secure console server model scs1620 product guide

Secure Console Server Model SCS1620

Product Guide

Part Number 15.00.032Revision B

February 2002

SCS1620 Product Manual Lightwave Communications

Page ii www.lightwavecom.com

A Lantronix Company SCS1620 Product Manual

15.00.032 Rev. B Page iii

Copyright & Trademark © 2002, Lightwave Communications, a Lantronix Company. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Printed in the United States of America. Also electronically distributed via Adobe PDF file format. Ethernet is a trademark of XEROX Corporation. UNIX is a registered trademark of The Open Group. Windows 95, Windows 98, Windows 2000, and Windows NT are trademarks of Microsoft Corp. Netscape is a trademark of Netscape Communications Corporation. Adobe Acrobat and PDF are trademarks of Adobe Corporation. Other trademarks and service marks are held by their respective owners.

SCS1620 Product Guide

Lightwave Communications, Inc. (LCI) 100 Washington Street Milford, CT 06460 USA Phone (800) 871-9838 • (203) 878-9838 Fax: (203) 874-0157 Email: [email protected] Internet: www.lightwavecom.com

Lantronix 15353 Barranca Parkway Irvine, CA 92618 USA Phone: (949) 453-3990 Fax: (949) 453-3995 Internet: www.lantronix.com


Page iv www.lightwavecom.com

Disclaimer & Revisions Operation of this equipment in a residential area is likely to cause interference in which case the user, at their own expense, will be required to take whatever measures may be required to correct the interference.

Attention: This product has been designed to comply with the limits for a Class A digital device pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against such interference when operating in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with this guide, may cause harmful interference to radio communications.

Changes or modifications to this device not explicitly approved by Lantronix will void the user's authority to operate this device. The information in this guide may change without notice. The manufacturer assumes no responsibility for any errors that may appear in this guide.

Date Rev. Part No.

Comments

February 2002 B 15.00.032 Manual style updates. Kernel v2.01 enhancements


15.00.032 Rev. B Page v

Declaration of Conformity

(according to ISO/IEC Guide 22 and EN 45014)

Manufacturer’s Name & Address: Lightwave Communications, 100 Washington Street, Milford, CT 06460 USA

Declares that the following product:

Product Name & Model: Secure Console Server 1620 (SCS1620) Conforms to the following standards or other normative documents:

Safety: EN60950: 1992+A1, A2, A3, A4, A11

Electromagnetic Emissions: EN55022 Class A: 1998 (CISPR 22, Class A: 1993, A1: 1995, A2: 1996)

EN 1000-3-2/A14: 2000 EN 10003-3: 1994

Electromagnetic Immunity:

EN55024: 1998 Information Technology Equipment-Immunity Characteristics: EN61000-4-2: 1995 Electro-Static Discharge Test EN61000-4-3: 1996 Radiated Immunity Field Test EN61000-4-4: 1995 Electrical Fast Transient Test EN61000-4-5: 1995 Power Supply Surge Test EN61000-4-6: 1996 Conducted Immunity Test EN61000-4-8: 1993 Magnetic Field Test EN61000-4-11: 1994 Voltage Dips & Interrupts Test

Supplementary Information:

This Class A digital apparatus complies with Canadian ICES-003 (CSA) and has been verified as being compliant within the Class A limits of the FCC Radio Frequency Device Rules (FCC Title 47, Part 15, Subpart B CLASS A), measured to CISPR 22: 1993 limits and methods of measurement of Radio Disturbance Characteristics of Information Technology Equipment. This product also complies with the requirements of the Low Voltage Directive 72/23/EEC and the EMC Directive 89/336/EEC. This product carries the CE mark since it has been tested and found compliant with the following standards:

Safety: EN 60950 Emissions: EN 55022 Class A Immunity: EN 55024


Page vi www.lightwavecom.com

Table of Contents 1.0 System Description .........................................................................................9

1.1 System Features ..........................................................................................9 1.2 Hardware Features ....................................................................................10

2.0 System Overview...........................................................................................11 2.1 Typical Use ................................................................................................11 2.2 System Components..................................................................................11 2.3 Access Control...........................................................................................11 2.4 Connection Formats ..................................................................................11

2.4.1 Serial...................................................................................................11 2.4.2 Network..............................................................................................11 2.4.3 Modem...............................................................................................12 2.4.4 Power Manager ..................................................................................12

2.5 Device Port Buffer .....................................................................................12 2.6 System Resource Information ....................................................................12

3.0 Installation .....................................................................................................13 3.1 Physical Installation....................................................................................13 3.2 Power.........................................................................................................13

3.2.1 AC Input .............................................................................................13 3.2.2 DC Input .............................................................................................14

3.3 Connecting a Terminal (Console) ..............................................................14 3.4 Connecting to the Device Port ..................................................................15 3.5 Connecting the Network Port ...................................................................16 3.6 Connecting the Modem Port.....................................................................16 3.7 Power Manager Port..................................................................................17

4.0 Quick Start Set-up.........................................................................................18 4.1 Method #1 - Using Front Panel Display.....................................................18 4.2 Method #2 - Quick Start via Telnet ...........................................................20


15.00.032 Rev. B Page vii

5.0 SCS1620 Administration ...............................................................................21 5.1 System Administrator Functions................................................................21

5.1.1 Log In as System Administrator..........................................................21 5.1.2 Logging Out .......................................................................................22

5.2 Security and Passwords .............................................................................22 5.2.1 Change the sysadmin password.........................................................22 5.2.2 Change the root password.................................................................22

5.3 The setup User Interface..........................................................................23 Auto-Run of setup on Initial Startup ...............................................................23 Manually using setup ......................................................................................24 5.3.1 Start of setup Script..........................................................................26 5.3.2 Configure Hostname and IP ...............................................................27 5.3.3 Configure Timezone...........................................................................31 5.3.4 Configure DNS ...................................................................................32 5.3.5 Configure Services..............................................................................35 5.3.6 Configure Modem..............................................................................37 5.3.7 PPP, and CHAP or PAP ......................................................................41 5.3.8 Configure NIS.....................................................................................44 5.3.9 Configure LDAP..................................................................................46 5.3.10 Configure the Firewall ........................................................................48 5.3.11 Done...................................................................................................53

5.4 SAVE..........................................................................................................56 5.4 Reboot.......................................................................................................57

6.0 Commands ....................................................................................................58 6.1 Summary of Commands ............................................................................58

6.1.1 SAVE Command .................................................................................58 6.1.2 reboot Command.............................................................................59 6.1.3 poweroff Command.........................................................................59

6.2 System Commands ....................................................................................60 6.3 Device Commands.....................................................................................65 6.4 Creating and Managing Users...................................................................67 6.5 End User commands..................................................................................71

6.5.1 User Log In .........................................................................................71 6.5.2 Escape Sequence ...............................................................................72 6.5.3 Break Sequence..................................................................................72

7.0 Modem Setup ...............................................................................................73 7.1 Installing a Modem Card ...........................................................................73 7.2 Modem Initialization ..................................................................................74

8.0 User Access and Functions............................................................................75 8.1 Terminal Port .............................................................................................75 8.2 Network Port .............................................................................................75 8.3 Modem Module.........................................................................................75 8.4 Selecting a Device Port .............................................................................76 8.5 Direct Mode ..............................................................................................76


Page viii www.lightwavecom.com

Appendix A – Terminal Port and Adapter Pinouts ..................................................78 Appendix B – Flash Update Procedure....................................................................84

B.1 Updating the SCS1620 Software...............................................................84 B.1.1 Software Download............................................................................84

B.2 Flash Replacement Procedure...................................................................84 Appendix C – System Specifications........................................................................87

C.1 Physical ......................................................................................................87 C.2 Environmental............................................................................................87 C.3 Electrical ....................................................................................................87

C.3.1 AC Power ...........................................................................................87 C.3.2 DC Power ...........................................................................................88

C.4 Interface.....................................................................................................88 C.4.1 Terminal and Device...........................................................................88 C.4.2 Network..............................................................................................88 C.4.3 Modem...............................................................................................88 C.4.4 Power Manager ..................................................................................88

C.5 Compliance and Certification ....................................................................89 Appendix D – DC Power Specifications...................................................................90

D.1 DC Power Source ......................................................................................90 D.2 Overcurrent Protection..............................................................................90 D.3 DC Supply Connector................................................................................90

Appendix E – Hexadecimal ASCII Code ..................................................................91 Appendix F – Some UNIX Command Help..............................................................93

F.1 less command............................................................................................93 F.2 vi Editor commands...................................................................................95

F.2.1 Using vi ...............................................................................................95 F.2.2 vi Modes .............................................................................................95 F.2.3 Using vi in Command mode ...............................................................96 F.2.4 Closing a file opened in vi ..................................................................96


15.00.032 Rev. B

1.0 System Description The Lightwave Secure Console Server 1620 (SCS1620) is a fully customizable console server offering secure encryption and authentication. The SCS1620 is a compact solution for remote and local management of up to 16 devices with RS-232C compatible serial consoles.

1.1 System Features • Connect up to sixteen (16) RS-232 serial consoles • 10/100-baseT IP network compatible • ID / Password Security, configurable access rights • OpenSSH version 2 security • Open LDAP • NIS capable for remote database rights • Modem support for PPP (PAP or CHAP) and Callback • No unintentional break will ever be sent to attached servers • Local access through TERMINAL port (the 1620's Console port) • Support for Lightwave PCU8 Power Control Unit • Field upgradeable Flash memory

MODEM Module (optional)

RS-232 DEVICE Ports (1-16)

TERMINAL (RS-232) Port

POWER MANAGER Port (to PCU8)

10/100 NETWORK Port

Redundant Power Inputs (AC shown; 48VDC available)

Two-line LCD Display

Front Panel Setup Switches


www.lightwavecom.com

1.2 Hardware Features • 1RU tall (1.75 inches) rack-mountable Server • One (1) 10/100 baseT Network Port for connection to your IP network • Sixteen (16) serial DEVICE ports, RS232, connected via Category 5

(RJ45) wiring • One (1) serial TERMINAL port, for VT100 console or PC with emulation • One (1) POWER MANAGER port, DB9F serial interface, for Lightwave

PCU8 Power Control Unit • Optional: One (1) Modem Module, for analog Dial-Up connections • 256KB-per-port Buffer Memory for DEVICE ports • Front Panel 2-line backlit LCD display and pushbutton controls • 128MB FLASH Memory, 128MB RAM • Redundant Power Inputs • Power Options: Universal AC (100-240V) or -48VDC • Convection cooled, silent operation, low power consumption


15.00.032 Rev. B

2.0 System Overview

2.1 Typical Use The SCS1620 is often used to manage up to 16 serial devices (servers, routers, switches, etc.) where security is mandatory. Each attached device must have an RS-232C compatible serial console port. A User accesses the attached servers with keyboard commands from their local terminal, through a network connection, or through a dial-up connection.

2.2 System Components All system components are enclosed in a rack-mountable metal chassis. Each chassis has 16 DEVICE ports, one TERMINAL port, and one NETWORK port. An optional MODEM module is available and can be added at any time. Power supplies are factory-installed, and may be either for universal AC operation, or for –48 VDC operation. The SCS1620 front panel features an LCD display and pushbuttons for access to some system information.

2.3 Access Control Access to attached servers is controlled by assigning access rights to system user profiles. Each user profile is assigned an ID, a password, and access rights. Users must have a user profile to access any of the attached devices. The System Administrator determines and configures the profile settings of the SCS1620. Other access options may include externally-configured authentication methods using NIS, OpenLDAP, or other OS-based methods.

2.4 Connection Formats

2.4.1 Serial All devices attached to both the device ports and the terminal port must support the RS-232C standard. Category 5 cabling with RJ45 connections is used for the Device port connections and for the Terminal Port. Device ports (numbered 1 through 16) can be individually configured as DTE or DCE devices, and support seven (7) baud rate options of 2400, 4800, 9600, 19200, 38400, 57600 and 115200 baud.

2.4.2 Network The SCS1620 network interface is a 10/100 BaseT connector, for use with a conventional TCP/IP network using standard RJ45-terminated Category 5 cables. The network parameters must be configured by the system administrator before the Console Server may be accessed over the network.



2.4.3 Modem The optional Modem module connects to a conventional telephone line using standard RJ11 modular telephone cable. The analog modem on the card connects at speeds up to 38,400 baud. The Modem is required for any PPP features. With the Modem installed, the SCS1620 supports:

• Plain Text TTY • PPP connection, with PAP or CHAP authentication • Callback connection

2.4.4 Power Manager The POWER MANAGER port is provided for connection to Lightwave's Power Control Unit, the PCU8. This serial interface uses a DB9 female connector. The Power Manager port is configured as Port 17, and is similar to the DEVICE ports.

2.5 Device Port Buffer Each device port stores 256 KB (approximately 400 screens) of I/O data in a FIFO buffer. This data may be viewed while the user is not directly interacting with the attached device.

2.6 System Resource Information The SCS1620 is programmable using OS-level commands and options. The System Administrator (sysadmin) configures the product using a command-line interface or one of several prepared scripts, using UNIX / Linux commands. There are numerous resources on the Internet (and elsewhere) providing information about security options, programming tools and techniques and configuration advice. A few of the Internet sites are listed below.

• SSH info: www.openSSH.org • RFC's (the standards and details behind the Internet): www.rfc-editor.org • RFC1700; assigned numbers: www.faqs.org/rfcs/rfc1700.html • PuTTY, a free Win32 Telnet/SSH Client (recommended):

http://www.chiark.greenend.org.uk/~sgtatham/putty/ • Security: www.bastille-linux.org • An online manual on Linux security:

http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/

The following sites have more information about Linux (from basic to advanced):

• www.kernel.org • www.linuxdoc.org • www.linuxlinks.com

http://www.openssh.org/

http://www.rfc-editor.org/

http://www.chiark.greenend.org.uk/~sgtatham/putty/

http://www.bastille-linux.org/



http://www.kernel.org/

http://www.linuxdoc.org/

http://www.linuxlinks.com/


15.00.032 Rev. B

3.0 Installation The SCS1620 uses convection cooling to dissipate excess heat. Be careful to not block the air vents on the sides of the unit. If mounted in an enclosed rack, it is recommended that the rack have a ventilation fan to provide adequate airflow through the unit.

3.1 Physical Installation The SCS1620 may be installed either in an EIA-standard 19-inch rack (1U tall) or as a desktop unit. For desktop use, four rubber feet are provided, and the rack mount brackets may be removed.

3.2 Power The SCS1620 consumes less than 20W of electrical power. The SCS1620 is available as AC-powered models or DC-powered models, and offers redundant input power connections.

3.2.1 AC Input The AC version of the SCS1620 uses two universal auto-switching AC power supplies for redundant operation. The power supplies accept AC input voltage between 100-240 VAC with a frequency between 50/60 Hz. The system is fully functional on either supply. The supplies are individually switched and fused, and the AC inputs are isolated except for chassis ground.

AC power inputs and power switches on rear of SCS1620 chassis



3.2.2 DC Input The DC version of the SCS1620 accepts standard –48 VDC telco power. The SCS1620 accepts two DC power inputs for supply redundancy. The DC power Wago connectors are provided with the DC-powered systems, and the connectors are also available separately from Lightwave.

See Appendix D for specifications regarding the DC power source.

3.3 Connecting a Terminal (Console) The TERMINAL port (a Console port) is used for local access to the SCS1620 and the attached devices. A dumb terminal or computer may be attached to the serial port if the port uses RS-232-C protocol and VT100 emulation is supported.

Inserting a serial Console cable in the TERMINAL port


15.00.032 Rev. B

The default communication parameters for the TERMINAL port are: • 9600 baud, • 8 data bits, • 1 stop bit, • No parity, • Xon/Xoff flow control, and • port type of DCE.

Adapters from Lightwave Communications may be used to connect the TERMINAL port to the serial port on your console or other DTE device. See Appendix A for adapter and port pinouts. 1. Attach the Lightwave adapter to your console (use PN 200.0066 Adapter

in most cases) or your PC's serial port (use PN 200.0070 Adapter). 2. Connect the Cat 5 cable to the adapter. Connect the other end to the

SCS1620 TERMINAL port. 3. Turn on the terminal or start your computer’s communication program.

3.4 Connecting to the Device Port Any serial device that has a console port may be connected to the SCS1620 for consolidated remote administration. Device Ports are individually configurable (DEVICE_1 through DEVICE_16). The console port must support the RS-232-C interface. Additionally, many servers must either have the serial port enabled as a console, or must have the keyboard and mouse detached. Consult the server hardware and/or software documentation for more information.

Connections on Rear of SCS1620, Device Ports in center The default communication parameters for the Device ports are:

• 9600 baud, • 8 data bits, • 1 stop bit, • No parity, • Xon/Xoff flow control, and • port type of DCE.

Modem Module

Serial Device ports

Terminal port

Power Manager (PCU8) port

10/100 Network port



The DEVICE ports can be configured for baud rates of 2400 - 115.2K baud, and as DTE or DCE. The data word must be 8/none/1 and employ Xon / Xoff flow control.

3.5 Connecting the Network Port The SCS1620’s network port (10/100 BaseT) allows remote access to the attached devices and the system administrative functions. The network parameters for the network port must first be set up before the SCS1620 may be reached remotely. See Section 4 for a Quick Start for setting up your Network Port. Also refer to the setupsetupsetupsetup command in Section 5.3 for additional network configuration.

3.6 Connecting the Modem Port An optional modem module is available for the SCS1620. The modem may be installed at the factory or can be ordered separately for later installation.

SCS1620 modem module The SCS1620 modem is an analog modem supporting connection rates up to 38,400 baud. The modem has a single RJ11-type analog telephone jack plus five status LEDs. The user interface to the modem is identical to that found on the terminal port or the network port. The Modem is configured as Device Port 19. The default communication parameters for the MODEM port are:

• 38400 baud, • 8 data bits, • 1 stop bit, • No parity, and • RTS/CTS flow control.


15.00.032 Rev. B

The Modem is initially set up using the setupsetupsetupsetup program (see Section 5.3) of the system. Refer to Section 7 for Modem Installation instructions, if installing a modem into a working SCS1620 system.

3.7 Power Manager Port The Power Manager port is configured as Device Port 17, and operates like the other DEVICE ports, except that its physical interface is a DB9F serial connector. The Power Manager port is intended for the Lightwave PCU8 Power Control Unit. The default communication parameters for the POWER MANAGER port are:

• 9600 baud, • 8 data bits, • 1 stop bit, • No parity, • Xon/Xoff flow control, and • port type of DTE.

The Power Manager Port, like the DEVICE ports, can be configured for baud rates of 2400 - 115.2K baud, and DTE or DCE. The data word must be 8/none/1 and employ Xon / Xoff flow control.



4.0 Quick Start Set-up Out of the box, the IP network port identity is set to a generic default value. Quick Start gets your IP network port up and running quickly, so you may administer the SCS1620 using your network. Be sure to address the Security issues first when administering the system. Quick Start assumes the system is plugged in and turned on, and that you know the IP address that the SCS1620 must be set to in order to operate on your network, and that you are ready to connect to your network port. There are two methods to Quick Start the network connections:

• you may use the front panel display and buttons, or • you may use your existing IP network

4.1 Method #1 - Using Front Panel Display The front panel display and pushbuttons can be used to set up the basic network interface, which will allow the sysadmin to access the SCS1620 using your existing IP network.

Front Panel LCD Display and Pushbuttons The front panel display initially shows SCS1620 (the server name) and the date and time. Using the five pushbuttons, the sysadmin can change the IP settings, Time features and Terminal settings. The front panel display will time out (without accepting any unsaved changes) and return to 'date and time' if no buttons are pressed for 30 seconds. After changing the values for your network, the port will restart (the front panel display will indicate 'restarting'), after which the network connection is active. Use the front panel buttons to set up the basic network parameters. There is one 'SELECT' button and four arrow buttons (Up, Left, Right and Down). The front panel can change the IP Address, Subnet Mask, Gateway and DNS settings; Date/Time and Time Zone features; and Terminal (Console) port baud rate settings.


15.00.032 Rev. B

Use the arrow buttons to navigate from one option to another, or to increment or decrement a numerical entry of the selected feature. Use SELECT to enter the Edit mode of a chosen step, or to advance to the next step when editing.

1. To CHANGE the settings, press RIGHT ARROW to enter the display programming mode, and to scroll between the available options (press button again for additional steps). Have your information handy since the display will time out if you take more than 30 seconds between entries. Options include:

o Network Settings o Terminal Settings o Release Date o Time/Date Settings o return to normal display

In this case, stop scrolling at the Network Settings display. Normal Network Terminal Release Dates Time / Date Settings >

IP Setting Settings System Time Zone

Subnet Mask LCD Calendar

Gateway

DNS1

DNS2

2. When the display shows the feature that you wish to edit, press the

SELECT key to enter the editing mode. The display will show "Editing Network Settings" (or other feature if chosen).

3. A cursor appears under one character of the existing IP address setting. • Use the left or right arrows to move the cursor to the left or to the right

position. Use the Up and Down arrows to increment or decrement the numerical value. Your new values will be 'saved' later.

• Note: You must change both the IP Address and the Subnet Mask together for a valid IP address combination.

3. Again, use the left or right arrows to move the cursor to the left or to the right position. Use the Up and Down arrows to increment or decrement the numerical value. Press SELECT to choose the remaining options to edit.

4. When done, press the DOWN ARROW key again to 'Save Changes?', followed by a Yes/No prompt. Use the arrow keys to choose Yes, and press SELECT to save the changes. • When you are done, the front panel returns to the Clock display. • The Network Port will reset to the new settings, and can then connect

to your IP network for further administration.



• If you take longer than 30 seconds between entries, the SCS1620 will time out and exit; any of your unsaved changes will be ignored.

5. To REVIEW the saved settings, simply press the UP or DOWN arrows to step through the current settings.

4.2 Method #2 - Quick Start via Telnet Assuming you have a functioning IP network, and you know your workstation's IP address, you can access the SCS1620 via telnet commands. If you add a route to your workstation, you can use telnet to connect to the SCS1620, instead of the Terminal Port. The default IP address of the SCS1620 is 10.0.0.1, with a subnet mask of 255.0.0.0.

• For Windows 9x, from the DOS / command prompt, type: route add 10.0.0.1 mask 255.0.0.0 <your workstation's IP address> route add 10.0.0.1 mask 255.0.0.0 <your workstation's IP address> route add 10.0.0.1 mask 255.0.0.0 <your workstation's IP address> route add 10.0.0.1 mask 255.0.0.0 <your workstation's IP address> <enter><enter><enter><enter>

• For Linux / Unix, type:

route add 10.0.0.1 gw <your workstation's IP address> <enter>route add 10.0.0.1 gw <your workstation's IP address> <enter>route add 10.0.0.1 gw <your workstation's IP address> <enter>route add 10.0.0.1 gw <your workstation's IP address> <enter>

Then, from your command line, type: telnet 10.0.0.1 <enter>telnet 10.0.0.1 <enter>telnet 10.0.0.1 <enter>telnet 10.0.0.1 <enter> to access the SCS1620.


15.00.032 Rev. B

5.0 SCS1620 Administration This section outlines the administration functions and commands, accessed using a command-line interface. The administration functions and commands enable the administrator to configure the SCS1620 to suit the application, including user IDs, devices, and terminal and access rights. Note: Commands and entries are case-sensitive in the SCS1620. Some system commands display the syntax options when accessing the command. Many OS-related functions are described in the online MAN pages, accessible using the HELP screens of the system. Examples of most commands are provided below. All system commands require the <ENTER> key to respond, and are case-sensitive.

5.1 System Administrator Functions When the SCS1620 is first installed and powered up, it must be configured to operate with your network. Connect the terminal port to a terminal device or computer using a terminal emulation program (refer to section 3.4 for instructions on connecting to the terminal port). The serial terminal will display the following text after power-up: SCS1620 SCS1620 login:

5.1.1 Log In as System Administrator You are prompted for a user name. The 'sysadmin' is a predefined user with special system privileges. Some commands are only accessible to the System Administrator. Type 'sysadmin' to log in for System Administration purposes. SCS1620 login: sysadmin

You are prompted for the Password. The characters for the password are NOT acknowledged on-screen. The default password is 'PASS'. SCS1620 login: sysadmin Password: sysadmin>



5.1.2 Logging Out To log out from a session, enter the command logoutlogoutlogoutlogout. If logging out from a network session, the Console Server will disconnect the telnet session. If logging out from a direct serial session, the SCS1620 returns to the login:login:login:login: prompt. When you are done with any programming changes, you should always log out.

5.2 Security and Passwords The SCS1620 uses Linux / UNIX commands to administer the system. The System Administrator (sysadmin) and the Users access the system using a shell interface, which limits what the user or sysadmin will affect in the operating system. Those that are familiar with Linux realize that there are numerous commands and files that are not discussed in this manual (intentionally). Some of the SCS1620's options (e.g., ssh, LDAP) interact with operating system directly. The shell is designed to offer the appropriate level of administration while maintaining the integrity of the system. This can be defeated if the sysadmin does not protect the system by changing the passwords upon installation. The system's default values are configured to minimize security issues, however, as features are turned on by the sysadmin, more potential security holes open up. The sysadmin programming level is as close to 'root' as is required to administer the SCS1620, but it is not the most-senior root level. The root level is intentionally removed from the shell, however, it exists in the system and its password must be changed to protect from unauthorized access or changes. Note: There are no 'back door' passwords. You can lock the system down and prevent programming access if you misplace your passwords. If you forgot the passwords you entered, the system FLASH must be replaced. One interesting, relevant article (of many) on Linux Security can be found at: http://linux.com/interact/newsitem.phtml?sid=82&aid=6326.

5.2.1 Change the sysadmin password The System Administrator must change the password for the sysadmin level before it is connected to a network or accessible from 'the outside world'.

5.2.2 Change the root password The System Administrator must change the password for the root level. Although root access is not required by the sysadmin or the users, it is accessible by the sysadmin and can be accessed using ssh. This is especially important if ssh is enabled since ssh can offer the ability for root-level access by a remote system (depending on sysadmin settings).

http://linux.com/interact/newsitem.phtml?sid=82&aid=6326


15.00.032 Rev. B

5.3 The setupsetupsetupsetup User Interface Note: The following example screens were captured using PuTTY (visit http://www.chiark.greenend.org.uk/~sgtatham/putty/ for more information) on a Windows 2000 PC. Many other terminal emulation packages can also be used. Programs such as Hyperterminal are included with the Windows operating system, and commercial packages may also be used, if desired.

Auto-Run of setupsetupsetupsetup on Initial Startup The scripted programming session (setupsetupsetupsetup) automatically runs when the System Administrator logs into the SCS1620 for the first time. It is a text-based user interface, and requires VT100 terminal support using the keyboard (no mouse).

At default values, SSH is not enabled (encryption keys have not been generated) so telnet is often used to initially access and configure the SCS1620. The Text User Interface is also accessible at any time thereafter by running the command setupsetupsetupsetup from the sysadmin command line. The initial automatic invocation of the setup script helps the user set up the majority of the system functions when it is first installed. It also SAVES the programming changes to non-volatile memory to ensure that the desired changes are maintained. Upon completion of this automated script file, the SCS1620 will automatically reboot to ensure that all processes will be updated.

http://www.chiark.greenend.org.uk/~sgtatham/putty/



Manually using setupsetupsetupsetup The setupsetupsetupsetup command is automatically run to initially configure the SCS1620; it may be run manually at any time thereafter. If using the setupsetupsetupsetup command, you will see the following display on your VT100 terminal (this session screen was generated using SSH login, which shows a slightly different prompt before logging in):

Only one sysadmin can log in to the setupsetupsetupsetup command at one time. Hopefully, there are a very small number of persons (preferably only one or two) with sysadmin account access.


15.00.032 Rev. B

If more than one sysadmin logs into setup at a time, the latter will get the following message:

The setup screen is shown after successfully reaching the setup mode. The experienced Linux user may also directly edit any parameter they choose. The setup screen is put in place to guide all users through the initial setup of system features, and it is recommended that you use this script to get started.



5.3.1 Start of setupsetupsetupsetup Script The following display is shown when the setupsetupsetupsetup program starts, whether automatically (from the first time the sysadmin logs in) or if the sysadmin typed setupsetupsetupsetup after logging in.

Select < Next > (using Tab and Arrows) and press Enter to proceed. The script continues to the Menu List (shown on the next page), which includes 10 options and 'DONE'. The sysadmin can step through the menu using the arrow keys, or use a combination of arrow keys and the Tab key to select different options.

• If you choose No, the setupsetupsetupsetup program ends, and you return to the command prompt. No changes are made to the system.

• If you choose Yes, the setupsetupsetupsetup program steps through the various options, depending on other entries you will be prompted for. You can still

Select Yes or No (using the up and down arrows), then select Next (using Tab), and press Enter to proceed.


15.00.032 Rev. B

5.3.2 Configure Hostname and IP Configure Hostname, IP Address, Network Mask, LAN Router Address (Gateway), and NIS Domain

• Hostname including domain • IP Address (of the SCS1620) • Network Mask (of IP address) • Gateway (IP address of the Router of this network) • If using NIS, the NIS domain name

Select a menu item, and simply press Enter to proceed. In this example, we start at the top of the list, with Hostname and IP address.

Press Enter to proceed.



Type in a value for the Hostname.

Use < Back > at any time if you wish to go back one screen. Select < Next > (using Tab and Arrows) and press Enter to proceed. Note: The HOSTNAME appears as your command prompt when logged in to the system, and also appears on the front panel LCD display of the SCS1620. Type in a value; press Enter to proceed.


15.00.032 Rev. B

Enter the value for the Network Mask, in dot-quad notation; select < Next > (using Tab and Arrows) and press Enter to proceed.

Note: Do NOT use leading 0's in the numeric fields for numbers less than 100. For example, if your netmask is 255.255.255.28, do not enter "028" for the last segment. Enter the IP Address of your gateway .



Select < Next > (using Tab and Arrows) and press Enter to proceed. If you will be using NIS, enter a value for the NISDOMAIN; select < Next > (using Tab and Arrows) and press Enter to proceed.

You are returned to the setup program menu. You may select any menu option, or proceed with the next item, which in this case is Configure Timezone.


15.00.032 Rev. B

5.3.3 Configure Timezone

Configure Timezone, using TUC time parameters.

• Set the Local Timezone • For some Timezone entries, select the sub-entry for the Local Timezone




Select a value; then select < Next > and press Enter to proceed.

To go back one level in the Timezone script, select the ".." line from the top of the Timezone submenu. Select a value; then select < Next > and press Enter to proceed. You are returned to the setup program menu.

5.3.4 Configure DNS Note: If you choose to configure the DNS entry, you are required to complete at least the Primary DNS Nameserver field. If you cannot complete this entry at this time, enter an address of "0.0.0.0" for the Primary Nameserver which will be accepted although it is not a valid nameserver address, and must be corrected at a later time. Configure DNS servers

• IP Address for the Primary DNS nameserver (required entry, if any) • IP Address for the Secondary DNS nameserver (optional) • IP Address for the Tertiary DNS nameserver (optional)


15.00.032 Rev. B


Enter a value for the Primary Nameserver. This is a required entry. After your entry is correct, select < Next > and press Enter to proceed.



Enter a value for the Secondary Nameserver (if you have one). This is optional. After your entry is correct, select < Next > and press Enter to proceed.

Enter a value for the Tertiary Nameserver. This is optional; leave the line blank if unused. After your entry is correct, select < Next > and press Enter to proceed.


15.00.032 Rev. B

You are returned to the setup program menu.

5.3.5 Configure Services Configure Services (syslog, ssh and/or telnet)

• Enable syslog (system logging) -- yes / no • Enable System Logins using ssh -- yes / no • Enable System Logins using telnet -- yes / no

Press Enter to continue.



For System Logging, select Yes or No (using the arrows), then select Next (using Tab), and press Enter to proceed.

For SSH, select Yes or No (using the arrows), then select Next (using Tab), and press Enter.


15.00.032 Rev. B

For telnet, select Yes or No (using the arrows), then select Next (using Tab), and press Enter. You are returned to the setup program menu.

5.3.6 Configure Modem The Modem is optional in the SCS1620. Configure Modem, if one is installed

• Enable Modem Logins (to allow PPP and/or TTY) (no=exit) • Enable Modem TTY Logins? • Enable Modem TTY Modem Callbacks?

o Enter Callback Telephone Number, if YES above • Configure PPP? (no=exit)

o IP Address(es) (Local and Remote) for PPP Link • Enable CHAP for PPP Authentication?

If you do not enable the Modem, your system will skip past the setupsetupsetupsetup entries for CHAP secrets or PAP secrets, as they are related to operation of the modem. Steps related to TTY logins and Callback are also bypassed in this case.



This step assumes a positive response; press Enter to proceed.

Select Yes or No (using the arrows), then select Next (using Tab), and press Enter.


15.00.032 Rev. B


Enter the TTY Callback number. Press 'Esc' to end the editing mode.



Select Yes or No (using the arrows), then select Next (using Tab), and press Enter. If you choose No, this subroutine ends, and you return to the menu, and your menu choice will skip to Configure NIS since PPP features will be disabled.

Input your values for IP addresses, as required, then select Next (using Tab), and press Enter.


15.00.032 Rev. B

You are then prompted for CHAP or PAP Authentication. The SCS1620 supports either CHAP or PAP, but not both. PAP is the default authentication method.

5.3.7 PPP, and CHAP or PAP PPP Authentication: Either CHAP or PAP

• Required if PPP is enabled

o Enter CHAP Secrets information (if CHAP = yes) � Enter CHAP Secrets information as 4 separate fields,

separated by a space, consisting of CLIENT, SERVER, SECRET and IPADDRESS

o Enter PAP Secrets information (if CHAP = no) � Enter PAP Secrets information as 4 separate fields,

separated by a space, consisting of CLIENT, SERVER, SECRET and IPADDRESS



• If you select No, you will be directed to the PAP secrets steps. • If you select Yes, you will be directed to the CHAP secrets steps.


This is a text fill-in field for the sysadmin, for CHAP secrets.


15.00.032 Rev. B

You will enter the CHAP Secrets information as 4 separate fields, separated by a space, consisting of CLIENT, SERVER, SECRET and IPADDRESS. Follow the prompts on-screen for the four required fields for each secrets entry. Enter a value for a field (printable characters) separated by a space, then the next field, space, next field, space, field. Press <ESC> when done, then select < Next > and Enter to proceed. PAP Secrets Or, PAP Secrets instead of CHAP secrets (if CHAP was not selected previously):

This is a text fill-in field for the sysadmin, for PAP secrets. You will enter the PAP Secrets information as 4 separate fields, separated by a space, consisting of CLIENT, SERVER, SECRET and IPADDRESS. Follow the prompts on-screen for the four required fields for each secrets entry. Enter a value for a field (printable characters) separated by a space, then the next field, space, next field, space, field. Press <ESC> when done, then select < Next > and Enter to proceed.



5.3.8 Configure NIS Configure NIS

• Enable NIS Authentication? (no=exit) • Enter IP Address of NIS Server



15.00.032 Rev. B


Enter the value for the NIS server, then select Next (using Tab), and press Enter.



5.3.9 Configure LDAP

Configure LDAP • Enable LDAP (version 2) Authentication? (no=exit) • Enter IP Address of LDAP Server • Input value for the LDAP Base

Press enter to continue.


15.00.032 Rev. B

Select Yes or No (using the arrows), then select Next (using Tab), and press Enter. Enter the IP address of the LDAP server, select Next (using Tab), press Enter.



Enter the LDAP base information in the answer field, then select Next (using Tab), and press Enter. If your entry was improper, you'll get a warning statement:

5.3.10 Configure the Firewall Configure the Firewall

• Enable the Firewall? (no = exit) • DENY for Ignore Connection Attempts (sends no response);

REJECT to return "Connection Rejected" for connection attempts • INVISIBLE TO PING? • TCP_PUBLIC_SERVICES

o ssh o discard o https o ftp o ftp-data o telnet

• UDP_PUBLIC SERVICES o ntp


15.00.032 Rev. B


Select Yes or No (using the arrows), then select Next (using Tab), and press Enter. If you choose No, this subroutine ends, and you return to the menu.



• Enter DENY to ignore and not respond to any connection attempts. • Enter REJECT to return a 'connection rejected' message to any

connection attempts. Then select Next (using Tab), and press Enter.


15.00.032 Rev. B


Enter the names of the TCP Public Services to be enabled (separated by a space). Any service previous enabled that is not listed here will then be disabled. Please note that this field does not 'remove' a service from the system, but merely turns it off. For utmost security, a feature (e.g., telnet) that is not needed should be removed from the system by the sysadmin, so that it cannot be hacked and enabled later. Select Next (using Tab), and press Enter.



Enter the names of the UDP Public Services to be enabled (separated by a space). Any service previous enabled that is not listed here will then be disabled. Please note that this does not 'remove' a service from the system, but merely turns it off. For utmost security, a feature (e.g., telnet) that is not needed should be removed from the system by the sysadmin, so that it cannot be hacked and enabled later. Select Next (using Tab), and press Enter. This will return you to the setup program menu.


15.00.032 Rev. B

5.3.11 Done Upon completion of the previous programming options, you must save the values in order to commit them to memory and enable the changes. Likewise, you can exit the setup program without making any changes at this time. Save the changes that you have made?

o YES = commit and save all changes o No = discard any marked changes.



Press Enter to continue. Select Yes or No (using the arrows), then select Next (using Tab), and press Enter. If you select Yes, the system will commit the changes to memory (same as performing a 'SAVE' but without requiring the sysadmin to use SAVE).


15.00.032 Rev. B

The system then writes and properly stores the files. Depending on the features and options you have selected (especially Firewall options), this can take several minutes. Please be patient.



Note: A 'FAILED' process is not necessarily a problem; this indicates that a particular process was not running and therefore could not be stopped. This would be normal if the indicated feature had been otherwise disabled. The setup program is complete. You are returned to the sysadmin> prompt. The sysadmin may still need to SAVE the changes, and / or reboot in some cases.

5.4 SAVE The SCS1620 will automatically save the programmed parameters after running the setup script for the first time only. The sysadmin MUST run the SAVE script after any programming changes, if the changes are to be maintained in the non-volatile memory. System changes that are not SAVEd will be maintained by the RAMdisk as long as the system remains powered up and operational. To record these files in the regular file system, the system must have a SAVE operation performed. SAVE places the files into the non-volatile system memory. The reboot and the poweroff commands check for unsaved data before executing their commands, just in case.


15.00.032 Rev. B

5.4 Reboot The SCS1620 will automatically reboot after running the setup script for the first time only. Reboot may be manually run if required. If file changes are not yet saved into non-volatile memory, the Reboot operation includes a prompt, allowing you to SAVE the files if desired.

SAVE can be run at any time, even after a reboot (as shown above) All other setupsetupsetupsetup script sessions (started using setup from the sysadmin prompt) require that the sysadmin type in reboot to cause the system to rebootrebootrebootreboot (if required). You should reboot to be certain to make all configuration changes.



6.0 Commands

6.1 Summary of Commands A summary of the SCS1620 Commands is provided below. Some commands are accessible only to sysadmin, while others are accessible to all defined Users. sysadmin User Command Purpose

x adduser Add a User x x alias List command aliases x x cat Display the history buffer for a port x x clear Clear port buffer x deluser Delete a User x x direct Enter direct mode x dtedce Configure the Device Port type x x editbrk Edit User 'send break' sequence x editdev Edit Device Settings x x editesc Edit User direct mode 'escape' sequence x x edituser Edit User Settings x x exit Deselect a port x x help Display Help x x info Show system information x x less Browse history buffer x x listdev List device names x x listen Listen to a port x listusers List Users x x logout Logout x x man Display online manual pages x x passwd Set User password x poweroff Power-off (shut down) the SCS1620 x reboot Reboot the SCS1620 x SAVE Commit (save) programming changes x x select Select a port x x scp Secure copy x setup Use to initially Configure the SCS1620 x x sftp Secure ftp x x ssh Establish a SSH connection x x ssh keygen Generate SSH keys x x telnet Use telnet x x timeout Set the Timeout timers x x version Show version information

6.1.1 SAVESAVESAVESAVE Command

The SCS1620 is a software based system that operates using both RAM and FLASH memory to function. Any programming changes are temporarily stored in


15.00.032 Rev. B

RAM until they are actually 'saved' into the FLASH memory. If the data changes are not 'saved' using SAVESAVESAVESAVE, it is possible that your changes will be lost. NOTE: The sysadmin should run SAVESAVESAVESAVE any time that the system configuration has been changed. This includes user password changes, any command-line system administration changes, and any automated setup program changes. It is also advisable that the sysadmin run SAVESAVESAVESAVE before shutting the system off or before rebooting the system. SAVESAVESAVESAVE is not required the very first time that the system is setup (using the automated setup script). In this instance, the system will automatically run the setup program, and then automatically store the files properly and then reboots upon completion of the program.

6.1.2 rebootrebootrebootreboot Command The SCS1620 can be rebooted at any time using the command rebootrebootrebootreboot. The system will reset, all users will be disconnected, and the power-on self-test will run. Only the system administrator may issue the rebootrebootrebootreboot command.

sysadmin>rebootBroadcast message from root (ttyM17) Tue Oct 2 14:24:49 2001...The system is going down for reboot NOW !!

System Reboot is delayed by one minute from the time the command is entered. Note that any active network sessions will disconnect while the system reboots, and no network sessions can be established while the system reboots.

6.1.3 poweroffpoweroffpoweroffpoweroff Command You must use the poweroffpoweroffpoweroffpoweroff command to shut the system off. This allows the system to properly close any open files, and gracefully exit and shut down. If the system was turned off without using the poweroffpoweroffpoweroffpoweroff command (including power failure), it will require some extra self-checks and start-up time the next time it is booted up.

sysadmin>poweroffBroadcast message from root (ttyM17) Tue Oct 2 14:27:12 2001...The system is going down for system halt NOW !!

After typing the poweroffpoweroffpoweroffpoweroff command, it may take up to two minutes for the system to close all files and prepare to be shut off. Turn both power supply switches off after the front panel display says "OK to power off".



6.2 System Commands The following commands are used to set up the system. All commands are case-sensitive.

setup The setup routine will automatically run the very first time the sysadmin logs into the system. The setupsetupsetupsetup program will step the sysadmin through a majority of the configuration options for the system. The setup command will help the sysadmin configure the system and address most of the system options. The setup command does not configure devices or users. The setupsetupsetupsetup program can be invoked at any time after the initial running of the system, in order to change system settings or parameters. The sysadmin must always remember to use SAVESAVESAVESAVE if manually running the setup program. Refer to Section 5.3 for the steps found in the setup program.

passwd At the first login, the SCS1620 will use the factory default password, PASSPASSPASSPASS (all upper case). This default password should be changed as soon as possible to prevent access by anyone other than authorized personnel. sysadmin>passwd Changing password for sysadmin (current) UNIX password: New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully To change the sys admin factory default password, type passwdpasswdpasswdpasswd (all lower case) at the sysadmin> prompt. The new password must be 6 or more alphanumeric characters, and is case-sensitive. The sysadmin must also change the root password.

Changing the root password The root user is a special user with privileges that allow them to change or modify anything in the operating system files. The root user has been removed from the SCS1620's shell, where this function is performed by the sysadmin. The root user is not used by the SCS1620, however some of the commands and functions of Linux / UNIX require root to exist, and others (e.g., ssh) can allow access to root (if so configured).


15.00.032 Rev. B

Since this powerful user exists in the system, it presents a security issue that must be addressed by changing the default password for root (which is root) to some other value, in order to secure your SCS1620. The sysadmin must loginloginloginlogin (as sysadmin) and then use bashbashbashbash to gain access to the root level password, use the passwdpasswdpasswdpasswd command, and enter a new root-level password.

man Use man <command name>man <command name>man <command name>man <command name> to search for a help file (online manual pages) or descriptive information for that Linux / UNIX command.

alias Use aliasaliasaliasalias to get a list of some of the system command aliases. sysadmin>alias Command aliases: dir - direct devl - listdevice sel - select ? - help ver - version lu - listusers devices - editdev dev - editdev

help The System Administrator may need to check the status of the system, or get help with a command. To access the help screens, login and then type ????, or helphelphelphelp to display the help page. Command-specific help is provided for some commands, when a command is followed by ' --------hhhh' (that is, space, dash, dash, the letter h). Some commands will offer help if the user entry is in an invalid format. Other commands use ' -h' (space, dash, letter h). Finally, some commands do not provide a help file. Note: Some system commands (e.g., poweroff, reboot) operate immediately and do not have a 'help' file using --help or -h. HELP SCREEN SCS1620 login: sysadmin Password: sysadmin>help



info The infoinfoinfoinfo command provides the shell version and the status of the Power Supply inputs. Both power supplies should display 'OK'. If a power supply is turned off or is providing no power, it will report power supply 'Failed' instead of 'OK'. sysadmin> sysadmin>info SCS1620 Shell V2.01 Power Supply A status: OK Power Supply B status: OK sysadmin> The 'A' supply power input module is to the left (looking from the rear of the chassis). The 'B' supply's power input is nearer to the modem slot.

version Use versionversionversionversion to determine the version of the shell. Use version version version version ----aaaa to get a display of the version of the system files including the shell. sysadmin>ver SCS1620 Shell V2.01 sysadmin> sysadmin>ver -a SAVE: SCS1620 save changes made to /etc files V1.02 break: SCS1620 disconnect a user from a port V1.02 ci: SCS1620 Shell V2.01 connections: SCS1620 show users in 'direct' mode V1.02 devices: SCS1620 modify device port settings V1.15 direct: SCS1620 direct mode V1.20 dtedce: SCS1620 serial port DTE/DCE configuration utility V1.13 edituser: SCS1620 edit user settings V1.12 lcd: SCS1620 front panel view/editing. V2.11 lciclear: SCS1620 clear buffer V1.06 lcistty: SCS1620 set serial characteristics V1.02 listen: SCS1620 listen mode V1.08 listend: SCS1620 listen daemon V1.09 lu: SCS1620 listuser utility V1.04 modem_reset: SCS1620 modem_reset V1.01 perms: SCS1620 test permissions V1.09 timeoutd: SCS1620 logout users who have exceeded the idle timeout. V1.65 EXAR-XR16L788 Device Driver-LCI Buffers version 1.14 SCS1620 release date: Fri Mar 1 17:58:03 2002 sysadmin>

scp Use scpscpscpscp to perform a secure copy, using ssh, between to hosts. The file copy is encrypted and is therefore secure. Refer to the man pages for scp for a description and command options.


15.00.032 Rev. B

sftp Use sftpsftpsftpsftp to perform a secure file transfer transaction, using ssh, between two servers. It is similar to ftp except that it is encrypted for security. Refer to the man pages for sftp for a description and command options.

ssh Use ssh to open up a secure shell connection between two hosts, to transfer files or data between the systems. In this case, the SCS1620 is a client device, and will be connected to an ssh host elsewhere. The security keys for ssh may need to be generated using ssh-keygen, depending on your application of ssh. Refer to the man pages for ssh for a description and command options.

ssh-keygen Use ssh-keygen to create the security keys for your client system to interact with an ssh host elsewhere. After the keys have been generated, the user can establish a secure shell connection using ssh over a network.

syslog The SCS1620 keeps a system log file called /var/log/syslog/var/log/syslog/var/log/syslog/var/log/syslog. The level of logging is controlled by the file /etc/syslog.conf/etc/syslog.conf/etc/syslog.conf/etc/syslog.conf. The SCS1620 can log the following:

• Warning level events: none • Notice level events: • device settings changed • begin and end direct mode • device buffer cleared • begin and end listen mode • begin and end bash shell • Info level events • user settings modified • user begin and end of 1620 command shell • device selected • device unselected (exit command) • device buffer examined (less or cat) • user becomes root

The SCS1620 comes set to log all warnings and higher events. The default file entry is *.warning*.warning*.warning*.warning, with lower level settings (a lower level generates more messages) in *.notice*.notice*.notice*.notice and ****.info.info.info.info (even more events).



To change the logging level: 1. login as sysadmin 2. enter bashbashbashbash 3. edit the file /etc/syslog.conf/etc/syslog.conf/etc/syslog.conf/etc/syslog.conf (vi /etc/syslog.conf) 4. restart the system logger by typing: service syslog restartservice syslog restartservice syslog restartservice syslog restart 5. type exitexitexitexit to return to the 1620 command shell

timeout When a user logs into the system, a timeout clock starts for that connection, which checks for continuous idle time on that connection. There are three separate timers in the system for the three possible methods of accessing the system (via Terminal or Console, via Network port connection, and via Modem using PPP). The system senses periods of 'no activity' on the connection, and the idle time exceeds the timeout duration, the session will be disconnected by the system. Use timeout timeout timeout timeout ----hhhh to get a help file for the timeout feature. Use timeout timeout timeout timeout ----c [value = 0, or 1c [value = 0, or 1c [value = 0, or 1c [value = 0, or 1----30]30]30]30] for the console timeout Use timeout timeout timeout timeout ----p [value = 0, or 1p [value = 0, or 1p [value = 0, or 1p [value = 0, or 1----30]30]30]30] for the PPP timeout Use timeout timeout timeout timeout ----t [value = 0, or 1t [value = 0, or 1t [value = 0, or 1t [value = 0, or 1----30]30]30]30] for the telnet (network) timeout Timeout may be disabled for any or all of the connection ports. The timeout duration may be from 1 to 30 minutes. Each time is approximate, and may be as much as 59 seconds longer than the programmed time (e.g., setting Timeout to 3 minutes can take from 3:00 to 3:59 minutes to occur. Setting a Timeout to 0 disables that timeout operation.

Typing timeouttimeouttimeouttimeout or timeout ?timeout ?timeout ?timeout ? will list the current timeout settings.


15.00.032 Rev. B

6.3 Device Commands Device port parameters must be defined by the administrator using the devicesdevicesdevicesdevices or editdeveditdeveditdeveditdev commands. sysadmin>devices 1 Enter accepts present value D1: Enter device name | NAME: DEVICE_01> D1: 0=2400 1=4800, 2=9600, 3=19200, 4=38400, 5=57600, 6=115200 | BAUD RATE: 9600> D1: 1=1, 2=2 | STOP BITS: 1> D1: 0=None, 1=Odd, 2=Even, 3=Mark, 4=Space | PARITY: NONE> D1: 6=6, 7=7, 8=8 | DATA BITS: 8> D1: 0=OFF, 1=DCE, 2=DTE | EQUIP PORT TYPE: DCE> D1: 0=XON/OFF, 1=RTS/CTS | FLOW CONTROL: XON/XOFF> D1: 0=No, 1=Yes | INHIBIT BUFFERING IN DIRECT: No>

devices Use devicesdevicesdevicesdevices to obtain a list of all options for all device ports.

editdev Use editdev editdev editdev editdev ----u <device number or name>u <device number or name>u <device number or name>u <device number or name> to edit and update the parameter settings of a device. Step through each device option; when done, the system prompts 'Are you sure?' before accepting the changes.

dtedce Use dtedcedtedcedtedcedtedce to configure the device ports as DTE or DCE, or to disable a device port. Use dtedcedtedcedtedcedtedce ----llll to list the port settings for all ports.

listdev A list of device port names and their corresponding port number may be displayed by using the listdev command. Programmable elements include: device name, baud rate, stop bits, parity, data bits, DCE/DTE, flow control and inhibit buffering in direct mode. Pressing <ENTER> accepts the parameter as is. If changes need to be made, each parameter may be edited as it comes up after each > prompt. The device name cannot contain a space. Seven (7) device baud rates are offered: 2400, 4800, 9600, 19200, 38400, 57600 and 115,200. Most devices use 9600 as the Console / Administration port's baud rate, so the device port defaults to this value. Check the equipment settings and documentation for the proper baud rate.



The format of the bit-wise transmission of data is determined by the stop bits, parity, and data bits parameters. The default settings are 1 stop bit, no parity, and 8 data bits. Check the equipment documentation for the proper settings. Each device port may be separately configured as either DCE or DTE. The DCE setting is used when connecting to a DTE device such as a computer. The DTE setting is used when connecting to a DCE device such as a managed switch. The device ports (1-16) are configured as DCE by default. The Power Manager port (port 17) is configured as a DTE. The device port flow control setting determines the method of flow control. The two most common settings are XON/XOFF (a.k.a. software) and RTS/CTS (a.k.a. hardware). The default setting for the device ports is XON/XOFF. Check the equipment documentation for the correct flow control setting. The INHIBIT DIRECT MODE setting allows the administrator to turn off port buffering while a user is connected to the device and is in direct mode. The device port buffer still collects data while not in direct mode when this setting is active. It may be desirable to disable direct mode buffering so sensitive data is not viewable by other users, but alert and panic messages from the attached device are still stored when nobody is connected. This setting is disabled by default, so buffer data is collected both in and out of direct mode.

cat Use cat <port name or number>cat <port name or number>cat <port name or number>cat <port name or number> to display the buffer information for that port.

clear Use clear <port name or number>clear <port name or number>clear <port name or number>clear <port name or number> to clear the buffer for that port.

less Use less <port name or number>less <port name or number>less <port name or number>less <port name or number> to browse the buffer for that port. When the buffer reaches the capacity of the screen, it pauses; the user can press the <spacebar> to continue the display. When the buffer reaches the end, it will display "END"; the user presses 'qqqq' to quit the less program and return to the command line.

logout Use logoutlogoutlogoutlogout to quit your session with the system.


15.00.032 Rev. B

6.4 Creating and Managing Users The following commands are performed by sysadmin to change settings for system Users. The sysadmin is also a User, although one that cannot be deleted. The administrator is prompted to define the device ports that the user will be allowed to access for direct connections. Ports can be administered:

• individually (e.g., 4) • as a range (e.g., 5-7) • as selective ports (e.g., 1,4,5,6,9,13) • combinations of the above (e.g., 1-8,11,14,16)

The ALLOW_CLEARALLOW_CLEARALLOW_CLEARALLOW_CLEAR option determines whether a user may use the clearclearclearclear command to delete all the data stored in a device port FIFO buffer. The administrator may want to inhibit this ability to preserve user accountability when accessing attached devices. Users are allowed to clear buffers by default. The ALLOW_DIRECTALLOW_DIRECTALLOW_DIRECTALLOW_DIRECT prompt determines which devices a user may select for direct access. The ALLOW_LISTENALLOW_LISTENALLOW_LISTENALLOW_LISTEN prompt determines which devices a user may select for listen mode. To edit or change parameters for the sysadmin, enter the command edituseredituseredituseredituser without a user name. This configures the parameters for the sysadmin. To edit or change parameters for a particular user after defining that user ID, use the edituser command. For example, if the user 'newuser' needed to have more concurrent login capabilities, the administrator would type edituser edituser edituser edituser newusernewusernewusernewuser on the command line. As each line comes up, change the settings and press <ENTER>, or press <ENTER> to accept the current setting. NOTE: When editing any group of parameters, pressing the <ENTER> key will accept the current value and move to the next parameter in the list. If you make any changes in the parameters, the system will prompt "Are you sure?" and expect a 'y' for yes to accept the changes. If you enter 'n' or do not enter anything, the parameter changes will not be accepted. The sysadmin can edit his own settings by simply typing the command name (without the <user name><user name><user name><user name>) since the system recognizes that you are logged in as sysadmin.



listusers Use listuserslistuserslistuserslistusers to get a list of all assigned users in the SCS1620. sysadmin>listusers test sysadmin user1 kevin ross bill anthony tom harry george

adduser Use adduser <user adduser <user adduser <user adduser <user name>name>name>name> to add a new user profile including their password, port configuration, and default operational sequences. sysadmin> sysadmin>adduser usage: /lci/bin/adduser name sysadmin>adduser newuser Changing password for user newuser New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully Enter accepts present value Server number of 0 (zero) will remove all access to servers ESCAPE_SEQ= \x1bA > BREAK_SEQ= \x1bB > ALLOW_CLEAR= 1-17 > 1-16 ALLOW_DIRECT= 1-17 > 1,3,5,7,9,10-16 ALLOW_LISTEN= 1-17 > 1-8,16-17 Are you sure? y sysadmin>

Press <ENTER> after typing the desired user name (case-sensitive). The next prompt asks for a password for the new user. When the user logs in for the first time he will be asked for this password. This password is case-sensitive.


15.00.032 Rev. B

NOTE: The passwords should be 6 characters or longer. If a password is less than 6 characters long, you will be warned that it is a 'bad password: too short'. However, if the sysadmin ignores this advice and re-enters the 'bad' password again (to confirm it), the system will accept it. sysadmin> sysadmin>adduser tom Changing password for user tom New UNIX password: BAD PASSWORD: it is too short Retype new UNIX password: Sorry, passwords do not match New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully Enter accepts present value Server number of 0 (zero) will remove all access to servers ESCAPE_SEQ= \x1bA > BREAK_SEQ= \x1bB > ALLOW_CLEAR= 1-17 > 1-16^? invalid character in string ALLOW_CLEAR= 1-17 > 1-17 ALLOW_DIRECT= 1-17 > 1-16 ALLOW_LISTEN= 1-17 > Are you sure? y sysadmin> As soon as the password has been entered, the system creates the new user identity and authenticates and creates the default parameters for it. The system automatically enters the 'edituser' mode for this new user, allowing the sysadmin to change any of the preset parameters for the new user.

edituser Use edituser <user name>edituser <user name>edituser <user name>edituser <user name> to edit the port configuration and default operational sequences for that user profile. It creates user IDs and privileges. The following screen will be displayed when the command is used: sysadmin> sysadmin>edituser Enter accepts present value Server number of 0 (zero) will remove all access to servers ESCAPE_SEQ= \x1bA > BREAK_SEQ= \x1bB > ALLOW_CLEAR= 1-16 > 1-17 ALLOW_DIRECT= 1-17 > ALLOW_LISTEN= 1-16 > Are you sure? y sysadmin> sysadmin> sysadmin>edituser newuser Enter accepts present value Server number of 0 (zero) will remove all access to servers ESCAPE_SEQ= \x1bA > BREAK_SEQ= \x1bB > ALLOW_CLEAR= 1-16 > ALLOW_DIRECT= 1,3,5,7,9,10-16 > ALLOW_LISTEN= 1-8,16-17 > sysadmin>



deluser Use deluser <user name>deluser <user name>deluser <user name>deluser <user name> to delete an existing User ID from the system. Note: The 'delete user' prompt does not verify whether you wish to delete the user or not. Be careful! There is no 'yes or no' option with this prompt. Use the listusers prompt after using the deluser prompt, to verify that the intended user ID has indeed been removed. sysadmin>deluser george sysadmin>listusers test sysadmin user1 kevin ross bill anthony tom harry

To delete a user, use the deluserdeluserdeluserdeluser command, followed by the user ID on the same line. Use the listuserslistuserslistuserslistusers command to verify after deleting a user ID.

editbrk Use editbrk <user name>editbrk <user name>editbrk <user name>editbrk <user name>to edit the break sequence for a user. The break sequence (user key strokes, default is 'ESC then B') is presented to the sysadmin in its ASCII form in the edituser list.

editesc Use editesc <user name>editesc <user name>editesc <user name>editesc <user name> to edit the escape sequence for a user. The escape sequence (user key strokes, default is 'ESC then A') is presented to the sysadmin in its ASCII form in the edituser list.

exit Use exitexitexitexit to de-select a port you are currently accessing.

passwd When logged in as sysadmin, use passwd to change the sysadmin password. Use passwd <user name>passwd <user name>passwd <user name>passwd <user name> to change a User's password. Passwords should be six (6) characters or longer, and are case-sensitive.


15.00.032 Rev. B

6.5 End User commands When the user is logged in to the system, their user name is the command prompt. For example, ross> will be displayed when Ross is logged in.

6.5.1 User Log In The user can log into the system using their User Name and their password, and can then perform different port selection steps.

select Use select <port name or number>select <port name or number>select <port name or number>select <port name or number> to select a port (only applies to port for which this user is allowed access (any of CLEAR, DIRECT, or LISTEN).

direct Use direct <port name or number>direct <port name or number>direct <port name or number>direct <port name or number> to connect to a port (only applies to port for which this user is allowed DIRECT access).

listen Use listen <port name or number>listen <port name or number>listen <port name or number>listen <port name or number> to listen to a port (only applies to ports for which this user is allowed LISTEN access).

clear Use clear <port name or number>clear <port name or number>clear <port name or number>clear <port name or number> to clear the buffer of a device port (only applies to ports for which this user is allowed CLEAR access).

exit Use exitexitexitexit to disconnect from a port that you are currently connected to. When disconnected from the port, it returns the User to the command line.

logout The user can log out of a port connection by typing logout in the command line



6.5.2 Escape Sequence The user can disconnect from a port by performing an 'escape' using their programmed Escape sequence. The preset value for this option is 'ESC then A', which must be performed quickly but not simultaneously.

6.5.3 Break Sequence The user can send a break signal to the external device using their programmed Break sequence. The preset value for this option is 'ESC then B', which must be performed quickly but not simultaneously.


15.00.032 Rev. B

7.0 Modem Setup If your SCS1620 system was shipped with a modem installed, it is not necessary to perform the Modem Setup and you can skip this chapter. This may only be required if the modem module is installed in the field.

7.1 Installing a Modem Card The modem card is hot-swappable, so it is not necessary to power down the unit before installing the modem card. 1. Remove the blank metal plate covering the modem slot on the SCS1620.

Insert the modem card

2. Insert the modem card into the open slot in the rear of the Console Server. 3. Tighten the screws on the modem card by hand.

Tighten the screws on modem card 4. Refer to Section 7.2 for Modem Initialization (install_modeminstall_modeminstall_modeminstall_modem). Connect the modem to your telephone line using the RJ11 telephone cord.



7.2 Modem Initialization If a modem card is installed into a working SCS1620, it must be initialized for proper operation with the system. The sysadmin does this using the install_modeminstall_modeminstall_modeminstall_modem command. This command forces a hardware reset of the modem module and then sends an initialization string which configures the modem for the system. This string also saves these values into the modem's non-volatile memory. This is not required if the modem is installed before setup is run on the system. This command does not appear in the helphelphelphelp or command menu list since it is only used when installing the modem card after the initial installation. To Initialize the Modem (only needed when it is first installed):

1. Login as sysadmin 2. Type install_modeminstall_modeminstall_modeminstall_modem at the sysadmin> prompt. 3. When the command has run completely, you are returned to the

sysadmin> prompt. The modem has reset and is ready to use. SCS1620 login: sysadmin Password: sysadmin>install_modem sysadmin>

Check the status LEDs on the Modem Module.

Normal Modem LEDs (red-red-green-green-red) for an idle Modem Port A red LED indicates the 'inactive' state and a green LED indicates the 'active' state. The PWR LED should always show green when the system is turned on.


15.00.032 Rev. B

8.0 User Access and Functions

8.1 Terminal Port This is a Console Port connection to the SCS1620, using a hardwired VT100 terminal or terminal emulation program that is connected to the TERMINAL connector on the SCS1620. It is normally used by the System Administrator during service events, however it can be used by any user that has access to the VT100 terminal and that has a password to log into the system.

8.2 Network Port The network port must be connected to a network that uses TCP/IP. Devices connected to the network card must be at 10 or 100 Mbits, auto-negotiating, on 10/100base T (Cat 5) wiring. To connect to the SCS1620 network port, the user should use a TCP/IP telnet client to telnet to the IP address assigned to the SCS1620, or use ssh. OCTANE_65 10# TELNET 172.16.1.31 Trying 172.16.1.31... Connected to 172.16.1.31 Escape character is ‘^]’. SCS1620> login:

8.3 Modem Module The SCS1620 with the optional Modem module can support three configurations:

• Plain text tty - This provides for an interface identical to that presented by the terminal port or a telnet-ed user. The user is presented with the standard login and password prompts.

• PPP connection - This allows a remote user to establish a PPP connection with the SCS1620. A standard SCS1620 user/password pair is required to authenticate to the system. IP traffic can then be forwarded thru the SCS1620 to the Ethernet port. This allows standard internet applications to communicate to systems, including the SCS1620, on the network attached to the Ethernet port of the SCS1620. These applications include but not limited to telnet, ftp and SSH. CHAP is also supported.

• Callback connection - This allows a remote user to establish a connection with the SCS1620 only after the user logs in with a callback pseudo user, at which time the SCS1620 drops the connection, delays a period of time (30 sec.) then dials the user back at a pre-assigned phone number. Callback may be tty or PPP.



8.4 Selecting a Device Port To select a device port, the user must type selectselectselectselect along with a device port. The user must also have permission to connect to a device port as defined by the system administrator in their user profile. For example, to connect to a server named Alpha on device port 2, the user may either type selectselectselectselect Alpha, selectselectselectselect 2. If the system administrator has determined that the user does not have permission to access a server, the SCS1620 will display the message NO ACCESS TO DEVICE CHANNEL, and the connection will not be made. The user may exit from their current device port first by using the exitexitexitexit command or selecting another device port. A user may select a server that is already selected by another user. When a server has been selected, the prompt will change to show which server has been selected by displaying the user ID, a dash, and then the server name in the general form USER_NAME-SERVER_NAME>. For example, if the user GEORGE selects Alpha, the prompt would read GEORGE-Alpha>. When this prompt is displayed, the user is in monitor mode. There is no direct communication between the user and the server. Any output from the server is saved to a buffer that may be accessed by the user (see Section 5.7, Using the Buffer), but the user may issue no commands to the server. If the user desires to issue commands to the server, they must enter direct mode (see Section 5.6, Direct Mode).

8.5 Direct Mode If a user desires to interact directly with a server rather than only monitor its output, then they must enter direct mode. To enter direct mode using the directdirectdirectdirect command, the user may select a device port as outlined in Section 5.6, Selecting a Server. Then at the prompt, the user must use the command directdirectdirectdirect. The user may also select a device port and enter direct mode in one step by using the dir ndir ndir ndir n command. The dir ndir ndir ndir n command must have either the device port number or the name assigned to the port as the command qualifier. The user's terminal will then be directly connected to the server, and will act as if the terminal was physically connected to the server. The SCS1620 displays the last page of the device buffer along with a system information message indicating which device port is selected as the user enters direct mode. To escape from direct mode, the direct mode escape sequence must be used. The direct mode escape sequence is a series of two to five characters that allow the user to leave direct mode and return to monitor mode. The factory default for the direct mode escape sequence is <ESC> A (escape key, then uppercase "a"), but the user may change the sequence by using the command editesceditesceditesceditesc.


15.00.032 Rev. B

It is recommended that the user only change the escape sequence if it causes problems with the hardware or software used. It is also recommended that the user avoid combinations of the <CTRL> key and other keys, as these combinations are usually reserved for sending and receiving special characters through the terminal. When the user changes the escape sequence, a window with the hexadecimal representation of the old escape sequence will appear. Pressing <ESC> to exit from the edit prompt will not work; it will add additional <ESC> characters (hexadecimal value 1B) to the direct mode escape sequence. If the user wishes to keep the old sequence, they need only to press <ENTER>. Otherwise, they should press backspace to delete the old characters, then enter the new sequence and press <ENTER>. If for some reason the selection is unacceptable, an error message will appear and the sequence will revert to the old character values. Appendix E lists the hexadecimal codes for the ASCII character set.



Appendix A – Terminal Port and Adapter Pinouts

Title:

Size:

Part Number

Rev:

SheetFile:

System:A A0101 of

Terminal / Device RJ45 Connector Pinouts

SCS1620

Drawing Number

1620_term_dev.vsd

1

4

6

8

7

2

3

5

Tx

Rx

RTS

CTS

DTR

DSR

DCD

SG

SCS1620Terminal / Device

(DTE)

RJ4

5

1

4

6

8

7

2

3

5

Tx

Rx

RTS

CTS

DTR

DSR

DCD

SG

SCS1620Terminal / Device

(DCE)R

J45

pin 1

RJ-45 Connector

100 Washington Street, Milford CT 06460 800 871-9838 * Fax 203 874-0157 * www.lightwavecom.com


15.00.032 Rev. B

Use PN 200.0066 Adapter with a Dumb Terminal, or most SUN applications

Title:

Size:

Part Number

Rev:

SheetFile:

System:A A200d0066S.vsd 0101 of

RJ45 Receptacle to DB25M Adapter

200.0066

SCS1620

2

DB25MALE

3

4

5

6

7

8

20

3

2

7

8

6

5

1

4

RJ45

pin 1

Drawing Number 700.200.0066

261 Pepe's Farm Road, Milford CT 06460 800 871-9838 * Fax 203 874-0157 * www.lightwavecom.com



Title:

Size:

Part Number

Rev:

SheetFile:

System:A A200d0067-1620.vsd 0101 of

RJ45 Receptacle to DB25F Adapter

200.0067

SCS1620

2

DB25FEMALE

3

4

5

6

7

8

20

3

2

7

8

6

5

1

4

RJ45

pin 1




15.00.032 Rev. B

Title:

Size:

Part Number

Rev:

SheetFile:

System:A A200d0069.vsd 0101 of

RJ45 Receptacle to DB9M Adapter

200.0069

System Console Switch

1

DB9MALE

2

3

4

5

6

7

8

1

2

3

4

5

6

7

8

RJ45

pin 1


261 Pepe's Farm Road, Milford CT 06460 800 871-9838 * Fax 203 874-0157 * www.lightwavecom.com



Use PN 200.0070 Adapter with a PC's serial port

Title:

Size:

Part Number

Rev:

SheetFile:

System:A A200d0070-1620.vsd 0101 of

RJ45 Receptacle to DB9F Adapter

200.0070

SCS1620

1

DB9FEMALE

2

3

4

5

6

7

8

1

2

3

4

5

6

7

8

RJ45

pin 1




15.00.032 Rev. B

Use this Adapter for Netra / SUN / CISCO, others

Title:

Size:

Part Number

Rev:

SheetFile:

System:A A0101 of

Netra t1 to SCS1620 RJ45 adapter pinout

200.0225

SCS1620


200d0225.vsd


RJ45female

RJ45female

1

2

3

4

5

6

7

8 8

7

6

5

4

3

2

1NC



Appendix B – Flash Update Procedure

B.1 Updating the SCS1620 Software The system employs the ability to update the system files by one of several transfer methods including scp (secure copy) and ftp (which is inherently insecure, but performed by local access by the sysadmin) and a variety of other update methods. The system software is also completely configurable by the system administrator, which may involve addition or removal of Unix / Linux system files to suit a particular application.

B.1.1 Software Download The SCS1620's operating software can be updated by a downloadable software update (downloaded from Lightwave's FTP site) which consists of two files: a tar file and an update script file. The two files must always be used as a matched set (same version). The update files will affect the data stored on the SCS1620's FLASH device, however the programmed data will remain intact. After updating the system software, the system must be rebooted in order to completely save all of the programming changes.

B.2 Flash Replacement Procedure In order to replace the Flash memory component of the SCS1620, you must first obtain a factory-prepared Flash memory device for your system.

The Flash component will be shipped to you in anti-static protective materials.

Flash device in its holder

16 DEVICE ports

Power Manager Port


15.00.032 Rev. B

The SCS1620 system must be shut down (using the "poweroff" command) and disconnected from power before replacing the Flash. The cover must be removed, so if it is installed it must be removed from service so that the case is accessible. Shut Down the SCS1620:

1. You must be logged in as 'sysadmin'. 2. Type 'poweroff' and press Enter. The system will gracefully shut down and

close all files; after about two minutes, the front panel display will state "OK to power off".

3. Turn the power switch(es) on the back of the unit off (O). Remove the Cover:

1. Remove seven screws on the top of the cover, plus two on each side (for the rack mount rails).

2. Lift the cover straight up and set it aside.



Replace the Flash module: Touch and maintain contact with the metal chassis to eliminate any static buildup you might have. The Flash module slides into its holder on the board; there is no release mechanism, and it is only held in place by its metal contact pins.

1. Grabbing the Flash disk as shown, slide it straight out of its connector, flat, along the top of the other components on the circuit board.

2. Unpack the replacement Flash module from the packing material. 3. Again touching the metal chassis of the unit to prevent static discharge,

slide the Flash module into the holder. DO NOT FORCE THE MODULE IN; it is keyed by its alignment grooves and will slide easily only one way.

4. Be certain that the module is pressed firmly in the socket, until the pins of the connector are no longer visible. There is no 'click' when it is seated.

5. The Flash installation is complete. Replace the cover, and reinstall the screws. The system is ready to go back into service. It is now a 'factory fresh' system.

Start up your Factory-Fresh SCS1620 System 6. When the system is started up, you will have to configure all of your

parameters. Note: Remember to return the removed Flash Module with the Return Authorization information provided.

Slide Module straight out to remove it (flat, along top of components on the board)


15.00.032 Rev. B

Appendix C – System Specifications

C.1 Physical Width: 17.25 inches (4.45 cm) Depth: 8.00 inches (20.32 cm) Height: 1.75 inches (4.45 cm) 1 RU Shipping weight: 15 pounds (6.80 kg)

C.2 Environmental Operating temperature range: 32°F (0°C) to 125°F (52°C) Operating humidity range: 30% to 90% RH, non-condensing Storage temperature range: -4°F (-20°C) to 158°F (70°C) Storage humidity range: 10% to 90% RH, non-condensing Heat generated in normal operation: 75.1 BTU/hour

C.3 Electrical Both the AC and DC power versions of the Console Server feature redundant power supplies.

C.3.1 AC Power Universal input voltage, auto-switched AC power supplies, switch fused Input voltage: 110/240 VAC AC frequency: 50/60 Hz Maximum power consumption: 25 W Typical power consumption: 18 W (total input power) Note: If run on a single AC supply, typical consumption is approx. 13 watts.



C.3.2 DC Power -48 volt only, externally fused Input voltage: -48 VDC Maximum power consumption: 25 W Typical power consumption: 15 W (total input power)

C.4 Interface

C.4.1 Terminal and Device Connector: RJ45 Specification: EIA-232 Maximum baud rate: 115,200 Minimum baud rate: 2400 Maximum user sessions: 16 ports, any combination

C.4.2 Network Connector: RJ45 Protocol: TCP/IP (IP version 4) Maximum speed: 10 or 100 Mbits, half duplex Auto-negotiation: Supported Maximum user sessions: multiple; essentially unlimited

C.4.3 Modem Connector: RJ11C Format: analog POTS Maximum speed: 38,400 baud Maximum user sessions: 1

C.4.4 Power Manager Connector: DB9F Specification: EIA-232 Maximum baud rate: 115,200 (preset to 9600 for PCU8) Minimum baud rate: 2400 Maximum user sessions: 1


15.0

C.5 Compliance and Certification Safety For USA and Canada: The SCS1620 has been tested and listed by Entela Inc, a Nationally Recognized Test Lab, as compliant with UL 1950 3rd edition and CSA 22.2 No. 950-95.

Entela is a USA OSHA Nationally Recognized Testing Laboratory (NRTL), an accredited Certification Organization by the Standards Council of Canada (SCC), and an IECEE – CB Scheme National Certifications Body (NCB) & Certification Body Testing Laboratory (CBTL).

Emissions For Domestic USA:

For Europe: EMI warning statement for Class A Information Technology Equipment (ITE):

Warning This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.

Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide a reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

0.032 Rev. B



Appendix D – DC Power Specifications

D.1 DC Power Source Input voltage: -48 VDC Minimum voltage: -40 VDC Maximum voltage: -60 VDC Maximum operating current: 1.5 A Maximum input surge current: 5 A Rated Input Power Consumption 15 watts The DC power source must be:

• electrically isolated from any AC source • reliably connected to earth • capable of providing up to 100 Watts of continuous power

D.2 Overcurrent Protection DC Power Overcurrent protection requirements:

• 10 Amp trip • double pole • fast trip • DC rated • Overcurrent protection devices (e.g., circuit breakers) must be provided as

part of each installation, and are not included with the SCS1620 • The device must be located between the DC power source and the

SCS1620

D.3 DC Supply Connector The supply input connectors are provided with each SCS1620. However, the conductors are not. See below for conductor specifications. Conductor material: copper only Wire gauge: 16 AWG Insulation rating: 75°C minimum, low smoke fume,

flame retardant Branch circuit cable insulation color: per applicable national electrical

codes Grounding cable insulation color: green/yellow The cable type should be one of the following:

• UL style 1028 or other UL 1581 (VW-1) compliant equivalent • IEEE 383 compliant • IEEE 1202-1991 compliant


15.00.032 Rev. B

Appendix E – Hexadecimal ASCII Code Equivalent characters in italics are non-printing characters or signals. Hexadecimal

Code Equivalent Character

Hexadecimal Code

Equivalent Character

00 NUL 20 SP 01 SOH 21 ! 02 STX 22 “ 03 ETX 23 # 04 EOT 24 $ 05 ENQ 25 % 06 ACK 26 & 07 BEL 27 ‘ 08 BS 28 ( 09 HT 29 ) 0A NL 2A * 0B VT 2B + 0C NP 2C , 0D CR 2D - 0E SO 2E . 0F SI 2F / 10 DLE 30 0 11 DC1 31 1 12 DC2 32 2 13 DC3 33 3 14 DC4 34 4 15 NAK 35 5 16 SYN 36 6 17 ETB 37 7 18 CAN 38 8 19 EM 39 9 1A SUB 3A : 1B ESC 3B ; 1C FS 3C < 1D GS 3D = 1E RS 3E > 1F US 3F ?



Hexadecimal

Code Equivalent Character

Hexadecimal Code

Equivalent Character

40 @ 60 ` 41 A 61 a 42 B 62 b 43 C 63 c 44 D 64 d 45 E 65 e 46 F 66 f 47 G 67 g 48 H 68 h 49 I 69 i 4A J 6A j 4B K 6B k 4C L 6C l 4D M 6D m 4E N 6E n 4F O 6F o 50 P 70 p 51 Q 71 q 52 R 72 r 53 S 73 s 54 T 74 t 55 U 75 u 56 V 76 v 57 W 77 w 58 X 78 x 59 Y 79 y 5A Z 7A z 5B [ 7B { 5C \ 7C | 5D ] 7D } 5E ^ 7E ~ 5F _ 7F DEL


15.00.032 Rev. B

Appendix F – Some UNIX Command Help Some UNIX / Linux commands are used in administering the SCS1620. The lesslesslessless command is automatically invoked by some of the system commands (e.g., if the devicesdevicesdevicesdevices command is run, less is used to display the information to the sysadmin.) The vi editor is used when setup is run.

F.1 less command The following help information about lesslesslessless is built into the SCS1620 system. The lesslesslessless command's use will be obvious to the user when the data output to the terminal is longer than one screen can display. The output will pause, and a ":" (colon) will be displayed at the bottom of the screen. To continue the display, the user presses the <enter> key (to step one more line) or the spacebar (to fill one more page) to see additional information. At the end of the lengthy output, an (END)(END)(END)(END) prompt will be displayed. To end the lesslesslessless program, press 'q' to return to the command line. SUMMARY OF LESS COMMANDS Commands marked with * may be preceded by a number, N. Notes in parentheses indicate the behavior if N is given. h H Display this help. q :q Q :Q ZZ Exit. --------------------------------------------------------------------------- MOVING ?pattern * Search backward for (N-th) matching line. HELP -- Press RETURN for more, or q when done HELP -- Press RETURN for more, or q when done HELP -- Press RETURN for more, or q when done e ^E j ^N CR * Forward one line (or N lines). y ^Y k ^K ^P * Backward one line (or N lines). f ^F ^V SPACE * Forward one window (or N lines). b ^B ESC-v * Backward one window (or N lines). z * Forward one window (and set window to N). w * Backward one window (and set window to N). ESC-SPACE * Forward one window, but don't stop at end-of-file. d ^D * Forward one half-window (and set half-window to N). u ^U * Backward one half-window (and set half-window to N). ESC-( RightArrow * Left 8 character positions (or N positions). ESC-) LeftArrow * Right 8 character positions (or N positions). F Forward forever; like "tail -f". r ^R ^L Repaint screen.en done R Repaint screen, discarding buffered input. --------------------------------------------------- Default "window" is the screen height. Default "half-window" is half of the screen height. ---------------------------------------------------------------------------



SEARCHING /pattern * Search forward for (N-th) matching line. ?pattern * Search backward for (N-th) matching line. ESC-^B <c1> <c2> * Find open bracket <c1> ?pattern * Search backward for (N-th) matching line. n * Repeat previous search (for N-th occurrence). N * Repeat previous search in reverse direction. ESC-n * Repeat previous search, spanning files. ESC-N * Repeat previous search, reverse dir. & spanning files. ESC-u Undo (toggle) search highlighting. --------------------------------------------------- Search patterns may be modified by one or more of: ^N or ! Search for NON-matching lines. ^E or * Search multiple files (pass thru END OF FILE). ^F or @ Start search at FIRST file (for /) or last file (for ?). ^K Highlight matches, but don't move (KEEP position). ^R Don't use REGULAR EXPRESSIONS. --------------------------------------------------------------------------- JUMPING g < ESC-< * Go to first line in file (or line N). G > ESC-> * Go to last line in file (or line N). p % * Go to beginning of file (or N percent into file). { ( [ * Find close bracket } ) ]. } ) ] * Find open bracket { ( [. ESC-^F <c1> <c2> * Find close bracket <c2>. ESC-^B <c1> <c2> * Find open bracket <c1> Each "find close bracket" command goes forward to the close bracket matching the (N-th) open bracket in the top line. Each "find open bracket" command goes backward to the open bracket matching the (N-th) close bracket in the bottom line. m<letter> Mark the current position with <letter>. '<letter> Go to a previously marked position. '' Go to the previous position. ^X^X Same as '. --------------------------------------------------- A mark is any upper-case or lower-case letter. Certain marks are predefined: ^ means beginning of the file $ means end of the file --------------------------------------------------------------------------- CHANGING FILES :e [file] Examine a new file. ^X^V Same as :e. :n * Examine the (N-th) next file from the command line. :p * Examine the (N-th) previous file from the command line. :x * Examine the first (or N-th) file from the command line. :d Delete the current file from the command line list. = ^G :f Print current file name. --------------------------------------------------------------------------- MISCELLANEOUS COMMANDS -<flag> Toggle a command line option [see OPTIONS below]. --<name> Toggle a command line option, by name. _<flag> Display the setting of a command line option. __<name> Display the setting of an option, by name. +cmd Execute the less cmd each time a new file is examined. !command Execute the shell command with $SHELL. |Xcommand Pipe file between current pos & mark X to shell command. v Edit the current file with $VISUAL or $EDITOR. V Print version number of "less". ---------------------------------------------------------------------------


15.00.032 Rev. B

OPTIONS Most options may be changed either on the command line, or from within less by using the - or -- command. Options may be given in one of two forms: either a single character preceded by a -, or a name preceeded by --. -? ........ --help Display help (from command line). -a ........ --search-skip-screen Forward search skips current screen. -b [N] .... --buffers=[N] Number of buffers. -B ........ --auto-buffers Don't automatically allocate buffers for pipes. -c -C .... --clear-screen --CLEAR-SCREEN Repaint by scrolling/clearing. HELP -- Press RETURN for more, or q when done

F.2 vi Editor commands The vi editor is a powerful command editor used to modify Unix commands. There are instances when the sysadmin must modify a file using a command editor, and vi is often used to accomplish this. CAUTION: It is possible to damage a file, which might render the system inoperative, by improper use of a file or command editor on system files. This section is only meant as a review for those familiar with vi commands.

F.2.1 Using vi To edit a file using the vi editor on a file with a name <file_name>, from the command line, type: vi <file_name> Use the following commands to edit and then close the file.

F.2.2 vi Modes vi is a three-mode line editor: it has a command mode, and line mode, and an editing mode. It is very useful for editing a file, for navigating within an open file, or for opening or saving a file.

• command mode: for moving around within an open file • editing mode: for text editing in the file • line mode for file opening, saving, closing, exiting

If you are not sure which mode you are in at any time, you can press the <ESC> key, which returns you to the command mode. A summary of the modes and some vi commands follows: To enter vi in the 'line mode', from the command mode, type : (colon).



F.2.3 Using vi in Command mode The following keyboard commands apply to vi in Command mode. The cursor is moved within the open file using the following position commands:

• h moves cursor to left (left arrow) • j moves cursor to next line (down arrow) • k moves cursor to previous line (up arrow) • l moves cursor to right (right arrow)

The text within the open file is edited or changed using the following commands:

• i insert text before the cursor position. All existing text to the right of the cursor is shifted to the right (not overwritten).

• o create a new line below the current line, and insert the text. All existing text is shifted down and follows the text you are about to insert.

• u undo the last modification • x delete the letter at the current cursor position • dd delete the current line

Once all editing is complete, you must close or save the file. You must go to "Line Mode" to accomplish this.

F.2.4 Closing a file opened in vi After all editing is done, enter line mode by typing the colon (:). Use one of the following commands to work with your file as desired:

• e <filename> open the file named <filename> • w <filename> write (save) this file with the name <filename>

Caution: this will overwrite an existing file with that exact name without warning.

• q quit • q! quit and disregard changes • w write the file (save it) with its existing filename • wq write the file and close the file (save and quit) • <ESC> go to command mode

Save and Quit = :wq <enter> Quit, do not Save = :q! <enter>


15.00.032 Rev. B

Release Notes Last-minute changes to this manual are found here.

Root-level Password In this kernel, the system's root level security has been enhanced. This affects sysadmin steps to change the root level password, and any other root level access. It is important to know the root access password. The procedure found on pp. 60-61 of this manual is not completely accurate, due to these changes. This information is provided to clarify the steps required for root level access, and in changing the root password.

To Change the root-level password of the SCS1620, follow the example above. The default root password is root.

1. Log in as sysadmin 2. Type bashbashbashbash to get to root level (notice: sysadmin level = $) 3. susususu to root level; you must enter the existing root password (default = root) 4. After password accepted, notice root level = sysadmin@ # 5. Use passwdpasswdpasswdpasswd to change root level password 6. After successful, 'authentication tokens updatedauthentication tokens updatedauthentication tokens updatedauthentication tokens updated' message

displayed 7. Use exitexitexitexit to leave root level (sysadmin@ $) 8. Use exitexitexitexit to leave shell level (sysadmin>) 9. Use logoutlogoutlogoutlogout to log out of the system



For Your Notes

secure console server model scs1620 product guide

Documents