Lantronix ETS Reference Manual - 5.4 Security
Security
Ports
5-14
5.4 Security
Between the various password protections on the ETS and the access control provided by service groups,
security should not be a problem; almost any access restriction can be enforced. For ports that need a higher
level of security, the Set/Define Port Security command allows the ETS manager to restrict a port user’s
actions on the ETS. Ports set this way are called secure ports. If a port is set secure, it cannot see or affect
other ports on the system, nor can it use the Set Privileged command. The secure option is useful for terminal
connections that need to be restricted but still have access to the command line.
Due to the sequence of security checks (see Table 5-1), multiple security features can be enabled on any
port. For example, a port can be configured to require a login password, enter a dialback username, and then
be placed in menu mode.
5.4.1 Password Restrictions
Users can be required to enter the ETS login password before they are allowed to connect to specific ports.
By default, incoming Telnet and Rlogin connections are not required to enter the login password. To
configure the ETS to require the login password, enter the Set/Define Port Password command.
Figure 5-27: Requiring the Login Password
5.4.2 Menu Mode
Ports that don’t need (or due to security concerns, should not have) access to the ETS command line can be
put into menu mode. In menu mode, users are given a preset menu of up to 36 commands to choose from
when they log in, but are not given automatic access to the command line. Individual ports are configured
for menu mode with the Set/Define Port Menu command. The commands that users see in the menu system
are configured via the Set/Define Menu command.
Table 5-1: Security Checks
Server Area to Check
Determines
Access is set to None
User cannot obtain any prompt or log in.
Port password is enabled
User must enter login password.
Port Dedicated is enabled
Port is forcibly autoconnected; user cannot access
command line.
Port Dialback is enabled
Username must be an authorized name; reconnect
attempt must succeed.
Port Security is enabled
Command set is restricted.
Port Menu is enabled
Port is forced into menu command mode.
Local>> DEFINE PORT 2 PASSWORD ENABLED