Home » Lantronix Manuals » Electronics Accessories » Lantronix MPS100 » Manual Viewer

Lantronix MPS100 EPS Reference Manual - Page 47

Controlling Incoming Sessions, IP Security Table

Add to My Manuals
Save this manual to your list of manuals

Page 47 highlights

Server Configuration Security 4.7.1 Controlling Incoming Sessions The Set/Define Server Incoming command allows or denies incoming LAT or Telnet connections. It can also require incoming users to enter the Server login password to log in from the network. The following commands allow LAT and Telnet users to log into the Server without having to enter a password. Figure 4-19: Allowing Unrestricted Incoming Connections Local> SET SERVER INCOMING BOTH Local> SET SERVER INCOMING NOPASSWORD For security-conscious systems, the following commands can be used to only allow authenticated logins. That is, login attempts are subject to password verification. Figure 4-20: Configuring Password for Incoming Connections Local> SET SERVER INCOMING PASSWORD Local> SET SERVER LOGIN PASSWORD "8ball" Connection Methods on page -HIDDEN explains in detail the mechanics of setting up incoming sessions. Note that users logging in from the network are much harder to trace and monitor than those on attached physical ports. Make sure your Server and network environment are reasonably secure if you allow network logins. Also, refer to Enabling Server-Wide Port Characteristics on page 4-1 for details on configuring ports for network logins. Note that you can configure the TCP/IP security table to enable or disable network connections from certain hosts-see IP Security Table on page 4-11 for more information. 4.7.2 IP Security Table The Server provides an IP Security Table as a mechanism for restricting incoming and outgoing TCP/IP sessions (including Telnet, Rlogin, SLIP, and RTEL). The security table allows the manager to enable or disable access to and from the Server based on port number as well as IP address. The IP security table does not apply to print connections via RTEL. Like other configurations, security table entries can be Set or Defined. To add an entry to the table, specify an IP address (or range), which direction(s) to restrict, and a list of affected ports. Figure 4-21: Setting Server Access Local> SET IPSECURITY 192.0.1.255 OUTGOING DISABLED PORT 4-7 In order, the command in Figure 4-21: 1 Affects addresses from 192.0.1.1 through 192.0.1.254 using the 255 "wildcard" network address segment. 2 Prevents ports 4, 5, 6, and 7 from beginning sessions to hosts with these addresses using the Outgoing Disabled keywords. 4-11

Section	Page
Print Server Reference Manual	1
Contents	3
1: Introduction	11
1.1 Product Overview	11
1.2 Protocol Support	11
1.3 Terms	12
1.4 Server Features	12
1.5 How To Use This Manual	14
2: Concepts	15
2.1 Services	15
2.2 Network Protocols	15
2.3 AppleTalk	15
2.3.1 Addressing	16
2.3.2 Zones	16
2.3.3 Name Binding Protocol (NBP)	17
2.4 LAN Manager	17
2.4.1 Networking	17
2.5 LAT	18
2.6 TCP/IP	19
2.6.1 IP Addresses	19
2.6.2 Dynamic Host Control Protocol (DHCP)	20
2.6.3 Simple Network Management Protocol (SNMP)	20
2.6.4 Reverse Telnet (RTEL)	21
2.6.5 LPR Support	21
2.6.6 TCP/IP Utilities and Commands	21
2.7 NetWare	22
2.7.1 Networking	22
2.7.2 Access Lists	23
2.8 PostScript	23
2.9 Security	24
2.9.1 Event Reporting/Logging	24
3: Getting Started	25
3.1 Configuration Methods	25
3.1.1 EZWebCon	25
3.1.2 Using a Web Browser	26
3.1.3 Command Line Interface	26
3.2 Entering and Editing Commands	27
3.3 Restricted Commands	28
3.4 Command Types	28
3.4.1 Set and Define	28
3.4.2 Show, Monitor, and List	29
3.4.3 Clear and Purge	29
3.5 Abbreviating Keywords	29
3.6 Maintenance Issues	29
3.6.1 Changing the Server Name	30
3.6.2 Changing the Server Prompt	30
3.6.3 Rebooting the Server	30
3.6.4 Restoring Factory Defaults	31
3.6.5 Reloading Operational Software	31
3.7 Editing the Boot Parameters	31
3.8 System Passwords	32
3.8.1 Privileged Password	32
3.8.2 Login Password	33
3.8.3 Maintenance Password	33
3.9 Configuration Files	33
3.9.1 Using EZWebCon	34
3.9.2 Without EZWebCon	34
3.9.2.1 Creating the File	34
3.9.2.2 Configuring the Host	35
3.9.2.3 Configuring the Server	35
3.9.2.4 Download Sequence	36
4: Server Configuration	37
4.1 General Server Parameters	37
4.1.1 Enabling Incoming Connections	37
4.1.2 Enabling Server-Wide Port Characteristics	37
4.1.2.1 Preconfiguring Virtual Ports	38
4.1.3 Enabling Announcements	38
4.2 AppleTalk Server Parameters	38
4.3 LAT Server Parameters	39
4.3.1 Server Identification	39
4.3.2 Network Timers	39
4.3.3 Node Limit	39
4.4 NetWare Server Parameters	40
4.4.1 Routing and Encapsulation	40
4.4.2 NetWare Access Lists	40
4.5 TCP/IP Server Parameters	41
4.5.1 IP Address	41
4.5.2 Other TCP/IP Parameters	41
4.5.3 Host Limit	42
4.6 Creating Services	42
4.6.1 Creating a Simple Service (A Line Printer)	43
4.6.2 Setting Up a Service With Group Codes	44
4.6.3 TCP/Telnet Service Sockets	44
4.6.4 Enabling Other Service Options	45
4.6.5 Setting Up a Modem Service	46
4.7 Security	46
4.7.1 Controlling Incoming Sessions	47
4.7.2 IP Security Table	47
4.7.2.1 Using the Security Table	48
4.7.3 SNMP Security	49
4.8 Event Logging	49
4.8.1 Configuring Host Types	49
4.8.2 Host Name Formats	49
4.8.3 Event Classes	50
5: Ports	51
5.1 Port Commands	51
5.1.1 Port Access	51
5.1.2 Serial Configuration	52
5.1.2.1 Baud Rate	52
5.1.2.2 Flow Control	52
5.1.2.3 Parity, Character Size, and Stop Bits	54
5.1.3 Virtual Ports	54
5.2 Other Port Characteristics	55
5.2.1 DTRwait	55
5.2.2 Port Names	55
5.3 Security	55
5.3.1 Password Restrictions	55
5.3.2 Preventing Access Until DSR Is Asserted	56
5.3.3 Automatic Logouts	56
5.3.3.1 DSRlogout	56
5.3.3.2 Inactivity Logout	56
6: Using the Server	57
6.1 Logging In and Out	57
6.1.1 Logging In	57
6.1.2 Logging Out	57
6.2 Configuring Your Port	57
6.2.1 Privileged Port Commands	57
6.3 Local Server Commands	58
6.3.1 Logout	58
6.3.2 Test Port	58
6.4 Status Displays	58
7: TCP/IP Host Setup	61
7.1 Selecting A Printing Method	61
7.2 LPR Printing	62
7.2.1 LPR Basics	63
7.2.2 LPR on Windows NT 3.5.1 (and later)	64
7.2.3 LPR on AIX Hosts	66
7.2.3.1 Using UNIX Commands	67
7.2.3.2 Using SMIT	67
7.2.4 LPR on HP Hosts	68
7.2.4.1 Using UNIX Commands	68
7.2.4.2 Using SAM	68
7.2.5 LPR on SCO UNIX Hosts	69
7.2.6 LPR on Sun Solaris Hosts	70
7.3 Reverse Telnet (RTEL)	70
7.3.1 Components of RTEL	70
7.3.2 Installing Reverse Telnet Software	71
7.3.3 Queueing with the RTEL Software	72
7.3.4 Setting up the RTEL Backend Filter	72
7.3.5 Setting up the RTEL Named Pipe Daemon	75
7.3.6 Creating a BSD Print Queue Using RTELPD	77
7.3.7 Creating a SYSV Print Queue Using RTELPD	77
7.3.8 RTEL Troubleshooting	78
7.4 TCP Socket Connections	78
7.5 PostScript Configuration	79
8: NetWare Host Setup	81
8.1 Access Lists	81
8.2 Licensing NDS	81
8.3 Printing	82
8.3.1 Creating NDS Print Queues with PCONSOLE	83
8.3.2 Creating Print Queues with NetWare Administrator	84
8.3.3 Creating Bindery Print Queues with QINST	86
8.3.4 Installing a Print Queue Using PCONSOLE	87
8.3.5 Configuring Rprinter	89
8.4 PCL	95
8.5 PostScript	95
8.6 Troubleshooting	95
8.6.1 QINST Print Queue Troubleshooting	95
8.6.2 NDS Print Queue Troubleshooting	96
8.6.3 NetWare Host Troubleshooting	98
9: LAT Host Setup	101
9.1 Printing from LAT	101
9.1.1 Printing to an Application Port	101
9.1.1.1 Other Setup Options	102
9.1.2 Printing to a Service	102
9.1.3 Printing PostScript	103
9.1.4 Printing Using DCPS Software	104
9.2 Troubleshooting	104
9.2.1 VMS Printer Troubleshooting	104
9.2.2 VMS Host Troubleshooting	106
10: AppleTalk Host Setup	109
10.1 Configuration	109
10.1.1 Bitronics Interface	109
10.1.2 Macintosh Service Configuration	110
10.2 Printing from a Macintosh	110
10.2.1 Using AppleTalk on UNIX or VMS	110
10.2.2 Using LaserPrep	110
10.2.3 Printing Bitmap Graphics	110
10.3 Troubleshooting Macintosh Printing	111
10.3.1 General Troubleshooting	111
10.3.1.1 Error Messages	112
10.3.2 Host Troubleshooting	113
11: LAN Manager Host Setup	115
11.1 Printing Methods	115
11.1.1 DLC	115
11.1.2 NetBIOS	117
11.1.2.1 Redirecting a Port	117
11.1.2.2 Printing from NetBIOS	118
11.2 Windows NT Troubleshooting	118
12: Command Reference	121
12.1 Overview	121
12.2 Command Line Interface	121
12.2.1 Command Completion	121
12.2.2 Command Line Editing	122
12.3 Clear/Purge Commands	122
12.3.1 Clear/Purge IPsecurity	122
12.3.2 Clear/Purge Protocol NetWare Access	123
12.3.3 Clear/Purge Service	123
12.3.4 Clear/Purge SNMP	124
12.4 Cls	124
12.5 Crash 451	125
12.6 Define	125
12.7 Fg	125
12.8 Finger	125
12.9 Help	126
12.10 Initialize	127
12.11 List	128
12.12 Logout	128
12.13 Man	128
12.14 Mode	128
12.15 Monitor	129
12.16 Netstat	129
12.17 Ping	129
12.18 Purge	130
12.19 Remove Queue	130
12.20 Save	131
12.21 Set/Define IPsecurity	132
12.22 Set/Define Logging	133
12.23 Set Noprivileged	134
12.24 Set/Define Port Commands	135
12.24.1 Define Port Access	135
12.24.2 Set/Define Port Bitronics	136
12.24.3 Set/Define Port Character Size	136
12.24.4 Set/Define Port Command Completion	137
12.24.5 Set/Define Port DSRlogout	137
12.24.6 Set/Define Port DTRwait	138
12.24.7 Set/Define Port Flow Control	139
12.24.8 Set/Define Port Inactivity Logout	140
12.24.9 Define Port Modem Control	140
12.24.10 Set/Define Port Name	141
12.24.11 Set/Define Port Parity	141
12.24.12 Set/Define Port Passflow	142
12.24.13 Set/Define Port Password	142
12.24.14 Set/Define Port Printer	143
12.24.15 Set/Define Port Signal Check	143
12.24.16 Set/Define Port Speed	144
12.24.17 Set/Define Port Stop	145
12.24.18 Set/Define Port Type	145
12.24.19 Set/Define Port Username	146
12.24.20 Set/Define Port Verification	146
12.25 Set/Define Printer Type	147
12.26 Set Privileged/Noprivileged	148
12.27 Set/Define Protocols Commands	148
12.27.1 Define Protocols AppleTalk	148
12.27.2 Define Protocols IP	149
12.27.3 Define Protocols LAN Manager	150
12.27.4 Set/Define Protocols LAT	150
12.27.5 Set/Define Protocols NetWare	151
12.28 Set/Define Server Commands	154
12.28.1 Set/Define Server Announcements	154
12.28.2 Set/Define Server Bootgateway	155
12.28.3 Set/Define Server BOOTP	155
12.28.4 Set/Define Server Buffering	155
12.28.5 Set/Define Server Circuit Timer	156
12.28.6 Set/Define Server DHCP	156
12.28.7 Set/Define Server Gateway	157
12.28.8 Set/Define Server Host Limit	157
12.28.9 Set/Define Server Identification	158
12.28.10 Set/Define Server Inactivity Timer	158
12.28.11 Set/Define Server Incoming	159
12.28.12 Set/Define Server IPaddress	160
12.28.13 Set/Define Server Keepalive Timer	160
12.28.14 Set/Define Server Loadhost	161
12.28.15 Set/Define Server Lock	161
12.28.16 Set/Define Server Login Password	162
12.28.17 Set/Define Server Maintenance Password	162
12.28.18 Set/Define Server Multicast Timer	163
12.28.19 Set/Define Server Name	163
12.28.20 Set/Define Server NetWare Loadhost	163
12.28.21 Set/Define Server NetWare Printserver	164
12.28.22 Set Server NetWare Reset	164
12.28.23 Set/Define Server Node Limit	165
12.28.24 Set/Define Server Password Limit	165
12.28.25 Set/Define Server Privileged Password	166
12.28.26 Set/Define Server Prompt	166
12.28.27 Set/Define Server Queue Limit	167
12.28.28 Set/Define Server RARP	168
12.28.29 Set/Define Server Reload	168
12.28.30 Set/Define Server Retransmit Limit	168
12.28.31 Set/Define Server Secondary	169
12.28.32 Set/Define Server Serial Delay	169
12.28.33 Set/Define Server Service Groups	169
12.28.34 Define Server Silentboot	170
12.28.35 Set/Define Server Software	170
12.28.36 Set/Define Server Startupfile	171
12.28.37 Set/Define Server Subnet Mask	172
12.29 Set/Define Service Commands	173
12.29.1 Set/Define Service	173
12.29.2 Set/Define Service AppleTalk	173
12.29.3 Set/Define Service Banner	173
12.29.4 Set/Define Service Binary	174
12.29.5 Set/Define Service Default	174
12.29.6 Set/Define Service DLC	175
12.29.7 Set/Define Service EOJ	175
12.29.8 Set/Define Service Formfeed	176
12.29.9 Set/Define Service Identification	176
12.29.10 Set/Define Service LAN Manager	177
12.29.11 Set/Define Service LAT	177
12.29.12 Set/Define Service NetWare	177
12.29.13 Set/Define Service Password	178
12.29.14 Set/Define Service Ports	178
12.29.15 Set/Define Service PostScript	179
12.29.16 Set/Define Service PSConvert	179
12.29.17 Set/Define Service RTEL	179
12.29.18 Set/Define Service SOJ	180
12.29.19 Set/Define Service TCPport	180
12.29.20 Set/Define Service Telnetport	181
12.30 Set/Define SNMP	181
12.31 Show/Monitor/List Commands	182
12.31.1 Show/Monitor/List IPsecurity	182
12.31.2 Show/Monitor/List Logging	182
12.31.3 Show/Monitor/List Ports	183
12.31.4 Show/Monitor/List Protocols	184
12.31.5 Show/Monitor Queue	187
12.31.6 Show/Monitor/List Server	188
12.31.7 Show/Monitor/List Services	192
12.31.8 Show/Monitor/List SNMP	192
12.31.9 Show/Monitor Users	193
12.31.10 Show Version	193
12.32 Source	193
12.33 Stty	194
12.34 Su	194
12.35 Test Loop	195
12.36 Test Port	195
12.37 Test Service	196
12.38 Who	197
12.39 Zero Counters	197
A: Contact Information	199
A.1 Problem Report Procedure	199
A.2 Full Contact Information	199
B: Troubleshooting	201
B.1 Power-up Troubleshooting	201
B.2 DHCP Troubleshooting	202
B.3 BOOTP Troubleshooting	202
B.4 RARP Troubleshooting	203
B.5 Printing Problems	203
B.6 PostScript Problems	203
B.6.1 Bitmap Graphics	204
C: Updating Software	205
C.1 Obtaining Software	205
C.1.1 Via the Web	205
C.1.2 Via FTP	205
C.2 Reloading Software	206
C.2.1 Reloading Sequence	206
C.2.1.1 TCP/IP	207
C.2.1.2 NetWare	207
C.2.1.3 MOP	207
C.3 Troubleshooting Flash ROM Updates	208
Glossary	209

Match case Limit results 1 per page

Server Configuration

Security

4.7.1

Controlling Incoming Sessions

The

Set/Define Server Incoming

command allows or denies incoming LAT or Telnet connections. It can

also require incoming users to enter the Server login password to log in from the network. The following

commands allow LAT and Telnet users to log into the Server without having to enter a password.

Figure 4-19:

Allowing Unrestricted Incoming Connections

For security-conscious systems, the following commands can be used to only allow authenticated logins.

That is, login attempts are subject to password verification.

Figure 4-20:

Configuring Password for Incoming Connections

Connection Methods

on page -HIDDEN explains in detail the mechanics of setting up incoming sessions.

Note that users logging in from the network are much harder to trace and monitor than those on attached

physical ports.

Make sure your Server and network environment are reasonably secure if you allow network logins. Also,

refer to

Enabling Server-Wide Port Characteristics

on page 4-1 for details on configuring ports for network

logins. Note that you can configure the TCP/IP security table to enable or disable network connections from

certain hosts—see

IP Security Table

on page 4-11 for more information.

4.7.2

IP Security Table

The Server provides an IP Security Table as a mechanism for restricting incoming and outgoing TCP/IP

sessions (including Telnet, Rlogin, SLIP, and RTEL). The security table allows the manager to enable or

disable access to and from the Server based on port number as well as IP address. The IP security table does

not apply to print connections via RTEL.

Like other configurations, security table entries can be Set or Defined. To add an entry to the table, specify

an IP address (or range), which direction(s) to restrict, and a list of affected ports.

Figure 4-21:

Setting Server Access

In order, the command in Figure 4-21:

Affects addresses from 192.0.1.1 through 192.0.1.254 using the 255 “wildcard” network address seg-

ment.

Prevents ports 4, 5, 6, and 7 from beginning sessions

hosts with these addresses using the

Outgoing

Disabled

keywords.

Local> SET SERVER INCOMING BOTH

Local> SET SERVER INCOMING NOPASSWORD

Local> SET SERVER INCOMING PASSWORD

Local> SET SERVER LOGIN PASSWORD “8ball”

Local> SET IPSECURITY 192.0.1.255 OUTGOING DISABLED PORT 4-7