Lantronix ETS Reference Manual - 4.7.3 Snmp Security
Event Logging
Server Configuration
4-18
4.7.2.1 Using the Security Table
There are two basic rules for checking a TCP/IP connection for legality. First, a more specific rule takes
precedence over a less specific one. For example, if connections to 192.0.1.255. are disabled but
connections to 192.0.1.78 are enabled, a connection to 192.0.1.78 will succeed. Second, in the absence of
any rule that restricts a connection, access is allowed. If this behavior is not desired, include an entry of the
following form:
Figure 4-37: Setting IPsecurity
This is the least specific rule in the table, and will ensure that connections fail unless otherwise allowed by
another entry (recall that all ports are included in the rule by default).
If no entries are defined in the table, all connection attempts will succeed. Also, if the connecting user has
privileged status, the connection will be allowed regardless of the entries in the table.
Note:
Managers should try enabling and disabling certain addresses on their local
network to see what they can and cannot do if they are unclear as to the rules on
the use of the security table.
4.7.3 SNMP Security
Since SNMP can be used to change ETS settings, a way to prevent unauthorized Set commands is needed.
The ETS provides a security mechanism for restricting SNMP access to the unit that is linked to the SNMP
community name used. To prevent easy access to the allowed community names, the Show SNMP and List
SNMP commands are restricted to privileged users.
SNMP configuration requires a community name and an access type: Readonly, Both (read and write), or
None. Clearing an SNMP entry requires that you enter either a community name to remove or the All
parameter to clear the entire table. SNMP queries or Set requests that are not permitted are sent an error
reply specifying the problem. See Set/Define SNMP on page 12-98 for more information.
4.8 Event Logging
The ETS can be configured to report various events either to a serial port on the ETS or to a remote host.
The latter can be done within the TCP/IP, LAT, or NetWare protocols. TCP/IP messages will be sent to the
syslogd daemon on the host, while LAT and NetWare messages will be echoed to the console of the host/
fileserver. LAT logging requires installing the Lantronix-supplied logging program on the LAT host.
Configuring event logging requires three steps—configuring the host types, setting the host to which the
information will be reported, and configuring which class(es) of events will be logged.
Note:
Classes can be individually enabled and disabled, and multiple classes of events
can be logged.
4.8.1 Configuring Host Types
Host types must be configured as follows:
Local> SET IPSECURITY 255.255.255.255 IN DISABLED OUT DISABLED