SCSxx05/SCSxx20 Secure Console Server User Guide Models SCS3205, SCS4805, SCS820, SCS1620 with Firmware v4.3 and later Part No. 900-287 Rev.
Copyright & Trademark © 2003, Lantronix. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Printed in the United States of America. Lightwave Communications is a Lantronix Inc. Company. Ethernet is a trademark of XEROX Corporation. UNIX is a registered trademark of The Open Group. Windows 95, Windows 98, Windows 2000, and Windows NT are trademarks of Microsoft Corporation.
Disclaimer & Revisions Operation of this equipment in a residential area is likely to cause interference in which case the user, at his or her own expense, will be required to take whatever measures may be required to correct the interference. Note: This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules.
Safety Precautions Please follow the safety precautions described below when installing and operating the SCSxx05/SCSxx20 Secure Console Server. Cover Do not remove the cover of the chassis. There are no user-serviceable parts inside. Opening or removing the cover may expose you to dangerous voltage that could cause fire or electric shock. Refer all servicing to Lantronix. Service personnel: Dispose of used batteries according to the instructions.
Precauciones de seguridad Al instalar y utilizar el servidor seguro de consola SCSxx05/SCSxx20, observe las precauciones de seguridad que se describen a continuación. Tapa No retire la tapa del chasis. En el interior no hay ninguna pieza que el usuario deba manipular. Abrir o retirar la tapa puede exponer al usuario a tensiones peligrosas que pueden causar fuego o electrocución. Si la batería se sustituye por una de tipo incorrecto, puede producirse una explosión.
Conexiones de puertos Conecte el puerto de red solamente a una red Ethernet compatible con 10Base-T/100Base-TX. Conecte los puertos de dispositivos solamente a equipos con puertos serie compatibles con EIA-232 (antes, RS-232C). Conecte el puerto terminal solamente a equipos con puertos serie compatibles con EIA-232 (antes, RS-232C).
Fusibles Pour assurer la protection contre l’incendie, remplacez toujours le fusible du module d’alimentation électrique par un modèle du même type et de la même capacité. Rack N’installez pas cet équipement dans un rack si une mauvaise répartition des masses risque de provoquer l’instabilité du rack. Toute chute risque de provoquer des blessures. Avant de mettre le SCS en service, veillez à ce qu’il soit fermement fixé dans le rack.
Während eines Gewitters dürfen Sie das Gerät nicht anschließen oder vom Netz trennen. Erdung Schließen Sie das Gerät an einem zuverlässigen Erdungspunkt an. Achten Sie besonders auf die einwandfreie Verbindung, wenn der Anschluss über eine Steckdosenleiste und nicht direkt am Endstromkreis erfolgt. Sicherungen Ersetzen Sie die Netzteilsicherung nur durch eine Sicherung desselben Typs und derselben Nennstromstärke, um die Gefahr eines Brandes zu vermeiden.
Используйте только шнур питания, у которого номинальные значения напряжения и тока превышают номинальные значения напряжения и тока, указанные на устройстве. Установите устройство вблизи розетки переменного тока, к которой имеется легкий доступ. Всегда подсоединяйте любое оборудование, используемое вместе с изделием, к заземленным источникам питания с правильной электропроводкой.
ix
x
xi
xii
xiii
xiv
Contents Copyright & Trademark ________________________________________________________ i LINUX GPL Compliance _______________________________________________________ i Contacts ___________________________________________________________________ i Disclaimer & Revisions ________________________________________________________ ii Safety Precautions _____________________________________________________ iii 1: Introduction ___________________________________________________ 1-1 SCSxx05 and SCSxx20___________
Connecting Using Telnet or Your Serial Terminal _____________________________ 4-2 Logging in as System Administrator _______________________________________ 4-2 Accessing the Setup Menu ______________________________________________ 4-2 Navigating ________________________________________________________________ 4-3 Done Option ______________________________________________________________ 4-4 Configuring Hostname and IP Address _____________________________________ 4-4 Configuring Timezone ________________
7: System Administrator and User Functions __________________________ 7-1 System Administrator Functions __________________________________________ 7-1 Security and Passwords _____________________________________________________ 7-1 Changing the Sysadmin Password _____________________________________________ 7-1 Changing the Root Password _________________________________________________ 7-2 If You Misplace the Sysadmin Password ________________________________________ 7-3 User Access and Functions________
less _____________________________________________________________________ 8-8 logout ___________________________________________________________________ 8-8 User Management Commands ___________________________________________ 8-9 listusers __________________________________________________________________ 8-9 adduser __________________________________________________________________ 8-9 edituser _________________________________________________________________ 8-10 deluser ________________________________
SCSxx20 Adapters ________________________________________________________C-13 D: Compliance and Warranty Information _____________________________ D-1 Compliance Information (1) ______________________________________________D-1 Compliance Information (2) ______________________________________________D-3 Warranty ____________________________________________________________D-4 xix
1: Introduction The Lantronix SCS family of Secure Console Servers enables IT professionals to remotely and securely configure and administer servers, routers, switches, telephone equipment, or other devices equipped with a serial port. This chapter introduces you to the Lantronix SCSxx05 and SCSxx20 products.
SCSxx05/SCSxx20 User Guide 1: Introduction Figure 1-1. SCS4805 – 48 Device Ports, 1 Network Port, 1 Terminal Port, AC Powered This User Guide covers the following products: Model SCS820 - AC or DC Powered 8-Port Secure Console Server Model SCS1620 - AC or DC Powered 16-Port Secure Console Server Model SCS3205 - AC Powered 32-Port Secure Console Server Model SCS4805 - AC Powered 48-Port Secure Console Server The SCS4805 is depicted above; the other models are similar.
SCSxx05/SCSxx20 User Guide 1: Introduction Figure 1-3. SCS1620A – 16 Device Ports, 1 Network Port, 1 Terminal Port, AC Powered Figure 1-4. SCS820 – 8 Device Ports, 1 Network Port, 1 Terminal Port, AC Powered Hardware Features 1U-tall (1.
SCSxx05/SCSxx20 User Guide 1: Introduction System Features Ability to connect up to 48 RS-232 serial consoles 10Base-T/100Base-TX IP network compatible Buffer logging to file ID/Password security, configurable access rights Email notification Secure shell (SSH) security Open Lightweight Directory Access Protocol (LDAP) Network File System (NFS) support Network Information Service (NIS) capable for centrally managed permissions Ability to Telnet to a serial port by IP addre
SCSxx05/SCSxx20 User Guide 1: Introduction LDAP (Lightweight Directory Access Protocol) A set of protocols for accessing information directories. NFS (Network File System) A protocol that allows file sharing across a network. NIS (Network Information System) A network-naming and administration system for smaller networks. NTP (Network Time Protocol) A protocol used to synchronize time on networked computers and equipment.
SCSxx05/SCSxx20 User Guide 1: Introduction All devices attached to both the device ports and the terminal port must support the RS-232C (EIA-232) standard. Category 5 cabling with RJ45 connections is used for the device port connections and for the terminal port. Device ports (numbered from port 1 to port 48) support seven baud rate options: 2400, 4800, 9600, 19200, 38400, 57600, and 115200 baud.
SCSxx05/SCSxx20 User Guide 1: Introduction Device Port Buffer The SCS products support port data buffering of the messages on the system's device ports. Port buffers are enabled by default. 256K FIFO Buffer Each device port stores 256 KB (approximately 400 screens) of I/O data in a true FIFO buffer. You may view this data while the user is not directly interacting with the attached device.
SCSxx05/SCSxx20 User Guide 1: Introduction Technical Specifications Table 1-1.
SCSxx05/SCSxx20 User Guide 1: Introduction Table 1-2.
SCSxx05/SCSxx20 User Guide 1: Introduction System Resource Information The SCS is programmable using OS-level commands and options. The system administrator configures the product using a command-line interface or one of several prepared scripts. Numerous resources on the Internet (and elsewhere) provide information about security options, programming tools and techniques, and configuration advice. A few of the Internet sites are listed below: SSH info: www.openSSH.
2: Installation This chapter provides instructions for installing the SCS. It includes the following topics: Topic Page Physical Installation 2-1 Power 2-2 Connecting a Terminal 2-3 Connecting to a Device Port 2-4 Connecting the Network Port 2-5 Connecting the Modem Port (SCSxx20) 2-5 Power Manager Interface 2-6 Caution: To avoid physical and electrical hazards, please be sure to read Safety Precautions on page iii before installing the SCS.
SCSxx05/SCSxx20 User Guide 2: Installation Power The SCS consumes less than 25W of electrical power. AC Input The SCS has a universal auto-switching AC power supply. The power supply accepts AC input voltage between 100 and 240 VAC with a frequency between 50/60 Hz. The power inlet to the chassis uses a conventional IEC-type cord set, which Lantronix provides. Rear-mounted IEC-type AC power connector(s) are provided for your universal AC power input.
SCSxx05/SCSxx20 User Guide 2: Installation Connecting a Terminal The terminal port is for local access to the SCS and the attached devices. You may attach a dumb terminal or computer with terminal emulation to the terminal port. The SCS terminal port uses RS-232C protocol and supports VT100 emulation. Figure 2-4.
SCSxx05/SCSxx20 User Guide 2: Installation Connecting to a Device Port You can connect any device that has a serial console port to the SCS for consolidated remote administration. You can configure the device ports individually. The console port must support the RS-232C interface. Additionally, many servers must either have the serial port enabled as a console, or must have the keyboard and mouse detached. Consult the server hardware and/or software documentation for more information. Figure 2-5.
SCSxx05/SCSxx20 User Guide 2: Installation Connecting the Network Port The SCS’s network port (10Base-T/100Base-TX) allows remote access to the attached devices and the system administrative functions. You must first set up the network parameters for the network port before you can reach the SCS remotely. You can change the network parameters from the front panel of the SCS, or you may Telnet to the default address. Refer to the Quick Start chapter for instructions.
SCSxx05/SCSxx20 User Guide 2: Installation Power Manager Interface The SCSxx20 has a dedicated port for the Lantronix PCU8 Power Control Unit. With the SCSxx05 (and the SCSxx20, if desired), you may use any available device port. The PCU8 uses a DB9 connector on its serial connector and requires a Part Number 200.0069 DB9 to RJ45 adapter for that connection. (Lantronix supplies one such adapter with each PCU8 system).
3: Quick Start This chapter helps you get your IP network port up and running quickly, so you may administer the SCS using your network. There are two methods to quick start the network connections: You may use the front panel display and buttons, or You may use your existing IP network, accessing the default IP address Once you have identified your IP network parameters to the SCS, you can use your IP network connections to configure and administer it.
SCSxx05/SCSxx20 User Guide 3: Quick Start Method #1 – Using the Front Panel Display You can use the front panel display and pushbuttons to set up the basic network interface. The system administrator can then access the SCS using your existing IP network. Figure 3-1. Front Panel LCD Display and Five Pushbuttons (Enter, Up, Down, Left and Right) The front panel display initially shows the server name (e.g., SCS4805) and the date and time.
SCSxx05/SCSxx20 User Guide 3: Quick Start Figure 3-2. Front Panel Setup Options with Associated Parameters Normal Network IP Setting Subnet Mask Gateway DNS1 DNS2 DNS3 Terminal Settings Release Dates System LCD Time / Date Settings Timezone Calendar 3. When the display shows the feature that you wish to edit, press the Enter key on the keypad to enter the editing mode. In our example, the display shows Editing Network Settings. A cursor displays below one character of the existing IP address setting.
SCSxx05/SCSxx20 User Guide 3: Quick Start Method # 2- Using Telnet You can use Telnet to connect to the SCS instead of using the terminal port if your workstation is configured to communicate with the default network settings of the SCS. The default IP address of the SCS is 10.0.0.1 with a subnet mask of 255.0.0.0. If you temporarily change your workstation to an IP address of 10.X.X.X with a subnet mask of 255.0.0.0, you can Telnet to the SCS using the following commands: 1.
4: Configuration The setup command provides a text-based interface for administering the SCS. It requires VT100 terminal support using the keyboard (no mouse support). The setup command prompts the system administrator for appropriate entries to simplify the configuration process. The setup command runs automatically to initially configure the SCS; the sysadmin may run it manually at any time thereafter from a network connection or the terminal port.
SCSxx05/SCSxx20 User Guide 4: Configuration Topic Page Configuring Device Ports 4-5 Updating Software 4-14 Using Done 4-16 Saving 4-17 Rebooting 4-17 Connecting Using Telnet or Your Serial Terminal If you are not already connected as described in Quick Start, you have two options: Connect the terminal port to a VT100 terminal device or computer using a VT100 terminal emulation program. (See Connecting a Terminal.) Telnet via your network connection.
SCSxx05/SCSxx20 User Guide 4: Configuration Figure 4-1. Setup (System Configuration) Program 2. To make changes to the system configuration, select Yes and press Enter. A setup (configuration) menu, including the available configuration options and a Done option, displays. (You must scroll down to see all of the menu options.) Note: If you select No, the setup program ends, and the command prompt displays. Figure 4-2.
SCSxx05/SCSxx20 User Guide 4: Configuration Table 4-1. Setup Menu Navigation Action Key To select a menu option Use the up and down arrows on your keyboard (not on the numeric keypad) To select Yes or No Use the up and down arrows to move between Yes and No. To complete an entry and continue Press Enter. Note: Pressing Enter selects the default operation in most of the screens. To go to the next area of the screen Press Tab.
SCSxx05/SCSxx20 User Guide 4: Configuration 2. Select Yes to use DHCP to obtain the IP address, netmask, and gateway, or No to enter your own values. DHCP What is the value for BOOTPROTO? Enable DHCP (Please select ‘dhcp’ or ‘none’) If you choose ‘none’, you MUST provide values for IPADDR, NETMASK, and GATEWAY. Dhcp none 3. Press Enter. The hostname and IP address prompt displays. 4. Enter a value for the hostname. The default hostname is the SCS model name (e.g., SCS4805).
SCSxx05/SCSxx20 User Guide 4: Configuration Ip Address in dot quad notation (e.g., Answer: 10.2.3.4) 172.20.201.28 8. Press Enter. The netmask prompt displays. 9. Enter the value of the netmask, in dot-quad notation. Hostname and IP Address What is the value for NETMASK? IP Netmask in dot quad notation (e.g., 255.255.255.0) Answer: 255.0.0.0 10. Press Enter. The gateway prompt displays. 11. Enter the IP address of your gateway.
SCSxx05/SCSxx20 User Guide 4: Configuration 4-7
SCSxx05/SCSxx20 User Guide 4: Configuration 4. At the end of the Timezone script, press Enter. The setup menu returns with Configure DNS selected. At this point, you may continue with the next setup menu item, you may use the arrow keys to select another item in the list, or you may arrow down to Done to exit the setup script. (You can do this for any of the high level menu items.
SCSxx05/SCSxx20 User Guide 4: Configuration Configuring Services With this menu option, you enable or disable the following: Syslog (system logging) (default is enabled) System logins using SSH (default is disabled) System logins using Telnet (default is enabled) Simple Network Management Protocol (SNMP Agent) (default is disabled) 1. With Configure Services selected, press Enter. The syslog prompt displays. 2. Select Yes to enable or No (default) to disable syslog, and press Enter.
SCSxx05/SCSxx20 User Guide 4: Configuration Enabling/Disabling Web Configuration The SCS offers a Web-based configuration interface, which you can only access through your browser using SSL (Secure Sockets Layer) (https://). The Web interface has most of the same options as the console-based setup routine and may be useful for updating configuration options after you complete the initial setup. This option enables or disables the ability to update the SCS configuration using the Web interface. 1.
SCSxx05/SCSxx20 User Guide 4: Configuration Configuring Email Relay The SCS incorporates a mail transport agent for email delivery. Use this option to identify your network’s SMTP relay server. 1. With Configure Email Relay selected, press Enter. 2. Leave this value blank unless email delivery is not working, in which case enter the IP address of your network’s SMTP relay server. Input value for SMART_RELAY IP Address (in dot quad notation) of your network’s SMTP relay server.
SCSxx05/SCSxx20 User Guide 4: Configuration 4. Press Enter. The PPP timeout prompt displays. 5. To cause an idle PPP connection to be disconnected after a specified number of minutes, backspace over the existing value and enter a number between 1 and 30 (minutes). Configure PPP Timeout Input value for Configure PPP Timeout. Answer: disabled 6. Press Enter. The terminal port timeout prompt displays. 7.
SCSxx05/SCSxx20 User Guide 4: Configuration 1. With Configure Modem selected, press Enter. The enable modem logins prompt displays. 2. Select Yes to enable or No (default) to disable modem logins. Enable Modem Logins? Do you want to enable logins on the Modem? This will allow PPP and TTY logins. Enable Modem Logins? Yes / No If you selected No, the Configure User Authentication menu displays. Continue with Configuring User Authentication on page 4-16. 3. Press Enter. The TTY callbacks prompt displays.
SCSxx05/SCSxx20 User Guide 4: Configuration 8. Select Yes to enable a direct PPP login, or No to disable a direct PPP login. Enable PPP Logins? Do you want to enable PPP logins? This will allow a direct PPP login without having to log into a user shell. Yes / No 9. Press Enter. If you selected Yes, the PPP parameters options prompt displays. If you selected No, the Configure User Authentication menu displays. Continue with Configuring User Authentication on page 4-16. 10.
SCSxx05/SCSxx20 User Guide 4: Configuration Configuring CHAP Secrets The SCSxx20 supports either CHAP or PAP, but not both. PAP is the default authentication method. The CHAP parameters include: Client Server Secret (password used for authentication; generated by the system administrator) IP address (acceptable local IP address) 1. With CHAP Secrets on the setup menu selected, press Enter. The CHAP secrets prompt displays. 2.
SCSxx05/SCSxx20 User Guide 4: Configuration Configuring PAP Secrets PAP is the default authentication method. The parameters include: Client Server Secret (password used for authentication; generated by the system administrator) IP address (acceptable local IP address) 1. With PAP Secrets on the setup menu selected, press Enter. The PAP secrets prompt displays. 2.
SCSxx05/SCSxx20 User Guide 4: Configuration 1. With Configure User Authentication selected, press Enter. The User Authentication menu displays with Configure NIS selected. Figure 4-3. User Authentication Menu 2. Follow the instructions below for the method (NIS, LDAP, or RADIUS) you want to use. In addition to the selected method, you may configure global port permissions. Configuring NIS If you are using NIS authentication, you must: Identity the NIS domain name (often same as hostname).
SCSxx05/SCSxx20 User Guide 4: Configuration 6. Enter the IP Address (in dot quad notation) of at least the NIS master server (required), and press Enter. The first slave server prompt displays. You may configure up to five NIS slave servers (SLAVE-1 through SLAVE-5). Slave server values are optional. There are five similar screens, one for each NIS slave server. 7. Enter the IP address of the first slave server and press Enter. 8.
Configuring RADIUS If you are using the RADIUS option for authenticating users, you must: Enable RADIUS (default is disabled) Enter the IP address of a RADIUS server Enter the shared secret (text string that serves as a password between a RADIUS client and the SCS) Enter the timeout (server connection timeout) 1. With Configure RADIUS selected, press Enter. The RADIUS prompt displays. 2. Select Yes to enable RADIUS to authenticate users, and press Enter. 3.
SCSxx05/SCSxx20 User Guide 4: Configuration 1. With Configure Global Port Permissions selected, press Enter. The direct mode permissions prompt displays. 2. If desired, enter a range and/or list of ports (for example, 1, 3, 5-7) to which the direct mode permissions will apply. Default Permissions What is the value for ALLOW_DIRECT? Specify the port-direct mode default port permissions. ports can be specified using a range and/or list.
SCSxx05/SCSxx20 User Guide 4: Configuration 1. With NFS Mount selected, press Enter. The NFS mount prompt displays. Enable NFS? Do you want to mount an NFS share from an NFS server? Do not use packet filtering (firewall) if you are using NFS or NIS Enable NFS? Yes No 2. Select Yes to install the NFS server information to mount an NFS share, or No to disable this option. If you answer Yes, the NFS value prompt displays. If you answer No, the setup menu returns Configure the Firewall, selected. 3.
SCSxx05/SCSxx20 User Guide 4: Configuration Configuring Firewall (Packet Filtering) The SCS incorporates a packet filtering option (a "firewall"). (The Web configuration interface uses the term “Packet Filtering.”) Note: You must not use packet filtering (firewall) if you are using NFS or NIS, because it would filter out the NFS or NIS packets. You may configure the firewall for your site by setting the following parameters.
SCSxx05/SCSxx20 User Guide 4: Configuration 7. To enter the list of TCP Public Services that the SCS should support, edit the text-entry list from the choices indicated in the Answer field (ftp-data, ftp, SSH, telnet, www, and https). Firewall.conf What is the value for TCP_PUBLIC_SERVICES? This is the list of ports we allow TCP connections to. Answer: ssh telnet https For example, you may choose to remove telnet from this list of services for security reasons, leaving only ssh and https .
SCSxx05/SCSxx20 User Guide 4: Configuration Device Port Configuration Options You can configure the device ports for port identity (apply a relevant name) and for feature access and buffer logging. You can configure device ports (for departments, for identifying equipment types, or for any other reason) in any combination; groups can be any individual port number, any range of numbers, or a combination of both.
SCSxx05/SCSxx20 User Guide 4: Configuration 4. Backspace over the existing data, and enter your name for this port. The device name cannot contain a space. Use an underscore if you need an empty space in the name. 5. Press Enter. You have two options: To go back and name or rename the same device port, repeat steps 3-5. To save your name change to flash memory now, select Done and press Enter: A confirmation screen displays. Continue with step 6. 6. To confirm, select Yes.
SCSxx05/SCSxx20 User Guide 4: Configuration 3. In the Answer field, enter the number, range, or combination of ports to be administered. What device port do you want to configure? Input a device number, a device name, or a range. Examples of ranges: 3,7,9 2-12 1,4,6-9,14 Valid port range is 1-48 What device port do you want to configure? Answer: 1-3,5,7-9,26 4. Press Enter. The enable operator port prompt displays. This option allows PPP as well as terminal logins through an external modem.
SCSxx05/SCSxx20 User Guide 4: Configuration Data Bits, Stop Bits, and Parity The format of the bit-wise transmission of data is determined by the data bits, stop bits, and parity parameters. The default settings are 8 data bits, 1 stop bit, and no parity. Check your equipment documentation for the proper settings. 1. Use the arrow keys to select the data bits for the port(s) from the list displayed. 2. Press Enter. The stop bits prompt displays. 3. Select the stop bits (1 or 2) for the port(s). 4.
SCSxx05/SCSxx20 User Guide 4: Configuration 1. Select Yes to disable buffering, or select No (default) to enable buffering. 2. Press Enter. You have two options: To go back and change any of your settings for this port or group of ports, select the Setup the Device parameters option, or When you are satisfied with the changes you have made, or you wish to administer additional ports, select Done. 3. Press Enter. If you selected Done, you now confirm your changes. Confirm Changes 1.
SCSxx05/SCSxx20 User Guide 4: Configuration File Logging by Port This option includes the following parameters: Enable/disable (default is disabled) Number of files saved per port Log file path (can be NFS mounted) Log file size (in bytes) 1. With File Logging Port selected, press Enter. The log to file flag prompt displays. 2. Select Enable to enable file logging for the selected device port(s), or select Disable to disable file logging, and press Enter.
SCSxx05/SCSxx20 User Guide 4: Configuration 7. Enter the desired log file size in bytes (2048 = 2K). The default is 2048 bytes. The amount of available memory limits the maximum size of the log file. 8. Press Enter. the Device Logging Parameters menu returns with Syslog Port Logging, selected. Syslog Logging by Port Next, you configure the following syslog options for the same port(s): Enable/Disable (default is disabled) Set Syslog Facility (user, local0, local1, local2, etc....
SCSxx05/SCSxx20 User Guide 4: Configuration 3. Enter the number (digits) of bytes of data the port will receive after which the SCS will capture log data and send an email regarding this port. In most cases, the terminal (console) port of your device does not send any data unless there is an alarm condition. After the SCS receives a small number of bytes, it can perceive that your device needs some attention.
SCSxx05/SCSxx20 User Guide 4: Configuration 10. Press Enter. The email address prompt displays. 11. Enter the complete email address of the message recipient(s) for each device port(s). Each device port has its own recipient list. If you wish to enter more than one email address, separate the addresses with a single space. Set Email Address(es) Device Port 1,4,5-7. Answer: SiteTech@ServerFarm.com 12. Press Enter. The cc: prompt displays. 13.
SCSxx05/SCSxx20 User Guide 4: Configuration 1. With Software Updates selected, press Enter. The protocol prompt displays. What is the value for PROTOCOL? Please enter ‘tftp’ or ‘ftp’ to select the server type that will be used to obtain Software update files and as the server type for configuration save and restore. tftp ftp 2. Select the type of server you will use for obtaining updates and saving or restoring configurations, and press Enter. The server IP address prompt displays.
SCSxx05/SCSxx20 User Guide 4: Configuration 6. Enter the ftp user password and press Enter. The install software updates prompt displays. Input value for Install Software Update(s) Enter a space separated list of software update files to apply. They will be obtained from the server specified by SERVERIPADDR. Unless the filename here is specified with a path, the files will be obtained from FTPPATH. Successfully applied updates will appear in the Updates Applied item below.
SCSxx05/SCSxx20 User Guide 4: Configuration Saving This SAVE command saves all changes and updates to non-volatile memory. The SCS automatically saves the programmed parameters after running the setup script for the first time only. After that, the system administrator must run SAVE manually, as follows: 1. To permanently save any parameter changes, type SAVE (all caps) at the command prompt. 2. Press Enter. It may take a few minutes for the system to save your entries.
5: Web Interface The SCS incorporates a browser-based interface for the system administrator. This interface provides an alternate method of updating most of the parameters initially set up using the setup command. The Web interface is password protected, using SSL encryption. Always use the https:// prompt.
SCSxx05/SCSxx20 User Guide 5: Web Interface Web Configuration Utility Main Page The Web Configuration Utility allows the system administrator to configure the SCS, much like the setup script does via a network or terminal connection. Figure 5-2. The SCS Web Configuration Utility Main Page This section of the User Guide does not show each window, which are selfexplanatory. Apply, Cancel, and Save buttons are at the bottom of each parameter window. (See Saving Web Interface Entries on page 5-4.
SCSxx05/SCSxx20 User Guide 5: Web Interface Table 5-1.
SCSxx05/SCSxx20 User Guide 5: Web Interface Saving Web Interface Entries Figure 5-6. Buttons at Bottom of Web Utility Configuration Page Apply Changes Applies the changes for the current page, but does not save them to flash memory. Closing the Web window does not save or apply any changes. You must apply changes after completing the changes for a single Web page. Cancel Clears changes on a Web page that you don’t want to apply.
6: Modem Setup If your SCSxx20 was shipped with a modem installed, it is not necessary to perform the modem setup, and you can skip this chapter. This procedure is for installing a modem in the field. This chapter includes the following topics: Topic Page Installing a Modem Card 6-1 Initializing the Modem 6-1 Installing a Modem Card Note: It is not necessary to power down the unit before installing the modem card. 1. Remove the blank metal plate covering the modem slot on the SCSxx20. 2.
SCSxx05/SCSxx20 User Guide 6: Modem Setup To initialize the modem (only needed when first installed): 1. Login as sysadmin 2. Type install_modem at the sysadmin> prompt. 3. When the command has run completely, the sysadmin> prompt displays. The modem has reset and is ready to use. SCS1620 login: sysadmin Password: sysadmin>install_modem sysadmin> 4. Check the status LEDs on the modem module. Figure 6-2.
7: System Administrator and User Functions This chapter describes how the system administrator and users gain access to the system and the functions permitted for each role. It includes the following topics. Topic Page System Administrator Functions 7-1 User Access and Functions 7-3 System Administrator Functions The system administrator specifies settings such as user IDs, device configuration, and terminal and access rights to suit the application.
SCSxx05/SCSxx20 User Guide 7: System Administrator and User Functions Changing the Root Password The system administrator must also change the password for the root level. Although users do not require root access, the system administrator can access it using SSH. Make sure to know the root access password and be certain that it has not been left as the common default value.
SCSxx05/SCSxx20 User Guide 7: System Administrator and User Functions If You Misplace the Sysadmin Password You can lock the system down and prevent programming access if you misplace your password. If this should happen, recover the system as follows: 1. Connect a terminal or PC running terminal software to the terminal port on the SCS. 2. Power up the SCS. 3. At the boot prompt, type ?. 4. At the second boot prompt, type linux single and press Enter. 5.
SCSxx05/SCSxx20 User Guide 7: System Administrator and User Functions Terminal Port Access To form a terminal port connection to the SCS, use a hardwired VT100 terminal or terminal emulation program that is connected to the terminal connector on the SCS. The system administrator normally uses this type connection during service events; however, any user who has access to the VT100 terminal and a password can log into the system this way. SCS4805 SCS4805 login: SCS4805 login: imauser Password: imauser> 1.
SCSxx05/SCSxx20 User Guide 7: System Administrator and User Functions Alpha, the prompt would read GEORGE-Alpha>. When this prompt displays, you are in monitor mode. There is no direct communication between you and the server. Note: You may select a server already selected by another user. The system saves any output from the server to a buffer that you may access (using cat or less), but you may not issue commands to the server. If you want to issue commands to the server, you must enter direct mode.
SCSxx05/SCSxx20 User Guide 7: System Administrator and User Functions To change the sequence, enter the new sequence and press Enter. If for some reason the sequence is unacceptable, an error message displays, and the sequence reverts to the existing character values. A list of hexadecimal character settings is provided at the end of this User Guide. Logging Out Always log out when you are finished with your session activity. To log out from a user session: 1. Type logout. 2. Press Enter.
8: Commands This chapter includes the following topics: Topic Page Summary of Commands 8-1 System Commands 8-1 Device Commands 8-7 User Management Commands 8-9 User Commands 8-12 Advanced Sysadmin Commands 8-13 Summary of Commands A summary of the SCS commands is provided below. Some commands only sysadmin can access, while all defined users can access others. Table 8-1.
SCSxx05/SCSxx20 User Guide sysadmin User x x x x x x x x x x x x x x x x x x x 8: Commands Command Purpose passwd poweroff reboot reset-modem SAVE select scp setup sftp ssh ssh-keygen Telnet Sets user password. Powers-off (shuts down) the SCS. Reboots the SCS. Resets the internal modem. (SCSxx20 only) Commits (saves) programming changes. Selects a port. Secures copy. Initially configures the SCS. Secures ftp. Establishes an SSH connection. Generates SSH keys. Uses Telnet.
SCSxx05/SCSxx20 User Guide 8: Commands poweroff Use the poweroff command to shut the system off. This command allows the system to properly close any open files and gracefully exit and shut down. If you turn off the system without using the poweroff command (including power failure), the system will require some extra self-checks and start-up time the next time it boots up. sysadmin>poweroff Broadcast message from root (ttyterm) Tue Oct 2 14:27:12 2001...
SCSxx05/SCSxx20 User Guide 8: Commands passwd At the first login, the SCS uses the factory default password, PASS (all upper case). The sysadmin should change this default password as soon as possible to prevent access by unauthorized personnel.
SCSxx05/SCSxx20 User Guide 8: Commands sysadmin> sysadmin>info SCS4805 Shell V4.00 sysadmin> reset-modem Use this command to reset the internal modem. (SCSxx20 only) scp Use scp to perform a secure copy, using SSH, between two hosts. The file copy is encrypted and is therefore secure. Refer to the man pages for scp for a description and command options. sftp Use sftp to perform a secure file transfer transaction, using SSH, between two servers.
SCSxx05/SCSxx20 User Guide − − 8: Commands Device buffer examined (less or cat) User becomes root The SCS comes set to log all warnings and higher events. The default file entry is *.warning, with lower level settings (a lower level generates more messages) in *.notice and *.info (even more events). To change the logging level: 1. Log in as sysadmin. 2. Type bash and press Enter. 3. Edit the file /etc/syslog.conf (vi /etc/syslog.conf) and press Enter. 4.
SCSxx05/SCSxx20 User Guide 8: Commands edituser V3.05 lcd V3.13 lciclear V3.06 lcistty V3.06 listen V3.21 listend V3.22 ltxloggerd V1.17 lu V3.05 modem_reset V3.10 perms V3.09 timeout V3.08 timeoutd V3.06 lci-system-configure V1.22 EXAR-XR16L788 Device Driver V2.8 SCS4805 release date: Thu Sep 19 16:14:49 2002 V4.0 sysadmin> Device Commands The system administrator may define the device port parameters using the devices, editdev, and listdev commands.
SCSxx05/SCSxx20 User Guide 8: Commands Device Name The device name cannot contain a space. Use an underscore if you need an empty space in the name. Baud Rate Seven device baud rates are offered: 2400, 4800, 9600, 19200, 38400, 57600, and 115,200. Most devices use 9600 as the terminal/administration port's baud rate, so the device port defaults to this value. Check the equipment settings and documentation for the proper baud rate.
SCSxx05/SCSxx20 User Guide 8: Commands User Management Commands The system administrator uses the following commands to add and delete users and to add and change settings for system users. The sysadmin is also a user, although one who cannot be deleted. listusers Use listusers to get a list of all assigned users in the SCS.
SCSxx05/SCSxx20 User Guide 8: Commands The system automatically enters the edituser mode for this new user, allowing the system administrator to change any of the preset parameters. edituser Use this command to edit the port configuration and default operational sequences for that user profile. This command creates user IDs and privileges. The system prompts the sysadmin to define the device ports that the user will be allowed to access for direct connections.
SCSxx05/SCSxx20 User Guide 8: Commands 3. To accept the changes, type y for yes, or to reject the changes, type n or do not enter anything. 4. Press Enter.
SCSxx05/SCSxx20 User Guide 8: Commands User Commands After the user logs in to the system, the user name becomes the command prompt. For example, ross> displays after Ross logs in. Users log in to identify themselves to the system and to access the device ports to which the system administrator has assigned them privileges. select Use select to select a port (only applies to ports for which this user is allowed clear, direct, or listen access).
SCSxx05/SCSxx20 User Guide 8: Commands Advanced Sysadmin Commands You can access the following features from the command line interface or administer them using a Linux command line prompt through your network. Using ssh Keys and keygen Procedures The following info is taken, with great liberties, from an open source article discussing ssh and keygen. It is online at: http://igloo.its.unimelb.edu.au/Webmail/security/msg00010.html. ssh-agent: Type My Passphrase Once Ssh-agent makes this all so easy.
SCSxx05/SCSxx20 User Guide 8: Commands Using Single Signon to Save Time To automate and save time, try this: [max@miraclehut ~]$ ssh-agent /bin/bash [max@miraclehut max]$ ssh-add Need passphrase for /home/max/.ssh/identity (max@miraclehut). Enter passphrase: Identity added: /home/max/.ssh/identity (max@miraclehut) [max@miraclehut max]$ for target_host in host1 host2 host3 host4 host5 host[678] host9; do > ssh root@$target_host ".
SCSxx05/SCSxx20 User Guide 8: Commands To mount a file system at boot time, the /etc/fstab file must have an entry that is associated with the directory to mount. Following is an example of how to use this facility to automatically mount an NFS file on the SCS. In /etc/fstab the following entry must be present: /dev/device /dir/to/mount ftype parameters fs_freq fs_passno where /dev/device The device to be mounted.
SCSxx05/SCSxx20 User Guide 8: Commands You can only configure this feature from the bash shell as the root user. (See instructions for changing to the root user in Mounting File Systems During Boot.) The following files are needed to insure that autofs works properly: /usr/sbin/ automount /etc/rc.d/init.d/ autofs /etc/ auto.master auto.export /usr/lib/autofs/ lookup_file.so mount_ext2.so lookup_multi.so mount_generic.so lookup_nisplus.so mount_nfs.so lookup_program.so parse_sun.so lookup_userhome.
SCSxx05/SCSxx20 User Guide 8: Commands b) In the auto.export file, add the following: tomv -fstype=nfs,rw,intr,soft,bg erh62:/home/tomv where tomv The NFS mounted directory name. fstype The comma-delimited option list that mount will use. erh62:/home/tomv The server name and directory that the SCS will use. 2.
9: Port Access The SCS provides various ways of accessing serial ports. This chapter includes the following topics: Topic Page Telnet to Serial Port 9-1 IP Address per Serial Port Feature 9-5 Telnet to Serial Port Feature This section describes how to set up and use the Telnet to a Serial Port feature of the SCS. It assumes that you have otherwise configured the unit, and that the console server has connectivity to the network.
SCSxx05/SCSxx20 User Guide 9: Port Access IP Port Number Serial Port Number 9001 9002 9003 ... 9008 ... 9046 9047 9048 1 2 3 ... 8 ...
SCSxx05/SCSxx20 User Guide 9: Port Access Assigning an IP Port Number to a Serial Port You need to modify two files to assign an IP port number to a serial port. In our example we specify that: IP port number 9001 correlates to serial port 1 IP port number 9002 correlates to serial port 2 and so on, up to 9048 correlating to device port 48 in the SCS4805. These IP addresses are simply the default values and the convention chosen in this example.
SCSxx05/SCSxx20 User Guide 9: Port Access Testing If you have not set up the (local or NIS) port permission file for users on the console server, they will not be able to access the serial ports. If the user does not have the appropriate serial port permissions, attempting to connect via Telnet gives the following results: kerrym@erh62 $ Telnet km3210 9004 Trying 192.168.201.60... Connected to km3205.lci.net (192.168.201.60). Escape character is '^]'. km3205.lci.
SCSxx05/SCSxx20 User Guide 9: Port Access IP Address per Serial Port Feature The IP Address per Serial Port feature allows you to set multiple network addresses on the same low-level network device driver (e.g., two IP addresses in one Ethernet card). It is typically used for services that act differently based on the address they listen on (e.g., multihosting, virtual domains, or virtual hosting services).
SCSxx05/SCSxx20 User Guide 9: Port Access The content of the first file, ifcfg-eth0:0, is: DEVICE="eth0:0" BOOTPROTO="none" ONBOOT="yes" IPADDR="192.168.202.11" NETMASK="255.255.255.0" The content of the second file, ifcfg-eth0:1 is: DEVICE="eth0:1" BOOTPROTO="none" ONBOOT="yes" IPADDR="192.168.202.12" NETMASK="255.255.255.0" 5. In this manner, set up the remaining 14 config files. Note that there are two lines that must be changed in each file. The DEVICE line and the IPADDR line.
SCSxx05/SCSxx20 User Guide 9: Port Access Note: If you need to set up an additional gateway to access the aliased IP addresses from client workstation(s), for example, set up the /etc/sysconfig/static-routes file. (This is an additional gateway – the default gateway is set up through the sysadmin setup program.) By default, the static-routes file does not exist. 9.
SCSxx05/SCSxx20 User Guide 9: Port Access Saving the Changes to Flash Once you have completed the setup and test, change the file system back to read-only and save the changes to flash. (Note that on the system shown below, NIS was running. NIS was used for both the login authentication of “kerrym” and to obtain the permissions for the serial port.
SCSxx05/SCSxx20 User Guide 9: Port Access Bypassing Authentication Note: The ability to bypass the authentication mechanisms, as described below, may not be deployed on your particular console server. If it has been deployed on your console server and you have specified that authentication should not take place on certain serial ports, beware! Enable this feature only if the console server is located within a fully protected internal network, and all of the users can be trusted.
SCSxx05/SCSxx20 User Guide 9: Port Access 2. Set up the nobody.conf file and modify it accordingly. a) Log in to the sysadmin account, and then go into the bash shell. sysadmin>bash sysadmin@km3210 /var/tmp$ su Password: root@km3210 /var/tmp# cd /lci/users root@km3210 /lci# cp ../default.user.conf nobody.conf root@km3210 /lci# vi nobody.conf b) Set the desired port permissions for ALLOW_DIRECT, ALLOW_LISTEN, and ALLOW_CLEAR accordingly.
A: Unix Command Help The system administrator uses some UNIX/Linux commands in administering the SCS. Some of the system commands automatically invoke the less command (e.g., if you run the devices command, less displays the information.) You may use the vi editor when you run setup. less command Use the less command when the data output to the terminal is longer than one screen can display. The output pauses, and a ":" (colon) displays at the bottom of the screen.
SCSxx05/SCSxx20 User Guide A: Unix Command Help SEARCHING /pattern * Search forward for (N-th) matching line. ?pattern * Search backward for (N-th) matching line. ESC-^B * Find open bracket ?pattern * Search backward for (N-th) matching line. n * Repeat previous search (for N-th occurrence). N * Repeat previous search in reverse direction. ESC-n * Repeat previous search, spanning files. ESC-N * Repeat previous search, reverse dir. & spanning files. ESC-u Undo (toggle) search highlighting.
SCSxx05/SCSxx20 User Guide A: Unix Command Help MISCELLANEOUS COMMANDS - Toggle a command line option [see OPTIONS below]. -- Toggle a command line option, by name. _ Display the setting of a command line option. __ Display the setting of an option, by name. +cmd Execute the less cmd each time a new file is examined. !command Execute the shell command with $SHELL. |Xcommand Pipe file between current pos & mark X to shell command. v Edit the current file with $VISUAL or $EDITOR.
SCSxx05/SCSxx20 User Guide A: Unix Command Help If you are not sure which mode you are in at any time, press Esc, which returns you to the command mode. A summary of the modes and some vi commands follows. Using vi in Command Mode The following keyboard commands apply to vi in command mode. Move the cursor within the open file using the following position commands: h Moves cursor to left (left arrow). j Moves cursor to next line (down arrow). k Moves cursor to previous line (up arrow).
B: Hexadecimal Conversion Chart Equivalent characters in italics are non-printing characters or signals. Hexadecimal to Character Conversion Hexadecimal Code Equivalent Character Hexadecimal Code Equivalent Character 00 NUL 20 SP 01 SOH 21 ! 02 STX 22 “ 03 ETX 23 # 04 EOT 24 $ 05 ENQ 25 % 06 ACK 26 & 07 BEL 27 ‘ 08 BS 28 ( 09 HT 29 ) 0A NL 2A * 0B VT 2B + 0C NP 2C , 0D CR 2D - 0E SO 2E .
SCSxx05/SCSxx20 User Guide B: Hexadecimal Conversion Chart Hexadecimal Code Equivalent Character Hexadecimal Code Equivalent Character 42 B 62 b 43 C 63 c 44 D 64 d 45 E 65 e 46 F 66 f 47 G 67 g 48 H 68 h 49 I 69 i 4A J 6A j 4B K 6B k 4C L 6C l 4D M 6D m 4E N 6E n 4F O 6F o 50 P 70 p 51 Q 71 q 52 R 72 r 53 S 73 s 54 T 74 t 55 U 75 u 56 V 76 v 57 W 77 w 58 X 78 x 59 Y 79 y 5A Z 7A z 5B [ 7B { 5C \
C: Pinouts and Adapters The serial device ports of the SCSxx05/SCSxx20 products match the RJ45 pinouts of the console ports of many popular devices found in a network environment. The SCS uses conventional Category 5 fully pinned network cables for all connections; the cables are available from Lantronix in various lengths. In some cases you will need an adaptor for your serial devices. Lantronix offers a variety of RJ45 to serial-connector adapters for many devices.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters SCSxx05 SCSxx05 Pinouts SCSxx05 Terminal / Device (DTE) RJ45 SCSxx05 Terminal / Device (DCE) RJ45 Pinouts for SCSxx05 Terminal and Device Ports (DCE and DTE) Tx 3 Tx 3 Rx 6 Rx 6 RTS 1 RTS 1 CTS 8 CTS 8 DTR 2 DTR 2 DSR 7 DSR 7 4 4 5 SG SG Note: Default for Device Ports is DTE Setting pin 1 RJ45 Connector C-2 5
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters SCSxx05 Adapters The adapters illustrated below are compatible with the Lantronix SCSxx05 models. RJ45 Receptacle to DB25M DCE Adapter for the SCSxx05 (Part# 200.2066A) Pin 1 DB25 Male RJ45 5 1 8 2 6 3 3 4 7 5 6 2 7 20 8 4 Use PN 200.2066A adapter with a dumb terminal or with most SUN applications.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB25F DCE Adapter for the SCSxx05 (Part# 200.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB9M DCE Adapter for the SCSxx05 (Part# 200.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB9F DCE Adapter for the SCSxx05 (Part# 200.2070A) Pin 1 DB9 Female RJ45 8 1 1 2 6 3 2 4 5 5 6 3 7 4 8 7 Use PN 200.2070A adapter with a PC's serial port.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB9M DTE Adapter for the SCSxx05 (Part# 200.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB9F DTE Adapter for the SCSxx05 (Part# 200.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB25M DTE Adapter for the SCSxx05 (Part# 200.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB25F DTE Adapter for the SCSxx05 (Part# 200.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 to RJ45F Netra Adapter for the SCSxx05 (Part# 200.2225) Use this adapter for Netra/SUN/CISCO and others.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters SCSxx20 SCSxx20 Pinouts SCS1620 Terminal / Device (DTE) RJ45 SCS1620 Terminal / Device (DCE) RJ45 Pinouts for SCSxx20 Terminal and Device Ports (DCE and DTE) Tx 3 Tx 3 Rx 2 Rx 2 RTS 7 RTS 7 CTS 8 CTS 8 DTR 4 DTR 4 DSR 6 DSR 6 DCD 1 DCD 1 SG 5 SG 5 Note: Default for Device Ports is DCE Setting pin 1 RJ45 Connector C-12
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters SCSxx20 Adapters The adapters illustrated below are compatible with the Lantronix SCSxx20 models. RJ45 Receptacle to DB25M DCE Adapter for the SCSxx20 (Part# 200.0066) Pin 1 RJ45 DB25 Male 2 3 3 2 4 7 5 8 6 6 5 7 5 8 1 20 4 Use PN 200.0066 adapter with a dumb terminal or with most SUN applications.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB25F DCE Adapter for the SCSxx20 (Part# 200.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB9M Adapter for SCSxx20 (Part # 200.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters RJ45 Receptacle to DB9F Adapter for SCSxx20 (Part# 200.0070) Pin 1 RJ45 DB9 Female 1 1 1 2 2 3 3 4 4 5 5 5 6 6 7 7 8 8 Use PN 200.0070 adapter with a PC's serial port.
SCSxx05/SCSxx20 User Guide C: Pinouts and Adapters Netra t1 to SCSxx20 RJ45 Adapter (Part# 200.0225) Use this adapter for Netra/SUN/CISCO and others.
D: Compliance and Warranty Information Compliance Information (1) Manufacturer’s Name & Address: Lantronix Inc., 15353 Barranca Parkway, Irvine, CA 92618 USA Declares that the following product: Product Name(s): Model SCS4805 Secure Console Server (Part No.
SCSxx05/SCSxx20 User Guide D: Compliance and Warranty Information This product carries the CE mark since it has been tested and found compliant with the following standards: Safety: EN 60950: 2000 Emissions: EN 55022: 1998 Class A Immunity: EN 55024: 1998 This product meets the requirements for and carries the following marks: VCCI (Japan) AS/NZS (Australia/New Zealand) GS (Germany) GOST (Russia) S-Mark (Argentina) MIC (Korea) Manufacturer’s Contact: Director of Quality Assurance, Lantronix Inc.
SCSxx05/SCSxx20 User Guide D: Compliance and Warranty Information Compliance Information (2) (according to ISO/IEC Guide 22 and EN 45014) Manufacturer’s Name & Address: Lantronix Inc.
SCSxx05/SCSxx20 User Guide D: Compliance and Warranty Information Warranty Lantronix warrants each Lantronix product to be free from defects in material and workmanship for a period of ONE YEAR after the date of shipment. During this period, if a customer is unable to resolve a product problem with Lantronix Technical Support, a Return Material Authorization (RMA) will be issued. Following receipt of an RMA number, the customer shall return the product to Lantronix, freight prepaid.
