Lantronix ETS Reference Manual - page 62
TCP/IP Server Parameters
Server Configuration
4-10
Port 4 will treat all serial data as SLIP packets until the Autostart option is removed and the port is logged
out. The exception to this case is if the port also has Modem Control enabled. If so, a drop in the DSR signal
will terminate the SLIP session, and the session will not restart until DSR is re-asserted.
A password can be configured to restrict access to SLIP sessions.
Figure 4-24: Setting SLIP Password
If a SLIP password has been set on the ETS, the server will prompt for it after the Set SLIP command has
been entered. If the password is not entered correctly, SLIP will not be started on that port; the user will
remain at the Local> prompt.
Ports with SLIP Autostart enabled will not have to enter the password—they will always be in SLIP mode.
If you are concerned about SLIP security, disable Autostart and require that all SLIP users enter the SLIP
password before starting.
4.5.5.3 Tips for Increasing SLIP Performance
◆
Disable broadcasts; the extra packet traffic can be surprisingly heavy.
◆
Set the MTU as high as possible on the ETS and on the remote SLIP device. This lowers the ratio of
header information to useful data and reduces time-consuming IP fragmentation.
◆
Be sure that characters aren’t being lost or altered by any communications equipment between the
SLIP hosts. Flow control between modems is particularly troublesome.
◆
When Telnetting with SLIP, Telnet directly to the desired host, not to the ETS and then to the final
destination.
◆
Be sure that all IP hosts that send and receive packets over the SLIP line use UDP checksumming and
don’t blindly set the checksums to zero. Hosts that do not check UDP checksums may send and
receive corrupted packets, but may accept the corrupted data as valid. At least one major UNIX
implementation does not check or set the UDP checksum by default.
◆
See your host documentation for information on enabling UDP checksumming.
4.5.5.4 Tips for Increasing SLIP Network Security
◆
If possible, restrict the IP addresses that the user can select, either via the Force option or the IP
security tables. This will help prevent the remote SLIP host from “impersonating” a legitimate host
on your network.
◆
Be very careful with .rhosts and /etc/hosts.equiv files on UNIX machines. Improper setup of these
files may allow unauthorized users to access the host.
◆
Disable broadcasts; it is possible that the remote user can learn important information from packets
being broadcast from your network onto the SLIP line.
◆
Counters are available for each SLIP session via the Show SLIP Port command. The displays will
show both forwarded and discarded packets for both directions of the session, and may be useful for
debugging SLIP connections.
Local> SET SERVER SLIP PASSWORD slpass