Security | Lantronix SLC 8000 specs

6: Basic Parameters

localsubnet <one or more subnets in CIDR notation> ikenegotation <mainaggressive>

ikeenc <any3desaes> ikeauth <anysha1md5> ikedhgroup <anydh2dh5> espenc <any3desaes> espauth <anysha1md5> espdhgroup <anydh2dh5> pfs <enabledisable> modeconfig <enabledisable> xauthclient <enabledisable> xauthlogin <User Login>

2.Enter RSA public key or Pre-Shared Key of remote host: set vpn key

3.Enter XAUTH password: set vpn xauthpassword

4.Display all VPN settings and current status: show vpn [email <Email Address>]

5.Display detailed VPN status: show vpn status [email <Email Address>]

6.Display VPN logs: show vpn viewlog [numlines <Number of Lines][email <Email Address>]

7.Dispplay RSA public key of the SLC: show vpn rsakey

Security

The SLC 8000 advanced console manager supports a security mode that complies with the FIPS 140-2 standard. FIPS (Federal Information Processing Standard) 140-2 is a security standard developed by the United States federal government that defines rules, regulations and standards for the use of encryption and cryptographic services. The National Institute of Standards and Technology (NIST) maintains the documents related to FIPS at: http://csrc.nist.gov/publications/PubsFIPS.html

FIPS 140-2 defines four security levels, Level 1 through Level 4. The SLC unit uses a FIPS module certified at Level 1.

To enable FIPS mode, the Network -> Security -> FIPS Mode flag needs to be enabled and the SLC unit rebooted. Each time the SLC unit is booted in FIPS mode, it will perform a power up self test to verify the integrity of the SLC unit's cryptographic module. If there are any issues with the integrity of the cryptographic module, FIPS mode will be disabled and the SLC unit will be rebooted into non-FIPS mode.

When the SLC unit is running in FIPS mode, the following protocols will be supported: SSL v3.1/ TLS 1.0, TLS 1.1, TLS 1.2, and SSH v2.

For SSL and TLS, the SLC unit will support the following cipher suites:

AES128-SHA

AES128-SHA256

AES128-GCM-SHA256

AES256-SHA

AES256-SHA256

AES256-GCM-SHA384

SLC™ 8000 Advanced Console Manager User Guide

73

Image 73

Lantronix SLC 8000 manual Security

Contents

SLC Advanced Console Manager User Guide Copyright & Trademark WarrantyOpen Source Software Contacts Revision History Disclaimer & Revisions Table of Contents Web and Command Line Interfaces Quick SetupBasic Parameters Services Device Ports 100 Connections 166 USB/SD Card Port 157 Maintenance 227 User Authentication 174 Application Examples 255 Command Reference 260 Appendix a Security Considerations 328 Appendix B Safety Information 329 SLC 8000 Advanced Console Manager User Guide List of Tables SLC 8048 Unit Front Side Part Number SLC 804812N-01-S List of Figures 13 SSL Certificate97 13User Authentication Custom Menus Purpose and Audience About this GuideSummary of Chapters About this Guide Additional Documentation Power FeaturesIntroduction Console Management Models System Features Protocols Supported Access Control Configuration Options Hardware FeaturesDevice Port Buffer Device Ports Back Side Serial Port Interfaces Network Connection Network Connections Memory Card Port USB Interface Internal Modem Location Internal Modem Power Cords InstallationWhats in the Box Product Information Label Technical Specifications Connecting to a Device Port Physical InstallationTo install the SLC 8000 advanced console manager in a rack To connect to a device port Console Port and Device Port DTE Reverse Pinout Disabled Connecting Terminals Connecting to Network PortsModular Expansion for I/O Module To connect a terminal AC Input Modem Servicing Instructions Modem Installation Installation Battery Part Numbers Battery Replacement Battery Replacement Instructions Disposal of Used Batteries from battery data sheet Short the Battery and Damage the Battery Housing Installation Recommendations Quick SetupIP Address Front Panel LCD Display and Keypads Method #1 Using the Front Panel DisplayNavigating Before you begin, ensure that you have Left arrow Right arrowEnter center button Up and down arrows Entering the Settings Restoring Factory Defaults Method #2 Quick Setup on the WebTo use the LCD display to restore factory default settings To complete the Quick Setup Quick Setup Date & Time Settings Network Settings Administrator Settings Method #3 Quick Setup on the Command Line InterfaceTo complete the command line interface Quick Setup script IP Address if Config Eth1Specifying Password SysadminDate/Time Next Step Web Manager Web and Command Line Interfaces  Port Number Bar To log in to the SLC web manager Logging Logging Out Command Line InterfaceWeb Page Help Command Line Help Command SyntaxTips To log in any other user To configure the current command line session General CLI CommandsTo set the number of lines displayed by a command To show current CLI settings To clear the command history To view the last 100 commands entered in the sessionTo view the rights of the currently logged-in user Requirements Basic Parameters Network Network Settings To enter settings for one or both network ports 12340BCD1D67000000008375BADD0057 may be shortened to Ethernet Interfaces Eth1 and Eth21234BCD1D678375BADD57 Hostname & Name Servers Gateway DNS Servers Network CommandsDHCP-Acquired DNS Servers TCP Keepalive Parameters To view all network settings To set the default and alternate network gatewaysTo view Ethernet port settings and counters To view DNS settings Viewing IP Filters IP FilterMapping Rulesets To view a list of IP filters To enable IP filters Configuring IP FiltersEnabling IP Filters To delete a mapping Ruleset Name Rule ParametersIP Addresses Protocol Port Range Allow serviceAction Generate rule to Updating an IP Filter IP Filter CommandsDeleting an IP Filter Routing To configure routing settingsDynamic Routing Replace Rule Number delete Rule Number To configure static or dynamic routing Equivalent Routing CommandsShow routing resolveip enabledisable email Email Address Static Routing To complete the VPN Enable VPN TunnelName Ethernet Port Authentication ESP Authentication IKERemote Id Remote Hop/Router Configuring an IPsec VPN Tunnel through the CLI Security To disable Fips To enable Fips System Logging and Other Services Services System Logging SSH/Telnet/Logging Audit Log Telnet Web SSH/Web Telnet SettingsPhone Home Top Level MIB Enable Agent Version Communities Set services one or more services parameters SNMP, SSH, Telnet, and Logging CommandsV3 Read-Only User V3 Read-Write User To view current services Set services v3passwordv3phrasev3rwpasswordv3rwphraseShow services To configure NFS and SMB/CIFS Nfsserverhostname or ipaddr/exported/path SMB/CIFS Share To view NFS share settings NFS and SMB/CIFS CommandsTo mount a remote NFS share To unmount a remote NFS share Secure Lantronix Network To view SMB/CIFS settingsShow cifs Services Secure Lantronix Network IP Address Login To directly access the CLI interface for a device SSH or Telnet CLI Session To directly access a specific port on a particular device Set s one or more parameters Secure Lantronix Network CommandsAdd IP Address delete IP Address Secure Lantronix Search localsubnetipaddrlistboth Date and TimeShow slcnetwork ipaddrlist allAddress Mask To set the local date, time, and time zone Enable NTP 10 Services Date & Time To view the local date, time, and time zone Date and Time Commands To configure the Web Server To view NTP settingsWeb Server Show ntp To configure the timeout for web sessions Admin Web CommandsAdmin web timeout disable5-120 minutes Admin web protocol sslv2nosslv2 Services Web Sessions To view, reset, import, or change an SSL Certificate Services SSL Certificate Login Reset to DefaultCertificate Import SSL Certificate To set up an SLC iGoogle gadget Web Server CommandsPassword / Retype Password IGoogle Gadgets 14 iGoogle Gadget Example Connection Methods Device PortsPermissions Device Ports Modules Devices Device Status Device Status Devices Device Ports Device Ports Telnet/SSH/TCP in Port Numbers Global Commands To view global settings for device ports Device Ports SettingsTo open the Device Ports Settings Sshport TCP Port tcpport TCP Port telnetport TCP Port SLC 8000 Advanced Console Manager User Guide 106 IP Settings Device Port Settings Data Settings Modem Settings Device Ports Hardware Signal Triggers Modem Settings PPP Mode Modem Settings Text ModeAT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0 DOD Authentication Same authentication forEnable NAT Remote/Dial-out Login Device Ports SLP / ServerTech CDU Device Port Status and CountersTo open the Device Ports SLP Number of Outlets To enter SLP commandsNumber of Expansion Outlets Devices Device Ports Sensorsoft Device Port Sensorsoft Device Device Port Commands To view the settings for one or more device ports To set the dialout passwordShow deviceport port Device Port List or Name To view a list of all device port names Device CommandsTo view the modes and states of one or more device ports To zero the port counters for one or more device ports To connect to a device port to monitor it Interacting with a Device Port Local Logging Device Ports LoggingNFS File Logging Connect direct endpoint Email/SNMP Notification USB and SD Card LoggingSylog Logging Device Port NumberDevice Port NameFile number.log Local Logging Email/TrapsEmail/Traps Send Email DelayTrigger on Byte Threshold USB / SD Card Logging Log Viewing AttributesSyslog Logging To configure logging settings for one or more device ports Logging CommandsShow locallog Device Port # or Name bytes Bytes To Display To clear the local log for a device port To set console port parameters Console Port Console Port Commands Internal Modem SettingsTo configure console port settings To view console port settings Setting Up Internal Modem Storage SLC 8000 Advanced Console Manager User Guide 128 AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0 Host Lists Password/ RetypeTo add a host list Chap Handshake Host Parameters To retry connecting to the host list Escape Sequence Retry connecting to the host list To view or update a host list To delete a host list Host List CommandsTo add a new host entry to a list or edit an existing entry To move a host entry to a new position in the host list ScriptsTo display the members of a host list To add a script SLC 8000 Advanced Console Manager User Guide 136 Script Name ScriptsType SD Card Right to view and enter settings for SD card To view or update a scriptUser Rights Group To rename a script Batch Script SyntaxTo delete a script To change the permissions for a script Interface Script Syntax Senduser PasswordSet myvar expr 1 + Primary Commands Secondary Commands Compare two strings String compare str 1 strString match str 1 str Determine if two strings are equal 19 Control Flow Commands Control Flow Commands Interface Script-Monitor Port Sample Scripts SLC 8000 Advanced Console Manager User Guide 146 Batch Script-SLC CLI SLC 8000 Advanced Console Manager User Guide 148 To add a site SitesSite Id Site Name Dial-out Login Login/CHAP HostDial-out Password Chap Secret To delete a site To view or update a siteTo create or edit a site Set site addedit Site Name parameters Dial Modem Dialing StatesSet site delete Site Name show site allnamesSite Name Dial-on-demand Dial-back Dial-back & Dial-on-demand Dial-in & Dial-on-demand Cbcp Server SLC 8000 Advanced Console Manager User Guide 156 USB/SD Card Port Set Up of USB/SD Card Storage Click Configure Format UnmountFilesystem Filesystem Check Devices USB Modem To configure the USB Modem port, from the USB Ports table Modem Settings Text Mode Remote/Dial-out Pwd PPP Mode Manage Files SD Card Commands USB Commands Connections Typical Setup Scenarios for the SLC UnitTerminal Server Reverse Terminal Server Remote Access Server Console Server Multiport Device Server To create a connection Connection ConfigurationOutgoing Connection SSH Out To view, update, or disconnect a current connectionOptions Trigger To configure initial timeout for outgoing connections Connection CommandsTo monitor a device port To view connections and their IDs To terminate a bidirectional or unidirectional connectionTo display details for a single connection Connect global show To display global connections Ldap User Authentication Kerberos User Authentication Authentication Methods To set ordering of authentication methods Authentication CommandsSet auth one or more parameters Show auth User Types and Rights User Rights To enable local and/or remote users Local and Remote User Settings To add a user Adding, Editing or Deleting a User Data Ports Listen PortsClear Port Buffers Display Menu at Login Enable for Dial-backPassword Expires Allow Password Change Select or clear the checkboxes for the following rights SD Card Right to enter settings for SD card Shortcut Local Users Commands Local User Rights Commands To view settings for all remote users Remote User Commands User Authentication NIS To configure the SLC unit to use NIS to authenticate users NIS Domain Enable NISBroadcast for NIS NIS Master Server SLC 8000 Advanced Console Manager User Guide 188 To view NIS settings NIS CommandsTo set group and permissions for NIS users Ldap To configure the SLC unit to use Ldap to authenticate users Enable Ldap User Authentication Ldap Uid=roberts,ou=People,dc=lantronix,dc=com and the password Uid=$login,ou=People,dc=lantronix,dc=com, and user roberts Key File is in PEM format, eg Certificate in base64 encodingPrivate key in base64 encoding Adsupport enabledisable Ldap CommandsRight to enter modem settings for USB Set ldap one or more parameters To view Ldap settings To set the Ldap bind passwordTo set user group and permissions for Ldap users To import or delete a certificate Radius Tcp, or udp Listen Port To set user group and permissions for Radius users Radius Commands Show radius To view Radius settings END-VENDOR Lantronix Kerberos Realm Enable KerberosKDC IP Address KDC Port Full AdministrativeUse Ldap Set kerberos group defaultpoweradmin Kerberos CommandsSet kerberos one or more parameters To set user group and permissions for Kerberos users Set kerberos permissions Permission List To view Kerberos settingsSet kerberos custommenu Menu Name Show kerberos TACACS+ Servers Enable TACACS+Secret SLC 8000 Advanced Console Manager User Guide 207 Set tacacs+ group defaultpoweradmin TACACS+ CommandsSet tacacs+ one or more parameters To set user group and permissions for TACACS+ users To configure Groups in the SLC unit To view TACACS+ settingsGroups Set tacacs+ custommenu Menu Name Group Name 10 User Authentication Groups Deviceport, tcp, or udp Enable forDial-back Imported Keys SSH Keys Exported Keys SLC 8000 Advanced Console Manager User Guide 214 Imported Keys SSH Host & Login for ImportExported Keys SSH Out Host & User Associated with Key To view, reset, or import SSH RSA1, RSA, And DSA host keys Host and Login for ExportTo view or delete a key Key Name Key Reset to Default HostImport Host Key To import an SSH key SSH CommandsSet sshkey import ftpscpcopypaste one or more parameters To export a key To delete a key To reset defaults for all or selected host keysTo display SSH keys that have been imported To display SSH keys that have been exported To add a custom menu Custom Menus SLC 8000 Advanced Console Manager User Guide 221 Title Menu NameNicknames Redisplay Menu To view or update a custom menu Custom User Menu CommandsTo delete a custom menu To create a new custom menu from an existing custom menu To set the optional title for a menu SLC 8000 Advanced Console Manager User Guide 225 SLC 8000 Advanced Console Manager User Guide 226 Firmware & Configurations Maintenance Maintenance Firmware & Configurations To configure settings Site Information Internal TemperatureSLC Firmware Load Firmware Via Options Boot Banks Configuration Management To reboot the SLC 8000 advanced console manager Administrative CommandsAdmin shutdown Manage Files To view FTP settings To update SLC firmware to a new revisionTo restore the SLC unit to factory default settings To list current hardware and firmware information To delete a saved configuration To rename a saved configurationTo list the configurations saved to a location Set temperature one or more parameters To view system logs System LogsLevel Starting at To clear system logs System Log CommandEnding at To clear one or all of the system logs Audit Log SLC 8000 Advanced Console Manager User Guide 238 Email Log Maintenance Email Log ARP Table DiagnosticsNetstat Host Lookup Diag arp email Email Address Diagnostic Commands To resolve a host name into an IP address To display a report of network connectionsTo verify that the host is up and running To generate and send Ethernet packets To display all network traffic, applying optional filters Default isDiag nettrace one or more parameters Parameters ethport Status/Reports Maintenance Status/Reports View Report Serial port settingsAll Displays all reports Port Status Devices Host Lists To display a snapshot of configurable parameters Status CommandsEmailing Logs and Reports To display the overall status of all SLC units 11 Emailed Log or Report To email a log to an individual SLC 8000 Advanced Console Manager User Guide 248 Event Trigger EventsEthernet Events Commands To configure the LCD and Keypad To update event definitionsLCD/Keypad To delete an event To configure the Keypad To configure the LCDKeypad Locked To configure banner settings LCD/Keypad CommandsRestore Factory Defaults Password / Retype Password Banners Login Banner Banner CommandsWelcome Banner Logout Banner Telnet/SSH to a Remote Device Application ExamplesSLC show deviceport port SLC connect direct deviceport Reboot Shutdown messages from SUN Dial-in Text Mode to a Remote Device Dial-in Text Mode to a Remote Device Local Serial Connection to Network Device via Telnet Local Serial Connection to Network Device via Telnet Trying Connected to Escape character is Sun OS 8.0 login Introduction to Commands Command Reference For general command line Help, type Admin banner login Administrative CommandsAdmin banner logout Admin banner show Admin banner welcome Admin banner sshAdmin config delete Admin config factorydefaults Admin config save Admin config restore Admin firmware bootbank Admin config showAdmin firmware show Admin firmware update Admin ftp server Admin ftp passwordAdmin ftp show Admin keypad Admin lcd reset Admin keypad showAdmin memory show Admin memory swap add Size of Swap in MB usbport U1U1 Admin reboot Admin quicksetupAdmin shutdown Admin site Admin web certificate Admin versionAdmin web certificate reset Admin web certificate show Admin web timeout Admin web groupAdmin web terminate Admin web show Audit Log Commands Set auth Authentication CommandsShow auth Show user Displays Kerberos settings Kerberos CommandsSet kerberos Show kerberos Set ldap bindpassword Ldap CommandsSet ldap Set localusers addedit User Login one or more parameters Local Users CommandsSet ldap certificate importdelete Show ldap Set localusers allowreuse Set local users complexpasswordsSet localusers state Set localusers delete Set localusers password Set localusers maxloginattemptsSet localusers periodlockout Set localusers periodwarning Show localusers NIS CommandsSet nis Displays NIS settings Radius CommandsShow nis Set radius Displays Radius settings TACACS+ CommandsSet radius server Show radius Show tacacs+ User Permissions CommandsSet localusers group Set localusers lock Set remoteusers addedit Set localusers permissionsSet remoteusers listonlyauth Show remoteusers Set remoteusers deleteSet nisldapradiuskerberostacacs+ group Set nisldapradiuskerberostacacs+ permissions Set cli CLI CommandsSet cli terminallines Show cli Connection CommandsSet history Show history Connect direct Connect global outgoingtimeout Connect terminate Connect listen deviceportConnect unidirection Show connections connid Show connectionsSet consoleport Show consoleport Custom User Menu CommandsSet localusers Set menu add Set nisldapradiuskerberostacacs+ custommenu Set menu deleteShow menu Set nisldapradiuskerberostacacs custommenu Menu Name Set datetime Date and Time CommandsShow datetime Set ntp Set command Device CommandsShow ntp Set deviceport port Device Port Commands SLC 8000 Advanced Console Manager User Guide 294 Show deviceport global Set deviceport globalShow deviceport names Sshport TCP Port telnetport TCP Port tcpport TCP Port Show portcounters Show deviceport portShow portcounters zerocounters Show portstatus Diag arp Diagnostic CommandsDiag internals Diag netstat Diag loopback Diag lookupDiag perfstat Diag pingping6 Diag sendpacket host Count=1, delay = 5 secondsDiag top Diag traceroute Slp auth login End Device CommandsSlp envmon Slp outletcontrol state Admin events add Events CommandsSlp restart Slp system Admin events delete Group CommandsAdmin events edit Admin events show Set hostlist addedit Host List Name Host List CommandsSet hostlist addedit Host List Name entry Set groups rename Group Name newname New Group Name Set hostlist delete Set hostlist edit Host List Name moveShow hostlist Set ipfilter state Internal Modem CommandsSet ipfilter mapping Set ip filter rules Logging Commands Set locallog clear Show locallogExample Set log modem pppdebug enabledisable Set log modem ppplog enabledisableSet log clear modem Show log local Network CommandsSet network Set network dns Set network gateway Configures up to three DNS serversSet network host Set network port Show network gateway Displays all network settingsShow network host Show network port Set nfs mount NFS and SMB/CIFS CommandsSet nfs unmount Set cifs Set cifs password Routing CommandsShow cifs Show nfs Show routing Services Commands Security Commands Show services SSH Key Commands SLC Network CommandsSet slcnetwork Show slcnetwork Set sshkey export Set sshkey deleteSet sshkey import Set sshkey import Set sshkey server import type Set sshkey server resetShow sshkey export Show sshkey import Show sshkey server Status Commands Show sysconfig System Log CommandsShow sysstatus Show syslog USB Storage Commands USB Access CommandsSet usb access Show syslog clear Set usb storage format Set usb storage fsckSet usb storage mount Set usb storage unmount Set usb storage copy USB Modem CommandsSet usb storage delete Show usb storage Set usb modem U1U2 dialoutpassword VPN CommandsSet vpn Show usb modem Show vpn Show temperature Set temperatureSet temperature Show vpn rsakey Security Practice Appendix a Security ConsiderationsFactors Affecting Security Safety Precautions Appendix B Safety Information Port Connections Rack Appendix C Adapters and Pinouts Appendix C Adapters and Pinouts SLC 8000 Advanced Console Manager User Guide 333 Appendix D Protocol Glossary Radius Remote Authentication Dial-In User Service PAP Password Authentication ProtocolTACACS+ Terminal Access Controller Access Control System NTP Network Time Protocol Manufacturer’s Name & Address Appendix E Compliance Information RoHS Notice Appendix E Compliance Information