one or more parameters gt Parameters slp auth login lt User Login gt Establishes the authentication information to log into the SLP power manager attached to the device port slp restart Issues the CLI command the SLP power manager uses to restart itself slp outletcontrol state lt on off cycl
99. Card Modem Commands 254 Power Commands 255 Routing Commands 256 Services Commands 257 SLB Network Commands 258 SSH Key Commands 259 Status Commands 261 System Log Commands 262 A Bootloader 264 SLB Branch Office Manager User Guide 8 Accessing the Bootloader 264 Bootload Commands 264 User Commands 264 Administrator Commands 265 B Security Considerations 266 Security Practice 266 Factors Affecting Security 266 C Safety Information 267 Safety Precautions 267 D Adapters and Pinouts 269 E Protocol Glossary 275 F Compliance Information 278 List of Figures Figure 2 1 SEB 8 Fro ntticesscces sss casks feege aana ikae aaa aAa acctvsl nesses larctend aaa Seeks 16 Figure 2 2 SLB 8 Back 8 Device Ports 4 Power Outlets 8 Switch Ports TAG Power SUPPLY scieti sags ces candied asctensdecnauey jabs syd Raai aa iaa aR aaa Geeae eee 16 Figure 2 3 Device Port Connections ceeceeeeceeeeeeeeeeeneeceeeeeceaeeeeaaeeeeaeeseaeeesaeeetaaeeeeneeenaees 20 Figure 2 4 Console Port Connection ccccecceeceeeceeeeeeeeeeeceeeeecaeeeeaaeeeeneeseeeeseaeeesaeeeeneeseaees 20 Figure 2 5 Network Connection cccccceececeeeeeeeeeeeeeaeeeeaeeseeeecaeeesaaeeseaeeseaeeeseaeeesaaeeeeneeseaees 21 Figure 2 6 PC Card Interface ccccccccceeseeceeeeeceeeeeeeaeeeeaeeceeeeseaeeesaaeeeeaeeseaeeesaeeessaeseeneeseaees 21 Figure 3 1 CAT 5 Cable Connection cccceccceceeeceeeeeeeeseeceeeeecaeeeseae
100. D gt action lt fwdalltrapsmodem fwdseltrapmodem gt deviceport lt Device Port or Name gt nms lt SNMP NMS gt community lt SNMP Community gt oid lt SNMP Trap OID gt action lt fwdalltrapsmodem fwdseltrapmodem gt pccardslot lt upper lower gt nms lt SNMP NMS gt community lt SNMP Community gt oid lt SNMP Trap OID gt action lt emailalert gt emailaddress lt destination email address gt SLB Branch Office Manager User Guide 204 12 Maintenance and Operation To update event definitions admin events edit lt Event ID gt lt parameters gt Parameters community lt SNMP Community gt deviceport lt Device Port or Name gt ethport lt 1 2 gt nms lt SNMP NMS gt oid lt SNMP Trap OID gt pccardslot lt upper lower gt To delete an event admin events delete lt Event ID gt To view events admin events show SLB Branch Office Manager User Guide 205 13 Application Examples Each SLB branch office manager has multiple serial ports and two network ports Each serial port can be connected to the console port of an IT device Using a network port in band or a modem out of band for dial up connection an administrator can remotely access any of the connected IT devices using Telnet or SSH Figure 13 1 SLB Branch Office Manager Configuration lt Internet E A Ba Wiring Closet BRANCH OFFICE Branch Office M SLB System anager Administ
101. EA LANTRONIX sessa ees User sysadmin Select port for configuration or webSSH Device Port only Firmware amp Configurations SystemLogs AuditLog Diagnostics Status Reports Events Firmware amp Configurations SSL Certificate Help Current SSL Certificate Default IMT ICGTCCAYICAQAWDOYIKoZ IhvcNAQEEBQAWVTELMNAKGALUEBhHNCVVMxEZARBGNY IBAGTCkKNhbG 1mb3 JuaWVExDzZaNBgNVBacTBklydmluzTESMBAGALUEChMJTGFudHlJy fornl 4MOQwwCgYDVOOQDEwNTTEMwHhcNMDUwiz lyMjEwNzISWhcNMTAawNzIxMjEwhziIs lj BYMOswC OYDVOOGE wIVUZETMBEGA1 UECBMNKO2 FsaWZvcemSpYTEPMAOGAIUEBXMNG ISXJ2 a5 LMRIWEAYDVOOKEwLMNYUSOcm9uaxgxDDAKBGNVBANTAINMOzCBnzaNBgkq InkiGSwOBAQEF AAOBjQawgYkCgYEAvye y6Equotkg DqhABKDBK7IVSuZwHw4dcZ IR6FPN4Nnw6bRVOPLx or usMnF wyDqPNoGTWuNsiQlL2 Z2t3nC LHROQNJqeV1U46L6 idEotKak9v1l N2sOKte8JpuFedE9zg vp4iyq9qiil9wmac2 OMWMurcecOnPpFt Yob IjurF YkCAWEAATANBgkqhkiG9wOBAQOF AAOBGOBF 44KWer AYUmGf MuzL27rhFLIX INS v9SSaahyt2CalzyhFSise6NyxU2EBI25xSlsyi0yCANMmIEMdqiMSh aL1F2D FLuv mZ9X74HY TAYSO3 qumOKypt2E7RgG1TFAU49XIRvb64TLhvat XCX9 6mhC oZV 2b34 CaoLNb GglaeA 3 Note changing the SSL Certificate requires Resetto Default Cerificate a reboot for the update to take effect Import SSL Certificate Host Importvia SCP Path Certificate Filename Login o Key Filename Password Retype Password lt Back to Firmware amp Configurations Apply 2 If desired enter the followin
102. LANTRONIX SLB Branch Office Manager User Guide Part Number 900 510 Revision C October 2013 Copyright amp Trademark 2013 Lantronix Inc All rights reserved No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix Lantronix is a registered trademark of Lantronix Inc in the United States and other countries SLB SLC SLM SLP Detector and Spider are trademarks of Lantronix Inc Windows and Internet Explorer are registered trademarks of Microsoft Corporation Mozilla and Firefox are registered trademarks of the Mozilla Foundation Chrome is a trademark of Google Inc Opera is a trademark of Opera Software ASA Corporation Norway Safari is a registered trademark of Apple Inc All other trademarks and trade names are the property of their respective holders Open Source Software Contacts Some applications are Open Source software licensed under the Berkeley Software Distribution BSD license or the GNU General Public License GPL as published by the Free Software Foundation FSF Redistribution or incorporation of BSD or GPL licensed software into hosts other than this product must be done under their terms A machine readable copy of the corresponding portions of GPL licensed source code is available at the cost of distribution Such Open Source Software is distributed WITHOUT ANY WARRANTY INCLUDING ANY IMPLIED WARRANTY OF MERCH
103. Modem Timeout Caller ID Logging Timeout for all modem connections Select Yes default for the SLB device to terminate the connection if no traffic is received during the configured idle time Enter a value of from 1 to 9999 seconds The default is 30 seconds Select to enable the SLB branch office manager to log caller IDs on incoming calls Disabled by default Note For the Caller ID AT command refer to the modem user guide Modem Command Modem AT command used to initiate caller ID logging by the modem Note For the AT command refer to the modem user guide Modem Settings Text Mode Timeout Logins If you selected Text mode you can enable logins to time out after the connection is inactive for a specified number of minutes The default is No This setting is only applicable for text mode connections PPP mode connections stay connected until either side drops the connection Disabled by default Dial Back Number Users with dial back access can dial into the SLB branch office manager and enter their login and password Once the SLB device authenticates them the modem hangs up and dials them back Select the phone number the modem dials back on a fixed number or a number associated with their login If you select Fixed Number enter the number in the format 2123456789 Dial in Host List From the drop down list select the desired host list The host list is a prioritized list of SSH T
104. P lt none gt Authentication PAP Logins disabled CHAP Host lt none gt Break Sequence x1bB CHAP Secret lt none gt Check DSR disabled NAT disabled Close DSR disabled Dial out Login lt none gt Dial out Password lt none gt Dial out Number lt none gt Dial back Number usernumber nitialization Script lt none gt LOGGING Settings 45 3445 35 33S a Se Se eae Local Logging disabled PC Card Logging disabled Email Logging disabled Log to upper slot Byte Threshold 100 Max number of files 10 Email Delay 60 seconds Max size of files 2048 Restart Delay 60 seconds Email To lt none gt Email Subject Port d Logging Email String lt none gt NFS File Logging disabled Directory to log to lt none gt Max number of files 10 Max size of files 2048 2 Change the baud to 57600 and disable flow control SLB gt set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated SLB Branch Office Manager User Guide 207 13 Application Examples 3 Connect to the device port SLB gt connect direct deviceport 2 4 View messages from the SUN server console Mar 15 09 09 44 tssf280r sendmail 292 ID 702911 mail info starting daemon 8 12 2 Sun SMTP queueing 00 15 00 Mar 15 09 09 44 tssf280r sendmail 293 ID 702911 mail info starting daemon 8 12 2 Sun queueing 00 15 00 Mar 15 14 44 40 tssf280r sendmai
105. P Port gt SLB Branch Office Manager User Guide 234 14 Command Reference telnet lt IP Address or Name gt port lt TCP Port trigger lt now datetime chars gt If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or characters or a character sequence enter either the charcount or the charseq parameter udp lt IP Address gt port lt UDP Port gt Description Connects a device port to another device port or an outbound network connection data flows in one direction show connections Syntax show connections email lt Email Address gt Description Displays connections and their IDs You can optionally email the displayed information The connection IDs are in the left column of the resulting table The connection ID associated with a particular connection may change if the connection times out and is restarted show connections connid Syntax show connections connid lt Connection ID gt email lt Email Address gt Description Displays details for a single connection You can optionally email the displayed information Console Port Commands set consoleport Syntax set consoleport lt one or more parameters gt Parameters baud lt 300 115200 gt databits lt 7 8 gt flowcontrol lt none xon xoff rts cts gt parity lt none odd even gt showlines lt enabl
106. P users custommenu lt Menu Name gt To view LDAP settings show ldap SLB Branch Office Manager User Guide 153 11 User Authentication RADIUS The system administrator can configure the SLB branch office manager to use RADIUS to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through RADIUS are granted device port access through the port permissions on this page All RADIUS users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLB branch office manager to use RADIUS to authenticate users 1 Click the User Authentication tab and select RADIUS The following page displays E1 SSSS LANTRONIX SLB884 eee PAPPP 22468 BEES User sysadmin Select port for configuration or wWebSSH Device Port only Fa Authentication Methods LocalRemote Users NIS LDAP RADIUS Kerberos TACACS SSH Keys RADIUS Help The SLB can be configured to use RADIUS to authenticate users who login to the SLB via SSH Telnet the Web or the Console Port RADIUS users are granted Device Port access through the port permissions below Enable RADIUS RADIUS Server 1 Serer 1 Port 1812 Server 1 Secret RADIUS Server 2 Data Ports 1 8 U L Serer 2 Port 1812 Custom Menu lt none gt Escape Sequence x1bA Listen Ports
107. P4 User sysadmin Select port for configuration or WebSSH Device Port only Authentication Methods Local Remote Users NIS LDAP RADIUS Kerberos TACACS SSH Keys TACACS Help Enable TACACS The SLB can be configured to use TACACS to authenticate users who a login to the SLB via SSH Telnet the Web or the Console Part TACACS Server 1 TACACS users are granted Device Port r access through the port permissions below TACACS Server 2 TACACS Server 3 Secret Custom Menu lt none gt x Data Ports 1 8 U L Encrypt Messages Escape Sequence xT bA Listen Ports 1 8 U L Break Sequence x1bB Clear Port Buffers 1 8 U L Access Outlets 1 4 User Rights Default Users All TACACS users are members of a group which has predefined user rights associated with it Group Power Users Additional rights which are not O Administrators defined by the group can be added Full Administrative 7 Local Users Reboot amp Shutdown Networking C Remote Authentication C Firmware amp Configuration Services SSH Keys Diagnostics amp Reports SecureLinx Network C User Menus Device Ports DateTime Web Access Pc Card C Power Outlets SLB Branch Office Manager User Guide 163 2 Enter the following 11 User Authentication Enable TACACS Displays selected if you enabled this method on the User Authenticat
108. S1WS53 waAATAD IMnF2 6Cgk72hcTlZov9SiNDhEA 2165R TLajS80RCK903 R6ewEp7KKUxCQV7Tg4 IBSvVHgDXIQ6K7T455 LaSm2 4tKk60nj 1FhasZygtMSOyTwYSB4zo6tcxkVurkF IGEWEoz1YOBKZbGLENgShIYr77tfGapozdrR Za5ThuTESwAsaladj3hMVIBKNGE zr zeTGSuF 692 0r90ARUNKwIU 760i 7LmM9A 17pwKUGTFe2 7akd28H ESFaJWNSqnE 6x laxfhKsb ILorMCSRH490nzh gezvTrRKswiyKOMlrtOnGYz2ZF XamB3SCY zj000Sku iewZqOtuL7wg00rjCj7xeywRg rootf none Fingerprint 1024 55 a6 d4 e1 ba 8d Zf 8c 2a 06 12 4d f7 7f id ef ssh_host_dsa_key pub Reset to Default Host Key All Keys Note changing a host key requires a O RSA O RSA DSA reboot for the update to take effect Import Host Key 7 Host Type RSAT x Path Import via scP_ x Login Public Key Filename Password Private Key Filename Retype Password lt Back to SSH Keys Apply 2 View or enter the following Reset to Default Select the All Keys checkbox to reset all default Host Key key s or select one or more checkboxes to reset defaults for RSA1 RSA or DSA keys All checkboxes are unselected by default Import Host Key To import a site specific host key select the checkbox Unselected by default Type From the drop down list select the type of host key to import Import via From the drop down list select the method of importing the host key SCP or SFTP The default is SCP SLB Branch Office Manager User Guide 171 11 User Authentication
109. SSH Telnet applet when this device port is accessed via the applet Data Settings Note Check the serial device s equipment settings and documentation for the proper settings The device port and the attached serial device must have the same settings Baud The speed with which the device port exchanges data with the attached serial device From the drop down list select the baud rate Most devices use 9600 for the administration port so the device port defaults to this value Check the equipment settings and documentation for the proper baud rate Data Bits Number of data bits used to transmit a character From the drop down list select the number of data bits The default is 8 data bits Stop Bits The number of stop bit s used to indicate that a byte of data has been transmitted From the drop down list select the number of stop bits The default is 1 Parity Parity checking is a rudimentary method of detecting simple single bit errors From the drop down list select the parity The default is none Flow Control A method of preventing buffer overflow and loss of data The available methods include none xon xoff software and RTS CTS hardware The default is none Enable Logins For serial devices connected to the device port displays a login prompt and authenticates users Successfully authenticated users are logged into the command line interface Disabled is the defaul
110. Settings Dial out Mode GPRS O GSM PIN Retype PIN GPRS Context PPP Compression GSM Bearer Svc Auto acquire DNS Negotiated IP Note Dial out GPRS connections may Initialization Script Modem Timeout Caller ID Lagging Text Mode Timeout Logins Dial back Number Dial in Host List PPP Mode Negotiate IP Address Authentication CHAP Handshake for Dial in amp Dial on Demand DOD DOD Authentication DOD CHAP Handshake Enable NAT Dial out Number Dial out Login Dial out Password Restart Delay IP Settings Service Telnet Port SSH Port TCP Port 11357 Baas P1 P2 P3 P4 22468 BESS B Select port for configuration or O webssH Device Port only rs SY ET eens S CET a Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists PC Card Modem ISDN Help Slot Upper State Disabled b Device ModemASDN Mode Text O PPP No OYes seconds 1 9999 oO Modem Command No O Yes minutes 1 30 Local User Number Fixed Number Host Lists gt Yes Local IP No Remote IP PAP CHAP Host User Name Secret User Password Same authentication PAP CHAP Host User Name SecretUser Password Note Enabling NAT requires IP Forwarding to be enabled Retype
111. a Sun server connected over the network to the SLB branch office manager When a connection is established between the device port and an outbound Telnet session users can access the Sun server as though they were directly connected to it See 10 Connections for more information Serial Cable to Device Port 2 Sun UNIX Server Bigg AA u ee In this example the sysadmin would 1 Display the current settings for device port 2 SLB gt show deviceport port 2 Current Device Port Settings Number 2 Name Port 2 Modem Settings Data Settings IP Settings Modem State disabled Baud Rate 9600 Telnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff IP lt none gt Authentication PAP Logins disabled CHAP Host lt none gt Break Sequence x1bB CHAP Secret lt none gt Check DSR disabled NAT disabled Close DSR disabled Dial out Login lt none gt Dial out Password lt none gt Dial out Number lt none gt Dial back Number usernumber Initialization Script lt none gt Logging SettlLnigs 34 333 3 ee Local Logging disabled PC Card Logging disabled Email Logging disabled Log to upper slot SLB Branch Office Manager User Guide 210 13 Applic
112. a3ffe89 423d IP v6 Address fe80 280 a3tffe89 423e 2 721614 Eth1 Mode Auto v Eth2 Mode Auto v 3 4 2 21 Eth1 Multicast 239 255 255 251 Eth2 Multicast 224 0 0 1 224 0 0 1 DHCP Acquired DNS Servers 1 None Rx Tx 2 None Bytes Packets Errors Multicast Bytes Packets Errors 3 None Ethi 192405028 2471651 2400 2468892 6194210 28798 0 GPRS Acquired DNS Servers GPRs Acqguired DNS Serwers Eth2 Q Q Q 0 1440 12 12 1 None 2 None Gatew The alternate gateway is used if an IP address usually accessible zs hone tte way through the default gateway fails to return one or more pings m Enable IP Default 172 18 0 1 Alternate Forwarding P DHCP Acquired None IP Address to Ping TCP Keepalive Parameters GPRS Acquired None Ethernet Port for Ping QEth1 O Eth2 Start Probes 600 sets DHCP Acquired Delay between Pings 3 seconds Number of Probes 5 Precedence Default GPRS Acquired Number of Failed Pings 10 Interval 60 secs 2 Enter the following information Eth1 and Eth2 Settings Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported SLB Branch Office Manager User Guide 48 6 Basic Parameters Eth 1 and or Eth 2 Settings Disabled If selected disables the network port Defaults are Eth1 and Eth2 enabled Obtain from DHCP Acquires IP address subnet mask hostname and gateway from the DHCP server The DHCP server may not provide th
113. admin banner login lt Banner Text gt admin banner logout lt Banner Text admin banner welcome lt Banner Text gt Note To go to the next line type n and press Enter To display banners admin banner show To prepare the SLB branch office manager to be powered off admin shutdown Note When you use this command to shut down the SLB device the LCD front panel displays Shutting down the SLB followed by a pause and then Shutdown complete When Shutdown complete displays it is safe to power off the SLB branch office manager This command is not available on the Web page SLB Branch Office Manager User Guide 187 12 Maintenance and Operation To enable or disable iGoogle Gadget web content admin web gadget lt enable disable gt To configure the timeout for web sessions admin web timeout lt disable 5 120 gt Timeouts are measured in minutes To terminate a web session admin web terminate lt web session id gt To view current timeout and all active web sessions admin web show To list current hardware and firmware information admin version To update SLB firmware to a new revision Note The firmware file should be accessible via the settings displayed by admin ftp show The SLB branch office manager automatically reboots after successful update admin firmware update lt ftp tftp sftp gt file lt Firmware File gt key lt Checksum Key gt To set the boot ban
114. ame Name that identifies a filter may be composed of letters numbers and hyphens only The name cannot start with a hyphen Example FILTER 2 Rule Parameters IP Address Specify a single IP address to act as a filter Example 172 19 220 64 this specific IP address only Subnet Mask Specify a subnet mask to act as a filter Example 255 255 0 0 Protocol From the drop down list select the type of protocol through which the filter will operate The default setting is All SLB Branch Office Manager User Guide 55 6 Basic Parameters Port Range Enter a range of destination TCP or UDP port numbers to be tested An entry is required for TCP TCP New TCP Established and UDP and is not allowed for other protocols Separate multiple ports with commas Separate ranges of ports by colons Examples 22 filter on port 22 only 23 64 80 filter on ports 23 64 and 80 23 64 80 143 150 filter on ports 23 through 64 port 80 and ports 143 through 150 Action Select whether to drop reject or allow communications for the specified IP address subnet mask protocol and port range Drop ignores the packet with no notification Reject ignores the packet and sends back an error message Allow permits the packet through the filter Generate rule to You may wish to punch holes in your filter set for a allow service particular protocol or service For instance if you have configured your NIS se
115. anadian ICES 003 Cet appareil num rique de la classe A est conforme la norme NMB 003 du Canada CE NOTICE European Union Only Marking by the symbol indicates compliance of this information technology device to the EMC Directive and the Low Voltage Directive of the European Union Such marking is indicative that this system meets the following technical standards SLB Branch Office Manager User Guide 278 F Compliance Information EN 55022 Limits and Methods of Measurement of Radio Interference Characteristics of Information Technology Equipment EN 55024 Information technology equipment Immunity characteristics Limits and methods of measurement EN 61000 3 2 Electromagnetic compatibility EMC Part 3 Limits Section 2 Limits for harmonic current emissions Equipment input current up to and including 16 A per phase EN 61000 3 3 Electromagnetic compatibility EMC Part 3 Limits Section 3 Limitation of voltage fluctuations and flicker in low voltage supply systems for equipment with rated current up to and including 16 A EN 60950 Safety of Information Technology Equipment RoHS Compliance This product meets the requirements of 2002 95 EC European RoHS and also complies with the SJ T 11363 2006 Peoples Republic of China Requirements for Concentration Limits on Certain Hazardous Substances in Information Technology Products Additional Agency A
116. anch Office Manager User Guide 157 11 User Authentication To set user group and permissions for RADIUS users set radius group lt default power admin gt To set permissions for RADIUS users not already defined by the user rights group set radius permissions lt Permission List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad To remove a permission type a minus sign before the two letter abbreviation for a user right To set a default custom menu for RADIUS users set radius custommenu lt Menu Name gt To view RADIUS settings show radius Kerberos Kerberos is a network authentication protocol that provides strong authentication for client server applications by using secret key cryptography The system administrator can configure the SLB branch office manager to use Kerberos to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions on this page All Kerberos users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLB branch office manager to use Kerberos to authenticate users 1 Click the User Authentication tab and select the Kerberos option The following page displays SLB Branch Office
117. aneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp Or udp A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B The ports users are able to monitor and interact with using the connect direct command U and L denote the PC Card upper and lower slots Listen Ports The ports users are able to monitor using the connect listen command Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Access Outlets The outlets the user may monitor and configure 3 Inthe User Rights section select the user group to which NIS users will belong Group Select the group to which the NIS users will belong Default Users This group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Networking Date Time Reboot amp Shutdown and Diagnostics amp Reports Administrators This group has all poss
118. ank Copy contenis of Bank 1 to Bank 2 If checked enables you to copy the current boot bank to the alternate boot bank This process takes a few minutes to complete FTP TFTP SFTP Server The IP address or host name of the server used for obtaining updates and saving or restoring configurations May have up to 64 alphanumeric characters may include hyphens and underscores Path The default path on the server for obtaining firmware update files and getting and putting configuration save files Login The userid for accessing the FTP server May be blank Password Retype Password The FTP user password Configuration Management Configuration Management From the option list select one of the following No Save Restore Does not save or restore a configuration Save Configuration Saves all settings to file which can be backed up to a location that is not on the SLB branch office manager Restore Factory Defaults Restores factory defaults If you select this option the SLB device reboots after you apply the update Select the Save SSH Keys checkbox to save any imported or exported SSH keys Select the Save SSL Certificate checkbox to save any imported certificate Disabled by default Restore Saved Configuration Returns the SLB settings to a previously saved configuration If you select this option the SLB branch office manager reboots after you apply the update Configuration Name t
119. apters The cables are available in various lengths In most cases you will need an adapter for your serial devices Lantronix offers a variety of RJ45 to serial connector adapters for many devices These adapters convert the RJ45 connection on the SLB branch office manager to a 9 pin or 25 pin serial connector found on other manufacturers serial devices or re route the serial signals for connections to other devices that use RJ45 serial connectors Please check the cabling database on the Lantronix website at http www lantronix com for suggested cables and adapters for commonly used serial devices The console port is wired the same way as the device ports and has the same signal options Note You can view or change the console port settings using the LCDs and pushbuttons on the front panel the Console Port web page or the command line interface show console port and set consoleport commands The adapters illustrated below are compatible with the Lantronix SLB models SLB Branch Office Manager User Guide 269 D Adapters and Pinouts RJ45 Receptacle to DB25M DCE Adapter for the SLB Device PN 200 2066A oe VAI gt TA RJ45 DB25 Male RTS 1 _____ gt ________ 5 Use PN 200 2066A adapter with a dumb terminal or with many SUN applications SLB Branch Office Manager User Guide 270 D Adapters and Pinouts RJ45 Receptacle to DB25F DCE Adapter for the SLB Device PN 200 2067A
120. assigned a number for connecting via SSH Enter a number 1025 65535 that represents the first port The default is 3000 plus the port number For example if you enter 3001 subsequent ports are automatically assigned numbers 3002 3003 and so on Starting TCP Port Each port is assigned a number for connecting through a raw TCP connection Enter a number 1025 65535 that represents the first port The default is 4000 plus the port number For example if you enter 4001 subsequent ports are automatically numbered 4002 4003 and so on You can use a raw TCP connection in situations where a TCP IP connection is to communicate with a serial device For example you can connect a serial printer to a device port and use a raw TCP connection to spool print jobs to the printer over the network Note When using raw TCP connections to transmit binary data or where the break command escape sequence is not required set the Break Sequence of the respective device port to null clear it Caution Ports 1 1024 are RFC assigned and may conflict with services running on the SLB branch office manager Avoid this range 2 Click the Apply button to save the settings To set limits on direct connections 1 Enter the maximum number 1 10 of simultaneous direct connections for each device port The default is 1 2 Click the Apply button to save the settings To configure a specific port 1 You have two options Select the
121. atina Gaa TACO OAC F svv Secs MES GD N All l i S WEEE ea S tit tt it Serial Telnet Connections Sessions via Network connection Remote Access Server In this setup the SLB branch office manager is connected to one or more modems by its device ports Configure the device ports on the Device Ports Settings web page by selecting the Dial in option in the Modem Settings section Most customers use the modems in PPP mode to establish an IP connection to the SLB device and either Telnet or SSH into the SLB branch office manager They could also select text mode where using a terminal emulation program a user could dial into the SLB device and connect to the command line interface Modems o SLB Branch Office M Phone ranon e Saale Internal System T vices BEEE w Network Serial Network Connections Connections SLB Branch Office Manager User Guide 126 10 Connections Reverse Terminal Server In this scenario the SLB branch office manager has one or more device ports connected to one or more serial ports of a mainframe server Users can access a terminal session by establishing a Telnet or SSH session to the SLB device To configure the SLB branch office manager select the Enable Telnet In or Enable SSH In option on the Device Ports Settings web page UNIX Server SLB Branch Office Manager AAI I A DA D L I f weeveven AEE OOOO a Serial ee
122. ation Examples Byte Threshold 100 Max number of files 10 Email Delay 60 seconds Max size of files 2048 Restart Delay 60 seconds Email To lt none gt Email Subject Port d Logging Email String lt none gt NFS File Logging disabled Directory to log to lt none gt Max number of files 10 Max size of files 2048 2 Change the serial settings to match the serial settings for the vt100 terminal changes baud to 57600 and disables flow control SLB gt set deviceport port 2 baud 57600 flowcontrol none Device Port settings successfully updated 3 Create a connection between the vt100 terminal connected to device port 2 and an outbound telnet session to the server The IP address of the server is 192 168 1 1 SLB gt connect bidirection 2 telnet 192 168 1 1 Connection settings successfully updated 4 Atthe VT100 terminal hit lt return gt a couple of times The Telnet prompt from the server displays Trying 192 168 141 606 Connected to 192 168 1 1 Escape character is Sun OS 8 0 login At this point a user can log in and interact with the Sun server at the VT100 terminal as if directly connected to the server SLB Branch Office Manager User Guide 211 14 Command Reference After an introduction to using commands this chapter lists and describes all of the commands available on the SLB command line interface accessed through Telnet SSH or a serial co
123. ature permitted for the port sensorsoft hightemp lt High Temperature in C gt Sets the hightest temperature permitted for the port sensorsoft lowhumidity lt Low Humidity gt Sets the lowest humidity pemitted for the port sensorsoft highhumidity lt High Humidity gt Sets the lowest humidity permitted for the port sensorsoft traps lt enable disable gt Enables or disables traps when specified conditions are met sensorsoft status Displays the status of the port Description Sends commands to or control a device connected to an SLB device port over the serial port Note Currently the only devices supported for this type of interaction are the SLP and Sensorsoft devices Device Port Commands set deviceport port Syntax set deviceport port lt Device Port List or Name gt lt one or more device port parameters gt Example set deviceport port 2 5 6 12 15 16 baud 2400 Parameters auth lt pap chap gt banner lt Banner Text gt baud lt 300 115200 gt breakseq lt 1 10 Chars gt SLB Branch Office Manager User Guide 239 calleridcmd lt Modem Command String gt calleridlogging lt enable disable gt chaphost lt CHAP Host or User Name gt chapsecret lt CHAP Secret or User Password gt The user defines the secret checkdsr lt enabl closedsr lt enab l databits lt 7 8 gt device lt none s le disable gt le disable gt lp8 slp1l6 gt dialbacknumber
124. back on depends on this Number setting for the device port The user is either dialed back on a fixed number specified on the Device Port Settings page or ona number that is associated with the user s login specified here Escape A single character or a two character sequence that causes the Sequence SLB branch office manager to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp Or udp Break A series of 1 10 characters users can enter on the command line Sequence interface to send a break signal to the external device A suggested Custom Menu value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B If custom menus have been created you can assign a default custom menu to the user The custom menu will display at login Note In the Local Users table if the menu assigned to a local user no longer exists it is marked with an asterisk Display Menu If custom menus have been created select to enable the me
125. belong Group Select the group to which the RADIUS users will belong Default Users This group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Networking Date Time Reboot amp Shutdown and Diagnostics amp Reports Administrators This group has all possible rights 4 Select or clear the checkboxes for the following rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Right to view and manage secure IT management units e g Network SLP power managers Spiders SLB branch office managers on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Right to assign a remote user to a user group and assign a Authentication set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for NIS users SLB Branch Office Manager User Guide 156 11 User Authentication Reboot amp Right to use the CLI or shut down the SLB branch office Shutdown manager and then reboot it Firmware amp Right to upgrade the firmware on the unit and save or resto
126. ber lt Phone Number gt localipaddr lt negotiate IP Address gt modemmode lt text ppp gt modemstate lt disable dialout dialin dialback dialondemand dialin dialondemand gt modemtimeout lt disable 1 9999 seconds gt parity lt none odd even gt SLB Branch Office Manager User Guide 254 remoteipaddr lt negotiate IP Address gt restartdelay lt PPP Restart Delay gt service lt none telnet ssh tcp gt sshauth lt enable disable gt sshport lt TCP Port gt stopbits lt 1 2 gt tcpauth lt enable disable gt tcpport lt TCP Port gt telnetauth lt enable disable gt telnetport lt TCP Port gt timeoutlogins lt disable 1 30 gt Description Configures a currently loaded PC Card Power Commands set power alarmthreshold Syntax set power alarmthreshold lt disable Tenths of Amps gt Description 14 Command Reference Number of amps measured in tenths of an amp above which the SLB branch office manager sends a trap The maximum is 180 Note If the alarm goes off a warning message displays on the CLI set power outlet Syntax set power outlet lt Outlet or List or Name gt lt one or more parameters gt Parameters name lt Outlet Name gt description lt Outlet Description gt state lt on off gt wakeup lt on off laststate gt reboot Description Configures and controls power outlets Example set power outlet 1 2 4 state on SLB Branch Offi
127. ble gt Allows you to use SCS compatible commands as shortcuts for executing commands Note Settings are retained between CLI sessions for local users and users listed in the remote users list info show sysstatus version admin version reboot admin reboot poweroff admin shutdown listdev show deviceport names direct connect direct deviceport listen connect listen deviceport clear set locallog clear telnet connect direct telnet ssh connect direct ssh To set the number of lines displayed by a command set cli terminallines lt disable Number of lines gt Sets the number of lines in the terminal emulation screen for paging through text one screenful at a time if the SLB branch office manager cannot detect the size of the terminal automatically To show current CLI settings show cli To view the last 100 commands entered in the session show history To clear the command history set history clear To view the rights of the currently logged in user show user Note For information about user rights see 11 User Authentication SLB Branch Office Manager User Guide 46 6 Basic Parameters This chapter explains how to set the following basic configuration settings for the SLB branch office manager using the SLB web interface or the CLI Network parameters that determine how the SLB interacts with the attached networ
128. button To add hosts enter the following Host Parameters Host Name or IP address of the host Protocol Protocol for connecting to the host TCP SSH or Telnet Port Port on the host to connect to SLB Branch Office Manager User Guide 109 8 Device Ports Escape Sequence The escape character used to get the attention of the SSH or Telnet client It is optional and if not specified Telnet and SSH use their default escape character For Telnet the escape character is either a single character or a two character sequence consisting of followed by one character If the second character is the DEL character is selected Otherwise the second character is converted to a control character and used as the escape character tat For SSH the escape character is a single character Click the right arrow The host displays in the Hosts box Repeat steps 2 4 to add more hosts to the host list Note To clear fields before adding the next host click the Clear Host Parameters button 6 You have the following options To remove a host from the host list select the host in the Hosts box and click the left arrow To give the host a higher precedence select the host in the Hosts box and click the up arrow To give the host a lower precedence select the host in the Hosts box and click the down arrow 7 Click the Add Host List button After the process complete
129. ce Manager User Guide 255 14 Command Reference set power switchingdelay Syntax set power switchingdelay lt Delay in msec gt Description Sets the delay after switching on an outlet before switching on the next show power Syntax show power lt Outlet or Name gt Description Displays power settings for all outlets or for a single outlet Note The screen displays PND when the outlet is powering up and is waiting for the delay period to expire It displays RBT when an outlet has been told to reboot and is waiting for the reboot interval to expire default is 20 seconds The switching delay and the reboot interval are completely independent of each other Routing Commands set routing Syntax set routing parameters Parameters rip lt enable disable gt route lt 1 64 gt ipaddr lt IP Address gt mask lt Netmask gt gateway lt IP Address gt static lt enable disable gt version lt 1 2 both gt Description Configures static or dynamic routing To delete a static route set the IP address mask and gateway parameters to 0 0 0 0 show routing Syntax show routing resolveip lt enable disable gt email lt Email Address gt Description Sets the routing table to display IP addresses disable or the corresponding host names enable You can optionally email the displayed information SLB Branch Office Manager User Guide 256 Services Commands set services Syntax set
130. ce after the user logs out Default is blank Note To create more lines use the n character sequence Web Timeout Enable iGoogle Gadget Web Content Number of minutes 5 120 after which the SLB web session times out The default is 5 To avoid timeouts select No If the session times out refresh the browser page and enter your user id and password to open another web session Note If you close the browser without logging off the SLB branch office manager first you will have to wait for the timeout time to expire You can also end a web session by using the admin web terminate command at the CLI or by asking your system administrator to terminate your active web session To view or terminate current web sessions click the Web Sessions link See Firmware amp Configurations Web Sessions on page 184 To view import or reset the SSL Certificate click the SSL Certificate link See Firmware amp Configurations Web Sessions on page 184 Select the check box to enable an SLB iGoogle gadget The iGoogle gadget allows an iGoogle user to view the port status of many SLB devices on one web page See iGoogle Gadgets on page 186 SLB Firmware Update Firmware To update the SLB firmware select the checkbox If you select this option the SLB reboots after you apply the update To view a log of all prior firmware updates click the Firmware Update Log link Note For dual boot SLB branch office
131. ces a server a Cisco switch and a firewall connect to the SLB device s serial ports unmanaged switch ports and power outlets This setup enables the SLB branch office manager to manage the devices connect the devices to the network and provide power to the devices An SLB switch port connects the Lantronix Spider optional a Distributed KVM product that provides remote and secure access to the attached server over the network In addition the SLB branch office manager connects to a modem for out of band dial up access SLB Branch Office Manager User Guide 27 3 Installation Figure 3 4 SLB Installation Using the Integrated Ethernet Switch 1 Ft black Cat 5 Console Management Power Management Ethernet Connection KVM over IP In Figure 3 5 the SLB branch office manager controls four serial devices and provides power to them The devices use a managed switch to connect to the network The figure also shows how Lantronix Spiders can be daisy chained Figure 3 5 SLB Installation Using a Managed Switch SwitchPort Daisy Chaining Console Management Power Management Ethernet Connection KVM over IP SLB Branch Office Manager User Guide 28 4 Quick Setup This chapter helps get the IP network port up and running quickly so you can administer the SLB branch office manager using your network To set up the network connections quickly we suggest you do one of the follo
132. ch the currently logged in user has rights are enabled Below the bar are two options for use with the port buttons Selecting a port and the Configuration option takes you to the Device Port Settings page Selecting a port and the WebSSH option displays the WebSSH window for the device port if Web SSH is enabled and if SSH is enabled for the device port S switch buttons refer to the unmanaged Ethernet switch ports on the back of the unit The firmware does not currently configure or control them Buttons P1 P4 enable you to select a power outlet and display the Power Outlets page with the selected outlet s information highlighted The A and B buttons display the status of the power supplies Entry Fields and Options Allow you to enter data and select options for the settings SLB Branch Office Manager User Guide 41 5 Web and Command Line Interfaces Note For specific instructions on completing the fields on the web pages see Chapters 6 through 12 Apply Button Apply on each web page makes the changes immediately and saves them so they will be there when the SLB branch office manager is rebooted Icons The icon bar above the Main Menu has icons that display the following in order ft Bl Home page from left to right Information about the SLB device and Lantronix contact information Configuration site map Status of the SLB branch office manager Help Button Provides on
133. charseq lt Char Sequence gt SLB Branch Office Manager User Guide 232 14 Command Reference charxfer lt toendpoint fromendpoint gt date lt MMDDYYhhmm ss gt deviceport lt Device Port or Name gt exclusive lt enable disable gt ssh lt IP Address or Name gt port lt TCP Port gt lt SSH flags gt where lt SSH flags gt is one or more of user lt Login Name gt version lt 1 2 gt command lt Command to Execute gt tcp lt IP Address gt port lt TCP Port gt telnet lt IP Address or Name gt port lt TCP Port gt trigger lt now datetime chars gt If the trigger is datetime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or characters or a character sequence enter the charxfer parameter and either the charcount or the charseq parameter udp lt IP Address gt port lt UDP Port gt Description Connects a device port to another device port or an outbound network connection data flows in both directions connect direct Syntax connect direct lt endpoint gt Parameters Endpoint is one of deviceport lt Device Port or Name gt ssh lt IP Address or Name gt port lt TCP Port gt lt SSH flags gt where lt SSH flags gt is one or more of user lt Login Name gt version lt 1 2 gt command lt Command to Execute gt tcp lt IP Address gt port lt TCP Port gt teln
134. comes the prompt in the command line interface Domain If desired specify a domain name for example support lantronix com The domain name is used for host name resolution within the SLB branch office manager For example if abed is specified for the SMTP server and mydomain com is specified for the domain if abcd cannot be resolved the SLB device attempts to resolve abcd mydomain com for the SMTP server Date amp Time Settings Change Date Time Select the checkbox to manually enter the date and time at the SLB branch office manager s location Date From the drop down lists select the current month day and year Time From the drop down lists select the current hour and minute Time Zone SLB Branch Office Manager User Guide From the drop down list select the appropriate time zone 35 4 Quick Setup Administrator Settings Sysadmin To change the password e g from the default enter a Password Retype password of up to 64 characters Password 6 To save your entries click the Apply button SLB Branch Office Manager User Guide 36 4 Quick Setup Method 3 Quick Setup on the Command Line Interface If the SLB branch office manager does not have an IP address you can connect a dumb terminal or a PC running a terminal emulation program VT100 to access the command line interface See Connecting a Terminal on page 25 If the unit has an IP address yo
135. connect after a specified number of minutes Select Yes and enter a value of from 1 to 30 minutes Note You must reboot the unit before a change will take effect Audit Log Enable Log Select to save a history of all configuration changes in a circular log Disabled by default The audit log is saved through SLB device reboots Size The log has a default maximum size of 50 Kbytes approximately 500 entries You can set the maximum size of the log from 1 to 500 Kbytes Include CLI Commands Select to cause the audit log to include the CLI commands that have been executed Disabled by default Include In System Log If enabled the contents of the audit log are added to the system log under the General Info category level Disabled by default SMTP Server IP address of your network s Simple Mail Transfer Protocol SMTP relay server Phone Home Enable If enabled the SLB branch office manager will attempt to phone home every hour until it has contacted an SLM management appliance and provided it with its configuration IP Address IP address of the SLM management appliance Last Attempt Date and time of last connection attempt view only Results Indicates whether the attempt was successful view only 3 To save click the Apply button SLB Branch Office Manager User Guide 63 7 Services SNMP Simple Network Management Protocol SNMP is a set of
136. ct port for configuration or webSSH Device Port only Authentication Methods Local Remote Users NIS LDAP RADIUS Kerberos TACACS SSH Keys ii LocalilRemote Users Help Local and remote accounts on the SLB are used to authenticate users who login to the SLB via SSH Telnet the Web or the Console Port Authenticate only remote users who are Enable Local Users M in the remote users list C Note remove Escape amp Break Sequences for users Local User Passwords making raw binary connections to Device Ports Complex Passwords Password Lifetime 90 days Allow Reuse Warning Period No Yes days Reuse History 4 Max Login Attempts No Yes 0 Lockout Period No Yes 0 minutes Select the radio button in the Add Edit User Delete User right column to edit or delete a user Shaded users are locked cannot login Local Remote Users Login Auth UID Group Permissions Esc jBrk jCustom DB Listen Data Clear Outlet Seq Seq Menu 1 8 U L 1 8 U L 1 4 O michaell Remote N A Adm fa nt sv lu ra dt sk um dp pe rs fc drsnwh po WwIbA Ww1bB N 1 8 U L 1 bB N 1 8 U L 1 8 U L 1 8 U L 1 4 sysadmin Local 0 Adm fa nt sv lu ra dt sk um dp pe rs fc drsn wb po X1IbA The top of the page has entry fields for enabling local and remote users and for setting password requirements The bottom of the page displays a table listing and describing all local and
137. ct to enable negotiation of data compression over PPP links Disabled by default GSM Bearer Svc Command to select the bearer service data rate and connection element to use when data call originate Auto acquire DNS Select to enable the SLB device to acquire up to three DNS servers by means of GPRS Enabled by default SLB Branch Office Manager User Guide 119 9 PC Cards Negotiated IP IP address associated with the GPRS connection Text Mode Timeout Logins If you selected Text mode you can enable logins to time out after the connection is inactive for a specified number of minutes The default is No This setting only applies to text mode connections PPP mode connections stay connected until either side drops the connection Disabled by default Dial back Number Users with dial back access can dial into the SLB branch office manager and enter their login and password Once the SLB device authenticates them the modem hangs up and dials them back Select the phone number the modem dials back on a fixed number or a number associated with their login If you select Fixed Number enter the number in the format 2123456789 Dial in Host List PPP Mode From the drop down list select the desired host list The host list is a prioritized list of SSH Telnet and TCP hosts that are available for establishing outgoing modem connections The hosts in the list are cycled through until the modem succe
138. d disables the network port Default is Eth1 enabled Obtain from DHCP Acquires IP address subnet mask hostname and gateway from the DHCP server The DHCP server may not provide the hostname gateway depending on its setup This is the default setting If you select this option skip to Gateway Obtain from BOOTP Lets a network node request configuration information from a BOOTP server node If you select this option skip to Gateway Specify Lets you manually assign a static IP address generally provided by the system administrator IP Address if specifying Subnet Mask Enter an IP address that will be unique and valid on your network There is no default Enter all IP addresses in dot quad notation Do not use leading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for the last segment Note Currently the SLB branch office manager does not support configurations with the same IP subnet on multiple interfaces Ethernet or PPP If specifying an IP address enter the network segment on which the SLB device resides There is no default Default Gateway The IP address of the router for this network There is no default Hostname The default host name is slbXXXX where XXXX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit contiguous characters no spaces The host name be
139. d logs in to the command line interface For 2 3 4 5 and 6 if logins or authentication are not enabled the user is directly connected to the device port with no authentication For 1 and 6 if logins are enabled the user is authenticated first and then logged into the command line interface The user login determines permissions for accessing device ports SLB Branch Office Manager User Guide 80 8 Device Ports Permissions There are three types of permissions Direct or data mode The user can interact with and monitor the device port connect direct command Listen mode The user can only monitor the device port connect listen command Clear mode The user can clear the contents of the device port buffer set locallog lt port gt clear buffer command The administrator and users with local user rights may assign individual port permissions to local users The administrator and users with remote authentication rights assign port access to users authenticated by NIS RADIUS LDAP Kerberos and TACACS Device Status The Device Status page displays the status of the SLB branch office manager s ports PC card slots and power outlets 1 Click the Devices tab and select the Device Status option The following page displays LANT VON IX SLB884 P1 P2 P3 P4 User sysadmin Select port for configuration or WebSSH Device Port only f Device Status Device Ports Console Port PCCard Po
140. detailed instructions for using the web interface and include equivalent command line interface commands 6 Basic Parameters Provides instructions for configuring network ports firewall and routing settings and the date and time 7 Services Provides instructions for enabling and disabling system logging SSH and Telnet logins SNMP SMTP and the date and time 8 Device Ports Provides instructions for configuring global device port settings individual device port settings and console port settings 9 PC Cards Provides instructions for using the PC Card slot 10 Connections Provides instructions for configuring connections and viewing updating or disconnecting a connection 11 User Authentication Provides instructions for enabling or disabling methods that authenticate users who attempt to log in via SSH Telnet or the console port Provides instructions for creating custom menus SLB Branch Office Manager User Guide 10 1 About This Guide 12 Maintenance and Provides instructions for upgrading firmware viewing system logs Operation and diagnostics generating reports and defining events Includes information about web pages and commands used to shut down and reboot the SLB device 13 Application Examples Shows how to set up and use the SLB branch office manager in three different configurations 14 Command Reference Lists and describes all of the commands available on the SLB command line inter
141. disable gt v3password lt Password for v3 auth gt v3user lt User for v3 auth gt v3user lt V3 RO User gt v3password lt V3 RO User Password gt v3phrase lt V3 RO User Passphrase gt v3rwuser lt V3 RW User gt v3rwpassword lt V3 RW User Password gt v3rwphrase lt V3 RW User Passphrase gt v3security lt noauth auth authencrypt gt v3auth lt md5 sha gt v3encrypt lt des aes gt webssh lt enable disable webtelnet lt enable disable gt Description Configures services system logging SSH and Telnet access SSH and Telnet timeout SNMP agent email SMTP server and audit log show services Syntax show services Description Displays current services SLB Network Commands set slcnetwork Syntax set slcnetwork lt one or more parameters gt Parameters add lt IP Address gt delete lt IP Address gt search lt localsubnet ipaddrlist both gt Description Detects and displays all SLB branch office manager or user defined IP addresses on the local network SLB Branch Office Manager User Guide 258 14 Command Reference show slcnetwork Syntax show slcnetwork ipaddrlist lt all Address Mask gt Description Detects and displays all SLB devices on the local network Without the ipaddrlist parameter the command searches the SLB network With the ipaddrlist parameter the command displays a sorted list of all IP addresses or displays the IP addresses that match the mask fo
142. dlockout lt Number of Minutes gt Description Sets the number of minutes after a lockout before the user can try to log in again Disabled by default set localusers periodwarning Syntax set localusers periodwarning lt Number of Days gt Description Sets the number of days the system warns the user that the password will be expiring The default is 7 days set localusers reusehistory Syntax set localusers reusehistory lt Number of Passwords gt Description Sets the number of passwords the user must use before reusing an old password The default is 4 set localusers state Syntax set localusers state lt enable disable gt Description Enables or disables authentication of local users show localusers Syntax show localusers user lt User Login gt Description Displays local users SLB Branch Office Manager User Guide 225 NIS Commands set nis Syntax set nis lt one or more parameters gt Parameters accessoutlets lt Outlet List gt broadcast lt enable disable gt clearports lt Port List gt custommenu lt Menu Name gt dataports lt Port List gt domain lt NIS Domain Name gt breakseq lt 1 10 Chars gt scapeseq lt 1 10 Chars gt group lt default power admin gt listenports lt Port List gt master lt IP Address or Hostname gt permissions lt Permission List gt Note See User Permissions Commands on page 228 for information on groups and user ri
143. e Sessions Sessions Multiport Device Server APC can use the device ports on the SLB device as virtual serial ports enabling the ports to act as if they are local ports to the PC To use the SLB branch office manager in this setup the PC requires special software for example Com Port Redirector available on www lantronix com or similar software Serial Printer SLB Branch Office Manager Windows Linux PC Modem Mi erreeeee ES M GE ff a Raw TCP Serial Connections gt Sessions Console Server For this situation the SLB branch office manager is configured so that the user can manage a number of servers or pieces of network equipment using their console ports The device ports on the SLB are connected to the console ports of the equipment that the user would like to manage To manage a specific piece of equipment the user can Telnet or SSH to a specific port or IP address on the SLB device and be connected directly to the console port of the end server or device To configure this setup set the Enable Telnet In or Enable SSH In option on the Device Ports Settings web page for the device port in question The user can implement an extra remote management capability by adding a modem to one of the device ports and setting the Dial in option in the SLB Branch Office Manager User Guide 127 10 Connections Modem Settings section of the Device Ports Settings web page A user could then dial into th
144. e O Device Port Limits 5 Pots dle fe Limits on parameters for each Device Port 6 Port 6 dle O Direct Connects 1 maximum E 7 Pot dle oO Apply 8 Ports dle O Current port numbering schemes for Telnet SSH and TCP ports display on the left The list of ports 1 8 on the right includes the individual ports and their current mode Note For units with more ports click the buttons above the table to view additional ports Icons that represent some of the possible modes include Idle The port is not in use a The port is in data text mode Note You may set up ports to allow Telnet access using the IP Settings on the Device Ports Settings page An external modem is connected to the port The user may dial into o or out of the port f Telnet in or SSH in is enabled for the device port The device port is othe either waiting for a Telnet or SSH login or has received a Telnet or SSH login a user has logged in To set up Telnet SSH and TCP port numbering 1 Enter the following Telnet SSH TCP in Port Numbers Starting Telnet Each port is assigned a number for connecting via Telnet Port Enter a number 1025 65535 that represents the first port The default is 2000 plus the port number For example if you enter 2001 subsequent ports are automatically assigned numbers 2002 2003 and so on SLB Branch Office Manager User Guide 82 8 Device Ports Starting SSH Port Each port is
145. e SLB branch office manager using another modem and terminal emulation program at a remote location Web Server Serial Terminal TelnetSSH Sessions Sessions i Modem SLB Branch Office Manager User Guide 128 10 Connections Connection Configuration To create a connection 1 Click the Devices tab and select the Connections opton The following page displays 1357 E s O X SLB884 P1 P2 P3 P4 LANT NI 22468 l SS User sysadmin Select port for configuration or webSSH Device Port only Device Status Device Ports Console Port PCCard Power Outlets Connections Host Lists Connections Help Outgoing Connection Timeout QNo Yes 5 seconds Connect Device Port Data Flow gt to Device Port v Port Settings gt o4 Hostname Oo Port Settings gt SSH Out Options User Version None 1 2 Command Trigger Connect now Connect at datestime Auto connect on characters transferring 4 atleast characters character sequence Apply To view details for a connection hold the mouse over the arrow icon in the Flow column To terminate a connection select the radio button in the right column below and select Terminate Web connections can be viewed here gt Current Connections Port Service Flow Port Service Time Console Port amp b Command Line 146 51 03 2 For a device port enter the following Port The number of the device
146. e charcount or the charseq parameter To connect a device port to another device port or an outbound network connection data flows in one direction connect unidirection lt Device Port or Name gt dataflow lt toendpoint fromendpoint gt lt endpoint gt Endpoint is one of charcount lt of Chars gt charseq lt Char Sequence gt datetime lt MMDDYYhhmm ss gt deviceport lt Port or Name gt exclusive lt enable disable gt SLB Branch Office Manager User Guide 132 10 Connections ssh lt IP Address or Name gt port lt TCP Port gt lt SSH flags gt where lt SSH flags gt is one or more of user lt Login Name gt version lt 1 2 gt command lt Command to Execute gt tcp lt IP Address gt port lt TCP Port gt telnet lt IP Address or Name gt port lt TCP Port trigger lt now datetime chars gt udp lt IP Address gt port lt UDP Port gt Note If the trigger is datet ime establish connection at a specified date time enter the date parameter If the trigger is chars establish connection on receipt of a specified number or characters or a character sequence enter either the charcount or the charseq parameter To terminate a bidirectional or unidirectional connection connect terminate lt Connection ID gt To view connections and their IDs Note The connection IDs are in the left column of the resulting table The connection ID associated with a particular connection
147. e configured for DHCP Configure Ethi 1 obtain IP Address from DHCP 2 obtain IP Address from BOOTP static IP Address 172 19 219 178 Enter 1 3 3 Enter IP Address 17 Enter Subnet Mask 2 1 178 0 n N 2 19 55 25 ow i The SLBO884 can be configured to use a default gateway Enter gateway IP Address 172 19 0 1 Hostname The current hostname is SLB and the current domain is lantronix com The hostname will be shown in the CLI prompt Specify a hostname SLB Specify a domain lantronix com Time Zone The current time zone is America Los Angeles Enter time zone Aamerica Los Angeles Date Time The current time is Wed Jun 20 10 51 34 2007 Change the current time n sysadmin Password Enter new password lt current password gt Reconfiguring the SLBOSS4 Ethernet settings successfully updated Quick Setup is now complete 5 To logout type logout at the prompt and press Enter Next Step After quick starting the SLB branch office manager you may want to configure other settings You can use the web page or the command line interface for configuration For information about the web and the command line interfaces go to 5 Web and Command Line Interfaces To continue configuring the SLB device go to 6 Basic Parameters SLB Branch Office Manager User Guide 39 5 Web and Command Line Interfaces The SLB branch office manager offers thre
148. e default escape sequence is Esc A Device Ports Logging The SLB products support port buffering of the data on the system s device ports as well as notification of receiving data on a device port Port logging is disabled by default You can enable more than one type of logging local NFS file email SNMP or PC Card ata time The buffer containing device port data is cleared when any type of logging is enabled Local Logging If local logging is enabled each device port stores 256 Kbytes approximately 400 screens of I O data in a true FIFO buffer You may view this data in ASCII format at the CLI with the show locallog command or on the Device Ports Logging web page Buffered data is normally stored in RAM and is lost in the event of a power failure if it is not logged using an NFS mount solution If the buffer data overflows the buffer capacity SLB Branch Office Manager User Guide 98 8 Device Ports only the oldest data is lost and only in the amount of overrun not in large blocks of memory NFS File Logging Data can be logged to a file on a remote NFS server Data logged locally to the SLB branch office manager is limited to 256 Kbytes and may be lost in the event of a power loss Data logged to a file on an NFS server does not have these limitations The system administrator can define the directory for saving logged data on a port by port basis and configure file size and number of files per port The direc
149. e disable gt stopbits lt 1 2 gt timeout lt disable 1 30 gt SLB Branch Office Manager User Guide 235 14 Command Reference Description Configures console port settings show consoleport Syntax show consoleport Description Displays console port settings Custom User Menu Commands When creating a custom user menu note the following limitations Maximum of 20 custom user menus Maximum of 50 commands per custom user menu logout is always the last commana Maximum of 15 characters for menu names Maximum of five nested menus can be called No syntax checking Enter each command correctly set localusers Syntax set localusers add edit lt User Login gt menu lt Menu Name gt Description Assigns a custom user menu to a local user set menu add Syntax set menu add lt Menu Name gt command lt Command Number gt Description Creates a new custom user menu or adds a command to an existing custom user menu set menu edit Syntax set menu edit lt Menu Name gt lt parameter gt Parameters command lt Command Number gt nickname lt Command Number gt redisplaymenu lt enable disable gt shownicknames lt enable disable gt SLB Branch Office Manager User Guide 236 14 Command Reference title lt Menu Title gt Description Changes a command within an existing custom user menu Changes a nickname within an existing custom user menu Enab
150. e gt delete lt Ruleset Name gt edit lt Ruleset Name gt lt Edit Parameters gt Edit Parameters append insert lt Rule Number gt replace lt Rule Number gt delete lt Rule Number gt SLB Branch Office Manager User Guide 57 6 Basic Parameters Routing The SLB branch office manager allows you to define static routes and for networks using Routing Information Protocol RIP capable routes to enable the RIP protocol to configure the routes dynamically To configure routing settings 1 Click the Network tab and select the Routing option The following page displays A NITSAN 41357 BESS JT X P1 P2 P3 P4 L I 19 SLB884 22468 BESS User sysadmin Select port for configuration or O WebSSH Device Port only Network Settings IP Filter Routing Routing Help x TE The Routing Table can be viewed Enable RIP RIP Version O1 2 O1and2 with ad IP Routes Renort gt s N To edit or delete a static route Enable Statie Routing pi selectthe radio button in the right column below IP Address Static Routes Subnet Mask No IP Address Subnet Mask Gateway Gateway Add Edit Route Apply 2 Enter the following Dynamic Routing Enable RIP Select to enable Dynamic Routing Information Protocol RIP to assign routes automatically Disabled by default RIP Version Select the RIP version The default is 2 Static Routing Enable Static Select to assign
151. e hostname gateway depending on its setup This is the default setting If you select this option skip to Gateway Obtain from BOOTP Lets a network node request configuration information from a BOOTP server node If you select this option skip to Gateway Specify Lets you manually assign a static IP address generally provided by the system administrator IP Address if specifying Subnet Mask Enter an IP address that will be unique and valid on your network There is no default Enter all IP addresses in dot quad notation Do not use leading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for the last segment Note Currently the SLB branch office manager does not support configurations with the same IP subnet on multiple interfaces Ethernet or PPP If specifying an IP address enter the network segment on which the SLB device resides There is no default Eth 1 and or Eth2 IPv6 Address Address of the port in IPv6 format Note The SLB branch office manager supports IPv6 connections for a limited set of services the web SSH and Telnet IPv6 addresses are written as 8 sets of 4 digit hexadecimal numbers separated by colons There are several rules for modifying the address For example 1234 0BCD 1D67 0000 0000 8375 BADD 0057 may be shortened to 1234 BCD 1D67 8375 BADD 57 Eth 1 and or Eth2 Mode Select the direction f
152. e interfaces for configuring the SLB device a command line interface CLI a web interface and an LCD with pushbuttons on the front panel This chapter discusses the web and command line interfaces 4 Quick Setup includes instructions for using the LCD to configure basic network settings Web Interface A web interface allows the system administrator and other authorized users to configure and manage the SLB branch office manager using most web browsers Netscape Navigator 6 x and later or Internet Explorer 5 5 and later with JavaScript enabled The Web Telnet and Web SSH features require Java 1 1 or later support in the browser The SLB device provides a secure encrypted web interface over SSL secure sockets layer Note The web server listens for requests on the unencrypted HTTP port port 80 and redirects all requests to the encrypted HTTPS port port 443 The following figure shows a typical web page SLB Branch Office Manager User Guide 40 5 Web and Command Line Interfaces Figure 5 1 Web Page Layout LANTRONIX SLB884 Ea Pee Port 246 o Be I Number Bar Logout Button User sysadmin Select port for configuration or O webssH Device Port only i i Bons Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists Tabs Options ae Device Ports Logging Help 2 MeIp Button Port 3 For NFS File Logging the directory to log to Name Port 3 must
153. e sensor is monitoring Low Humidity Enter the relative humidity permitted on the device the sensor is monitoring below which the sensor sends a trap to the SLB branch office manager High Humidity Enter the highest relative acceptable humidity permitted on the device above which the sensor sends a trap to the SLB device Traps Select to indicate the SLB branch office manager should send a trap or configured Event Alert when the sensor detects an out of range configured threshold 4 Click the Apply button 5 To view the status detected by the Sensorsoft click the Sensorsoft Status link to the right of the table Device Port Commands The following CLI commands correspond to the web page entries described above To configure a single port or a group of ports Example set deviceport port 2 5 6 12 15 16 baud 2400 set deviceport port lt Device Port List or Name gt lt one or more device port parameters gt Parameters auth lt pap chap gt banner lt Banner Text gt baud lt 300 115200 gt breakseq lt 1 10 Chars gt calleridcmd lt Modem Command String gt calleridlogging lt enable disable gt chaphost lt CHAP Host or User Name gt chapsecret lt CHAP Secret or User Password gt The user defines the secret checkdsr lt enable disable gt closedsr lt enable disable gt databits lt 7 8 gt device lt none slp8 slp16 gt dialinlist lt Host List for Dial in
154. e through the default gateway fails to return one or more pings set network host Syntax set network host lt Hostname gt domain lt Domain Name gt Description Sets the SLB host name and domain name set network port Syntax set network port lt 1 2 gt lt parameters gt Parameters mode lt auto 10mbit half 100mbit half 10mbit full 100mbit full gt state lt dhcp bootp static disable gt ipaddr lt IP Address gt mask lt Mask gt ipv addr lt IP v6 Address Prefix gt Description Configures Ethernet port 1 or 2 SLB Branch Office Manager User Guide 250 14 Command Reference show network dns Syntax show network dns Description Displays DNS settings show network gateway Syntax show network gateway Description Displays gateway settings show network host Syntax show network host Description Displays the network host name of the SLB branch office manager show network port Syntax show network port lt 1 2 gt Description Displays Ethernet port settings and counters show network all Syntax show network all Description Displays all network settings NFS and SMB CIFS Commands set nfs mount Syntax set nfs mount lt one or more parameters gt Parameters locdir lt Directory gt SLB Branch Office Manager User Guide 251 14 Command Reference mount lt enable disable gt remdir lt Remote NFS Directory gt rw lt enable disable gt
155. e unit and save or restore Configuration Diagnostics amp Reports a configuration all settings Selecting this option automatically selects Reboot amp Shutdown Right to obtain diagnostic information and reports about the unit Web Access Right to access Web Manager Device Ports SLB Branch Office Manager User Guide Right to enter device port settings 161 11 User Authentication PC Card Right to enter modem settings for PC cards Power Outlets Right to configure power outlets 5 Click the Apply button Note You must reboot the unit before your changes will take effect Kerberos Commands These commands for the command line interface correspond to the web page entries described above To configure the SLB branch office manager to use Kerberos to authenticate users who log in via the Web SSH Telnet or the console port set kerberos lt one or more parameters gt Parameters accessoutlets lt Outlet List gt breakseq lt 1 10 Chars gt clearports lt Port List gt dataports lt Port List gt scapeseq lt 1 10 Chars gt ipaddr lt Key Distribution Center IP Address gt kde lt Key Distribution Center gt listenports lt Port List gt port lt Key Distribution Center TCP Port gt realm lt Kerberos Realm gt state lt enable disable gt useldapforlookup lt enable disable gt To set user group and permissions for Kerberos users set ke
156. e used for modem dial in connections set hostlist add edit lt Host List Name gt lt parameters gt Parameters name lt Host List Name gt edit only retrycount lt 1 10 gt Default is 3 auth lt enable disable gt SLB Branch Office Manager User Guide 112 8 Device Ports To add a new host entry to a list or edit an existing entry set hostlist add edit lt Host List Name gt entry lt Host Number gt lt parameters gt Parameters host lt IP Address or Name gt protocol lt ssh telnet tcp gt port lt TICP Port gt scapeseq lt 1 10 Chars gt To move a host entry to a new position in the host list set hostlist edit lt Host List Name gt move lt Host Number gt position lt Host Number gt To delete a host list or a single host entry from a host list set hostlist delete lt Host List gt entry lt Host Number gt To display the members of a host list show hostlist lt all names Host List Name gt SLB Branch Office Manager User Guide 113 9 PC Cards You can use the PC Card page to configure storage Compact Flash and modem ISDN PC cards A Compact Flash is useful for saving and restoring configurations see Configuration Management on page 182 and for Device Port Logging see PC Card Logging on page 99 The SLB branch office manager supports a variety of Compact Flash to PC Card adapters as well as modem and Basic Rate Interface BRI ISDN cards See the Lantr
157. ecureLinx Network C User Menus Device Ports Date Time Web Access PC Card Power Outlets C 2 Enter the following Enable NIS Displays selected if you enabled this method on the Authentication Methods page If you want to set up this authentication method but not enable it immediately clear the checkbox Note You can enable NIS here or on the first User Authentication page If you enable NIS here it automatically displays at the end of the order of precedence on the User Authentication page NIS Domain The NIS domain of the SLB branch office manager must be the same as the NIS domain of the NIS server Broadcast for NIS Server NIS Master Server required If selected the SLB device sends a broadcast datagram to find the NIS Server on the local network The IP address or host name of the master server NIS Slave Servers 1 5 The IP addresses or host names of up to five slave servers SLB Branch Office Manager User Guide 146 11 User Authentication Custom Menu If custom menus have been created you can assign a default custom menu to NIS users Escape Sequence Break Sequence Data Ports A single character or a two character sequence that causes the SLB branch office manager to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simult
158. ed system or service RADIUS allows a company to maintain user profiles in a central database that all remote servers can share It increases security allowing a company to set up a policy that can be applied at a single administered network point Kerberos SLB Branch Office Manager User Guide Kerberos is a network authentication protocol that enables two parties to exchange private information across an unprotected network It works by assigning a unique electronic credential called a ticket to each user who logs on to the network The ticket is embedded in messages to identify the sender 135 11 User Authentication TACACS Terminal Access Controller Access Control System Local Users TACACS allows a remote access server to communicate with an authentication server to determine whether the user has access to the network TACACS is a completely new protocol and is not compatible with TACACS or XTACACS The SLB branch office manager supports TACACS only Local accounts authenticate users who attempt to log in via SSH Telnet the Web or the console port 3 To disable a method currently in the Enabled methods list select the method and click the right arrow between the lists 4 To set the order in which the SLB branch office manager will authenticate users use the up and down arrows to the left of the Enabled methods list 5 For Attempt next method on authentication rejection you have the fol
159. edit Syntax admin events edit lt Event ID gt lt parameters gt Parameters community lt SNMP Community gt deviceport lt Device Port or Name gt ethport lt 1 2 gt nms lt SNMP NMS gt oid lt SNMP Trap OID gt pccardslot lt upper lower gt Description Edits event definitions SLB Branch Office Manager User Guide 245 14 Command Reference admin events show Syntax admin events show Description Displays event definitions Host List Commands set hostlist add edit lt Host List Name gt Syntax set hostlist add edit lt Host List Name gt lt parameters gt Parameters name lt Host List Name gt edit only retrycount lt 1 10 gt Default is 3 auth lt enable disable gt Description Configures a prioritized list of hosts to be used for modem dial in connections set hostlist add edit lt Host List Name gt entry Syntax set hostlist add edit lt Host List Name gt entry lt Host Number gt lt parameters gt Parameters host lt IP Address or Name gt protocol lt ssh telnet tcp gt port lt TCP Port gt scapeseq lt 1 10 Chars gt Description Adds a new host entry to a list or edit an existing entry set hostlist edit lt Host List Name gt move Syntax set hostlist edit lt Host List Name gt move lt Host Number gt position lt Host Number gt Description Moves a host entry to a new position in the host list SLB Branch Office Manager User Guide 2
160. eeeneeseeeeescaeeesaeeseneessaees 25 Figur 3 2 Power Outlets iisiciveheveteieiceavaniesieebeseanieey dceesichsgenie aiae a 26 Figure 3 3 8 Port Ethernet Switch ccccccessececeeeeeeceeeeeeeeceeeeesaeeeeaaesseneeseaeeesaeeseaaeseeneeesaees 27 Figure 3 4 SLB Installation Using the Integrated Ethernet Switch ccccceeeesteeeteeeetees 28 Figure 3 5 SLB Installation Using a Managed Switch c cccccceeeeeeeeeeceeeeeeeeeeeaeeeeneeseaees 28 Figure 4 1 Front Panel LCD Display and Five Pushbuttons Enter Up Down Left Right 30 Figure 4 2 Beginning of Quick Setup Script ccccecceeeececeeeeeceeeeeeaeeeeeeeseeeeesaeeesaeeeeneeseaees 37 Figure 4 3 Completed Quick Setup ccccceeeeeeeeeeeeeeeeeeaee scenes caeeesaaeeeeaeeseeeescaeessaeeeeneeeeaees 39 Figure 5 1 Web Fage Layout ccc ise ssacie i aieeceishieeenvaie ceavanies tadiecedeitenes Autieestanbestaiee 41 Figure 13 1 SLB Branch Office Manager Configuration cc ccccsceeeeeeeeeeseeeeeeeeeeeneeeeees 206 Figure 13 2 Remote User Connected to a SUN Server via the SLB Device 008 207 List of Tables Table 2 1 SLB MOIS risiini auragan fees tia adaa aaa araea facets jets aans 15 Table 3 1 SLB Technical Specifications cecccecceeeeeeeeeeeneeceeeeeeaeeeeaeeseeeeeseeeesaeeneeeeeeeeess 23 Table 4 1 Methods of Assigning an IP Address 0000 eeceeeeeeeneeeeeeeeeeeeeeaaeeeeeeaaeeeeeeaeeeeseaas 29 Table 4 2 Front Pa
161. elnet and TCP hosts that are available for establishing outgoing modem connections or for connect direct at the CLI The hosts in the list are cycled through until the SLB branch office manager successfully connects to one To establish and configure host lists click the Host Lists link SLB Branch Office Manager User Guide 89 8 Device Ports Modem Settings PPP Mode Negotiate IP Address Authentication If the SLB branch office manager and or the serial device have dynamic IP addresses e g IP addresses assigned by a DHCP server select Yes Yes is the default If the SLB branch office manager or the modem have fixed IP addresses select No and enter the local IP IP address of the port and remote IP IP address of the modem Enables PAP or CHAP authentication for modem logins PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the CHAP Handshake fields authenticate the user CHAP Handshake The host username for UNIX systems or secret user password for Windows systems used for CHAP authentication May have up to 128 characters Same authentication for Dial in amp Dial on Demand DOD Select this option to let incoming connections dial in use the same authentication settings as outgoing connections dial on demand If this option is not selected then the dial on demand connectio
162. ening or removing the cover may expose you to dangerous voltage that could cause fire or electric shock Refer all servicing to Lantronix Power Plug When disconnecting the power cable from the socket pull on the plug not the cord Always connect the power cord to a properly wired and grounded power source Do not use adapter plugs or remove the grounding prong from the cord Only use a power cord with a voltage and current rating greater than the voltage and current rating marked on the SLB branch office manager Install the SLB device near an AC outlet that is easily accessible Always connect any equipment used with the product to properly wired and grounded power sources To help protect the product from sudden transient increases and decreases in electrical power use a Surge suppressor line conditioner or uninterruptible power supply UPS Do not connect or disconnect this product during an electrical storm Input Supply This SLB branch office manager may have more than one power supply source Disconnect all power supply sources before servicing to avoid electric shock Check nameplate ratings to assure there is no overloading of supply circuits that could affect over current protection and supply wiring Grounding Maintain reliable grounding of this product Pay particular attention to supply connections when connecting to power strips rather than directly to the branch circuit
163. epower gt outlet lt Outlet gt tower lt A B gt Outlet is 1 8 for SLP8 power manager and 1 16 for SLP16 power manager The out letcont rol parameters control individual outlets slp outletstate outlet lt Outlet gt The out letstate parameter shows the state of all outlets or a SLB Branch Office Manager User Guide 96 8 Device Ports single outlet slp envmon Displays the environmental status e g temperature and humidity of the SLP power manager slp infeedstatus Displays the infeed status and load of the SLP power manager slp system Provides system information for the SLP power manager sensorsoft lowtemp lt Low Temperature in C gt Sets the lowest temperature permitted for the port sensorsoft hightemp lt High Temperature in C gt Sets the hightest temperature permitted for the port sensorsoft lowhumidity lt Low Humidity gt Sets the lowest humidity pemitted for the port sensorsoft highhumidity lt High Humidity gt Sets the lowest humidity permitted for the port sensorsoft traps lt enable disable gt Enables or disables traps when specified conditions are met sensorsoft status Displays the status of the port Interacting with a Device Port Once a device port has been configured and connected to an external device such as the console port of an external server the data received over the device port can be monitored at the command line interface with the connect
164. eq lt 1 10 Chars gt scapeseq lt 1 10 Chars gt encrypt lt enable disable gt group lt default power admin gt listenports lt Port List gt permissions lt Permission List gt port lt TCP Port gt server lt IP Address or Hostname gt state lt enable disable gt Default is 389 Note See User Permissions Commands on page 228 for information on groups and user rights Description Configures the SLB device to use LDAP to authenticate users who log in via the Web SSH Telnet or the console port SLB Branch Office Manager User Guide 222 14 Command Reference show ldap Description Displays LDAP settings Syntax show ldap Local Users Commands set localusers add edit Syntax set localusers add edit lt User Login gt lt one or more parameters gt Parameters accessoutlets lt Outlet List gt allowdialback lt enable disable gt breakseq lt 1 10 Chars gt changenextlogin lt enable disable gt changepassword lt enable disable gt clearports lt Port List gt dataports lt Port List gt dialbacknumber lt Phone Number gt displaymenu lt enable disable gt scapeseq lt 1 10 Chars gt listenports lt Port List gt custommenu lt Menu Name gt uid lt User Identifier gt group lt default power admin gt passwordexpires lt enable disable gt permissions lt Permission List gt Note See User Permissions Commands on page 228 for information on groups and user rights De
165. er lower gt Description Mounts a Compact Flash card in the SLB device for use as a storage device The Compact Flash card must be formatted with an ext2 or FAT file system before you mount it pccard storage unmount Syntax pccard storage unmount lt upper lower gt Description Unmounts a Compact Flash card Enter this command before ejecting the card SLB Branch Office Manager User Guide 253 14 Command Reference PC Card Modem Commands pccard modem Syntax pccard modem lt upper lower gt lt parameters gt Parameters auth lt pap chap gt baud lt 300 115200 gt 9600 is the default calleridcmd lt Modem Command String gt calleridlogging lt enable disable gt chaphost lt CHAP Host or User Password gt chapsecret lt CHAP Secret or User Password gt databits lt 7 8 gt dialbacknumber lt usernumber Phone Number gt dialoutlogin lt User Login gt dialoutnumber lt Phone Number gt dodauth lt pap chap gt dodchaphost lt CHAP Host or User Name gt dodchapsecret lt CHAP Secret or User Password gt dialoutpassword lt Password gt flowcontrol lt none xon xoff rts cts gt gsmautodns lt enable disable gt gsmbearerservice lt GSM Bearer Service gt gsmcompression lt enable disable gt gsmcontext lt GPRS Context Id gt gsmdialoutmode lt gprs gsm gt gsmpin lt GSM GPRS PIN Number gt initscript lt Initialization Script gt isdnchannel lt 1 2 gt isdnnum
166. er profiles Each user has an assigned ID password and access rights Other user profile access options may include externally configured authentication methods such as RADIUS TACACS NIS and LDAP Power Outlet Control With the SLB branch office manager s built in power management capability system administrators can remotely control the power on off reboot individually to all IT equipment in the branch office ensure safe power distribution and reduce in rush current overload If SNMP traps are enabled a trap alarm is sent if the total current for all outlets exceeds a threshold Device Port Buffer The SLB device supports real time data logging for each device port The port can save the data log to a file send an email notification of an issue or take no action You can define the path for logged data on a port by port basis configure file size and number of files per port for each logging event and configure the device log to send an email alert message automatically to the appropriate parties indicating a particular error Configuration Options You may use the backlit front panel LCD display for initial setup and configuration and to view current network console and date time settings and get power outlet status Both a web interface viewed through a standard browser and a command line interface CLI are available for configuring the SLB settings and monitoring performance SLB Branch Office Manager User G
167. ernet ports referred to in this User Guide as Eth1 and Eth2 and a front panel serial console port RJ45 The SLB device has two 32 bit CardBus PC card slots to support storage cards or a PC Card modem for dial in access The list of supported cards is available on the Lantronix website Table 2 1 SLB Models SLB088411 01 SLB branch office manager 8 device ports 8 Ethernet switch ports 4 power outlets 100 120 VAC NEMA 5 15R type 1 AC power supply SLB088412 01 SLB branch office manager 8 device ports 8 Ethernet switch ports 4 power outlets 208 240 VAC IEC60320 C13 type 1 AC power supply SLB Branch Office Manager User Guide 15 Two Line LCD Display 2 Overview Figure 2 1 SLB 8 Front Front Panel 1U Tall Self Contained Two PC Card Slots Console Port Pushbuttons Rack Mountable Chassis RS 232 Figure 2 2 SLB 8 Back 8 Device Ports 4 Power Outlets 8 Switch Ports 1 AC Power Supply Two 10 100 Network Ports 7 E 2 01006 sirot RS 232 Device Ports 1 8 Switch Ports Four Power Outlets AC Power Input System Features The SLB firmware has the following basic capabilities o o o Connects up to eight RS 232 serial consoles Controls power on off reboot of up to four attached devices 10Base T 100Base TX Ethernet network compatibility Buffer logging to file Email and SNMP notification ID Password security configurable access rights
168. ervice gt gsmcompression lt enable disable gt gsmcontext lt GPRS Context Id gt gsmdialoutmode lt gprs gsm gt gsmpin lt GSM GPRS PIN Number gt idletimeout lt disable 1 9999 seconds gt initscript lt Initialization Script gt isdnchannel lt 1 2 gt isdnnumber lt Phone Number gt localipaddr lt negotiate IP Address gt SLB Branch Office Manager User Guide 123 9 PC Cards modemmode lt text ppp gt modemstate lt disable dialout dialin dialback dialondemand dialin dialondemand dialinhostlist gt modemtimeout lt disable 1 9999 sec gt nat lt enable disable gt parity lt none odd even gt remoteipaddr lt negotiate IP Address gt restartdelay lt PPP Restart Delay gt service lt none telnet ssh tcp gt sshauth lt enable disable gt sshport lt TCP Port gt stopbits lt 1 2 gt tcpauth lt enable disable gt tcpport lt TCP Port gt telnetauth lt enable disable gt telnetport lt TCP Port gt timeoutlogins lt disable 1 30 gt SLB Branch Office Manager User Guide 124 10 Connections Chapter 8 Device Ports described how to configure and interact with an SLB branch office manager device port connected to an external device This chapter describes how to use the Connections web page to connect external devices and outbound network connections such as Telnet or SSH in various configurations An SLB device port attached to an external device can be connected to
169. es No prompt displays Note If the prompt does not display make sure you are no longer in edit mode 11 Use the left right arrow buttons to select Yes and press the Enter button 12 To review the saved settings press the up or down arrows to step through the current settings When you are done the front panel returns to the clock display The network port resets to the new settings and you can connect to your IP network for further administration You should be able to Telnet or SSH to the SLB branch office manager through your network connection or access the web interface through a web browser SLB Branch Office Manager User Guide 32 4 Quick Setup Restoring Factory Defaults To use the LCD display to restore factory default settings 1 2 5 Press the right arrow button to move to the last option Release Use the down arrow to move to the Restore Factory Defaults option A prompt for the 6 digit Restore Factory Defaults password displays Press Enter to enter edit mode Using the left and right arrows to move between digits and the up and down arrows to change digits enter the password the default password is 999999 Note The Restore Factory Defaults password is only for the LCD You can change it at the command line interface using the admin keypad password command Press Enter to exit edit mode If the password is valid a Save Settings Yes No prompt displays To initiate the process for restori
170. ess as you want it press Enter to exit edit mode and then press the down arrow button The Subnet Mask parameter displays Note You must edit the IP address and the Subnet Mask together for a valid IP address combination 5 To save your entries for one or more parameters in the group press the right arrow button The Save Settings Yes No prompt displays Note If the prompt does not display make sure you are no longer in edit mode Use the left right arrow buttons to select Yes and press the Enter button Press the right arrow button to move to the next option Console Settings Repeat steps 2 7 for each setting Oo MN Press the right arrow button to move to the next option Date Time Settings and click Enter to edit the time zone a Toenter a US time zone use the up down arrow buttons to scroll through the US time zones and then press Enter to select the correct one b To enter a time zone outside the US press the left arrow button to move up to the top level of time zones Press the up down arrow button to scroll through the top level A time zone with a trailing slash such as Africa has sub time zones Use the right arrow button to select the Africa time zones and then the up down arrows to scroll through them Press Enter to select the correct time zone To move back to the top level time zone at any time press the left arrow 10 To save your entries press the right arrow button The Save Settings Y
171. et lt IP Address or Name gt port lt TCP Port gt udp lt IP Address gt port lt UDP Port gt Description Connects to a device port to monitor and or interact with it or establishes an outbound network connection SLB Branch Office Manager User Guide 233 14 Command Reference connect global outgoingtimeout Syntax connect global outgoingtimeout lt disable 1 9999 seconds gt Description Sets the amount of time the SLB branch office manager will wait for a response sign of life from an SSH Telnet server that it is trying to connect to Note This is not a TCP timeout connect listen deviceport Syntax connect listen deviceport lt Device Port or Name gt Description Monitors a device port connect terminate Syntax connect terminate lt Connection ID gt Description Terminates a bidirectional or unidirectional connection connect unidirection Syntax connect unidirection lt Device Port or Name gt dataflow lt toendpoint fromendpoint gt lt endpoint gt Parameters Endpoint is one of charcount lt of Chars gt charseq lt Char Sequence gt datetime lt MMDDYYhhmm ss gt deviceport lt Port or Name gt exclusive lt enable disable gt ssh lt IP Address or Name gt port lt TCP Port lt SSH flags gt where lt SSH flags gt is one or more of user lt Login Name gt version lt 1 2 gt command lt Command to Execute gt tcp lt IP Address gt port lt TC
172. et sshkey all export lt ftp lscp copypaste gt pubfile lt Public Key File gt host lt IP Address or Name gt login lt User Login gt path lt Path to Copy Keys gt To delete a key set sshkey delete lt one or more parameters gt Parameters keyhost lt SSH Key Host gt keyname lt SSH Key Name gt keyuser lt SSH Key User gt Note Specify the key user and key host to delete an imported key specify the keyuser and keyname to delete an exported key To import an SLB host key or to reset a SLB host key to the default set sshkey server import type lt rsal rsa dsa gt via lt sftp scp gt pubfile lt Public Key File gt privfile lt Private Key File gt host lt IP Address or Name gt login lt User Login gt path lt Path to Key File gt To reset defaults for all or selected host keys set sshkey server reset type lt all rsal rsa dsa gt SLB Branch Office Manager User Guide 173 11 User Authentication To display SSH keys that have been imported show sshkey import lt one or more parameters gt Parameters keyhost lt SSH Key IP Address or Name gt keyuser lt SSH Key User gt viewkey lt enable disable gt To display SSH keys that have been exported show sshkey export lt one or more parameters gt Parameters keyhost lt SSH Key IP Address or Name gt keyuser lt SSH Key User gt viewkey lt enable disable gt To display host keys p
173. ethods A user can connect to a device port in one of the following ways 1 Telnet or SSH to the Eth1 or Eth2 IP address or connect to the console port and log in to the command line interface At the command line interface issue the connect direct Of connect listen commands 2 If Telnet is enabled for a device port Telnet to lt Eth1 IP address gt lt telnet port number gt or lt Eth2 IP address gt lt telnet port number gt where telnet port number is uniquely assigned for each device port 3 If SSH is enabled for a device port SSH to lt Eth1 IP address gt lt ssh port number gt or lt Eth2 IP address gt lt ssh port number gt where ssh port number is uniquely assigned for each device port 4 If TCP is enabled for a device port establish a raw TCP connection to lt Eth1 IP address gt lt tcp port number gt or lt Eth2 IP address gt lt tcp port number gt where tcp port number is uniquely assigned for each device port 5 lf adevice port has an IP address assigned to it you can Telnet SSH or establish a raw TCP connection to the IP address For Telnet and SSH use the default TCP port number 23 and 22 respectively to connect to the device port For raw TCP use the TCP port number defined for TCP In to the device port on the Device Ports Settings page 6 Connect a terminal or a terminal emulation program directly to the device port If logins are enabled the user is prompted for a username and password an
174. f the port number Select one of the following optional flags to use for the SSH connection User Login ID to use for authenticating on the remote host Version Version of SSH Select 1 or 2 Command Enter a specific command on the remote host for example reboot Trigger Select the condition that will trigger a connection Options include Connect now Connects immediately or if you reboot the SLB branch office manager immediately on reboot Connect at date time Connects at a specified date and time Use the drop down lists to complete the date and time Upon rebooting the SLB device reestablishes the connection if the date time has passed Auto connect on characters transferring Select the arrow indicating the direction of the data transfer and either the minimum number of characters or a specific character sequence that will trigger the connection You can select the direction of the data transfer only if Data Flow is bidirectional Upon rebooting the SLB branch office manager does not reestablish the connection until the specified data has passed through one of the endpoints of the connection 3 To save click the Apply button SLB Branch Office Manager User Guide 130 10 Connections To view update or disconnect a current connection The bottom of the Connections web page displays current connections To view details for a connection hold the mouse over the arrow icon in the Flow colum
175. f a passphrase is SLB Branch Office Manager User Guide 166 11 User Authentication not used a user can access multiple hosts without entering a password In either case the authentication is protected against security attacks because both the public key and the private key are required to authenticate For both imported and exported SSH keys the SLB device supports both RSA and DSA keys and can import and export keys in OpenSSH and SECSH formats Imported and exported keys are saved with the SLB branch office manager configuration and the administrator has the option of retaining the SSH keys during a reset to factory defaults The SLB device can also update the SSH RSA1 RSA and DSA host keys that the SSH server uses with site specific host keys or reset them to the default values Imported Keys Imported SSH keys must be associated with an SLB local user The key can be generated on host MyHost for user MyUser and when the key is imported into the SLB branch office manager it must be associated with either MyUser if MyUser is an existing SLB local user or an alternate SLB local user The public key file can be imported via SCP or FTP once imported you can view or delete the public key Any SSH connection into the SLB branch office manager from the designated host user combination uses the SSH key for authentication Exported Keys The SLB device can generate SSH keys for SSH connections out of the SLB for any SLB use
176. face A Bootloader Lists and describes the commands available for the bootloader command line interface B Security Considerations Provides tips for enhancing SLB security C Safety Precautions Lists safety precautions for using the SLB branch office manager D Adapters and Pinouts Includes adapter pinout diagrams E Protocol Glossary Lists the protocols supported by the SLB unit with brief descriptions F Compliance Information Provides information about the SLB device s compliance with industry standards Additional Documentation Visit the Lantronix Web site at www lantronix com support documentation for the latest documentation and the following additional documentation SLB Branch Office Manager Describes the steps for getting the SLB branch office Quick Start manager up and running SLB Online Help for the Provides online help for configuring the SLB device using Command Line Interface commands SLB Online Help for the Web Provides online help for configuring the SLB branch office Interface manager using the web page SLB Branch Office Manager User Guide 11 2 Overview The SLB branch office manager enables IT System Administrators to manage remote servers and IT infrastructure equipment securely over the Internet This innovative device combines the capabilities of the award winning Lantronix SLC console manager with remote power management and an Ethernet switch into a compact 1U
177. figuration Files Help 2 To delete files select one or more files and click the Delete button Firmware amp Configurations Web Sessions The Firmware amp Configurations Web Sessions page enables you to view and terminate current web sessions To view or terminate current web sessions 1 On the Firmware amp Configurations page click the Web Sessions link The following page displays Firmware amp Configurations SystemLogs AuditLog Diagnostics Status Reports Events Firmware amp Configurations Web Sessions lt Back to Firmware amp Configurations Current Web Sessions Id User Login Time Idle Time 1 sysadmin 04 29 08 09 38 0 00 00 00 Oo E Ss A LANTRONIX SLB884 113957 MD 2 bp ps ips 22468 Bane B User sysadmin Select port for contiguration or WebSSH Device Port only Help Firmware amp Configurations SSL Certificate The Firmware amp Configurations SSL Certificate page enables you to view and update SSL certificate information The SSL certificate consisting of a public private key pair used to encrypt HTTP data is associated with the web server You can import a site specific SSL certificate if desired To view reset import or change an SSL Certificate 1 On the Firmware amp Configurations page click the SSL Certificate link The following page displays the current SSL certificate 184 12 Maintenance and Operation M
178. firmware update Syntax admin firmware update lt ftp tftp sftp gt file lt Firmware File gt key lt Checksum Key gt Description Updates SLB firmware to a new revision You should be able to access the firmware file using the settings admin ftp show displays The SLB branch office manager automatically reboots after successful update SLB Branch Office Manager User Guide 216 14 Command Reference admin ftp password Syntax admin ftp password Description Sets the FTP server password and prevent it from being echoed admin ftp server Syntax admin ftp server lt IP Address or Hostname gt login lt User Login gt path lt Directory gt Description Sets the FTP TFTP SFTP server used for firmware updates and configuration save restore admin ftp show Syntax admin ftp show Description Displays FTP settings admin keypad Syntax admin keypad lt lock unlock gt Description Locks or unlocks the LCD keypad If the keypad is locked you can scroll through settings but not change them admin keypad password Syntax admin keypad password lt Password gt Must be 6 digits Description Changes the Restore Factory Defaults password used at the LCD to return the SLB device to the factory settings admin keypad show Syntax admin keypad show SLB Branch Office Manager User Guide 217 14 Command Reference Description Displays keypad settings admin lcd reset Syntax admin lcd reset
179. for dial in amp dial on demand PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the DOD CHAP Handshake fields authenticate the user DOD CHAP Handshake For DOD Authentication enter the host username for UNIX systems or secret user password for Windows systems used for CHAP authentication May have up to 128 characters Enable NAT Select to enable Network Address Translation NAT for dial in and dial out PPP connections on a per modem Device Port or PC Card basis Users dialing into the SLB branch office manager access the network connected to Eth1 and or Eth2 Note IP forwarding must be enabled on the Network Settings page for NAT to work To enable click the IP Forwarding link to display the Network Settings page See Dial out Number Phone number for dialing out to a remote system or serial device May have up to 20 characters Any format is acceptable Dial out Login Dial out Password and Retype User ID for dialing out to a remote system May have up to 32 characters Password for dialing out to a remote system May have up to 64 characters Restart Delay The number of seconds after the timeout and before the SLB branch office manager attempts another connection The default is 30 seconds IP Settings Service The available connection services for this modem po
180. form the diagnostic functions Hardware Features The SLB hardware includes the following 1U tall 1 75 inch rack mountable appliance 2 10Base T 100Base TX network ports 1 front panel serial console port for VT100 terminal or PC with emulation 2 PC Card slots Front panel LCD display and keypad 256 KB per port buffer memory for serial device ports 8 port unmanaged Ethernet switch with auto MDI MDIX function 8 RS 232 serial device ports connected via Category 5 RJ45 wiring o o o o AC Power Input SLB08841 1 01 model 1 IEC 60320 C20 inlet 100 120 VAC 50 60Hz 20A Branch Circuit 16A max input current 15A Branch Circuit 12A max input current SLB08841 2 01 model 1 IEC 60320 C20 inlet 100 240 VAC 50 60Hz 20A Branch Circuit 15A max input current Power Outlets Total Switched Power SLB088411 01 model 4 NEMA 5 15R outlets 100 120 VAC 50 60Hz 20A Branch Circuit 15A max per outlet 16A total 15A Branch Circuit 12A max per outlet 12A total SLB08841 2 01 model 4 IEC 60320 C13 outlets 208 240 VAC 50 60Hz 20A Branch Circuit 10A max per outlet 15A total Note The outlet voltage equals the input voltage Convection cooled silent operation low power consumption Note For more detailed information see Technical Specifications on page 23 The max input output current is de rated to 12A when using the supplied NEMA 5 15P 15A cable p n
181. g Reset to Default To reset to the default certificate select the checkbox to reset to Certificate the default certificate Unselected by default Import SSL To import your own SSL Certificate select the checkbox Certificate Unselected by default Import via From the drop down list select the method of importing the certificate SCP or SFTP The default is SCP Certificate Filename Filename of the certificate Key Filename Filename of the private key for the certificate Host Host name or IPaddress of the host from which to import the file Path Path of the directory where the certificate will be stored Login User ID to use to SCP or SFTP the file Password amp Retype Password to use to SCP or SFTP the file Password 3 Click the Apply button Note You must reboot the SLB device for the update to take effect 4 To return to the Back to Firmware amp Configurations page click the link at the bottom of the page SLB Branch Office Manager User Guide 185 12 Maintenance and Operation iGoogle Gadgets You can create an iGoogle gadgets that enables you to view the status of the ports of many SLB branch office managers on one web page Anyone with a Google email account gmail com can create an iGoogle gadget for viewing web pages There are two types of iGoogle gadgets public gadgets and private gadgets The public gadgets are listed for import on iGoogle web pages The SLB gadget
182. g show datetime Date Time Tue Sep 7 19 13 35 2004 Timezone UTC Enter 1 5 gt 4 Executing returnmenu Enter 1 4 gt help SLB Branch Office Manager User Guide 177 11 User Authentication Menul Title 1 connect Port 1l 3 menu2 2 connect Port 2 4 log off Enter 1 4 gt 4 Executing logout Logging out SLB Branch Office Manager User Guide 178 12 Maintenance and Operation The system administrator performs maintenance activities and operates the SLB branch office manager using the options for the Maintenance tab and additional commands on the command line interface SLB Maintenance The Firmware amp Configurations page allows the system administrator to Configure the FTP SFTP or TFTP server that will be used to provide firmware updates and save restore configurations TFTP is only used for firmware updates Set up the location or method that will be used to save or restore configurations default FTP SFTP NFS CIFS or PCCARD Update the version of the firmware running on the SLB branch office manager Save a snapshot of all settings on the SLB device save a configuration Restore the configuration either to a previously saved configuration or to the factory defaults View and terminate current web sessions Import a site specific SSL certificate For dual boot SLB devices view the firmware version on each boot bank select the bank to boot fr
183. gUnUSH4Ksm8GRT7 8 Sn9jCVf GPh UO asallaway winserver Host User Host amp Login for Import Host name or IP address from which the SSH connections to the SLB branch office manager will be made The User ID of the user being given secure access to the SLB device Import via Select SCP or FTP as the method for importing the SSH keys SCP is the default Filename Name of the public key file for example mykey pub May contain multiple keys Host IP address of the remote server from which to SCP or FTP the public key file Path Login Optional pathname to the public key file User ID to use to SCP or FTP the file Password Retype Password Password to use to SCP or FTP the file Exported Keys SSH Out Export Enables you to export created public keys Select one of the following New Key for User Enables you to create a new key for a user and export the public key in a file All Previously Created Keys Does not create any keys but exports all previously created public keys in one file User User ID of the person given secure access to the remote server Key Name Name of the key This will generate the public key filename e g lt keyname gt pub Key Type Select either the RSA or the DSA encryption standard RSA is the default Number of Bits Passphrase Retype Passphrase Select the number of bits in the key 512
184. ge 3 If you entered an IP address click the Add IP Address button The IP address displays in the IP Address List 4 Repeat steps 2 and 3 for each IP address you want to add 5 To delete an IP address from the IP Address List select the address and click the Delete IP Address button 6 Click the Apply button When the confirmation message displays click Secure Lantronix Network on the main menu The Secure Lantronix Network page displays the secure IT management devices resulting from the search You can now manage these devices SLB Branch Office Manager User Guide 75 7 Services Secure Lantronix Network Commands The following commands for the command line interface correspond to the web page entries described above To detect and view all SLB branch office manager or user defined IP addresses on the local network set slcnetwork lt one or more parameters gt Parameters add lt IP Address gt delete lt IP Address gt search lt localsubnet ipaddrlist both gt To detect and display all secure IT managers and Spiders on the local network show slcnetwork ipaddrlist lt all Address Mask gt Note Without the ipaddrilist parameter the command searches the network according to the search setting With the ipaddrlist parameter the command displays a sorted list of all IP addresses or displays the IP addresses that match the mask for example 172 19 255 255 would display all IP addresses that s
185. ger User Guide 114 9 PC Cards LANTRON IX SLB884 H P1 P2 P3 PA User sysadmin Select port for configuration or O webSSH Device Port only Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists PC Card Storage Help Slot Lower Mount 7 Device Storage Unmount C Type SanDisk SDP 5 3 0 6 Format Q State ext2 mounted Filesystem Ext2 FAT Apply E1135 79 111315 amp LANTRONIX sLc16 Ez 2 4 6 8 10121416 E User sysadmin Select port for configuration or WebSSH Device Port only Device Status Device Ports Console Port PC Card Connections Host Lists PC Card Storage Heip Slot Lower Mount C Device Storage Unmount 7 Type SanDisk SDP 5 3 0 6 Format State ext2 mounted Filesystem Ext2 FAT Apply 4 Enter the following settings for the selected PC Card Storage Settings Mount Select the checkbox to mount the first partition of the Compact Flash on the SLB device if not currently mounted Once mounted a Compact Flash is used for device port logging and saving restoring configurations Unmount To eject the Compact Flash from the SLB branch office manager first unmount the Compact Flash Select the checkbox to unmount it Warning If you eject a Compact Flash from the SLB device without unmounting it subsequent mounts of a PC Card Compact Flash in either slot may fail and you will need
186. ghts slavel lt IP Address or Hostname gt slave2 lt IP Address or Hostname gt slave3 lt IP Address or Hostname gt slave4 lt IP Address or Hostname gt slave5 lt IP Address or Hostname gt state lt enable disable gt Description 14 Command Reference Configures the SLB device to use NIS to authenticate users who log in via the Web SSH Telnet or the console port show nis Syntax show nis Description Displays NIS settings SLB Branch Office Manager User Guide 226 14 Command Reference RADIUS Commands set radius Syntax set radius lt one or more parameters gt Parameters accessoutlets lt Outlet List gt state lt enable disable gt clearports lt Port List gt custommenu lt Menu Name gt dataports lt Port List gt breakseq lt 1 10 Chars gt scapeseq lt 1 10 Chars gt group lt default power admin gt listenports lt Port List gt permissions lt Permission List gt Note See User Permissions Commands on page 228 for information on groups and user rights timeout lt enable 1 30 gt Sets the number of seconds after which the connection attempt times out It may be 1 30 seconds Description Configures the SLB branch office manager to use RADIUS to authenticate users who log in via the Web SSH Telnet or the console port set radius server Syntax set radius server lt 1 2 gt host lt IP Address or Hostname gt secret lt Secret gt port lt
187. gs for one or more device ports Example set deviceport port 2 5 6 12 15 16 baud 2400 locallogging enable Note Local logging must be enabled for a device port for the 1ocallog commands to be executed To use the set locallog clear command the user must have permission to clear port buffers see 11 User Authentication set deviceport port lt Device Port List or Name gt lt one or more deviceport parameters gt Parameters emaildelay lt Email Delay gt emaillogging lt disable bytecnt charstr gt SLB Branch Office Manager User Guide 103 8 Device Ports em em em em em em fil ailrestart lt Restart Delay gt ailsend lt email trap both gt ailstring lt Regex String gt ailsubj lt Email Subject gt ailthreshold lt Byte Threshold gt ailto lt l Email Address gt edir lt iogging Directory gt fil fi fi elogging lt enable disable gt lemaxfiles lt Max of Files gt lemaxsize lt Max Size of Files gt locallogging lt enable disable gt name lt Device Port Name gt nfsdir lt Logging Directory gt nfslogging lt enable disable gt nfsmaxfiles lt Max of Files gt nfsmaxsize lt Size in Bytes gt pccardlogging lt enable disable gt pccardmaxfiles lt Max of Files gt pccardmaxsize lt Size in Bytes gt pccardslot lt upper lower gt sysloglogging lt enable disable gt To view a
188. gt parity lt none odd even gt flowcontrol lt none xon xoff rts cts gt showlines lt enable disable gt timeout lt disable 1 30 gt To view console port settings show consoleport Power Outlets The SLB branch office manager has four outlets that can provide power to other units in an IT environment Each outlet can be configured and controlled through the SLB device The SLB can issue an SNMP trap if the total current for all four outlets exceeds a specified threshold To configure a power outlet 1 Click the Devices tab and select the Power Outlets option The following page displays Note The four red buttons P1 P4 at the top of any page display the Device Ports Power Outlets page SLB Branch Office Manager User Guide 106 LANTRONIX SLB884 User sysadmin 8 Device Ports 1357 p p ps p 22468 BESS Select port for configuration or O webssH Device Port only 2 a a7e Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists Power Outlets Help Switching Delay P000 msec Over Current Alarm Off On Threshold 1 180 10 Tenths of Amps Current Level for all Outlets 2 8 Amps Outlet P1 Status On Power State on Ooff Name PowerOutlet1 Wakeup Mode Oon off OLast State Description Power Outlet 1 Reboot C Outlet P2 Status On Power State on Ooff Name PowerOutlet 2 Wakeup Mode Oon off OLast State Description
189. have to be an SNMP NMS it just has to be capable of receiving SNMP traps SNMP Community Forwarded traps are sent with this SNMP community value There is no default SLB Branch Office Manager User Guide 203 12 Maintenance and Operation SNMP Trap OID Enter a unique identifier for an SNMP object An SNMP object is anything that can hold a value and can be read using an SNMP get action The OID consists of a string of numbers separated by periods for example 1 1 3 2 1 Each number is part of a group represented by the number on its left 3 You have the following options To add the defined event click the Add Event button The event displays in the Events table at the bottom of the page To edit an event select the event from the Events table and click the Edit Event button The Events page displays the event To delete an event select the event from the Events table and click the Delete Event button A message asks for confirmation Click OK 4 Tosave click Apply Events Commands To manage the response to events that occur in the SLB branch office manager admin events add lt trigger gt lt response gt lt trigger gt is one of receivetrap templimit humidlimit overcurrent lt response gt is one of action lt syslog gt action lt fwdalltrapseth fwdseltrapeth gt ethport lt 1 2 gt nms lt SNMP NMS gt community lt SNMP Community gt oid lt SNMP OI
190. he quick setup script admin quicksetup To import an SSL certificate or reset the web server certificate to the default admin web certificate import via lt sftp scp gt certfile lt Certificate File gt privfile lt Private Key File gt host lt IP Address or Name gt login lt User Login gt path lt Path to Files gt To reset a web certificate admin web certificate reset To show a web certificate admin web certificate show To restart the program that controls the LCD admin lcd reset System Logs The System Logs page allows you to view various system logs See 7 Services for more information about system logs You can also clear logs on this page To view system logs 1 Click the Maintenance tab and select the System Logs option The following page displays SLB Branch Office Manager User Guide 190 12 Maintenance and Operation 1357 BEES LANTRONIX SLB884 22463 BESS User sysadmin Select port for configuration or O wWebSSH Device Port only Fratworc Sewces Usermunenicaon ae ack Seu a7 Firmware amp Configurations SystemLogs AuditLog Diagnostics Status Reports Events System Logs Help Log All Starting at Beginning of Log O Network Date Semices April 29 2008 v Authentication 10 JF 35 mM 47 am v Device Ports Diagnostics Ending at End of Log General O pale E Sonar April vy 29 2008
191. i eseeee laasaue a Oo Default Users Power Users O Administrators 2 Enter the following LDAP RADIUS Kerberos TACACS LDAP Custom Menu lt none gt Escape Sequence xIbA Break Sequence x1bB User Rights F Local Users Fi Remote Authentication o SSH Keys F User Menus o Web Access Aey ee Select port for configuration or O webssH Device Port only Authentication Methods Local Remote Users NIS SSH Keys The SLB can be configured ta use LDAP to authenticate users who login to the SLB via SSH Telnet the Web or the Console Port LDAP users are granted Device Port access through the port permissions below Data Ports Listen Parts Access Outlets All LDAP users are members of a group which has predefined user rights associated with it Additional rights which are not defined by the group can be added Reboot amp Shutdown Firmware amp Configuration Diagnostics amp Reports Device Ports PC Card Power Outlets 1 8 U L 1 8 U L Clear Port Buffers 1 8 U L P1 P2 P3 P4 a pE Help Enable LDAP Displays selected if you enabled this method on the first User Authentication page If you want to set up this authentication method but not enable it immediately clear the checkbox Server The IP address or host name of the LDAP server Port Number of the TCP port on the LDAP
192. ible rights 4 Select or clear the checkboxes for the following rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Date Time Right to set the date and time SLB Branch Office Manager User Guide 147 11 User Authentication Secure Lantronix Network Right to view and manage secure IT management units e g SLP power managers Spiders SLC console managers SLB branch office managers on the local subnet Local Users Remote Authentication Right to add or delete local users on the system Right to assign a remote user to a user group and assign a set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for NIS users Reboot amp Right to use the CLI or shut down the SLB branch office Shutdown manager and then reboot it Firmware amp Right to upgrade the firmware on the unit and save or restore Configuration a configuration all settings Selecting this option automatically selects Reboot amp Shutdown Diagnostics amp Reports Right to obtain diagnostic information and reports about the unit Web Access Right to access Web Manager Device Ports Right to enter device port settings
193. individual ports and if the port connects to an external modem modem settings as well To open the Device Ports Settings page 1 You have two options Inthe Device Ports page described in the previous section select the port from the ports list and click the Configure button SLB Branch Office Manager User Guide 84 8 Device Ports Click the desired port number in the green bar shown below at the top of any page El E2 The following page displays 5 7 9 111315 2 4 6 8 10121416 User sysadmin Device Status Device Ports Port 3 Mode Idle Port 3 Name Banner x1 bB Note remove Break Sequence for Device Ports connected to raw binary connections Logging Settings gt Zero Port Counters Oo Break Sequence Data Settings Data Bits Baud 9600 BY Stop Bits 1 Parity Flow Control Enable Logins Show Lines On o Connecting Hardware Signal Triggers Check DSR on Connect Disconnect on DSR o Port Status and Counters DSRICD No DTR Yes cTs No RTS Bytes input Bytes output Framing errors Parity errors Overrun errors Flow Control errors Seconds since zeroed 524955 Back to Device Ports LANTRONIX SLB884 Console Port PC Card E1 1 57 BESS p1 P2 P3 p4 22468 SERS B Select port for configuration or O webssH Device Port only a E Power Outlets Connections Host Lists
194. interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B The ports users are able to monitor and interact with using the connect direct command U and L denote the upper and lower slots of the PC Card Listen Port The ports users are able to monitor using the connect listen command Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Access Outlets The power outlets users may monitor and configure 3 Inthe User Rights section select the user group to which TACACS users will belong SLB Branch Office Manager User Guide 164 11 User Authentication Group Select the group to which the TACACS users will belong Default Users This group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Networking Date Time Reboot amp Shutdown and Diagnostics amp Reports Administrators This group has all possible rights 4 Select or clear the checkboxes for the following rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable a
195. ion authorization and IP filters to ensure that your IT infrastructure and data assets are protected SLB Branch Office Manager User Guide 14 2 Overview The SLB device also provides features such as convenient text menu systems break safe operation port buffering logging remote authentication and Secure Shell SSH access Dial up modem support ensures access when the network is not available Models Two SLB models have the following hardware components Two Models The SLB branch office manager is available in a 100 120 VAC output model SLB08841 1 01 with NEMA 5 15R type outlets and a 208 240 VAC output model SLB08841 2 01 with IEC60320 C13 type outlets Power Outlets Each model has four outlets that allow power management and control on off reboot of the attached equipment using a simple web or command line interface Serial Device Ports Eight serial RS 232C EIA 232 device ports are for remote console management of the attached equipment These match the RJ45 pin outs of the console ports of many popular devices found in a network environment and where different can be converted using Lantronix adapters See D Adapters and Pinouts for more information on serial adapters and pin outs Unmanaged Ethernet Switch A built in 8 port unmanaged Ethernet switch provides convenience and helps further reduce required rack space Ports and Modem Slots The SLB branch office manager has two 10 100 Eth
196. ion page If you want to set up this authentication method but not enable it immediately clear the checkbox You can enable TACACS here or on the first User Authentication page If you enable TACACS here it automatically displays at the end of the order of precedence on the User Authentication page TACACS Servers 1 3 IP address or host name of up to three TACACS servers Secret Shared secret for message encryption between the SLB branch office manager and the TACACS server Enter an alphanumeric secret of up to 127 characters Encrypt Messages Custom Menu Select the checkbox to encrypt messages between the SLB device and the TACACS server Selected by default If custom menus have been created see the User Guide you can assign a default custom menu to TACACS users Escape Sequence Break Sequence Data Ports A single character or a two character sequence that causes the SLB branch office manager to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp Or udp A series of 1 10 characters users can enter on the command line
197. irectory containing the system logs to a Microsoft Windows network This directory can also be used for saving SLB configurations via Firmware amp Configurations gt The SMBICIFS share can be accessed by the cifsuser login 2 Enter the following for up to three directories NFS Mounts Remote Directory The remote NFS share directory in the format nfs_server_hostname or ipaddr exported path Local Directory The local directory on the SLB branch office automatically manager on which to mount the remote directory The SLB device creates the local directory Read Write If enabled indicates that the SLB branch office manager can write files to the remote directory If you plan to log port data or save configurations to this directory you must enable this option Mount Select the checkbox to enable the SLB device to default mount the file to the NFS server Disabled by 3 Enter the following SMB CIFS Share Share SMB CIFS Select the checkbox to enable the SLB branch directory office manager to export an SMB CIFS share called public Disabled by default SLB Branch Office Manager User Guide 70 7 Services Network Interfaces Select the network ports from which the share can be seen The default is for the share to be visible on both network ports CIFS User Password Retype Password Only one user special username cifsuser can access the CIFS
198. is a private gadget whose location is not publicly advertised To set up an SLB iGoogle gadget 1 Load the following XML code on a web server that is accessible over the Internet This code describes how to retrieve information and how to format the data for display lt xml version 1 0 encoding UTF 8 gt lt Module gt lt ModulePrefs title __UP_model Devport Status title_url http www lantronix com directory_title SLC SLB Status description Devport status and counters scrolling true width 400 height 360 gt lt UserPref name model display_name Model datatype enum default_value sle gt EnumValue value SLC display_value SLC gt A lt EnumValue value SLB display_value SLB gt lt UserPref gt lt UserPref name ip display_name IP Address required true gt lt UserPref name rate display_name Refresh Rate datatype enum default_value 10 gt EnumValue value 1 display_value 1 second gt EnumValue value 5 display_value 5 seconds gt EnumValue value 10 display_value 10 seconds gt EnumValue value 30 display_value 30 seconds gt EnumValue value 60 display_value 1 minute gt EnumValue value 300 display_value 5 minutes gt EnumValue value 600 display_value 10 minutes gt lt UserPref gt lt Content type url href http __UP_ip__ devstatus htm gt lt Module gt
199. k Firewall and routing Date and time Note If you entered some of these settings using a Quick Setup procedure you may update them here Requirements If you assign a different IP address from the current one it must be within a valid range unique to your network and with the same subnet mask as your workstation To configure the unit you need the following information Eth1 IP address Subnet mask IP address optional Eth2 Subnet mask optional Gateway DNS SLB Branch Office Manager User Guide 47 6 Basic Parameters To enter settings for one or both network ports 1 Click the Network tab and select the Network Settings option The following page displays E A LANTRONIX SLB884 oe ee 22468 SSS B User sysadmin Select port for configuration or O wWebSSH Device Port only Network Settings IP Filter Routing Network Settings Help Ethernet Interfaces Hostname amp Name Servers O Disabled O Disabled Hostname tssib8 Eth Settings opan COO Eth Settings Obtain trom DHCP Note The hostname will be used as the O Obtain from BOOTP Obtain from BOOTP prompt in the Command Line Interface Specify O Specify Domain supportintlantroni gt IP Address 172 18 21 64 IP Address DNS Servers Subnet Mask 255 255 0 0 Subnet Mask 1 172180 11 IP v6 Address fe80 280
200. k to be used at the next SLB reboot admin firmware bootbank lt 1 2 gt Applies to dual boot SLB devices only To list the current firmware revision admin firmware show viewlog lt enable disable gt Lists the current firmware revision the boot bank status for dual boot SLB branch office managers and optionally displays the log containing details about firmware updates To lock or unlock the LCD keypad Note If the keypad is locked users can scroll through settings but not change them admin keypad lt lock unlock gt To change the Restore Factory Defaults password used at the LCD to return the SLB branch office manager to the factory settings admin keypad password lt Password gt Must be 6 digits SLB Branch Office Manager User Guide 188 12 Maintenance and Operation To view keypad settings admin keypad show To set the FTP TFTP SFTP server used for firmware updates and configuration save restore admin ftp server lt IP Address or Hostname gt login lt User Login gt path lt Directory gt To view FTP settings admin ftp show To set the FTP server password and prevent it from being echoed admin ftp password To restore the SLB device to factory default settings admin config factorydefaults savesshkeys lt enable disable gt savesSLBert lt enable disable gt preserveconfig lt Config Params to Preserve gt lt Config Params to Preserve gt is acomma se
201. keyhost slm01_glennl9 Feb 12 18 45 18 2008 sysadmin set sshkey import import copypaste Feb 12 18 45 19 2008 User sysadmin logged off of 55H session Feb 12 18 47 45 2008 SSH Authentication Success for user sysadmin Feb 12 16 47 45 2008 sysadmin set sshkey delete keyuser sysadmin keyhost slm02_tphaml9 Feb 12 18 47 45 2008 sysadmin set sshkey import import copypaste Feb 12 18 47 46 2008 User sysadmin logged off of SSH session Feb 27 12 08 36 2008 35H Authentication Success for user sysadmin Feb 27 12 08 37 2008 User sysadmin logged off of 55H session Feb 27 12 08 37 2008 sysadmin set sshkey delete keyuser sysadmin keyhost slm02 tphaml 7 Feb 27 12 08 37 2008 sysadmin set sshkey import import copypaste s5 2 To select a sort option by Date Time User Command Action click the appropriate button To sort by date and time click the Sort by Date Time button This is the default To sort by user click the Sort by User button To sort by command action click the Command button 3 To clear the log click the Clear Log button Diagnostics The Diagnostics web page provides methods for diagnosing problems such as network connectivity and device port input output problems You can use equivalent commands on the command line interface An additional diagnostic loopback is only available as a command 1 Click the Maintenance tab and select the Diagnostics option The following page displays SLB Branch Office Manager U
202. l 275 ID 702911 mail info starting daemon 8 12 2 Sun SMTP queueing 00 15 00 Mar 15 14 44 40 tssf280r sendmail 276 ID 702911 mail info starting daemon 8 12 2 Sun queueing 00 15 00 5 Reboot the SUN server reboot lt shutdown messages from SUN gt 6 Use the escape sequence to escape from direct mode back to the command line interface Dial in Text Mode to a Remote Device Sun UNIX Server i AR AR AR A Remote User Modem Serial Cable to Port 2 l 3555 BE S j Serial Cable SLB Branch Office Manager to Port 1 Phone Line This example shows a modem connected to an SLB device port and a Sun server connected to another SLB device port You can configure the modem for text mode dial in so a remote user can dial into the modem using a terminal emulation program and access the Sun server HyperTerminal which comes with the Microsoft Windows operating system is an example of a terminal emulation program In this example the sysadmin would 1 Configure the device port that the modem is connected to for dial in SLB gt set deviceport port 1 modemmode text Device Port settings successfully updated SLB gt set deviceport port 1 initscript AT amp F amp K3 amp C1 amp D2SC0A Device Port settings successfully updated SLB gt set deviceport port 1 auth pap Device Port settings successfully updated SLB gt set deviceport port 1 localsecret password
203. lay The number of seconds after the timeout and before the SLB branch office manager attempts another connection The default is 30 seconds 2 To save settings for just this port click the Apply button 3 To save selected settings to ports other than the one you are configuring a From the Apply Settings drop down box select none a group of settings or ll b Into Device Ports type the device port numbers separated by commas indicate a range of port numbers with a hyphen e g 2 5 7 10 Note It may take a few minutes for the system to apply the settings to multiple ports Port Status and Counters Port Counters describe the status of signals and interfaces SLB branch office manager updates and increments the port counters as signals change and data flows in and out of the system These counters help troubleshoot connections or diagnose problems because they give the user an overview of the state of various parameters By setting them to zero and then re checking them later the user can view changes in status The chart in the middle of the page displays the flow control lines and port statistics for the device port The system automatically updates these values To reset them to zeros select the Zero port counters checkbox in the IP Settings section of the page Note Status and statistics shown on the web interface represent a snapshot in time To see the most recent data you must reload the web page Port
204. le the audit log and to configure its maximum size Each entry in the log file contains a date time stamp user login and the action performed by the user The user may clear the log file and sort the log by date time user and command The audit log is saved through SLB reboots 1 Click the Maintenance tab and select the Audit Log option The following page displays SLB Branch Office Manager User Guide 193 12 Maintenance and Operation LANTRONIX SLB8 amp 84 1357 BEEM p ps ps 22468 SESS User sysadmin Select port for configuration or webSSH Device Port only Cs Sd ee TT a Firmware amp Configurations System Logs Audit Log Diagnostics Status Reports Events Audit Log Sorted by Date Time Sort by User Sort by Command Clear Log Feb 12 18 42 50 2008 SSH Authentication Success for user sysadmin A Feb 12 18 42 51 2008 User sysadmin logged off of 55H session 3 Feb 12 18 42 51 2008 sysadmin set sshkey delete keyuser sysadmin keyhost slm01_glennl Feb 12 18 42 51 2008 sysadmin set sshkey import import copypaste Feb 12 18 44 17 2008 SSH Authentication Success for user sysadmin Feb 12 18 44 17 2008 sysadmin set sshkey delete keyuser sysadmin keyhost slm02_tphaml Feb 12 18 44 16 2008 User sysadmin logged off of SSH session Feb 12 18 44 18 2008 sysadmin set sshkey import import copypaste Feb 12 18 45 17 2008 SSH Authentication Success for user sysadmin Feb 12 18 45 18 2008 sysadmin set sshkey delete keyuser sysadmin
205. lected user Authentication Select the type of authenticated user Local User listed in the SLB database Remote User not listed in the SLB database UID A unique numeric identifier the system administrator assigns to each user Valid UIDs are 101 4294967295 Note The UID must be unique If it is not SLB branch office manager automatically increments it Starting at 101 the SLB finds the next unused UID Listen Ports The device ports that the user may access to view data using the connect listen command Enter the port numbers or the range of port numbers for example 1 5 8 10 15 U and L denote the PC Card upper and lower slots Data Ports The device ports with which the user may interact using the connect direct command Enter the port numbers or the range of port numbers Clear Port The device port buffers the users may clear using the set Buffers locallog clear command Enter the port numbers or the range of port numbers SLB Branch Office Manager User Guide 139 11 User Authentication Access The outlets the user may monitor and configure Outlets Enable for Select to grant a local user dial back access see page 84 Users Dial back with dial back access can dial into the SLB branch office manager and enter their login and password Once the SLB device authenticates them the modem hangs up and dials them back Disabled by default Dial back The phone number the modem dials
206. les or disables the redisplay of the menu before each prompt Enables or disables the display of command nicknames instead of commands Sets the optional title for a menu set menu delete Syntax set menu delete lt Menu Name gt command lt Command Number gt Description Deletes a custom user menu or one command within a custom user menu set lt nis ldap radius kerberos tacacs gt custommenu Syntax set lt nis ldap radius kerberos tacacs gt custommenu lt Menu Name gt Description Sets a default custom menu for remotely authorized users show menu Syntax show menu lt all Menu Name gt Description Displays a list of all menu names or all commands for a specific menu Date and Time Commands set datetime Syntax set datetime lt one date time parameter gt Parameters date lt MMDDYYhhmm ss gt timezone lt Time Zone gt Note If you type an invalid time zone the system guides you through the process of selecting a time zone Description Sets the local date time and local time zone one parameter at a time SLB Branch Office Manager User Guide 237 14 Command Reference show datetime Syntax show datetime Description Displays the local date time and time zone set ntp Syntax set ntp lt one or more ntp parameters gt Parameters localserverl lt IP Address or Hostname gt localserver2 lt IP Address or Hostname gt localserver3 lt IP Address or H
207. line Help for the specific web page Logging in Only the system administrator or users with web access rights can log into the web page More than one user at a time can log in but the same user cannot login more than once To log in to the SLB web interface 1 Open a web browser Netscape Navigator 6 x and later or Internet Explorer 5 5 and later 2 Inthe URL field type https followed by the IP address of your SLB branch office manager 3 To configure the SLB device use sysadmin as the user name and PASS as the password These are the default values Note The system administrator may have changed the password using one of the Quick Setup methods in the previous chapter The Lantronix SLB Quick Setup page displays automatically the first time you log in Subsequently the Lantronix SLB Home page displays If you want to display the Quick Setup page again click Quick Setup on the main menu Logging off To log off the SLB web interface From the main menu select Logoff The SLB logoff complete message displays Web Page Help To view detailed information about an SLB web page Click the Help button to the right of the web page title SLB Branch Office Manager User Guide 42 5 Web and Command Line Interfaces Command Line Interface A command line interface CLI is available for entering all the commands you can use with the SLB branch office manager In this user guide after each section of instr
208. listen command as follows To connect to a device port to monitor it connect listen deviceport lt Port or Name gt In addition you can send data out the device port for example commands issued to an external server with the connect direct command as follows SLB Branch Office Manager User Guide 97 8 Device Ports To connect to a device port to monitor and or interact with it or to establish an outbound network connection connect direct lt endpoint gt endpoint is one of deviceport lt Port or Name gt ssh lt IP Address gt port lt TCP Port gt lt SSH flags gt where lt SSH flags gt is one or more of user lt Login Name gt version lt 1 2 gt command lt Command to Execute gt tcp lt IP Address gt port lt TCP Port gt telnet lt IP Address gt port lt TCP Port gt udp lt IP Address gt port lt UDP Port gt hostlist lt Host List gt Notes Toescape from the connect direct command when the endpoint of the command is deviceport tcp Or udp and return to the command line interface type the escape sequence assigned to the currently logged in user If the endpoint is telnet or SSH logging out returns the user to the command line prompt To escape from the connect listen command press any key Setting up a user with an escape sequence is optional For any NIS LDAP RADIUS Kerberos or TACACS user or any local user who does not have an escape sequence defined th
209. lly complete action category or parameter names Type a partial name and press Tab either to complete the name if only one is possible or to display the possible names if more than one is possible Following a space after the preceding name Tab displays all possible names Should you make a mistake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port Use the left and right arrow keys to move within a command Use the up and down arrows to scroll through previously entered commands If desired select one and edit it You can scroll through up to 100 previous commands entered in the session To clear an IP address type 0 0 0 0 orto clear a non IP address value type CLEAR When the number of lines displayed by a command exceeds the size of the window the default is 25 the command output is halted until the user is ready to continue To display the next line press Enter and to display the page press the space bar You can override the number of lines or disable the feature altogether with the set cli command SLB Branch Office Manager User Guide 45 5 Web and Command Line Interfaces General CLI Commands The following commands relate to the CLI itself To configure the current command line session set cli scscommands lt enable disa
210. local date time and local time zone one parameter at a time set datetime lt one date time parameter gt Parameters date lt MMDDYYhhmm ss gt timezone lt Time Zone gt Note If you type an invalid time zone the system guides you through the process of selecting a time zone To view the local date time and time zone show datetime SLB Branch Office Manager User Guide 78 7 Services To synchronize the SLB branch office manager with a remote time server using NTP set ntp lt one or more ntp parameters gt Parameters localserverl lt IP Address localserver2 lt IP Address localserver3 lt IP Address poll lt local public gt publicserver lt IP Address state lt enable disabl Le gt sync lt broadcast pol OE or Or Or HOS HOS OSs OS na na na na me gt me gt me gt me gt To view NTP settings show ntp SLB Branch Office Manager User Guide 79 8 Device Ports This chapter describes how to configure and use an SLB branch office manager device port connected to an external device such as a server or a modem The next chapter 10 Connections describes how to use the Connections web page to connect external devices and outbound network connections such as Telnet or SSH in various configurations The Console Port page allows you to configure the console port if desired Connection M
211. local user to a user group or changes the group the user belongs to set localusers lock Syntax set local users unlock lt User Login gt Description Blocks locks a user s ability to login set localusers unlock Syntax set local users unlock lt User Login gt Description Allows unlocks a user s ability to login set localusers permissions Syntax set localusers add edit lt user gt permissions lt Permission List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad po To remove a permission type a minus sign before the two letter abbreviation for a user permission Description Sets a local user s permissions not defined by the user group set remoteusers add edit Syntax set remoteusers add edit lt User Login gt lt parameters gt Parameters accessoutlets lt Outlet List gt dataports lt Port List gt breakseq lt 1 10 Chars gt scapeseq lt 1 10 Chars gt listenports lt Port List gt clearports lt Port List gt group lt default power admin gt permissions lt Permissions List gt SLB Branch Office Manager User Guide 229 14 Command Reference where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad po To remove a permission type a minus sign before the two letter abbreviation for a user right Description Sets attributes for users who log in by a remote authenticati
212. login lt User Login gt Description Imports an SSH key set sshkey server import Syntax set sshkey server import type lt rsal rsa dsa gt via lt sftp scp gt pubfile lt Public Key File gt privfile lt Private Key File gt host lt IP Address or Name gt login lt User Login gt path lt Path to Key File gt Description Imports an SLB host key set sshkey server reset Syntax set sshkey server reset type lt all rsal rsa dsa gt Description Resets defaults for all or selected host keys show sshkey export Syntax show sshkey export lt one or more parameters gt SLB Branch Office Manager User Guide 260 14 Command Reference Parameters keyhost lt SSH Key IP Address or Name gt keyuser lt SSH Key User gt viewkey lt enable disable gt Description Displays all exported keys or keys for a specific user IP address or name show sshkey import Syntax show sshkey import lt one or more parameters gt Parameters keyhost lt SSH Key IP Address or Name gt keyuser lt SSH Key User gt viewkey lt enable disable gt Description Displays all keys that have been imported or keys for a specific user IP address or name show sshkey server Syntax show sshkey server type lt all rsal rsa dsa gt Description Displays host keys public key only Status Commands show connections Syntax show connections email lt Email Address gt De
213. lowing options To enable the SLB device to use all methods in order of precedence until it obtains a successful authentication select the check box This is the default To enable the SLB branch office manager to use only the first authentication method that responds in case a server is down or unavailable clear the check box 6 Click Apply Now that you have enabled one or more authentication methods you must configure them Authentication Commands The following command for the command line interface corresponds to the web page entries described above To set ordering of authentication methods Note Local Users authentication is always the first method used Any methods omitted from the command will be disabled set auth lt one or more parameters gt Parameters authusenextmethod lt enable disable gt kerberos lt 1 6 gt ldap lt 1 6 gt localusers lt 1 6 gt nis lt 1 6 gt radius lt 1 6 gt tacacs lt 1 6 gt To view authentication methods and their order of precedence show auth SLB Branch Office Manager User Guide 136 11 User Authentication Local and Remote Users The system administrator can configure the SLB device to use local accounts and remote accounts to authenticate users 1 Click the User Authentication tab and select the Local Remote Users option The following page displays LANTRONIX SLB884 H P1 P2 P3 P4 User sysadmin Sele
214. ly accessible through the default gateway fails to return one or more pings IP Address to Ping IP address to ping to determine whether to use the alternate gateway Ethernet Port to Ping Ethernet port to use for the ping Delay between Pings Number of seconds between pings Number of Failed Pings Enable IP Forwarding Number of pings that fail before the SLB device uses the alternate gateway IP forwarding enables network traffic received on one interface Eth1 Eth2 or an external PC Card modem attached to the SLB branch office manager with an active PPP connection to be transferred out another interface any of the above The default behavior if IP forwarding is disabled is for network traffic to be received but not routed to another destination Enabling IP forwarding is required if you enable Network Address Translation NAT for any device port modem or PC Card ISDN modem IP forwarding allows a user accessing the SLB branch office manager over a modem to access the network connected to Eth1 or Eth2 SLB Branch Office Manager User Guide 50 6 Basic Parameters Hostname amp Name Servers Hostname The default host name is slbXXXX where XXXxX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit contiguous characters no spaces The host name becomes the prompt in the command line interface Domain If desired specif
215. managers the non active boot bank is updated during the firmware update without requiring a reboot The configuration on the current boot bank may optionally be copied to the non active boot bank during the firmware update Load Firmware via From the drop down list select the method of loading the firmware Options are FTP TFTP HTTPS and SFTP Secure FTP FTP is the default If you select HTTPS the Upload File link becomes active Select the link to open a popup window that allows you to browse to a firmware update file to upload Firmware Filename The name of the firmware update file downloaded from the Lantronix web site Key SLB Branch Office Manager User Guide A key for validating the firmware file The key is provided with the firmware file 32 hex characters 181 Boot Banks 12 Maintenance and Operation Bank 1 Version of SLB firmware in bank 1 Note The word current displays next to the bank the SLB branch office manager booted from Bank 2 Version of SLB firmware in bank 2 Next Boot Bank Current setting for bank to boot from at next reboot Switch to Bank If desired select the alternate bank to boot from at next reboot Copy configuration from Bank 1 to Bank 2 during firmware update If checked will copy the configuration from the current bank to the bank being updated The two numbers are automatically generated so that the first number is the current b
216. mote access server to communicate with an authentication server to determine whether the user has access to the network Telnet A terminal protocol that provides an easy to use method of creating terminal connections to a network host SLB Branch Office Manager User Guide 277 F Compliance Information Manufacturer s Name amp Address Lantronix Inc 167 Technology Drive Irvine CA 92618 USA Declares that the following product Product Name s SLB Branch Office Manager SLB Series Conforms to the following standards or other normative documents SAFETY e UL 60950 1 e CAN CSA C22 2 No 60950 1 03 e EN 60950 1 2001 Low Voltage Directive 73 23 EEC FCC NOTICE U S Only This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the manufacturer s instruction manual may cause harmful interference with radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case you will be required to correct the interference at your own expense INDUSTRY CANADA NOTICE Canada Only This Class A digital apparatus complies with C
217. n SLB Branch Office Manager User Guide Right to view and enter settings for power outlets 141 11 User Authentication 5 Click the Back to Local Remote Users link to return to the Local Remote User Settings page 6 Add another user or click the Back to Local Remote Users link The Local Remote Users page displays with the new user s listed in the table Note The logged in user s name displays at the top of the web page Only the tabs and options for which the user has rights display Shortcut To add a user based on an existing user 1 Display the existing user on the Local Remote Users Settings page The fields in the top part of the page display the current values for the user Change the Login to that of the new user It is best to change the Password too Click the Apply button To edit a local user 1 On the Local Remote Users page select the user and click the Add Edit User button The Local Remote User Settings page displays Update values as desired Click the Apply button To delete a local user 1 On the Local Remote Users page select the user and click the Add Edit User button The Local Remote User Settings page displays Click the Delete User button Click the Apply button To change the sysadmin password 1 On the Local Remote Users page select sysadmin and click the Add Edit User button The Local Remote User Settings page displays 2 Enter the new password in the Password and Re
218. n Diagnostic Commands The following CLI commands correspond to the web page entries described above To display the ARP table of IP address to hardware address mapping diag arp email lt Email Address gt You can optionally email the displayed information To display a report of network connections You can optionally email the displayed information diag netstat protocol lt all tcp udp gt email lt Email Address gt To resolve a host name into an IP address You can optionally email the displayed information diag lookup lt Hostname gt email lt Email Address gt To test a device port by transmitting data out the port and verifying that it is received correctly diag loopback lt Device Port Number or Name gt lt parameters gt Parameters test lt internal external gt xferdatasize lt Size In Kbytes to Transfer gt Default is 1 Kbyte Note A special loopback cable comes with the SLB branch office manager To test a device port plug the cable into the device port and run this command The command sends the specified Kbytes to the device port and reports success or failure The test is performed at 9600 baud Only an external test requires a loopback cable To display the route that packets take to get to a network host diag traceroute lt IP Address or Hostname gt To verify that the host is up and running diag ping lt IP Address or Name gt lt parameters gt Parameters
219. n To terminate a connection select the radio button in the right column below and select Terminate Web connections can be viewed here gt Current Connections Port Service Terminate Flow Port Service User Time A SSH In 172 18 100 26 ee By Command Line sysadmin 0 04 21 i Console Port gt E Command Line N A 0 1219 O 12 4 To view details about a connection hold the mouse over the arrow in the Flow column 5 To disconnect delete a connection select the connection in the Select column and click the Terminate button 6 To reestablish the connection create the connection again in the top part of the page 7 To view information about Web connections click the here link in the text above the table The Firmware amp Configurations Web Sessions page displays Connection Commands These commands for configuring connections correspond to the web page entries described above To connect to a device port to monitor and or interact with it or to establish an outbound network connection connect direct lt endpoint gt Endpoint is one of deviceport lt Port or Name gt ssh lt IP Address or Name gt port lt TCP Port gt flags gt where lt SSH flags gt is one or more of user lt Login Name gt version lt 1 2 gt command lt Command to Execute gt tcp lt IP Address gt port lt TCP Port gt telnet lt IP Address or Name gt port lt TCP Port gt udp
220. nables access to this port through Telnet Disabled by default Enable SSH In Enables access to this port through SSH Disabled by default Enable TCP in Enables access to this port through a raw TCP connection Disabled by default Note When using raw TCP connections to transmit binary data or where the break command escape sequence is not required set the Break Sequence of the respective device port to null clear it Port Automatically assigned Telnet SSH and TCP port numbers See 8 Device Ports for information on setting up the numbering scheme You may override this value if desired Authenticate If selected the SLB branch office manager requires user authentication before granting access to the port Authenticate is selected by default for Telnet in and SSH in but not for TCP in SLB Branch Office Manager User Guide 86 8 Device Ports IP Address Web SSH Telnet Columns IP address used for this device port so a user can Telnet SSH or establish a raw TCP connection to this address and connect directly to the device port For Telnet and SSH the default TCP port numbers 22 and 23 respectively are used to connect to the device port For raw TCP the TCP port number defined for TCP In to the device port is used Number of columns in the Web SSH Telnet applet when this device port is accessed via the applet Web SSH Telnet Rows Number of rows in the Web
221. nch office manager may properly control the modem Modem Timeout Caller ID Logging Timeout for modem connections Select Yes for the SLB branch office manager to terminate the connection if no traffic is received during the configured idle time Enter a value of from 1 to 9999 seconds Select to enable the SLB device to log caller IDs on incoming calls Note For the Caller ID AT command refer to the modem user guide Modem Command Modem AT command used to initiate caller ID logging by the modem Note For the AT command refer to the modem user guide Data Settings Baud The speed with which the device port exchanges data with the attached serial device From the drop down list select the baud rate Most devices use 9600 for the administration port so this is the default Check the equipment settings and documentation for the proper baud rate Data Bits Number of data bits used to transmit a character From the drop down list select the number of data bits The default is 8 data bits SLB Branch Office Manager User Guide 118 9 PC Cards Parity Parity checking is a rudimentary method of detecting simple single bit errors From the drop down list select the parity The default is none Stop Bits The number of stop bit s used to indicate that a byte of data has been transmitted From the drop down list select the number of stop bits The default is 1 Flow Co
222. nd hostname depending on its setup This is the default setting lt 2 gt obtain IP Address from BOOTP Permits a network node to request configuration information from a BOOTP server node lt 3 gt static IP Address Allows you to assign a static IP address manually The IP address is generally provided by the system administrator SLB Branch Office Manager User Guide 37 4 Quick Setup IP Address if specifying An IP address that will be unique and valid on your network and in the same subnet as your PC There is no default If you selected DHCP or BOOTP this prompt does not display Enter all IP addresses in dot quad notation Do not use leading zeros in the fields for dot quad numbers less than 100 For example if your IP address is 172 19 201 28 do not enter 028 for the last segment Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported Subnet Mask The subnet mask specifies the network segment on which the branch office manager resides There is no default If you selected DHCP or BOOTP this prompt does not display Default Gateway IP address of the router for this network There is no default Hostname The default host name is slbXXXX where XXXxX is the last 4 characters of the hardware address of Ethernet Port 1 There is a 64 character limit contiguous characters no spaces Note The host name becomes the prompt
223. nd disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure IT management units e g SLP power managers Spiders SLB branch office managers on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Right to assign a remote user to a user group and assign a Authentication set of rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for TACACS users Reboot amp Right to use the CLI or shut down the SLB device and then Shutdown reboot it Firmware amp Right to upgrade the firmware on the unit and save or restore Configuration a configuration all settings Selecting this option automatically selects Reboot amp Shutdown Diagnostics amp Reports Right to obtain diagnostic information and reports about the unit Web Access Right to access Web Manager Device Ports Right to enter device port settings PC Card Right to enter modem settings for PC cards Power Outlets Right to configure power outlets 5 Click the Apply button Note You must reboot the unit before your changes will take effect SLB Branch Office Manager User Guide 165 11 User Authentication TACACS Commands These commands for the command line interface corres
224. nel Setup Options with Associated Parameters ccccssceeessteeeeeees 31 Table 5 1 Actions and Category Options 0 eccceceeceeeeeeeeeeeceeeeeeaeeeeeeeseeeeeseaeeesaeeneneeeeeeeess 44 Table 14 1 Actions and Category Options 0 c cccccceeeeeeeeeeeceeeeeeaeeeeeeeseeeeesaeeeeaaeeseneeseaees 213 SLB Branch Office Manager User Guide 9 1 About This Guide Purpose and Audience This guide provides the information needed to install configure and use the Lantronix SLB branch office manager The SLB branch office manager is for IT professionals who must remotely and securely configure and administer servers routers switches telephone equipment or other devices equipped with a serial port for facilities that are typically remote branch offices or distributed IT locations Chapter Summaries The remaining chapters in this guide include 2 Overview Describes the SLB models their main features and the protocols they support 3 Installation Provides technical specifications describes connection formats and power supplies provides instructions for installing the SLB branch office manager in a rack 4 Quick Setup Provides instructions for getting your SLB device up and running and for configuring required settings 5 Web and Command Line Describes the web and command line interfaces available for Interfaces configuring the SLB branch office manager Note The configuration chapters 6 12 provide
225. nfiguration after after restoring a configuration or resetting to factory defaults Restore Select the checkbox for each part of the current configuration you want to keep for example Networking Services or Device Ports 3 Click Apply Note If you selected an option that forces a reboot restore configuration update firmware or reset factory defaults the SLB branch office manager automatically reboots at the end of the process To manage configuration files The Manage option on the Firmware amp Configurations page allows you to view all configurations saved to the selected location and delete any of the configurations This feature is available for the default CIFS Share and PC Card locations 1 On the Firmware and Configurations page click the Manage link The following page displays the name and the time and date the file was saved SLB Branch Office Manager User Guide 183 SLB Branch Office Manager User Guide 12 Maintenance and Operation Firmware amp Configurations System Logs Audit Log Diagnostics Status Reports Events lt Back to Firmware amp Configurations Configurations Default location Name Date Time Saved SSH Keys SSL Certificate simsls 04 25 08 00 26 45 N N Fl 1557 aaa A LANTRONI SLB884 4 P1 P2 P3 P4 x X 22468 BESS B Logout User sysadmin Select port for configuration or O WebSSH Device Port only Firmware amp Configurations Manage Con
226. ng factory defaults select Yes When the process is complete the SLB reboots Method 2 Quick Setup on the Web Page After the unit has an IP address you can use the Quick Setup web page to configure the remaining network settings This page displays the first time you log into the SLB only Otherwise the SLB Home Page displays For information about the web interface see Web Interface on page 40 To complete the Quick Setup page 1 Open a standard web browser Lantronix supports the latest versions of Internet Explorer Mozilla Firefox Safari Opera or Chrome web browsers In the URL field type https followed by the IP address of your SLB Note The web server listens for requests on the unencrypted HTTP port port 80 and redirects all requests to the encrypted HTTPS port port 443 Log in using sysadmin as the user name and PASS as the password The first time you log in to the SLB the Quick Setup page automatically displays Otherwise the Home page displays Note To open the Quick Setup page at another time click the Quick Setup tab SLB Branch Office Manager User Guide 33 4 Quick Setup LANTRONIX SLB884 User sysadmin Quick Setup Quick Setup Network Settings Obtain from DHCP Eth Settings Obtain from BOOTP Specify IP Address 172 18 21 64 Subnet Mask 255 255 0 0 Date amp Time Settings Change Date Time P1 P2 P3 P4 Select port for configura
227. ng name Tab displays all possible names Should you make a mistake while typing backspace by pressing the Backspace key and or the Delete key depending on how you accessed the interface Both keys work if you use VT100 emulation in your terminal access program when connecting to the console port Use the left and right arrow keys to move within a command SLB Branch Office Manager User Guide 213 14 Command Reference Use the up and down arrows to scroll through previously entered commands If desired select one and edit it You can scroll through up to 100 previous commands entered in the session To clear an IP address type 0 0 0 0 orto clear a non IP address value type CLEAR When the number of lines displayed by a command exceeds the size of the window the default is 25 the command output is halted until the user is ready to continue To display the next line press Enter and to display the page press the space bar You can override the number of lines or disable the feature altogether with the set cli command Administrative Commands admin banner login Syntax admin banner login lt Banner Text gt Description Configures the banner displayed after the user logs in Note To go to the next line type n and press Enter admin banner logout Syntax admin banner logout lt Banner Text gt Description Configures the banner displayed after the user logs out Note To go to the next line type n
228. nnection The commands are in alphabetical order by category Introduction to Commands Following is some information about command syntax command line help and tips for using commands Command Syntax Commands have the following format lt action gt lt category gt lt parameter s gt where lt action gt is set show connect admin diag pccard or logout lt category gt is a group of related parameters whose settings you want to configure or view Examples are ntp deviceport and network lt parameter s gt is one or more name value pairs in one of the following formats lt parameter name gt lt aa bb gt User must specify one of the values aa or bb separated by a vertical line The values are in all lowercase and must be entered exactly as shown Bold indicates a default value lt parameter name gt lt Value gt User must specify an appropriate value for example an IP address The parameter values are in mixed case Square brackets indicate optional parameters SLB Branch Office Manager User Guide 212 14 Command Reference Table 14 1 Actions and Category Options network ipfilter routing datetime ntp services nfs cifs menu auth hostlist localusers remoteusers ldap radius kerberos tacacs consoleport deviceport nis slcnetwork command sshkey password history cli locallog power E show network ipfilter routing datetime ntp se
229. ns take their authentication settings from the DOD parameter settings If DOD Authentication is PAP then the DOD CHAP Handshake field is not used DOD Authentication Enables PAP or CHAP authentication for dial in amp dial on demand PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the DOD CHAP Handshake fields authenticate the user DOD CHAP Handshake For DOD Authentication enter the host username for UNIX systems or secret user password for Windows systems used for CHAP authentication May have up to 128 characters Enable NAT Select to enable Network Address Translation NAT for dial in and dial out PPP connections on a per modem device port or PC Card basis Users dialing into the SLB branch office manager access the network connected to Eth1 and or Eth2 Note IP forwarding must be enabled on the Network Settings page for NAT to work See 6 Basic Parameters Dial out Number Phone number for dialing out to a remote system or serial device May have up to 20 characters Any format is acceptable Dial out Login User ID for dialing out to a remote system May have up to 32 characters Dial out Password and Retype Password for dialing out to a remote system May have up to 64 characters SLB Branch Office Manager User Guide 90 8 Device Ports Restart De
230. ntrol A method of preventing buffer overflow and loss of data The available methods include none xon xoff software and RTS CTS hardware The default is none ISDN Settings Note These fields are disabled if the PC Card inserted is not an ISDN card Channel Select to indicate which B channel on the ISDN card to use Valid values are 1 and 2 The B channel is the channel that carries the main data Only one 64K channel can be used at a time Phone Number Phone number associated with the B channel May have up to 20 characters Any format is acceptable GSM GPRS Settings These settings are only active when a GSM GPRS PC card modem is in the appropriate slot Notes Please consult your wireless carrier s configuration requirements for more detailed information Dial out GPRS connections may replace the default route and DNS entries Static routes may be required to maintain access to subnets that are not directly attached to the SLB branch office manager Click the Static Routes link above Data Settings to configure a static route See Routing on page 58 Dial out Mode Select the type of dial out connection GPRS General Packet Radio Service GSM Global System for Mobile communication PIN and Retype PIN personal identification number for accessing the PIN GSM GPRS card GPRS Context Command to specify the protocol data packet PDP context parameter values PPP Compression Sele
231. nu title Specify nickname for each Enter each command up to Custom User Menu settings SLB gt show menu all Custom User Menus Command 1 Command 2 Command 3 show datetime Command 4 returnmenu Command 5 Command 5 logout lt return gt for none Menul Title command no y 50 commands logout is always the last command Press lt return gt when the menu command set is complete Command 1 connect direct deviceport 1 Nickname 1 connect Port 1 Command 2 connect direct deviceport 2 Nickname 2 connect Port 2 Command 3 showmenu menu2 Warning menu menu2 does not exist Nickname 3 menu2 Command 4 Command 4 logout Nickname 4 log off successfully updated lt return gt for none Menu2 Title command no 50 commands logout is always the last command Press lt return gt when the menu command set is complete connect direct deviceport 3 connect direct deviceport 4 successfully updated menul menu2 SLB gt show menu menul Custom User Menus SLB gt show menu menu2 connect direct deviceport 1 connect direct deviceport 2 Menu menul Title Menul Title Show Nicknames enabled Redisplay Menu disabled Command 1 Nickname 1 connect Port 1 Command 2 Nickname 2 connect Port 2 Command 3 showmenu menu2 Nickname 3 menu2 Command 4 logout Nickname 4 log off SLB Branch Office Manager User Guide 176 11 User Authentication
232. nu to at Login display when the user logs into the CLI Password When a user logs into the SLB branch office manager the SLB Ret device prompts for a password up to 64 characters The sysadmin etype establishes that password here Password Password If not selected allows the user to keep a password indefinitely If Expires selected the user keeps the password for a set period See Local and Remote Users on page 137 for information on specifying the length of time before the password expires Allow Select to allow the user to change password Password Change Change Indicate whether the user must change the password at the next Password on login Next Login Lock Account Select to lock the account indefinitely SLB Branch Office Manager User Guide 140 11 User Authentication 3 Assign rights to users Each user is a member of a group that has a predefined user rights associated with it You can assign or remove additional rights to the individual user Group Select the group to which the user will belong Default Users This group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Networking Date Time Reboot amp Shutdown and Diagnostics amp Reports You can specify additional rights for the individual user Administrators This group has all possible rights Full Administrative
233. o Save to or Restore From If you selected to save or restore a configuration enter a name for the configuration file up to 12 characters SLB Branch Office Manager User Guide 182 12 Maintenance and Operation Location for Save If you selected to save or restore a configuration select one of Restore or Manage the following options Default Saved Configurations If restoring select a saved configuration from the drop down list FTP Server The FTP server specified in the FTP SFTP TFTP section If you select this option select FTP or SFTP to transfer the configuration file NFS Mounted Directory Local directory of the NFS server for mounting files CIFS Share Saved Configurations If restoring select a saved configuration from the drop down list PC Card If a PC Card Compact Flash is loaded into one of the PC Card slots on the front of the SLB branch office manager and properly mounted the configuration can be saved to or restored from this location If you select this option select the slot upper or lower in which the PC Card Compact Flash is mounted and then select a saved configuration from the drop down list Manage The Manage option allows you to view and delete all configurations saved to the selected location This feature is available for the default CIFS Share and PC Card locations See page 183 Preserve Allows the user to keep a subset of the current configuration Co
234. ode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp Or udp Break Sequence A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Use LDAP Data Ports Listen Port Indicate whether Kerberos should rely on LDAP to look up user IDs and Group IDs This setting is disabled by default Note Make sure to configure LDAP if you select this option The ports users are able to monitor and interact with using the connect direct command U and L denote the PC Card upper and lower slots The ports users are able to monitor using the connect listen command Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Access Outlets The power outlets users may monitor and configure 3 Inthe User Rights section select the user group to which Kerberos users will
235. of IP filters 1 Click the Network tab and select the IP Filter option The following page displays SLB Branch Office Manager User Guide 53 6 Basic Parameters LANTRONIX SLB884 135 7 MMM a pe ps ps 22468 BBSS User sysadmin Select port for configuration or O webSSH Device Port only Network Settings IP Filter Routing IP Filter Help Enable IP Filter 7 IP Filter Status gt Packets Dropped 0 Packets Rejected 0 Test Timer No _ Yes minutes 1 120 Use the Test Timer to verify the IP Filter Rulesets IP Filter Time Remaining 0 minutes will automatically be disabled when the Test Timer expires l Add Ruleset Edit Ruleset Map Ruleset to Interface Ethernet 1 v Delete Ruleset IP Filter Rulesets IP Filter Mappings Interface Ruleset Enabling IP Filters On the IP Filter page you can enable all filters or disable all filters Note There is no way to enable or disable individual filters To enable IP filters 1 Enter the following Enable IP Filter Select the Enable IP Filter checkbox to enable all filters or clear the checkbox to disable all filters Disabled by default Packets Dropped Displays the number of data packets that the filter ignored view only did not respond to Packets Rejected Displays the number of data packets that the filter sent a view only rejected response to Test Timer Timer for testing IP
236. oken displays a string of digits called a token code that changes once a minute some tokens are set to change codes every 30 seconds Server 1 Port Number of the TCP port on the RADIUS server used for the RADIUS service If you do not specify an optional port the SLB branch office manager uses the default RADIUS port 1812 Server 1 Secret Text that serves as a shared secret between a RADIUS client and the server SLB device The shared secret is used to encrypt a password sent between the client and the server May have up to 128 characters RADIUS Server 2 IP address or host name of the secondary RADIUS server This server can be used as a SecurlD proxy Server 2 Port Number of the TCP port on the RADIUS server used for the RADIUS service If you do not specify an optional port the SLB branch office manager uses the default RADIUS port 1812 Server 2 Secret Timeout Text that serves as a shared secret between a RADIUS client and the server SLB device The shared secret is used to encrypt a password sent between the client and the server May have up to 128 characters The number of seconds 1 30 after which the connection attempt times out The default is 30 seconds Custom Menu If custom menus have been created you can assign a default custom menu to RADIUS users Escape Sequence A single character or a two character sequence that causes the SLB branch office manager
237. om and copy the contents of one boot bank to the other Enable an iGoogle gadget that displays the status of ports on multiple SLB branch office managers To configure settings 1 Click the Maintenance tab The Firmware amp Configurations page displays SLB Branch Office Manager User Guide 179 12 Maintenance and Operation LANTRONIX SLB884 SISISIS p p2 ps p4 User sysadmin Select port tor configuration or WebSSH Device Port only a7 Firmware amp Configurations SystemLogs AuditLog Diagnostics Status Reports Events Firmware amp Configurations Help General Reboot C Shutdown C Welcome Banner Welcome to the SLB Note Line feeds can be Login Banner included in the banners with the n character sequence Logout Banner Web Timeout No Yes minutes 5 120 30 Web Sessions gt Enable iGoogle Gadget Web Content SSL Certificate gt SLB Firmware FTP SFTP TFTP Server Current Version 5 3 Server 172 18 0 85 Update Firmware C Firmware Update Log gt Path export home share Load Firmware via FTP he gt M r Login backup Firmware Filename Password eeeeee Key Retype Password Boot Banks Bank 1 5 3 current Switch to Bank 2 C Bank 2 5 2a Copy configuration from Bank 1 to Bank 2 during firmware update 9 Next Boot Bank 1 Copy contents of Bank 1 to Bank 2 Configuration Management No Save Restore
238. on parameters to retain after the config restore or factorydefaults nt Networking lu Local Users sv Services dp Device Ports dt Date Time pe PC Card po Power Outlets Description Restores a saved configuration to the SLB device admin config save Syntax admin config save lt Config Name gt location lt default ftp sftplnfs cifs pccard gt nfsdir lt NFS Mounted Dir gt pccardslot lt upper lower gt SLB Branch Office Manager User Guide 215 14 Command Reference Description Saves the current SLB configuration to a selected location admin config show Syntax admin config show lt default ftp lsftp lnfs cifs pccard gt nfsdir lt NEFS Mounted Dir gt pccardslot lt upper lower gt Description Lists the configurations saved to a location admin firmware bootbank Syntax admin firmware bootbank lt 1 2 gt Description Sets the boot bank to be used at the next SLB reboot Applies to dual boot SLB branch office managers only admin firmware copybank Syntax admin firmware copybank Description Copies the boot bank from the currently booted bank to the alternate bank for dual boot SLB devices admin firmware show Syntax admin firmware show viewlog lt enable disable gt Description Lists the current firmware revision the boot bank status for dual boot SLB branch office managers and optionally displays the log containing details about firmware updates admin
239. on method set remoteusers listonlyauth Syntax set remoteusers listonlyauth lt enable disable gt Description Sets whether remote users who are not part of the remote user list will be authenticated set remoteusers delete Syntax set remoteusers delete lt User Login gt Description Removes a remote user show remoteusers Syntax show remoteusers Description Displays settings for all remote users set lt nis ldap radius kerberos tacacs gt group Syntax set lt nis ldap radius kerberos tacacs gt group lt default power admin gt Description Sets a permission group for remotely authorized users set lt nis ldap radius kerberos tacacs gt permissions Syntax set lt nis ldap radius kerberos tacacs gt permissions lt Permission List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad po SLB Branch Office Manager User Guide 230 14 Command Reference Description Sets permissions not already defined by the assigned permissions group show user Syntax show user Description Displays the rights of the currently logged in user CLI Commands set cli Syntax set cli scscommands lt enable disable gt Description Allows you to use SCS compatible commands as shortcuts for executing commands Enabling this feature enables it only for the current cli session It is disabled by default Note Settings are retained between CLI
240. on protocol that provides strong authentication for client server applications by using secret key cryptography LDAP Lightweight Directory Access Protocol A protocol for accessing directory information NAT Network Address Translation An Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic This enables a company to shield internal addresses from the public Internet NFS Network File System A protocol that allows file sharing across a network Users can view store and update files on a remote computer You can use NFS to mount all or a portion of a file system Users can access the portion mounted with the same privileges as the user s access to each file NIS Network Information System System developed by Sun Microsystems for distributing system data such as user and host names among computers on a network SLB Branch Office Manager User Guide 275 E Protocol Glossary NMS Network Management System NMS acts as a central server requesting and receiving SNMP type information from any computer using SNMP NTP Network Time Protocol A protocol used to synchronize time on networked computers and equipment PAP Password Authentication Protocol A method of user authentication in which the username and password are transmitted over a network and compared to a table of name password pairs PPP Point to Point Protocol
241. onix web site for a complete list To set up PC Card storage in the SLB device 1 Insert any of the supported PC Cards into either of the PC Card bays on the front of the SLB branch office manager You can do this before or after powering up the SLB device If the card is a compact Flash to PC Card adapter and the first partition on the Compact Flash is formatted with a file system supported by the SLB branch office manager ext2 and FAT the card mounts automatically 2 If the card does not mount automatically or if you want to update its settings click the Devices tab and select the PC Card option The following page displays LANTRONIX sie8e4 2 aae mmaa PPM g User sysadmin Select port for configuration or WebSSH Device Port only Z mecan e a7 8 Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists PC Card Help PC Card Slots Ifa PC Card has been inserted butis not visible in the table Slot Device Type State please refresh the web page Upper modem FATES CORPORATION HAYES inserted O To configure the settings for a ACCURA V90 PC CARD PC Card selectthe radio button Lower storage SanDisk SDP 5 3 0 6 ext2 mounted oO in the right column 3 From the PC Card Slots table select the button on the right for the PC Card you want to configure for storage and click the Configure button The following page displays SLB Branch Office Mana
242. only Device Ports Logging Help Email To Email Subject Port d Logging For NFS File Logging the directory to log to must reside on an external NFS server Specify the local directory for the NFS mount gt NFS File Logging C Directory to Log to Max Number of Files 10 Max Size of Files 2048 bytes PC Card Logging Log to Upper Slot Lower Slot Max Number of Files 10 Max Size of Files 2048 bytes Syslog Logging Note The logging level for the Device Ports log must be set to Info to view Syslog entries for Device Port logging CO Apply settings to Device Ports Note In addition to applying settings to the currently selected Device Port the settings can also be applied to other Device Ports Local Logging Clear Local Log If you enable local logging each device port stores 256 Kbytes approximately 400 screens of I O data in a true FIFO buffer Disabled by default Select the checkbox to clear the local log View Local Log Click this link to see the local log in text format SLB Branch Office Manager User Guide 100 Email SNMP Traps 8 Device Ports Email Traps Select the checkbox to enable email and SNMP logging Email logging sends an email message to pre defined email addresses or an SNMP trap to the designated NMS see 7 Services when alert criteria are met Disabled by default Send If you enabled
243. operly mounted see PC Card Logging on page 99 Disabled by default Log To If port logging is to a PC Card select the slot Upper or Lower in which the PC Card has been inserted Upper is the default Max Number of The maximum number of files to create to contain log data Files to the port These files keep a history of the data received from the port Once this limit is exceeded the oldest file is overwritten The default is 10 Max Size of Files The maximum allowable file size in bytes The default is 2048 bytes Once the maximum size of a file is reached the SLB device begins generating a new file The default is 2048 bytes Syslog Logging Syslog Logging Select to enable system logging Note The logging level for the device ports log must be set to Info to view Syslog entries for Device Port logging on the Services page Note To apply the settings to additional device ports in the Apply settings to Device Ports field enter the additional ports e g 1 3 5 6 3 To apply settings to other device ports in addition to the currently selected port select the Apply settings to Device Ports and enter port numbers separated by commas Indicate a range of port numbers with a hyphen e g 2 5 7 10 and separate ranges with commas 4 To save click the Apply button Logging Commands The following CLI commands correspond to the web page entries described above To configure logging settin
244. or 1024 The default is 512 Optionally enter a passphrase associated with the key The passphrase may have up to 50 characters The passphrase is an optional password that can be associated with an SSH key It is unique to each user and to each key SECSH Format Indicate whether the keys will be exported in SECSH format by default the key is exported in OpenSSH format Public Key Filename Filename of the public host key SLB Branch Office Manager User Guide 169 11 User Authentication Host and Login for Export Export via Select the method SCP FTP or Cut and Paste of exporting the key to the remote server Cut and Paste the default requires no other parameters for export Host IP address of the remote server to which the SLB branch office manager will SCP or FTP the public key file Path Optional path of the file on the host to SCP or FTP the public key too Login User ID to use to SCP or FTP the public key file Password Retype Password to use to SCP or FTP the public key file Password To view or delete a key 1 Select the key from the appropriate table The View and Delete buttons become active 2 To view the key click the View button A pop up page displays the key Imported key for sysadmin DaveSLM ssh rsa AAAAB3SNzaC lycZ2EAAAABIWAAAIEAxGx PGYSHsG9VqroDo98BeasC t hagbB6jG OtTMKkb3zrp Pu0HHAXai VXHAvy LAte31VTpoXdLAXNOuCvud LE aL LvvGmoEWBuBSu5
245. or SLP8 power manager and 1 16 for SLP16 power manager The outletcontrol parameters control individual outlets n lp outletstate outlet lt Outlet gt Shows the state of all outlets or a single outlet slp restart ssues the CLI command the SLP power manager uses to restart itself slp system Displays system information for the SLP power manager Description Sends commands to or controls a device connected to an SLB device port over the serial port Currently the only type of device supported for this type of interaction is the SLP power manager SLB Branch Office Manager User Guide 244 14 Command Reference Events Commands admin events add Syntax admin events add lt receivetrap gt lt response gt lt response gt is one of action lt fwdalltrapseth fwdseltrapeth gt ethport lt 1 2 gt nms lt SNMP NMS gt community lt SNMP Community gt oid lt SNMP OID gt action lt fwdalltrapsmodem fwdseltrapmodem gt deviceport lt Device Port or Name gt nms lt SNMP NMS gt community lt SNMP Community gt oid lt SNMP Trap OID gt action lt fwdalltrapsmodem fwdseltrapmodem gt pccardslot lt upper lower gt nms lt SNMP NMS gt community lt SNMP Community gt oid lt SNMP Trap OID gt action lt syslog gt Description Defines events admin events delete Syntax admin events delete lt Event ID gt Description Deletes an event definition admin events
246. ors This group has all possible rights 4 Select or clear the checkboxes for the following rights Full Administrative Right to add update and delete all editable fields Networking Right to enter Network settings Services Right to enable and disable system logging SSH and Telnet logins SNMP and SMTP Secure Lantronix Network Right to view and manage secure IT management units e g SLP power managers Spiders SLB branch office managers on the local subnet Date Time Right to set the date and time Local Users Right to add or delete local users on the system Remote Right to assign a remote user to a user group and assign a set of Authentication rights to the user SSH Keys Right to set SSH keys for authenticating users User Menus Right to create a custom user menu for the CLI for LDAP users Reboot amp Right to use the CLI or shut down the SLB branch office manager Shutdown and then reboot it Firmware amp Right to upgrade the firmware on the unit and save or restore a Configuration configuration all settings Selecting this option automatically selects Reboot amp Shutdown Diagnostics amp Reports Right to obtain diagnostic information and reports about the unit Web Access Right to access Web Manager Device Ports PC Card Right to enter device port settings Right to enter modem settings for PC cards Power Outlets
247. orts See on page 25 Install any PC Cards you intend to use If you install a modem card connect to the phone line See 9 PC Cards 4 You have the following options a To configure the SLB branch office manager using the network or to monitor serial devices on the network connect at least one SLB network port to a network See Connecting to a Network Port on page 25 b To configure the SLB branch office manager using a dumb terminal or a computer with terminal emulation connect the terminal or PC to the SLB console port See Connecting a Terminal on page 25 5 Connect the power cord and apply power See Connecting to a Power Source on page 26 6 Wait approximately a minute and a half for the boot process to complete When the boot process ends the SLB host name and the clock appear on the LCD display Now you are ready to configure the network settings as described in 4 Quick Setup SLB Branch Office Manager User Guide 24 3 Installation Connecting to a Device Port You can connect any device that has a serial console port to a device port on the SLB branch office manager for remote administration The console port must support the RS 232C interface Note Many servers must either have the serial port enabled as a console or the keyboard and mouse detached Consult the server hardware and or software documentation for more information To connect to a device port 1 Connect one end of the Cat 5 cable to the device
248. os Displays selected if you enabled this method on the User Authentication page If you want to set up this authentication method but not enable it immediately clear the checkbox Note You can enable Kerberos here or on the first User Authentication page If you enable Kerberos here it automatically displays at the end of the order of precedence on the User Authentication page Realm Enter the name of the logical network served by a single Kerberos database and a set of Key Distribution Centers Usually realm names are all uppercase letters to differentiate the realm from the Internet domain Realm is similar in concept to an NT domain KDC A key distribution center KDC is a server that issues Kerberos tickets A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service Enter the KDC in the fully qualified domain format FQDN An example is SLB local SLB Branch Office Manager User Guide 159 11 User Authentication KDC IP Address KDC Port Enter the IP address of the Key Distribution Center KDC Port on the KDC listening for requests Enter an integer with a maximum value of 65535 The default is 88 Custom Menu If custom menus have been created you can assign a default custom menu to RADIUS users Escape Sequence A single character or a two character sequence that causes the SLB branch office manager to leave direct interactive m
249. ostname gt poll lt local public gt publicserver lt IP Address or Hostname gt state lt enable disable gt sync lt broadcast poll gt Description Synchronizes the SLB branch office manager with a remote time server using NTP show ntp Syntax show ntp Description Displays NTP settings Device Commands set command Syntax set command lt Device Port or Name or List gt lt one or more parameters gt Parameters slp auth login lt User Login gt Establishes the authentication information to log into the SLP power manager attached to the device port slp restart Issues the CLI command the SLP power manager uses to restart itself SLB Branch Office Manager User Guide 238 14 Command Reference slp outletcontrol state lt on off cyclepower gt outlet lt Outlet gt tower lt A B gt Outlet is 1 8 for SLP8 power manager and 1 16 for SLP16 power manager The out letcontrol parameters control individual outlets slp outletstate outlet lt Outlet gt The outletstate parameter shows the state of all outlets or a single outlet slp envmon Displays the environmental status e g temperature and humidity of the SLP power manager slp infeedstatus Displays the infeed status and load of the SLP power manager slp system Provides system information for the SLP power manager sensorsoft lowtemp lt Low Temperature in C gt Sets the lowest temper
250. osts available for establishing incoming modem connections or for the connect direct command on the CLI The SLB branch office manager cycles through the list until it successfully connects to one To add a host list 1 Click the Devices tab and select the Host Lists option The following page displays SLB Branch Office Manager User Guide 108 8 Device Ports A if LANTRONIX SLB884 User sysadmin Select port for contiguration or webSSH Device Port only Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists Host Lists Help Host Lists Id Name Host List Id 0 Clear Host List Host List Name Add Host List Retry Count Edit Host List Authentication 7 Host Parameters Hosts in order of precedence Host Protocol TCP t mo E Escape Sequence Clear Host Parameters 2 Enter the following Note To clear fields in the lower part of the page click the Clear Host List button Host List Id view only Displays after a host list is saved Host List Name Enter a name for the host list Retry Count Authentication Enter the number of times the SLB branch office manager should attempt to retry connecting to the host list Select to require authentication when the SLB device connects to a host 3 You have the following options To save the host list without adding hosts at this time click the Add Host List
251. ote User Settings page displays SLB Branch Office Manager User Guide 138 11 User Authentication H4135 l LANTRONIX SLB884 2246s GLO User sysadmin Select port tor configuration or WebSSH Device Port only Authentication Methods Local Remote Users NIS LDAP RADIUS Kerberos TACACS SSH Keys Local Remote User Settings Help Login Enable for Dial hack 7 Password Authentication Local Remote Dial back Number Retype Password UID 101 Escape Sequence yd bA Password Expires 7 Listen Ports 1 8 U L Break Sequence hya bB Allow Password Change SpE aaa Change Password m Data Ports 1 8 U L Custom Menu lt none gt x on Nert Login Clear Port Buffers 1 8 U L Display Menu at Login Lock Account Access Outlets 1 4 Default Users Each user is a member of a group which has predefined user rights associated with it Group Power Users User rights that are associated with a group O Administrators cannot be modified for individual users Full Administrative 7 Local Users Reboot amp Shutdown C Networking 7 Remote Authentication 7 Firmware amp Configuration Services SSH Keys Diagnostics amp Reports SecureLinx Network C User Menus C Device Ports Date Time Web Access PC Card Power Outlets C 2 Enter the following information for the user Login User ID of se
252. otely from anywhere there is a network or modem connection The SLB can access and administer many types of equipment such as Servers Unix Linux Windows 2003 and others Networking equipment Routers switches storage networking Telecom PBX voice switches Other systems with serial interfaces Heating cooling systems security building access systems UPS medial device Types of Business The SLB branch office manager is used in many types of business for example o o 6M Benefits Banking and finance Insurance companies Healthcare Retail Sales Information Technology Education and campus style facilities Hospitality Manufacturing Facilities The key benefits of using the SLB branch office manager Saves space Compact design merges the functionality of three solutions into a 1U rack solution reducing required rack space and total cost of ownership Saves money Enables remote management and troubleshooting without sending a technician onsite resulting in reduced travel costs and increased network uptime Saves time Provides instant access and reduces response time improving efficiency Simplifies access Enables 24 7 access to your equipment securely and remotely after hours and on weekends and holidays without having to schedule visits or arrange for off hour access Protects assets Provides the highest levels of encryption and security features authenticat
253. ount lt upper lower gt To format a Compact Flash card pccard storage format lt upper lower gt filesystem lt ext2 fat gt To rename a file on a Compact Flash card pccard storage rename lt upper lower gt file lt Filename gt newfile lt New Filename gt To copy a file on a Compact Flash card pccard storage copy lt upper lower gt file lt Filename gt newfile lt New Filename gt SLB Branch Office Manager User Guide 122 9 PC Cards Removes a file on a Compact Flash card pccard storage delete lt upper lower gt file lt Current Filename gt PC Card Modem Commands To configure a currently loaded PC Card modem pccard modem lt upper lower gt lt parameters gt Parameters auth lt pap chap gt baud lt 300 115200 gt 9600 is the default calleridcmd lt Modem Command String gt calleridlogging lt enable disable gt chaphost lt CHAP Host or User Password gt chapsecret lt CHAP Secret or User Password gt databits lt 7 8 gt dialbacknumber lt usernumber Phone Number gt dialinlist lt Host List for Dial in gt dodauth lt pap chap gt dodchaphost lt CHAP Host or User Name gt dodchapsecret lt CHAP Secret or User Password gt dialoutlogin lt User Login gt dialoutnumber lt Phone Number gt dialoutpassword lt Password gt flowcontrol lt none xon xoff rts cts gt gsmautodns lt enable disable gt gsmbearerservice lt GSM Bearer S
254. ow locallog lt Device Port or Name gt bytes lt Bytes To Display gt Description Displays a specific number of bytes of data for a device port 1K is the default set locallog clear Syntax set locallog clear lt Device Port or Name gt Description Clears the local log for a device port The locallog commands can only be executed for a device port if local logging is enabled for the port The set locallog clear command can only be executed if the user has permission to clear port buffers see 77 User Authentication Network Commands set network Syntax set network lt parameters gt Parameters interval lt 1 99999 Seconds gt ipforwarding lt enable disable gt probes lt Number of Probes gt startprobes lt 1 99999 Seconds gt Description Sets TCP Keepalive and IP Forwarding network parameters SLB Branch Office Manager User Guide 249 14 Command Reference set network dns Syntax set network dns lt 1 2 3 gt ipaddr lt IP Address gt Description Configures up to three DNS servers set network gateway Syntax set network gateway lt parameters gt Parameters default lt IP Address gt precedence lt dhep gprs default gt alternate lt IP Address gt pingip lt IP Address gt ethport lt 1 or 2 gt pingdelay lt 1 250 seconds gt failedpings lt 1 250 gt Description Sets default and alternate gateways The alternate gateway is used if an IP address usually accessibl
255. parated list of current configuration parameters to retain after the config restore or factorydefaults nt Networking lu Local Users sv Services dp Device Ports at Date Time pc PC Card po Power Outlets To restore a saved configuration to the SLB branch office manager admin config restore lt Config Name gt location lt default ftp sftplnfs cifs pccard gt nfsdir lt NFS Mounted Dir gt pccardslot lt upper lower gt keepconfig lt Config Params to Keep gt preserveconfig lt Config Params to Prserve gt lt Config Params to Preserve gt is acomma separated list of current configuration parameters to retain after the config restore or factorydefaults nt Networking lu Local Users sv Services dp Device Ports dt Date Time pe PC Card po Power Outlets To save the current SLB configuration to a selected location admin config save lt Config Name gt location lt default ftp lsftp lnfs cifs pccard gt nfsdir lt NFS Mounted Dir gt pccardslot lt upper lower gt SLB Branch Office Manager User Guide 189 12 Maintenance and Operation To delete a saved configuration admin config delete lt Config Name gt location lt default cifs pccard gt pccardslot lt upper lower gt To list the configurations saved to a location admin config show lt default ftp sftp nfs cifs pccard gt nfsdir lt NFS Mounted Dir gt pccardslot lt upper lower gt To run t
256. pond to the web page entries described above To configure the SLB branch office manager to use TACACS to authenticate users who log in via the Web SSH Telnet or the console port set tacacs lt one or more parameters gt Parameters accessoutlets lt Outlet List gt breakseq lt 1 10 Chars gt clearports lt Port List gt dataports lt Port List gt encrypt lt enable disable gt scapeseq lt 1 10 Chars gt listenports lt Port List gt secret lt TACACS Secret gt serverl lt IP Address or Name gt server2 lt IP Address or Name gt server3 lt IP Address or Name gt state lt enable disable gt To set user group and permissions for TACACS users set tacacs group lt default power admin gt To set permissions for TACACS users not already defined by the user rights group set tacacs permissions lt Permission List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad To remove a permission type a minus sign before the two letter abbreviation for a user right To set a default custom menu for TACACS users set tacacs custommenu lt Menu Name gt To view TACACS settings show tacacst SSH Keys The SLB branch office manager can import and export SSH keys to facilitate shared key authentication for all incoming and outgoing SSH connections By using a public private key pair a user can access multiple hosts with a single passphrase or i
257. port counters for one or more device ports show portstatus Syntax show portstatus deviceport lt Device Port List or Name gt email lt Email Address gt Description Displays the modes and states of one or more device port s You can optionally email the displayed information Diagnostic Commands diag arp Syntax diag arp email lt Email Address gt Description Displays the ARP table of IP address to hardware address mapping You can optionally email the displayed information SLB Branch Office Manager User Guide 242 14 Command Reference diag internals Syntax diag internals Description Displays information on the internal memory storage and processes of the SLB branch office manager Note This command is available in the CLI but not the web diag netstat Syntax diag netstat protocol lt all tcp udp gt email lt Email Address gt Description To display a report of network connections You can optionally email the displayed information diag nettrace Syntax diag nettrace lt one or more parameters gt Parmeters ethport lt 1 2 gt host lt IP Address or Name gt numpackets lt Number of Packets gt protocol lt tcp udp icmp gt verbose lt enable disable gt Description Displays all network traffic applying optional filters This command is not available on the web page diag lookup Syntax diag lookup lt Hostname gt email lt Email Address gt
258. port from the ports list and click the Configure button The Device Ports Settings page for the port displays Click the port number on the green bar at the top of each page 2 Continue with Device Ports Settings on page 84 Global Commands The following CLI commands correspond to the web page entries described above SLB Branch Office Manager User Guide 83 8 Device Ports To configure settings for all or a group of device ports set deviceport global lt one or more parameters gt Parameters maxdirect lt 1 10 gt Sets the maximum number of direct connections for each device port sshport lt TCP Port gt tcpport lt TCP Port gt telnetport lt TCP Port gt Port is a port number between 1025 and 65535 To view global settings for device ports show deviceport global Global Commands The following CLI commands correspond to the web page entries described above To configure settings for all or a group of device ports set deviceport global lt one or more parameters gt Parameters maxdirect lt 1 10 gt Sets the maximum number of direct connections for each device port sshport lt TCP Port gt tcpport lt TCP Port gt telnetport lt TCP Port gt Port is a port number between 1025 and 65535 To view global settings for device ports show deviceport global Device Ports Settings On the Device Ports Settings page configure IP and data serial settings for
259. port you are connecting This device port must be connected to an external serial device and must not have command line interface logins enabled be connected to a modem or be running a loopback test Note To see the current settings for this device port click the Settings link Data Flow Select the arrow showing the direction bidirectional or unidirectional the data will flow in relationship to the device port you are connecting SLB Branch Office Manager User Guide 129 10 Connections to From the drop down list select a destination for the connection a device port connected to a serial device a device port connected to a modem or an outbound network connection Telnet SSH TCP Port or UDP Port Note To see the current settings for a selected device port click the Settings link Hostname The host name or IP Address of the destination This entry is required if the to field is set to Telnet out SSH out TCP port or UDP port Port SSH Out Options If the to field is set to Device Port or Modem on Device Port enter the number of the device port For all other options this is the TCP UDP port number which is optional for Telnet out and SSH out but required for TCP Port and UDP Port Notes If you select Device Port it must not have command line interface logins enabled or be running a loopback test To view the device port s settings click the Settings link to the right o
260. pprovals and Certifications VCCI UL CUL C Tick NIST certified implementation of AES as specified by FIPS 197 uses SLC SSH algorithm SLB Branch Office Manager User Guide 279 F Compliance Information RoHS Notice All Lantronix products in the following families are China RoHS compliant and free of the following hazardous substances and elements e Lead Pb e Mercury Hg e Polybrominated biphenyls PBB e Cadmium Cd e Hexavalent Chromium Cr VI e Polybrominated diphenyl ethers PBDE e Product Family Name Toxic or hazardous Substances and Elements Lead Mercury Cadmium Hexavalent Polybrominated Polybrominated diphenyl Pb Hg Cd Chromium biphenyls PBB ethers PBDE Cr VI UDS1100 and 2100 o y O EDS o0 0 o 0o o f O MSS100 oJ o o 0 o O IntelliBox o 0 o0 0 o f O XPress DR amp XPressDR 0o 0 0o 0 0 O0 SecureBox 1101 o0 0 o0 0 o f O WiBox oJ o o 0 o O UBox MatchPort Poo fT o f o o o y O SLC en 0 o 0 o f O XPort oJ o o 0 o O WiPort o0 0 o0 0 o f O SLB o fT o f o o o y O SLP a 0 0o 0 o f O SCS o o f o o o y O SLS o 0 o0 0 o0 O toxic or hazardous substance contained in all of the homogeneous materials for this part is below the limit requirement in SJ T 11363 2006 X toxic or hazardous substance contained in at least one of the homogeneous materials used for this part is above the limit
261. protocols for managing complex networks 1 Click the Services tab and select the SNMP option The following page displays LANTRONIX SLB884 4 P1 P2 P3 P4 User sysadmin Select port for configuration or O WebSSH Device Port only SSH Telnet Logging SNMP NFS CIFS SecureLinx Network Date amp Time SNMP Help Communities Enable Agent V Read Only public Location location Enable Traps V Read Write private Contact contact NMS 172 18 100 29 Trap public Alarm Delay 60 seconds Version 3 V3 Read Only User V3 Read Write User Security No AuthiNo Encrypt User Name snmpuser User Name snmprwuser Authino Encrypt Password eesecseeee j Password OAauthEncrypt Retype Password eeesesese Retype Password Auth with mMD5S OSHA Passphrase Passphrase Encrypt with DES OAES Retype Passphrase jl Retype Passphrase ire a Apply 2 Enter the following Enable Agent Enables or disables SNMP agent which allows read only access to the system Disabled by default Enable Traps Traps are notifications of certain critical events Disabled by default This feature is applicable when SNMP is enabled Examples of traps that the SLB branch office manager sends include Ethernet Port Link Up Ethernet Port Link Down Authentication Failure SLB Booted SLB Shutdown Device Port Logging o Power Supply Status Sysadmin user password changed The SL
262. r Retype with read write authority Up to 20 characters Passphrase 3 To save click the Apply button SNMP SSH Telnet and Logging Commands The following CLI commands correspond to the web page entries described above To configure services system logging SSH and Telnet access SSH and Telnet timeout SNMP agent email SMTP server and audit log set services lt one or more services parameters gt Parameters alarmdelay lt 1 6000 Seconds gt auditlog lt enable disable gt auditsize lt Size in Kbytes gt Range is 1 500 Kbytes authlog lt off error warning info debug gt clicommands lt enable disable gt contact lt Admin contact info gt devlog lt off error warning info debug gt diaglog lt off error warning info debug gt genlog lt off error warning info debug gt includesyslog lt enable disable gt SLB Branch Office Manager User Guide 66 7 Services location lt Physical Location gt netlog lt off error warning info debug gt nms lt IP Address or Name gt phonehome lt enable disable gt phoneip lt IP Address gt portssh lt TCP Port gt rocommunity lt Read Only Community Name gt rwcommunity lt Read Write Community Name gt servlog lt off error warning info debug gt smtpserver lt IP Address or Hostname gt snmp lt enable disable gt ssh lt enable disable gt syslogserverl lt IP Address or Name gt syslogserver2 lt IP Address or Name gt
263. r The SLB branch office manager retains both the private and public key on the SLB device and makes the public key available for export via SCP FTP or copy and paste The name of the key is used to generate the name of the public key file that is exported for example lt keyname gt pub and the exported keys are organized by user and key name Once a key is generated and exported you can delete the key or view the public portion Any SSH connection out of the SLB branch office manager for the designated host user combination uses the SSH key for authentication To configure the SLB branch office manager to use SSH keys to authenticate users 1 From the main menu select User Authentication SSH Keys The following page displays SLB Branch Office Manager User Guide 167 LANTRONIX SLB884 User sysadmin SSH Keys Imported Keys SSH In Host amp User Associated with Key not required if host and SLB Local User login are declared in imported key file ignored if file contains multiple keys User Host sysadmin User 3 michaell Host amp Login for Import Import via scP x sysadmin Filename sysadmin Host eer sysadmin Path sysadmin Login Password e Retype Password Exported Keys SSH Out Authentication Methods Local Remote Users NIS LDAP RADIUS Kerberos TACACS SSH Keys Imported SSH Keys 11 User Authentication P1 P2 P3 P4 Select port for configu
264. r 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp Or udp Break Sequence Data Ports Listen Port A series of 1 10 characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B The ports users are able to monitor and interact with using the connect direct command U and L denote the PC Card upper and lower slots The ports users are able to monitor using the connect listen command Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Access Outlets The outlets the user may monitor and configure In the User Rights section select the user group to which LDAP users will belong SLB Branch Office Manager User Guide 151 11 User Authentication Group Select the group to which the LDAP users will belong Default Users This group has only the most basic rights You can specify additional rights for the individual user Power Users This group has the same rights as Default Users plus Networking Date Time Reboot amp Shutdown and Diagnostics amp Reports Administrat
265. r device port settings 1 Enter the following Mode The status of the port displays automatically Name The name of the port Valid characters are letters numbers dashes periods and underscores _ Banner Break Sequence Logging Zero Port Counters Text to display when a user connects to a device port by means of Telnet SSH or TCP If authentication is enabled for the device port the banner displays once the user successfully logs in Blank is the default A series of one to ten characters users can enter on the command line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Click the Settings link to configure file logging email logging local logging and PC Card logging See Device Ports Logging on page 98 Resets all of the numerical values in the Port Counters table at the bottom of the page to zero 0 Connected to IP Settings The type of device connected to the device port Presently the SLB branch office manager supports SLP power manager SLP8 and SLP16 and Sensorsoft devices If the type of device is not listed select undefined If you select anything other than undefined click Device Commands The appropriate web page displays Enable Telnet In E
266. r example 172 19 255 255 would display all IP addresses that start with 172 19 SSH Key Commands set sshkey all export Syntax set sshkey allexport lt ftp scp copypaste gt pubfile lt Public Key File gt host lt IP Address or Name gt login lt User Login gt path lt Path to Copy Keys gt Description Exports the public keys all of the previously created SSH keys set sshkey delete Syntax set sshkey delete lt one or more parameters gt Parameters keyhost lt SSH Key Host gt keyname lt SSH Key Name gt keyuser lt SSH Key User gt Description Deletes an ssh key Specify the keyuser and keyhost to delete an imported key specify the keyuser and keyname to delete exported key set sshkey export Syntax set sshkey export lt ftp scp copypaste gt lt one or more parameters gt Parameters format lt openssh secsh gt host lt IP Address or Name gt login lt User Login gt SLB Branch Office Manager User Guide 259 14 Command Reference path lt Path to Copy Key gt bits lt 512 1024 gt keyname lt SSH Key Name gt keyuser lt SSH Key User gt type lt rsa dsa gt Description Exports an sshkey set sshkey import set sshkey import lt ftp scp gt lt one or more parameters gt Parameters keyhost lt SSH Key IP Address or Name gt keyuser lt SSH Key User gt path lt Path to Public Key File gt file lt Public Key File gt host lt IP Address or Name gt
267. r with a remote timeserver using NTP 1 Enter the following Enable NTP Select the checkbox to enable NTP synchronization NTP is disabled by default SLB Branch Office Manager User Guide 77 7 Services Synchronize via Select one of the following Broadcast from NTP Server Enables the SLB branch office manager to accept time information periodically transmitted by the NTP server This is the default if you enable NTP Poll NTP Server Enables the SLB device to query the NTP Server for the correct time If you select this option complete one of the following Local Select this option if the NTP servers are on a local network and enter the IP address of up to three NTP servers This is the default and it is highly recommended Public Select this option if you want to use a public NTP server and select the address of the NTP server from the drop down list This is not recommended because of the high load on many public NTP servers All servers in the drop down list are stratum 2 servers See www ntp org for more information Each public NTP server has its own usage rules please refer to the appropriate web site before using one Our listing them here is to provide easy configuration but does not indicate any permission for use 2 To save click the Apply button Date and Time Commands The following CLI commands correspond to the web page entries described above To set the
268. ration or O webssH Device Port only Help erver Host Keys gt In a lt vg Host slm02 tpharm17 RSA 1024 bits 172 18 0 65 DSA 1024 bits slm01_glenn17 RSA 1024 bits sim01_glenn19 RSA 1024 bits slm02_tpham1 RSA 1024 bits slm02_glenn19 RSA 1024 bits Export New Key for User Exported SSH Keys All Previously Created Keys 2 User Key Name Type User Key Name Key Type RSA O DSA Number of Bits 1024 v Passphrase Retype Passphrase SECSH Format Public Key Filename Host amp Login for Export Export via Copy and Paste Host Path Login Password Retype Password 2 Enter the following Imported Keys SSH In Host amp User Associated with Key These entries are required in the following cases The imported key file does not contain the host that the user will be making an SSH connection from or The SLB local user login for the connection is different from the user name the key was generated from or is not included in the imported key file If either of these conditions is true or the imported file is in SECSH format you must specify the user and host The following is an example of a public key file that includes the user and host SLB Branch Office Manager User Guide 168 11 User Authentication ssh rsa AAAAB3NzaClyc2EAAAABI wAAAEEApUHCX9EWsHt jmUGXalYC3us ABYxIXUhSU1N NU9HNAUADUF d8LYz8
269. rator Server VPN Router PBX Teleco HEADQUARTERS awi Console Management Power Management Ethernet Connection This chapter includes three typical scenarios for using the SLB branch office manager The scenarios assume that the SLB device is connected to the network and has already been assigned an IP address In the examples we use the command line interface You can do the same things using the web page interface except for directly interacting with the SLB branch office manager direct command SLB Branch Office Manager User Guide 206 13 Application Examples Telnet SSH to a Remote Device The following figure shows a Sun server connected to port 2 of the SLB device Figure 13 2 Remote User Connected to a SUN Server via the SLB Device Sun Server Remote User A B Serial Cable to Device Port 2 4 i MERES N f SLB Branch Office Manager In this example the sysadmin would 1 Display the current settings for device port 2 SLB gt show deviceport port 2 ___ Current Device Port Settings Number 2 Name Port 2 Modem Settings Data Settings IP Settings Modem State disabled Baud Rate 9600 Telnet disabled Modem Mode text Data Bits 8 Telnet Port 2002 Timeout Logins disabled Stop Bits 1 SSH disabled Local IP negotiate Parity none SSH Port 3002 Remote IP negotiate Flow Control xon xoff I
270. rberos group lt default power admin gt To set permissions for Kerberos users not already defined by the user rights group set kerberos permissions lt Permission List gt where lt Permission List gt isoneormoreofnt sv dt lu ra sk um dp pc rs rc dr wh sn ad To remove a permission type a minus sign before the two letter abbreviation for a user right To set a default custom menu for Kerberos users set kerberos custommenu lt Menu Name gt SLB Branch Office Manager User Guide 162 11 User Authentication To view Kerberos settings show kerberos TACACS Similar to RADIUS the main function of TACACS is to perform authentication for remote access The SLB branch office manager supports the TACACS protocol not the older TACACS or XTACACS protocols The system administrator can configure the SLB device to use TACACS to authenticate users attempting to log in using the Web Telnet SSH or the console port Users who are authenticated through Kerberos are granted device port access through the port permissions on this page All Kerberos users are members of a group that has predefined user rights associated with it You can add additional user rights that are not defined by the group To configure the SLB branch office manager to use TACACS to authenticate users 1 Click the TACACS tab and select TACACS The following page displays LANTRONIX SLB884 H P1 P2 P3
271. re Configuration a configuration all settings Selecting this option automatically selects Reboot amp Shutdown Diagnostics amp Right to obtain diagnostic information and reports about the Reports unit Web Access Right to access Web Manager Device Ports Right to enter device port settings PC Card Right to enter modem settings for PC cards Power Outlets Right to configure power outlets 5 Click the Apply button Note You must reboot the unit before your changes will take effect RADIUS Commands These commands for the command line interface correspond to the web page entries described above To configure the SLB branch office manager to use RADIUS to authenticate users who log in via the Web SSH Telnet or the console port set radius lt one or more parameters gt Parameters accessoutlets lt Outlet List gt breakseq lt 1 10 Chars gt clearports lt Port List gt dataports lt Port List gt scapeseq lt 1 10 Chars gt listenports lt Port List gt state lt enable disable gt To identify the RADIUS server s the text secret and the number of the TCP port on the RADIUS server set radius server lt 1 2 gt host lt IP Address or Hostname gt secret lt Secret gt port lt TCP Port gt The default port is 1812 To set the number of seconds after which the connection attempt times out set radius timeout lt disable 1 30 gt May be 1 30 seconds SLB Br
272. requirement in SJ T11363 2006 Manufacturer s Contact Lantronix Inc 167 Technology Drive Irvine CA 92618 USA Toll Free 800 526 8766 Phone 949 453 3990 Fax 949 453 3995 SLB Branch Office Manager User Guide 280
273. ription To display the overall status of all SLB devices Optionally emails the displayed information System Log Commands show syslog Syntax show syslog lt parameters gt Parameters email lt Email Address gt SLB Branch Office Manager User Guide 262 14 Command Reference level lt error warning info debug gt log lt all netlog servlog authlog devlog diaglog genlog gt display lt head tail gt numlines lt Number of Lines gt starttime lt MMDDYYhhmm ss gt endtime lt MMDDYYhhmm ss gt Description Displays the system logs containing information and error messages Note The level display and time parameters cannot be used simultaneously show syslog clear Syntax show syslog clear lt all netlog servlog authlog devlog diaglog genlog gt Description Clears one or all of the system logs SLB Branch Office Manager User Guide 263 A Bootloader The SLM management appliance provides a bootload command interface This interface is only accessible through the SLB branch office manager s console port Accessing the Bootloader To access the bootloader CLI To access the bootloader command line interface 1 Power up the SLB branch office manager 2 Type x15 within 10 seconds of power up The bootloader halts the boot procedure and displays a Lantronix command prompt Bootload Commands User Commands help Lists and prints the command list and online help An alias for help
274. rning and error messages Network Level Messages concerning the network activity for example about Ethernet and routing Services Messages concerning services such as SNMP and SMTP Authentication Messages concerning user authentication Device Ports Messages concerning device ports and connections Diagnostics Messages concerning system status and problems General Any message not in the categories above SLB Branch Office Manager User Guide 61 7 Services Remote Servers 1 and 2 IP address of the remote server s where system logs are stored The system log is always saved to local SLB storage It is retained through SLB branch office manager reboots for files up to 200K Saving the system log to a server that supports remote logging services see RFC 3164 allows the administrator to save the complete system log history Enables or disables SSH logins to the SLB branch office manager to allow users to access the CLI using SSH Enabled by default This setting does not control SSH access to individual device ports See Device Ports Settings on page 84 for information on enabling SSH access to individual ports Most system administrators enable SSH logins which is the preferred method of accessing the system Enables or disables the ability to access the SLB command line interface or device ports connect direct through the Web SSH window Disabled by default If you enable SSH logins you
275. room ambient temperature Make sure to install the SLB device in an environment with an ambient temperature less than the maximum operating temperature of the SLB branch office manager See Technical Specifications on page 23 Install the equipment in a rack in such a way that the amount of airflow required for safe operation of the equipment is not compromised Mount the equipment in the rack so that a hazardous condition is not achieved due to uneven mechanical loading Maintain reliable earthing of rack mounted equipment Give particular attention to supply connections other than direct connections to the branch circuit e g use of power strips Before operating the SLB device make sure the SLB branch office manager is secured to the rack Port Connections Only connect the network port to an Ethernet network that supports 10Base T 100Base T Only connect device ports to equipment with serial ports that support EIA 232 formerly RS 232C Only connect the console port to equipment with serial ports that support EIA 232 formerly RS 232C SLB Branch Office Manager User Guide 268 D Adapters and Pinouts The serial device ports of the SLB branch office manager products match the RJ45 pinouts of the console ports of many popular devices found in a network environment The SLB device uses conventional straight through Category 5 fully pinned network cables for all connections when used with Lantronix ad
276. rt Telnet SSH or TCP Only one can be active at a time The default is None Telnet Port Telnet session port number to use if you selected Telnet Defaults Upper PC Card Slot 2049 Lower PC Card Slot 2050 Range 1025 65535 SSH Port SLB Branch Office Manager User Guide The SSH session port number to use if you selected SSH Defaults Upper PC Card Slot 3049 Lower PC Card Slot 3050 Range 1025 65535 121 9 PC Cards TCP Port The TCP raw session port number to use if you selected TCP Defaults Upper PC Card Slot 4049 Lower PC Card Slot 4050 Range 1025 65535 Authenticate If selected the SLB branch office manager requires user authentication before granting access to the port Authenticate is selected by default for Telnet Port and SSH Port but not for TCP Port 5 Click the Apply button PC Card Commands These commands for the command line interface correspond to the web page entries described above PC Card Storage Commands To mount a Compact Flash card in the SLB branch office manager for use as a storage device Note The Compact Flash card must be formatted with an ext2 or FAT file system before you mount it pccard storage mount lt upper lower gt To view a directory listing of a Compact Flash card pccard storage dir lt upper lower gt To unmount a Compact Flash card Note Enter this command before ejecting the card pccard storage unm
277. rver and wish to create an opening in your filter set select the NIS option and click the Add Rule button This entry adds a new rule to your filter set using the NIS configured IP address Other services and protocols added automatically generate the necessary rule to allow their use 3 Click the right arrow button to add the new rule to the bottom of the Rules list box on the right 4 To remove a rule from the filter set highlight that line and click the left arrow The rule populates the rule definition fields allowing you to make minor changes before reinserting the rule To clear the definition fields click the Clear button 5 Tochange the order of priority of the rules in the list box select the rule to move and use the up or down arrow buttons on the right side of the filter list box 6 To save click the Apply button The new filter displays in the menu tree Note To add another new filter rule set click the Back to IP Filter link to return to the IP Filter page Updating an IP Filter The administrator can update an IP filter rule set 1 On the IP Filter page select the IP filter ruleset to be edited and click the Edit Ruleset button The IP Filter Ruleset page displays 2 Edit the information as desired and click the Apply button Deleting an IP Filter The administrator can delete an IP filter rule set 1 On the IP Filter page select the IP filter ruleset to be deleted and click the Delete button
278. rvices nfs cifs menu auth hostlist localusers nis ldap radius kerberos tacacs consoleport deviceport locallog sysstatus syslog auditlog portstatus sysconfig portcounters connections slcnetwork sshkey history cli user remoteusers power i t listen bidirection unidirection terminate diag ping loopback traceroute arp lookup netstat sendpacket nettrac internals storage modem admin reboot shutdown ftp config firmware version banner keypad quicksetup web events Led Terminates CLI session Command Line Help For general Help and to display the commands to which you have rights type help For general command line Help type help command line For more information about a specific command type help followed by the command for example help set network Orhelp admin firmware Tips Type enough characters to identify the action category or parameter name uniquely For parameter values type the entire value For example you can shorten set network port 1 state static ipaddr 122 3 10 1 mask 2552554020 to se net po 1 st static ip 122 3 10 1 ma 255 255 0 0 Use the Tab key to automatically complete action category or parameter names Type a partial name and press Tab either to complete the name if only one is possible or to display the possible names if more than one is possible Following a space after the precedi
279. s a link back to the Device Ports Settings page displays SLB Branch Office Manager User Guide 110 8 Device Ports To view or update a host list 1 Inthe Host Lists table select the host list and click the View Host List button The list of hosts display in the Hosts box A NITOC YN IX LANTRON SLB884 User sysadmin Select port for configuration or webSSH Device Port only Device Status Device Ports Console Port PC Card Power Outlets Connections Host Lists Host Lists Help Host Lists Id Name Host List Id 0 Clear Host List Host List Name Add Host List Retry Count Edit Host List Authentication C Host Parameters Hosts in order of precedence Host Protocol TCP x gt cy o w Escape Sequence Clear Host Parameters 2 View add or update the following Host List Id view Displays after a host list is saved only Host List Name Enter a name for the host list Retry Count Enter the number of times the SLB branch office manager should attempt to retry connecting to the host list Authentication Select to require authentication when the SLB device connects to a host Host Parameters Host Name or IP address of the host Protocol Protocol for connecting to the host TCP SSH or Telnet Port Port on the host to connect to SLB branch office manager SLB Branch Office Manager User Guide 111 8 Device Por
280. scription Configures local accounts including sysadmin who log in to the SLB branch office manager by means of the Web SSH Telnet or the console port SLB Branch Office Manager User Guide 223 14 Command Reference set localusers allowreuse Syntax set localusers allowreuse lt enable disable gt Description Sets whether a login password can be reused set local users complexpasswords Syntax set localusers complexpasswords lt enable disable gt Description Sets whether a complex login password is required set localusers state Syntax set localusers state lt enable disable gt Description Enables or disables authentication of local users set localusers delete Syntax set localusers delete lt User Login gt Description Deletes a local user set localusers lifetime Syntax set localusers lifetime lt Number of Days gt Description Sets the number of days the login password may be used The default is 90 days set localusers maxloginattempts Syntax set localusers maxloginattempts lt Number of Logins gt Description Sets the maximum number of login attempts before the account is locked Disabled by default SLB Branch Office Manager User Guide 224 14 Command Reference set localusers password Syntax set localusers password lt User Login gt Description Sets a login password for the local user set localusers periodlockout Syntax set localusers perio
281. scription Displays a list of current connections Optionally emails the displayed information The connection IDs are in the left column of the resulting table The connection ID associated with a particular connection may change if the connection times out and is restarted show connections connid Syntax show connections connid lt Connection ID gt email lt Email Address gt SLB Branch Office Manager User Guide 261 14 Command Reference Description Provides details for example endpoint parameters and trigger for a specific connection Optionally emails the displayed information Note Use the basic show connections command to obtain the Connection ID show portcounters Syntax show portcounters deviceport lt Device Port List or Name gt email lt Email Address gt Description Generates a report for one or more ports Optionally emails the displayed information show portstatus Syntax show portstatus deviceport lt Device Port List or Name gt email lt Email Address gt Description Displays device port modes and states for one or more ports Optionally emails the displayed information show sysconfig Syntax show sysconfig display lt basic auth devices gt email lt Email Address Description Displays a snapshot of all configurable parameters Optionally emails the displayed information show sysstatus Syntax show sysstatus email lt Email Address gt Desc
282. ser Guide 194 12 Maintenance and Operation NA l LANTRONIX SLB884 HH pt p2 p3 p4 User sysadmin Select port for configuration or webSSH Device Port onlyy fnetwone semces User huentcaton en cu seu G 8 Firmware amp Configurations SystemLogs AuditLog Diagnostics Status Reports Events Diagnostics Help Select Diagnostics All C Arp Table O Netstat Protocol All QTCP QUDP C Host Lookup Hostname C Ping Hostname C Send Packet Protocol TCP UDP Hostname Port String Count 1 O SLB Internals Run Diagnostics 2 Enter the following Select Diagnostics Select one or more diagnostic methods you want to run or select All to run them all ARP Table Address Resolution Protocol ARP table used to view the IP address to hardware address mapping Netstat Displays network connections If you select the checkbox select a protocol or select All for both protocols to control the output of the Netstat report Host Lookup If you enter a host name in the corresponding Hostname field verifies that the SLB branch office manager can resolve the host name into an IP address if DNS is enabled Ping If you enter a host name in the corresponding Hostname field verifies that the host is up and running SLB Branch Office Manager User Guide 195 12 Maintenance and Operation Send Packet This option sends an Ethernet
283. sessions for local users and users listed in the remote users list set cli terminallines Syntax set cli terminallines lt disable Number of lines gt Description Sets the number of lines in the terminal emulation screen for paging through text one screenful at a time if the SLB device cannot detect the size of the terminal automatically Note Settings are retained between CLI sessions for local users and users listed in the remote users list set localusers lock Syntax set localusers lock lt User Login gt Description Block lock out a user s ability to log in set localusers unlock Syntax set localusers unlock lt User Login gt SLB Branch Office Manager User Guide 231 14 Command Reference Description Allow unlock a user s ability to log in show cli Syntax show cli Description Displays current CLI settings show user Syntax show user Description Displays attributes of the currently logged in user set history Syntax set history clear Description Clears the commands that have been entered during the command line interface session show history Syntax show history Description Displays the last 100 commands entered during the session Connection Commands connect bidirection Syntax connect bidirection lt Port or Name gt lt endpoint gt lt one or more Parameters gt Parameters Endpoint is one of charcount lt of Chars gt
284. shbuttons With the SLB device powered up you can use the front panel display and pushbuttons to set up the basic parameters Figure 4 1 Front Panel LCD Display and Five Pushbuttons Enter Up Down Left Right The front panel display initially shows the hostname abbreviated to 14 letters total current level and state of the four outlets When you click the right arrow pushbutton the SLB device s network settings display Using the five pushbuttons you can change the network console port and date time settings and view the firmware release version If desired you can restore the factory defaults SLB Branch Office Manager User Guide 30 up down arrow 4 Quick Setup Note Have your information handy as the display times out without accepting any unsaved changes if you take more than 30 seconds between entries Any changes made to the network console port and date time settings take effect immediately Navigating The front panel has one Enter button in the center and four arrow buttons up left right and down Press the arrow buttons to navigate from one option to another or to increment or decrement a numerical entry of the selected option Use the Enter button to select an option to change or to save your settings To move to the next option e g from Network Settings to right arrow Console Settings To return to the previous option left arrow To enter edit mode Enter center button
285. sorsoft Device 93 Device Port Commands 94 Device Commands 96 Interacting with a Device Port 97 Device Ports Logging 98 Local Logging 98 NFS File Logging 99 PC Card Logging 99 Email SNMP Notification 99 Sylog Logging 100 Logging Commands 103 Console Port 104 Console Port Commands 105 Power Outlets 106 Power Outlet Commands 108 Host Lists 108 Host List Commands 112 9 PC Cards 114 Storage Settings 115 Data Settings 118 ISDN Settings 119 GSM GPRS Settings 119 Text Mode 120 PPP Mode 120 IP Settings 124 PC Card Commands 122 PC Card Modem Commands 123 10 Connections 125 Typical Setup Scenarios for the SLB Device 126 Terminal Server 126 SLB Branch Office Manager User Guide 6 Remote Access Server 126 Reverse Terminal Server 127 Multiport Device Server 127 Console Server 127 Connection Configuration 129 Connection Commands 131 11 User Authentication 134 Authentication Commands 136 Local and Remote Users 137 Local Remote User Settings 138 Local Users Commands 143 Local User Rights Commands 144 Remote User Commands 144 NIS 145 NIS Commands 148 LDAP 149 LDAP Commands 153 RADIUS 154 RADIUS Commands 157 Kerberos 158 Kerberos Commands 162 TACACS 163 TACACS Commands 166 SSH Keys 166 Imported Keys 167 Exported Keys 167 SSH Commands 172 Custom User Menus 174 Custom User Menu Commands 1
286. ssfully connects to one To establish and configure host lists click the Host Lists link See Host Lists on page 108 Negotiate IP Address Authentication If the SLB branch office manager and or the serial device have dynamic IP addresses e g IP addresses assigned by a DHCP server select Yes This is the default If the SLB device or the modem have fixed IP addresses select No and enter the Local IP IP address of the port and Remote IP IP address of the modem Enables PAP or CHAP authentication for modem logins PAP is the default With PAP users are authenticated by means of the Local Users and any of the remote authentication methods that are enabled With CHAP the CHAP Handshake fields authenticate the user CHAP Handshake The host username for UNIX systems or secret user password for Windows systems used for CHAP authentication May have up to 128 characters Same authentication for Dial in amp Dial on Demand DOD Select this option to let incoming connections dial in use the same authentication settings as outgoing connections dial on demand If this option is not selected then the dial on demand connections take their authentication settings from the DOD parameter settings If DOD Authentication is PAP then the DOD CHAP Handshake field is not used SLB Branch Office Manager User Guide 120 9 PC Cards DOD Authentication Enables PAP or CHAP authentication
287. t and is the correct setting if the device port is the endpoint for a connection SLB Branch Office Manager User Guide 87 8 Device Ports Show Lines on Connecting If enabled when the user either does a connect direct from the CLI or connects directly to the port using Telnet or SSH the SLB outputs up to 24 lines of buffered data as soon as the serial port is connected For example an SLB branch office manager issues a connect direct device 1 command to connect port 1 to a Linux server Then the SLB device user gets a directory with the 1s command exits the connection When the SLB user issues another direct connect device 1 the output of the 1s command or some portion of it is output again so the user can know what state the server was left in Hardware Signal Trigge S Check DSR on Connect Disconnect on DSR If this setting is enabled the device port only establishes a connection if DSR Data Set Ready is in an asserted state DSR should already be in an asserted state not transitioning to when a connection attempt is made Disabled by default unless dial in dial out or dial back is enabled for the device port If a connection to a device port is currently in session and the DSR signal transitions to a de asserted state the connection disconnects immediately Disabled is the default unless dial in dial out or dial back is enabled for the device port Modem Settings
288. t to Lantronix Tech Support c Call Lantronix Tech Support and obtain a case number Note For contact information click the Lantronix Tech Support link d Enter the number in Case Number e Press the Email Output button A message asks for confirmation Click OK To clear system logs 1 2 From the main menu select SLB Maintenance System Logs Select the logs you want to clear and click the Clear Log button SLB Branch Office Manager User Guide 192 12 Maintenance and Operation System Log Command The following command for the command line interface corresponds to the web page entries described above To view the system logs containing information and error messages show syslog lt parameters gt Parameters email lt Email Address gt level lt error warning info debug gt log lt all netlog servlog authlog devlog diaglog genlog gt display lt head tail gt numlines lt Number of Lines gt startingtime lt MMDDYYhhmm ss endtime lt MMDDYYhhmm ss Note The level and time parameters cannot be used simultaneously To clear one or all of the system logs show syslog clear lt all netlog servlog authlog devlog diaglog genlog gt Audit Log The Audit Log web page displays a log of all actions that have changed the configuration of the SLB branch office manager The audit log is disabled by default Use the Services web page 7 Services to enab
289. tart with 172 19 Date and Time You can specify the current date time and time zone at the SLB branch office manager s location default or the SLB device can use NTP to synchronize with other NTP devices on your network To set the local date time and time zone 1 Click the Services tab and select the Date amp Time option The following page displays SLB Branch Office Manager User Guide 76 7 Services LANTRONIX SLB884 User sysadmin Change Date Time C Date Time Time Zone PST8PDT SSH Telnet Logging SNMP NFS CIFS SecureLinx Network Date amp Time Date amp Time Enable NTP Synchronize via Broadcast from NTP Server Pall NTP Server s s P1 P2 P3 P4 ss Select port for configuration or O webssH Device Port only Help The SLB can synchronize its clack with a remote time server using NTP Local 1 2 3 Public US San Jose clock sjc he net 216 218 254 202 2 Enter the following Change Select the checkbox to manually enter the date and time at Date Time the SLB branch office manager s location Date From the drop down lists select the current month day and year Time From the drop down lists select the current hour and minute Time Zone From the drop down list select the appropriate time zone 3 To save click the Apply button To synchronize the SLB branch office manage
290. their precedence using the next method ifthe previous one rejected the authentication or using only the first authentication method that responds M Attempt next method on authentication rejection 2 To enable a method currently in the Disabled methods list select the method and press the left arrow to the left of the list The methods include NIS Network Information System A network naming and administration system developed by Sun Microsystems for smaller networks Each host client or server computer in the system has knowledge about the entire system A user at any host can access files or applications on any host in the network with a single user identification and password NIS uses the client server model and the Remote Procedure Call RPC interface for communication between hosts NIS consists of a server a library of client programs and some administrative tools NIS is often used with the Network File System NFS LDAP Lightweight Directory Access Protocol RADIUS Remote Authentication Dial In User Service A set of protocols for accessing information directories specifically X 500 based directory services LDAP runs over TCP IP or other connection oriented transfer services An authentication and accounting system used by many Internet Service Providers ISPs A client server protocol it enables remote access servers to authenticate dial in users and authorize their access to the request
291. tion The default is 60 seconds Restart Delay The number of seconds for the period after the notification has been sent during which the device port ignores additional characters received The data is simply ignored and does not trigger additional alarms until this time elapses The default is 60 seconds SLB Branch Office Manager User Guide 101 8 Device Ports Text String The specific pattern of characters the SLB branch office manager must recognize before sending a notification to the technician about this port The maximum is 100 characters You may use a regular expression to define the pattern For example the regular expression abc def g recognizes the strings abcdg abceg abcfg The SLB device supports GNU regular expressions for more information see http Awww codeforge com help GNURegularExpr html http www delorie com gnu docs regex regex html Email to The complete email address of the message recipient s for each device port s Each device port has its own recipient list To enter more than one email address separate the addresses with a single space You can enter up to 128 characters Email Subject A subject text appropriate for your site May have up to 128 characters The email subject line is pre defined for each port with its port number You can use the email subject to inform the desired recipients of the problem on a certain server or location e
292. tion The following page displays SLB Branch Office Manager User Guide 199 12 Maintenance and Operation LANTRONIX SLB884 eee Pe NN 22468 BESS B User sysadmin Select port for configuration or WebSSH Device Port only Firmware amp Configurations System Logs Audit Log Diagnostics Status Reports Events Status Reports Help Device Ports Eth1 Up 1 0k 3 0k 5 Ok 7 0k Eth2 Down 2 0k 4 0k 6 Ok 8 0k Power Supply A Ok Power Supply B N A Console Port Ok Power Outlet P1 On Power Outlet P2 On Power Outlet P3 On Power Outlet P4 On View Report All O System Configuration Complete Port Status System Configuration Basic O Port Counters O System Configuration Authentication C IP Routes C System Configuration Devices Connections Generate Report The top half of the page displays the status of each port power supply and power outlet Green indicates that the port connection or power supply is active and functioning correctly Red indicates an error or failure or that the device is off 2 Enter the following View Report View Report Select as many of the reports as desired or select All Port Status Displays the status of each device port mode user any related connections and serial port settings Port Counters Displays statistics related to the flow of data through
293. tion or O webssH Device Port only a he Help Welcome to the SecureLinx Branch Office Manager Below are basic settings that itis recommended you configure before using the SecureLinx Branch Office Manager Ifthese settings are OK click the checkbox below and select the Apply button Oo Accept default Quick Setup settings The SLB has two Ethernet ports Eth1 and Eth2 By default both Eth1 and Eth2 are configured for DHCP Default Gateway 172 18 0 1 Hostname tssis o Note The hostname will be used as the prompt in the Command Line Interface Domain supportintlantroni Administrator Settings The sysadmin user has complete privileges for SLB administration Date The default password is PASS Time A P Sysadmin Password Time Zone PST8PDT 4 Ss Retype Password 4 To accept the defaults select the Accept default Quick Setup settings checkbox in the top portion of the page and click the Apply button at the bottom of the page Otherwise continue with step 5 Note Once you click the Apply button on the Quick Setup page you can continue using the web interface to configure the SLB branch office manager further 5 Enter the following Network Settings Note Configurations with the same IP subnet on multiple interfaces Ethernet or PPP are not currently supported SLB Branch Office Manager User Guide 34 4 Quick Setup Eth 1 Settings Disabled If selecte
294. tional adapters that provide a connection between an RJ45 jack and a DB9 or DB25 connector The console port is configured as DTE For more information SLB Branch Office Manager User Guide 25 3 Installation see D Adapters and Pinouts and our web site at www lantronix com support_ and click Cable Adapter Lookup_on the Support menu To connect a terminal 1 Attach the Lantronix adapter to your terminal use PN 200 2066A adapter or your PC s serial port use PN 200 2070A adapter 2 Connect the Cat 5 cable to the adapter and connect the other end to the SLB console port 3 Turn on the terminal or start your computer s communication program e g HyperTerminal for Windows 4 Once the SLB branch office manager is running press Enter to establish connection You should see the model name and a login prompt on your terminal You are connected Connecting to a Power Source The SLB branch office manager consumes less than 20W of electrical power The SLB device has a universal auto switching AC power supply The power supply accepts AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz Rear mounted IEC type AC power connector s are provided for universal AC power input see page 22 for included power cords Figure 4 2 AC Power Input Connecting Devices to Power Outlets To avoid the possibility of noise due to arcing 1 Keep the device s on off switch in the off position until after it is pl
295. to leave direct interactive mode To leave listen mode press any key A suggested value is Esc A escape key then uppercase A performed quickly but not simultaneously You would specify this value as x1bA which is hexadecimal x character 27 1B followed by an A This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport tcp Or udp SLB Branch Office Manager User Guide 155 11 User Authentication Break A series of 1 10 characters users can enter on the command Sequence line interface to send a break signal to the external device A suggested value is Esc B escape key then uppercase B performed quickly but not simultaneously You would specify this value as x1bB which is hexadecimal x character 27 1B followed by a B Data Ports The ports users are able to monitor and interact with using the connect direct command U and L denote the PC Card upper and lower slots Listen Port The ports users are able to monitor using the connect listen command Clear Port Buffers The ports whose port buffer users may clear using the set locallog clear command Access Outlets The power outlets users may monitor and configure Note Older RADIUS servers may use 1645 as the default port Check your RADIUS server configuration 3 Inthe User Rights section select the user group to which RADIUS users will
296. to use NIS to authenticate users 1 Click the User Authentication tab and select the NIS option SLB Branch Office Manager User Guide 145 11 User Authentication LANTRONIX SLB884 i EEEH p p2 pa Ps Logout User sysadmin Select port for configuration or Owebssu Device Port only Authentication Methods LocalRemote Users NIS LDAP RADIUS Kerberos TACACS SSH Keys NIS Help Enable NIS C The SLB can be configured to use NIS to authenticate users who login to the SLB via SSH Telnet the Web or the Console Port NIS Domain If port permissions are not provided via NIS NIS users are granted Device Port Note The NIS Domain must match the aie S 7 S access through the port permissions below NIS domain name on the NIS Server Broadcast for NIS Server 7 NIS Master Server NIS Slave Server 1 j Custom Menu lt none gt Data Ports 1 8UL NIS Slave Server 2 E Escape Sequence x1bA Listen Ports 1 8 U L NIS Slave Server 3 DE a Break Sequence bibb Clear Port Buffers 1 8 U L NIS Slave Server 4 Access Outlets 1 4 NIS Slave Server 5 User Rights Default Users All NIS users are members of a group which Groun O Power ser E O Administrators defined by the group can be added Full Administrative 7 Local Users Reboot amp Shutdown C Networking C Remote Authentication 7 Firmware amp Configuration 7 Services SSH Keys D Diagnostics amp Reports 1 S
297. tory path must be the local directory for one of the NFS mounts For each logging file once the file size reaches the maximum a new file opens for logging Once the number of files reaches the maximum the oldest file is overwritten The file naming convention is lt Device Port Number gt _ lt Device Port Name gt _ lt File numbers gt log Examples 02_Port 2_1 log 02_Port 2_2 log 02_Port 2_3 log 02_Port 2_4 log 02_Port 2_5 log PC Card Logging Data can be logged to a PC Card Compact Flash that is loaded into one of the PC Card slots on the front of the SLB branch office manager and properly mounted see PC Card Logging on page 99 Data logged locally to the SLB device is limited to 256 Kbytes and may be lost in the event of a power loss Data logged to a PC Card Compact Flash does not have these limitations The system administrator can define the file size and number of files per port For each logging file once the file size reaches the maximum a new file opens for logging Once the number of files reaches the maximum the oldest file is overwritten The file naming convention is lt Device Port Number gt _ lt Device Port Name gt _ lt File number gt log Examples 02_Port 2_1 log 02_Port 2_2 log 02_Port 2_3 log 02_Port 2_4 log 02_Port 2_5 log Email SNMP Notification The system administrator can configure the SLB branch office manager to send an email alert message indicating a particular condition detected in the device port log
298. ts Escape Sequence The escape character used to get the attention of the SSH or Telnet client It is optional and if not specified Telnet and SSH use their default escape character For Telnet the escape character is either a single character or a two character sequence consisting of followed by one character If the second character is the DEL character is selected Otherwise the second character is converted to a control character and used as the escape character tat For SSH the escape character is a single character 3 You have the following options To add a host to the host list click the right arrow The host displays in the Hosts box To remove a host from the host list select the host in the Hosts box and click the left arrow To give the host a higher precedence select the host in the Hosts box and click the up arrow To give the host a lower precedence select the host in the Hosts box and click the down arrow 4 Click the Edit Host List button After the process completes a link back to the Device Ports Settings page displays To delete a host list 1 Select the host list in the Host Lists table 2 Click the Delete Host List button After the process completes a link back to the Device Ports Settings page displays Host List Commands The following CLI commands correspond to the web page entries described above To configure a prioritized list of hosts to b
299. type Password fields Note You can change Escape Sequence and Break Sequence if desired You cannot delete the UID or change the UID port permissions or custom menu 3 Click the Apply button SLB Branch Office Manager User Guide 142 11 User Authentication Local Users Commands The following CLI commands correspond to the web page entries described above To configure local accounts including sysadmin who log in to the SLB branch office manager by means of SSH Telnet the Web or the console port set localusers add edit lt User Login gt lt parameters gt Parameters accessoutlets lt Outlet List gt allowdialback lt enable disable gt breakseq lt 1 10 Chars gt changenextlogin lt enable disable gt changepassword lt enable disable gt clearports lt Port List gt custommenu lt Menu Name gt dataports lt Port List gt dialbacknumber lt Phone Number gt displaymenu lt enable disable gt scapeseq lt 1 10 Chars gt group lt default power admin gt listenports lt Port List gt passwordexpires lt enable disable gt permissions lt Permission List gt uid lt User Identifier gt To set whether a complex login password is required set localusers complexpasswords lt enable disable gt To enable or disable authentication of local users set localusers state lt enable disable gt To set a login password for the local user set localusers password lt User Login gt
300. u can use SSH or Telnet to connect to the SLB device Note By default Telnet is disabled and SSH is enabled To enable Telnet use the Services web page see 7 Services a serial terminal connection or an SSH connection To complete the command line interface Quick Setup script 1 Do one of the following With a serial terminal connection power up and when the command line displays press Enter With a network connection use an SSH program or Telnet program if Telnet has been enabled to connect to xx xx xx xx the IP address in dot quad notation and press Enter You should be at the login prompt 2 Enter sysadmin as the user name and press Enter 3 Enter PASS as the password and press Enter The first time you log in the Quick Setup script runs automatically Normally the command prompt displays Figure 4 2 Beginning of Quick Setup Script Quick Setup will now step you through configuring a few basic settings The current settings are shown in brackets You can accept the current setting for each question by pressing lt return gt 4 Enter the following information at the prompts Note To accept a default or to skip an entry that is not required press Enter Configure Eth1 Select one of the following lt 1 gt obtain IP Address from DHCP The unit will acquire the IP address subnet mask hostname and gateway from the DHCP server The DHCP server may or may not provide the gateway a
301. ublic key only show sshkey server type lt all rsal rsa dsa gt 6 Click the Apply button New entries display in the Imported SSH Keys table and Exported SSH Keys table as applicable Custom User Menus Local and remote users can have a custom user menu as their command line interface rather than the standard command set Instead of typing each command the user enters the number associated with the command Each command can also have a nickname that can display in the menu instead of the command From the current menu a user can display another menu thus allowing menus to be nested The special command showmenu lt Menu Name gt displays a specified menu The special command returnmenu redisplays the parent menu if the current menu was displayed from a showmenu command The user with appropriate rights creates and manages custom user menus from the command line interface but can assign a custom user menu to a user from either the command line or the web interface Custom User Menu Commands When creating a custom user menu note the following limitations Maximum of 20 custom user menus Maximum of 50 commands per custom user menu logout is always the last command Maximum of 15 characters for menu names SLB Branch Office Manager User Guide 174 11 User Authentication Maximum of five nested menus can be called No syntax checking Enter each command correctly To assign a custom user menu to a
302. uctions for using the web interface you will find the equivalent CLI commands You can access the command line interface using Telnet SSH or a serial terminal connection Note By default Telnet is disabled and SSH is enabled To enable Telnet use the Services web page a serial terminal connection or an SSH connection See 7 Services The sysadmin user and users with who have full administrative rights have access to the complete command set while all other users have access to a reduced command set based on their permissions Logging in To log in to the SLB command line interface 1 Do one of the following With a serial terminal connection power up and when the command line displays press Enter Ifthe SLB branch office manager already has an IP address assigned previously or assigned by DHCP Telnet if Telnet has been enabled or SSH to XX XX XX XX the IP address in dot quad notation and press Enter The login prompt displays 2 To log in as the system administrator for setup and configuration a Enter sysadmin as the user name and press Enter b Enter PASS as the password and press Enter The first time you log in the Quick Setup script runs automatically Normally the command prompt displays If you want to display the Quick Setup script again use the admin quicksetup command Note The system administrator may have changed the password using one of the Quick Setup methods in the previous chapter
303. ugged into the outlet or log in to the unit and turn the outlets off before connecting the devices 2 Connect devices to the outlets There are four power outlet status LEDs next to outlet number 1 The status LED for outlet 1 is at the top If the LED for an outlet is dark the outlet is turned off if it is lit the outlet is turned on Figure 3 2 Power Outlets SLB Branch Office Manager User Guide 26 3 Installation The status of the power outlets displays on the front panel LCD display as the default display Connecting Devices to the 8 Port Ethernet Switch To connect devices to the unmanaged Ethernet switch 1 Use the included 1Ft Ethernet patch cable to connect Ethernet port 1 on the SLB branch office manager to one of the switch ports Figure 3 3 8 Port Ethernet Switch 10 100 SWITCH 4 L Note The eight unmanaged Ethernet ports are not internally connected to the other two Ethernet ports 2 Use a standard Ethernet patch cable to connect another switch port to your network 3 Up to 6 more Ethernet devices may be connected to your network Use standard Ethernet patch cables from the Ethernet devices to the SLB device s switch ports An example of a standard Ethernet patch cable is the Lantronix 200 0062 RJ45 TO RJ45 CAT5 CABLE LAN PINNING 6 6 Ft Typical Installations Following are illustrations showing some typical ways to install the SLB branch office manager In Figure 3 4 three serial devi
304. uide 17 2 Overview Application Example The figure below is an example deployment An SLB branch office manager is deployed in each branch office and an optional SLM management appliance at the main office The branch offices are interconnected always on by VPN routers overlaid on the Internet and also interconnected on demand through the analog phone system Note The SLB branch office manager can also be the authentication gateway to a network architecture that is not VPN based The SLB device provides Ethernet switch service blue remotely controlled and monitored AC power orange console management green and traditional wired telephone network PSTN access yellow Administrator Corporate HQ Branch Office 1 Branch Office 3 Branch Office 2 SLB Branch Office Manager User Guide 18 2 Overview Asystem administrator upon losing IP connectivity to a server takes the following steps Views the server s Ethernet interface state information provided by the SLB branch office manager Ifthe Ethernet interface is faulty connects to the server s console port by means of the SLB web page or CLI optionally via the SLM management appliance and checks the server s system parameters Ifthe server is not responsive on the console port commands the SLB branch office manager to reboot the server s power Ifthe entire branch office loses IP connectivity dial in to the SLB device to per
305. uide 74 7 Services c To open a Telnet session to a specific device port click the Yes link in the Telnet Enabled column d To open an SSH session to the CLI click Yes in the SSH to the CLI Enabled field above the table e To open an SSH session to a specific device port click the Yes link in the SSH Enabled column To configure how secure IT management devices are searched for on the network 1 Click the Search Options link on the top right of the Secure Lantronix Network page The following web page displays NIX X SLB884 m1357 p p psp S _ Ez 2468 ssss B User sysadmin Select port for configuration or O webssH Device Port only SSH Telnet Logging SNMP NFS CIFS SecureLinx Network Date amp Time SecureLinx Network Search Options Help SecureLinx Network Search Local Subnet Manually Entered IP Address List Both IP Address IP Address List No IP Address 2 Enter the following Secure Lantronix Select the type of search you want to conduct N rk rch Suter Local Subnet performs a broadcast to detect secure IT management devices on the local subnet Manually Entered IP Address List provides a list of IP addresses that may not respond to a broadcast because of how the network is configured The default is Both IP Address If you selected Manually Entered IP Address List or Both enter the IP address of the secure IT management device you want to find and mana
306. ull duplex or half duplex and speed 10 or 100Mbit of data transmission The default is Auto which allows the Ethernet port to auto negotiate the speed and duplex with the hardware endpoint to which it is connected Eth 1 and or Eth2 Multicast Displays the multicast address of the Ethernet port SLB Branch Office Manager User Guide 49 Gateway 6 Basic Parameters Default IP address of the router for this network If this has not been set manually any gateway acquired by DHCP for Eth1 or Eth2 displays All network traffic that matches the Eth1 IP address and subnet mask is sent out Eth1 All network traffic that matches the Eth2 IP address and subnet mask is sent out Eth 2 If you set a default gateway any network traffic that does not match Eth1 or Eth2 is sent to the default gateway for routing DHCP Acquired view only GPRS Acquired view only Precedence Gateway acquired by DHCP for Eth1 or Eth2 Displays the IP address of the router if it has been automatically assigned by General Packet Radio Service GPRS Indicates whether the gateway acquired by DHCP or the default gateway takes precedence The default is DHCP Gateway If the DHCP Gateway is selected and both Eth1 and Eth2 are configured for DHCP the SLB branch office manager gives precedence to the Eth1 gateway Alternate An alternate IP address of the router for this network to be used if an IP address usual
307. urity Practice should state The dos and don ts of maintaining security For example the power of SSH and SSL is compromised if users leave sessions open or advertise their password The assumptions that users can make about the facility and network infrastructure for example how vulnerable the CAT 5 wiring is to tapping Factors Affecting Security External factors affect the security provided by the SLB device for example Telnet sends the login exchange as clear text across Ethernet A person snooping on a subnet may read your password A terminal to the SLB branch office manager may be secure but the path from the SLB device to the end device may not be secure With the right tools a person having physical access to open the SLB branch office manager may be able to read the encryption keys There is no true test for a denial of service attack there is always a legitimate scenario for a request storm A denial of service filter locks out some high performance automated scripted requests The SLB device will attempt to service all requests and will not filter out potential denial of service attacks SLB Branch Office Manager User Guide 266 C Safety Information Safety Precautions Please follow the safety precautions described below when installing and operating the SLB branch office manager Cover Do not remove the cover of the chassis There are no user serviceable parts inside Op
308. wer Outlets Connections Host Lists Device Status Help Device Port Status and Counters PC Card Slots No Name ake tout EOTS Connection Status Slot Device __ Type Upper none NIA 1 Port 1 No 00 0 dle Lower Inone NA 2 Port2 No O0 0 dle 3 Pot3 No O0 a dle 4 Part 4 No 0 0 0 dle 5 Port 5 No 00 0 dle Power Outets 6 Port 6 No 00 0 dle Name State 7 Pot No 00 0 dle PowerOutlet 1 On 8 Ports No 00 0 dle PowerOutlet 2 On PowerOutle 3 On PowerOutlet 4 On Global Port Settings On the Device Ports page you can set up the numbering of Telnet SSH and TCP ports view a summary of current port modes establish the maximum number of direct connections for each device port and select individual ports to configure 1 Click the Devices tab and select the Device Status option The following page displays SLB Branch Office Manager User Guide 81 8 Device Ports LANTRONIX SLB884 e135 7 BMG pe ps ps 22468 BESS User sysadmin Select port for configuration or O webSSH Device Port only me e wortenace J Quck sen a i Device Status Device Ports Console Port PCCard Power Outlets Connections Host Lists Device Ports Help Telnet SSH TCP In Port Numbers Ports Renumber the Telnet In SSH In or TCP In Port Number for all Device Ports No Name Mode Select Starting Telnet Port 2001 1 Port t dle Starting SSH Port 3001 2 Port2 dle O Starting TCP Port 4001 aoje ae 2 4 Ported dl
309. wing Use the front panel LCD display and pushbuttons Complete the Quick Setup web page on the web interface SSH to the command line interface and follow the Quick Setup script on the command line interface Connect to the console port and follow the Quick Setup script on the command line interface Note The first time you power up the SLB unit Eth1 tries to obtain its IP address via DHCP If you have connected Eth1 to the network and Eth1 is able to acquire an IP address you can view this IP address on the LCD or Lantronix Detector downloadable at http www lantronix com support downloads If Eth cannot acquire an IP address you cannot use Telnet SSH or the web interface to run Quick Setup IP Address Your SLB branch office manager must have a unique IP address on your network The system administrator generally provides the IP address and corresponding subnet mask and gateway The IP address must be within a valid range unique to your network and in the same subnet as your PC You have the following options for assigning an IP address to your SLB device DHCP Table 4 1 Methods of Assigning an IP Address A DHCP server automatically assigns the IP address and network settings The SLB branch office manager is DHCP enabled by default With the Eth1 network port connected to the network and the SLB device powered up Eth1 acquires an IP address viewable on the LCD At this point you can
310. y a domain name for example support lantronix com The domain name is used for host name resolution within the SLB branch office manager For example if abed is specified for the SMTP server and mydomain com is specified for the domain if abcd cannot be resolved the SLB device attempts to resolve abcd mydomain com for the SMTP server DNS Servers DNS Servers 1 3 Configure up to three name servers 1 is required if you choose to configure DNS Domain Name Server servers The first three DNS servers acquired via DHCP through Eth1 and or Eth2 display automatically DHCP Acquired DNS Servers 1 3 GPRS Acquired DNS Servers 1 3 Displays the IP address of the name servers if automatically assigned by DHCP Displays the IP address of the name servers if automatically assigned by General Packet Radio Service GPRS TCP Keepalive Parameters Start Probes Number of seconds the SLB branch office manager waits after the last transmission before sending the first probe to determine whether a TCP session is still alive The default is 600 seconds 10 minutes Number of Probes Number of probes the SLB device sends before closing a session The default is 5 Interval The number of seconds the SLB branch office manager waits between probes The default is 60 seconds 3 To save your entries click the Apply button Apply makes the changes immediately and saves them so they
311. y and Pushbuttons 30 Navigating 31 Entering the Settings 31 Restoring Factory Defaults 33 Method 2 Quick Setup on the Web Page 33 Method 3 Quick Setup on the Command Line Interface 37 Next Step 39 5 Web and Command Line Interfaces 40 Web Interface 40 Logging in 42 Logging off 42 Web Page Help 42 Command Line Interface 43 Logging in 43 Logging out 43 Command Syntax 44 Command Line Help 45 Tips 45 General CLI Commands 46 6 Basic Parameters 47 Requirements 47 Ethernet Counters 51 Network Commands 52 IP Filter 53 Viewing IP Filters 53 Enabling IP Filters 54 Configuring IP Filters 54 Updating an IP Filter 56 Deleting an IP Filter 56 Mapping a Rule Set 56 IP Filter Commands 57 Routing 58 Equivalent Routing Commands 59 7 Services 60 System Logging and Other Services 60 SSH Telnet Logging 60 SNMP 64 SNMP SSH Telnet and Logging Commands 66 SLB Branch Office Manager User Guide 5 NFS and SMB CIFS 69 NFS and SMB CIFS Commands 71 Secure Lantronix Network 72 Secure Lantronix Network Commands 76 Date and Time 76 Date and Time Commands 78 8 Device Ports 80 Connection Methods 80 Permissions 81 Device Status 81 Global Port Settings 81 Global Commands 83 Global Commands 84 Device Ports Settings 84 Port Status and Counters 91 Device Ports SLP Power Manager 91 Device Port Sen
Download Pdf Manuals
Related Search