Lantronix SCS1620
Contents
1. c SCS SCS 9 Ethernet 10Base T 100Base TX C EIA 232 RS 232C2. Vil C
3. EIA 232 RS 232C viii BEC A HANE SCSxx05 SCSxx20 Secure Console Server i UWR yeti OLS ahn C dogm HUET 0 WR Af 0 T iH TELA ALREDS Virg Tth Lantronix Matt lt L RET S Ifo CTC FSW vF e o bP Sse Tee Lan 2 FORE 777 he DASA TaM EL SACRA OB ETUR LS TESS THIS 2 FERRO He 2 22v PICASA MW L955m856onoD a y PICA lt AC arti A xv T 00 FE 12 pM tLe See UPS EH Le Ev lt MER RS Lb lt TIGR I Bee I MEHELT ES Fax AROS SLD o ER 25y FLERE MRE SCS dI Fod AENT LI k AALT CER
4. P P Port Permissions selected Continue with Configure Global Port Permissions or Done User Authentication Configuring Global Port Permissions With this option you can configure global default port permissions for users This is useful if you are using NIS LDAP or RADIUS to authenticate users and you have not used to create a port permissions file for every user global port permissions will be used for users who do not have their own port permissions file or do not have port permissions specified in an NIS map You can configure the following permissions Allow Direct direct mode default port permissions users may interact with a port See page 7 5 for more information on direct mode Allow Listen listen mode default port permissions users may only view the data on a port Allow Clear clear default port permissions users may clear the port buffer 4 1 SCSxx05 SCSxx20 User Guide 4 Configuration 1 With Configure Global Port Permissions selected press Enter The direct mode permissions prompt displays 2 If desired enter a range and or list of ports for example 1 3 5 7 to which the direct mode permissions will apply Default Permissions What is the value for ALLOW DIRECT Specify the port direct mode default
5. 3 10Base T 100Base TX URSE HEA eie ape JI ElA 232 0 E RS 232C B WAGE PEM S Sloot HE 232 0 74 5 2320 WAGE 48 ZED Sys Asda A S Xil kE ERN 5 5 05 5 5 20 Secure Console Server 8 eet EE Eme HL PEE SEES EUER PRR Ka AR Uri TET iia ik Lantronix 2 8 EHTA 4E ES T fF IM weg SEFE ER Pee pU IE ee RS UY REE GNE ee Bf dl EE PR Lene eC ee eT ree AY TRAPP EP CEA i PES I UPS AE a Er a HE pH SU HR NER ET BE PR BRP RTE AR a ATER ERR ASR EA lao CS jk up RHLEEHIARSeMENM ERIE 5 5 27 1 SCS MEE HRO S sf 10Base T 100Base TX HRAN pesi eO mod EIA 232 GAR RS 232C RAT E 0 232 LEM RS 232C EH xiii SCSxx05 SCSxx20 Secure Console Server 2 3 8 s 88 F Paya Sat au
6. Secure Console Server SCSxx05 SCSxx20 Lantronix B B M
7. e 4 13 SCSxx05 SCSxx20 User Guide 4 Configuration 10 Press Enter The email address prompt displays 11 Enter the complete email address of the message recipient s for each device port s Each device port has its own recipient list If you wish to enter more than one email address separate the addresses with a single space Set Email Address es Device Port 1 4 5 7 Answer SiteTech ServerFarm com 12 Press Enter The cc prompt displays 13 Enter the email address es if any to which the alert message should be copied If entering more than one email address separate the addresses with a single space You may cc as many parties as you wish 14 Press Enter The Device Logging Parameters menu returns with Done selected You may select the other options to change you settings if desired 15 When you are satisfied with your entries and want to save them press Enter A confirmation prompt displays 16 To confirm your entries select Yes The system saves the entries to flash memory You have two options configure additional device ports select Yes and press Enter Ifyou have finished configuring device ports select No and press Enter The Device Logging Parameters menu returns with Done Device Ports selected Note Email notification changes do not take affect until after the system reboots Done Device Ports To return to the setup menu when you are satisfied with
8. 10 2 5 7 Ry o FAAA EIA 232 RS 232C amp Vb FT 5297 Je aR GIVE LT ES o S iR vib EIA 232 RS 2320 UT aR A EN OFM aro 59 SCSxx05 SCSxx20 Secure Console az g 2 amp HE 4 amp 9 ABS MALS AWS BIA HHA WS SBS ASA Sole RSL AHS SAL SIS US ASSe let Se SAS 8 OI Qe ADA Lantronix 94 AHA Se ASE HACE SAIS Oct WHO SBS ASO FHS SHS SO BA amp 2 Sea Ses AAO ASGAL REMA COLS BE MAGA BIAIS 8 ASSO 872 8 Al S ASS SHE SHA JUE 511 m 3 AAD 9992 Sete 1 AS MOSES S3 Ger ex sax AY 482 BNSEZSI UPSE MESHA S ee 70 fae ASS AAS ASA BA MX SHB ze 51 circuit 0 gD ABA ABZ ade 220 065 Adda BF FAS aul s AS VAs BA At 897 Sas TEASE S Foe 9151 Hee he ace 20 BOXLDOLEBOIS Ste 92 SCS amp 91 AO SCS ot SO PAs JSA
9. TTERECUTED Gy STE MERE EXTREM MSR Lantronix Gre ASE RT a UU a ae que BOUES USERS 1558 IPRs REIS P RETRO HERES LARGER SEHE TIUS IEEE RDHSPETNDT BUSHES SURFS ES RARE ERE SAORI Cee ee Le ARENA a ete ao MLL SECM REL UPS RON DIDA GE OLE BGR Ee RE Gn IBS SEDE A ii Am 4 FER LETRA Bie AAG Feeds TE He SCS MEERE SCS E TED IBS HORSE Rae SS 59 10 100 857 EIA 232 AAi RS 232C MLS AE EIA 232 142548 RS 232C i XIV Contents Copyright amp Trademark LINUX GPL Compliance Contacts Disclaimer amp Revisions Safety Precautions 1 Introduction SCSxx05 and SCSxx20 Hardware Features System Features Protocol Support System Components Connection Formats Serial Devices Network Modem SCSxx20 Power Manager Access Control Device Port Buffer 256K FIFO Buffer Port Data Logging Logging to File Email Notification Technical Specifications Product Information Label System Resource Information 2 Installation Physica
10. NIS Domain Name What is the value for NIS Domain Answer lantronix com 3 Press Enter The enable NIS prompt displays 4 Select Yes to enable NIS to authenticate users and or obtain port permissions 5 Press Enter The NIS master server prompt displays SCSxx05 SCSxx20 User Guide 4 Configuration 6 Enter the IP Address in dot quad notation of at least the NIS master server required and press Enter The first slave server prompt displays You may configure up to five NIS slave servers SLAVE 1 through SLAVE 5 Slave server values are optional There are five similar screens one for each NIS slave server Enter the IP address of the first slave server and press Enter Repeat step 7 for each slave server or just press Enter until the User Authentication menu returns Continue with Configure Global Port Permissions or Done User Authentication Configuring LDAP If you are using LDAP Version 2 you must Enable LDAP version 2 authentication default is disabled Enter the IP address of the LDAP server Enter the input value for the LDAP base With Configure LDAP selected press Enter The LDAP prompt displays Select Yes to enable LDAP to authenticate users Press Enter The LDAP IP address prompt displays Enter the IP address of the LDAP server and press Enter The LDAP base prompt displays pe 5 Enter the name of the LDAP search base There is no default value Ldap conf I
11. gt Nc The SCS uses convection cooling to dissipate excess heat Note Be careful not to block the air vents on the sides of the unit If you mount it in an enclosed rack we recommended that the rack have a ventilation fan to provide adequate airflow through the unit 2 1 SCSxx05 SCSxx20 User Guide 2 Installation Power The SCS consumes less than 25W of electrical power AC Input The SCS has a universal auto switching AC power supply The power supply accepts AC input voltage between 100 and 240 VAC with a frequency between 50 60 Hz The power inlet to the chassis uses a conventional IEC type cord set which Lantronix provides Rear mounted IEC type AC power connector s are provided for your universal AC power input The SCSxx05 has a single supply input while the SCSxx20 has dual inputs and dual supplies The power connector also houses a replaceable protective fuse and the on off switch In addition we provide the SCSxx20 with a Y cord Figure 2 2 AC Power Input and Power Switch on Rear of SCS4805 DC Input The DC version of the SCSxx20 accepts standard 48 VDC power The SCSxx20 accepts two DC power inputs for supply redundancy Lantronix provides the DC power via industry standard Wago connectors The connectors are also available separately from Lantronix Figure 2 3 DC Power Input and Power Switch on Rear of SCS1620 2 2 SCSxx05 SCSxx20 User Guide 2 Ins
12. Enter IP address es local and remote for PPP Link Enable CHAP for PPP Authentication default is disabled PAP will be used If you do not enable the modem your system skips past the setup entries for CHAP secrets or PAP secrets as they are related to operation of the modem The system also bypasses steps related to TTY logins and callbacks 9 90 4 12 SCSxx05 SCSxx20 User Guide 4 Configuration 1 With Configure Modem selected press Enter The enable modem logins prompt displays 2 Select Yes to enable or No default to disable modem logins Enable Modem Logins Do you want to enable logins on the Modem i This will allow PPP and TTY logins Enable Modem Logins If you selected No the Configure User Authentication menu displays Continue with Configuring User Authentication on page 4 16 Press Enter The TTY callbacks prompt displays Select Yes to configure the modem to do a TTY callback or No to bypass this configuration Configure Modem TTY Callbacks Do you want to have the Modem do a TTY callback If you do you will next have to edit the callback configuration Configure Modem TTY Callbacks 5 Press Enter If you selected Yes the login configuration prompt displays If you selected No the PPP logins prompt displays Continue with step 8 6 Enter the TTY callback number in xxx xxx xxx format following the S on the line beginning with Modem_cb Edit logi
13. Physical Installation 2 1 Power 2 2 Connecting a Terminal 2 3 Connecting to a Device Port 2 4 Connecting the Network Port 2 5 Connecting the Modem Port SCSxx20 2 5 Power Manager Interface 2 6 Caution To avoid physical and electrical hazards please be sure to read Safety Precautions on page iii before installing the SCS Physical Installation You can install the SCS either in an EIA standard 19 inch rack 1U tall or as a desktop unit For desktop use you may remove the rack mount brackets and use the four rubber feet provided Make all physical connections to the rear of the SCS You may use the backlit front panel LCD display during initial setup and to view current network settings Figure 2 1 SCS4805 Rear Panel Connections and Labels with Rack Mount Brackets RNC OMIM IL JL 1 L di NNI P test dor egt Aeg ear we XP SE NE XO AG pl AG ph ule pu lb SOLE 1 2 3 4 5 6 Y 8 9 10 23 24 C N ETW 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 4 42 43 44 45 46 47 48 Caution Replace with s ame type and rating 12 13 14 15 16 17 18 19 20 21 22 LL DEVIC ES 100 240V 5A 50 60 Hi n a g 2
14. device number or name gt to edit and update the parameter settings of a device Step through each device option when you are done the system prompts Are you sure before accepting the changes Remember to SAVE listdev Use the listdev command to display a list of device port names and their corresponding port numbers Programmable elements include device name baud rate stop bits parity data bits DCE DTE flow control and inhibit buffering in direct mode Pressing Enter accepts the parameter as is If you need to make changes you can edit each parameter as it comes up after each gt prompt 8 7 SCSxx05 SCSxx20 User Guide 8 Commands Device Name The device name cannot contain a space Use an underscore if you need an empty space in the name Baud Rate Seven device baud rates are offered 2400 4800 9600 19200 38400 57600 and 115 200 Most devices use 9600 as the terminal administration port s baud rate so the device port defaults to this value Check the equipment settings and documentation for the proper baud rate Stop Bits Parity Data Bits The stop bits parity and data bits parameters determine the format of the bit wise transmission of data The default settings are 1 stop bit no parity and 8 data bits Check your equipment documentation for the proper settings DCE DTE The SCSxx05 device and terminal ports are factory configured as DTE devices The SCSxx20 device and terminal ports are f
15. IP Address per Serial Port Feature The IP Address per Serial Port feature allows you to set multiple network addresses on the same low level network device driver e g two IP addresses in one Ethernet card It is typically used for services that act differently based on the address they listen on e g multihosting virtual domains or virtual hosting services Setting up an IP Address per serial port is only slightly more involved than setting up the IP port number per serial port It involves editing Ici Iwip serial conf and creating a five line config file per distinct IP address You do not have to change etc inetd conf Setting the IP Addresses The first file to edit is Ici Iwip serial conf In this file we specify the IP addresses for the corresponding serial ports In the example below we chose the IP addresses 192 168 202 11 through 192 168 202 26 These correspond to serial ports 1 through 16 respectively The IP addresses do not need to be in consecutive order Obtain or choose IP addresses that are appropriate for your site sysadmin bash sysadmin km3210 var tmp su Password root km3210 var tmp cd lci root km3210 lci vi lwip serial conf 1 192 168 202 11 1 2 192 168 202 12 1 3 192 168 202 13 1 E 16 192 168 202 26 1 3 Save and exit vi 4 Setup the aliased IP addresses on the console server There will be one config file per aliased IP address The config files
16. In this file uncomment the existing entries in the supplied etc inetd conf as follows a Login to the sysadmin account sysadmimbash i sysadmin km3210 var tmp su Password root km3210 var tmp cd etc root km3210 etc vi inetd conf b Uncomment the entries for ports 9001 to 9017 Save and exit vi The entries should look like 9001 stream tcp nowait root usr sbin tcpd in telnetd 00 C Tell the inetd process to re read the etc inetd conf file root km3210 etc kill SIGHUP cat var run inetd pid 2 Edit second file Ici Iwip serial conf as follows root km3210 etc cd lei root km3210 1 1 vi lwip serial conf 3 Uncomment the entries that correspond to the IP port numbers 9001 to 9017 for device ports 1 through 17 The entries should look like 10 0 0 0900 1 J 20 7 0 0 00 i 2 0 0 0 0 9002 1 3 0 0 0 0 9003 1 16 0 0 0 0 9016 1 i 17 0 0 0 0 9017 1 and so on 9 3 SCSxx05 SCSxx20 User Guide Testing If you have not set up the local or NIS port permission file for users on the console server they will not be able to access the serial ports If the user does not have the appropriate serial port permissions attempting to connect via Telnet gives the following results kerrymQerh62 Telnet km3210 9004 Trying 192 168 201 60 Connected to km3205 1lci net 192 168 201 60 Escape character is km3205 1ci net login kerrym Password Last login Thu Mar 14 15
17. Press Enter If you selected No the Configure Device Port menu returns with Device Port Parameters selected Device Port Parameters You can configure the device port parameters on individual ports or in ad hoc groups You determine the group and then apply selected features to the ports in that group The device port parameters that you configure include Enable disable operator mode default is disabled Baud rate default is 9600 Data bits default is 8 Stop bits default is 1 Parity default is None Flow control default is XON XOFF Port type default is DTE for the SCSxx05 and DCE for the SCSxx20 Inhibit buffering default is no 9 9 9 9 o Define a Group of Ports to Configure 1 Select Device Port Parameters and press Enter 2 Select Setup the Device Parameters and press Enter You are prompted to identify the port or ports that should be configured with these steps 4 7 SCSxx05 SCSxx20 User Guide 4 Configuration 3 In the Answer field enter the number range or combination of ports to be administered What device port do you want to configure i Input a device number a device name or a range Examples of ranges 3 7 9 2 12 1 4 6 9 14 Valid port range is 1 48 What device port do you want to configure Answer 1 3 5 7 9 26 4 Press Enter The enable operator port prompt displays This option allows PPP as well as terminal logins through an external modem Note If you
18. Search backward for N th matching line Repeat previous search for N th occurrence Repeat previous search in reverse direction ESC n Repeat previous search spanning files ESC N Repeat previous search reverse dir amp spanning files ESC u Undo toggle search highlighting Search patterns may modified by one or more of N or Search for NON matching lines E or Search multiple files pass thru END OF FILE F Q Start search at FIRST file for or last file for K Highlight matches but don t move KEEP position R Don t use REGULAR EXPRESSIONS JUMPING lt ESC lt to first line in file or line gt ESC to last line in file or line N p to beginning of file or N percent into file I Find close bracket Find open bracket ESC F cl c2 Find close bracket lt c2 gt ESC B cl c2 Find open bracket cl Each find close bracket command goes forward to the close bracket matching the N th open bracket in the top line Each find open bracket command goes backward to the open bracket matching the N th close bracket in the bottom line m lt letter gt Mark the current position with lt letter gt lt letter gt Go to a previously marked position En Go to the previous position X X Same as mark is any upper case lower case letter Certain
19. Setup System Configuration Program Lantronix Inc 5551620 System Configuration Do you want to make changes to the system configuration Answer if you want to quit without making any changes You can use the TAB key to switch between the question area the input area and the button area Within each area use the arrow keys to scroll text switch buttons or choose menu entries Use Enter to elect a button or menu entry Text User Interface v1 9 4 ta switch Windows Bose keys tO Rinne Enter tO lect 2 To make changes to the system configuration select Yes and press Enter A setup configuration menu including the available configuration options and a Done option displays You must scroll down to see all of the menu options Note If you select No the setup program ends and the command prompt displays Figure 4 2 Setup Menu Lantronix Inc 5081620 System Configuration Configure Hostname and IP Address Do you want to configure the Hostname IP Address Network Mask and LAN Gateway Address of the 5651620 Conficgur Navigating You can step through the menu and the configuration screens using the arrow Tab and Enter keys SCSxx05 SCSxx20 User Guide 4 Configuration Table 4 1 Setup Menu Navigation Action Key To select a menu option Use the up and down arrows on your keyboard not on the numeric keypad To select Yes or No Use the up and down arrows to move between Ye
20. el ctricas correctamente cableadas y conectadas a tierra proteger el producto contra aumentos y descensos transitorios bruscos de la alimentaci n el ctrica use un supresor de sobrecargas moment neas un acondicionador de l nea o una fuente de alimentaci n ininterrumpida UPS ni desconecte este producto durante una tormenta el ctrica Toma de tierra Mantenga este producto conectado en todo momento a una toma de tierra fiable Preste especial atenci n a las conexiones de alimentaci n cuando se conecta a regletas de terminales en lugar de hacerlo directamente al circuito derivado Fusibles proteger la unidad contra el fuego cuando sea necesario sustituya el fusible del m dulo de entrada de alimentaci n por otro del mismo tipo y capacidad Bastidor Noinstale la unidad en un bastidor rack de manera que quede en un equilibrio inestable peligroso debido a el reparto irregular del peso La ca da de la unidad podr a causar lesiones Antes de utilizar el servidor seguro de consola SCS verifique que el SCS est bien fijado al bastidor Conexiones de puertos Conecte el puerto de red solamente a una red Ethernet compatible con 10Base T 100Base TX Conecte los puertos de dispositivos solamente a equipos con puertos serie compatibles con EIA 232 antes RS 232C Conecte el puerto terminal solamente a equipos con puertos serie compatibles
21. the sysadmin may run it manually at any time thereafter from a network connection or the terminal port Note The Web based interface uses the same terms and fields as the setup user interface for its programming steps After you have initially set up the unit using the setup command you can easily switch from one administration method to the other if desired See Web Interface At default values SSH is not enabled encryption keys have not been generated so Telnet or the terminal port is used to initially access and configure the SCS When you first install the SCS the automatic setup script helps you configure the majority of the system functions and automatically saves the programming changes to non volatile memory Upon completion of this automated script file the SCS automatically reboots to ensure that all processes are updated This chapter includes the following topics Connecting Using Telnet or Your Serial Terminal 4 2 Logging in as System Administrator 4 2 Accessing the Setup Menu 4 2 Configuring Hostname and IP Address 4 4 Configuring Timezone 4 6 Configuring DNS 4 8 Configuring Services 4 9 Enabling Disabling Web Configuration 4 10 Configuring NTP 4 10 Configuring Email Relay 4 11 Configuring Timeouts 4 11 Configuring Modem SCSxx20 Only 4 12 Configuring CHAP Secrets 4 15 Configuring PAP Secrets 4 16 Configuring User Authentication 4 16 Configuring NFS Mount 4 2 Configuring Firewall Pa
22. the system administrator must run SAVE manually as follows 1 To permanently save any parameter changes type SAVE all caps at the command prompt 2 Press Enter It may take a few minutes for the system to save your entries The reboot and the poweroff commands check for unsaved data before execution just in case a SAVE is required They prompt you to execute a SAVE if necessary Note SAVE does not store the buffered data which is only maintained in RAM If you require the buffered data you can poll the appropriate ports and capture the buffered data at any time Rebooting The very first time you log in to the SCS as sysadmin a special routine runs to properly set up the system files read write operations and other aspects of the file system The SCS automatically reboots after running the setup script for the first time All other setup script sessions require you to use the reboot command to ensure that all configuration changes are made 1 the parameter changes take effect type reboot at the command prompt Press Enter If file changes have not been saved into non volatile memory the reboot operation includes a prompt allowing you to SAVE the files if desired Note The system administrator is automatically logged out 5 Web Interface The SCS incorporates a browser based interface for the system administrator This interface provides an alternate method of updating most of the parameters in
23. une prise correctement c bl e avec mise la terre Pour prot ger ce produit des fluctuations de tension et des transitoires du courant lectrique il est conseill d utiliser une protection contre les surtensions un filtre de secteur ou un onduleur avec batterie UPS Veillez ne pas laisser cet quipement connect au secteur durant un orage Mise la terre Veillez pr server une mise la terre fiable de ce produit Pr tez particulierement attention aux connexions d alimentation si vous raccordez cet quipement une prise multiple au lieu de le brancher directement sur le circuit principal Fusibles Pour assurer la protection contre l incendie remplacez toujours le fusible du module d alimentation lectrique par un mod le du m me type et de la m me capacit Rack Niinstallez pas cet quipement dans un rack si une mauvaise r partition des masses risque de provoquer l instabilit du rack Toute chute risque de provoquer des blessures Avant de mettre le SCS en service veillez ce qu il soit fermement fix dans le rack Connexions Veillez ne connecter le port r seau qu un un r seau Ethernet prenant en charge les standards 10Base T 100Base TX Veillez ne connecter les ports pour p riph riques qu des quipements prenant en charge le standard EIA 232 anciennement d nomm 5 232 Veillez ne connecter le port pour terminal qu un quipeme
24. 12 listen 8 12 clear 8 12 exit 8 12 logout 8 12 Break Sequence 8 12 Escape Sequence 8 12 Advanced Sysadmin Commands 8 13 Using ssh Keys and keygen Procedures 8 13 Mounting File Systems During Boot 8 14 Mounting File Systems Dynamically Using autofs 8 15 9 Port Access 9 1 Telnet to Serial Port Feature 9 1 Accessing Serial Ports 9 1 Assigning an IP Port Number to a Serial Port 9 3 Testing 9 4 saving the Changes to Flash 9 4 IP Address per Serial Port Feature 9 5 Setting the IP Addresses 9 5 Testing 9 7 saving the Changes to Flash 9 8 Final Testing 9 8 Bypassing Authentication 9 9 A Unix Command Help A 1 less command A 1 vi Editor Commands A 3 B Hexadecimal Conversion Chart B 1 C Pinouts and Adapters 1 SCSxx05 C 2 SCSxx05 Pinouts C 2 SCSxx05 Adapters C 3 SCSxx20 C 12 SCSxx20 Pinouts C 12 XViil SCSxx20 Adapters D Compliance and Warranty Information Compliance Information 1 Compliance Information 2 Warranty 13 D 1 D 1 D 4 1 Introduction The Lantronix SCS family of Secure Console Servers enables IT professionals to remotely and securely configure and administer servers routers switches telephone equipment or other devices equipped with a serial port This chapter introduces you to the Lantronix SCSxx05 and SCSxx20 products It includes the following topics SCSxx05 and SCSxx20 1 1 Hardware Features 1 3 System Features 1 4 Protocol Support 1 4 System Components 1 5 Connecti
25. 3 SCSxx05 SCSxx20 User Guide 8 Commands passwd At the first login the SCS uses the factory default password PASS all upper case The sysadmin should change this default password as soon as possible to prevent access by unauthorized personnel sysadmin passwd Changing password for sysadmin current UNIX password New UNIX password Retype new UNIX password passwd all authentication tokens updated successfully sysadmin To change the sysadmin factory default password type passwd all lower case at the sysadmin gt prompt The system prompts you to enter a new password The new password must be six or more alphanumeric characters and is case sensitive The sysadmin must also change the root password While root access is not required in the SCS system changing the root password from the default ensures the security of your system The root password is more senior than the sysadmin password and is administered differently See Changing the Root Password break Use this command to break a connection The syntax is break port gt e g break 1 break 2 break 3 changes Use this command to list files that have been changed from factory settings config save Use this command to place a backup of the system configuration on the ftp or tftp server configured in the setup process The sysadmin must first configure the ftp tftp server parameters as described in Updating Software config restore
26. Card Note It is not necessary to power down the unit before installing the modem card 1 Remove the blank metal plate covering the modem slot on the SCSxx20 2 nsert the modem card into the open slot in the rear of the SCSxx20 Figure 6 1 Installing a Modem Card in the SCSxx20 3 Tighten the screws on the modem card by hand 4 Connect the modem to your telephone line using the RJ11 telephone cord Initializing the Modem If a modem card is installed into a working 5 51620 the system administrator must initialize it for proper operation with the system using the install modem command This command forces a hardware reset of the modem module and then sends an initialization string that configures the modem for the system This string also saves these values into the modem s non volatile memory 6 1 SCSxx05 SCSxx20 User Guide 6 Modem Setup To initialize the modem only needed when first installed 1 Login as sysadmin 2 Type install modem at the sysadmin gt prompt 3 When the command has run completely the sysadmin gt prompt displays The modem has reset and is ready to use SCS1620 login sysadmin Password sysadmin install modem sysadmin 4 Check the status LEDs on the modem module Figure 6 2 Normal Modem LEDs Red Red Green Green Red for an idle Modem Port red LED indicates the inactive state and a green LED indicates the active state The PWR LED should always be green when
27. Immunity EN 55024 1998 This product meets the requirements for and carries the following marks VCCI Japan AS NZS Australia New Zealand GS Germany GOST Russia S Mark Argentina MIC Korea Manufacturer s Contact Director of Quality Assurance Lantronix Inc 15353 Barranca Parkway Irvine CA 92618 USA Phone 949 453 3990 Fax 949 453 3995 D 2 SCSxx05 SCSxx20 User Guide D Compliance and Warranty Information Compliance Information 2 according to ISO IEC Guide 22 and EN 45014 Manufacturer s Name amp Address Lantronix Inc 15353 Barranca Parkway Irvine CA 92618 USA Declares that the following product Product Name s Models SCS820 SCS1620 SCS3205 Secure Console Servers Conform to the following standards or other normative documents Safety EN60950 1992 A1 A2 A4 A11 Electromagnetic Emissions EN55022 1994 IEC CSPIR22 1993 FCC Part 15 Subpart B Class B IEC 1000 3 2 A14 2000 IEC 1000 3 3 1994 Electromagnetic Immunity EN55024 1998 Information Technology Equipment Immunity Characteristics IEC61000 4 2 1995 Electro Static Discharge Test IEC61000 4 3 1996 Radiated Immunity Field Test IEC61000 4 4 1995 Electrical Fast Transient Test IEC61000 4 5 1995 Power Supply Surge Test IEC61000 4 6 1996 Conducted Immunity Test IEC61000 4 8 1993 Magnetic Field Test IEC61000 4 11 1994 Voltage Dips amp Interrupts Test Supplementary Information This Class A digital appa
28. NFS Mount selected press Enter The NFS mount prompt displays Enable NFS Do you want to mount an NFS share from an NFS server i Do not use packet filtering firewall if you are using NFS or NIS Enable NFS Yes No 2 Select Yes to install the NFS server information to mount an NFS share or No to disable this option If you answer Yes the NFS value prompt displays If you answer No the setup menu returns Configure the Firewall selected 3 Enter the NFS server path in the format nfs server hostname or ipaddr exported path The exported path will be mounted to nfs on the SCS If the line begins with a please remove it Note Exporting an incorrect NFS server path may degrade the performance of the system OO Input value for NFS mount Install the NFS server info to mount an NFS share The format is nfs server hostname or ipaddr exported path The exported path will be mounted to nfs on the SCS If the line begins with a please remove it Input value for NFS mount Press TAB or ENTER to end editing Answer 172 19 0 60 home share 4 Press Enter The setup menu returns with Configure the Firewall selected 4 3 SCSxx05 SCSxx20 User Guide 4 Configuration Configuring Fi
29. Use this command to load the saved backup of the system configuration from the ftp or tftp server configured in the setup process The sysadmin must first configure the ftp tftp server parameters as described in Updating Software install modem Use this command to install an internal modem SCSxx20 only man Use man command name to search for a help file online manual pages or descriptive information for a Linux UNIX command modem hangup Use this command to hang up an internal modem SCSxx20 only info The info command displays the shell version 8 4 SCSxx05 SCSxx20 User Guide 8 Commands sysadmin gt sysadmin gt info SCS4805 Shell v4 00 sysadmin gt reset modem Use this command to reset the internal modem SCSxx20 only scp Use scp to perform a secure copy using SSH between two hosts The file copy is encrypted and is therefore secure Refer to the man pages for scp for a description and command options sftp Use sftp to perform a secure file transfer transaction using SSH between two servers It is similar to ftp except that it is encrypted for security Refer to the man pages for sftp for a description and command options ssh Use ssh to open up a secure shell connection between two hosts to transfer files or data between the systems In this case the SCS is a client device and is connected to an SSH host elsewhere You may need to generate the security keys for SSH using ssh keygen dep
30. as well In the following example we add lantronix com to the default factory name of SCS4805 to get SCS4805 lantronix com Hostname and IP Address SCS4805 lantronix com Note After the value is accepted and saved and you have rebooted the system the hostname appears as your command prompt and on the front panel LCD display Press Enter The IP address prompt displays If you selected DHCP in step 2 press Enter through the IP address netmask and gateway prompts the system will ignore these values and continue with Configuring Timezone 7 If you did not select DHCP in step 2 enter the network IP address for the SCS Do not use leading zeros in the numeric fields for dot quad numbers less than 100 For example if your IP address is 172 20 201 28 do not enter 028 for the last segment Hostname and IP Address What is the value for IPADDR 4 5 SCSxx05 SCSxx20 User Guide 4 Configuration Ip Address dot quad notation e g 10 2 3 4 172 20 201 28 8 Press Enter The netmask promptdisplays 9 Enter the value of the netmask in dot quad notation p Hostname and IP Address What is the value for NETMASK IP Netmask in dot quad notation e g 255 255 255 0 Answer 255 0 0 0 10 Press Enter The gateway prompt displays 11 Enter the IP address of your gateway Hostname and IP Address What is the value for GATEWAY IP Address of the Gateway
31. con EIA 232 antes RS 232C Pr cautions relatives la s curit Pour des raisons de s curit respectez les pr cautions suivantes lorsque vous installez et utilisez un quipement de la gamme Secure Console Server SCSxx05 SCSxx20 Boitier d posez jamais le boitier du chassis Aucun l ment interne de cet appareil ne peut tre r par ou remplac par l utilisateur En ouvrant le boitier vous vous exposeriez un risque d lectrocution ou d incendie Confiez toute op ration d entretien ou de d pannage du personnel agr par Lantronix Personnel d entretien Respectez les instructions relatives la mise au rebut des batteries usag es y a risque d explosion si la batterie est remplac e par une autre batterie de type incorrect Prise d alimentation secteur Pour d brancher le cable d alimentation lectrique tirez sur la prise pas sur le cordon Veillez a toujours brancher le cable d alimentation lectrique une prise correctement c bl e avec mise la terre N utilisez pas d adaptateur et ne d montez pas la fiche de terre du cable Utilisez uniquement un cable d alimentation lectrique certifi pour une tension et une intensit sup rieures la tension et l intensit nominales de l quipement Installez cet quipement proximit d une prise lectrique ais ment accessible Veillez toujours brancher tout quipement utilis avec celui ci
32. condensing Operating 10 to 90 non condensing 40 to 60 recommended Storage 10 to 90 non condensing 62 BTU hr 1 8 SCSxx05 SCSxx20 User Guide 1 Introduction CPU Memory Serial Interface Device Serial Interface Terminal Network Interface Modem optional Power Supply Dimensions Weight Temperature Relative Humidity Heat Flow Rate Table 1 2 SCSxx20 Technical Specifications AMD SC520 133 MHz 128 MB FLASH Card Memory non volatile 128MB RAM includes 256K FIFO Buffer RAM per device port RJ45 type 8 conductor connector DCE default configurable Speed software selectable 2400 to 115 200 baud Software selectable EIA 232 formerly RS 232C RJ45 type 8 pin connector DCE default Speed software selectable 2400 to 115 200 baud Software selectable EIA 232 formerly RS 232C 10Base T 100Base TX RJ45 Ethernet RJ11C connector analog POTS format 38 400 baud max AC Power Universal AC Power input 100 240VAC 50 60 Hz IEC type regional cord set included DC Power 48 VDC only externally fused SCS820 1U 1 75 in x 17 25 in x 12 25 in 4 45 cm x 43 8 cm x 31 1 cm 5 51620 10 1 75 in x 17 25 in x 13 00 in 4 45 cm x 43 8 cm x 33 0 cm SCS820 4 8 kg 10 6 108 5 51620 5 0 kg 11 Ibs Operating 0 to 50 C 32 to 122 F 30 to 90 RH non condensing Storage 20 to 70 4 to 158 F 10 to 90 non condensing Operating 1096 to 9090 non condensing 4096 to 6
33. connect a modem make sure to set the port type to DTE Enable Port 3 7 9 as an operator port Do you want to enable system logins on Port 3 7 9 modem may be connected to this port and PPP will be supported as well as TTT logins If you connect a modem to this port make sure the port type is set to DTE Enable Port 3 7 9 as an operator port 5 Select Yes to enable system logins or No default to disable system logins and press Enter The operator port baud rate displays if you enabled an operator port or group of ports otherwise the baud rate prompt displays Operator Port Baud Rate You can select from seven device baud rates 2400 4800 9600 19200 38400 5 600 and 115 200 The default is 115 200 1 Use the arrow keys to select the baud rate for the operator port s from the list displayed 2 Press Enter The baud rate prompt displays Baud Rate You can select from seven device baud rates 2400 4800 9600 19200 38400 5 600 and 115 200 Most devices use 9600 as the terminal administration port s baud rate so the device port defaults to this value Check the equipment settings and documentation for the proper baud rate 1 Use the arrow keys to select the baud rate for the port s from the list displayed 2 Press Enter The data bits prompt displays 4 8 SCSxx05 SCSxx20 User Guide 4 Configuration Data Bits Stop Bits and Parity The format of the bit wise transmission of data is deter
34. in dot quad notation e g 10 2 3 254 Answer 172 20 201 254 12 Press Enter The setup menu returns with Configure Timezone selected Configuring Timezone Use the Configure Tlmezone option to specify your local time zone 1 With Configure Timezone selected press Enter The timezone prompt displays Use the arrow keys to select the local time zone from the list of international time zones for example Africa America Brazil and press Enter If a sublist displays select a more specific location for example US Hawaii and press Enter Select your local timezone The SCS1620 supports all international timezones Select your local Timezone US Alaska US Aleutian US Arizona US Central US East Indiana US Eastern US Hawaii Note To go back one level in the Timezone script select the line from the top of the Timezone submenu Select a value tab fo lt Next gt and press Enter to continue 4 6 SCSxx05 SCSxx20 User Guide 4 Configuration 4 7 SCSxx05 SCSxx20 User Guide 4 Configuration 4 Atthe end of the Timezone script press Enter The setup menu returns with Configure DNS selected At this point you may continue with the next setup menu item you may use the arrow keys to select another item in the list or you may arrow down to Done to exit the setup script You can do this for any of the high level menu items Configuring DNS Use this option to configure the follo
35. marks are predefined means beginning of the file 5 means end of the file CHANGING FILES e file Examine a new file X V Same as e n Examine the N th next file from the command line P Examine the N th previous file from the command line x Examine the first or N th file from the command line d Delete the current file from the command line list G f Print current file name A 2 SCSxx05 SCSxx20 User Guide A Unix Command Help MISCELLANEOUS COMMANDS lt flag gt Toggle a command line option see OPTIONS below lt gt Toggle a command line option by name i _ lt flag gt Display the setting of a command line option lt name gt Display the setting of an option by name cmd Execute the less cmd each time a new file is examined command Execute the shell command with SHELL Xcommand Pipe file between current pos amp mark X to shell command Edit the current file with VISUAL or S EDITOR V Print version number of less OPTIONS Most options may be changed either on the command line or from within less by using the or command Options may be given in one of two forms either a single character preceded by a or a name preceded by a 1 Display help from command line a search skip screen Forward search skips current screen b 2 5 Number of buffers B au
36. modem availability The SCSxx20 models have dual entry redundant power supplies for mission critical applications They are available in AC or DC powered versions and can include an optional internal modem In general we refer to this product family as SCS products Figure 1 2 SCS3205 32 Device Ports 1 Network Port 1 Terminal Port AC Powered 22 LA UM TE 1 2 SCSxx05 SCSxx20 User Guide 1 Introduction Figure 1 3 SCS1620A 16 Device Ports 1 Network Port 1 Terminal Port AC Powered wu y uw DON Figure 1 4 SCS820 8 Device Ports 1 Network Port 1 Terminal Port AC Powered LANTRONIX Hardware Features 1U tall 1 75 inches rack mountable secure console server 10Base T 100Base TX network port for connection to your IP network Upto 48 RS232 serial device ports connected via Category 5 RJ45 wiring One serial terminal port console port for 100 terminal or PC with emulation Optional One modem module for analog dial up connections SCSxx20 only 256KB per port buffer memory for device ports logging supported Front panel 2 line backlit LCD display and pushbutton controls 128MB flash memory 128MB field upgradeable Universal AC power input 100 240V 50 60 Hz 48VDC power option SCSxx20 only Convection cooled silent operation low power consumption Support for PCU8 power control unit 9 9999
37. of 0 zero will remove all access to servers ESCAPE SEQ 1 gt BREAK SEQ x1bB gt ALLOW CLEAR 1 8 gt 1 9 ALLOW DIRECT 1 ALLOW LISTEN 1 Are you sure y sysadmin gt 9 gt 8 gt sysadmin sysadmin edituser newuser Enter accepts present value Server number of 0 zero will remove all access to servers ESCAPE SEQ 1 gt i BREAK SEQ 1 gt ALLOW CLEAR 1 8 ALLOW DIRECT 1 3 ALLOW LISTEN 1 4 sysadmin deluser To delete an existing user ID from the system use deluser user name gt all on the same line Note The deluser command does not verify whether you wish to delete the user or not Be careful Use the listusers command after deleting a user ID to verify the deletion editbrk Use editbrk user name gt to edit the break sequence for a user The break sequence user key strokes default is Esc B displays to the system administrator in its ASCII form in the edituser list See Break Sequence on page 8 12 for more information editesc Use editesc user name gt to edit the escape sequence for a user The escape sequence user key strokes default is Esc A displays to the system administrator in its ASCII form in the edituser list See Escape Sequence on page 8 12 for more information passwd When logged in as sysadmin use passwd to change the sysadmin password Use passwd user name to change a user s password Passwords should be six
38. s device ports Port buffers are enabled by default 256K FIFO Buffer Each device port stores 256 KB approximately 400 screens of I O data in a true FIFO buffer You may view this data while the user is not directly interacting with the attached device Buffered data is not normally stored in memory and will be lost in the event of a power failure if it is not logged using an NFS mount solution see Port Data Logging below If the buffer data overflows the buffer capacity only the oldest data will be lost and only in the amount of overrun not in large blocks of memory Port Data Logging The SCS supports real time data logging for each device port The port can save the data log to a file send an email notification of an issue or take no action SAVE a system administrator command discussed later does not affect the buffer log files Logging the data to an NFS mount location ensures that the device port data will be maintained elsewhere in the event of a power failure Logging to File Data can be logged either to a file on the SCS or to a file on a remote NFS server Data logged to a local SCS file is limited in size by the available space on the SCS and may be lost in the event of a power loss Data logged to a file on an NFS server does not have these limitations The system administrator can define the path for logged data on a port by port basis and configure file size and number of files per port for each logging even
39. syslog conf and press Enter 4 Restart the system logger by typing service syslog restart and pressing Enter 5 Toreturn to the SCS command shell type exit and press Enter timeout When a user logs into the system a timeout clock starts for that connection It checks for continuous idle time on that connection There are three separate timers in the system for the two possible methods of accessing the system via terminal or via network port connection The system senses periods of no activity on the connection and if the idle time exceeds the timeout duration the system disconnects the port Use timeout h to get a help file for the timeout feature 9 Use timeout c value 0 or 1 30 for the terminal port timeout Use timeout t value 0 or 1 30 for the Telnet network timeout You may disable timeout for any or all of the connection ports The timeout duration may be from 1 to 30 minutes Each time is approximate and may be as much as 59 seconds longer than the programmed time e g setting a timeout to 3 minutes can take from 3 00 to 3 59 minutes to occur Setting a timeout to 0 disables that timeout operation Type timeout or timeout to list the current timeout settings unsaved Use this command to list files that have changed since the last save version Use version to determine the version of the shell Use version a to get a display of the version of the system files sysadmin sysadmin gt v
40. the sysadmin sets up the system using the automated setup script In this instance the system automatically runs the setup program automatically stores the files properly and reboots upon completion of the program reboot To reboot the SCS any time use the reboot command The system resets disconnects all users and runs the power on self test Only the system administrator may issue the reboot command OO e sysadmin reboot Broadcast message from root ttyM9 Tue Oct 2 14 24 49 2001 The system is going down for reboot NOW oystem reboot is delayed by one minute from the time you enter the command Any active network sessions disconnect while the system reboots and no network sessions can be established while the system reboots Note Use reboot now to prevent the one minute delay and to reboot immediately 8 2 SCSxx05 SCSxx20 User Guide 8 Commands poweroff Use the poweroff command to shut the system off This command allows the system to properly close any open files and gracefully exit and shut down If you turn off the system without using the poweroff command including power failure the system will require some extra self checks and start up time the next time it boots up Sysadmin poweroff Broadcast message from root ttyterm Tue Oct 2 14 27 12 2001 The system is going down for system halt NO
41. the system is on 6 2 7 System Administrator and User Functions This chapter describes how the system administrator and users gain access to the system and the functions permitted for each role It includes the following topics Topic Page System Administrator Functions 7 1 User Access and Functions 7 3 System Administrator Functions The system administrator specifies settings such as user IDs device configuration and terminal and access rights to suit the application The system administrator is also responsible for configuring the system to work in your network The system administrator initially uses Telnet or a terminal to access and configure the SCS and may choose to use the Web based interface to update the configuration Note Please see the Configuration chapter for instructions on logging on and logging out as the system administrator Security and Passwords The SCS uses Linux UNIX commands to administer the system The system administrator and the users access the system using a shell interface which limits what they can affect in the operating system Note This guide discusses applicable Linux commands only The shell offers the appropriate level of administration while maintaining the integrity of the system The system administrator should change passwords upon installation to protect the system The sysadmin programming level is as close to root as is required to administer the SCS but it i
42. type linux single and press Enter At the prompt type passwd sysadmin and press Enter Enter the new password and press Enter At the prompt enter the new password again and press Enter Type reboot and press Enter Once system reboots log in using new sysadmin password User Access and Functions The user can be any person who is assigned a user name and password by the system administrator The system may have up to 200 unique users including sysadmin the only default user For security reasons users can change their own password For the most part users access the SCS through the network connection In general only the system administrator uses the terminal port as it is hardwired to the chassis Network Port Access To connect to the SCS network port use a TCP IP Telnet client to Telnet to the IP address assigned to the SCS or use SSH OCTANE 65 10 Telnet 172 16 1 31 Trying 172 16 1 31 Connected to 172 16 1 31 Escape character is 71 SCS4805 login imauser Password Once connected you may access the SCS ports for which you have permission 7 3 SCSxx05 SCSxx20 User Guide T System Administrator and User Functions Terminal Port Access To form a terminal port connection to SCS use a hardwired VT100 terminal or terminal emulation program that is connected to the terminal connector on the SCS The system administrator normally uses this type
43. your device port settings 1 Select Done Device Ports 2 Press Enter The setup menu displays with Software Updates selected Updating Software Use this option to download the latest firmware for your SCS You must have an ftp server set up on your network to perform these actions You will need to enter Server type ftp or tftp tftp is the default IP address of the server FTP or TFTP path FTP user FTP password of the user Software update files default is none 9 9 9 9 4 14 SCSxx05 SCSxx20 User Guide 4 Configuration 1 With Software Updates selected press Enter The protocol prompt displays What is the value for PROTOCOL Please enter tftp or ftp to select the server type that 1 will be used to obtain Software update files and the server type for configuration save and restore tftp ftp Select the type of server you will use for obtaining updates and saving or restoring configurations and press Enter The server IP address prompt displays What is the value for SERVERIPADDR Please enter the IP address in dot quad notation of the server that will be used to obtain Software update files and as the server for configuration save and restore Enter the IP address of the server and press Enter The default path prompt displays What is the value for FTPPATH Please enter the default path on the server that will be used to obtain Software update files an
44. 096 recommended Storage 10 to 90 non condensing 75 BTU hr Product Information Label The product information label on the underside of the unit contains the following information about your specific unit Bar Code Serial Number Date Code Regulatory Certifications and Statements Manufacturer s Contact Information 1 9 SCSxx05 SCSxx20 User Guide 1 Introduction System Resource Information The SCS is programmable using OS level commands and options The system administrator configures the product using a command line interface or one of several prepared scripts Numerous resources on the Internet and elsewhere provide information about security options programming tools and techniques and configuration advice A few of the Internet sites are listed below SSH info www openSSH org RFC s the standards and details behind the Internet www rfc editor org PuTTY a free Win32 Telnet SSH Client recommended http www chiark greenend org uk sgtatham putty Security www bastille linux org An online manual on Linux security http www linuxdoc org LDP solrhe Securing Optimizing Linux RH Edition v1 3 The following sites have more information about Linux from basic to advanced www kernel org www tldp org http www linuxlinks org 2 Installation This chapter provides instructions for installing the SCS It includes the following topics
45. 51 10 from quasar No access to Device channel Connection closed by foreign host kerrymQerh62 9 Port Access Notice the message No access to Device channel If the user has the appropriate serial port permissions then the output appears as kerrymQquasar Telnet km3210 9005 Trying 192 168 201 60 Connected to km3205 1ci net 192 168 201 60 Escape character is km3205 1lci net login kerrym Password i Last login Thu Mar 14 11 19 54 from quasar Entering Direct mode Server 5 Saving the Changes to Flash Once you complete the setup save the changes to flash Note that on the system shown below NIS was running NIS was used for both the login authentication of kerrym and to obtain the permissions for the serial port root km3210 lci exit exit sysadmin km3210 var tmp exit exit sysadmin gt SAVE Shutting down Timeout daemon OK 1 Shutting down NIS services OK Saving random seed OK Initializing random number generator mounting filesystem read write i delete etc old copy files from ram disk to etc new copy complete moving etc to etc old move complete etc updated mounting filesystem read only ram disk mounted as etc Starting Timeout daemon Binding to the NIS domain i Listening for an NIS domain server quasar lci net system SAVE complete sysadmin 9 4 SCSxx05 SCSxx20 User Guide 9 Port Access
46. 9 1 3 SCSxx05 SCSxx20 User Guide 1 Introduction System Features 9 9 9 9 90 9 Ability to connect up to 48 RS 232 serial consoles 10Base T 100Base TX IP network compatible Buffer logging to file ID Password security configurable access rights Email notification Secure shell SSH security Open Lightweight Directory Access Protocol LDAP Network File System NFS support Network Information Service NIS capable for centrally managed permissions Ability to Telnet to a serial port by IP address per port or by IP address and TCP port number Ability to work with an external modem SCSxx05 and SCSxx20 and optional internal modem SCSxx20 No unintentional break ever sent to attached servers Solaris Ready Certified Simultaneous access on the same port listen mode Local access through terminal port Built in setup routine for simple setup and administration Web administration using any modern browser Protocol Support The SCS supports the TCP IP network protocol as well as 9 9 9 9 SSH Telnet and PPP for connections in out of the SCS DNS for text to IP address name resolution SNMP for remote monitoring and management for file transfers and firmware upgrades TFTP for firmware upgrades DHCP for IP address assignment HTTP HTTPS for easy browser based configuration NTP for time synchronization LDAP NIS RADIUS CHAP and PAP for user authenticat
47. DB25M DCE Adapter for the SCSxx20 Part 200 0066 DB25 Male 2 Use PN 200 0066 adapter with a dumb terminal or with most SUN applications SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB25F DCE Adapter for the SCSxx20 200 0067 DB25 Male 2 O e e9 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB9M Adapter for SCSxx20 Part 200 0069 DB9 1 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB9F Adapter for SCSxx20 Part 200 0070 DB9 Female 1 O Use PN 200 0070 adapter with a PC s serial port SCSxx05 SCSxx20 User Guide C Pinouts and Adapters Netra t1 to SCSxx20 RJ45 Adapter Part 200 0225 ARIAS 45 female female fo SCSxx2l um I mi A C _ O _ 4 1 qi C Use this adapter for Netra SUN CISCO and others D Compliance and Warranty Information Compliance Information 1 Manufacturer s Name amp Address Lantronix Inc 15353 Barranca Parkway Irvine CA 92618 USA Declares that the following product Product Name s Model SCS4805 Secure Console Server Part No SCS4805U 01 Conform to the following standards or other normative documents Safety IEC 60950 1999 3 Edition with Full Country Deviations
48. EN 60950 2000 3 Edition Electromagnetic Emissions EN 55022 1998 Class A FCC Part 15 Subpart B Class A EN 61000 3 2 2000 EN 61000 3 3 1995 Electromagnetic Immunity EN 55024 1998 Information Technology Equipment Immunity Characteristics EN 61000 4 2 1995 Electrostatic Discharge Test EN 61000 4 3 1995 Radiated RF Immunity Field Test EN 61000 4 4 1995 Electrical Fast Transient Test EN 61000 4 5 1995 Power Supply Surge Test EN 61000 4 6 1996 Conducted RF Immunity Test EN 61000 4 8 1993 Power Frequency Magnetic Field Test EN 61000 4 11 1994 Voltage Dips amp Interrupts Test Supplementary Information This Class A digital apparatus complies with Canadian ICES 003 CSA and has been verified as being compliant within the Class A limits of the FCC Radio Frequency Device Rules FCC Title 47 Part 15 Subpart B CLASS A measured to CISPR 22 1993 limits and methods of measurement of Radio Disturbance Characteristics of Information Technology Equipment Cet appareil numerique de la classe A respecte toutes les exigences du Reglement sur le materiel brouilleur du Canada The product complies with the requirements of the Low Voltage Directive 73 23 EEC and the EMC Directive 89 336 EEC D 1 SCSxx05 SCSxx20 User Guide D Compliance and Warranty Information This product carries the CE mark since it has been tested and found compliant with the following standards Safety EN 60950 2000 Emissions EN 55022 1998 Class A
49. Enter If you selected No the Configure Device Port menu returns with Device Logging Parameters selected Device Logging Parameters You can configure logging parameters on individual ports or on ad hoc groups of ports Device logging parameters include File logging default is disabled Syslog logging default is disabled Email logging default is disabled 1 Define the port or group of ports See Define a Group of Ports to Configure on page 4 7 Select Device Logging Parameters from the Configure Device Port menu Press Enter The Device Logging Parameters menu displays with File Logging Port selected 4 10 SCSxx05 SCSxx20 User Guide 4 Configuration Lantronix SCS viewed with PuTTY in belnet mode File Logging Port 2 5 E Syslog Logging Port 2 5 Email Logging Port 2 2 Done TAE svitch Windows Arrow Keys to choose Enter to select File Logging by Port This option includes the following parameters Enable disable default is disabled 9 Number of files saved per port Log path can be NFS mounted Log file size in bytes 1 With File Logging Port selected press Enter The log to file flag prompt displays 2 Select Enable to enable file logging for the selected device port s or select Disable to disable file logging and press Enter The number of files saved per port prompt displays 3 Enter the number of files to be logged for th
50. IP address using your DNS server then you may want to define an IP address per serial port IP Port Numbers If you assign an IP port number to a serial port enter the full command on the client machine to directly access the serial port Telnet console server ip addrip port number or if the name of the console server can be resolved to an IP address DNS Telnet console server name ip port number You must predetermine and establish the cross reference of the console server serial port number and the specific console server IP port number on the console server To access the proper port users must be aware of this cross reference If you are using multiple console servers the IP port number assignments can be the same on each console server An example of this cross reference is 9 1 SCSxx05 SCSxx20 User Guide 9 Port Access IP Port Number Serial Port Number 9001 9002 9003 9008 NENNEN 2 pou 9046 9047 9048 IP Port Number Serial Port Number Cross Reference If you are assigning an IP address per console server serial port enter the following command on the client machine to directly access a serial port Telnet ip addr of serial port or if the name of the console server can be resolved to an IP address DNS Telnet dns name of serial port This last method is more simple and straightforward for users to access serial ports actually to access the device conn
51. LANT ONIX SCSxx05 SCSxx20 Secure Console Server User Guide Models SCS3205 5 54805 SCS820 SCS1620 with Firmware v4 3 and later Part No 900 287 Rev D April 2004 Copyright amp Trademark 2003 Lantronix All rights reserved No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix Printed in the United States of America Lightwave Communications is a Lantronix Inc Company Ethernet is a trademark of XEROX Corporation UNIX is a registered trademark of The Open Group Windows 95 Windows 98 Windows 2000 and Windows NT are trademarks of Microsoft Corporation Netscape is a trademark of Netscape Communications Corporation LINUX GPL Compliance Certain portions of source code for the software supporting the SCSxx05 and SCSxx20 are licensed under the GNU General Public License GPL published by the Free Software Foundation and may be redistributed and modified under the terms of the GNU GPL A machine readable copy of the corresponding portions of GPL licensed source code are available at the cost of distribution Such source code is distributed WITHOUT ANY WARRANTY INCLUDING ANY IMPLIED WARRANTY MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE See the GNU General Public License for more details A copy of the GNU General Public License is available on the Lantronix Web Site at http www lantronix com or by visi
52. T RELAY IP Address in dot quad notation of your network s SMTP relay server This should normally be left blank Enter a relay server here only if Email delivery is not working and you are certain that DNS is properly configured Input value for SMART RELAY 3 Press Enter The setup menu returns with Configure Timeouts selected Configuring Timeouts You can set up the SCS to disconnect from an idle Telnet or terminal connection after a specified period of time You can enable or disable the timeout daemon to configure the disconnection of idle connections for Telnet timeout default is disabled PPP timeout default is disabled Terminal port timeout default is disabled You can program each timer in a range of 1 to 30 minutes Note By default all timers are disabled Once you enable a timer you can disable it by entering 0 zero 1 With Configure Timeouts selected press Enter The timeout prompt displays 2 Select Yes to enable or No default to disable the timeout daemon and press Enter If you selected Yes the Telnet timeout prompt displays If you selected No the setup menu returns with Configure Modem SCSxx20 or Configure CHAP Secrets SCSxx05 selected 3 cause an idle Telnet connection to be disconnected after a specified number of minutes backspace over the existing value and enter a number between 1 and 30 minutes Configure Telnet Timeout i Input value for Conf
53. W After you enter poweroff command the system may take up to two minutes to close all files and prepare to be shut off Turn off the power supply switch or power off the circuit only after the front panel display says OK to power The SCS must be power cycled to restart help About help files accesses a list of available commands Command specific help is provided for some commands when you type h space dash dash the letter h after the command Other commands use h space dash letter h Some commands offer pop up help if your entry is in an invalid format Some commands do not provide a help file qexits help Note Some system poweroff reboot operate immediately and do not have a help file using help or h alias sysadmin alias Command aliases dir direct listdevice sel select help ver version lu listusers devices editdev dev editdev setup The setup program runs automatically the first time the system administrator logs into the system The program steps the system administrator through a majority of the configuration options for the system The command does not configure devices or users After the initial running of the system use the setup command to change system settings or parameters Always remember to use SAVE if you are manually running the setup program 8
54. a change use the dtedce command to change DTE or DCE setting and use the buttons on the front panel to change the baud rate see Method 1 Using the Front Panel Display in the Quick Start chapter C 1 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters SCSxx05 SCSxx05 Pinouts Pinouts for SCSxx05 Terminal and Device Ports DCE and DTE SCSxx05 SCSxx05 Terminal Device Terminal Device DCE DTE x x A x A x o T12Y2Y2Y SG lt gt lt gt lt gt Note Default for Device Ports is DTE Setting RJ45 Connector C 2 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters SCSxx05 Adapters The adapters illustrated below are compatible with the Lantronix SCSxx05 models RJ45 Receptacle to DB25M DCE Adapter for the SCSxx05 Part 200 2066A DB25 Male 5 Use 200 2066 adapter with dumb terminal with most SUN applications C 3 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB25F DCE Adapter for the SCSxx05 Part 200 2067 DB25 Female 5 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB9M DCE Adapter for the SCSxx05 200 2069A DB9 Qo 8 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB9F DCE Adapter for the SCSxx05 Part 200 2070 DB9 Female oO 8 Use 200 2070A adapter with a PC s ser
55. actory configured as DCE devices Flow Control The device port flow control setting determines the method of flow control The two most common settings are XON XOFF software and RTS CTS hardware The default setting for the device ports is XON XOFF Check the equipment documentation for the correct flow control setting Buffering The Inhibit Buffering in Direct setting allows the administrator to turn off port buffering while a user is connected to the device and is in direct mode The device port buffer still collects data while not in direct mode when this setting is active You may disable direct mode buffering so other users cannot view sensitive data but the system stores alert and panic messages from the attached device when nobody is connected This setting is disabled by default so buffer data is collected both in and out of direct mode connections Use connections to display a snapshot list of all users connected in direct mode cat Use cat port name or number to display the buffer information for that port clear Use clear port name or number to clear the buffer for that port less Use less port name or number to browse the buffer for that port When the buffer reaches the capacity of the screen it pauses press the spacebar to continue the display When the buffer reaches the end it displays END press q to quit the less program and return to the command line logout Use logout to quit your session wi
56. admin gt reboot Once the console server reboots attempt to access the ports from your Telnet client workstation or machine Access from a Unix workstation is similar to that shown below kerrym quasar Telnet 192 168 202 11 Trying 192 168 202 11 Connected to 192 168 202 11 192 168 202 11 Escape character is km3205 1ci net login kerrym Password Entering Direct mode Server 1 or to a port Trying 192 168 201 60 Connected to km3205 lci net 192 168 201 60 Escape character is km3205 1ci net login kerrym Password Last login Wed Mar 20 10 00 58 from 192 168 201 60 Entering Direct mode Server 13 9 8 SCSxx05 SCSxx20 User Guide 9 Port Access Bypassing Authentication Note The ability to bypass the authentication mechanisms as described below may not be deployed on your particular console server If it has been deployed on your console server and you have specified that authentication should not take place on certain serial ports beware Enable this feature only if the console server is located within a fully protected internal network and all of the users can be trusted The console server requires each user of a serial port to be authenticated by the console server itself The console server also requires each user who accesses the serial ports to have the proper direct listen and or clear port permissions on a per port basis This is the default opera
57. admin setup program By default the static routes file does not exist 9 To create and populate the static routes file go the etc sysconfig directory and issue the following command all on a single line net 192 168 202 0 is the network segment being connected substitute 192 168 202 0 with your segment number netmask 255 255 255 0 is your desired netmask and gw is the IP address of the gateway to the segment After assigning your static route cycle the ethO interface Oo ES iy Testing Now verify that you can access the serial ports on an IP address basis You can test this from the SCS itself Exit the root user and perform this from the sysadmin shell level If you have not set up the local or NIS port permission file for the user on the console server the user will not have access to the serial port exit sysadmin km3210 var tmp Telnet 192 168 202 11 Trying 172 20 202 11 Connected to 172 20 202 11 Escape character is i km3205 1ci net km3205 1ci net login kerrym Password Last login Fri Mar 15 12 20 14 from quasar i Entering Direct mode Server 1 Press here to break the connection see below Connection closed by foreign host sysadmin km3210 var tmp If you have not changed th
58. ains the same info as the first line Secrets for authentication using CHAP i clients server secret IP addresses example SCS localdomain password 1 SCS localdomain example password 2 4 Press Esc to exit editing mode The setup menu returns with Configure PAP Secrets selected 4 15 SCSxx05 SCSxx20 User Guide 4 Configuration Configuring PAP Secrets PAP is the default authentication method The parameters include Client Server Secret password used for authentication generated by the system administrator address acceptable local IP address 1 With PAP Secrets on the setup menu selected press Enter The PAP secrets prompt displays 2 Use the arrows to move the cursor to the end of the first line Secrets for authentication using PAP and press Enter to create a new line 3 Enter the PAP secrets information as four separate fields separating the entries with a space client server secret and IP address Do not use a sign which indicates a comment Edit pap secrets i Use Escape to end edit Each line should contain four fields containing i Client server secret IP address The second line usually contains the same info the first line Secrets for authentication using PAP clients server secret IP addresses 4 Press Enter The setup menu returns with Configure User Authentication selected Configuring User Authenti
59. alics are non printing characters or signals Hexadecimal to Character Conversion Hexadecimal Equivalent Hexadecimal Character Code Equivalent Character B 1 SCSxx05 SCSxx20 User Guide B Hexadecimal Conversion Chart Hexadecimal Equivalent Hexadecimal Equivalent Character Character B 2 C Pinouts and Adapters The serial device ports of the SCSxx05 SCSxx20 products match the RJ45 pinouts of the console ports of many popular devices found in a network environment The SCS uses conventional Category 5 fully pinned network cables for all connections the cables are available from Lantronix in various lengths In some cases you will need an adaptor for your serial devices Lantronix offers a variety of RJ45 to serial connector adapters for many devices These adapters convert the RJ45 connection on the SCS to a 9 pin or 25 pin serial connector found on some other manufacturer s serial devices You can configure the SCSxx05 SCSxx20 device ports as either DTE or DCE ports using a software command thus reducing the issues in making custom pinned cables for different devices The serial terminal port is wired in the same manner as the device ports and has the same signal options Note It is generally not necessary to change the configuration of the terminal port other than its data rate Therefore no options are available on the setup menu or Web interface for changing its configuration If you need to make
60. ands 8 1 Device Commands 8 7 User Management Commands 8 9 User Commands 8 12 Advanced Sysadmin Commands 8 13 Summary of Commands A summary of the SCS commands is provided below Some commands only sysadmin can access while all defined users can access others sysadmin X 8 1 Table 8 1 Summary of Commands User Command x alias configrestoe configsave x connections x direct dfedee x edibrk 0 0 NEN x _install modem x 486 20 X x listen 2 2 x logout 2 x man modem hangup Purpose Adds a user Lists command aliases Go to a Linux bash prompt Breaks a connection Displays the history buffer for a port Lists files changed from factory settings Clears port buffer Restores a configuration Saves a configuration Lists all users in direct mode Deletes a user Enters direct mode Configures the device port type Edits user send break sequence Edits device settings Edits user direct mode escape sequence Edits user settings Deselects a port Displays help Shows system information Installs internal modem SCSxx20 only Browses history buffer Lists device names Listens to a port Lists users Logs out Displays online man
61. assphrase Identity added home max ssh identity max miraclehut max miraclehut jay ssh humperdink castle In the first step invoke the ssh agent giving it a child program to run The agent gives access to my key s only to its children run bash here so that every program run in this new bash shell can have access to my private key just as well could have typed ssh agent xterm or ssh agent startx to give all programs run in a specific xterm or in X session respectively this kind of access In the second step actually give the agent my key decrypt it once by entering my passphrase won t have to type my passphrase again until quit bash Finally in the third step ssh to my humperdink account on the castle host As long as have set up that account properly by appending this account s ssh identity pub to the end of humperdink castle ssh authorized keys file I ll connect with no password whatsoever can keep doing things like this over and over using scp to copy files ssh to login interactively or ssh user target command to execute commands a remote host When I m done can type exit to kill off the bash shell and thus the agent 8 13 SCSxx05 SCSxx20 User Guide 8 Commands Using Single Signon to Save Time To automate and save time try this max miraclehut ssh agent bin bash max miraclehut max ssh add Need passphrase for home max ssh identity max miraclehu
62. cation This option on the setup menu provides a submenu of user authentication methods Only one external authentication method NIS LDAP or RADIUS may be enabled at a time Enabling one method automatically disables the others NIS default is disabled LDAP default is disabled RADIUS default is disabled Global port permissions 4 16 SCSxx05 SCSxx20 User Guide 4 Configuration 1 With Configure User Authentication selected press Enter The User Authentication menu displays with Configure NIS selected Figure 4 3 User Authentication Menu 8 172 19 21 115 PuTTY Lantronix Inc 5654805 System Configuratio Configure NIS Do you want to configure to authenticate users to switch Windows Arrow Keys to choose Enter to sele v 2 Follow the instructions below for the method NIS LDAP or RADIUS you want to use In addition to the selected method you may configure global port permissions Configuring NIS If you are using NIS authentication you must Identity the NIS domain name often same as hostname Enable NIS default is disabled Identify NIS master server required if NIS is enabled Identify up to five NIS slave servers optional Note You must not use packet filtering firewall if you are using NIS because it would filter out the NIS packets 1 With Configure NIS selected press Enter The NIS domain name prompt displays 2 Enter the NIS domain name
63. cation mechanism for directly connected serial ports make two sets of changes 1 Seta flag in the Ici Iwip serial conf file based on the specific serial port IP port number entry The login process checks this file A one 1 in the authentication column indicates that authentication must be done A zero 0 indicates that authentication will not be done for this serial port IP port number entry Note The authentication flag is specific to each serial port IP port number entry You can allow direct access to a serial port by an IP port number or by an assigned IP address You may require authentication for serial ports accessed by assigned IP addresses and not require authentication for serial ports accessed by the IP port numbers You can configure this however you can make only one direct connection to a serial port at a time 9 9 SCSxx05 SCSxx20 User Guide 9 Port Access 2 Setup the nobody conf file and modify it accordingly a Login to the sysadmin account and then go into the bash shell sysadmin bash sysadmin km3210 var tmp su Password root km3210 var tmp cd lci users root km3210 1 1 cp default user conf nobody conf root km3210 1 1 vi nobody conf b Setthe desired port permissions for ALLOW DIRECT ALLOW LISTEN and ALLOW CLEAR accordingly Use a zero 0 to specify that this action direct listen or clear cannot be done on any of the ports Otherwise specify a range and or comma separated en
64. ccessfully ronotlHbf8z 0 var tmpi ronotlbfs8z var tmpi exit exit sysadminlbf820 var tmp exit exit sysadmin gt logout To change the root level password of the SCS follow the procedure below It uses the passwd command but with some changes for root level The default root password is root 1 Log in sysadmin The command line prompt displays 2 Type bash to start a shell process notice sysadmin level 3 su switch user to root level enter the existing root password default root After the system accepts the password notice that the root level sysadmin SCSXXYY 4 Type passwd to change the root level password The authentication tokens updated message displays 5 Type exit to leave root level sysadmin 6 Type exit to leave shell level sysadmin 7 Type logout to log out of the system Note Before you SAVE the system data verify that your new root password is correct Repeat step 3 and when you are prompted for a password enter the new password 7 2 SCSxx05 SCSxx20 User Guide T System Administrator and User Functions If You Misplace the Sysadmin Password You can lock the system down and prevent programming access if you misplace your password If this should happen recover the system as follows 1 Connect a terminal PC running terminal software to the terminal port on the SCS Power up the SCS At the boot prompt type At the second boot prompt
65. ce is a 10Base T 100Base TX connector for use with a conventional TCP IP network using standard RJ45 terminated Category 5 cables The system administrator must configure the network parameters before the SCS can be accessed over the network Modem SCSxx20 The optional modem module connects to a conventional telephone line using standard RJ11 modular telephone cable The analog modem on the card connects at speeds up to 38 400 baud Any PPP features require a modem With the modem installed the SCSxx20 supports Plain Text TTY connection with PAP or CHAP authentication Callback connection Both the SCSxx05 and SCSxx20 can work with an external modem Power Manager The SCSxx20 has an extra power manager port for connection to the Lantronix Power Control Unit PCU8 However any available device port may be used as the power manager port on the SCSxx05 and SCSxx20 Figure 1 5 SCS4805 Rear Panel Connections for Network Terminal Console and Device Ports Access Control The system administrator controls access to attached servers or devices by assigning access rights to up to 128 user profiles Each user has an assigned ID password and access rights Other access options may include externally configured authentication methods such as NIS and LDAP 1 6 SCSxx05 SCSxx20 User Guide 1 Introduction Device Port Buffer The SCS products support port data buffering of the messages on the system
66. ch the one that is shown below root km3210 etc sysconfig network scripts ifconfig ethO Link encap Ethernet HWaddr 00 30 31 00 27 D5 inet addr 192 168 201 60 Bcast 192 168 201 255 Mask 255 255 255 0 j UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 i packets 164716 errors 0 dropped 0 overruns 0 frame 0 TX packets 8039 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 Interrupt 11 Base address 0x1000 eth0 0 Link encap Ethernet HWaddr 00 30 31 00 27 D5 inet addr 192 168 202 11 Bcast 192 168 255 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 i Interrupt 11 Base address 0x1000 lo Link encap Local Loopback inet addr 127 0 0 1 Mask 255 0 0 0 UP LOOPBACK RUNNING MTU 3924 Metric 1 packets 49 errors 0 dropped 0 overruns 0 frame 0 TX packets 49 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 8 If any of the values is not correct update your config file s accordingly From the terminal port not a network login cycle the ethO interface root km3210 etc sysconfig network scripts ifdown ethO root km3210 etc sysconfig network scripts ifup ethO 9 6 SCSxx05 SCSxx20 User Guide 9 Port Access Note If you need to set up an additional gateway to access the aliased IP addresses from client workstation s for example set up the etc sysconfig static routes file This is an additional gateway the default gateway is set up through the sys
67. character of the existing IP address setting 4 Enter a new IP address as follows a Use the left or right arrow to move the cursor to the left or to the right position Use the up and down arrows to increment or decrement the numerical value b When you have the complete parameter value as you want it press the ENTER button to complete the entry The system will save your new value indicated with an asterisk in the display after you complete all required parameters Note You must edit the IP Address the Subnet Mask and the Gateway parameters together for a valid IP address combination Press the down arrow to move to the next parameter Repeat steps 3 5 to select and complete the remaining options To save your entries for that group of parameters when you are done In response to the Save Changes prompt press the down arrow button again A Yes No prompt displays b To save the changes use the left right arrow buttons to select Yes and press the ENTER button When network parameters are successfully changed the front display indicates Network Restarting If you do not see this display there is an error with your entry and no network changes were implemented You must go back and re enter the parameters Repeat steps 3 7 for each menu option To review the saved settings press the up or down arrows to step through the current settings When you are done the front panel returns to the clock display The ne
68. characters or longer and are case sensitive SCSxx05 SCSxx20 User Guide 8 Commands User Commands After the user logs in to the system the user name becomes the command prompt For example ross displays after Ross logs in Users log in to identify themselves to the system and to access the device ports to which the system administrator has assigned them privileges select Use select port name or numbers to select a port only applies to ports for which this user is allowed clear direct or listen access direct Use direct port name or number to connect to a port only applies to a port for which this user is allowed direct access telnetconfig Use telnetconfig lt port name or number or telnetconfig IP address gt to assign a unique TCP port or IP address to a device port so that Telnet can be used to connect to the device port Only the sysadmin user has permission to run telnetconfig Users who wish to Telnet to a device port must have must have direct access rights to use this command listen Use listen port name or numbers to listen to a port only applies to ports for which this user is allowed listen access clear Use clear port name or number to clear the buffer of a device port only applies to ports for which this user is allowed clear access exit Use exit to disconnect from a port that you are connected to When you are disconnected the command line displays logout The user can
69. cket Filtering 4 4 4 1 SCSxx05 SCSxx20 User Guide 4 Configuration Topic Page Configuring Device Ports 4 5 Updating Software 4 14 Using Done 4 16 Saving 4 17 Rebooting 4 17 Connecting Using Telnet or Your Serial Terminal If you are not already connected as described in Quick Start you have two options Connect the terminal port to a VT100 terminal device or computer using a VT100 terminal emulation program See Connecting a Terminal Telnet via your network connection Your screen displays the SCS name and a login prompt after power up Logging in as System Administrator If you are not already logged in as described in Quick Start follow these steps 1 Type sysadmin a predefined user with special privileges and press Enter The Password prompt displays SCS4805 login sysadmin Password sysadmin gt 2 Type your password and press Enter The default password is PASS The password does not display when you type it If this is the first time you have logged in as the system administrator the setup configuration screen displays Accessing the Setup Menu The following screen displays when the setup program starts whether automatically the first time the sysadmin logs in or when the system administrator enters the setup command after logging in 1 If this is not the first time you have logged in type setup and press Enter 4 2 SCSxx05 SCSxx20 User Guide 4 Configuration Figure 4 1
70. command line SUMMARY OF LESS COMMANDS Commands marked with may be preceded by a number N Notes in parentheses indicate the behavior if N is given h H Display this help Q Q 22 Exit MOVING pattern Search backward for N th matching line HELP Press RETURN for more q when done HELP Press RETURN for more when done HELP Press RETURN for more or when done e E j N CR Forward one line or N lines y Y K P Backward one line or N lines f F V SPACE Forward one window or lines b B ESC v Backward one window or lines 2 Forward one window and set window to N Backward one window and set window to ESC SPACE Forward one window but don t stop at end of file d D Forward one half window and set half window to u U Backward one half window and set half window to ESC RightArrow Left 8 character positions positions ESC lLeftArrow Right 8 character positions positions F Forward forever like tail f r R L Repaint screen en done R Repaint screen discarding buffered input Default window is the screen height Default half window is half of the screen height A 1 SCSxx05 SCSxx20 User Guide A Unix Command Help SEARCHING pattern Search forward for N th matching line pattern Search backward for N th matching line ESC B cl c2 Find open bracket lt 1 gt pattern
71. connection during service events however any user who has access to the VT100 terminal and a password can log into the system this way SCS4805 SCS4805 login 5 54805 login imauser Password imauser 1 Atthe SCS login prompt enter your user name and press Enter Note Always use the Enter key near the alohanumeric keys your keyboard 2 Atthe Password prompt enter your password and press Enter The system does not display the characters you type The command prompt changes to the user s login name as above Modem Module The SCSxx20 with the optional modem module can support three configurations Plain text tty Provides an interface identical to that of the terminal port or a telnet ed user with the standard login and password prompts 9 PPP connection Allows a remote user to establish a PPP connection with the SCS You need a standard SCS user password pair to authenticate to the system IP traffic can then be forwarded through the SCS to the Ethernet port This allows standard Internet applications to communicate to systems including the SCSxx20 on the network attached to the Ethernet port of the SCSxx20 These applications include but are not limited to telnet ftp and SSH CHAP is also supported Callback Connection Allows a remote user to establish a connection with the SCSxx20 only after the user logs in with a callback pseudo user at which time the SCSxx20 drops the connection delays f
72. d as the location on i the server to get and put configuration save files What is the value for FTPPATH Answer scs updates Enter the default path on the server for obtaining software files and getting and putting configuration save files and press Enter The ftp user prompt displays What is the value for FTPUSER If you selected ftp as the protocol you will need to specify an ftp user for the server The default entry will work if the ftp server allows anonymous access and the FTPPATH specified allows anonymous puts What is the value for FTPUSER Answer backup P A A A o M n What is the value for FTPPASSWORD If you selected ftp as the protocol you will need to specify a password for the ftp user of the server The default entry will work if the ftp server allows anonymous access the FTPPATH specified allows anonymous puts What is the value for FTPPASSWORD Answer backup 4 15 SCSxx05 SCSxx20 User Guide 4 Configuration 6 Enter the ftp user password and press Enter The install software updates prompt displays Input value for Install Software Update Enter a space separated list of software update files to apply They will be obtained from the server specified by SERVERIPADDR Unless the filename her
73. e autofs restart or service autofs stop service autofs start 9 Port Access The SCS provides various ways of accessing serial ports This chapter includes the following topics Telnet to Serial Port 9 1 IP Address per Serial Port Feature 9 5 Telnet to Serial Port Feature This section describes how to set up and use the Telnet to a Serial Port feature of the SCS It assumes that you have otherwise configured the unit and that the console server has connectivity to the network The system administrator can assign the serial ports individual IP port numbers and or distinct IP addresses You can disable authentication on the console server for directly connected serial ports This section discusses the setup use and security considerations for port access Accessing Serial Ports You can set up the Telnet to a Serial Port feature so that you can access a serial port by entering a predefined IP port number on the Telnet client s command line or by using distinct IP addresses assigned to each serial port You can set up the console server in several simple steps The reason to use one access method or the other is site specific If your site has limited IP addresses available then you may want to define separate IP port numbers for the serial ports and use these numbers in combination with the console server s IP address f you have enough IP addresses available and would like to assign names to each
74. e device port s These files keep a history of the data received from the port s The default value is two files even if no entry is made here you may keep as many files as you wish If you are specifying a range or a group of ports remember that each port will have its own unique files the log file name s contain the port number to differentiate the similar files in the log file directory 4 Press Enter The log file path prompt displays Enter the log directory path for the log file s The system defaults this path to var tmp if you make no entry Ensure that the directory exists and is writeable Set Log File Path for Device Port xx Set the Log File Path name must end in i e var log tmp for Port xx Answer var tmp 6 Press Enter The log file size prompt displays SCSxx05 SCSxx20 User Guide 4 Configuration 7 Enterthe desired log file size in bytes 2048 2K The default is 2048 bytes The amount of available memory limits the maximum size of the log file 8 Press Enter the Device Logging Parameters menu returns with Syslog Port Logging selected Syslog Logging by Port Next you configure the following syslog options for the same port s Enable Disable default is disabled Syslog Facility user localO local1 local2 etc local7 9 Set Syslog Level Emergency Alert Critical Error Warning Notice Info Debug 1 With Syslog Port Logging selected press Enter Th
75. e escape sequence press Esc A to break the connection and return to the client In this manner verify that you are able to connect to all of your configured serial ports Once you have verified connectivity to all ports you are ready to save to flash 9 7 SCSxx05 SCSxx20 User Guide 9 Port Access Saving the Changes to Flash Once you have completed the setup and test change the file system back to read only and save the changes to flash Note that on the system shown below NIS was running NIS was used for both the login authentication of kerrym and to obtain the permissions for the serial port root km3210 var tmp exit exit sysadmin km3210 var tmp exit exit sysadmin gt SAVE Shutting down Timeout daemon 1 Shutting down NIS services OK Saving random seed OK Initializing random number generator OK mounting filesystem read write delete etc old copy files from ram disk to etc new copy complete moving etc to etc old move complete etc updated mounting filesystem read only ram disk mounted as etc Starting Timeout daemon OK Binding to the NIS domain OK Listening for an NIS domain server quasar lci net system SAVE complete sysadmin gt Final Testing Reboot the SCS to verify that the test procedures above operate If not return to the appropriate section above and verify your setup From the command line shell of the sysadmin login command a reboot sys
76. e is specified with a path the files will be obtained from FTPPATH Successfully applied updates will appear in the Updates Applied item below Input value for Install Software Update s Answer upgrade to 4 3 partl sh upgrade to 4 3 part2 sh 7 Enter the software update files with a space between file names to obtain from the server you specified and press Enter The edit updates applied prompt displays 8 Add delete or change any of the listed files and press Esc to exit editing mode The setup menu returns with Done selected Note To save or restore a configuration use the config save or config restore commands respectively Using Done After completing the setup menu use Done the last option to finalize and exit the setup process 1 Select Done and press Enter The system asks whether to keep the recent parameter changes 2 Tosave the parameter changes in RAM volatile memory in preparation for using the SAVE command select Yes It may take several minutes for the system to save your changes Changes that the system accepts are marked OK in green Changes that involve disabling an option that was enabled previously are marked Failed in red 4 16 SCSxx05 SCSxx20 User Guide 4 Configuration Saving This SAVE command saves all changes and updates to non volatile memory The SCS automatically saves the programmed parameters after running the setup script for the first time only After that
77. e syslog flag prompt displays 2 Select to Enable or Disable default syslogging for the port s and press Enter The syslog facility prompt displays 3 From list select the syslog facility to use for the port s and press Enter The set syslog level prompt displays 4 From list select the syslog alert level for the port s The levels are from the top down most severe to least severe They classify the importance of each connected server within your configuration 5 Press Enter The Device Logging Parameters menu returns with Email Logging Port selected Email Logging Email Logging Email Notification sends an email message to pre defined email addresses when alert criteria have been met Data received on the SCS device port s trigger the alert The default is disabled although some preset values are entered for the timers Email logging provides the following options for a port or group of ports Enable disable default is disabled Alarm byte count count the number of characters to trigger an alarm Alarm timer how long to capture data after byte count trigger Alarm ignore timer how long after byte count trigger to ignore additional alarms Email subject line put in a message header to be read in the email subject Send email address to email address 1 With Email Logging Port selected press Enter The email flag prompt displays 2 Select Enab
78. ected to the serial port Assume we have three devices connected to three different serial ports Serial port 1 is connected to the console of a Sun server named quasar Serial port 2 is connected to the console of a SGI named seyfert Serial port is connected to the console of an HP named stellar We assigned a distinct IP address to each console server serial port Then we associated these three IP addresses to the names quasar seyfert and c stellar in the DNS system The command to access the console of seyfert is Telnet c seyfert Using either of the two methods above the user can directly connect to a serial port without actually logging on to the console server and entering the appropriate direct command Note that the only action supported is the direct connection to a port 9 2 SCSxx05 SCSxx20 User Guide 9 Port Access Assigning an IP Port Number to a Serial Port You need to modify two files to assign an IP port number to a serial port In our example we specify that IP port number 9001 correlates to serial port 1 IP port number 9002 correlates to serial port 2 and so on up to 9048 correlating to device port 48 in the SCS4805 These IP addresses are simply the default values and the convention chosen in this example If you choose your own port numbers ensure that they do not conflict with existing entries in etc inetd conf 1 The first file to edit is etc inetd conf
79. em will accept it As soon as you enter the password the system creates the new user identity and authenticates and creates the default parameters for it When the user logs in for the first time the system asks for this password This password is case sensitive Users can change their own passwords using the passwd command at a later time 8 9 SCSxx05 SCSxx20 User Guide 8 Commands SE Lantronix 505 viewed with PuTTY in telnet mode Bl x aysadmin sysadmin adduser paul Changing password for user paul UNIZ password Retype new UNIX password passwd all authentication tokens updated successfully Enter accepts present value Server number of O izero will remove all access to servers ESCAPE SEQS BREAK SEGS xibB gt ALLOW CLEARS 1 48 gt z z5 35 43 ALLOW DIRECTS 1 48 gt 2 43 ALLOW LISTEN 1 48 gt Are you sure v sysadmin p sysadmin x The system automatically enters the edituser mode for this new user allowing the system administrator to change any of the preset parameters edituser Use this command to edit the port configuration and default operational sequences for that user profile This command creates user IDs and privileges The system prompts the sysadmin to define the device ports that the user will be allowed to access for direct connections You can administer ports Individually e g 4 As a range e g 5 7 As selective ports e g 1 4 5 6 9 As combinat
80. ending on your application of SSH Refer to the man pages for SSH for a description and command options ssh keygen Use ssh keygen to create the security keys for your client system to interact with an SSH host elsewhere After the keys have been generated the user can establish a secure shell connection using SSH over a network see Advanced Sysadmin Commands later in this chapter for an ssh keygen tutorial Refer to the man pages for SSH for a description and command options syslog The SCS keeps a system log file called var log syslog The level of logging is controlled by the file etc syslog conf The SCS can log the following Warning level events no events Notice level events Device settings changed Begin and end direct mode Device buffer cleared Begin and end listen mode Begin and end bash shell Info level events User settings modified A User begin and end of SCS command shell Device selected Device unselected exit command 8 5 SCSxx05 SCSxx20 User Guide 8 Commands Device buffer examined less or cat User becomes root The SCS comes set to log all warnings and higher events The default file entry is warning with lower level settings a lower level generates more messages in notice and info even more events To change the logging level 1 Login as sysadmin 2 Type bash and press Enter 3 Editthe file etc syslog conf vi etc
81. er ci V3 13 sysadmin gt sysadmin gt version a SAVE V3 23 break V3 08 ci V3 13 connections V3 04 devices V3 11 direct V3 14 dtedce V3 17 SCSxx05 SCSxx20 User Guide 8 Commands edituser V3 05 led V3 13 lciclear V3 06 lcistty V3 06 listen V3 21 listend V3 22 ltxloggerd V1 17 lu V3 05 modem reset V3 10 perms V3 09 timeout V3 08 timeoutd V3 06 lci system configure 1 22 EXAR XR16L788 Device Driver V2 8 SCS4805 release date Thu Sep 19 16 14 49 2002 V4 0 sysadmin Device Commands The system administrator may define the device port parameters using the devices editdev and listdev commands of Lantronix SCS viewed with PuTTY in telnet mode loj x sysadmin sysadmin sysadmin devices 1 Enter accepts present value D1 Enter device name DEVICE 015 Hale Se OE Ss 4 38400 5 578600 6 115200 BAUD RATE 9600 em BITS Di Hone 1 Odd Zz Even 3 Mark 4 Space PARITY HONE Ee M BSE DATA BITS 65 Ma Egg SI EQUIP PORT TYPE DTE Di O XON OFF 1 RTS CTS FLOW CONTROL XON XOFF Dis ug cc WIES INHIBIT BUFFERING DIRECT No Ho changes were made no update occurred sysadmin sysadmin ll devices Use devices to obtain a list of all options for all device ports Press the spacebar to continue the list and press q when you reach the end prompt editdev Use editdev u
82. es for automount The following example describes how to set up the SCS so that whenever user tomv logs into the SCS and accesses its home directory the system uses the NFS mounted file system on the erh62 server 1 Look at the configuration files The auto master file tells automount where to mount the list of files that are present in the auto export file a In auto master add the following line lexport home etc auto export timeout 60 where lexport home The mount point on the SCS Must be defined letc auto export The file that contains the list of mounts for export home timeout Number of seconds the mount is inactive before being unmounted 0 file will not be unmounted 8 16 SCSxx05 SCSxx20 User Guide 8 Commands b In the auto export file add the following tomv fstype nfs rw intr soft bg erh62 home tomv where tomv The NFS mounted directory name fstype The comma delimited option list that mount will use erh62 home tomv The server name and directory that the SCS will use 2 Once the configuration files are complete start the autofs service by issuing the following command service autofs start For completeness you can place a symlink in the home directory In 5 export home tomv tomv Now the user can access the user s home directory using the path Ihome tomv If you need to change the autofs configuration files you must restart the service by doing one of the following servic
83. evant name and for feature access and buffer logging You can configure device ports for departments for identifying equipment types or for any other reason in any combination groups can be any individual port number any range of numbers or a combination of both Device ports remain unique the groups are not used for access but merely to assist in your setup of the device ports Device Port Names change or accept defaults Device Port Parameters by port or group of ports Device Logging Parameters by port or group of ports Done Device Ports writes the device port parameters to flash when executed Device Port Menu 1 Select Configure Device Ports on the setup menu The system may take a few seconds to show an intermediate screen and then continue to the Device Port menu with Device Port Names selected 2 Continue with Device Port Names or select one of the other options from the menu Figure 4 4 Configure Device Ports Menu i Lantroniw SES viewed with PuTTY in telnet mode E xj Lantronix Inc EcS4805 System Configuration Device Fore PnEmmeERES Device Port Parameters Device Logging Parameters bane Device Ports TAB switch Windows Arrow Keys to choose Enter to select Device Port Names The Device Port Names option allows you to assign a meaningful name to each device port Default values are DEVICE 01 through DEVICE 48 for the 5 54805 You can rename each port indiv
84. fering may be inhibited on a port by port basis 99999 2 4 SCSxx05 SCSxx20 User Guide 2 Installation Connecting the Network Port The SCS s network port 10Base T 100Base TX allows remote access to the attached devices and the system administrative functions You must first set up the network parameters for the network port before you can reach the SCS remotely You can change the network parameters from the front panel of the SCS or you may Telnet to the default address Refer to the Quick Start chapter for instructions Connecting the Modem Port SCSxx20 An optional modem module is available for the SCSxx20 The modem may be installed at the factory or can be ordered separately for later installation Caution When installing or removing a modem be extremely careful to avoid contact with interior components Contact could cause a short resulting in fire or electric shock Figure 2 6 5 51620 Modem Module The SCSxx20 modem is an analog modem supporting connection rates up to 38 400 baud The modem has a single RJ11 type analog telephone jack plus five status LEDs The user interface to the modem is identical to that found on the terminal port or the network port The modem is configured as device port 19 on the SCS1620 and device port 11 on the SCS820 The default communication parameters for the modem port are 38400 baud 8 data bits 1 stop bit No parity RTS CTS flow control 999 You initially conf
85. figuring Modem SCSxx20 Only 4 12 SCSxx20 only Packet Filtering Configuring Firewall Packet Filtering 4 4 Device Ports Configuring Device Ports 4 5 S W Updates Updating Software 4 14 Some functions cannot be administered using the Web interface Users cannot access the system using the Web interface only the system administrator can cannot enable or disable the Web interface from the Web interface You cannot reboot power off or access the command line interface from the Web interface Web Access Delay The Web interface has a built in delay of approximately one minute between sessions to allow the system to write files as required before the next Web interface session can open This delay also prohibits two network users from accessing the system via the Web interface at the same time After the current user closes the browser and the timeout expires click the hostname in this case 5 51620 at the top of the page The login window displays Figure 5 5 Web Access Delay Message 5 51620 5CS51620 support int lantronix com Web Configuration Utility LANTRONIX Device in use access denied until current user times out 1 min Click device hostname above for access Note If you properly exit the Web interface and then reconnect from the same IP connection the delay might not occur 5 3 SCSxx05 SCSxx20 User Guide 5 Web Interface Saving Web Interface Entries Figure 5 6 Buttons at Bo
86. g disables the buffering on a port including bi directional traffic that a system administrator or user may record in direct mode Therefore a system administrator may choose to inhibit buffering temporarily when entering sensitive data so the other users cannot view the data Alert and panic messages from the attached device are still stored when nobody is connected 4 9 SCSxx05 SCSxx20 User Guide 4 Configuration 1 Select Yes to disable buffering or select No default to enable buffering 2 Press Enter You have two options Togo back and change any of your settings for this port or group of ports select the Setup the Device parameters option or When you are satisfied with the changes you have made or you wish to administer additional ports select Done 3 Press Enter If you selected Done you now confirm your changes Confirm Changes 1 To commit your changes to flash memory now a Select Yes You cannot undo this group of device parameter changes after this point If you select No you return to the previous screens to make changes b Press Enter There is a short delay while the system saves the changes to flash memory After the changes are confirmed the system offers the ability to configure a different port or group of ports 2 You have two options the process of setting device port parameters select Yes or 9 To move on to the next option Device Logging select No 3 Press
87. hapter for a list of the commands including steps to change the system s passwords This chapter includes the following topics Topic Page Before You Begin 3 1 Method 1 Using the Front Panel Display 3 2 Method 2 Using Telnet 3 4 Before You Begin Before you begin make sure you know An IP address that will be unique and valid on your network Out of the box the IP network port identity has a generic default value of 10 0 0 1 Subnet mask generic default value is 255 0 0 0 Gateway DNS settings Date time and time zone Terminal port settings 9 9 9 Make sure the SCS is plugged in to power and is turned on 3 1 SCSxx05 SCSxx20 User Guide 3 Quick Start Method 1 Using the Front Panel Display You can use the front panel display and pushbuttons to set up the basic network interface The system administrator can then access the SCS using your existing IP network Figure 3 1 Front Panel LCD Display and Five Pushbuttons Enter Up Down Left and Right The front panel display initially shows the server name e g SCS4805 and the date and time Using the five pushbuttons you can change the IP Address subnet mask gateway and DNS settings date time and time zone features and terminal port baud rate settings Note Have your information handy as the display will time out without accepting any unsaved changes if you take more than 30 seconds between entries Once you save the values for
88. ial port C 6 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB9M DTE Adapter for the SCSxx05 Part 200 2071 C 7 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB9F DTE Adapter for the SCSxx05 Part 200 2072 DES FEMALE 2 4 8 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB25M DTE Adapter for the SCSxx05 Part 200 2073 C 9 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 Receptacle to DB25F DTE Adapter for the SCSxx05 200 2074 SCSxx05 SCSxx20 User Guide C Pinouts and Adapters RJ45 to RJ45F Netra Adapter for the SCSxx05 Part 200 2225 aide Label 2 Use this adapter for Netra SUN CISCO and others SCSxx05 SCSxx20 User Guide C Pinouts and Adapters SCSxx20 SCSxx20 Pinouts Pinouts for SCSxx20 Terminal and Device Ports DCE and DTE 5 51620 Terminal Device DCE x N A l o gt a SG M D gt gt v 5 51620 Terminal Device DTE x A N gt 5 o AAVAYAY Note Default for Device Ports is DCE Setting RJ45 Connector SCSxx05 SCSxx20 User Guide C Pinouts and Adapters SCSxx20 Adapters The adapters illustrated below are compatible with the Lantronix SCSxx20 models RJ45 Receptacle to
89. idually to have a server name description or other relevant naming convention 1 administer port names select Device Port Names and press Enter 2 Enter a port number and press Enter You have two options You can choose to name the device port or select Done to exit this option 3 To name the device port select Set the Name of a Device Port and press Enter The existing information for that device port displays The preset port names are DEVICE 01 through DEVICE 48 SCS4805 4 6 SCSxx05 SCSxx20 User Guide 4 Configuration 4 Backspace over the existing data and enter your name for this port The device name cannot contain a space Use an underscore if you need an empty space in the name 5 Press Enter You have two options Togo back and name or rename the same device port repeat steps 3 5 Tosave your name change to flash memory now select Done and press Enter A confirmation screen displays Continue with step 6 6 To confirm select Yes You cannot undo these name changes after this point If you select No you return to the previous screens to make changes 7 Press Enter There is a short delay while the system saves the changes to flash memory Now you can name a different port of group of ports 8 You have two options Torepeat the process of naming ports for a different port or group of ports select Yes move on to the next option Device Port Parameters select No 9
90. ight prepaid If the product is not under warranty the customer may have Lantronix repair the unit on a fee basis or return it No services are handled at the customer s site under this warranty This warranty is voided if the customer uses the product in an unauthorized or improper way or in an environment for which it was not designed Lantronix warrants the media containing its software product to be free from defects and warrants that the software will operate substantially according to Lantronix specifications for a period of 60 DAYS after the date of shipment The customer will ship defective media to Lantronix Lantronix will ship the replacement media to the customer In no event will Lantronix be responsible to the user in contract in tort including negligence strict liability or otherwise for any special indirect incidental or consequential damage or loss of equipment plant or power system cost of capital loss of profits or revenues cost of replacement power additional expenses in the use of existing software hardware equipment or facilities or claims against the user by its employees or customers resulting from the use of the information recommendations descriptions and safety notations supplied by Lantronix Lantronix liability is limited at its election to Refund of buyer s purchase price for such affected products without interest Repair or replacement of such products provided that the buyer follow
91. igure Telnet Timeout SCSxx05 SCSxx20 User Guide 4 Configuration 4 Press Enter The PPP timeout prompt displays To cause an idle PPP connection to be disconnected after a specified number of minutes backspace over the existing value and enter a number between 1 and 30 minutes Configure PPP Timeout Input value for Configure PPP Timeout Press Enter The terminal port timeout prompt displays To cause an idle terminal port connection to be disconnected after a specified number of minutes backspace over the existing value and enter a number between 1 and 30 minutes Configure Telnet Port Timeout Input value for Configure Terminal Port Timeout 8 Press Enter The setup menu returns with the next available menu option Configure Modem for the SCSxx20 or Configure CHAP Secrets for the SCSxx05 selected Configuring Modem SCSxx20 Only The internal modem is available but optional in the SCSxx20 products The Configure Modem option does not display on the SCSxx05 setup menu Note You configure an external modem by enabling a port as an operator port in the Configuring Device Ports option If a modem is installed configure it as follows Enable modem logins to allow PPP and or TTY default is disabled Enable modem TTY logins default is enabled Enable modem TTY modem callbacks The default is enabled Enter callback telephone number if you enable callbacks Enable PPP logins The default is enabled
92. igure the modem using the system s setup program see Configuration If you are installing a modem into a working SCSxx20 system refer to the Commands chapter 2 5 SCSxx05 SCSxx20 User Guide 2 Installation Power Manager Interface The SCSxx20 has a dedicated port for the Lantronix PCU8 Power Control Unit With the SCSxx05 and the SCSxx20 if desired you may use any available device port The PCU8 uses 9 connector on its serial connector and requires a Part Number 200 0069 DB9 to RJ45 adapter for that connection Lantronix supplies one such adapter with each PCU8 system The required default of PCU8 communication parameters for a device port for use as a power manager port are 9 9 9 9600 baud 8 data bits 1 stop bit No parity XON XOFF flow control DTE port type Refer to the PCU8 documentation for baud rate options 2 6 3 Quick Start This chapter helps you get your IP network port up and running quickly so you may administer the SCS using your network There are two methods to quick start the network connections 9 You may use the front panel display and buttons or You may use your existing IP network accessing the default IP address Once you have identified your IP network parameters to the SCS you can use your IP network connections to configure and administer it Note Be sure to address security issues access and passwords first when administering the system See the Commands c
93. ill be required to correct the interference at his own expense The user is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the user s authority to operate this equipment Changes or modifications to this device not explicitly approved by Lantronix will void the user s authority to operate this device The information in this guide may change without notice The manufacturer assumes no responsibility for any errors that may appear in this guide Date Part No Rev Comments 8 03 900 287 B Combined SCSxx05 and SCSxx20 products firmware v 4 3 and later in one user guide Updated warranty information 10 03 900 287 Added safety precautions in English and multiple languages revised declarations of conformity 4 04 900 287 D Removed Web interface Safety Precautions Please follow the safety precautions described below when installing and operating the SCSxx05 SCSxx20 Secure Console Server Cover Do not remove the cover of the chassis There are no user serviceable parts inside Opening or removing the cover may expose you to dangerous voltage that could cause fire or electric shock Refer all servicing to Lantronix Service personnel Dispose of used batteries according to the instructions There is a risk of explosion if the battery is replaced with an incorrect type Power Plug When disconnecting the power cable from the socket pull on the plug n
94. ing and press Enter The UDP public services prompt displays 9 To identify the UDP public services to be supported enter the services required for your configuration in the Answer field What is the value for UDP PUBLIC SERVICES This is the list of ports we allow UDP connections to 10 piece the Esc key to end text entry and press Enter to continue The setup menu returns with Configure Device Ports selected Configuring Device Ports Note It is generally not necessary to change the configuration of the terminal port other than its data rate Therefore no options are available on the setup menu or Web interface for changing its configuration If you need to make a change use the dtedce command to change the DTE or DCE setting and use the buttons on the front panel to change the baud rate see Method 1 Using the Front Panel Display The Configure Device Ports option on the setup menu is actually a script running within the setup script Therefore some of its processes are different from those of other options Done in the Configure Device Ports routine causes your changes to be written to the flash memory This is different from Done at the end of the setup menu list which just prepares the entries to be saved Also Back navigation is disabled some places 4 5 SCSxx05 SCSxx20 User Guide 4 Configuration Device Port Configuration Options You can configure the device ports for port identity apply a rel
95. ion CHAP Challenge Handshake Authentication Protocol A secure protocol for connecting to a system more secure than the PAP DHCP Dynamic Host Configuration Protocol Internet protocol for automating the configuration of computers that use TCP IP DNS Domain Name Servers A system that allows a network nameserver translate text host names into numeric IP addresses 1 4 SCSxx05 SCSxx20 User Guide 1 Introduction LDAP Lightweight Directory Access Protocol A set of protocols for accessing information directories NFS Network File System A protocol that allows file sharing across a network NIS Network Information System A network naming and administration system for smaller networks NTP Network Time Protocol A protocol used to synchronize time on networked computers and equipment PAP Password Authentication Protocol A method of user authentication in which the username and password are transmitted over a network and compared to a table of name password pairs PPP Point to Point Protocol A mechanism for creating and running IP and other network protocols over a serial link RADIUS Remote Authentication Dial In User Service An authentication and accounting system used by many Internet Service Providers ISPs SNMP Simple Network Management Protocol Commands that allow system administrators to monitor and manage nodes on a LAN Local Area Network and respond to queries from other network hos
96. ions of the above e g 1 4 6 8 The ALLOW CLEAR option determines whether a user may use the clear command to delete all the data stored in a device port FIFO buffer The administrator may want to inhibit this ability to preserve user accountability when accessing attached devices Users are allowed to clear buffers by default The ALLOW DIRECT option determines which devices a user may select for direct access The ALLOW LISTEN option determines which devices a user may select for listen mode 1 You have two options edit or change parameters for the sysadmin enter the command edituser without a user name edit or change parameters for a particular user after defining that user ID use the edituser command For example if the user newuser needed to have more concurrent login capabilities the administrator would type edituser newuser on the command line 2 As each line comes up change the settings and press Enter or press Enter to accept the current setting Note When editing any group of parameters press Enter to accept the current value and move to the next parameter in the list If you change any parameters the system prompts Are you sure 8 10 SCSxx05 SCSxx20 User Guide 8 Commands 3 To accept the changes type y for yes orto reject the changes type n or do not enter anything 4 Press Enter sysadmin sysadmin gt edituser Enter accepts present value Server number
97. irectory to mount Following is an example of how to use this facility to automatically mount an NFS file on the SCS In etc fstab the following entry must be present Idevidevice dir to mount parameters fs 5 passno where dev device The device to be mounted In the case of mounting an NFS file system the entry should be in the form of server name dir exported where server name is the name of the NFS file server and the dir exported is the exported directory found on the NFS server dir to mount The location at which the file system should be mounted on the SCS This directory has to be defined on the SCS or it will not work ftype The file system type For an NFS mounted file system use nfs parameters These are the parameters that are passed to the mount command They are in a comma delimited format fs freq This is used by dump to determine whether a file system needs to be dumped fs passno The fsck program uses this to determine the order to check disks at boot time An example of an entry in etc fstab is as follows erh62 export var test varitest nfs rw bg intr soft 0 0 To manually test whether the system will automatically mount file system boot time enter the following command to manually mount the file mount This command reads the etc fstab file and mounts all of the entries in the file that are not already mounted Once the system verifies the etc fstab file you m
98. itially set up using the setup command The Web interface is password protected using SSL encryption Always use the https prompt This chapter includes the following topics Accessing the Web Interface 5 1 Web Configuration Utility Main Page 5 2 Configurable Parameters 5 2 Web Access Delay 5 4 Saving Web Interface Entries 5 4 Exiting 5 4 Accessing the Web Interface Before using the Web interface you should have Assigned the IP address of the SCS using either the buttons on the front of the unit or the setup command Initially configured the unit using the setup command You must log in using the sysadmin username and password Cookies must be enabled in your browser 1 Launch your Browser and type https followed by the IP Address URL of your SCS For example if the IP address is 172 20 201 245 the login URL is https 172 20 201 245 Figure 5 1 IP Address of SCS in URL Welcome to MSN com Microsoft Internet Explorer Edit View Favorites Tools Help dem Bark p 5 uu d Search Favorites eMedia 534 ET b Address 172 19 21 245 SSL security alert displays 2 Click Yes Enter the username sysadmin and your sysadmin password default is PASS 4 Click OK The Lantronix Web Configuration Utility Main page displays 5 1 SCSxx05 SCSxx20 User Guide 5 Web Interface Web Configuration Utility Main Page The Web Configuration Utility allows the
99. l Installation Power AC Input DC Input Connecting a Terminal Connecting to a Device Port Connecting the Network Port Connecting the Modem Port SCSxx20 Power Manager Interface 3 Quick Start Before You Begin Method 1 Using the Front Panel Display Navigating Entering the Settings Method 2 Using Telnet 4 Configuration XV 1 1 154 1 3 1 4 1 4 1 5 1 5 1 5 1 6 1 6 1 6 1 6 1 7 1 7 1 7 1 7 1 7 1 8 1 9 1 10 2 1 2 1 2 2 2 2 2 2 2 3 2 4 2 5 2 6 3 1 3 1 3 2 3 2 3 2 3 4 4 1 Connecting Using Telnet or Your Serial Terminal 4 2 Logging in as System Administrator 4 2 Accessing the Setup Menu 4 2 Navigating 4 3 Done Option 4 4 Configuring Hostname and IP Address 4 4 Configuring Timezone 4 6 Configuring DNS 4 8 Configuring Services 4 9 Enabling Disabling Web Configuration 4 10 Configuring NTP 4 10 Configuring Email Relay 4 11 Configuring Timeouts 4 11 Configuring Modem SCSxx20 Only 4 12 Configuring CHAP Secrets 4 15 Configuring PAP Secrets 4 16 Configuring User Authentication 4 16 Configuring NIS 4 17 Configuring LDAP 4 18 Configuring RADIUS 4 1 Configuring Global Port Permissions 4 1 Done User Authentication 4 2 Configuring NFS Mount 4 2 Configuring Firewall Packet Filtering 4 4 Configuring Device Ports 4 5 Device Port Configuration Options 4 6 Device Port Menu 4 6 Device Port Names 4 6 Device Port Parameters 4 7 Device Logging Parameters 4 10 Done Device Ports 4 14 Updating S
100. le or Disable default If enabled the email flag triggers an email message to be sent to the defined recipients when the alert condition has been met Press Enter The alarm byte counter prompt displays 4 12 SCSxx05 SCSxx20 User Guide 4 Configuration 3 Enter the number digits of bytes of data the port will receive after which the SCS will capture log data and send email regarding this port In most cases the terminal console port of your device does not send any data unless there is an alarm condition After the SCS receives a small number of bytes it can perceive that your device needs some attention The SCS contacts your technician via email when that point has been passed and the email includes the logged data A threshold preset at 30 characters means that as soon as the SCS receives 30 bytes of data it captures log data and sends an email regarding this port This number represents how many bytes have to come into the port before an Email is generated Set EMail Alarm Byte Counter Device Port 1 4 5 7 Input value for Set Email Alarm Byte Counter Device Port 1 4 5 7 Press Enter The email timer prompt displays Enter the amount of time in seconds for the email to capture data after the initial byte counter trigger is met The default is 40 seconds Email timer is a time limit of how long in seconds the device port will capture data before closing the log file with a fixed internal buffer maximu
101. locked ports DENY REJECT 4 Press Enter The ping response prompt displays Select Yes to enable the SCS to be invisible to ping or traceroute inquiries or No default to disable this feature Enable INVISIBLE TO PING Do you want the SCS4805 to be invisible to ping and traceroute You will still be able to ping and traceroute outbound from the SCSA805 Yes is recommended for maximum security 6 Press Enter The TCP public services prompt displays 4 4 SCSxx05 SCSxx20 User Guide 4 Configuration 7 Toenter the list of TCP Public Services that the SCS should support edit the text entry list from the choices indicated in the Answer field ftp data ftp SSH telnet www and https Firewall conf What is the value for TCP PUBLIC SERVICES This is the list of ports we allow TCP connections to Answer ssh telnet https For example you may choose to remove telnet from this list of services for security reasons leaving only ssh and https What is the value for TCP PUBLIC SERVICES This is the list of ports we allow TCP connections to Answer ssh https Press the Esc key to end the edit
102. log out of a port connection by typing logout on the command line Break Sequence The user can send a break signal to the external device using a programmed break sequence The preset value for this option is Esc B performed quickly but not simultaneously Escape Sequence The user can disconnect from a port by using a programmed escape sequence The preset value for this option is Esc A performed quickly but not simultaneously 8 12 SCSxx05 SCSxx20 User Guide 8 Commands Advanced Sysadmin Commands You can access the following features from the command line interface or administer them using a Linux command line prompt through your network Using ssh Keys and keygen Procedures The following info is taken with great liberties from an open source article discussing ssh and keygen It is online at http igloo its unimelb edu au Webmail security msg000 10 html ssh agent Type My Passphrase Once Ssh agent makes this all so easy Basically it loads my private key into memory once per session prompting me for a passphrase to decrypt the key at the time of load At that point can use this key as if it had no passphrase until end that session or remove the key from memory Since it s never written to disk in its decrypted form this is pretty darn safe Let s see this at work max miraclehut ssh agent bin bash max miraclehut max ssh add Need passphrase for home max ssh identity max miraclehut Enter p
103. m capacity of 1500 bytes and sending it as an email message The SCS sends the data as the body text in the email message to your predefined recipients Press Enter The email ignore timer prompt displays Enter the number of seconds digits for the desired ignore time The default is 600 seconds 10 minutes This is a period of time after the email message has been sent for which the device port will ignore additional characters received The data will simply be ignored and not trigger additional alarms until this time elapses Note The email buffer does not collect any additional characters in its buffer during this ignore time However if syslog is also active the logger still buffers any data to syslog Press Enter The email subject text prompt displays Delete the default text and enter a subject text appropriate for your site The email subject line is pre defined for each port with its port number You can use the email subject to inform the desired recipients of the problem on a certain server or location e g server location or other classification of your equipment This is helpful if the email message goes to the sysadmin s or service technician s mobile or wireless device e g text messaging via email The message body will contain the ASCII data from the device port for as long as the sysadmin has indicated the SCS should capture the data Oo
104. mined by the data bits stop bits and parity parameters The default settings are 8 data bits 1 stop bit and no parity Check your equipment documentation for the proper settings 1 Use the arrow keys to select the data bits for the port s from the list displayed Press Enter The stop bits prompt displays Select the stop bits 1 or 2 for the port s Press Enter The parity prompt displays pr ge xe g9 Select the parity for the port s Device xx Parity NONE ODD j EVEN 6 Press Enter The flow control prompt displays Flow Control The device port flow control setting determines the method of flow control The two most common settings are XON XOFF software and RTS CTS hardware The default setting for the device ports is XON XOFF Check the equipment documentation for the correct flow control setting 1 Select the flow control for the port s Device xx Flow Control XON XOFF RTS CTS 2 Press Enter The port type prompt displays Port Type Each SCSxx05 device port is factory configured as a DTE device ad each SCSxx20 device port is factory configured as a DCE device Note Make sure to select DTE if you enabled an operator port or group of ports 1 Select the Port Type OFF DTE or DCE for this group of ports OFF disables the port 2 Press Enter The inhibit buffering prompt displays Inhibit Buffering By default buffering is enabled Inhibit Buffering is No Inhibiting bufferin
105. n config Use Escape to end edit TTY Callback telephone numbers and callback login pseudo usernames The telephone number the modem should callback to should be inserted following the S on the line beginning with modem cb In the telephone number use only digits and any of the following login by this user causes a text login callback fmodem cb usr sbin callack S callback number here 7 Press Esc to end the editing mode The PPP logins prompt displays 4 13 SCSxx05 SCSxx20 User Guide 4 Configuration 8 Select Yes to enable a direct PPP login or No to disable a direct PPP login Enable PPP Logins Do you want to enable PPP logins l This will allow a direct PPP login without having to log into a user shell 9 Press Enter If you selected Yes the PPP parameters options prompt displays If you selected No the Configure User Authentication menu displays Continue with Configuring User Authentication on page 4 16 10 Enter the local and remote IP addresses you want to use with the PPP link in the format Local IP Addr Remote IP ADDR for example 192 168 0 1 172 20 101 3 Both entries are optional PPP Options Input value for PPP IP Addresses Input the IP Address s you want to use with the PPP link The format is Local IP Addr Remote IP Addr Both addresses should be in dot quad notation with no Spaces before or after the Both IP add
106. nly connect the terminal port to equipment with serial ports that support EIA 232 formerly RS 232C Precauciones de seguridad Al instalar y utilizar el servidor seguro de consola SCSxx05 SCSxx20 observe las precauciones de seguridad que se describen a continuaci n Tapa la tapa del chasis En el interior no hay ninguna pieza que el usuario deba manipular Abrir o retirar la tapa puede exponer al usuario a tensiones peligrosas que pueden causar fuego o electrocuci n Si la bater a se sustituye por una de tipo incorrecto puede producirse una explosi n Conf e todas las actividades de mantenimiento o reparaci n a Lantronix Personal de mantenimiento Desh gase de las bater as usadas de acuerdo con las instrucciones Si la bater a se sustituye por una de tipo incorrecto puede producirse una explosi n Enchufe de alimentaci n desconectar el cable de alimentaci n de la toma tire del enchufe no del propio cable Conecte siempre el cable de alimentaci n a una toma el ctrica correctamente cableada y conectada a tierra No use adaptadores de enchufes ni elimine la patilla de toma de tierra del cable Use s lo un cable de alimentaci n adecuado para unos valores de tensi n e intensidad superiores a la tensi n y la intensidad indicados en la unidad Instale la unidad cerca de un toma de de f cil acceso Conecte siempre cualquier equipo que se use con el producto a tomas
107. nnections into the SCS even during its initial configuration You may choose to disable Telnet access for security reasons especially if you intend to use SSH 5 Select Yes default to enable or No to disable Telnet logins and press Enter The enable SNMP Agent prompt displays 6 Select Yes to enable or No default to disable SNMP agent Enable SNMP Agent Do you want to enable the Simple Network Management i Protocol Agent This will allow reading status and statistics via SNMP This is a read onlyl SNMP agent 7 Press Enter The setup menu returns with Web Configuration selected 4 9 SCSxx05 SCSxx20 User Guide 4 Configuration Enabling Disabling Web Configuration The SCS offers a Web based configuration interface which you can only access through your browser using SSL Secure Sockets Layer https The Web interface has most of the same options as the console based setup routine and may be useful for updating configuration options after you complete the initial setup This option enables or disables the ability to update the SCS configuration using the Web interface 1 With Web Configuration selected press Enter The enable Web configuration prompt displays By default the Web interface is disabled Many system administrators consider a Web based interface a security risk and choose to disable the Web interface Enable Web Configuration Do you want to enable the LCI Web Configuration utili
108. nput value for LDAP Base The distinguished name of the LDAP search base example dc company dc com 6 Press Enter The User Authentication menu returns Continue with Configure Global Port Permissions or Done User Authentication 4 18 Configuring RADIUS If you are using the RADIUS option for authenticating users you must Enable RADIUS default is disabled Enter IP address of a RADIUS server Enter the shared secret text string that serves as a password between RADIUS client and the SCS Enter the timeout server connection timeout 1 With Configure RADIUS selected press Enter The RADIUS prompt displays Select Yes to enable RADIUS to authenticate users and press Enter Enter lines containing the IP Address of a RADIUS server the shared secret and the timeout in seconds optional You may specify an optional port with the IP Address in the form IP Address Port if you do not specify an optional port the SCS uses the default RADIUS ports 1812 and 1813 4 The format for each line is server IP address port secret timeout RADIUS Servers Edit RADIUS Servers Use Escape to end edit Please install lines containing the IP Address in dot quad notation of a RADIUS server the shared secret and optionally the timeout in seconds Each line shall be of the form 4 192 168 0 10 45 secret 1 j radiusserver domain com other secret 3
109. nt dot d un port s rie prenant en charge le standard EIA 232 anciennement d nomm 5 232 Sicherheitshinweise Beachten Sie bei der Installation und beim Betrieb des Secure Console Server SCSxx05 SCSxx20 die nachstehenden Sicherheitshinweise Abdeckung Nehmen Sie nicht die Abdeckung des Gehauses ab Im befinden sich keine vom Benutzer wartbaren Teile Durch Offnen oder Entfernen der Abdeckung k nnen Sie gefahrlichen Spannungen ausgesetzt werden die einen Brand verursachen oder einen elektrischen Schlag bewirken konnten berlassen Sie alle Wartungsarbeiten Lantronix Wartungspersonal Entsorgen Sie alte Batterien den Anweisungen Wird die Batterie durch eine falsche Batterie ersetzt besteht Explosionsgefahr Netzstecker Ziehen Sie um das vom Netz zu trennen am Stecker und nicht am Kabel Stecken Sie das Anschlusskabel immer in eine korrekt verdrahtete und geerdete Steckdose ein Verwenden Sie keine Adapterstecker und entfernen Sie nicht den Schutzkontakt vom Stecker 9 Verwenden Sie nur ein Anschlusskabel das f r eine h here Spannung und einen h heren Strom ausgelegt ist als auf dem angegeben Stellen Sie das in der Nahe einer frei zug nglichen Steckdose auf Schliefen Sie Ger te die in Verbindung mit dem Produkt eingesetzt werden nur an korrekt verdrahteten und geerdeten Steckdosen an Sch tzen Sie das Produkt mit einer bers
110. oftware 4 14 Using Done 4 16 Saving 4 17 Rebooting 4 17 5 Web Interface 5 1 Accessing the Web Interface 5 1 Web Configuration Utility Main Page 5 2 Configurable Parameters 5 2 Web Access Delay 5 3 saving Web Interface Entries 5 4 Exiting 5 4 6 Modem Setup 6 1 Installing a Modem Card 6 1 Initializing the Modem 6 1 XVI 7 System Administrator and User Functions System Administrator Functions Security and Passwords Changing the Sysadmin Password Changing the Root Password If You Misplace the Sysadmin Password User Access and Functions Network Port Access Terminal Port Access Modem Module 7 1 7 1 7 1 7 2 7 3 7 3 7 4 7 4 Selecting a Device Port Direct Mode Logging Out 8 Commands summary of Commands oystem Commands SAVE reboot poweroff help alias setup passwd break changes config save config restore install modem man modem hangup info reset modem sftp ssh ssh keygen syslog timeout unsaved version Device Commands devices editdev listdev connections cat clear xvii 7 5 1 6 8 1 8 1 8 2 8 2 8 2 8 3 8 3 8 3 8 4 8 4 8 4 8 4 8 4 8 4 8 4 8 4 8 5 8 5 8 5 8 5 8 5 8 5 8 6 8 6 8 7 8 7 8 7 8 7 8 8 8 8 8 8 less 8 8 logout 8 8 User Management Commands 8 9 listusers 8 9 adduser 8 9 edituser 8 10 deluser 8 11 editbrk 8 11 editesc 8 11 passwd 8 11 User Commands 8 12 select 8 12 direct 8 12 telnetconfig 8
111. ollowing position commands h Moves cursor to left left arrow j Moves cursor to next line down arrow k Moves cursor to previous line up arrow Moves cursor to right right arrow Edit the text within the open file using the following commands Inserts text before the cursor position existing text to the right of the cursor shifts to the right and is not overwritten Creates a new line below the current line and inserts the text All existing text shifts down and follows the text you are about to insert u Reverts to the previous text undo X Deletes the letter at the current cursor position dd Deletes the current line Once you have completed all editing you must close or save the file in line mode Closing a File Opened in vi After you are done editing enter line mode by typing the colon Use one of the following commands to work with your file as desired e filename Opens the file named filename w filename Writes saves this file with the name filename Note This will overwrite an existing file with that exact name without warning q Quits Quits and disregards changes Writes the file saves it with its existing filename wq Writes the file and closes the file Saves and quits lt ESC gt Goes to command mode Save and Quit wq enter Quit do not Save q lt enter gt A 4 B Hexadecimal Conversion Chart Equivalent characters in it
112. on Formats 1 5 Access Control 1 6 Device Port Buffer 1 7 Technical Specifications 11 8 Product Information Label 1 9 System Resource Information 1 10 SCSxx05 and SCSxx20 The Lantronix SCSxx05 and SCSxx20 are console servers offering authentication and secure encryption These SCS models offer a compact solution for remote and local management of up to 48 devices e g servers routers and switches with RS 232C now EIA 232 compatible serial consoles in a 1U tall rack space You can access the attached devices with keyboard commands from a local terminal through a network or through a dial up connection 1 1 SCSxx05 SCSxx20 User Guide 1 Introduction Figure 1 1 SCS4805 48 Device Ports 1 Network Port 1 Terminal Port AC Powered Two Line Front Panel 1U self contained LCD Display Pulhbultons rack mountable chassis IW REL ud n ee PIT 10 100 NETWOR Terminal Port RS232 DEVICE Universal AC Port RS 232 Ports 1 48 Power Input This User Guide covers the following products Model SCS820 AC or DC Powered 8 Port Secure Console Server Model 5 51620 DC Powered 16 Port Secure Console Server Model 5 53205 AC Powered 32 Port Secure Console Server Model SCS4805 AC Powered 48 Port Secure Console Server The 5 54805 is depicted above the other models are similar The products differ only in the number of device ports provided and in AC or DC power and
113. or a period of time 30 sec and then dials the user back at a pre assigned phone number Callback may be tty or PPP Selecting a Device Port The system administrator assigns permission to connect to specific device ports in your user profile If you try to connect but you do not have access the message NO ACCESS TO DEVICE CHANNEL displays 1 Toselect a server connected to a device port type select followed by a device port ID For example to connect to a server named Alpha on device port 2 you may either type select Alpha or select 2 2 Press Enter Monitoring the Buffered Data for a Port When you select a server the prompt changes to the server name in the general form USER NAME SERVER gt For example if user GEORGE selects 7 4 SCSxx05 SCSxx20 User Guide T System Administrator and User Functions Alpha the prompt would read GEORGE Alpha gt When this prompt displays you are in monitor mode There is no direct communication between you and the Server Note You may select a server already selected by another user The system saves any output from the server to a buffer that you may access using cat or less but you may not issue commands to the server If you want to issue commands to the server you must enter direct mode Deselecting a Server You may exit from the current device port by using the exit command or selecting another device port Direct Mode If you want to interact directly
114. ot the cord Always connect the power cord to a properly wired and grounded power source Do not use adapter plugs or remove the grounding prong from the cord Only use a power cord with a voltage and current rating greater than the voltage and current rating marked on the unit Install the unit near an AC outlet that is easily accessible Always connect any equipment used with the product to properly wired and grounded power sources To help protect the product from sudden transient increases and decreases in electrical power use a surge suppressor line conditioner or uninterruptible power supply UPS not connect or disconnect this product during an electrical storm Grounding Maintain reliable grounding of this product Pay particular attention to supply connections when connecting to power strips rather than directly to the branch circuit Fuses For protection against fire replace the power input module fuse with the same type and rating Rack notinstall the unit in a rack in such a way that a hazardous stability condition results because of uneven loading A drop or fall could cause injury Before operating SCS make sure the SCS is secured to the rack Port Connections Only connect the network port to an Ethernet network that supports 10Base T 100Base TX Only connect device ports to equipment with serial ports that support EIA 232 formerly 5 232 O
115. pannungsschutzvorrichtung einem Netzentstorgerat oder einer unterbrechungsfreien Stromversorgung USV vor vor bergehenden Spannungsanstiegen und abfallen vi W hrend eines Gewitters d rfen Sie das nicht anschlie en oder vom Netz trennen Erdung Schlie en Sie das Ger t an einem zuverl ssigen Erdungspunkt an Achten Sie besonders auf die einwandfreie Verbindung wenn der Anschluss ber eine Steckdosenleiste und nicht direkt am Endstromkreis erfolgt Sicherungen Ersetzen Sie die Netzteilsicherung nur durch eine Sicherung desselben Typs und derselben Nennstromstarke um die Gefahr eines Brandes zu vermeiden Rack Achten Sie beim Einbau des Ger ts ein Rack darauf dass dieses gleichm ig belastet wird damit die Stabilit t gew hrleistet ist Das herunterfallende kann beschadigt werden oder Verletzungen verursachen berpr fen Sie das SCS vor Inbetriebnahme auf festen Sitz im Rack Portanschl sse Schlief5en Sie den Netzwerkport nur an eine Ethernet Netzwerk von dem 10Base T 100Base TX unterst tzt wird Schlie en Sie die Gerateports nur an Ger te mit seriellen Ports an die EIA 232 fr her RS 232C unterst tzen Schlief5en Sie den Konsolenport nur an Ger te mit seriellen Ports an die EIA 232 fr her RS 232C unterst tzen Mepbi ycraHoBke
116. pe sequence displays Note Pressing Esc to exit from the edit prompt does not work it adds more Esc characters to the direct mode escape sequence Use x to prefix any hexadecimal characters entered in the escape sequence The default sequence is x1BA where 1B is the Hex value for Esc and A is the letter A keep the existing sequence press Enter 7 5 SCSxx05 SCSxx20 User Guide T System Administrator and User Functions Tochange the sequence enter the new sequence and press Enter If for some reason the sequence is unacceptable an error message displays and the sequence reverts to the existing character values A list of hexadecimal character settings is provided at the end of this User Guide Logging Out Always log out when you are finished with your session activity To log out from a user session 1 Type logout 2 Press Enter If you are logging out from a network the SCS disconnects the Telnet or SSH session If you are logging out from a direct serial session the SCS returns to the login prompt The system administrator may configure the SCS to automatically log you out if the terminal connection has been idle for a period of time This is a security precaution Depending on your terminal s settings you may have an inactive window open if the SCS has disconnected 1 6 8 Commands This chapter includes the following topics Topic summary of Commands 8 1 System Comm
117. port permissions The ports can be specified using a range and or list Example 1 3 What is the value for ALLOW DIRECT Press TAB or ENTER to end editing X PPP oO Press Enter The listen mode permissions prompt displays If desired enter a range and or list of listen mode permissions Press Enter The clear mode permissions prompt displays If desired enter a range and or list of listen mode permissions e EP SOR a Press Enter The User Authentication Menu returns with Done User Authentication selected Done User Authentication This option returns you to the main setup menu With Done User Authentication selected press Enter The setup menu returns with Configure NFS Mount selected Configuring NFS Mount Here you can configure the NFS server that the SCS can use for port logging to a file If you mount a network shared disk onto the SCS device port logging can be to a file residing on a remote networked disk This configuration avoids possible limitations in the amount of disk space available for the file Note You must not use packet filtering firewall if you are using NFS because it would filter out the NFS packets You have the following options Enable disable mounting an NFS share default is disabled Identify NFS server 4 2 SCSxx05 SCSxx20 User Guide 4 Configuration 1 With
118. ratus complies with Canadian ICES 003 CSA and has been verified as being compliant within the Class A limits of the FCC Radio Frequency Device Rules FCC Title 47 Part 15 Subpart B CLASS A measured to CISPR 22 1993 limits and methods of measurement of Radio Disturbance Characteristics of Information Technology Equipment The product complies with the requirements of the Low Voltage Directive 72 23 EEC and the EMC Directive 89 336 EEC This product carries the CE mark since it has been tested and found compliant with the following standards Safety EN 60950 Emissions EN 55022 Class A Immunity EN 55024 NEBS Level compliant applies to SCS1620B SCS820B Manufacturer s Contact Director of Quality Assurance Lantronix Inc 15353 Barranca Parkway Irvine CA 92618 USA Phone 949 453 3990 Fax 949 453 3995 D 3 SCSxx05 SCSxx20 User Guide D Compliance and Warranty Information Warranty Lantronix warrants each Lantronix product to be free from defects in material and workmanship for a period of ONE YEAR after the date of shipment During this period if a customer is unable to resolve a product problem with Lantronix Technical Support a Return Material Authorization RMA will be issued Following receipt of an RMA number the customer shall return the product to Lantronix freight prepaid Upon verification of warranty Lantronix will at its option repair or replace the product and return it to the customer fre
119. resses are optional Make the line blank if you do not want to specify any address Input value for PPP IP Addresses PPP OoOo 11 Press Enter The enable CHAP prompt displays f you select Yes the setup menu returns with Configure CHAP Secrets selected Ifyou select No the setup menu returns with Configure PAP Secrets selected 4 14 SCSxx05 SCSxx20 User Guide 4 Configuration Configuring CHAP Secrets The SCSxx20 supports either CHAP or PAP but not both PAP is the default authentication method The CHAP parameters include Client Server Secret password used for authentication generated by the system administrator address acceptable local IP address 1 With CHAP Secrets on the setup menu selected press Enter The CHAP secrets prompt displays 2 Usethe arrows to move the cursor to the end of the first line Secrets for authentication using CHAP and press Enter to create a new line 3 Enter the CHAP secrets information as four separate fields separating the entries with a space client server secret and IP address Do not use a sign which indicates a comment Edit chap secrets Use Escape to end edit Each line should contain four fields containing Client server secret IP address The second line usually cont
120. rewall Packet Filtering The SCS incorporates a packet filtering option a firewall The Web configuration interface uses the term Packet Filtering Note You must not use packet filtering firewall if you are using NFS or NIS because it would filter out the NFS or NIS packets You may configure the firewall for your site by setting the following parameters Enable disable Firewall default is disabled Reject method default is Reject returns a connection denied on blocked ports Ping response default is disabled which makes the SCS visible to pings TCP public services default is ssh telnet and https allowed UDP public services default is allowed 1 With Configure the Firewall selected press Enter The firewall prompt displays 2 Select Yes to enable or No default to disable packet filtering and press Enter If you selected Yes the reject method prompt displays If you selected No the setup menu returns with Configure Device Ports selected 3 To choose the reject method for attempts to access your site select Deny or Reject default The screen explains these responses P What is the value for REJECT METHOD Use DENY to ignore connection attempt on blocked ports Use REJECT to return connection denied on b
121. s the above procedures There are no understandings agreements representations or warranties express or implied including warranties of merchantability or fitness for a particular purpose other than those specifically set out above or by any existing contract between the parties Any such contract states the entire obligation of Lantronix The contents of this document shall not become part of or modify any prior or existing agreement commitment or relationship For details on the Lantronix warranty replacement policy go to our web site at http www lantronix com support warranty index html D 4
122. s and No To complete an entry and continue Press Enter Note Pressing Enter selects the default operation in most of the screens To go to the next area of the screen Press Tab To go to the next screen Use the arrows and the Tab key to select Next and press Enter Note With the exception of multiple choice or free form text entries just pressing Enter will take you to the next screen To go back a screen Use the Tab key and the arrows to select lt Back gt and then press Enter To exit free form text editing mode Press the Esc key Done Option The last item in the menu list is Done You must use this option to complete your entries and to exit the setup script Done prepares any entries to be written to flash memory but it does not write them to flash memory For more information about Done refer to the end of this chapter The Configure Device Ports option second to last menu item uses Done differently For the device port configuration when you reach the end of a routine Done prompts you to save the changes and if you select Yes writes your entries to flash memory At this point you can no longer undo your entries during this session Note You can exit setup at any time by selecting Done Configuring Hostname and IP Address While you can set the IP address and other network parameters using the front panel buttons see Quick Start to change all of the IP address parameters you must complete the steps in
123. s not the most senior root level The most senior root level is intentionally removed from the shell however it exists in the system and the system administrator must change its password to protect against unauthorized access or changes Changing the Sysadmin Password The system administrator must change the password for the sysadmin level before connecting the SCS to a network or making it accessible to others The passwd command is discussed in the Commands chapter 7 1 SCSxx05 SCSxx20 User Guide T System Administrator and User Functions Changing the Root Password The system administrator must also change the password for the root level Although users do not require root access the system administrator can access it using SSH Make sure to know the root access password and be certain that it has not been left as the common default value This is especially important if SSH is enabled since SSH can offer the ability for root level access by a remote system depending on sysadmin settings of 112 20 201 69 PuTTY m x login as sysadmin al Sent username sysadmin sysadmin tii72 20 201 69 s password Last login Mon May 6 09 54 13 2002 from dhcp z14 1ci net sysadmin gt sysadmin bash sysadminBbfS8z var tmp sysadminlthfS8z var tmp su root Password ronotlibf8z var tmpi ronotlbfsz war tmp passwd UNIZ password Retype new UNIS password passwd all authentication tokens updated su
124. system administrator to configure the SCS much like the setup script does via a network or terminal connection Figure 5 2 The SCS Web Configuration Utility Main Page 3 M di Wess fs dp 922 foe 3 52 5C51620 5C51620 support int lantronix com LANTSONI X Configuration Utility This section of the User Guide does not show each window which are self explanatory Apply Cancel and Save buttons are at the bottom of each parameter window See Saving Web Interface Entries on page 5 4 Configurable Parameters To use the Web interface select any of the tabs near the top of the page Each tab allows you to configure a particular parameter or set of parameters When you select User Authentication several sub tabs display below the first line of tabs Figure 5 3 User Authentication Selection 5C51620 5C51620 support int lantronix com Configuration Utility LANTRONIX The same is true for the Device Ports tab Figure 5 4 Device Ports Selection 5C51620 5C51620 support int lantronix com Wied Configuration Utility The Configuration chapter explains the parameters in detail The table below provides links to these explanations 5 2 SCSxx05 SCSxx20 User Guide 5 Web Interface Table 5 1 Links to Setup Menu Parameters Parameter Link Con
125. t Enter passphrase Identity added home max ssh identity max miraclehut max miraclehut max for target host in host1 host2 host3 host4 host5 host 678 host9 do gt ssh root target_host tripwire initialize gt ssh root target_host echo This host protected by Tripwire gt gt etc motd gt done This process allows me to type in my passphrase once and then run two commands on nine hosts without having to type any more passphrases can walk away now content that don t have to manually start Tripwire on each of the nine hosts can use more for loops now since don t have to re enter my passphrase again until exit out of the bash shell This saves tons of time without the insecurity of rsh or rlogin s rhost authentication Mounting File Systems During Boot You can configure the SCS to mount a file system at boot time Configure this feature from the bash shell as the root user To access the bash shell as root user 1 Login sysadmin The command line prompt displays 2 Type bash to start a shell process notice sysadmin level 3 su switch user to root level enter the existing root password default root After the system accepts the password notice that the root level sysadmin e g root SCS 1620 var tmp 8 14 SCSxx05 SCSxx20 User Guide 8 Commands To mount a file system at boot time the etc fstab file must have an entry that is associated with the d
126. t Email Notification The system administrator can configure the device log to automatically send an email alert message to the appropriate parties indicating a particular error The email is triggered when a user defined number of characters in the log from your server or device is exceeded 1 7 SCSxx05 SCSxx20 User Guide 1 Introduction Technical Specifications Table 1 1 SCSxx05 Technical Specifications CPU Memory Serial Interface Device Serial Interface Terminal Network Interface Power Supply Dimensions Weight Temperature Relative Humidity Heat Flow Rate AMD 5 520 133 MHz 128 MB FLASH Card Memory non volatile 128MB RAM 256K FIFO Buffer RAM per Device Port RJ45 type 8 conductor connector DTE default configurable Speed software selectable 2400 to 115 200 baud Software selectable EIA 232 formerly RS 232C RJ45 type 8 pin connector DTE default Speed software selectable 2400 to 115 200 baud Software selectable EIA 232 formerly RS 232C 10Base T 100Base TX RJ45 Ethernet Universal AC Power input 100 240VAC 50 60 Hz IEC type regional cord set included 5 53205 10 1 75 in x 17 25 in x 12 25 in 4 45 cm x 43 8 cm x 31 1 5 54805 10 1 75 in x 17 25 in x 14 75 in 4 45 cm x 43 8 cm x 37 5 cm SCS3205 4 5 kg 10 Ibs SCS4805 5 0 kg 11 Ibs Operating 0 to 50 C 32 to 122 F 30 to 90 RH non condensing Storage 20 to 70 C 4 to 158 F 10 to 90 RH non
127. tallation Connecting a Terminal The terminal port is for local access to the SCS and the attached devices You may attach a dumb terminal or computer with terminal emulation to the terminal port The SCS terminal port uses RS 232C protocol and supports 100 emulation Figure 2 4 SCS3205 Rear Panel Connections and Labels with Rack Mount Brackets 22 23 24 25 26 27 28 29 30 31 32 NETWORK Vy a 9 The default communication parameters for the terminal port are 9600 baud 8data bits 1 stop bit No parity XON XOFF flow control DCE port type Adapters from Lantronix may be used to connect the terminal port to the serial port on your terminal or other DTE device See http www lantronix com To connect a terminal 1 Attach the Lantronix adapter to your terminal use PN 200 2066A adapter for the SCSxx05 or PN 200 0066 for the SCSxx20 in most cases or your PC s serial port use PN 200 2070A adapter for the SCSxx05 or PN 200 0070 adapter for the SCSxx20 Connect the Cat 5 cable to the adapter and connect the other end to the SCS terminal port Turn on the terminal or start your computer s communication program e g HyperTerminal for Windows Once the SCS is running press Enter to establish connection You should see an SCSx
128. th the system 8 8 SCSxx05 SCSxx20 User Guide 8 Commands User Management Commands The system administrator uses the following commands to add and delete users and to add and change settings for system users The sysadmin is also a user although one who cannot be deleted listusers Use listusers to get a list of all assigned users in the SCS sysadmin gt listusers test sysadmin userl kevin ross bill i anthony tom harry george adduser Use adduser user name gt to add a new user profile including the user s sysadmin gt sysadmin adduser usage lci bin adduser name sysadmin adduser newuser Changing password for user newuser New UNIX password Retype new UNIX password passwd all authentication tokens updated successfully Enter accepts present value Server number of 0 zero will remove all access to servers ESCAPE SEQ 1 gt BREAK SEQ 1 gt ALLOW CLEAR 1 9 gt 1 8 ALLOW DIRECT 1 9 1 3 5 7 ALLOW LISTEN 1 9 gt 1 3 5 7 9 i Are you sure y i sysadmin 1 Type adduser and press Enter 2 Type the desired user name case sensitive and press Enter A prompt asks for a password for the new user Note Passwords should be at least six characters long If a password is less than 6 characters long the system warns you that it is bad password too short However if you ignore the message and re enter the password to confirm it the syst
129. the first option of the setup menu Configure Hostname and IP Address Use this option to specify the following parameters DHCP A DHCP server automatically assigns the IP address and network settings Hostname including domain name IP address of the SCS Network mask of the IP address Gateway IP address of the router of this network 9 1 Select Configure Hostname and IP Address and press Enter The DHCP prompt displays 4 4 SCSxx05 SCSxx20 User Guide 4 Configuration 2 Select Yes to use DHCP to obtain the IP address netmask and gateway or No to enter your own values DHCP What is the value for BOOTPROTO Enable DHCP Please select dhcp or If you choose none you MUST provide values for IPADDR i NETMASK and GATEWAY Dhep C E 4 Enter a value for the hostname The default hostname is the SCS model name e g 5 54805 There is a 64 character limit contiguous characters Hostname and IP Address What is the value of HOSTNAME Name of this Host including domain e g host company com i We need the canonical name here to obtain the DNS domain IMPORTANT The DNS domain name is determined from this answer Answer SCS4805 Be sure to include the domain name
130. this host Please any entries that are not valid The localhost entry is required for proper operation 127 0 0 1 localhost localdomain localhost 172 19 21 245 SCS1620 support int Lantronix com SCS1620 5 Press the lt Esc gt key to end the editing and then press Enter The setup menu returns with Configure Services selected 4 8 SCSxx05 SCSxx20 User Guide 4 Configuration Configuring Services With this menu option you enable or disable the following Syslog system logging default is enabled System logins using SSH default is disabled System logins using Telnet default is enabled Simple Network Management Protocol SNMP Agent default is disabled 1 With Configure Services selected press Enter The syslog prompt displays 2 Select Yes to enable or No default to disable syslog and press Enter The SSH logins prompt displays 3 Select Yes to enable or No default to disable SSH logins Most system administrators enable SSH logins which are the preferred method of accessing the system Note If you enable SSH logins the initial reboot process may take several minutes while the SCS regenerates SSH keys Enable ssh Logins Do you want to enable system logins via ssh This is the recommended method of login because of its security 4 Press Enter The Telnet logins prompt displays For Telnet logins the default setting is Yes to allow simple Telnet co
131. ting http www gnu org copyleft gpl html You can also obtain it by writing to the Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Contacts Lantronix Corporate Headquarters 15353 Barranca Parkway Irvine CA 92618 USA Phone 949 453 3990 Fax 949 453 3995 Technical Support Phone 800 422 7044 or 949 453 7198 Fax 949 450 7226 Fax 949 450 7226 Online www lantronix com support Email support lantronix com Sales Offices For a current list of our domestic and international sales offices go to the Lantronix web site at http www lantronix com about contact index html Disclaimer amp Revisions Operation of this equipment in a residential area is likely to cause interference in which case the user at his or her own expense will be required to take whatever measures may be required to correct the interference Note This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with this User Guide may clause interference to radio communications Operation of this equipment in a residential area is likely to cause interference in which case the user w
132. tion The authentication within the Linux login program is done using the Pluggable Authentication Module PAM This authentication module supports a wide variety of authentication types for example local password files NIS NIS LDAP and Kerberos The SCS supports the use of local password files NIS and LDAP On some console server systems you can allow a Telnet connection directly to a serial port to bypass the authentication mechanism on the console server This allows a client to connect directly to a serial port from anywhere on your network segment Of course this can introduce security concerns As a minimum the device that is connected to the other end of the serial port should use some type of authentication method Some sites may have their console servers on a dedicated internal network that only a system administrator or a console management software application can access This additional step of authentication becomes either a nuisance or causes problems with the console management software application In this case you can indicate on a port by port basis that authentication not be done by the console server When you designate a serial port to have the console server authentication scheme bypassed the appropriate sections of the login program are bypassed Although the system never prompts the user for a username or password the user automatically defaults to nobody on the console server To disable the authenti
133. to buffers Don t automatically allocate buffers for pipes ce C clear screen CLEAR SCREEN Repaint by scrolling clearing HELP Press RETURN for more q when done vi Editor Commands The vi editor is a powerful command editor used to modify Unix commands Note It is possible to damage a file which might render the system inoperative by improper use of a file or command editor on system files This section is only meant as a review for those familiar with vi Using vi To edit a file using the vi editor on a file with a name file name gt from the command line type Use the following commands to edit and then close the file vi Modes vi is a three mode line editor it has a command mode a line mode and an editing mode It is very useful for editing a file for navigating within an open file and for opening or saving a file Command mode For moving around within an open file Editing mode For text editing in the file Line mode For file opening saving closing exiting To enter vi in the line mode from the command mode type colon A 3 SCSxx05 SCSxx20 User Guide A Unix Command Help If you are not sure which mode you are in at any time press Esc which returns you to the command mode A summary of the modes and some vi commands follows Using vi in Command Mode The following keyboard commands apply to vi in command mode Move the cursor within the open file using the f
134. tries e g 1 4 6 12 16 Save and exit this file 3 Once you have tested your changes save them to flash root km3210 lci exit exit sysadmin km3210 var tmp exit exit sysadmin gt SAVE Shutting down Timeout daemon OK Shutting down NIS services Saving random seed OK Initializing random number generator OK mounting filesystem read write delete etc old copy files from ram disk to etc new copy complete moving etc to etc old move complete etc updated mounting filesystem read only ram disk mounted as etc Starting Timeout daemon Binding to the NIS domain Listening for an NIS domain server quasar lci net i system SAVE complete sysadmin 9 10 A Unix Command Help The system administrator uses some UNIX Linux commands in administering the SCS Some of the system commands automatically invoke the less command e g if you run the devices command less displays the information You may use the vi editor when you run setup less command Use the less command when the data output to the terminal is longer than one screen can display The output pauses and a colon displays at the bottom of the screen To continue the display press Enter to step one more line or the spacebar to fill one more page At the end of the lengthy output an END displays To end the less program press q to return to the
135. ts One community name can be configured with read write access SSH Secure Shell A secure transport protocol based on public key cryptography Telnet A terminal protocol that provides an easy to use method of creating terminal connections to a network host System Components All system components are enclosed in a rack mountable metal chassis The chassis has 8 16 32 or 48 device ports one terminal port and one network port An optional modem module is available for the SCSxx20 that you can add at any time The front panel features an LCD display and pushbuttons for access to some system information Connection Formats All physical connections to the product are made to the rear panel using industry standard cabling and connectors All serial connections and network connections use conventional Category 5 Cat5 cabling RJ45 jacks Required cables and adapters for certain servers switches and other products are available from Lantronix see http www lantronix com Serial Devices 1 5 SCSxx05 SCSxx20 User Guide 1 Introduction All devices attached to both the device ports and the terminal port must support the RS 232C EIA 232 standard Category 5 cabling with RJ45 connections is used for the device port connections and for the terminal port Device ports numbered from port 1 to port 48 support seven baud rate options 2400 4800 9600 19200 38400 57600 and 115200 baud Network The SCS network interfa
136. ttom of Web Utility Configuration Page Apply Changes cave System Contig Apply Changes Applies the changes for the current page but does not save them to flash memory Closing the Web window does not save or apply any changes You must apply changes after completing the changes for a single Web page Cancel Clears changes on a Web page that you don t want to apply Save System Config Saves the configuration to flash memory but does not apply or save any entries that have not been applied Can be used at any time but is really only needed after you have applied all of the configuration changes Note For those entries that require a reboot to function e g network parameter changes the system administrator must reboot the system using the command line interface Exiting To exit the Web interface 1 Press the Save System Config button to permanently store your changes in flash memory The system implements most settings after you click the Save System Config button but some changes may require a reboot to take effect 2 Tologout close the browser window 5 4 6 Modem Setup If your SCSxx20 was shipped with a modem installed it is not necessary to perform the modem setup and you can skip this chapter This procedure is for installing a modem in the field This chapter includes the following topics Topic Page Installing a Modem Card 6 1 Initializing the Modem 6 1 Installing a Modem
137. twork port resets to the new settings and you can connect to your IP network for further administration You should be able to Telnet or SSH to the SCS with your network connection 10 Log in using sysadmin as the user name and the default password PASS 11 Continue entering settings using the setup command See Configuration 3 3 SCSxx05 SCSxx20 User Guide 3 Quick Start Method 2 Using Telnet You can use Telnet to connect to the SCS instead of using the terminal port if your workstation is configured to communicate with the default network settings of the SCS The default IP address of the SCS is 10 0 0 1 with a subnet mask of 255 0 0 0 If you temporarily change your workstation to an IP address of 10 X X X with a subnet mask of 255 0 0 0 you can Telnet to the SCS using the following commands 1 To access the SCS on the command line type telnet 10 0 0 1 and press Enter You should be at the login prompt at this point 2 Login using sysadmin as the user name and the default password PASS 3 Continue entering settings using the setup command See Configuration 3 4 4 Configuration The setup command provides a text based interface for administering the SCS It requires VT 100 terminal support using the keyboard no mouse support The setup command prompts the system administrator for appropriate entries to simplify the configuration process The setup command runs automatically to initially configure the SCS
138. ty This will allow using a Web browser to configure the SCS4805 This uses https SSL only 2 Select Yes to enable or No default to disable Web configuration and press Enter The setup menu returns with Configure NTP selected Configuring NTP This option enables or disables the Network Time Protocol NTP function which synchronizes the time clock in the SCS with other NTP devices on your network The default is disabled 1 With Configure NTP selected press Enter The NTP prompt displays Enable NTP Daemon Do you want to enable the Network Time Protocol Daemon This will cause the SCS4805 system clock to be synchronized i with other machines using NTP Enable NTP Daemon Select Yes to enable or No default to disable NTP and press Enter If you selected Yes enter the IP addresses of up to three NTP servers Identify at least two for best results Press Enter in between 4 Press Enter after the third server prompt displays The setup menu returns with Configure Email Relay selected 4 10 SCSxx05 SCSxx20 User Guide 4 Configuration Configuring Email Relay The SCS incorporates a mail transport agent for email delivery Use this option to identify your network s SMTP relay server 1 With Configure Email Relay selected press Enter 2 Leave this value blank unless email delivery is not working in which case enter the IP address of your network s SMTP relay server Input value for SMAR
139. ual pages Hangs up internal modem SCSxx20 only SCSxx05 SCSxx20 User Guide 8 Commands sysadmin User Command Purpose X Xx passwd Sets user password X poweroff Powers off shuts down the SCS x rebot Rebootsthe SCS X resetmodem Resets the internal modem SCSxx20 only X SAVE J Commits saves programming changes x x select 7 Selectsa port x Xx 15 Secures X setp Initially configures the SCS x x sftp Securesftp X Establishes SSH connection x Xx ssh keygen X Generates SSH keys X X UsesTelnet x telnetconfig a unique TCP port or IP address to a evice port X X timeout Setsthe timeout timers X 21 unsaved J Lists files saved since last save X Shows version information Note Command line entries are case sensitive Some system commands display the syntax options when you access them Many OS related functions are described in the online MAN pages accessible from the bash shell System Commands The following commands not necessarily in order are used to set up the system All commands are case sensitive SAVE SAVE saves any new system data to the system s non volatile memory All parameters and settings that the sysadmin changes remain in RAM until then The sysadmin should run SAVE before powering off or rebooting the system SAVE is not required the very first time only that
140. ust configure the SCS to have the portmap service and the netfs script executed when the system boots To do this execute the chkconfig command for both The following commands configure the SCS chkconfig portmap chkconfig add netfs The system is now configured to start the portmap service and make sure the NFS file system is mounted when the system boots Mounting File Systems Dynamically Using autofs autofs is a kernel module that allows the SCS to dynamically mount file systems only when needed An example would be to have all of the user s home directories on an NFS mounted disk When the user logs into the SCS the system immediately mounts the user s directory instead of at boot 8 15 SCSxx05 SCSxx20 User Guide 8 Commands You can only configure this feature from the bash shell as the root user See instructions for changing to the root user in Mounting File Systems During Boot The following files are needed to insure that autofs works properly usr sbin automount letc rc d init d autofs letc auto master auto export usr lib autofs lookup file so mount_ext2 so lookup multi so mount generic so lookup nisplus so mount nfs so lookup program so parse sun so lookup userhome so lookup yp so mount afs so mount autofs so mount changer so All of these files with the exception of the two listed in the etc directory are system files The auto master and auto export files are configuration fil
141. will reside in etc sysconfig network scripts and are named ifcfgeth0 nn where nn corresponds to the aliased device number 0 1 2 16 You may find it easier to create these files on your workstation and then scp them to etc sysconfig network scripts on the console server The first file is named ifcfgeth0 0 the second file is ifcfg eth0 1 and so 9 5 SCSxx05 SCSxx20 User Guide 9 Port Access The content of the first file ifcfg eth0 0 is DEVICE eth0 0 BOOTPROTO none ONBOOT yes IPADDR 192 168 202 11 NETMASK 255 255 255 0 DEVICE eth0 1 BOOTPROTO none ONBOOT yes IPADDR 192 168 202 12 NETMASK 255 255 255 0 o this manner set up the remaining 14 config files Note that there are two lines that must be changed in each file The DEVICE line and the IPADDR line ONBOOT indicates that this device will be set up on each subsequent boot of the console server 6 Once the files are set up in etc sysconfig network scripts as the root user cycle the ethO interface You must do this from the terminal port not a network login The ifup command will take a few seconds to configure a total of up to 16 IP addresses root km3210 etc sysconfig network scripts ifdown ethO root km3210 etc sysconfig network scripts ifup ethO 7 Verify the values that you entered in the config files Only one of the ethO n output values is shown below Note that your Hwaddr will not mat
142. wing parameters Primary DNS nameserver required if you choose to configure DNS servers Secondary DNS nameserver optional Tertiary DNS nameserver optional 1 With Configure DNS selected press Enter The primary name server prompt displays 2 Enter the IP address for the primary nameserver required and press Enter Note If you cannot complete this entry now enter an address of 0 0 0 0 for the primary nameserver The system will accept this entry even though it is not a valid nameserver address You must correct it later Input value for PRI_NAMESERVER IP Address in dot quad notation of the primary nameserver Answer 172 20 201 63 3 Enter the IP Address of your secondary nameserver optional and press Enter 4 Enterthe IP Address for the tertiary nameserver optional and press Enter The system displays the etc hosts file for additional hostnames that you may wish to add You may edit this list Edit hosts Use Escape to end edit etc hosts file for this host Based on previous answers we have installed an appropriate entry for
143. with a server rather than only monitor its output you must enter direct mode To enter direct mode using the direct or dir n command 1 Select a device port 2 Dooneofthe following To enter direct mode for the currently selected device port only enter the direct command select a device port and enter direct mode in one step enter the dir n command where n is the device port number or the name assigned to the port 3 Press Enter Your terminal directly connects to the server and acts as if the terminal was physically connected to the server The SCS displays the last page of the device buffer along with a system information message indicating the device port selected To escape from direct mode use the direct mode escape sequence The direct mode escape sequence is a series of two to five characters that allow you to leave direct mode and return to monitor mode The factory default for the direct mode escape sequence is Esc A escape key then uppercase a you may change the sequence by using the editesc command Edit Escape Sequence We recommend that you only change the escape sequence if it causes problems with your hardware or software Also we recommend that you avoid combinations of the Ctrl key and other keys as these combinations are usually for sending and receiving special characters through the terminal When you change the escape sequence a window with the hexadecimal representation of the old esca
144. xxx and login prompt on your terminal You are connected Refer to the Quick Start chapter for instructions on setting up the network port quickly 2 3 SCSxx05 SCSxx20 User Guide 2 Installation Connecting to a Device Port You can connect any device that has a serial console port to the SCS for consolidated remote administration You can configure the device ports individually The console port must support the RS 232C interface Additionally many servers must either have the serial port enabled as a console or must have the keyboard and mouse detached Consult the server hardware and or software documentation for more information Figure 2 5 Connections on Rear of SCS4805 Mostly Device Ports Using RJ45 Connectors 10 100 Network ns E Serial device ports using conventional Cat5 cabling Terminal port Fermina DEVICES 1 48 shown The default communication parameters for the device ports are 9600 baud 8 data bits 1 stop bit No parity XON XOFF flow control DTE port type 9 9 You configure each device port individually with the following values Baudrates 2400 4800 9600 19200 38400 57600 115200 baud Note We recommend using baud rates of 57600 or less for optimal performance Data bits 6 7 or 8 Stop bits 1 or2 Parity none odd even mark or space Flow control XON XOFF or RTS CTS Port type DTE or DCE a port may also be disabled Buf
145. your network the network subsystem restarts the front panel display indicates restarting after which the network connection becomes active Navigating The front panel has one ENTER button and four arrow buttons up left right and down Press the arrow buttons to navigate from one option to another or to increment or decrement a numerical entry of the selected feature Use the ENTER button to select an option to change or to save your settings Note Some models have a SELECT button instead of an ENTER button The instructions are the same for using the SELECT button Entering the Settings 1 To change the front panel settings press the right arrow on the front panel to enter the display programming mode and to scroll between the available options Options include Network Settings Terminal Settings Release Date Time Date Settings Return to normal display 9 2 Inthis example stop at Network Settings 3 2 SCSxx05 SCSxx20 User Guide 3 Quick Start Figure 3 2 Front Panel Setup Options with Associated Parameters Norma Network 7 Release Dates Time Date Settings IP Setting Settings SubnetMask 0 Calendar 4 Gateway 14 11 DNS3 0 3 When the display shows the feature that you wish to edit press the Enter key on the keypad to enter the editing mode In our example the display shows Editing Network Settings A cursor displays below one
Download Pdf Manuals
Related Search