Manualshelf

User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)
919293949596979899100
IP IP Security
6-14
To help track down problems, try printing verbose debugging information from your SSH client (for
example, on some UNIX clients you could enter ssh -v scsname). The SCS also tracks important SSH
activity to the authentication log, so you may want to enable and view that as well. The following commands
enable you to view the log, which is set to an authentication level of 5, from the console.
Figure 6-33: Enabling the Authentication Log
For more information on system event logging, see Event Logging on page 11-24.
6.6 IP Security
The SCS’s IP security features allow an administrator to restrict incoming and outgoing TCP/IP sessions,
access to ports, and print jobs. Connections are allowed or denied based upon the source IP address for
incoming connections and print jobs and the destination IP address for outgoing connections.
IP security for connections can be set to Incoming Enabled/Disabled, Outgoing Enabled/Disabled, or Both.
Incoming refers to users on other hosts attempting to log into the SCS. Outgoing refers to local users
connecting to other TCP/IP hosts. The Both parameter enables or disables both Incoming and Outgoing
connections. IP security for printing can be set to Enabled or Disabled. The printing setting affects both LPR
and RTEL print jobs from the specified hosts.
Note: The SCS has no default IP security restrictions.
6.6.1 Configuring the Security Table
The IP security table provides rules for checking a TCP/IP connection for legality. To configure the IP
security table, use the Set/Define IP Security command. To add an entry to the table, specify a valid IP
address, a list of affected ports, and what type of restriction is desired.
Figure 6-34: Set/Define IP Security Commands
The first command prevents port 3 from beginning sessions with hosts whose addresses range from
192.0.1.1 through 192.0.1.254. A 255 in any segment applies to all numbers in that range—192.0.1.255
includes 192.0.1.1, 192.0.1.2, and so on. The second command prevents nodes with IP addresses from
192.0.5.1 through 192.0.5.254 from sending print jobs to the server.
A more specific rule takes precedence over a less specific one. For example, if connections to 192.0.1.255
are disabled but connections to 192.0.1.78 are enabled, a connection to 192.0.1.78 will succeed. If no
entries are defined in the table, all connection attempts will succeed. To ensure that all connections will fail
unless directly specified in another entry, enter the following command:
Figure 6-35: Set/Define IP Security Commands
Local>> SET LOGGING DESTINATION CONSOLE
Local>> SET LOGGING AUTHENTICATION 5
Local>> DEFINE IP SECURITY 192.0.1.255 OUTGOING DISABLED PORT 3
Local>> DEFINE IP SECURITY 192.0.5.255 PRINTING DISABLED
Local>> SET IP SECURITY 255.255.255.255 INCOMING DISABLED OUTGOING DISABLED