Home » Lantronix Manuals » Electronics Accessories » Lantronix SLC 8000 Advanced Console Manager » Manual Viewer

Lantronix SLC 8000 Advanced Console Manager User Guide - Page 100

Forwarding Connections Commands, VPN Settings

View all Lantronix SLC 8000 Advanced Console Manager manuals

Add to My Manuals
Save this manual to your list of manuals

Page 100 highlights

6: Basic Parameters IP Address The IP address to route the traffic to. Outgoing TCP Port The TCP port to route the traffic to. This should be a TCP port that is open and listening on the device. 3. To create a new connection, click Create New Connection. Return to the Forwarding page, the new connection will be shown in the Current Forwarding Connections table at the bottom. Note: In the CLI "show connections" output, an extra SSH In connection to the console manager will be shown for each forwarding connection - this is the SSH tunnel for the port forwarding connection. 4. To edit an existing connection, click the checkbox in the right column in the Current Forwarding Connections table. This will fill in the text fields at the top with the current settings. Change the settings as needed and then click Configure. This will tear down the current connection and restart it with the new settings. After returning to the Forwarding page, the updated connection will be shown in the Current Forwarding Connections table at the bottom. The connection will persist across reboots until it is terminated. 5. To terminate an existing connection, click the checkbox in the right column in the Current Forwarding Connections table. Select the Keep Connection checkbox to suspend the connection (it can be restarted later using the Restart button). Click Terminate. This will tear down and remove the connection. Forwarding Connections Commands Go to Connection Commands to view CLI commands which correspond to the web page entries described above. VPN Settings This page can be used to create a Virtual Private Network (VPN) tunnel to the SLC unit for secure communication between the SLC and a remote host or gateway. The SLC unit supports IPSec tunnels using Encapsulated Security Payload (ESP). The SLC supports host-to-host, net-to-net, host-to-net, and roaming user tunnels. Note: To allow VPN tunnel access if the SLC firewall is enabled, traffic to UDP ports 500 and 4500 from the remote host should be allowed, as well as protocol ESP from the remote host. The SLC provides a strongSwan-based VPN implementation (version 5.6.3). The SLC UI provides access to a subset of the strongSwan configuration options, and also allows upload of a custom ipsec.conf file, which gives an administrator access to most strongSwan configuration options. For more information on strongSwan, see https://www.strongswan.org and the strongSwan FAQ. A list of Internet Key Exchange IKEv1 and IKEv2 cipher suites is available on the strongSwan Wiki. NAT Traversal is handled automatically without any special configuration. VPN related routes are installed in a separate table and can be viewed in the detailed VPN status or in the IP Routes table. When a tunnel is up, the amount of data passed through the tunnel can be viewed in the status with the bytes_i (bytes input) and bytes_o (bytes output) counters. An example of the VPN status is below (the status will vary depending on the authentication, subnets and algorithms used). For example, the status displays the IP addresses on either side of the tunnel (192.168.1.103 and SLC™ 8000 Advanced Console Manager User Guide 100

Section	Page
SLC™ 8000 Advanced Console Manager User Guide	1
Intellectual Property	2
Warranty	2
Contacts	2
GNU General Public License Notice	2
Disclaimer & Revisions	3
Revision History	4
Table of Contents	6
List of Figures	16
List of Tables	20
1: About this Guide	21
Purpose and Audience	21
Summary of Chapters	21
Additional Documentation	22
2: Introduction	23
Features	23
Console Management	23
Power	24
Integration with Other Secure Lantronix Products	24
Hardware	24
System Features	26
Protocols Supported	27
Access Control	27
Device Port Buffer	27
Configuration Options	28
Device Port and Console Port Interfaces	28
Network Connections	32
Front Panel USB Ports	33
Memory Card Port	33
Internal Modem	34
3: Installation	35
What's in the Box	35
Customize an SLC 8000	36
Product Label	37
Technical Specifications	37
Physical Installation	39
Connecting to a Device Port	39
Modular Expansion for I/O Module Bays	41
Connecting to Network Ports	42
Connecting Terminals	42
AC Input	43
Modem Installation	44
Battery Replacement	47
4: Quick Setup	51
Recommendations	51
Method #1 Using the Front Panel Display	52
Front Panel LCD Display and Keypads	52
Navigating	52
Entering the Settings	55
Restoring Factory Defaults	56
Limiting Sysadmin User Access	56
Method #2 Quick Setup on the Web Page	57
Network Settings	58
Date & Time Settings	59
Administrator Settings	59
Method #3 Quick Setup on the Command Line Interface	60
Next Step	63
5: Web and Command Line Interfaces	64
Web Manager	64
Logging in	66
Logging Out	66
Web Page Help	67
Command Line Interface	67
Logging In	67
Logging Out	68
Command Syntax	68
Command Line Help	68
Tips	68
6: Basic Parameters	71
Requirements	71
Network Port Settings	72
Ethernet Interfaces (Eth1 and Eth2)	75
Hostname & Name Servers	77
DNS Servers	77
DHCP-Acquired DNS Servers	77
TCP Keepalive Parameters	77
Gateway	78
Fail-Over Settings	79
Fail-Over Cellular Gateway Configuration	81
Advanced Cellular Gateway Configuration	83
Fail-Over Cellular Gateway Firmware	84
Load Cellular Gateway Firmware Options	84
Ethernet Counters	85
Network Commands	85
Ethernet Switch	85
Port Statistics	88
DHCP	90
DHCP Server Settings	91
DHCP Relay Settings	92
IP Filter	92
Viewing IP Filters	92
Mapping Rulesets	93
Enabling IP Filters	93
Configuring IP Filters	95
Rule Parameters	96
Updating an IP Filter	97
Deleting an IP Filter	97
IP Filter Commands	97
Routing	97
Dynamic Routing	98
Static Routing	98
Routing Commands	99
Forwarding	99
Forwarding Connections Commands	100
VPN Settings	100
Sample ipsec.conf Files	112
VPN Commands	117
Security	117
Performance Monitoring	120
Performance Monitoring - Add/Edit Probe	123
Performance Monitoring - Results	126
Performance Monitoring Commands	130
FQDN List	131
7: Services	132
System Logging and Other Services	132
SSH/Telnet/Logging	133
System Logging	134
Audit Log	134
SSH	135
SMTP	135
Telnet	136
Web SSH/Web Telnet Settings	136
Phone Home	137
SSH Commands	137
Logging Commands	137
SNMP	138
v1/v2c Communities	142
Version 3	142
V3 User Read-Only	142
V3 User Read-Write	143
V3 User Trap	143
Version 3 TLS (over TCP)	143
Services Commands	144
NFS and SMB/CIFS	145
SMB/CIFS Share	147
NFS and SMB/CIFS Commands	147
Secure Lantronix Network	148
Browser Issues	151
Troubleshooting Browser Issues	152
Web SSH/Telnet Copy and Paste	154
Secure Lantronix Network Commands	154
Date and Time	154
Date and Time Commands	156
Web Server	156
Admin Web Commands	158
Services - SSL Certificate	159
Services - Web Sessions	161
ConsoleFlow	162
ConsoleFlow Commands	168
8: USB/SD Card Port	169
USB/SD Card Storage	169
Manage Files on Storage Device	171
USB Modem Settings	172
Data Settings	174
Modem Settings	174
Text Mode	176
PPP Mode	176
IP Settings	177
USB Serial Settings	177
Data Settings	179
IP Settings	180
USB Commands	180
SD Card Commands	180
9: Device Ports	181
Connection Methods	181
Permissions	181
I/O Modules	182
Device Status	183
Device Ports	184
Telnet/SSH/TCP in Port Numbers	185
DevicePort Global Commands	185
Device Ports - Settings	186
Device Port Settings	188
IP Settings	190
Data Settings	191
Hardware Signal Triggers	192
Modem Settings (Device Ports)	193
Modem Settings: Text Mode	194
Modem Settings: PPP Mode	195
Port Status and Counters	196
Device Ports - Power Management	196
Device Ports - RPMs - Add Device	199
Device Port - Sensorsoft Device	201
Device Port Commands	202
Device Commands	202
Interacting with a Device Port	202
Device Ports - Logging and Events	203
Local Logging	203
NFS File Logging	203
USB and SD Card Logging	204
Token/Data Detection	204
Syslog Logging	204
Token & Data Detection	205
Local Logging	207
Log Viewing Attributes	207
NFS File Logging	207
USB / SD Card Logging	207
Syslog Logging	207
Logging Commands	208
Console Port	208
Console Port Commands	209
Internal Modem Settings	209
Setting Up Internal Modem Storage	209
Text Mode	212
PPP Mode	212
Internal Modem Commands	213
Xmodem	213
Host Lists	216
Host Parameters	217
Host Parameters	218
Host List Commands	219
Scripts	219
Scripts	222
Script Commands	226
Batch Script Syntax	226
Interface Script Syntax	226
Primary Commands	228
Secondary Commands	229
Control Flow Commands	231
Custom Script Syntax	232
Example Scripts	233
Sites	249
Site Commands	252
Access Lists	252
Access List Commands	254
Modem Dialing States	254
Dial In	254
Dial-back	255
Dial-on-demand	256
Dial-in & Dial-on-demand	256
Dial-back & Dial-on-demand	257
CBCP Server and CBCP Client	257
CBCP Server	257
CBCP Client	258
Key Sequences	258
10: Remote Power Managers	260
Devices - RPMs	260
RPMs - Add Device	263
RPMs - Manage Device	266
RPMs - Outlets	269
RPM Shutdown Procedure	270
Optimizing and Troubleshooting RPM Behavior	272
RPM Commands	273
11: Connections	274
Typical Setup Scenarios for the SLC Unit	274
Terminal Server	274
Remote Access Server	275
Reverse Terminal Server	275
Multiport Device Server	276
Console Server	276
Connection Configuration	277
Connection Commands	279
12: User Authentication	280
Authentication Commands	282
User Rights	282
Local and Remote User Settings	284
Sysadmin Account Default Login Values	285
Adding, Editing or Deleting a User	286
Shortcut	290
Local Users Commands	290
Remote User Rights Commands	290
NIS	291
NIS Commands	294
LDAP	294
LDAP Commands	298
RADIUS	299
RADIUS Commands	302
User Attributes & Permissions from LDAP Schema or RADIUS VSA	302
Kerberos	303
Kerberos Commands	306
TACACS+	306
TACACS+ Groups	307
TACACS+ Commands	310
Groups	311
Group Commands	314
SSH Keys	314
Imported Keys	314
Exported Keys	314
Imported Keys (SSH In)	316
Host & Login for Import	316
Exported Keys (SSH Out)	316
Host and Login for Export	317
SSH Commands	319
Custom Menus	319
Custom User Menu Commands	322
13: Maintenance	323
Firmware & Configurations	323
Zero Touch Provisioning Configuration Restore	323
Creating a Certificate	324
HTTPS Push Configuration Restore	326
Factory Reset with External Storage Device	327
Internal Temperature	329
Site Information	329
SLC Firmware	329
Boot Banks and Bootloader Settings	330
Load Firmware Via Options	331
Configuration Management	331
Manage Files	333
Administrative Commands	333
System Logs	334
System Log Commands	335
Audit Log	336
Audit Log Commands	337
Email Log	337
Logging Commands	337
Diagnostics	338
Diagnostic Commands	341
Status/Reports	341
View Report	341
Status Commands	343
Emailing Logs and Reports	343
Events	346
Events Commands	347
LCD/Keypad	348
Administrative LCD/Keypad Commands	349
Banners	349
Administrative Banner Commands	350
System Info	350
14: Application Examples	352
Telnet/SSH to a Remote Device	352
Dial-in (Text Mode) to a Remote Device	354
Local Serial Connection to Network Device via Telnet	355
15: Command Reference	357
Introduction to Commands	357
Command	357
Command Line Help	358
Tips	358
Access List Commands	359
set accesslist add\|edit	359
set accesslist add\|edit	359
set accesslist delete	359
showaccesslist	360
Administrative Commands	360
admin banner login	360
admin banner logout0	360
admin banner show	360
admin banner ssh	361
admin banner welcome	361
admin banner welcome	361
admin clear	361
admin config copy	362
admin config rename\|delete	362
admin config factorydefaults	362
admin config restore	363
admin config save	363
admin config checksum	363
admin config commands	364
admin config batch	364
admin config show	364
admin firmware bootbank	364
admin firmware bootcount	365
admin firmware bootlimit	365
admin firmware bootdelay	365
admin firmware highrestimers	365
admin firmware watchdog	366
admin firmware show	366
admin firmware update	366
admin firmware clearlog	366
admin ftp password	367
admin ftp server	367
admin ftp show	367
admin keypad	367
admin keypad password	367
admin keypad show	368
admin lcd reset	368
admin lcd default	368
admin lcd screens	368
admin lcd line1	369
admin lcd scrolling	369
admin memory show	369
admin memory swap add	369
admin memory swap delete	370
admin quicksetup	370
admin reboot	370
admin shutdown	370
admin site	370
admin sysinfo	371
admin sysinfo save <ZIP File Name> location <ftp\|sftp\|scp\|nfs\|usb\|sdcard>	371
[nfsdir <NFS Mounted Directory>] [usbport <U1\|U2>]	371
[host <IP Address or Name>] [login <User Login>]	371
[path <Path to Save File>]	371
admin version	371
admin web certificate import	371
admin web certificate reset	371
admin web certificate custom	372
admin web certificate custom	372
admin web certificate show	372
admin web group	372
admin web server	372
admin web sha2	372
admin web timeout	373
admin web terminate	373
admin web show	373
admin web banner	373
admin web iface	373
admin web cipher	374
admin web sha2	374
admin web tlsv10	374
admin web tlsv11	374
admin web tlsv12	374
admin web restart	375
admin chip resetmodem	375
admin eeprom	375
Audit Log Commands	376
show auditlog	376
show auditlog clear	376
Authentication Commands	377
set auth	377
show auth	377
show user	377
Kerberos Commands	378
set kerberos	378
show kerberos	378
LDAP Commands	379
set ldap	379
set ldap bindpassword	379
set ldap certificate import	380
set ldap certificate delete	380
show ldap	380
Local Users Commands	380
set localusers add\|edit	380
set localusers allowreuse	381
set local users complexpasswords	381
set localusers state	381
set localusers delete	381
set localusers lifetime	382
set localusers maxloginattempts	382
set localusers password	382
set localusers periodlockout	382
set localusers periodwarning	382
set localusers reusehistory	383
set localusers multipleadminlogins	383
set localusers consoleonlyadmin	383
show localusers	383
set localusers lock	383
set localusers unlock	384
set localusers permissions	384
NIS Commands	384
set nis	384
show nis	385
RADIUS Commands	385
set radius	385
set radius server	386
show radius	386
TACACS+ Commands	386
set tacacs+	386
show tacacs+	387
User Permissions Commands	387
set localusers group	387
set localusers lock	388
set localusers unlock	388
set localusers permissions	388
set <nis\|ldap\|radius\|kerberos\|tacacs+> permissions	388
show user	389
Remote User Commands	389
set remoteusers add\|edit	389
set remoteusers listonlyauth	389
set remoteusers denyaccessnocustomgroup	390
set remoteusers denyaccessnocustomgroup <enable\|disable>	390
set remoteusers lock\|unlock	390
set remoteusers delete	390
show remoteusers	390
set <nis\|ldap\|radius\|kerberos\|tacacs+> group	390
set cli	391
set cli menu	391
show cli	392
show user	392
set history	392
show history	392
Connection Commands	392
connect bidirection	392
connect direct	393
connect forward	394
connect global outgoingtimeout	394
connect listen deviceport	394
connect terminate	394
connect unidirection	394
show connections	395
show connections connid	395
ConsoleFlow Commands	396
set cflow client	396
set cflow statusinterval	396
set cflow fwupdate	396
set cflow rebootafterupdate	396
set cflow allowremoteconnection	396
set cflow auditlogmessages	397
set cflow connection	397
set cflow devicename	397
set cflow timeoutcli	397
set cflow digitalprobe	398
set cflow id	398
set cflow key	398
set cflow useproxy	398
set cflow proxypassword	398
show cflow	399
Console Port Commands	399
set consoleport	399
show consoleport	399
Custom User Menu Commands	400
set localusers	400

Match case Limit results 1 per page

6: Basic Parameters

SLC™ 8000 Advanced Console Manager User Guide

100

To create a new connection, click

Create New Connection

. Return to the Forwarding page,

the new connection will be shown in the

Current Forwarding Connections

table at the

bottom.

Note:

In the CLI “show connections” output, an extra SSH In connection to the

console manager will be shown for each forwarding connection - this is the SSH

tunnel for the port forwarding connection.

To edit an existing connection, click the checkbox in the right column in the

Current

Forwarding Connections

table. This will fill in the text fields at the top with the current

settings. Change the settings as needed and then click

Configure

. This will tear down the

current connection and restart it with the new settings. After returning to the

Forwarding

page,

the updated connection will be shown in the

Current Forwarding Connections

table at the

bottom. The connection will persist across reboots until it is terminated.

To terminate an existing connection, click the checkbox in the right column in the

Current

Forwarding Connections

table. Select the

Keep Connection

checkbox to suspend the

connection (it can be restarted later using the Restart button). Click

Terminate

. This will tear

down and remove the connection.

Forwarding Connections Commands

Go to

Connection Commands

to view CLI commands which correspond to the web page entries

described above.

VPN Settings

This page can be used to create a Virtual Private Network (VPN) tunnel to the SLC unit for secure

communication between the SLC and a remote host or gateway. The SLC unit supports IPSec

tunnels using Encapsulated Security Payload (ESP). The SLC supports host-to-host, net-to-net,

host-to-net, and roaming user tunnels.

Note:

To allow VPN tunnel access if the SLC firewall is enabled, traffic to UDP ports 500

and 4500 from the remote host should be allowed, as well as protocol ESP from the

remote host.

The SLC provides a strongSwan-based VPN implementation (version 5.6.3). The SLC UI provides

access to a subset of the strongSwan configuration options, and also allows upload of a custom

ipsec.conf file, which gives an administrator access to most strongSwan configuration options. For

more information on strongSwan, see

https://www.strongswan.org

and the

strongSwan FAQ

. A list

of Internet Key Exchange

IKEv1

and

IKEv2

cipher suites is available on the

strongSwan Wiki

NAT Traversal

is handled automatically without any special configuration. VPN related

routes

are

installed in a separate table and can be viewed in the detailed VPN status or in the IP Routes

table.

When a tunnel is up, the amount of data passed through the tunnel can be viewed in the status

with the bytes_i (bytes input) and bytes_o (bytes output) counters. An example of the VPN status

is below (the status will vary depending on the authentication, subnets and algorithms used). For

example, the status displays the IP addresses on either side of the tunnel (192.168.1.103 and

IP Address

The IP address to route the traffic to.

Outgoing TCP Port

The TCP port to route the traffic to. This should be a TCP port that is

open and listening on the device.