Lantronix SCS, Reference Manual

Page 1: ...SCS Reference Manual For the Lantronix Family of Secure Console Servers Part Number 900 235 Revision D December 2003 ...

Page 2: ...its for a Class A digital device pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against such interference when operating in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with this guide may cause harmful interference to radio communications Operation of this equi...

Page 3: ... 2 5 Configuration Files 2 16 2 5 1 Creating a Configuration File 2 16 2 5 2 Using a Configuration File 2 17 2 6 Disk Management 2 18 2 6 1 Flash Disk 2 18 2 6 2 ATA Cards 2 18 3 Console Server Features 3 1 3 1 Overview of Console Servers 3 1 3 2 Event Port Logging 3 2 3 2 1 Enabling Port Logging 3 2 3 2 2 Viewing the Port Log 3 2 3 3 Email Alerts for Serial Events 3 3 3 4 Configuring Menu Mode 3 ...

Page 4: ...ions 4 17 4 6 2 Telephone Numbers 4 17 4 6 3 Authentication 4 17 4 6 4 Configuring Outgoing Connections 4 18 4 7 Monitoring Networking Activity 4 20 4 8 Examples 4 21 4 8 1 LAN to LAN Calling One Direction Only 4 21 4 8 2 LAN to LAN Bidirectional Symmetric Calling 4 22 4 8 3 Remote Dial in User Example 4 24 5 Additional Remote Networking 5 1 5 1 Basic Security 5 1 5 1 1 Port Authentication 5 1 5 1...

Page 5: ... Subnet Masks 6 6 6 3 Name Resolving 6 6 6 3 1 Configuring the Domain Name Service DNS 6 7 6 3 2 Specifying a Default Domain Name 6 7 6 3 3 Adding Hosts to the Host Table 6 7 6 4 Header Compression 6 8 6 5 Establishing Sessions 6 8 6 5 1 Telnet and Rlogin Sessions 6 9 6 5 2 SSH Sessions 6 10 6 5 3 Restricting Connections to SSH 6 17 6 5 4 Disabling HTTP and FTP 6 17 6 6 IP Security 6 17 6 6 1 Conf...

Page 6: ...ing Sessions 8 5 8 6 4 Monitoring Session Activity 8 7 8 6 5 Setting Session Characteristics 8 7 8 7 Preferred Dedicated Protocols Hosts 8 8 8 7 1 Dedicated Protocols 8 8 8 7 2 Preferred Dedicated Hosts 8 9 8 7 3 Saving Autostart Characters 8 9 8 8 Port Restrictions 8 9 8 8 1 Locking a Port 8 9 8 8 2 Enabling Signal Check 8 10 8 8 3 Username Password Protection 8 10 8 8 4 Automatic Logouts 8 11 8 ...

Page 7: ... Calls 9 9 9 4 4 When a Port is Logged Out 9 9 9 4 5 Compression 9 9 9 4 6 Error Correction 9 10 9 4 7 Modem Security 9 11 9 4 8 Autostart 9 11 9 4 9 Dialback 9 11 9 5 Terminal Adapters 9 12 9 6 Caller ID 9 12 9 7 Examples 9 13 9 7 1 Typical Modem Configuration 9 13 9 7 2 Modem Configuration Using Generic Profile 9 13 9 7 3 Editing Modem Strings 9 15 9 8 Troubleshooting 9 16 10 Modem Sharing 10 1 ...

Page 8: ...s 11 20 11 5 4 Securing a Port 11 20 11 5 5 Locking a Port 11 21 11 5 6 Forcing Execution of Commands 11 21 11 5 7 Restricting Multiple Authenticated Logins 11 21 11 6 Network Restrictions 11 22 11 6 1 Incoming Telnet Rlogin Connections 11 22 11 6 2 Outgoing Rlogin Connections 11 22 11 6 3 Limiting Port Access 11 22 11 6 4 Disabling the FTP and HTTP Servers 11 23 11 6 5 Packet Filters and Firewall...

Page 9: ...5 3 Clear Purge IP NAT Table 12 18 12 5 4 Clear Purge IP Route 12 19 12 5 5 Clear Purge IP Security 12 19 12 5 6 Clear Purge IP Trusted 12 20 12 5 7 Connect 12 20 12 5 8 Disconnect 12 22 12 5 9 Purge IP Ethernet 12 22 12 5 10 Rlogin 12 22 12 5 11 Send 12 23 12 5 12 Set Define 80211 12 24 12 5 13 Set Define Hosts 12 34 12 5 14 Set Define IP All Ethernet 12 35 12 5 15 Set Define IP Create 12 37 12 5...

Page 10: ...t Define Ports Forward Switch 12 73 12 6 29 Set Define Ports Inactivity Logout 12 74 12 6 30 Set Define Ports Local Switch 12 74 12 6 31 Set Define Ports Loss Notification 12 75 12 6 32 Set Define Ports Menu 12 76 12 6 33 Set Define Ports Modem Emulation 12 76 12 6 34 Set Define Ports Name 12 77 12 6 35 Set Define Ports Parity 12 77 12 6 36 Set Define Ports Password 12 78 12 6 37 Set Define Ports ...

Page 11: ...e Protocol HTTP 12 114 12 8 6 Set Define Protocol SSH Mode 12 114 12 8 7 Set Define Server Altprompt 12 115 12 8 8 Set Define Server BOOTP 12 115 12 8 9 Set Define Server BOOTGATEWAY 12 116 12 8 10 Set Define Server Broadcast 12 116 12 8 11 Set Define Server Buffering 12 116 12 8 12 Set Define Server Clock 12 117 12 8 13 Set Define Server DHCP 12 117 12 8 14 Set Define Server Host Limit 12 118 12 ...

Page 12: ...n Kerberos 12 154 12 10 7 Set Define Authentication Local 12 156 12 10 8 Set Define Authentication RADIUS 12 157 12 10 9 Set Define Authentication SecurID 12 159 12 10 10 Set Define Authentication Strictfail 12 161 12 10 11 Set Define Authentication TFTP 12 162 12 10 12 Set Define Authentication Unique 12 163 12 10 13 Set Define Authentication User 12 163 12 10 14 Set Define Dialback 12 165 12 10 ...

Page 13: ...ings A 1 A 2 1 Usage Examples A 1 B Show 802 11 Errors B 1 B 1 Introduction B 1 B 2 Error Bits B 1 B 2 1 Leftmost Number B 1 B 2 2 Rightmost Number B 3 C SNMP Support C 1 C 1 Support C 1 C 2 Security C 1 D Supported RADIUS Attributes D 1 D 1 Authentication Attributes D 1 D 1 1 Access Request D 1 D 1 2 Access Accept D 2 D 2 Accounting Attributes D 4 D 3 Examples D 5 D 3 1 Configuring Authenticated ...

Page 14: ...xii ...

Page 15: ...stallation Guide 1 1 What Is New This manual now includes instructions for the SCS100 and SCS400 the newest members of the Lantronix family of Secure Console Servers in addition to instructions for the SCS200 SCS1600 and SCS3200 1 2 How To Use This Manual The rest of this reference manual is divided as follows Chapter 2 Getting Started provides information on system passwords rebooting and basic t...

Page 16: ...Server Site and Security commands Appendix A Environment Strings discusses the environment strings that can be used with several of the commands described in Chapter 12 Appendix B Show 802 11 Errors defines the error bits that appear in the Show 80211 screen Appendix C covers the SNMP features supported by the SCS Appendix D Supported RADIUS Attributes lists and explains the RADIUS attributes curr...

Page 17: ...onnected to an Ethernet The SCS has been assigned an IP address 2 1 Configuration Methods EZWebCon is the recommended method for initial configuration However the web browser interface and the command line offer options for advanced configuration 2 1 1 EZWebCon The EZWebCon utility is the easiest way to initially configure the unit EZWebCon guides you through configuration using a graphical interf...

Page 18: ...ne Protocol HTTP on page 12 114 for more information 2 1 3 Command Line To configure the SCS without EZWebCon or the web browser interface you must enter configuration commands at the command line These commands should be entered when a port is in character mode which is when the Local prompt is displayed To display the Local prompt do one of the following Connect a terminal to the serial console ...

Page 19: ...ll automatically type the remainder of the command If the partially entered command is ambiguous or if you are entering an optional string the SCS will be unable to finish the command and the terminal will beep Note Command completion is disabled by default To enable command completion refer to Set Define Ports Command Completion on page 12 65 All keys used for entering and editing commands are li...

Page 20: ...e privileged user List Displays settings that will take effect the next time the SCS is rebooted Clear and Purge alter previously configured SCS settings Clear Removes a configured setting immediately but does not make a permanent change Purge Removes a configured setting permanently but does not take effect until the unit is rebooted Note Purge Port will take effect as soon as the port is logged ...

Page 21: ...and Before rebooting the SCS log out any current user sessions if possible Disconnecting sessions may prevent connection problems after the SCS is rebooted If possible warn users that the SCS will be going offline by sending a Broadcast message 2 2 1 Sending a Broadcast Message Broadcast messages are sent to local users but not remote networking users Broadcasts can be sent to all Server ports wit...

Page 22: ...Parameters If the information that the SCS uses at boot time changes you will need to change the SCS boot parameters Boot parameters include the following Loadhost TCP IP The loadhost is the host from which the SCS operational software is downloaded at boot time Backup loadhost optional Software is downloaded from a backup loadhost when the primary loadhost is unavailable Software filename RARP ma...

Page 23: ...d users must enter the correct password to access that port s Local prompt The default login username is login and the default login password is access To change the login password use the Set Define Server Login Password command Figure 2 7 Defining the Login Password Note The login password is case insensitive so it does not need to be enclosed in quotes To enable the use of the login password on...

Page 24: ...n of the SCS web browser interface you are prompted for the privileged username and password Once you enter the password you can access all of the configuration pages Figure 2 9 Root Level Authentication If you are at the command line become the privileged user by entering the following command Figure 2 10 Set Privileged Command Note The complete command syntax for Set Privileged is available on p...

Page 25: ...nclosed in quotes to preserve case 2 4 2 Changing the Local Prompt The prompt each user receives usually a Local_xx prompt where xx is the port number is configurable in a variety of ways For a basic prompt enter a string similar to the following Figure 2 13 Configuring the Server Prompt For a customized prompt optional key combinations can be added to the prompt string See Set Define Server Promp...

Page 26: ...ndard and Daylight Savings timezones and the corresponding number of hours difference between UTC and the set timezone 2 4 4 1 Setting the Clock Use the Set Define Server Clock command at the Local prompt Time should be entered in hh mm ss military format as shown in the example below Figure 2 16 Setting the Clock 2 4 4 2 Setting the Timezone The SCS is configured to recognize a number of timezone...

Page 27: ...e change will be reversed The Oct and lastSun indicate that the time will revert on the last Sunday in October The time change will occur at 2 00 2 4 4 3 Designating a Timeserver The SCS regularly verifies and updates its setting with the designated timeserver A timeserver is a host which provides time of day information for nodes on a network The SCS can communicate with either Daytime or Network...

Page 28: ...ct Any other changes you request with the Set Define 80211 commands will not take place until you have entered the Set 80211 Reset command You can enter the Show IP Counters command to see the current 802 11 settings To use the web browser interface to configure 802 11 settings select the 802 11 link under the Advanced Settings section 2 4 5 1 802 11 Terms The following acronyms are used in this s...

Page 29: ...ng card at startup If a compatible card is present the SCS will use the wireless network and ignore any wired Ethernet settings If no compatible PC card is present the SCS will use the 10 100BASE T Ethernet interface If you want the SCS to only look for a wired Ethernet connection you must disable 802 11 Figure 2 21 Disabling 802 11 Note You must reboot the SCS after enabling or disabling 802 11 n...

Page 30: ...command The exact string you enter will be determined by the settings of the AP with which you want the SCS to communicate Figure 2 24 Configuring the ESS ID Setting the ESSID to none Set Define 80211 ESSID None allows the SCS to associate with any AP within range 2 4 5 6 Network Mode There are two types of 802 11 networks ad hoc and infrastructure In an ad hoc network devices communicate directly...

Page 31: ...To enable WEP enter the following command Figure 2 27 Enabling WEP When WEP is enabled and a WEP key is set the SCS will only connect to an AP in infrastructure mode or communicate with other ad hoc peers in ad hoc mode that have been programmed with the same WEP key as the SCS For a key to match both the key data and the index number must be identical Enter a WEP key if you have not previously do...

Page 32: ...series of SCS commands in a text file one command per line Privileged commands may be included when the file is downloaded the commands will be executed as if a privileged user was logged into the SCS Capitalization of commands is optional If a string such as a filename is entered it must be enclosed with quotes in order to preserve the case To include a comment in the file preface the line with a...

Page 33: ...ote The SCS is not usable during download attempts If the SCS has a nameserver defined a text name may be specified as a TCP IP host name The SCS will attempt to resolve the name at boot time if it cannot resolve the name the download will fail To designate a nameserver see Set Define IP Nameserver on page 12 39 During its boot sequence the SCS will load its operational code first then attempt to ...

Page 34: ...sks 2 6 1 Flash Disk The Flash disk flash rewriteable memory should be used to hold any data that you want the SCS to save after it is rebooted Because power glitches can affect data integrity important files on flash should be backed up on an ATA flash card or on another server The Disk commands can be used to manage files on the Flash disk For example the following command creates a new director...

Page 35: ...n the card is a function of the size of the card divide the size of the card by 5k 5120 bytes This assumes that the average size of all the files that will fill up the card will be smaller than 5k Data can be corrupted if power is lost in the middle of a write for example if the cord is pulled If the Disk Sync command is issued and power is removed after the command is completed data will be store...

Page 36: ...iscusses the options for configuring SCS menus Login Banner Pages on page 3 8 covers in band and out of band management options Serial Port Configurations on page 3 14 describes optimal serial port settings Most of these features are discussed in more detail in the IP Ports and Security chapters 3 1 Overview of Console Servers The SCS can be connected to the serial console ports of a variety of de...

Page 37: ...in the form ram Port_xx log where xx is the port number When the file reaches its specified limit it is truncated to half its current size and begins logging again The oldest data is discarded When the SCS is rebooted the data stored in the log file is lost 3 2 2 Viewing the Port Log This section describes three methods for retrieving port logs 3 2 2 1 Telnet Serial Login To retrieve the port log ...

Page 38: ... email settings can be separately configured or a default configuration can be created that will be used for all email notifications An emailsite stores the information necessary for email notification The only possible names for emailsites are portxx where xx is a serial port number or default Settings for the default emailsite will be used for any that are missing in the port specific files Use ...

Page 39: ... Menu command If you are using a menu configuration file this command will not work you must view that file to see the menus 3 4 1 Menu Configuration at the Command Line Use the Set Define Menu command to create entries for your menu For each menu entry specify the option s numbered position in the table the entry description that will be displayed in the menu and the actual command invoked when t...

Page 40: ...h name the names should be separated by commas Note A space must be included on both sides of the when defining the groups as shown in the example above Also remove any extra spaces from the end of each line as they will cause the menu parsing to fail If desired you can use wildcards in usernames To match a single character use a question mark and to match any number of characters use an asterisk ...

Page 41: ...nce the file is set and stored on the flash disk a user logging into the SCS will be presented with the appropriate menu The menu configured above for one of the defined users sandy dave bob kathy default would look like the one shown below Figure 3 11 Menu Example MENU admin TITLE Lantronix Console Server ITEM Cisco Router telnet 192 0 1 250 ITEM Exit Logout ENDMENU GROUP austin sandy dave bob ka...

Page 42: ...include an action of GOTOMENU to jump to the submenu One or more of the submenu items can include an action of RETURNMENU to return to the top level menu for the current user After Selecting an Action from the submenu the user is returned to the top level menu Following is an example of how to nest a menu Figure 3 12 Nested Menu Example SUBMENU consoles TITLE This is the console submenu ITEM ITEM ...

Page 43: ...vely The standard company product version banner displays if either of these two files is not present in the SCS 3 6 Managing the Attached Devices You can manage the SCS s connected serial devices over a network connection or through a modem connection Both of these methods ensure that the SCS and its attached serial devices are always accessible and manageable even in critical situations 3 6 1 In...

Page 44: ...s are included in Chapter 9 Modems 3 6 3 Connecting from the Local Prompt Before you connect to a serial port make sure that you have a way to exit the connection If your keyboard does not have a break key specify an equivalent using the Set Define Ports Local Switch command Figure 3 15 Specifying Local Switch Then use the Set Define Ports Break command to instruct the break key to bring you back ...

Page 45: ...break sequence for port 0 is Ctrl Y There is no default break sequence for the serial ports 3 6 4 2 Alternate Break Sequences You can specify an alternate break AltBreak character for use with terminals that cannot natively generate a break condition and for Telnet or SSH clients that cannot generate break IAC sequences The syntax for specifying an AltBreak sequence is Set Define Ports Break char ...

Page 46: ... the target port The target port s break settings do not apply or affect this situation The user Telnets to the SCS Local prompt and issues a Connect Local command to a serial port Template port has Break Remote The AltBreak sequence returns the user to a local SCS command prompt Template port 0 has Break Local The AltBreak sequence generates a break condition to the target port The target port s ...

Page 47: ...d the AltBreak character has been defined on port 7 and the AltBreak character is detected in the data stream from the host Note that the 20xx range of sockets performs Telnet IAC interpretation Port 7 has Break Remote A serial break condition is generated on the port Port 7 has Break Local Nothing happens The user forms a Telnet connection from a host to port 7 on the SCS using socket 2007 and th...

Page 48: ...e A serial break condition is generated on the port Port 7 is set to Break Local Nothing happens The user forms a TCP connection from a host to port 7 on the SCS using socket 3007 and The AltBreak character has been defined on port 7 and A break condition is detected on the serial port Note that the 30xx range of sockets is 8 bit clean Port 7 has Break Remote or Port 7 has Break Local Nothing happ...

Page 49: ...ort unusable When using the SCS as a console server you will want to set most ports to Remote access so any serial data from the attached device will not accidentally cause the SCS to create a local connection and make that port unavailable Note When port buffering is enabled the port access is automatically changed to Remote access To configure access to a port use the Set Define Ports Access com...

Page 50: ...dems refer to Chapter 5 Additional Remote Networking for additional configuration instructions 4 1 Remote Connection Types The SCS is capable of two types of remote networking connections LAN to LAN and remote node 4 1 1 Remote Dial in A remote user or remote node connection allows remote dial in users to securely access network resources Users can access network file servers send or receive email...

Page 51: ...n would come up and go down when required simulating a permanent connection between the two locations 4 2 Managing Connections With Sites Every incoming and outgoing network connection is associated with a site A site represents a remote physical location such as a remote router or a remote node Sites are referenced by a name such as seattle The site s name should indicate the physical location of...

Page 52: ...ee Privileged Password on page 2 8 4 2 1 Creating a New Site To create a new site assign a name using the following command Figure 4 3 Creating a New Site The site you just created will use the default site configuration see Table 4 1 on page 4 3 Those settings can be changed to meet your needs 4 2 1 1 Default Site Configuration The default site configuration is used for all temporary sites and is...

Page 53: ... edited with the Define Site commands For example a site s authentication can be edited with the command below Figure 4 6 Editing Site Characteristics Note Site Commands are discussed on page 12 132 Currently active sites can be edited but changes will not take effect until the site is logged out Remote host s IP configuration Undefined IP compression slots 16 Maximum packet size MTU PPP 1522 Port...

Page 54: ...Sites for Incoming Connections Incoming connections both remote node and LAN to LAN can use either custom sites or temporary sites which use the default site s configuration Custom sites allow the most flexibility in the control and configuration of incoming connections They are used when a specific configuration is required for the incoming router or remote node and should be named for the locati...

Page 55: ...ling an ISP dialup account Note that the ISP must support PPP dialers ISPs that use proprietary dialers for example ones that do not work with Windows Dialup Networking will not work with the SCS s ISP connection To set up NAT the systems administrator must select a private network range for the local devices and assign a single valid non private IP address for the SCS Valid private IP address ran...

Page 56: ...set the default route and gateways for machines in the private network to the SCS s IP address 4 3 IP Address Negotiation By default sites use unnumbered interfaces for IP The IP address of the Ethernet connected to the SCS will be used as the IP address on all SCS serial ports This reduces the amount of configuration and eliminates the need to allocate a separate IP network for each port DEFINE S...

Page 57: ...etwork the SCS will check its routing table to determine the most efficient route to the destination If the SCS does not have a route to a remote network it cannot send the packet to the destination The entries in the routing table are one of three types Local routes The network that is directly attached This route is automatically determined from the SCS IP address and network mask and is never d...

Page 58: ...CS Routes to networks on the remote LAN will be learned automatically For more information on RIP see Configuring RIP for Sites on page 4 10 Note RIP is enabled by default If RIP is not being used the SCS must have a specific site configured for this incoming connection The remote router must use this site when it connects to the SCS The site may be started in one of two ways through the authentic...

Page 59: ...e one or the other The following example turns off listening for RIP packets Figure 4 15 Disabling RIP Listen 4 4 4 2 Interval Between RIP Updates When RIP sending is enabled the SCS sends RIP updates every thirty seconds This number can be adjusted for example the update interval may be raised so that RIP updates are sent every minute to reduce network traffic To configure the update interval use...

Page 60: ...s negotiate certain options authenticate users and use checksums with virtually no performance loss SLIP The Serial Line Internet Protocol SLIP is supported primarily for backwards compatibility with equipment that does not support PPP SLIP can only transport IP packets it does not support negotiation of IP address or other options nor does it provide any diagnostic facilities PPP is enabled by de...

Page 61: ... can be specified as a string Set PPP sitename Note To prevent users from starting inappropriate sites users can be prompted for the site s local password To use the Set PPP and Set SLIP commands enable PPP and or SLIP on the port used for the connection See Incoming Connections on page 4 11 4 5 1 2 Starting PPP or SLIP Using Automatic Protocol Detection You can configure an SCS port to automatica...

Page 62: ...g ports if you re going to dedicate all SCS ports be sure that you have another way to log into the server such as a Telnet login Note If you cannot log into the SCS you ll need to restore the server to its factory default settings See Initialize Server on page 12 111 4 5 2 Incoming Connection Sequence The following steps detail the events that occur when the SCS receives an incoming call 4 5 2 1 ...

Page 63: ... a carriage return 2 If the port is configured to prompt for a login password the caller must enter the correct login password to continue If the port is configured to prompt for a username the caller must enter a username If the port is configured for authentication the caller must enter a valid password for the username 3 To start the link layer the caller has to enter commands to start PPP or S...

Page 64: ... Server Login Password command Then enable the use of the login password on the appropriate port s using the Set Define Ports Password command Figure 4 21 Defining the Login Password Note Passwords are case independent even when enclosed in quotes By default incoming Telnet and Rlogin connections are not required to enter the login password To require the login password use the Set Define Server I...

Page 65: ...1 Security for configuration instructions 4 6 Outgoing Connections Note The SCS does not support outgoing remote node connections When the SCS receives a packet it consults its routing table to determine the best route to the packet s destination If the specified route points to a site a connection to the site may be initiated The connection will be subject to any restrictions defined for the site...

Page 66: ...page 4 11 4 6 2 Telephone Numbers Each site may specify one port independent telephone number and one or more port specific telephone numbers A port independent telephone number is typically used if all ports are configured to call the same number for example if the ports are calling a telephone hunt group Port independent telephone numbers should be used whenever possible this frees a site to dia...

Page 67: ... Use the following command Figure 4 27 Permitting Outgoing Connections Note For more information on port configuration see Chapter 8 Ports 4 6 4 2 Configure Modems Enable modem operation on the port s used for outgoing calls Then assign a modem profile to the port using the Define Ports Modem Type command Figure 4 28 Enabling Modem Operation Note A modem profile automatically sets up a port for a ...

Page 68: ... Telephone Number To assign a telephone number to the site that may be used with any port use the Define Site Telephone command Figure 4 32 Assigning a Site Telephone Number A port specific telephone number will override a site telephone number For example site irvine may be configured to use the number 635 9202 on any port it s using but only the number 845 7000 when it s using port 3 4 6 4 6 Con...

Page 69: ...nt remote networking activity use the Show Site or Monitor Site command Show Site displays the activity associated with a particular site including the number of packets received and transferred idle time current state of the site s ports and configuration of its associated protocols for example IP Monitor Site will update and redisplay this information at three second intervals Local DEFINE SITE ...

Page 70: ... requested that the site start running Waiting The site is waiting for a port to connect Connect The site is connected and passing packet traffic Logout The site was instructed to shut down Closing The site is shutting down PPP or SLIP Freeing The site is removing itself from memory NVR A List Site command was used to display site information The site s configuration is displayed not its current a...

Page 71: ...the company headquarters in Seattle This LAN to LAN connection must meet the following criteria Local DEFINE PORT 2 ACCESS DYNAMIC Local DEFINE PORT 2 MODEM ENABLED Local LIST MODEM Local DEFINE PORT 2 MODEM TYPE 1 Local DEFINE PORT 2 MODEM SPEAKER DISABLED Local DEFINE PORT 2 AUTHENTICATE ENABLED Local Local DEFINE SITE SEATTLE AUTHENTICATION USERNAME dallas Local DEFINE SITE SEATTLE AUTHENTICATI...

Page 72: ...ions Figure 4 37 Dallas SCS Configuration The Initialize Server Delay 0 command will reboot the SCS when the unit has rebooted changes made with the Define commands will be in effect Local DEFINE PORT 2 ACCESS DYNAMIC Local DEFINE PORT 2 PPP DEDICATED Local DEFINE PORT 2 MODEM ENABLED Local LIST MODEM Local DEFINE PORT 2 MODEM TYPE 1 Local DEFINE PORT 2 MODEM SPEAKER DISABLED Local DEFINE PORT 2 A...

Page 73: ...uthenticate itself before a true connection is established Figure 4 39 Configuring the Port Because both ports are attached to modems you must enable modem control for each port The SCS will interact with the modem by sending commands to and expecting responses from the modem To properly communicate with the modem the SCS uses a modem profile which is configured for particular modem types Local DE...

Page 74: ...he Default Site Once the connection is authenticated the SCS will start with a temporary copy of the default site For this example you need to configure a range of IP addresses for default site users that corresponds to the IP addresses defined for the IP address pool Figure 4 42 Configuring Default Site Configure a static IP address site Figure 4 43 Configuring Static IP Address Local DEFINE PORT...

Page 75: ...ete discussion of security issues including instructions on restricting incoming and authenticated logins see Chapter 11 Security PPP authentication is discussed in Chapter 7 PPP 5 1 1 Port Authentication Authentication may be used to restrict users to a particular configuration when they log into a port When a username is entered in the local authentication database a series of commands may be as...

Page 76: ...in a list is very important For example consider the following filter list 1 Allow any packet 2 Deny all IP traffic matching a particular rule When this filter list is associated with a site all packets are forwarded Packets are compared to filters in the order in which the filters appear in the list Because all packets match the specification of any packets all packets are forwarded without being...

Page 77: ...he SCS could send carriage returns until the login prompt is returned send a username wait for the password prompt and send a password 5 2 1 Creating a Chat Script Chat scripts are defined one line at a time following a given syntax A chat script to be used for outgoing connections from a particular site can be created with the Define Site Chat commands These commands enable you to do the followin...

Page 78: ...mmand containing the Fail parameter The script will be executed from that point continuously looping if the Expect command repeatedly fails Figure 5 7 Expect Fail Scripts The script in Figure 5 7 will send a carriage return then wait for two seconds while a login string is expected If the login string is not received within two seconds the chat script will loop back to the Fail command and continu...

Page 79: ...well as the thresholds at which bandwidth is added and removed Note The initial bandwidth allotted to the site may also be configured This is optional The threshold at which bandwidth is added and removed should have some room between them to regulate how often bandwidth is added and removed The add bandwidth threshold should be set to a percentage between 80 and 100 percent the remove bandwidth t...

Page 80: ...mating a Port s Bandwidth Note If you are using 8 bits no parity and 1 stop bit the modem will actually transmit ten bits for each byte If the modems attached to a series of SCS ports are going to be calling similar remote modems these ports should be set to the same bandwidth estimates In addition if several ports have compression enabled you should assume that the compression rate on each port w...

Page 81: ...mine the minimum period of time between one adjustment in bandwidth addition or removal and a following adjustment Configure this delay using the Define Site Bandwidth Holddown command by default this timer is set to 60 seconds Figure 5 12 Configuring the Holddown Timer The holddown timer helps to limit the thrashing caused by rapid adjustments in bandwidth When the holddown timer is used in conju...

Page 82: ... Note For information on port and site states see Table 4 5 on page 4 21 5 4 Increasing Performance 5 4 1 Filtering Unwanted Data To reduce the use of bandwidth for unwanted packet traffic each site may configure an incoming and an outgoing filter list Packets will be compared to these filter lists as they are received or generated If they do not pass the filter they will be discarded See Filter L...

Page 83: ...ly bring up additional connections when more bandwidth is needed for example when the amount of data to be transmitted exceeds the bandwidth of the port How aggressively a site will add bandwidth can be controlled with two factors the period during which the use of bandwidth is measured and the percentage at which bandwidth is added For example to increase bandwidth for small or periodic increases...

Page 84: ...he site could ensure that other traffic such as email wouldn t keep the connection active Note To configure an idle time filter see Filter Lists on page 5 2 5 5 2 Restricting Packets with Startup Filters To prevent unwanted packets from initiating a connection each site may be associated with a startup filter list Packets destined for a remote site are compared to this list if they do not pass the...

Page 85: ...played below Figure 5 18 Adding Time Ranges Note Up to ten time ranges may be specified Next specify whether connections will be permitted or prevented during these times using the Define Site Time Default command Enabled permits outgoing connections except during the time ranges stated Disabled prevents outgoing connections except during the time ranges stated Figure 5 19 Enabling Connections Dur...

Page 86: ...e used to control how aggressive the SCS will be when attempting connections Two commands control this behavior Define Site Time Success sets the time lapse between attempts to connect to a remote site after a successful connection has been made Define Site Time Failure sets the time lapse between attempts to connect to a remote site when a connection attempt fails If the last connection attempt s...

Page 87: ...l multiplexors commonly called stat muxes in place These stat muxes may be used to connect to SCS units A series of commands may have to be sent to the stat mux to connect to the remote SCS chat scripts make sending these commands easy and relatively error free Note See Chat Scripts on page 5 3 for more information The SCS assumes an 8 bit data path If you are using SLIP all characters must be sen...

Page 88: ...e port is configured to support incoming and outgoing connections Modem control is disabled In the following examples both SLIP and PPP the SCS has an IP address of 192 0 1 1 and must connect to another router with IP address 192 99 99 99 5 6 2 1 PPP Figure 5 21 displays the command required if PPP is used Both sides of the leased line should be configured using these commands Figure 5 21 SCS Conf...

Page 89: ...e IP Remoteaddr ip_address commands Then create a host route that points to it with the Set Define IP Route ip_address Site sitename command This is only necessary if the IP address is going to be on a different IP subnet To make a text mode connection to the serial port Telnet to ip_address To keep the site up all the time first issue the command Define Site sitename Idle 0 and then use the Defin...

Page 90: ...n the local network The SCS is calling site memphis First create a filter list for IP traffic This list is called mem Figure 5 26 Creating IP Filter Finally the mem filter list must be associated with site memphis as an incoming filter list Figure 5 27 Assigning mem Filter List to Site memphis Note For a more complex firewall example see Creating a Firewall on page 11 30 5 8 3 Controlling Access D...

Page 91: ...e above example it is assumed that the access default is Enabled in which case connections are restricted during the specified time periods The following example achieves the same result by first adding a time range from Monday morning to Friday evening The access default is then set to Disabled which allows connections only during the specified time period Figure 5 29 Enabling Connections During ...

Page 92: ...tion page 6 23 explains the parameters of the Show IP command Examples page 6 25 shows examples of the SCS in various real life situations 6 1 IP Addresses Each TCP IP node on a network has a unique IP address The IP address provides the information needed to forward packets on the local network and across multiple networks if necessary IP addresses are specified as n n n n where each n is a numbe...

Page 93: ...hers must use the same IP address each time they log into the SCS Note PPP negotiation is covered in Chapter 7 PPP If an incoming caller does not require the same address for each login a dynamic address can be assigned from an address pool See Defining an IP Address Pool on page 6 3 for configuration instructions Some remote nodes or remote routers cannot be dynamically assigned an IP address For...

Page 94: ...nced in RIP broadcasts Addresses in the pool are automatically added to the SCS ARP table If proxy ARPing is enabled see Proxy ARP on page 6 22 the SCS will respond to ARP requests for these addresses even when they aren t currently assigned This enables the SCS to defend the addresses in the pool other hosts will not be able to use them 6 1 1 2 Specifying a Site s IP Address Range Each site may s...

Page 95: ...may configure the SCS address on its interface as 192 20 338 0 To change the IP address for a particular site s interface use the Define Site IP Address command Figure 6 4 Defining IP Address for a Site 6 1 2 1 SLIP SLIP does not support negotiation of IP addresses If a SLIP user requires the same IP address for each login the user may enter the address using the Set SLIP command Figure 6 5 Specif...

Page 96: ...t the connection attempt and all subsequent messages to this host will be directed to the SCS s gateway host for forwarding All hosts must agree on the subnet mask for a given network For example IP address 128 1 150 35 is on a class B network The network portion of this address is 128 1 This large network can be broken down into 254 networks using a subnet mask of 255 255 255 0 which makes the ne...

Page 97: ...hena as well as a numeric IP address such as 192 0 1 35 As a text host name may be easier to remember than an IP address users may use this name to refer to the host during a Telnet connection attempt Network hosts do not understand alphanumeric text host names When a text name is used the SCS must translate it into its corresponding IP address The translation process is called name resolution To ...

Page 98: ...a the SCS would automatically append the domain suffix and attempt to resolve athena ctcorp com If a hostname is entered that ends with a period the SCS will not add the domain suffix to the hostname for resolution 6 3 3 Adding Hosts to the Host Table If DNS is not available on your network hosts may be manually entered in the local host table using the Set Define Hosts command Figure 6 15 Adding ...

Page 99: ...Disabling IP Header Compression Note The SCS uses Van Jacobson TCP compression discussed in RFC 1144 Note 6 5 Establishing Sessions When you log into an SCS port to connect to a network service your connection is referred to as a session A network service may be an interactive login to a TCP IP host a connection to a modem on the SCS another server etc Note The word sessions in this manual is used...

Page 100: ...ification 6 5 1 1 Outgoing Telnet Rlogin Connections To establish an outgoing Telnet connection use the Telnet command To establish an outgoing Rlogin connection use the Rlogin command Either a text host name or an IP address may be specified Figure 6 21 Outgoing Telnet Rlogin Connections Note For information on resolving host names see Name Resolving on page 6 6 By default Telnet and Rlogin conne...

Page 101: ...n be disabled restricted with a password requirement or restricted using the IP security table To disable incoming Telnet Rlogin connections use the Set Define Server Incoming command Figure 6 25 Disabling Incoming Telnet Rlogin Connections To require the login password for incoming Telnet Rlogin connections use the Password parameter Figure 6 26 Requiring the Login Password To restrict incoming T...

Page 102: ...ER V2ONLY In conjunction with the Set Define SSH Mode command you can use the following parameters If a compatible protocol version is not agreed upon one node wants SSH v1 and the other wants SSH v2 the connection does not occur 6 5 2 3 Creating an Authorized_Keys File RSA and DSA are commonly used Internet encryption and authentication systems included as part of the web browsers from Netscape a...

Page 103: ...SH compares the private half of the user s identity key to the key stored in the host_rsa_key or host_dsa_key file on the SCS 5 If the private keys match the user s identity is confirmed and an SSH connection forms If RSA or DSA user authentication fails the SCS prompts for a username and password or just a password if the SSH client forwarded the username The user s name and password are then che...

Page 104: ...atabase Configuration on page 11 9 for information on configuring user authentication If the file is not located at connection time the SCS proceeds to password authentication 6 5 2 6 Setting up DSA Shared Key Authentication for SSH v2 If you plan on using RSA user authentication for connections to the SCS you must make an AUTHORIZED_KEYS2 file and store it in the SCS s flash ssh directory before ...

Page 105: ... that port the user may be prompted for his username and password See Database Configuration on page 11 9 for information on configuring user authentication If this file is not located at connection time the SCS proceeds to password authentication 6 5 2 7 Username Password Authentication SSHv1 or SSHv2 If RSA or DSA authentication fails the SCS prompts the user for a password or just a password if...

Page 106: ...ting directly to a serial port on the SCS specify the port number as 22xx where xx is the port number For the appropriate SSH options for your system enter man ssh or view your client software s help files for a full listing of instructions and syntax requirements Figure 6 32 Forming an SSH Connection to a Port To form an SSH connection from a non Unix platform to an SCS 1 Start your SSH Client so...

Page 107: ...sts Figure 6 35 Outgoing SSH Connections for Privileged User For each following connection between the SCS and that host the host s key will be compared to that stored in the known host table If the key is authentic the connection will automatically proceed to user authentication If the key has changed you will receive a warning and a brief list of possible explanations including a possible man in...

Page 108: ...4 Disabling HTTP and FTP You can make the SCS into a highly secure host by turning off the FTP and HTTP services For information on disabling HTTP and FTP see Disabling the FTP and HTTP Servers on page 11 23 Note The web interface will no longer be available 6 6 IP Security The SCS s IP security features allow an administrator to restrict incoming and outgoing TCP IP sessions access to ports and p...

Page 109: ...in another entry enter the following command Figure 6 40 Set Define IP Security Commands Note If the user making the connection is the privileged user see the Set Privileged Noprivileged command the connection will be allowed regardless of the entries in the table A trailing zero in any address segment is shorthand for all addresses in this range both incoming and outgoing disabled for all ports F...

Page 110: ...network as the host s IP address If it is the host sends the packet directly to its destination If the packet is destined for a different network the host sends it to a router in this case the SCS When the SCS receives the packet it examines the packet s destination address determines the most efficient route to this address and forwards the packet to this location The most efficient route is dete...

Page 111: ...configured to advertise itself as the default route Note See Set Define IP Route Default on page 12 42 and Define Site IP Default on page 12 140 An SCS in a small sales office might have a default route that points to the corporate headquarters The SCS doesn t need to know about all of the routes on the headquarters network It only knows to send all otherwise unspecified traffic to the central loc...

Page 112: ... 192 5 4 0 is through another router 192 0 1 1 The route was assigned a metric of 4 The second command specifies that the route to network 192 5 3 0 is through site dallas As a metric is not specified the SCS will assign this route a metric of 1 When the SCS receives traffic destined for network 192 5 3 0 if this route is determined to be the most efficient route site dallas will be started and wi...

Page 113: ... it is responsible for In the case of the SCS enabling proxy ARP allows the SCS to respond to requests for hosts and networks that it is the gateway for For example if there are remote node connections into the SCS any ARP requests for those nodes will be replied to by the SCS itself Proxy ARPing allows remote nodes to appear as if they were on the same Ethernet segment as the SCS This feature is ...

Page 114: ...t To display the basic IP configuration use the Show IP command without any additional parameters Figure 6 50 Show IP Output Local SHOW IP SCS Version B1 1 102int 951128 Name DOC_SERVER Hardware Addr 00 80 a3 0b 00 5b Uptime 3 Days 02 07 IP Address 192 0 1 53 Subnet Mask 255 255 255 0 Nameserver undefined Backup Nameserver undefined Domain Name undefined Host Limit 200 Timeserver undefined Backup ...

Page 115: ...a3 0b 00 5b Uptime 3 Days 02 07 Name IP Address Remote IP Address Uptime Lastin Lastout Ethernet 192 0 1 221 74 07 04 0 00 0 00 Local SHOW IP INTERFACE irvine SCS Version B1 1 102int 951128 Name DOC_SERVER Hardware Addr 00 80 a3 0b 00 5b Uptime 3 Days 02 07 20 42 54 Name bob Type Dialup Netstate Running Device Refcount lm0 002 IP Address 192 0 1 221 Remote Address 192 0 1 245 Netmask 255 255 255 0...

Page 116: ...e following Assign the same IP address to Bob each time he logs in Permit Frank to select his own IP address Note In general allowing user selected IP addresses is not recommended It poses some security risks and could result in duplicate IP addresses Dynamically assign IP addresses to the remaining remote node users from an IP address pool Only five SCS ports have been configured to accept incomi...

Page 117: ...0 1 99 provides access to the network 192 1 1 0 This route must also be assigned a metric of 2 Figure 6 60 Static Route to Router 6 9 4 Default Routes to a Site All IP packets to an unknown network must be forwarded to the Internet access provider Site internet is used to manage connections to this location A default route to internet must be configured on the SCS The route must be included in RIP...

Page 118: ...ing and authentication mechanisms Note LCP is documented in RFCs 1661 and 1662 7 1 1 Packet Sizes Both sides of a connection negotiate the size of the packets each can receive Packet size is also known as Maximum Receive Unit MRU The MRU need not be the same in each direction The SCS MRU is 1522 bytes To configure the maximum packet size that can be received from a remote node set the Maximum Tran...

Page 119: ...are automatically added to any configured ACCM 7 1 4 PPP Authentication PPP supports two authentication methods the Challenge Handshake Authentication Protocol CHAP and the Password Authentication Protocol PAP Both protocols involve a pre assigned password CHAP authentication begins with a challenge message from the unit to verify its peer The peer receives the challenge uses its password to encry...

Page 120: ...mit the remote password over the link thereby give the user a password to access the server Note For a complete description of authentication refer to Chapter 11 Security 7 1 5 CBCP The SCS supports the Microsoft Callback Control Protocol CBCP for dial in PPP clients that request it In conjunction with the CBCP you can configure the SCS to allow the PPP client to choose a dialback telephone number...

Page 121: ...e port is started The autodetection setting is ignored 7 4 Multilink PPP When an incoming PPP connection requires additional bandwidth the SCS can add ports to the connection and combine the two or more physical streams of PPP data into one logical stream This is called multilink PPP Two Servers are needed for multilink PPP connections one to initiate the call and one to receive it All multilink p...

Page 122: ...about a 2 1 compression rate 28800 x 2 57600 bps 5760 bytes per second rounded to 5800 bytes per second Figure 7 7 Estimating Port Bandwidth See Estimate Each Port s Bandwidth on page 5 6 for in depth instructions on calculating bandwidth amounts C Specify a telephone number for each port When the site is brought up the SCS will attempt a connection by dialing the telephone number associated with ...

Page 123: ...connection and authenticated together A username and remote authentication password will be needed and CHAP and or PAP authentication should be enabled Figure 7 11 Configuring Site Authentication 7 4 2 Configuring the Receiving SCS 1 Configure the ports that will be used for the multilink connection A Enable Multilink PPP on all ports that will be used Figure 7 12 Enabling Multilink PPP B Ensure t...

Page 124: ...onnection with a PocketPC type device use the Set Define Ports PocketPC command 7 7 Character Mode Sites The SCS allows you to create a character mode site A character mode site is treated as a normal site that does not run a serial protocol The site still allows modems to be dialed and can have a chat script and other functions but once the site is up it does not run PPP The character mode site i...

Page 125: ... Level 6 logs all PPP events this is generally only required to troubleshoot faulty PPP implementations Figure 7 17 Enabling PPP Event Logging Once a connection is made problems may be monitored using the Show Monitor List Ports command The following table explains the counters useful for PPP troubleshooting Local DEFINE LOGGING PPP 4 Table 7 1 Port Counters Counter s Information Displayed Packets...

Page 126: ...ollowing dynamic local remote or none Dynamic the default permits both local and remote logins local allows only local logins and remote permits only remote logins None prevents all incoming and outgoing connections rendering the port unusable If a user wants to Telnet to an SCS port and dial out using an attached modem the port must have dynamic or remote access If the user wants to log into a po...

Page 127: ...d to run at start up For example the port may connect to a particular host run an authentication sequence or run a particular protocol Note To dedicate a port to a host see Preferred Dedicated Hosts on page 8 9 If PPP is enabled on the port the port starts when a PPP packet is received See PPP Mode on page 8 3 for details If both Autostart and modem control are enabled the port starts as soon as t...

Page 128: ...n be compressed and negotiation can take place Because PPP isn t designed for user interaction the Local prompt will not be displayed Both PPP and PPPDetect are enabled for all serial ports by default PPP will automatically run once a port s has started up and a PPP packet is received Because running PPP in this manner bypasses a port s usual authentication using a login password or username passw...

Page 129: ...ettings will be ignored 8 6 Port Specific Session Configuration When you log into an SCS port to connect to a network service your connection is referred to as a session A network service may be an interactive login to a TCP IP host a connection to a modem or another SCS another server etc Sessions describe interactive connections PPP or SLIP connections are not referred to as sessions Session con...

Page 130: ...ch to the next session Its keyboard equivalent the forward switch as specified as follows Figure 8 9 Specifying Forward Switch The characters you define for the backward switch and forward switch should not conflict with each other or with characters used for editing commands see Command Line on page 2 2 In addition the characters should not conflict with characters used on the host 8 6 3 Exiting ...

Page 131: ... a command to port 3 and types the alternate Break character Local Break The user is returned to the SCS Local prompt Remote Break A Break condition will be generated on port 3 A user Telnets into the SCS has a default alternate Break character from template port 0 and types the alternate Break character at the Local prompt Local or Remote Break Nothing happens because the user is already at the L...

Page 132: ...e the following command to enable verification Figure 8 14 Enabling Verification 8 6 5 Setting Session Characteristics You can configure a session either at the moment you make the connection or from within a connection once it is already running 8 6 5 1 Configuring a Session at Connection Time To configure a session when a connection is made an environment string may be specified This string may ...

Page 133: ...ation see Set Session on page 12 94 8 7 Preferred Dedicated Protocols Hosts 8 7 1 Dedicated Protocols A dedicated protocol is a protocol PPP or SLIP that will automatically run when a port is started No other protocol can be run on the port it will continue to run PPP or SLIP until it is logged out To dedicate a port to PPP or SLIP use the following command Figure 8 17 Dedicating a Port to PPP SLI...

Page 134: ...ts Autostart Save command Figure 8 19 Sending Autostart Characters to a Dedicated Host If you have a two character autostart trigger you can instruct the SCS to pass along both one or none of the characters as part of this command The full syntax of Set Define Ports Autostart is discussed on page 12 60 8 8 Port Restrictions Ports may be restricted in a number of ways These methods include locking ...

Page 135: ... 21 Enabling Signal Check 8 8 3 Username Password Protection You can configure a port to require either a login password or a username password pair before a login is permitted Note For detailed information on authentication refer to Chapter 11 Security 8 8 3 1 Login Password The login password can be required of users who want to log in to the Server from the serial ports or the network The passw...

Page 136: ...l is dropped use the Set Define Ports DSRLogout command Figure 8 25 Enabling DSRLogout DSRLogout is implied when modem control is enabled 8 8 4 2 Inactivity Logouts To configure a port to log out after a specified period of inactivity use the Set Define Ports Inactivity Logout command This command works in conjunction with the Set Define Server Inactivity command The latter defines a particular nu...

Page 137: ...es are also discussed in Sending a Broadcast Message on page 2 5 8 8 7 Dialback The Dialback feature allows a system manager to set up a dialback list of authorized users for incoming modem connections When a username matching one in the list is entered the port is logged out and the phone number will be sent out the serial port using the port s modem profile For a complete description of dialback...

Page 138: ...t Access on page 8 1 or if the specified port offers a service To enable Autobaud use the Set Define Ports Autobaud command discussed on page 12 58 The following sections discuss other configuration settings 8 9 1 Naming a Port To assign a particular name to a port use the Set Define Ports Name command Figure 8 31 Assigning a Port Name The default name for each port is Port_n where n denotes the p...

Page 139: ... used for outbound sessions the SCS doesn t use this information For example a remote host might use the terminal type to configure your terminal to run a particular application 8 9 7 Transmitting Serial Data Serial data can be handled a couple of different ways The default settings will discard all data Other options include setting various triggers to transmit the accumulated data to a host Once...

Page 140: ...d Use caution with this command any changes that you ve made with the Set and Define commands will be erased Figure 8 39 Restoring Default Port Settings If the Purge Port command cannot be used for example if authentication has been defined on all ports the settings can only be restored by using the Boot Configuration Program See your User Guide for details 8 10 RS 485 Configuration Note This sect...

Page 141: ...dvantage of using two wire mode is reduced cabling costs Figure 8 41 Example Two wire Mode Network In a two wire RS 485 network the SCS must turn its transmitter on when it is ready to send data and then off for a certain period of time after the data has been sent so that the line is available to receive again At most baud rate settings the timing delay is typically one character length with a ma...

Page 142: ...is connected to the transmit terminals on the slave devices In essence the master device will be connected to the slave devices with a swapped cable Figure 8 44 Enabling Four Wire RS 485 Mode 8 10 2 1 TXDrive The SCS can be configured to either always drive the TX transmit signal or to let the attached device control the TX signal tristate when not actively transmitting The Define Protocols RS485 ...

Page 143: ...xample An SCS port is connected to a modem The SCS port transfers data to the modem at 115 200 bits per second but the modem can only send data over the phone line at 15 000 30 000 bits per second In a short period of time the modem s buffer fills with data The modem sends a signal to the SCS to stop sending data and the SCS does not send data until it receives a signal from the modem that it can ...

Page 144: ...m Protocols that require an 8 bit clean data path cannot use XON XOFF flow control Data passes through an 8 bit clean data path unchanged SLIP requires an 8 bit clean data path PPP may have the same requirements if the Asynchronous Character Control Map ACCM isn t set properly To configure the ACCM see Chapter 7 PPP 8 11 3 Setting Up Flow Control To use flow control on an SCS port complete the fol...

Page 145: ...TS CTS Flow Control Note For this command s complete syntax see Set Define Ports Flow Control on page 12 72 8 12 Serial Signals Two of the modem signals DSR and DCD can be used to control when the SCS ports are active By monitoring when these signals are asserted or deasserted dropped SCS ports can be logged out or kept from starting The SCS uses DTR to control attached devices All of the SCS s DB...

Page 146: ...al Check characteristic will require the assertion of the DSR signal before a remote login is permitted on a particular port Signal check is generally enabled for use with printers if the printer doesn t assert the DSR signal it s assumed to be disconnected or powered off In this case the remote login isn t permitted and print jobs are not sent from the SCS to the printer To enable Signal Check us...

Page 147: ... are enabled on the SCS Figure 8 53 Enabling Incoming Connections Note An incoming login password can be configured with the Set Define Server Incoming command which is discussed on page 12 119 Each virtual port is created with a default set of characteristics The default settings for port 0 connections are remote processing of the Break key local switch set to ASCII 12 Ctrl L forward switch set t...

Page 148: ...he normal CLI ATDT ipaddress Forms a TCP connection ATEx Enables or disables echo command 0 echo off 1 echo on default ATH Hangs up disconnects network session ATI Displays software version information ATQx Enables or disables result codes 0 result codes on default 1 result codes off ATS xx yy Sets shows register 0 0 means ATA answers otherwise SCS autoanswers All other registers are unimplemented...

Page 149: ...ead of a modem Caller ID page 9 12 shows the commands that will provide the SCS with Caller ID functionality Examples page 9 13 gives examples of how to configure the modem profiles Troubleshooting page 9 16 suggests solutions for any difficulty you may encounter with your modem configuration 9 1 Setup and Wiring Communication devices modems printers servers etc are divided into two types DTE Data...

Page 150: ...ed Note See your modem s documentation for more information about supported serial speeds and configuration options 9 2 2 Line Speed Common line speeds include 9600 14400 28800 and 33600 bps 9600 and 14400 are sometimes referred to by the names of the modem standards that define them v 32 and v 32bis respectively Notice that the faster line speeds do not have corresponding serial speeds If there i...

Page 151: ... will be added to the lists as they become available from users and our engineering staff If your modem isn t included in the list of profiles contact Lantronix to see if it will be added in a later version of the software Note If you configure a modem profile that is not available on the list please email it to support lantronix com To view the modem profile or verify that changes have been succe...

Page 152: ...Sending Initialization String Often initialization commands are sent individually prefaced by the modem s Command Prefix string commonly at In order for the SCS to correctly send the information to your modem all commands must be sent in one string Do not include the Command Prefix string in the init string Note DSR should always be on Local LIST PORT 3 MODEM Table 9 1 Commands in Initialization S...

Page 153: ...ures whether or not the modem will automatically answer the telephone line Answer Command string This string causes the modem to answer upon ring or to never answer It is directly preceded by the Commandprefix string and is commonly set to A Attention string The attention string is sent to the modem each time the port is logged out or when the server first boots The modem must return the OK string...

Page 154: ...her throughput Connected string The modem must respond with this string after it connects with a remote modem The modem may respond with other strings as well but they will be ignored It is commonly set to CONNECT Dial string This string is sent after the Command Prefix but before the telephone number to be dialed Commonly touch tone dialing is activated with dt and pulse dialing is activated with...

Page 155: ...a Profile on page 9 3 for instructions Nocarrier string The modem should respond with this string if the remote modem doesn t present a carrier It is commonly set to NO CARRIER Nodialtone string The modem should respond with this string if no dial tone is present and the modem cannot dial It is commonly set to NO DIAL OK string The modem must respond with this string after receiving the Attention ...

Page 156: ... for the OK string to be sent in response The modem will then be asked for its current configuration The Init string will be sent followed by a request for the modem s configuration If the current modem profile on that port does not match the configuration sent from the modem it will be assumed that the modem s setup has changed The Save string will be sent and the setup contained in the profile w...

Page 157: ...ived the SCS will send the Command Prefix string and the Reset string When the modem receives the Reset string it will read its configuration from NVR Any temporary configuration such as changes made by an outbound modem user will be cleared at this point If a user made changes during an outbound call and saved them to the modem s NVR the modem will be returned to that changed state 9 4 5 Compress...

Page 158: ...nd is the enable string Figure 9 10 Changing the Disable and Enable Strings The compression mode used varies from modem to modem however the most common mode is V 42bis This is the recommended method of data compression V 42bis encoding offers an automatic 20 savings on all data send regardless of how compressible it is Some text files can be compressed down to 1 4 or less of their original size I...

Page 159: ...he loss of carrier and deassert the DCD signal The server will then log the port out If the remote user logs out the server will force the modem to hang up immediately and reset These items should be carefully verified for each port that a modem is attached to even if a preconfigured modem profile is used Dialback security discussed on page 9 11 can be used in conjunction with these techniques on ...

Page 160: ...rs To find out if your TA s configuration is included in a Tech Tip contact your dealer or Lantronix technical support B channel ISDN connections are much faster than modem connections Those who wish to use the SCS bandwidth on demand functionality should take this speed increase into consideration when configuring bandwidth settings 9 6 Caller ID Three commands provide the SCS with basic Caller I...

Page 161: ... 7 1 Typical Modem Configuration Figure 8 16 lists the commands required for a typical modem setup In this example an SCS modem profile exists for this brand of modem All modem strings in this profile are acceptable no special configuration is required Figure 9 16 Typical Modem Configuration 9 7 2 Modem Configuration Using Generic Profile In this example a V 34 modem is attached to SCS port 2 A mo...

Page 162: ...8 Testing the Port Speed After the appropriate port speed is determined the port must be configured using the generic modem profile In addition modem operation must be enabled To determine which profile number is the generic profile the number will change as new profiles are added enter the List Modem command Figure 9 19 Displaying Modem Profiles Table 9 2 Maximum Baud Rates Modem Typical Maximum ...

Page 163: ... 2 9 7 3 Editing Modem Strings The current init string on port 2 is fw1 c1 d2 k3s2 128 This string must be changed to work with a particular modem Figure 9 23 Changing Init String Note To see what the above modem initialization string is configured to do refer to Table 9 1 on page 9 4 Consult your modem s documentation for the exact items to include in the modem init string Local list port 2 Port ...

Page 164: ...re that the ground pins on the RJ45 ports are wired together The SCS isn t asserting the DTR signal Ensure that the Dtrwait characteristic discussed on page 12 71 is disabled on the SCS port used The modem has hung Cycle power on the modem The modem doesn t respond to the SCS s configuration requests The modem s flow control isn t set properly or the modem s autobaud isn t functioning properly Res...

Page 165: ... used Ensure that Modem Control is enabled See Define Ports Modem Control on page 12 8 for details The DTR signal isn t attached Verify the wiring Ensure that the ground pins on RJ45 ports are wired together The modem isn t configured to reset when the DTR signal is dropped Check the modem s configuration When the phone is hung up the SCS doesn t log out the port Modem Control isn t enabled on the...

Page 166: ...ique name To create a service use the Set Define Service command An example is displayed below Figure 10 1 Creating a New Service Service names are not case sensitive may be up to 16 alphanumeric characters long and cannot include spaces 10 1 2 Associating Ports with a Service Each service must be associated with at least one port To associate a port with a service use the Set Define Service Ports...

Page 167: ...ic information about a service the following parameters may be used with the Show Monitor List Services command Characteristics Summary and Status For example to display a service s characteristics including the ports associated with it use the following command Figure 10 6 Displaying a Service s Characteristics The command above shows the ports associated with the service fastmodems the character...

Page 168: ...em pool service that is associated with a TCP listener socket Refer to Figure 10 8 for the necessary command 10 2 3 Connecting to a TCP Listener Service Each service may be associated with a TCP listener socket TCP connections to the socket are connected to the service Once a connection is established a user may issue commands to the modem To associate a service with TCP listener socket use the Se...

Page 169: ...ting via a host application connect to port 30nn where nn is the port number This port provides an 8 bit clean connection required by most host applications 10 2 5 Connecting to a Service or Port To connect to a local service or port from an SCS login use the Connect Local command at the Local prompt Figure 10 11 Connecting to a Local Service Port If a service name is specified a connection is mad...

Page 170: ...tware The communication software must be configured to connect to the online service by dialing out through COM Port 1 and to the BBS by dialing out through COM Port 2 Table 10 1 Modems Connected to the SCS Speed Connected to SCS Modem Type 28 800 bps 2 Ports 2 and 3 6 14 400 bps 4 Ports 4 through 7 5 9 600 bps 1 Port 8 4 Local DEFINE SERVICE fastmodems PORTS 2 3 ENABLED Local DEFINE PORT 2 3 ACCE...

Page 171: ...Modem Sharing Examples 10 6 ...

Page 172: ... is configured users must prove their identity before their connection to the SCS is permitted The connection type affects the authentication sequence and how the authentication information is transferred 11 1 1 Character Mode Logins Each SCS serial port may be configured to support any combination of the following A server wide login password A username password pair Dialback on serial ports with...

Page 173: ...password authentication for virtual port logins use the Set Define Ports Authenticate command specifying port 0 as the port number This command prompts the incoming user for a username and password to be checked against the authentication database Figure 11 5 Virtual Port Username Password Authentication 11 1 1 3 Local Password PPP or SLIP may be started when a port is in character mode using the ...

Page 174: ... The local password is the password expected from the incoming caller Local Password on page 11 2 describes how to configure and assign a local password to a site If the password entered matches the site s local password the site will be started If it does not match the local password or if the site does not have a local password defined the SCS will check the next database according to the order ...

Page 175: ...ts passwords to the remote caller as part of the PAP authentication negotiation At that point the remote caller can hang up in possession of the SCS passwords The caller may be able to use the SCS remote password to log into other networks or to call the SCS and connect as an authorized user 11 1 3 SLIP Logins SLIP does not support authentication authentication must take place before SLIP is start...

Page 176: ...tion If both CHAP and PAP are configured for authentication CHAP authentication will be attempted first If the remote host does not understand CHAP PAP will be attempted instead If both PAP and CHAP fail the connection will be terminated To define the username that the SCS sends to the remote host use the Define Site Authentication Username command Figure 11 13 Outgoing Site Username The password ...

Page 177: ... signal to go high indicating that the modem has reconnected successfully Otherwise DTR is dropped for 3 seconds and the port is reset 5 The SCS waits 30 seconds for the user to enter a username when in Dialback mode After 30 seconds the port is logged out to keep unauthorized users from denying other users access to that port Note Dialback only applies to incoming port logins Dialback ports can b...

Page 178: ...Dialback on a Site Ensure that the correct ports and telephone numbers are defined the site will use the defined site specific or port specific telephone number to dial the incoming caller See Telephone Numbers on page 4 17 for more information 11 3 4 Dialback Using CBCP The SCS supports the Microsoft Callback Control Protocol CBCP for dial in PPP clients that request it In conjunction with CBCP t...

Page 179: ...he modem but before the modem dials the user back The second is when a dialback attempt fails but before the server reaches the end of the configured carrier wait time out period the default setting is 60 seconds Careful configuration and testing of the system during those short vulnerable periods is required to ensure a high level of security If a second call arrives in the few moments after the ...

Page 180: ...ge 12 177 Databases are listed according to their precedence numbers As you configure the authentication settings keep in mind that all configured authentication methods will be tried until one method succeeds or all methods have failed If six databases are configured and the database with the first precedence denies the user access there are still five possible chances for the user to pass authen...

Page 181: ...usernames are case insensitive 11 4 1 3 Forcing Execution of Commands A command or series of commands may be associated with a particular username the commands will be run when the user is successfully authenticated For example when user elmo logs into the SCS he will be automatically telnetted to host 192 0 1 67 and logged out of the SCS Figure 11 21 Forcing Commands Commands must be enclosed in ...

Page 182: ...ation Service is a network based authentication service Passwords are always transmitted in encrypted form The SCS supports Kerberos version 4 Kerberos is available as public domain software and from commercial vendors Please refer to your Kerberos server documentation for detailed information about setting up a Kerberos server registering Kerberos clients and administering a Kerberos network Kerb...

Page 183: ...ros administrative region that defines the scope of client authentication data maintained by a Kerberos server Most installations choose realm names that mirror their Internet domain name system To specify the realm use the Set Define Authentication Kerberos Realm command Figure 11 27 Configuring the Kerberos Realm Note The value for realm is case sensitive Enclose this string in quotes to retain ...

Page 184: ...thenticator for the defined principle instance pair A KVNO must be configured on the SCS to match the KVNO on the Kerberos server To configure the SCS KVNO use the Set Define Authentication Kerberos KVNO command Figure 11 29 Configuring the SCS KVNO Note By default the KVNO is set to 1 For additional Kerberos configuration instructions see Set Define Authentication on page 12 153 Local DEFINE AUTH...

Page 185: ...urity attacks from users already on the network More information can be found in the RFC 2058 and in your RADIUS server s documentation RADIUS consists of two parts authentication and accounting Authentication is handled by the RADIUS authentication server which stores authentication information configured by the network administrator Accounting is handled by the RADIUS accounting server which sto...

Page 186: ...r a response The user must respond to the challenge at which time step 3 is repeated using the response in place of the password in the Access Request Packet Note In order to respond to the challenge the user must be in character mode which precludes the use of PAP or CHAP for authenticating the user See RADIUS and Sites on page 11 16 To configure the SCS for RADIUS authentication use the Set Defi...

Page 187: ...me name as the user If it finds a matching site it starts the site and modifies it with whatever additional setup information the RADIUS server sends it in its Access Accept packet see Step A under If it does not find a matching site it starts and modifies a copy of the default site Note Unless RADIUS specifically overrules a setting the site s settings apply If a user logs in using local mode but...

Page 188: ... accounting information to the RADIUS accounting server enter the Set Define Authentication RADIUS Accounting command Figure 11 32 Configuring the SCS to use RADIUS Accounting The default RADIUS Accounting port is port 1646 A different port can be specified by adding the Port parameter to the command as shown in the third line of Figure 11 30 11 4 4 SecurID The SCS supports the ACE Server security...

Page 189: ...sername at the username prompt and the passcode at the password prompt To specify the SecurID ACE Server for authentication of username passcodes use the Set Define Authentication SecurID command Figure 11 33 Configuring the SCS to Use SecurID After SecurID is configured on the SCS the SCS will receive further configuration information from the ACE Server However this only happens the first time t...

Page 190: ...athname of the password file using the Set Define Authentication TFTP Filename command Figure 11 35 Specifying the Pathname of the Password File 11 5 User Restrictions Individual SCS users may be restricted in a number of ways They may be prevented from using particular commands forced to use a certain configuration or forced to use a particular IP address 11 5 1 Privileged Commands Many of the SC...

Page 191: ... will not be permitted Note For more information on IP address assignment see IP Address Negotiation on page 4 7 11 5 3 Controlling Use of Set PPP SLIP Commands In order for incoming callers to start PPP or SLIP with the Set PPP SLIP commands PPP or SLIP must be enabled on the port receiving the call By default PPP and SLIP are disabled To enable or disable PPP or SLIP on a port use the Define Por...

Page 192: ...on on page 11 9 for instructions Then associate commands with the username using the Set Define Authentication User Command command The commands you specify will be executed when the user is successfully authenticated Figure 11 41 Forcing User to Start a Particular Site In the previous example when user bob logs into the SCS he will automatically start PPP and run the site dialin_users To ensure t...

Page 193: ...Define Server Incoming command is discussed on page 12 119 In Figure 11 43 the first command prevents all incoming Telnet and Rlogin connections The second command permits the connections but requires that the login password be entered before the connection is permitted The third command disables incoming Telnet and Rlogin along with 200x and 300x ports See Set Define Server Incoming on page 12 11...

Page 194: ... Filters and Firewalls Filters enable the SCS to restrict packet traffic Each filter specifies a particular rule for example only IP packets will be permitted passage Packets that pass the filter will be forwarded packets that don t will be discarded Filters are organized into ordered filter lists which are referenced by name For example a filter named firewall may permit forwarding of packets tha...

Page 195: ...s is reversed Deny all IP traffic matching a particular rule Allow any packets When this filter list is used any IP traffic matching the specified rule will be discarded Therefore some IP packets will be discarded without being compared to the second filter 11 6 5 2 Preventing All IP Traffic To prevent all IP packet traffic you do not need to use a filter list Instead use the Define Site IP Disabl...

Page 196: ...t with a site use the Define Site Filter command Figure 11 49 Associating a Filter List With Sites In Figure 11 49 filter firewall will be used as an idle filter for site irvine and as an incoming filter for site dallas An example firewall is described in Creating a Firewall on page 11 30 Note Filters can also be used with RADIUS See Filter ID on page D 3 for more information 11 7 Event Logging Ev...

Page 197: ...erent areas that can be logged and the logging options available for each area Local DEFINE LOGGING DESTINATION CONSOLE Local DEFINE LOGGING DESTINATION 192 0 1 5 1 Local DEFINE LOGGING DESTINATION MEMORY Local DEFINE LOGGING DESTINATION FILE syslog Local MONITOR LOGGING MEMORY Table 11 2 Events Logged by the SCS To Log Events Associated With The Following Options are Available Numbers Reflect Log...

Page 198: ...etup Networks Enabled Disabled PPP 1 Local System Problems 2 Remote System Problems 3 Negotiation Failures 4 Negotiation Data 5 State Transitions 6 Full Debugging Printers Enabled Disabled Sites 1 Usage Summary 2 Detailed Usage Summary 3 Errors 4 Connections 5 Bandwidth 6 Network Addressing 7 Chat Scripts 8 Modems and Dialback System Enabled Disabled Local DEFINE LOGGING AUTHENTICATION 3 Table 11 ...

Page 199: ... A RADIUS accounting server has been set up at host 192 0 1 176 to log accounting information Figure 11 54 shows how to configure the SCS in this situation Figure 11 54 Configuring Database Order 11 8 2 Terminal User Forced to Execute Command Terminal user jerry does not have an existing account on UNIX He will only use the SCS to Telnet to his own remote host venus The following figure shows the ...

Page 200: ...the site must automatically enter SLIP mode Port 2 must be configured to automatically detect PPP so that it can begin running PPP and CHAP when necessary The port must not be dedicated to PPP however because other connections will be using the same port In order to authenticate the SLIP user SLIPdetect must be disabled Figure 11 57 displays the commands necessary for this configuration Figure 11 ...

Page 201: ...nt current security A firewall prevents outside users from freely accessing your network by controlling which services on your network are available to internet users A local network consists of addresses 192 0 1 0 through 192 0 1 24 Site irvine is used to manage connections to this network Irvine requires a firewall that does the following Prevents IP spoofing Permits outgoing Telnet connections ...

Page 202: ...P packets could be permitted passage by filters positioned before this rule Figure 11 60 Preventing IP Spoofing Note The CERT advisory on IP spoofing is available from ftp cert org pub cert_advisories CA 95 01 IP spoofing To permit outgoing Telnet connections initiated from the local network the following command is used Figure 11 61 Permitting Outgoing Telnet Connections To permit SMTP traffic be...

Page 203: ... list for site irvine the Define Site Filter Incoming command is used Figure 11 69 Configuring a Firewall Local DEF FILT fw_i ADD ALLOW IP TCP DPORT EQ NNTP SPORT GT 1023 DST 255 255 255 255 192 0 1 104 SRC 255 255 255 255 192 0 2 100 Local DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ NNTP DPORT GT 1023 ACK DST 255 255 255 255 192 0 1 104 SRC 255 255 255 255 192 0 2 100 Local DEF FILT fw_i ADD ALLOW IP...

Page 204: ...e 12 172 The following example assumes the terminal is connected to the console port port 1 Figure 11 72 Configuring Authentication Event Logging Local DEFINE PORT 2 MODEM ENABLED Local DEFINE PORT 2 MODEM TYPE 3 Info Port speed changed to 57600 Info Port flow control changed to CTS Local DEFINE PORT 2 DIALBACK ENABLED Local DEFINE DIALBACK sam 123 4567 Local DEFINE DIALBACK paul 867 5309 Local DE...

Page 205: ...he SCS200 Port Commands page 12 52 contains commands for serial and virtual port configuration Modem Commands page 12 3 describes the commands necessary for configuring the SCS to use an attached modem Service Commands page 12 101 covers commands that setup various services Server Commands page 12 111 includes commands that affect the whole SCS Site Commands page 12 132 describes the commands nece...

Page 206: ...nerally limited to thirty one alphanumeric characters for pathnames and file server names fifteen alphanumeric characters for filenames and six alphabetic characters for the privileged and login passwords When a string limit differs from the norm its limitations are noted 12 3 Conventions Used in This Chapter The following conventions are used to explain the syntax of the commands Optional paramet...

Page 207: ...A or ATA DisableString A string of up to 12 characters When the modem receives this string automatic answering will be disabled Commonly set to s0 0 EnableString A string of up to 12 characters When the modem receives this string automatic answering will be enabled Commonly set to s0 1 Rings Either enter 1 or 3 to tell the SCS how many rings to wait before answering the line When Caller ID is enab...

Page 208: ...file Settings page 9 5 12 4 3 Define Ports Modem Busy Defines a string that the SCS will expect from the modem on outbound calls to signal that the remote number is busy or otherwise unavailable Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges N...

Page 209: ...rrent port only Defaults Disabled See Also Define Ports Modem Answer page 12 3 Caller ID page 9 12 12 4 5 Define Ports Modem Carrierwait Defines the length of time that a server will wait for a carrier on incoming and autodialed calls If a carrier is not received in that length of time the SCS assumes that it will not be received The call will fail and the modem will be reset Restrictions Requires...

Page 210: ... current port only string A string of up to 12 characters Commonly set to at Defaults Depends on modem and modem profile Examples Local DEFINE PORT 2 MODEM COMMANDPREFIX at See Also Profile Settings page 9 5 12 4 7 Define Ports Modem Compression Enables or disables data compression in the modem Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or grou...

Page 211: ...ompression page 9 9 12 4 8 Define Ports Modem Connected Defines a string to expect on outbound calls when the modem is connected to the remote location Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All...

Page 212: ... port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Defaults Disabled See Also Set Define Ports DSRLogout page 12 70 Show Monitor List Ports Modem page 12 96 Chapter 9 Modems 12 4 10 Define Ports Modem Dial Defines a string to send ...

Page 213: ...e modem encounters an error Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only string A string of up to 12 characters set to ERROR by defaul...

Page 214: ...ction will be enabled Note The DisableString and the EnableString must be entered together Defaults Disabled no strings defined Examples Local DEFINE PORT 2 MODEM ERRORCORRECTION ENABLED Local DEFINE PORT 2 MODEM ERRORCORRECTION q5 q0 See Also Profile Settings page 9 5 Define Ports Modem Error page 12 9 12 4 13 Define Ports Modem Getsetup Defines a string to send to the modem to cause it to return...

Page 215: ...gs page 9 5 12 4 14 Define Ports Modem Init Defines an initialization string to send to the modem The string is preceded by the Commandprefix string Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All pa...

Page 216: ... DEFINE PORT 2 MODEM NOCARRIER NO CARRIER See Also Profile Settings page 9 5 12 4 16 Define Ports Modem Nodialtone Defines a string to expect on outbound calls when the modem can t detect a dial tone Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ran...

Page 217: ... MODEM OK OK See Also Define Ports Modem Attention page 12 4 Profile Settings page 9 5 12 4 18 Define Ports Modem Reset Defines a string that will cause the modem to reset and reload its configuration from NVR Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dash...

Page 218: ...ocal DEFINE PORT 2 MODEM RING M M See Also Profile Settings page 9 5 12 4 20 Define Ports Modem Save Defines a string that forces the modem to save its configuration to NVR Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of ...

Page 219: ...speaker will be enabled DisableString A string of up to 12 characters Commonly set to m0 When this string is received by the modem the modem s speaker will be disabled Defaults Disabled no strings defined Examples Local DEFINE PORT 2 MODEM SPEAKER ENABLED Local DEFINE PORT 2 MODEM SPEAKER m11 m0 See Also Profile Settings page 9 5 12 4 22 Define Ports Modem Statistics Defines a string to send to th...

Page 220: ...tically enables modem control for the specified port if not enabled already Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only TypeNum A pre...

Page 221: ...nce Modem Commands 12 17 Restrictions You must be the privileged user to use the Monitor command Parameters num A particular modem profile type to display Examples Local SHOW MODEM 3 See Also Modem Profiles page 9 2 ...

Page 222: ...et Hosts will fail if there are any active Telnet connections on the server Parameters All Removes the names of all known hosts HostName The name of a Telnet host to be removed Examples Local CLEAR HOSTS alex See Also Set Define Hosts page 12 34 Show Monitor List Hosts page 12 48 12 5 2 Clear Purge IP Factory Resets IP router options to their factory defaults Restrictions Requires privileged user ...

Page 223: ...ee Also Set Define IP Route page 12 42 Show Monitor List IP Routes page 12 49 IP Routing page 6 19 12 5 5 Clear Purge IP Security Removes entries from the trusted router table Restrictions Requires privileged user status Parameters address An IP address in standard numeric format for example 193 53 2 2 All Clears or purges the entire security table Examples Local CLEAR IP SECURITY 192 0 1 2 See Al...

Page 224: ...nect is not needed for Telnet or Rlogin connections but must be included in the command for TCP or Local connections Outgoing SSH connections can specify a host optional port optional username and optional command to be executed on the remote machine After the command is executed the SSH connection will end A colon and session environment string can be added to the connect request see Setting Sess...

Page 225: ...he data stream Rlogin Forces an Rlogin connection to the remote host or if no hostname is entered to the preferred host May also take a username after the host parameter in which case a username is sent to the remote Rlogin host host Enter a text host name or an IP address in a standard numeric format for example 192 0 1 183 envstring Sets up the connection environment before the session is starte...

Page 226: ...thernet from the SCS permanent memory Restrictions Requires privileged user status Parameters num An integer specifying a secondary Ethernet Numbering begins at 1 See Also Set Define IP All Ethernet page 12 35 Show Monitor List IP Interface page 12 49 12 5 10 Rlogin Requests an Rlogin connection to a specified host or the preferred TCP host if no host is specified Note Rlogin is an abbreviation fo...

Page 227: ... See Also Connect page 12 20 Set Define Ports Password page 12 78 Telnet and Rlogin Sessions page 6 9 12 5 11 Send Sends Telnet commands through a session Note This command is only functional for Telnet TCP connections Parameters AO Abort Output AYT Are You There BRK Break EC Erase Character EL Erase Line GA Go Ahead IP Interrupt Process NOP No Operation SEND AO AYT BRK EC EL GA IP NOP SYNCH ...

Page 228: ...onnection When 802 11 is disabled the SCS will ignore an installed 802 11 card and will only look for a compatible wired Ethernet connection You must reboot the SCS before those changes will take place Restrictions Requires privileged user status Only applies to the SCS200 Parameters Enabled Prompts the SCS to check for a compatible 802 11 wireless Ethernet networking PC card at startup If one is ...

Page 229: ...er an integer or group of integers separated by commas e g 1 2 3 to specify the affected antenna s Antennas are numbered consecutively starting with antenna number one See the documentation that came with your card for antenna numbering information Default Sets the antennas to their default transmit and receive values Examples Local DEFINE 80211 ANTENNA DEFAULT Local SET 80211 RESET See Also Show ...

Page 230: ... See your PC card documentation for specific information about which channels are available in your area Any configuration changes you make with the above commands will not take place until you reboot the SCS or issue the Set 80211 Reset command Restrictions Requires privileged user status Only applies to the SCS200 and SCS400 Errors If you enter a command that is not applicable to the 802 11 card...

Page 231: ...lies to the SCS200 Errors If you enter a command that is not applicable to the 802 11 card currently in use you will receive an Error message Parameters name Enter a string of up to 32 characters If the string contains lowercase letters or non alphanumerics it may need to be enclosed in quotes to be processed properly None If no ESSID string is set the SCS will communicate with whichever Access Po...

Page 232: ...12 5 12 7 Set Define 80211 MAC Address Configures which of the two available MAC addresses the SCS will use on the network its own or that of the attached 802 11 wireless networking PC card The SCS MAC address which is the same as its hardware address is printed on bottom label of the SCS Any configuration changes you make with the above commands will not take place until you reboot the SCS or iss...

Page 233: ...e place until you reboot the SCS or issue the Set 80211 Reset command Restrictions Requires privileged user status Only applies to the SCS200 Errors If you enter a command that is not applicable to the 802 11 card currently in use you will receive an Error message Parameters AdHoc Specifies that the SCS is communicating with other wireless devices in a peer to peer capacity Infrastructure Specifie...

Page 234: ...efault Sets the card to its default transmit power setting num Enter a specific milliWatt power setting Examples Local DEFINE 80211 POWER DEFAULT Local SET 80211 RESET See Also Show 80211 page 12 48 802 11 Configuration page 2 11 12 5 12 10 Set Define 80211 Region Sets the regulatory region under which you will operate the SCS Users in the United States can leave this at the default setting FCC Ot...

Page 235: ...ET 80211 RESET See Also Show 80211 page 12 48 802 11 Configuration page 2 11 12 5 12 11 Set 80211 Reset Resets the SCS so any configuration changes will take effect immediately Restrictions Requires privileged user status Only applies to the SCS200 Parameters Reset Resets the SCS to make all 802 11 changes take effect immediately This command should be entered anytime you make an 802 11 configurat...

Page 236: ...onfiguration page 2 11 12 5 12 13 Set Define 80211 WEP Enabling WEP Wireless Equivalent Privacy means the SCS will only connect to an AP in infrastructure mode or communicate with other ad hoc peers in ad hoc mode that have been programmed with the same WEP key as the SCS All wireless network traffic the SCS sends will be encrypted with its WEP key and any encrypted wireless network traffic the SC...

Page 237: ... through 9 and A through F Each pair of hex digits xx defines a byte of key data and each byte is separated from the next by a dash For a 40 bit key 5 bytes of key data must be given For a 128 bit key 13 bytes of data must be given Receive Determines whether the SCS will receive unencrypted data while WEP is enabled All Allows reception of encrypted traffic while WEP is enabled The SCS will accept...

Page 238: ...revious value Restrictions Requires privileged user status Errors You will receive an error if you enter an IP address in a questionable format Parameters hostname The hostname string you wish to define limited to 64 alphanumeric characters with only 16 characters between any period delimiters IPaddress Standard numeric IP address of the machine referred to by the hostname Examples Local SET HOST ...

Page 239: ...Ethernum parameter when omitted it defaults to zero Ethernum Enter the number of a specific secondary Ethernet interface If a zero is entered the configuration will affect the primary interface TTL Sets the amount of time that the IP Time To Live value should be decremented by when routed through this interface The specific amount must be set using the TTLnum parameter TTLnum An integer between 1 ...

Page 240: ...When Proxy ARP is enabled the SCS will respond to ARP requests to all addresses in the pool Must be used with the First and Last parameters or with the None parameter Note The pool can be set to any size but it makes sense to restrict it to the number of available serial ports First Specifies the start of the range of IP addresses to be used Last Specifies the end of the range of IP addresses to b...

Page 241: ...12 48 Defining an IP Address Pool page 6 3 12 5 15 Set Define IP Create Creates a secondary interface an interface that shares a physical device such as an Ethernet port but has a different IP address The secondary interface is commonly used to allow more than one IP network on a given Ethernet Restrictions Requires privileged user status Parameters 0 The number zero represents the primary Etherne...

Page 242: ... a Default Domain Name page 6 7 12 5 17 Set Define IP Ethernet See Set Define IP All Ethernet page 12 35 12 5 18 Set Define IP Host Limit Sets the maximum number of TCP IP hosts that the SCS will add to its host table as a result of Rwho and DNS lookups Hosts from the preset host table are exempt from this limit Restrictions Requires privileged user status Parameters num An integer between 0 and 2...

Page 243: ... of the host used for TFTP loading Restrictions Requires privileged user status Parameters address An IP address in standard numeric format for example 193 0 1 5 See Also Set Define Server Loadhost page 12 120 12 5 21 Set Define IP Nameserver Specifies the IP address of the local nameserving host for use on IP connections and NetBIOS connections that use IP The host s address must be specified usi...

Page 244: ...ONTCP string Time in minutes to expire non TCP NAT mappings ADV PRIVATE Specifies whether to advertise private networks SOCKET Specifies beginning of socket range used by NAT beginning socket First socket number or IP port number END Specifies last of socket range used by NAT end socket Last socket number or IP port number See Also Set Define IP NAT Table page 12 41 Show Monitor List IP page 12 49...

Page 245: ...0 1 50 PRIVSOCK A socket number or IP port number at the PRIVIP address NONE Clears an entry in the NAT table See Also Show Monitor List IP page 12 49 ISP Site Connections with NAT on page 4 6 12 5 24 Set Define IP NBNS Specifies the address of the NetBIOS Name Server NBNS used for NetBIOS over an IP network NBNS addresses are passed via PPP to remote users who want to locate the name server dynam...

Page 246: ...ording to the default route Static default routes are used when another router is the designated default route If this router is to advertise itself as the default router see Set Define IP All Ethernet Default page 12 35 destination An IP address in standard numeric form Nextrouter Sets the router that packets to the destination will be sent to router A router name or IP address Note If the route ...

Page 247: ... IP packets If routing is disabled any packets requiring routing on the SCS will be rejected The router will still learn routes via RIP if enabled for its own use Restrictions Requires privileged user status Defaults Enabled See Also IP Routing page 6 19 12 5 27 Set Define IP Security Adds or changes entries in the IP security table Restrictions Requires privileged user status SET DEFINE PROTOCOLS...

Page 248: ...erver Outgoing Restricts Telnet sessions from the network into the server Ports A list of ports for which the restriction applies To specify a port or list of ports use the PortList parameter If PortList is not specified all physical and virtual ports apply A port number of 0 i used to apply to the virtual incoming login ports PortList A port or series of ports to be restricted Multiple ports must...

Page 249: ...IP address address An IP address in standard numeric format for example 255 255 192 0 Examples Local SET PROTOCOL IP SUBNET MASK 255 255 255 0 See Also IP Addresses page 6 1 12 5 29 Set Define IP TCP Keepalive Enables or disables TCP keepalive packets By default TCP keepalive packets are enabled and are transmitted every minute Restrictions Requires privileged user status Parameters Enabled Transm...

Page 250: ...r a possible daytime server then send packets querying that server for time information Note Daytime is only supported over UDP address An IP address in standard numeric format for example 193 0 1 50 None Clears a previous timeserver setting NTP Specifies an NTP server There are three types of NTP Broadcast The SCS periodically broadcasts a message that asks for time information and waits for an N...

Page 251: ...8 Clear Purge IP Trusted page 12 20 Types of Routes page 6 19 12 5 32 Set Define IP Trusted Configures a list of trusted routers When Set Define IP All Ethernet Trusted is enabled the SCS will only listen to RIP updates from routers in this list Restrictions Requires privileged user status Parameters address An IP address in standard numeric format for example 193 0 1 50 RIP When enabled sets the ...

Page 252: ...nly that host s information Wildcards for the hostnames are allowed The All option is the default and it displays all known TCP IP hosts Restrictions You must be the privileged user to use the Monitor command Parameters hostname Specifies a particular TCP IP host All Displays all the TCP IP nodes that this server currently knows about These include hosts from the local host table as well as hosts ...

Page 253: ...ary which means that bit 6 is set The meaning of each bit is explained in Table 12 1 Table 12 1 IP Failure and Message Reasons Bit Connect Failure Reasons Invalid Packet Reasons ICMP Message Reasons 0 Internal failure should be 0 Data received outside window Echo message received 1 Connection terminated abnormally Echo reply received 2 No nameserver defined for text host name Packet received with ...

Page 254: ... num parameter num An integer specifying a particular Ethernet interface SiteName A particular site whose IP information will be displayed Cache Displays cache statistics NAT Displays the settings related to NAT support Routes Displays the IP routing table Security Displays the active Show Monitor or permanent List IP security entries 5 Attempted ARP failed Packet received for an unknown local use...

Page 255: ...TERFACES ETHERNET Local SHOW IP INTERFACES ETHERNET 4 See Also Netstat page 12 187 IP Network Commands page 12 18 Chapter 6 IP 12 5 36 SSH SSH is a shorthand for the Connect SSH command For a description of the command see Connect page 12 20 12 5 37 Telnet Telnet is a shorthand for the Connect Telnet command For a description of the command see Connect page 12 20 ...

Page 256: ... 6 2 Lock Locks a port without disconnecting sessions When you enter this command you will be queried for a password 6 alphanumeric characters maximum and asked to verify it The port is then locked until that password is used to unlock it If a user forgets the password the privileged user must either logout the port using the Logout command disconnecting all sessions or use the Unlock Port command...

Page 257: ...ecified the current port will be logged out Examples Local LOGOUT Local LOGOUT PORT 2 4 6 See Also Automatic Logouts page 8 11 12 6 4 Purge Port Resets a port to the factory default PPP or Modem settings but without affecting any other port settings When used without the PPP or Modem parameters both PPP and Modem settings are purged Restrictions Requires privileged user status Parameters PPP Reset...

Page 258: ...ode and resumes the current active session To resume a session other than the current one specify a session number with the number parameter Errors An error is returned if there are no active or defined sessions Parameters number A session number which can range from one to the total number of sessions that you currently have open Examples Local RESUME Local RESUME SESSION 4 See Also Switching Bet...

Page 259: ...onnection See Also Show Monitor List Ports page 12 96 12 6 9 Define Email Configures email notification in a format known as an emailsite which contains all of the information needed when email notification for port buffering is enabled Emailsites can be named default or portxx where xx is the port number The portxx sites will be used for email notification on that port e g the port12 emailsite wi...

Page 260: ... the email message The maximum number of characters for this field is 32 Subject Sets the subject line that will be displayed in the email message Enter a character string with a maximum length of 48 characters Enclose the string in quotes to preserve case and spaces Table 12 2 Dynamic Print Variables Variable Parsing Function FN Displays the file name currently being accessed SC Prints Lantronix ...

Page 261: ...Event Port Logging page 3 2 12 6 10 Set Define Ports Access Sets the type of incoming connections allowed through the physical port Restrictions Requires privileged user status Errors If a port is active its access cannot be set Autobaud must be disabled for Remote and Dynamic ports Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated ...

Page 262: ...ith commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Defaults Disabled See Also Clear Purge Authentication page 12 151 Set Define Authentication page 12 153 Show Monitor List Authentication page 12 177 Ports Not Using Automatic Protocol Detection page 4 14 Port Restrictions page 8 9 12 6 12 Set Define P...

Page 263: ...8400 will work but 9600 to 115200 will not Defaults Disabled Examples Local DEFINE PORTS AUTOBAUD DISABLED See Also Configure Modems page 4 18 Modem Speeds page 9 2 12 6 13 Set Define Ports Autoconnect If enabled the port connects automatically to the preferred service upon login To exit to character Local mode the Break command can be used To attach other services the Connect command can be used ...

Page 264: ...d enabling Autostart will disable Autobaud and produce an error message The Save parameter is only applicable when the port is configured with a dedicated host If Modem Control is enabled a port enabled for autostart will not be idle unless DSR is held low and therefore will not be available for connections from the network Parameters PortList All Specifies a particular port or group of ports or a...

Page 265: ...haracters will be passed to the host as the first bytes of data or the characters will be discarded None Discards the autostart characters Defaults Disabled Examples Local DEFINE PORTS 2 AUTOSTART ENABLED Local DEFINE PORT 1 AUTOSTART CHARACTER A Local DEFINE PORT 1 AUTOSTART SAVE 1 See Also Starting Automatically page 8 2 12 6 15 Set Define Ports Backward Switch Defines a backward key From charac...

Page 266: ...itch character Defaults None configured for serial connections 02 Ctrl B for virtual port logins Examples Local SET PORT 2 BACKWARD SWITCH 02 See Also Backwards page 12 180 Set Define Ports Forward Switch page 12 73 Set Define Ports Local Switch page 12 74 Switching Between Sessions page 8 5 12 6 16 Set Define Ports Break Allows users to set an alternate Break character and determines where the Br...

Page 267: ...lts Local for serial users Remote for virtual port connections See Also Set Define Ports Backward Switch page 12 61 Set Define Ports Forward Switch page 12 73 Set Define Ports Local Switch page 12 74 Breaking from a Session page 8 5 Serial Break Handling page 3 9 12 6 17 Define Ports Backspace Specifies behavior of the Backspace key If disabled the Backspace key deletes the character to the left o...

Page 268: ...tList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Defaults Enabled Examples Local SET PORTS BROADCAST ENABLED See Also Broadcast page 12 180 Set Define Server Broadcast page 12 116 12 6 19 Set Defin...

Page 269: ... Ports Parity page 12 77 Chapter 9 Modems 12 6 20 Set Define Ports Command Completion Enables or disables the command completion feature If enabled the SCS will attempt to complete partially typed command words when the user presses the Space or Tab keys Restrictions Requires privileged user status if you want to use this command on ports other than your own Errors If the partially entered command...

Page 270: ...ether they should be discarded through the Save parameter Packets created by the serial handling rules will be queued to the ethernet driver as a single operation but there is no guarantee that they will be received at the host in a single network read If the serial input buffer is filled the accumulated data will be queued to the ethernet driver regardless of the serial handling rules The serial ...

Page 271: ... To specify a control character use escaped hex xx For example Ctrl B ASCII character 0x02 would be specified as 02 Save Specifies what happens to the matched trigger characters Either the first character or both characters will be passed to the host as the first bytes of data or the characters will be discarded Defaults 30 msec Examples Local DEFINE PORTS ALL DATASEND DELAY CHARACTER 50 Triggers ...

Page 272: ...rts are dedicated users must connect via the console ports or the SCS must have incoming logins enabled Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the cur...

Page 273: ...environment string is specified with the TCP parameter the connection will default to a Telnet connection Examples Local DEFINE PORT 5 DEDICATED 192 0 1 221 Local DEFINE PORT 2 DEDICATED irvine D See Also Connect page 12 20 Set Define Ports Preferred page 12 79 Define Ports PPPdetect page 12 84 Set Define Ports SLIPdetect page 12 88 Show Monitor List Ports page 12 96 Setting Session Characteristic...

Page 274: ...sabled if so desired Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Examples Local DEFINE PORT 3 DIALBACK ENABLED See Also Set Define Di...

Page 275: ...a a Telnet connect When the port is idle DTR will not be asserted Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Defaults Disabled See A...

Page 276: ... or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Defaults set to None See Also Set Define Ports Serial Log page 12 85 Define Email page 12 55 Event Port Logging page 3 2 Email Alerts for Serial Events page 3 3 12 6 27 Set Define Ports Flow Control Sets the type of flow control on the port Restrictions Requires privileg...

Page 277: ...mmand on ports other than your own Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Switch Defines the control character Must be used in conjunction with the character parameter chara...

Page 278: ...st or the All parameter the configuration will affect the current port only Defaults Disabled See Also Define Site Idle page 12 139 Set Define Server Inactivity page 12 118 12 6 30 Set Define Ports Local Switch Defines a local switch key From character Local mode typing this key functions as if the Forward command was entered the user may switch to the previous session without entering character m...

Page 279: ...ins Examples Local SET PORT 2 LOCAL SWITCH 02 See Also Set Define Ports Break page 12 62 Set Define Ports Backward Switch page 12 61 Set Define Ports Forward Switch page 12 73 Port Specific Session Configuration page 8 4 12 6 31 Set Define Ports Loss Notification Sends the terminal device a Ctrl G Bell when a typed character is lost due to a data error or an overrun on the SCS Restrictions Require...

Page 280: ...lts Disabled See Also Clear Purge Menu page 12 111 Set Define Menu page 12 112 Show Monitor List Menu page 12 129 Enabling Menu Mode page 8 12 Configuring Menu Mode page 3 4 12 6 33 Set Define Ports Modem Emulation Specifies whether or not to enable the SCS to emulate a modem for performing network connections If it is disabled the Local prompt will appear at login If it is enabled the SCS will re...

Page 281: ...t port only portname A name of up to 16 characters composed of alphanumerics or the underscore _ character If the name is not enclosed in quotation marks it will be converted to uppercase Note The default portname is Port_n where n is the port number Examples Local SET PORT 2 NAME highspeed_modem See Also Naming a Port page 8 13 12 6 35 Set Define Ports Parity Sets the serial port s parity to Odd ...

Page 282: ...Set Define Server Login Password command is used to set the password Restrictions Requires privileged user status Errors The virtual port port 0 password must be enabled or disabled with the Define command Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList o...

Page 283: ... Specifies a default service for this port The SCS will attempt to use the preferred service for Autoconnecting as well as when no service name is specified in a Connect Telnet SSH or Rlogin command If no environment string is specified the service will be a Telnet connection by default Restrictions Requires privileged user status if you want to use this command on ports other than your own Parame...

Page 284: ...cters or less or an IP address in standard numeric format for example 192 0 1 3 envstring Sets up the connection environment before the session is started The string is constructed with a sequence of key letters some of which are prefaced by either the or For the available key letters and usage instructions see Appendix A Environment Strings If no environment string is specified with the TCP param...

Page 285: ...ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Enabled Disabled Enables or disables PPP on a specified port but does not start PPP Dedicated Configures a port to always be in PPP mode The port will automatically run PPP when it is started No other protocol c...

Page 286: ...ormation Both Enables authentication for both this node and the remote node Disabled Turns off CHAP PAP authentication Local The SCS will authenticate itself to the SCS Remote The remote node will authenticate itself to the SCS Counter Specifies the number of configuration retries for the Link protocol and all Network Control protocols Configure Specifies the number of Configure Requests to send b...

Page 287: ... outbound from the SCS for example CHAP Secrets Password A specific per port password for authenticating data outbound from the SCS for example CHAP Secrets Defaults PPP Enabled Map value 0x00000000 CHAP Both PAP Both Counter Configure 10 requests Counter Failure 5 Configure NAKs Counter Terminate 2 requests HeaderCompression MagicNumber ProtocolCompression Enabled Timeout 30 seconds Multilink Dis...

Page 288: ...onfiguration will affect the current port only Defaults Enabled See Also Define Ports PPP page 12 81 Purge Port PPP page 12 53 Set Define Logging PPP page 12 172 Set PPP page 12 95 Show Monitor List Ports PPP page 12 96 Chapter 7 PPP 12 6 41 Set Define Ports Printer If enabled the server will verify that the port is online before sending data to it Restrictions Requires privileged user status Para...

Page 289: ...ity 12 6 43 Set Define Ports Serial Log Spools idle serial data to the RAM disk where it is logged into a file that can be accessed later The file will be saved in the form ram Port_xx log where xx is the port number This command also indicates the maximum size of the log file and changes the specified port to Access Remote If the file size reaches the limit set by this command the file will be tr...

Page 290: ...ular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only limit An integer between 0 and 8 None Allows the maximum number of sessions Defaults Limit 4 sessions See Also Set Define Server Session Limit page 12 126 Port Specific Session...

Page 291: ...d parameter devotes that port to SLIP mode Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Dedicated The specified port will automaticall...

Page 292: ...col Detection page 4 12 12 6 48 Set Define Ports Speed Specifies the baud rate of the port Restrictions Requires privileged user status if you want to use this command on ports other than your own Secure users may not use this command Errors An error is displayed for illegal baud rates Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separat...

Page 293: ...entered Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port only Defaults 1 stop bit 12 6 50 Set Define Ports Telnet Pad If Telnet Pad is enabled the default the server automatically pads car...

Page 294: ...types might be VT100 or IBM1000 Restrictions Requires privileged user status if you want to use this command on ports other than your own Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas for lists or dashes for ranges Note In the absence of a PortList or the All parameter the configuration will affect the current port o...

Page 295: ...movement Defaults Softcopy See Also Setting the Device Type page 8 14 12 6 53 Set Define Ports Username Used to specify a username for the port When the username is defined you will not be asked for one when logging in to the port Restrictions Requires privileged user status to use this command on ports other than your own Secure users may not use this command Parameters PortList All Specifies a p...

Page 296: ...4 12 6 55 Set Privileged Noprivileged Changes the current port s privilege status Only one port on the server can be privileged at any time The Override parameter is provided to force your current port to become the privileged port and the previously privileged port loses the privilege When changing your port to privileged status you will be queried for the privileged password The factory default ...

Page 297: ...o wire mode TXDrive must be set to Auto Parameters Enabled Disabled Enables or Disables RS 485 mode By default the SCS is configured for RS 232 networking Mode When RS 485 Mode is enabled you must choose either two wire or four wire mode If you do not explicitly set a mode with this command the SCS will default to four wire mode 2Wire Sets the SCS to use two wire mode 4Wire Sets the SCS to use fou...

Page 298: ...hen not transmitting Defaults Disabled Mode 4Wire Termination disabled TXDrive Always See Also Show RS485 page 12 98 RS 485 Configuration page 8 15 12 6 57 Set Session Specifies the characteristics for the current session Parameters Delete Specifies which character to send as the delete character Set Session Delete sends a delete character ASCII 0x7f This command has no effect if Pasthru or Passal...

Page 299: ...e Allows server specific keys i e Forward Backward and Local and messages to be interpreted by the unit Passall Disables server interpretation of switch characters messages and XON XOFF flow control Used for binary transfers such as executable files and graphics Pasthru Disables server interpretation of switch characters and server messages but not XON XOFF flow control Used for ASCII file transfe...

Page 300: ... the specified site s configuration Parameters SiteName A site name of up to 12 characters If no site name is given a site with the default site characteristics will be used IPaddress Defines the non negotiable remote IP address address An IP address in standard numeric format for example 192 75 2 0 Examples Local SET SLIP irvine Local SET SLIP allison IPADDRESS 192 0 1 221 See Also Set Define Por...

Page 301: ...ortNum Specifies a particular port Access Display ports that match a specified access type Must be used in conjunction with the Local Dynamic Remote or None parameter Local Displays ports set to Local access Local access restricts logins on the port to local users Dynamic Displays ports set to Dynamic access Dynamic access permits local or remote users to log into the port Remote Displays ports se...

Page 302: ...ied port s and the last available Caller ID information for the port s Modem control must be enabled for this command to work Note The Modem Status option is of no use for remote access or no access ports Examples Local SHOW PORT ALL SUMMARY Local LIST PORT ACCESS DYNAMIC COUNTERS See Also Chapter 8 Chapter 8 12 6 61 Show RS485 Displays the current RS 485 networking settings including wire mode te...

Page 303: ...test their own port Virtual and multisession enabled ports can only be tested by the user on that port Parameters PortNum Specifies a particular SCS port PostScript Sends a Postscript test page to the port instead of ASCII data Count Specifies the number of test lines to be send or if in postscript mode the number of pages to print Any character will terminate the test Must be used in conjunction ...

Page 304: ...0 to 3 000 milliseconds Examples Local TEST PORT Local TEST PORT 4 WIDTH 45 COUNT 5 12 6 64 Unlock Port Unlocks a locked port which may be necessary if the user has locked the port and forgotten the password The command does nothing if the port is already unlocked Restrictions Requires privileged user status Parameters PortNum The number of the locked SCS port Examples Local UNLOCK PORT 6 See Also...

Page 305: ...move Queue commands Parameters Local Specifies that all local services should be removed ServiceName A specific service to be removed Examples Local PURGE SERVICE LOCAL Local CLEAR SERVICE FILESERVER See Also Show Monitor List Services page 12 108 Port Specific Session Configuration page 8 4 12 7 2 Remove Queue Removes requests for local services from that service s queue A particular request or a...

Page 306: ...ice queue Examples Local REMOVE QUEUE NODE hydra Local REMOVE QUEUE ENTRY 5 Local REMOVE QUEUE SERVICE MODEM Local REMOVE QUEUE ALL See Also Show Monitor Queue page 12 190 12 7 3 Set Define Service Creates a new service For the description and syntax of particular parameters used in conjunction with this command refer to the individual entries that follow Note A maximum of 16 services can be creat...

Page 307: ...n the print data The binary characteristic should be disabled when printing PCL data Restrictions Requires privileged user status Defaults Disabled See Also Clear Purge Service page 12 101 12 7 6 Set Define Service EOJ Specifies a string to be sent to the attached device at the end of every job regardless of network protocol Restrictions Requires privileged user status Parameters EndString Any ASC...

Page 308: ...end of any LPR print jobs Restrictions Requires privileged user status Defaults Enabled See Also Clear Purge Service page 12 101 12 7 8 Set Define Service Identification Provides an information string for the specified service Restrictions Requires privileged user status Parameters string Enter an information string of up to 40 characters SET DEFINE SERVICE ServiceName FORMFEED ENABLED DISABLED SE...

Page 309: ...o or removed from the current list respectively If neither option is specified the new port list will replace the old port list Note that ports offering a service must be in the correct access mode for connections to succeed Restrictions Requires privileged user status Parameters PortList All Specifies a particular port or group of ports or all ports Port numbers should be separated with commas fo...

Page 310: ...trictions Requires privileged user status Defaults Disabled See Also Clear Purge Service page 12 101 12 7 12 Set Define Service PSConvert Controls whether the SCS will place a PostScript wrapper around each job The SCS will try to detect if it is already a PostScript job in which case it would not add an additional wrapper See Also Clear Purge Service page 12 101 12 7 13 Set Define Service RTEL En...

Page 311: ...fault Examples Local DEFINE SERVICE myserv SOJ 45 See Also Clear Purge Service page 12 101 12 7 15 Set Define Service TCPport Associates a TCP listener socket with the given service TCP connections to this socket will be connected to the service Restrictions Requires privileged user status Parameters SocketNum A particular socket The socket number can be an integer from 4000 to 4999 None Clears th...

Page 312: ...ember that this list is masked by the services that this port is eligible to see users will not see services they cannot connect to Restrictions You must be the privileged user to use the Monitor command Parameters Local Displays those services local to this server whether available or not service Specifies a particular service Numbers and wildcards are permitted All Displays all known services us...

Page 313: ...isplays full information for the specified services including network address protocol version and other services that node offers Examples Local SHOW SERVICE lab5_prtr STATUS Local MONITOR SERVICE LOCAL SUMMARY See Also Clear Purge Service page 12 101 ...

Page 314: ...Command Reference Service Commands 12 110 ...

Page 315: ... page 12 76 Show Monitor List Menu page 12 129 Enabling Menu Mode page 8 12 12 8 2 Initialize Server Controls SCS initialization and behavior after the unit is booted When the server is initialized all changes made using Set commands will be lost unless corresponding Define or Save commands were also made Initialization also sets local authentication in the first precedence slot i e Set Define Aut...

Page 316: ... ROM Examples Local INITIALIZE DELAY 2 Local INITIALIZE RELOAD FACTORY DELAY 12 Local INITIALIZE FACTORY Local INITIALIZE CANCEL See Also Rebooting page 2 5 Reloading Operational Software page 2 6 12 8 3 Set Define Menu Configures individual Menu Mode menu choices and the menu s title banner You can also configure the menus using a preconfigured text file which is specified using the filename para...

Page 317: ...igurations Examples Local SET MENU 5 SHOW SET NODES SHOW HOSTS See Also Show Monitor List Menu page 12 129 Clear Purge Menu page 12 111 Enabling Menu Mode page 8 12 Configuring Menu Mode page 3 4 Menu Configuration Files page 3 5 Table 12 3 Dynamic Print Variables Variable Parsing Function FN Displays the file name currently being accessed SC Prints Lantronix SD Adds a date stamp to the web page i...

Page 318: ...ed users are allowed to view the web pages but must become the superuser to make any configuration changes Disabled No access is allowed to the web pages Secure Superuser access is required to view any web pages See Also Disabling the FTP and HTTP Servers page 11 23 12 8 6 Set Define Protocol SSH Mode Allows the user to specify they types of SSH connections allowed from the command prompt of the S...

Page 319: ...ions are available the SCS chooses SSHv2 for outgoing SCS to Host connections Defaults V2PREFER See Also Supported SSH Connections page 6 11 12 8 7 Set Define Server Altprompt Enables or disables the alternate UNIX like prompts at login time When enabled the Username prompt is changed to login and the Password prompt is changed to Password Defaults Disabled See Also Set Define Server Prompt page 1...

Page 320: ...uide 12 8 10 Set Define Server Broadcast Enables or disables broadcasts from the server s ports Restrictions Requires privileged user status Defaults Enabled See Also Broadcast page 12 180 12 8 11 Set Define Server Buffering Specifies the size of the buffer in bytes used for TCP IP connections The size can be increased for large data transfers such as file transfers Restrictions Requires privilege...

Page 321: ...in mm dd yyyy format Examples Local SET SERVER CLOCK 13 23 0 3 15 1995 See Also Set Define IP Timeserver page 12 46 Show Monitor List Server Clock page 12 129 Show Monitor List Timezone page 12 131 Setting the Date and Time page 2 10 12 8 13 Set Define Server DHCP If a DHCP server exists on the network enabling it will provide the SCS with an IP address gateway address and subnet mask Restrictions...

Page 322: ...he new value Restrictions Requires privileged user status Parameters limit A value between 0 and 200 None No limit is set Defaults 200 hosts Examples Local SET SERVER HOST LIMIT 6 12 8 15 Set Define Server Inactivity Sets the period of time after which a port with Inactivity Logout enabled is considered inactive and is automatically logged out Restrictions Requires privileged user status Parameter...

Page 323: ...Parameters Telnet Enables incoming Telnet connects logins to the server None Prevents all login attempts Password Requires incoming Telnet login attempts to supply the server login password before being logged in NoPassword Incoming Telnet logins are permitted and are not prompted for the login password before connecting Secure Completely disables all non encrypted connections to the server Telnet...

Page 324: ...style address The SCS requests its run time code from this host Restrictions Requires privileged user status Parameters IPaddress An IP address in standard numeric format for example 193 0 1 50 Examples Local DEFINE SERVER LOADHOST 193 23 71 49 See Also Your SCS Installation Guide 12 8 18 Set Define Server Lock Controls whether or not local users are permitted to Lock their ports Restrictions Requ...

Page 325: ...osed in quotes Defaults access Examples Local SET SERVER LOGIN PASSWORD Password platyp not echoed Verification platyp not echoed Local See Also Set Define Server Incoming Password page 12 119 Login Password page 8 10 Set Define Ports Password page 78 12 8 20 Set Define Server Name Specifies the name of the SCS The name string must be in quotes if lowercase characters are used Restrictions Require...

Page 326: ...ing the Set Privileged command when entering the login password when logging in to a serial port or when Set Define Ports Password Incoming is enabled After limit retries the port will be logged out The value is also used for determining the number of times a user can fail an authenticated user login e g local database Radius Secure ID when Set Define Ports Authenticate is enabled The user can abo...

Page 327: ...ameters passwd Enter a password of 16 or fewer characters Note SCS passwords are case independent even when enclosed in quotes Defaults system Examples Local SET SERVER PRIVILEGED PASSWORD yodel Local SET SERVER PRIVILEGED Password ok2bin not echoed Verify ok2bin not echoed See Also Set Privileged Noprivileged page 12 92 Privileged Password page 2 8 12 8 24 Set Define Server Prompt This command al...

Page 328: ...CS1600 LabServ SET SERVER PROMPT p S_ n P Port_5 NoSession _5 SET SERVER PROMPT Lcl_ n P Lcl_3 See Also Changing the Local Prompt page 2 9 String Affect on Prompt p Substitutes the current port s name n Substitutes the current port s number s Substitutes the current server name D Substitutes the product name SCS1600 etc C Substitutes the company name Lantronix S Substitutes the current session nam...

Page 329: ...strictions Requires privileged user status Parameters LimitNum An integer between 4 and 100 inclusive Defaults 50 tries 12 8 27 Set Define Server Rlogin Restricts the use of the Rlogin command from the server If Rlogins are disabled you may not Rlogin to remote hosts Incoming Rlogin connections may still be permitted depending on the current Set Define Server Incoming setting Restrictions Requires...

Page 330: ...e Server Silentboot Causes the unit to attempt to boot without sending any status messages to the console port unless there are errors Restrictions Requires privileged user status Defaults Disabled 12 8 30 Set Define Server Software Specifies the name of the download software file if any the server will attempt to load at boot time For IP loading hosts this is the file that will be requested at bo...

Page 331: ... SCS commands that will configure the server before the users and services are started If no retry limit is specified in the command the SCS will retry failed downloads forever otherwise it will retry the specified number of times and then boot normally Telnet consoles are available at the time the server attempts to download the startupfile if there is a problem with the download you can still lo...

Page 332: ... your Daylight Savings Time zone for example use PDT for Pacific Daylight Time Must be used in conjunction with the time parameter time The time difference from Greenwich Mean Time entered as h mm Entering the minutes is optional ChangeTime Enter the month day and time of day that the change to DST occurs separating each element by a space see the examples below For the month enter the first three...

Page 333: ... List Menu Displays the current or saved Menu entries If you have a configuration file set this command will only display the name of that file Restrictions You must be the privileged user to use the Monitor command Secure users may not use this command See Also Clear Purge Menu page 12 111 Set Define Menu page 12 112 Enabling Menu Mode page 8 12 Configuring Menu Mode page 3 4 12 8 34 Show Monitor...

Page 334: ...it Send Failure Reason Receive Failure Reason 0 Unused should be 0 Unused should be 0 1 Unused should be 0 Packet received with CRC error 2 At least one collision has occurred while transmitting Received packet did not end on byte boundary 3 Transmit aborted due to excessive more than 16 network collisions FIFO overrun Could not write received data before new data arrived 4 Carrier sense was lost ...

Page 335: ...ce Source attempts to download a configuration file from a TFTP host The file is assumed to be lines of server commands which will be executed The Source command is most useful for trying out a configuration file before using the Set Define Server Startupfile command page 12 127 Restrictions Requires privileged user status Parameters host Enter a TFTP host text host name or IP address filename The...

Page 336: ...ion such as site names and passwords for link protocols that support authentication for example PPP Restrictions Requires privileged user status Parameters SiteName A site name of up to 12 characters CHAP Enables or disables the Challenge Handshake Authentication Protocol for outgoing calls PAP Enables or disables the Password Authentication Protocol for outgoing calls Note CHAP and PAP are part o...

Page 337: ...lback Using CBCP on page 11 7 Local Defines the password required from the remote host Must be used in conjunction with the None or password parameters Remote Defines the password to be sent to the remote host Must be used in conjunction with the None or password parameter Username Define the username to be sent to the remote site Must be used in conjunction with the None or username parameters No...

Page 338: ...tempts to add bandwidth whenever usage reaches a specified percentage Must be used in conjunction with the utilization parameter Remove Removes bandwidth when usage falls below a certain percentage Must be used in conjunction with the BytesPerSecond parameter utilization The percentage of usage above which the SCS will attempt to add bandwidth and below which the SCS will remove bandwidth Default ...

Page 339: ...dth to the remote site before bandwidth can be adjusted again Must be used in conjunction with the seconds parameter Adding bandwidth after it has been removed or removing bandwidth after it has been added requires double the number of seconds For example if a holddown value of 5 is specified adding bandwidth after it has been removed will require a 10 second delay Defaults Add and Remove Disabled...

Page 340: ...neNum parameter The default is to append information to the end of the script Timeout Sets the time to wait before commands or the number of times to wait for input before giving up Must be used in conjunction with the seconds parameter seconds A number of seconds or tries between zero and 65500 Expect Looks for a string before executing the next line of the script string The following special cha...

Page 341: ...MEOUT 2 EXPECT login This script will send a newline and wait for the string login for two seconds If found the script will continue If not the script will search again three times before failing Send Sends the specified string followed by a newline character 0xd hex 13 ASCII If a string is not specified only a carriage return is sent Delete Removes a line LineNum The line to remove Defaults Timeo...

Page 342: ...ged user status Parameters SiteName Enter a site name of up to 12 characters Idle Configures the packet filter that resets the idle timer Packets that pass this filter will reset the timer keeping the site from timing out and disconnecting Must be used in conjunction with the filtername parameter Incoming Configures the packet filter for packets that come into the SCS from the remote site Packets ...

Page 343: ...m00 Local DEFINE SITE irvine FILTER IDLE gb See Also Set Define Filter page 12 166 Show Monitor List Filter page 12 178 Filter Lists page 5 2 12 9 7 Define Site Idle Sets the maximum time in seconds that the specified site may be idle before the link is shut down timed out Note The SCS must be idle for at least 10 seconds before the link can be shut down Restrictions Requires privileged user statu...

Page 344: ...ters to prevent all IP packets from being forwarded Address Sets the IP address specified with the address parameter on this server s IP interface Compress Enables or disables header compression for the specified protocol DEFINE SITE SiteName IP ENABLED DISABLED ADDRESS address DYNAMIC NONE COMPRESS ENABLED DISABLED DEFAULT ENABLED DISABLED NETMASK mask NONE REMOTEADDRESS address address NONE RIP ...

Page 345: ... 5 0 or 192 4 5 255 and a caller requests this address the connection will be denied address An IP address in standard numeric format For example 192 0 1 3 None Clears a current IP address Remoteaddress address Othermask or Netmask Unnumbered An IP address is not to be expected from the remote site RIP Enables or disables RIP parameters and allows specification of update times and hop counts for t...

Page 346: ... SITE irvine IP RIP UPDATE 30 Local DEFINE SITE irvine IP UNNUMBERED Local DEFINE SITE irvine IP RIP METRIC 4 Local DEFINE SITE irvine IP COMPRESS ENABLED Local DEFINE SITE irvine IP FORWARD ENABLED See Also Set Define Logging Sites page 12 172 Show Monitor List Sites page 12 149 Configuring RIP for Sites page 4 10 Chapter 7 Character Mode Sites 12 9 9 Define Site MTU Configures the maximum sized ...

Page 347: ...ENT ENABLED 12 9 11 Define Site Port Configures a port that a site will use for its outgoing calls Each port must have a telephone number associated with it If multiple ports are associated with a site they must be prioritized Note To purge the port setting from the site see Purge Site page 12 148 Restrictions Requires privileged user status Parameters SiteName A site name of up to 12 characters P...

Page 348: ...sed in conjunction with either the number parameter or the None parameter number A telephone number of up to 24 characters characters can be of any type None No specific telephone number will be set for this port Priority Specifies a priority level for a particular port Higher priority ports will be dialed before ports with lower priority numbers Must be used with the prioritynum parameter priorit...

Page 349: ...ls Defaults PPP See Also Incoming Connections page 4 11 12 9 13 Define Site Telephone Defines the telephone number of the remote site Before you assign a telephone number you must associate the site with an SCS port or ports Restrictions Requires privileged user status Errors An error is returned if there is no port associated with the site Parameters SiteName Enter a site name of up to 12 charact...

Page 350: ...es when connections are allowed day Specify the days during which Adding will start and stop Must be followed by both starttime and endtime parameters If a second day is not specified it is understood that the start time and end time occur on the same day starttime endtime Specify the time when Add will go into effect and the time when Add will end on the specified day Times are specified in hh mm...

Page 351: ...ive before it is logged out Must be used in conjunction with the limit parameter limit Specify a time range from 10 to 65 000 seconds A setting of zero disables the session limit Success Specifies a delay after a successful connection before another connection will be attempted Must be used in conjunction with the seconds parameter Failure Specifies a delay after a failed connection attempt before...

Page 352: ... Site Logs out a site on the server Active sessions are disconnected and all site circuits are closed Restrictions Only privileged users can log out a port or site other than their own Parameters Site Logs out a site closing all circuits Must be used in conjunction with the SiteName parameter SiteName A site name of up to 12 characters Examples Local LOGOUT Local LOGOUT SITE irvine See Also Automa...

Page 353: ...ee Also Define Site Port page 12 143 12 9 17 Show Monitor List Sites In general displays information about a specified site The All keyword is a special case as described below Restrictions You must be the privileged user to use this command Parameters SiteName A particular site name of up to 12 characters All Displays all accumulated statistics for all sites that have started since the SCS was la...

Page 354: ...CHAT Local SHOW SITE irvine IP See Also Define Site commands page 12 132 12 9 18 Test Site Tests a site without having to force packet traffic When the command is issued the SCS will attempt a connection to the site and return basic status The site must then be shut down manually Errors An error will be returned if the site is unavailable For more detailed information use the Logging feature See A...

Page 355: ...es all users username A specific username to clear or purge Precedence Clears or purges a given precedence slot Must be used in conjunction with the num parameter num A precedence number of 1 through 6 Examples Local CLEAR PURGE AUTHENTICATION USER bob Local PURGE AUTHENTICATION PRECEDENCE 2 See Also Set Define Authentication page 12 153 Set Define Authentication Unique page 12 163 Show Monitor Li...

Page 356: ...dialback settings for the specified username Examples Local CLEAR DIALBACK ALL Local PURGE DIALBACK robert See Also Define Ports Dialback page 12 70 Set Define Dialback page 12 165 Show Monitor List Dialback page 12 178 Dialback page 11 5 12 10 3 Clear Purge Filter Removes a specified packet filter Restrictions Requires privileged user status Parameters filtername A particular packet filter to be ...

Page 357: ... sequentially against up to six databases a Kerberos database the SCS local database NVR a RADIUS server a SecurID server or a UNIX password file TFTP To configure one or more of the six databases refer to the appropriate command in this section Note Precedence settings should be configured carefully If a database is configured for a precedence slot that has already been filled by another database...

Page 358: ...ecked If the user is authenticated at any point the search process will stop and the login will be permitted If the user cannot be authenticated using the secondary database or server the database or server with the next precedence level will be checked If all precedence levels fail to authenticate the user the user is prevented from logging in Secondary Sets the secondary database or server to be...

Page 359: ...ir Must be used in conjunction with the password parameter password A case sensitive password of up to 40 alphanumeric or 8 hexadecimal characters To preserve case alphanumeric passwords must be enclosed in quotes Encryption Specifies that either the Andrew File System AFS or MIT Encryption algorithm will be used to create the Kerberos keys The SCS encryption method should match the Kerberos serve...

Page 360: ...eros server s KVNO Must be used in conjunction with the kvno_num parameter kvno_num An integer between 1 and 255 inclusive Defaults Principle rcmd Instance SCS Encryption MIT PortNum 750 Timeout 3 seconds MaxTries 5 See Also Define Site Authentication page 12 132 Kerberos page 11 11 12 10 7 Set Define Authentication Local Specifies that an SCS database saved in NVR or RAM will be used for authenti...

Page 361: ...e or file will not be used If the SCS fails to authenticate the user using the primary database or server due to network failure server failure missing or incorrect username password the secondary database will be checked If the user is authenticated at any point the search process stops and the login is permitted If the user cannot be authenticated using the secondary server the dataserver with t...

Page 362: ...tries parameter tries An integer between 1 and 255 inclusive Port Specifies that authentication or accounting information should be sent to a specific port on the server specified with the PortNum parameter PortNum A port number between 0 and 65535 inclusive Timeout Specifies the timeout period for a response from the RADIUS server Must be used in conjunction with the num parameter num An integer ...

Page 363: ...port number between 0 and 65535 inclusive Defaults Authentication port 1645 Maxtries 3 Timeout 1 second Accounting port 1646 Examples Local DEFINE AUTHENTICATION RADIUS PRIMARY 192 0 1 55 1234 Local DEFINE AUTHENTICATION RADIUS TIMEOUT 10 MAXTRIES 4 Local DEFINE AUTHENTICATION RADIUS ACCOUNTING ENABLED See Also Clear Purge Authentication page 12 151 Define Site Authentication page 12 132 Show Moni...

Page 364: ... will be checked If all precedence levels fail to authenticate the user the user is prevented from logging in address A text host name if a DNS is available for name resolution or an IP address in standard numeric format for example 192 23 71 49 None Clears the current server address Precedence Sets the precedence in which this database or server is checked The precedence number must be specified ...

Page 365: ...0 1 55 Local DEFINE AUTHENTICATION SECURID TIMEOUT 10 MAXTRIES 4 Local DEFINE AUTHENTICATION SECURID ACCOUNTING ENABLED See Also Define Site Authentication page 12 132 SecurID page 11 17 12 10 10 Set Define Authentication Strictfail Strict fail mode aborts the authentication process if any method returns an error of invalid error or invalid password Restrictions Requires privileged user status Def...

Page 366: ...the secondary database or server will be checked A specific address may be set with the address parameter or the None parameter may be used to indicate that the server will not be used If the user cannot be authenticated using the secondary database or server the database or server with the next precedence level will be checked If all precedence levels fail to authenticate the user the user is pre...

Page 367: ...me user It does not prevent the user from making additional non authenticated connections Restrictions Requires privileged user status See Also Restricting Multiple Authenticated Logins page 11 21 12 10 13 Set Define Authentication User Configures entries to the local database To indicate which username entry will be modified a username must be specified using the username parameter Restrictions R...

Page 368: ...ables or disables a user s ability to change his password The password can be changed with the Set Define Password command Altcommand Enables the use of the command specified with the command parameter None Removes port list from specified user Ports Target Rejects user connection attempt from the network or connect local to a port not on the user s port target list Ports Serial Rejects user conne...

Page 369: ... phonenum A telephone number Note The ATDT command should not be entered in the telephone number string The modem profile will prepend any necessary command prefixes Bypass When the Bypass parameter is associated with a username the port will not be logged out and the user will not be dialed back when attempting to connect to the SCS The word bypass must be associated with the username in the dial...

Page 370: ...col related examples are given with the subcommands listed on the following pages Restrictions Requires privileged user status Parameters filtername The name of the filter in which the new rule will be included up to 12 letters in length Create Creates a new filter with the specified filtername Filters must be created before their rules can be added deleted or otherwise modified Delete Removes the...

Page 371: ...TER abc CREATE Local DEFINE FILTER abc DELETE 2 Removes the second rule in filter list abc Local DEFINE FILTER abc ADD DENY IP TOS 0xE0 0x80 Local DEFINE FILTER abc CONTINUE DENY IP TOS 0xf0 0x40 See Also Define Site Filter page 12 138 Clear Purge IP Security page 12 19 Define Ports Dialback page 12 70 Packet Filters and Firewalls page 11 23 12 10 16 Set Define Filter Any Specifies that every pack...

Page 372: ...et to apply the mask May be a decimal value from 0 to 1500 where 0 indicates the first data position in the packet mask A hexadecimal or decimal number operator EQ GE GT LE LT NE The options are equal to EQ greater than or equal to GE greater than GT less than or equal to LE less than LT and not equal to NE value A hexadecimal or decimal number Examples Local DEFINE FILTER abc ADD DENY GENERIC OFF...

Page 373: ...d in a single rule in one command subject to the maximum command line length of 132 characters offset Defines where in the data packet to apply the mask May be a decimal value from 0 to 1500 where 0 indicates the first data position in the data packet SET DEFINE FILTER filtername IP IPGENERIC OFFSET offset MASK mask EQ GE GT LE LT NE value DST ipMask address SRC ipMask address protocolNum ICMP TCP...

Page 374: ...ork Must be used in conjunction with the ipMask and address parameters SRC Allows or denies passage of data packets that originated from a specific node on the local area network Must be used in conjunction with the ipMask and address parameters ipmask An IP address in standard numeric format for example 193 0 1 255 address An IP address in standard numeric format for example 193 0 1 50 TOS Builds...

Page 375: ...n both the protocol and the protocol port of the data packet portNum A TCP or UDP port number portKeyword A keyword corresponding to the TCP or UDP port number Available keywords are BOOTP DNS FINGER FTP FTPDATA HTTP NNTP NTP POP2 POP3 RIP SMTP SNMP SYSLOG TELNET and TFTP ACK Allows or denies TCP based packets in which the ACK acknowledge bit is set Examples Local DEFINE FILTER abc ADD DENY IP Add...

Page 376: ... Set Define HTTP Enables or disables the on board HTTP server See Also Disabling the FTP and HTTP Servers page 11 23 12 10 21 Set Define Logging SET DEFINE PROTOCOL FTP ENABLED DISABLED SET DEFINE PROTOCOL HTTP ENABLED DISABLED SET DEFINE LOGGING DESTINATION location NONE AUTHENTICATION DIALBACK IP MODEM PPP SITE num MAX NONE COMMANDS NETWORK PRINTER SYSTEM ENABLED DISABLED ...

Page 377: ...gged Restrictions Requires privileged user status Parameters Destination Specifies a destination for the logging messages Must be used in conjunction with the address parameter or the None parameter location A fileserver name or IP address This parameter may be specified as one of the following None Disables logging Authentication Logs events associated with authentication Must be used with the nu...

Page 378: ...CP UDP source destination ports Modem Logs modem activity including modem jobs incoming and outgoing Must be used with the num parameter or the None parameter Level Information 1 Dialback Problems 2 Unauthorized Users 3 Dialback Failures 4 Dialback Successes 5 Dialback Attempts 6 Modem Chat Level Information 1 Errors 2 Packets triggering remote connections 3 Routing table interface changes 4 Incom...

Page 379: ...ed with the num parameter or the None parameter num An integer that specifies a particular level of logging Level Information 1 Local System Problems 2 Remote System Problems 3 Negotiation Failures 4 Negotiation Data 5 State Transitions 6 Full Debugging Level Information 1 Errors 2 State Transitions 3 Chat Scripts 4 Modem Dialing 5 Port Connections 6 Connection Failures 7 Usage Summary ...

Page 380: ...Event Logging page 11 25 12 10 22 Set Define Password Changes the current user s password in the local authentication database provided the user is defined in the database and has permission to alter the password When this command is entered the user will be prompted for the old password then prompted to enter and verify a new password Note The user has three chances to enter the old password befo...

Page 381: ...ction with one of the following parameters Both None or Readonly Both Both read and write requests will be permitted None No SNMP requests are permitted Read Read only access will be permitted Examples Local SET SNMP COMMUNITY SUNMAN ACCESS BOTH See Also Clear Purge SNMP page 12 153 12 10 25 Show Monitor List Authentication Displays the local authentication database Restrictions Requires privilege...

Page 382: ...ge Dialback page 12 152 Define Ports Dialback page 12 70 Set Define Dialback page 12 165 Dialback page 8 12 Dialback from Character Mode page 11 6 12 10 27 Show Monitor List Filter Displays the current packet filters An individual filter may be specified using the filtername parameter Restrictions Requires privileged user status See Also Set Define Filter page 12 166 Clear Purge Filter page 12 152...

Page 383: ...ory Displays the memory log See Also Set Define Logging page 12 172 Event Logging page 11 25 12 10 29 Show Monitor List SNMP Displays the current or saved SNMP security table entries Restrictions Requires privileged user status See Also Clear Purge SNMP page 12 153 12 10 30 PC Card Commands 12 10 31 Show PCCard Provides general information about the PC card s installed in an SCS200 or SCS400 SHOW ...

Page 384: ...nse partial strings will yield appropriate commands that contain that string Examples APROPOS SITE See Also Help page 12 187 12 11 2 Backwards Switches sessions from the current session to the most recently started previous session If there is only one active session it resumes Repeating the command will cycle you backward through the active sessions If you search the beginning of the session list...

Page 385: ...port as recipient of the message Must be used with the PortNum parameter PortNum A particular SCS port username A particular user as recipient of this message message One word or several words in quotes The message will be sent exactly as typed if enclosed in quotes or in uppercase if not The message length is limited only by the length of the command line Examples Local BROADCAST PORT 7 ready for...

Page 386: ...ment commands in UNIX environments Unlike the similar UNIX commands each disk command must be preceded by the word DISK The commands are also not case sensitive The Disk commands honor disk permissions All disks are read only for non privileged users Restrictions The Format and FSCK parameters requires privileged user status The PC card parameters only apply to the SCS200 The ROM disk is read only...

Page 387: ... file To copy a file enter the filename for file1 and the new file name as file2 To move a file specify the filename as file1 and the destination directory as file2 Df Displays the blocks of free space on the SCS disks When you add the i switch the display includes in the display the number of inodes used versus the number still available If no disk name is specified all disks are displayed disk E...

Page 388: ... the display pauses after each screen and prints MORE at the bottom of the screen To access the next screen press the Space bar To abort press Ctrl C Mv Moves files or directories on the SCS RAM and flash disks You can also rename files with this command by inserting the new filename for target Od Displays the contents of the specified file as raw hexadecimal byte values The possible flags are Pwd...

Page 389: ...l be returned are Touch Creates an empty disk file Examples Local DISK CHMOD 755 PCCARD1 index txt Local DISK FORMAT PCCARD1 Local DISK LS l PCCARD1 Local DISK TEST PCCARD1 add exe See Also Disk Management page 2 18 i Prompts for a Y yes or N no before the file is removed r Removes an entire directory and all of its subdirectories d True if file exists and is a directory e True if file exists rega...

Page 390: ...wed by a hostname Finger Displays a list of current processes Examples Local FINGER BOB shows user bob on SCS Local FINGER HYDRA shows users on host hydra Local FINGER bob hydra shows user bob on hydra See Also Show Monitor Users page 12 131 12 11 7 Forwards Cycles forward through your sessions in the order displayed by the Show Sessions command The next session on the list becomes the active sess...

Page 391: ...ame More than one parameter can be added to the Help command Examples Local HELP Local HELP CONNECT Local HELP DEFINE SERVER BROADCAST See Also Apropos page 12 180 12 11 9 Monitor Displays current operating characteristics The displayed information is updated every 3 seconds until a key is pressed Each Monitor command and its parameters are documented together with the corresponding Show command R...

Page 392: ...m Parameters hostname Text name or IP address of the network host num Enter the size of the packet you wish to send The max size is 2000 Defaults packet size of 50 Examples Local PING 192 0 1 23 Local PING HYDRA LOCAL NET See Also Your Installation Guide 12 11 12 Resolve Attempts to resolve a TCP IP name from the local host table and or network nameserver Errors An error is returned to signal eith...

Page 393: ...atus Errors Save without a parameter is invalid Parameters Authentication Saves authentication database preferences and the local authentication database Filter Saves the packet filter settings for the specified filter Must be used in conjunction with the filtername parameter IP Router Saves the state of the IP router IP Security Saves the current IP security table to the permanent database Menu S...

Page 394: ...current logging configuration to the permanent database Menu Saves all menu items setup using the Set Menu command discussed on page 12 112 to the permanent database Examples Local SAVE PORT 2 Local SAVE SERVICE NTX See Also Command Types page 2 3 12 11 14 Show Monitor Queue Show Queue will display the entries in a connect queue if it exists Particular sets of queues or entries can be selected wit...

Page 395: ...for all ports and nodes Note All is the default setting for Show Monitor Queue Service Displays information for all queue entries for the local service specified with the ServiceName parameter ServiceName Specifies a service name of up to 16 characters Examples Local SHOW QUEUE Port 6 Local MONITOR QUEUE SERVICE lab5 12 11 15 Show Version Displays the current version of the SCS software See Also R...

Page 396: ... to zero some other port or All Parameters All Zeroes all Ethernet TCP IP SLIP and serial port counters Ethernet Zeroes only Ethernet counters Port Zeroes only the counters for events associated with a single serial port Note In the absence of a PortNum or the All or Ethernet parameters the configuration will affect the current port Examples Local ZERO COUNTERS PORT 6 ZERO COUNTERS ALL ETHERNET PO...

Page 397: ...ter a command that specifies both the desired port number and that the connection should in Passall mode Figure A 1 Entering Multiple Strings A 2 Available Strings Note In most applications environment strings are not necessary Environment keys must be separated from the hostname if one is specified by a colon Read the following sections carefully for more details on proper usage of each key A 2 1...

Page 398: ...ackspace mode D sets Delete mode Examples telnet 192 0 1 5 D A 2 1 4 E and E E sets Local Echo mode E sets Remote Echo mode Examples telnet 192 0 1 48 E A 2 1 5 P and P P specifies Passall method P specifies Passthru mode Both Passall and Passthru will prevent the proper handling of the Forward and Backward keys Examples Local DEFINE DEDICATED TELNET 192 0 1 221 P A 2 1 6 R Specifies that the conn...

Page 399: ...ou might see a screen resembling the following Figure B 1 Example of Error Bits The Errors bitfield is zeroed each time you issue either a Zero command or a Set 802 11 Reset command at the Local prompt The Errors bitfield is zeroed each time you issue either a Zero command or a Change 802 11 Reset command at the Local prompt B 2 Error Bits B 2 1 Leftmost Number 80000000 An authentication or associ...

Page 400: ...to reestablish contact by itself 00010000 Unit was deauthenticated or disassociated by the AP for attempting to pass data packets before being fully associated Indicates confusion of either the unit or the AP 00008000 Unit was disassociated by the AP for inactivity 00004000 Unit was deauthenticated or disassociated by the AP because the AP is going offline or being reconfigured to serve a differen...

Page 401: ...as the previous one failed because the association could not be confirmed by the previous AP 00000008 Association with the AP failed because the AP does not support all 802 11 options requested by the unit 00000004 Authentication or association with the AP failed or the unit was deauthenticated or disassociated by the AP for a reason explicitly given as unspecified 00000002 Could not find any beac...

Page 402: ...hin range that satisfies the unit s ESSID NETWORK TYPE and CHANNEL parameters 00000100 Received an 802 11 data packet that was not encapsulated as per RFC1042 or 802 1h Unit will still decapsulate and interpret the packet Some vendors APs trip this error when they send out magic packets containing proprietary extensions not defined by the 802 11 spec 00000080 Received an 802 11 data packet encapsu...

Page 403: ...Show 802 11 Errors Rightmost Number B 5 00000002 Internal error 00000001 Internal error ...

Page 404: ... the SNMP traps Traps are sent to a host when an abnormal event occurs on the SCS Currently the SCS will generate a Coldstart trap when it first boots and will send a Linkup trap when the startupfile if any has been read from a host and normal operation commences If a startupfile has been configured but the download fails the SCS will send an Authentication trap In all 3 cases the trap will be dir...

Page 405: ...pes are Readonly Both allows read and write or None Clear SNMP requires either a community name to remove a single entry or the All parameter to clear the entire table Show Monitor List SNMP commands require privileged access to prevent unauthorized users from seeing the allowed community names The SCS sends an error message when it receives SNMP queries or Set requests that are not permitted for ...

Page 406: ...he SCS can transmit the following attributes User Name User Password CHAP Password Either a User Password or CHAP Password will be sent CHAP Challenge NAS Identifier The NAS Identifier is the SCS s name string configured with the Set Define Server Name command NAS Port NAS Port Type Service Type The Service Type will be either Login or Framed PPP SLIP Framed Protocol When the Service Type is Frame...

Page 407: ...en the login and prompt service types and how they are handled by the SCS The table below shows the additional attributes that can be used in Access Accept packets sent by the RADIUS server Items marked with plus signs are only valid when the Service Type is Login or Callback Login Items marked with asterisks are only valid when the Service Type is Framed or Callback Framed Table D 1 Access Accept...

Page 408: ...ecomes the base site If the SCS does not find a match RADIUS will use a copy of the default site as the base site RADIUS uses the attributes passed from the RADIUS server during authentication to modify the base site If the Filter ID attribute is present and has the value irvine RADIUS examines NVR for a filter named irvine in If it finds the filter it uses that filter as the incoming filter for t...

Page 409: ...tes listed in Table C 2 Note Items marked with are only sent when the Service Type value is Framed or Callback Framed Table D 2 Accounting Packet Attributes Accounting Start Accounting Stop Acct Session ID Acct Session ID Acct Delay Time Acct Delay Time User Name User Name NAS Identifier NAS Identifier NAS Port NAS Port NAS Port Type Class Calling Station ID Acct Input Octets Class Acct Output Oct...

Page 410: ...for more information about how to configure your RADIUS server D 3 1 Configuring Authenticated PPP Connections The following entry allows user april to gain access to a LAN via PPP using the IP address 192 0 1 58 This user may be authenticated via PPP PAP PPP CHAP or via the local mode username and password prompts If authenticated by the latter the user will automatically be forced to execute the...

Page 411: ...ion is complete Remember that if a user connects via PPP and is authenticated by the RADIUS server with Service Type set to Login or Prompt the SCS RADIUS client code will reject the user because a user cannot be made to fall out of PPP mode into local character mode D 3 4 Preventing RADIUS Authentication You may wish to prevent the user from being authenticated by the RADIUS server in the first p...

Page 412: ...mples 11 28 Incoming 4 15 11 1 Kerberos 11 11 12 154 Local 12 156 Multiple user example 11 29 Outgoing connections 4 19 11 4 11 30 RADIUS 11 14 12 157 D 6 RSA 6 12 6 13 SecurID 11 17 12 159 Shared key 6 12 Sites 4 17 12 132 SSH 6 12 6 13 6 14 Strict fail mode 11 9 12 161 TFTP 12 162 Troubleshooting 11 33 Unique 11 21 12 163 User 12 163 Authenticator 11 12 Authorized keys file Creating 6 11 Autobau...

Page 413: ... COM Port Redirector 10 3 Command completion 2 2 12 65 Command editing keys 2 2 Command line 2 2 Command prefix string 9 4 9 9 12 6 Commands Abbreviation 2 4 Execution upon login 11 21 11 28 Forced 11 10 Help 12 180 IP 12 18 Keywords 2 4 Navigation 12 180 Port 12 52 Privileged 11 19 Security 12 151 Site 12 132 Community names 12 177 Compression Data 5 9 12 6 Header 5 9 7 1 7 3 Van Jacobson 7 3 Con...

Page 414: ...S 6 6 6 7 12 39 12 40 12 41 Default domain 6 7 DSR 8 10 8 21 Automatic logout 8 21 Logouts 8 11 12 70 Remote logins 8 21 DTE 9 1 DTR 8 22 9 8 DTRWait 12 71 Dyanmic print 12 55 12 112 E Email notification 3 3 Enable string 9 10 Environment strings A 1 Error correction 5 9 12 10 ESSID 2 14 ESSID 802 11 12 27 Ethernet Configuring interfaces 12 35 Purge 12 22 Event logging 7 8 11 25 11 33 Destination ...

Page 415: ...2 11 Instance 11 12 IP Commands 12 18 Configuration 6 23 Domain 12 38 Filter 11 24 12 169 Header compression 6 8 Headers 5 9 Interface 6 23 Interfaces 12 37 Loadhost 12 39 Nameserver 12 39 12 40 12 41 Packet traffic 11 24 Packets 6 19 RIP metric 4 10 Security 6 17 Security table 6 18 Settings 12 49 Sites 12 140 TCP Keepalive 12 45 12 46 TCP keepalive 12 45 Trusted 12 20 Trusted routers 12 47 IP ad...

Page 416: ... Logouts Automatic 8 11 Command 8 9 Idle 8 11 Inactivity 5 10 12 74 Loss notification 8 13 12 75 M Mac address 2 14 MAC address 802 11 12 28 Markers 5 4 Measurement period 5 7 Menu mode 12 76 12 112 Commands 3 4 Configuration files 3 5 Configuring 3 4 Displaying 12 129 Enabling 8 12 Entries 12 111 Menus Nested 3 7 Metric 6 20 MIB Management Information Base C 1 Mode Character 4 15 Local 11 6 Menu ...

Page 417: ... Set Define IP 12 40 NAT Table 12 40 12 41 NBNS Setting 12 41 NCP 7 3 Event logging 7 8 Netstat 12 187 Network mode 12 29 Network mode wireless 2 14 Network restrictions 11 22 Network routes 6 19 Networking wireless 12 24 Nocarrier string 12 12 NTP 2 11 NVR 9 8 9 9 Database 11 9 12 156 Modem configurations 12 14 O OK string 9 9 Outgoing connections 4 16 Authentication 4 19 11 30 Configuring 4 18 F...

Page 418: ... 11 Autostart 8 2 9 11 12 60 Bandwidth 5 6 Broadcast messages 8 12 12 63 12 64 Buffering 3 2 Character size 12 64 Commands 8 1 12 52 Configuration 8 13 Dedicated 4 13 12 68 Dedicating 4 13 8 8 Default settings 8 15 Dialback 12 70 Displaying 12 96 DSR logouts 8 11 Email notification 3 3 Flow control 8 18 8 19 Inactivity logouts 8 11 Locking 8 9 11 21 12 52 12 120 Login password 8 10 12 121 Logout 1...

Page 419: ...ms 5 14 Precedence 11 9 12 151 Local database 11 10 SecurID 11 18 Preferred services 12 79 Principle 11 12 Printer Banner page 12 103 Verification 12 84 Priority numbers Bandwidth 5 6 Privileged user 11 19 Profile Modems 4 18 Profile settings 9 5 Profiles 9 2 Editing 9 3 Prompts Altprompt 12 115 Configuring 2 9 12 123 Login 2 10 Protocols Automatic detection 8 4 Dedicated 4 13 8 8 Proxy ARP 6 22 E...

Page 420: ...ve 8 17 RTS 8 18 RTS 802 11 12 32 RTS CTS 12 72 Rwho 6 6 S Save 12 189 Save string 9 8 Secure users 8 12 12 85 SecurID 11 17 12 159 Configuring 11 18 PAP 11 17 Passcodes 11 17 Precedence 11 18 Security 5 1 11 1 Authentication 5 1 Commands 12 151 Dialback 11 33 Filters 11 30 Outgoing authentication 11 30 Secure server setting 11 22 12 119 Table 6 18 Serial breaks 3 9 3 10 Serial data Email notifica...

Page 421: ...Show Site 4 20 Show Monitor Site 4 20 Signal check 8 10 8 21 12 86 Site Dial Back on Hangup 12 138 Sites 4 2 4 12 4 17 4 18 Authentication 4 17 12 132 Bandwidth 5 8 12 134 Character mode 5 15 7 7 Chat scripts 5 3 12 136 Commands 12 132 Creating 4 3 12 132 12 138 Default configuration 4 3 Defining 4 3 Deleting 4 5 Dialback 11 7 Displaying 4 4 12 149 Editing 4 3 4 4 Forcedial 12 146 Idle time 5 10 1...

Page 422: ...5 14 5 15 Statistical multiplexors 5 13 Strict fail mode 11 9 12 161 Stub router 4 8 Subnet masks 6 1 12 45 BOOTP 6 5 CIDR 6 5 Contiguous 6 23 Displaying 6 5 Length 6 6 Setting 6 5 Switch Backward 12 61 Forward 12 73 Local 8 5 12 74 Synchronous leased lines 5 13 T Tables ARP 6 3 Routing 6 19 6 20 6 23 SNMP security 12 153 TCP Listener service 10 3 TCP IP Buffer size 12 116 Host limit 12 118 TCPpor...

Page 423: ...9 Unlock 11 21 Username password pair 11 2 11 10 Users Privileged 11 19 12 92 Restrictions 11 19 Secure 12 85 V v 32 9 2 v 32bis 9 2 v 42bis 9 9 Virtual ports 8 22 8 23 11 1 Defaults 8 22 8 23 W Web browser Disabling HTTP server 11 23 12 114 Interface 2 1 11 23 12 114 WEP 2 12 2 15 Enabling 12 32 Index Number 2 15 Key 2 15 WINS See NBNS Wireless 12 24 Wireless See 802 11 X XON XOFF 8 19 12 72 Z Ze...

Page 424: ...Index 13 ...