To enable Fips, To disable Fips | Lantronix SLC 8000 guide

6: Basic Parameters

DES-CBC3-SHA

SSL/secure certificates imported for use with the web server or LDAP authentication must use either the SHA1 or SHA2 hash with a RSA public key of 1024, 2048 or 3072 bits.

When the SLC unit is running in FIPS mode, the following protocols/functions will not be supported: NIS, Kerberos, RADIUS, TACACS+, Telnet/WebTelnet, WebSSH, IPSec/VPN, SSLv2, SSH v1, FTP, PPP, CIFS/Samba, TCP (to Device Ports), unencrypted LDAP, and SNMP. If any of these protocols/functions are enabled prior to enabling FIPS mode, they will be automatically disabled.

LDAP authentication must be configured with the following:

StartTLS encryption (SSL encryption over port 636 is not supported)

A SSL/secure certificate

Either Bind with Login or a Bind Name and Password

Note: In FIPS mode, passphrases are not supported for SSH keys and SSL certificates.

Figure 6-6 Network > Security

To enable FIPS:

1.Check the Enable FIPS Mode check box on the Networks > Security page.

2.Click Apply. The SLC unit will need to be rebooted to initiate FIPS mode. Once the SLC module is running in FIPS mode, the Security page, will display all processes that are running in FIPS mode.

To disable FIPS:

1.Uncheck the Enable FIPS Mode check box on the Networks > Security page.

2.Click Apply. The SLC unit will need to be rebooted for this change to take effect.

SLC™ 8000 Advanced Console Manager User Guide

74

Image 74

Lantronix SLC 8000 manual To enable Fips, To disable Fips

Contents

SLC Advanced Console Manager User Guide Open Source Software WarrantyCopyright & Trademark Contacts Disclaimer & Revisions Revision History Table of Contents Basic Parameters Quick SetupWeb and Command Line Interfaces Services Device Ports 100 USB/SD Card Port 157 Connections 166 User Authentication 174 Maintenance 227 Command Reference 260 Application Examples 255 Appendix B Safety Information 329 Appendix a Security Considerations 328 SLC 8000 Advanced Console Manager User Guide List of Tables List of Figures SLC 8048 Unit Front Side Part Number SLC 804812N-01-S 13 SSL Certificate97 13User Authentication Custom Menus Summary of Chapters About this GuidePurpose and Audience Additional Documentation About this Guide Introduction FeaturesPower Console Management System Features Models Access Control Protocols Supported Device Port Buffer Hardware FeaturesConfiguration Options Serial Port Interfaces Device Ports Back Side Network Connections Network Connection USB Interface Memory Card Port Internal Modem Internal Modem Location Whats in the Box InstallationPower Cords Product Information Label Technical Specifications To install the SLC 8000 advanced console manager in a rack Physical InstallationConnecting to a Device Port To connect to a device port Console Port and Device Port DTE Reverse Pinout Disabled Modular Expansion for I/O Module Connecting to Network PortsConnecting Terminals AC Input To connect a terminal Modem Installation Modem Servicing Instructions Installation Battery Replacement Battery Part Numbers Disposal of Used Batteries from battery data sheet Battery Replacement Instructions Short the Battery and Damage the Battery Housing Installation IP Address Quick SetupRecommendations Navigating Method #1 Using the Front Panel DisplayFront Panel LCD Display and Keypads Before you begin, ensure that you have Enter center button Right arrowLeft arrow Up and down arrows Entering the Settings To use the LCD display to restore factory default settings Method #2 Quick Setup on the WebRestoring Factory Defaults To complete the Quick Setup Quick Setup Network Settings Date & Time Settings To complete the command line interface Quick Setup script Method #3 Quick Setup on the Command Line InterfaceAdministrator Settings Specifying Config Eth1IP Address if Date/Time SysadminPassword Next Step Web and Command Line Interfaces Web Manager  Port Number Bar Logging To log in to the SLC web manager Web Page Help Command Line InterfaceLogging Out Tips Command SyntaxCommand Line Help To log in any other user To set the number of lines displayed by a command General CLI CommandsTo configure the current command line session To show current CLI settings To view the rights of the currently logged-in user To view the last 100 commands entered in the sessionTo clear the command history Basic Parameters Requirements To enter settings for one or both network ports Network Network Settings 1234BCD1D678375BADD57 Ethernet Interfaces Eth1 and Eth212340BCD1D67000000008375BADD0057 may be shortened to Gateway Hostname & Name Servers DHCP-Acquired DNS Servers Network CommandsDNS Servers TCP Keepalive Parameters To view Ethernet port settings and counters To set the default and alternate network gatewaysTo view all network settings To view DNS settings Mapping Rulesets IP FilterViewing IP Filters To view a list of IP filters Enabling IP Filters Configuring IP FiltersTo enable IP filters To delete a mapping IP Addresses Rule ParametersRuleset Name Protocol Action Allow servicePort Range Generate rule to Deleting an IP Filter IP Filter CommandsUpdating an IP Filter Dynamic Routing To configure routing settingsRouting Replace Rule Number delete Rule Number Show routing resolveip enabledisable email Email Address Equivalent Routing CommandsTo configure static or dynamic routing Static Routing Name Enable VPN TunnelTo complete the VPN Ethernet Port Remote Id Authentication IKEAuthentication ESP Remote Hop/Router Configuring an IPsec VPN Tunnel through the CLI Security To enable Fips To disable Fips Services System Logging and Other Services SSH/Telnet/Logging System Logging Audit Log Phone Home Web SSH/Web Telnet SettingsTelnet Enable Agent Top Level MIB Communities Version V3 Read-Only User SNMP, SSH, Telnet, and Logging CommandsSet services one or more services parameters V3 Read-Write User Show services Set services v3passwordv3phrasev3rwpasswordv3rwphraseTo view current services To configure NFS and SMB/CIFS SMB/CIFS Share Nfsserverhostname or ipaddr/exported/path To mount a remote NFS share NFS and SMB/CIFS CommandsTo view NFS share settings To unmount a remote NFS share Show cifs To view SMB/CIFS settingsSecure Lantronix Network Services Secure Lantronix Network To directly access the CLI interface for a device IP Address Login To directly access a specific port on a particular device SSH or Telnet CLI Session Add IP Address delete IP Address Secure Lantronix Network CommandsSet s one or more parameters Secure Lantronix Show slcnetwork ipaddrlist allAddress Mask Date and TimeSearch localsubnetipaddrlistboth To set the local date, time, and time zone 10 Services Date & Time Enable NTP Date and Time Commands To view the local date, time, and time zone Web Server To view NTP settingsTo configure the Web Server Show ntp Admin web timeout disable5-120 minutes Admin Web CommandsTo configure the timeout for web sessions Admin web protocol sslv2nosslv2 Services Web Sessions Services SSL Certificate To view, reset, import, or change an SSL Certificate Certificate Reset to DefaultLogin Import SSL Certificate Password / Retype Password Web Server CommandsTo set up an SLC iGoogle gadget IGoogle Gadgets 14 iGoogle Gadget Example Permissions Device PortsConnection Methods Modules Device Ports Device Status Devices Device Status Device Ports Devices Device Ports Global Commands Telnet/SSH/TCP in Port Numbers To open the Device Ports Settings Device Ports SettingsTo view global settings for device ports Sshport TCP Port tcpport TCP Port telnetport TCP Port SLC 8000 Advanced Console Manager User Guide 106 Device Port Settings IP Settings Data Settings Hardware Signal Triggers Modem Settings Device Ports AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0 Modem Settings Text ModeModem Settings PPP Mode Enable NAT Same authentication forDOD Authentication Remote/Dial-out Login To open the Device Ports SLP Port Status and CountersDevice Ports SLP / ServerTech CDU Device Number of Expansion To enter SLP commandsNumber of Outlets Outlets Device Port Sensorsoft Device Devices Device Ports Sensorsoft Device Port Commands Show deviceport port Device Port List or Name To set the dialout passwordTo view the settings for one or more device ports To view the modes and states of one or more device ports Device CommandsTo view a list of all device port names To zero the port counters for one or more device ports Interacting with a Device Port To connect to a device port to monitor it NFS File Logging Device Ports LoggingLocal Logging Connect direct endpoint Sylog Logging USB and SD Card LoggingEmail/SNMP Notification Device Port NumberDevice Port NameFile number.log Email/Traps Email/TrapsLocal Logging Trigger on Email DelaySend Byte Threshold Syslog Logging Log Viewing AttributesUSB / SD Card Logging Show locallog Device Port # or Name bytes Bytes To Display Logging CommandsTo configure logging settings for one or more device ports To clear the local log for a device port Console Port To set console port parameters To configure console port settings Internal Modem SettingsConsole Port Commands To view console port settings Setting Up Internal Modem Storage SLC 8000 Advanced Console Manager User Guide 128 AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0 To add a host list Password/ RetypeHost Lists Chap Handshake To retry connecting to the host list Host Parameters Escape Sequence To view or update a host list Retry connecting to the host list To add a new host entry to a list or edit an existing entry Host List CommandsTo delete a host list To display the members of a host list ScriptsTo move a host entry to a new position in the host list To add a script SLC 8000 Advanced Console Manager User Guide 136 Type ScriptsScript Name User Rights To view or update a scriptSD Card Right to view and enter settings for SD card Group To delete a script Batch Script SyntaxTo rename a script To change the permissions for a script Set myvar expr 1 + Senduser PasswordInterface Script Syntax Primary Commands Secondary Commands String match str 1 str String compare str 1 strCompare two strings Determine if two strings are equal Control Flow Commands 19 Control Flow Commands Sample Scripts Interface Script-Monitor Port SLC 8000 Advanced Console Manager User Guide 146 Batch Script-SLC CLI SLC 8000 Advanced Console Manager User Guide 148 Site Id SitesTo add a site Site Name Dial-out Password Login/CHAP HostDial-out Login Chap Secret To create or edit a site To view or update a siteTo delete a site Set site addedit Site Name parameters Set site delete Site Name show site allnamesSite Name Modem Dialing StatesDial Dial-back Dial-on-demand Dial-in & Dial-on-demand Dial-back & Dial-on-demand Cbcp Server SLC 8000 Advanced Console Manager User Guide 156 Set Up of USB/SD Card Storage USB/SD Card Port Click Configure Filesystem UnmountFormat Filesystem Check To configure the USB Modem port, from the USB Ports table Devices USB Modem Modem Settings Text Mode PPP Mode Remote/Dial-out Pwd Manage Files USB Commands SD Card Commands Terminal Server Typical Setup Scenarios for the SLC UnitConnections Remote Access Server Reverse Terminal Server Multiport Device Server Console Server Outgoing Connection ConfigurationTo create a connection Connection Options To view, update, or disconnect a current connectionSSH Out Trigger To monitor a device port Connection CommandsTo configure initial timeout for outgoing connections To display details for a single connection To terminate a bidirectional or unidirectional connectionTo view connections and their IDs To display global connections Connect global show User Authentication Ldap User Authentication Authentication Methods Kerberos Set auth one or more parameters Authentication CommandsTo set ordering of authentication methods Show auth User Rights User Types and Rights Local and Remote User Settings To enable local and/or remote users Adding, Editing or Deleting a User To add a user Clear Port Buffers Listen PortsData Ports Password Expires Enable for Dial-backDisplay Menu at Login Allow Password Change SD Card Right to enter settings for SD card Select or clear the checkboxes for the following rights Local Users Commands Shortcut Local User Rights Commands Remote User Commands To view settings for all remote users To configure the SLC unit to use NIS to authenticate users User Authentication NIS Broadcast for NIS Enable NISNIS Domain NIS Master Server SLC 8000 Advanced Console Manager User Guide 188 To set group and permissions for NIS users NIS CommandsTo view NIS settings To configure the SLC unit to use Ldap to authenticate users Ldap User Authentication Ldap Enable Ldap Uid=$login,ou=People,dc=lantronix,dc=com, and user roberts Uid=roberts,ou=People,dc=lantronix,dc=com and the password Private key in base64 encoding Certificate in base64 encodingKey File is in PEM format, eg Right to enter modem settings for USB Ldap CommandsAdsupport enabledisable Set ldap one or more parameters To set user group and permissions for Ldap users To set the Ldap bind passwordTo view Ldap settings To import or delete a certificate Radius Tcp, or udp Listen Port Radius Commands To set user group and permissions for Radius users To view Radius settings Show radius Kerberos END-VENDOR Lantronix KDC IP Address Enable KerberosRealm Use Ldap Full AdministrativeKDC Port Set kerberos one or more parameters Kerberos CommandsSet kerberos group defaultpoweradmin To set user group and permissions for Kerberos users Set kerberos custommenu Menu Name To view Kerberos settingsSet kerberos permissions Permission List Show kerberos Secret Enable TACACS+TACACS+ Servers SLC 8000 Advanced Console Manager User Guide 207 Set tacacs+ one or more parameters TACACS+ CommandsSet tacacs+ group defaultpoweradmin To set user group and permissions for TACACS+ users Groups To view TACACS+ settingsTo configure Groups in the SLC unit Set tacacs+ custommenu Menu Name 10 User Authentication Groups Group Name Dial-back Enable forDeviceport, tcp, or udp SSH Keys Imported Keys Exported Keys SLC 8000 Advanced Console Manager User Guide 214 Exported Keys SSH Out Host & Login for ImportImported Keys SSH Host & User Associated with Key To view or delete a key Host and Login for ExportTo view, reset, or import SSH RSA1, RSA, And DSA host keys Key Name Import Host Key Reset to Default HostKey Set sshkey import ftpscpcopypaste one or more parameters SSH CommandsTo import an SSH key To export a key To display SSH keys that have been imported To reset defaults for all or selected host keysTo delete a key To display SSH keys that have been exported Custom Menus To add a custom menu SLC 8000 Advanced Console Manager User Guide 221 Nicknames Menu NameTitle Redisplay Menu To delete a custom menu Custom User Menu CommandsTo view or update a custom menu To create a new custom menu from an existing custom menu To set the optional title for a menu SLC 8000 Advanced Console Manager User Guide 225 SLC 8000 Advanced Console Manager User Guide 226 Maintenance Firmware & Configurations To configure settings Maintenance Firmware & Configurations SLC Firmware Internal TemperatureSite Information Boot Banks Load Firmware Via Options Configuration Management Admin shutdown Administrative CommandsTo reboot the SLC 8000 advanced console manager Manage Files To restore the SLC unit to factory default settings To update SLC firmware to a new revisionTo view FTP settings To list current hardware and firmware information To list the configurations saved to a location To rename a saved configurationTo delete a saved configuration Set temperature one or more parameters Level System LogsTo view system logs Starting at Ending at System Log CommandTo clear system logs Audit Log To clear one or all of the system logs SLC 8000 Advanced Console Manager User Guide 238 Maintenance Email Log Email Log Netstat DiagnosticsARP Table Host Lookup Diagnostic Commands Diag arp email Email Address To verify that the host is up and running To display a report of network connectionsTo resolve a host name into an IP address To generate and send Ethernet packets Diag nettrace one or more parameters Default isTo display all network traffic, applying optional filters Parameters ethport Maintenance Status/Reports Status/Reports All Displays all reports Port Status Serial port settingsView Report Devices Host Lists Emailing Logs and Reports Status CommandsTo display a snapshot of configurable parameters To display the overall status of all SLC units To email a log to an individual 11 Emailed Log or Report SLC 8000 Advanced Console Manager User Guide 248 Ethernet EventsEvent Trigger Events Commands LCD/Keypad To update event definitionsTo configure the LCD and Keypad To delete an event Keypad Locked To configure the LCDTo configure the Keypad Restore Factory Defaults Password / Retype Password LCD/Keypad CommandsTo configure banner settings Banners Welcome Banner Banner CommandsLogin Banner Logout Banner SLC show deviceport port Application ExamplesTelnet/SSH to a Remote Device Reboot Shutdown messages from SUN SLC connect direct deviceport Dial-in Text Mode to a Remote Device Dial-in Text Mode to a Remote Device Local Serial Connection to Network Device via Telnet Local Serial Connection to Network Device via Telnet Trying Connected to Escape character is Sun OS 8.0 login Command Reference Introduction to Commands For general command line Help, type Admin banner logout Administrative CommandsAdmin banner login Admin banner show Admin config delete Admin banner sshAdmin banner welcome Admin config factorydefaults Admin config restore Admin config save Admin firmware show Admin config showAdmin firmware bootbank Admin firmware update Admin ftp show Admin ftp passwordAdmin ftp server Admin keypad Admin memory show Admin keypad showAdmin lcd reset Admin memory swap add Size of Swap in MB usbport U1U1 Admin shutdown Admin quicksetupAdmin reboot Admin site Admin web certificate reset Admin versionAdmin web certificate Admin web certificate show Admin web terminate Admin web groupAdmin web timeout Admin web show Audit Log Commands Show auth Authentication CommandsSet auth Show user Set kerberos Kerberos CommandsDisplays Kerberos settings Show kerberos Set ldap Ldap CommandsSet ldap bindpassword Set ldap certificate importdelete Local Users CommandsSet localusers addedit User Login one or more parameters Show ldap Set localusers state Set local users complexpasswordsSet localusers allowreuse Set localusers delete Set localusers periodlockout Set localusers maxloginattemptsSet localusers password Set localusers periodwarning Set nis NIS CommandsShow localusers Show nis Radius CommandsDisplays NIS settings Set radius Set radius server TACACS+ CommandsDisplays Radius settings Show radius Set localusers group User Permissions CommandsShow tacacs+ Set localusers lock Set remoteusers listonlyauth Set localusers permissionsSet remoteusers addedit Set nisldapradiuskerberostacacs+ group Set remoteusers deleteShow remoteusers Set nisldapradiuskerberostacacs+ permissions Set cli terminallines CLI CommandsSet cli Set history Connection CommandsShow cli Show history Connect global outgoingtimeout Connect direct Connect unidirection Connect listen deviceportConnect terminate Set consoleport Show connectionsShow connections connid Set localusers Custom User Menu CommandsShow consoleport Set menu add Show menu Set menu deleteSet nisldapradiuskerberostacacs+ custommenu Set nisldapradiuskerberostacacs custommenu Menu Name Show datetime Date and Time CommandsSet datetime Set ntp Show ntp Device CommandsSet command Device Port Commands Set deviceport port SLC 8000 Advanced Console Manager User Guide 294 Show deviceport names Set deviceport globalShow deviceport global Sshport TCP Port telnetport TCP Port tcpport TCP Port Show portcounters zerocounters Show deviceport portShow portcounters Show portstatus Diag internals Diagnostic CommandsDiag arp Diag netstat Diag perfstat Diag lookupDiag loopback Diag pingping6 Diag top Count=1, delay = 5 secondsDiag sendpacket host Diag traceroute Slp envmon End Device CommandsSlp auth login Slp outletcontrol state Slp restart Events CommandsAdmin events add Slp system Admin events edit Group CommandsAdmin events delete Admin events show Set hostlist addedit Host List Name entry Host List CommandsSet hostlist addedit Host List Name Set groups rename Group Name newname New Group Name Show hostlist Set hostlist edit Host List Name moveSet hostlist delete Set ipfilter mapping Internal Modem CommandsSet ipfilter state Logging Commands Set ip filter rules Example Show locallogSet locallog clear Set log clear modem Set log modem ppplog enabledisableSet log modem pppdebug enabledisable Set network Network CommandsShow log local Set network dns Set network host Configures up to three DNS serversSet network gateway Set network port Show network host Displays all network settingsShow network gateway Show network port Set nfs unmount NFS and SMB/CIFS CommandsSet nfs mount Set cifs Show cifs Routing CommandsSet cifs password Show nfs Show routing Security Commands Services Commands Show services Set slcnetwork SLC Network CommandsSSH Key Commands Show slcnetwork Set sshkey import Set sshkey deleteSet sshkey export Set sshkey import Show sshkey export Set sshkey server resetSet sshkey server import type Show sshkey import Status Commands Show sshkey server Show sysstatus System Log CommandsShow sysconfig Show syslog Set usb access USB Access CommandsUSB Storage Commands Show syslog clear Set usb storage mount Set usb storage fsckSet usb storage format Set usb storage unmount Set usb storage delete USB Modem CommandsSet usb storage copy Show usb storage Set vpn VPN CommandsSet usb modem U1U2 dialoutpassword Show usb modem Show vpn Set temperature Set temperatureShow temperature Show vpn rsakey Factors Affecting Security Appendix a Security ConsiderationsSecurity Practice Appendix B Safety Information Safety Precautions Rack Port Connections Appendix C Adapters and Pinouts Appendix C Adapters and Pinouts SLC 8000 Advanced Console Manager User Guide 333 Appendix D Protocol Glossary TACACS+ Terminal Access Controller Access Control System PAP Password Authentication ProtocolRadius Remote Authentication Dial-In User Service NTP Network Time Protocol Appendix E Compliance Information Manufacturer’s Name & Address Appendix E Compliance Information RoHS Notice