Home » Lantronix Manuals » Electronics Accessories » Lantronix SLC 8000 Advanced Console Manager » Manual Viewer

Lantronix SLC 8000 Advanced Console Manager User Guide - Page 56

Restoring Factory Defaults, Limiting Sysadmin User Access, Release, Enter

View all Lantronix SLC 8000 Advanced Console Manager manuals

Add to My Manuals
Save this manual to your list of manuals

Page 56 highlights

4: Quick Setup When you are done, the front panel returns to the clock display. The network port resets to the new settings, and you can connect to your IP network for further administration. You should be able to SSH to the SLC 8000 advanced console manager through your network connection, or access the Web interface through a Web browser. Restoring Factory Defaults To use the LCD display to restore factory default settings: 1. Press the right arrow button to move to the Release option. 2. Use the down arrow to move to the Restore Factory Defaults option. A prompt for the 6-digit Restore Factory Defaults password displays. 3. Press Enter to enter edit mode. 4. Using the left and right arrows to move between digits and the up and down arrows to change digits, enter the password (the default password is 999999). Note: The Restore Factory Defaults password is only for the LCD. You can change it at the command line interface using the CLI admin keypad password command. The front panel Factory Default password and sysadmin password should be recorded and stored in a secure place accessible by at least two authorized system administrators. Recovering an SLC if both of these passwords are unknown is cumbersome and time consuming. 5. Press Enter to exit edit mode. If the password is valid, a Save Settings? Yes/No prompt displays. 6. Select Yes and press Enter. When the process is complete, the SLC unit reboots. Limiting Sysadmin User Access For security purposes, full administrative access to the SLC via the default sysadmin local user account can be limited to only the front console port of the SLC device. To configure this: 1. Enable the Sysadmin access limited to Console Port option on the Local/Remote Users web page.' 2. Enable a remote authentication method (such as TACACS+ or LDAP) and configure the remote authentication method to be first in the order of methods used. 3. Create a remote user account with full administrative rights. 4. Uncheck the Attempt next method on authentication rejection checkbox on the Authentication Methods web page. These steps will prevent any local users from logging in, restrict the default sysadmin local user to the front console port, and allow a user with administrative rights to login, as long as remote authentication is working. SLC™ 8000 Advanced Console Manager User Guide 56

Section	Page
SLC™ 8000 Advanced Console Manager User Guide	1
Intellectual Property	2
Warranty	2
Contacts	2
GNU General Public License Notice	2
Disclaimer & Revisions	3
Revision History	4
Table of Contents	6
List of Figures	16
List of Tables	20
1: About this Guide	21
Purpose and Audience	21
Summary of Chapters	21
Additional Documentation	22
2: Introduction	23
Features	23
Console Management	23
Power	24
Integration with Other Secure Lantronix Products	24
Hardware	24
System Features	26
Protocols Supported	27
Access Control	27
Device Port Buffer	27
Configuration Options	28
Device Port and Console Port Interfaces	28
Network Connections	32
Front Panel USB Ports	33
Memory Card Port	33
Internal Modem	34
3: Installation	35
What's in the Box	35
Customize an SLC 8000	36
Product Label	37
Technical Specifications	37
Physical Installation	39
Connecting to a Device Port	39
Modular Expansion for I/O Module Bays	41
Connecting to Network Ports	42
Connecting Terminals	42
AC Input	43
Modem Installation	44
Battery Replacement	47
4: Quick Setup	51
Recommendations	51
Method #1 Using the Front Panel Display	52
Front Panel LCD Display and Keypads	52
Navigating	52
Entering the Settings	55
Restoring Factory Defaults	56
Limiting Sysadmin User Access	56
Method #2 Quick Setup on the Web Page	57
Network Settings	58
Date & Time Settings	59
Administrator Settings	59
Method #3 Quick Setup on the Command Line Interface	60
Next Step	63
5: Web and Command Line Interfaces	64
Web Manager	64
Logging in	66
Logging Out	66
Web Page Help	67
Command Line Interface	67
Logging In	67
Logging Out	68
Command Syntax	68
Command Line Help	68
Tips	68
6: Basic Parameters	71
Requirements	71
Network Port Settings	72
Ethernet Interfaces (Eth1 and Eth2)	75
Hostname & Name Servers	77
DNS Servers	77
DHCP-Acquired DNS Servers	77
TCP Keepalive Parameters	77
Gateway	78
Fail-Over Settings	79
Fail-Over Cellular Gateway Configuration	81
Advanced Cellular Gateway Configuration	83
Fail-Over Cellular Gateway Firmware	84
Load Cellular Gateway Firmware Options	84
Ethernet Counters	85
Network Commands	85
Ethernet Switch	85
Port Statistics	88
DHCP	90
DHCP Server Settings	91
DHCP Relay Settings	92
IP Filter	92
Viewing IP Filters	92
Mapping Rulesets	93
Enabling IP Filters	93
Configuring IP Filters	95
Rule Parameters	96
Updating an IP Filter	97
Deleting an IP Filter	97
IP Filter Commands	97
Routing	97
Dynamic Routing	98
Static Routing	98
Routing Commands	99
Forwarding	99
Forwarding Connections Commands	100
VPN Settings	100
Sample ipsec.conf Files	112
VPN Commands	117
Security	117
Performance Monitoring	120
Performance Monitoring - Add/Edit Probe	123
Performance Monitoring - Results	126
Performance Monitoring Commands	130
FQDN List	131
7: Services	132
System Logging and Other Services	132
SSH/Telnet/Logging	133
System Logging	134
Audit Log	134
SSH	135
SMTP	135
Telnet	136
Web SSH/Web Telnet Settings	136
Phone Home	137
SSH Commands	137
Logging Commands	137
SNMP	138
v1/v2c Communities	142
Version 3	142
V3 User Read-Only	142
V3 User Read-Write	143
V3 User Trap	143
Version 3 TLS (over TCP)	143
Services Commands	144
NFS and SMB/CIFS	145
SMB/CIFS Share	147
NFS and SMB/CIFS Commands	147
Secure Lantronix Network	148
Browser Issues	151
Troubleshooting Browser Issues	152
Web SSH/Telnet Copy and Paste	154
Secure Lantronix Network Commands	154
Date and Time	154
Date and Time Commands	156
Web Server	156
Admin Web Commands	158
Services - SSL Certificate	159
Services - Web Sessions	161
ConsoleFlow	162
ConsoleFlow Commands	168
8: USB/SD Card Port	169
USB/SD Card Storage	169
Manage Files on Storage Device	171
USB Modem Settings	172
Data Settings	174
Modem Settings	174
Text Mode	176
PPP Mode	176
IP Settings	177
USB Serial Settings	177
Data Settings	179
IP Settings	180
USB Commands	180
SD Card Commands	180
9: Device Ports	181
Connection Methods	181
Permissions	181
I/O Modules	182
Device Status	183
Device Ports	184
Telnet/SSH/TCP in Port Numbers	185
DevicePort Global Commands	185
Device Ports - Settings	186
Device Port Settings	188
IP Settings	190
Data Settings	191
Hardware Signal Triggers	192
Modem Settings (Device Ports)	193
Modem Settings: Text Mode	194
Modem Settings: PPP Mode	195
Port Status and Counters	196
Device Ports - Power Management	196
Device Ports - RPMs - Add Device	199
Device Port - Sensorsoft Device	201
Device Port Commands	202
Device Commands	202
Interacting with a Device Port	202
Device Ports - Logging and Events	203
Local Logging	203
NFS File Logging	203
USB and SD Card Logging	204
Token/Data Detection	204
Syslog Logging	204
Token & Data Detection	205
Local Logging	207
Log Viewing Attributes	207
NFS File Logging	207
USB / SD Card Logging	207
Syslog Logging	207
Logging Commands	208
Console Port	208
Console Port Commands	209
Internal Modem Settings	209
Setting Up Internal Modem Storage	209
Text Mode	212
PPP Mode	212
Internal Modem Commands	213
Xmodem	213
Host Lists	216
Host Parameters	217
Host Parameters	218
Host List Commands	219
Scripts	219
Scripts	222
Script Commands	226
Batch Script Syntax	226
Interface Script Syntax	226
Primary Commands	228
Secondary Commands	229
Control Flow Commands	231
Custom Script Syntax	232
Example Scripts	233
Sites	249
Site Commands	252
Access Lists	252
Access List Commands	254
Modem Dialing States	254
Dial In	254
Dial-back	255
Dial-on-demand	256
Dial-in & Dial-on-demand	256
Dial-back & Dial-on-demand	257
CBCP Server and CBCP Client	257
CBCP Server	257
CBCP Client	258
Key Sequences	258
10: Remote Power Managers	260
Devices - RPMs	260
RPMs - Add Device	263
RPMs - Manage Device	266
RPMs - Outlets	269
RPM Shutdown Procedure	270
Optimizing and Troubleshooting RPM Behavior	272
RPM Commands	273
11: Connections	274
Typical Setup Scenarios for the SLC Unit	274
Terminal Server	274
Remote Access Server	275
Reverse Terminal Server	275
Multiport Device Server	276
Console Server	276
Connection Configuration	277
Connection Commands	279
12: User Authentication	280
Authentication Commands	282
User Rights	282
Local and Remote User Settings	284
Sysadmin Account Default Login Values	285
Adding, Editing or Deleting a User	286
Shortcut	290
Local Users Commands	290
Remote User Rights Commands	290
NIS	291
NIS Commands	294
LDAP	294
LDAP Commands	298
RADIUS	299
RADIUS Commands	302
User Attributes & Permissions from LDAP Schema or RADIUS VSA	302
Kerberos	303
Kerberos Commands	306
TACACS+	306
TACACS+ Groups	307
TACACS+ Commands	310
Groups	311
Group Commands	314
SSH Keys	314
Imported Keys	314
Exported Keys	314
Imported Keys (SSH In)	316
Host & Login for Import	316
Exported Keys (SSH Out)	316
Host and Login for Export	317
SSH Commands	319
Custom Menus	319
Custom User Menu Commands	322
13: Maintenance	323
Firmware & Configurations	323
Zero Touch Provisioning Configuration Restore	323
Creating a Certificate	324
HTTPS Push Configuration Restore	326
Factory Reset with External Storage Device	327
Internal Temperature	329
Site Information	329
SLC Firmware	329
Boot Banks and Bootloader Settings	330
Load Firmware Via Options	331
Configuration Management	331
Manage Files	333
Administrative Commands	333
System Logs	334
System Log Commands	335
Audit Log	336
Audit Log Commands	337
Email Log	337
Logging Commands	337
Diagnostics	338
Diagnostic Commands	341
Status/Reports	341
View Report	341
Status Commands	343
Emailing Logs and Reports	343
Events	346
Events Commands	347
LCD/Keypad	348
Administrative LCD/Keypad Commands	349
Banners	349
Administrative Banner Commands	350
System Info	350
14: Application Examples	352
Telnet/SSH to a Remote Device	352
Dial-in (Text Mode) to a Remote Device	354
Local Serial Connection to Network Device via Telnet	355
15: Command Reference	357
Introduction to Commands	357
Command	357
Command Line Help	358
Tips	358
Access List Commands	359
set accesslist add\|edit	359
set accesslist add\|edit	359
set accesslist delete	359
showaccesslist	360
Administrative Commands	360
admin banner login	360
admin banner logout0	360
admin banner show	360
admin banner ssh	361
admin banner welcome	361
admin banner welcome	361
admin clear	361
admin config copy	362
admin config rename\|delete	362
admin config factorydefaults	362
admin config restore	363
admin config save	363
admin config checksum	363
admin config commands	364
admin config batch	364
admin config show	364
admin firmware bootbank	364
admin firmware bootcount	365
admin firmware bootlimit	365
admin firmware bootdelay	365
admin firmware highrestimers	365
admin firmware watchdog	366
admin firmware show	366
admin firmware update	366
admin firmware clearlog	366
admin ftp password	367
admin ftp server	367
admin ftp show	367
admin keypad	367
admin keypad password	367
admin keypad show	368
admin lcd reset	368
admin lcd default	368
admin lcd screens	368
admin lcd line1	369
admin lcd scrolling	369
admin memory show	369
admin memory swap add	369
admin memory swap delete	370
admin quicksetup	370
admin reboot	370
admin shutdown	370
admin site	370
admin sysinfo	371
admin sysinfo save <ZIP File Name> location <ftp\|sftp\|scp\|nfs\|usb\|sdcard>	371
[nfsdir <NFS Mounted Directory>] [usbport <U1\|U2>]	371
[host <IP Address or Name>] [login <User Login>]	371
[path <Path to Save File>]	371
admin version	371
admin web certificate import	371
admin web certificate reset	371
admin web certificate custom	372
admin web certificate custom	372
admin web certificate show	372
admin web group	372
admin web server	372
admin web sha2	372
admin web timeout	373
admin web terminate	373
admin web show	373
admin web banner	373
admin web iface	373
admin web cipher	374
admin web sha2	374
admin web tlsv10	374
admin web tlsv11	374
admin web tlsv12	374
admin web restart	375
admin chip resetmodem	375
admin eeprom	375
Audit Log Commands	376
show auditlog	376
show auditlog clear	376
Authentication Commands	377
set auth	377
show auth	377
show user	377
Kerberos Commands	378
set kerberos	378
show kerberos	378
LDAP Commands	379
set ldap	379
set ldap bindpassword	379
set ldap certificate import	380
set ldap certificate delete	380
show ldap	380
Local Users Commands	380
set localusers add\|edit	380
set localusers allowreuse	381
set local users complexpasswords	381
set localusers state	381
set localusers delete	381
set localusers lifetime	382
set localusers maxloginattempts	382
set localusers password	382
set localusers periodlockout	382
set localusers periodwarning	382
set localusers reusehistory	383
set localusers multipleadminlogins	383
set localusers consoleonlyadmin	383
show localusers	383
set localusers lock	383
set localusers unlock	384
set localusers permissions	384
NIS Commands	384
set nis	384
show nis	385
RADIUS Commands	385
set radius	385
set radius server	386
show radius	386
TACACS+ Commands	386
set tacacs+	386
show tacacs+	387
User Permissions Commands	387
set localusers group	387
set localusers lock	388
set localusers unlock	388
set localusers permissions	388
set <nis\|ldap\|radius\|kerberos\|tacacs+> permissions	388
show user	389
Remote User Commands	389
set remoteusers add\|edit	389
set remoteusers listonlyauth	389
set remoteusers denyaccessnocustomgroup	390
set remoteusers denyaccessnocustomgroup <enable\|disable>	390
set remoteusers lock\|unlock	390
set remoteusers delete	390
show remoteusers	390
set <nis\|ldap\|radius\|kerberos\|tacacs+> group	390
set cli	391
set cli menu	391
show cli	392
show user	392
set history	392
show history	392
Connection Commands	392
connect bidirection	392
connect direct	393
connect forward	394
connect global outgoingtimeout	394
connect listen deviceport	394
connect terminate	394
connect unidirection	394
show connections	395
show connections connid	395
ConsoleFlow Commands	396
set cflow client	396
set cflow statusinterval	396
set cflow fwupdate	396
set cflow rebootafterupdate	396
set cflow allowremoteconnection	396
set cflow auditlogmessages	397
set cflow connection	397
set cflow devicename	397
set cflow timeoutcli	397
set cflow digitalprobe	398
set cflow id	398
set cflow key	398
set cflow useproxy	398
set cflow proxypassword	398
show cflow	399
Console Port Commands	399
set consoleport	399
show consoleport	399
Custom User Menu Commands	400
set localusers	400

Match case Limit results 1 per page

4: Quick Setup

SLC™ 8000 Advanced Console Manager User Guide

When you are done, the front panel returns to the clock display. The network port resets to the

new settings, and you can connect to your IP network for further administration. You should be

able to SSH to the SLC 8000 advanced console manager through your network connection, or

access the Web interface through a Web browser.

Restoring Factory Defaults

To use the LCD display to restore factory default settings:

Press the right arrow button to move to the

Release

option.

Use the down arrow to move to the

Restore Factory Defaults

option. A prompt for the 6-digit

Restore Factory Defaults password displays.

Press

Enter

to enter edit mode.

Using the left and right arrows to move between digits and the up and down arrows to change

digits, enter the password (the default password is 999999).

Note:

The Restore Factory Defaults password is only for the LCD. You can change

it at the command line interface using the CLI

admin keypad password

command.

The front panel Factory Default password and sysadmin password should be

recorded and stored in a secure place accessible by at least two authorized system

administrators. Recovering an SLC if both of these passwords are unknown is

cumbersome and time consuming.

Press

Enter

to exit edit mode. If the password is valid, a Save Settings? Yes/No prompt

displays.

Select

Yes

and press

Enter

. When the process is complete, the SLC unit reboots.

Limiting Sysadmin User Access

For security purposes, full administrative access to the SLC via the default sysadmin local user

account can be limited to only the front console port of the SLC device.

To configure this:

Enable the Sysadmin access limited to Console Port option on the Local/Remote Users web

page.’

Enable a remote authentication method (such as TACACS+ or LDAP) and configure the

remote authentication method to be first in the order of methods used.

Create a remote user account with full administrative rights.

Uncheck the

Attempt next method on authentication rejection

checkbox on the

Authentication Methods web page.

These steps will prevent any local users from logging in, restrict the default sysadmin local user to

the front console port, and allow a user with administrative rights to login, as long as remote

authentication is working.