Home » Lantronix Manuals » Electronics Accessories » Lantronix MPS100 » Manual Viewer

Lantronix MPS100 EPS Reference Manual - Page 48

Using the Security Table

Add to My Manuals
Save this manual to your list of manuals

Page 48 highlights

Security Server Configuration The IP address must be four segments of 0-255 each. A 255 in any segment applies to all numbers in that range such that 192.0.1.255 includes all addresses of 192.0.1.n. A trailing zero in any address is shorthand for "all addresses in this range are disabled, for both directions and for all ports." The following two commands are equal. Figure 4-22: Set IPsecurity Command Local> SET IPSECURITY 192.0.1.0 Local> SET IPSECURITY 192.0.1.255 OUT DISABLED IN DISABLED Parameters can be added after the address term to change the defaults. Incoming and Outgoing Disabled are the default settings for any Set/Define IPsecurity command. Incoming refers to users on other hosts attempting to log into the Server. Outgoing refers to local users connecting to other TCP/IP hosts. Port number 0 corresponds to the virtual ports (that is, users who log into the Server from the network). If no ports are specified on the command line, all ports, both physical and virtual, are included by default. Individual entries can be removed by entering Clear/Purge IPsecurity with no parameters other than the address. This command form is not valid for any addresses with zeros in any segment. Figure 4-23: Clear IPsecurity Command Local> CLEAR IPSECURITY 192.1.1.102 The entire security table can be cleared with one command: Figure 4-24: Clearing Security Table Local> CLEAR IPSECURITY ALL 4.7.2.1 Using the Security Table There are two basic rules for checking a TCP/IP connection for legality. First, a more specific rule takes precedence over a less specific one. For example, if connections to 192.0.1.255. are disabled but connections to 192.0.1.78 are enabled, a connection to 192.0.1.78 will succeed. Second, in the absence of any rule that restricts a connection, access is allowed. If this behavior is not desired, include an entry of the following form: Figure 4-25: Setting IPsecurity Local> SET IPSECURITY 255.255.255.255 IN DISABLED OUT DISABLED This is the least specific rule in the table, and will ensure that connections fail unless otherwise allowed by another entry (recall that all ports are included in the rule by default). If no entries are defined in the table, all connection attempts will succeed. Also, if the connecting user has privileged status, the connection will be allowed regardless of the entries in the table. Note: Managers should try enabling and disabling certain addresses on their local network to see what they can and cannot do if they are unclear as to the rules on the use of the security table. 4-12

Section	Page
Print Server Reference Manual	1
Contents	3
1: Introduction	11
1.1 Product Overview	11
1.2 Protocol Support	11
1.3 Terms	12
1.4 Server Features	12
1.5 How To Use This Manual	14
2: Concepts	15
2.1 Services	15
2.2 Network Protocols	15
2.3 AppleTalk	15
2.3.1 Addressing	16
2.3.2 Zones	16
2.3.3 Name Binding Protocol (NBP)	17
2.4 LAN Manager	17
2.4.1 Networking	17
2.5 LAT	18
2.6 TCP/IP	19
2.6.1 IP Addresses	19
2.6.2 Dynamic Host Control Protocol (DHCP)	20
2.6.3 Simple Network Management Protocol (SNMP)	20
2.6.4 Reverse Telnet (RTEL)	21
2.6.5 LPR Support	21
2.6.6 TCP/IP Utilities and Commands	21
2.7 NetWare	22
2.7.1 Networking	22
2.7.2 Access Lists	23
2.8 PostScript	23
2.9 Security	24
2.9.1 Event Reporting/Logging	24
3: Getting Started	25
3.1 Configuration Methods	25
3.1.1 EZWebCon	25
3.1.2 Using a Web Browser	26
3.1.3 Command Line Interface	26
3.2 Entering and Editing Commands	27
3.3 Restricted Commands	28
3.4 Command Types	28
3.4.1 Set and Define	28
3.4.2 Show, Monitor, and List	29
3.4.3 Clear and Purge	29
3.5 Abbreviating Keywords	29
3.6 Maintenance Issues	29
3.6.1 Changing the Server Name	30
3.6.2 Changing the Server Prompt	30
3.6.3 Rebooting the Server	30
3.6.4 Restoring Factory Defaults	31
3.6.5 Reloading Operational Software	31
3.7 Editing the Boot Parameters	31
3.8 System Passwords	32
3.8.1 Privileged Password	32
3.8.2 Login Password	33
3.8.3 Maintenance Password	33
3.9 Configuration Files	33
3.9.1 Using EZWebCon	34
3.9.2 Without EZWebCon	34
3.9.2.1 Creating the File	34
3.9.2.2 Configuring the Host	35
3.9.2.3 Configuring the Server	35
3.9.2.4 Download Sequence	36
4: Server Configuration	37
4.1 General Server Parameters	37
4.1.1 Enabling Incoming Connections	37
4.1.2 Enabling Server-Wide Port Characteristics	37
4.1.2.1 Preconfiguring Virtual Ports	38
4.1.3 Enabling Announcements	38
4.2 AppleTalk Server Parameters	38
4.3 LAT Server Parameters	39
4.3.1 Server Identification	39
4.3.2 Network Timers	39
4.3.3 Node Limit	39
4.4 NetWare Server Parameters	40
4.4.1 Routing and Encapsulation	40
4.4.2 NetWare Access Lists	40
4.5 TCP/IP Server Parameters	41
4.5.1 IP Address	41
4.5.2 Other TCP/IP Parameters	41
4.5.3 Host Limit	42
4.6 Creating Services	42
4.6.1 Creating a Simple Service (A Line Printer)	43
4.6.2 Setting Up a Service With Group Codes	44
4.6.3 TCP/Telnet Service Sockets	44
4.6.4 Enabling Other Service Options	45
4.6.5 Setting Up a Modem Service	46
4.7 Security	46
4.7.1 Controlling Incoming Sessions	47
4.7.2 IP Security Table	47
4.7.2.1 Using the Security Table	48
4.7.3 SNMP Security	49
4.8 Event Logging	49
4.8.1 Configuring Host Types	49
4.8.2 Host Name Formats	49
4.8.3 Event Classes	50
5: Ports	51
5.1 Port Commands	51
5.1.1 Port Access	51
5.1.2 Serial Configuration	52
5.1.2.1 Baud Rate	52
5.1.2.2 Flow Control	52
5.1.2.3 Parity, Character Size, and Stop Bits	54
5.1.3 Virtual Ports	54
5.2 Other Port Characteristics	55
5.2.1 DTRwait	55
5.2.2 Port Names	55
5.3 Security	55
5.3.1 Password Restrictions	55
5.3.2 Preventing Access Until DSR Is Asserted	56
5.3.3 Automatic Logouts	56
5.3.3.1 DSRlogout	56
5.3.3.2 Inactivity Logout	56
6: Using the Server	57
6.1 Logging In and Out	57
6.1.1 Logging In	57
6.1.2 Logging Out	57
6.2 Configuring Your Port	57
6.2.1 Privileged Port Commands	57
6.3 Local Server Commands	58
6.3.1 Logout	58
6.3.2 Test Port	58
6.4 Status Displays	58
7: TCP/IP Host Setup	61
7.1 Selecting A Printing Method	61
7.2 LPR Printing	62
7.2.1 LPR Basics	63
7.2.2 LPR on Windows NT 3.5.1 (and later)	64
7.2.3 LPR on AIX Hosts	66
7.2.3.1 Using UNIX Commands	67
7.2.3.2 Using SMIT	67
7.2.4 LPR on HP Hosts	68
7.2.4.1 Using UNIX Commands	68
7.2.4.2 Using SAM	68
7.2.5 LPR on SCO UNIX Hosts	69
7.2.6 LPR on Sun Solaris Hosts	70
7.3 Reverse Telnet (RTEL)	70
7.3.1 Components of RTEL	70
7.3.2 Installing Reverse Telnet Software	71
7.3.3 Queueing with the RTEL Software	72
7.3.4 Setting up the RTEL Backend Filter	72
7.3.5 Setting up the RTEL Named Pipe Daemon	75
7.3.6 Creating a BSD Print Queue Using RTELPD	77
7.3.7 Creating a SYSV Print Queue Using RTELPD	77
7.3.8 RTEL Troubleshooting	78
7.4 TCP Socket Connections	78
7.5 PostScript Configuration	79
8: NetWare Host Setup	81
8.1 Access Lists	81
8.2 Licensing NDS	81
8.3 Printing	82
8.3.1 Creating NDS Print Queues with PCONSOLE	83
8.3.2 Creating Print Queues with NetWare Administrator	84
8.3.3 Creating Bindery Print Queues with QINST	86
8.3.4 Installing a Print Queue Using PCONSOLE	87
8.3.5 Configuring Rprinter	89
8.4 PCL	95
8.5 PostScript	95
8.6 Troubleshooting	95
8.6.1 QINST Print Queue Troubleshooting	95
8.6.2 NDS Print Queue Troubleshooting	96
8.6.3 NetWare Host Troubleshooting	98
9: LAT Host Setup	101
9.1 Printing from LAT	101
9.1.1 Printing to an Application Port	101
9.1.1.1 Other Setup Options	102
9.1.2 Printing to a Service	102
9.1.3 Printing PostScript	103
9.1.4 Printing Using DCPS Software	104
9.2 Troubleshooting	104
9.2.1 VMS Printer Troubleshooting	104
9.2.2 VMS Host Troubleshooting	106
10: AppleTalk Host Setup	109
10.1 Configuration	109
10.1.1 Bitronics Interface	109
10.1.2 Macintosh Service Configuration	110
10.2 Printing from a Macintosh	110
10.2.1 Using AppleTalk on UNIX or VMS	110
10.2.2 Using LaserPrep	110
10.2.3 Printing Bitmap Graphics	110
10.3 Troubleshooting Macintosh Printing	111
10.3.1 General Troubleshooting	111
10.3.1.1 Error Messages	112
10.3.2 Host Troubleshooting	113
11: LAN Manager Host Setup	115
11.1 Printing Methods	115
11.1.1 DLC	115
11.1.2 NetBIOS	117
11.1.2.1 Redirecting a Port	117
11.1.2.2 Printing from NetBIOS	118
11.2 Windows NT Troubleshooting	118
12: Command Reference	121
12.1 Overview	121
12.2 Command Line Interface	121
12.2.1 Command Completion	121
12.2.2 Command Line Editing	122
12.3 Clear/Purge Commands	122
12.3.1 Clear/Purge IPsecurity	122
12.3.2 Clear/Purge Protocol NetWare Access	123
12.3.3 Clear/Purge Service	123
12.3.4 Clear/Purge SNMP	124
12.4 Cls	124
12.5 Crash 451	125
12.6 Define	125
12.7 Fg	125
12.8 Finger	125
12.9 Help	126
12.10 Initialize	127
12.11 List	128
12.12 Logout	128
12.13 Man	128
12.14 Mode	128
12.15 Monitor	129
12.16 Netstat	129
12.17 Ping	129
12.18 Purge	130
12.19 Remove Queue	130
12.20 Save	131
12.21 Set/Define IPsecurity	132
12.22 Set/Define Logging	133
12.23 Set Noprivileged	134
12.24 Set/Define Port Commands	135
12.24.1 Define Port Access	135
12.24.2 Set/Define Port Bitronics	136
12.24.3 Set/Define Port Character Size	136
12.24.4 Set/Define Port Command Completion	137
12.24.5 Set/Define Port DSRlogout	137
12.24.6 Set/Define Port DTRwait	138
12.24.7 Set/Define Port Flow Control	139
12.24.8 Set/Define Port Inactivity Logout	140
12.24.9 Define Port Modem Control	140
12.24.10 Set/Define Port Name	141
12.24.11 Set/Define Port Parity	141
12.24.12 Set/Define Port Passflow	142
12.24.13 Set/Define Port Password	142
12.24.14 Set/Define Port Printer	143
12.24.15 Set/Define Port Signal Check	143
12.24.16 Set/Define Port Speed	144
12.24.17 Set/Define Port Stop	145
12.24.18 Set/Define Port Type	145
12.24.19 Set/Define Port Username	146
12.24.20 Set/Define Port Verification	146
12.25 Set/Define Printer Type	147
12.26 Set Privileged/Noprivileged	148
12.27 Set/Define Protocols Commands	148
12.27.1 Define Protocols AppleTalk	148
12.27.2 Define Protocols IP	149
12.27.3 Define Protocols LAN Manager	150
12.27.4 Set/Define Protocols LAT	150
12.27.5 Set/Define Protocols NetWare	151
12.28 Set/Define Server Commands	154
12.28.1 Set/Define Server Announcements	154
12.28.2 Set/Define Server Bootgateway	155
12.28.3 Set/Define Server BOOTP	155
12.28.4 Set/Define Server Buffering	155
12.28.5 Set/Define Server Circuit Timer	156
12.28.6 Set/Define Server DHCP	156
12.28.7 Set/Define Server Gateway	157
12.28.8 Set/Define Server Host Limit	157
12.28.9 Set/Define Server Identification	158
12.28.10 Set/Define Server Inactivity Timer	158
12.28.11 Set/Define Server Incoming	159
12.28.12 Set/Define Server IPaddress	160
12.28.13 Set/Define Server Keepalive Timer	160
12.28.14 Set/Define Server Loadhost	161
12.28.15 Set/Define Server Lock	161
12.28.16 Set/Define Server Login Password	162
12.28.17 Set/Define Server Maintenance Password	162
12.28.18 Set/Define Server Multicast Timer	163
12.28.19 Set/Define Server Name	163
12.28.20 Set/Define Server NetWare Loadhost	163
12.28.21 Set/Define Server NetWare Printserver	164
12.28.22 Set Server NetWare Reset	164
12.28.23 Set/Define Server Node Limit	165
12.28.24 Set/Define Server Password Limit	165
12.28.25 Set/Define Server Privileged Password	166
12.28.26 Set/Define Server Prompt	166
12.28.27 Set/Define Server Queue Limit	167
12.28.28 Set/Define Server RARP	168
12.28.29 Set/Define Server Reload	168
12.28.30 Set/Define Server Retransmit Limit	168
12.28.31 Set/Define Server Secondary	169
12.28.32 Set/Define Server Serial Delay	169
12.28.33 Set/Define Server Service Groups	169
12.28.34 Define Server Silentboot	170
12.28.35 Set/Define Server Software	170
12.28.36 Set/Define Server Startupfile	171
12.28.37 Set/Define Server Subnet Mask	172
12.29 Set/Define Service Commands	173
12.29.1 Set/Define Service	173
12.29.2 Set/Define Service AppleTalk	173
12.29.3 Set/Define Service Banner	173
12.29.4 Set/Define Service Binary	174
12.29.5 Set/Define Service Default	174
12.29.6 Set/Define Service DLC	175
12.29.7 Set/Define Service EOJ	175
12.29.8 Set/Define Service Formfeed	176
12.29.9 Set/Define Service Identification	176
12.29.10 Set/Define Service LAN Manager	177
12.29.11 Set/Define Service LAT	177
12.29.12 Set/Define Service NetWare	177
12.29.13 Set/Define Service Password	178
12.29.14 Set/Define Service Ports	178
12.29.15 Set/Define Service PostScript	179
12.29.16 Set/Define Service PSConvert	179
12.29.17 Set/Define Service RTEL	179
12.29.18 Set/Define Service SOJ	180
12.29.19 Set/Define Service TCPport	180
12.29.20 Set/Define Service Telnetport	181
12.30 Set/Define SNMP	181
12.31 Show/Monitor/List Commands	182
12.31.1 Show/Monitor/List IPsecurity	182
12.31.2 Show/Monitor/List Logging	182
12.31.3 Show/Monitor/List Ports	183
12.31.4 Show/Monitor/List Protocols	184
12.31.5 Show/Monitor Queue	187
12.31.6 Show/Monitor/List Server	188
12.31.7 Show/Monitor/List Services	192
12.31.8 Show/Monitor/List SNMP	192
12.31.9 Show/Monitor Users	193
12.31.10 Show Version	193
12.32 Source	193
12.33 Stty	194
12.34 Su	194
12.35 Test Loop	195
12.36 Test Port	195
12.37 Test Service	196
12.38 Who	197
12.39 Zero Counters	197
A: Contact Information	199
A.1 Problem Report Procedure	199
A.2 Full Contact Information	199
B: Troubleshooting	201
B.1 Power-up Troubleshooting	201
B.2 DHCP Troubleshooting	202
B.3 BOOTP Troubleshooting	202
B.4 RARP Troubleshooting	203
B.5 Printing Problems	203
B.6 PostScript Problems	203
B.6.1 Bitmap Graphics	204
C: Updating Software	205
C.1 Obtaining Software	205
C.1.1 Via the Web	205
C.1.2 Via FTP	205
C.2 Reloading Software	206
C.2.1 Reloading Sequence	206
C.2.1.1 TCP/IP	207
C.2.1.2 NetWare	207
C.2.1.3 MOP	207
C.3 Troubleshooting Flash ROM Updates	208
Glossary	209

Match case Limit results 1 per page

Security

Server Configuration

The IP address must be four segments of 0-255 each. A 255 in any segment applies to all numbers in that

range such that 192.0.1.255 includes all addresses of 192.0.1.

. A trailing zero in any address is shorthand

for “all addresses in this range are disabled, for both directions and for all ports.” The following two

commands are equal.

Figure 4-22:

Set IPsecurity Command

Parameters can be added after the address term to change the defaults. Incoming and Outgoing Disabled are

the default settings for any

Set/Define IPsecurity

command. Incoming refers to users on other hosts

attempting to log into the Server. Outgoing refers to local users connecting to other TCP/IP hosts.

Port number 0 corresponds to the virtual ports (that is, users who log into the Server from the network). If

no ports are specified on the command line, all ports, both physical and virtual, are included by default.

Individual entries can be removed by entering

Clear/Purge IPsecurity

with no parameters other than the

address. This command form is not valid for any addresses with zeros in any segment.

Figure 4-23:

Clear IPsecurity Command

The entire security table can be cleared with one command:

Figure 4-24:

Clearing Security Table

4.7.2.1

Using the Security Table

There are two basic rules for checking a TCP/IP connection for legality. First, a more specific rule takes

precedence over a less specific one. For example, if connections to 192.0.1.255. are disabled but

connections to 192.0.1.78 are enabled, a connection to 192.0.1.78 will succeed. Second, in the absence of

any rule that restricts a connection, access is allowed. If this behavior is not desired, include an entry of the

following form:

Figure 4-25:

Setting IPsecurity

This is the least specific rule in the table, and will ensure that connections fail unless otherwise allowed by

another entry (recall that all ports are included in the rule by default).

If no entries are defined in the table, all connection attempts will succeed. Also, if the connecting user has

privileged status, the connection will be allowed regardless of the entries in the table.

Note:

Managers should try enabling and disabling certain addresses on their local

network to see what they can and cannot do if they are unclear as to the rules on

the use of the security table.

Local> SET IPSECURITY 192.0.1.0

Local> SET IPSECURITY 192.0.1.255 OUT DISABLED IN DISABLED

Local> CLEAR IPSECURITY 192.1.1.102

Local> CLEAR IPSECURITY ALL

Local> SET IPSECURITY 255.255.255.255 IN DISABLED OUT DISABLED