DL manuals
Lantronix
Server
SCS
Reference Manual

Lantronix SCS Reference Manual

Manual is about: SCS Secure Console Servers

Page of 424

Download

Print this page

Bookmark us

SCS Reference Manual

For the Lantronix Family of Secure Console Servers

Part Number 900-235

Revision D December 2003

1 2 3 4 5 6 7 Next › »

Summary of SCS

Page 1
Scs reference manual for the lantronix family of secure console servers part number 900-235 revision d december 2003.
Page 2
The information in this guide may change without notice. The manufacturer assumes no responsibility for any errors which may appear in this guide. Copyright 2003, lantronix. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without...
Page 3: Contents
I contents 1: introduction............................................................................................................. 1-1 1.1 what is new................................................................................................................ 1-1 1.2 how to use this manual.....
Page 4
Ii 4: basic remote networking ..................................................................................... 4-1 4.1 remote connection types.......................................................................................... 4-1 4.1.1 remote dial-in ........................................
Page 5
Iii 5.5.1 inactivity logouts..................................................................................................................... 5-10 5.5.2 restricting packets with startup filters................................................................................... 5-10 5.5.3 reducing...
Page 6
Iv 7.2 ncp ............................................................................................................................ 7-3 7.3 starting ppp ............................................................................................................... 7-3 7.3.1 user-initiated ppp .....
Page 7
V 8.10.4 rs-422 networking ............................................................................................................... 8-18 8.11 flow control ............................................................................................................ 8-18 8.11.1 hardware flow con...
Page 8
Vi 11: security................................................................................................................ 11-1 11.1 incoming authentication.......................................................................................... 11-1 11.1.1 character mode logins .................
Page 9
Vii 12.4.4 define ports modem callerid................................................................................................ 12-5 12.4.5 define ports modem carrierwait ...........................................................................................12-5 12.4.6 define ports modem ...
Page 10
Viii 12.6 port commands .................................................................................................... 12-52 12.6.1 list email ............................................................................................................................. 12-52 12.6.2 lock ..........
Page 11
Ix 12.6.59 set slip ............................................................................................................................ 12-96 12.6.60 show/monitor/list ports .................................................................................................... 12-96 12.6.61 sh...
Page 12
X 12.8.35 show/monitor/list timezone ...........................................................................................12-131 12.8.36 show/monitor users ........................................................................................................12-131 12.8.37 source ...............
Page 13
Xi 12.11.5 disk ................................................................................................................................12-182 12.11.6 finger ..............................................................................................................................12-186 1...
Page 14
Xii.
Page 15: 1: Introduction
1-1 1: introduction the lantronix scs family of secure console servers provides secure communication for remote users to access local network resources. Our servers enable it professionals to configure and administer servers, routers, switches, telephone equipment, or any device with a serial port. ...
Page 16
Introduction how to use this manual 1-2 chapter 11, security, offers a comprehensive description of all security features. Chapter 12, command reference, is divided into sections for navigation/help, ip/network, port, modem, service, server, site, and security commands. Appendix a, environment strin...
Page 17: 2: Getting Started
2-1 2: getting started this chapter covers basic configuration that should get you started using the scs. Topics include methods for setting up the scs and ongoing maintenance issues such as restoring factory default settings. You can perform almost all of these configurations using ezwebcon (the re...
Page 18: 2.1.3 Command Line
Getting started configuration methods 2-2 from ezwebcon, select your device and choose manage from the actions menu. Or type your scs’s ip address or resolvable text name into your web browser’s url/location field. Figure 2-2: the web browser interface once you have connected and entered the login p...
Page 19
Getting started configuration methods 2-3 2.1.3.1 entering commands in examples throughout the manual, scs commands and keywords are displayed in upper case for clarity. They may be entered in upper, lower, or mixed case. When entering a string, such as a username or filename, enclose the string in ...
Page 20
Getting started configuration methods 2-4 the set and define commands make configuration changes to your scs. Set makes an immediate (but not permanent) change; the change will be lost when the scs is rebooted. To make the change permanent, you must also enter the save command (discussed on page 12-...
Page 21: 2.2 Rebooting
Getting started rebooting 2-5 an abbreviation must be unique to the desired command. For example, if autoconnect was abbreviated as auto, that auto could denote autobaud, autostart, or autoconnect. Be sure that any abbreviations are unambiguous, such as autoc in the example above. 2.2 rebooting ther...
Page 22
Getting started rebooting 2-6 when initialized, the scs sets local authentication in the first precedence slot. For more information on authentication and precedence, see database configuration on page 11-9. 2.2.3 reloading operational software the scs stores its software in flash rom. The software ...
Page 23: 2.3 System Passwords
Getting started system passwords 2-7 2.3 system passwords the scs has both a login password and a privileged password. These passwords have default settings which should be changed as soon as possible. The following sections discuss each password in more detail. 2.3.1 login password when you open th...
Page 24: 2.3.2 Privileged Password
Getting started system passwords 2-8 2.3.2 privileged password changing any server, site, or port setting requires privileged user status. Use the default username, root, and the default privileged password, system. When you click on a link in the left navigation column of the scs web browser interf...
Page 25: 2.4 Basic Configuration
Getting started basic configuration 2-9 to change the privileged password, use the set/define server privileged password command (discussed on page 12-123). Figure 2-11 displays an example of this command. Figure 2-11: changing the privileged password note: the privileged password is case-insensitiv...
Page 26
Getting started basic configuration 2-10 2.4.3 changing the login prompts when a user logs into the scs, he is prompted for a username, and sometimes a login password. By default, the prompts are username> and password>. The prompts can be changed to be more like unix prompts (login: and password:) ...
Page 27
Getting started basic configuration 2-11 if your timezone is not listed, you will need to set it manually. Use the following information to set the timezone: a three-letter timezone abbreviation; for example, pst the number of hours offset from utc (greenwich mean time); for example, -9:00 the time,...
Page 28
Getting started basic configuration 2-12 the following parameters should be configured only if you are using the scs for 802.11 wireless ethernet networking and plan to use a wireless lan pc card in one of the pc card slots. Users in countries other than the united states must set the region appropr...
Page 29
Getting started basic configuration 2-13 bss basic service set (or cell), a group of wireless devices that speak directly with each other. A bss may consist of at most one ap. Figure 2-20: simple wireless network bss ess extended service set, a network consisting of one or more bsss that share the s...
Page 30
Getting started basic configuration 2-14 other region settings are listed in set/define 80211 region on page 12-30. In the following example, ic sets the region to canada. Figure 2-22: setting the 802.11 region 2.4.5.4 mac address a mac address is a unique identifier that distinguishes different dev...
Page 31
Getting started basic configuration 2-15 2.4.5.7 channel the frequency band allocated to 802.11 wireless communications is subdivided into different channels to allow subnetworking. Your scs needs to know which channel it should use for communications—the channel will be the same as the one being us...
Page 32: 2.5 Configuration Files
Getting started configuration files 2-16 2.5 configuration files once you have configured one scs, you can create a configuration file from those settings and download that file to other devices. A configuration file is a series of commands used to automatically configure an scs. By using a configur...
Page 33
Getting started configuration files 2-17 2.5.2 using a configuration file a configuration file can be downloaded from a tcp/ip host (via tftp). Ensure that tftp downloading is enabled on your host and place the configuration file in a download directory. To download a configuration file to the scs u...
Page 34: 2.6 Disk Management
Getting started disk management 2-18 2.6 disk management the scs contains three filesystems: /flash flash is rewriteable memory that allows you to customize your scs. Any data that you want the scs to save after it is rebooted should be stored on the flash disk. /ram the ram disk stores temporary in...
Page 35
Getting started disk management 2-19 the disk commands described above and on page 12-182 can also be used for file management on the flash card. For example, to back up a flash disk file (data.Txt) to an ata card, use the following commands to create a backups folder on the card and to copy the des...
Page 36
3-1 3: console server features this chapter describes how to configure your scs to serve as a console server. The scs features both in- band management for access to connected devices over ip (e.G. Through telnet and ssh connections directly to the scs), and out-of-band management for access through...
Page 37: 3.2 Event Port Logging
Console server features event port logging 3-2 3.2 event port logging port logging saves all idle data from an scs serial port in a log file. This log file can be accessed by a system administrator after a system crash, and can provide valuable information about the cause of and solution for any pro...
Page 38
Console server features email alerts for serial events 3-3 1 ftp to the scs. 2 type ls to get a listing of log files. 3 “get” or “mget” a copy of the log file (for example., # mget port_1.Log). 3.3 email alerts for serial events once a port is configured for port buffering (as described in event por...
Page 39
Console server features configuring menu mode 3-4 the list email command can be used to show the emailsite configurations for one or more emailsites. If network logging is enabled (set/define logging network enabled), any errors that occur during email notification are stored in the system log. Syst...
Page 40
Console server features configuring menu mode 3-5 3.4.2 menu configuration files if you need to configure menus for multiple sets of users, you should create a menu configuration file. These files provide more flexibility than the command line options and are easier to use when setting up larger men...
Page 41
Console server features configuring menu mode 3-6 5 after endmenu, you can go on to define more menus for other groups of users. Figure 3-9 shows what the above entries would look like in the completed menu configuration file: figure 3-9: completed menu configuration file 6 ftp the file to the scs /...
Page 42: 3.4.3 Nested Menus
Console server features configuring menu mode 3-7 3.4.3 nested menus nested menus are file-based menus that allow you to nest submenus within a menu file. Submenus have to appear in the file before the menu that references them. To use submenus, specify submenu instead of menu for the start of a new...
Page 43: 3.5 Login Banner Pages
Console server features login banner pages 3-8 3.5 login banner pages banner pages allow you to display text messages to users before and after authentication. Banner text information is taken from two files named prelogin.Txt and postlogin.Txt stored in the /ram or /flash directory on the scs. The ...
Page 44
Console server features managing the attached devices 3-9 3.6.2 out of band management to ensure that you can manage attached equipment even if there are network problems, the scs provides an out-of-band management feature. If you have a modem connected to one of the scs serial ports, you can access...
Page 45
Console server features managing the attached devices 3-10 3.6.4.1 serial breaks break conditions originating from serial connections are controlled on a per port basis. Break conditions originating from incoming telnet and ssh connections are based on the settings for port 0, the network (template)...
Page 46
Console server features managing the attached devices 3-11 the table below shows some examples to help you understand how the scs handles breaks. Table 3-1: examples of alternate break sequences if and then the user telnets to a remote network host from a local (scs) serial port the serial port has ...
Page 47
Console server features managing the attached devices 3-12 the user forms a telnet or ssh connection to the scs and issues a connect local command to connect to port 7 (note that port 7’s break settings are not applicable.) and receives a default altbreak character from port 0 the template port (por...
Page 48
Console server features managing the attached devices 3-13 the user forms a tcp connection from a host to port 7 on the scs using socket 3007 and the altbreak character has been defined on port 7 and the altbreak character is detected in the datastream from the host (note that the 30xx range of sock...
Page 49
Console server features serial port configurations 3-14 3.7 serial port configurations this section describes several available configuration and management options for the scs serial ports. These configurations help ensure easy management of the attached devices. 3.7.1 enabling the incoming passwor...
Page 50: 4.1.1 Remote Dial-In
4-1 4: basic remote networking the scs allows remote users to securely connect to local network resources, or two local area networks (lans) to connect to each other. This chapter describes how to initialize, maintain, and disconnect individual remote user dial-ins and lan to lan remote connections....
Page 51: 4.1.2 Lan To Lan
Basic remote networking managing connections with sites 4-2 the scs cannot initiate connections to remote nodes. Remote nodes must call the scs when they wish to communicate with the network. 4.1.2 lan to lan in lan to lan connections, the scs provides a link between two networks. The scs will commu...
Page 52
Basic remote networking managing connections with sites 4-3 3 to manage a connection once it is in place. For example, it may be desirable to control the amount of bandwidth used for a connection. 4 to enable a system administrator to monitor a single connection. For example, a system administrator ...
Page 53: 4.2.3 Editing Sites
Basic remote networking managing connections with sites 4-4 4.2.2 displaying existing sites to display all defined sites, use the list site command. To display currently active sites, use the show site command. To display specific information about sites, the following parameters may be used in conj...
Page 54: 4.2.4 Testing Sites
Basic remote networking managing connections with sites 4-5 4.2.4 testing sites the test site command causes a site to start as if outgoing traffic for the site had come into the scs. It allows users to test sites without having to generate packet traffic. To test a site, enter a command similar to ...
Page 55
Basic remote networking managing connections with sites 4-6 4.2.7 using sites for outgoing connections note: the scs does not support outgoing remote node connections. A site must be configured for each outgoing lan to lan connection. This site controls when and how the scs will call the remote loca...
Page 56
Basic remote networking ip address negotiation 4-7 3 set the ip address of the site to the single non-private (internet) address for your network. If your isp provides a static ip address, the command would look like this: figure 4-11: configuring a static public ip address or, if your isp provides ...
Page 57: 4.4 Ip Routing
Basic remote networking ip routing 4-8 when the scs receives an incoming connection request (remote node or lan to lan), an ip address is negotiated for the caller. The address agreed upon depends on the caller’s requirements; some don’t have a specific address requirement, while others must use the...
Page 58
Basic remote networking ip routing 4-9 while the scs is connected to the remote router, it may learn additional dynamic routes from that remote router. Once these additional routes are entered into the routing table, packets may be routed to these new networks as well. Once the connection is dropped...
Page 59
Basic remote networking ip routing 4-10 remote nodes do not have to make routing decisions, as they can only send network packets to the scs. Therefore, most remote nodes do not need to receive rip packets. Sites that only support remote nodes may turn off rip to reduce traffic on the connection. Fi...
Page 60: 4.5 Incoming Connections
Basic remote networking incoming connections 4-11 to set a site’s ip rip metric, use the define site ip rip metric command. Figure 4-17: configuring a site’s rip metric in the example above, all routes learned through site irvine will be associated with cost 4. The higher the cost number, the less d...
Page 61
Basic remote networking incoming connections 4-12 the port may detect when a ppp or slip packet is received and automatically run the appropriate protocol. The port may be dedicated to ppp or slip; the protocol will automatically run when any character is received. A port may be configured to offer ...
Page 62
Basic remote networking incoming connections 4-13 4.5.1.3 starting ppp or slip on a dedicated port you can dedicate an scs serial port so it automatically runs ppp or slip when that port is started. No other protocol can be run on the port; it will continue to run ppp or slip until the port is logge...
Page 63
Basic remote networking incoming connections 4-14 b the username and password are compared to existing site names. One of the following occurs: 1 if the username matches the name of a site, the site will be checked to see if it has a local password. If it does, this will be compared to the password ...
Page 64
Basic remote networking incoming connections 4-15 to properly configure the serial ports, decide whether ppp or slip will be used, whether the ports will be dedicated to ppp or slip, whether autodetection of ppp or slip will be used, and, if a modem is attached it any of the ports, how it will be co...
Page 65: 4.6 Outgoing Connections
Basic remote networking outgoing connections 4-16 keep in mind that pppdetect and slipdetect will only need to be disabled on ports that have ppp and/or slip enabled. Figure 4-23: disabling autodetection of ppp and slip in order for slip users to perform authentication, slipdetect must be disabled. ...
Page 66: 4.6.2 Telephone Numbers
Basic remote networking outgoing connections 4-17 4.6.1 ports for outgoing connections each site must specify which scs ports may be used for outgoing connections. More than one port may be specified; for example, site dallas might specify that port 2 or port 3 could be used for outgoing connections...
Page 67
Basic remote networking outgoing connections 4-18 the password sent is a site-specific password called the remote password. The remote password is used only for outgoing connections, and must be sent via ppp. See configure authentication on page 4-19 for configuration instructions. Slip does not sup...
Page 68
Basic remote networking outgoing connections 4-19 to display the current configuration, use the list site command. Figure 4-29: listing a site’s configuration list site can be used with a number of parameters, which display different aspects of a site’s configuration. For example, list site ports wi...
Page 69
Basic remote networking monitoring networking activity 4-20 the instructions in this section will not be necessary. Continue to configure routing on page 4-20. Before configuring authentication, ensure that you have the username and password required to log into the remote router. In addition, deter...
Page 70: 4.8 Examples
Basic remote networking examples 4-21 during active connections, show/monitor site commands will display the current state of the site or of its assigned ports. The state of the port or site depends on the activity taking place. For example, a port may be in an idle state, then transition to an on-l...
Page 71
Basic remote networking examples 4-22 ip users in a remote office in dallas must connect to ip network 192.0.1.0, which is located at the company headquarters in seattle. The scs in seattle never calls dallas. The scs in seattle must support character mode users as well as the scs in dallas. After 6...
Page 72
Basic remote networking examples 4-23 the scs in seattle must also be able to call dallas. Ip traffic must be transferred between seattle and dallas. Ip users in dallas must connect to ip network 192.0.1.0 in seattle. Ip users in seattle must connect to ip network 192.0.2.0 in dallas. Both servers a...
Page 73
Basic remote networking examples 4-24 the seattle scs will have different authentication, telephone, site and router information than the scs in dallas. In all other respects, it is configured identically to the dallas scs. Figure 4-38: seattle scs configuration 4.8.3 remote dial-in user example thi...
Page 74
Basic remote networking examples 4-25 to display a list of modem profiles, enter the list modem command. Once you identify the appropriate profile for the attached modems, assign it to the port using the define port modem type command. Figure 4-40: configuring the modems 4.8.3.2 define the ip addres...
Page 75: 5.1 Basic Security
5-1 5: additional remote networking this chapter discusses how to “fine-tune” remote networking and related features on your scs. Performance and cost issues are covered, as well as how to manage bandwidth on demand, use direct connections and leased lines, and restrict access to the scs. Topics dis...
Page 76: 5.1.2 Filter Lists
Additional remote networking basic security 5-2 3 enable authentication on each port that will be used for incoming logins. Figure 5-2: enabling port authentication 5.1.2 filter lists filters enable the scs to restrict packet traffic. Each filter specifies a particular rule, for example, only ip pac...
Page 77: 5.2 Chat Scripts
Additional remote networking chat scripts 5-3 1 deny all ip traffic matching a particular rule 2 allow any packet when this filter list is used, all ip traffic matching the specified rule is discarded. Therefore, some ip packets are discarded without being compared to the second filter. To prevent a...
Page 78: 5.2.4 Setting Markers
Additional remote networking bandwidth on demand 5-4 to determine the number of a particular line, display the script using the list site chat command. All chat script entries for that site will be displayed. 5.2.3 configuring timeouts the define site chat timeout command enables you to configure th...
Page 79
Additional remote networking bandwidth on demand 5-5 by default, sites will only attempt to bring up one port to a remote site in a lan to lan connection. If the amount of incoming data on the ethernet exceeds the current bandwidth of the serial port (and the scs is configured not to dial up additio...
Page 80
Additional remote networking bandwidth on demand 5-6 5.3.3 configuring bandwidth allocated to sites to configure bandwidth, follow the instructions in the following sections. 5.3.3.1 estimate each port’s bandwidth before sites can be configured to use particular bandwidths, the bandwidth of each scs...
Page 81
Additional remote networking bandwidth on demand 5-7 5.3.3.3 specify the bandwidth measurement period a period must be specified (in seconds) during which the scs will measure a site’s use of bandwidth. The measurement taken during this period will be compared to the add and remove values (see below...
Page 82
Additional remote networking increasing performance 5-8 5.3.4 displaying current bandwidth settings to display a site’s current bandwidth settings, use the list site bandwidth command. Figure 5-13: current bandwidth settings to display how the scs is currently managing a particular site’s use of ban...
Page 83: 5.4.3 Adding Bandwidth
Additional remote networking increasing performance 5-9 5.4.2 compressing data and correcting errors the amount of data that can be transmitted at once (throughput) can be increased by using data compression. Data compression enables a device such as a modem to transfer a larger amount of data at on...
Page 84: 5.5 Reducing Cost
Additional remote networking reducing cost 5-10 5.5 reducing cost 5.5.1 inactivity logouts the scs can be configured to log out a particular site after a certain period of inactivity (referred to as idle time). To configure an inactivity timeout, the site must be allocated a maximum idle time in sec...
Page 85
Additional remote networking reducing cost 5-11 5.5.5 restricting connections to particular times sites can be configured to permit outgoing connections only within particular time ranges on particular days. For example, outgoing connections can be restricted to monday through friday, between 9 a.M....
Page 86: Width
Additional remote networking reducing cost 5-12 to display the site restrictions you’ve configured, use the list site time command. Figure 5-20: displaying site restrictions 5.5.6 increasing requirements for adding additional band- width the scs will periodically measure how much bandwidth a particu...
Page 87
Additional remote networking using the scs without dialup modems 5-13 5.6 using the scs without dialup modems the scs may be configured to allow remote node and lan to lan functionality without using modems; dial-on demand features will be ignored. 5.6.1 situations where dialup modems are not used t...
Page 88
Additional remote networking using the scs without dialup modems 5-14 5.6.2 configuring the unit for modemless connections the scs should initiate the connection at boot time and should not time out the connection. The following configuration is recommended: idle timeouts are disabled. Rts/cts flow ...
Page 89
Additional remote networking character mode sites 5-15 5.6.2.2 slip figure 5-23 displays the commands required if slip is used. Both sides of the leased line should be configured using these commands. Figure 5-23: scs configuration without modems: slip if static routing is to be used on the line, ro...
Page 90: 5.8 Examples
Additional remote networking examples 5-16 5.8 examples 5.8.1 creating a chat script figure 5-25 displays a sample chat script. This script will send a series of text strings to the remote host, and will expect particular strings in return. If an expected string is not received from the remote host,...
Page 91
Additional remote networking examples 5-17 the following example restricts access during the weekend hours between 5:00 p.M. On friday and 6:00 a.M. On monday. Two commands are used to configure the necessary blocks of time: one that spans friday evening to saturday just before midnight, and one tha...
Page 92: 6: Ip
6-1 6: ip this chapter explains some important concepts about ip addressing, configuration, and routing. To configure ip for remote networking, see chapter 4, basic remote networking, and chapter 5, additional remote networking. For specific ip commands, see ip/network commands on page 12-18. This c...
Page 93
Ip ip addresses 6-2 in most network examples, the host portion of the address is set to zero. Consider the ip address 36.1.3.4. This address is a class a address, therefore, the network portion of the address is 36.0.0.0 and the host portion is 1.3.4. The subnet portion of the ip address represents ...
Page 94
Ip ip addresses 6-3 to avoid routing and security problems, the scs should restrict incoming callers to a particular address or range of addresses. This restriction may be defined in each site to force each caller to use a unique ip address; see specifying a site’s ip address range on page 6-3 for c...
Page 95
Ip ip addresses 6-4 6.1.1.3 assigning a specific ip address for a site to require that incoming callers to a particular site use a specific ip address, use the define site ip remoteaddress command. Figure 6-3: specifying a specific ip address when an incoming caller requests an ip address, the reque...
Page 96: 6.2 Subnet Masks
Ip subnet masks 6-5 all incoming slip users that do not use a custom site will use the default site for the connection. To require that default site users use an ip address from the pool, use the define site default ip remoteaddress command. Figure 6-8: using the address pool for the default site 6....
Page 97: 6.3 Name Resolving
Ip name resolving 6-6 to display the subnet mask, use the show ip command. Figure 6-11: show ip output the scs will not change the subnet mask once it is set. If the scs ip address is changed to a different class, for example, from a class b to a class c address, the subnet mask will remain a class ...
Page 98
Ip name resolving 6-7 6.3.1 configuring the domain name service (dns) to use the dns for name resolution, use the set/define ip nameserver command. Figure 6-13: setting the domain name server to specify a backup nameserver, use the set/define ip secondary nameserver command. If the first nameserver ...
Page 99: 6.4 Header Compression
Ip header compression 6-8 6.4 header compression each site may enable or disable compression of ip header information. When a site is created, ip header compression will be enabled by default. When ip headers are compressed, the scs replaces the packet’s header with a slot number. This number is ass...
Page 100
Ip establishing sessions 6-9 6.5.1 telnet and rlogin sessions telnet is an industry-standard protocol that enables users anywhere on a network to access a remote host and start a terminal session. Telnet connections do not require that either end of the connection know the hardware/software used on ...
Page 101: 6.5.2 Ssh Sessions
Ip establishing sessions 6-10 if the scs port has been configured with a terminal type (such as vt100), this information will be sent to the remote host during the session. To configure the terminal type, use the set/define ports termtype command. Figure 6-23: setting terminal type rlogin can be a s...
Page 102
Ip establishing sessions 6-11 when the scs first powers on, it generates an ephemeral host key that is regenerated every hour. Incoming ssh connections are not permitted until this key generation is complete. Outgoing ssh is not affected. 6.5.2.1 permanent host keys when you power on the scs for the...
Page 103
Ip establishing sessions 6-12 copy the contents of the public key file to a text file, and save the file with the name authorized_keys. (authorized_keys is case sensitive). Note: make sure there is no file extension. In windows, you may need to save the file as a .Txt file and then rename the file t...
Page 104
Ip establishing sessions 6-13 5 reboot the scs. Figure 6-27: rsa method from unix (openssh) - no passphrase figure 6-28: rsa method from unix (openssh) - with passphrase new authentication keys are generated within a few minutes based on the list of authorized user public keys. A file called host_rs...
Page 105
Ip establishing sessions 6-14 3 change directories to /flash/ssh/. 4 “put” the authorized_keys2 file into that directory. 5 reboot the scs. New authentication keys are generated within a few minutes based on the list of authorized user public keys. A file called host_dsa_key contains the authorized ...
Page 106
Ip establishing sessions 6-15 for example, if authentication is enabled on virtual ports (port 0), the user in figure 6-30 will be prompted again for the username and password. Figure 6-30: previously configured user authentication 6.5.2.8 ssh incoming connections (unix and non-unix) note: for a suc...
Page 107
Ip establishing sessions 6-16 5 if your rsa or dsa key is passphrase protected, enter your password. 6 if you are not using an rsa or dsa key, specify the username and password that the scs will use to authenticate you. Figure 6-33: forming an ssh connection 6.5.2.9 outgoing ssh connections to form ...
Page 108: 6.6 Ip Security
Ip ip security 6-17 the ssh command can be followed by an optional command that will be executed on the remote machine, and then the session will end. Place the command in quotes to maintain capitalization. The following command will log user mary into host athena, provide a complete list of files i...
Page 109
Ip ip security 6-18 6.6.1 configuring the security table the ip security table provides rules for checking a tcp/ip connection for legality. To configure the ip security table, use the set/define ip security command. To add an entry to the table, specify a valid ip address, a list of affected ports,...
Page 110: 6.7 Ip Routing
Ip ip routing 6-19 the entire security table can be cleared with the following command. Figure 6-43: clearing the security table 6.7 ip routing tcp/ip internets are usually broken down into networks. Each host on a particular network can only see hosts on its network; to transfer network traffic to ...
Page 111
Ip ip routing 6-20 host routes a host route is a route to a single host. Generally, a host route is entered for each remote node that logs into the scs. Network routes a network route is a route to another network. A network route is used if a host route to the destination doesn’t exist. Default rou...
Page 112
Ip ip routing 6-21 statically statically-entered routes are entered and removed by the administrator. These routes are used when dynamic routes are unavailable. To add a static route to the routing table, use the set/define ip route command. A destination and a path to that destination must be speci...
Page 113: 6.7.3 Using Rip
Ip ip routing 6-22 6.7.3 using rip rip (routing information protocol) is the dynamic routing protocol supported by the scs. Throughout this manual, the term “rip” refers to rip version 1. Rip is automatically enabled on all scs interfaces, including sites. For a complete discussion of rip options, i...
Page 114
Ip displaying the ip configuration 6-23 nbns will allow windows clients to use the network neighborhood browser without any additional configuration on the windows host. Note: nbns is also called wins. 6.7.6 routing and subnetworks when dividing a network into subnetworks, ensure that subnetworks ar...
Page 115
Ip displaying the ip configuration 6-24 the show ip interface command displays a one-line summary for each of the router’s interfaces. There will always be an interface for the ethernet, as displayed in figure 6-51. When sites are active, interfaces to these sites will be displayed. The uptime field...
Page 116: 6.9 Examples
Ip examples 6-25 the source field indicates how the route was added to the table; statistically, locally, or from rip. The timer field displays how long (in minutes:seconds format) the scs will continue to use this route. For static and local routes, this field will display a series of dashes (----)...
Page 117: 6.9.2 General Ip Setup
Ip examples 6-26 all incoming callers that do not specify a particular site (such as bob or frank) will use the default site for the connection. To require that default site users use an ip address from the pool, use the define site default ip remoteaddress command. Figure 6-57: using the address po...
Page 118: 7: Ppp
7-1 7: ppp the scs can use ppp, the point-to-point protocol, to transmit high layer protocols over a serial link, isdn connection, or other point-to-point based connection. Unlike slip (the serial line internet protocol), which can also be used with the scs, ppp supports authentication, escape seque...
Page 119: 7.1.4 Ppp Authentication
Ppp lcp 7-2 escaping characters is often used with xon/xoff flow control. This method of flow control, used with many modems, involves treating two characters (hex 0x11 and hex 0x13) in a special manner. Applications that use these characters (such as certain text editors) may incorrectly trigger xo...
Page 120: 7.1.5 Cbcp
Ppp ncp 7-3 on incoming connections, the port’s chap or pap configuration will be used to determine the authentication required for the connection. For example, if a remote node was logged into port 2 on the scs and port 2 was configured to use pap to authenticate remote hosts, the remote node would...
Page 121: 7.3.1 User-Initiated Ppp
Ppp multilink ppp 7-4 7.3.1 user-initiated ppp if ppp is enabled for a port, you can start a ppp session from local> mode using the set ppp command. You can specify a site to connect to by appending the site name to the command. 7.3.2 automatic detection of ppp a port may be configured to automatica...
Page 122
Ppp multilink ppp 7-5 note: ensure that other port parameters (such as speed, parity, and flow control) are properly configured for the connection. 2 create a site for the outgoing multilink ppp connection. Figure 7-5: creating the calling site note: all other desired site parameters should be set u...
Page 123
Ppp multilink ppp 7-6 a specify the initial and maximum bandwidths. The maximum bandwidth should not exceed the sum of the bandwidths for all of the ports. Figure 7-9: configuring initial and maximum bandwidths for more information about site bandwidth settings and how to fine-tune them, see configu...
Page 124: 7.7
Ppp restoring default ppp settings 7-7 c enable ppp chap and/or pap authentication on the ports. Figure 7-13: enabling ppp authentication 2 create a site to receive the multilink traffic. The site’s name must match that of the incoming multilink user (see figure 7-11). Figure 7-14: creating the rece...
Page 125: 7.8 Troubleshooting
Ppp troubleshooting 7-8 character mode sites still obey time-of-day restrictions and idle time-outs. All site authentication options for the site are ignored, as are settings for mto, bandwidth, and packet filters. Sites without protocols cannot be started by users logging in serially. Such sites ca...
Page 126: 8: Ports
8-1 8: ports each scs port can be configured in a number of ways. Configuration options include a port’s start method, available sessions, access, serial parameters, and flow control. 8.1 using port commands most port commands require you to be the privileged user. To become the privileged user, use...
Page 127
Ports starting a port 8-2 8.3.1 waiting for character input by default, each scs port is idle until character input is received (e.G. If a remote user presses the return key). If automatic protocol detection is enabled (see automatic protocol detection on page 8-4), and the scs recognizes a ppp or s...
Page 128: 8.4 Port Modes
Ports port modes 8-3 8.4 port modes an scs port can be used in one of three modes: character mode, ppp mode, or slip mode. The default port mode is character mode.To configure a port to run ppp or slip, see the corresponding sections below. Note: enabling ppp or slip on the serial console port is no...
Page 129: 8.6.1 Multiple Sessions
Ports automatic protocol detection 8-4 8.5 automatic protocol detection an scs port may be configured to automatically detect a ppp or slip packet and, if ppp or slip is enabled on the port, run the appropriate protocol when the first packet is received. This eliminates the need for callers to expli...
Page 130: 8.6.3 Exiting Sessions
Ports port-specific session configuration 8-5 to change the session limit, use the set/define ports session limit command. Figure 8-7: changing the session limit 8.6.2 switching between sessions sessions are organized in the order that they were created. Commands or keyboard equivalents are used to ...
Page 131
Ports port-specific session configuration 8-6 if your keyboard doesn’t have a break key, an equivalent can be specified with the set/define ports local switch command, or with the set/define ports break character command. Figure 8-11: specifying a local switch figure 8-12: specifying an alternate br...
Page 132
Ports port-specific session configuration 8-7 note: the 30xx range of sockets is 8-bit clean. If a break condition is detected on the serial port, nothing happens, because there is no way to propagate a break condition across an 8-bit clean connection. Local break: if the alternate break character i...
Page 133: 8.7.1 Dedicated Protocols
Ports preferred/dedicated protocols & hosts 8-8 to set an environment string to use with a preferred or dedicated host/service, use the following syntax: figure 8-16: using environment strings with preferred/dedicated hosts note: for more information on preferred and dedicated hosts/services, see de...
Page 134: 8.8 Port Restrictions
Ports port restrictions 8-9 8.7.2 preferred/dedicated hosts a port can be assigned a preferred or dedicated ssh, telnet, or rlogin host using the set/define ports preferred and define ports dedicated commands. By entering a sequence of key letters (environment strings) after the tcp parameter, you c...
Page 135
Ports port restrictions 8-10 note: secure ports (set using the set/define ports security command) cannot be locked. To unlock a port without the lock password, a privileged user must use the unlock port command or log out the port using the logout port command. Logout will disconnect all sessions. N...
Page 136: 8.8.4 Automatic Logouts
Ports port restrictions 8-11 8.8.3.2 username/password authentication the set/define ports authenticate command is used to authenticate individual users. When this command is enabled, incoming logins will be prompted for a username/password pair. The username and password entered will be compared to...
Page 137: 8.8.7 Dialback
Ports port restrictions 8-12 8.8.5 restricting commands the security characteristic may be used to limit a user’s access to information about other ports. When security is enabled, only a limited number of commands may be typed at the local> prompt. A user on a secure port are unable to get informat...
Page 138: 8.9.1 Naming A Port
Ports serial port configuration 8-13 8.9 serial port configuration there are a number of configurations that apply specifically to serial transmission. These configurations are a port’s parity, baud rate, and bits per character. The bits per character is set using the set/define ports character size...
Page 139
Ports serial port configuration 8-14 8.9.4 padding return characters by default, the scs will pad carriage returns entered in telnet sessions with null characters. To disable this characteristic, use the set/define ports telnet pad command. Figure 8-34: disabling telnet pad 8.9.5 setting the device ...
Page 141: 8.10.1 Two-Wire Mode
Ports rs-485 configuration 8-16 a large number and varieties of protocols run over rs-485. However, the scs does not convert or interpret serial data. It only moves data between serial and ethernet. Any rs-485 protocol will have to be implemented by host software. Note: see your installation guide f...
Page 142: 8.10.2 Four-Wire Mode
Ports rs-485 configuration 8-17 8.10.2 four-wire mode in four-wire mode, the scs operates in full duplex: one pair of wires functions as the transmit pair, another pair of wires functions as the receive pair, and there is a shield/ground wire for each pair. The scs is able to send and receive data s...
Page 143: 8.10.3 Termination
Ports flow control 8-18 8.10.3 termination rs-485 connections must be terminated properly in order to work. Termination is necessary when using long cable runs, although only end nodes should be terminated. The termination option is disabled by default. Figure 8-46: enabling rs-485 termination 8.10....
Page 144
Ports flow control 8-19 for example, the scs will assert rts when it is ready to accept data. When it can no longer accept data (its buffers are full) it will deassert this signal. A connected modem will monitor the assertion and deassertion of this signal; it will only send data when rts is asserte...
Page 145: 8.12 Serial Signals
Ports serial signals 8-20 refer to flow control on page 8-18 for a description of the different methods. Choose the method that’s most compatible with the modem and applications you’ll be using. 4 configure flow control to configure your modem, refer to the modem’s documentation. To configure flow c...
Page 146
Ports serial signals 8-21 figure 8-51: rj45 serial signals 8.12.1 dsr (data set ready) 8.12.1.1 dsr for automatic logouts an scs port can be configured to automatically log itself out when dsr is no longer asserted; in other words, the port will log out when the modem is disconnected. This can help ...
Page 147: 8.13 Virtual Ports
Ports virtual ports 8-22 rj45 ports have one pin that can be used for either dsr or dcd. If you are using modems, this pin must be wired to the modem’s dcd pin. If you are using another type of device (such as a terminal or printer), this pin should be wired to the device’s dsr pin. Refer to the pin...
Page 148: 8.14 Modem Emulation
Ports modem emulation 8-23 8.14 modem emulation modem mode allows the scs to emulate a modem for performing network connections. To configure specific ports to emulate modems, use the set/define ports modem emulation command.] when the port is in modem mode, the following modem commands are availabl...
Page 149: 9: Modems
9-1 9: modems this chapter discusses how to configure your modem and the scs to work together. If you have an scs200, you can configure a supported modem card to form ppp dialup connections.An installed modem card on the scs200 can be accessed using port number 3. Because the scs does not support pc...
Page 150: 9.2 Modem Speeds
Modems modem speeds 9-2 9.2 modem speeds the modem’s serial speed, measured in bits per second (bps), is the rate at which the modem sends data to a host computer or other device (such as the scs) over its serial port. The modem’s line speed, also measured in bits per second, is the rate at which th...
Page 151: 9.3.1 Using A Profile
Modems modem profiles 9-3 9.3.1 using a profile preconfigured profiles are available for a number of modem types. Each profile contains all settings necessary to appropriately configure that type of modem. To display the list of available profiles, use the show modem command. If your modem is listed...
Page 152
Modems modem profiles 9-4 9.3.2.1 examine the profile display the modem profile by entering the list port modem command. Figure 9-3: displaying modem configuration a series of settings will be displayed. For example, the attention string may be currently set to at, and error correction may be enable...
Page 153: 9.3.3 Profile Settings
Modems modem profiles 9-5 9.3.2.3 edit other settings all settings in a modem profile can be edited with the define ports modem commands. For example, to configure the dial string, use the define ports modem dial command. Figure 9-5: configuring a string 9.3.2.4 enable modem control before a port ca...
Page 154
Modems modem profiles 9-6 commandprefix string this string is placed before all commands sent to the modem except for the attention string. In the unlikely event that your modem doesn’t use a common command prefix for all commands, this string should be left blank; include the appropriate command pr...
Page 155
Modems modem profiles 9-7 getsetup string this string displays the modem’s current configuration. The scs uses this information to determine if the modem’s configuration has changed. It is commonly set to “&v.” when most modems receive the get setup string, they’ll return one page that lists their c...
Page 156: 9.4.1 Initialization
Modems modem and scs interaction 9-8 9.3.4 profiles for modems with external switches some modems, such as usrobotics sportster and courier, have external switches that control the modem’s behavior. Modems that have external switches but do not have predefined modem profiles on the scs should be set...
Page 157: 9.4.3 Incoming Calls
Modems modem and scs interaction 9-9 if the modem responds with the connect string, the call will succeed. If the modem responds with the no carrier, error, no dial tone, or busy strings, or if no response is received in 60 seconds, the call will fail and the modem will be reset (60 seconds is the d...
Page 158: 9.4.6 Error Correction
Modems modem and scs interaction 9-10 before compression can be enabled, flow control must be enabled (see flow control on page 8-18). In addition, the modem’s serial speed must be set higher than the line speed. This enables the scs to keep the modem’s internal data buffer filled with data to compr...
Page 159: 9.4.7 Modem Security
Modems modem and scs interaction 9-11 to enable error correction, use the following command: figure 9-11: enabling error correction note: for this command’s complete syntax, see define ports modem errorcorrection on page 12-10. When error correction is enabled on a port, the scs will send a string t...
Page 160: 9.5 Terminal Adapters
Modems terminal adapters 9-12 for a complete discussion of dialback, see dialback on page 11-5. 9.5 terminal adapters isdn terminal adapters (tas) are similar to modems. Modems convert asynchronous serial signals to a form that can be transmitted via regular phone lines, while terminal adapters conv...
Page 161: 9.7 Examples
Modems examples 9-13 note: the modem init string must be modified to tell the modem to pass caller-id information to the scs. See editing a profile on page 9-3 for more information. Finally, show/monitor/list modem status displays status information about modems connected to scs ports, including the...
Page 162
Modems examples 9-14 port 2’s speed must be set properly for the modem. To determine the appropriate port speed, examine the following table: to determine the maximum baud rate supported by the modem, the port speed must be set and tested. Modem handling must be disabled on the port; if it is enable...
Page 163
Modems examples 9-15 the generic modem profile made a series of configurations to port 2. To determine the current configuration of port 2, use the list port or list port modem command. Figure 9-20: current port configuration the speed for port 2 is now 57600. This speed must be set to the appropria...
Page 164: 9.8 Troubleshooting
Modems troubleshooting 9-16 9.8 troubleshooting to help diagnose any difficulty with your modem setup, it is a good idea to do the following: install a breakout box between the modem and the scs. Set all modem switches to the “normal” position, and remove all jumpers. When the modem and scs are powe...
Page 165
Modems troubleshooting 9-17 all data is corrupted. The ground pins aren’t wired correctly. Verify the wiring. Ensure that the ground pins on the rj45 ports are wired together. The modem’s serial speed does not match the serial speed on the scs port used. Ensure that the serial speeds of the modem an...
Page 166: 10: Modem Sharing
10-1 10: modem sharing modem sharing provides users with individual modem/phone line functionality at a reduced cost. When modems are shared, a group of ip users may use a modem pool to dial out of a lan and connect to a remote host; for example, to connect to a bulletin board service (bbs). This el...
Page 167
Modem sharing services 10-2 ports associated with a service used for modem sharing must support outgoing connections. To support outgoing connections, the port access must be set to dynamic or remote. Figure 10-4: configuring a port for outgoing connections a port associated with a service used for ...
Page 168: 10.2 Sharing Modems
Modem sharing sharing modems 10-3 10.2 sharing modems to share scs modems, you must do one of the following: use the lantronix com port redirector application. Form a tcp connection to a tcp listener socket associated with a service. Form a tcp connection directly to an scs serial port. Log into the...
Page 169: 10.3 Examples
Modem sharing examples 10-4 connecting to a tcp listener service is recommended if more than one modem is being used. The scs will automatically connect the user to the next available modem, avoiding the trail and error process of finding an available port (see connecting to a serial port on page 10...
Page 170
Modem sharing examples 10-5 the modems are connected to an scs as follows: three services will be created for the modems: fastmodems, slowmodems, and slowestmodem. These will be used for the 28,800, 14,400, and 9,600 modems, respectively. Figure 10-12: configuring the scs fastmodems service figure 1...
Page 171
Modem sharing examples 10-6.
Page 172: 11: Security
11-1 11: security the scs enables you to secure your network in a number of ways. Supported security features include: authentication of incoming connections, discussed on page 11-1. Authentication of outgoing lan to lan connections, discussed on page 11-4. Dialback during incoming connection attemp...
Page 173
Security incoming authentication 11-2 to require that users enter the login password when logging into a particular port from another serial port, use the set/define ports password enabled command. Figure 11-2: requiring login password on a port by default, incoming telnet and rlogin connections are...
Page 174: 11.1.2 Ppp Logins
Security incoming authentication 11-3 11.1.2 ppp logins this section covers authentication on ports dedicated to ppp or with pppdetect enabled. If ppp will be started from character mode, see character mode logins on page 11-1. Note: to dedicate a port to ppp or enable pppdetect, see chapter 8, port...
Page 175: 11.1.3 Slip Logins
Security outgoing authentication 11-4 during chap/pap negotiation, the scs will send the site’s username and remote password to the incoming caller. To set a site’s username and remote password, use the define site authentication command: figure 11-10: configuring the site username and remote passwo...
Page 176: 11.3 Dialback
Security dialback 11-5 11.2.1 outgoing character mode connections if the remote device is expecting the information in character mode, the username and password must be sent in a chat script. The chat script should expect the username prompt, send the appropriate username, expect the password prompt...
Page 177
Security dialback 11-6 log out a port and call the user back permit users to bypass the dialback process and connect immediately terminate the connection when unauthorized users attempt to connect note: the port must be configured to use modems; for additional information, see chapter 9, modems. 11....
Page 178
Security dialback 11-7 to add a user to the dialback database, use the set/define dialback command and specify a username and a telephone number. If the user must bypass dialback (regardless of whether dialback bypass is enabled or disabled), specify the bypass parameter. Figure 11-15: adding users ...
Page 179
Security dialback 11-8 if dialback is disabled for the site, the connection will proceed without the dialback step. If normal dialback authentication is enabled for the site, the scs will offer to call the ppp client back at the site-specific telephone number listed in the dialback database. If the ...
Page 180
Security database configuration 11-9 11.4 database configuration five types of databases can store authentication information. The databases can be used in any order or combination, but no more than one of each type may be used. Local authentication database stored in the scs’s permanent memory (nvr...
Page 181
Security database configuration 11-10 local authentication can execute and restrict user commands. Chap may be used for authentication. Disadvantages include: the scs cannot share its databases with other servers. The scs cannot share existing databases. The local database is limited by the size of ...
Page 182: 11.4.2 Kerberos
Security database configuration 11-11 11.4.1.5 forcing selection of a new password users may be forced to select a new password during their next login. This is useful when the user has forgotten his or her password, or to ensure that passwords are changed on a regular basis. Figure 11-23: forcing a...
Page 183
Security database configuration 11-12 11.4.2.1 configuring kerberos the set/define authentication kerberos commands are used for most of the kerberos configuration options. 1 ensure that the scs clock is synchronized with the clock on the kerberos server. The kerberos authentication model attaches t...
Page 184
Security database configuration 11-13 to specify the scs principle, instance, and authenticator, use the set/define authentication kerberos command: figure 11-28: configuring the principle, instance, and authenticator note: the values for principle, instance, and authenticator are case-sensitive. En...
Page 185: 11.4.3 Radius
Security database configuration 11-14 11.4.3 radius the scs supports the remote authentication for dial-in user services (radius) protocol. Radius is a centrally-located client-server security system. Note: the scs supports radius as described in rfc 2138 and is intended to support future versions w...
Page 186
Security database configuration 11-15 3 the radius authentication server decrypts the access-request packet and routes it to the appropriate security checking mechanism, such as a unix password file or kerberos database. Based on the information returned from the security check, one of the following...
Page 187
Security database configuration 11-16 11.4.3.2 radius and character logins when a user attempts to log into the scs via a character-mode session (i.E. Not through ppp or slip), the scs reports a service-type of login: to the radius server. Once the server authenticates the user, it will send one of ...
Page 188: 11.4.4 Securid
Security database configuration 11-17 accounting-start send when a user logs into the scs. This type of packet includes the user’s name, port number, and current configuration. Note: ezwebcon users are logged as administrators. Accounting-stop send when a connection is logged out or otherwise termin...
Page 189
Security database configuration 11-18 if someone eavesdrops on a connection attempt and obtains a passcode, the passcode will not be useful; a new passcode will be required in a few minutes. This enhances the security of telnet connections. Disadvantages include: if the caller attempts to use chap f...
Page 190: 11.5 User Restrictions
Security user restrictions 11-19 11.4.5 unix password file trivial file transfer protocol (tftp) can be used to retrieve files from remote systems. During authentication, the scs can tftp a unix password file and check the username and password fields for the pair provided by a user. The scs cannot ...
Page 191: 11.5.4 Securing A Port
Security user restrictions 11-20 11.5.2 ip address restriction to avoid routing problems and enhance security, the scs can restrict incoming remote networking callers to a particular address or range of addresses. Each site may specify a particular range of acceptable ip addresses. When an incoming ...
Page 192: 11.5.5 Locking A Port
Security user restrictions 11-21 11.5.5 locking a port the lock command may be used to secure a port without disconnecting sessions. When lock is entered, the user will be prompted to enter a password. This port will then be locked until this password is used to unlock it. Figure 11-40 displays an e...
Page 193
Security network restrictions 11-22 unique authentication applies only to ports that have authentication enabled. If user george connects to port2 and then attempts a second connection to port9, the second login will be allowed because port9 does not have authentication enabled. Similarly, if george...
Page 194
Security network restrictions 11-23 to configure a port’s access setting, use the set/define ports access command. Figure 11-45: configuring connection type note: for more information about configuring a port’s access, refer to setting port access on page 8-1. 11.6.4 disabling the ftp and http serve...
Page 195
Security network restrictions 11-24 when a site with an associated filter list receives a packet, the scs will compare the packet against each filter starting with the first filter on the list. If the packet matches any of the filters, the packet will be forwarded or discarded to the filter’s specif...
Page 196: 11.7 Event Logging
Security event logging 11-25 1 when a filter list is created, it must be assigned a name of no more than 12 characters. The remainder of the configuration consists of a series of rules that will filter packet traffic in a particular way. Use the set/define filter command to create a new filter. Figu...
Page 197: 11.7.2 Logging Levels
Security event logging 11-26 to specify the logging destination, use the set/define loggingdestination command. A colon must be appended to the ip address or ip host name. Figure 11-50: specifying logging destination note: the complete syntax of set/define logging is given on page 12-172. To see log...
Page 198
Security event logging 11-27 for example, to record all logins and send the information to the console port, use the following command: figure 11-52: logging all logins 4 incoming/outgoing rip packets 5 resulting routing table 6 contents of all rip packets 7 routed packets modems 1 problems 2 call s...
Page 199: 11.8 Examples
Security examples 11-28 note: logging passwords may compromise security. Each logging level logs all events associated with higher logging levels. For example, if logging level 6 is specified, the events associated with levels 1-5 will also be logged. To disable all logging, use the following comman...
Page 200
Security examples 11-29 when jerry connects to the scs, he is prompted for a login password, then his own username and password. When authenticated, he is automatically telnetted to host venus and logged out of the scs. Jerry will see the following: figure 11-56: results of user authentication with ...
Page 201
Security examples 11-30 11.8.4 outgoing lan to lan connection an scs in dallas must connect to an scs in seattle. The dallas scs must be configured in the following manner: the scs in dallas must have a site for the connection to the seattle scs. The site’s name is seattle. Ppp will be used for the ...
Page 202
Security examples 11-31 denies x-windows traffic, but permits incoming tcp/ip traffic to ports 1023 and higher. Permits dns queries to the local domain name server, 192.0.1.101 permits icmp (internet control message protocol) messages permits outgoing finger requests the firewall will be named fw_i....
Page 203
Security examples 11-32 to permit nntp traffic between the local and remote nntp servers, the following commands are required: figure 11-63: permitting traffic between nntp servers to permit outgoing ftp connections, the following commands are used: figure 11-64: permitting outgoing ftp connections ...
Page 204: 11.8.6 Dialback
Security troubleshooting 11-33 11.8.6 dialback an scs must be configured to prevent all users from connecting with the exception of two users, sam and paul. When sam and paul attempt to connect to the scs, the modem must dial them back to verify their identities. The modem is connected to scs port 2...
Page 205: 12: Command Reference
12-1 12: command reference this chapter describes all commands that can be used with the scs. To recap the types of commands (set/ define, show/monitor/list, clear/purge), see chapter 2, getting started. Most define commands are documented with their corresponding set commands, but some are listed s...
Page 206: 12.2 About Strings
Command reference about strings 12-2 examples of the command cross-references to related commands 12.2 about strings when a command calls for a string, the following two things must be taken into consideration. First, any user-entered strings should be enclosed in quotes to retain the case entered. ...
Page 207: 12.4 Modem Commands
Command reference modem commands 12-3 12.4 modem commands 12.4.1 define ports modem answer permits or prevents a modem from automatically answering the line, optionally after a specified number of rings. Restrictions requires privileged user status. Parameters portlist/all specifies a particular por...
Page 208
Command reference modem commands 12-4 12.4.2 define ports modem attention defines a string to get the modem’s attention. Restrictions requires privileged user status. Parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (fo...
Page 209
Command reference modem commands 12-5 12.4.4 define ports modem callerid configures whether the scs will look for and attempt to decode caller-id information for incoming calls. The scs should be set to wait for three rings before answering the line so that it has enough time to gather the caller-id...
Page 210
Command reference modem commands 12-6 examples local>> define port 2 modem carrierwait 40 see also profile settings—carrierwait string, page 9-5 12.4.6 define ports modem commandprefix defines a string to send before the “init” and other configuration strings. Restrictions requires privileged user s...
Page 211
Command reference modem commands 12-7 disablestring a string of up to 12 characters. When this string is received by the modem, data compression will be disabled note: the disablestring and the enablestring must be entered together. Enablestring a string up to 12 characters. When this string is rece...
Page 212
Command reference modem commands 12-8 12.4.9 define ports modem control enables or disables modem handling on the specified port(s). When modem handling is enabled, the assertion and deassertion of modem signals (dsr, dtr, and dcd) control the port’s interaction with the modem, including initializin...
Page 213
Command reference modem commands 12-9 dialstring a string of up to 12 characters. Often touch tone dialing is activated with “dt” and pulse dialing is activated with “dp.” defaults depends on modem and modem profile. Examples local>> define port 2 modem dial “dt” see also define ports modem commandp...
Page 214
Command reference modem commands 12-10 12.4.12 define ports modem errorcorrection enables or disables error correction in the modem restrictions requires privileged user status. Parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with...
Page 215
Command reference modem commands 12-11 parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). Note: in the absence of a portlist or the all parameter, the configuration will affect the curr...
Page 216
Command reference modem commands 12-12 12.4.15 define ports modem nocarrier defines a string to expect on outbound calls when the modem can dial but doesn’t connect. Restrictions requires privileged user status. Parameters portlist/all specifies a particular port or group of ports, or all ports. Por...
Page 217
Command reference modem commands 12-13 12.4.17 define ports modem ok defines a string to expect after the attention string is sent to the modem. Restrictions requires privileged user status. Parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be s...
Page 218
Command reference modem commands 12-14 12.4.19 define ports modem ring defines a string that the modem returns if it rings. Restrictions requires privileged user status. Parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas ...
Page 219
Command reference modem commands 12-15 12.4.21 define ports modem speaker enables or disables the modem’s speaker. The speaker allows the user to hear the modem’s dialup and connect sequences for debugging purposes. Restrictions requires privileged user status. Parameters portlist/all specifies a pa...
Page 220
Command reference modem commands 12-16 note: in the absence of a portlist or the all parameter, the configuration will affect the current port only. String a string of up to 12 characters. Defaults depends on modem and modem profile. Examples local>> define port 2 modem statistics “statreport” see a...
Page 221
Command reference modem commands 12-17 restrictions you must be the privileged user to use the monitor command. Parameters num a particular modem profile type to display. Examples local> show modem 3 see also modem profiles, page 9-2.
Page 222: 12.5.1 Clear/purge Hosts
Command reference ip/network commands 12-18 12.5 ip/network commands 12.5.1 clear/purge hosts removes a tcp/ip host entry from the scs table of known hosts. If clear is used and the host was seen through the rwho facility, it will reappear as soon as that machine broadcasts again. A host will also r...
Page 223
Command reference ip/network commands 12-19 12.5.4 clear/purge ip route removes a static ip route. Restrictions requires privileged user status. Parameters default clears or purges default ip routes. Address an ip address in standard numeric format (for example, 193.53.2.2). All clears or purges sta...
Page 224: 12.5.7 Connect
Command reference ip/network commands 12-20 12.5.6 clear/purge ip trusted removes all entries from the trusted router table. Restrictions you must be the privileged user to use this command. Parameters address an ip address in standard numeric format (for example, 193.53.2.2). All clears or purges t...
Page 225
Command reference ip/network commands 12-21 parameters ssh establishes an ssh connection to the specified host or, if no hostname is entered, to the preferred host. Host enter a text host name or an ip address in a standard numeric format (for example, 192.0.1.183). Username enter a user name that w...
Page 226: 12.5.8 Disconnect
Command reference ip/network commands 12-22 see also set/define ports password, page 12-78; disconnect, page 12-22; preferred/ dedicated protocols & hosts, page 8-8 12.5.8 disconnect terminates the current session (if no session is specified), the specified session, or all sessions. Examples local> ...
Page 227: 12.5.11 Send
Command reference ip/network commands 12-23 parameters hostname a text hostname or an ip address in standard numeric format (for example, 192.0.1.183). Username a username to use as the login name. See also connect, page 12-20; set/define ports password, page 12-78; telnet and rlogin sessions, page ...
Page 228: 12.5.12 Set/define 80211
Command reference ip/network commands 12-24 synch synchronize 12.5.12 set/define 80211 after you enter an 80211 configuration command, you must reboot the unit for the changes to take effect. You can also enter the set 80211 reset command for all configuration commands except the set/define 802.11 e...
Page 229
Command reference ip/network commands 12-25 controls the antenna(s), if any, on the installed wireless card. Not all antennas can be used for both receive and transmit, so be sure to read your card documentation completely. The default settings should work in most applications. Any configuration cha...
Page 230
Command reference ip/network commands 12-26 parameters opensystem access point will provide the wep key to the scs. Sharedkey static wep key is configured on the scs. Defaults opensystem see also show 80211, page 12-48; 802.11 configuration, page 2-11 12.5.12.4 set/define 80211 channel sets the scs ...
Page 231
Command reference ip/network commands 12-27 12.5.12.5 set/define 80211 essid configures the essid, which tells the scs the name of the extended service set (ess) to which it belongs. Setting an essid ensures that the scs will stay on the desired network subsegment. Any configuration changes you make...
Page 232
Command reference ip/network commands 12-28 12.5.12.6 set/define 80211 fragmentation changes the fragmentation threshold. Any configuration changes you make with the above commands will not take place until you reboot the scs or issue the set 80211 reset command. Restrictions requires privileged use...
Page 233
Command reference ip/network commands 12-29 scs instructs the scs to use its own internal mac address. Defaults scs examples local>> define 80211 macaddress card local>> set 80211 reset see also show 80211, page 12-48; 802.11 configuration, page 2-11 12.5.12.8 set/define 80211 network mode denotes w...
Page 234
Command reference ip/network commands 12-30 12.5.12.9 set/define 80211 power controls the card’s transmit power settings. The numeric power setting specified must exactly match a value supported by the card. Any configuration changes you make with the above commands will not take place until you reb...
Page 235
Command reference ip/network commands 12-31 errors if you enter a region that will not work with your 802.11 card, an error bit will be displayed when you enter the show 80211 command. Parameters regions ic: canada etsi: europe, most countries (verify with your local regulatory body) spain: spain fr...
Page 236
Command reference ip/network commands 12-32 12.5.12.12 set/define 80211 rts changes the rts threshold value. Any configuration changes you make with the above commands will not take place until you reboot the scs or issue the set 80211 reset command. Restrictions requires privileged user status. Onl...
Page 237
Command reference ip/network commands 12-33 restrictions requires privileged user status. Only applies to the scs200. Errors if you enter a command that is not applicable to the 802.11 card currently in use, you will receive an error message. Parameters enabled enables wep. Disabled disables wep. In...
Page 238: 12.5.13 Set/define Hosts
Command reference ip/network commands 12-34 12.5.13 set/define hosts associates a tcp/ip hostname with an ip address in the local host table, allowing you to use the text name for telnet connections even if there is no name server to resolve it. If the given host name has already been configured, th...
Page 239
Command reference ip/network commands 12-35 12.5.14 set/define ip all/ethernet configures all interfaces on an ethernet interface. Restrictions requires privileged user status. Parameters all configures all ip interfaces. Ethernet configures an ethernet interface. To specify the number of the ethern...
Page 240
Command reference ip/network commands 12-36 default if enabled, ip routing updates will advertise this router as the “default” route. Default is commonly used to avoid large routing tables when there is only one possible path to a large number of networks. Mtu sets the maximum transmission unit, or ...
Page 241
Command reference ip/network commands 12-37 trusted when enabled, this interface will only listen to routing updates from routers specified by the set/define ip trusted command. Otherwise, this interface will listen to all routing updates. Defaults ethernet interface number: 0 ttlnum: 1 default, pro...
Page 242
Command reference ip/network commands 12-38 12.5.16 set/define ip domain sets the default domain suffix. This suffix is appended to host names during ip name resolution. Restrictions requires privileged user status. Parameters domainname a string of up to 64 characters. None clears an existing domai...
Page 243
Command reference ip/network commands 12-39 12.5.19 set/define ip ipaddress specifies the server’s ip address for tcp/ip connections. Restrictions requires privileged user status. Errors an error is returned if there are active connections to the scs. An error is returned if the address is in use by...
Page 244
Command reference ip/network commands 12-40 see also configuring the domain name service (dns), page 6-7 12.5.22 set/define ip nat enables and configures basic network address translation (nat) features. Restrictions requires privileged user status. Parameters expire time, in minutes, before a nat e...
Page 245
Command reference ip/network commands 12-41 12.5.23 set/define ip nat table specifies the ip address of the local nameserving host for use on ip connections and netbios connections that use ip. The scs also allows connections from public ip networks to specific ip address/port combinations on the pr...
Page 246
Command reference ip/network commands 12-42 parameters address an ip address in standard numeric format (for example, 193.0.1.50). See also set/define ip nameserver, page 12-39; configuring the domain name service (dns), page 6-7 12.5.25 set/define ip route configures a static route. Static routes a...
Page 247
Command reference ip/network commands 12-43 num an integer from 1 through 16 representing the metric for this route. Defaults metric: 16 (unreachable) examples local>> set ip route 198.8.8.0 next 192.0.1.9 see also clear/purge ip route, page 12-19; show/monitor/list ip route, page 12-49; ip routing,...
Page 248
Command reference ip/network commands 12-44 parameters address the ip address to be restricted. The address can be a full ip address, such as 192.0.180, to restrict one address; it can also be expressed as a partial address, such as 192.0.1.255, to restrict whole subnetworks. An address with a 255 i...
Page 249
Command reference ip/network commands 12-45 12.5.28 set/define ip subnet specifies a subnet mask as an ip address. The mask must be specified using the address parameter. Restrictions requires privileged user status. Parameters mask specifies a subnet mask. Must be used in conjunction with the addre...
Page 250
Command reference ip/network commands 12-46 12.5.30 set/define ip timeserver configures a timeserver for the scs to use to update its internal clock. The scs can communicate with either daytime or network timeserver protocol (ntp) servers. For ntp, the scs can periodically broadcast a message asking...
Page 251
Command reference ip/network commands 12-47 12.5.31 set/define ip trusted configures a list of trusted routers. When set/define ip all/ethernet trusted is enabled, the scs will only listen to rip updates from routers in this list. Restrictions requires privileged user status. Parameters address an i...
Page 252: 12.5.33 Show Ip Counters
Command reference ip/network commands 12-48 12.5.33 show ip counters displays current tcp/ip traffic counters. 12.5.34 show/monitor/list hosts displays either the currently available tcp/ip (telnet/rlogin) hosts (show) or the ones that have been defined locally in the host table (list). Hosts will b...
Page 253
Command reference ip/network commands 12-49 12.5.35 show/monitor/list ip displays the current operating characteristics of the targets. Use the list command to see the permanent attributes that will take effect upon reboot/login. Restrictions you must be the privileged user to use the monitor comman...
Page 254
Command reference ip/network commands 12-50 all displays all defined ip information. Arp displays the current state of the arp table. Counters displays the ip-related counters. Hashtable displays the routing table's hash table statistics. Interfaces displays ip router interfaces. To display ip route...
Page 255: 12.5.36 Ssh
Command reference ip/network commands 12-51 trusted displays trusted ip routers. Timeserver displays the timeserver. Examples local> show ip hashtable local>> show ip interfaces ethernet local>> show ip interfaces ethernet 4 see also netstat, page 12-187; ip/network commands, page 12-18; chapter 6, ...
Page 256: 12.6 Port Commands
Command reference port commands 12-52 12.6 port commands 12.6.1 list email when entered without any parameters, displays all emailsite configurations that will take place the next time that emailsite is used. Using the emailsite parameter will show the configurations for that specific site, while th...
Page 257: 12.6.3 Logout Port
Command reference port commands 12-53 12.6.3 logout port logs out a port. Active sessions are disconnected, and all site circuits are closed. Restrictions only privileged users can log out a port or site other than their own. Parameters port logs out the list of ports specified with the portlist par...
Page 258: 12.6.5 Purge Email
Command reference port commands 12-54 12.6.5 purge email removes an emailsite. Restrictions requires privileged user status. Parameters emailsite enter the name of an emailsite. See also define email, page 12-55; define ports event email serialdata, page 12-71; event port logging, page 3-2 12.6.6 re...
Page 259: 12.6.8 Snoop Port
Command reference port commands 12-55 12.6.8 snoop port enables you to watch the data traffic on a local serial port. Restrictions requires privileged user status. Parameters portnum specifies a particular scs port to watch. In displays only data coming into the serial port from an attached device. ...
Page 260
Command reference port commands 12-56 note: dynamic print variables are case-sensitive. You must use all capital letters in the variables to avoid problems. Restrictions requires privileged user status. Parameters emailsite enter the emailsite name. The only valid names are “default” and “portxx,” w...
Page 261
Command reference port commands 12-57 string enter a character string with a maximum length of 32 characters. Enclose the string in quotes to preserve case and spaces. Mailhost sets the smtp mailhost. Enter a string with maximum length of 24 characters. Enclose the string in quotes to preserve case ...
Page 262
Command reference port commands 12-58 remote the specified ports accept only network connection requests. No local logins are permitted. Defaults dynamic examples local>> define ports all access local see also setting port access, page 8-1; limiting port access, page 11-22 12.6.11 set/define ports a...
Page 263
Command reference port commands 12-59 restrictions requires privileged user status. Errors autobaud and autostart cannot be used together. If you try to configure both options, you will get a message saying that the previously configured option was disabled. Parameters portlist/all specifies a parti...
Page 264
Command reference port commands 12-60 12.6.14 set/define ports autostart determines whether the specified port will wait for a carriage return or pre-set character(s) before starting a connection. Enabling autostart causes the port to start connections automatically. Autostart can also be configured...
Page 265
Command reference port commands 12-61 x enter the desired alphanumeric character. To specify a control character, use escaped hex (\xx). For example, ctrl-b (ascii character 0x02) would be specified as \02. Y enter the optional second alphanumeric character. To specify a control character, use escap...
Page 266
Command reference port commands 12-62 restrictions requires privileged user status if you want to use this command on ports other than your own. Parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (fo...
Page 267
Command reference port commands 12-63 note: in the absence of a portlist or the all parameter, the configuration will affect the current port only. Character specifies an alternate break character. This is useful for terminals that cannot generate a break condition, telnet clients that cannot genera...
Page 268
Command reference port commands 12-64 12.6.18 set/define ports broadcast enables or disables other users’ broadcasts to this port. Broadcasts are typically disabled when extra messages are not desired on the port’s output device. Restrictions requires privileged user status if you want to use this c...
Page 269
Command reference port commands 12-65 restrictions requires privileged user status if you want to use this command on ports other than your own. Secure users may not use this command. Errors autobaud only works for 8 bits, or for 7 bits with even parity. Parameters portlist/all specifies a particula...
Page 270
Command reference port commands 12-66 12.6.21 set/define ports datasend changes the amount of time the scs will allow serial characters to accumulate before sending them to the host. Several different triggers can be used to notify the scs when to send the accumulated data. You can specify a “timeou...
Page 271
Command reference port commands 12-67 frame defines the timeout as the time since the current “character burst” was started. None clears previous timeout settings, so the transmission takes place whenever the scs decides to send the data. Character sets a trigger that transmits any accumulated data ...
Page 272
Command reference port commands 12-68 12.6.22 define ports dedicated sets up a dedicated rlogin, ssh, or telnet host or service that the specified port will connect to whenever it is logged in. The type of dedicated connection is specified with the environment string. If no environment string is spe...
Page 273
Command reference port commands 12-69 envstring sets up the connection environment before the session is started. For a description of all available environment strings, see appendix a, environment strings. If no environment string is specified with the tcp parameter, the connection will default to ...
Page 274
Command reference port commands 12-70 12.6.23 define ports dialback turning on dialback causes the scs to check the dialback table (see set/define dialback) each time a user logs in. If the entered username is not in the table, the port is logged out. If the username is in the table, the port is log...
Page 275
Command reference port commands 12-71 errors modem control and dsrlogout are mutually exclusive. Parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). Note: in the absence of a portlist or...
Page 276
Command reference port commands 12-72 when email notification is enabled, an email is triggered when the specified serial port receives a burst of 20 or more characters in its serial log. The port will buffer the incoming data for up to 25 seconds or until the log file reaches 1500 bytes before send...
Page 277
Command reference port commands 12-73 defaults xon examples local>> set ports flow control cts see also set/define ports dtrwait, page 12-71; flow control, page 8-18 12.6.28 set/define ports forward switch defines a “forward” key. From character (local>) mode, typing this key functions as if the for...
Page 278
Command reference port commands 12-74 12.6.29 set/define ports inactivity logout enables automatic logout of the port if it has been “inactive” for a set period of time. Inactive is defined as having no keyboard or network activity on the port. The port’s open connections (if any) will be closed bef...
Page 279
Command reference port commands 12-75 parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). Note: in the absence of a portlist or the all parameter, the configuration will affect the curre...
Page 280
Command reference port commands 12-76 see also notification of character loss, page 8-13 12.6.32 set/define ports menu specifies whether or not the port will be placed in menu mode at login. If it is disabled, the local> prompt will appear at login. If it is enabled, a menu screen will be displayed;...
Page 281
Command reference port commands 12-77 defaults disabled see also modem emulation, page 8-23 12.6.34 set/define ports name sets a unique name for each port, or a common name for a group of ports. Giving the same name to several ports may be desirable, for example, when you want to label them as modem...
Page 282
Command reference port commands 12-78 parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). Note: in the absence of a portlist or the all parameter, the configuration will affect the curre...
Page 283
Command reference port commands 12-79 12.6.37 set/define ports pocketpc allows the scs to work with pocketpc type devices. Enables and disables client/server negotiation when starting a ppp connection. Restrictions requires privileged user status. Parameters portlist/all specifies a particular port ...
Page 284
Command reference port commands 12-80 rlogin specifies that the service is a default rlogin connection. Must be used in conjunction with the hostname parameter. Ssh specifies that the service is a default ssh connection. Must be used in conjunction with the hostname parameter. Tcp specifies that the...
Page 285: 12.6.39 Define Ports Ppp
Command reference port commands 12-81 12.6.39 define ports ppp enables ppp to run on the specified port and configures ppp-related settings. This command does not start ppp. You can use this command to specify a per port username and password to authenticate information outbound from the scs, for ex...
Page 286
Command reference port commands 12-82 accm enters an asynchronous control map in hexadecimal. Bits turned on represent ascii characters that will be escaped in the ppp data stream. See character escaping on page 7-1 for more information. Map a hexadecimal value between 0x00000000 and 0xffffffff. Xon...
Page 287
Command reference port commands 12-83 protocolcompression configures the compression of protocol information in ppp. Timeout sets the timeout value, in tenths of seconds, for the link control protocol and all network control protocols. Time an integer between 1 and 255, representing a length of time...
Page 288
Command reference port commands 12-84 see also define ports pppdetect, page 12-84; purge port ppp, page 12-53; show/ monitor/list logging ppp, page 12-179; set ppp, page 12-95; show/monitor/ list ports ppp, page 12-96; chapter 7, ppp 12.6.40 define ports pppdetect automatically detects incoming ppp ...
Page 289
Command reference port commands 12-85 12.6.42 set/define ports security setting a port to secure status restricts its access to scs commands and the ability to get information about other ports using show/list commands. Privileged commands are not available to secure users. Certain other commands ca...
Page 290
Command reference port commands 12-86 number the maximum size, in kb, of the log file. Enter an integer between 0 and 250. A value of 0 turns logging off. Defaults no logging see also set/define ports access, page 12-57; define email, page 12-55; define ports event email serialdata, page 12-71; even...
Page 291
Command reference port commands 12-87 restrictions requires privileged user status. Parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). Note: in the absence of a portlist or the all para...
Page 292
Command reference port commands 12-88 12.6.47 set/define ports slipdetect automatically detects and starts running slip. Be aware that automatically running slip is a potential security hazard. Restrictions requires privileged user status. Parameters portlist/all specifies a particular port or group...
Page 293
Command reference port commands 12-89 examples local>> set ports speed 2400 see also set/define ports autobaud, page 12-58; modem speeds, page 9-2 12.6.49 set/define ports stop specifies the stop bit count for the port. The default is to use one stop bit. Restrictions requires privileged user status...
Page 294
Command reference port commands 12-90 parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separated with commas (for lists) or dashes (for ranges). Note: in the absence of a portlist or the all parameter, the configuration will affect the curre...
Page 295
Command reference port commands 12-91 describes the type of device connected to the port. Restrictions requires privileged user status to use this command on ports other than your own. Parameters portlist/all specifies a particular port or group of ports, or all ports. Port numbers should be separat...
Page 296
Command reference port commands 12-92 defaults none see also specifying a username, page 8-13 12.6.54 set/define ports verification when enabled, the server will issue informational messages whenever a session is connected, disconnected, or switched. Restrictions requires privileged user status if y...
Page 297
Command reference port commands 12-93 see also set/define ports security, page 12-85; privileged password, page 2-8 12.6.56 define protocols rs485 enables rs-485 networking and configures the necessary rs-485 parameters on the scs200. Restrictions requires privileged user status. Errors only applies...
Page 298: 12.6.57 Set Session
Command reference port commands 12-94 termination enable termination whenever you are using long cable runs and disable it at other times. Only end nodes should be terminated. Txdrive controls how the scs drives the tx pin. Always sets the scs to drive tx. The scs will never tristate tx, even if dat...
Page 299: 12.6.58 Set Ppp
Command reference port commands 12-95 backspace set session delete backspace sends a backspace character (ascii 0x8, or ctrl-h). Echo enabling asks the unit to echo for tcp connections. The default is disabled, on the assumption that the remote host will provide echoing. Newline changes what is sent...
Page 300: 12.6.59 Set Slip
Command reference port commands 12-96 parameters ipaddress defines the non-negotiable remote ip address. Address an ip address in standard numeric format (for example, 193.0.1.50). Sitename a name of 12 characters or less. If no site name is given, a site with the default site characteristics will b...
Page 301
Command reference port commands 12-97 these commands display information about the server’s ports. The current port is the default, unless another port number or all is specified. You can also get information about all the local ports having a particular access value. If no keywords are added to the...
Page 302: 12.6.61 Show Rs485
Command reference port commands 12-98 summary displays a one-line summary of information about the specified ports. The information includes type of access, status, and services offered. The summary option shows the access type, any offered services, and the login status of the port. Ppp displays in...
Page 303: 12.6.63 Test Port
Command reference port commands 12-99 parameters portnum specifies a particular port. All displays the sessions currently running on all ports. Examples local> show session local> show session port 5 see also set/define ports security, page 12-85; port-specific session configuration, page 8-4 12.6.6...
Page 304: 12.6.64 Unlock Port
Command reference port commands 12-100 dtr lowers and then raise the dtr signal on the serial port. If a delay is not specified, dtr will lower for approximately one second and then raise. Delay lowers dtr will for the specified delay length, then raises dtr. Time enter a delay time from 50 to 3,000...
Page 305: 12.7 Service Commands
Command reference service commands 12-101 12.7 service commands 12.7.1 clear/purge service removes an scs service. Clearing a service only disables it until re-initialization of the scs. For a permanent removal, the purge command must be used. Restrictions requires privileged user status. Errors cle...
Page 306: 12.7.3 Set/define Service
Command reference service commands 12-102 number a queue entry number. Node specifies a particular node from which all connection requests will be removed. Must be used in conjunction with the name parameter. Service specifies a particular local service; all entries queued to this service will be de...
Page 307
Command reference service commands 12-103 12.7.4 set/define service banner specifies whether the scs should print a banner page before starting the job. Banners should be disabled (the default) for all postscript and plotter (binary) data. Restrictions requires privileged user status. Defaults enabl...
Page 308
Command reference service commands 12-104 none clears any previously-configured string. Defaults no string configured see also clear/purge service, page 12-101 12.7.7 set/define service formfeed if enabled (the default), the scs will append a formfeed at the end of any lpr print jobs. Restrictions r...
Page 309
Command reference service commands 12-105 12.7.9 set/define service password provides a password for the specified service. Local connections to service and ip connections to telnetport or tcpport sockets will be prompted for this password. Restrictions requires privileged user status. Parameters pa...
Page 310
Command reference service commands 12-106 12.7.11 set/define service postscript if enabled, the scs will assume there is a postscript printer attached to the service ports and will try to ensure a job is done before starting another. It will send a ctrl-d to the attached device and wait for the new ...
Page 311
Command reference service commands 12-107 12.7.14 set/define service soj specifies a string to be sent to the attached device at the start of every access regardless of network protocol. Restrictions requires privileged user status. Parameters startstring any ascii characters, or a backslash and two...
Page 312
Command reference service commands 12-108 12.7.16 set/define service telnetport associates a tcp listener socket with the given service. Tcp connections to this socket will be connected to the service. Unlike the tcpport option, a telnetport socket will do telnet iac negotiations on the data stream....
Page 313
Command reference service commands 12-109 status displays full information for the specified services including network address, protocol version, and other services that node offers. Examples local> show service lab5_prtr status local> monitor service local summary see also clear/purge service, pag...
Page 314
Command reference service commands 12-110
Page 315: 12.8 Server Commands
Command reference server commands 12-111 12.8 server commands 12.8.1 clear/purge menu removes a specified menu entry or all menu entries. Restrictions requires privileged user status. Parameters all clears all menu entries. Menunum an integer from 1 through 36 specifying a particular menu entry to b...
Page 316: 12.8.3 Set/define Menu
Command reference server commands 12-112 delay schedules the initialization to take place after a specified number of minutes. Must be used in conjunction with the delay parameter. Delay an integer between zero and 120, representing seconds before the initialization. Zero specifies an immediate rebo...
Page 317
Command reference server commands 12-113 parameters itemnum a number (1 through 36) and corresponds to the menu entry you are changing. String a text string, up to 32 characters long, that is displayed to users in the menu screen. Command a string of text, up to 32 characters long, that is displayed...
Page 318
Command reference server commands 12-114 12.8.4 set/define protocol ftp enables or disables the on-board ftp server. Disabling the ftp server results in greater security. Defaults enabled see also disabling the ftp and http servers, page 11-23 12.8.5 set/define protocol http controls whether the use...
Page 319
Command reference server commands 12-115 parameters v1only the scs offers only sshv1 incoming and outgoing connections. V1prefer the scs offers both v1 and v2 incoming (host to scs) connections, and the client chooses. If both versions are available, the scs chooses sshv1 for (scs to host) outgoing ...
Page 320
Command reference server commands 12-116 12.8.9 set/define server bootgateway specifies a bootgateway, which allows a router to be used when the scs attempts to download new code through a routed network. Restrictions requires privileged user status. Parameters ipaddress an ip address in standard nu...
Page 321
Command reference server commands 12-117 defaults 4096 bytes examples local>> set server buffering 1024 12.8.12 set/define server clock manually sets. The date and time information on the server clock. Restrictions requires privileged user status. Parameters time enter the time in 24-hour hh:mm:ss f...
Page 322
Command reference server commands 12-118 12.8.14 set/define server host limit sets the maximum number of tcp/ip hosts learned from rwho that the server will keep information for. Hosts from the preset host table are exempt from this limit. If the new limit is less than the current limit and the host...
Page 323
Command reference server commands 12-119 examples local>> define server inactivity limit 20 see also set/define ports inactivity logout, page 12-74 12.8.16 set/define server incoming allows or denies incoming connections and enforces password protection if desired. If none is applied, incoming ssh c...
Page 324
Command reference server commands 12-120 see also set/define server rlogin, page 12-125; set/define server login password, page 12-121; login password, page 8-10 , restricting connections to ssh, page 6-17 , disabling http and ftp, page 6-17 12.8.17 set/define server loadhost specifies the host to b...
Page 325
Command reference server commands 12-121 12.8.19 set/define server login password specifies the password that is used to log in to the server from the serial ports or the network. If the password is not given on the command line, you will immediately be prompted to enter the password, which will not...
Page 326
Command reference server commands 12-122 12.8.21 set/define server nameserver specifies the ip address of the name server (if any) for tcp/ip connections. This host will attempt to resolve text hostnames into numeric form if the local host table is unable to do so. Restrictions requires privileged u...
Page 327
Command reference server commands 12-123 defaults 3 tries examples local>> set server password limit 10 see also set privileged/noprivileged, page 12-92; set/define ports authenticate, page 12-58 12.8.23 set/define server privileged password sets the password for becoming the “superuser” of the serv...
Page 328
Command reference server commands 12-124 parameters promptstring the following parameters can be included in the prompt string: defaults local_%n%p examples (shown with the prompt that might result on the next line) local>> set server prompt “port %n:” port 3: set server prompt “%d:%s!” scs1600:labs...
Page 329
Command reference server commands 12-125 12.8.25 set/define server rarp enables or disables querying for a rarp host at system boot time. Restrictions requires privileged user status. Defaults enabled see also your installation guide 12.8.26 set/define server retransmit limit specifies the number of...
Page 330
Command reference server commands 12-126 12.8.28 set/define server session limit sets the limit on active sessions per port. Each port can have an additional limit less than or equal to this limit. Restrictions requires privileged user status. Parameters limit a number between zero and 8. None the m...
Page 331
Command reference server commands 12-127 for tftp loading, the complete path of the file can also be specified if the file is located in a directory other than the default. The path name can be up to 31 characters in length not counting the file name. The full path must be enclosed in quotes to pres...
Page 332
Command reference server commands 12-128 examples local>> define server startupfile “bob:start” retry 6 see also editing boot parameters, page 2-6; your scs installation guide 12.8.32 set/define server timezone manually sets the timezone for the scs. Restrictions requires privileged user status. Par...
Page 333
Command reference server commands 12-129 none specifies that no timezone will be used. Examples local>> define server timezone america/eastern local>> define server timezone hst -10 local>> define server timezone met 1:00 met-dst 1:00 mar lastsun 2:00 sep lastsun 2:00 (in the last example above, met...
Page 334
Command reference server commands 12-130 clock displays the local time and date and the utc (gmt) time and date. Counters counters can be reset to zero with the zero counters all command. Displays the accumulated error counters for the ethernet and tcp/ip protocols. The four-digit bit position numbe...
Page 335: 12.8.37 Source
Command reference server commands 12-131 12.8.35 show/monitor/list timezone displays a table of timezone abbreviations which can be used to select a timezone for the server. Restrictions you must be the privileged user to use the monitor command. See also setting the date and time, page 2-10 12.8.36...
Page 336: 12.9 Site Commands
Command reference site commands 12-132 12.9 site commands 12.9.1 define site creates a new site with the given name. See the following define site commands for additional site configuration options. Restrictions requires privileged user status. Examples local>> define site irvine see also the follow...
Page 337
Command reference site commands 12-133 prompt when prompt is enabled, incoming callers will be prompted for the local password before starting ppp or slip. Dialback if dialback is enabled, when the site receives an incoming connection, the scs will hang up and initiate an outgoing connection to veri...
Page 338
Command reference site commands 12-134 12.9.3 define site bandwidth sets the initial or maximum amount of bandwidth that should be used when connecting to the specified site. Also controls how the scs calculates the bandwidth needed, and how often it is checked to see if it is within the desired ran...
Page 339
Command reference site commands 12-135 bytespersecond the precise bandwidth amount, up to 6,550,000 bytes per second. The server will add ports until it reaches the specified amount. Bytespersecond is truncated to the nearest 100. For example, a setting of 3840 is truncated to 3800. A bytespersecond...
Page 340: 12.9.4 Define Site Chat
Command reference site commands 12-136 12.9.4 define site chat configures a chat script to automate the login sequence when connecting to a remote site. Chat scripts are a set of commands that send data to the remote site and wait for certain replies after the modems (if any) have connected. Based o...
Page 341
Command reference site commands 12-137 fail uses the number specified as the timeout seconds parameter to set the number of times the search for a string (specified with the expect parameter) can fail before the whole script will give up. Each time the expect command fails, the script continues at t...
Page 342: 12.9.6 Define Site Filter
Command reference site commands 12-138 12.9.5 define site dial on hangup a call and hangup on any of the ports associated with this site causes the site to form an outbound call. Restrictions requires privileged user status. Parameters sitename enter a site name of up to 12 characters. 12.9.6 define...
Page 343: 12.9.7 Define Site Idle
Command reference site commands 12-139 startup configures the packet filter for regulating connections. Packets that pass this filter can cause the site to initiate a connection. Packets that do not pass this filter will be dropped if a link is not already in place, but will continue to their destin...
Page 344: 12.9.8 Define Site Ip
Command reference site commands 12-140 12.9.8 define site ip configures the internet protocol (ip). Restrictions requires privileged user status. Parameters sitename enter a site name of up to 12 characters. Enabled/disabled enables or disables the site’s use of ip. May be used instead of packet fil...
Page 345
Command reference site commands 12-141 dynamic allows the scs to be dynamically assigned an ip address by a remote host. Default advertises this server as the default route to the remote host. Netmask sets the ip netmask on this server's ip interface. Mask a value that is used to remove bits that yo...
Page 346: 12.9.9 Define Site Mtu
Command reference site commands 12-142 update configures the time, in seconds, between sending a rip packet. Must be used in conjunction with the time parameter. Time an integer between 10 and 255 representing the number of seconds between updates. Slots configures the number of header compression s...
Page 347: 12.9.11 Define Site Port
Command reference site commands 12-143 examples local>> define site irvine mtu 256 see also set/define ip all/ethernet mtu, page 12-35; chapter 4, basic remote networking 12.9.10 define site permanent configures a permanently connected site. When enabled, the site connects immediately after the scs ...
Page 348
Command reference site commands 12-144 bandwidth gives the scs a bandwidth estimate for the device (for example, a modem) that is attached to the port. Must be used in conjunction with the bytespersecond parameter. Note: see estimate each port’s bandwidth on page 5-6 for more information on how to u...
Page 349
Command reference site commands 12-145 12.9.12 define site protocol defines the “line” or “link layer” protocol that this site should use for outgoing calls. Reset the maximum transmission unit (mtu) value to the default ppp or slip mtu value. Restrictions requires privileged user status. Parameters...
Page 350: 12.9.14 Define Site Time
Command reference site commands 12-146 examples local>> define site irvine telephone 8675309 see also define site port telephone, page 12-143; assign a telephone number to the port or site, page 4-19 12.9.14 define site time configures the time ranges during which outgoing connections are allowed fr...
Page 351
Command reference site commands 12-147 default set the default access parameter for the site. If the default is enabled, connections are allowed except during the times specified. If the default is disabled, connections are restricted except during the times specified. Clear remove a time range. Num...
Page 352: 12.9.15 Logout Site
Command reference site commands 12-148 defaults default: disabled (connections are allowed only when specified). Success: 1 second. Failure: 30 seconds. Session: 0 seconds (disabled). Examples local>> define site irvine time add mon 8:00 mon 17:00 local>> define site irvine clear time 3 see also set...
Page 353
Command reference site commands 12-149 all when used before the port parameter, removes all ports from the specified site. When used either before the port parameter or both before and after the port parameter, removes all ports from all sites. Port removes a port from a site. Must be used in conjun...
Page 354: 12.9.18 Test Site
Command reference site commands 12-150 counters displays a site’s counters. Ip displays a site's ip configuration. Ports displays a site's ports. Time displays time configuration for the specified site, including. Status displays statistics for sites that have been active since booting. Examples loc...
Page 355
Command reference security commands 12-151 12.10 security commands 12.10.1 clear/purge authentication removes information stored in the local authentication database. Restrictions requires privileged user status. Parameters user clears or purges a user from the local authentication database. All cle...
Page 356
Command reference security commands 12-152 12.10.2 clear/purge dialback removes a dialback setting for a particular username, or for all usernames. Restrictions requires privileged user status. Errors clear dialback will return an error if the specified username isn’t found, or if all is specified a...
Page 357: 12.10.4 Clear/purge Snmp
Command reference security commands 12-153 12.10.4 clear/purge snmp removes entries from the snmp security table. Restrictions requires privileged user status. Parameters all removes all snmp table entries. Communityname enter the name of the snmp community to be removed. Examples local>> clear snmp...
Page 358
Command reference security commands 12-154 12.10.6 set/define authentication kerberos specifies that a kerberos database will be used for authentication. Specific kerberos options are explained in detail in the kerberos section on page 11-11. Restrictions requires privileged user status. Parameters ...
Page 359
Command reference security commands 12-155 none clears the current server address. Precedence sets the precedence in which this database or server is checked. The precedence number must be specified using the prec_num parameter. Prec_num a precedence number between 1 and 6. Principle a label that id...
Page 360
Command reference security commands 12-156 maxtries specifies the maximum number of times that the scs will attempt to contact the kerberos server. Tries an integer between 1 and 255, inclusive. Realm sets the kerberos realm that the scs resides in. Often set to a name that mirrors the internet doma...
Page 361
Command reference security commands 12-157 examples local>> define authentication local precedence 2 see also define site authentication, page 12-132; set/define authentication unique, page 12-163; local (nvr) database, page 11-9 12.10.8 set/define authentication radius specifies that a radius serve...
Page 362
Command reference security commands 12-158 secondary sets the secondary server to be checked. A specific address may be set with the address parameter, or the none parameter may be used to indicate that the server will not be used. Address a text host name (if dns is available for name resolution) o...
Page 363
Command reference security commands 12-159 accounting specifies that radius accounting information will be sent to a radius accounting server. Accounting can be enabled even if the scs does not use a radius server for authentication. Primary specifies the primary accounting server to which accountin...
Page 364
Command reference security commands 12-160 requires privileged user status. Parameters primary specifies the first database or server to be checked. A specific address may be set with the address parameter, or the none parameter may be used to indicate that the database or file will not be used. Sec...
Page 365
Command reference security commands 12-161 portnum an integer between 1 and 65535. Timeout specifies the timeout period for a response from the securid server. Must be used in conjunction with the seconds parameter. Seconds an integer between 1 and 255, inclusive. Defaults encryption: des maxtries: ...
Page 366
Command reference security commands 12-162 12.10.11 set/define authentication tftp specifies that a unix password file will be used for authentication. This file will be read via the tftp protocol. Note: a tftp-readable password file may reduce network security. Restrictions requires privileged user...
Page 367
Command reference security commands 12-163 filename specify a tftp password file name of up to 32 characters. If spaces or lowercase characters are used, the filename must be enclosed in quotes. Examples local>> set authentication tftp filename radicchio see also define site authentication, page 12-...
Page 368
Command reference security commands 12-164 parameters username a username of up to 16 characters. The name is converted to all uppercase unless it is enclosed in quotes. Password configures a password for an authenticated user. The password is converted to all uppercase unless it is enclosed in quot...
Page 369
Command reference security commands 12-165 12.10.14 set/define dialback the dialback feature enables a system manager to set up a dialback list of authorized users for incoming modem connections. Dialback lists include usernames and corresponding phone numbers. When a username entered matches one in...
Page 370
Command reference security commands 12-166 12.10.15 set/define filter creates or deletes a packet filter, or configures a rule in that filter that is used to manage network traffic. These packet filters are applied to packets arriving from or going to remote dialup sites. Each rule consists of a nam...
Page 371
Command reference security commands 12-167 before inserts a rule before another rule. If no position is specified, the rule is added to the beginning of the list of rules. Continue continues a long filter that won’t fit in the 132-character line limit for commands. Replace replaces an existing rule ...
Page 372
Command reference security commands 12-168 12.10.17 set/define filter generic specifies a general filter rule that applies to any packet regardless of protocol. A generic rule starts at a location offset bytes from the beginning of the packet, applies the specified mask, and then compares the result...
Page 373
Command reference security commands 12-169 12.10.18 set/define filter ip creates a rule which will be applies only to ip protocol packets. Restrictions requires privileged user status. Parameters ipgeneric specifies a general ip rule using one set of offset, mask, operator, and value. Multiple ipgen...
Page 374
Command reference security commands 12-170 mask a hexadecimal or decimal number. The mask is applied to the data using the operator and the result is compared with the value. In the case of tos, the operator eq is implied. Operator (eq, ge, gt, le, lt, ne) the available operators are: equal to (eq),...
Page 375
Command reference security commands 12-171 tcp allows or denies tcp-based packets which match criteria specified by the subsequent parameters. Applications that use tcp include telnet, ftp, and smtp (simple mail transfer protocol). Udp allows or denies user datagram protocol (udp) based packets whic...
Page 376: 12.10.19 Set/define Ftp
Command reference security commands 12-172 12.10.19 set/define ftp enables or disables the on-board ftp server. See also disabling the ftp and http servers, page 11-23 12.10.20 set/define http enables or disables the on-board http server. See also disabling the ftp and http servers, page 11-23 12.10...
Page 377
Command reference security commands 12-173 controls error and event logging on the scs. Events can be logged to a network host via tcp/ip or to a terminal connected to the scs. The host must be configured to support logging. For a tcp/ip host, the host’s syslog facility must be configured; make sure...
Page 378
Command reference security commands 12-174 dialback logs events associated with dialback functionality. Must be used with the num parameter or the none parameter. Ip traces the activities of the ip router. Must be used with the num parameter or the none parameter. Note: setting the ip logging level ...
Page 379
Command reference security commands 12-175 ppp logs events associated with ppp. Must be used with the num parameter or the none parameter. Site logs events associated with sites. Must be used with the num parameter or the none parameter. Num an integer that specifies a particular level of logging. L...
Page 380
Command reference security commands 12-176 max sets logging to the maximum value. Commands when enabled, logs all commands users type. Network when enabled, logs network events. This is useful for diagnosing network- related problems. Printer when enabled, logs printer related events including onlin...
Page 381: 12.10.24 Set/define Snmp
Command reference security commands 12-177 12.10.24 set/define snmp configures a community name and access mode for snmp access. Each name has an access restriction associated with it; if an snmp command comes in with an unknown name or an unauthorized command, an snmp error reply will be sent. Comm...
Page 382
Command reference security commands 12-178 12.10.26 show/monitor/list dialback displays the currently configured dialback strings, as well as the number of connect attempts with that string the number of connect failures. Restrictions requires privileged user status. See also clear/purge dialback, p...
Page 383: 12.10.31 Show Pccard
Command reference security commands 12-179 12.10.28 show/monitor/list logging displays the current or saved event logging configuration. Restrictions you must be the privileged user to use the monitor command. Secure users may not use this command. Parameters memory displays the memory log. See also...
Page 384: 12.11.1 Apropos
Command reference navigation/help commands 12-180 12.11 navigation/help commands 12.11.1 apropos displays commands containing the specified keyword. If a command containing the keyword cannot be found, the scs will display “nothing appropriate.” the scs will not display all relevant commands. If the...
Page 385: 12.11.4 Cls
Command reference navigation/help commands 12-181 restrictions you must be the privileged user to use the all parameter. Secure users may not send broadcasts. Errors an error will be returned if the port broadcasted to is flow controlled or if the server does not have broadcast enabled. The sender i...
Page 386: 12.11.5 Disk
Command reference navigation/help commands 12-182 12.11.5 disk performs disk management functions for the scs and, for models with pc card support, for any installed ata flash card. The scs contains two modifiable directories—/ram and /flash—and one read-only directory—/rom. For scs models with one ...
Page 387
Command reference navigation/help commands 12-183 errors for the /pccard1 and /pccard 2 parameter, you will receive an error if either the specified card is not a storage card or if there is no card in the slot. Parameters cat displays an entire file in your terminal window. Cd changes your current ...
Page 388
Command reference navigation/help commands 12-184 /pccard1 formats an ata flash card for use in an scs pc card slot. An unformatted card can not be used by the scs. Name names the specified disk fsck checks the scs filesystem and corrects any problems. Head outputs the beginning of a string. Ln crea...
Page 389
Command reference navigation/help commands 12-185 rm removes files and/or directories from the ram and flash disks. The possible flags are: rmdir removes a directory from the specified disks. The command can only be used if the directory is empty. If the directory is full, you must add the disk rm -...
Page 390: 12.11.6 Finger
Command reference navigation/help commands 12-186 12.11.6 finger this command is based on the unix finger command that displays local and remote users. If a username is specified, information about that username will be displayed. If the user@hostname parameters are specified, information regarding ...
Page 391: 12.11.8 Help
Command reference navigation/help commands 12-187 12.11.8 help accesses the scs help system. Using the help command without any parameters displays all available commands. Specifying a command gives information about that command a list of its parameters. Specifying a parameter gives information abo...
Page 392: 12.11.11 Ping
Command reference navigation/help commands 12-188 12.11.11 ping sends a tcp/ip request for an echo packet to another network host. This provides an easy way to test network connections to other tcp/ip hosts. In general, any host that supports tcp/ip will respond to the request if it is able, regardl...
Page 393: 12.11.13 Save
Command reference navigation/help commands 12-189 12.11.13 save saves current configurations (made with the set command) into the permanent database. This treats configurations as if they were made using the define command. To easily make current changes permanent, use the save command after you hav...
Page 394
Command reference navigation/help commands 12-190 portlist a port number or list of ports. Port numbers should be separated with commands (for lists) or dashes (for ranges). All saves the settings for all ports or services to the permanent database. Server save all the server characteristics to the ...
Page 395: 12.11.15 Show Version
Command reference navigation/help commands 12-191 node displays information for all queue entries requested from the specified node. Must be used in conjunction with the nodename parameter. Nodename specifies a particular node. All displays information for all ports and nodes. Note: all is the defau...
Page 396: 12.11.16 Zero Counters
Command reference navigation/help commands 12-192 12.11.16 zero counters this command is used to reset the counters for errors and other network and server events. Restrictions you must be the privileged user to zero some other port (or all). Parameters all zeroes all ethernet, tcp/ip, slip, and ser...
Page 397: A: Environment Strings
A-1 a: environment strings a.1 usage an environment string is a sequence of key letters, sometimes prefixed by a plus (+) or minus (-). Environment strings can be used with certain commands to configure connections. The keys are added after the hostname (if one is given) and a colon. Key letters are...
Page 398
Environment strings usage examples a-2 a.2.1.1 nnnn sets a socket number. For ssh and tcp connections only. The most common socket numbers are 20xx (for telnet iac interpretation), 30xx (for raw tcp/ip), and 22xx (for ssh connections), where xx is the number of the desired serial port. Examples % te...
Page 399: B: Show 802.11 Errors
B-1 b: show 802.11 errors b.1 introduction note: this appendix applies only to the scs200. When you enter the show 80211 command without any other parameters, the resulting screen includes a field for errors. The “errors:” field displays two eight-digit numbers, separated by a comma. These numbers a...
Page 400
Show 802.11 errors leftmost number b-2 10000000 internal error. 08000000 fragment reassembly timed out. Failed to receive all the fragments of a fragmented 802.11 packet before the reassembly window expired. Dropped some correctly received fragments. 04000000 received an 802.11 packet with invalid s...
Page 401: B.2.2 Rightmost Number
Show 802.11 errors rightmost number b-3 00000100 authentication with the ap failed because the wep key the unit is using is not the same as the key the ap is using. 00000080 authentication with the ap failed because either the unit or the ap sent an incorrect authentication packet. Some aps will err...
Page 402
Show 802.11 errors rightmost number b-4 00100000 unassigned. 00080000 unassigned. 00040000 unassigned. 00020000 internal error. May occur on some cards in conjunction with other described error codes. 00010000 the 802.11 card in use is not compatible with the regulatory region to which the unit has ...
Page 403
Show 802.11 errors rightmost number b-5 00000002 internal error. 00000001 internal error..
Page 404: C: Snmp Support
C-1 c: snmp support snmp is an abbreviation for simple network management protocol. Snmp commands enable users (usually system administrators) to get information from and control other nodes on a local area network. Information about snmp can be obtained in rfcs (request for comments) which can be o...
Page 405
Snmp support security c-2 to change, add, or delete community names in the table, set/define snmp and clear/purge snmp are used. Set snmp requires specification of a community name and an access type. Available access types are readonly, both (allows read and write), or none. Clear snmp requires eit...
Page 406: D.1.1 Access-Request
D-1 d: supported radius attributes this appendix lists and explains the radius attributes currently supported by the scs. The scs transmits these attributes whenever they are appropriate for the given connection. U sers cannot directly specify which attributes the scs will transmit—this is negotiate...
Page 407: D.1.2 Access-Accept
Supported radius attributes access-accept d-2 d.1.2 access-accept the scs interprets reply attributes based on the service-type received in the access-accept. Supported service types include: login the user is connected to a specific host. Framed a ppp or slip connection is started. Callback-login t...
Page 408
Supported radius attributes framed-ip-address d-3 d.1.2.1 framed-ip-address using this attribute is equivalent to setting the remote address range of a site to “undefined.” two values are available: 255.255.255.255 (0xffffffff) allows the user to choose and ip address 255.255.255.254 (0xfffffffe) as...
Page 409
Supported radius attributes accounting attributes d-4 if login-service is rlogin and the login-ip-host value is not set, the scs makes an rlogin connection to the preferred telnet host. D.2 accounting attributes for all accounting packets, the scs transmits acct-status-type (on, off, start, or stop)...
Page 410: D.3 Examples
Supported radius attributes examples d-5 d.3 examples the following examples can be used as templates for the public domain merit radius server available via anonymous ftp at ftp.Merit.Edu. The examples will also work with the public domain livingston radius server available via anonymous ftp at ftp...
Page 411
Supported radius attributes forcing a telnet connection to preferred host d-6 d.3.2 forcing a telnet connection to preferred host the following example shows a local mode user that is forced to telnet to the scs's preferred telnet host: the telnet; logout command is forced as soon as authentication ...
Page 412: Index
Index-1 index numerics 802.11 2-11 – 2-15 , 12-24 antenna 12-24 , 12-25 channel 2-15 , 12-26 errors b-1 essid 12-27 extended service set id 2-14 fragmentation 12-28 mac address 2-14 , 12-28 network mode 2-14 , 12-29 power 12-30 , 12-31 region 2-13 , 12-30 rts 12-32 wep 2-15 , 12-32 a abbreviation 2-...
Page 413
Index index-2 bootp 12-115 subnet masks 6-5 break key 8-5 , 12-62 broadcast 2-5 , 12-180 enabling 12-63 , 12-64 , 12-116 limiting 8-12 buffering 3-2 c caller-id 9-12 , 12-5 carrierwait 9-8 , 9-9 , 12-5 cbcp 7-3 , 11-7 changing behavior 12-63 channel, 802.11 12-26 channel, wireless 2-15 chap 4-13 , 4...
Page 414
Index-3 precedence setting 11-9 purging user 11-11 radius 11-14 , 12-157 securid 11-17 , 12-159 databases search order 11-28 datasend 8-14 , 12-66 date setting 2-10 dcd 8-21 , 9-9 , 9-11 dce 9-1 dedicated port 4-13 , 12-68 dedicated protocols 4-13 , 8-8 defaults bandwidth 5-8 domain name 6-7 factory...
Page 415
Index index-4 ftp 2-18 disabling ftp server 6-17 , 12-114 g gateways.See routers h hardcopy 8-14 header compression 5-9 , 6-8 , d-2 help 12-187 commands 12-180 holddown 5-7 host table adding hostnames 12-34 maximum number 12-38 ssh 6-11 hosts display table 6-7 displaying 12-48 host table 12-18 limit...
Page 416
Index-5 k kerberos 11-11 , 12-154 authenticator 11-12 configuring 11-12 instance 11-12 kvno 11-12 principle 11-12 realm 11-12 kvno 11-12 l lan to lan 4-2 bidirectional calling 4-22 calling one direction 4-21 example 4-21 ip routing 4-8 , 4-9 sites 4-5 , 4-6 without modems 5-13 latency 5-9 lcp 7-1 ev...
Page 417
Index index-6 latency 9-9 line speed 9-2 modem control 9-5 , 12-8 modem pool 10-1 , 10-3 nocarrier string 12-12 ok 12-13 outgoing calls 9-8 port logouts 9-9 profile 4-18 , 12-16 profiles 9-2 reset 12-13 ring string 12-14 saving 12-14 security 9-11 serial speed 9-2 services 10-1 setup 12-10 sharing 1...
Page 418
Index-7 login 2-7 privileged 2-8 passwords 2-7 limiting attempts 12-122 local 4-14 , 11-2 , 11-3 local database 12-176 login 4-15 , 6-10 , 8-10 , 11-1 , 12-78 , 12- 79 , 12-119 , 12-121 privileged 12-123 remote 4-17 unix password file 11-19 username/password pair 11-2 pc cards 802.11 2-11 ata flash ...
Page 419
Index index-8 username 8-13 , 12-91 verification 8-7 , 12-92 virtual 8-22 , 8-23 , 11-1 zero 6-18 , 8-22 , 8-23 , 11-1 power 802.11 12-30 , 12-31 ppp 4-11 , 7-1 , 8-19 , 11-2 , 12-53 , 12-55 , d-1 authentication 7-2 automatic detection 7-4 automatic protocol detection 4-12 cbcp 7-3 chap 7-2 dedicate...
Page 420
Index-9 reset string 9-9 , 12-13 restrictions connection times 5-16 filters 11-30 user 11-19 return characters, padding 8-14 ring string 12-14 rip 4-9 , 4-10 , 6-22 disabling 4-10 enabling 12-140 metric 4-10 proxy arp 6-22 subnetworks 6-23 updates 4-10 rj45 8-21 rlogin 6-9 , 12-22 , a-2 enabling 12-...
Page 421
Index index-10 rarp 12-125 retransmit limit 12-125 rlogin 12-125 secure setting 11-22 , 12-119 session limit 12-126 silentboot 12-126 software file 12-126 startup file 12-127 timezone 12-128 service password 12-105 services 10-1 banner page 12-103 binary 12-103 creating 10-1 , 12-102 displaying 10-2...
Page 422
Index-11 incoming connection 4-13 ip address 6-4 local prompt 4-12 mode 8-3 ougoing 11-5 sites 12-145 slipdetect 4-15 , 12-88 starting 4-11 , 12-96 static routing 5-15 without modems 5-15 slot number 5-9 snmp 3-14 , 12-153 , c-1 configuring 12-177 displaying 12-179 sockets a-2 tcp listener 10-3 soft...
Page 423
Index index-12 setting 2-10 , 12-128 troubleshooting authentication 11-33 modems 9-13 monitoring network activity 4-20 txdrive 8-17 type device 8-14 terminal 8-14 u udp 12-46 unix commands 12-182 unix password file 11-19 unlock 11-21 username/password pair 11-2 , 11-10 users privileged 11-19 , 12-92...
Page 424
Index-13.