Home » Lantronix Manuals » Electronics Accessories » Lantronix SLC 8000 Advanced Console Manager » Manual Viewer

Lantronix SLC 8000 Advanced Console Manager User Guide - Page 300

connect direct, deviceport, User Attributes & Permissions from LDAP

View all Lantronix SLC 8000 Advanced Console Manager manuals

Add to My Manuals
Save this manual to your list of manuals

Page 300 highlights

12: User Authentication 2. Enter the following: Enable RADIUS RADIUS Server #1 Server #1 Port Server #1 Secret RADIUS Server #2 Server #2 Port Server #2 Secret Timeout Use VSA Custom Menu Escape Sequence Break Sequence Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: You can enable RADIUS here or on the first User Authentication page. If you enable RADIUS here, it automatically displays at the end of the order of precedence on the User Authentication page. IPv4 or IPv6 address or hostname of the primary RADIUS server. This RADIUS server may be a proxy for SecurID. SecurID is a two-factor authentication method based on the user's SecurID token and pin number. The SecurID token displays a string of digits called a token code that changes once a minute (some tokens are set to change codes every 30 seconds). Number of the TCP port on the RADIUS server used for the RADIUS service. If you do not specify an optional port, the SLC unit uses the default RADIUS port (1812). Text that serves as a shared secret between a RADIUS client and the server (SLC unit). The shared secret is used to encrypt a password sent between the client and the server. May have up to 128 characters. IPv4 or IPv6 address or host name of the secondary RADIUS server. This server can be used as a SecurID proxy. Number of the TCP port on the RADIUS server used for the RADIUS service. If you do not specify an optional port, the SLC 8000 advanced console manager uses the default RADIUS port (1812). Text that serves as a shared secret between a RADIUS client and the server (SLC unit). The shared secret is used to encrypt a password sent between the client and the server. May have up to 128 characters. The number of seconds (1-30) after which the connection attempt times out. The default is 30 seconds. Select the check box to obtain remote user attributes (group/permissions and port access) from the RADIUS server via the Vendor-Specific Attribute (VSA). For details on the format of the VSA, see User Attributes & Permissions from LDAP Schema or RADIUS VSA on page 302. If custom menus have been created, you can assign a default custom menu to RADIUS users. A single character or a two-character sequence that causes the SLC unit to leave direct (interactive) mode. (To leave listen mode, press any key.) A suggested value is Esc+A (escape key, then uppercase "A" performed quickly but not simultaneously). You would specify this value as \x1bA, which is hexadecimal (\x) character 27 (1B) followed by an A. This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport, tcp, or udp. See Key Sequences on page 258 for notes on key sequence precedence and behavior. A series of 1-10 characters users can enter on the command line interface to send a break signal to the external device. A suggested value is Esc+B (escape key, then uppercase "B" performed quickly but not simultaneously). You would specify this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B. SLC™ 8000 Advanced Console Manager User Guide 300

Section	Page
SLC™ 8000 Advanced Console Manager User Guide	1
Intellectual Property	2
Warranty	2
Contacts	2
GNU General Public License Notice	2
Disclaimer & Revisions	3
Revision History	4
Table of Contents	6
List of Figures	16
List of Tables	20
1: About this Guide	21
Purpose and Audience	21
Summary of Chapters	21
Additional Documentation	22
2: Introduction	23
Features	23
Console Management	23
Power	24
Integration with Other Secure Lantronix Products	24
Hardware	24
System Features	26
Protocols Supported	27
Access Control	27
Device Port Buffer	27
Configuration Options	28
Device Port and Console Port Interfaces	28
Network Connections	32
Front Panel USB Ports	33
Memory Card Port	33
Internal Modem	34
3: Installation	35
What's in the Box	35
Customize an SLC 8000	36
Product Label	37
Technical Specifications	37
Physical Installation	39
Connecting to a Device Port	39
Modular Expansion for I/O Module Bays	41
Connecting to Network Ports	42
Connecting Terminals	42
AC Input	43
Modem Installation	44
Battery Replacement	47
4: Quick Setup	51
Recommendations	51
Method #1 Using the Front Panel Display	52
Front Panel LCD Display and Keypads	52
Navigating	52
Entering the Settings	55
Restoring Factory Defaults	56
Limiting Sysadmin User Access	56
Method #2 Quick Setup on the Web Page	57
Network Settings	58
Date & Time Settings	59
Administrator Settings	59
Method #3 Quick Setup on the Command Line Interface	60
Next Step	63
5: Web and Command Line Interfaces	64
Web Manager	64
Logging in	66
Logging Out	66
Web Page Help	67
Command Line Interface	67
Logging In	67
Logging Out	68
Command Syntax	68
Command Line Help	68
Tips	68
6: Basic Parameters	71
Requirements	71
Network Port Settings	72
Ethernet Interfaces (Eth1 and Eth2)	75
Hostname & Name Servers	77
DNS Servers	77
DHCP-Acquired DNS Servers	77
TCP Keepalive Parameters	77
Gateway	78
Fail-Over Settings	79
Fail-Over Cellular Gateway Configuration	81
Advanced Cellular Gateway Configuration	83
Fail-Over Cellular Gateway Firmware	84
Load Cellular Gateway Firmware Options	84
Ethernet Counters	85
Network Commands	85
Ethernet Switch	85
Port Statistics	88
DHCP	90
DHCP Server Settings	91
DHCP Relay Settings	92
IP Filter	92
Viewing IP Filters	92
Mapping Rulesets	93
Enabling IP Filters	93
Configuring IP Filters	95
Rule Parameters	96
Updating an IP Filter	97
Deleting an IP Filter	97
IP Filter Commands	97
Routing	97
Dynamic Routing	98
Static Routing	98
Routing Commands	99
Forwarding	99
Forwarding Connections Commands	100
VPN Settings	100
Sample ipsec.conf Files	112
VPN Commands	117
Security	117
Performance Monitoring	120
Performance Monitoring - Add/Edit Probe	123
Performance Monitoring - Results	126
Performance Monitoring Commands	130
FQDN List	131
7: Services	132
System Logging and Other Services	132
SSH/Telnet/Logging	133
System Logging	134
Audit Log	134
SSH	135
SMTP	135
Telnet	136
Web SSH/Web Telnet Settings	136
Phone Home	137
SSH Commands	137
Logging Commands	137
SNMP	138
v1/v2c Communities	142
Version 3	142
V3 User Read-Only	142
V3 User Read-Write	143
V3 User Trap	143
Version 3 TLS (over TCP)	143
Services Commands	144
NFS and SMB/CIFS	145
SMB/CIFS Share	147
NFS and SMB/CIFS Commands	147
Secure Lantronix Network	148
Browser Issues	151
Troubleshooting Browser Issues	152
Web SSH/Telnet Copy and Paste	154
Secure Lantronix Network Commands	154
Date and Time	154
Date and Time Commands	156
Web Server	156
Admin Web Commands	158
Services - SSL Certificate	159
Services - Web Sessions	161
ConsoleFlow	162
ConsoleFlow Commands	168
8: USB/SD Card Port	169
USB/SD Card Storage	169
Manage Files on Storage Device	171
USB Modem Settings	172
Data Settings	174
Modem Settings	174
Text Mode	176
PPP Mode	176
IP Settings	177
USB Serial Settings	177
Data Settings	179
IP Settings	180
USB Commands	180
SD Card Commands	180
9: Device Ports	181
Connection Methods	181
Permissions	181
I/O Modules	182
Device Status	183
Device Ports	184
Telnet/SSH/TCP in Port Numbers	185
DevicePort Global Commands	185
Device Ports - Settings	186
Device Port Settings	188
IP Settings	190
Data Settings	191
Hardware Signal Triggers	192
Modem Settings (Device Ports)	193
Modem Settings: Text Mode	194
Modem Settings: PPP Mode	195
Port Status and Counters	196
Device Ports - Power Management	196
Device Ports - RPMs - Add Device	199
Device Port - Sensorsoft Device	201
Device Port Commands	202
Device Commands	202
Interacting with a Device Port	202
Device Ports - Logging and Events	203
Local Logging	203
NFS File Logging	203
USB and SD Card Logging	204
Token/Data Detection	204
Syslog Logging	204
Token & Data Detection	205
Local Logging	207
Log Viewing Attributes	207
NFS File Logging	207
USB / SD Card Logging	207
Syslog Logging	207
Logging Commands	208
Console Port	208
Console Port Commands	209
Internal Modem Settings	209
Setting Up Internal Modem Storage	209
Text Mode	212
PPP Mode	212
Internal Modem Commands	213
Xmodem	213
Host Lists	216
Host Parameters	217
Host Parameters	218
Host List Commands	219
Scripts	219
Scripts	222
Script Commands	226
Batch Script Syntax	226
Interface Script Syntax	226
Primary Commands	228
Secondary Commands	229
Control Flow Commands	231
Custom Script Syntax	232
Example Scripts	233
Sites	249
Site Commands	252
Access Lists	252
Access List Commands	254
Modem Dialing States	254
Dial In	254
Dial-back	255
Dial-on-demand	256
Dial-in & Dial-on-demand	256
Dial-back & Dial-on-demand	257
CBCP Server and CBCP Client	257
CBCP Server	257
CBCP Client	258
Key Sequences	258
10: Remote Power Managers	260
Devices - RPMs	260
RPMs - Add Device	263
RPMs - Manage Device	266
RPMs - Outlets	269
RPM Shutdown Procedure	270
Optimizing and Troubleshooting RPM Behavior	272
RPM Commands	273
11: Connections	274
Typical Setup Scenarios for the SLC Unit	274
Terminal Server	274
Remote Access Server	275
Reverse Terminal Server	275
Multiport Device Server	276
Console Server	276
Connection Configuration	277
Connection Commands	279
12: User Authentication	280
Authentication Commands	282
User Rights	282
Local and Remote User Settings	284
Sysadmin Account Default Login Values	285
Adding, Editing or Deleting a User	286
Shortcut	290
Local Users Commands	290
Remote User Rights Commands	290
NIS	291
NIS Commands	294
LDAP	294
LDAP Commands	298
RADIUS	299
RADIUS Commands	302
User Attributes & Permissions from LDAP Schema or RADIUS VSA	302
Kerberos	303
Kerberos Commands	306
TACACS+	306
TACACS+ Groups	307
TACACS+ Commands	310
Groups	311
Group Commands	314
SSH Keys	314
Imported Keys	314
Exported Keys	314
Imported Keys (SSH In)	316
Host & Login for Import	316
Exported Keys (SSH Out)	316
Host and Login for Export	317
SSH Commands	319
Custom Menus	319
Custom User Menu Commands	322
13: Maintenance	323
Firmware & Configurations	323
Zero Touch Provisioning Configuration Restore	323
Creating a Certificate	324
HTTPS Push Configuration Restore	326
Factory Reset with External Storage Device	327
Internal Temperature	329
Site Information	329
SLC Firmware	329
Boot Banks and Bootloader Settings	330
Load Firmware Via Options	331
Configuration Management	331
Manage Files	333
Administrative Commands	333
System Logs	334
System Log Commands	335
Audit Log	336
Audit Log Commands	337
Email Log	337
Logging Commands	337
Diagnostics	338
Diagnostic Commands	341
Status/Reports	341
View Report	341
Status Commands	343
Emailing Logs and Reports	343
Events	346
Events Commands	347
LCD/Keypad	348
Administrative LCD/Keypad Commands	349
Banners	349
Administrative Banner Commands	350
System Info	350
14: Application Examples	352
Telnet/SSH to a Remote Device	352
Dial-in (Text Mode) to a Remote Device	354
Local Serial Connection to Network Device via Telnet	355
15: Command Reference	357
Introduction to Commands	357
Command	357
Command Line Help	358
Tips	358
Access List Commands	359
set accesslist add\|edit	359
set accesslist add\|edit	359
set accesslist delete	359
showaccesslist	360
Administrative Commands	360
admin banner login	360
admin banner logout0	360
admin banner show	360
admin banner ssh	361
admin banner welcome	361
admin banner welcome	361
admin clear	361
admin config copy	362
admin config rename\|delete	362
admin config factorydefaults	362
admin config restore	363
admin config save	363
admin config checksum	363
admin config commands	364
admin config batch	364
admin config show	364
admin firmware bootbank	364
admin firmware bootcount	365
admin firmware bootlimit	365
admin firmware bootdelay	365
admin firmware highrestimers	365
admin firmware watchdog	366
admin firmware show	366
admin firmware update	366
admin firmware clearlog	366
admin ftp password	367
admin ftp server	367
admin ftp show	367
admin keypad	367
admin keypad password	367
admin keypad show	368
admin lcd reset	368
admin lcd default	368
admin lcd screens	368
admin lcd line1	369
admin lcd scrolling	369
admin memory show	369
admin memory swap add	369
admin memory swap delete	370
admin quicksetup	370
admin reboot	370
admin shutdown	370
admin site	370
admin sysinfo	371
admin sysinfo save <ZIP File Name> location <ftp\|sftp\|scp\|nfs\|usb\|sdcard>	371
[nfsdir <NFS Mounted Directory>] [usbport <U1\|U2>]	371
[host <IP Address or Name>] [login <User Login>]	371
[path <Path to Save File>]	371
admin version	371
admin web certificate import	371
admin web certificate reset	371
admin web certificate custom	372
admin web certificate custom	372
admin web certificate show	372
admin web group	372
admin web server	372
admin web sha2	372
admin web timeout	373
admin web terminate	373
admin web show	373
admin web banner	373
admin web iface	373
admin web cipher	374
admin web sha2	374
admin web tlsv10	374
admin web tlsv11	374
admin web tlsv12	374
admin web restart	375
admin chip resetmodem	375
admin eeprom	375
Audit Log Commands	376
show auditlog	376
show auditlog clear	376
Authentication Commands	377
set auth	377
show auth	377
show user	377
Kerberos Commands	378
set kerberos	378
show kerberos	378
LDAP Commands	379
set ldap	379
set ldap bindpassword	379
set ldap certificate import	380
set ldap certificate delete	380
show ldap	380
Local Users Commands	380
set localusers add\|edit	380
set localusers allowreuse	381
set local users complexpasswords	381
set localusers state	381
set localusers delete	381
set localusers lifetime	382
set localusers maxloginattempts	382
set localusers password	382
set localusers periodlockout	382
set localusers periodwarning	382
set localusers reusehistory	383
set localusers multipleadminlogins	383
set localusers consoleonlyadmin	383
show localusers	383
set localusers lock	383
set localusers unlock	384
set localusers permissions	384
NIS Commands	384
set nis	384
show nis	385
RADIUS Commands	385
set radius	385
set radius server	386
show radius	386
TACACS+ Commands	386
set tacacs+	386
show tacacs+	387
User Permissions Commands	387
set localusers group	387
set localusers lock	388
set localusers unlock	388
set localusers permissions	388
set <nis\|ldap\|radius\|kerberos\|tacacs+> permissions	388
show user	389
Remote User Commands	389
set remoteusers add\|edit	389
set remoteusers listonlyauth	389
set remoteusers denyaccessnocustomgroup	390
set remoteusers denyaccessnocustomgroup <enable\|disable>	390
set remoteusers lock\|unlock	390
set remoteusers delete	390
show remoteusers	390
set <nis\|ldap\|radius\|kerberos\|tacacs+> group	390
set cli	391
set cli menu	391
show cli	392
show user	392
set history	392
show history	392
Connection Commands	392
connect bidirection	392
connect direct	393
connect forward	394
connect global outgoingtimeout	394
connect listen deviceport	394
connect terminate	394
connect unidirection	394
show connections	395
show connections connid	395
ConsoleFlow Commands	396
set cflow client	396
set cflow statusinterval	396
set cflow fwupdate	396
set cflow rebootafterupdate	396
set cflow allowremoteconnection	396
set cflow auditlogmessages	397
set cflow connection	397
set cflow devicename	397
set cflow timeoutcli	397
set cflow digitalprobe	398
set cflow id	398
set cflow key	398
set cflow useproxy	398
set cflow proxypassword	398
show cflow	399
Console Port Commands	399
set consoleport	399
show consoleport	399
Custom User Menu Commands	400
set localusers	400

Match case Limit results 1 per page

12: User Authentication

SLC™ 8000 Advanced Console Manager User Guide

300

Enter the following:

Enable RADIUS

Displays selected if you enabled this method on the User Authentication page. If

you want to set up this authentication method but not enable it immediately, clear

the checkbox.

Note:

You can enable RADIUS here or on the first User Authentication page. If

you enable RADIUS here, it automatically displays at the end of the order of

precedence on the User Authentication page.

RADIUS Server #1

IPv4 or IPv6 address or hostname of the primary RADIUS server. This RADIUS

server may be a proxy for SecurID.

SecurID is a two-factor authentication method based on the user's SecurID token

and pin number. The SecurID token displays a string of digits called a token code

that changes once a minute (some tokens are set to change codes every 30

seconds).

Server #1 Port

Number of the TCP port on the RADIUS server used for the RADIUS service. If you

do not specify an optional port, the SLC unit uses the default RADIUS port (

1812

Server #1 Secret

Text that serves as a shared secret between a RADIUS client and the server (SLC

unit). The shared secret is used to encrypt a password sent between the client and

the server. May have up to 128 characters.

RADIUS Server #2

IPv4 or IPv6 address or host name of the secondary RADIUS server. This server

can be used as a SecurID proxy.

Server #2 Port

Number of the TCP port on the RADIUS server used for the RADIUS service. If you

do not specify an optional port, the SLC 8000 advanced console manager uses the

default RADIUS port (

1812

Server #2 Secret

Text that serves as a shared secret between a RADIUS client and the server (SLC

unit). The shared secret is used to encrypt a password sent between the client and

the server. May have up to 128 characters.

Timeout

The number of seconds (1-30) after which the connection attempt times out. The

default is

seconds.

Use VSA

Select the check box to obtain remote user attributes (group/permissions and port

access) from the RADIUS server via the Vendor-Specific Attribute (VSA). For

details on the format of the VSA, see

User Attributes & Permissions from LDAP

Schema or RADIUS VSA on page 302

Custom Menu

If custom menus have been created, you can assign a default custom menu to

RADIUS users.

Escape Sequence

A single character or a two-character sequence that causes the SLC unit to leave

direct (interactive) mode. (To leave listen mode, press any key.)

A suggested value is

Esc+A

(escape key, then uppercase "A" performed quickly

but not simultaneously). You would specify this value as

x1bA

, which is

hexadecimal (

) character 27 (

) followed by an

This setting allows the user to terminate the

connect direct

command on the

command line interface when the endpoint of the command is

deviceport

tcp

, or

udp

See

Key Sequences on page 258

for notes on key sequence precedence and

behavior.

Break Sequence

A series of 1-10 characters users can enter on the command line interface to send

a break signal to the external device. A suggested value is

Esc+B

(escape key,

then uppercase “B” performed quickly but not simultaneously). You would specify

this value as

x1bB

, which is hexadecimal (

) character 27 (

) followed by a