Documentation Oracle

 

 

 CD ROM Annuaire d'Entreprises France prospect (avec ou sans emails) : REMISE DE 10 % Avec le code réduction AUDEN872

10% de réduction sur vos envois d'emailing --> CLIQUEZ ICI

Retour à l'accueil, cliquez ici

Voir également :

Documentation ORACLE

Documentation ORACLE Sun Fire V60x Compute Grid Rack System

http://docs.oracle.com/cd/E19533-01/index.html

Getting Started with the LX Series

http://docs.oracle.com/cd/E19533-01/875-3510-10/875-3510-10.pdf

LX-Series Commands Reference Guide

http://docs.oracle.com/cd/E19533-01/875-3511-10/875-3511-10.pdf

LX-Series Configuration Guide :

http://docs.oracle.com/cd/E19533-01/875-3512-10/875-3512-10.pdf

Catalyst 3750 Switch Command Reference

http://docs.oracle.com/cd/E19533-01/875-3516-10/875-3516-10.pdf

Cisco Catalyst 3750 Switch Hardware Installation Guide

http://docs.oracle.com/cd/E19533-01/875-3517-10/875-3517-10.pdf

Catalyst 3750 Switch

http://docs.oracle.com/cd/E19533-01/875-3518-10/875-3518-10.pdf

Sun Fire Grid System visuelle

http://docs.oracle.com/cd/E19374-01/index.html

Sun Fire™ Visual Grid System Installation and User’s Guid

http://docs.oracle.com/cd/E19374-01/817-2365-10/817-2365-10.pdf

Oracle SPARC T-Series Serveurs

http://www.oracle.com/technetwork/documentation/sparc-tseries-servers-252697.html

SPARC documentation du serveur T4-1

http://docs.oracle.com/cd/E22985_01/index.html

SPARC T4-1 Server Safety and Compliance Guide Compliance Model No.: SERP2

http://docs.oracle.com/cd/E22985_01/pdf/E22991.pdf

SPARC T4-1 Server Installation Guide

http://docs.oracle.com/cd/E22985_01/pdf/E22988.pdf

SPARC T4-1 Server Service Manual

http://docs.oracle.com/cd/E22985_01/pdf/E22990.pdf

SPARC T4-1B Server Module Product Notes

http://docs.oracle.com/cd/E22735_01/pdf/E22737.pdf SPARC T4-1B Server Module Safety and Compliance Guide Compliance Model No.: T4BLD :

http://docs.oracle.com/cd/E22735_01/pdf/E22740.pdf SPARC T4-1B Server Module Installation Guide :

http://docs.oracle.com/cd/E22735_01/pdf/E22738.pdf

SPARC T4-1B Server Module Service Manual

http://docs.oracle.com/cd/E22735_01/pdf/E22739.pdf

SPARC T3-1 (Français) http://docs.oracle.com/cd/E19836-01/index-fr.html Integrated Lights Out Manager (ILOM) 3.0 http://docs.oracle.com/cd/E19860-01/index.html SPARC T3-1B SERVER DOCUMENTATION http://docs.oracle.com/cd/E22551_01/index.html SPARC T3-2 (Français)

http://docs.oracle.com/cd/E19166-01/index-fr.html

SPARC T3-4 (Français)

http://docs.oracle.com/cd/E21687_01/index.html

SPARC T3-4 Server Service Manual

http://docs.oracle.com/cd/E19417-01/E20813/E20813.pdf

Sun Microsystems, Inc. www.sun.com Submit comments about this document at: http://www.sun.com/hwdocs/feedback Sun Fire™ V60x Compute Grid Rack System Installation Guide Part No. 817-3072-10 October 2003, Revision APlease Recycle Copyright 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. THIS PRODUCT CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF SUN MICROSYSTEMS, INC. USE, DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF SUN MICROSYSTEMS, INC. This document and the product to which it pertains are distributed under licenses restricting their use, copying, distribution, and decompilation. No part of the product or of this document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. This distribution may include materials developed by third parties. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Sun ONE, the Sun ONE logo, Sun Fire, AnswerBook2, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and in other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and in other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements. Products covered by and information contained in this manual are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical/ biological weapons, or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo, or to entities identi?ed on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists, is strictly prohibited. Use of any spare or replacement CPUs is limited to repair or one-for-one replacement of CPUs in products exported in compliance with U.S. export laws. Use of CPUs as product upgrades, unless authorized by the U.S. Government, is strictly prohibited. DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Copyright 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés. CE PRODUIT CONTIENT DES INFORMATIONS CONFIDENTIELLES ET DES SECRETS COMMERCIAUX DE SUN MICROSYSTEMS, INC. SON UTILISATION, SA DIVULGATION ET SA REPRODUCTION SONT INTERDITES SANS AUTORISATION EXPRESSE, ECRITE ET PREALABLE DE SUN MICROSYSTEMS, INC. Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribution, et la décompilation. Aucune partie de ce produit ou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y ena. Cette distribution peut comprendre des composants développés par des tierces parties. Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié par des fournisseurs de Sun. Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l’Université de Californie. UNIX est une marque déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Sun ONE, the Sun ONE logo, Sun Fire, AnswerBook2, docs.sun.com, Java, et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d’autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d’autres pays. Les produits protant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc. Ce produit est soumis à la législation américaine en matière de contrôle des exportations et peut être soumis à la règlementation en vigueur dans d’autres pays dans le domaine des exportations et importations. Les utilisations , ou utilisateurs ?naux, pour des armes nucléaires, des missiles, des armes biologiques et chimiques ou du nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou reexportations vers les pays sous embargo américain, ou vers des entités ?gurant sur les listes d’exclusion d’exportation américaines, y compris, mais de manière non exhaustive, la liste de personnes qui font objet d’un ordre de ne pas participer, d’une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la législation américaine en matière de contrôle des exportations et la liste de ressortissants spéci?quement désignés, sont rigoureusement interdites. L’utilisation de pièces détachées ou d’unités centrales de remplacement est limitée aux réparations ou à l’échange standard d’unités centrales pour les produits exportés, conformément à la législation américaine en matière d’exportation. Sauf autorisation par les autorités des Etats-Unis, l’utilisation d’unités centrales pour procéder à des mises à jour de produits est rigoureusement interdite. LA DOCUMENTATION EST FOURNIE "EN L’ÉTAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON.Contents iii Contents 1. Sun Fire V60x Compute Grid Rack System Hardware Overview and Installation 1 Installation Quick Path 1 Hardware Components Overview 3 Sun Rack 900 4 Network Switches 4 Terminal Server 5 Cluster Grid Manager Node 5 Grid Master Node 6 Compute Nodes 6 Keyboard, Video, Mouse Unit 6 Cabling Information 7 Single-Rack System 8 Multiple-Rack System 9 Installing the System Hardware 10 Powering On the System 12 Adding or Replacing Hardware Components 13 Tools Required 13 Replacing Sun Rack Parts 13 Adding or Replacing a Sun Fire V60x Node 14 Replacing a CGM Node 14 Replacing a Grid Master Node or Compute Node 14 Adding or Replacing a Network Switch 14iv Sun Fire V60x Compute Grid Rack System Installation Guide • September 2003 2. Sun Fire V60x Compute Grid Rack System Software Overview and Installation 15 Sun Fire V60x Compute Grid Software Components Overview 16 Red Hat Enterprise Linux Operating System 17 Cluster Grid Manager Software 17 Sun Control Station Software 17 AllStart Module 19 Grid Engine Module 19 Setting Up the Sun Fire V60x Compute Grid Software 21 Information Required For Software Setup 21 Logging In and Setting Up the System Identity 23 Using the AllStart Module to Deploy Software 27 Creating AllStart Distributions 28 Creating AllStart Payloads 30 Creating AllStart Profiles 33 Creating and Enabling Clients 41 Defining Network Service Settings 47 Deploying Software Payloads to Compute Nodes 49 Adding Compute Nodes as SCS Managed Hosts 50 Configuring the Grid Engine Module 53 Deploying the Sun ONE Grid Engine Software 53 Monitoring Compute Grid Tasks 57 Uninstalling Sun ONE Grid Engine Software 58 A. Product Specifications 61 Power Specifications 61 Physical Dimensions 62 Environmental Requirements 63v Preface This guide contains instructions for installing the Sun Fire™ V60x Compute Grid rack system hardware and for setting up and deploying the system software. This guide also provides overview information about the system and references to more detailed documentation for the system hardware and software components. How This Book Is Organized The information in this guide is organized into the following chapters and appendixes:  Chapter 1 provides hardware overview and installation instructions, including diagrams of the system cabling and components. Chapter 2 provides software overview information, and instructions for deploying and setting up software. Appendix A provides product specifications, including environmental requirements, for reference.vi Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Typographic Conventions Related Documentation The following table lists the documentation set that is shipped with your Sun Fire V60x Compute Grid rack system. Documentation that contains detailed information about using and servicing the system hardware and software components after installation are included with the system as a supplement to this installation guide. Typeface * * The settings on your browser might differ from these settings. Meaning Examples AaBbCc123 The names of commands, files, and directories; on-screen computer output Edit your.login file. Use ls -a to list all files. % You have mail. AaBbCc123 What you type, when contrasted with on-screen computer output % su Password: AaBbCc123 Book titles, new words or terms, words to be emphasized. Replace command-line variables with real names or values. Read Chapter 6 in the User’s Guide. These are called class options. You must be superuser to do this. To delete a file, type rm filename. Component Title Part Number Sun Fire V60x Compute Grid rack system Sun Fire V60x Compute Grid Rack System Installation Guide 801-3072 Sun Fire V60x Compute Grid rack system Sun Fire V60x Compute Grid Rack System Release Notes 801-3074 Sun Rack 900 Sun Rack Unpacking Instructions 816-6385 Sun Rack 900 Sun Rack Installation Guide 816-6386 Sun Rack 900 Sun Rack Service Manual 816-6387 Sun Rack 900 Sun Rack safety and Regulatory Compliance Information 816-7885 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Operating System Installation Guide 817-1956Preface vii Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Release Notes 817-2026 Sun Fire V60x Important Safety Information for Sun Hardware Systems 816-7190 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Warranty Card 817-2027 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Registration Card 817-2294 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Binary Code License 817-2029 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Safety and Compliance Guide 817-2028 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Documentation CD, includes the following: 705-0561 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server User Guide 817-2023 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Troubleshooting Guide 817-2024 Sun Fire V60x Sun Fire V60x and Sun Fire V65x Server Server Management Guide 817-2025 Sun Control Station software Sun Control Station 2.0 Software CD, includes the following documentation: 798-4889 Sun Control Station software Sun Control Station 2.0 Administration Manual 817-3603 Sun Control Station software Sun Control Station 2.0, Software Management Module 817-3611 Sun Control Station software Sun Control Station 2.0, Health Monitoring Module 817-3607 Sun Control Station software Sun Control Station 2.0, Performance Monitoring Module 817-3610 Sun Control Station software Sun Control Station 2.0, Inventory Module 817-3608 Sun Control Station software Sun Control Station 2.0, Lights-Out Management Module 817-3609 Sun Control Station software Sun Control Station 2.0, AllStart Module 817-3605 Sun Control Station software Sun Control Station 2.0, Grid Engine Module 817-3606 Component Title Part Numberviii Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Sun ONE Grid Engine, Enterprise Edition software Sun Grid Engine, Enterprise Edition 5.3 Administration and User’s Guide 816-4739 Sun ONE Grid Engine, Enterprise Edition software Sun Grid Engine 5.3 and Sun Grid Engine, Enterprise Edition 5.3 Reference Manual 816-4767 Sun ONE Grid Engine, Enterprise Edition software Sun Grid Engine, Enterprise Edition 5.3 Release Notes 816-5078 Sun ONE Grid Engine, Enterprise Edition software Sun Grid Engine, Enterprise Edition 5.3 Basics of Administration 816-7409 Third-party network switches Documents supplied from network switch vendor various Third-party terminal server Documents supplied from terminal server vendor various Third party keyboard, video, mouse (KVM) unit Documents supplied from KVM unit vendor various Component Title Part NumberPreface ix Accessing Sun Documentation In addition to the hard-copies and CDs that are shipped with your system, you can view, print, or purchase a broad selection of Sun documentation, including localized versions, at: http://www.sun.com/documentation You can search for the documentation by the titles or part numbers listed in “Related Documentation” on page vi. Contacting Sun Technical Support If you have technical questions about this product that are not answered in this document, go to: http://www.sun.com/service/contacting Sun Welcomes Your Comments Sun is interested in improving its documentation and welcomes your comments and suggestions. You can submit your comments by going to: http://www.sun.com/hwdocs/feedback Please include the title and part number of your document with your feedback: Sun Fire V60x Compute Grid Rack System Installation Guide, part number 817-3072-10x Sun Fire V60x Compute Grid Rack System Installation Guide • October 20031 C H A P T E R 1 Sun Fire V60x Compute Grid Rack System Hardware Overview and Installation The Sun Fire™ V60x Compute Grid rack system is shipped to your site fully assembled and cabled. This chapter is intended to familiarize you with the hardware in your Sun Fire V60x Compute Grid, and to provide installation and power-on instructions for the hardware. The information in this chapter is organized into the following sections.  “Installation Quick Path” on page 1  “Hardware Components Overview” on page 3  “Cabling Information” on page 7  “Installing the System Hardware” on page 10  “Powering On the System” on page 12  “Adding or Replacing Hardware Components” on page 13 Installation Quick Path This guide provides important overview and reference information, as well as procedures for an initial installation. The following diagram indicates the high-level steps for installing the system and provides pointers to that information in this guide.2 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 1-1 Installation Quick Path Flowchart Verify site-planning requirements are met. Unpack and position the system. Check preinstalled cable connections. Connect the system to power and Ethernet. Power on the system. Configure an identity for the terminal server and Cluster Grid Manager node. Deploy software to the compute nodes. Deploy Sun Grid Engine software, and define master and execution hosts. See “Environmental Requirements” on page 63. See “Installing the System Hardware” on page 10. See “Cabling Information” on page 7. See “Installing the System Hardware” on page 10. See “Powering On the System” on page 12. See “Logging In and Setting Up the System Identity” on page 23. See “Using the AllStart Module to Deploy Software” on page 27. See “Configuring the Grid Engine Module” on page 53. Add client nodes as Sun Control Station managed hosts. See “Adding Compute Nodes as SCS Managed Hosts” on page 50.Chapter 1 Sun Fire V60x Compute Grid Rack System Hardware Overview and Installation 3 Hardware Components Overview FIGURE 1-2 shows the Sun Fire V60x Compute Grid front and rear views. The front and rear doors are not shown. Components of the system are described in the sections that follow. For a cabling diagram, see “Cabling Information” on page 7. FIGURE 1-2 Sun Fire V60x Compute Grid Front and Rear Views Sun Rack 900 Network switches (2) Terminal server Cluster Grid Manager node Keyboard, video, mouse unit (default position 23) Front filler panel Power switches (4 switches in 2 power sequencers) Front view Rear view Power inlets (4) with front label, “Sun Fire CGM”4 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Sun Rack 900 All of the Sun Fire V60x Compute Grid components and cabling are preinstalled in a Sun™ Rack 900. This rack is equipped with front and rear doors, and side covers. All Sun Fire V60x Compute Grid cables are precut, routed, and terminated in locations that provide minimal excess cable without impeding component access or replacement. The Sun Fire V60x Compute Grid is equipped with a full configuration of power distribution units and power sequencer units, which provide sufficient power outlets to cable all installed nodes. Each node has a separate 110/220 VAC power cord. The power cords are routed from the rear, with side-mounted outlet strips to minimize the impact on rear access to the components in the rack. There is minimal increase in load during rack power-on because all nodes are sequenced on in turn, minimizing the amplitude of power-on current spikes. Note – The four power cords that connect each rack to the AC outlets at your site must be ordered separately so that the correct connectors for your location are defined. For more detailed information about the Sun Rack 900, refer to the Sun Rack documentation set that is shipped with your Sun Fire V60x Compute Grid. Network Switches The Sun Fire V60x Compute Grid uses two 24-port Gigabit Ethernet switches to communicate with the network. Each of the Sun Fire V60x nodes is connected from its Eth1 port to a switch port using a Cat 5 Ethernet cable. You can optionally dedicate up to four of each switch’s ports to fiber-optic gigabit interface converters (GBICs). The two network switches in each rack are interconnected with preinstalled, 1.8-feet (.5-meter), 32-Gbps stacking cables connected to their stacking ports. Each network switch has two stacking ports on its rear panel (the rear panel of the network switch faces the front of the system rack). When you order a system with multiple racks, the network switches must be interconnected across the racks. You can order 9.8-feet (3-meter) stacking cables for this purpose. See “Multiple-Rack System” on page 9 for more information. For more detailed information about the network switches, refer to the third-party switch documentation that is shipped with your Sun Fire V60x Compute Grid.Chapter 1 Sun Fire V60x Compute Grid Rack System Hardware Overview and Installation 5 Terminal Server All nodes in the rack and the network switches are connected via their serial console ports to a 48-port terminal server. The terminal server ports use consistent RJ-45 serial port wiring standards. The terminal server can then be used to perform individual configuration functions remotely, if this is necessary. The terminal server provides normal Telnet access to a serial port using the telnet IP-address port-number protocol. For more detailed information about the terminal server, refer to the third-party terminal server documentation that is shipped with your Sun Fire V60x Compute Grid. The terminal server ports are assigned Telnet port numbers at the factory. TABLE 1-1 describes the port allocations. Cluster Grid Manager Node One node in the system, called the Cluster Grid Manager (CGM) node, acts as a deployment and management host. After it is configured and given an identity by your system administrator, the CGM node deploys software and monitors system activities for the entire compute grid. In addition, it monitors the status of the grid jobs by communicating with the grid master node. The CGM node is pre-installed with the operating system and Cluster Grid Manager software modules that enable the CGM node to act as the management host. For more detailed information about the system software components, see “Sun Fire V60x Compute Grid Software Components Overview” on page 16. Note – The CGM node is identifiable by a label on the front bezel that is marked, “Sun Fire CGM.” TABLE 1-1 Terminal Server Port Allocations Port Number Device Telnet Port Number 34 Network switch console 7034 33 Cluster Grid Manager node 7033 32 to 1 Compute nodes 7032 to 70016 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Grid Master Node Your system administrator designates one node in the system to be the grid master node. This can be any node in the system other than the CGM node, because it is a dedicated management node rather than a managed host. All grid processes interact through this node, which typically acts as the queue master responsible for distributing jobs to the grid compute nodes. If you install multiple rack configurations, no additional grid master nodes are needed; the grid master node of the first rack manages all subsequent racks. Compute Nodes The grid compute nodes act as slave nodes to the grid master node. The compute nodes accept tasks from the grid master node, process them to completion, then pass the results back to the grid master node for accumulation. The number of compute nodes in the rack can be configured when the system is ordered. A fully configured rack can contain 32 compute nodes, including the grid master node. The minimum number of grid compute nodes that are supported is 2 and the maximum number is 128 (in 4 racks). Keyboard, Video, Mouse Unit A keyboard, video monitor, and mouse (KVM) unit is included in the rack system and is precabled to the CGM node. This KVM is used for the initial configuration process by which the CGM node is configured with an IP address. After the initial configuration, the CGM node can be accessed through a remote serial connection to the terminal server.Chapter 1 Sun Fire V60x Compute Grid Rack System Hardware Overview and Installation 7 Cabling Information The Sun Fire V60x Compute Grid is shipped with all required cables already installed, routed, and connected in a cable harness assembly. The cables are labelled to make it easy to reconnect them if any come loose during shipping, or if components are subsequently replaced. Each cable-end is labeled with the device and port that it should connect to. For example, an Ethernet cable that connects Sun Fire V60x node #1 to network switch number one would have one end labeled, “V60x_1 eth0,” and the other end labeled, “Switch1 1.” Serial cables used for terminal server connections are RJ-45 to RJ-45 rollover cables (8-core, Cat 5 type Ethernet). Network cables used for network switch connections are RJ-45 to RJ-45 straight cables (8-core, Cat 5/5e type Ethernet). See TABLE 1-2 for the wiring specifications for the two types of cables. TABLE 1-2 Cable Wiring Specifications Serial Cable Pins (Rollover) Network Cable Pins (Straight) End A Pin End B Pin End A Pin End B Pin 1 8 1 1 2 7 2 2 3 6 3 3 4 5 4 4 5 4 5 5 6 3 6 6 7 2 7 7 8 1 8 88 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Single-Rack System The diagram in FIGURE 1-3 shows how the components of a system are interconnected. FIGURE 1-3 Single-Rack Cabling Diagram, Rear View To Telnet connection from terminal server To Ethernet connection from interconnected KVM unit connected to CGM node Serial connection from nodes to terminal server Ethernet connections from nodes to interconnected network AC power inputs (4) switches network switches KVM unit CGM nodeChapter 1 Sun Fire V60x Compute Grid Rack System Hardware Overview and Installation 9 Multiple-Rack System The two network switches in each rack are interconnected with preinstalled, 1.8-feet (.5-meter), 32-Gbps stacking cables connected to their stacking ports. Each network switch has two stacking ports on its rear panel (the rear panel of the network switch faces the front of the system rack). Refer to the network switch documentation that is shipped with your system for more information about switch stacking. When you order a system with multiple racks, the network switches must be interconnected across the racks. You can order 9.8-feet (3-meter) stacking cables for this purpose. The diagram in FIGURE 1-4 represents a system with four fully-populated racks and a suggested stacking-cable configuration. The network switches and their stacking ports are represented. This configuration would enable interconnection of the data in all racks and enable an aggregated uplink to the network from the base rack. FIGURE 1-4 Multiple-Rack Cabling Diagram Aggregated uplink to network Rack 1 (base rack) Rack 2 (expansion rack) Rack 3 (expansion rack) Rack 4 (expansion rack) CGM node KVM unit Switch-stacking interconnects with 32-Gbps bandwidth10 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Installing the System Hardware The installation site must meet specified requirements, which are described during the sales process with your organization. For reference, the environmental requirements are described in Appendix A. 1. Verify that your installation site complies with the environmental specifications as described in Appendix A. Site-planning specifications are discussed as a part of the sales process, but are included in this guide for reference and verification. 2. Unpack each system rack from its shipping carton and position it at the installation location. Refer to the “Sun Rack Unpacking Instructions” (816-6385), which is shipped with your system. 3. Mount each system rack, level the rack feet, and install the anti-tilt bar to the rack as desired. Refer to the “Sun Rack Installation Guide” (816-6386), which is shipped with your system. 4. Check that all preinstalled cable connections between system components are firmly connected. The cables are labelled to make it easy to reconnect them if any come loose during shipping, or if components are subsequently replaced. Each cable-end is labeled with the device and port that it should connect to. For example, an Ethernet cable that connects Sun Fire V60x node #1 to network switch number one would have one end labeled, “V60x_1 eth0,” and the other end labeled, “Switch1 1.” 5. Connect each system rack to four power outlets at your installation site, as follows. The system rack’s power distribution system consists of four inputs (two sets of two: AC_Grid_0 and AC_Grid_1), two power sequencers (A and B), two power strips, and connecting cables. See FIGURE 1-5 for a diagram. Each power input to the rack should be connected to a dedicated 20 Amp (North America) or 16 Amp (International) branch circuit. Individual outlets are grouped into sets of four. Each individual rack outlet has a maximum current rating of 10 Amps. However, each outlet group has a maximum current rating of 10 Amps also. In other words, the total current for a group of four outlets cannot exceed 10 Amps.Chapter 1 Sun Fire V60x Compute Grid Rack System Hardware Overview and Installation 11 FIGURE 1-5 Sun Rack 900 Power Distribution System Diagram a. Turn off the power to the branch circuits that will supply power to the system. b. Make sure both power sequencers in the rack are switched off. c. Connect one end of each of the provided power cables to a branch circuit. d. Connect the other end of each power cable to the rack’s power input panel. 6. Connect the system to the network by connecting an Ethernet cable at your site to the system’s network switch. Note – If you are installing expansion racks in addition to the base system rack, connect the base system (the rack with the CGM node) to the network and connect the expansion racks to the base system rack as shown in FIGURE 1-4. AC_Grid_0 AC_Grid_1 A B INPUT_A0 INPUT_A1 INPUT_B1 INPUT_B012 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Powering On the System 1. Power on the system rack as follows. a. Turn on power to the rack by switching on your site’s branch circuits. b. Turn on the four power sequencer switches on the front-right side of the rack.  The Power On indicator lights on both power sequencers should light.  The Power On indicator lights on both power strips should light. Power is automatically applied to the terminal server, network switch, and KVM unit. 2. Verify that the power is on in the network switches, terminal server, and KVM unit. It can take about a minute for the power indicator LEDs on the components to light. 3. Power on the CGM node, which is identifiable by its “Sun Fire CGM” label. a. If the front bezel is attached to the node, remove it by grasping the finger-hole at the left side of the bezel and swinging it open to the right until it disengages. b. Press and release the power button on the right-front of the node. See FIGURE 1-6 for the location of the power button. Note – If you are performing an initial installation, do not power on the other nodes of the system at this time. FIGURE 1-6 Sun Fire V60x Server Power and Reset Button Locations Power/Sleep button Reset buttonChapter 1 Sun Fire V60x Compute Grid Rack System Hardware Overview and Installation 13 4. Power on any expansion racks by repeating Step 1 and Step 3 for each expansion rack. Note – If you are performing an initial installation, do not power on the other nodes in the expansion racks at this time. 5. To continue with installation, go to “Setting Up the Sun Fire V60x Compute Grid Software” on page 21. Adding or Replacing Hardware Components You can order the following hardware component options and add them to the system after the initial installation:  Sun Fire V60x node  Network switches Tools Required The tools that are needed to add or replace Sun Fire V60x Compute Grid components in the rack are listed here:  Phillips-head screwdriver #1, used for attaching rack-mount kits  Phillips-head screwdriver #2, used for slide-rail securing screws Replacing Sun Rack Parts The Sun Rack Service Manual (816-6387) contains troubleshooting procedures, and removal and replacement procedures for the following rack parts:  Power sequencers  Power strips  Cable harnesses  Top panel The Sun Rack Service Manual is shipped with your system and is also available online at the following URL: http:\\docs.sun.com14 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Adding or Replacing a Sun Fire V60x Node The software configuration tasks required when adding or replacing a node differ, depending on how the node will be used in the system. Use the procedure listed here that is appropriate.  “Replacing a CGM Node” on page 14  “Replacing a Grid Master Node or Compute Node” on page 14 Replacing a CGM Node If you replace a CGM node, you must reload all of the software that was preloaded on the original node at the factory. If you need to replace a Sun Fire V60x node or a component inside the Sun Fire V60x node that acts as your CGM node, refer to the Sun Fire V60x and Sun Fire V65x Server Troubleshooting Guide and the Sun Fire V60x and Sun Fire V65x Server User Guide, which are included on the Sun Fire V60x and Sun Fire V65x Documentation CD (shipped with your system). These guides include instructions for removing and replacing Sun Fire V60x nodes in a Sun Rack 900, and for replacing internal node components. After you have replaced the node or node component, reload the operating system and Cluster Grid Manager software using the procedures in the Sun Fire V60x Compute Grid Rack System Release Notes (817-3074). Replacing a Grid Master Node or Compute Node If you need to replace a Sun Fire V60x node or a component inside the Sun Fire V60x node that acts as your grid master node, refer to the Sun Fire V60x and Sun Fire V65x Server Troubleshooting Guide and the Sun Fire V60x and Sun Fire V65x Server User Guide, which are included on the Sun Fire V60x and Sun Fire V65x Documentation CD (shipped with your system). After you have replaced the node or node component, you must use the Sun Control Station software on the CGM node to redefine the replacement node as a managed host, and as either the grid engine master host or as an execution host. Refer to the Sun Control Station 2.0 Administration Manual, which is included on the Sun Control Station 2.0 Software CD (shipped with your system), and “Configuring the Grid Engine Module” on page 53. Adding or Replacing a Network Switch If you need to replace a network switch, refer to the instructions that are shipped with the replacement switch for installation and configuration instructions.15 C H A P T E R 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation The Sun Fire V60x Compute Grid rack system is shipped with operating system and grid management software preinstalled to the Cluster Grid Manager (CGM) node. The grid master node and compute nodes are not shipped with preinstalled software. This chapter contains overview information and procedures for performing an initial setup and basic configuration of the system software components. The procedure for deploying the operating system to the grid master node and grid compute nodes is also included. The information in this chapter is organized into the following sections.  “Sun Fire V60x Compute Grid Software Components Overview” on page 16  “Setting Up the Sun Fire V60x Compute Grid Software” on page 21  “Information Required For Software Setup” on page 21  “Logging In and Setting Up the System Identity” on page 23  “Using the AllStart Module to Deploy Software” on page 27  “Adding Compute Nodes as SCS Managed Hosts” on page 50  “Configuring the Grid Engine Module” on page 5316 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Sun Fire V60x Compute Grid Software Components Overview The following diagram represents the software components that are preinstalled on the CGM node and how they are related. The sections that follow give brief descriptions of the components that are labeled in the diagram. FIGURE 2-1 Sun Fire V60x Compute Grid Software Components Red Hat Enterprise Linux ES (Enterprise Server Edition) Sun Control Station Cluster Grid Manager Installation and Setup Tools Sun Control Station AllStart module Sun Fire V60x Ethernet and SCSI Drivers Sun Control Station standard modules: Software Management, Health Monitoring, Performance Monitoring, Inventory, Lights-Out Management Sun ONE Grid Engine, Monitoring/Deployment Tools Sun Control Station Grid Engine module Sun Control Station Enterprise EditionChapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 17 Red Hat Enterprise Linux Operating System Red Hat Enterprise Linux (Enterprise Server Edition) is the Linux operating system that is preinstalled on the CGM node of the system. For detailed information about administering and customizing Linux operating system software, refer to the manual that was shipped with your Red Hat Enterprise Linux 2.1 media kit. Cluster Grid Manager Software As shown in FIGURE 2-1, the Cluster Grid Manager software is comprised of several components that supplement each other to enable you to install, set up, and monitor activities on your Sun Fire V60x Compute Grid. Sun Control Station and its standard control modules, plus the AllStart module and the Grid Engine module, comprise the Cluster Grid Manager interface that you use to administer your Sun Fire V60x Compute Grid. See FIGURE 2-2 for a sample Cluster Grid Manager main window. You access the Cluster Grid manager main window by using a browser to go to the IP address of your CGM node (for example, http:\\n.n.n.n, where n.n.n.n is the IP address of your CGM node). Instructions for setting up the CGM node so that it can be correctly accessed are described in “Logging In and Setting Up the System Identity” on page 23. Documentation for the Cluster Grid manager software components can be accessed with the Help button, which is the button with the question mark (?), in the upperright corner (see FIGURE 2-2). Sun Control Station Software Sun Control Station (SCS) is a server management and monitoring tool. Software control modules that are included with your system are easily accessed and controlled through the Cluster Grid Manager main window. There is both a server-side component and a client-side component for SCS.  The server-side component consists of two parts: A core framework that is the engine for executing control modules, and the built-in control modules themselves. This server-side component can be installed on any x86-based server running a qualified Linux operating system.  The client-side component, known as an agent, can run on both Linux and Solaris platforms.18 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 The standard control modules that are shipped with Sun Control Station are listed and described briefly here. All modules are accessed from the left-side panel in the Cluster Grid Manager main window (see an example in FIGURE 2-2). For detailed information about SCS software and the standard control modules that are integrated with it, refer to the Sun Control Station Administration Manual, (817- 3603). This manual and those for the control modules are accessed by clicking the Help button on the Cluster Grid Manager main window.  Software Management module This module enables you to manage software package files on your system. For example, you can view, download, and upload package files, view lists of required package files, and install and publish package files. See Sun Control Station Software Management Module (817-3611), which you can access with the Cluster Grid Manager Help button.  Health Monitoring module This module enables you to monitor the health status of your managed hosts according to parameters that you define. You can retrieve and view health-status data, verify network communication, and configure the parameters for health monitoring, including email alerts for critical system events. See Sun Control Station Health Monitoring Module (817-3607), which you can access with the Cluster Grid Manager Help button.  Performance Monitoring module This module enables you to view the performance of your managed hosts according to various parameters. You can view and update performance data for a host or group of hosts. See Sun Control Station Performance Monitoring Module (817-3610), which you can access with the Cluster Grid Manager Help button.  Inventory Module This module enables you to keep track of the hardware components in your system. You can view and update a summary inventory of the hardware components in a host or group of hosts. See Sun Control Station Inventory Module (817-3608), which you can access with the Cluster Grid Manager Help button.  Lights-Out Management module This module enables you to remotely perform certain management functions. For example, this module enables you to remotely power on and power off a host, perform a hardware reset, illuminate an LED for host identification, and view sensor data and the system event log. See Sun Control Station Lights-Out Management Module (817-3609), which you can access with the Cluster Grid Manager Help button. Note – Refer to the Sun Fire V60x Compute Grid Rack System Release Notes for a list of supported browsers and Java™ plug-ins for viewing SCS software.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 19 AllStart Module The AllStart module facilitates the installation of operating system software to the system nodes. This module integrates the KickStart utility of Linux. You can access the AllStart module through the Cluster Grid Manager main window. See Sun Control Station AllStart Module (817-3605), which you can access with the Cluster Grid Manager Help button. The AllStart control module provides a common user interface for creating operating system software payloads, defining client profiles, and deploying the software payloads to the clients. This module enables you to:  Select the distributions of operating systems to load onto a host  Select driver files to load onto a host  Create customized payloads made up of files and OS distributions  Create profiles containing client configuration information  Add client hosts on which the payloads and profiles are loaded, by using the Media Access Layer (MAC) address of the host Note – You can determine the MAC address for any node in the system by referring to the file, /usr/mgmt/diag/check.out, which is installed on your CGM node. The MAC addresses are listed by the node numbers that are assigned at the factory. The node numbers can be determined by the labels that are affixed to each node. Grid Engine Module The Grid Engine module is integrated with Sun ONE Grid Engine, Enterprise Edition (S1GEEE) software. The Grid Engine module deploys the S1GEEE software to the grid master node, which you can designate as the S1GEEE master host, and to the grid compute nodes, which you can designate as S1GEEE execution hosts. You can access the Grid Engine module and its functions through the Cluster Grid Manager main window. For basic instructions on using the Grid Engine module, refer to “Configuring the Grid Engine Module” on page 53. For more detailed information about the Grid Engine module, you can access the document, Sun Control Station Grid Engine Module (817-3606) with the Cluster Grid Manager Help button. S1GEEE documentation can also be accessed with the Cluster Grid Manager Help button.20 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-2 Sample Cluster Grid Manager Main WindowChapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 21 Setting Up the Sun Fire V60x Compute Grid Software The procedures in this section describe how to get the system software up and running during initial installation and login. For detailed information about customizing and administering your system after your installation, references to software documentation are provided. Information Required For Software Setup TABLE 2-1 shows the information that you will need to obtain from your site’s system administrator to complete the software setup for your system. Default settings are listed if they exist. The right-hand column is supplied for you to write down the settings that you will use for your site. Note – You can determine the MAC address for any node in the system by referring to the file, /usr/mgmt/diag/check.out, which is installed on your CGM node. The MAC addresses are listed by the node numbers that are assigned at the factory. The node numbers can be determined by the labels that are affixed to each node.22 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 TABLE 2-1 Software Setup Required Information System Setting Name Default Setting Setting For Your Site Terminal server IP address 192.168.160.10 Netmask 255.255.255.0 Gateway n/a CGM node IP address 192.168.160.5 Compute node 32 IP address n/a Compute node 31 IP address n/a Compute node 30 IP address n/a Compute node 29 IP address n/a Compute node 28 IP address n/a Compute node 27 IP address n/a Compute node 26 IP address n/a Compute node 25 IP address n/a Compute node 24 IP address n/a Compute node 23 IP address n/a Compute node 22 IP address n/a Compute node 21 IP address n/a Compute node 20 IP address n/a Compute node 19 IP address n/a Compute node 18 IP address n/a Compute node 17 IP address n/a Compute node 16 IP address n/a Compute node 15 IP address n/a Compute node 14 IP address n/a Compute node 13 IP address n/a Compute node 12 IP address n/a Compute node 11 IP address n/a Compute node 10 IP address n/a Compute node 9 IP address n/a Compute node 8 IP address n/a Compute node 7 IP address n/a Compute node 6 IP address n/a Compute node 5 IP address n/a Compute node 4 IP address n/a Compute node 3 IP address n/a Compute node 2 IP address n/a Compute node 1 IP address n/aChapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 23 Logging In and Setting Up the System Identity Note – Begin this procedure after you have powered on the system as described in “Powering On the System” on page 12. 1. Slide the KVM unit out from the rack until the video screen can be opened. The KVM is precabled directly to the CGM node. You should see the Red Hat Linux login display on the video screen. 2. Log in as root user at the Red Hat Linux login screen, using the default entries shown below. user: root password: admin 3. Open a terminal window and change the default Linux root password to a password of your choosing. Use the passwd command to change the root password on the system. 4. Configure an IP address for the system’s terminal server as follows: Note – No changes to routing tables are required if you leave the terminal server on the same subnet as the rest of the system components. If you put the terminal server on another subnet, you will have to update routing tables. a. Make a Telnet connection to the default IP address of the terminal server in your first rack. The default IP address of the terminal server is 192.168.160.10. The system has been preconfigured so that no changes to routing tables are required. telnet 192.168.160.10 Login: InReach Password: access b. At the InReach prompt, enter the enable command. InReach:0> enable c. Enter the following password when you are prompted. Password: system d. When the InReach prompt appears again, enter the config command. InReach:0>> config24 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 e. At the prompts, enter the following commands to configure the terminal server IP address. Config:0>> interface 1 Intf1-1:0>> address n.n.n.n Where n.n.n.n is an IP address compatible with your local network. You can safely ignore the message, Warning, interface active, which appears because you are about to change the interface. f. At the prompts, enter the following commands to configure the terminal server netmask setting. Intf1-1:0>> mask n.n.n.n Intf1-1:0>> exit Where n.n.n.n represents a netmask setting that is compatible with your local network. g. At the prompts, enter the following commands to configure the terminal server gateway setting. Config:0>> gateway n.n.n.n Config:0>> exit Where n.n.n.n represents a gateway setting that is compatible with your local network. It might take several seconds for the gateway setting to take effect. h. When the InReach prompt appears, save the changes with the following command. InReach:0>> save configuration flash i. At the InReach prompts, enter the exit command twice to return to the system’s root prompt. InReach:0>> exit InReach:0> exit 5. Configure an IP address for the CGM node as follows. a. Change to the network-scripts directory. # cd /etc/sysconfig/network-scripts/ b. Delete the ifcfg-eth0 file. # rm ifcfg-eth0 You can confirm the deletion by typing Y when prompted.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 25 c. Edit the ifcfg-eth1 file to read as follows, substituting your IP address, netmask, and gateway information. DEVICE=eth1 ONBOOT=yes BOOTPROTO=static IPADDR=n.n.n.n NETMASK=n.n.n.n GATEWAY=n.n.n.n Where n.n.n.n represents the respective settings that are compatible with your local network. Use vi or another file-editing tool, such as Gedit, which is supplied with your Gnome desktop (start Gedit by typing gedit at a command line). d. At the command line, use the following command to apply your changes. # service network restart 6. Verify that the IP addresses for the terminal server and CGM node are set correctly by pinging the address of the terminal server from the CGM node: ping n.n.n.n Where n.n.n.n represents the IP address of the terminal server. 7. After you have verified that the CGM node is visible on your network, start a browser and type the following URL. http://n.n.n.n Where n.n.n.n is the IP address that you assigned to the CGM node. Refer to The Sun Fire V60x Compute Grid Rack System Release Notes for a list of supported browsers and Java plug-ins for viewing SCS software. 8. Read the Sun Control Station license agreement that appears and accept the license agreement if you agree with the terms. A Sun Control Station Welcome page appears. 9. Go to the Sun Control Station login page for your CGM node by entering the URL in the format that is shown on the Welcome page: https://n.n.n.n:8443/sdui Where n.n.n.n is the IP address that you assigned to the CGM node. Note – The URL uses the https format.26 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 10. At the Sun Control Station login page (see FIGURE 2-3), log in as the SCS administrator using the default entries shown below, then click the Login button. User Name: admin Password: admin FIGURE 2-3 Sample Cluster Grid Manager Login Page 11. After the SCS main window opens (see FIGURE 2-2), change the default SCS admin password to a password of your choosing, as follows: a. In the left-side panel, click on Station Settings > Password. b. Enter the new password in the supplied fields, then click the Save button. The message, “Password changed successfully,” appears when the change is complete.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 27 Using the AllStart Module to Deploy Software The AllStart module deploys the software to the Sun Fire V60x clients. The following procedure provides a quick path through AllStart to accomplish this specific software deployment. For a complete description of the module, and instructions for using AllStart, refer to Sun Control Station 2.0 AllStart Module (817-3605) documentation provided with the AllStart module. Using the AllStart module to load software to system nodes consists of the following actions: 1. Creating the AllStart distributions. See “Creating AllStart Distributions” on page 28. 2. Creating a payload(s) from files and distributions. See “Creating AllStart Payloads” on page 30. 3. Creating a profile(s) containing configuration information. See “Creating AllStart Profiles” on page 33. 4. Creating and enabling clients to which you will load the payload. See “Creating and Enabling Clients” on page 41. 5. Defining network service settings for the network that your system is on. See “Defining Network Service Settings” on page 47. 6. Powering on or rebooting client nodes so that they network-boot and pull the payload from the Sun Control Station. See “Deploying Software Payloads to Compute Nodes” on page 49. The following sections walk you through each of these steps.28 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Creating AllStart Distributions You must first define the software distributions that you will later load to the compute nodes. 1. In the Cluster Grid Manager main window, select AllStart > Distributions from the left-side panel. The AllStart Distributions window appears on the right side of the screen. 2. Click on Add at the bottom of the AllStart Distributions window. The Upload Distribution From CDROM window appears on the right side of the screen. 3. In the Upload Distribution From CDROM window, fill in the fields to create a unique description for the distribution. See FIGURE 2-4 for an example. The CDROM Device field should contain /dev/cdrom as the default entry. FIGURE 2-4 Upload Distribution From CDROM Window 4. Insert the Linux CD 1 into the CGM node, then click Upload Now. A progress bar indicates the progress of the upload. If a file manager window opens when you insert the CD, you can close the file manager. 5. After the progress bar indicates that progress is 100%, click Done and remove the Linux CD 1 from the CGM node. You are prompted to insert the next CD.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 29 6. Insert the next CD in your Linux distribution, then click Continue. 7. Continue loading CDs when prompted until you have loaded the last CD in your Linux distribution, then click Done. When uploading is complete, the distribution that you created appears in the list in the AllStart Distributions window. See FIGURE 2-5 for an example. FIGURE 2-5 AllStart Distributions Window 8. Continue with “Creating AllStart Payloads” on page 30.30 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Creating AllStart Payloads After the required distributions are available, use AllStart to create payloads that will be deployed to the compute nodes. 1. In the Cluster Grid Manager main window, select AllStart > Payloads in the leftside panel. The AllStart Payloads window appears on the right side of the screen. 2. In the AllStart Payloads window, click Add. The Create AllStart Payload window appears on the right side of the screen. See FIGURE 2-6 for an example. FIGURE 2-6 Create AllStart Payload Window 3. In the Create AllStart Payload window, create the payload by filling in the fields and selecting the Linux distribution that you created. 4. When you are finished, click Next. The AllStart Payload Distribution Specific Options window appears on the right side of the screen. See FIGURE 2-7 for an example.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 31 FIGURE 2-7 AllStart Payload Distribution Specific Options Window 5. In the Distribution Groups To Include list, select the groups that you require for the applications that you will use and move them to the Groups Loaded column. You can select all groups by selecting the “Everything” option and moving it to the Groups Loaded column. 6. In the Files to Include list, verify that the Files Loaded selection list includes the base-mgmt-agent RPM file. If this file is not included, select it from the Files Not Loaded column and move it to the Files Loaded column. 7. Verify that the check-box for Sun Fire V60x/V65x server installation is selected. This selection ensures that the required drivers for the Sun Fire V60x server are included. 8. When you are finished, click Save. The payload is created, with the name you gave it. 9. Wait until the progress bar indicates 100%, then click Done. When payload creation is complete, the payload that you created appears in the list in the AllStart Payloads window. See FIGURE 2-8 for an example.32 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-8 AllStart Payloads Window 10. Continue with “Creating AllStart Profiles” on page 33.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 33 Creating AllStart Profiles After the payloads have been defined, use AllStart to create installation profiles for the compute nodes. 1. From the left-hand menu click on AllStart > Profiles. The AllStart Profiles window appears. 2. Click on Add at the bottom of the AllStart Profiles window. The Add AllStart Profile window appears on the right side of the screen. 3. Create the AllStart profile by defining the options in the series of windows that appear. Note – As you work through the series of windows to create the profile, you can accept the defaults or customize your system except for any required entries and selections listed in the following steps. a. In the Add AllStart Profile window, select the settings that are appropriate for your site (see FIGURE 2-9 for an example). Click Next when you are finished. Note – If you use the KVM unit that is provided with the system, you must select “U.S. English” as the Keyboard type. FIGURE 2-9 Add AllStart Profile Window34 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 b. In the Edit Boot Loader Options window, verify that the following required entries are selected (see FIGURE 2-10 for an example). Click Next when you are finished.  Install Boot Loader: Select  Choose Boot Loader: LILO  LILO Option, Use Linear Mode: Do not select  LILO Option, Force Use of lba32 Mode: Select FIGURE 2-10 Edit Boot Loader Options Window (AllStart Profiles)Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 35 c. In the Partition Options window, verify that the following required options are selected (see FIGURE 2-11 for an example). Click Next when you are finished.  Master Boot Record: Clear Master Boot Record  What Do You Want Done With Existing Partitions?: Remove All Existing Partitions  What Do You Want Done With Disk Label?: Initialize the Disk Label FIGURE 2-11 Partition Options Window (AllStart Profiles) d. Use the Disk Partition Information window to create the partitions you require on the client node that you are installing to, as follows: i. In the Disk Partition Information window, click Add. The Partition Options window appears, where you define the parameters for one disk partition. ii. Create your first disk partition by defining the partition parameters, then click Save when you are done. See FIGURE 2-12 for an example. After you click save, you are returned to the Disk partition Information window, where the partition you created appears in the list (see FIGURE 2-13). iii. To create another partition, click Add again in the Disk Partition Information window and define another partition as in Step ii.36 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-12 Partition Options Definition Window (AllStart Profiles) Three different example partition configurations are listed as follows:  Partition example 1:  Mount Point: /  File System Type: ext3  Size MB: 5000  Fixed Size: Select  Make Partition On Specific Drive: sda  Partition example 2:  Mount point: /boot  File System type: ext3  SizeMB: 100 Fixed Size: Select  Make Partition On Specific Drive: sda  Partition example 3:  Mount point: swap  File System type: swap  Size MB: 2048  Fixed Size: Select  Make Partition On Specific Drive: sdaChapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 37 FIGURE 2-13 Disk Partition Information Window (AllStart Profiles) iv. After you have created all your partitions, click Next on the Disk Partition Information window. e. In the Edit Authentication Information window, verify that the following required options are selected (see FIGURE 2-14 for an example). Click Next when you are finished.  Enable shadow passwords: Y  Enable MD5: Select38 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-14 Edit Authentification Information Window (AllStart Profiles) f. In the X Config Options window, make the selection that you require (see FIGURE 2-15 for an example). Click Next when you are finished. FIGURE 2-15 X Config Options Window (AllStart Profiles)Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 39 g. In the Edit Custom Script Options window, verify that the following required options are selected (see FIGURE 2-16 for an example). Click Save when you are finished. These scripts enable serial redirection.  lilo_remove_boot_msg.sh: Select  lilo_add_console.sh: Select The profile is created. FIGURE 2-16 Edit Custom Script Options Window (AllStart Profiles) 4. Wait until the progress bar indicates 100%, then click Done. When profile creation is complete, the profile that you created appears in the list in the AllStart Profiles window. See FIGURE 2-17 for an example.40 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-17 AllStart Profiles Window 5. Continue with “Creating and Enabling Clients” on page 41.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 41 Creating and Enabling Clients After the installation profiles have been defined, use AllStart to create and enable clients to which the payload will be deployed. 1. From the left-hand menu click AllStart > Clients. The AllStart Clients window opens. 2. Click on Add at the bottom of the window. The Create AllStart Client window appears in the right side of the screen. 3. In the Create AllStart Client window, create the client by defining the information for the node to which you will be loading the payload (see FIGURE 2-18 for an example). Verify that the following required options are selected:  Install Type: http  Console: ttyS1  Serial Console Baud: 9600  Install Network Device: eth1  Payload: Select the payload you created for this installation  Profile: Select the profile you created for this installation Note – You can get the MAC address for any node in the system by referring to the file, /usr/mgmt/diag/check.out, which is installed on your CGM node. The MAC addresses are listed by the node numbers that are assigned at the factory. The node numbers can be determined by the labels that are affixed to each node. Note – The Install IP Address field allows you to define an IP address for the client node that is temporary and that can be used for the AllStart installation only. To give you flexibility, this address can be the same or different than the permanent IP address that the node receives for normal use.42 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-18 Create AllStart Client Window 4. When you are finished defining the Client options, click Next. The Network Interfaces window appears. 5. In the Network Interfaces window, click Add. The Enter Network Interface Information window appears.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 43 6. In the Enter Network Interface Information window, create the network interface by defining the information for the node to which you will be loading the payload (see FIGURE 2-19 for an example). Verify that the following required options are selected:  Network device: eth1  Network Type: Static IP Note – When you enter a host name, use the short host name format, not the full host name format that would include the domain name. FIGURE 2-19 Enter Network Interface Information Window (AllStart Clients) 7. When you are finished defining the network interface, click Save. You are returned to the Network Interfaces window. The network interface that you created is listed (see FIGURE 2-20 for an example).44 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-20 Network Interfaces Window (AllStart Clients) 8. In the Network Interfaces window, click Save. A progress bar indicates the progress of the network interface creation. 9. When the progress bar indicates 100%, click Done. You are returned to the AllStart Clients page. The client that you created is listed (see FIGURE 2-21 for an example).Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 45 FIGURE 2-21 AllStart Clients Window 10. In the AllStart Clients window, select the clients that you want to enable, then click Enable. A progress bar indicates the progress of the client enabling. 11. When the progress bar indicates 100%, click Done. The client entry is enabled so that it is visible to that node in the system. Enabled clients are indicated by a Y character under the Enabled heading on the AllStart Clients window. See FIGURE 2-22 for an example.46 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-22 AllStart Clients Window With Enabled Client 12. Repeat Step 3 through Step 11 for all nodes in your system. 13. Continue with “Defining Network Service Settings” on page 47.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 47 Defining Network Service Settings 1. In the Cluster Grid Manager main window, select AllStart > Service from the leftside panel. The AllStart Current Service Settings window appears on the right side of the screen. 2. Click Modify. The Modify Service Settings window appears. 3. In the Modify Service Settings window, make the following required settings (see FIGURE 2-23 for an example):  DHCP Enabled: Select  DHCP Interface: eth1 FIGURE 2-23 Modify Service Settings Window 4. When you are finished with the settings, click Save. A progress bar indicates the progress of the service setting. 5. When the progress bar indicates 100%, click Done. The settings that you made are shown in the AllStart Current Service Settings window (see for an example).48 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-24 AllStart Current Service Settings Window 6. Continue with “Deploying Software Payloads to Compute Nodes” on page 49.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 49 Deploying Software Payloads to Compute Nodes After you have created clients to which you will deploy payloads, you start the deployment by powering on or resetting the client nodes. 1. In a terminal window, telnet to the terminal server IP address and port that corresponds to the node to which you are deploying software. # telnet n.n.n.n 70xx Where n.n.n.n is the IP address of the terminal server and xx is the two-digit number that corresponds to the number of the node to which you are deploying software (see the following note). Note – The nodes of the system are assigned a number in the factory and this number is indicated by a label on each node. The ports of the terminal server are assigned a four-digit number that always starts with 70 and ends with the two-digit number that corresponds to the node the port is attached to at the factory. For example, node #2 is attached to port 7002 and node #30 is attached to port 7030. 2. Power on or reset the client node to start the deployment of the payload that was selected in the client profile.  If the node contains no OS yet, power on the node by pressing the Power button. The node automatically boots from the network and pulls the payload from the CGM node.  If an OS was previously installed on the node, perform the following steps: a. Press the Reset button on the node (see FIGURE 2-25). b. When a prompt appears with the option to press F2 to enter setup, press Escape to initiate a network boot. c. When you are prompted to select the boot device, select IBA 1.1.08 slot 0338 and press Return. The client node pulls the payload from the CGM node. FIGURE 2-25 Sun Fire V60x Server Power and Reset Button Locations Reset button Power/Sleep button50 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 3. Wait until the deployment progress indicator messages are finished and the terminal window returns to a login prompt. 4. When you are finished downloading the payload to the client node, reboot the client node (if it does not reboot automatically). Repeat this procedure for each client node to which you are deploying software. Adding Compute Nodes as SCS Managed Hosts Use the following procedure to define the compute nodes of your system as SCS managed hosts. Note – Before you can deploy the Sun ONE Grid Engine, Enterprise Edition software to the system compute nodes so that they can be managed as a grid, you must first add the nodes as Sun Control Station managed hosts. Note – You cannot add the CGM node as an SCS managed host because it is the dedicated management node of the system, from which SCS managed hosts are managed. 1. In the Cluster Grid Manager main window, select Administration > Hosts from the left-side panel. The Managed Hosts window appears on the right side of the screen. 2. In the Managed Hosts window, click Add. The Add Host window appears. 3. In the Add Host window, define the settings for the node that you are defining as an SCS managed host. See FIGURE 2-26 for an example. 4. Verify that the Install All Possible Modules box is selected. This ensures that all of the SCS agents are installed on the newly managed host.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 51 FIGURE 2-26 Add Host Window 5. When you are finished with the settings, click Add Host. A progress bar indicates the progress of the managed host addition. 6. When the progress bar indicates 100%, click Done. You are returned to the Managed Hosts window. The managed host you added is listed (see FIGURE 2-27 for an example).52 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-27 Managed Hosts Window 7. Repeat this procedure for all compute nodes in your system.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 53 Configuring the Grid Engine Module The Compute Grid software module provides the following main functions.  Deployment of the Sun™ ONE Grid Engine, Enterprise Edition (S1GEEE)  High-level monitoring of system tasks  Uninstall of the S1GEEE software Note – Before you can manage the compute nodes of your system with S1GEEE software, you must add the nodes as SCS managed hosts. See “Adding Compute Nodes as SCS Managed Hosts” on page 50. Deploying the Sun ONE Grid Engine Software The Grid Engine module automatically deploys S1GEEE to any number of selected nodes on the compute grid. It deploys the S1GEEE master host onto a grid master node of your choosing (see “Grid Master Node” on page 6), and then deploys S1GEEE execution hosts onto specified compute nodes (see “Compute Nodes” on page 6). You can also choose to uninstall an execution host at a later time, or uninstall all hosts, including the master host. You can then later reinstall a host on any systems. Note – The Grid Engine module deploys only a dedicated S1GEEE master host system. Unless you plan to have relatively low job throughput on your grid, it is not recommended to use the S1GEEE master host system also as an execution host. However, if you would like to make use of the CPUs on the grid master node to perform compute tasks, you can manually deploy S1GEEE execution host software onto the grid master node. If you wish to remove this functionality at a later point, this must also be done manually. (However, if you choose to uninstall all systems, it is not necessary to remove the execution host functionality from the grid master node before uninstalling all systems.) These procedures are recommend only for experienced S1GEEE users. For more information, S1GEEE documentation can be accessed with the Cluster Grid Manager help button.54 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Defining the Sun ONE Grid Engine Master Host To use the Grid Engine module to deploy a S1GEEE master host (grid master node), perform the following steps. 1. In the Cluster Grid Manager main window, click on the Grid Engine menu item in the left-hand menu. A drop-down menu of choices for the Grid Engine module appears. 2. Click on Install Master. If this is an initial installation, a license agreement appears. 3. Read any license agreement that appears and accept it if you agree with the terms. Note – You are instructed on-screen to click on Install Master again after accepting the license agreement. The Install Sun ONE Grid Engine Master window appears. 4. In the Install Sun ONE Grid Engine Master window, select one node from the list of managed hosts to act as the S1GEEE master host (grid master node). See FIGURE 2-28 for an example. FIGURE 2-28 Install Sun ONE Grid Engine Master WindowChapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 55 5. Click on Install. A progress bar indicates the progress of the S1GEEE software deployment to the node. Note – You can define only one grid master node for each system (including expansion racks with up to 128 nodes). If you try to install a second grid master node, the system instructs you to first uninstall the current grid master node. 6. When the progress bar indicates 100%, click Done. The browser is directed to the Install Sun ONE Grid Engine Compute Hosts window. Defining the Sun ONE Grid Engine Compute Hosts To use the Grid Engine module to define S1GEEE compute hosts (compute nodes), perform the following steps. Note – You can only install execution hosts after installing a master host. If you try to install execution hosts without first defining a master host, the system instructs you to first install the master host. 1. In the Cluster Grid Manager main window, click on the Grid Engine menu item in the left-hand menu. A drop-down menu of choices for the Grid Engine module appears. 2. Click on Install Host. The Install Sun ONE Grid Engine Compute Hosts window appears. 3. Select the nodes that you want to include in the S1GEEE grid. Unless you want to dedicate a system for non-grid tasks, select all systems by clicking Select All. See FIGURE 2-29 for an example.56 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 FIGURE 2-29 Install Sun ONE Grid Engine Compute Hosts Window 4. Click on Install. The S1GEEE software is deployed to each selected node in sequence and a progress bar indicates the progress of the software deployment. 5. When the progress bar indicates 100%, click Done. When you are finished with installing, your browser is redirected to the Grid Engine Monitor page (see “Monitoring Compute Grid Tasks” on page 57). If, at a later point, you wish to add more nodes to the S1GEEE grid, you can return to the Install Compute Hosts page by clicking on the Grid Engine > Install Compute Hosts menu item in the left-side panel.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 57 Monitoring Compute Grid Tasks When you are finished with installation procedure, your browser is redirected to the Monitor page. From this page, you can view various S1GEEE statistics on your Sun Fire V60x Compute Grid. These include:  The number of pending, running, and suspended jobs  The load on each execution host  The current statistics for each queue that has been configured  The average load across all compute nodes in the grid, and the used and total memory across all nodes in the grid The Monitor page is automatically refreshed every two minutes. The information on the page is drawn from a database that is updated every two minutes. For every statistic, a time stamp is given to indicate when the statistic was last updated. You can always return to the Monitor page by clicking the Grid Engine > Monitor menu item in the left-side panel. See FIGURE 2-2 for a sample Monitor window. FIGURE 2-30 Grid Engine Monitor Window58 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Uninstalling Sun ONE Grid Engine Software You can uninstall Sun ONE Grid Engine software, either from individual S1GEEE execution hosts, or from all hosts in the S1GEEE grid, including the S1GEEE master host. Note – You cannot uninstall only the S1GEEE master host, since it is not possible to operate S1GEEE execution hosts without an S1GEEE master host. After you have uninstalled an S1GEEE execution host, Sun Fire V60x Compute Grid tasks are no longer sent to that node for execution. However, the other installed modules, such as Inventory, Health, and Performance, continue to operate as before. Any other software that has been installed on that system should also continue to operate normally. Uninstalling One or More Sun ONE Grid Engine Execution Hosts 1. In the Cluster Grid Manager main window, click on the Grid Engine module menu item in the left-hand menu. A drop-down menu of choices for the Grid Engine module appears. 2. Click on Uninstall Nodes. 3. Select one or more nodes from which to uninstall S1GEEE software. 4. Ensure that no jobs are running on the systems to be uninstalled. Refer to Sun Grid Engine, Enterprise Edition 5.3 Administration and User’s Guide (816- 4739) for instructions on managing queues. Note – Any jobs that are currently running on the nodes that you have selected for uninstall are terminated. If the jobs are marked as “re-runnable”, they are automatically resubmitted to the S1GEEE grid for execution elsewhere. However, if they are marked as “not re-runnable,” then they are not rescheduled and are not automatically run elsewhere. For more information, S1GEEE documentation can be accessed with the Cluster Grid Manager help button. 5. Click on Uninstall. The S1GEEE software is shutdown and removed from the selected systems, and the S1GEEE master host is instructed to remove those execution hosts from the S1GEEE system.Chapter 2 Sun Fire V60x Compute Grid Rack System Software Overview and Installation 59 Uninstalling the Entire Sun ONE Grid Engine 1. In the Cluster Grid Manager main window, click on the Grid Engine module menu item in the left-hand menu. A drop-down menu of choices for the Grid Engine module appears. 2. Click on Uninstall Everything. Note – Do not go to the next step until you are certain that you want to terminate all running jobs and remove all record of previous jobs. 3. Click on Uninstall. This immediately terminates all running jobs, removes all S1GEEE software from all nodes in the S1GEEE, and removes all record of previously run jobs and all record of S1GEEE utilization.60 Sun Fire V60x Compute Grid Rack System Installation Guide • October 200361 A P P E N D I X A Product Specifications This appendix contains product specifications, organized into the following sections:  “Power Specifications” on page 61  “Physical Dimensions” on page 62  “Environmental Requirements” on page 63 Power Specifications The following table lists the system power specifications. TABLE A-1 Sun Fire V60x Compute Grid Power Specifications Parameter Value Nominal voltage 200, 208, 220, 230, or 240 VAC Operating voltage Single-phase 180 to 240 VAC Frequency 47 to 63 Hz Current Maximum 64Amps (4 x 16Amps) Nominal 40Amps(4 x 10Amps), fully populated rack AC plug NEMA L6-20P Domestic U.S.A. IEC 309 16A 3-position International AC plugs required Four AC plugs required per rack62 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Physical Dimensions The following table lists the physical dimensions of the system. TABLE A-2 Sun Fire V60x Compute Grid Physical Dimensions Parameter value Dimensions 74 inches height x 23.5 in. width x 35.4 in. depth (188 centimeters height x 60 cm width x 90 cm depth) Weight (fully populated rack) 1600 pounds (727 kilograms) Rack units 38 Single rack unit dimensions 1.75 inches height x 19 in. width x 23.6 in. depth (4.45 centimeters height x 48.26 cm width x 60 cm depth)Appendix A Product Specifications 63 Environmental Requirements This section contains the environmental requirements for a fully-populated, singlerack Sun Fire V60x Compute Grid rack system. The requirements are described in two separate tables for the 2.8-GHz CPU Compute Grid rack system and the 3.06-GHz CPU Compute Grid rack system. Refer to either of the following two tables:  TABLE A-3, 2.8-GHz CPU Compute Grid Environmental Specifications  TABLE A-4, 3.06-GHz CPU Compute Grid Environmental Specifications TABLE A-3 2.8 GHz CPU Sun Fire V60x Compute Grid Environmental Specifications Parameter Operating Non-Operating Temperature 86°F maximum ambient temperature at 0 feet elevation (30°C maximum ambient temperature at 0 meters elevation) -40°F to 158°F (-40°C to 65°C) Altitude Up to 9000 feet, maximum ambient temperature derated by 1.8°F per 1500 feet rise in elevation above 0 feet. (Up to 3000 meters, maximum ambient temperature derated by 1°C per 500 meter rise in elevation above 0 meters.) Up to 35000 feet (Up to 12000 meters) Humidity 10% to 90% relative humidity at 80°F maximum wet bulb, non-condensing. (10% to 90% relative humidity at 27°C maximum wet bulb, non-condensing.) 10% to 90% relative humidity Vibration .25 g’s 5Hz to 500Hz to 5Hz, 1.0 octaves per minute, swept-sine 5 sweeps in X, Y, and Z. n/a64 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 TABLE A-4 3.06 GHz CPU Sun Fire V60x Compute Grid Environmental Specifications Parameter Operating Non-Operating Temperature 77°F maximum ambient temperature at 0 feet elevation (25°C maximum ambient temperature at 0 meters elevation) -40°F to 158°F (-40°C to 65°C) Altitude Up to 4500 feet, maximum ambient temperature derated by 1.8°F per 1000 feet rise in elevation above 0 feet. (Up to 1500 meters, maximum ambient temperature derated by 1°C per 300 meter rise in elevation above 0 meters.) Up to 35000 feet (Up to 12000 meters) Humidity 10% to 90% relative humidity at 80°F maximum wet bulb, non-condensing. (10% to 90% relative humidity at 27°C maximum wet bulb, non-condensing.) 10% to 90% relative humidity Vibration .25 g’s 5Hz to 500Hz to 5Hz, 1.0 octaves per minute, swept-sine 5 sweeps in X, Y, and Z. n/a65 Index Numerics 2.8 GHz CPU system environmental requirements 63 3.06 GHz CPU system environmental requirements 64 A adding hardware components 13 adding managed hosts to Sun Control Station 50 AllStart module Clients, creating 41 deploying payloads procedure 49 deploying software to nodes 27 Distributions, creating 28 overview 19 Payloads, creating 30 Profiles, creating 33 Service Settings, defining 47 B button, Help 17 button, power 12 button, reset 49 C cables diagram, multiple-rack 9 diagram, single-rack 8 labeling 7 network cable pins 7 overview information 7 serial cable pins 7 cabling diagram, multiple-rack 9 cabling diagram, single rack 8 CGM node, see Cluster Grid Manager node Clients, creating in AllStart module 41 Cluster Grid Manager node configuring IP address 24 default IP address 22 overview information 5 Cluster Grid Manager software Help button 17 overview of components 17 Sun Control Station 17 compute hosts, defining in Grid Engine 55 compute nodes overview information 6 compute nodes, see also Grid Engine compute hosts connecting power source 1166 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 D deploying software with AllStart module 27 Distributions, creating in AllStart module 28 documentation online URL ix references for replacement procedures 13 related vi E electrical specifications 61 environmental requirements, 2.8 GHz system 63 environmental requirements, 3.06 GHz system 64 Ethernet cable pins 7 F flowchart of installation tasks 2 G gateway, configuring 24 Grid Engine compute hosts, see also compute nodes Grid Engine master host, see also grid master node Grid Engine module compute hosts, defining 55 configuring 53 master host, defining 54 monitoring grid tasks 57 overview 19 uninstalling entire grid engine 59 uninstalling execution hosts 58 grid master node overview information 6 grid master node, see also Grid Engine master host H hardware adding or replacing 13 installation procedure 10 overview diagram 3 tools required 13 Health Monitoring module 18 Help button location 17 I information required for software setup 22 initial login procedure 23 installation tasks flowchart 2 installing system hardware 10 Inventory module 18 IP address configuration for Cluster Grid Manager node 24 IP address configuration for terminal server 23 K keyboard, video, mouse unit cabling 8 overview information 6 position 3 KVM unit, see keyboard, video, mouse unit 6 L labels on cabling 7 Lights-Out Management module 18 Linux operating system overview 17 logging in the first time 23 M managed hosts, adding 50 master host, defining in Grid Engine 54 modules, see Sun Control Station software monitoring Grid Engine tasks 57 multiple-rack cabling diagram 9Index 67 N netmask, configuring 24 network cable pins 7 network service settings, defining in AllStart module 47 network switches overview 4 nodes 49 adding or replacing 13 Cluster Grid Manager IP address 22 Cluster Grid Manager node 5 compute nodes 6 defining compute nodes 55 defining grid master host 54 grid master node 6 power button 12 supported number 6 O online documentation URL ix P password, changing for Sun Control Station 26 Payloads, creating in AllStart module 30 Performance Monitoring module 18 physical dimensions 62 port number allocations on terminal server 5 power connecting power source 11 inputs location 8 node power button 12 node reset button 49 powering on sequence 12 rack distribution system diagram 11 rack distribution system overview 10 specifications 61 preinstalled software, see software product specifications 61 Profiles, creating in AllStart module 33 R rack overview information 4 power distribution system overview 10 power inputs location 8 replacing components 13 Red Hat Linux overview 17 related documentation vi relation of software components, diagram 16 replacing hardware components 13 reset button on node 49 RJ-45 cable specifications 7 S S1GEEE, see Sun ONE Grid Engine, Enterprise Edition SCS, see Sun Control Station software serial cable pins 7 Service Settings, defining in AllStart module 47 single-rack cabling diagram 8 site-planning requirements, 2.8 GHz system 63 site-planning requirements, 3.06 GHz system 64 software Cluster Grid Manager overview 17 diagram of components 16 information required for setup 21 initial login procedure 23 overview of preinstalled software 16 Red Hat Linux overview 17 setting up procedures 21 Sun Control Station 17 Sun ONE Grid Engine Enterprise Edition software Help 17 Software Management module 18 specifications 61 environmental requirements, 2.8 GHz system 63 environmental requirements, 3.06 GHz system 64 physical dimensions 62 power 61 stacking switches 968 Sun Fire V60x Compute Grid Rack System Installation Guide • October 2003 Sun Control Station software adding managed hosts 50 AllStart module 19 AllStart module, using to deploy software 27 changing password 26 Grid Engine module configuration 53 Grid Engine module overview 19 Health Monitoring module 18 Inventory module 18 Lights-Out Management module 18 Performance Monitoring module 18 Software Management module 18 standard modules overview 17 Sun Fire V60x node, see nodes Sun ONE Grid Engine, Enterprise Edition overview 53 Sun Rack 900, see rack switches interconnects 9 overview information 4 position 8 replacing 13 stacking 9 system hardware diagram 3 T table of setup information requirements 22 Telnet port allocations 5 terminal server configuring gateway 24 configuring IP address 23 configuring netmask 24 default IP address 22 default netmask 22 overview information 5 port numbers 5 position 8 tools required for component replacement 13 U uninstalling entire grid engine 59 uninstalling Grid Engine execution hosts 58 Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. 650-960-1300 Submit comments about this document at: http://www.sun.com/hwdocs/feedback Sun Fire™ V60x Compute Grid Rack System Release Notes Part No. 817-3074-11 October 2003, Revision APlease Recycle Copyright 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. THIS PRODUCT CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF SUN MICROSYSTEMS, INC. USE, DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF SUN MICROSYSTEMS, INC. This document and the product to which it pertains are distributed under licenses restricting their use, copying, distribution, and decompilation. No part of the product or of this document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. This distribution may include materials developed by third parties. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Sun ONE, the Sun ONE logo, Sun Fire, AnswerBook2, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and in other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and in other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements. Products covered by and information contained in this manual are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical/ biological weapons, or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo, or to entities identi?ed on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists, is strictly prohibited. Use of any spare or replacement CPUs is limited to repair or one-for-one replacement of CPUs in products exported in compliance with U.S. export laws. Use of CPUs as product upgrades, unless authorized by the U.S. Government, is strictly prohibited. DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Copyright 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés. CE PRODUIT CONTIENT DES INFORMATIONS CONFIDENTIELLES ET DES SECRETS COMMERCIAUX DE SUN MICROSYSTEMS, INC. SON UTILISATION, SA DIVULGATION ET SA REPRODUCTION SONT INTERDITES SANS AUTORISATION EXPRESSE, ECRITE ET PREALABLE DE SUN MICROSYSTEMS, INC. Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribution, et la décompilation. Aucune partie de ce produit ou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y ena. Cette distribution peut comprendre des composants développés par des tierces parties. Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié par des fournisseurs de Sun. Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l’Université de Californie. UNIX est une marque déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Sun ONE, the Sun ONE logo, Sun Fire, AnswerBook2, docs.sun.com, Java, et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d’autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d’autres pays. Les produits protant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc. Ce produit est soumis à la législation américaine en matière de contrôle des exportations et peut être soumis à la règlementation en vigueur dans d’autres pays dans le domaine des exportations et importations. Les utilisations , ou utilisateurs ?naux, pour des armes nucléaires, des missiles, des armes biologiques et chimiques ou du nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou reexportations vers les pays sous embargo américain, ou vers des entités ?gurant sur les listes d’exclusion d’exportation américaines, y compris, mais de manière non exhaustive, la liste de personnes qui font objet d’un ordre de ne pas participer, d’une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la législation américaine en matière de contrôle des exportations et la liste de ressortissants spéci?quement désignés, sont rigoureusement interdites. L’utilisation de pièces détachées ou d’unités centrales de remplacement est limitée aux réparations ou à l’échange standard d’unités centrales pour les produits exportés, conformément à la législation américaine en matière d’exportation. Sauf autorisation par les autorités des Etats-Unis, l’utilisation d’unités centrales pour procéder à des mises à jour de produits est rigoureusement interdite. LA DOCUMENTATION EST FOURNIE "EN L’ÉTAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON.Contents iii Contents Sun Fire V60x Compute Grid Rack System Documentation Set Summary 2 Software Recovery Procedures 3 Recovering Red Hat Enterprise Linux 2.1 3 Reinstalling the Operating System Software 3 Reconfiguring the Operating System Software 10 Cluster Grid Manager Software Recovery 11 Reinstalling Sun Control Station 2.0 Software 11 Reconfiguring the Java Plug-In Version For Mozilla 12 Installing the SCS Grid Engine Module 14 Installing Custom Scripts For Advanced Users 15 Using Scripts to Automate Installation Tasks 16 Using Scripts to Recreate a Lost check.out File 16 Using Scripts to Auto-Populate the AllStart Clients List 17 Using Scripts to Force All Nodes to Network Boot 18 Using Scripts to Add All Nodes as SCS Managed Hosts 19 Sun ONE Grid Engine Notes 20 AllStart Client Host Name Limitations 20 Grid Engine Settings 20 Grid Engine Configuration 21iv Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 Important Notes 22 Location of Kickstart Files For AllStart Clients 22 PXE Network Booting Conflict With LAN Management 22 Supported Browsers and Plug-Ins 231 Sun Fire V60x Compute Grid Rack System Release Notes These release notes supplement the information in the Sun Fire V60x Compute Grid Rack System Installation Guide (817-3072). The information is organized into the following sections:  “Sun Fire V60x Compute Grid Rack System Documentation Set Summary” on page 2  “Software Recovery Procedures” on page 3  “Using Scripts to Automate Installation Tasks” on page 16  “Sun ONE Grid Engine Notes” on page 20  “Important Notes” on page 22  “Supported Browsers and Plug-Ins” on page 232 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 Sun Fire V60x Compute Grid Rack System Documentation Set Summary In addition to the documents created for the installation of the Sun Fire V60x Compute Grid system, many other documents are provided to supplement the information and to provide detailed information about system components after installation. This section provides a summary of the document set. For a full list of the documents shipped with the system, see “Related Documentation” in the Preface of the Sun Fire V60x Compute Grid Rack System Installation Guide (817-3072).  Sun Fire V60x Compute Grid Rack System documents: Use these documents for initial system installation, power-on, and software setup. These two documents are shipped in hard copy with your system.  Sun Fire V60x Compute Grid Rack System Installation Guide (817-3072)  Sun Fire V60x Compute Grid Rack System Release Notes (817-3074)  Sun Rack 900 documents: Use these documents for more detailed information about the system rack. Tasks covered include unpacking, installation, and service of replaceable parts. The Sun Rack documents are shipped in hard-copy with the system.  Sun Fire V60x documents: Use these documents for more detailed information about the Sun Fire V60x servers that are used as the system nodes. Tasks covered include removal and installation from the slide-rails in the rack, and detailed diagnostics and service of replaceable parts. The Sun Fire V60x documents are shipped in a set that is a combination of hardcopy documents and PDF documents that are on the Sun Fire V60x and Sun Fire V65x Servers Documentation CD.  Sun Control Station and Sun ONE Grid Engine, Enterprise Edition documents: Use these documents for detailed information about setting up and using the software after the initial installation. Tasks covered include advanced settings for using the software to monitor and run the system as a grid. The Sun Control Station and Sun ONE Grid Engine, Enterprise Edition documents are include as PDF documents that are integrated into the Help system of the Sun Control Station software. They are also shipped as PDF files on their respective CDs.  The documents for the third-party hardware components are also included and vary, based on the supplier that is used. Documents for replacing and using the network switches, terminal server, and keyboard unit are shipped in hard-copy and as PDF files on included CDs.Sun Fire V60x Compute Grid Rack System Release Notes 3 Software Recovery Procedures Your Sun Fire V60x Compute Grid is shipped with the Red Hat Enterprise Linux 2.1 operating system and the Cluster Grid Manager software suite preinstalled on the Cluster Grid Manager (CGM) node. This section contains the procedures for recovering or reinstalling the Red Hat Enterprise Linux 2.1 operating system software and the Cluster Grid Manager software suite to the CGM node in the case that you have to replace a CGM node or reinstall the software for any reason.  “Recovering Red Hat Enterprise Linux 2.1” on page 3  “Cluster Grid Manager Software Recovery” on page 11 Recovering Red Hat Enterprise Linux 2.1 Use this procedure if you need to reinstall the Red Hat Enterprise Linux 2.1 distribution that was preinstalled on your CGM node. This section is divided into two procedures:  “Reinstalling the Operating System Software” on page 3  “Reconfiguring the Operating System Software” on page 10 Reinstalling the Operating System Software Use this procedure to reinstall the Linux operating system software. CDs Required For This procedure:  Red Hat Enterprise Linux 2.1 distribution CDs  Sun Fire V60x and Sun Fire V65x Servers Resource CD (705-0601) 1. Insert the Red Hat Enterprise Linux 2.1 CD 1 into the CGM node and wait for the first Red Hat installation screen to appear, then press Enter. 2. At the Language Selection screen, select the language for your location, then click Next. The default setting is English.4 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 3. At the Keyboard Configuration screen, accept the default settings shown below, then click Next. The default settings are:  Model: Generic 105-key international PC  Layout: US English  Dead keys: Enable dead keys 4. At the Mouse Configuration screen, select Generic 3-button mouse (PS/2), then click Next. The default setting is generic 3-button mouse (PS/2). 5. At the Welcome to Red Hat Linux screen, click Next. 6. At the Installation Type screen, choose Custom Installation Type, then click Next. The Disk Partitioning Setup screen appears. 7. Create five RAID 1 partitions on each of the two hard drives, as follows: a. At the Disk Partitioning Setup screen, select Manually Partition With Disk Druid, then click Next. The Disk Setup screen appears. b. At the Disk Setup screen, click New to begin creating a new partition. A New Partition dialog box appears. c. In the New Partition dialog box, select hard drive sda from the list of Allowable Drives to create partitions on that drive first. d. In the New Partition dialog box, select Software RAID from the Filesystem Type pull-down menu. e. In the New Partition dialog box, define one of the five Software RAID partitions listed in TABLE 1. Note – Make the /boot partition your primary partition by selecting the box labeled, “Force to be primary partition.” Note – You cannot enter the mount point for a partition until after you create the RAID 1 device in a later step.Sun Fire V60x Compute Grid Rack System Release Notes 5 f. After you have defined the partition, click OK. You are returned to the Disk Setup screen, where your new partition is listed. g. Repeat Step b through Step f until you have created all five partitions in TABLE 1 on hard drive sda, then continue with Step h. h. Create the same five partitions on hard drive sdb so that it will mirror hard drive sda. Repeat Step b through Step f until you have defined the five partitions in TABLE 1 on hard drive sdb, then continue with Step i. You are returned to the Disk Setup screen, where the 10 partitions you created are listed (5 partitions on hard drive sda and 5 partitions on hard drive sdb). i. At the Disk Setup screen, click Make RAID. A dialog box appears where you can select available partitions to make RAID. j. In the dialog box, select a partition and edit the settings for the selected partition as follows, then click OK:  Define the mount point for the partition. Refer to TABLE 1 and ensure that the mount point corresponds to the partition size that you defined earlier. Note – There is no mount point for the swap partition.  Select RAID 1 for the RAID Level.  Select the Format Partition box. k. Repeat Step j until you have defined the mount point and RAID Level for all 10 of the partitions. TABLE 1 RAID 1 Partition Settings For System Recovery Mount Point File System Type RAID level Partition Size (Mb) / ext3 RAID 1 10000 swap swap RAID 1 2000 /boot ext3 RAID 1 64 /var ext3 RAID 1 2000 /scs ext3 RAID 1 200006 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 8. After you have defined all of your partition settings, click Next to close the Disk Druid Disk Setup screen. The Bootloader Configuration screen appears. 9. At the Bootloader Configuration screen, select LILO as the bootloader, then click Next. 10. At the Firewall Configuration screen, select No Firewall, then click Next. 11. At the Additional Language Support Selection screen, click Next. 12. At the Time Zone Selection screen, select the correct time zone for your locale, then click Next. 13. At the Account Configuration screen, type the root password, then click Next. 14. At the Authentification Configuration screen, click Next. 15. At the Package Group Selection screen, select the following group options, then click Next:  Printing Support  X Window System  GNOME  Network Support  Messaging and Web Tools  NFS File Server  SQL Database Server  Web Server  Network Managed Workstation  Emacs  Software Development  Kernel Development  Everything The Video Card Configuration screen appears. 16. At the Graphical Interface (X) Configuration screen, make the following selections, then click Next.  ATI Mach64  Video Card RAM: 16 Mb 17. When the prompt that says About to Install appears, click Next. The installation takes several minutes as the packages are installed and the partitions are formatted. 18. When you are prompted for the next CD in the Linux distribution, remove the current CD and replace it with the next CD. When the installation is complete, the Boot Disk Creation screen appears.Sun Fire V60x Compute Grid Rack System Release Notes 7 19. At the Boot Disk Creation screen, select Skip Boot Disk Creation, then click Next. 20. At the Monitor Configuration screen, accept the default, then click Next. If you are using a different monitor than the one in the KVM unit, select your monitor type rather than accepting the default. 21. At the Custom Graphics Configuration screen, make the following selections, then click Next.  Color depth: High-color 16-bit  Screen resolution: 1024x768  Desktop environment: Gnome  Login type: Graphical 22. At the screen that says, “Congratulations, Your installation is now complete,” click Exit. The node reboots automatically. 23. After the system returns to a Red Hat login screen, log in as the root user. 24. Install the required E1000 network drivers and configure the Ethernet device as follows: a. Insert the Sun Fire V60x and Sun Fire V65x Server Resource CD (shipped with your system) into the CGM node and mount the CD by typing the following command. # mount /dev/cdrom /mnt/cdrom b. Copy the required network drivers from the Resource CD and install them to the CGM node by typing the following commands: # cd /mnt/cdrom/drivers/src # cp e1000-4.4.19.tar.gz /root # cd /root # tar -zxf e1000-4.4.19.tar # cd e1000-4.4.19/src # make install # insmod e1000 c. Remove the Resource CD from the system after you type the following command: # umount /dev/cdrom d. Reboot the system by typing the following command: # reboot e. After the system returns to a Red Hat login screen, log in as the root user.8 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 f. Verify that the e1000 network drivers were installed by typing the following commands and looking for the e1000 entry for eth1 in the /etc/modules.conf file. # cd /etc # more /etc/modules.conf Sample file contents are shown here: alias parport_lowlevel parport_pc alias scsi_hostadapter aic79xx alias eth0 e1000_4412k1 alias usb-controller usb-uhci alias eth1 e1000 g. h. From the Gnome desktop menu bar, select Program > System > Internet Configuration Wizard. i. In the Add New Device Type dialog box, select your Ethernet connection, then use the wizard to configure the Ethernet device and to activate it. Consult with your system administrator to select settings that are compatible with your network. The factory-default IP address of the CGM node is 192.168.160.5. j. Restart the network service by typing the following the command: # service network restart k. Verify that the system sees the Ethernet device by typing the following command. # ifconfig -a 25. Download and install the required Adaptec SCSI driver as follows: a. On the CGM node, use a browser to go to the Sun Fire V60x download site: http://www.sun.com/servers/entry/v60x/downloads.html b. Navigate to the Device Drivers download links for Red Hat Enterprise Linux 2.1 software. c. Download the following tar file to a /tmp directory on the CGM node: Adaptec SCSI Driver RPMs 1.3.10 for Red Hat Enterprise Linux 2.1 (as-aic79xx.tar.gz) d. Extract the contents of the tar file into the /tmp directory by typing the following commands: # cd /tmp # tar -zxf /tmp/as-aic79xx.tar.gzSun Fire V60x Compute Grid Rack System Release Notes 9 e. Determine which kernel version is running on your system by typing the following commands: # uname -a | awk ‘{print $3}’ The kernel version on your system is displayed similar to the following example: 2.4.9-e.12smp f. Locate the correct drivers for your kernel version in the as-aic79xx folder by typing the following commands: # cd as-aic79xx/ # ls *kernel-version* Where kernel-version is the kernel version you determined in Step e. Using the example in the previous step, the command and response would look as follows: # ls *e.12* aic79xx-1.3.10_2.4.9_e.12-rh21as_1.i686.rpm aic79xx-1.3.10_2.4.9_e.12-rh21as_1.src.rpm aic79xx-enterprise-1.3.10_2.4.9_e.12-rh21as_1.i686.rpm aic79xx-smp-1.3.10_2.4.9_e.12-rh21as_1.i686.rpm g. Install the required SCSI drivers by typing the following commands: # rpm -ivh driver-version Where driver-version is the driver that you determined in Step f. Using the example in the previous step, the commands would look as follows: # rpm -ivh aic79xx-1.3.10_2.4.9_e.12-rh21as_1.i686.rpm # rpm -ivh aic79xx-smp-1.3.10_2.4.9_e.12-rh21as_1.i686.rpm Note – The two required SCSI drivers are the smp/i686 driver and the uniprocessor i686 driver (non-enterprise), as shown in the previous example. h. Inform the boot loader where to find the new initial ramdisk (initrd) image by typing the following commands: # lilo # reboot 26. Continue with “Reconfiguring the Operating System Software” on page 10.10 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 Reconfiguring the Operating System Software Use this procedure to reconfigure the Linux operating system after you reinstall it. 1. Enable serial redirection on the CGM node as follows: a. Modify the CGM nodes’s /etc/lilo.conf file to add the following line after the lines that read, read-only: append="console=tty0 console=ttyS1,9600" This change enables serial redirection of the output from the LILO boot loader and the early boot process. b. Modify the CGM nodes’s /etc/inittab file to add the following line after the line that reads, 6:2345:respawn:/sbin/mingetty tty6: 7:2345:respawn:/sbin/mingetty ttyS1 c. Modify the CGM nodes’s /etc/securetty file to add the following line at the end of the file: ttyS1 d. Reboot the server to enable the serial redirection settings. 2. Configure the X windows environment on the CGM node as follows: a. At a Linux command line, log in as the root user. b. Start the Red Hat Linux configuration utility by typing the following command: # setup c. Select X Configuration from the menu of setup selections. d. Accept all default X configuration options, except for the following changes you must make:  Video card memory = 8MB  Color resolution = 24-bit, 1024x768 After you make these configuration changes, you can start the X windows environment by typing the startx command at a Linux command line. Note – You might not be able to resize the X windows because of a Red Hat bug. You can work around this bug by performing the following steps: i) Click on MainMenu on the toolbar at the bottom of the screen. ii) Select Programs > Setting > Sawfish Window Manager > Moving and Resizing iii) Deselect the box labeled, “Show current dimensions of window while resizing.” iv) Click Apply. v) Click OK. 3. Continue with “Cluster Grid Manager Software Recovery” on page 11.Sun Fire V60x Compute Grid Rack System Release Notes 11 Cluster Grid Manager Software Recovery Use this procedure to reinstall the Cluster Grid Manager software suite that was preinstalled on your CGM node. This section is organized into the following procedures that should be performed in the order they are listed here:  “Reinstalling Sun Control Station 2.0 Software” on page 11  “Reconfiguring the Java Plug-In Version For Mozilla” on page 12  “Installing the SCS Grid Engine Module” on page 14  “Installing Custom Scripts For Advanced Users” on page 15 CD Required For These Procedures  Cluster Grid Manager Software Recovery CD (798-4973) Note – You must install the operating system before performing this procedure, as described in “Recovering Red Hat Enterprise Linux 2.1” on page 3. Reinstalling Sun Control Station 2.0 Software Use this procedure to reinstall the Sun Control Station (SCS) software. 1. Insert the Cluster Grid Manager Software Recovery CD into your CGM node. If the CD does not mount automatically, mount it by typing the following commands: # mount /dev/cdrom /mnt/cdrom # cd /mnt/cdrom 2. Copy the SCS tar file from the CD to the /scs directory on your CGM node by typing the following command: # cp scs-2.0-release.tgz /scs This file is approximately 370 Mb, so the copying might take several minutes. 3. After the copy operation has finished, type the following commands to install the new SCS software: # cd /scs # tar -zxvf scs-2.0-release.tgz # cd scs-2.0/install # ./install -factoryinstall The installation might take several minutes.12 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 4. Install the SCS patch as follows: a. Copy the SCS patch from the CD to the root directory on the CGM node by typing the following command: # cp scs-2.0p1.tgz /root b. After copy operation finishes, extract the tar file by typing the following commands: # cd /root # tar -zxvf scs-2.0p1.tgz c. Install the SCS patch by typing the following commands: # cd scs-2.0p1 # ./install/install d. Delete the patch tar file after the installation finishes by typing the following commands: # cd .. # cd /root # rm scs-2.0p1.tgz e. Reboot the CGM node to initialize the SCS database by typing the following command: # reboot 5. Continue with “Reconfiguring the Java Plug-In Version For Mozilla” on page 12. Reconfiguring the Java Plug-In Version For Mozilla The Java™ plug-in for the Mozilla™ browser that is supplied with the RedHat Linux software is not compatible and it must be replaced by the Java plug-in supplied with the SCS software. Use the following procedure to reconfigure the Java plug-in version. 1. Configure the Java plug-in version by typing the following commands: # cd /usr/lib/mozilla/plugins # rm libjavaplugin_oji.so # ln -s \ /usr/java/j2sdk1.4.1_02/jre/plugin/i386/ns610/libjavaplugin_oji. so 2. Verify that the new Java plug-in version was configured as follows: a. Close all Mozilla applications. b. Start a Mozilla browser.Sun Fire V60x Compute Grid Rack System Release Notes 13 c. At the top of the Mozilla window, click on Help > About Plug-ins. d. Verify that the following version of the Java plug-in is listed: Java™ Plug-in1.4.1_02-b06 3. Continue with “Installing the SCS Grid Engine Module” on page 14.14 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 Installing the SCS Grid Engine Module After you install the SCS software, you must install the Grid Engine module separately. 1. Start a browser and type the following URL. http://n.n.n.n Where n.n.n.n is the IP address that you assigned to the CGM node. 2. Read the Sun Control Station license agreement that appears and accept the license agreement if you agree with the terms. A Sun Control Station Welcome page appears. 3. Go to the Sun Control Station login page for your CGM node by entering the URL in the format that is shown on the Welcome page: https://n.n.n.n:8443/sdui Where n.n.n.n is the IP address that you assigned to the CGM node. Note – The URL uses the https format. 4. At the Sun Control Station login page, log in as the SCS administrator using the default entries shown below, then click the Login button. User Name: admin Password: admin 5. On the Cluster Grid Manager main page, click on Administration > Modules in the left-side panel. The Control Modules window appears. 6. On the Control Modules window, click on Add Module. The Add Module window appears. 7. Select Location as File and browse to the Grid Engine module file on the Cluster Grid Manager Software Recovery CD: /mnt/cdrom/gridModule-1.0-14.mapp 8. Click on Install Now. Accept any security certificates or warnings that appear. Note – You might have to log in to SCS again after you install the Grid Engine module to see the Grid Engine module selection in the menu. 9. Continue with “Installing Custom Scripts For Advanced Users” on page 15.Sun Fire V60x Compute Grid Rack System Release Notes 15 Installing Custom Scripts For Advanced Users Several useful scripts are included on the Cluster Grid manager Software Recovery CD. Use the following procedure to install the scripts to your CGM node. 1. Create a /usr/mgmt/diag directory on your CGM node by typing the following command: # mkdir /usr/mgmt/diag 2. Copy and extract the scripts tar file from the Cluster Grid manager Software Recovery CD to your CGM node by typing the following commands: # cp /mnt/cdrom/customerdiag1.2.tar /usr/mgmt/diag # cd /usr/mgmt/diag # tar -xvf customerdiag1.2.tar 3. Remove the Cluster Grid manager Software Recovery CD from your CGM node after you type the following command: # umount /dev/cdrom Note – After you install the custom scripts, you can use them to automate several of the more redundant SCS AllStart software deployment activities. The procedures in the following sections describe how to use the scripts, but they are optional and recommended for advanced users.16 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 Using Scripts to Automate Installation Tasks This section contains procedures that describe how to use scripts that are included on the Cluster Grid Manager Software Recovery CD. These scripts can be used to automate some of the redundant tasks that are required when using the SCS AllStart module to deploy software to the compute nodes. You should first review the basic AllStart module procedures in the Sun Fire V60x Compute Grid Rack System Installation Guide (817-3072) before you use these procedures. Note – You must first install the scripts, as described in “Installing Custom Scripts For Advanced Users” on page 15. Using Scripts to Recreate a Lost check.out File When your system is manufactured, a file named check.out is created on the CGM node that lists the MAC addresses for all the nodes in your system. If this file is lost for any reason, you can use one of the custom scripts as described in this procedure to recreate the check.out file. 1. Type the following commands to run the script: # cd /usr/mgmt/diag # ./config -c n.n.n.n check TS-port-numbers Where n.n.n.n is the IP address of the system’s terminal server and TS-port-numbers is a range or list of terminal server ports to which compute nodes are connected. For example, 1-32 would denote the range for a fully configured, 32-node system. If your system is not fully configured, your TS-port-numbers value might look like 1,2,4,6-16. 2. Reset each compute node by pressing the Reset button on each node’s front panel. As each node resets, it will provide output of MAC addresses to a file named /usr/mgmt/diag/customer_check.out.Sun Fire V60x Compute Grid Rack System Release Notes 17 Using Scripts to Auto-Populate the AllStart Clients List Perform the following procedure to use the MAC addresses from your customer_check.out file to auto-populate the AllStart Clients list. Note – Use this procedure after you have already used AllStart to create your Distribution, Payload, and Profile, as described in the Sun Fire V60x Compute Grid Rack System Installation Guide (817-3072). 1. Type the following commands to run the script: # cd /usr/mgmt/diag # ./as_mac.pl -i NODE_BASE_IP -f customer_check.out Where NODE_BASE_IP is the base, or starting IP address for your node range. All nodes have their IP addresses incremented by one, following this lowest IP address. The script uses the MAC addresses in the customer_check.out file to populate the AllStart Clients list. Allstart adds clients, starting with NODE_BASE_IP, for each MAC address in the customer_check.out file, up to, but not including, the CGM node. 2. Verify that the clients were added by looking at the AllStart Clients list. At the Cluster Grid Manager main window, click on AllStart > Clients. All of the new clients should be listed, although they have no payload or profile associated with them yet. 3. Modify the clients that you just created to associate them with the AllStart deployment you are creating, as follows: a. On the AllStart Clients window, click Select All. b. Click Modify. c. Modify the settings for the clients as described in the Sun Fire V60x Compute Grid Rack System Installation Guide. When you finish making the settings, you are returned to the AllStart Clients window. Note – Be sure to set up the clients settings so that they are associated with the settings for the distribution, payload, and profiles that you have already created for this AllStart deployment. d. In the AllStart Clients window, click Select All.18 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 e. Click Enable. All client entries are enabled so that they are visible to the system. Enabled clients are indicated by a Y character under the Enabled heading on the AllStart Clients window. 4. Modify the DHCP configurations for the clients as follows: a. On the Cluster Grid Manager main window, click AllStart > Service. The AllStart Current Service Settings window appears. b. Click Modify. The Modify Service Settings window appears. c. Verify that the DHCP Enabled box is selected. d. Click Modify DHCP Info. e. Select the DHCP subnet and click Edit. f. Enter the router and DNS server IP addresses for your servers. Do not add anything to the Network/netmask or IP Range fields. Using Scripts to Force All Nodes to Network Boot Use the following procedure to force all nodes to network boot, as required when you are deploying software to compute nodes. 1. Type the following commands to run the script: # cd /usr/mgmt/diag # ./config -c n.n.n.n pxe TS-port-numbers Note – You must ensure that none of the ports given in the TS-port-numbers node range are currently in use when you use the command to run this script. The script must have access to the serial ports of each node to take control of the nodes. Where n.n.n.n is the IP address of the system’s terminal server and TS-port-numbers is a range or list of terminal server ports to which compute nodes are connected. For example, 1-32 would denote the range for a fully configured, 32-node system. If your system is not fully configured, your TS-port-numbers value might look like 1,2,4,6-16. 2. Reset or power on the nodes by pressing the Reset or Power buttons on the front panel of each node. The script causes each node to network boot and pull the software deployment from the CGM node.Sun Fire V60x Compute Grid Rack System Release Notes 19 Using Scripts to Add All Nodes as SCS Managed Hosts Before you can deploy the Sun ONE Grid Engine, Enterprise Edition software to the system compute nodes so that they can be managed as a grid, you must first add the nodes as Sun Control Station managed hosts. Perform this procedure to use a script to add all nodes as SCS managed hosts. 1. Type the following command to create a file named nodelist, which contains the list of Allstart clients that will be added as SCS managed hosts: # cd /usr/mgmt/diag # ./createNodeList.pl > nodelist 2. Type the following command to run the script that adds the clients as SCS managed hosts and installs the SCS client daemons on them: Note – Do not run this script in the background. Monitor the progress of the activity by watching the SCS Administration > Hosts window. Refresh the window until all the added hosts appear in the list. # ./devMgrParallel.pl add file nodelist20 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 Sun ONE Grid Engine Notes This section contains information about the Sun ONE Grid Engine, Enterprise Edition (S1GEEE) v 5.3p4 software that is preinstalled on your system’s CGM node. AllStart Client Host Name Limitations When you use the SCS AllStart module to create the client nodes to which you will deploy the software payloads, you are required to enter network interface information for those clients. In the AllStart Clients > Enter Network Interface Information window, you must enter the host name for the client node that you are creating. (See the Sun Fire V60x Compute Grid Rack System Installation Guide for the full procedure.) When entering the host name, you cannot use the full host name format, which would include the domain name. Instead, you must use a short host name format. For example: Use this host name format: host1 Do not use this format: host1.mydomain.com If you use the full host name format, the S1GEEE software cannot resolve the host name properly and the host (client node) is not able to join the grid or act as the grid master host. Grid Engine Settings When the grid engine is deployed, the following settings are automatically used:  SGE admin user name: sgeadmin  SGE admin user ID: 268  SGE commd TCP port: 536  SGE root directory: /gridware/sge  SGE cell name: default  NFS sharing: the /gridware/sge/default/common directory is NFS-shared from the designated master host to all other hosts. All other files and directories, such as binaries and spool directories, are installed locally on all grid hosts.Sun Fire V60x Compute Grid Rack System Release Notes 21 Grid Engine Configuration When you configure a compute host, one default queue is created for it. The queue settings are the same as that for a regular (standalone) S1GEEE deployment, with the exception of the following: In the Sun Fire V60x Compute Grid environment, the rerunnable parameter is set to "y". In other words, jobs running in the queue can be restarted on other compute hosts of the system in certain circumstances; for example, when a compute host is being removed from the grid. After you have deployed the grid engine, you can modify the configuration parameters on the queues that were automatically set up to anything you want, or even delete the queues entirely. For details on grid engine settings, refer to the Sun ONE Grid Engine, Enterprise Edition 5.3 Administration and User’s Guide. This document is accessible through the Help interface of the SCS software, or at the following URL: http://www.sun.com/products-n-solutions/ hardware/docs/Software/S1GEEE/index.html22 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 Important Notes This section contains information about known issues and considerations regarding the system and its operation. Location of Kickstart Files For AllStart Clients You can verify that your AllStart clients have been correctly configured by checking for their listing in the /scs/allstart/ksconfig/ directory on your CGM node. Each compute node that has been configured as an AllStart client is identifiable by its MAC address, as listed in the following Kickstart file format: /scs/allstart/ksconfig/ks.MAC-address.cfg PXE Network Booting Conflict With LAN Management When you use the Sun Control Station AllStart module to deploy software from the CGM node to the compute nodes, you force the target compute node to network (PXE) boot and pull the software from the CGM node. The PXE boot process involves UDP network transactions. If the DHCP/PXE server tries to assign an IP address that already belongs to another locally networked node that has LAN management enabled, the PXE boot process might fail. Note that even if the bootloader appears successful, the LAN-managed node might still have corrupted the transaction. If you encounter this problem, there are several solutions:  Deactivate LAN management software on the local network before you perform the PXE booting process.  Assign different IP addresses to the LAN-managed nodes that are in conflict with the DHCP/PXE server’s assignments.  Do not use the client node’s LAN-managed Ethernet interface; use the other Ethernet interface. Note that this would require you to reconfigure any Kickstart information to use the new interface.Sun Fire V60x Compute Grid Rack System Release Notes 23 Supported Browsers and Plug-Ins For viewing Sun Control Station 2.0 software, the following browsers and plug-ins have been tested and are officially supported on the indicated operating system platforms at this time.  Linux software (tested on Red hat Linux 7.3 and Red Hat Enterprise Linux 2.1):  Browser: Mozilla 1.2.1  Java™ Plug-in: Java Plug-in 1.4.1  Solaris 8 and Solaris 9 operating system software:  Browser: Netscape 7.0  Java Plug-in: Java Plug-in 1.4.1  Windows NT 4.0:  Browser: Internet Explorer 6  Java Plug-in: Java Plug-in 1.4.124 Sun Fire V60x Compute Grid Rack System Release Notes • October 2003 Console Drawer (FD-1000AT) (for PC SERVER) User’s Manual Linux is a registered trademark or trademark of Linus Trovalds in the United States of America and other countries. The name and logo TurboLinux are trademarks or registered trademarks of TurboLinux, Inc. Caldera System and OpenLinux are trademarks or registered trademarks of Caldera Systems Inc. Red Hat and any trademarks or logos based on Red Hat are the trademark or registered trademarks of Red Hat, Inc. in the United States of America and other countries. Other names such as product names are the registered trademarks or trademarks of their respective companies. All Rights Reserved, Copyright© FUJITSU COMPONENT LIMITED 2003 Declaration of Conformity Model Number : FD-1000AT series Trade Name : CONSOLE Drawer Responsible party : FUJITSU COMPONENT AMERICA, INC. Address : 250 East Caribbean Drive, Sunnyvale,CA94089 Telephone number : (408) 745-4900 This device complies with Part 15 of the FCC Rules. Operation Is subject to the following two conditions : (1) this device may not cause harmful Interference, and (2) this device must accept any Interference received, Including Interference that may cause undesired operation. This Product is designed, developed and manufactured as contemplated for general use, including without limitation, general office use, personal use, household use, and ordinary industrial use, but is not designed, developed and manufactured as contemplated for use accompanying fatal risks or dangers that, unless extremely high safety is secured, could lead directly to death, personal injury, severe physical damage or other loss (hereinafter "High Safety Required Use"), including without limitation, reaction core control in nuclear power facilities, aircraft autopilot flight control, air traffic control, operation control in mass transport control systems, medical instruments for life support systems, missile launching control in weapon systems. You shall not use this Product without securing the sufficient safety required for the High Safety Required Use. If you wish to use this Product for High Safety Required Use, please consult with our sales person representatives in charge before such use. i Contents PREFACE .....................................................................................................................1 Conventions .............................................................................................................1 Packing List ..............................................................................................................1 IMPORTANT NOTICES ................................................................................................3 Safety .......................................................................................................................3 Precautions..........................................................................................................3 Disposal...............................................................................................................4 Moving Console Drawer ...........................................................................................4 INSTALLATION ............................................................................................................5 Installing Guide Rails................................................................................................5 Installing Console Drawer ........................................................................................7 Installing the 4-port KVM Switch (CRT/KB Switcher) ...............................................8 CONNECTING AND REMOVING CABLES ...............................................................12 Connecting Cables .................................................................................................12 Removing Cables ...................................................................................................12 Connecting to Ports ................................................................................................13 OPERATION ...............................................................................................................14 Operating the Console Drawer ...............................................................................14 Adjusting the Monitor..............................................................................................17 Basic Adjustment Procedure .............................................................................18 Menu Screen Display Example .........................................................................18 Menu Description...............................................................................................19 Resolution and Refresh Rate ............................................................................20 Using a Linux Operating System............................................................................21 Keyboard Operation ...............................................................................................22 Pointing Device Operation......................................................................................22 The Hot-key and Reset Buttons .............................................................................23 Using CRT/KB Switcher .........................................................................................23 Storing Console Drawer .........................................................................................24 Cleaning Console Drawer ......................................................................................26 TECHNICAL SPECIFICATIONS ................................................................................27 i i 1 Preface Congratulations on your purchase of the server rack mountable Console Drawer. Using this product will greatly improve the efficiency and functionality of the workspace around your racks. Space that was used in previous layouts can now be used more freely due to our compact sliding module design. The 15-inch TFT monitor has a resolution of 1024 to 768 dots with 16,770,000 colors. Also, it is equipped with a keyboard and 2-button pointing device. Conventions Symbols and terminology that are used in this manual are described below. This symbol indicates the possibility of physical damage (such as damage to the Console Drawer) or physical injury, which may result if by ignoring this symbol the Console Drawer is operated incorrectly. This logo indicates supplemental information, comments or hints. ? Text that is preceded by a number (such as 1.) indicates that the operation must be done in the order indicated. ? Reference to important chapter titles and terminology are in brackets [ ]. Packing List Make sure that the items in the following list were included in the shipping package. ? Console Drawer 1 ea. ? Power Cable (2 m) 1 ea. (Not included in European configuration [FD-1000AT/E]) ? Operation Manual (this manual) 1 ea. ? Warranty 1 ea. (Make sure that the warranty includes all the required information.) We recommend keeping the box and packing material in which the Console Drawer was purchased. They may be required when moving it to another location. If something is missing from the package, contact your place of purchase or a Fujitsu maintenance person. CAUTION 2 Please note the safety information in [Important Notices]. 1. Check the package delivered and whether the Console Drawer has been damaged when unpacking. 2. Remove the rubber stabilizer from the front left side of the Console Drawer. The rubber stabilizer is inserted to prevent the Console Drawer from sliding when installing or moving it. Be sure to keep it after finishing the installation for when it needs to be used again. Rubber stabilizer removal diagram CAUTION 3 Important Notices This chapter contains cautions that must be taken when operating the Console Drawer and information related to safety. Carefully read this chapter to use the Console Drawer correctly. Safety Precautions This device adheres to the safety regulations related to information processing equipment such as electronic office machines that are used in an office environment. If you have any questions please contact your place of purchase or a Fujitsu maintenance person. ? To prevent extreme bumping or shaking when moving the Console Drawer use the original shipping container or a box similar to it. ? During installation and before using the Console Drawer, carefully read [Installation] and the section about environmental conditions in [Technical Specifications] to use the Console Drawer correctly. ? Moving the Console Drawer from a cold environment to the installation location may cause condensation to occur. Before using the Console Drawer allow it to dry out completely and to reach the ambient temperature of the installation location. ? Make sure that the local power supply voltage is within the acceptable range of the Console Drawer. Make sure that the rated voltage meets the specifications of this device (Refer to [Technical Specifications] and the model plate on this device). ? The power cable for the Console Drawer is specially certified. Do not connect it to anyplace other than a grounded wall outlet. ? Arrange the immediate area around the Console Drawer's power socket and the rack's power outlet so that the plug can be quickly pulled. ? Lay all the cables so that they will not be damaged. Refer to the relevant sections in [Installation] when connecting and removing cables. ? Do not connect or remove the data transmission cables during thunderstorms. ? Do not allow foreign substances (such as necklaces or paperclips) or liquids inside the Console Drawer. ? In an emergency (such as: damage to the housing, parts or cables; or liquid or a foreign object has fallen into the Console Drawer) remove the power cable as soon as possible and contact your place of purchase or a Fujitsu maintenance person. ? Only licensed engineers can repair the Console Drawer. An unlicensed user that opens the Console Drawer and makes incorrect repairs may cause electric shock or fire. ? Avoid using the keyboard when in poor health or for extended periods of time. ? Always hold the connector portion and do not jerk the cables when removing them. ? Avoid operating the Console Drawer with wet hands. CAUTION 4 ? Do not unplug connectors with wet hands. ? Do not place such unnecessary items as cups on the top of the Console Drawer. ? Do not modify or repair the Console Drawer. ? Only licensed personal can uncouple, remove or switch parts (such as electromagnetic wave devices) which bear a warning mark (such as a lightening bolt). ? Only the resolution and refresh rate specified in the monitor explanation in [Technical Specifications] can be set. Doing settings other than those noted may damage the monitor. Contact your place of purchase or a Fujitsu maintenance person if you have any questions. ? To prevent interference it is necessary to adequately isolate the data cables connected to peripheral equipment. ? Unplug the power plug from the grounded power outlet if there is a power outage. ? Follow the instructions in the appropriate section in [Operation] when cleaning the server. ? Keep this manual with the Console Drawer. If you give the Console Drawer to a third party give them this manual also. ? Do not use the Console Drawer as a foot rest or lean against it with it drawn out. Doing so may unbalance the rack, causing it to fall over. Disposal This device is manufactured with metal and plastic parts. Dispose of it according the relevant government regulations. Moving Console Drawer When moving the Console Drawer to a different location, use the box in which it was purchased or a box that protects the product from bumping and shaking. Do not unpack the Console Drawer until the move has been completed. CAUTION 5 Installation Please note the safety information in [Important Notices]. Maintain the area around the equipment when using the Console Drawer (See [Technical Specifications] for more information). Avoid dust, humidity and extreme temperatures. Installation may require more than two people in some situations. Be careful not to pinch your fingers or hands between the guide rails and the Console Drawer. Installing Guide Rails Install the guide rails with the guides toward the front so that the Console Drawer can be mounted on them. (Rear Spacers will be at the back) See the installing the guide rail diagram on page 6. 1. Insert the rear spacer studs of the guide rails into the holes in the rear rack pillars. Fasten each guide rail with two screws inserted from the outside of the pillar, one into each of the top and bottom holes of the rear spacer. 2. Extend the guide rails to reach the inside of the front rack pillar. Fasten each guide rail in place with two screws, one into each of the top and bottom holes of the front spacer. (Attach the guide rails inside the front/rear rack pillar so that the guides face inwards.) 3. Install the left and right guide rails at the same height. z Refer to the enclosed manual for details on how to install additional guide rails. CAUTION 6 Installing the Guide Rails diagram 7 Installing Console Drawer Be careful that the latch lever (see page 15) does not come loose. If the latch lever comes loose the Console Drawer may slip. If the Console Drawer does not slide easily into the guide rail or is heavy, lift and insert it with two or more people. 1. After installing the guide rails, insert the Console Drawer into the front end of the guide rails. 2. Push the Console Drawer in until it stops, then fasten with two screws, one on each side of the front of the Console Drawer. Installing the Console Drawer diagram 8 Installing the 4-port KVM Switch (CRT/KB Switcher) Three methods are used for installing the 4-port KVM switch (Installation Methods 1 - 3). After removing the rubber feet from this device 4-port KVM switch, use the appropriate installation method for this device configuration. Refer to [Connecting to Ports] on page 13 for details on connecting the 4-port KVM switch. The 4-port KVM switch will not fit inside of this device unless the rubber feet have been removed. To avoid electric shocks and/or short circuits, make certain that the power cable of this device is not plugged in. Since this device can cause injury if it falls or tips over, be certain to only work on a stable surface. This device contains the components that store and release high voltage electric charges. Only work on this device after checking that it has been electrically discharged. Some metal edges may be sharp. Be careful to not cut yourself. To avoid damaging this device, do not place foreign objects (including metal objects, water, and/or liquids) inside it. Also, do not touch except as necessary. To avoid damage, only licensed engineers should install the 4-port KVM switch. Philips screwdrivers (large, small) are required to install the Console Drawer. Have these ready before proceeding. The screws for installation method 2 are not included with the 4-port KVM switch. These four 3 x 6 mm flathead screws must be separately obtained. Installation Method 1 No extra screws are needed. It is not necessary to remove the Console Drawer from the guide rails if there is sufficient workspace above the unit after it has been attached to the rack. If the Console Drawer needs to be removed, reverse the [Installing Console Drawer] operation on page 7. CAUTION 9 1. Remove the four screws that secure the KVM holder in place. 2. Insert the 4-port switch into the open space in the rear top panel, making sure that the 4-port KVM switch's connectors face out from the rear of the Console Drawer. 3. Reattach the KVM holder to the rear top panel with the four screws removed in step 1. Installation Method 1: 4-port KVM switch Assembly Diagram (viewed from the left rear) 1 0 Installation Method 2 An extra four 3 x 6 mm flathead screws (not provided) are required to fasten the 4-port KVM switch in place. It is not necessary to remove the Console Drawer from the guide rails if there is sufficient workspace above and below the unit after it has been attached to the rack. If the Console Drawer needs to be removed, reverse the [Installing Console Drawer] operation on page 7. 1. Remove the four screws that secure the KVM holder in place. 2 Insert the 4-port switch into the open space in the rear top panel, making sure that the 4-port KVM switch's connectors face out from the rear of the Console Drawer. 3. Fasten the 4-port KVM switch in place with the four new screws inserted from underneath the rear panel. 4. Reattach the KVM holder to the rear top panel with the four screws removed in step 1. Installation Method 2: 4-port KVM switch Assembly Diagram (viewed from the left rear) 1 1 Installation Method 3 Rear top panel must be removed, but no extra screws are needed. Remove the Console Drawer from the rack guide rails by reversing the [Installing Console Drawer] operation on page 7. 1. Remove the ten screws that secure the rear top panel in place. 2. Remove the four screws from the left and right sides of the 4-port KVM switch. Insert the 4-port KVM switch under the KVM holder between the two bent down flaps of the rear top panel, making sure that the 4-port KVM switch's will face out from the rear of the Console Drawer. Fasten it in place with the four screws removed in step 2. 3. Reattach the rear top panel with 4-port KVM switch attached to the rear plate Comp using the ten screws removed in step 1. Installation Method 3: 4-port KVM switch Assembly Diagram (viewed from the left rear) 1 2 Connecting and Removing Cables Read the Console Drawer manual before connecting the cables. Do not connect or remove the cables during a thunderstorm. When unplugging cables hold them by the plug, not the cable. Connect and remove cables in the following order. Connecting Cables 1. Unplug the power cords, from the power outlets, of all the equipment that is effected. 2. Connect the keyboard cable, mouse cable and the monitor cable to their respective pieces of equipment. 3. Plug the power cable into the Console Drawer. 4. Plug the power cable into a grounded power outlet. Connecting cables to Console Drawer diagram Removing Cables Unplug the power cords, from the power outlets, of all the equipment that are effected, then remove each cable. CAUTION 1 3 Connecting to Ports (When CRT/KB Switcher is attached to the back of the Console Drawer.) Adhere to the cautions in [Connecting and Removing Cables] when connecting and disconnecting ports. Also, cut the power of the effected equipment while you are working. You can connect as many servers as there are ports. 1. Connect the keyboard cable to the KB port, the mouse cable to the Mouse port and the monitor cable to the COMMON DISP port. 2. Use the dedicated cable to connect the server keyboard port (PS/2) and the mouse port (PS/2) to the KB/Mouse port (6-pin mini DIN). 3. Connect the terminal monitor cable to the 1 DISP port (15-pin mini D-SUB). Connecting ports diagram If you are using a separate CRT/KB switcher, rather than the back of the Console Drawer, refer to the operation manual for the CRT/KB switcher. CAUTION 1 4 Operation Pull the Console Drawer toward slowly until the slide rails lock. If they do not lock, the weight of the Console Drawer may cause it to move. Be careful not to pinch your hand when doing such activities as pulling or pushing the slide module and opening and closing the LCD. Operating the Console Drawer 1. If the rubber stabilizer has not been removed yet, remove it now. 2. Push down on the latch lever on the front left side of the Console Drawer. Pull out the Console Drawer until it clicks. Before pulling it out, make sure that the two screws on the front of the Console Drawer are tightly fixed to the rack. CAUTION 1 5 Pulling out the slide module diagram 3. Push up on the LCD lock on the left side of the handle, and then grasp the handle and open the top of the monitor. 4. Turn on the power by pushing the POWER button. Open the monitor completely. 1 6 Opening the LCD diagram 1 7 Adjusting the Monitor The five buttons and two LEDs on the monitor are explained in order from left to right. Power button: Power button: Push this button to turn on the power to the monitor. Also, pushing this button while the monitor is on cuts the power to the monitor. Power lamp (green): This lamp lights when the power to the monitor is on and goes out when the power to the monitor is off. Indicator lamp (orange): This lamp lights when the monitor is in energy-saving mode. Menu button: Push this button to adjust the monitor. ?Button: Push this button when selecting downward and to change values in a decreasing direction. ?Button: Push this button when selecting upward and to change values an increasing direction. Button: Push this button to select or enter things. You can eliminate screen noise by adjusting the PHASE on the setting menu. Be careful when applying a strong force to the equipment when the Console Drawer is pulled out and the monitor is opened and being used, as there is a risk that the rack may fall over. Do not strongly press on the monitor's screen, scratch it with sharp objects or place magnetic objects near it. Doing so may damage the monitor. CAUTION 1 8 Basic Adjustment Procedure 1. Push the menu button to open the menu. 2. Select the item to be adjusted with the?button and the?button. 3. Switch to the various adjustment screens with the button. 4. Change setting values with the?button and the?button. 5. Apply setting values and return to the menu screen with the button. 6. Push the menu button to close the menu. (The menu button automatically closes if no button operations are done for a set time.) *. and are automatically set after the button is pressed. Menu Screen Display Example 1 9 Menu Description Symbol Displayed term Adjustment details Brightness Adjust the brightness. Contrast Adjust the contrast. H.Position Adjust the horizontal position of the image. V.Position Adjust the vertical position of the image. Phase Adjust the phase (eliminate screen noise). Clock Adjust the width of the display. Auto Setup Adjusts automatically. Language Select the language used for the menu. Color Adjusts the color. Special Press to change the settings shown below. Factory Setting Return to factory default status. DOS Mode Switch between 640 and 720 of the horizontal resolution in DOS mode. Video Level Adjust the level of the input signal. Zoom Sharpness Adjust the focus. 2 0 Resolution and Refresh Rate Resolution Horizontal frequency (KHz) Vertical frequency (Hz) Mode 31.47 60.0 37.86 72.0 600 × 480 37.5 75.0 37.9 60.0 48.1 72.0 800 × 600 46.9 75.0 48.4 60.0 56.5 70.0 1024 × 768 60.0 75.0 VESA 2 1 Using a Linux Operating System Carefully read the cautions on page 16 to correctly set and use the Console Drawer with a Linux operating system. Precautions when using the Caldera OpenLinux Server 3.1.1 Installation Precautions When using Caldera OpenLinux Server 3.1.1 with this unit, immediately after installation X Windows may fail at startup with the following message: INIT : rc.gui : /opt/kde2/bin/kdm or X11 startup problem ! For X11, try running 'kxconfig' as root … INIT : Switching to runlevel:3 INIT : Sending processes the TERM signal press to continue. Follow the procedure listed below to reinstall X Windows so that it will start normally. ? Startup the system using the installation CD, then select the installation mode listed below to begin the installation. - Standard install mode ? Select " Programmable up to (MHz):" as the mode clock on the " Select Video Card " screen. ? The values that should be set for the " Select Video Card " screen are as follows: Resolution Refresh Depth Horiz. Sync Mode Clock 1024 x 768 70 Hz 8-32 bpp 56.5 KHz 75 MHz (When all items except the resolution show " Not available ", set the resolution to "1024 x 768") CAUTION 2 2 Keyboard Operation Full keyboard operation is possible by working with the Fn key. Pointing Device Operation Lightly touch or tap the operation surface to operate the pointing device. Moving the pointer: Just lightly touch the operation surface in the direction you want to move the cursor. Single click: Lightly tap the operation surface once, or click the left button once. Double click: Lightly tap the operation surface twice, or click the left button twice. 1.The pointing device has been designed to be operated with one finger, do not use it in the following ways: 1) while wearing gloves; 2) with a pen, ballpoint pen or pencil etc; 3) with two or more fingers; 4) operating while something is placed on the operation surface. 2. Normal operation may become impossible if the operation surface gets wet such as when there is high humidity or the operator's hands are damp or sweaty. Thoroughly dry or wipe the operation surface before use. 3. Do not do operations with pointed metal objects such as pens as it may damage the pointing device. CAUTION 2 3 The Hot-key and Reset Buttons Hot-key Button Outputs the [Ctrl] + [Alt] + [Shift] key Make/Break code. This will also be the Hot-key mode (OSD display) when connected to a KVM switch. Reset Button Resets the keyboard and mouse. KVM switch, keyboard and mouse will be reset if connected to a FS-10XX Series KVM switch. KVM Switch Reset is only valid with the following series: FS-1004, 1008, and 1016. Using CRT/KB Switcher Even if the settings are the same, the image position may be different when using various types of CRT controllers when setting up multiple servers. Generally resolution and refresh rate (vertical frequency) are the same for all servers, therefore just a set of one type of parameters supports these settings, which are stored for the screen. Displays on other servers are effected by correcting an on-screen image that has shifted. To correct shifted displays, change the following settings. 1. Set the refresh rate of servers that have displays with incorrect images to a different value. 2. Select the best screen display and the save it. As multiple refresh rates for resolution can generally be set, you can use multiple options for the screens. CAUTION 2 4 Storing Console Drawer The Console Drawer can be stored in the rack when a monitor and keyboard are not needed. Slide the Console Drawer in and out of the rack slowly. 1. Push the monitor power button to turn off the power to the monitor. 2. Hold the handle and slowly close the monitor. Be sure that the LCD lock catches. 3. Push the locking springs on both sides of the slide rail and slide the Console Drawer into the rack. Be sure the latch lever catches. Be careful not to pinch your fingers or hands in the guide rails, slide rails, or the Console Drawer itself when storing the Console Drawer. If the latch lever is not set the Console Drawer may slide out if the rack is moved. We recommend turning off the monitor's power when it is not in use, to conserve electricity. CAUTION 2 5 Inserting the slide module diagram 2 6 Cleaning Console Drawer Turn off the power and unplug the power cable from the power socket. Do not use cleansers that contain abrasives; or such organic solvents as benzene or thinner; or disinfectant alcohol. Do not apply water and cleanser or spray type cleaners directly to the Console Drawer. If liquids enter the interior of the Console Drawer it may result in malfunctions or damage. Wipe the Console Drawer and monitor with a dry cloth. If the dirt is excessive, wipe it off with a soft cloth that has been thoroughly wrung out after being dipped in household cleanser diluted with water. Remove dust with a soft brush. Clean the keyboard and pointing device with a sterile cloth. Lightly wipe the monitor screen with a soft dry cloth such as gauze. Remove dust with a soft brush. CAUTION 2 7 Technical Specifications Model: FD-1000AT/J (Japanese configuration) FD-1000AT/U (US configuration) FD-1000AT/E (European configuration) • Power Specifications Rated voltage range: 100 - 240V AC Frequency: 50/60Hz Rated current: 100V/0.4 A, 200V/0.2 A • Size Main part: (W) x (D) x (H) (1) Slide rail contracted 485 mm x 642 mm x 42 mm (2) Slide rail extended 485 mm x 1117 mm x 42 mm (3) (2)+the LCD are fully opened 485 mm x 1077 mm x 345 mm • Weight: 12.0 Kg • Required Environment Operating Temperature: 15 - 35 °C (Avoid condensation during use.) According to the server environment. • Monitor Panel monitor: 15” TFT color LCD Resolution: Max. horizontal 1024 (dots) x vertical 768 (line) Pitch: 0.297 x 0.297mm Refresh rate: Max. 75Hz Colors: Max. 16,777,216 (dithering) Brightness: 250 cd/m² Connector: mini D-SUB 15-pin (analog RGB) Power consumption: Max. 22 W or less During standby: 3.6 W or less During back right OFF: 7.2 W or less During LCD power switch OFF: 3.6 W or less 2 8 • Keyboard Layout: Japanese layout, US layout, European layout Number of keys: Japanese layout (87), US layout (83), European layout (84) Connector: mini DIN 6-pin • Pointing Device Model: Static Touch Pad Resolution: 240 cpi (counts/inch) Connector: mini DIN 6-pin • Button Number of buttons: 3 Console Drawer User’s Manual Published August 2003 Published by FUJITSU COMPONENT LIMITED Printed in Japan ? The contents of this manual may be modified for improvements without prior notice. ? Fujitsu bears no responsibility for infringement of patent or other rights of third parties ascribable to the use of data in this manual. ? Reprinting of this manual without permission is prohibited. This manual is made of recycled paper. 021220 Getting Started with the LX Series 451-0308E Corporate Headquarters MRV Communications, Inc. Corporate Center 20415 Nordhoff Street Chatsworth, CA 91311 Tel: 818-773-0900 Fax: 818-773-0906 www.mrv.com (Internet) Sales and Customer Support MRV Americas 295 Foster Street Littleton, MA 01460 Tel: 800-338-5316 (U.S.) Tel: +011 978-952-4888 (Outside U.S.) sales@mrv.com (email) www.mrv.com (Internet) MRV International Industrial Zone P.O. Box 614 Yokneam, Israel 20682 Tel: 972-4-993-6200 sales@mrv.com (email) www.mrv.com (Internet)2 451-0308 All rights reserved. No part of this publication may be reproduced without the prior written consent of MRV Communications, Inc. The information in this document is subject to change without notice and should not be construed as a commitment by MRV Communications, Inc. MRV Communications, Inc. reserves the right to revise this publication, and to make changes in content from time to time, without obligation to provide notification of such revision or changes. MRV Communications, Inc. assumes no responsibility for errors that may appear in this document. Copyright © 2003 by MRV Communications, Inc. Should you experience trouble with this equipment, please contact one of the following support locations: • If you purchased your equipment in the Americas, contact MRV Americas Service and Support in the U.S. at 978-952-4888. (If you are calling from outside the U.S., call +011 978-952-4888.) • If you purchased your equipment outside the Americas (Europe, EU, Middle-East, Africa, Asia), contact MRV International Service and Support at 972-4-993-6200. 451-0308 3 CAUTION This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, can cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: • Reorient or relocate the receiving antenna. • Increase the separation between the equipment and receiver. • Connect the power cord of the equipment into an outlet on a circuit that is different from that to which the receiver is connected. • Consult the dealer or experienced radio/TV technician for help. Changes or modifications not expressly approved by MRV Communications, Inc. could void the user's authority to operate the equipment.4 451-0308451-0308 5 Table of Contents Preface................................................................................................................ 11 Customer Support ........................................................................................................11 Other Documentation ..................................................................................................11 Overview of the LX Series ................................................................................ 13 Conventions ..................................................................................................................13 System Specifications ..................................................................................................15 Installing the LX Series ..................................................................................... 17 Hardware Installation .................................................................................................17 Unpack and Inspect the Unit ................................................................................ 17 Package Contents................................................................................................... 17 LX Indicators and Interfaces.......................................................................................18 Front Panel LEDs .................................................................................................. 18 Rear Panel LEDs ................................................................................................... 19 Environmental and Installation Considerations........................................................23 Mounting the Unit into a 19-inch or 23-inch Rack ....................................................24 Cable Connections........................................................................................................25 Connect the Power Cable....................................................................................... 25 Connecting the Ethernet Interface ....................................................................... 25 Connect Serial Device Cables................................................................................ 25 Connecting Your Management Station................................................................. 25 Connecting DC Power............................................................................................ 26 Modem Port (Optional) ................................................................................................27 Powering On .................................................................................................................27 System Login and Passwords ......................................................................................28 Resetting the Unit........................................................................................................29 Configuring the LX Unit for the First Time ...............................................................30 First Time Quick Configuration............................................................................ 30 Assigning an IP Address via the Network............................................................ 33 Accessing and Configuring the Graphical User Interface (GUI)...............................33 Software Upgrades.......................................................................................................38 IP Configuration Menu ................................................................................................38 Booting from Defaults..................................................................................................38 Accessing and Configuring Additional Features ........................................................39 Connecting to the LX Series via Telnet or SSH ................................................... 39 Accessing from a Terminal Attached to an LX Series Serial Port ...................... 40 Additional Considerations ...........................................................................................406 451-0308 Sensor (Temperature/Humidity) Ports .......................................................................40 Connecting the Temperature/Humidity Sensor ................................................... 40 Command Line Interface (CLI) Tree Structure..........................................................42 ppciboot Factory Default Settings...............................................................................43 Additional Considerations for an Internet Environment ..........................................44 Autobauding Feature ...................................................................................................44 Reinitializing/Powering Off the Unit ..........................................................................44 Appendix A - Technical Specifications ........................................................... 45 Appendix B - POST Test Error Codes ............................................................. 49 Error Code Definitions.................................................................................................49 POST Test Error Code Sample....................................................................................51 Appendix C - Cabling the LX Series ................................................................ 55 Cabling Considerations................................................................................................55 Serial Device Connectors ....................................................................................... 55 Diagnostic Port Connector (Port 0) ....................................................................... 55 10/100 Connector.................................................................................................... 56 Ordering Cables ..................................................................................................... 56 Modular Adapters ........................................................................................................56 Pin Assignments .................................................................................................... 57 Ordering and Installing the Inlet Connector Lock.....................................................59 Connecting to the Diagnostic Port (Port 0) .................................................................59 Modem Control/Hardware Flow Control ....................................................................60 RJ-45 Wiring Considerations ......................................................................................60 Modular Adapters (RJ-45 to DB-25) ...........................................................................61 MRV Communications 8-Wire Cabling.......................................................................64451-0308 7 Figures LX Series 4008 Front Panel.............................................................................. 18 LX Series 4016 Front Panel.............................................................................. 18 LX Series 4032 Front Panel.............................................................................. 18 LX Series 4048 Front Panel.............................................................................. 18 LX Series 4008 Rear Panel ............................................................................... 19 LX Series 4008M with Modem Rear Panel ...................................................... 20 LX Series 4016M with Modem Rear Panel ...................................................... 20 LX Series 4016 DC Version Rear Panel ........................................................... 21 LX Series 4032M with Modem Rear Panel ...................................................... 21 LX Series 4032M DC Version Rear Panel ....................................................... 22 LX Series 4048 AC Rear Panel ......................................................................... 22 Mounting an LX Series in Rack ....................................................................... 24 Connecting DC Power ....................................................................................... 26 LX Series RESET Switch Location .................................................................. 29 Connecting the Temperature/Humidity Sensor .............................................. 41 Basic Menu Structure ....................................................................................... 42 POST Test Error Code Sample......................................................................... 53 Serial Device Connector (RJ-45) Signal Assignments .................................... 55 10/100 Connector Assignments ........................................................................ 56 DB-25 Pins......................................................................................................... 58 Installing the Inlet Connector Lock ................................................................. 59 Adapter Wiring, LX Series to DTE .................................................................. 61 Adapter Wiring, RJ-45 to DB-9, LX Series to DTE......................................... 62 Adapter Wiring, LX Series to DCE .................................................................. 63 Modular Cables for RTS/CTS Flow Control (Eight-Wire), Concurrent with Modem Control Signalling ..................................................................................... 658 451-0308451-0308 9 Tables LX Series Specifications ....................................................................................45 POST Test Error Codes ....................................................................................4910 451-0308451-0308 11 Preface This guide describes how to install the software, describes the hardware and cabling, as well as how to rack-mount the LX Series. This guide is organized as follows: • Preface - Describes the manual’s organization and how to contact customer support. • Chapter 1 – Provides an overview of the LX Series, including supported communication speeds, software requirements, and conventions. • Chapter 2 – Describes how to install and connect the LX Series, as well as the unit’s LEDs and connectors. Also explains how to connect to the unit, access the Graphical User Interface, install Java Runtime Environment (JRE), and connect to the LX Series via telnet and SSH. • Appendix A – Provides the electrical, environmental, and physical requirements for the LX Series installation. • Appendix B – Provides the error code definitions for the POST test error codes. • Appendix C - Describes how to cable the LX Series unit. Customer Support Should you experience trouble with this equipment, please contact your MRV Americas Service and Support customer representative in the USA at 978-952-4888. International customers call +011 978-952-4888. Other Documentation Other manuals in the LX documentation set are: • LX-Series Commands Reference Guide - Describes each individual command in the LX CLI tree.Preface 12 451-0308 • Getting Started with MRV Communications LX Series MIBs - Provides basic information regarding the Network Management System (NMS), and procedures on how to use the Management Information Base (MIB) structure (as pointers to objects in the devices) to manage these units. • LX-Series Configuration Guide - Provides information on network configuration, initial setup, how to set up for remote console functions, RADIUS, and system administration. • Software Release Notes - Cites supported features as well as any notes and restrictions for the current software version.451-0308 13 Chapter 1 Overview of the LX Series The LX Series is a secure standalone communication server that is designed for applications requiring secure console or serial port management. The LX Series provides the most secure and robust feature set to meet your remote console management and terminal server needs. The LX Series includes the most comprehensive security features, such as per port access protection, RADIUS, Secure Shell v2.0, PPP PAP/CHAP, PPP dial-back, on-board database, menus, and others. The LX Series console management solution enables centrally located or remote personnel to connect to the console or craft ports of any network element or server. This serial connection allows administrators to manage and configure the remote network devices and servers, as well as perform software upgrades as if attached locally. The LX Series also provides various port densities of RS-232 DTE RJ45 Serial ports, as well as V.90/K56 flex Internal Modem options. Currently, the LX hardware provides port densities of 8, 16, 32, and 48 ports, plus port 0 for local management. Conventions The following conventions are used throughout this guide: • User prompt – The user prompt is (for example) InReach:0> for Non-superusers or InReach:0>> for superusers. The prompt will change based on a login user profile, as configured by the Superuser. The 0 represents the session number.Overview of the LX Series 14 451-0308 • Configure Mode prompt – A sample configure mode prompt is Async 1-6:0 >>, where Async is a reminder that tells you which part of the configuration you are in, 1-6 is the range of ports any operation will affect, 0 is a session number, and >> indicates superuser mode. To get to the Async 1-6:0 >> prompt, you must first type port async 1 6 at the Config:0 >> prompt. Note that you do not add a dash between the range numbers in port async 1 6. • Command execution – Unless otherwise specified, commands are executed when you press . • Keyboard characters (keys) – Keyboard characters are represented using left and right angle brackets (< and >). For example, the notation refers to the CTRL key; refers to the letter A; and refers to the RETURN key. • Typographical conventions – The following typographical conventions are used: Monospace Typeface – indicates text that can be displayed or typed at a terminal (i.e., displays, user input, messages, prompts, etc.). italics – are used to indicate variables in command syntax descriptions. • Help Key (?) - At any prompt level, you can press ? to display the available commands at that level. The only time this is not true is if you are in the midst of entering a command. If ? is at the end of a partial command, the LX displays a list of valid arguments to assist you in adding to the current command line. • Tab - Press the Tab button to complete a partially entered command. You must enter the first three characters of a command for autocomplete to work. If the command is already complete, the Tab button displays available commands. • Command Recall - The up arrow recalls previously used commands. • Ctrl-F – Moves forward to the next session.451-0308 15 Overview of the LX Series • Ctrl-B – Moves back to the previous session. • Ctrl-L – Returns you to the Local Command Mode. NOTE: You must press the Enter key after you type Ctrl-F, Ctrl-B, or Ctrl-L. System Specifications The following table lists important system specifications: Item Description Interface DTE RS-232 - RJ-45 Serial Line Speed 134 bps to 230 Kbps Ethernet Interface 10/100 Auto Sensing Default Serial Line Speed 9600 bps DIAG Port/local management port (default settings) The DIAG port (port 0) is the console management port. Autobaud is disabled. 9600/8/1/None. Quick Start is enabled. Access is Local. APD is disabled. Flow Control is Xon/Xoff. All Ports Except Management and Modem Ports (default settings) Autobaud is disabled. 9600/8/1/None. Access is Remote. APD is disabled. Flow Control is Xon/Xoff. Modem Port (default settings) Autobaud is disabled. Speed is 57600. Access is Local. APD is enabled. Flow Control is CTS.Overview of the LX Series 16 451-0308451-0308 17 Chapter 2 Installing the LX Series Hardware Installation This section explains how to install an LX Series Communications server and place it into operation. Unpack and Inspect the Unit Place all packing materials back into the shipping carton and save the carton. (If you need to return the unit to MRV Communications or your distributor, you should return it in the original carton.) Package Contents The LX unit shipping carton contains the following items: • One rack mounting kit. MRV provides the following mounting screws: Eight 6-32 x 5/16” flathead screws for attaching the ears to the unit, and four 10-32 screws to attach to the rack. • One power cord appropriate to your particular LX model. • One 8-wire RJ-45 serial crossover cable. • One female DB-9 to RJ-45 adapter. • One software/documentation CD.Installing the LX Series 18 451-0308 LX Indicators and Interfaces This section explains the LX unit’s indicators and interfaces. Front Panel LEDs This section explains the front panel LEDs (see Figures 1 through 4). Figure 1 - LX Series 4008 Front Panel Figure 2 - LX Series 4016 Front Panel Figure 3 - LX Series 4032 Front Panel Figure 4 - LX Series 4048 Front Panel FLT OK 100 Mbps LED DIAG Port (Port 0) FLT OK Modem Port451-0308 19 Installing the LX Series FLT Solid red indicates a fault condition exists or maintenance is required. This LED remains on until the initial Power On Self Test (POST) completes successfully. OK Solid green indicates the system’s voltages are normal and the unit has passed the POST test. Port Status LEDs Each of the eight (or 16, or 32, or 48) green LEDs flash when receive, transmit, or status activity is detected on its corresponding serial port. The port status LEDs are used in several ways. During the initialization process, the LEDs indicate self-tests are being performed, and if any self-test fails, they indicate an error code. After a POST test and a system software boot, the lights indicate when a port is actively being used. Rear Panel LEDs This section explains the rear panel LEDs and shows you a rear view of the various LX models (see Figures 5 through 11). Figure 5 - LX Series 4008 Rear Panel 100-240VAC 1.0A 50/60Hz 1 2 3 4 5 6 7 8 10/100 ETHERNET DIAG RCV LINK 100 RCV 100 Mbps LED LINK DIAG Port (Port 0)Installing the LX Series 20 451-0308 Figure 6 - LX Series 4008M with Modem Rear Panel Figure 7 - LX Series 4016M with Modem Rear Panel 100-240VAC 1.0A 50/60Hz 10/100 ETH DIAG/MGMT 100 RCV 100 Mbps LED LINK RCV LINK TELCO LINE 1 2 3 4 5 6 7 8 10/100 Interface Modem Port DIAG Port (Port 0) 100-240VAC 1.0A 50/60Hz 9 10 11 12 13 14 15 16 DIAG 10/100 ETHNT 100 RCV 100 Mbps LED LINK 1 2 3 4 5 6 7 8 RCV LINK TELCO LINE 10/100 Interface Modem Port DIAG Port (Port 0)451-0308 21 Installing the LX Series Figure 8 - LX Series 4016 DC Version Rear Panel Figure 9 - LX Series 4032M with Modem Rear Panel 9 10 11 12 13 14 15 16 10/100 ETHERNET DIAG 100 RCV 100 Mbps LED LINK 1 2 3 4 5 6 7 8 RCV LINK -24/-48/-60 VDC 1.2 MAX + - A + - B DIAG Port (Port 0) 100-240VAC 1.0A 50/60Hz DIAG 1 0/1 0 0 E THN T 100 RCV 100 Mbps LED LINK RCV LINK TELCO LINE 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 10/100 Interface Modem Port DIAG Port (Port 0) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32Installing the LX Series 22 451-0308 Figure 10 - LX Series 4032M DC Version Rear Panel Figure 11 - LX Series 4048 AC Rear Panel RCV The RCV LED is one of two integral LEDs on the 10/100 jack. This yellow LED flashes to indicate receive activity on the link. LINK This green LED defaults to a link good indicator. If the link is present and operating, the LED comes ON. 100 Mbps This green LED indicates speed. If the link is 100 Mbps, the LED comes ON. On LX-4048 units, this LED is on the front of the unit. 10/100 ETHNT DIAG 100 RCV 100 Mbps LED LINK RCV LINK -24/-48/-60 VDC 1.2 MAX + - A + - B 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 DIAG Port (Port 0) 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 TELCO LINE 100-240VAC 1.0A 50/60Hz 10/100 ETH RCV LINK RCV LINK 10/100 Interface 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48451-0308 23 Installing the LX Series Environmental and Installation Considerations • Unit must be installed in an environment with 20% to 80% humidity, noncondensing, 0° - 40° C (32°-113° F). • Do not choose a location where the unit will be exposed to direct sunlight or subjected to vibration. • Do not place an object on the side(s) of the unit that might block airflow through the unit. • The unit may be front, rear, or center mounted. • There is no mounting difference between the 19” and 23” rack mount ears. Installing the LX Series 24 451-0308 Mounting the Unit into a 19-inch or 23-inch Rack Attach the brackets to the unit, and then mount the unit in the rack. Refer to Figure 12 for further information. Figure 12 - Mounting an LX Series in Rack The three bottom side screws hold the cover on the unit. To front-mount the unit, you must attaching the rack-mount brackets. Then insert the supplied screws through the brackets and into the same holes. remove the front and center top and bottom screws before If you reverse-mount the unit, remove the rear and center top and bottom screws, and insert the supplied screws through the rack-mount ears.451-0308 25 Installing the LX Series Cable Connections This section explains the cable connections for the LX unit. Connect the Power Cable Connect the supplied power cable to the rear of the LX unit and plug the other end into a 3-prong wall outlet. Connecting the Ethernet Interface NOTE: This port is set to auto negotiation by default. You can manually configure the port speed and duplex if you want. Refer to the LXSeries Commands Reference Guide for further details. Connect a cable (category 3 for 10 Mbps operation, category 5 for 10/100 Mbps operation) to the 10/100 connector on the rear of the LX Series (see Figure 5) and the other end to your network. The LINK LED comes on steady green if the cable is properly connected. Connect Serial Device Cables Connect the serial device cables to the 8-pin RJ-45 jacks on the rear of the unit. NOTE: LX Series serial ports provide concurrent support for RTS/CTS flow control and modem control. Refer to Appendix A and Appendix C for further information. Connecting Your Management Station Connect the management station to the DIAG port (port 0) using the connector and cable you received with the LX unit. Refer to “Connecting to the Diagnostic Port (Port 0)” in Appendix C for more information on DIAG port connections. Installing the LX Series 26 451-0308 Connecting DC Power This section describes how to connect power to the DC version of the LX Series 4008, 4016, and 4032. The LX-4048 model is made in an AC version only. Figure 13 - Connecting DC Power After you have installed the LX unit, you can connect the DC power as described in the following procedure (refer to Figure 13): 1. Connect the LX to the facility's bonding network, using the points on the rear panel of the LX. The connection to the facility's bonding network should be made per local practices, using wire with a minimum conductor size of 18 AWG. 2. Using a ¼-inch nut driver, remove the terminal block nuts. 3. Attach the facility’s “A” feed to the terminal block labeled “A”. NOTE: Be sure that the -48VDC is connected to the minus side, and the 48VDC return is connected to the plus side. 4. Attach the facility’s “B” feed to the terminal block labeled “B”. 5. Replace the nuts and tighten them securely. The DC leads should be 22 AWG or larger. They should be terminated with a #5 ring terminal or larger depending on the wire size used. -24/-48/-60 VDC 1.2 MAX + - A + - B451-0308 27 Installing the LX Series NOTE: The LX will run with only one DC power feed connected. The second input is provided for redundant system power, which is used in high reliability installations. 6. Attach the clear plastic safety guard to the terminal blocks. (The clear plastic safety guard is provided with the LX kit.) Modem Port (Optional) The modem port is a V.90/K56flex Kbps optional factory installed modem on the LX Series. The modem port allows you to dial in to or out of the LX. If the modem is present, connect your phone line to the modem’s RJ11 connector. If the modem is not installed, the RJ11 connector will not be present on the rear of the unit. In LX-4048M models, the modem port is on the front of the unit. The Modem port number is as follows for LX models: • LX-4008M - port number 9 • LX-4016M - port number 17 • LX-4032M - port number 33 • LX-4048M - port number 49 At the InReach:0>> prompt, enter the show port async 33 modem command to display a screen containing the LX-4032M modem port fields. Powering On The Power On Self Test (POST) starts when you apply power to the LX Series unit. The port status LEDs flicker and the FLT LED remains on while the test is running (this may take only a few seconds). If the unit passes the POST test, the FLT LED extinguishes, and the OK LED turns green. If there is a failure, the FLT LED stays on, and the port status LEDs begin flashing an error code. Refer to Appendix B for an explanation of the codes.Installing the LX Series 28 451-0308 When the POST test is completed, the Main menu appears. The system loads the IROS operating system from flash and then loads the system configuration file. The Main menu reappears. If you are booting from defaults, the Quick Configuration menu appears. Refer to the “System Maintenance” chapter in the LX-Series Configuration Guide for further information on the Main menu. Refer to “First Time Quick Configuration” on page 30 for further details on the Quick Configuration menu. Once the unit finishes loading the operating system, you can access the unit. At your management station, access the unit with any terminal emulation software. The terminal settings are 9600 baud, eight data bits, no parity, one stop bit, Xon/Xoff flow control, and terminal type ANSI. The Login: screen appears. System Login and Passwords The following username and passwords are the defaults the first time you use the LX Series. • The default login username is InReach (be sure to use a capital I and R). The default login password is access. • To enter the superuser mode at the InReach> prompt, enter enable. The default password is system.451-0308 29 Installing the LX Series These passwords prevent persons who do not know them from accessing the server. Change the default passwords to other values as part of your basic server setup. You can use any character or number in a password. However, backspace, tab, and escape are not supported. Refer to the “Password Enable” section in the Subscriber chapter of the LX-Series Commands Reference Guide for information on changing passwords. Resetting the Unit To reset the LX Series, use a paper clip to momentarily press the reset button, which is behind the small hole labeled R on the front panel. Refer to Figure 14 for the exact location. Figure 14 - LX Series RESET Switch Location When the LX Series enters the RESET state, all front panel LEDs illuminate. When you release the reset button, the unit begins to execute the Power On Self Test (POST). If the LX Series detects an error, the front panel LEDs illuminate to show an error code. This error sequence is repeated continually until the error is corrected or you power off the unit. During this time, no data is exchanged over the Ethernet cable or serial ports. IMPORTANT If you change the default password for the superuser, make sure that the new password is written down in a safe location. If you forget the password, the server will need to be reset to factory default settings. See “ppciboot Factory Default Settings” on page 43. Reset SwitchInstalling the LX Series 30 451-0308 If the LX Series does not detect an error, the unit begins loading software from the internal flash. Once loaded, the LX Series resumes normal operations. Configuring the LX Unit for the First Time You can choose from four options to configure the unit for the first time: • First Time Configuration Utility - The first time an LX unit boots up at default parameters, you are presented with the option to run the Initial Connectivity setup. Enter y and press . Refer to “First Time Quick Configuration” on page 30 for further details. • Assign the IP Address via the Network - Refer to “Assigning an IP Address via the Network” on page 33 for further details. Use this option if your network is using DHCP, BOOTP, or RARP. • Creating and Loading a Default Configuration File - Refer to “Applying Default Configurations to Other Units” in the LX-Series Configuration Guide. • Configuring the LX Manually via the CLI - Refer to “Upgrading Software with the ppciboot Main Menu” in the LX-Series Configuration Guide. First Time Quick Configuration NOTE: The first time quick configuration runs only on the DIAG port (port 0) on all models when booting from default parameters. The DIAG port (port 0) of the LX-4008, LX-4016, and LX-4032 is on the rear of the unit. The LX-4048 DIAG port (port 0) is on the front of the unit. NOTE: Display problems may occur during bootup when you attach a VT420 terminal to the DIAG port (port 0) and the VT420 display setup is configured to Smooth-2 Scroll. To avoid this, change the VT420 scroll setting to Jump Scroll.451-0308 31 Installing the LX Series Use the following procedure to configure your LX unit for the first time. 1. Plug in the terminal at the DIAG port (port 0 - port values are 9600 bps, eight data bits, one stop bit, no parity, and Xon/Xoff flow control). The Main Menu appears. 2. Press b to boot the LX unit. The setup takes a minute or two. The The unit has loaded to factory defaults, would you like to run Initial Connectivity Setup? y/n message appears. 3. Press y (yes) and press . The Superuser Password prompt appears. 4. Enter password system. The Quick Configuration menu appears: 5. Press the number corresponding to the parameter you want to set. 6. Enter the appropriate information and press to return to the Quick Configuration menu. Once you enter a parameter value, a data entry line specific to that parameter appears on the Quick Configuration menu. 7. Continue in this way through the menu, configuring as many parameters as you want. You are not required to configure all parameters. Quick Configuration menu 1 Unit IP address 2 Subnet mask 3 Default Gateway 4 Domain Name Server 5 Domain Name Suffix 6 Superuser Password 7 Exit and Save Enter your choice: Installing the LX Series 32 451-0308 NOTE: You should change the Superuser Password, since this is the first time you are configuring the LX unit (the default password is system). 8. Press 7 (Exit and Save) to save your changes. The Is this information correct? message appears. 9. Press y (yes) and press . The Save this information to flash? message appears. 10. Press y (yes) and press . The information is saved to flash. 11. Press several times to display the Login: prompt. 12. Enter your login name. The default is InReach. 13. Enter your password. The default is access. You can now use the LX unit. NOTE: The login username and password are case-sensitive. Completing the First Time Configuration Once configured, the system stores the configuration in a file called Config.prm by default. From here you can continue configuring the unit via the CLI, Telnet, SSH, or by using the web browser. CONFIGURATION SUMMARY 1 Unit IP address 10.80.1.5 2 Subnet mask 255.0.0.0 3 Default Gateway 4 Domain Name Server 5 Domain Name Suffix 6 Superuser Password Not Changed 7 Exit and Save Is this information correct? (y/n) : 451-0308 33 Installing the LX Series • To use the CLI, refer to Figure 16 for the CLI tree structure and to the LX-Series Commands Reference Guide for information on specific commands. • To use Telnet, refer to “Connecting to the LX Series via Telnet or SSH” on page 39. • To use the web browser, refer to “Accessing and Configuring the Graphical User Interface (GUI)” on page 33. Assigning an IP Address via the Network The LX is an intelligent unit; if you are running DHCP, BOOTP, or RARP the LX obtains its own IP information automatically while it boots. Once the unit has been assigned an IP address from your network, you can configure the unit. • To use the CLI, refer to Figure 16 for the CLI tree structure and to the LX-Series Commands Reference Guide for information on specific commands. • To use Telnet, refer to “Connecting to the LX Series via Telnet or SSH” on page 39. • To use the web browser, refer to “Accessing and Configuring the Graphical User Interface (GUI)” on page 33. Accessing and Configuring the Graphical User Interface (GUI) This section describes how to access and configure the LX GUI. To perform this procedure, you need a PC with Java Runtime Environment (JRE) 1.4 or later installed. NOTE: For optimum GUI performance, MRV Communications recommends that your PC run at 500 Mhz or better. The minimum requirement for desktop color settings is 256. To access the GUI, do the following:Installing the LX Series 34 451-0308 1. At your browser, type the IP address or hostname of your LX unit. The LX Series Configuration Console page appears. NOTE: Make sure that your PC has access to the World Wide Web. You may need to download the latest release of the Java plug in to your PC. This download is performed automatically if the GUI sees that the plugin version is out of date, or not available at all. If for some reason your PC does not download the Java plug-in automatically, click on the Download JRE 1.4: link and install the software manually from the http://java.sun.com web site.451-0308 35 Installing the LX Series 2. When you select Encrypted Console or Not Encrypted Console at the LX Series Configuration Console page, and the system detects that you do not have the proper version of JRE installed, a Security Warning window appears, asking if you want to install and run JRE plug-in version 1.4 or later. Choosing Encrypted Console means the GUI will run slower, but with security. Encrypted Console also requires Java Runtime Environment 1.4 or later. Choosing Not Encrypted Console means the GUI will run faster, but without security. Not Encrypted Console requires Java Runtime Environment 1.3 or later. 3. Click Yes. The plugin is downloaded and then the installation begins. A Java Runtime Environment window appears after about two minutes. NOTE: It may take longer for your PC to download JRE 1.4 (about 10 MB) depending on the speed of your connection. 4. Follow the defaults to the end of the install. The LX Series Configuration Console page reappears, now with the MRV icon visible.Installing the LX Series 36 451-0308 NOTE: The java cache in JRE 1.4 is set ON by default. There is a known problem within JRE 1.4 regarding cache functionality, which requires you to disable the cache. On your Windows machine, select Start: Programs: Settings: Control Panel, open the Java Plug-in 1.4.0 icon, and click the Cache tab. At the Cache window, click the Clear Cache button and uncheck the Enable Caching checkbox. Click OK. 5. Double-click on the larger MRV icon to open the GUI. A login window appears.451-0308 37 Installing the LX Series 6. Enter your Username and Password, and click Login. NOTE: By default, authentication is done against the LX local user database. To start, use the known username InReach and password access. 7. Click the Admin button on the tool bar and log in with the default Superuser password system. You can now configure the unit via the GUI. 8. Click on the menus on the left side of the window. For example, selecting Ports: Async opens the Async ports window:Installing the LX Series 38 451-0308 Software Upgrades To upgrade software using the ppciboot menu, refer to “Upgrading Software with the ppciboot Main Menu” in the LX-Series Configuration Guide. To upgrade software using the CLI, refer to “Upgrading Software and ppciboot with the Command Line Interface” in the same manual. IP Configuration Menu For details on using the IP Configuration Menu, refer to “Using the IP Configuration Menu” in the LX-Series Configuration Guide. Booting from Defaults For information on how to boot your unit from defaults, refer to “Booting from Defaults” in the LX-Series Configuration Guide.451-0308 39 Installing the LX Series Accessing and Configuring Additional Features The following sections describe additional LX features you can access and configure. Connecting to the LX Series via Telnet or SSH Telnet Directly into the Communication Server NOTE: The default telnet port is 23. The default SSH port is 22. 1. Telnet to the unit from your machine. 2. Enter your subscriber login name, then your password. 3. If you entered the password correctly, the user> prompt is displayed. Connecting to a Serial Port NOTE: For example, devices connected to serial ports 1-32 on the LX-4032 are assigned telnet port numbers 2100-5200 by default. The corresponding SSH port numbers are 2122-5222. You can gain telnet/ssh access to a serial device by using the LX IP address and default port number of that serial port. Changing the Telnet Port To change the interface telnet port number, use the following commands: InReach> enable Password> system InReach>> config Config:0>> interface 1 Intf 1-1:0>> telnet port # NOTE: If you change the port number, be sure not to use a socket number assigned to another application or daemon.Installing the LX Series 40 451-0308 Accessing from a Terminal Attached to an LX Series Serial Port Use the following procedure to access the command line interface port from a dumb terminal attached to an LX Series serial port, which is set for access local, or dynamic: 1. Hit the return key several times to autobaud (if autobaud is enabled) the port and get the Login: prompt. 2. Enter your login name. The default is InReach. 3. Enter your password. The default is access. Additional Considerations Other considerations include the following: • Setting up users • Authentication/Security • Configuring modem settings For further information on these issues, refer to the LX-Series Commands Reference Guide, and to the Support area of the MRV website at www.mrv.com. Sensor (Temperature/Humidity) Ports You can configure ports to act as temperature and humidity monitors when connected to an In-Reach Temperature/Humidity Sensor. The Temperature/ Humidity Sensor provides an accurate measurement of the temperature/ humidity in the area in which your LX Series unit is placed. The following section explains how to connect and install the sensor. Connecting the Temperature/Humidity Sensor A 10’ Male RJ-45 to Male RJ-45 straight-through cable (P/N MX-151-3027) connects the temperature/humidity sensor to an LX async port. The LX unit can be configured to support the sensor on any async port other than the DIAG port (port 0).451-0308 41 Installing the LX Series To connect the sensor: 1. Connect one end of the RJ-45 double-ended straight through cable to the temperature/humidity sensor. The maximum length of this cable is 500 feet. 2. Connect the other end to any port you have configured as a sensor port. Figure 15 - Connecting the Temperature/Humidity Sensor You must change the port’s “access” to “sensor” before performing any monitoring. Use the following command, in the Async Port Configure Mode, to configure asynchronous port 4 as a Sensor Port: Async 4-4:0>>access sensor Once the sensor is enabled, you can check the temperature with the following command: InReach:0>> show port async 4 status 100-240VAC 1.0A 50/60Hz 9 10 11 12 13 14 15 16 DIAG 1 0/1 0 0 E THN T 100 1 2 3 4 5 6 7 8 RCV LINK TELCO LINE 15 33 34 RJ45 Double-Ended Straight-Through CableInstalling the LX Series 42 451-0308 3. You can also monitor the temperature/humidity remotely through the LX CLI. Refer to the LX-Series Commands Reference Guide for a detailed explanation of the commands used to configure and view your temperature/humidity sensor through the CLI interface. Command Line Interface (CLI) Tree Structure The command line interface structure is designed to be as intuitive as possible. Refer to “Navigating the LX Command Line Interface (CLI)” in the LX-Series Commands Reference Guide for detailed information on the menu tree modes. See Figure 16 for the CLI menu structure. Figure 16 - Basic Menu Structure Configuration Notification Interface Broadcast Group Subscriber SNMP Menu User Superuser Enter “enable” command and login to Superuser command mode Cconfiguration Nnotification Mmenu Ssnmp Ssubscriber Iinterface Ibroadcast group PPP Modem Ethernet Async Pppp Mmodem Pport ethernet Pport async Oopen Menu Editing451-0308 43 Installing the LX Series ppciboot Factory Default Settings The following table lists the factory default settings. NOTE: For defaults on specific commands, refer to the LX-Series Commands Reference Guide. Each LX Series unit is configured at the factory to use a default set of initialization parameters that sets all ports to operate with asynchronous ASCII terminal devices. Main Menu Configuration Factory Default Setting Boot from Network yes Save boot image to flash no Boot from flash yes Time Out, in seconds 8 IP Configuration Menu Configuration Factory Default Setting IP Assignment method #1 DHCP IP Assignment method #2 BOOTP IP Assignment method #3 RARP IP Assignment method #4 User DefinedInstalling the LX Series 44 451-0308 Additional Considerations for an Internet Environment If you plan to use the unit in an Internet environment, you must define addressing and identification characteristics to enable Internet hosts to recognize the unit as a member of the network. Using ppciboot, an LX-Series unit can be configured to obtain an IP address and other parameter values from the network when the unit boots. Autobauding Feature Autobaud is disabled on all ports. The administrator can enable autobaud on a per-port basis, except for the DIAG port (port 0). Default settings for the DIAG port (port 0) are 9600/8/N/1. Reinitializing/Powering Off the Unit To reinitialize the unit, enter the following command from the superuser mode: reload To power off the unit, disconnect the power cord.451-0308 45 Appendix A Technical Specifications The following table provides the specifications for the LX Series. Table 1 - LX Series Specifications Item Description Terminal Signals Transmit Data, Receive Data, Signal Ground, Data Set Ready/Data Carrier Detect (DSR/DCD), Data Terminal Ready (DTR), Clear-to-Send (CTS), and Request-to-Send (RTS). Supports concurrent modem control. Terminal Cabling Modular RJ-45 DTE Serial Line Speed LX Series - 134 bps to 230 Kbps Number of Serial Ports LX 4008 - 8 ports LX 4016 - 16 ports LX-4032 - 32 ports LX-4048 - 48 ports Modem (optional) V.90/K56flex 56 Kbps LEDs FLT, OK, Port Status LEDs 1-8 (1-16 on 16 port, 1-32 on 32 port, 1-48 on 48 port), 10/100 Ethernet RCV, 10/100 Ethernet Link, 100Mbps speed Controls Reset push button switchTechnical Specifications 46 451-0308 Dimensions Height Depth Width LX Series 4.1 cm (1.62 in), LX-4048 - 4.34 cm (1.71 in) 21.5 cm (8.5 in) 48.2 cm (19 in) Weight LX 4008 - 2.7 kg (6.0 lbs.) LX-4016 - 3.06 kg (6.75 lbs.) LX-4032 - 3.4 kg (7.5 lbs) LX-4048 - 3.47 kg (7.65 lbs) Processor/Speeds 66 (100 for 32-port) Mhz RISC processor with integral communications co-processor. LX-4008 - 2 RISC asynchronous communication coprocessors @ 60 Mhz. LX-4016 - 4 RISC asynchronous communication coprocessors @ 60 Mhz. LX-4032 - 8 RISC asynchronous communication coprocessors @ 60 Mhz LX-4048 - 12 RISC asynchronous communication coprocessors @ 60 Mhz Memory 8 MB Flash, 64MB SDRAM (128MB for LX-4032 and LX- 4048). Environment 5% to 90% humidity, noncondensing Operating Temperature: 0 - 40°C (32° - 113° F) Storage Temperature: -40 to 85°C (-40 to 185° F) Input Voltage 100 - 240 VAC 50 - 60 Hz (All LX Series)451-0308 47 Technical Specifications Power Requirements LX-4008 AC - 11W, (38BTU/hr) 0.09A at 120V (typ), 11W 0.05A at 220V (typ) LX-4008 DC - -48VDC Nominal, -20VDC to -72VDC Operating Range, 1A @ -48VDC, Dual Feed, 165 BTU/hr LX-4016 AC - 14W, (47.8 BTU/hr) 0.11A at 120V (typ), 14W 0.06A at 220V (typ) LX-4016 DC - -48VDC Nominal, -20VDC to -72VDC Operating Range, 1.2A @ -20VDC, Dual Feed, 165 BTU/ hr LX-4032AC - 23W, (79 BTU/hr) 0.19A @ 120V (typ), 0.105A @ 220V LX-4032DC - -48VDC Nominal, -20VDC to -72VDC Operating Range, 0.6A @ 48VDC, Dual Feed, (99 BTU/hr) LX-4048AC - 41W, (140 BTU/hr) 0.24A @ 120V (typ), 0.13A @ 220V Minimum Software Requirements LX-4008S requires V2.0.0 or greater, LX-4016S requires V2.0.1 or greater, LX-4032 requires V2.2.0 or greater, LX- 4048 requires V3.0.0 or greater. Ethernet Interface 10/100 TX, Auto/10/100 Mbps duplex half full auto Real Time Clock Battery 32.768KHz crystal Lithium coin cell battery CR2032 or equivalent. Capacity is 200mAH. Power down shelf-life 1 year at 20 0 C.Technical Specifications 48 451-0308451-0308 49 Appendix B POST Test Error Codes Error Code Definitions The following table provides the definitions for the LX Series POST test error codes. Table 2 - POST Test Error Codes Error Definition Error Code (in Hexadecimal) Real Time Clock does not work properly 1010 Reading Invalid Default Value from CPLD Diagnostic Register 2010 Reading Invalid Default Value from Expansion CPLD Diagnostic Register 2011 Reading Invalid Pattern Value from CPLD Diagnostic Register 2020 Reading Invalid Pattern Value from Expansion CPLD Diagnostic Register 2021 Reading Invalid Value from CPLD System Fail Status Register 2030 AC FAIL bit is set in the CPLD System Fail Status Register 2031 +12VFAIL bit is set in the CPLD System Fail Status Register 2033 -12VFAIL bit is set in the CPLD System Fail Status Register 2034POST Test Error Codes 50 451-0308 CPLD FAIL bit is set in the CPLD System Fail Status Register 2035 DC_A bit is set in the CPLD System Fail Status Register 2037 DC_B bit is set in the CPLD System Fail Status Register 2038 Watchdog Timer Failed 2040 Invalid HW Type 2050 Fast Ethernet Controller (FEC) Reset Delay Timeout 3010 Fast Ethernet Controller (FEC) Transmission Failed Timeout 3020 Fast Ethernet Controller (FEC) Reception Failed Timeout 3030 Fast Ethernet Controller (FEC) Invalid Data Received 3040 CD1400 Reset delay timeout for Quadart 1 4110 CD1400 Reset delay timeout for Quadart 2 4120 CD1400 Reset delay timeout for Quadart 3 4130 CD1400 Reset delay timeout for Quadart 4 4140 CD1400 Reset delay timeout for Quadart 5 4150 CD1400 Reset delay timeout for Quadart 6 4160 CD1400 Reset delay timeout for Quadart 7 4170 CD1400 Reset delay timeout for Quadart 8 4180 CD1400 Loopback operation timeout for Quadart 1 4210 CD1400 Loopback operation timeout for Quadart 2 4220 CD1400 Loopback operation timeout for Quadart 3 4230451-0308 51 POST Test Error Codes POST Test Error Code Sample NOTE: This example applies to 8, 16, 32, and 48 port LX units. The 16, 32, and 48 port LX units use only the first eight LEDs when generating error codes. The following sample illustrates the Port Status LED sequence for Error 2030 (Reading Invalid Value from PLD System Fail Status Register) on the LX-4008. In this example: CD1400 Loopback operation timeout for Quadart 4 4240 CD1400 Loopback operation timeout for Quadart 5 4250 CD1400 Loopback operation timeout for Quadart 6 4260 CD1400 Loopback operation timeout for Quadart 7 4270 CD1400 Loopback operation timeout for Quadart 8 4280 CD1400 Invalid Data Received for Quadart 1 4310 CD1400 Invalid Data Received for Quadart 2 4320 CD1400 Invalid Data Received for Quadart 3 4330 CD1400 Invalid Data Received for Quadart 4 4340 CD1400 Invalid Data Received for Quadart 5 4350 CD1400 Invalid Data Received for Quadart 6 4360 CD1400 Invalid Data Received for Quadart 7 4370 CD1400 Invalid Data Received for Quadart 8 4380 Memory Error at (printing address) 5010 Memory Data Bus Failed 5020 Memory Address Bus Failed High 5030 Memory Address Bus Failed Low 5040POST Test Error Codes 52 451-0308 1. A POST test failure occurs on an 8-port unit. All LEDs flash eight times, very quickly, then the error code is displayed. 2. You record that LED 3 turns on. Again, all LEDs flash eight times very quickly, then the rest of the error code is displayed. 3. You record that LEDs 3 and 4 turn on. Figure 17 explains how to interpret the sample error code. NOTE: In hexadecimal, 0 indicates the LED is OFF. 1 indicates the LED is ON. Each group of four LEDs is converted to a hexadecimal value as follows: • 0 = 0000 • 1 = 0001 • 2 = 0010 • 3 = 0011 • 4 = 0100 • 5 = 0101 • 6 = 0110 • 7 = 0111 • 8 = 1000 • 9 = 1001 • A = 1010 • B = 1011 • C = 1100 • D = 1101 • E = 1110 • F = 1111451-0308 53 POST Test Error Codes Figure 17 - POST Test Error Code Sample 1 - All flash for 2 seconds 2 - High error code (20 Hex) 3 - Cycle 1 through 8 4 - Low error code (30 Hex) 5 - All extinguished 1 2 3 4 5 6 7 8POST Test Error Codes 54 451-0308451-0308 55 Appendix C Cabling the LX Series Cabling Considerations Standard cabling items available from MRV Communications allow you to connect to any serial device that uses male or female DB-25 or DB-9 connectors. All you need is the appropriate modular cable (crossover cable for connecting to a DTE device, straight-through cable for connecting to a DCE device), and the correct modular adapter (male or female DB-25 connector), which is essentially an RJ-45-to-DB25 adapter. Serial Device Connectors The signal assignments of the 8-pin jacks are shown in Figure 18. Figure 18 - Serial Device Connector (RJ-45) Signal Assignments Diagnostic Port Connector (Port 0) The pinout for the Diagnostic Port connector is the same as that of the serial connector. 1 2 3 4 5 6 7 8 8 7 6 5 4 3 2 1 Rj-45 Jack (Female) Rj-45 Plug (Male) Pin Signal 1 CTS 2 DTR 3 TXD 4 SGND 5 SGND 6 RXD 7 DSR 8 RTSCabling the LX Series 56 451-0308 10/100 Connector Figure 19 shows the standard 10/100 (RJ-45 jack) connector signal assignments. Figure 19 - 10/100 Connector Assignments Ordering Cables MRV Communications also supplies crossover cables and modular adapters for use with all LX Series units. To order cables, adapters or other cabling accessories from MRV Communications, contact your Sales representative or distributor. Modular Adapters MRV Communications provides the following modular adapters for use with LX-series units: • Female DB-9 (PN MX-350-0308) • Female DB-25 (PN MX-350-0181) • Male DB-25 (PN MX-350-0179) – supports RING • Male DB-25 (PN MX-350-0180) – supports RTS/CTS This section describes the pinouts and wiring of the MRV-supplied DB-25 adapter. 8 7 6 5 4 3 2 1 Pin Signal 1 TX+ 2 TX- 3 RX+ 4 No Connect 5 No Connect 6 RX- 7 No Connect 8 No Connect451-0308 57 Cabling the LX Series Pin Assignments The following table shows the pinouts for the DB-25 cable. Pin Signal 1 Cable Shield 2 Transmit Data 3 Receive Data to DCE 4 RTS (Request to Send) 5 CTS (Clear to Send) 6 DSR (Data Set Ready) 7 Signal Ground 8 Data Carrier Detect 9 Unused 10 Unused 11 Unused 12 Unused 13 Unused 14 Unused 15 Unused 16 Unused 17 Unused 18 Unused 19 Unused 20 Data Terminal Ready 21 UnusedCabling the LX Series 58 451-0308 Figure 20 shows serial DB-25 pin assignments. Figure 20 - DB-25 Pins 22 Ring Indicate 23 Unused 24 Unused 25 Unused 14 DB-25 (Male) DB-25 (Female) 25 1 13 25 14 13 1451-0308 59 Cabling the LX Series Ordering and Installing the Inlet Connector Lock You can use an inlet connector lock to lock the AC power cord to the LX Series unit. MRV Communications does not supply this lock. You can order the connector lock (part number 85910020) from Panel Components Corporation. The web address at which you can order the connector lock is: www.panelcomponents.com/first.html. See Figure 21 for installation instructions. Figure 21 - Installing the Inlet Connector Lock Connecting to the Diagnostic Port (Port 0) NOTE: Display problems may occur during bootup when you attach a VT420 terminal to the DIAG port (port 0) and the VT420 display setup is configured to Smooth-2 Scroll. To avoid this, change the VT420 scroll setting to Jump Scroll. Connect the provided serial port cable to the DIAG connector (port 0), and the other end to your terminal. You can use this direct connect serial link to send commands to the boot loader and diagnostics. This port is used to log system messages during bootup. You can also use port 0 to manage and configure the LX once the unit completes the bootstrap process. 90-250VAC 1.0A 50/60Hz Insert two 4-40 x 1/4” Philips screws here. Do not tighten. 1 Slide the connector lock ears under the screw heads. Tighten the screws. 2 Plug in the power cord (not shown). 3 Tighten the screw beneath the connector lock. 4Cabling the LX Series 60 451-0308 Modem Control/Hardware Flow Control LX Series serial ports can be set up to support RTS/CTS flow control. The adapters shown in Figure 22 and Figure 23 illustrate RTS/CTS flow control for DTE devices using DB25 and DB9 connectors. Figure 24 illustrates RTS/CTS flow control for a DB-25 connector on a DCE device like a modem. LX Series serial ports can also be set up to support modem control (except for the DIAG port (port 0)). Figures 22, 23, and 24 support modem control as needed. Only Figures 23 and 24 support concurrent modem control and RTS/CTS flow control between the LX Serial Port and the attached device. The adapter shown in Figure 24 supports modem control. NOTE: You would use a "null-modem" cable when making a direct connection between the serial ports of two communication servers (i.e., no modems involved) or other DTE device. For that application, use a DTE-to-DTE cable. RJ-45 Wiring Considerations You should give special consideration to the wiring scheme when connecting a device such as a terminal to a LX Series serial port. The LX Series is considered a DTE device. To connect to another DTE device such as a terminal, you will need crossover wiring, as shown in Figure 22 and Figure 23. When a DCE device is connected to an LX Series serial port, straight-through wiring is required, as shown in Figure 24. NOTE: In general, an ethernet CAT3/CAT5 may introduce noise due to the crossing of pins 3 and 6 (transmit and receive). Flat eight wire cables are recommended. 451-0308 61 Cabling the LX Series Modular Adapters (RJ-45 to DB-25) You can obtain adapters with male and female DB-25 connectors from MRV Communications. These adapters direct signals from the RJ-45 connector on the cable to the correct pin on the DB-25 connector. Figure 22, Figure 23, and Figure 24 show how devices are cabled when you use these adapters. Figure 22 - Adapter Wiring, LX Series to DTE CTS DTR XMT GND RCV DCD DSR RTS Female RJ-45 Connector Female DB-25 Connector DTE Device Pin Signal Adaptor Wiring - MX-350-0181 (Female RJ-45 to female DB-25) Male RJ-45 Connector Male RJ-45 Connector Crossover Cable MAXserver Connector 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 5 20 2 7 3 8 6 4 CTS/RING DTR XMT XMTGND RCVGND RCV DSR * RTS Male RJ-45 Male RJ-45 Female RJ-45 Female RJ-45 Female DB-25 Crossover Cable MAXserver Connector Modular Adaptor To DTE DTE Cable * (See Note, Page 5.) LX Series LX Series MX-151-3028 CTSCabling the LX Series 62 451-0308 Figure 23 - Adapter Wiring, RJ-45 to DB-9, LX Series to DTE CTS DTR XMT G ND RCV DCD DSR RTS Female RJ-45 Connector Female DB-25 Connector DTE Device Pin Signal Adaptor Wiring - MX-350-0181 (Female RJ-45 to female DB-25) M ale RJ-45 Connector M ale RJ-45 Connector Crossover Cable M AXse rve r Connector 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 5 20 2 7 3 8 6 4 CTS/RING DTR XMT XMTGND RCVGND RCV DSR * RTS Male RJ -45 Male RJ -45 Female RJ -45 Female RJ -45 Female DB-25 Crossover Cable M AXse rve r Connector M odula r Adap tor To DTE DTE Cable * (See Note, Page 5.) LX Series LX Series DB-9 DB-9 Cable DCD 0308 Male DB-9) 8 7 1 2 5 3 4 RTS 8 6 DSR451-0308 63 Cabling the LX Series Figure 24 - Adapter Wiring, LX Series to DCE LX Series Connector Female RJ-45 Male RJ-45 Male RJ-45 Straight Through Cable Female RJ-45 Modular Adaptor Modem Cable Male DB-25 To Modem 1 2 3 4 5 6 7 8 5 20 2 7 3 8 4 Female RJ-45 Connector Male DB-25 Connector DCE Device Pin Signal CTS DTR XMT GND RCV DCD RTS Adaptor Wiring MX-350-0180 (Female RJ-45 to male DB-25) 1 2 3 4 5 6 7 8 Male RJ-45 Connector CTS DTR XMT GND GND RCV DCD RTS Straight Through Cable 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Male RJ-45 Connector LX Series Connector Supports RTS/CTS MX-151-3027Cabling the LX Series 64 451-0308 NOTE: In order to expand the functionality of the serial interface, the LX Series modular cabling allows you to connect different signals to pin 7 of the LX Series. (This pin is an input to the LX Series.) When a DCE device is connected to an LX Series serial port, the device's DCD output is connected to pin 7. In this case, the signal at pin 7 is referred to as DCD. DCD is used here for session control only, not for flow control. When a DTE device is connected to an LX Series serial port, the device's DTR output is connected to pin 7 of the LX Series. In this case, the signal at pin 7 is referred to as DSR. (This cabling scheme also provides DECconnect compatibility, since DECconnect does not support the DCD signal.) MRV Communications 8-Wire Cabling This cabling scheme provides XMT, RCV, DCD/DSR, DTR, RTS, CTS, and two signal ground wires. This cabling is provided through RJ-45 connectors. Using this cabling scheme you can concurrently use modem control and RTS/CTS hardware flow control, since there are four control signals. This scheme is useful with relatively high speed devices, complex modem control applications. In Figure 25, one signal is referred to as CTS. The CTS signal designation refers to the signal observed at pin 1 of each serial port. Pin 1 is multiplexed to these signals. This scheme is useful with the following applications: • Terminal emulation and file transfer applications, such as Kermit, Xmodem, Microphone, etc. • Applications such as PPP using low speed modems. • Applications such as PPP using high speed modems. • Applications using CCITT V.42-compliant modems, or other devices operating at high port speeds.451-0308 65 Cabling the LX Series Figure 25 - Modular Cables for RTS/CTS Flow Control (Eight-Wire), Concurrent with Modem Control Signalling Communication Ser ver Connec tor Modular Adapt or To Modem St raight T hrough Cable Female RJ-45 Connector Male DB-25 Connector CTS DTR XMT G ND RCV DCD RTS Male RJ-45 Connector Male RJ-45 Connector St raight T hrough Cable Adaptor Wiring - MX-350- 0180 ( F emale RJ -45 t o male DB-25) CTS/RING DTR XMT XMTGND RCVGND RCV DCD RTS Modem connec tor Pin Signal 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 5 20 2 7 3 8 4 Female RJ-45 Connector RTS/CTS Modem Connection Communication Ser ver Connec tor Modular Adapt or To Modem St raight T hrough Cable Female RJ-45 Connector Male DB-25 Connector CTS DTR XMT G ND RCV DCD RTS Male RJ-45 Connector Male RJ-45 Connector St raight T hrough Cable Adaptor Wiring - MX-350- 0180 ( F emale RJ -45 t o male DB-25) CTS/RING DTR XMT XMTGND RCVGND RCV DCD RTS Modem connec tor Pin Signal 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 5 20 2 7 3 8 4 Female RJ-45 Connector RTS/CTS Modem Connection LX Series Connector CTSCabling the LX Series 66 451-0308451-0308 67 INDEX Numerics 10/100 connectors 56 8-wire cabling 64 A adapter wiring 61 adapters 61 autobauding feature 44 C cables ordering 56 cabling 25, 45 signals 64 command recall 14 configured 43 configuring the LX unit for the first time 30 connecting DC power 26 connecting the power cable 25 connecting to a serial port 39 controls 45 conventions 13 crossover cables 55 D DB-25 connectors 61 DB-25 pin assignments 64 DC power connecting 26 diagnostic port connector 55 dimensions 46 DTE devices connecting to LX Series 64 DTE wiring 61 E environment 23, 46 environmental considerations 23 error code definitions 49 ethernet connection 25, 47 F first time quick configuration 31 flow control 60 FLT - fault LED 19 front panel LEDs 18 G Graphic User Interface (GUI) accessing 33 H hardware installation 17 help key 14 I iBoot factory default settings 43 inlet connector lock installing 59 ordering 59 installation hardware 17 installing Java Runtime Environment (JRE) 34 Installing the LX Series site requirements 45 internet access IP addresses 44 internet environment 44 IP address assigning via the network 33 IP information obtaining 33 J Java installing 34 java cache turning off 36 L LED fault 19INDEX 68 451-0308 link 22 OK 19 receive 22 speed 22 LEDs 19, 29, 45 port status 19 LINK LED 22 login username 28 default 28 LX Indicators 18 LX series 4008 rear panel 19 4008 w/modem rear panel 20 4016 DC rear panel 21 4016 w/modem rear panel 20 4032 DC rear panel 22 4032 w/modem rear panel 21 4048 AC rear panel 22 about 13 LX Series ports accessing from a terminal 40 LX Unit configuring for the first time 30 LX-4008S front panel 18 LX-4016 front panel 18 LX-4032 front panel 18 LX-4048 front panel 18 M management station connecting to 25 memory 46 menu tree structure 42 minimum software requirements 47 modem 45 modem port 27 modular adapters 56 O OK LED 19 organization of user guide 11 P package contents 17 Passwords 28 passwords 28 defaults 28 pinouts DB-25 57, 64 RJ-45 64 RJ-45 jacks 55 port status LEDs 19 ports 40 POST test error code sample 51 power cable 25 power on self test (POST) 27 power requirements 47 powering on 27 ppciboot factory default settings 43 processor 46 prompts 13 Q quick configuration first time 31 R rack-mounting the unit 24 RCV LED 22 real time clock 47 clock battery 47 rear panel connections 19 LEDs 19 reinitializing/powering off the unit 44 RESET switch 29 resetting the unit 29 RJ-45 jacks 25 wiring 60451-0308 69 INDEX S sensor ports 40 serial device cables connecting to RJ-45 jacks 25 serial ports number of 45 signals 45 speed LED 22 speeds 45 system login 28 system specifications 15 T tab button 14 technical specifications 45 telnet directly to the communication server 39 telnet port changing 39 temperature/humidity sensor connecting the 40 turning off java cache 36 typographical conventions 14 U Unpacking and inspecting the unit 17 V voltage 46 W weight 46 wiring schemes for RJ-45 60 LX-Series Commands Reference Guide 451-0310E Corporate Headquarters MRV Communications, Inc. Corporate Center 20415 Nordhoff Street Chatsworth, CA 91311 Tel: 818-773-0900 Fax: 818-773-0906 www.mrv.com (Internet) Sales and Customer Support MRV Americas 295 Foster Street Littleton, MA 01460 Tel: 800-338-5316 (U.S.) Tel: +011 978-952-4888 (Outside U.S.) sales@mrv.com (email) www.mrv.com (Internet) MRV International Industrial Zone P.O. Box 614 Yokneam, Israel 20682 Tel: 972-4-993-6200 sales@mrv.com (email) www.mrv.com (Internet)2 451-0310E All rights reserved. No part of this publication may be reproduced without the prior written consent of MRV Communications, Inc. The information in this document is subject to change without notice and should not be construed as a commitment by MRV Communications, Inc. MRV Communications, Inc. reserves the right to revise this publication and to make changes in content from time to time, without obligation to provide notification of such revision or changes. MRV Communications, Inc. assumes no responsibility for errors that may appear in this document. Copyright © 2003 by MRV Communications, Inc. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptosoft.com). This product includes software written by Tim Hudson (tjh@cryptosoft.com). Service Information Should you experience trouble with this equipment, please contact one of the following support locations: • If you purchased your equipment in the Americas, contact MRV Americas Service and Support in the U.S. at 978-952-4888. (If you are calling from outside the U.S., call +011 978-952-4888.) • If you purchased your equipment outside the Americas (Europe, EU, Middle-East, Africa, Asia), contact MRV International Service and Support at 972-4-993-6200.451-0310E 3 Secure Shell Disclaimer THE SECURE SHELL SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.451-0310E 5 Table of Contents Preface ................................................................................................................ 21 Conventions ................................................................................................................................. 22 Using the Function Keys ............................................................................................................. 22 Navigating the LX Command Line Interface (CLI) .................................................................... 23 User Command Mode ............................................................................................................ 24 Superuser Command Mode ...................................................................................................25 Configuration Command Mode .............................................................................................25 Asynchronous Command Mode ............................................................................................ 26 Ethernet Command Mode ...................................................................................................... 26 PPP Command Mode ............................................................................................................. 27 Modem Command Mode ....................................................................................................... 27 Subscriber Command Mode .................................................................................................. 27 SNMP Command Mode ........................................................................................................ 28 Interface Command Mode ..................................................................................................... 28 Menu Command Mode .......................................................................................................... 28 Menu Editing Command Mode .............................................................................................29 Notification Command Mode ................................................................................................ 29 Broadcast Group Command Mode ........................................................................................29 Online Help ................................................................................................................................. 30 Related Documents ..................................................................................................................... 31 Chapter 1 - User Commands ............................................................................ 33 clear ........................................................................................................................................ 34 disconnect .............................................................................................................................. 35 enable ..................................................................................................................................... 36 exit .........................................................................................................................................37 no ........................................................................................................................................... 38 pause enable ........................................................................................................................... 39 ping ........................................................................................................................................ 40 show clock ............................................................................................................................. 41 show port ................................................................................................................................ 42 show service ........................................................................................................................... 53 show session .......................................................................................................................... 54 show subscriber ...................................................................................................................... 55 show version .......................................................................................................................... 61 ssh .......................................................................................................................................... 62 telnet ....................................................................................................................................... 63 terminal .................................................................................................................................. 646 451-0310E Chapter 2 - Superuser Commands .................................................................. 65 clear ........................................................................................................................................ 66 configuration .......................................................................................................................... 67 debug port async ppp ............................................................................................................. 68 debug snmp ............................................................................................................................ 69 debug subscriber ....................................................................................................................70 disconnect .............................................................................................................................. 71 exit .........................................................................................................................................72 logout ..................................................................................................................................... 73 no ........................................................................................................................................... 74 outlet ...................................................................................................................................... 75 outlet group ............................................................................................................................ 76 pause enable ........................................................................................................................... 77 ping ........................................................................................................................................ 78 reload ..................................................................................................................................... 79 save configuration .................................................................................................................. 80 setup ....................................................................................................................................... 81 shell ........................................................................................................................................ 82 show audit log ........................................................................................................................ 83 show broadcast group characteristics .................................................................................... 84 show broadcast group summary ............................................................................................ 85 show clock ............................................................................................................................. 86 show command log ................................................................................................................ 87 show configuration ................................................................................................................ 88 show configuration log .......................................................................................................... 89 show debug port async ppp .................................................................................................... 90 show debug subscriber ........................................................................................................... 91 show device status ................................................................................................................. 92 show device summary ............................................................................................................ 94 show interface characteristics ................................................................................................ 95 show interface port mapping .................................................................................................. 97 show interface rotary ............................................................................................................. 99 show interface status ............................................................................................................100 show interface summary ...................................................................................................... 101 show kernel log .................................................................................................................... 102 show log ............................................................................................................................... 103 show notification message ................................................................................................... 104 show notification serviceprofile ...........................................................................................105 show notification userprofile ............................................................................................... 106 show outlet group status ...................................................................................................... 107451-0310E 7 show port async apd ............................................................................................................. 108 show port async characteristics ............................................................................................ 109 show port async modem ...................................................................................................... 110 show port async pattern match characteristics .....................................................................111 show port async ppp ............................................................................................................ 112 show port async ppp status .................................................................................................. 113 show port async status ......................................................................................................... 114 show port async summary .................................................................................................... 115 show port ethernet characteristics ........................................................................................ 116 show port ethernet status ...................................................................................................... 117 show port ethernet summary ................................................................................................ 119 show radius characteristics .................................................................................................. 120 show radius status ................................................................................................................ 122 show radius summary .......................................................................................................... 124 show route ............................................................................................................................ 125 show securid characteristics .................................................................................................126 show securid status .............................................................................................................. 128 show securid summary ......................................................................................................... 129 show service ......................................................................................................................... 130 show session ........................................................................................................................ 131 show snmp characteristics ................................................................................................... 132 show snmp client ................................................................................................................. 133 show snmp v3 ...................................................................................................................... 134 show subscriber .................................................................................................................... 137 show subscriber summary .................................................................................................... 138 show system characteristics .................................................................................................139 show system ppciboot .......................................................................................................... 141 show system status ............................................................................................................... 142 show tacacs+ characteristics ................................................................................................ 144 show tacacs+ status .............................................................................................................. 146 show tacacs+ summary ........................................................................................................ 148 show users ............................................................................................................................ 149 show version ........................................................................................................................ 150 ssh ........................................................................................................................................ 151 telnet ..................................................................................................................................... 152 terminal ................................................................................................................................ 153 update ................................................................................................................................... 154 zero all .................................................................................................................................. 155 zero log ................................................................................................................................ 156 zero securid secret ................................................................................................................ 1578 451-0310E Chapter 3 - Configuration Commands ........................................................... 159 boot configuration from flash .............................................................................................. 160 boot configuration from name ............................................................................................. 161 boot configuration from network ......................................................................................... 162 broadcast group .................................................................................................................... 163 broadcast group enable ........................................................................................................ 164 clock ..................................................................................................................................... 165 copy port .............................................................................................................................. 166 copy subscriber .................................................................................................................... 167 date .......................................................................................................................................168 default boot .......................................................................................................................... 169 default configuration ............................................................................................................170 default log size ..................................................................................................................... 171 default outlet group off time ................................................................................................ 172 default tftp ............................................................................................................................ 173 domain name ........................................................................................................................ 174 end ........................................................................................................................................ 175 exit .......................................................................................................................................176 fingerd enable ...................................................................................................................... 177 gateway ................................................................................................................................ 178 hostname .............................................................................................................................. 179 interface ............................................................................................................................... 180 iptables .................................................................................................................................181 location .................................................................................................................................182 log size .................................................................................................................................183 menu ..................................................................................................................................... 184 no ......................................................................................................................................... 185 notification ........................................................................................................................... 186 ntp enable .............................................................................................................................187 ntp server address ................................................................................................................. 188 outlet group .......................................................................................................................... 189 outlet group name ................................................................................................................ 190 outlet group off time ............................................................................................................191 password .............................................................................................................................. 192 password enable ................................................................................................................... 193 port async .............................................................................................................................194 port ethernet ......................................................................................................................... 195 ppciboot address ..................................................................................................................196 ppciboot address assignment option .................................................................................... 197 ppciboot ethernet network link ............................................................................................ 198451-0310E 9 ppciboot gateway ................................................................................................................. 199 ppciboot image filename ...................................................................................................... 200 ppciboot image load from .................................................................................................... 201 ppciboot mask ...................................................................................................................... 202 ppciboot tftp server .............................................................................................................. 203 primary dns .......................................................................................................................... 204 radius period ........................................................................................................................ 205 radius primary accounting server address ............................................................................ 206 radius primary accounting server port ................................................................................. 207 radius primary accounting server retransmit ....................................................................... 208 radius primary accounting server secret .............................................................................. 209 radius primary accounting server timeout ........................................................................... 210 radius primary authentication server address ....................................................................... 211 radius primary authentication server port ............................................................................ 212 radius primary authentication server retransmit .................................................................. 213 radius primary authentication server secret ......................................................................... 214 radius primary authentication server timeout ...................................................................... 215 radius secondary accounting server address ........................................................................ 216 radius secondary accounting server port .............................................................................. 217 radius secondary accounting server retransmit .................................................................... 218 radius secondary accounting server secret ........................................................................... 219 radius secondary accounting server timeout ........................................................................ 220 radius secondary authentication server address ................................................................... 221 radius secondary authentication server port ......................................................................... 222 radius secondary authentication server retransmit ...............................................................223 radius secondary authentication server secret ...................................................................... 224 radius secondary authentication server timeout ................................................................... 225 route address ........................................................................................................................ 226 route gateway ....................................................................................................................... 227 route mask ............................................................................................................................ 228 secondary dns ....................................................................................................................... 229 securid authentication encryption ........................................................................................ 230 securid authentication port ................................................................................................... 231 securid authentication retransmit ......................................................................................... 232 securid authentication timeout ............................................................................................. 233 securid authentication version ............................................................................................. 234 securid master authentication server address ....................................................................... 235 securid master authentication server name .......................................................................... 236 securid primary authentication server address .....................................................................237 securid primary authentication server name ........................................................................ 23810 451-0310E securid slave authentication server address ......................................................................... 239 securid slave authentication server name ............................................................................. 240 service .................................................................................................................................. 241 snmp ..................................................................................................................................... 242 snmp enable ......................................................................................................................... 243 ssh enable .............................................................................................................................244 ssh v1 ................................................................................................................................... 245 ssh v2 ................................................................................................................................... 246 subscriber .............................................................................................................................247 tacacs+ period ...................................................................................................................... 248 tacacs+ primary accounting server address ......................................................................... 249 tacacs+ primary accounting server port ............................................................................... 250 tacacs+ primary accounting server retransmit .....................................................................251 tacacs+ primary accounting server secret ............................................................................ 252 tacacs+ primary accounting server timeout ......................................................................... 253 tacacs+ primary authentication server address .................................................................... 254 tacacs+ primary authentication server port .......................................................................... 255 tacacs+ primary authentication server retransmit ................................................................ 256 tacacs+ primary authentication server secret ....................................................................... 257 tacacs+ primary authentication server timeout .................................................................... 258 tacacs+ secondary accounting server address ...................................................................... 259 tacacs+ secondary accounting server port ........................................................................... 260 tacacs+ secondary accounting server retransmit .................................................................. 261 tacacs+ secondary accounting server secret ........................................................................ 262 tacacs+ secondary accounting server timeout ...................................................................... 263 tacacs+ secondary authentication server address ................................................................. 264 tacacs+ secondary authentication server port ...................................................................... 265 tacacs+ secondary authentication server retransmit ............................................................ 266 tacacs+ secondary authentication server secret ................................................................... 267 tacacs+ secondary authentication server timeout ................................................................ 268 tacacs+ superuser password request enable ......................................................................... 269 telnet enable ......................................................................................................................... 270 tftp ........................................................................................................................................ 271 timed enable ......................................................................................................................... 272 timezone ............................................................................................................................... 273 web_server enable ................................................................................................................ 274 Chapter 4 - Interface Commands ................................................................... 275 address .................................................................................................................................276 authentication fallback enable ............................................................................................. 277451-0310E 11 authentication local enable ................................................................................................... 278 authentication none .............................................................................................................. 279 authentication radius enable .................................................................................................280 authentication securid enable ............................................................................................... 281 authentication tacacs+ enable ............................................................................................. 282 broadcast .............................................................................................................................. 283 default mtu ........................................................................................................................... 284 default rotary ........................................................................................................................ 285 default ssh keepalive ............................................................................................................286 default ssh port ..................................................................................................................... 287 default telnet port ................................................................................................................. 288 end ........................................................................................................................................ 289 exit .......................................................................................................................................290 mask ..................................................................................................................................... 291 mtu .......................................................................................................................................292 no ......................................................................................................................................... 293 radius accounting enable ...................................................................................................... 294 rotary enable ........................................................................................................................ 295 rotary port ............................................................................................................................ 296 rotary ssh port ...................................................................................................................... 297 rotary tcp port ....................................................................................................................... 298 rotary type ............................................................................................................................ 299 serial ..................................................................................................................................... 300 ssh keepalive count .............................................................................................................. 301 ssh keepalive interval ........................................................................................................... 302 ssh port .................................................................................................................................303 tacacs+ accounting enable ................................................................................................... 304 telnet port .............................................................................................................................305 Chapter 5 - Asynchronous Commands ......................................................... 307 access ................................................................................................................................... 308 access power model ............................................................................................................. 309 apd enable ............................................................................................................................ 310 apd retry ............................................................................................................................... 311 apd signature ........................................................................................................................ 312 apd timeout .......................................................................................................................... 313 authentication enable ........................................................................................................... 314 authentication fallback enable ............................................................................................. 316 autobaud enable ................................................................................................................... 317 autobaud retry ...................................................................................................................... 31812 451-0310E autodial enable ..................................................................................................................... 319 autohangup enable ............................................................................................................... 320 banner ................................................................................................................................... 321 bits ........................................................................................................................................ 322 break enable ......................................................................................................................... 323 break special ........................................................................................................................ 324 connect command ................................................................................................................ 325 databuffer display ................................................................................................................ 326 databuffer size ...................................................................................................................... 327 databuffer syslog enable ...................................................................................................... 328 databuffer timestamp enable ................................................................................................ 329 default apd ............................................................................................................................ 330 default databuffer size .......................................................................................................... 331 default port ........................................................................................................................... 332 default power off time .......................................................................................................... 333 default speed ........................................................................................................................ 334 end ........................................................................................................................................ 335 exit .......................................................................................................................................336 flowcontrol ........................................................................................................................... 337 modem .................................................................................................................................338 modem enable ...................................................................................................................... 339 name ..................................................................................................................................... 340 no ......................................................................................................................................... 341 outlet name ........................................................................................................................... 342 parity .................................................................................................................................... 343 pattern match enable ............................................................................................................ 344 pattern string ........................................................................................................................ 345 power off time ...................................................................................................................... 347 ppp .......................................................................................................................................348 ppp enable ............................................................................................................................ 349 prompt .................................................................................................................................. 350 radius accounting enable ...................................................................................................... 351 signals syslog enable ............................................................................................................352 special break enable ............................................................................................................. 353 special break string .............................................................................................................. 354 speed .................................................................................................................................... 355 stopbits .................................................................................................................................356 tacacs+ accounting enable ................................................................................................... 357 telnet break string ................................................................................................................. 358 telnet negotiation enable ...................................................................................................... 359451-0310E 13 transparency enable .............................................................................................................. 360 Chapter 6 - Ethernet Commands .................................................................... 361 description ............................................................................................................................ 362 end ........................................................................................................................................ 363 exit .......................................................................................................................................364 no description ....................................................................................................................... 365 speed .................................................................................................................................... 366 Chapter 7 - Subscriber Commands ............................................................... 367 access console enable ........................................................................................................... 368 access port ............................................................................................................................ 369 access ssh enable ..................................................................................................................370 access telnet enable .............................................................................................................. 371 access web enable ................................................................................................................ 372 audit log enable .................................................................................................................... 373 backward_switch ................................................................................................................. 374 command log enable ............................................................................................................375 dedicated service ..................................................................................................................376 default access port ................................................................................................................ 377 default access remote ........................................................................................................... 378 default backward_switch ..................................................................................................... 379 default dialback retry ........................................................................................................... 380 default forward_switch ........................................................................................................ 381 default idletime .................................................................................................................... 382 default local_switch ............................................................................................................. 383 default ssh log level ............................................................................................................. 384 dialback enable .................................................................................................................... 385 dialback number ................................................................................................................... 386 dialback retry ....................................................................................................................... 387 end ........................................................................................................................................ 388 exit .......................................................................................................................................389 forward_switch .................................................................................................................... 390 idletime ................................................................................................................................ 391 local_switch ......................................................................................................................... 392 maxsubscriber ...................................................................................................................... 393 menu enable ......................................................................................................................... 394 no ......................................................................................................................................... 395 password .............................................................................................................................. 396 password enable ................................................................................................................... 39714 451-0310E pause enable ......................................................................................................................... 398 preferred service ..................................................................................................................399 prompt .................................................................................................................................. 400 security level superuser ........................................................................................................ 401 session .................................................................................................................................. 402 shell enable .......................................................................................................................... 403 ssh cipher .............................................................................................................................404 ssh key .................................................................................................................................. 405 ssh log level ......................................................................................................................... 406 telnet mode ........................................................................................................................... 407 terminal ................................................................................................................................ 408 Chapter 8 - SNMP Commands ........................................................................ 409 contact .................................................................................................................................. 410 default v3 client ................................................................................................................... 411 end ........................................................................................................................................ 412 exit .......................................................................................................................................413 get client ............................................................................................................................... 414 get client community ........................................................................................................... 415 get client version ..................................................................................................................416 location .................................................................................................................................417 log enable .............................................................................................................................418 no ......................................................................................................................................... 419 set client ............................................................................................................................... 420 set client community ............................................................................................................ 421 set client version ..................................................................................................................422 trap client .............................................................................................................................423 trap client community .......................................................................................................... 424 trap client version ................................................................................................................. 425 v3 client access context match ............................................................................................. 426 v3 client access context prefix ............................................................................................. 427 v3 client access read view .................................................................................................... 428 v3 client access security ....................................................................................................... 429 v3 client access write view .................................................................................................. 430 v3 client group security model ............................................................................................. 431 v3 client name ...................................................................................................................... 432 v3 client security community ............................................................................................... 433 v3 client security source ...................................................................................................... 434 v3 client view ....................................................................................................................... 435 v3 engine .............................................................................................................................. 436451-0310E 15 Chapter 9 - Modem Commands ...................................................................... 437 default initstring ................................................................................................................... 438 dialout number ..................................................................................................................... 439 end ........................................................................................................................................ 440 exit .......................................................................................................................................441 initstring ............................................................................................................................... 442 no ......................................................................................................................................... 443 retry ...................................................................................................................................... 444 timeout .................................................................................................................................445 type .......................................................................................................................................446 Chapter 10 - PPP Commands ......................................................................... 447 accounting enable ................................................................................................................ 448 authentication ....................................................................................................................... 449 ccp enable ............................................................................................................................ 450 default authentication ........................................................................................................... 451 default ipcp .......................................................................................................................... 452 default lcp compression .......................................................................................................453 default lcp echo failure ........................................................................................................ 454 default lcp failure limit ........................................................................................................ 455 default lcp timeout ............................................................................................................... 456 default mode client username .............................................................................................. 457 default mtu ........................................................................................................................... 458 default remote address ......................................................................................................... 459 end ........................................................................................................................................ 460 exit .......................................................................................................................................461 ipcp accept address enable ................................................................................................... 462 ipcp compression enable ...................................................................................................... 463 ipcp failure limit ................................................................................................................... 464 ipcp timeout ......................................................................................................................... 465 lcp compression enable ........................................................................................................ 466 lcp echo failure ..................................................................................................................... 467 lcp echo interval ................................................................................................................... 468 lcp failure limit ..................................................................................................................... 469 lcp timeout ........................................................................................................................... 470 local address ......................................................................................................................... 471 mode client ........................................................................................................................... 472 mode client username .......................................................................................................... 473 mode server .......................................................................................................................... 474 mtu .......................................................................................................................................47516 451-0310E no ......................................................................................................................................... 476 remote address ..................................................................................................................... 477 Chapter 11 - Menu Commands ....................................................................... 479 delete .................................................................................................................................... 480 end ........................................................................................................................................ 481 exit .......................................................................................................................................482 import ................................................................................................................................... 483 list ......................................................................................................................................... 484 no ......................................................................................................................................... 485 open ...................................................................................................................................... 486 Chapter 12 - Menu Editing Commands .......................................................... 487 control key ........................................................................................................................... 488 display .................................................................................................................................. 489 end ........................................................................................................................................ 490 entry ..................................................................................................................................... 491 entry command .................................................................................................................... 492 entry label ............................................................................................................................ 493 entry menu ........................................................................................................................... 494 exit .......................................................................................................................................495 header ................................................................................................................................... 496 list ......................................................................................................................................... 497 menu ..................................................................................................................................... 498 menu continue string ............................................................................................................ 499 menu prompt ........................................................................................................................ 500 no control key ...................................................................................................................... 501 no entry ................................................................................................................................ 502 no header .............................................................................................................................. 503 no menu continue string .......................................................................................................504 no menu prompt ................................................................................................................... 505 open ...................................................................................................................................... 506 save ...................................................................................................................................... 507 Chapter 13 - Notification Commands ............................................................ 509 end ........................................................................................................................................ 510 exit .......................................................................................................................................511 message facility .................................................................................................................... 512 message priority ................................................................................................................... 513 message string ...................................................................................................................... 514451-0310E 17 no ......................................................................................................................................... 515 serviceprofile async port ...................................................................................................... 516 serviceprofile bits ................................................................................................................. 517 serviceprofile driver ............................................................................................................. 518 serviceprofile file ................................................................................................................. 519 serviceprofile host ................................................................................................................ 520 serviceprofile modem port ................................................................................................... 521 serviceprofile parity ............................................................................................................. 522 serviceprofile port ................................................................................................................ 523 serviceprofile protocol ......................................................................................................... 524 serviceprofile server ............................................................................................................. 527 serviceprofile smsc .............................................................................................................. 528 serviceprofile stopbits .......................................................................................................... 530 userprofile contact ................................................................................................................ 531 userprofile facility ................................................................................................................ 532 userprofile priority ............................................................................................................... 533 userprofile serviceprofile ..................................................................................................... 534 Chapter 14 - Broadcast Group Commands ................................................... 535 end ........................................................................................................................................ 536 exit .......................................................................................................................................537 master port ........................................................................................................................... 538 mode ..................................................................................................................................... 539 no master port ...................................................................................................................... 540 no slave port ......................................................................................................................... 541 no slave port discard ............................................................................................................542 no slave port localecho ........................................................................................................ 543 slave port .............................................................................................................................. 544 Index ................................................................................................................. 547451-0310E 19 Figures Figure 1 - LX Command Modes ........................................................................23 Figure 2 - Clock Display ...................................................................................41 Figure 3 - Port Characteristics Screen .............................................................43 Figure 4 - Port APD Settings Screen ...............................................................46 Figure 5 - Port Modem Settings .......................................................................47 Figure 6 - Port PPP Settings Screen ................................................................48 Figure 7 - Port Status Screen (non-outlet) .......................................................50 Figure 8 - Port Status Screen (Outlet) .............................................................52 Figure 9 - Service Screen ..................................................................................53 Figure 10 - Session Screen ................................................................................54 Figure 11 - Subscriber Characteristics Screen ................................................56 Figure 12 - Subscriber Status Screen ..............................................................59 Figure 13 - TCP Settings Screen ......................................................................60 Figure 14 - Version Screen ...............................................................................61 Figure 15 - Audit Log Display ..........................................................................83 Figure 16 - Broadcast Group Characteristics Display ....................................84 Figure 17 - Broadcast Group Summary Display .............................................85 Figure 18 - Clock Display .................................................................................86 Figure 19 - Command Log Display ...................................................................87 Figure 20 - Configuration Data Display ..........................................................88 Figure 21 - Configuration Log Display ............................................................89 Figure 22 - Subscriber Debug Data ..................................................................91 Figure 23 - Device Display for An OUTLET Port ............................................92 Figure 24 - Device Display for A SENSOR Port ..............................................93 Figure 25 - Device Summary Display ..............................................................94 Figure 26 - Interface Characteristics Display .................................................95 Figure 27 - Port Mapping Display ....................................................................98 Figure 28 - Rotary Characteristics Display .....................................................99 Figure 29 - Interface Status Display ..............................................................100 Figure 30 - Interfaces Summary Display .......................................................101 Figure 31 - Kernel Log Display ......................................................................102 Figure 32 - Log Display ...................................................................................103 Figure 33 - Message Display ..........................................................................104 Figure 34 - Service Profile Display .................................................................105 Figure 35 - User Profile Display .....................................................................106 Figure 36 - Outlet Group Status Display .......................................................107 Figure 37 - Pattern Match Characteristics Display ......................................111 Figure 38 - PPP Status Display ......................................................................113 Figure 39 - Asynchronous Port Summary Data ............................................115 Figure 40 - Ethernet Port Characteristics .....................................................116 Figure 41 - Ethernet Port Statistical Information ........................................117 Figure 42 - Ethernet Summary Information .................................................119 Figure 43 - RADIUS Display ..........................................................................120 Figure 44 - RADIUS Status Display ..............................................................122 Figure 45 - RADIUS Summary Display .........................................................12420 451-0310E Figure 46 - Route Display ...............................................................................125 Figure 47 - SecurID Characteristics Display .................................................126 Figure 48 - SecurID Status Display ...............................................................128 Figure 49 - SecurID Summary Display ..........................................................129 Figure 50 - Service Screen ..............................................................................130 Figure 51 - SNMP Characteristics Display ...................................................132 Figure 52 - SNMP Client Display ..................................................................133 Figure 53 - V3 Display ....................................................................................134 Figure 54 - Subscriber Summary Display .....................................................138 Figure 55 - System Display ............................................................................139 Figure 56 - ppciboot Configured Load Settings Display ...............................141 Figure 57 - System Status Display .................................................................142 Figure 58 - TACACS+ Display .......................................................................144 Figure 59 - TACACS+ Status Display ............................................................146 Figure 60 - TACACS+ Summary Display ......................................................148 Figure 61 - Users Screen .................................................................................149 Figure 62 - Version Screen .............................................................................150451-0310E 21 Preface This guide describes the purpose, syntax, and options of each of the LX commands. This guide is organized as follows: • Chapter 1 – Describes the User commands. • Chapter 2 – Describes the Superuser commands. • Chapter 3 – Describes the Configuration commands. • Chapter 4 – Describes the Interface commands. • Chapter 5 – Describes the Asynchronous commands. • Chapter 6 – Describes the Ethernet commands. • Chapter 7 – Describes the Subscriber commands. • Chapter 8 – Describes the SNMP commands. • Chapter 9 – Describes the Modem commands. • Chapter 10 – Describes the PPP commands. • Chapter 11 – Describes the Menu commands. • Chapter 12 – Describes the Menu Editing commands. • Chapter 13 – Describes the Notification commands. • Chapter 14 – Describes the Broadcast Group commands.Preface 22 451-0310E Conventions The following conventions are used throughout this guide: • Command execution – Unless otherwise specified, commands are executed when you press . • Command syntax – Where command options or command syntax are shown, keywords and commands are shown in lowercase letters. • Keyboard characters (keys) – Keyboard characters are represented using left and right angle brackets (< and >). For example, the notation refers to the CTRL key; refers to the letter A; and refers to the RETURN key. • Typographical conventions – The following typographical conventions are used: Monospace Typeface – indicates text that can be displayed or typed at a terminal (i.e., displays, user input, messages, prompts, etc.). italics – are used to indicate variables in command syntax descriptions. Using the Function Keys The LX Command Line Interface (CLI) supports the following function keys: • Tab key – Completes a partially typed command. For example, if you type the tab key after you type show ve at the Superuser command prompt, the show version command will be executed. • Up arrow – Recalls the last command. • Ctrl-F – Moves forward to the next session. • Ctrl-B – Moves back to the previous session. • Ctrl-L – Returns you to the Local Command Mode. NOTE: You must press the Enter key after you type Ctrl-F, Ctrl-B, or Ctrl-L.451-0310E 23 Preface Navigating the LX Command Line Interface (CLI) The LX CLI is structured as a set of nested command modes. Each command mode is used to implement a group of related features or functions. Figure 1 (below) lists the command modes in the LX CLI. Figure 1 - LX Command Modes Each command mode has its own command prompt (e.g., Config:0 >>) and its own set of commands. Type a question mark (?) (or press the Tab key) at any of the LX CLI command prompts to display the commands that can be executed in the current command mode. For example, type a question mark at the Menu :0 >> prompt to display the commands that can be executed in the Menu command mode. Configuration Notification Interface Broadcast Group Subscriber SNMP Menu User Superuser Enter “enable” command and login to Superuser command mode Cconfiguration Nnotification Mmenu Ssnmp Ssubscriber Iinterface Ibroadcast group PPP Modem Ethernet Asynchronous Pppp Mmodem Pport ethernet Pport async Oopen Menu EditingPreface 24 451-0310E Except for the User command mode, each command mode is nested in a previous command mode. (The User command mode is the basic command mode of the LX CLI; you are in the User command mode when you log in to the LX unit.) For example, the Superuser command mode is nested in User command mode; the Configuration command mode is nested in the Superuser command mode, and so on. To enter a nested command mode, you must enter the appropriate command from the previous command mode. For example, to enter the Configuration command mode you must enter the configuration command from the Superuser command mode. You can use the exit command to return to the previous command mode. For example, you would enter the exit command in the Configuration command mode to return to the Superuser command mode. The rest of this section describes the LX command modes and the commands that are used to access each of them. User Command Mode When you log on to the LX unit, you are in the User command mode. This is indicated by the User command prompt (e.g., InReach:0 >). The User command mode includes commands for doing the following: • Managing your LX session and terminal. • Pinging remote hosts. • Connecting to remote hosts via SSH and Telnet. • Displaying your subscriber-specific information. • Accessing the Superuser command mode. Refer to “User Commands” on page 33 for detailed information on the commands that you can execute in the User Command Mode.451-0310E 25 Preface Superuser Command Mode The Superuser command prompt (e.g., InReach:0 >>) is displayed when you are in the Superuser command mode. You can access the Superuser command mode by executing the enable command in the User command mode (see “enable” on page 36). In the Superuser command mode, you can perform all of the tasks that you can perform in User command mode, as well as the following: • Manage the LX unit. • Display global information for the LX unit. • Access the Linux shell. • Access the Configuration command mode. Refer to “Superuser Commands” on page 65 for detailed information on the commands that you can execute in the Superuser Command Mode. Configuration Command Mode The Configuration command prompt (e.g., Config:0 >>) is displayed when you are in the Configuration command mode. You can access the Configuration command mode by executing the configuration command in the Superuser command mode (see “configuration” on page 67). In the Configuration command mode, you can perform such tasks as the following: • Specify the server-level configuration of the LX unit. The server-level configuration includes the Superuser password and settings for ppciboot, RADIUS, the Network Time Protocol (NTP), and all other server-level features. • Access the Asynchronous command mode. • Access the Ethernet command mode. • Access the Interface command mode.Preface 26 451-0310E • Access the Menu command mode. • Access the Notification command mode. • Access the SNMP command mode. • Access the Subscriber command mode. Refer to “Configuration Commands” on page 159 for detailed information on the commands that you can execute in the Configuration Command Mode. Asynchronous Command Mode The Asynchronous command prompt (e.g., Async 4-4:0 >>) is displayed when you are in the Asynchronous command mode. You can access the Asynchronous command mode by executing the port async command in the Configuration command mode (see “port async” on page 194). In the Asynchronous command mode, you can do the following: • Configure asynchronous port settings such as access methods, APD settings, autobaud, autodial, flow control, and inbound and outbound authentication. • Access the PPP command mode. • Access the Modem command mode. Refer to “Asynchronous Commands” on page 307 for detailed information on the commands that you can execute in the Asynchronous Command Mode. Ethernet Command Mode The Ethernet command prompt (e.g., Ether 1-1:0 >>) is displayed when you are in the Ethernet command mode. You can access the Ethernet command mode by executing the port ethernet command in the Configuration command mode (see “port ethernet” on page 195). In the Ethernet command mode, you can configure Ethernet port descriptions and the duplex mode and speed of Ethernet ports. Refer to “Ethernet Commands” on page 361 for detailed information on the commands that you can execute in the Ethernet Command Mode.451-0310E 27 Preface PPP Command Mode The PPP command prompt (e.g., PPP 4-4:0 >>) is displayed when you are in the PPP command mode. You can access the PPP command mode by executing the ppp command in the Asynchronous command mode (see “ppp” on page 348). In the PPP command mode, you can configure the Point-to-Point Protocol (PPP) for asynchronous ports. Some of the settings that you can configure include accounting, authentication, IPCP parameters, and LCP parameters. Refer to “PPP Commands” on page 447 for detailed information on the commands that you can execute in the PPP Command Mode. Modem Command Mode The Modem command prompt (e.g., Modem 4-4:0 >>) is displayed when you are in the Modem command mode. You can access the Modem command mode by executing the modem command in the Asynchronous command mode (see “modem” on page 338). In the Modem command mode, you can configure external modems for asynchronous ports. Some of the settings that you can configure include DTRWAIT, dialout, and the modem initialization string. Refer to “Modem Commands” on page 437 for detailed information on the commands that you can execute in the Modem Command Mode. Subscriber Command Mode The Subscriber command prompt (e.g., Subs_mark >>) is displayed when you are in the Subscriber command mode. You can access the Subscriber command mode by executing the subscriber command in the Configuration command mode (see “subscriber” on page 247). In the Subscriber command mode, you can provision subscribers of the LX unit. Some of the subscriber settings include function keys, Telnet settings, and security settings. Refer to “Subscriber Commands” on page 367 for detailed information on the commands that you can execute in the Subscriber Command Mode.Preface 28 451-0310E SNMP Command Mode The SNMP command prompt (e.g., Snmp:0 >>) is displayed when you are in the SNMP command mode. You can access the SNMP command mode by executing the snmp command in the Configuration command mode (see “snmp” on page 242). In the SNMP command mode, you can configure the SNMP settings for an LX unit. Refer to “SNMP Commands” on page 409 for detailed information on the commands that you can execute in the SNMP Command Mode. Interface Command Mode The Interface command prompt (e.g., Intf 1-1:0 >>) is displayed when you are in the Interface command mode. You can access the Interface command mode by executing the interface command in the Configuration command mode (see “interface” on page 180). In the Interface command mode, you can configure interfaces for the LX unit. Some of the settings that you can configure include the IP settings, MTU, and IP Rotaries for the interface, as well as SSH and Telnet settings. Refer to “Interface Commands” on page 275 for detailed information on the commands that you can execute in the Interface Command Mode. Menu Command Mode The Menu command prompt (e.g., Menu :0 >>) is displayed when you are in the Menu command mode. You can access the Menu command mode by executing the menu command in the Configuration command mode (see “menu” on page 184). In the Menu command mode, you can delete, import, and display menus and access the Menu Editing command mode. Refer to “Menu Commands” on page 479 for detailed information on the commands that you can execute in the Menu Command Mode.451-0310E 29 Preface Menu Editing Command Mode The Menu Editing command prompt (e.g., mark-1:0 >>) is displayed when you are in the Menu Editing command mode. You can access the Menu Editing command mode by executing the open command in the Menu command mode (see “open” on page 486). In the Menu Editing command mode, you can create and modify menus. Refer to “Menu Editing Commands” on page 487 for detailed information on the commands that you can execute in the Menu Editing Command Mode. Notification Command Mode The Notification command prompt (e.g., Notification:0 >>) is displayed when you are in the Notification command mode. You can access the Notification command mode by executing the notification command in the Configuration command mode (see “notification” on page 186). In the Notification command mode, you can configure the sending of accounting log messages to pagers, email addresses, SNMP trap clients, local files, remote hosts, syslogd, and asynchronous ports. Refer to “Notification Commands” on page 509 for detailed information on the commands that you can execute in the Notification Command Mode. Broadcast Group Command Mode The Broadcast Group command prompt (e.g., BrGroups 6:0 >>) is displayed when you are in the Broadcast Group command mode. You can access the Broadcast Group command mode by executing the broadcast group command in the Configuration command mode (see “broadcast group” on page 163). In the Broadcast Group command mode, you can configure a Broadcast Group. A Broadcast Group consists of Slave Ports and Master Ports. The Slave Ports receive data broadcasts from the Master Ports, or vice versa. Refer to “Broadcast Group Commands” on page 535 for detailed information on the commands that you can execute in the Broadcast Group Command Mode.Preface 30 451-0310E Online Help The question mark character (?), and the Tab key, are used to display online help in the LX Command Line Interface (CLI). The following guidelines will help you to navigate the online help system: • Type the ? character (or press the Tab key) at the command prompt in any command mode to display the first keyword of each command that can be executed in that command mode. For example, the following is displayed when you type the ? character at the User mode command prompt: User Commands: clear Clear screen and reset terminal line disconnect Disconnect session enable Turn on privileged commands exit Exits and disconnects user no Negate pause Pause enable ping Send echo messages show Show running system information ssh Secured Shell (Triple-DES/Blowfish) telnet Open a telnet connection terminal Set the terminal type • Type the ? character (or press the Tab key) after the displayed keyword to list the options for that keyword. For example, type show? to list the options of the show keyword. You could then type show port? to list the next item in the syntax of the show port command.451-0310E 31 Preface Related Documents For detailed information on the LX commands, refer to the LX-Series Configuration Guide (P/N 451-0311B). For more information on the LX hardware, refer to Getting Started with the LX Series (P/N 451-0308E). The LX Quick Start Instructions (P/N 451-0312F) describes how to get the LX unit up and running.Preface 32 451-0310E451-0310E 33 Chapter 1 User Commands The User commands are executed in the User command mode. The User command mode is in effect immediately upon logging in to the LX unit. The User Command prompt indicates that the LX unit is in the User command mode. The format of the User command prompt is as follows: : > where is the username that was entered at the Login: prompt. is the session number of the current connection. For example, in the InReach:0 > prompt, the username is InReach and the session number is 0. The rest of this chapter describes the commands that you can enter in the User command mode.34 451-0310E Clear the screen and removes any user input from the command buffer. Syntax clear Example clear clear451-0310E 35 Disconnects a session to the LX unit. NOTE: You can not use this command to disconnect the current session. For example, you can not use this command to disconnect session 0 when you are logged in to session 0. Syntax disconnect NUMBER|all Where Means Examples disconnect 3 disconnect all disconnect NUMBER The session number of the session that is to be disconnected. all Disconnect all sessions other than the session from which this command is executed.36 451-0310E Displays a password prompt for logging into Superuser mode. When you are logged into Superuser mode, you can execute the Superuser commands. Refer to “Superuser Commands” on page 65 for more information on the Superuser commands. Syntax enable Usage Guidelines When you execute the enable command, the Password: prompt is displayed: To enter Superuser mode, you must enter a Superuser password at the Password: prompt. The default Superuser password is system. The Superuser prompt is displayed when you are in Superuser mode. The Superuser prompt is in the following format: : >> where is the username that was entered at the Login: prompt. is the session number of the current connection. For example, in the InReach:0 >> prompt, the username is InReach and the session number is 0. Example enable enable451-0310E 37 When the exit command is executed in User Mode, it exits the LX CLI and closes the connection to the LX unit. Syntax exit Usage Guidelines The exit command can be issued in all of the LX Command Modes. However, the effect of the exit command varies, depending on the mode from which it is issued. As noted above, issuing the exit command in User Mode exits the LX CLI and closes the connection to the LX unit. Issuing the exit command in any mode other than User returns the user to the previous command mode. For example, issuing the exit command in Superuser Mode returns the user to User Mode; issuing the exit command in Configuration Mode returns the user to Superuser Mode, and so on. Example exit exit38 451-0310E Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the User mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the User command mode and are currently enabled. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no pause no feature_name The name of the feature or boolean parameter that is to be disabled.451-0310E 39 Configures the screen to pause after displaying the number of lines specified in the “lines/screen” value for the terminal. Syntax pause enable Example pause enable pause enable40 451-0310E Sends a series of 4 echo messages to a destination host. Syntax ping [A.B.C.D|NAME] Where Means Usage Guidelines If a destination host is not specified, the echo message is sent to the default destination host which is your Preferred Service. Refer to the preferred service command on page 399 for information on configuring a Preferred Service. If the ping command is executed without a destination host, and you do not have a Preferred Service configured, the following error message is displayed: No Preferred Service Configured Examples ping 119.20.112.3 ping ping FinanceServer ping A.B.C.D The IP Address of the destination host. (See “Usage Guidelines” (below) for the default value of this field.) NAME The domain name of the destination host. (See “Usage Guidelines” (below) for the default value of this field.)451-0310E 41 Displays the day, date, time, and timezone for the LX unit. Syntax show clock Example show clock Figure 2 shows an example of the clock display. Figure 2 - Clock Display show clock Mon, 24 Mar 2003 14:39:16 UTC42 451-0310E Displays the user-level port information for the LX port where you are connected. NOTE: You cannot execute this command on a virtual port or on the DIAG port (port 0). NOTE: You must be in Superuser Mode to display port information for ports other than the one where you are connected. Refer to Chapter 2 for more information on the Superuser show port commands. Syntax show port characteristics|apd|modem|ppp|status Where Means Examples show port characteristics show port apd show port modem show port ppp show port status show port characteristics Displays general port characteristics. Refer to “Port Characteristics” on page 43 for descriptions of the general port characteristics. apd Displays the port APD settings. Refer to “Port APD Settings” on page 46 for descriptions of the port APD settings. modem Displays the port Modem settings. Refer to “Port Modem Settings” on page 47 for descriptions of the port Modem settings. ppp Displays the port PPP settings. Refer to “Port PPP Settings” on page 48 for descriptions of the port PPP settings. status Displays the port status information. Refer to “Port Status Display” on page 50 for descriptions of the port status information.451-0310E 43 Port Characteristics Figure 3 shows an example of the Port Characteristics screen. Figure 3 - Port Characteristics Screen show port (continued) Time: Mon 24 Mar 2003 19:10:43 Banner: Welcome to MRV Communications, In-Reach Product Division. Port Number: 5 Transparent Mode: Enabled Access: Databuffer Flow Control: Xon Port Name: N/A Stop Bits: 1 Port Type: Physical Parity: None Device Name: /dev/pts/4 Bits per Character: 8 Port Prompt String: login Autobaud: Disabled Break: Enabled Auto Dial: Disabled Special Break String: 1234 Autobaud Retry: 5 Telnet Negotiations: Disabled Autohangup: Disabled Telnet Cr filter: N/A Radius Accounting: Disabled Inbound Authentication: Disabled Tacacs+ Accounting: Disabled Outbound Authentication: Disabled Data Buffer Size: 1024 Authentication FallBack: Disabled Data Buffer Display: Disabled Data Buffer Time Stamp: Enabled Data Buffer Syslog: Enabled Connect Command: export MYPALMDIR=/root/palm Field Description Time The date and time that the show port characteristics command was executed. Banner The version of LX software that is running on the LX unit. Port Number The port at which you are logged in. Access The type of access the port can have to a service node, and/or the type of access other interactive users and service nodes can have to the port. The possible values are: Dynamic, Local, Remote, Databuffer, Power, or Sensor. Port Name An ASCII string that is typically used to identify the port that is displayed in this screen. Port Type The port Type. The possible values are Serial, Ethernet, and Virtual. Device Name The device name of the port. Port Prompt String The prompt that is displayed when a user logs in to this port. If this is a custom prompt, this field will contain the custom prompt. If this is the default login prompt, this field will contain “login”. Break The action the port will take when the user presses the BREAK key. The possible values are Enabled or Disabled. Special Break String The unique break string for the port.44 451-0310E show port (continued) Telnet Negotiations Indicates whether Telnet Negotiations are Enabled or Disabled. Telnet CR Filter Indicates the filtering for carriage returns in Telnet sessions. Inbound Authentication Indicates whether inbound authentication is Enabled or Disabled on the port. Outbound Authentication Indicates whether outbound authentication is Enabled or Disabled on the port. Authentication Fallback Indicates whether users can log in by Fallback if the authentication server (RADIUS or TACACS+) is unreachable. The possible settings of this field are Enabled and Disabled. Data Buffer Time Stamp Indicates whether the Data Buffer Timestamp feature is Enabled or Disabled. Connect Command The command, or commands, that are executed when a connection to the port is made. Transparent Mode Indicates whether Transparent Mode is Enabled or Disabled on the port. Flow Control The flow control ("handshaking") method used by the serial interface to control data transfer between the LX port and the device connected to the port. The possible values are XON, CTS, and NONE (disabled). The default value is XON. Stop Bits The number of stop bits used to maintain synchronization of data. The possible values are 1 or 2. Parity The method by which the LX unit and the device connected to the port check for single-bit errors in characters transmitted or received by the port. (This is called a parity check because the device provides an extra bit, called a parity bit, for error checking.) The possible values are EVEN, NONE, and ODD, and the default value is NONE. Bits per Character The number of bits per character for data characters that are transmitted or received over the serial connection between the LX port and the device connected to the port. The possible values are 7 or 8 bits. The default value is 8. Autobaud Indicates whether Autobaud is enabled or disabled on the port. If Autobaud is enabled, the port will attempt to determine the speed of incoming connections. Auto Dial Indicates whether Auto Dial is Enabled or Disabled for the port. Auto Dial consists of the Dialback and Dialout features. Autobaud Retry The number of times that the LX port will attempt to determine the speed of an incoming connection.451-0310E 45 show port (continued) Autohangup Indicates whether the port will log out when the last session is terminated. The allowable values are Enabled and Disabled. RADIUS Accounting Shows the current status of RADIUS accounting. The valid values are Enabled or Disabled. TACACS+ Accounting Shows the current status of TACACS+ accounting. The valid values are Enabled or Disabled. Data Buffer Size The size, in bytes, of the port data buffer. Data Buffer Display Indicates whether the contents of the databuffer will be displayed when the user logs into the port. The allowable values are Enabled and Disabled. Data Buffer Syslog Indicates whether the Data Buffer syslog feature is Enabled or Disabled.46 451-0310E Port APD Settings Figure 4 shows an example of the Port APD Settings screen. Figure 4 - Port APD Settings Screen show port (continued) Time: Mon 24 Mar 2003 12:50:42 UTC Banner: MRV Communication Linux 2.4.9.8 Rel 0.0.34 Device Name: /dev/pts/0 Port Number: 5 Apd Feature: Enabled Apd Timeout: 0 Apd Signature: 414141 Port Name: Port_1 Apd Retry: 0 Port Type: Physical Field Description Time The date and time that the show port characteristics command was executed. Banner The field identifies the release of Linux and the version of the LX software that is running on the LX unit. Device Name The port name. Apd Feature Shows whether Automatic Protocol Detection (APD) is Enabled or Disabled on this port. Apd Signature The signature of the expected protocol. Apd Retry The number of retries that remote hosts can have after they fail to make an APD connection on the first try. Apd Timeout The length of time, in seconds, that the port can spend in an attempt to determine which protocol is being used to make a connection. Port Type The port Type. The possible values are Serial, Ethernet, and Virtual. Port Number The port at which you are logged in. Port Name The name of the LX port.451-0310E 47 Port Modem Settings Figure 5 shows an example of the Port Modem Settings screen. Figure 5 - Port Modem Settings show port (continued) Time: Mon 24 Mar 2003 12:50:42 UTC Banner: MRV Communication Linux 2.4.9.8 Rel 0.0.34 Device Name: /dev/pts/0 Port Number: 7 Port Type: Virtual Port Name: N/A Modem Control: Disabled Modem Timeout: 40 Modem Retry: 6 Modem Dial Type: N/A Modem Dialout Num.: 19785558371 Modem Init String: AT S7=45 S0=1 L1 V1 X4 &C1 &1 Q0 &S1 Field Description Time The date and time that the show port characteristics command was executed. Banner The field identifies the release of Linux and the version of the LX software that is running on the LX unit. Device Name The port name. Port Type The port Type. The possible values are Serial, Ethernet, and Virtual. Modem Control Shows whether the PPP modem feature is Enabled or Disabled on this port. Modem Retry The number of times the LX unit attempts to connect to the remote modem. Modem Dialout Num. The telephone number that the modem will dial for a dialout connection. Modem Init String A configuration string that is sent to the remote modem. Port Number The Port Number. Port Name A text string that typically identifies the modem port. Modem Timeout The length of time that the remote modem has to respond to the LX unit. Modem Dial Type Indicates whether the Modem Type for the port is Dial In or Dial Out.48 451-0310E Port PPP Settings Figure 6 shows an example of the PPP Settings screen. Figure 6 - Port PPP Settings Screen show port (continued) Time: Mon 24 Mar 2003 19:08:19 UTC Port Device: /dev/pts/2 Port Number: N/A PPP Feature: Disabled PPP Debug: Disabled PPP Mode: Server Passive PPP MTU: 1400 PPP Authent: None PPP Authent. Retry: 3 PPP Port Type: Physical PPP Authent. Timeout: 60 PPP Local IP Address: 0.0.0.0 PPP Remote IP Address: 0.0.0.0 PPP LCP Compress.: Enabled PPP IPCP Compress.(VJ): Enabled PPP LCP Failure Limit: 10 PPP IPCP Failure Limit: 10 PPP LCP Echo Failure Limit: 0 PPP IPCP Timeout: 4 PPP LCP Echo Interval: 0 PPP IPCP Accept Remote: Disabled PPP LCP Timeout: 4 PPP IPCP Accept Local: Disabled PPP CCP: Enabled PPP Accounting: Disabled Port Name: N/A Client Mode Username: N/A Client Mode PAP Secret: N/A Client Mode CHAP Secret: N/A Field Description Port Device The port name. PPP Feature Indicates whether the Point-to-Point Protocol (PPP) is Enabled or Disabled on the port. PPP Mode Indicates the PPP Mode for the port. The possible values are Client, Server Active, or Server Passive. PPP Authent The PPP Authentication method for the port. The allowable values are PAP, CHAP, and None. PPP Port Type The PPP port type. PPP Local IP Address The IP Address assigned to the port. PPP Remote IP Address The IP address of the remote device that the port will attempt to negotiate when the remote device does not specify an Internet address on its own. PPP LCP Compress Indicates whether the use of LCP compression is Enabled or Disabled over the PPP link. PPP LCP Failure Limit The number of attempts at LCP option negotiation that can be made by the port.451-0310E 49 show port (continued) PPP LCP Echo Failure Limit The interval between the sending of LCP echo requests. PPP LCP Timeout The length of time that the port has for LCP option negotiation. PPP CCP Indicates whether the PPP Compression Control Protocol (CCP) is Enabled or Disabled for the port. Port Name The name of the PPP port. Client Mode Username The username for the PAP client. Client Mode PAP Secret The PAP authentication secret for the PPP client. Client Mode CHAP Secret The CHAP authentication secret for the PPP client. Port Number The port at which you are currently logged in. PPP Debug Indicates whether PPP debugging is Enabled or Disabled on the port. PPP MTU The Maximum Transmission Unit (MTU) for PPP links on the port. PPP Authent. Retry The number of times that the port can attempt to authenticate a PPP link. PPP Authent. Timeout The length of time that the port has to authenticate a PPP link. PPP IPCP Compress. Indicates whether the use of Van Jacobson (VJ) compression is Enabled or Disabled over the PPP link. PPP IPCP Failure Limit The number of attempts at IPCP option negotiation that can be made by the port. PPP IPCP Timeout The length of time that the port has for IPCP option negotiation. PPP IPCP Accept Remote Indicates whether the port is configured to accept or reject the negotiation of remote addresses. If the value is Enabled, the port is configured to accept the negotiation of remote addresses. If the value is Disabled, the port is configured to reject the negotiation of remote addresses. PPP IPCP Accept Local Indicates whether the port is configured to accept or reject the negotiation of local addresses. If the value is Enabled, the port is configured to accept the negotiation of local addresses. If the value is Disabled, the port is configured to reject the negotiation of local addresses. PPP Accounting Indicates whether PPP accounting is Enabled or Disabled on the port.50 451-0310E Port Status Display Figure 7 shows an example of the port status screen for non-outlet ports. Figure 7 - Port Status Screen (non-outlet) show port (continued) Time: Mon 24 Mar 2003 13:19:01 UTC Port Device: /dev/ttyGN8 Port Number: 8 Remote Partner Host IP Address: 0.0.0.0 Locally Connected by IP Address: 0.0.0.0 Autobaud: Enabled Speed: 9600 Port Lock Status: In Use Port Name: Port_8 Transmit Bytes: 137260 Receive Bytes: 8728 Frame Errors: 0 Overrun Errors: 0 Parity Errors: 0 Break Signals: 2 Buffer Overruns: 0 IRQ Number: 4 Last Transmit Char: 0x0 Last Receive Char: 0x0 Input Signals: Output Signals: CTS= Up RTS= Up DSR= Up DTR= Up Field Description Port Device The name of the port. Remote Partner Host IP Address If the port is connected to a remote host, the IP Address of the remote host appears in this field. Locally Connected by IP Address If the port is locally connected to a host, the IP Address of the LX unit, or the rotary address for the port, appears in this field. Autobaud Indicates whether Autobaud is enabled or disabled on the port. If Autobaud is enabled, the port will attempt to determine the speed of incoming connections. Port Lock Status Indicates whether or not the port is locked. Transmit Bytes The number of bytes transmitted on the port since the counters were last reset to zero. Frame Errors The number of bytes received at the port with illegally formatted frames, since the counter was reset to zero. Frequent framing errors (more than 20 per day for a terminal; 200 per day for a modem) may indicate a problem with the port or the device attached to the port, or mismatched settings between the port and the data received from the attached serial device.451-0310E 51 show port (continued) Parity Errors The number of bytes received at the port with parity errors, since the counters were reset to zero. Frequent parity errors (more than 20 per day for a terminal; 200 per day for a modem, due to line noise) may indicate a problem with the port or the device attached to the port, or mismatched settings between the port and the device connected to the port. Buffer Overruns The number of times characters were lost because the LX unit input buffers were full, since the counters were reset to zero. Buffer overruns indicate that there may be a flow control problem, such as mismatched flow control methods, between the port and the device connected to the port. Last Transmit Char The last character transmitted on the port. Input Signals The status of the port CTS and DSR signals. Port Number The port number of the asynchronous port. Time The day, date, and time of the LX system clock. Speed The port speed. Port Name The name of the asynchronous port. Receive Bytes The number of bytes received on the port since the counters were last reset to zero. Overrun Errors The number of port overrun errors since the counters were last reset to zero. Break Signals The number of break signals since the counters were last reset to zero. IRQ Number The IRQ Number for the port. Last Receive Char The last character received on the port. Output Signals The status of the port RTS and DTR signals.52 451-0310E Figure 8 shows an example of the port status screen for outlet ports. Figure 8 - Port Status Screen (Outlet) show port (continued) Time: Mon 24 Mar 2003 20:05:47 Device Number: 4 Device Type: IR5150 Model Name: N/A Total Outlet Strip Load: 0.25 Outlet Minimum Off Time: 15 Outlet Name State Load Assigned Groups 1 plug1 On N/A 1 4 13 2 plug2 On N/A 1 6 10 3 plug3 On N/A 1 7 4 plug4 On N/A 1 5 plug5 On N/A 2 4 6 plug6 On N/A 2 7 plug7 On N/A 2 8 plug8 On N/A 2 9 plug9 On N/A 3 4 10 plug10 On N/A 3 11 plug11 On N/A 3 12 plug12 On N/A 3 13 plug13 On N/A 4 5 14 plug14 On N/A 4 5 15 plug15 On N/A 4 5 16 plug16 On N/A 5 Field Description Device Identifies the type of Power Control unit. Model Name The Model Name of the Power Control unit. Total Outlet Strip Load The total load for the Power Control unit. Outlet Minimum Off Time The minimum time that outlets in this Power Control unit must remain off after they are turned off with the outlet or outlet group command. Outlet The Outlet Number of an outlet. Name The descriptive name of an outlet. State The ON or OFF state of the outlet. Load The load on the outlet. Assigned Groups The outlet groups to which the outlet is assigned.451-0310E 53 Displays the names and addresses of the available services. Syntax show service Example show service Figure 9 shows an example of the Service screen. Figure 9 - Service Screen show service Mon, 08 Apr 2002 13:14:40 UTC Service Name IP Address dewey 123.123.1.1 huey 123.123.1.2 Field Description Service The name of an available service or server/host. IP Address The IP Address of the available service54 451-0310E Displays information about your opened connections, including opened sessions to services or hosts on the network, as well as CLI sessions opened on the port. Syntax show session Where Means Example show session 3 Figure 10 shows an example of the Session screen. Figure 10 - Session Screen show session session_number The session number of an opened connection. Number Device Program Pid Time Status 3 /dev/pts/1 cli 8384 2589 * Field Description Number The Session Number. The possible values are 1, 2, 3, or 4. Device The Linux port name. Program The program running on the LX unit. Pid The Process ID for the session. Time The time elapsed since the start of the session. Status Indicates whether the displayed session is the active session. An asterisk (*) means that the displayed session is the active session. An hyphen (-) means that the displayed session is not the active session.451-0310E 55 Displays your subscriber information. Syntax show subscriber characteristics|status|tcp Where Means Examples show subscriber characteristics show subscriber status show subscriber tcp show subscriber characteristics Displays your subscriber characteristics. Refer to “Subscriber Characteristics” on page 56 for descriptions of the subscriber characteristics. status Displays your subscriber status information. Refer to “Subscriber Status” on page 59 for descriptions of the status information for subscribers. tcp Displays your subscriber TCP settings. Refer to “Subscriber TCP Settings” on page 60 for descriptions of your subscriber TCP settings.56 451-0310E Subscriber Characteristics Figure 11 shows an example of the Subscriber Characteristics screen. Figure 11 - Subscriber Characteristics Screen show subscriber (continued) Subscriber Name: demo Security: Superuser User Prompt: Demo Preferred Service: Dedicated Service: Command Logging: Disabled User Password: Disabled Maximum Connections: 50 Maximum Sessions: 4 Shell : Disabled Screen Pause: Enabled Debug Feature: Disabled Debug File: /tmp/D_demo Idle Timeout: 0 Session Timeout: 0 Menu Feature: Disabled Menu Name: /config/M_demo Forward Switch: ^F Local Switch: ^L Backward Switch: ^B Dialback Feature: Disabled Dialback Retry: 4 Dialback Number: Dialback Timeout: 45 Audit Feature: Disabled Port Access list: 1-8 Remote Access list: Telnet Ssh Web_Server Field Description Subscriber Name The name under which the subscriber is logged in. Security The level of security that the subscriber has. The possible values are None and Superuser. Preferred Service The service to which the subscriber will be connected when the subscriber makes a connect request without specifying a service. Command Logging Indicates whether the Command Logging Feature is Enabled or Disabled for the subscriber. Maximum Connections The maximum number of concurrent connections that the subscriber can have to the LX unit. Shell Indicates whether the Shell mode is Enabled or Disabled for this subscriber. Debug Feature Shows whether the Debug feature is enabled for this user. The allowable values are Enabled and Disabled. Idle Timeout The length of time that the subscriber can go without entering keyboard data before she is logged out. Menu Feature Indicates whether a menu will be displayed when the subscriber successfully logs in to the LX unit. The allowable values are Enabled and Disabled. Note: If this feature is Enabled, a Menu Name must be specified for the user. For more information, refer to the Menu Name field (below).451-0310E 57 show subscriber (continued) Forward Switch The keyboard character that the subscriber types to switch to the next session. Backward Switch The keyboard character that the subscriber types to switch to the previous session. Dialback Retry The number of times that the modem on the LX unit can attempt to answer a dialback call. Dialback Timeout The length of time that the modem can spend attempting to make a modem connection. Port Access List The LX ports that the user can access. Remote Access List The methods that the user can use to make remote connections. User Prompt The subscriber-specific field of the subscriber User prompt. For example, for a subscriber prompt of InReach:0 >, the subscriberspecific field is InReach. Dedicated Service The service to which the subscriber is permanently assigned. User Password Indicates whether or not the subscriber must enter a password when he logs in to the account. If the value of this field is Enabled, the subscriber must enter a password when logging in to this account. If the value of this field is Disabled, the subscriber does not enter a password when logging in to this account. Maximum Sessions The maximum number of concurrent sessions allowed for the subscriber. Screen Pause Indicates whether or not the screen is enabled to pause after 26 lines of output are displayed. Debug File Shows the location and filename of the Debug file for this subscriber on the LX unit. Session Timeout Indicates the maximum length of time for a subscriber session. The allowable values are 0 through 65535. A value of 0 means that there is no limit to the length of a subscriber session. Menu Name Shows the location and filename of the subscriber menu on the LX unit. Local Switch The keyboard character that the subscriber types to return to the local command mode. Audit Feature Indicates whether the Audit feature is Enabled or Disabled.58 451-0310E show subscriber (continued) Dialback Feature Indicates whether or not the subscriber requires a dialback script in order to be logged in. (The dialback script contains commands that cause a modem to dial a designated telephone number.) The allowable values are Enabled and Disabled. Dialback Number The telephone number that the LX modem will dial when the subscriber makes a Dialback call to the LX unit.451-0310E 59 Subscriber Status Figure 12 shows an example of the Subscriber Status screen. Figure 12 - Subscriber Status Screen show subscriber (continued) Time: Mon, 08 Apr 2002 14:39:16 UTC Subs. Name: InReach Number of Connections: 1 Configured TermType: ANSI Session Mode: Normal Field Description Subs. Name The name under which the subscriber is logged in. Configured TermType The terminal type that is configured for the subscriber. Session Mode The Telnet binary option for the subscriber session. Number of Connections The number of connections that the subscriber currently has to the LX unit.60 451-0310E Subscriber TCP Settings Figure 13 shows an example of the TCP Settings screen. Figure 13 - TCP Settings Screen show subscriber (continued) Time: Mon, 08 Apr 2002 14:39:16 UTC Subscriber Name: InReach Telnet Line Mode: Character Mode SSH Name: InReach SSH Encryption: Triple-DES SSH Port: 22 SSH Log Level: 23 Field Description Subscriber Name The name under which the subscriber is logged in. Telnet Line Mode Indicates the Telnet Line Mode. The possible values are Character and Block. SSH Name The SSH Name for the subscriber. SSH Port The ports that are enabled as SSH ports for this subscriber. SSH Encryption The form of SSH encryption used by the subscriber. SSH Log Level The Revision Level of the SSH Log for this subscriber.451-0310E 61 Displays the Linux OS version, Linux In-Reach version, LX software version, and ppciboot version for the LX unit. Syntax show version Example show version Figure 14 shows an example of the Version screen. Figure 14 - Version Screen show version Linux Kernel Version: 2.4.9 Linux In-Reach Version: 15 Software Version: 2.2.0 Ppciboot Version: 0.9.3.26 Field Description Linux Kernel Ve rsi on The version of the Linux Operating System that is running on the LX unit. Linux In-Reach Ve rsi on The version of the In-Reach implementation of Linux. Software Version The version of the LX software that is running on the LX unit. Ppciboot Version The version of ppciboot that the LX unit is using.62 451-0310E Opens a Secure Shell (Triple-DES/BLOWFISH) connection. Syntax ssh [A.B.C.D [NUMBER]]|[NAME [NUMBER]] [LOGIN NAME] Where Means Usage Guidelines The default SSH server is your Preferred Service. Refer to the preferred service command on page 399 for information on configuring a Preferred Service. If the ssh command is executed without an SSH server, and you do not have a Preferred Service configured, the following error message is displayed: No Preferred Service Configured Examples ssh 102.19.240.14 ssh 102.19.240.14 2322 ssh ssh 102.19.240.14 2322 henryh ssh A.B.C.D The IP Address of the SSH server to which the connection is being made. (See “Usage Guidelines” (below) for the default value of this field.) NAME The Domain Name of the SSH server to which the connection is being made. (See “Usage Guidelines” (below) for the default value of this field.) NUMBER The socket number to which the connection is being made. LOGIN NAME The name that you are using to log in to the SSH server.451-0310E 63 Opens a Telnet connection to a host. Syntax telnet [A.B.C.D [NUMBER]]|[NAME [NUMBER]] Where Means Usage Guidelines The default Telnet host is your Preferred Service. Refer to the preferred service command on page 399 for information on configuring a Preferred Service. If the telnet command is executed without a Telnet host, and you do not have a Preferred Service configured, the following error message is displayed: No Preferred Service Configured Examples telnet 102.19.240.14 telnet 102.19.240.14 2500 telnet telnet A.B.C.D The IP Address of the Telnet host. (See “Usage Guidelines” (below) for the default value of this field.) NAME The Domain Name of the Telnet host. (See “Usage Guidelines” (below) for the default value of this field.) NUMBER The socket number to which the connection is being made. 64 451-0310E Sets the terminal type for the LX user. Syntax terminal Where Means Example terminal vt100 terminal ansi terminal terminal_type The terminal type for the LX user. The allowable terminal types are VT100 and ANSI. 451-0310E 65 Chapter 2 Superuser Commands The Superuser commands are executed in the Superuser command mode. When the LX unit is in the Superuser command mode, the Superuser command prompt (e.g., InReach:0 >>) is displayed on the terminal screen. The format of the Superuser command prompt is as follows: : >> where is the username that was entered at the Login: prompt. is the session number of the current connection. For example, in the InReach:0 >> prompt, the username is InReach and the session number is 0. To enter the Superuser command mode, do one of the following: • If you are in the User command mode, execute the enable command. This displays the Password: prompt. Enter a Superuser password at the Password: prompt. Refer to page 36 for more information on the enable command. • If you are in a command mode other than User, execute the end command or the exit command until the Superuser command prompt is displayed.66 451-0310E Clear the screen and removes any user input from the command buffer. Syntax clear Example clear clear451-0310E 67 Enters the Configuration command mode. When this command is executed, the configuration prompt (e.g., Config >>) is displayed. Only the Configuration commands can be executed from the configuration prompt. For more information on the Configuration commands, refer to “Configuration Commands” on page 159. Syntax configuration Example configuration configuration68 451-0310E Generates debug information for PPP sessions on an asynchronous port. The debug information can be displayed by executing the show debug port async ppp command (see page 90). Syntax debug port async NUMBER ppp Where Means Example debug port async 5 ppp debug port async ppp NUMBER An asynchronous port number.451-0310E 69 Generates debug information for SNMP. Syntax debug snmp Example debug snmp debug snmp70 451-0310E Generates debug information for a subscriber. The debug information can be displayed by executing the show debug subscriber command (see page 91). Syntax debug subscriber Where Means Example debug subscriber bill debug subscriber subscriber_name The subscriber for which debug information is to be generated.451-0310E 71 Disconnects a session to the LX unit. NOTE: You can not use this command to disconnect the current session. For example, you can not use this command to disconnect session 0 when you are logged in to session 0. Syntax disconnect NUMBER|all Where Means Examples disconnect 3 disconnect all disconnect NUMBER The session number of the session that is to be disconnected. all Disconnect all sessions other than the session from which this command is executed.72 451-0310E Returns you to the previous command mode. For example, if the current command mode is Superuser, issuing this command will return you to the User command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX Command Modes. However, the effect of the exit command varies, depending on the command mode from which it is issued. As noted above, issuing the exit command in the Superuser command mode returns the user to the previous command mode. The same goes for issuing the exit command in any command mode other than the User command mode. For example, issuing the exit command in the Configuration command mode returns the user to the Superuser command mode; issuing the exit command in the Subscriber command mode returns the user to the Configuration command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit451-0310E 73 Logs out a device, an LX port, or an LX subscriber. Syntax logout |port | Where Means Syntax logout /dev/ttyGN3 logout port 3 logout mark logout device_name The name of the device that is to be logged out. For example, the command logout /dev/ttyGN3 logs out the Linux device /dev/ttyGN3 (port 4). port_number The LX port that is to be logged out. For example, the command logout port 3 logs out port 3. subscriber_name The name of the subscriber to be logged out. For example, the command logout mark logs out the subscriber mark.74 451-0310E Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the Superuser command mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the Superuser command mode and are currently enabled. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no pause no feature_name The name of the feature or boolean parameter that is to be disabled.451-0310E 75 Reboots a Power Control Relay or turns a Power Control Relay on or off. Syntax outlet : on|off|reboot Where Means Examples outlet 3:5 on outlet 5:2 off outlet 6:1 reboot outlet power_master Specifies the Power Master from which the Power Control Relay is managed. Note: Refer to “access power model” on page 309 for information on configuring a port as a Power Master. control_relay Specifies a Power Control Relay on the IR-5100 or IR-5150 that is managed from the Power Master. The Power Master number, combined with the Power Control Relay number, uniquely identifies each Power Control Relay. For example, 2:5 identifies Power Control Relay 5 on the device that is managed from port 2. on Turn the Power Control Relay on. off Turn the Power Control Relay off. reboot Reboot the Power Control Relay.76 451-0310E Reboots, or turns on or off, all of the outlets in an outlet group. Syntax outlet group | on|off|reboot Where Means Examples outlet group 5 reboot outlet group Laboutlets off outlet group 6 on outlet group group_number An integer number that specifies an existing outlet group. group_name The descriptive name of an existing outlet group. on Turn the outlets in the group on. off Turn the outlets in the group off. reboot Reboot the outlets in the group.451-0310E 77 Configures the screen to pause after displaying the number of lines specified in the “lines/screen” value for the terminal. Syntax pause enable Example pause enable pause enable78 451-0310E Sends a series of 4 echo messages to a destination host. Syntax ping [A.B.C.D|NAME] Where Means Usage Guidelines If a destination host is not specified, the echo message is sent to the default destination host which is your Preferred Service. Refer to the preferred service command on page 399 for information on configuring a Preferred Service. If the ping command is executed without a destination host, and you do not have a Preferred Service configured, the following error message is displayed: No Preferred Service Configured Examples ping 119.20.112.3 ping ping FinanceServer ping A.B.C.D The IP Address of the destination host. (See “Usage Guidelines” (below) for the default value of this field.) NAME The domain name of the destination host. (See “Usage Guidelines” (below) for the default value of this field.)451-0310E 79 Re-starts the LX unit. Syntax reload Usage Guidelines If the LX parameter set has been saved since the last time the LX unit was re-started, or since the last configuration change was made, the LX unit will be re-started immediately. If the LX parameters have not been saved, you will be prompted to save them before the LX is re-started. Configuration is not saved!!! Proceed anyway? (y/n) : Enter y to re-start the LX unit without saving the changes. Enter n to abort the command. Refer to “save configuration” on page 80 for more information on saving the LX parameters. Example reload reload80 451-0310E Saves the configuration of the LX unit to the local flash or to a network parameter server. Syntax save configuration flash|[network |] Where Means Examples save configuration flash save config network unit1 119.25.42.37 save configuration flash Save the LX-unit configuration to the local flash. network Save the LX-unit configuration to a network parameter server. filename Identifies the network file to which the LX-unit configuration is to be saved. The filename must not include a .zip suffix. For example, unit1 is a valid filename, but unit1.zip is not a valid filename. domain_name Specifies the domain name of the TFTP server to which the LX-unit configuration is to be saved. ip_address Specifies the IP Address of the TFTP server to which the LX-unit configuration is to be saved.451-0310E 81 Runs the setup utility (Quick Start Configurator). For more information on the Quick Start Configurator, refer to the LX Quick Start Instructions. Syntax setup Example setup setup82 451-0310E Enters the Built-in Linux shell on the LX unit. Syntax shell Usage Guidelines When this command is executed, the following is displayed on the Linux monitor: BusyBox v0.60.1 (2002.04.16-12:27+0000) Built-in shell (ash) Enter ‘help’ for a list of built-in commands InReach:/# You can enter any command in the Built-in Linux shell from the command prompt (InReach:/# in the above example). Enter help at the command prompt for a list of the built-in commands. The format of the command prompt is :/#, where is the username of the subscriber. Enter exit at the command prompt to return to Superuser Mode. Example shell shell451-0310E 83 Displays the audit log for a port or a subscriber. Syntax show audit log []|[] Where Means Usage Guidelines If you execute show audit log for a subscriber, the display will only contain audit log data for the subscriber in question. If you execute show audit log for a port, the display will contain audit log data for all of the subscribers that are logged in at the port. Example show audit show audit log 5 show audit log mark Figure 15 shows an example of the audit log display. Figure 15 - Audit Log Display show audit log port_number Specifies an asynchronous port number on the LX unit. subscriber_name Specifies an LX subscriber name. Nov 18 16:08:32 yves ttyGN0 0 Subs_yves >>end Nov 18 16:08:50 yves ttyGN0 1 Yves:0 >> Nov 18 16:08:50 yves ttyGN0 2 Yves:1 > Nov 18 16:08:50 yves ttyGN0 3 Yves:2 > Nov 18 16:08:55 yves ttyGN0 3 Yves:3 >sho session Nov 18 16:08:55 yves ttyGN0 3 Number Device Program Pid Time Status Nov 18 16:08:55 yves ttyGN0 3 0 /dev/pts/0 Superuser 477 98 - Nov 18 16:08:55 yves ttyGN0 3 1 /dev/pts/3 User 481 5 - Nov 18 16:08:55 yves ttyGN0 3 2 /dev/pts/4 User 482 5 - Nov 18 16:08:55 yves ttyGN0 3 3 /dev/pts/5 User 483 5 *84 451-0310E Displays the characteristics of Broadcast Groups. Syntax show broadcast group all| characteristics Where Means Example show broadcast group 1 characteristics show broadcast group all characteristics Figure 16 shows an example of the Broadcast Group Characteristics Display. Figure 16 - Broadcast Group Characteristics Display show broadcast group characteristics all Display information for all Broadcast Groups. group_number The group number of a Broadcast Group. Time: 08 Nov 2002 16:29:26 US/EASTERN Broadcast Group Number: 1 Mode: Line Mode State: Disabled Async Master port(s) with Timestamp: Async Master port(s) without Timestamp: 1,4 TCP Master port(s) with Timestamp: TCP Master port(s) without Timestamp: Async Slave port(s) with Discard: Async Slave port(s) without Discard: 2-3,5-7 Async Slave port(s) with Local Echo: Async Slave port(s) without Local Echo: 2-3,5-7 TCP Slave port(s) with Discard: TCP Slave port(s) without Discard: TCP Slave port(s) with Local Echo: TCP Slave port(s) without Local Echo:451-0310E 85 Displays summary information on all of the Broadcast Groups that are configured on the LX unit. Syntax show broadcast group summary Example show broadcast group summary Figure 17 shows an example of the Broadcast Group summary display. Figure 17 - Broadcast Group Summary Display show broadcast group summary Broadcast group number: State: 1 Enabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled86 451-0310E Displays the day, date, time, and timezone for the LX unit. Syntax show clock Example show clock Figure 18 shows an example of the clock display. Figure 18 - Clock Display show clock Mon, 08 Apr 2002 14:39:16 UTC451-0310E 87 Displays the command log for a port or for a subscriber. Syntax show command log []|[] Examples show command log show command log 4 show command log mark Figure 19 shows an example of the command log display. Figure 19 - Command Log Display show command log Nov 11 12:47:30 demo 0 end Nov 11 12:47:33 demo 0 sho command log Nov 11 12:49:21 demo 23 modem Nov 11 12:49:29 demo 23 end Nov 11 12:49:39 demo 23 show command log demo88 451-0310E Displays the contents of the LX System configuration table or the configuration data from the Non-Volatile memory of the LX unit. Syntax show configuration Example show configuration Figure 20 shows an example of the Configuration Data display. Figure 20 - Configuration Data Display show configuration Signature is :a1326c7cf50dd779086e0a90843fdke94398kj9 In-Reach Configuration version 0.0.34, Linux kernel version 2.4.10 System.SystemName.0 TYPE STRING VALUE "InReach LX-1" System.SystemLocation.0 TYPE STRING VALUE "Middle of NoWhere" System.TimeZone.0 TYPE STRING VALUE "UTC" System.UseNtp.0 TYPE BOOL VALUE "Disabled" System.UseLpd.0 TYPE BOOL VALUE "Disabled" System.SnmpLocation.0 TYPE STRING VALUE "" System.SnmpPort.0 TYPE SHORT VALUE "161" System.SnmpLog.0 TYPE BOOL VALUE "Disabled" System.SnmpTransport.0 TYPE OCTET VALUE "0" System.SysLogAddr.0 TYPE IPADDR VALUE "0.0.0.0" System.UseSsh.0 TYPE BOOL VALUE "Disabled" System.UseRad.0 TYPE BOOL VALUE "Disabled" System.UseRadAcct.0 TYPE BOOL VALUE "Disabled" System.RadPort.0 TYPE SHORT VALUE "1812" System.RadAcctPort.0 TYPE SHORT VALUE "1813" System.RadPrimAuth.0 TYPE IPADDR VALUE "1.1.1.1" System.RadPrimSecret.0 TYPE STRING VALUE "" System.RadSecAuth.0 TYPE IPADDR VALUE "1.1.1.2" System.RadSecSecret.0 TYPE STRING VALUE "" System.RadPrimAcct.0 TYPE IPADDR VALUE "1.1.1.1" Type a key to continue, q to quit451-0310E 89 Displays the commands that have been executed in the Configuration Command Mode and in any of the Command Modes nested in the Configuration Command Mode. (The Command Modes nested in the Configuration Command Mode include Broadcast Group, Interface, Menu, Menu Editing, Subscriber, Asynchronous, PPP, Modem, Ethernet, SNMP, and Notification.) Syntax show configuration log Example show configuration log Figure 21 shows an example of the configuration log display. Figure 21 - Configuration Log Display show configuration log Nov 20 20:59:03 InReach /ttyGN0 0 save config to flash Nov 20 20:59:12 InReach /ttyGN0 0 boot config file from flash Nov 20 20:59:46 InReach /ttyGN0 0 subscriber 4 no password Nov 20 21:00:17 InReach /ttyGN0 0 subscriber 4 access telnet enable Nov 20 21:00:24 InReach /ttyGN0 0 subscriber 4 access ssh enable Nov 20 21:00:29 InReach /ttyGN0 0 subscriber 4 access guiserver enable Nov 20 21:00:34 InReach /ttyGN0 0 subscriber 4 access console enable Nov 20 21:00:47 InReach /ttyGN0 0 subscriber 4 security level super Nov 20 21:01:01 InReach /ttyGN0 0 save config to flash90 451-0310E Displays the debug data for PPP sessions on an asynchronous port of the LX unit. Syntax show debug port async NUMBER ppp Where Means Example show debug port async 5 ppp show debug port async ppp NUMBER The number of the port for which debug data is to be displayed.451-0310E 91 Displays the subscriber debug data for the LX unit. Syntax show debug subscriber NAME Where Means Example show debug subscribers bill Figure 22 shows an example of the Subscriber Debug data display. Figure 22 - Subscriber Debug Data show debug subscriber NAME The name of the subscriber for which debug data is to be displayed. Bill_M:0 >>show debug subscriber billStamp : 1020858407 To Line 1b 5b 3f 32 35 6c .[?25l Stamp : 1020858407 To Line 1b 5b 39 30 30 3b 39 30 30 48 .[900;900H Stamp : 1020858407 To Line 1b 5b 36 6e .[6n Stamp : 1020858407 From Line 1b 5b 32 34 3b 38 30 52 6e e6 .[24;80Rn. Stamp : 1020858407 From Line 75 81 1b 5b 32 34 3b 38 30 52 u..[24;80R Stamp : 1020858407 To Line 1b 5b 3f 32 35 68 .[?25h Stamp : 1020858407 To Line 1b 5b 48 1b 5b 4a .[H.[J Stamp : 1020858407 To Line 1b 5b 30 3b 30 48 .[0;0H Stamp : 1020858407 To Line 42 69 6c 6c 5f 4d 3a 30 20 3e Bill_M:0.> Stamp : 1020858407 To Line 1b 5b 36 6e .[6n92 451-0310E Displays information on devices connected to asynchronous ports configured as OUTLET or SENSOR on the LX unit. Syntax show device all| status Where Means Example show device 5 status Figure 23 shows an example of the Device Display for an OUTLET port. Figure 23 - Device Display for An OUTLET Port show device status all Display information for all asynchronous ports configured as OUTLET or SENSOR. port_number The port number of an asynchronous port that is configured as OUTLET or SENSOR. Time: Tue, 17 Sep 2002 20:05:47 Device Number: 4 Device Type: IR5100 Model Name: IR-5100-126 Total Outlet Strip Load: 0.0 Outlet Minimum Off Time: 15 Outlet Name State Load Assigned Groups 1 plug1 Off 0.0 1 4 13 2 plug2 Off 0.0 1 6 10 3 plug3 Off 0.0 1 7 4 plug4 Off 0.0 1 5 plug5 Off 0.0 2 4 6 plug6 Off 0.0 2 7 plug7 Off 0.0 2 8 plug8 Off 0.0 2 9 plug9 Off 0.0 3 4 10 plug10 Off 0.0 3 11 plug11 Off 0.0 3 12 plug12 Off 0.0 3 13 plug13 Off 0.0 4 5 14 plug14 Off 0.0 4 5 15 plug15 Off 0.0 4 5 16 plug16 Off 0.0 5451-0310E 93 Figure 24 shows an example of the Device Display for a SENSOR port. Figure 24 - Device Display for A SENSOR Port show device status (continued) Time: 29 Aug 2002 17:35:17 US/EASTERN Device Number: 4 Device Type: Sensor Humidity Level(%): 39.00 Temperature (Celsius): 26.00 Temperature (Fahrenheit): 78.8094 451-0310E Displays summary information on the sensors, and power management devices, that are attached to asynchronous ports of the LX unit. Syntax show device summary Example show device summary Figure 25 shows an example of the Device summary display. Figure 25 - Device Summary Display show device summary Device Number Device Type Model Name 4 IR5100 IR-5100-126 5 IR5100 IR-5100-255451-0310E 95 Displays the characteristics of an IP interface. Syntax show interface NUMBER|all characteristics Where Means Examples show interface 1 characteristics show interface all characteristics Figure 26 shows an example of the Interface Characteristics display. Figure 26 - Interface Characteristics Display show interface characteristics NUMBER Specifies the IP interface for which information is to be displayed. all Display information for all the IP interfaces on the LX unit. Time: Mon, 24 Feb 2003 16:14:27 Interface Name: Interface_1 Bound to : eth0 IP MTU Size: 1500 IP Address : 0.0.0.0 Learned IP Address : 102.19.169.191 IP Mask : 0.0.0.0 Learned IP Mask : 255.255.255.0 IP Broadcast : 0.0.0.0 Learned IP Broadcast: 102.19.169.255 Interface Status: In Use Learned IP Gateway : 102.19.169.1 Rotary Feature: Disabled Learned IP DNS : 0.0.0.0 Authentication: Local Radius Accounting: Disabled Authentication FallBack: Disabled Tacacs+ Accounting: Disabled SSH port: 22 Telnet port: 23 SSH Keepalive Interval: 0 SSH Keepalive Count: 3 Field Description Time The date and time that the show interface characteristics command was executed. Interface Name The name of the IP interface for which data is being displayed. IP MTU Size The Maximum Transmission Unit (MTU) size for an IP interface. The MTU size is the largest-size frame that can be transmitted on the IP interface. IP Address The IP Address of the IP interface. IP Mask The subnet mask of the IP interface. IP Broadcast The IP Broadcast Address of the IP interface.96 451-0310E show interface characteristics (continued) Interface Status The status of the IP interface. The possible values are In Use and N/A. Rotary Feature Indicates whether IP Rotary is Enabled or Disabled on this IP interface. If it is Enabled, you will be able to configure the rotary settings on this IP interface. If it is Disabled, you will not be able to configure the rotary settings on this IP interface. Authentication Indicates the type of authentication that is in effect for the IP interface. Authentication Fallback Indicates whether the Fallback Login Feature is Enabled or Disabled for the IP interface. SSH port The SSH port for the IP interface. SSH Keepalive Interval The length of time, in seconds, between attempts at making an SSH connection to the IP interface. Bound to The Ethernet port to which the interface is bound. Learned IP Address The IP Address learned from ppciboot. Learned IP Mask The subnet mask learned from ppciboot. Learned IP Broadcast The IP Broadcast Address learned from ppciboot. Learned IP Gateway The IP Gateway learned from ppciboot. Learned IP DNS The Domain Name Server (DNS) learned from ppciboot. RADIUS Accounting Indicates whether RADIUS Accounting is enabled or disabled for the IP interface. Tacacs+ Accounting Indicates whether Tacacs+ Accounting is enabled or disabled for the IP interface. Telnet port The Telnet port for the IP interface. SSH Keepalive Count The number of times that an SSH client will attempt to make an SSH connection to the IP interface.451-0310E 97 Displays the Telnet port number, and the SSH port number, associated with each serial port on an IP interface. Syntax show interface NUMBER|all port mapping Where Means Example show interface all port mapping show interface port mapping NUMBER Specifies the IP interface for which information is to be displayed. all Display information for all the IP interfaces on the LX unit.98 451-0310E Figure 27 on page 98 shows an example of the port mapping display. Figure 27 - Port Mapping Display show interface port mapping (continued) Serial Port Telnet Port SSH Port 0 0 0 1 2100 2122 2 2200 2222 3 2300 2322 4 2400 2422 5 2500 2522 6 2600 2622 7 2700 2722 8 2800 2822 9 2900 2922 10 3000 3022 11 3100 3122 12 3200 3222 13 3300 3322 14 3400 3422 15 3500 3522 16 3600 3622 17 3700 3722 18 3800 3822 19 3900 3922 20 4000 4022 21 4100 4122 22 4200 4222 23 4300 4322 24 4400 4422 25 4500 4522 26 4600 4622 27 4700 4722 28 4800 4822 29 4900 4922 30 5000 5022 31 5100 5122 32 5200 5222 33 5300 5322451-0310E 99 Displays the characteristics of a rotary. Syntax show interface NUMBER|all rotary Where Means Examples show interface 3 rotary show interface all rotary Figure 28 shows an example of the Rotary Characteristics display. Figure 28 - Rotary Characteristics Display show interface rotary NUMBER Specifies the rotary for which information is to be displayed. The allowable rotary numbers are 1 through 5. all Display information for all the rotaries on the LX unit. Rotary IP Address TCP SSH Rotary Type Rotary State Serial Ports 147.132.145.16 1500 1522 First Available Disabled Field Description Rotary IP Address The IP Address of the rotary. (This is also the IP Address of the interface.) TCP The TCP socket number assigned to the rotary. SSH The SSH socket number assigned to the rotary. Rotary Type The rotary type (First Available or Round Robin). Rotary State Indicates whether the rotary is Enabled or Disabled. Serial Ports The serial ports included in the rotary.100 451-0310E Displays status information for an IP interface. Syntax show interface NUMBER|all status Where Means Examples show interface 1 status show interface all status Figure 29 shows an example of the Interface status display. Figure 29 - Interface Status Display show interface status NUMBER Specifies the IP interface for which information is to be displayed. The allowable IP interface numbers are 1 through 5. all Display information for all the IP interfaces on the LX unit. Time: Mon 24 Apr 2003 16:19:34 Interface Name: Interface_1 Bound to : eth0 IP Address: 102.19.169.191 IP Mask: 255.255.255.0 IP Broadcast Addr: 102.19.169.255 Field Description Time The date and time that the show interface status command was executed. Interface Name The name of the IP interface. IP Address The IP Address of the IP interface. IP Broadcast Addr The IP Broadcast Address of the IP interface. Bound to The Ethernet port to which the IP interface is bound. IP Mask The Subnet Mask of the IP interface.451-0310E 101 Displays summary information on all of the IP interfaces that are configured on the LX unit. Syntax show interface summary Example show interface summary Figure 30 shows an example of the Interfaces summary display. NOTE: Interface addresses that are learned are not displayed on the following screen. Figure 30 - Interfaces Summary Display show interface summary Name Address Broadcast Addr. Mask Bound to Interface_1 0.0.0.0 0.0.0.0 0.0.0.0 eth0 Interface_2 0.0.0.0 0.0.0.0 0.0.0.0 eth0:1 Interface_3 0.0.0.0 0.0.0.0 0.0.0.0 eth0:2 Interface_4 0.0.0.0 0.0.0.0 0.0.0.0 eth0:3 Interface_5 0.0.0.0 0.0.0.0 0.0.0.0 eth0:4 Field Description Name The name of the IP interface. Address The IP Address configured for the IP interface. Broadcast The Broadcast Address configured for the IP interface. Addr. Mask The subnet mask configured for the IP interface. Bound to The Ethernet port to which the IP interface is bound.102 451-0310E Displays a log of Linux kernel activity for the LX unit. Syntax show kernel log Example show kernel log Figure 31 shows an example of the Kernel Log display. Figure 31 - Kernel Log Display show kernel log Jan 3 15:42:50 In-Reach kernel: klogd 1.4.1, log source = /proc/kmsg started. Jan 3 15:42:50 In-Reach kernel: Cannot find map file. Jan 3 15:42:50 In-Reach kernel: No module symbols loaded - kernel modules not enabled. Jan 3 15:42:50 In-Reach kernel: Linux version 2.4.19 (build@GenBuild) (gcc version 2.95.3 20010315 (release)) #1 Wed Feb 26 08:16:45 EST 2003 Jan 3 15:42:50 In-Reach kernel: On node 0 totalpages: 16384 Jan 3 15:42:50 In-Reach kernel: zone(0): 16384 pages. Jan 3 15:42:50 In-Reach kernel: zone(1): 0 pages. Jan 3 15:42:50 In-Reach kernel: zone(2): 0 pages. Jan 3 15:42:50 In-Reach kernel: Kernel command line: root=/dev/ram CONSOLE=/dev /console Jan 3 15:42:50 In-Reach kernel: Decrementer Frequency = 247500000/60 Jan 3 15:42:50 In-Reach kernel: Calibrating delay loop... 65.53 BogoMIPS Jan 3 15:42:50 In-Reach kernel: Memory: 57500k available (1440k kernel code, 49 2k data, 56k init, 0k highmem) Jan 3 15:42:50 In-Reach kernel: Dentry cache hash table entries: 8192 (order: 4 , 65536 bytes) Jan 3 15:42:50 In-Reach kernel: Inode cache hash table entries: 4096 (order: 3, 32768 bytes) Jan 3 15:42:50 In-Reach kernel: Mount-cache hash table entries: 1024 (order: 1, 8192 bytes) Jan 3 15:42:50 In-Reach kernel: Buffer-cache hash table entries: 4096 (order: 2 , 16384 bytes) Jan 3 15:42:50 In-Reach kernel: Page-cache hash table entries: 16384 (order: 4, 65536 bytes) Jan 3 15:42:50 In-Reach kernel: POSIX conformance testing by UNIFIX Jan 3 15:42:50 In-Reach kernel: Linux NET4.0 for Linux 2.4 Jan 3 15:42:50 In-Reach kernel: Based upon Swansea University Computer Society NET3.039 Jan 3 15:42:50 In-Reach kernel: Initializing RT netlink socket Jan 3 15:42:50 In-Reach kernel: Starting kswapd Jan 3 15:42:50 In-Reach kernel: i2c-core.o: i2c core module version 2.6.1 (2001 0830) Type a key to continue, q to quit451-0310E 103 Displays the contents of syslogd for the LX unit. Syntax show log Example show log Figure 32 shows an example of the Log display. Figure 32 - Log Display show log Dec 31 21:10:20 In-Reach syslogd 1.4.1: restart. Dec 31 21:10:20 In-Reach kernel: klogd 1.4.1, log source = /proc/kmsg started. Dec 31 21:10:21 In-Reach kernel: Cannot find map file. Dec 31 21:10:21 In-Reach kernel: No module symbols loaded - kernel modules not enabled. Dec 31 21:10:21 In-Reach kernel: Linux version 2.4.19 (build@GenBuild) (gcc vers ion 2.95.3 20010315 (release)) #1 Mon Feb 3 07:52:36 EST 2003 Dec 31 21:10:21 In-Reach kernel: On node 0 totalpages: 16384 Dec 31 21:10:21 In-Reach kernel: zone(0): 16384 pages. Dec 31 21:10:21 In-Reach kernel: zone(1): 0 pages. Dec 31 21:10:21 In-Reach kernel: zone(2): 0 pages. Dec 31 21:10:21 In-Reach kernel: Kernel command line: root=/dev/ram CONSOLE=/dev /console Dec 31 21:10:21 In-Reach kernel: Decrementer Frequency = 247500000/60 Dec 31 21:10:21 In-Reach kernel: Calibrating delay loop... 65.53 BogoMIPS Dec 31 21:10:21 In-Reach kernel: Memory: 58432k available (1292k kernel code, 43 2k data, 52k init, 0k highmem) Dec 31 21:10:21 In-Reach kernel: Dentry cache hash table entries: 8192 (order: 4 , 65536 bytes) Dec 31 21:10:21 In-Reach kernel: Inode cache hash table entries: 4096 (order: 3, 32768 bytes) Dec 31 21:10:21 In-Reach kernel: Mount-cache hash table entries: 1024 (order: 1, 8192 bytes) Dec 31 21:10:21 In-Reach kernel: Buffer-cache hash table entries: 4096 (order: 2 , 16384 bytes) Dec 31 21:10:21 In-Reach kernel: Page-cache hash table entries: 16384 (order: 4, 65536 bytes) Dec 31 21:10:21 In-Reach kernel: POSIX conformance testing by UNIFIX Dec 31 21:10:21 In-Reach kernel: Linux NET4.0 for Linux 2.4 Dec 31 21:10:21 In-Reach kernel: Based upon Swansea University Computer Society NET3.039 Dec 31 21:10:21 In-Reach kernel: Initializing RT netlink socket Dec 31 21:10:21 In-Reach kernel: Starting kswapd Type a key to continue, q to quit 104 451-0310E Displays the ID number, string portion (message), facility, and priority of configurable syslogd messages. Syntax show notification message NUMBER|all Where Means Example show notification message 4 Figure 33 shows an example of the Message display. Figure 33 - Message Display show notification message NUMBER The ID number of a configurable syslogd message. all Display all of the configurable syslogd messages on the LX unit. Message record 4: Message: The Shell has been exited by Facility: user Priority: notice 451-0310E 105 Displays information on Service Profiles configured for the Notification Feature. Syntax show notification serviceprofile |all Where Means Example show notification serviceprofile all Figure 34 shows an example of the Service Profile display. Figure 34 - Service Profile Display show notification serviceprofile name The Service Profile for which data is to be displayed. all Display the specified data for all Service Profiles on the LX unit. ServiceProfile: syslog Protocol: localsyslog File: syslog ServiceProfile: messages Protocol: localsyslog File: messages ServiceProfile: debug Protocol: localsyslog File: debug ServiceProfile: mark1 Protocol: localsyslog File: ServiceProfile: jacklocal Protocol: localsyslog File: jacksyslog ServiceProfile: jackremote Protocol: remotesyslog Remote Host: ServiceProfile: jackasync Protocol: async Async Port: 5 ServiceProfile: jack Protocol: tap SMSC: 18668230501 Bits/Parity/StopBits:8N1 Modem Port(s): 33 ServiceProfile: webjack Protocol: web Driver: verizon_web106 451-0310E Displays information on User Profiles of the Notification Feature. Syntax show notification userprofile |all Where Means Example show notification userprofile all Figure 35 shows an example of the User Profile display. Figure 35 - User Profile Display show notification userprofile name The User Profile for which data is to be displayed. all Display the specified data for all User Profiles on the LX unit. UserProfile: syslog ServiceProfile: syslog Contact: Facility: all Priority: err UserProfile: messages ServiceProfile: messages Contact: Facility: all Priority: notice UserProfile: debug ServiceProfile: debug Contact: Facility: all Priority: debug UserProfile: grogers@mrv ServiceProfile: N/A Contact: Facility: kern Priority: emerg UserProfile: mark ServiceProfile: N/A Contact: Facility: kern Priority: emerg UserProfile: jacklocal ServiceProfile: jacklocal Contact: Facility: user Priority: warning 451-0310E 107 Displays status information for outlet groups. Syntax show outlet group ||all status Where Means Example show outlet group all status Figure 36 shows an example of the Outlet Group Status display. Figure 36 - Outlet Group Status Display show outlet group status group_number An integer number that specifies an existing outlet group. group_name The descriptive name of an existing outlet group. all Display the specified data for all outlet groups on the LX unit. Time: Mon, 16 Sep 2002 17:55:19 Group Number: 2 Group Name: mypc Group Off Time: 4 Port Outlet State 2 1 Not configured 2 2 Not configured Field Description Time The date and time that the show outlet group status command was executed. Group Name The descriptive name of the outlet group. Port The LX Port from which the outlet is managed. Outlet The outlet number. State The state of the individual outlet. Group Number The group number of the outlet group. Group Off Time The length of time that outlets in the group must remain off after they have been turned off.108 451-0310E Displays the APD settings of an asynchronous port. Syntax show port async all| apd Where Means Example show port async 5 apd show port async all apd The port APD Settings screen contains the same fields as the port APD Settings screen that can be displayed in the User command mode. For more information refer to Figure 4 on page 46. show port async apd all Display information for all asynchronous ports. port_number The port number of an asynchronous port.451-0310E 109 Displays the characteristics of an asynchronous port. Syntax show port async all| characteristics Where Means Example show port async 5 characteristics show port async all characteristics The display contains the same fields as the port characteristics screen that can be displayed in the User command mode. For more information refer to Figure 3 on page 43. show port async characteristics all Display information for all asynchronous ports. port_number The port number of an asynchronous port.110 451-0310E Displays the modem settings for an asynchronous port. Syntax show port async all| modem Where Means Example show port async 5 modem show port async all modem The display contains the same fields as the port modem screen that can be displayed in the User command mode. For more information refer to Figure 5 on page 47. show port async modem all Display information for all asynchronous ports. port_number The port number of an asynchronous port.451-0310E 111 Displays the match patterns and pattern-matching characteristics for an asynchronous port. Syntax show port async |all pattern match characteristics Where Means Example show port async 5 pattern match characteristics Figure 37 shows an example of the Pattern Match Characteristics display. Figure 37 - Pattern Match Characteristics Display show port async pattern match characteristics port_number The port number of an asynchronous port. Note: The port must be configured for databuffer access. all Display the pattern-matching characteristics for all asynchronous ports on the LX unit. Time: Wed, 05 Feb 2003 07:05:52 Banner: Welcome to MRV Communications, In-Reach Product Division. Port Number: 5 Pattern Match: Enabled Pattern 1: SuperUser Pattern 2: tes.t Pattern 3: Unix Reboot Pattern 8: abc* 112 451-0310E Displays the Point-to-Point Protocol (PPP) settings of an asynchronous port. Syntax show port async all| ppp Where Means Example show port async 5 ppp show port async all ppp The display contains the same fields as the port PPP screen that can be displayed in the User command mode. For more information refer to Figure 6 on page 48. show port async ppp all Display information for all asynchronous ports. port_number The port number of an asynchronous port.451-0310E 113 Displays the Point-to-Point Protocol (PPP) status of an asynchronous port. Syntax show port async all| ppp status Where Means Example show port async 4 ppp status Figure 38 shows an example of the PPP status display. Figure 38 - PPP Status Display show port async ppp status all Display information for all asynchronous ports. port_number The port number of an asynchronous port. Time: Tue, 18 Mar 2003 20:21:58 UTC Port Device: /dev/ttyGN4 Port Number: 4 Learned Remote Addr.: 0.0.0.0 Lcp Link Status: Closed Ipcp Link Status: Closed PPP Transmit Bytes: N/A PPP Recieve Bytes: N/A PPP Transmit Frames: N/A PPP Recieve Frames: N/A PPP Transmit Errors: N/A PPP Recieve Errors: N/A114 451-0310E Displays status information for asynchronous ports. Syntax show port async all| status Where Means Example show port async 5 status show port async all status This display contains the same fields as the port Status screen that can be displayed in the User command mode. For more information refer to Figure 7 on page 50. show port async status all Display information for all asynchronous ports. port_number The port number of an asynchronous port.451-0310E 115 Displays summary information for all of the asynchronous ports on the LX unit. Syntax show port async summary Example show port async summary Figure 39 shows an example of the summary information for LX asynchronous ports. Figure 39 - Asynchronous Port Summary Data show port async summary Port Port Name Access Speed TCP Port SSH port Device 0 Port_0 Local 9600 0 0 /dev/ttyGN0 1 Port_1 Remote 9600 2100 2122 /dev/ttyGN1 2 Port_2 Remote 9600 2200 2222 /dev/ttyGN2 3 Port_3 Local 9600 2300 2322 /dev/ttyGN3 4 Port_4 Dynamic 9600 2400 2422 /dev/ttyGN4 5 Port_5 Sensor 9600 2500 2522 /dev/ttyGN5 6 Port_6 Databuffer 9600 2600 2622 /dev/ttyGN6 7 Port_7 IR5100 9600 2700 2722 /dev/ttyGN7 8 Port_8 IR5150 9600 2800 2822 /dev/ttyGN8 Field Description Port The Port Number Port Name The Port Name Access The access method for the port Speed The port speed TCP Port The Telnet port number for the port SSH Port The SSH port number for the port Device The Linux Device Name for the port116 451-0310E Displays the characteristics of an Ethernet port. Syntax show port ethernet all| characteristics Where Means Example show port ethernet 1 characteristics Figure 40 shows an example of Ethernet Port Characteristics. Figure 40 - Ethernet Port Characteristics show port ethernet characteristics all Display information for all Ethernet ports. port_number The port number of an Ethernet port. Time: Mon, 24 Mar 2003 22:30:19 Name: eth0 MAC Address: 00:a0:87:9c:00:50:e3 Link Speed: Auto Duplex Mode: Auto Description: Field Description Name The name of the port. Description The description of the Ethernet port. MAC Address The Ethernet MAC Address for the port. Link Speed The Ethernet port speed. The possible values are auto, 10mb and 100mb. Duplex Mode The duplex mode of the Ethernet port. The possible values are auto, full, and half.451-0310E 117 Displays the statistical information for an ethernet port. Syntax show port ethernet all| status Where Means Example show port ethernet 1 status Figure 41 shows an example of the statistical information for an Ethernet port. Figure 41 - Ethernet Port Statistical Information show port ethernet status all Display information for all ethernet ports. port_number The port number of an ethernet port. Name: eth0 MAC Address: 00:a0:87:9c:00:50:e3 Link State: Up Duplex Mode: Half Link Speed: 100 Auto Negotiation: Auto Receive Bytes: 240061 Transmit Bytes: 40115 Receive Packets: 2890 Transmit Packets: 659 Receive Errors: 0 Transmit Errors: 0 Receive Drop Packet: 0 Transmit Drop Packet: 0 Receive Overruns: 0 Transmit Overruns: 0 Receive Compressed: 0 Transmit Compressed: 0 Receive Frame Error: 0 Transmit Collisions: 0 Receive Multicast: 0 Transmit Carrier: 0 Field Description Name The Ethernet port name. Link State The state (Up or Down) of the Ethernet link. Link Speed The speed of the Ethernet link (in Megabytes per second). Receive Bytes The number of Bytes Received on the Ethernet port since the counters were last reset to zero. Receive Packets The number of Packets Received on the Ethernet port since the counters were last reset to zero. Receive Errors The number of Receive Errors on the Ethernet port since the counters were last reset to zero. Receive Drop Packet The number of Receive Packets that have been dropped by the Ethernet port since the counters were last reset to zero. 118 451-0310E show port ethernet status (continued) Receive Overruns The number of Receive Overruns on the Ethernet port since the counters were last reset to zero. Receive Compressed The number of compressed packets received since the counters were last reset to zero. Receive Frame Error The number of Receive Frame Errors on the Ethernet port since the counters were last reset to zero. Receive Multicast The number of Multicasts received on the Ethernet port since the counters were last reset to zero. MAC Address The MAC Address of the LX unit. Duplex Mode The duplex mode (half or full) of the Ethernet link. Auto Negotiation Indicates whether or not auto negotiation is in effect on the Ethernet link. Transmit Bytes The number of bytes transmitted on the Ethernet port since the counters were last reset to zero. Transmit Packets The number of packets transmitted on the Ethernet port since the counters were last reset to zero. Transmit Errors The number of Transmit Errors on the Ethernet port since the counters were last reset to zero. Transmit Drop Packet The number of Transmit Packets dropped on the Ethernet port since the counters were last reset to zero. Transmit Overruns The number of Transmit Overruns on the Ethernet port since the counters were last reset to zero. Transmit Compressed The number of compressed packets transmitted since the counters were last reset to zero. Transmit Collisions The number of Transmit Collisions on the Ethernet port since the counters were last reset to zero. Transmit Carrier451-0310E 119 Displays summary information for the Ethernet ports on the LX unit. Syntax show port ethernet summary Example show port ethernet summary Figure 42 shows an example of the summary information for the LX Ethernet port. Figure 42 - Ethernet Summary Information show port ethernet summary Name MAC-Address eth0 00:a0:87:9c:00:50:e3 Field Description Name The name of the Ethernet port. MAC Address The MAC (physical) Address of the Ethernet port.120 451-0310E Displays information about the RADIUS authentication and accounting servers for the LX unit. Syntax show radius characteristics Example show radius characteristics Figure 43 shows an example of the RADIUS Display. Figure 43 - RADIUS Display show radius characteristics Time: Wed, 10 Apr 2002 00:44:48 UTC Primary RADIUS Authentication Server: IP Address: 0.0.0.0 RADIUS Auth. UDP Port: 1812 Secret: Not Configured Timeout: 4 Retry: 4 Secondary RADIUS Authentication Server: IP Address: 0.0.0.0 RADIUS Auth. UDP Port: 1812 Secret: Not Configured Timeout: 4 Retry: 4 Primary RADIUS Accounting Server: IP Address: 0.0.0.0 RADIUS Acct. UDP Port: 1813 Secret: Not Configured Timeout: 4 Retry: 4 Secondary RADIUS Accounting Server: IP Address: 0.0.0.0 RADIUS Acct. UDP Port: 1813 Secret: Not Configured Timeout: 4 Retry: 4 RADIUS Accounting Server Period: 5 Inbound RADIUS Enabled Serial Ports: Outbound RADIUS Enabled Serial Ports: RADIUS Enabled Interfaces: Field Description IP Address The IP Address for the applicable Authentication or Accounting Server. Secret The Radius secret shared between the LX unit and the Radius server used for encrypting communications between them. Retry The number of times the LX unit will attempt to connect to the Radius server.451-0310E 121 show radius characteristics (continued) RADIUS Auth. UDP Port The UDP port that the LX unit and the applicable RADIUS authentication server will use for communication. RADIUS Acct. UDP Port The UDP port that the LX unit and the applicable RADIUS accounting server will use for communication. Timeout The time to wait for a RADIUS server to respond before retransmitting packets to the server. RADIUS Accounting Server Period The length of time, in seconds, that the RADIUS server waits for a reply from the RADIUS Accounting server. Inbound RADIUS Enabled Serial Ports The Inbound serial ports that are enabled for RADIUS. Outbound RADIUS Enabled Serial Ports The Outbound serial ports that are enabled for RADIUS. RADIUS Enabled Interfaces The LX interfaces that are enabled for RADIUS.122 451-0310E Displays statistical information on RADIUS authentication attempts. Syntax show radius status Example show radius status Figure 44 shows an example of the RADIUS Status Display. Figure 44 - RADIUS Status Display show radius status Time: Wed, 08 May 2002 13:32:34 UTC Total RADIUS Authentication Message Exchange: Primary Secondary Successful attempts: 2 0 Failed attempts: 0 0 Total RADIUS Accounting Message Exchange: Primary Secondary Successful attempts: 0 0 Failed attempts: 6 6 RADIUS Authentication Counter Summary: Primary Secondary Successful Logins: 2 0 Authentication Failures: 0 0 Configuration Failures: 0 0 Policy Failures: 0 0 RADIUS Accounting Counter Summary: Primary Secondary Successful Acct Entries: 0 0 Failed Acct Entries: 0 0 Requests Waiting: 0 0 RADIUS Fallback Counter Summary: Total Fallback Logins: 0 Field Description Tot al RADIUS Authentication Message Exchange Successful Attempts The number of times the primary and secondary RADIUS authentication servers successfully exchanged messages with the LX unit. Failed attempts The number of times the primary and secondary RADIUS authentication servers failed to exchange messages with the LX unit.451-0310E 123 show radius status (continued) Tot al RADIUS Accounting Message Exchange Successful Attempts The number of times the primary and secondary RADIUS accounting servers successfully exchanged messages with the LX unit. Failed attempts The number of times the primary and secondary RADIUS accounting servers failed to exchange messages with the LX unit. RADIUS Authentication Counter Summary Successful Logins The number of successful logins using RADIUS. Authentication Failures The number of unsuccessful logins using RADIUS. Configuration Failures The number of login failures that occurred due to configuration failures. Policy Failures The number of login failures that occurred due to policy failures. RADIUS Accounting Counter Summary Successful Acct Entries The number of successful RADIUS accounting entries. Failed Acct Entries The number of failed RADIUS accounting entries. Requests Waiting The number of RADIUS Accounting requests that have not been processed yet. RADIUS Fallback Counter Summary Total Fallback Logins The number of logins that have been done through the RADIUS Fallback Login feature.124 451-0310E Displays summary data for the RADIUS authentication and accounting servers. Syntax show radius summary Example show radius summary Figure 45 shows an example of the RADIUS Summary Display. Figure 45 - RADIUS Summary Display show radius summary Radius Server Summary Thu, 12 Sep 2002 20:47:18 Primary Auth. Server: 0.0.0.0 Primary Auth. UDP Port: 1812 Secondary Auth. Server: 0.0.0.0 Secondary Auth. UDP Port: 1812 Primary Acct. Server: 0.0.0.0 Primary Acct. UDP Port: 1813 Secondary Acct. Server: 0.0.0.0 Secondary Acct. UDP Port: 1813 Field Description Primary Auth. Server The IP Address of the Primary RADIUS Authentication server. Secondary Auth. Server The IP Address of the Secondary RADIUS Authentication server. Primary Acct. Server The IP Address of the Primary RADIUS Accounting server. Secondary Acct. Server The IP Address of the Secondary RADIUS Accounting server. Primary Auth. UDP Port The UDP port for the Primary RADIUS Authentication server. Secondary Auth. UDP Port The UDP port for the Secondary RADIUS Authentication server. Primary Acct. UDP Port The UDP port for the Primary RADIUS Accounting server. Secondary Acct. UDP Port The UDP port for the Secondary RADIUS Accounting server.451-0310E 125 Displays the IP addresses of the default route, subnet mask, and gateway of the LX unit. Syntax show route Example show route Figure 46 shows an example of the Route Display. Figure 46 - Route Display show route Route Mask Gateway 192.168.10.0 255.255.255.0 10.50.100.1 192.168.11.0 255.255.255.0 10.50.100.10 192.168.12.0 255.255.255.0 10.50.100.20 192.168.13.0 255.255.255.0 10.50.100.30 192.168.14.0 255.255.255.0 10.50.100.40 192.168.15.0 255.255.255.0 10.50.100.50 192.168.16.0 255.255.255.0 10.50.100.60126 451-0310E Displays information about the SecurID authentication server for the LX unit. Syntax show securid characteristics Example show securid characteristics Figure 43 shows an example of the SecurID Characteristics Display. Figure 47 - SecurID Characteristics Display show securid characteristics Time: Mon, 17 Mar 2003 18:09:34 UTC SecurID Configuration Settings Authentication Version: Version_5 Authentication Encryption: DES Authentication Timeout: 5 Authentication Retransmit: 3 Authentication Port: 5500 V5 Primary Server: 0.0.0.0 Primary Name: Legacy Master Server: 0.0.0.0 Master Name: Legacy Slave Server: 0.0.0.0 Slave Name: Inbound SecurID Enabled Serial Ports: Outbound SecurID Enabled Serial Ports: SecurID Enabled Interfaces: Field Description Time The date and time that the show securid characteristics command was executed. Authentication Ve rsi on The version of SecurID that is running on the SecurID authentication server. The possible values are Legacy and Version_5. Authentication Timeout The time to wait for the SecurID authentication server to respond before retransmitting packets to the server. Authentication Port The UDP port that the LX unit and the SecurID authentication server will use for communication. V5 Primary Server The IP Address of the authentication server used for Version 5 of SecurID. Legacy Master Server The IP address of the Master server for the Legacy version of SecurID. Legacy Slave Server The IP address of the Slave server for the Legacy version of SecurID. Inbound SecurID Enabled Serial Ports The Inbound serial ports that use SecurID authentication.451-0310E 127 show securid characteristics (continued) Outbound SecurID Enabled Serial Ports The Outbound serial ports that use SecurID authentication. SecurID Enabled Interfaces The IP interfaces that use SecurID authentication. Authentication Encryption The encryption method used by SecurID. The possible values are DES and SDI. Authentication Retransmit The maximum number of times the LX unit will retransmit packets to the SecurID authentication server after the expiration of an Authentication Timeout. Primary Name The name of the Version 5 authentication server. Master Name The name of the Master server for the Legacy version of SecurID. Slave Name The name of the Slave server for the Legacy version of SecurID.128 451-0310E Displays statistical information on SecurID authentication attempts. Syntax show securid status Example show securid status Figure 44 shows an example of the SecurID Status Display. Figure 48 - SecurID Status Display show securid status Time: Mon, 24 Feb 2003 16:55:59 SecurID Status & Counters: Successful Logins: 0 Failed Logins: 0 Fallback Logins: 0 Learned SecurID Node Secret: False Learned SecurID Servers: Field Description Time The date and time that the show securid status command was executed. Successful Logins The number of successful logins using SecurID. Failed Logins The number of unsuccessful logins using SecurID. Fallback Logins The number of logins that have been accomplished using SecurID Fallback. Learned SecurID Node Secret Indicates whether or not the LX unit has received the SecurID Secret from the SecurID Server. The possible values are True and False. A value of True means that the LX unit has received the SecurID Secret from the SecurID Server. A value of True means that the LX unit has not received the SecurID Secret from the SecurID Server. Learned SecurID Servers The IP addresses, or host names, of the Primary and Replica SecurID servers that the LX unit can use for authentication.451-0310E 129 Displays summary data for the SecurID authentication and accounting servers. Syntax show securid summary Example show securid summary Figure 45 shows an example of the SecurID Summary Display. Figure 49 - SecurID Summary Display show securid summary Time: Mon, 17 Mar 2003 18:17:27 UTC V5 Primary Server: 0.0.0.0 Primary Name: Legacy Master Server: 0.0.0.0 Master Name: Authentication Version: Version_5 Authentication Port: 5500 Field Description Time The date and time that the show securid summary command was executed. V5 Primary Server The IP Address of the authentication server used for Version 5 of SecurID. Legacy Master Server The IP address of the Master server for the Legacy version of SecurID. Authentication Ve rsi on The version of SecurID that is running on the SecurID authentication server. The possible values are Legacy and Version_5. Primary Name The name of the Version 5 Primary authentication server. Master Name The name of the Master server for the Legacy version of SecurID. Authentication Port The UDP port that the LX unit and the SecurID authentication server will use for communication.130 451-0310E Displays the name and IP Address of every service that is configured for the LX unit. Syntax show service Example show service Figure 50 shows an example of the Service screen. Figure 50 - Service Screen show service Wed, 10 Apr 2002 10:45:08 UTC Service Name IP Address dewey 123.123.1.1 huey 123.123.1.2 451-0310E 131 Displays information about opened sessions on the LX unit. Syntax show session [] Where Means Usage Guidelines If this command is executed without the argument (i.e., show session), it displays information for all opened sessions on the LX unit. Example show session 3 This display contains the same fields as the Session screen that can be displayed in the User command mode. For more information refer to Figure 10 on page 54. show session session_number The session number of an opened connection.132 451-0310E Displays the system-level SNMP characteristics for the LX unit. Syntax show snmp characteristics Example show snmp characteristics Figure 52 shows an example of SNMP characteristics Display. Figure 51 - SNMP Characteristics Display show snmp characteristics Time: Wed, 10 Apr 2002 10:45:08 UTC Name: InReach Logging: Disabled Port: 161 Contact: Henry Smith Location: Upstairs Lab V3 Engine Boots: 14 V3 Engine ID: 6537303330336565616365323932336100000000 Field Description Time The date and time that the show snmp characteristics command was executed. Logging Indicates whether the SNMP Logging feature is Enabled or Disabled on the LX unit. Contact The contact for the LX unit. V3 Engine Boots The number of times the V3 engine has been rebooted. V3 Engine ID The V3 Engine ID for the LX unit. Name The system name for the LX unit. Port The SNMP UDP port for the LX unit. Location The location of the LX unit.451-0310E 133 Displays information on SNMP clients. Syntax show snmp client all| Where Means Example show snmp client 1 Figure 52 shows an example of SNMP Client Display. Figure 52 - SNMP Client Display show snmp client all Display information for all SNMP clients on this LX unit. client_number The client number for an SNMP client Get Client: 1 Address: 145.134.118.12 Community: public Version: 1 Set Client: 1 Address: 145.134.118.16 Community: public Version: 1 Trap Client: 1 Address: 145.134.118.18 Community: private Version: 1 Field Description Get Client The SNMP client (e.g., a Network Operations Center, or NOC) which is permitted to perform an SNMP get on the LX unit. Set Client The SNMP client (e.g., a Network Operations Center, or NOC) which is permitted to perform an SNMP set on the LX unit. Trap Client The SNMP client (e.g., a Network Operations Center, or NOC) which is permitted to trap SNMP characteristics from the LX unit. Community The name of the applicable SNMP Community to which the LX unit belongs. When an SNMP Community Name has been specified for the unit, only SNMP clients which belong to the same community are permitted to perform the applicable SNMP operation (Get, Set, or Trap) on the unit. Address The IP Address of the SNMP Get, Set, or Trap client. Version The SNMP Get, Set, or Trap Version for the client. The possible values are 1, 2, or 3.134 451-0310E Displays V3 information for SNMP clients. Syntax show snmp v3 all| Where Means Example show snmp v3 3 Figure 53 shows an example of the V3 display for an SNMP client. Figure 53 - V3 Display show snmp v3 all Display information for all SNMP clients on this LX unit. client_number The client number for an SNMP client Client: 4 Engine Boots: 8 Engine ID: e70303eeace2923a000000000000000000000000 V3 View OID Subtree: 0 V3 View OID Subtree Mask: 8000000000000000000000000000000000000000 V3 View Name: V3 View Type: Allow V3 Access Group Name: V3 Access Context Prefix: V3 Access Security Model: 3 V3 Access Security Level: 1 V3 Access Read View: view V3 Access Write View: view V3 Access Notify View: view V3 Access Cont. Match: none V3 Security Name: V3 Source IP: 0.0.0.0 V3 Secur. Community: public V3 Source Mask: 0.0.0.0 V3 Group Secur. Model: V3 Group Secur. Name: V3 Group Name: Field Description Client The SNMP client number. Engine Boots The number of times the SNMP v3 daemon has booted (i.e., used its shared secret). Engine ID The ID of the SNMP v3 daemon. V3 View OID Subtree The OID range that is accessible by this view. V3 View OID Subtree Mask The valid numbers in the subtree, specified as the individual bits of the digits.451-0310E 135 show snmp v3 (continued) V3 View Name The name of the view entry. V3 View Type Indicates whether the v3 view type is allowed or denied. If the value of this field is Enabled, the view type is allowed. If the value of this field is Disabled, the view type is denied. V3 Access Group Name The name of a group to map to a view. V3 Access Security Model The version number of the group entry. V3 Access Read View The view to use for read requests. V3 Access Notify View The view to use for Notify requests. V3 Access Cont. Match Indicates whether the context prefix is a prefix of an exact value. V3 Security Name The user name to be used for the IP Address specified by the Source IP, Source Mask, and Community. V3 Secur. Community The Community Name used in a request to map to a Security Name. V3 Group Secur. Model The Version Number of a request to map to a Group Name. V3 Group Name The Name of the v3 Group. V3 Access Context Prefix The Access Context Prefix. V3 Access Security Level Indicates the v3 Access Security Level for the LX unit. The possible values are as follows: 1 - No authorization 2 - Authorization with no privileges 3 - Authorization with privileges 4 - The LX unit is non-v3 V3 Access Write View The view to use with write requests. V3 Source IP The IP range that is mapped to the Security Name for non-v3 requests. V3 Source Mask The incoming IP Address is ANDed with this mask before it is compared with the Source IP Address.136 451-0310E show snmp v3 (continued) V3 Group Secur. Name The name of the user to map to a group.451-0310E 137 Displays the status or characteristics for selected subscribers. Syntax show subscriber |all characteristics|status|tcp Where Means Examples show subscriber tim characteristics show subscriber tim status show subscriber all tcp show subscriber subscriber_name The subscriber for which data is to be displayed. all Display the specified data for all subscribers on the LX unit. characteristics Displays the characteristics for the specified subscribers. This option displays a screen that contains the same fields as the subscriber characteristics that are displayed in User Mode. For more information, refer to Figure 11 on page 56. status Displays the status information for the specified subscribers. This option displays a screen that contains the same fields as the subscriber status screen that is displayed in User Mode. For more information, refer to Figure 12 on page 59. tcp Displays the TCP information for the selected subscribers. This option displays a screen that contains the same fields as the subscriber TCP screen that is displayed in User Mode. For more information, refer to Figure 13 on page 60.138 451-0310E Displays summary information for all of the subscribers configured on the LX unit. Syntax show subscriber summary Examples show subscriber summary Figure 54 shows an example of the Subscriber Summary Display. Figure 54 - Subscriber Summary Display show subscriber summary Name Connections Terminal Type InReach 0 Ansi demo 1 Ansi jack 0 Ansi451-0310E 139 Displays the global system configuration for the LX unit. Syntax show system characteristics Example show system characteristics Figure 55 shows an example of the system display for an LX unit. Figure 55 - System Display show system characteristics Name: InReach Time: Wed, 10 Apr 2002 02:13:18 UTC Serial Number: 00:a0:9c:00:01:43 Location: UpstairsLab Domain Name suffix: yourcompany.com Maximum Number of Async Ports: 8 Internal Modem on Port: 0 Maximum Number of Subscribers: 16 Maximum Number of Virtual Ports: 32 Maximum Number of Interfaces: 4 Maximum Number of Ethernet Ports: 1 Primary Domain : 102.19.176.254 Secondary Domain : 102.19.128.17 Gateway : 102.19.169.1 Default TFTP Server : 102.19.169.182 Timed Daemon: Disabled TFTP Retries: 3 NTP Daemon: Disabled TFTP Timeout: 3 NTP Server: 0.0.0.0 SNMP Feature: Disabled Finger Daemon: Disabled Logging Size : 64000 Telnet Daemon: Enabled SSH Daemon: Enabled Web Server: Enabled Field Description Name The host name of the LX unit. Location A text string that specifies the physical location of the LX unit. Serial Number The Serial Number of the LX unit. Domain Name Suffix The suffix for the LX-unit Domain Name. Maximum Number of Async Ports The maximum allowable number of asynchronous ports on the LX unit. Maximum Number of Subscribers The maximum number of subscribers on the LX unit. Maximum Number of Interfaces The maximum allowable number of IP interfaces on the LX unit. Primary Domain The IP Address of the Primary Domain Name Server (DNS) for the LX unit.140 451-0310E show system characteristics (continued) Gateway The IP Address for the gateway (default route) of the LX unit. Timed Daemon Indicates whether the Timed Daemon is Enabled or Disabled. NTP Daemon Indicates whether the Network Time Protocol (NTP) Daemon is Enabled or Disabled on the LX unit. NTP Server The IP Address of the NTP server for the LX unit. Finger Daemon Indicates whether the Finger Daemon (fingerd) is Enabled or Disabled on the LX unit. Telnet Daemon Indicates whether the Telnet Daemon is Enabled or Disabled on the LX unit. Web Server Indicates whether the WebServer feature (Browser Management) is Enabled or Disabled on the LX unit. Time The date and time that the show system characteristics command was executed. Internal Modem on Port Indicates whether or not the LX port has an internal modem. Maximum Number of Virtual Ports The maximum allowable number of virtual ports on the LX unit. Maximum Number of Ethernet Ports The maximum allowable number of Ethernet ports on the LX unit. Secondary Domain The IP Address of the Secondary Domain Name Server (DNS) for the LX unit. Default TFTP server The default network server for updating the software image, the iBoot file, and parameter files. TFTP Retries The number of times the TFTP server will attempt to communicate with the LX unit. TFTP Timeout If the LX unit can not load from the TFTP Server before the expiration of this timeout, the TFTP Server is considered dead. SNMP Feature Indicates whether SNMP is Enabled or Disabled for the LX unit. Logging Size Indicates the size of logging files on the unit. SSH Daemon Indicates whether the SSH Daemon is Enabled or Disabled on the LX unit.451-0310E 141 Displays the ppciboot configured load settings for the LX unit. Syntax show system ppciboot Example show system ppciboot Figure 56 shows an example of the ppciboot Configured Load Settings Display for an LX unit. Figure 56 - ppciboot Configured Load Settings Display show system ppciboot Ppciboot Configured Load Settings Ppciboot Software Version : 0.9.3.26 Ppciboot Ethernet Network Link : auto Software Load From Flash : no Software Load From Network : yes Software Filename : linuxito.img Configured IP Address : 145.189.121.19 Configured Network Mask : 255.255.255.0 Configured Gateway Address : 145.177.123.1 Configured TFTP Server Address : 145.177.169.208 IP Assignment Method #1 : User Defined IP Assignment Method #2 : BOOTP IP Assignment Method #3 : RARP IP Assignment Method #4 : DHCP142 451-0310E Displays system status information for the LX unit. Syntax show system status Example show system status Figure 57 shows an example of the System Status Display for an LX unit. Figure 57 - System Status Display show system status Time: Mon, 24 Feb 2003 20:17:20 UTC System Uptime: 0 8:7:50 Software Load From : Local Flash Memory Active System Gateway : 102.19.169.1 Configuration Load From : Local Flash Memory Network file Name : Configuration File to Boot From : /config/Config.prm Configuration Settings to Boot From : Flash Configuration Status : Configuration Saved Configuration Version : 4 CPU usage (0.10 = 10%): Memory usage (in KB): 1 min. Avg usage : 0.00 Total Memory : 62760 5 min. Avg usage : 0.00 Cached Memory : 6320 15 min. Avg usage : 0.00 Free Memory : 28488 Temperature Status (degrees Celsius): Critical Temp. : 60.0 Hysteresis Temp. : 5.0 Low Temperature : 0.0 Threshold Temp. : 55.0 Current Temp. : 38.5 PowerFail Log: Feb 24 21:54:33 2003 Field Description Software Load From The IP Address of the Load Server for the LX software image. Active System Gateway The IP Address of the gateway that is currently being used by the LX unit. Configuration Load From The parameter server for the LX unit. Network File Name The filename of the network file from which the LX configuration is loaded. Configuration File to Boot From The filename of the file from which the LX unit is booted.451-0310E 143 show system status (continued) Configuration Settings to Boot From Indicates whether the configuration of the LX unit is booted from the local flash or from the network. Configuration Status Indicates whether the current configuration of the LX unit has been saved with the save configuration command. Configuration Version The version number of the LX configuration. This number is incremented by 1 each time a modified version of the LX configuration is saved. CPU usage (0.10 = 10%) 1 min. Avg usage Average CPU usage over the last minute. 5 min. Avg usage Average CPU usage over the last 5 minutes. 15 min. Avg usage Average CPU usage over the last 15 minutes. Memory usage (in KB) Total Memory The total memory on the LX unit (in KB). Cached Memory The total cached memory in use (in KB). Free Memory The total free memory (in KB). Temperature Status (degrees Celsius) Critical Temp. The temperature level (in Celsius degrees) that is considered critical for the LX unit. Low Temperature The lowest supported operating temperature for the LX unit. Current Temp. The current temperature of the LX unit. Hysteresis Temp. The Hysteresis for temperature measurements on the LX unit. Threshold Temp. The highest supported operating temperature for the LX unit. PowerFail Log The dates and times when power failures have occurred on the LX unit. Note: This field also displays the date and time when the LX unit is unplugged.144 451-0310E Displays information about the TACACS+ authentication and accounting servers for the LX unit. Syntax show tacacs+ characteristics Example show tacacs+ characteristics Figure 58 shows an example of the TACACS+ Display. Figure 58 - TACACS+ Display show tacacs+ characteristics Time: Wed, 10 Apr 2002 00:44:48 UTC Primary TACACS+ Authentication Server: IP Address: 0.0.0.0 TACACS+ Auth. TCP Port: 49 Secret: Not Configured Timeout: 4 Retry: 4 Secondary TACACS+ Authentication Server: IP Address: 0.0.0.0 TACACS+ Auth. TCP Port: 49 Secret: Not Configured Timeout: 4 Retry: 4 Primary TACACS+ Accounting Server: IP Address: 0.0.0.0 TACACS+ Acct. TCP Port: 49 Secret: Not Configured Timeout: 4 Retry: 4 Secondary TACACS+ Accounting Server: IP Address: 0.0.0.0 TACACS+ Acct. TCP Port: 49 Secret: Not Configured Timeout: 4 Retry: 4 TACACS+ Superuser Request: Disabled TACACS+ Accounting Server Period: 5 Inbound TACACS+ Enabled Serial Ports: Outbound TACACS+ Enabled Serial Ports: TACACS+ Enabled Interfaces: Field Description IP Address The IP Address for the applicable Authentication or Accounting Server. Secret The TACACS+ secret shared between the LX unit and the TACACS+ server used for encrypting communications between them. Retry The number of times the LX unit will attempt to connect to the TACACS+ server.451-0310E 145 show tacacs+ characteristics (continued) TACACS+ Auth. TCP Port The TCP port that the LX unit and the applicable TACACS+ authentication server will use for communication. TACACS+ Acct. TCP Port The TCP port that the LX unit and the applicable TACACS+ accounting server will use for communication. Timeout The time to wait for a TACACS+ server to respond before retransmitting packets to the server. TACACS+ Superuser Request Indicates whether or not the TACACS+ Superuser password is used to enter the Superuser Command Mode. The possible values of this field are Enabled and Disabled. If this field is Enabled, the TACACS+ Superuser password will be used to enter the Superuser Command Mode. If this field is Disabled, the Local Password will be used to enter the Superuser Command Mode. Note: Even if this field is Disabled, the logon authentication to the LX unit will be through TACACS+. Inbound TACACS+ Enabled Serial Ports The Inbound serial ports that are enabled for TACACS+. Outbound TACACS+ Enabled Serial Ports The Outbound serial ports that are enabled for TACACS+. TACACS+ Enabled Interfaces The LX IP interfaces that are enabled for TACACS+. TACACS+ Accounting Server Period The length of time, in seconds, that the TACACS+ server waits for a reply from the TACACS+ Accounting server.146 451-0310E Displays statistical information on TACACS+ authentication attempts. Syntax show tacacs+ status Example show tacacs+ status Figure 59 shows an example of the TACACS+ Status Display. Figure 59 - TACACS+ Status Display show tacacs+ status Time: Wed, 08 May 2002 13:32:34 UTC Total TACACS+ Authentication Message Exchange: Primary Secondary Successful attempts: 2 0 Failed attempts: 0 0 Total TACACS+ Accounting Message Exchange: Primary Secondary Successful attempts: 0 0 Failed attempts: 6 6 TACACS+ Authentication Counter Summary: Primary Secondary Successful Logins: 2 0 Authentication Failures: 0 0 TACACS+ Accounting Counter Summary: Primary Secondary Successful Acct Entries: 0 0 Failed Acct Entries: 0 0 TACACS+ Superuser Enable Summary: Primary Secondary Successful Enable Requests: 0 0 Failed Enable Requests: 0 0 TACACS+ Fallback Counter Summary: Total Fallback Logins: 0 Field Description Total TACACS+ Authentication Message Exchange Successful Attempts The number of times the primary and secondary TACACS+ authentication servers successfully exchanged messages with the LX unit. Failed attempts The number of times the primary and secondary TACACS+ authentication servers failed to exchange messages with the LX unit.451-0310E 147 show tacacs+ status (continued) Total TACACS+ Accounting Message Exchange Successful Attempts The number of times the primary and secondary TACACS+ accounting servers successfully exchanged messages with the LX unit. Failed attempts The number of times the primary and secondary TACACS+ accounting servers failed to exchange messages with the LX unit. TACACS+ Authentication Counter Summary Successful Logins The number of successful logins using TACACS+. Authentication Failures The number of unsuccessful logins using TACACS+. TACACS+ Accounting Counter Summary Successful Acct Entries The number of successful TACACS+ accounting entries. Failed Acct Entries The number of failed TACACS+ accounting entries. TACACS+ Superuser Enable Summary Successful Enable Requests This field only contains a value if TACACS+ Superuser Request is enabled. If TACACS+ Superuser Request is enabled, this field indicates the number of successful logins to Superuser Mode. Failed Enable Requests This field only contains a value if TACACS+ Superuser Request is enabled. If TACACS+ Superuser Request is enabled, this field indicates the number of unsuccessful attempts at logging in to Superuser Mode. TACACS+ Fallback Counter Summary Total Fallback Logins The number of logins that have been done through the TACACS+ Fallback Login feature.148 451-0310E Displays summary data for the TACACS+ authentication and accounting servers. Syntax show tacacs+ summary Example show tacacs+ summary Figure 60 shows an example of the TACACS+ Summary Display. Figure 60 - TACACS+ Summary Display show tacacs+ summary TACACS+ Server Summary Thu, 12 Sep 2002 20:47:18 Primary Auth. Server: 0.0.0.0 Primary Auth. TCP Port: 49 Secondary Auth. Server: 0.0.0.0 Secondary Auth. TCP Port: 49 Primary Acct. Server: 0.0.0.0 Primary Acct. TCP Port: 49 Secondary Acct. Server: 0.0.0.0 Secondary Acct. TCP Port: 49 Field Description Primary Auth. Server The IP Address of the Primary TACACS+ Authentication server. Secondary Auth. Server The IP Address of the Secondary TACACS+ Authentication server. Primary Acct. Server The IP Address of the Primary TACACS+ Accounting server. Secondary Acct. Server The IP Address of the Secondary TACACS+ Accounting server. Primary Auth. TCP Port The TCP port for the Primary TACACS+ Authentication server. Secondary Auth. TCP Port The TCP port for the Secondary TACACS+ Authentication server. Primary Acct. TCP Port The TCP port for the Primary TACACS+ Accounting server. Secondary Acct. TCP Port The TCP port for the Secondary TACACS+ Accounting server.451-0310E 149 Displays information about each user that is currently logged in to the LX unit. Syntax show users Example show users Figure 61 shows an example of the Users screen. Figure 61 - Users Screen show users Name Remote IP Address Local Port Protocol Device InReach 0.0.0.0 0 0 /dev/pts/3 demo 0.0.0.0 0 0 /dev/ttyGN1 demo 0.0.0.0 0 0 /dev/pts/1 Field Description Name The user name Remote IP Address If the user is logged in from a remote IP Address, the address is displayed in this field. Local Port If the user is logged on to a local port of the LX unit, the port number is displayed in this field. Protocol The protocol under which the user is connected to the LX unit. Device The Linux Device Number under which the user is logged in.150 451-0310E Displays the Linux OS version, Linux In-Reach version, LX software version, and ppciboot version for the LX unit. Syntax show version Example show version Figure 62 shows an example of the Version screen. Figure 62 - Version Screen show version Linux Kernel Version: 2.4.9 Linux In-Reach Version: 15 Software Version: 2.2.0 Ppciboot Version: 0.9.3.26 Field Description Linux Kernel Ve rsi on The version of the Linux Operating System that is running on the LX unit. Linux In-Reach Ve rsi on The version of the In-Reach implementation of Linux. Software Version The version of the LX software that is running on the LX unit. Ppciboot Version The version of ppciboot that the LX unit is using.451-0310E 151 Opens a Secure Shell (Triple-DES/BLOWFISH) connection. Syntax ssh [A.B.C.D [NUMBER]]|[NAME [NUMBER]] [LOGIN NAME] Where Means Usage Guidelines The default SSH server is your Preferred Service. Refer to the preferred service command on page 399 for information on configuring a Preferred Service. If the ssh command is executed without an SSH server, and you do not have a Preferred Service configured, the following error message is displayed: No Preferred Service Configured Examples ssh 102.19.240.14 ssh 102.19.240.14 2322 ssh ssh 102.19.240.14 2322 henryh ssh A.B.C.D The IP Address of the SSH server to which the connection is being made. (See “Usage Guidelines” (below) for the default value of this field.) NAME The Domain Name of the SSH server to which the connection is being made. (See “Usage Guidelines” (below) for the default value of this field.) NUMBER The socket number to which the connection is being made. LOGIN NAME The name that you are using to log in to the SSH server.152 451-0310E Opens a Telnet connection to a host. Syntax telnet [A.B.C.D [NUMBER]]|[NAME [NUMBER]] Where Means Usage Guidelines The default Telnet host is your Preferred Service. Refer to the preferred service command on page 399 for information on configuring a Preferred Service. If the telnet command is executed without a Telnet host, and you do not have a Preferred Service configured, the following error message is displayed: No Preferred Service Configured Examples telnet 102.19.240.14 telnet 102.19.240.14 2500 telnet telnet A.B.C.D The IP Address of the Telnet host. (See “Usage Guidelines” (below) for the default value of this field.) NAME The Domain Name of the Telnet host. (See “Usage Guidelines” (below) for the default value of this field.) NUMBER The socket number to which the connection is being made.451-0310E 153 Sets the terminal type for the LX user. Syntax terminal Where Means Example terminal vt100 terminal ansi terminal terminal_type The terminal type for the LX unit. The allowable terminal types are VT100 and ANSI. 154 451-0310E Updates the LX software or ppciboot file from a TFTP server on the network. Syntax update software|ppciboot [] Where Means Usage Guidelines In order for this command to take effect, you must restart the LX unit by executing the reload command. The reload command is described on page 79. If this command is executed without a TFTP server specified, and there is no default TFTP server configured, the following error message is displayed: No TFTP Host Download Failed Examples update ppciboot 102.19.169.141 update software 102.19.169.141 update ppciboot update software update software Update the LX software from the specified TFTP server. ppciboot Update the LX ppciboot file from the specified TFTP server. tftp_server The IP Address or the Domain Name of the TFTP server from which the LX software or ppciboot file is to be copied. If this field is not specified, the default TFTP server is used. To display the default TFTP server, refer to “show system characteristics” on page 139.451-0310E 155 Erases the statistics data for the LX unit. Syntax zero all Example zero all zero all156 451-0310E Resets the log files for the LX unit. Syntax zero log Example zero log zero log451-0310E 157 Deletes from the LX unit the SecurID Secret that was sent from the SecurID server. Syntax zero securid secret Example zero securid secret zero securid secret451-0310E 159 Chapter 3 Configuration Commands The Configuration commands are executed in the Configuration command mode. When the LX unit is in the Configuration command mode, the Configuration command prompt (i.e., Config:0 >>) is displayed on the terminal screen. The format of the Configuration command prompt is as follows: Config: >> where is the session number of the current connection. To enter the Configuration command mode, do one of the following: • If you are in the Superuser command mode, execute the configuration command. This displays the configuration prompt. Refer to page 67 for more information on the configuration command. • If you are in the Interface, Ethernet, Subscriber, Asynchronous, Menu, Menu Editing, Notification, or Broadcast Groups command mode, execute the exit command until the Configuration command prompt is displayed.160 451-0310E Configures the LX unit to boot the configuration from the local flash. Syntax boot configuration from flash Example boot configuration from flash boot configuration from flash451-0310E 161 Configures the LX unit to boot from a local file on the LX unit. Syntax boot configuration from name Where Means NOTE: You can use the show system status command to display the name of the boot file. The show system status command is described on page 142. Example boot configuration from name local.prm boot configuration from name filename The name of the local (LX-based) from which the LX unit will be booted. The filename may include a suffix. For example, the default filename is config.prm.162 451-0310E Configures the LX unit to boot from a TFTP server. Syntax boot configuration from network Where Means Example boot configuration from network 119.25.42.37 new_image boot configuration from network ip_address Specifies the IP Address of the TFTP server from which the LX unit is to be booted. filename The file on the LX unit, or on the TFTP server, from which the LX unit will be booted. The filename must not include a suffix. For example, local is a valid filename, but local.img is not a valid filename.451-0310E 163 Creates a Broadcast Group or accesses a Broadcast Group that already exists. Syntax broadcast group Where Means Usage Guidelines A Broadcast Group consists of Slave Ports and Master Ports. The Slave Ports receive data broadcasts from the Master Ports. The Slave Ports can be asynchronous ports or a TCP port. Users can receive data broadcasts by Telneting to a port that is configured as a Slave Port. A Master Port and its Slave Ports constitute a Broadcast Group, and a Slave Port can only receive data from its Master Port. Any console port or virtual port can be configured as a Master Port. Example broadcast group 4 broadcast group group_number The group number of the Broadcast Group. This can be any integer number between 1 and 5.164 451-0310E Enables a Broadcast Group. NOTE: In order to enable a Broadcast Group, the Broadcast Group must contain at least one Master Port and one Slave Port. Syntax broadcast group enable Where Means Example broadcast group 4 enable broadcast group enable group_number The group number of the Broadcast Group. 451-0310E 165 Sets the time for the LX system clock. NOTE: Use the date command to set the date for the system calendar. For more information, refer to “date” on page 168. Syntax clock HH:MM[:SS] Where Means Examples clock 14:47 clock 04:29:11 clock HH The hour in 24-hour format; for example, 23. MM The minute; for example, 09. SS The second; for example, 02.166 451-0310E Copies the configuration of one LX port to another LX port, or to a range of LX ports. Syntax copy port to [] Where Means Examples copy port 3 to 6 copy port 2 to 5 7 copy port origin_port The LX port from which the configuration is to be copied. destination_port1 The first port in a range of LX ports to which the configuration is to be copied. (Note: If destination_portn is not specified, the configuration is copied only to destination_port1.) destination_portn The last port in a range of LX ports to which the configuration is to be copied.451-0310E 167 Copies the configuration of one LX subscriber to one, or several, LX subscribers. If the destination subscriber is not in the database, a new subscriber is created. Syntax copy subscriber to * Where Means Usage Guidelines The maximum number of subscribers on an LX unit is equal to double the number of ports on the unit. For example, the maximum number of subscribers is 16 on an 8-port unit, 32 on a 16- port unit, 64 on a 32-port unit, and 96 on a 48-port unit. Examples copy subscriber benw to jimk billj edw susano emilyc copy subscriber mark to bill copy subscriber origin_subscriber The LX subscriber from which the configuration is to be copied. destination_subscriber The subscribers to which the configuration of origin_subscriber is to be copied. Note: If you specify an existing subscriber in this field, the origin_subscriber configuration overwrites the destination_subscriber. 168 451-0310E Sets the date for the LX system calendar. NOTE: Use the clock command to set the system clock for the LX unit. For more information, refer to “clock” on page 165. Syntax date MM/DD[/YYYY] Where Means Example date 03/17/2002 NOTE: In the above example, the date is set to March 17, 2002. date MM/DD[/YYYY] The date for the LX system calendar, where MM = The month; for example, 03 for March. DD = The date; for example, 17 for the 17 th . YYYY = The 4-digit year; for example, 2002. 451-0310E 169 Resets the boot file for the LX unit to the default boot file. When this command is entered the following message is displayed: File Saved Syntax default boot Example default boot default boot170 451-0310E Resets the configuration of the LX unit to default values and then shuts down and re-starts the LX unit. Syntax default configuration Usage Guidelines When this command is entered, the following confirmation prompt is displayed: Do You Really want to default the unit? [y|n] : Entering "y" will reset the configuration. Entering "n" will abort the command. If you enter “y” to default the configuration, you must re-start the LX unit with the reload command to make the default configuration take effect. The reload command is described on page 79. Example default configuration default configuration451-0310E 171 Resets the sizes of log files on the LX unit to the default value. Syntax default log size Example default log size default log size172 451-0310E Resets the off time for an outlet group to the default value of 10 seconds. Syntax default outlet group | off time Where Means Examples default outlet group 2 off time default outlet group rmlights off time default outlet group off time group_number An integer number that identifies the group whose off time is being reset to the default value. group_name The name assigned to the outlet group.451-0310E 173 Resets the timeout or retry value for the TFTP server to its default value. Syntax default tftp timeout|retry Where Means Examples default tftp timeout default tftp retry default tftp timeout Reset the TFTP server timeout to its default value. retry Reset the TFTP server retries to its default value.174 451-0310E Specifies the domain name of the LX unit. Syntax domain name NAME Where Means Usage Guidelines The portion of the domain name that follows the period is the domain name suffix. For example, com is the suffix in the domain name boston_office.com. Example domain name boston_office.com domain name NAME The domain name for the LX unit. The domain name should include a period (.) and a suffix.451-0310E 175 When the end command is issued in the Configuration Command Mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX command modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end176 451-0310E Returns the user to the previous command mode. For example, if the current command mode is Configuration, issuing this command will return the user to the Superuser command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX command modes. However, the effect of the exit command varies, depending on the command mode from which it is issued. As noted above, issuing the exit command in the Configuration command mode returns the user to the previous command mode. The same goes for issuing the exit command in any command mode other than User. For example, issuing the exit command in the Interface command mode returns the user to the Configuration command mode; issuing the exit command in the Menu Editing command mode returns the user to the Menu command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit451-0310E 177 Enables the finger daemon (fingerd) for exchanging information between hosts about users who are logged on to the LX unit. Syntax fingerd enable Example fingerd enable fingerd enable178 451-0310E Configures the network gateway IP address for the LX unit. Syntax gateway A.B.C.D Where Means Example gateway 119.20.112.47 gateway A.B.C.D The IP Address of the router/gateway that is to be used as the default route for the LX unit.451-0310E 179 Configures a network name for the LX unit. Syntax hostname NAME Where Means Examples hostname boston_office hostname a123456 hostname NAME A text string of up to 15 alphanumeric characters that specifies the network name for the LX unit.180 451-0310E Enters the Interface command mode. In the Interface command mode, the user can create or change an interface record. For more information on the Interface command mode, refer to “Interface Commands” on page 275. Syntax interface NUMBER Where Means Example interface 1 interface NUMBER Specifies an interface number. In the Interface command mode, you can configure the characteristics of the IP interface that is associated with this interface number. The maximum number of IP interfaces is 4. If the IP interface does not exist, it is created when this command is executed.451-0310E 181 Displays information that describes how to set up IP filtering with the iptables command. Syntax iptables Usage Guidelines When you execute this command, the following text is displayed: You must navigate to the Linux shell and use the iptables commands that are available in the kernel. You can run a shell from the Superuser Command Mode by launching the command "shell". For further details, please refer to the LX-Series Commands Reference Guide. Iptables are used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Iptables help manage IP traffic by creating filters known as chains. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. The options are ACCEPT, DENY, or DROP. The INPUT chain filters packets coming from the LAN to the LX-Series and the OUTPUT chain filters packets leaving the LX-Series destined for the LAN. After making any changes, you should always run the command "/sbin/iptables-save -f /config/iptables.conf" to save the changes. To make the change permanent through reboots you must save the configuration change by running the command "save configuration" from the superuser command mode. Example iptables iptables182 451-0310E Specifies the physical location of the LX unit. NOTE: To display this information, execute the show system characteristics command in the Superuser Command Mode. For more information, refer to “show system characteristics” on page 139. Syntax location STRING Where Means Example location UpstairsLab location STRING A text string that describes the physical location of the LX unit.451-0310E 183 Specifies the size of log files on the LX unit. Syntax log size NUMBER Where Means Example log size 100000 log size NUMBER A whole number that specifies the size, in bytes, for the LX-unit log files. The number must be greater than 1023 and less than 128001.184 451-0310E Enters the Menu command mode. In the Menu command mode, you can create, delete, or merge menus and enter the Menu Editing command mode. For more information on the Menu command mode, refer to “Menu Commands” on page 479. Syntax menu Example menu menu451-0310E 185 Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the Configuration command mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the Configuration command mode and are currently enabled. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no location no feature_name The name of the feature or boolean parameter that is to be disabled.186 451-0310E Enters the Notification command mode. In the Notification command mode, you can configure the sending of log messages to email addresses, pagers, remote syslogd, asynchronous ports, or local files. For more information on the Notification command mode, refer to “Notification Commands” on page 509. Syntax notification Example notification notification451-0310E 187 Enables the Network Time Protocol (NTP). Syntax ntp enable Usage Guidelines Before you can enable NTP, you must specify the IP Address of the NTP server. Refer to “ntp server address” on page 188 for more information on specifying the IP Address of the NTP server. Example ntp enable ntp enable188 451-0310E Specifies the IP address of the Network Time Protocol (NTP) server for the LX unit. Syntax ntp server address Where Means Usage Guidelines After you have specified the NTP server, you can enable NTP. Refer to “ntp enable” on page 187 for more information on enabling NTP. Example ntp server address 119.20.110.87 ntp server address ip_address Specifies the IP Address of the NTP server on the network.451-0310E 189 Assigns outlets to an outlet group. Syntax outlet group | Where Means Usage Guidelines When outlets are assigned to an outlet group, they can be configured and managed as a group. This can be more efficient than configuring and managing outlet individually. Refer to the following commands for more information about configuring and managing outlet groups: • “outlet group name” on page 190 • “outlet group off time” on page 191 • “show outlet group status” on page 107 Examples outlet group 2 2:5 3:7 4:2 4:3 4:5 outlet group Testoutlets 3:4 5:1 5:2 5:3 5:4 5:5 5:6 6:2 6:3 outlet group group_number An integer number that identifies the group to which outlets are being assigned. The allowable values are 1 - 16. group_name The descriptive name of the group to which outlets are being assigned. (Refer to “outlet group name” on page 190 for information on assigning a descriptive name to an outlet group.) outlet_list Specifies the outlets that are being added to the outlet group. The Power Master number, combined with the outlet number, identifies each outlet. For example, 2:5 identifies outlet 5 on the device that is managed from port 2. If you specify more than one outlet in the outlet_list, the outlets must be separated by blank spaces; for example, 2:5 3:7 4:2 4:3 4:5. Up to 16 outlets can be included in an outlet group.190 451-0310E Specifies a descriptive name for an outlet group. NOTE: Before you can specify a descriptive name for an outlet group, you must create the outlet group with the outlet group command (see page 189). Syntax outlet group name Where Means Example outlet group 5 name Testoutlets outlet group name group_number An integer number that specifies an existing outlet group. group_name Specifies a descriptive name for the outlet group. This can be a text string of up to 15 characters.451-0310E 191 Specifies the length of time, in seconds, that outlets must remain off before they can be turned back on. Syntax outlet group | off time NUMBER Where Means Example outlet group Testoutlets off time 10 outlet group 14 off time 20 outlet group off time group_number An integer number that specifies an existing outlet group. group_name The descriptive name of an existing outlet group. NUMBER An integer number that specifies the off time, in seconds, for the outlet group. After the outlets in the group have been turned off with the outlet command (see page 75), they must remain off for at least this length of time. The allowable values are 0 - 255. The default value is 10.192 451-0310E Allows you to set, or change, the Superuser password for the LX unit. (The default Superuser password for the LX unit is system.) Syntax password Usage Guidelines When you execute the password command, the following prompt is displayed: Enter your NEW password : Type the new Superuser password at the above prompt and press the Enter key. After you press the Enter key, the following prompt is displayed: Re-Enter your NEW password: Re-type the new Superuser password at the above prompt and press the Enter key. The Superuser password for the LX unit is now changed. Example password password451-0310E 193 Sets the Superuser password for the LX unit to the default value. (The default Superuser password for the LX unit is system.) Syntax password enable Usage Guidelines When you execute the password enable command, the following informational message is displayed: Password was set to its default value Example password enable password enable194 451-0310E Configures an LX asynchronous port, or a range of LX asynchronous ports. When this command is executed in the Configuration Command Mode, the LX CLI goes into the Asynchronous command mode for the port number, or range of ports. The Asynchronous command mode includes commands for configuring asynchronous ports. Refer to “Asynchronous Commands” on page 307 for more information on the Asynchronous command mode. Syntax port async [] Where Means Example port async 2 port async 3 7 port async first_port The first port in a range of ports that are to be configured as asynchronous. last_port The last port in a range of ports that are to be configured as asynchronous. Note: If this argument is left out of the command, only the port specified in is configured as asynchronous.451-0310E 195 Enters the Ethernet Command Mode for an Ethernet port. Refer to “Ethernet Commands” on page 361 for more information on the Ethernet Command Mode. Syntax port ethernet NUMBER Where Means Example port ethernet 1 port ethernet NUMBER Specifies the Ethernet port to be configured. The only port that can be configured as an Ethernet port is port 1. 196 451-0310E Specifies the ppciboot address for the LX unit. The ppciboot address is used as the IP Address of the LX unit when any of the ppciboot assignment options is selected as “User Defined”. Refer to “ppciboot address assignment option” on page 197 for more information on the ppciboot assignment options. Syntax ppciboot address Where Means Example ppciboot address 117.23.79.81 ppciboot address ip_address The ppciboot address451-0310E 197 Specifies the ppciboot assignment option for the LX unit. The ppciboot assignment option defines how the LX unit will obtain its IP information. Syntax ppciboot address assignment NUMBER option user|dhcp|rarp|bootp|none Where Means Usage Guidelines You can use this command to specify up to 4 ppciboot assignment options for the LX unit. You must specify a priority for each ppciboot assignment option that you specify with this command. The allowable values are 1, 2, 3, and 4. For example, if 1 is specified as the priority for DHCP, it means that the first attempt at loading an IP Address will be via DHCP; if 2 is specified as the priority for RARP, it means that the second attempt at loading an IP Address will be via RARP, and so on. Examples ppciboot address assignment 1 option dhcp ppciboot address assignment 2 option rarp ppciboot address assignment 3 option bootp ppciboot address assignment 4 option user ppciboot address assignment 3 option none ppciboot address assignment option NUMBER The priority for the ppciboot assignment options. The allowable values are 1, 2, 3, and 4. For more information, refer to “Usage Guidelines” (below). user Specifies that the ppciboot assignment option is user-defined. This means that the user must manually assign all of the IP information. dhcp The IP information will be assigned via a DHCP server. rarp The IP information will be assigned via a RARP server. bootp The IP information will be assigned via a BOOTP server. none Disables the ppciboot assignment option associated with the specified priority. For example, the command ppciboot ip assignment 2 option none disables the ppciboot assignment option associated with priority 2.198 451-0310E Specifies the speed and duplex mode of the ppciboot Ethernet network link. Syntax ppciboot ethernet network link auto|10half|100half|10full|100full Where Means Examples ppciboot ethernet network link auto ppciboot ethernet network link 10half ppciboot ethernet network link 100half ppciboot ethernet network link 10full ppciboot ethernet network link 100full ppciboot ethernet network link auto The ppciboot Ethernet network link will auto-negotiate its port speed and duplex mode. This is the default setting. 10half Sets a speed of 10 Megabytes per second, and a duplex mode of half duplex, for the Ethernet network link. 100half Sets a speed of 100 Megabytes per second, and a duplex mode of half duplex, for the Ethernet network link. 10full Sets a speed of 10 Megabytes per second, and a duplex mode of full duplex, for the Ethernet network link. 100full Sets a speed of 100 Megabytes per second, and a duplex mode of full duplex, for the Ethernet network link.451-0310E 199 Specifies the ppciboot gateway. This gateway is used when any of the ppciboot assignment options is selected as “User Defined”. Refer to “ppciboot address assignment option” on page 197 for more information on ppciboot assignment options. Syntax ppciboot gateway Where Means Example ppciboot gateway 119.20.110.7 ppciboot gateway ip_address The IP address of the ppciboot gateway.200 451-0310E Specifies the filename of the LX software image. Syntax ppciboot image filename Where Means Example ppciboot image filename new_linuxito.img ppciboot image filename filename The filename of the LX software image.451-0310E 201 Specifies the source from which the LX software image will be loaded. NOTE: The ppciboot image file is specified using the ppciboot image filename command (see page 200). Syntax ppciboot image load from flash|network Where Means Examples ppciboot image load from flash ppciboot image load from network ppciboot image load from flash Load the LX software image from the local flash. network Load the LX software image from the network TFTP server. (The TFTP server for loading the LX software image is defined using the ppciboot tftp command (see page 203).)202 451-0310E Specifies the ppciboot subnet mask for the LX unit. This is used as the subnet mask for the LX unit when any of the ppciboot assignment options is selected as “User Defined”. Refer to “ppciboot address assignment option” on page 197 for more information on ppciboot assignment options. Syntax ppciboot mask Where Means Example ppciboot mask 255.255.255.0 ppciboot mask subnet_mask The IP address that will be used as the ppciboot subnet mask.451-0310E 203 Specifies the TFTP server for the LX unit. This TFTP server is used when any of the ppciboot assignment options is selected as “User Defined”. Refer to “ppciboot address assignment option” on page 197 for more information on ppciboot assignment options. Syntax ppciboot tftp server Where Means Example ppciboot tftp server 118.23.109.18 ppciboot tftp server ip_address The IP address of the TFTP server from which the LX software image will be loaded.204 451-0310E Specifies the Primary Domain Name Server (DNS) for the LX unit. Syntax primary dns A.B.C.D Where Means Example primary dns 119.20.112.3 primary dns A.B.C.D The Primary DNS for the LX unit.451-0310E 205 Specifies the interval at which the LX unit will update the RADIUS accounting server with the status of each RADIUS user. Syntax radius period NUMBER Where Means Example radius period 10 radius period NUMBER The interval, in minutes, at which the LX unit will update the RADIUS accounting server with the status of each RADIUS user. The default value is 5. The allowable values are 0 - 255. 206 451-0310E Specifies the IP Address of the RADIUS primary accounting server for the LX unit. Syntax radius primary accounting server address A.B.C.D Where Means Example radius primary accounting server address 152.34.65.33 radius primary accounting server address A.B.C.D The IP Address of the RADIUS primary accounting server for the LX unit.451-0310E 207 Specifies the RADIUS primary accounting server UDP port for the LX unit. (This is the UDP port to which the LX unit performs RADIUS accounting.) Syntax radius primary accounting server port NUMBER Where Means Example radius primary accounting server port 1646 radius primary accounting server port NUMBER The UDP port, on the RADIUS primary accounting server, to which the LX unit performs RADIUS accounting. The allowable values are 0 - 65535. Note: If you do not specify a RADIUS primary accounting port with this command, the LX unit will use the default RADIUS primary accounting port of 1813.208 451-0310E Specifies the maximum number of retries that the LX unit will have for transmitting an Accounting Request to the RADIUS primary accounting server when the LX unit receives no Accounting Response from the RADIUS primary accounting server. Syntax radius primary accounting server retransmit NUMBER Where Means Example radius primary accounting server retransmit 3 radius primary accounting server retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the RADIUS primary accounting server. The allowable values are 0 - 255. The default value is 3.451-0310E 209 Specifies the RADIUS secret shared between the LX unit and the RADIUS primary accounting server used for encrypting communications between them. Syntax radius primary accounting server secret WORD Where Means Example radius primary accounting server secret AaBbCc radius primary accounting server secret WORD A text string of up to 16 characters. The string is case sensitive.210 451-0310E Specifies the length of time that the LX unit will wait for the RADIUS primary accounting server to respond before retransmitting packets to the RADIUS primary accounting server. Syntax radius primary accounting server timeout NUMBER Where Means Example radius primary accounting server timeout 3 radius primary accounting server timeout NUMBER The length of time, in seconds, that the LX unit will wait for a RADIUS primary accounting server to respond before retransmitting Accounting Requests to the RADIUS primary accounting server. The default value is 5. The allowable values are 1 - 255.451-0310E 211 Specifies the RADIUS primary authentication server address for the LX unit. Syntax radius primary authentication server address A.B.C.D Where Means Example radius primary authentication server address 152.34.65.37 radius primary authentication server address A.B.C.D The IP Address of the RADIUS primary authentication server for the LX unit.212 451-0310E Specifies UDP port for the RADIUS primary authentication server. Syntax radius primary authentication server port NUMBER Where Means Example radius primary authentication server port 1645 radius primary authentication server port NUMBER The RADIUS primary authentication server UDP port for the LX unit. This value must match the primary accounting UDP port that is being used on the RADIUS primary authentication server. The allowable values are 0 - 65535. Note: If you do not specify a RADIUS primary authentication port with this command, the LX unit will use the default RADIUS primary authentication port of 1812.451-0310E 213 Specifies the maximum number of retries that the LX unit will have for transmitting an Access Request to the RADIUS primary authentication server when the LX unit receives no Access Accept or Reject messages from the RADIUS primary authentication server. Syntax radius primary authentication server retransmit NUMBER Where Means Example radius primary authentication server retransmit 3 radius primary authentication server retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the RADIUS primary authentication server. The allowable values are 0 - 255. The default value is 3.214 451-0310E Specifies the RADIUS secret shared between the LX unit and the RADIUS primary authentication server used for encrypting communications between them. Syntax radius primary authentication server secret WORD Where Means Example radius primary authentication server secret AaBbCc radius primary authentication server secret WORD A text string of up to 16 characters. The string is case sensitive.451-0310E 215 Specifies the length of time that the LX unit will wait for the RADIUS primary authentication server to respond before retransmitting packets to the RADIUS primary authentication server. Syntax radius primary authentication server timeout NUMBER Where Means Example radius primary authentication server timeout 3 radius primary authentication server timeout NUMBER The length of time, in seconds, that the LX unit will wait for a RADIUS primary authentication server to respond before retransmitting Access-Request messages to the RADIUS primary authentication server. The default value is 5. The allowable values are 1 - 255.216 451-0310E Specifies the IP Address of the RADIUS secondary accounting server for the LX unit. Syntax radius secondary accounting server address A.B.C.D Where Means Example radius secondary accounting server address 152.34.65.33 radius secondary accounting server address A.B.C.D The IP Address of the RADIUS secondary accounting server for the LX unit.451-0310E 217 Specifies the RADIUS secondary accounting server UDP port for the LX unit. (This is the UDP port to which the LX unit performs RADIUS accounting.) Syntax radius secondary accounting server port NUMBER Where Means Example radius secondary accounting server port 1813 radius secondary accounting server port NUMBER The UDP port, on the RADIUS secondary accounting server, to which the LX unit performs RADIUS accounting. The allowable values are 0 - 65535. Note: If you do not specify a RADIUS secondary accounting port with this command, the LX unit will use the default RADIUS secondary accounting port of 1813.218 451-0310E Specifies the maximum number of retries that the LX unit will have for transmitting an Accounting Request to the RADIUS secondary accounting server when the LX unit receives no Accounting Response from the RADIUS secondary accounting server. Syntax radius secondary accounting server retransmit NUMBER Where Means Example radius secondary accounting server retransmit 3 radius secondary accounting server retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the RADIUS secondary accounting server. The allowable values are 0 - 255. The default value is 3.451-0310E 219 Specifies the RADIUS secret shared between the LX unit and the RADIUS secondary accounting server used for encrypting communications between them. Syntax radius secondary accounting server secret WORD Where Means Example radius secondary accounting server secret AaBbCc radius secondary accounting server secret WORD A text string of up to 16 characters. The string is case sensitive.220 451-0310E Specifies the length of time that the LX unit will wait for the RADIUS secondary accounting server to respond before retransmitting packets to the RADIUS secondary accounting server. Syntax radius secondary accounting server timeout NUMBER Where Means Example radius secondary accounting server timeout 3 radius secondary accounting server timeout NUMBER The length of time, in seconds, that the LX unit will wait for a RADIUS secondary accounting server to respond before retransmitting Accounting Requests to the RADIUS secondary accounting server. The default value is 5. The allowable values are 1 - 255.451-0310E 221 Specifies the RADIUS secondary authentication server address for the LX unit. Syntax radius secondary authentication server address A.B.C.D Where Means Example radius secondary authentication server address 152.34.65.37 radius secondary authentication server address A.B.C.D The IP Address of the RADIUS secondary authentication server for the LX unit.222 451-0310E Specifies the UDP port for the RADIUS secondary authentication server. Syntax radius secondary authentication server port NUMBER Where Means Example radius secondary authentication server port 1812 radius secondary authentication server port NUMBER The RADIUS secondary authentication server UDP port for the LX unit. This value must match the secondary accounting UDP port that is being used on the RADIUS secondary authentication server. The allowable values are 0 - 65535. Note: If you do not specify a RADIUS secondary authentication port with this command, the LX unit will use the default RADIUS secondary authentication port of 1812.451-0310E 223 Specifies the maximum number of retries that the LX unit will have for transmitting an Access Request to the RADIUS secondary authentication server when the LX unit does not receive Access Accept or Reject messages from the RADIUS secondary authentication server. Syntax radius secondary authentication server retransmit NUMBER Where Means Example radius secondary authentication server retransmit 3 radius secondary authentication server retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the RADIUS secondary authentication server. The allowable values are 0 - 255. The default value is 3.224 451-0310E Specifies the RADIUS secret shared between the LX unit and the RADIUS secondary authentication server used for encrypting communications between them. Syntax radius secondary authentication server secret WORD Where Means Example radius secondary authentication server secret AaBbCc radius secondary authentication server secret WORD A text string of up to 16 characters. The string is case sensitive.451-0310E 225 Specifies the length of time that the LX unit will wait for the RADIUS secondary authentication server to respond before retransmitting packets to the RADIUS secondary authentication server. Syntax radius secondary authentication server timeout NUMBER Where Means Example radius secondary authentication server timeout 3 radius secondary authentication server timeout NUMBER The length of time, in seconds, that the LX unit will wait for a RADIUS secondary authentication server to respond before retransmitting Access-Request messages to the RADIUS secondary authentication server. The default value is 5. The allowable values are 1 - 255.226 451-0310E Creates a static route for the LX unit. Syntax route address Where Means Usage Guidelines To delete a route, use the no route command. For example, the command no route 3 deletes Route 3. Example route 3 address 119.20.112.39 route address route_number Specifies a route number for the static route. destination_ip Specifies the destination IP Address of the route.451-0310E 227 Creates a gateway that a static route will use to reach its destination. Syntax route gateway Where Means Example route 3 gateway 119.20.112.47 route gateway route_number Specifies the route number of a static route. gateway_ip Specifies the IP Address of the gateway by which the destination will be reached.228 451-0310E Creates a subnet mask for a static route. Syntax route mask Where Means Example route 3 mask 255.255.255.0 route mask route_number Specifies the route number of a static route. subnet_mask Specifies the subnet mask that will be used by the static route.451-0310E 229 Specifies the Secondary Domain Name Server (DNS) for the LX unit. Syntax secondary dns A.B.C.D Where Means Example secondary dns 119.20.112.3 secondary dns A.B.C.D The Secondary DNS for the LX unit.230 451-0310E Specifies the encryption method for SecurID authentication on the LX unit. Syntax securid authentication encryption des|sdi Where Means Example securid authentication encryption des securid authentication encryption sdi securid authentication encryption des Specifies DES as the SecurID encryption method. sdi Specifies SDI as the SecurID encryption method.451-0310E 231 Specifies the LX UDP port that the that the LX unit and the SecurID authentication server will use for communication. Syntax securid authentication port Where Means Example securid authentication port 5500 securid authentication port port_number The port number of a UDP port on the LX unit. This can be any UDP port number that is not currently in use. The allowable values are 0 - 65535.232 451-0310E Specifies the maximum number of retries that the LX unit will have for transmitting an Access Request to the SecurID authentication server when the LX unit receives no Access Accept or Reject messages from the SecurID primary authentication server. Syntax securid authentication retransmit NUMBER Where Means Example securid authentication retransmit 7 securid authentication retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the SecurID authentication server. This can be any integer number from 0 through 255. The default value is 3.451-0310E 233 Specifies the length of time that the LX unit will wait for the SecurID authentication server to respond before retransmitting packets to the SecurID authentication server. Syntax securid authentication timeout NUMBER Where Means Example securid authentication timeout 3 securid authentication timeout NUMBER The length of time, in seconds, that the LX unit will wait for the SecurID authentication server to respond before retransmitting Access-Request messages to the SecurID authentication server. This can be any integer number from 0 through 255. The default value is 3.234 451-0310E Specifies the SecurID authentication version that will be used on the LX unit. Syntax securid authentication version legacy|version_5 Where Means Example securid authentication version legacy securid authentication version version_5 securid authentication version legacy The version of SecurID that will be used is older than Version 5. version_5 Version 5 SecurID authentication will be used.451-0310E 235 Specifies the SecurID master authentication server address for the LX unit. NOTE: You can not specify a SecurID master authentication server for Version 5, or higher, or SecurID. Syntax securid master authentication server address A.B.C.D Where Means Example securid master authentication server address 192.16.65.38 securid master authentication server address A.B.C.D The IP Address of the SecurID master authentication server for the LX unit.236 451-0310E Specifies the host name of the SecurID master authentication server for the LX unit. Syntax securid master authentication server name HOSTNAME Where Means Example securid master authentication server name bigsky22 securid master authentication server name HOSTNAME The host name of the SecurID master authentication server for the LX unit.451-0310E 237 Specifies the SecurID primary authentication server address for the LX unit. Syntax securid primary authentication server address A.B.C.D Where Means Example securid primary authentication server address 138.30.65.34 securid primary authentication server address A.B.C.D The IP Address of the SecurID primary authentication server for the LX unit.238 451-0310E Specifies the host name of the SecurID primary authentication server for the LX unit. Syntax securid primary authentication server name HOSTNAME Where Means Example securid primary authentication server name bigsky1 securid primary authentication server name HOSTNAME The host name of the SecurID primary authentication server for the LX unit.451-0310E 239 Specifies the SecurID slave authentication server address for the LX unit. NOTE: You can not specify a SecurID slave authentication server for Version 5, or higher, or SecurID. Syntax securid slave authentication server address A.B.C.D Where Means Example securid slave authentication server address 192.16.23.115 securid slave authentication server address A.B.C.D The IP Address of the SecurID slave authentication server for the LX unit.240 451-0310E Specifies the host name of the SecurID slave authentication server for the LX unit. Syntax securid slave authentication server name HOSTNAME Where Means Example securid slave authentication server name bigsky37 securid slave authentication server name HOSTNAME The host name of the SecurID slave authentication server for the LX unit.451-0310E 241 Adds a host name and its address to a Service Table to provide the CLI user with a means for address resolution. Syntax service NAME A.B.C.D Where Means Example service Finance_Server 119.20.112.3 service NAME A text string that specifies the name of the IP device. A.B.C.D The address of the IP device.242 451-0310E Enters the SNMP command mode. The SNMP command prompt (e.g., Snmp:0 >>) is displayed while you are in the SNMP command mode. For more information, refer to “SNMP Commands” on page 409. Syntax snmp Example snmp snmp451-0310E 243 Enables the Simple Network Management Protocol (SNMP) for use in managing the LX unit. Syntax snmp enable Example snmp enable snmp enable244 451-0310E Enables the LX unit to function as an SSH server. This makes it possible for SSH clients to make connections to the LX unit. Syntax ssh enable Example ssh enable ssh enable451-0310E 245 Specifies that the LX unit will use Version 1 (V1) of SSH. Syntax ssh v1 Example ssh v1 ssh v1246 451-0310E Specifies that the LX unit will use Version 2 (V2) of SSH. Syntax ssh v2 Example ssh v2 ssh v2451-0310E 247 Enters the Subscriber Command Mode. For more information on the Subscriber Command Mode, refer to “Subscriber Commands” on page 367. Syntax subscriber NAME Where Means Usage Guidelines The maximum number of subscribers on an LX unit is equal to double the number of ports on the unit. For example, the maximum number of subscribers is 16 on an 8-port unit, 32 on a 16- port unit, 64 on a 32-port unit, and 96 on a 48-port unit. Example subscriber mark subscriber NAME The name of the subscriber that is to be configured. If the subscriber does not exist, a new subscriber record is created.248 451-0310E Specifies the interval at which the LX unit will update the TACACS+ accounting server with the status of each TACACS+ user. Syntax tacacs+ period NUMBER Where Means Example tacacs+ period 10 tacacs+ period NUMBER The interval, in minutes, at which the LX unit will update the TACACS+ accounting server with the status of each TACACS+ user. The default value is 5. The allowable values are 0 - 255. 451-0310E 249 Specifies the IP Address of the TACACS+ primary accounting server for the LX unit. Syntax tacacs+ primary accounting server address A.B.C.D Where Means Example tacacs+ primary accounting server address 152.34.65.33 tacacs+ primary accounting server address A.B.C.D The IP Address of the TACACS+ primary accounting server for the LX unit.250 451-0310E Specifies the TACACS+ primary accounting server UDP port for the LX unit. (This is the UDP port to which the LX unit performs TACACS+ accounting.) Syntax tacacs+ primary accounting server port NUMBER Where Means Example tacacs+ primary accounting server port 1646 tacacs+ primary accounting server port NUMBER The UDP port, on the TACACS+ primary accounting server, to which the LX unit performs TACACS+ accounting. The allowable values are 0 - 65535. Note: If you do not specify a TACACS+ primary accounting port with this command, the LX unit will use the default TACACS+ primary accounting port of 1813.451-0310E 251 Specifies the maximum number of retries that the LX unit will have for transmitting an Accounting Request to the TACACS+ primary accounting server when the LX unit does not receive an Accounting Response from the TACACS+ primary accounting server. Syntax tacacs+ primary accounting server retransmit NUMBER Where Means Example tacacs+ primary accounting server retransmit 3 tacacs+ primary accounting server retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the TACACS+ primary accounting server. The allowable values are 0 - 255. The default value is 3.252 451-0310E Specifies the TACACS+ secret shared between the LX unit and the TACACS+ primary accounting server used for encrypting communications between them. Syntax tacacs+ primary accounting server secret WORD Where Means Example tacacs+ primary accounting server secret AaBbCc tacacs+ primary accounting server secret WORD A text string of up to 16 characters. The string is case sensitive.451-0310E 253 Specifies the length of time that the LX unit will wait for the TACACS+ primary accounting server to respond before retransmitting packets to the TACACS+ primary accounting server. Syntax tacacs+ primary accounting server timeout NUMBER Where Means Example tacacs+ primary accounting server timeout 3 tacacs+ primary accounting server timeout NUMBER The length of time, in seconds, that the LX unit will wait for a TACACS+ primary accounting server to respond before retransmitting Accounting Requests to the TACACS+ primary accounting server. The default value is 5. The allowable values are 1 - 255.254 451-0310E Specifies the TACACS+ primary authentication server address for the LX unit. Syntax tacacs+ primary authentication server address A.B.C.D Where Means Example tacacs+ primary authentication server address 152.34.65.37 tacacs+ primary authentication server address A.B.C.D The IP Address of the TACACS+ primary authentication server for the LX unit.451-0310E 255 Specifies UDP port for the TACACS+ primary authentication server. Syntax tacacs+ primary authentication server port NUMBER Where Means Example tacacs+ primary authentication server port 1645 tacacs+ primary authentication server port NUMBER The TACACS+ primary authentication server UDP port for the LX unit. This value must match the primary accounting UDP port that is being used on the TACACS+ primary authentication server. The allowable values are 0 - 65535. Note: If you do not specify a TACACS+ primary authentication port with this command, the LX unit will use the default TACACS+ primary authentication port of 1812.256 451-0310E Specifies the maximum number of retries that the LX unit will have for transmitting an Access Request to the TACACS+ primary authentication server when the LX unit does not receive an Access Accept or Reject messages from the TACACS+ primary authentication server. Syntax tacacs+ primary authentication server retransmit NUMBER Where Means Example tacacs+ primary authentication server retransmit 3 tacacs+ primary authentication server retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the TACACS+ primary authentication server. The allowable values are 0 - 255. The default value is 3.451-0310E 257 Specifies the TACACS+ secret shared between the LX unit and the TACACS+ primary authentication server used for encrypting communications between them. Syntax tacacs+ primary authentication server secret WORD Where Means Example tacacs+ primary authentication server secret AaBbCc tacacs+ primary authentication server secret WORD A text string of up to 16 characters. The string is case sensitive.258 451-0310E Specifies the length of time that the LX unit will wait for the TACACS+ primary authentication server to respond before retransmitting packets to the TACACS+ primary authentication server. Syntax tacacs+ primary authentication server timeout NUMBER Where Means Example tacacs+ primary authentication server timeout 3 tacacs+ primary authentication server timeout NUMBER The length of time, in seconds, that the LX unit will wait for a TACACS+ primary authentication server to respond before retransmitting Access-Request messages to the TACACS+ primary authentication server. The allowable values are 0 - 255. The default value is 5. 451-0310E 259 Specifies the IP Address of the TACACS+ secondary accounting server for the LX unit. Syntax tacacs+ secondary accounting server address A.B.C.D Where Means Example tacacs+ secondary accounting server address 152.34.65.33 tacacs+ secondary accounting server address A.B.C.D The IP Address of the TACACS+ secondary accounting server for the LX unit.260 451-0310E Specifies the TACACS+ secondary accounting server UDP port for the LX unit. (This is the UDP port to which the LX unit performs TACACS+ accounting.) Syntax tacacs+ secondary accounting server port NUMBER Where Means Example tacacs+ secondary accounting server port 1646 tacacs+ secondary accounting server port NUMBER The UDP port, on the TACACS+ secondary accounting server, to which the LX unit performs TACACS+ accounting. The allowable values are 0 - 65535. Note: If you do not specify a TACACS+ secondary accounting port with this command, the LX unit will use the default TACACS+ secondary accounting port of 1813.451-0310E 261 Specifies the maximum number of retries that the LX unit will have for transmitting an Accounting Request to the TACACS+ secondary accounting server when the LX unit does not receive an Accounting Response from the TACACS+ secondary accounting server. Syntax tacacs+ secondary accounting server retransmit NUMBER Where Means Example tacacs+ secondary accounting server retransmit 3 tacacs+ secondary accounting server retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the TACACS+ secondary accounting server. The allowable values are 0 - 255. The default value is 3.262 451-0310E Specifies the TACACS+ secret shared between the LX unit and the TACACS+ secondary accounting server used for encrypting communications between them. Syntax tacacs+ secondary accounting server secret WORD Where Means Example tacacs+ secondary accounting server secret AaBbCc tacacs+ secondary accounting server secret WORD A text string of up to 16 characters. The string is case sensitive.451-0310E 263 Specifies the length of time that the LX unit will wait for the TACACS+ secondary accounting server to respond before retransmitting packets to the TACACS+ secondary accounting server. Syntax tacacs+ secondary accounting server timeout NUMBER Where Means Example tacacs+ secondary accounting server timeout 3 tacacs+ secondary accounting server timeout NUMBER The length of time, in seconds, that the LX unit will wait for a TACACS+ secondary accounting server to respond before retransmitting Accounting Requests to the TACACS+ secondary accounting server. The allowable values are 0 - 255. The default value is 5. 264 451-0310E Specifies the TACACS+ secondary authentication server address for the LX unit. Syntax tacacs+ secondary authentication server address A.B.C.D Where Means Example tacacs+ secondary authentication server address 152.34.65.37 tacacs+ secondary authentication server address A.B.C.D The IP Address of the TACACS+ secondary authentication server for the LX unit.451-0310E 265 Specifies the UDP port for the TACACS+ secondary authentication server. Syntax tacacs+ secondary authentication server port NUMBER Where Means Example tacacs+ secondary authentication server port 1645 tacacs+ secondary authentication server port NUMBER The TACACS+ secondary authentication server UDP port for the LX unit. This value must match the secondary accounting UDP port that is being used on the TACACS+ secondary authentication server. The allowable values are 0 - 65535. Note: If you do not specify a TACACS+ secondary authentication port with this command, the LX unit will use the default TACACS+ secondary authentication port of 1812.266 451-0310E Specifies the maximum number of retries that the LX unit will have for transmitting an Access Request to the TACACS+ secondary authentication server when the LX unit does not receive an Access Accept or Reject message from the TACACS+ secondary authentication server. Syntax tacacs+ secondary authentication server retransmit NUMBER Where Means Example tacacs+ secondary authentication server retransmit 3 tacacs+ secondary authentication server retransmit NUMBER The maximum number of times that the LX unit will attempt to contact the TACACS+ secondary authentication server. The allowable values are 0 - 255. The default value is 3.451-0310E 267 Specifies the TACACS+ secret shared between the LX unit and the TACACS+ secondary authentication server used for encrypting communications between them. Syntax tacacs+ secondary authentication server secret WORD Where Means Example tacacs+ secondary authentication server secret AaBbCc tacacs+ secondary authentication server secret WORD A text string of up to 16 characters. The string is case sensitive.268 451-0310E Specifies the length of time that the LX unit will wait for the TACACS+ secondary authentication server to respond before retransmitting packets to the TACACS+ secondary authentication server. Syntax tacacs+ secondary authentication server timeout NUMBER Where Means Example tacacs+ secondary authentication server timeout 3 tacacs+ secondary authentication server timeout NUMBER The length of time, in seconds, that the LX unit will wait for a TACACS+ secondary authentication server to respond before retransmitting Access-Request messages to the TACACS+ secondary authentication server. The allowable values are 0 - 255. The default value is 5. 451-0310E 269 Specifies that a Superuser password request will be sent to TACACS+. Syntax tacacs+ superuser password request enable Usage Guidelines When this setting is disabled, the local Superuser password (system) will be used to enter the Superuser Command Mode. Use the no tacacs+ superuser password request command to disable this setting. When this setting is enabled, the superuser password that resides on the TACACS+ authentication server will be used to enter the Superuser Command Mode. Example tacacs+ superuser password request enable tacacs+ superuser password request enable270 451-0310E Configures the LX unit to support inbound Telnet connections from remote clients. Syntax telnet enable Example telnet enable telnet enable451-0310E 271 Specifies the timeout and retries for the TFTP server. Syntax tftp timeout |retry Where Means Examples tftp timeout 60 tftp retry 6 tftp timeout Set the TFTP server timeout value. retry Set the TFTP server retries value. timeout_num The TFTP server timeout value. retries_num The TFTP server retries value.272 451-0310E Configures the LX unit to use the Time Daemon (timed). Syntax timed enable Example timed enable timed enable451-0310E 273 Sets the timezone for the LX system clock. Syntax timezone GMT + |GMT - |UTC|US Where Means Example timezone GMT + 3 timezone GMT - 7 timezone UTC timezone US Alaska timezone US East-Indiana timezone US Samoa timezone US Mountain timezone GMT + Greenwich Mean Time, plus n hours. The value of n can be any integer from 1 to 12, inclusive. For example, the timezone for Paris is Greenwich Mean time, plus 1 hour (GMT+1). The default value of n is 0. GMT+0 is Greenwich Mean Time itself. GMT - Greenwich Mean Time, minus n hours. The value of n can be any integer from 1 to 12, inclusive. For example, the timezone for New York is Greenwich Mean time, minus 6 hours (GMT-6). The default value of n is 0. GMT-0 is Greenwich Mean Time itself. UTC Specifies that the LX unit will use Coordinated Universal Time. US Specifies that the LX unit will use the United States (US) timezone that is specified in the us_timezone field. us_timezone A US timezone. The allowable values are Alaska, Aleutian, Arizona, Central, Eastern, East-Indiana, Hawaii, Indiana-Starke, Michigan, Mountain, Pacific, and Samoa 274 451-0310E Configures the LX unit to support Web Browser connections from remote clients. Syntax web_server enable Example web_server enable web_server enable451-0310E 275 Chapter 4 Interface Commands The Interface commands are executed in the Interface command mode. When the LX unit is in the Interface command mode, the Interface command prompt (e.g., Intf 1-1:0 >>) is displayed on the terminal screen. The format of the Interface command prompt is as follows: Intf <1st_interface_num>-: >> where <1st_interface_num> identifies the first IP interface in the range of interfaces under configuration. identifies the last IP interface in the range of interfaces under configuration. identifies the current session number. For example, in the Interface command prompt Intf 1-1:0 >> the first IP interface is the IP interface under configuration, and the session number is 0. To enter the Interface command mode, execute the interface command in the Configuration command mode. The interface command is described on page 180.276 451-0310E Specifies the IP Address and subnet mask for the IP interface. Syntax address [mask ] Where Means Examples address 119.20.112.3 address 119.20.112.3 mask 255.0.0.0 address ip_address The IP Address for the IP interface. subnet_mask The subnet mask for the IP interface.451-0310E 277 Enables the Local Authentication feature on the IP interface under configuration. Syntax authentication fallback enable Usage Guidelines Fallback Login is a mechanism for logging in users when RADIUS authentication, or TACACS+ authentication, fails because the authentication server is unreachable. When you log in via Fallback, you are logged in to the IP interface as a nonprivileged user. The authentication challenge will be against the local subscriber database. When both RADIUS and TACACS+ are disabled on the IP interface, Fallback is also disabled. Example authentication fallback enable authentication fallback enable278 451-0310E Enables the Local Authentication feature on the IP interface under configuration. Syntax authentication local enable Example authentication local enable authentication local enable451-0310E 279 Disables the Authentication feature on the IP interface under configuration. Syntax authentication none Example authentication none authentication none280 451-0310E Enables the RADIUS authentication feature on the IP interface under configuration. Syntax authentication radius enable Example authentication radius enable authentication radius enable451-0310E 281 Enables the SecurID authentication feature on the IP interface under configuration. Syntax authentication securid enable Example authentication securid enable authentication securid enable282 451-0310E Enables the TACACS+ authentication feature on the IP interface under configuration. Syntax authentication tacacs+ enable Example authentication tacacs+ enable authentication tacacs+ enable451-0310E 283 Sets the Broadcast Address for the IP interface. Syntax broadcast A.B.C.D Where Means Example broadcast 119.255.255.255 broadcast A.B.C.D The Broadcast Address for the IP interface.284 451-0310E Resets the Maximum Transmission Unit (MTU) size for the IP interface to the factory default (1500). Frames that are larger than the designated MTU size are fragmented before transmission. (Note that the software fragments frames on the transmit side only.) Syntax default mtu Example default mtu default mtu451-0310E 285 Resets any of three rotary parameters to their default values. Syntax default rotary [ssh port|tcp port|type] Where Means Usage Guidelines The modifiers (i.e., ssh port, tcp port, and type) are optional in this command. If this command is executed without a modifier (i.e., default rotary), it will reset the three rotary parameters (SSH port, TCP port, and type) to their default values. Example default rotary ssh port default rotary tcp port default rotary type default rotary default rotary ssh port Resets the SSH UDP port for the rotary to its default value. The default SSH UDP port for a rotary is 1522. tcp port Resets the TCP UDP port for the rotary to its default value. The default SSH TCP port for a rotary is 1500. type Resets the rotary type to the default value of First Available. 286 451-0310E Resets the SSH Keepalive Count, or the SSH Keepalive Interval, to its default value. Syntax default ssh keepalive count|interval Where Means Example default ssh keepalive count default ssh keepalive interval default ssh keepalive count Reset the SSH Keepalive Count to its default value. interval Reset the SSH Keepalive Interval to its default value.451-0310E 287 Resets the SSH UDP port for the IP interface to its default value of 22. Syntax default ssh port Example default ssh port default ssh port288 451-0310E Resets the Telnet UDP port for the IP interface to its default value of 23. Syntax default telnet port Example default telnet port default telnet port451-0310E 289 When the end command is issued in Interface command mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX command codes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end290 451-0310E Returns the user to the previous command mode. For example, if the current command mode is Interface, issuing this command will return the user to the Configuration command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX Command Modes. However, the effect of the exit command varies, depending on the mode from which it is issued. As noted above, issuing the exit command in the Interface command mode returns the user to the previous command mode. The same goes for issuing the exit command in any command mode other than the User command mode. For example, issuing the exit command in the Menu command mode returns the user to the Configuration command mode; issuing the exit command in the Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit451-0310E 291 Sets the subnet mask for the IP interface. Syntax mask Where Means Example mask 255.0.0.0 mask subnet_mask The subnet mask for the IP interface.292 451-0310E Sets the Maximum Transmission Unit (MTU) size for an interface. Frames that are larger than the designated MTU size are fragmented before transmission. (Note that the software fragments frames on the transmit side only.) Syntax mtu NUMBER Where Means Examples mtu 1000 mtu 1200 mtu 1500 mtu NUMBER The MTU size for the interface. This can be any numerical value between 1000 and 1500. (It is recommended that you use a value of 1500 for Ethernet connections.) The default MTU size is 1500.451-0310E 293 Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the Interface command mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the Interface command mode and are currently enabled. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no ssh keepalive interval no feature_name The name of the feature or boolean parameter that is to be disabled.294 451-0310E Enables the RADIUS accounting feature on the IP interface under configuration. Syntax radius accounting enable Example radius accounting enable radius accounting enable451-0310E 295 Enables you to create rotaries on the IP interface. The term "rotary" refers to the ability to assign the same Internet address or domain name to multiple ports that offer the same type of service. Syntax rotary enable Usage Guidelines In order for this command to take effect, the Telnet protocol must be enabled. Example rotary enable rotary enable296 451-0310E Assigns ports on the LX unit to a rotary. The term "rotary" refers to the ability to assign the same Internet address or domain name to multiple ports that offer the same type of service. Syntax rotary port NUMBER|PORT LIST|all Where Means Usage Guidelines When this command is used to assign ports to a rotary, the IP Address of the IP interface serves as the IP Address of the rotary. To create a rotary, do the following: 1. Create an IP interface (see the “interface” command on page 180). 2. Assign ports to the rotary using the “rotary port” command. 3. Configure the IP Address for the IP interface (see the “address” command on page 276). 4. Configure the Rotary SSH port for the IP interface (see the “rotary ssh port” command on page 297). 5. Configure the Rotary TCP port for the IP interface (see the “rotary tcp port” command on page 298). For example, you could create a rotary on interface 1 with a TCP port of 3500 and an SSH port of 3522. Then you could assign ports 2, 3, and 4 to it. You could connect (assuming all ports have dynamic or remote access) to ports 2, 3, or 4 via TCP port 3500 for telnet, and 3522 for SSH. You could connect to port 2 via TCP port 2200 for telnet or 2222 for SSH, or port 5 via TCP port 2500 for telnet or 2522 for SSH. A telnet connection to the IP address of the LX on TCP port 23 would get you to a virtual port, and an SSH connection to port 22 would also get you to a virtual port via SSH. NOTE: You cannot add the DIAG port (port 0) to a rotary. Examples rotary port 4 rotary port 2 3 5 8 rotary port all rotary port NUMBER The port number of an LX port that is to be assigned to the rotary. PORT LIST A list of ports on the LX unit that are to be assigned to the rotary. The port numbers must be separated by blank spaces (e.g., 2 3 5 8). all Assigns all ports on the LX unit to the rotary.451-0310E 297 Assigns an SSH socket number to the rotary that was created with the rotary port command. (The rotary port command is described on page 296.) Syntax rotary ssh port NUMBER Where Means Examples rotary ssh port 988 rotary ssh port NUMBER The SSH socket number that will be used to make SSH connections to the rotary that was created with the rotary port command. SSH will attempt to connect to the ports in the rotary on a First Available basis. The default SSH socket number is 1522.298 451-0310E Assigns a TCP socket number to the rotary that was created with the rotary port command. (The rotary port command is described on page 296.) Syntax rotary tcp port NUMBER Where Means Examples rotary tcp port 1497 rotary tcp port NUMBER The TCP socket number that will be used to make TCP connections to the rotary that was created with the rotary port command. The default TCP socket number is 1500.451-0310E 299 Specifies the rotary type according to the port search method (Round Robin or First Available). Syntax rotary type round robin|first available Where Means Examples rotary type round robin rotary type first available rotary type round robin The LX unit will search the rotary for an available port, starting with the lowest-numbered port in the rotary. Unlike “First Available”, Round Robin will always go the next available port. For example, if all ports on the rotary are available and a connection to port 3 goes away, the next connection is to port 4. first available An incoming call is connected to the First Available (non-busy) port in the rotary. For example, if ports 1 - 5 are connected in a rotary of ports 1 - 7, and the connection to port 3 went away (so that port 3 was now available), the next connection would be to port 3.300 451-0310E Assigns user-defined Telnet, or SSH, socket numbers to an LX serial port. This is typically done to prevent hackers from accessing LX serial ports via default SSH socket numbers, or default Telnet socket numbers. Syntax serial ssh|telnet Where Means Example serial 4 ssh 983 serial 6 telnet 1297 serial serial_port The port number of an LX serial port. The valid values are 1 through 8. ssh Set the SSH socket number for the LX serial port specified in serial_port. telnet Set the Telnet socket number for the LX serial port specified in serial_port. ssh/telnet_port Specifies the Telnet socket number, or the SSH socket number, for the LX port specified in serial_port. Note: The default SSH and Telnet port numbers are as follows: LX Serial Port Default Telnet Port Default SSH Port 0 0 0 1 2100 2122 2 2200 2222 3 2300 2322 4 2400 2422 5 2500 2522 6 2600 2622 7 2700 2722 8 2800 2822451-0310E 301 Specifies the SSH Keepalive Count for the IP interface. The SSH Keepalive Count is the number of times that an SSH client will attempt to make an SSH connection to the IP interface. Syntax ssh keepalive count NUMBER Where Means Example ssh keepalive count 8 ssh keepalive count NUMBER The SSH Keepalive Count for the IP interface. This can be any integer value.302 451-0310E Specifies the SSH Keepalive Interval for the IP interface. The SSH Keepalive Interval is the length of time, in seconds, between attempts at making an SSH connection to the IP interface. Syntax ssh keepalive interval NUMBER Where Means Example ssh keepalive interval 30 ssh keepalive interval NUMBER The SSH Keepalive Interval for the IP interface. This can be any integer value.451-0310E 303 Specifies the Virtual Port socket number for making an SSH connection to the IP interface. Syntax ssh port NUMBER Where Means Example ssh port 988 ssh port NUMBER The SSH Virtual Port socket number for the IP interface. The default value is 22. 304 451-0310E Enables the TACACS+ accounting feature on the IP interface under configuration. Syntax tacacs+ accounting enable Example tacacs+ accounting enable tacacs+ accounting enable451-0310E 305 Specifies the Virtual Port socket number for making a Telnet connection to the IP interface. Syntax telnet port NUMBER Where Means Example telnet port 1743 telnet port NUMBER The Telnet Virtual Port socket number for the IP interface. The default value is 23. 451-0310E 307 Chapter 5 Asynchronous Commands The Asynchronous port commands are executed in the Asynchronous command mode. When the LX unit is in the Asynchronous command mode, the Asynchronous command prompt (e.g., Async 4-4:0 >>) is displayed on the terminal screen. The format of the Asynchronous command prompt is as follows: Async <1st_port_number>-: >> where <1st_port_number> identifies the first port in the range of ports under configuration. identifies the last port in the range of ports under configuration. identifies the current session number. To enter the Asynchronous command mode, execute the port async command in the Configuration command mode. The port async command is described on page 194. 308 451-0310E Specifies any access method, other than power management, for the asynchronous port(s) under configuration. (Refer to “access power model” on page 309 for information on specifying port(s) for power management.) The default access method is LOCAL on modem ports and on port 0. On all other non-modem ports, the default access method is REMOTE. Syntax access local|dynamic|remote|sensor|databuffer Where Means Usage Guidelines PPP can not be enabled on a port that has autobaud enabled. Examples access local access dynamic access remote access local Specifies that the port(s) under configuration will use the LOCAL access method. The LOCAL access method is used to support inbound connections (i.e., when the user logs in to the port via a terminal or via a dialin connection). dynamic Specifies that the port(s) under configuration will use the DYNAMIC access method. Note: You cannot specify DYNAMIC as the access method for port 0. remote Specifies that the port(s) under configuration will use the REMOTE access method. The REMOTE access method is used to support outbound connections (i.e., connections from the LAN). Note: You cannot specify REMOTE as the access method for port 0. sensor Specifies that the port(s) under configuration will be used as a Temperature/ Humidity Sensor port(s). Refer to Getting Started with the LX Series for information on connecting a Temperature/Humidity Sensor to an LX port. Refer to “show device status” on page 92 to display the temperature and humidity recorded on a Temperature/Humidity Sensor attached to a SENSOR port. Note: You cannot configure port 0 as a SENSOR port. databuffer Specifies that the port(s) under configuration will be used for data buffering. Note: You cannot configure port 0 as a DATABUFFER port.451-0310E 309 Specifies that the asynchronous port(s) under configuration will be used as Power Master(s) for an IR-5100 or IR-5150. Syntax access power model ir5100|ir5150 Where Means Usage Guidelines Refer to the applicable Getting Started Guide for information on connecting an IR-5100 or an IR-5150 unit to an LX asynchronous port. NOTE: You cannot configure port 0 as a Power Master port. Examples access power model ir5100 access power model ir5150 access power model ir5100 Specifies that the asynchronous port(s) under configuration will be Power Master(s) for an IR-5100. ir5150 Specifies that the asynchronous port(s) under configuration will be Power Master(s) for an IR-5150.310 451-0310E Enables Automatic Protocol Detection (APD) on the port(s) under configuration. When APD is enabled, the port will automatically determine the protocol being used to make a connection and adjust port settings appropriately. On all ports except modem ports, APD is disabled by default. Syntax apd enable Usage Guidelines To use APD, the LX port must be configured with PORT ACCESS set to LOCAL or DYNAMIC. Refer to “access” on page 308 for information on setting PORT ACCESS to LOCAL or DYNAMIC. If you do not enable APD, ports can be dedicated for use by a single access serving protocol. An individual port can be configured to accept any connections made via PPP, SLIP (which includes CSLIP), and interactive protocols, as well as both, or neither of these. You cannot enable APD on port 0. If you execute the apd enable command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example apd enable apd enable451-0310E 311 Specifies the number of times an APD-enabled port will attempt to determine the protocol of an incoming connection. NOTE: You cannot execute this command on port 0. Syntax apd retry NUMBER Where Means Example apd retry 6 apd retry NUMBER The number of times that the port will attempt to determine the protocol of an incoming connection. The allowable values are 0 - 255.312 451-0310E Specifies the APD signature for the port(s) under configuration. NOTE: You cannot execute this command on port 0. Syntax apd signature WORD Where Means Example apd signature FinancePort apd signature WORD A text string.451-0310E 313 Specifies the APD timeout for the port(s) under configuration. The APD timeout is the length of time an APD port can spend attempting to determine which protocol is being used to make a connection. NOTE: You cannot execute this command on port 0. Syntax apd timeout NUMBER Where Means Example apd timeout 30 apd timeout NUMBER Specifies how much time the port can spend in an attempt to determine which protocol is being used to make a connection. Valid timeout values are from 1 to 255 seconds.314 451-0310E Enables an authentication method (Local, RADIUS, SecurID, or TACACS+) as the inbound, or outbound, authentication method for the asynchronous port(s) under configuration. Syntax authentication inbound|outbound local|radius|securid|tacacs+ enable Where Means Examples authentication inbound radius enable authentication outbound radius enable authentication inbound local enable authentication outbound local enable authentication inbound securid enable authentication enable inbound The specified authentication method (Local, RADIUS, SecurID, or TACACS+) will be enabled as the method of inbound authentication for the asynchronous port(s) under configuration. (Inbound authentication is used on ports that have an access method of LOCAL. For more information on LOCAL access, refer to “access” on page 308.) outbound The specified authentication method (Local, RADIUS, SecurID, or TACACS+) will be enabled as the method of outbound authentication for the asynchronous port(s) under configuration. (Outbound authentication is used on ports that have an access method of REMOTE. For more information on REMOTE access, refer to “access” on page 308.) Note: You cannot configure outbound authentication for the DIAG port (port 0). local Enables Local authentication for inbound (or outbound) connections on the asynchronous port(s) under configuration. Under local authentication, the subscriber’s username and password are checked against the subscriber database that resides on the LX. radius Enables RADIUS authentication for inbound (or outbound) connections on the asynchronous port(s) under configuration. Under RADIUS authentication, the authentication is validated by a network-based RADIUS server. securid Enables SecurID authentication for inbound (or outbound) connections on the asynchronous port(s) under configuration. Under SecurID authentication, the authentication is validated by a network-based SecurID server. tacacs+ Enables TACACS+ authentication for inbound (or outbound) connections on the asynchronous port(s) under configuration. Under TACACS+ authentication, the authentication is validated by a network-based TACACS+ server.451-0310E 315 authentication outbound securid enable authentication inbound tacacs+ enable authentication outbound tacacs+ enable authentication enable (continued)316 451-0310E Enables the Fallback Login feature on the asynchronous port(s) under configuration. Syntax authentication fallback enable Usage Guidelines Fallback Login is a mechanism for logging in users when RADIUS, SecurID, or TACACS+, fails because the authentication server is unreachable. When you log in via Fallback, you are logged in to the asynchronous port as a nonprivileged user. The authentication challenge will be against the local subscriber database. When RADIUS, SecurID, and TACACS+ are disabled on the asynchronous port, Fallback is effectively disabled on the port. Example authentication fallback enable authentication fallback enable451-0310E 317 Specifies that the port(s) under configuration will determine the input port speed, parity, and character size for the device connected to the port, and automatically set the matching LX port settings. Autobaud is disabled by default, except on the last physical port. Syntax autobaud enable Usage Guidelines The LX unit uses the ASCII RETURN character to determine the port speed, parity, and character size. Normally, the user must press the RETURN key a few times until the LX unit determines the port speed, parity, and character size, and begins a logon sequence. When APD is enabled, the port will automatically determine the protocol being used to make a connection and adjust port settings appropriately. You can only enable AUTOBAUD where the attached device is configured with the following settings at a port set to LOCAL ACCESS and: • CHARACTER SIZE 8, (7 if EVEN parity) • PARITY NONE (EVEN if character size is set to 7) • SPEED is set to 1200, 2400, 4800, 9600, 19200, or 38400. PPP can not be enabled on a port that uses Remote for an access method. Example autobaud enable autobaud enable318 451-0310E Specifies the number of times an autobaud-enabled port will attempt to determine the input port speed, parity, and character size for the device connected to the port. Syntax autobaud retry NUMBER Where Means Usage Guidelines You cannot enable the Autobaud feature on port 0. If you execute the autobaud enable command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example autobaud retry 6 autobaud retry NUMBER The number of times that the port will attempt to determine the input port speed, parity, and character size for the device connected to the port.451-0310E 319 Specifies that the port(s) under configuration will be automatically dialed. Syntax autodial enable Usage Guidelines You cannot enable the Autodial feature on port 0. If you execute the autodial enable command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example autodial enable autodial enable320 451-0310E Specifies that the port(s) under configuration will automatically log out when the last connection closes. NOTE: The port will also be logged out when the attached equipment drops its signaling. NOTE: Autohangup cannot be enabled on port 0. Syntax autohangup enable Example autohangup enable autohangup enable451-0310E 321 Specifies the banner that is displayed when the user logs in to the port. Syntax banner STRING Where Means Example banner Welcome to Finance banner STRING A text string.322 451-0310E Specifies the number of data bits per character for the port(s) under configuration. Syntax bits NUMBER Where Means Example bits 6 bits NUMBER The number of data bits per character for the port(s) under configuration. The allowable values are 5, 6, 7, or 8.451-0310E 323 Specifies that the port(s) under configuration will send a break signal to the serial line when a break or a Telnet break signal is received, via Telnet or SSH, from a remote host. Syntax break enable Example break enable break enable324 451-0310E Defines a unique break sequence for the port(s) under configuration. When a unique break sequence is defined, it is sent in an out-of-band mode in place of the standard break sequence when the user presses the Break key. Syntax break special Where Means Example break special 1234 break special break_sequence Specifies the break sequence. This can be any combination of up to six characters.451-0310E 325 Specifies the connect command(s) for the asynchronous port(s) under configuration. The connect command(s) are executed when a connection to the port is made, or when the port detects assertion of DSR. This feature is also known as the “Dedicated Async Port Service”. Syntax connect command Where Means Examples connect command telnet 10.1.2.3 connect command mew_startup.exe connect command ssh 10.1.2.3 -p 2022 connect command command_sequence Specifies the connect command(s) for the port. The connect command(s) can be any of the Built-in Linux shell commands. If you specify more than one command, you must separate the commands with semi-colons (;). You can also specify an executable file or a batch file in this field.326 451-0310E Specifies the display option for a databuffer port. Syntax databuffer display enable|prompt Where Means Usage Guidelines You can disable the databuffer display by executing the following command in the Asynchronous command mode: no databuffer display When you execute the no databuffer display command, the contents of the databuffer will not be displayed when you log in to the port. Example databuffer display enable databuffer display prompt databuffer display enable The contents of the data buffer will be displayed for the user as soon as the user logs in to the port; the user will not be prompted for whether or not he wants to display the contents of the data buffer. prompt When the user logs in to the port, he will be prompted for whether or not he wants to display the contents of the data buffer. If the user enters a y response, the contents of the data buffer will be displayed at the user’s terminal. If the user enters an n response, the contents of the data buffer will not be displayed at the user’s terminal.451-0310E 327 Specifies the size, in bytes, of the data buffer on the port(s) under configuration. Syntax databuffer size NUMBER Where Means Example databuffer size 62000 databuffer size NUMBER A whole number that specifies the size, in bytes, for the data buffer on the port(s) under configuration. This can be any number from 28 to 65535. The default databuffer size is 1024 bytes.328 451-0310E Specifies that the data received on the port(s) under configuration will be logged to the local syslogd. NOTE: This feature can only be enabled on asynchronous ports that are configured for data buffering. Refer to the access command on page 308 for information on configuring ports for data buffering. Syntax databuffer syslog enable Example databuffer syslog enable databuffer syslog enable451-0310E 329 Specifies that there will be a timestamp added to every entry of the data buffer for the port(s) under configuration. Syntax databuffer timestamp enable Example databuffer timestamp enable databuffer timestamp enable330 451-0310E Resets the APD retries, APD signature, or APD timeout to the default value. Syntax default apd retry|signature|timeout Where Means Example default apd retry default apd signature default apd timeout default apd retry Resets the apd retry value of the port(s) under configuration to the factory default. signature Resets the apd signature of the port(s) under configuration to the factory default. timeout Resets the apd timeout value of the port(s) under configuration to the factory default.451-0310E 331 Resets the data buffer size on the port(s) under configuration to the factory-default value of 1024 bytes. Syntax default databuffer size Example default databuffer size default databuffer size332 451-0310E Resets all of the parameters of the port(s) under configuration to their factory-default values. Syntax default port Example default port default port451-0310E 333 Resets the off time for the power outlets on the asynchronous port(s) to the default value of 10 seconds. Syntax default power off time Example default power off time default power off time334 451-0310E Resets the speed of the port(s) under configuration to their factory-default values. The default port speed is 9600. Syntax default speed Example default speed default speed451-0310E 335 When the end command is issued in the Asynchronous command mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX command modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end336 451-0310E Returns the user to the previous command mode. For example, if the current command mode is the Asynchronous command mode, issuing this command will return the user to the Configuration command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX Command Modes. However, the effect of the exit command varies, depending on the mode from which it is issued. As noted above, issuing the exit command in the Asynchronous command mode returns the user to the previous command mode. The same goes for issuing the exit command in any mode other than the User command mode. For example, issuing the exit command in the Menu Editing command mode returns the user to the Menu command mode; issuing the exit command in the Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit451-0310E 337 Specifies the type of flow control ("handshaking") that is used by the serial interface(s) of the port(s) under configuration. On all ports except modem ports, the default flow control is XON/XOFF; on modem ports, the default flow control is CTS. Syntax flowcontrol cts|xon Where Means Example flowcontrol cts flowcontrol xon flowcontrol cts The LX unit will use CTS flow control for the specified port(s). xon The LX unit will use XON/XOFF flow control for the specified port(s).338 451-0310E Enters the Modem command mode. For more information on the Modem command mode, refer to “Modem Commands” on page 437. Syntax modem Example modem modem 451-0310E 339 Specifies that the port(s) under configuration will have Modem Control enabled. Syntax modem enable Usage Guidelines You cannot enable Modem Control on port 0. If you execute the modem enable command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example modem enable modem enable340 451-0310E Specifies a description of the port(s) under configuration. Syntax name STRING Where Means Example name FieldOffice3 name STRING A text string that describes the port(s) under configuration. The text string can contain up to 60 characters.451-0310E 341 Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the Asynchronous command mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the Asynchronous command mode and are currently enabled. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no modem no feature_name The name of the feature or boolean parameter that is to be disabled.342 451-0310E Specifies a descriptive name for a Power Outlet that is connected to a Power Master port on the LX unit. Refer to “access power model” on page 309 for information on configuring an LX port as a Power Master. Syntax outlet name Where Means Example outlet 2 name Build5NTserver outlet name outlet_number An integer number that specifies an outlet on the Power Control unit that is being managed via the asynchronous port under configuration. Note: This number consists of the Power Control Relay Number without the Power Master port number. outlet_name Specifies a descriptive name for the Power Control Relay. This can be a text string of up to 15 characters.451-0310E 343 Specifies whether or not the port(s) under configuration will provide a bit (parity bit) with each character for error checking. The value you set for this characteristic must match the value set at the device attached to the port. Syntax parity even|odd|none Where Means Examples parity even parity odd parity none parity even The port will ensure that each byte (character) that is transmitted or received contains an even number of 1's, including the parity bit. If the port receives a byte that contains an odd number of 1 bits, it indicates to the LX unit that an error occurred. odd The port will ensure that each byte (character) that is transmitted or received contains an odd number of 1's, including the parity bit. If the port receives a byte that contains an even number of 1 bits, it indicates to the LX unit that an error occurred. none A parity bit will not be provided. This is the default setting.344 451-0310E Specifies that the ports under configuration will use the Pattern Matching feature. Syntax pattern match enable Usage Guidelines The Pattern Matching feature can only be used on ports that are configured for databuffer access. Refer to the “access” command on page 308 to configure a port for databuffer access. You must create a match pattern before you can execute this command. To create a match pattern, refer to “pattern string” on page 345. Example pattern match enable pattern match enable451-0310E 345 Specifies a match pattern for the databuffer port(s) under configuration. When data matching this pattern is received at the port, the data is put into a syslogd message. The syslogd message that contains the matching data can be forwarded to users of the Notification feature. Refer to “Usage Guidelines” (below) for more information. NOTE: Pattern matching must be disabled on the port(s) where this command is executed. To disable pattern matching, execute the no pattern match command in the Asynchronous command mode: Syntax pattern string Where Means Usage Guidelines When incoming data matching a specified pattern is received at the port, a syslogd message is generated at the facility LOG_USER, with the priority LOG_NOTICE: Pattern match found::Msg39 where is the incoming data that matches the specified pattern. For example, the following syslogd messages could be generated for incoming data that matched the pattern no *: Pattern match found:no broadcast group 4:Msg39 NOTE: The text Pattern match found is the default content of Message 39. This text can be changed. If it is changed, the text that precedes the colon (:) will be different from Pattern match found. Refer to “message string” on page 514 to change the text content of a configurable message. pattern string pattern_number A number that identifies the match pattern. This can be any integer number from 1 through 8. match_pattern A case-sensitive text string that is used as a match pattern for incoming data. This string can contain up to 15 characters, including wildcards. The allowable wildcards are the period (“.”) and the asterisk (“*”). The period represents a single character. For example, the pattern a.c.ef matches the strings abc3ef, azcxef, and a2cgef. The asterisk represents up to 16 iterations of the last character before the asterisk. For example, the pattern abc* matches the strings abccccccc and abccc. Note: The asterisk cannot be specified as the first character in a match pattern. Note: The string help is reserved and can not be specified in a match pattern.346 451-0310E The messages will be forwarded to Notification clients that have a facility of user and a priority of notice configured in their User Profiles. Refer to the LX-Series Configuration Guide for information on configuring User Profiles for the Notification feature. Examples pattern string 1 no * pattern string 2 number . pattern string 3 OK> pattern string 4 stuck* pattern string 5 1234B pattern string (continued)451-0310E 347 Specifies the length of time, in seconds, that outlets must remain off before they can be turned back on. Syntax power off time NUMBER Where Means Example power off time 15 power off time NUMBER An integer number that specifies the length of time, in seconds, that the outlets must remain off before they can be turned back on. After the outlets in the group have been turned off with the outlet command (see page 75), they must remain off for at least this length of time. The allowable values are 0 - 255. The default value is 10.348 451-0310E Enters the PPP command mode. For more information on the PPP command mode, refer to “PPP Commands” on page 447. Syntax ppp Example ppp ppp451-0310E 349 Specifies that the ports under configuration can be used for PPP links. Syntax ppp enable Usage Guidelines You cannot use port 0 for PPP links. If you execute the ppp enable command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example ppp enable ppp enable350 451-0310E Specifies the port prompt for remote connections. Syntax prompt Where Means Example prompt Finance-Group prompt prompt_string The text string that will be used as the port prompt. The text string can contain up to 60 characters.451-0310E 351 Enables the RADIUS accounting feature on the port(s) under configuration. Syntax radius accounting enable Example radius accounting enable radius accounting enable352 451-0310E Specifies that a syslogd message will be sent when there is a state transition of the serial input signals CTS and DCD/DSR. Syntax signals syslog enable Example signals syslog enable signals syslog enable451-0310E 353 Specifies that the port(s) under configuration will send the special break string out the serial line of the port(s) when a break (or Telnet break string) is received, via Telnet or SSH, from a remote host. Refer to “special break string” on page 354 to specify the special break string. Syntax special break enable Example special break enable special break enable354 451-0310E Specifies a unique break sequence that is sent out the serial line of the ports under configuration when a break is received, via Telnet or SSH, from a remote host. Syntax special break string Where Means Example special break string gfeij special break string break_sequence Specifies the unique break sequence. This can be any string of up to six characters.451-0310E 355 Specifies the speed of the port(s) under configuration. Syntax speed NUMBER Where Means Example speed 57600 speed NUMBER The port speed, in bits per second, to which the port(s) under configuration will be set. The valid speeds are 134, 200, 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200 or 230400. The default port speed is 9600.356 451-0310E Specifies the number of stop bits to be used to maintain synchronization of data on the port(s) under configuration. Syntax stopbits NUMBER Where Means Example stopbits 1 stopbits 2 stopbits NUMBER A whole number that maps to the number of stop bits to be used to maintain synchronization of data. The allowable values are 1 or 2.451-0310E 357 Enables the TACACS+ accounting feature on the port(s) under configuration. Syntax tacacs+ accounting enable Example tacacs+ accounting enable tacacs+ accounting enable358 451-0310E Specifies the Telnet break string for the ports under configuration. When it is received from a remote host in a Telnet or SSH session, the LX unit will send the enabled break feature (break signal or special break string) out the serial line. Refer to “break enable” on page 323 to enable the break signal. Refer to “special break enable” on page 353 to enable the special break string. Syntax telnet break string Where Means Example telnet break string sfg telnet break string break_sequence Specifies the Telnet break sequence. This can be any string of up to four characters.451-0310E 359 Enables Telnet negotiation on the port(s) under configuration. When Telnet negotiation is enabled, the LX unit will begin negotiating Telnet parameters as soon as the session is started. NOTE: Telnet negotiation is enabled by default. This command is typically used to re-enable Telnet negotiation after it has been disabled. (To disable Telnet negotiation, execute the no telnet negotiation command in the Asynchronous Command Mode.) Syntax telnet negotiation enable Usage Guidelines Telnet Negotiation is used with transparency enabled when full transparency is needed within the telnet connection. Refer to the transparency enable command on page 360 to enable transparency. You can disable Telnet Negotiation on the LX to ensure operation with NT servers. Disabling Telnet negotiation on the LX effectively disables the negotiation of all telnet options in the TCP three-way handshaking process. Example telnet negotiation enable telnet negotiation enable360 451-0310E Sets the port(s) under configuration to transparent mode. Syntax transparency enable Usage Guidelines The use of transparent mode ensures that the LX can support applications that were designed for a point-to-point serial connection over an IP network. Examples of such applications include (but are not limited to) legacy serial applications and the downloading of an operating system to a switch or router via the serial port. Transparent mode is applicable to the serial-port side only. When transparent mode is enabled, common control characters are not interpreted. For example, some characters that would not be interpreted (and their Hex equivalents) are ^Q (11), ^S (13), and NULL (00). To disable transparent mode, execute the following command in the Asynchronous Command Mode: no transparency Example transparency enable transparency enable451-0310E 361 Chapter 6 Ethernet Commands The Ethernet commands are executed in the Ethernet command mode. When the LX unit is in the Ethernet command mode, the Ethernet command prompt (e.g., Ether 1-1:0 >>) is displayed on the terminal screen. The format of the Ethernet command prompt is as follows: Ether <1st_port_number>-: >> where <1st_port_number> identifies the first port in the range of ports under configuration. identifies the last port in the range of ports under configuration. identifies the current session number. To enter the Ethernet command mode, execute the port ethernet command in the Configuration command mode. The port ethernet command is described on page 195. 362 451-0310E Specifies the description for the Ethernet port. Syntax description STRING Where Means Example description Port 0 on the Lab Unit description STRING A text string that describes the Ethernet port. The text string can contain up to 60 characters.451-0310E 363 When the end command is issued in Ethernet Command Mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX Command Modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end364 451-0310E Returns the user to the previous command mode. For example, if the current command mode is the Ethernet command mode, issuing this command will return the user to the Configuration command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX command modes. However, the effect of the exit command varies, depending on the mode from which it is issued. As noted above, issuing the exit command in the Ethernet command mode returns the user to the previous command mode. The same goes for issuing the exit command in any mode other than the User command mode. For example, issuing the exit command in the Menu Editing command mode returns the user to the Menu command mode; issuing the exit command in the Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit451-0310E 365 Removes (deletes) the description field for the Ethernet port(s) under configuration. Refer to “description” on page 362 for more information on the description field. Syntax no description Example no description no description366 451-0310E Specifies the speed and duplex mode of the Ethernet port under configuration. Syntax speed auto|10mb|100mb duplex full|half Where Means Examples speed auto speed 10mb duplex full speed 100mb duplex full speed 10mb duplex half speed 100mb duplex half speed auto The Ethernet port under configuration will auto-negotiate its port speed and duplex mode. This is the default setting. Note: If the auto option is specified, you will not be able to specify full or half as the duplex mode for the port; the duplex mode will be auto-negotiated. 10mb Sets a speed of 10 Megabytes per second for the Ethernet port under configuration. 100mb Sets a speed of 100 Megabytes per second for the Ethernet port under configuration. full The Ethernet port under configuration will use full duplex. half The Ethernet port under configuration will use half duplex.451-0310E 367 Chapter 7 Subscriber Commands The Subscriber commands are executed in the Subscriber command mode. When the LX unit is in the Subscriber command mode, the Subscriber command prompt (e.g., Subs_mark >>) is displayed on the terminal screen. The format of the Subscriber command prompt is as follows: Subs_ >> where is the name of the subscriber under configuration. To enter the Subscriber command mode, execute the subscriber command in the Configuration command mode. The subscriber command is described on page 247.368 451-0310E Enables the subscriber to access the LX unit via a direct connection to the LX console port. Syntax access console enable Example access console enable access console enable451-0310E 369 Specifies the LX asynchronous ports that the subscriber can access. Syntax access port Where Means Example access port 2 access port 0 2 3 5 6 access port 3-7 access port port_list Specifies the asynchronous port(s) that the user can access on the LX unit. If more than one asynchronous port is specified, they should be separated by blank spaces; for example, 2 3 5 6. In order to specify a range of ports, put a hyphen between the first port and the last port; for example: 3-7.370 451-0310E Enables the subscriber to access the LX unit by an SSH connection. Syntax access ssh enable Example access ssh enable access ssh enable451-0310E 371 Enables the subscriber to access the LX unit by a Telnet connection. Syntax access telnet enable Example access telnet enable access telnet enable372 451-0310E Enables the subscriber to access the LX unit from a web browser via an Internet connection. Syntax access web enable Example access web enable access web enable451-0310E 373 Enables the auditing of port activity for the subscriber. The auditing begins as soon as this command is executed. Syntax audit log enable Example audit log enable audit log enable374 451-0310E Specifies the Backward Switch character for the subscriber; when the subscriber enters the Backward Switch character, he is returned to the previous (lower-numbered) session without returning to the local command mode. Syntax backward_switch CHARACTER Where Means Usage Guidelines To specify that the Backward Switch character is a CTRL character, the character must be preceded by the caret symbol (^) in the backward_switch command. For example, the following command specifies that the Backward Switch character is CTRL/I: backward_switch ^I Be sure that there are no conflicting uses for the character you select (particularly with control characters that are used by applications programs, or with the character you set for the FORWARD SWITCH, the LOCAL SWITCH, or any Telnet command characters). If you specify a CTRL character, when the user types the character, it will be displayed as ^ (i.e., if the user types CTRL/I, the terminal will echo the characters: ^I). Example backward_switch ^I backward_switch CHARACTER A capital letter (A - Z) that the user will type to return to the previous session. It is recommended that you specify an unused CTRL character. 451-0310E 375 Enables command logging for the subscriber. Syntax command log enable Usage Guidelines Command logging creates an audit trail of subscriber input in a subscriber session. The audit trail is sent to the accounting log and to syslogd. Use the show command log command to display the command log. The show command log command is described on page 87. Example command log enable command log enable376 451-0310E Permanently assigns the subscriber to a dedicated service; whenever the subscriber logs into the LX unit, he will begin running the service that is specified in this command. Syntax dedicated service NAME Where Means Usage Guidelines In order to use this command, the Telnet protocol must be enabled. Example dedicated service finance_server dedicated service NAME The name of the service to which the subscriber is permanently assigned.451-0310E 377 Resets the access ports for the subscriber to the factory default of all physical ports on the LX unit, including port 0. Syntax default access port Example default access port default access port378 451-0310E Resets the subscriber’s remote access to the default value, which is no remote access. Syntax default access remote Example default access remote default access remote451-0310E 379 Resets the Backward Switch character for the subscriber back to the factory default. NOTE: The factory-default Backward Switch character is Control-B (^B). Syntax default backward_switch Example default backward_switch default backward_switch380 451-0310E Resets the Dialback retries for the subscriber back to the factory default of 4. Syntax default dialback retry Example default dialback retry default dialback retry451-0310E 381 Resets the Forward Switch character for the subscriber back to the factory default. NOTE: The factory-default Forward Switch character is Control-F (^F). Syntax default forward_switch Example default forward_switch default forward_switch382 451-0310E Resets the Inactivity timeout for the subscriber to the factory default of 0. A value of 0 means that the Inactivity Timer is effectively disabled. Syntax default idletime Example default idletime default idletime451-0310E 383 Resets the Local Switch character for the subscriber back to the factory default. NOTE: The factory-default Forward Switch character is Control-L (^L). Syntax default local_switch Example default local_switch default local_switch384 451-0310E Resets the SSH log level to the factory-default level, which is INFO. Syntax default ssh log level Example default ssh log level default ssh log level451-0310E 385 Enables the Dialback feature for the subscriber. Syntax dialback enable Example dialback enable dialback enable386 451-0310E Specifies the telephone number that the LX modem will dial when the subscriber makes a Dialback call to the LX unit. Syntax dialback number Where Means Example dialback number 19785551978 dialback number telephone_number The telephone number that the LX modem will dial when the subscriber makes a Dialback call to the LX unit. 451-0310E 387 Specifies the number of times that the modem on the LX unit can attempt to answer a dialback call. Syntax dialback retry NUMBER Where Means Example dialback retry 7 dialback retry NUMBER The number of times that the modem on the LX unit can attempt to answer a dialback call. The default value is 3. The allowable values are 1 through 255.388 451-0310E When the end command is issued in the Subscriber command mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX Command Modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end451-0310E 389 Returns the user to the previous command mode. For example, if the current command mode is the Subscriber command mode, issuing this command will return the user to the Configuration command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX command modes. However, the effect of the exit command varies, depending on the mode from which it is issued. As noted above, issuing the exit command in the Subscriber command mode returns the user to the previous command mode. The same goes for issuing the exit command in any mode other than the User command mode. For example, issuing the exit command in the Menu command mode returns the user to the Configuration command mode; issuing the exit command in the Configuration command mode returns the user to Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit390 451-0310E Specifies the Forward Switch character for the subscriber; when the subscriber enters the Forward Switch character, he is switched to the next (higher-numbered) session without returning to the local command mode. Syntax forward_switch CHARACTER Where Means Usage Guidelines To specify that the Forward Switch character is a CTRL character, the character must be preceded by the caret symbol (^) in the forward_switch command. For example, the following command specifies that the Forward Switch character is CTRL/M: forward_switch ^M Be sure that there are no conflicting uses for the character you select (particularly with control characters that are used by applications programs, or with the character you set for the BACKWARD SWITCH, the LOCAL SWITCH, or any Telnet command characters). If you do specify a CTRL character, when the user types the character, it will be displayed as ^ (i.e., if the user types CTRL/M, the terminal will echo the characters: ^M). Example forward_switch ^M forward_switch CHARACTER A capital letter (A - Z) that the user will type to switch to the next session. It is recommended that you specify an unused CTRL character.451-0310E 391 Sets the Inactivity Timeout for the subscriber. The subscriber is logged out if he does not enter keyboard data before the expiration of the Inactivity Timeout. Syntax idletime Where Means Syntax idletime 1200 idletime timeout_value The length of the Inactivity Timeout, in seconds. The allowable values are 0 through 65535. The default value is 0. A value of 0 means that the Inactivity Timer is effectively disabled. 392 451-0310E Specifies the Local Switch character for the subscriber; when the subscriber enters the Local Switch character, he is returned to the local command mode. Syntax local_switch CHARACTER Where Means Usage Guidelines To specify that the Local Switch character is a CTRL character, the character must be preceded by the caret symbol (^) in the local_switch command. For example, the following command specifies that the Local Switch character is CTRL/K: local_switch ^K Be sure that there are no conflicting uses for the character you select (particularly with control characters that are used by applications programs, or with the character you set for the BACKWARD SWITCH, the FORWARD SWITCH, or any Telnet command characters). If you do specify a CTRL character, when the user types the character, it will be displayed as ^ (i.e., if the user types CTRL/K, the terminal will echo the characters: ^K). Example local_switch ^K local_switch CHARACTER A capital letter (A - Z) that the user will type to return to the local command mode. It is recommended that you specify an unused CTRL character. 451-0310E 393 Sets the maximum simultaneous connections for the subscriber. Syntax maxsubscriber NUMBER Where Means Syntax maxsubscriber 10 maxsubscriber NUMBER The maximum simultaneous connections for the subscriber. The allowable values are 1 through 255. The default value is 5.394 451-0310E Assigns a log-in menu to the subscriber and enables the Menu feature for the subscriber. If the Menu feature is enabled, and a menu exists for the subscriber, a menu is displayed when the subscriber logs in to the LX unit. Refer to “Menu Commands” on page 479 for more information on creating menus. Syntax menu NAME enable Where Means Example menu tom enable menu enable NAME The name of the menu that is to be displayed when the subscriber logs in to the LX unit. Refer to “Menu Commands” on page 479 for more information on creating menus.451-0310E 395 Disables (negates) specific features and boolean parameters for the subscriber under configuration. Refer to “Usage Guidelines” (below) for more information about using the no command in the Subscriber mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the Subscriber command mode and are currently enabled for this subscriber. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no pause no feature_name The name of the feature or boolean parameter that is to be disabled.396 451-0310E Assigns a new login password to the subscriber’s account. Syntax password Usage Guidelines When this command is executed, the following prompts are displayed: Enter your NEW password : Re-enter your NEW password: Enter the new password at the Enter prompt, and re-enter it at the Re-enter prompt. The password string can be up to 16 characters in length, and it will be masked when you enter it at the above prompts. Example password password451-0310E 397 Enables password login protection on the subscriber account and enables the subscriber to reset his password the next time he logs in. (The subscriber will be prompted to enter, and confirm, his new password the next time he logs in.) Syntax password enable Example password enable password enable398 451-0310E Configures the screen pause feature for this subscriber. When this feature is enabled, the screen will pause after displaying the number of lines specified in the “lines/screen” value for the terminal. Syntax pause enable Example pause enable pause enable451-0310E 399 Assigns a service to which the port will connect whenever a user makes a connect request without specifying a service. Syntax preferred service NAME Where Means Usage Guidelines After assigning a Preferred Service to a subscriber, you must log out the subscriber in order for the Preferred Service to take effect. Example preferred service finance_server preferred service NAME The name of the preferred service.400 451-0310E Sets the portion of the subscriber’s user prompt. Refer to page 33 for more information on the format of the user prompt. Syntax prompt STRING Where Means Example prompt BILL prompt STRING A text string of up to 8 ASCII characters. 451-0310E 401 Allows the subscriber to log into the Superuser command mode with the Superuser password. The subscriber logs in to the Superuser command mode by executing the enable command (see page page 36). Syntax security level superuser Example security level superuser security level superuser402 451-0310E Sets the maximum number of sessions for a subscriber. Syntax session NUMBER Where Means Examples session 3 session NUMBER The maximum number of sessions for the subscriber. The allowable values are 0 through 4, where a value of 0 disables the subscriber’s access to the LX unit. 451-0310E 403 Configures the Subscriber Session Mode as Shell. When the Subscriber Session Mode is Shell, the subscriber is logged into the Linux shell when he accesses the LX unit. Syntax shell enable Usage Guidelines You can reset the Subscriber Session Mode to CLI by executing the no shell command in the Subscriber Command Mode. When the Subscriber Session Mode is CLI, the subscriber will be logged into the LX CLI (or his specified Login Menu) when he accesses the LX unit. Example shell enable shell enable404 451-0310E Specifies the SSH encryption type(s) that are supported for this subscriber. Syntax ssh cipher triple-des|any|blowfish Where Means Usage Guidelines Blowfish is a variable-length key block cipher. It is only suitable for applications where the key does not change often, like a communications link or an automatic file encryptor. It is significantly faster than DES when implemented on 32-bit microprocessors with large data caches, such as the Pentium and the PowerPC. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Blowfish is unpatented and license-free, and is available free for all uses at the following website: http://www.counterpane.com/blowfish-download.html Examples ssh cipher triple-des ssh cipher any ssh cipher blowfish ssh cipher triple-des Specifies that the Triple Data Encryption Standard (Triple-DES) is the only SSH encryption type supported for this subscriber. any Specifies that any SSH encryption type is supported for this subscriber. blowfish Specifies that BLOWFISH is the only SSH encryption type supported for this subscriber. See “Usage Guidelines” (below) for more information on the BLOWFISH encryption type.451-0310E 405 Specifies a unique SSH key for this subscriber. When a subscriber has a unique SSH key, he can log on to the LX unit via SSH without entering a password. (The only requirement is that the user must log on from the host on which his SSH key was generated.) Syntax ssh key Usage Guidelines When this command is executed, the following prompt is displayed: Please enter your key: Type an SSH key at the above prompt. The SSH key can be any random string of characters. As an alternative to typing the SSH key, you can paste a generated SSH key at the above prompt. (The SSH key must be generated on the host from which the subscriber will make SSH connections to the LX unit. Refer to your Linux documentation for more information on generating an SSH key.) Example ssh key ssh key406 451-0310E Specifies the class of SSH messages that will be logged to syslogd. Syntax ssh log level debug|error|fatal|info|quiet|verbose Where Means Examples ssh log level debug ssh log level error ssh log level fatal ssh log level info ssh log level quiet ssh log level verbose ssh log level debug Only debug messages will be sent to the SSH log. error Only error messages will be sent to the SSH log. fatal Only fatal error messages will be sent to the SSH log. info Only informational messages will be sent to the SSH log. This is the default. quiet Default account log information will be logged for SSH. verbose Verbose account log information will be logged for SSH.451-0310E 407 Specifies the Telnet mode for the subscriber. Syntax telnet mode line|character Where Means Examples telnet mode line telnet mode character telnet mode line The subscriber will use Telnet line mode. character The subscriber will use Telnet character mode.408 451-0310E Sets the terminal type for the subscriber. Syntax terminal Where Means Example terminal vt100 terminal ansi terminal terminal_type The terminal type for the subscriber. The allowable terminal types are VT100 and ANSI. 451-0310E 409 Chapter 8 SNMP Commands The SNMP commands are executed in the SNMP command mode. When the LX unit is in the SNMP command mode, the SNMP command prompt (e.g., Snmp:0 >>) is displayed on the terminal screen. The format of the SNMP command prompt is as follows: Snmp: >> where is the session number of the current connection. To enter the SNMP command mode, execute the snmp command in the Configuration command mode. The snmp command is described on page 242.410 451-0310E Specifies the name of a system contact for the LX unit. Syntax contact STRING Where Means Example contact Henry Smith contact STRING The name of a system contact for the LX unit. This information is available via an SNMP query (get) but is provided for administrative or informational purposes only. The MIB object is sysContact. The text string can contain up to 60 characters.451-0310E 411 Specify the default SNMP V3 client for the LX unit Syntax default v3 client NUMBER Where Means Example default v3 client 5 default v3 client NUMBER The number of the default SNMP V3 client. Valid values are 3 - 7. 412 451-0310E When the end command is issued in SNMP Mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX Command Modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end451-0310E 413 Returns the user to the previous command mode. For example, if the current command mode is the SNMP command mode, issuing this command will return the user to the Configuration command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX Command Modes. However, the effect of the exit command varies, depending on the mode from which it is issued. As noted above, issuing the exit command in the SNMP command mode returns the user to the previous command mode. The same goes for issuing the exit command in any mode other than the User command mode. For example, issuing the exit command in the Menu Editing command mode returns the user to the Menu command mode; issuing the exit command in the Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit414 451-0310E Add, or change, an SNMP client (e.g., a Network Operations Center, or NOC) that has permission to view information about the LX unit (i.e., perform an SNMP get). Syntax get client NUMBER A.B.C.D Where Means Example get client 4 119.20.112.3 get client NUMBER The number of the SNMP client that has permission to perform an SNMP get on the LX unit. Valid values are 0 - 16. A.B.C.D The Internet address of an SNMP client that has permission to perform an SNMP get on the LX unit. The default value is 0.0.0.0. Specify the default value (0.0.0.0) to remove a client.451-0310E 415 Specifies an SNMP Get client community for an SNMP get client of the LX unit. When an SNMP Get community has been specified with this command, any SNMP get clients must belong to the same SNMP Get community in order to perform an SNMP get on the unit. Syntax get client NUMBER community Where Means Example get client 3 community labunits get client community NUMBER The number of the SNMP client that has permission to perform an SNMP get on the LX unit. community_name The name of the SNMP Get community. The name can be up to 32 characters long.416 451-0310E Specifies the SNMP get client version for an SNMP get client of the LX unit. Syntax get client NUMBER version Where Means Example get client 3 version 2 get client version NUMBER The number of the SNMP get client for which the SNMP get client version is to be set. version_number An SNMP get client version number. The allowable values are 1, 2, or 3. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients.451-0310E 417 Specifies the physical location of the LX unit. Syntax location STRING Where Means Example location Engineering Lab location STRING The physical location of the LX unit. This information is available via an SNMP query (get) but is provided for administrative or informational purposes only. The MIB object is sysLocation. The text string can contain up to 60 characters.418 451-0310E Enables the logging of all incoming SNMP packets to syslogd. Syntax log enable Example log enable log enable451-0310E 419 Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the SNMP mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the SNMP command mode and are currently enabled. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no pause no feature_name The name of the feature or boolean parameter that is to be disabled.420 451-0310E Add, or change, an SNMP client (e.g., a Network Operations Center, or NOC) that has permission to set characteristics (i.e., perform an SNMP set) on the LX unit. Syntax set client NUMBER A.B.C.D Where Means Example set client 4 119.20.112.3 set client NUMBER The number of the SNMP client that has permission to perform an SNMP set on the LX unit. Valid values are 0 - 16. A.B.C.D The Internet address of an SNMP client that has permission to perform an SNMP set on the LX unit. The default value is 0.0.0.0. Specify the default (0.0.0.0) value to remove a client.451-0310E 421 Specifies an SNMP Set client community for an SNMP set client of the LX unit. When an SNMP Set community has been specified with this command, any SNMP set clients must belong to the same SNMP Set community in order to perform an SNMP set on the unit. Syntax set client NUMBER community Where Means Example set client 3 community labunits set client community NUMBER The number of the SNMP client that has permission to perform an SNMP set on the LX unit. community_name The name of the SNMP Set community. The name can be up to 32 characters long.422 451-0310E Specifies the SNMP set client version for an SNMP set client of the LX unit. Syntax set client NUMBER version Where Means Example set client 3 version 2 set client version NUMBER The number of the SNMP set client for which the SNMP set client version is to be set. version_number An SNMP set client version number. The allowable values are 1, 2, or 3. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients.451-0310E 423 Add, or change, an SNMP client (e.g., a Network Operations Center, or NOC) that will receive SNMP traps generated by the LX unit. The LX unit sends an Enterprise-specific SNMP trap before a reboot and a Cold Start SNMP trap when the LX unit has rebooted. During normal operation of the LX unit, SNMP traps can be sent to trap clients via the Notification feature. Syntax trap client NUMBER A.B.C.D Where Means Example trap client 4 119.20.112.3 trap client NUMBER The number of the SNMP client that has permission to receive SNMP traps generated by the LX unit. Valid values are 0 - 16. A.B.C.D The Internet address of an SNMP client that has permission to receive SNMP traps from the LX unit. The default value is 0.0.0.0. Specify the default value (0.0.0.0) to remove a client.424 451-0310E Specifies an SNMP Trap community for an SNMP trap client of the LX unit. When an SNMP Trap community has been specified with this command, any SNMP trap clients must belong to the same SNMP Trap community in order to receive SNMP traps that are generated by the unit. The LX unit sends an Enterprise-specific SNMP trap before a reboot and a Cold Start SNMP trap when the LX unit has rebooted. During normal operation of the LX unit, SNMP traps can be sent to trap clients via the Notification feature. Syntax trap client NUMBER community Where Means Example trap client 3 community labunits trap client community NUMBER The number of the SNMP client that has permission to receive SNMP traps that are generated by the LX unit. community_name The name of the SNMP Trap community. The name can be up to 32 characters long.451-0310E 425 Specifies the SNMP trap client version for an SNMP set client of the LX unit. The LX unit sends an Enterprise-specific SNMP trap before a reboot and a Cold Start SNMP trap when the LX unit has rebooted. During normal operation of the LX unit, SNMP traps can be sent to trap clients via the Notification feature. Syntax trap client NUMBER version Where Means Example trap client 5 version 2 trap client version NUMBER The number of the SNMP trap client for which the SNMP trap client version is to be set. version_number An SNMP trap client version number. The allowable values are 1, 2 or 3. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients.426 451-0310E Specifies the access context match criteria for an SNMP V3 client. Syntax v3 client access context match exact|prefix Where Means Examples v3 client 3 access context match exact v3 client 3 access context match prefix v3 client access context match client_number The number of the SNMP V3 client for which the access context match criteria are being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. exact The access context field of an incoming SNMP packet must be an exact match for the access context field that is specified for the group on the LX unit. prefix The prefix of an access context field of an incoming SNMP packet must match the prefix of the access context field that is specified for the group on the LX unit.451-0310E 427 Specifies the access context prefix for an SNMP V3 client. Syntax v3 client access context prefix Where Means Examples v3 client 3 access context prefix lab v3 client access context prefix client_number The number of the SNMP V3 client for which the access context prefix is being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. string The access context prefix for the SNMP V3 client.428 451-0310E Specifies the access read view for an SNMP V3 client. Syntax v3 client access read view Where Means Example v3 client 3 access read view second_view v3 client access read view client_number The number of the SNMP V3 client for which the access read view is being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. word The view that will be used as the read view for the SNMP V3 client. The read view is used for incoming SNMP Get Requests.451-0310E 429 Specifies the access security settings for an SNMP V3 client. Syntax v3 client access security level model Where Means Examples v3 client 3 access security level 1 v3 client 3 access security level 2 v3 client 3 access security level 3 v3 client 3 access security model 1 v3 client 3 access security model 2 v3 client access security client_number The number of the SNMP V3 client for which the access context settings are being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. level Specify the access security level. security_level The access security level in an incoming SNMP packet must match this value in order for the packet to be allowed. The allowable values are 1, 2, or 3. model Specify the access security model. model_number The access security model in an incoming SNMP packet must match this value in order for the packet to be allowed. The allowable values are 1, 2, or 3.430 451-0310E Specifies the access write view for an SNMP V3 client. Syntax v3 client access write view Where Means Example v3 client 3 access write view third_view v3 client access write view client_number The number of the SNMP V3 client for which the access write view is being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. word The view that will be used as the write view for the SNMP V3 client. The write view is used for incoming SNMP Set Requests.451-0310E 431 Specifies the group security model for an SNMP V3 client. Syntax v3 client group security model Where Means Examples v3 client 3 group security model 1 v3 client 3 group security model 2 v3 client group security model client_number The number of the SNMP V3 client for which the security community setting is being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. model_number The group security model in an incoming SNMP packet must match this value in order for the packet to be allowed. The allowable values are 1 or 2.432 451-0310E Specifies the name for an SNMP V3 client. Syntax v3 client name Where Means Examples v3 client 3 name lab_unit v3 client name client_number The number of the SNMP V3 client for which the client engine settings are being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. string The name of the SNMP V3 client. This can be any text string.451-0310E 433 Specifies the security community for an SNMP V3 client. Syntax v3 client security community Where Means Example v3 client 3 security community lab_group v3 client security community client_number The number of the SNMP V3 client for which the security community setting is being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. word The security community name for the SNMP V3 client. The LX unit will only accept SNMP Requests from this SNMP V3 client if the Request packet includes this community name. This is a text string of up to 60 characters.434 451-0310E Specifies the security source settings for an SNMP V3 client. Syntax v3 client security source mask Where Means Examples v3 client 4 security source 143.32.87.23 v3 client 4 security source mask 255.255.255.0 v3 client security source client_number The number of the SNMP V3 client for which the security source settings are being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. ip_address The IP Address that will be used as the security source for the SNMP V3 client. The LX unit will only accept SNMP Requests from this SNMP V3 client if they have this IP Address specified as the security source. mask Requires both the IP Address, and subnet mask, of the security source to match. subnet_mask The subnet mask that will be used as the security source mask for the SNMP V3 client. If this mask is specified, both IP address and the subnet mask for the security source must match for the LX unit to accept SNMP Requests from the V3 client.451-0310E 435 Specifies the view settings for an SNMP V3 client. Syntax v3 client view subtree mask type Where Means Examples v3 client 4 view subtree 1.3.6.1.2.1.1.2 v3 client 4 view mask F v3 client 4 view type allow v3 client 4 view type deny v3 client view client_number The number of the SNMP V3 client for which the view settings are being configured. Note: Clients 0-2 are reserved for SNMP V1 clients and SNMP V2 clients. You cannot specify clients 0-2 as SNMP V3 clients. subtree Specify the subtree for the V3 client. object_id An Object ID that will be used as a filter for incoming SNMP packets, as specified by the mask for the V3 client. mask Specify the view mask for the V3 client. octet_string A hexadecimal number that specifies the octets that must match those in the subtree. For example, hexadecimal F (which has a binary value of 1111) indicates that the first four octets in an incoming Object ID must match the first four octets in the subtree. If the subtree is 1.3.6.1.2.1.1.2, the Object IDs of incoming SNMP packets must have 1.3.6.1 as their first four octets. type Specify the type for the V3 view. word The type of the V3 view. The allowable values are: allow – Packets that match the mask and subtree in this view will be allowed to make requests on the LX unit. deny – Packets that match the mask and subtree in this view will not be allowed to make requests on the LX unit.436 451-0310E Specifies the engine settings for an SNMP V3 client. Syntax v3 engine id boots NUMBER Where Means Examples v3 engine id 346248687 v3 engine boots 11 v3 engine id Specify the Engine ID for the LX unit. octet_string An hexadecimal value that uniquely identifies the LX unit. boots Specify the Engine boots for the LX unit. NUMBER An integer number that represents the number of times that the SNMP daemon running on the LX unit has rebooted. You can set this to any integer value. This is a counter that will be incremented each time the SNMP daemon is rebooted. This value is also a shared secret between the LX unit and the SNMP V3 client.451-0310E 437 Chapter 9 Modem Commands The Modem commands, which are used to configure modems for asynchronous ports, are executed in the Modem command mode. When the LX unit is in the Modem command mode, the Modem command prompt (e.g., Modem 4-4:0 >>) is displayed on the terminal screen. The format of the Modem command prompt is as follows: Modem <1st_port_number>-: >> where <1st_port_number> identifies the first port in the range of ports under configuration. (This value is inherited from the Asynchronous command mode.) identifies the last port in the range of ports under configuration. (This value is inherited from the Asynchronous command mode.) identifies the current session number. To enter the Modem command mode, execute the modem command in the Asynchronous command mode. The modem command is described on page 338.438 451-0310E Resets the modem initialization string to its default value. Syntax default initstring Example default initstring default initstring451-0310E 439 Specifies the telephone number that the LX modem will dial for a dialout connection. Syntax dialout number Where Means Usage Guidelines You cannot specify a dialout number for port 0. If you execute the dialout number command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example dialout number 19785558371 dialout number telephone_number The telephone number that the LX modem will dial for a dialout connection. 440 451-0310E When the end command is issued in the Modem command mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX Command Modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end451-0310E 441 Returns the user to the previous command mode. For example, if the current command mode is the Modem command mode, issuing this command will return the user to the Asynchronous command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX command modes. However, the effect of the exit command varies, depending on the command mode from which it is issued. As noted above, issuing the exit command in the Modem command mode returns the user to the previous command mode. The same goes for issuing the exit command in any command mode other than the User command mode. For example, issuing the exit command in the Menu Editing command mode returns the user to the Menu command mode; issuing the exit command in the Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit442 451-0310E Specifies the Modem Initialization string that the port(s) under configuration will pass to the modem. Syntax initstring STRING Where Means Usage Guidelines You cannot specify a Modem Initialization string for port 0. If you execute the initstring command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example initstring AT S7=45 S0=1 L1 V1 X4 &C1 &1 Q0 &S1 initstring STRING The Modem Initialization string451-0310E 443 Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the Modem command mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the Modem command mode and are currently enabled. To vi ew the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no dialout number no feature_name The name of the feature or boolean parameter that is to be disabled.444 451-0310E Specifies the number of times that the port(s) under configuration will attempt to make a dialout connection via a modem, after the initial attempt. Syntax retry NUMBER Where Means Usage Guidelines You cannot specify a retry value for port 0. If you execute the retry command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example retry 6 retry NUMBER The number of times that the port(s) under configuration will attempt to make a dialout connection via a modem. The valid values are 0 - 255.451-0310E 445 Specifies the length of time that the port(s) under configuration can spend attempting to make a modem connection. Syntax timeout NUMBER Where Means Usage Guidelines You cannot specify a modem timeout for port 0. If you execute the timeout command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Example timeout 30 timeout NUMBER Specifies how much time the port(s) under configuration can spend attempting to make a modem connection. Valid timeout values are from 1 to 255 seconds.446 451-0310E Specifies the Modem type. Syntax type dialin|dialout Where Means Usage Guidelines You cannot specify a modem type for port 0. If you execute the type command on port 0, the following message will be displayed: Operation not permitted on diagnostic/management port Examples type dialin type dialout type dialin The modem on the asynchronous port(s) under configuration can only be used for dialin connections. dialout The modem on the asynchronous port(s) under configuration can only be used for dialout connections.451-0310E 447 Chapter 10 PPP Commands The PPP commands, which are used to configure the Point-to-Point Protocol (PPP) for asynchronous ports, are executed in the PPP command mode. When the LX unit is in the PPP command mode, the PPP command prompt (e.g., PPP 4-4:0 >>) is displayed on the terminal screen. The format of the PPP command prompt is as follows: PPP <1st_port_number>-: >> where <1st_port_number> identifies the first port in the range of ports under configuration. (This value is inherited from the Asynchronous command mode.) identifies the last port in the range of ports under configuration. (This value is inherited from the Asynchronous command mode.) identifies the current session number. To enter the PPP command mode, execute the PPP command in the Asynchronous command mode. The PPP command is described on page 348.448 451-0310E Enables the logging of PPP data for the asynchronous port(s) under configuration. NOTE: You cannot execute this command on port 0. Syntax accounting enable Example accounting enable accounting enable451-0310E 449 Sets the PPP link authentication parameters for the port(s) under configuration. NOTE: You cannot execute this command on port 0. Syntax authentication chap|pap|retry |timeout Where Means Examples authentication chap authentication pap authentication retry 5 authentication timeout 30 authentication chap Enables CHAP authentication on the PPP link. pap Enables PAP authentication on the PPP link. retry Set the retry value for CHAP or PAP authentication. retry_limit The number of times that the LX unit will attempt to authenticate a PPP link. timeout Set the timeout value for CHAP or PAP authentication. timeout_limit The length of time that the LX unit has to perform CHAP or PAP authentication for a PPP link. If the link can not be authenticated within this time, the link is refused.450 451-0310E Enables PPP Compression Control Protocol (CCP) negotiation on the asynchronous port(s) under configuration. NOTE: You cannot execute this command on port 0. Syntax ccp enable Example ccp enable ccp enable451-0310E 451 Resets the retry and timeout values for PPP authentication to the factory-default settings. NOTE: You cannot execute this command on port 0. Syntax default authentication retry|timeout Where Means Example default authentication retry default authentication timeout default authentication retry Resets the retry value for PPP authentication to the factory-default setting. Refer to “authentication” on page 449 for more information on the retry value for PPP authentication. timeout Resets the timeout value for PPP authentication to the factory-default setting. Refer to “authentication” on page 449 for more information on the timeout value for PPP authentication.452 451-0310E Resets the negotiation options for the Internet Protocol Control Protocol (IPCP) to their factorydefault values. NOTE: You cannot execute this command on port 0. Syntax default ipcp compression|failure|timeout Where Means Example default ipcp compression default ipcp failure default ipcp timeout default ipcp compression Resets the compression option for IPCP to the factory-default value. Refer to “ipcp accept address enable” on page 462 for more information on the compression option for IPCP. failure Resets the failure option for IPCP to the factory-default value. Refer to “ipcp accept address enable” on page 462 for more information on the failure option for IPCP. timeout Resets the timeout option for IPCP to the factory-default value. Refer to “ipcp accept address enable” on page 462 for more information on the timeout option for IPCP.451-0310E 453 Resets the compression option for the Link Control Protocol (LCP) to the factory-default value. NOTE: You cannot execute this command on port 0. Refer to “lcp compression enable” on page 466 for more information on the compression option for LCP. Syntax default lcp compression Example default lcp compression default lcp compression454 451-0310E Resets the echo failure parameter for the Link Control Protocol (LCP) to the factory-default value. NOTE: You cannot execute this command on port 0. Refer to “lcp echo failure” on page 467 for more information on the echo failure parameter for LCP. Syntax default lcp echo failure Example default lcp echo failure default lcp echo failure451-0310E 455 Resets the failure limit parameter for the Link Control Protocol (LCP) to the factory-default value. NOTE: You cannot execute this command on port 0. Refer to “lcp failure limit” on page 469 for more information on the failure limit parameter for LCP. Syntax default lcp failure limit Example default lcp failure limit default lcp failure limit456 451-0310E Resets the Link Control Protocol (LCP) timeout for the port(s) under configuration to the factory-default value. NOTE: You cannot execute this command on port 0. Refer to “lcp timeout” on page 470 for more information on the LCP timeout. Syntax default lcp timeout Example default lcp timeout default lcp timeout451-0310E 457 Resets the client-mode username to the factory-default value, which is InReach. NOTE: You cannot execute this command on port 0. Syntax default mode client username Example default mode client username default mode client username458 451-0310E Resets the Maximum Transmission Unit (MTU) for the PPP link to the factory-default setting. The MTU is the maximum-sized packet that can be transmitted on the PPP link. NOTE: You cannot execute this command on port 0. Syntax default mtu Example default mtu default mtu451-0310E 459 Resets the IP address of the remote system in the PPP link to the default value. NOTE: You cannot execute this command on port 0. Syntax default remote address Example default remote address default remote address460 451-0310E When the end command is issued in the PPP command mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX command modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end451-0310E 461 Returns the user to the previous command mode. For example, if the current command mode is the PPP command mode, issuing this command will return the user to the Asynchronous command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX command modes. However, the effect of the exit command varies, depending on the mode from which it is issued. As noted above, issuing the exit command in the PPP command mode returns the user to the previous command mode. The same goes for issuing the exit command in any command mode other than User. For example, issuing the exit command in the Menu Editing command mode command mode returns the user to the Menu command mode; issuing the exit command in the Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit462 451-0310E Configures the PPP link to accept negotiation of local addresses or remote addresses. NOTE: You cannot execute this command on port 0. Syntax ipcp accept local|remote address enable Where Means Examples ipcp accept local address enable ipcp accept remote address enable ipcp accept address enable local Specifies that the PPP link will only accept negotiation of local addresses. remote Specifies that the PPP link will only accept negotiation of remote addresses.451-0310E 463 Specifies that the port(s) under configuration will try to negotiate the use of Van Jacobson (VJ) compression over a PPP link. NOTE: You cannot execute this command on port 0. Syntax ipcp compression enable Usage Guidelines Data compression allows more data to be transferred over the link. The use of the VJ compression method can result in significant bandwidth savings, which can be important when PPP connections are made over telephone lines or when a PPP link is very heavily used. VJ compression is very memory intensive, however. The use of VJ compression is negotiated during PPP options negotiation. Compression can be used in one direction only. Example ipcp compression enable ipcp compression enable464 451-0310E Specifies the number of attempts at IPCP option negotiation that can be made by the port(s) under configuration. NOTE: You cannot execute this command on port 0. Syntax ipcp failure limit NUMBER Where Means Example ipcp failure limit 6 ipcp failure limit NUMBER A whole number that specifies the number of attempts at IPCP option negotiation that can be made by the port(s) under configuration. The attempt at making a PPP link will be aborted if the options are not successfully negotiated within this number of tries.451-0310E 465 Specifies the length of time that the port(s) under configuration have for ipcp option negotiation. NOTE: You cannot execute this command on port 0. Syntax ipcp timeout NUMBER Where Means Example ipcp timeout 30 ipcp timeout NUMBER The length of time, in seconds, that the port(s) under configuration have for IPCP option negotiation. The attempt at making a PPP link will be aborted if the options are not successfully negotiated within this time limit.466 451-0310E Specifies that the port(s) under configuration will try to negotiate the use of LCP compression over a PPP link. NOTE: You cannot execute this command on port 0. Syntax lcp compression enable Example lcp compression enable lcp compression enable451-0310E 467 Specifies the number of times that the port(s) under configuration can send an LCP echo request. NOTE: You cannot execute this command on port 0. Syntax lcp echo failure NUMBER Where Means Example lcp echo failure 6 lcp echo failure NUMBER A whole number that specifies the number of times that the port(s) under configuration can send an LCP echo request. The attempt at making a PPP link will be aborted if the port does not receive an LCP echo after the last echo request is sent.468 451-0310E Specifies the interval between the sending of LCP echo requests. NOTE: You cannot execute this command on port 0. Syntax lcp echo interval NUMBER Where Means Example lcp echo interval 10 lcp echo interval NUMBER A whole number that specifies the interval, in seconds, between the sending of LCP echo requests.451-0310E 469 Specifies the number of attempts at LCP option negotiation that can be made by the port(s) under configuration. NOTE: You cannot execute this command on port 0. Syntax lcp failure limit NUMBER Where Means Example lcp failure limit 6 lcp failure limit NUMBER A whole number that specifies the number of attempts at LCP option negotiation that can be made by the port(s) under configuration. The attempt at making a PPP link will be aborted if the options are not successfully negotiated within this number of tries.470 451-0310E Specifies the length of time that the port(s) under configuration have for LCP option negotiation. NOTE: You cannot execute this command on port 0. Syntax lcp timeout NUMBER Where Means Example lcp timeout 30 lcp timeout NUMBER The length of time, in seconds, that the port(s) under configuration have for LCP option negotiation. The attempt at making a PPP link will be aborted if the options are not successfully negotiated within this time limit.451-0310E 471 Specifies the PPP IP Local Address for the port(s) under configuration. NOTE: You cannot execute this command on port 0. Syntax local address A.B.C.D Where Means Example local address 119.20.112.3 local address A.B.C.D The PPP IP Local Address for the port(s) under configuration.472 451-0310E Specifies “client” as the PPP mode, and optionally specifies the CHAP or PAP secret, for the port(s) under configuration. NOTE: You cannot execute this command on port 0. Syntax mode client [chap|pap ] Where Means Examples mode client mode client pap wtrrrgbbba mode client pap irtntobaalmwmtg mode client chap Specify the CHAP secret for the port(s) under configuration. pap Specify the PAP secret for the port(s) under configuration. secret The CHAP or PAP secret for the port(s) under configuration. 451-0310E 473 Specifies the username for the PPP client. NOTE: You cannot execute this command on port 0. Syntax mode client username Where Means Examples mode client username jackc mode client username name The username for the PPP client. This can be any text string.474 451-0310E Specifies the PPP mode for the port(s) under configuration as Server Active or Server Passive. NOTE: You cannot execute this command on port 0. Syntax mode server active|passive Where Means Examples mode server active mode server passive mode server active Specifies that the port(s) under configuration will use PPP server active mode. passive Specifies that the port(s) under configuration will use PPP server passive mode.451-0310E 475 Sets the Maximum Transmission Unit (MTU) size for the PPP link. Frames that are larger than the designated MTU size are fragmented before transmission. (Note that the software fragments frames on the transmit side only.) NOTE: You cannot execute this command on port 0. Syntax mtu NUMBER Where Means Example mtu 1300 mtu NUMBER The MTU size for the PPP link. The allowable values are 1000 - 1500. The default value is 1400.476 451-0310E Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the PPP command mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the PPP command mode and are currently enabled. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no authentication no feature_name The name of the feature or boolean parameter that is to be disabled.451-0310E 477 Identifies the remote system in the PPP link. NOTE: You cannot execute this command on port 0. Syntax remote address A.B.C.D Where Means Example remote address 129.27.172.19 remote address A.B.C.D The IP Address of the remote unit in the PPP link.451-0310E 479 Chapter 11 Menu Commands The Menu commands are executed in the Menu command mode. When the LX unit is in the Menu command mode, the Menu command prompt (e.g., Menu :0 >>) is displayed on the terminal screen. The format of the Menu command prompt is as follows: Menu : >> where identifies the current session number. To enter the Menu command mode, execute the menu command in the Configuration command mode, or execute the exit command in the Menu Editing command mode. The menu command is described on page 184.480 451-0310E Deletes a menu from the LX unit. Syntax delete NAME Where Means Example delete finance_menu delete NAME The name of the menu that is to be deleted from the database of menus on the LX unit.451-0310E 481 When the end command is issued in the Menu command mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX command modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end482 451-0310E Returns the user to the previous command mode. For example, if the current command mode is Menu, issuing this command will return the user to the Configuration command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX Command Modes. However, the effect of the exit command varies, depending on the command mode from which it is issued. For example, issuing the exit command in the Menu command mode returns the user to the Configuration command mode; issuing the exit command in Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit451-0310E 483 Merges existing menus into one menu. Syntax import to Where Means Usage Guidelines If the destination menu already exists, the following prompt will be displayed when you execute the import command: The destination file already exists. Do you want to overwrite it? (yes/no) Answering “yes” will overwrite the destination file. Answering “no” will abort the command. Examples import menu_1 menu_2 menu_3 menu_4 menu_5 to finance_menu import susans_menu jacks_menu henrys_menu_3 to group_menu import menu_list Specifies the menu files that are to be merged into the destination menu. Each menu filename must be separated by a blank space. The menu files in the menu_list are appended to the destination menu. Note: A maximum of 16 menu pages can be merged into a destination menu. Each menu or submenu counts as a separate menu page. destination_menu Specifies the filename of the menu to which the files in menu_list are to be merged.484 451-0310E Displays a list of the menus on the LX unit. NOTE: If this command is executed while a menu file is open, a list of the submenus in the menu will be displayed. Syntax list Example list list451-0310E 485 Disables (negates) specific features and boolean parameters on the LX unit. Refer to “Usage Guidelines” (below) for more information about using the no command in the Menu command mode. Syntax no Where Means Usage Guidelines The allowable arguments for this command consist of only those features and boolean parameters that can be set in the Menu Editing command mode and are currently enabled. To view the features and boolean parameters that are currently enabled, type the no command followed by a question mark (?). Example no entry 2 no feature_name The name of the feature or boolean parameter that is to be disabled.486 451-0310E Opens a new or existing menu in the Menu Editing command mode. For more information on the Menu Editing command mode, refer to “Menu Editing Commands” on page 487. Syntax open NAME Where Means Example open finance_menu open NAME The name of the menu that is to be opened for editing.451-0310E 487 Chapter 12 Menu Editing Commands The Menu Editing commands are executed in the Menu Editing command mode. When the LX unit is in the Menu Editing command mode, the Menu Editing command prompt (e.g., mark-1:0 >>) is displayed on the terminal screen. The format of the Menu Editing command prompt is as follows: -: >> where identifies the Menu name. identifies the submenu number of the menu. The top-level menu always has a submenu number of 1. identifies the current session number. To enter the Menu Editing command mode, execute the open command in the Menu command mode. The open command is described on page 486.488 451-0310E Assigns control keys for the menu. Syntax control key logout|repaint|top|up Where Means Examples control key logout W Log out of LX control key repaint Z Refresh screen control key top H Go to top level control key up G Go back menu level control key logout Assigns a function key that will log out the subscriber account. repaint Assigns a function key that will redisplay the menu. top Assigns a function key that will move to the top-level menu for the subscriber. up Assigns a function key that will move up to the next-higher menu level. character The keyboard character that performs the assigned function. text Message text that is displayed at the bottom of the menu. This text typically describes what happens when the specified control key is pressed. This message has a limit of 18 characters.451-0310E 489 Displays the current menu, or a submenu associated with the current menu. The menu is displayed in the same form as it would be seen by an end user. Syntax display [menu ] Where Means Usage Guidelines When this command is executed without a submenu number, the current menu or submenu is displayed. Example display display menu 11 display menu_number An integer number, from 1 through 16, that identifies an existing menu. Menu 1 is the top-level menu. The default value is the current menu. 490 451-0310E When the end command is issued in the Menu Editing command mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX Command Modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end451-0310E 491 Display a menu entry as it appears in the menu file. NOTE: This command displays an entry as it appears in the menu file rather than as the end user will see it. The label and the associated command are listed. Syntax entry Where Means Example entry 12 entry entry_number An integer number, from 1 through 40, that identifies the menu entry that is to be displayed.492 451-0310E Creates or modifies a command entry. A Command entry executes a Linux command when the user selects it from the menu. Syntax entry command Where Means Example entry 3 command telnet 1.2.3.5.1 entry command entry_number An integer number, from 1 through 40, that identifies the menu entry that is to be created or modified. command_text The shell-level command that is to be executed when this menu entry is selected by the user. This field can contain any syntactically correct Linux command.451-0310E 493 Creates or modifies a label for a command entry or a menu entry. The label is displayed to the user in the menu. Syntax entry label Where Means Example entry 3 label List the log entries entry label entry_number An integer number, from 1 through 40, that identifies the menu entry for which the label is to be created or modified. label_text A text string that describes the entry. The text string can contain any text characters, including spaces. If the menu or submenu has less than 21 entries, the text string can contain up to 52 characters. If the menu or submenu has 21 or more entries, the text string is limited to 36 characters.494 451-0310E Creates or modifies a menu entry. When a menu entry is selected from a menu, it switches to a submenu. NOTE: This command will create an entry with a label. The default label is the same as the command string itself. You can change the label with the entry label command. The entry label command is described on page 493. Syntax entry menu Where Means Example entry 11 menu 6 entry menu entry_number An integer number, from 1 through 40, that identifies the menu entry that is to be created or modified. menu_number An integer number, from 1 through 16, that identifies the submenu that is to be displayed when the user selects this menu entry.451-0310E 495 Returns the user to the previous command mode. For example, if the current command mode is Menu Editing, issuing this command will return the user to the Menu command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX command modes. However, the effect of the exit command varies, depending on the command mode from which it is issued. For example, issuing the exit command in the Menu Editing command mode returns the user to the Menu command mode; issuing the exit command in the Menu command mode returns the user to the Configuration command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit496 451-0310E Creates a header for the current submenu. NOTE: The list command is used to display the headers for all submenus. The list command is described on page 497. Syntax header [] Where Means Examples header header Finance Department header header_text The text string that will be used as the Menu header. The text string can contain up to 60 characters, including spaces.451-0310E 497 Displays all of the configured submenus for the current menu, and their configured headers. An asterisk (*) indicates the menu that is currently under configuration. Syntax list Example list list498 451-0310E Opens a new or existing submenu for editing. Syntax menu Where Means Usage Guidelines After this command is executed, the field of the Menu Editing prompt changes to the Submenu number that is being edited. For example, the prompt mark-12:0 >> indicates that Submenu 12 is currently being edited. Example menu 12 menu submenu_number The menu number of the submenu that is to be opened for editing. This can be any integer number from 1 through 16.451-0310E 499 Specifies the continue string for the current menu. If a continue string is specified, the screen will pause after a command entry is executed; the user must press the ENTER key to re-display the menu from which the command entry was selected. If a continue string is not specified, the screen will pause after a command entry is executed, but no prompt string will be displayed. The continue string typically describes how to re-display the menu (e.g., Press ENTER to return). The continue string appears at the bottom of the screen when you display the menu using the display command. The display command is described on page 489. Syntax menu continue string Where Means Examples menu continue string Press ENTER to return menu continue string continue_string The continue string for the current menu or submenu. This is a text string of up to 60 characters.500 451-0310E Specifies the prompt string for the current menu. The prompt string is displayed at the bottom of the menu, and it typically describes how to select a menu option. The prompt string appears at the bottom of the screen when you display the menu using the display command. The display command is described on page 489. Syntax menu prompt Where Means Examples menu prompt Highlight options with Arrow Keys and press RETURN menu prompt prompt_string The prompt string for the current menu or submenu. This is limited to 53 characters.451-0310E 501 Removes control keys from the current menu. Syntax no control key logout|repaint|top|up Where Means Examples no control key logout no control key repaint no control key top no control key up no control key logout Removes the logout control key from the current menu. repaint Removes the repaint control key from the current menu. top Removes the top control key from the current menu. up Removes the up control key from the current menu.502 451-0310E Resets (negates) an entry in the current menu. When this command is executed, the menu entry no longer has a command, or a menu entry, associated with it. Syntax no entry Where Means Example no entry 11 no entry entry_number An integer number, from 1 through 40, that identifies the menu entry that is to reset.451-0310E 503 Removes the configured header from the current menu or submenu. (The configured header is specified with the header command, which is described on page 496.) Syntax no header Usage Guidelines After the no header command is executed, the default menu header will be used in the menu. The format of the default menu header is as follows: Menu LX Menu where identifies the submenu number of the menu. The top-level menu always has a submenu number of 1. For example, the default menu header for the top-level menu is Menu 1 LX Menu. Example no header no header504 451-0310E Removes (deletes) the continue string from the current menu or submenu. Syntax no menu continue string Example no menu continue string no menu continue string451-0310E 505 Removes (deletes) the prompt from the current menu or submenu. Syntax no menu prompt Example no menu prompt no menu prompt506 451-0310E Opens a new or existing menu file, and closes the current menu file. Syntax open NAME Where Means Usage Guidelines If you have made any changes to the current menu, the following prompt will be displayed when you execute the open command: The Menu has been modified. Do you want to save your changes? (y/n) : Enter y to save your changes to the current menu. Enter n to abandon your changes to the current menu. Example open finance_menu open NAME The name of the menu that is to be opened for editing.451-0310E 507 Saves the current menu file. Syntax save [] Where Means Example save save finance_menu save filename The filename under which the current menu file is to be saved. If no filename is specified, it will be saved to the filename of the current menu file.451-0310E 509 Chapter 13 Notification Commands The Notification commands are executed in the Notification command mode. When the LX unit is in the Notification command mode, the Notification command prompt (e.g., Notification:0 >>) is displayed on the terminal screen. The format of the Notification command prompt is as follows: Notification: >> where identifies the current session number. To enter the Notification command mode, execute the notification command in the Configuration command mode. The notification command is described on page 186.510 451-0310E When the end command is issued in the Notification command mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX command modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end451-0310E 511 Returns the user to the previous command mode. For example, if the current command mode is Notification, issuing this command will return the user to the Configuration command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX command modes. However, the effect of the exit command varies, depending on the command mode from which it is issued. For example, issuing the exit command in the Notification command mode returns the user to the Configuration command mode; issuing the exit command in the Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit512 451-0310E Specifies the facility of a configurable syslogd messages. To display the configurable messages, refer to “show notification message” on page 104. Syntax message NUMBER facility user|syslog|kern|daemon|authpriv Where Means Examples message 1 facility user message 2 facility syslog message 3 facility kern message 4 facility daemon message 5 facility authpriv message facility NUMBER The ID number of a configurable syslogd message. This can be any integer number from 1 through 40. user The message applies to the User processes. syslog The message applies to the syslog daemon (syslogd). kern The message applies to the Linux kernel. daemon The message applies to a system daemon, such as in.ftpd. authpriv The message applies to the Superuser authentication process.451-0310E 513 Specifies the priority of a configurable syslogd messages. To display the configurable messages, refer to “show notification message” on page 104. Syntax message NUMBER priority emerg|alert|critical|error|notice|sigsnotice|info Where Means Examples message 1 priority emerg message 2 priority alert message 3 priority critical message 4 priority error message 5 priority notice message 6 priority info message priority NUMBER The ID number of a configurable syslogd message. This can be any integer number from 1 through 40. emerg The message indicates a severe condition. This is the kind of condition that can immediately affect the users’ ability to work on the LX. alert The message indicates a condition that the system administrator needs to correct immediately, such as a corrupted system database. critical The message indicates a critical condition, such as a hard device error. error The message indicates a software error condition. notice The message indicates a condition which is not an error, but which might require specific procedures to adjust it. warning This message indicates a warning condition. info The message is a normal, informational message.514 451-0310E Specifies the string portion of a configurable syslogd messages. To display the configurable messages, refer to “show notification message” on page 104. Syntax message NUMBER string Where Means Example message 1 string New CLI mode entered by message string NUMBER The ID number of a configurable syslogd message. This can be any integer number from 1 through 40. text The string portion of the configurable syslogd message. This string can contain up to 48 characters. 451-0310E 515 Deletes Service Profiles and User Profiles. (Service Profiles and User Profiles are used in the Notification Feature.) Syntax no serviceprofile|userprofile |all Where Means Examples no serviceprofile FinanceServerprof2 no serviceprofile all no userprofile Philpager no userprofile all no serviceprofile Delete the Service Profile specified in this command. userprofile Delete the User Profile specified in this command. name The name of the Service Profile, or User Profile, that is to be deleted. all Delete all Service Profiles, or all User Profiles.516 451-0310E Specifies the asynchronous port(s) for a Service Profile of the ASYNC type. Syntax serviceprofile async port |all|none Where Means Examples serviceprofile Lab3port2 async port 2 serviceprofile Lab3port2-5 async port 2 3 4 5 serviceprofile Lab3port2 async port all serviceprofile Lab3port2 async port none serviceprofile async port name The name of a Service Profile of the ASYNC type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as ASYNC. async_list Specifies the LX asynchronous port(s) to which syslogd will send the log messages. In order to specify asynchronous port(s) in this field, the Service Profile in the name field must be configured as ASYNC. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as ASYNC. If more than one asynchronous port is specified, they should be separated by blank spaces; for example, 2 3 5 6. Note: You cannot specify port 0 in this command. all Log messages will be sent to all asynchronous ports on the LX unit. none Log messages will not be sent to any asynchronous ports on the LX unit.451-0310E 517 Specifies the bits-per-byte setting for a Service Profile of the TAP type. Syntax serviceprofile bits NUMBER Where Means Example serviceprofile Center10 bits 6 serviceprofile bits name A Service Profile of the TAP type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as TAP. NUMBER Specifies the number of bits per byte that must be supported on any modem port that is included in this Service Profile. The allowable values are 5 - 8. The default value is 8.518 451-0310E Specifies the web driver for a Service Profile of the WEB type. Syntax serviceprofile driver Where Means Usage Guidelines The date and time should be set for the LX unit. (If the date and the time are not set, some wireless providers will reject the message.) The date and time are set with the date and clock commands in the Configuration Command Mode. For more information, see the date command on page 168 and the clock command on page 165. Examples serviceprofile InternetATT driver ATT_WEB serviceprofile InternetORANGE driver ORANGE_WEB serviceprofile driver name A Service Profile of the WEB type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile of the WEB type. drivername Specifies the web driver that will be used to send a log message through a web interface. The allowable values are ATT_WEB, CELLNET_WEB, CINGULAR_WEB, ORANGE_WEB, PAGENET_WEB, PROXIMUS_WEB, and VERIZON_WEB.451-0310E 519 Specifies the file to which log messages are to be sent for a Service Profile of the Localsyslog type. Syntax serviceprofile file Where Means Example serviceprofile LabUnit3 file ricklog.txt serviceprofile file name A Service Profile of the Localsyslog type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as Localsyslog. filename Specifies the name of the file to which the log messages are to be sent. This file resides in the /var/log directory of the LX unit. 520 451-0310E Specifies the destination host for a Service Protocol of the Remotesyslog type. Syntax serviceprofile host Where Means Usage Guidelines After you have specified the remote host with the serviceprofile host command, you must configure the remote host to serve as a destination host for log messages. Do the following: 1. Add the following entry to the /etc/syslog.conf file on the remote host: user.warning /tftpboot/test/user.warning.log 2. Create an empty log file on the remote host: #touch /tftpboot/test/user.warning.log #chmod 777 /tftpboot/test/user.warning.log 3. Restart the syslog daemon on the remote host: # ps –ef|grep syslog # kill –HUP pid# Example serviceprofile Mapleprof host 140.76.45.123 serviceprofile host name A Service Profile of the Remotesyslog type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as Remotesyslog. hostname Specifies the host to which the log messages are to be forwarded. The host can be specified as an IP Address or as any symbolic name that can be resolved by DNS. 451-0310E 521 Specifies the modem ports for a Service Profile of the TAP type. Syntax serviceprofile modem port |all|none Where Means Examples serviceprofile Center10 modem port 4 serviceprofile Centers11and12 modem port 2 3 5 6 serviceprofile modem port name A Service Profile of the TAP type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as TAP. port_list Specifies the modem port(s) that syslogd can dial out to send a log message via TAP. If more than one asynchronous port is specified, they should be separated by blank spaces; for example, 2 3 5 6. The modem ports that are specified in this field must support the bits-per-byte setting of the Service Profile. Refer to serviceprofile bits on page 517 for information on specifying the bits-per-byte setting for a Service Profile. Refer to the serviceprofile bits command on page 517 for information on setting the bits-per-byte setting for a modem port. all All modem ports on the LX unit can be dialed to send a message via TAP. none None of the modem ports on the LX unit can be dialed to send a message via TAP.522 451-0310E Specifies the bit parity characteristic for a Service Profile of the TAP type. Syntax serviceprofile parity Where Means Examples serviceprofile Center10 parity odd serviceprofile Center11 parity even serviceprofile Center12 parity none serviceprofile parity name A Service Profile of the TAP type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as TAP. priority_setting Specifies the bit parity that must be used by a modem port in order to send log messages with the TAP protocol. The allowable values are odd, even, and none. The default value is none. Refer to the parity command on page 343 for information on specifying the bit parity of a port.451-0310E 523 Specifies an optional TCP port for a Service Profile of the SNPP type. Syntax serviceprofile port Where Means Examples serviceprofile FinanceServerprof2 port 7777 serviceprofile port name A Service Profile of the SNPP type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as SNPP. tcp_port Specifies a TCP port on the provider’s SNPP server. The LX syslogd will send log messages to this TCP port. The Service Profile in the name field must be configured as SNPP. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as SNPP.524 451-0310E Creates a new Service Profile. A Service Profile specifies the method and means for sending log messages to a destination. Syntax serviceprofile protocol snpp|web|tap|snmp|localsyslog|remotesyslog |async|smtp Where Means Usage Guidelines This command defines a method (i.e., SNPP, Web protocol, TAP etc.) that will be used to send messages. However, a Service Profile is not fully defined until its means for sending messages have been specified. After you have created a Service Profile with the serviceprofile protocol command, do the following to specify the means that it will use to send the messages: • For Service Profiles of the SNPP type: 1. Execute the serviceprofile server command (see page 527) to specify the SNPP server that will be used to send messages to the destination. 2. Execute the serviceprofile port command (see page 523) to specify the LX TCP port that will be used to send messages to the SNPP server. serviceprofile protocol name Specifies the name of the Service Profile. The name can be any text string of up to 20 characters. snpp Specifies that the Service Profile will use the Simple Network Pager Protocol (SNPP) as the method for sending log messages. web Specifies that the Service Profile will use the Web protocol as the method for sending log messages. tap Specifies that the Service Profile will use the Telocator Alphanumeric Protocol (TAP) as the method for sending log messages. snmp Specifies that the Service Profile will use the Simple Network Management Protocol (SNMP) as the method for sending log messages. localsyslog Specifies that the Service Profile will send log messages to a local file on the LX unit. remotesyslog Specifies that the Service Profile will send log messages to syslogd on a remote host. async Specifies that the Service Profile will send log messages to an outbound asynchronous ports on the LX unit. smtp Specifies that the Service Profile will use the Simple Mail Transfer Protocol (SMTP) to send log messages to an email address.451-0310E 525 • For Service Profiles of the Web type, execute the serviceprofile driver command (see page 518) to specify the web driver that is used to send the message through a web interface. • For Service Profiles of the TAP type: 1. Execute the serviceprofile smsc command (see page 528) to specify the Short Message Service Center (SMSC) that will be used to send the log messages to the user. 2. Execute the serviceprofile bits command (see page 517) to specify the bits per byte that must be supported by the provider’s application that is specified in a User Profile based on this Service Profile. 3. Execute the serviceprofile stopbits command (see page 530) to specify the stopbits that must be supported by the provider’s application that is specified in a User Profile based on this Service Profile. 4. Execute the serviceprofile parity command (see page 522) to specify the bit parity that must be used by the provider’s application that is specified in a User Profile based on this Service Profile. • For Service Profiles of the SMTP type, execute the serviceprofile server command (see page 527) to specify the SMTP server that will be used to send messages to the destination. • For Service Profiles of the SNMP type, create an SNMP trap client for the LX unit. The log messages will be sent to all of the SNMP trap clients of the LX unit. To create an SNMP trap client, execute the following commands in the SNMP Command Mode: • trap client (see page 423) • trap client community (see page 424) • trap client version (see page 425) • For Service Profiles of the Localsyslog type, execute the serviceprofile file command (see page 519) to specify the local file to which messages will be sent. • For Service Profiles of the Async type, execute the serviceprofile async port command (see page 516) to specify the outbound asynchronous port to which messages will be sent. • For Service Profiles of the Remotesyslog type, execute the serviceprofile host command (see page 520) to specify the remote host to which the log messages are sent. serviceprofile protocol (continued)526 451-0310E Examples serviceprofile skytel protocol snpp serviceprofile labunit protocol local serviceprofile port4 protocol async serviceprofile internetATT protocol web serviceprofile Center10 protocol tap serviceprofile Lab3snmp protocol snmp serviceprofile Lab3billtxt protocol localsyslog serviceprofile Mapleprof protocol remotesyslog serviceprofile emailprof protocol smtp serviceprofile protocol (continued)451-0310E 527 Specifies the server for a Service Profile of the SMTP or SNPP type. NOTE: In order to execute this command, you must have already configured the Domain Name suffix, Local DNS Address, and IP parameters for the LX unit. Syntax serviceprofile server Where Means Examples serviceprofile emailprof server 118.28.118.34 serviceprofile newsnpp1 server snpp.skytel.com serviceprofile server name A Service Profile of the SMTP or SNPP type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as SMTP or SNPP. server_name Specifies the server to which syslogd will send the log messages. The messages will be forwarded from the server to the user. The server can be specified as an IP Address or as any symbolic name that can be resolved by DNS.528 451-0310E Specifies the Short Message Service Center (SMSC) for a Service Profile of the TAP type. Syntax serviceprofile smsc Where Means Usage Guidelines Now configure the LX modem port that will be used for sending messages. In the following example, the required settings are specified on port 17: Config>>port async 17 Async 17>>no apd Async 17>>access remote Async 17>>modem Modem>>modem enable Modem>>type dialout A list of wireless SMSC phone numbers is provided here for your convenience: NOTE: MRV Communications is not responsible for these SMSC phone numbers and cannot guarantee their service. Please contact your provider for a number near you. serviceprofile smsc name A Service Profile of the TAP type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as TAP. tel_num Specifies the telephone number of the SMSC to which the notification is to be sent. The telephone number must contain at least 10 digits. The maximum length of the telephone number is 20 digits. Note: Your modem settings for bits-per-second, stopbits, and parity are not required to match those of your SMSC provider. Carrier SMSC Number Email Address SMSC Phone#@ AT&T 7, 1, e 800-841-8837 @mobile.att.net Cingular 7, 1, e 800-909-4602 @Cingular.com Nextel 7, 1, e 801-301-6683 @messaging.nextel.com Sprint 7, 1, e 888-656-1727 @sprintpcs.com Verizon 7, 1, e, 8, 1, n 866-823-0501 @vtext.com Skytel 8, 1, n 800-679-2778 pin@skytel.com451-0310E 529 Example userprofile servicecenter3 smsc 3776809977 serviceprofile smsc (continued)530 451-0310E Specifies the stop bits characteristic for a Service Profile of the TAP type. Syntax serviceprofile stopbits NUMBER Where Means Example serviceprofile Center10 stopbits 2 serviceprofile stopbits name A Service Profile of the TAP type. Refer to the serviceprofile protocol command on page 524 for more information on configuring a Service Profile as TAP. NUMBER Specifies the number of stop bits for the Service Profile. The allowable values are 1 or 2. The default value is 1. Refer to the stopbits on page 356 for information on setting the stop bits for a port.451-0310E 531 Specifies the contact information for a User Profile. Contact information must be specified for any User Profile that is associated with a Service Profile of the Web, SNPP, SMTP, or TAP type. Syntax userprofile contact Where Means Examples userprofile PhilWilliams contact 167451 userprofile JohnSmith contact 3995987642 userprofile JaneWalton contact 3996541276 userprofile NormanWillis contact nwillis@yourcompany.com userprofile contact name Specifies the name of a User Profile. (The User Profile must be one that is associated with a Service Profile of the Web, SNPP, or TAP type.) contact_name Specifies the contact information for the User Profile. (The contact information is the telephone number, pager ID, or email address to which the log messages will be sent.) The content of this field depends on the type of the Service Profile that is associated with the User Profile. If the associated Service Profile is of the SMTP type, this field must contain an email address. If the associated Service Profile is of the Web, SNPP, or TAP type, this field can contain a pager ID or a telephone number. The pager ID must consist of between 1 and 35 digits.532 451-0310E Specifies the facility characteristic for a User Profile. Only those log messages that originate from a Linux facility that matches this characteristic will be sent to the user. Syntax userprofile facility Where Means Examples userprofile PhilWilliams facility all userprofile JohnSmith facility authpriv userprofile JaneWalton facility daemon userprofile NormanWillis facility kern userprofile facility name Specifies the name of a User Profile. facility_char Specifies the facility characteristic for the User Profile. The allowable values are authpriv, daemon, kern, syslog, user, and all.451-0310E 533 Specifies the priority characteristic for a User Profile. Only those log messages that match this priority level will be sent to the user. Syntax userprofile priority emerg|alert|critical|error|notice|info |warning|sigsnotice Where Means Examples userprofile JohnSmith priority info userprofile JaneWalton priority notice userprofile NormanWillis priority warning userprofile priority name Specifies the name of a User Profile. emerg Only messages with a priority of emerg will be sent to the user. Messages with this priority indicate a condition that can immediately affect the users’ ability to work on the LX. alert Only messages with a priority of alert will be sent to the user. Messages with this priority indicate a condition that the system administrator needs to correct immediately, such as a corrupted system database. critical Only messages with a priority of critical will be sent to the user. Messages with this priority indicate a critical condition, such as a hard device error. error Only messages with a priority of error will be sent to the user. Messages with this priority indicate a software error condition. notice Only messages with a priority of notice will be sent to the user. Messages with this priority indicate a condition which is not an error, but which might require specific procedures to adjust it. info Only messages with a priority of info will be sent to the user. These are normal, informational messages. warning Only messages with a priority of warning will be sent to the user. sigsnotice Only messages with a priority of sigsnotice will be sent to the user. Messages with this priority indicate a state transition of the serial input signals CTS or DCD/DSR. Note: When this priority is specified, the facility for the User Profile must be set to kern. Refer to “userprofile facility” on page 532 to set the facility for a User Profile to kern.534 451-0310E Creates a new User Profile or changes the Service Profile associated with an existing User Profile. Syntax userprofile serviceprofile Where Means Usage Guidelines After a User Profile has been created, a facility characteristic and a priority characteristic can be specified for it. For more information, refer to userprofile facility on page 532 and userprofile priority on page 533. You must define a contact field for a User Profile that is based on a Service Profile of the SNPP, SMTP, TAP, or WEB type. For more information, refer to the userprofile contact command on page 531. Examples userprofile PhilWilliams serviceprofile internetATT userprofile JohnSmith serviceprofile Center10 userprofile JaneWalton serviceprofile emailprof userprofile serviceprofile name Specifies the name of a new or existing User Profile. The name can be any text string of up to 20 characters. Note: The LX unit supports a maximum of 20 User Profiles. service_profile_name Specifies the name of a fully defined Service Profile. For information on creating a fully defined Service Profile, refer to the “Usage Guidelines” for the userprofile contact command (see page 531).451-0310E 535 Chapter 14 Broadcast Group Commands The Broadcast Group commands are executed in the Broadcast Group command mode. When the LX unit is in the Broadcast Group command mode, the Broadcast Group command prompt (e.g., BrGroups 6:0 >>) is displayed on the terminal screen. The format of the Broadcast Group command prompt is as follows: BrGroups : >> where identifies the Broadcast Group under configuration. identifies the current session number. To enter the Broadcast Group command mode, execute the broadcast group command in the Configuration command mode. The broadcast group command is described on page 163.536 451-0310E When the end command is issued in Broadcast Group Mode, it returns the user to the Superuser command mode. Syntax end Usage Guidelines The end command can be issued in all of the LX Command Modes except for User and Superuser. Executing the end command always returns the user to the Superuser command mode. Example end end451-0310E 537 Returns the user to the previous command mode. For example, if the current command mode is the Broadcast Group Command Mode, issuing this command will return the user to the Configuration command mode. Syntax exit Usage Guidelines The exit command can be issued in all of the LX Command Modes. However, the effect of the exit command varies, depending on the mode from which it is issued. As noted above, issuing the exit command in the Broadcast Group command mode returns the user to the previous command mode. The same goes for issuing the exit command in any command mode other than User. For example, issuing the exit command in the Menu Editing command mode returns the user to the Menu command mode; issuing the exit command in the Configuration command mode returns the user to the Superuser command mode, and so on. Issuing the exit command in the User command mode exits the LX CLI and closes the connection to the LX unit. Example exit exit538 451-0310E Specifies the asynchronous port(s), or TCP port(s), that are to be used as Master Port(s) for the Broadcast Group under configuration. The Master Port is the port from which all input for a Broadcast Group is sent to the Slave Ports. NOTE: To prevent data overruns, it is recommended that the Master Port(s) and Slave Port(s) in a Broadcast Group be set to the same port speed. Syntax master port async|tcp [timestamp] Where Means Usage Guidelines The following cannot be specified as Master Ports: • Any port that belongs to another Broadcast Group • A TCP port that is already in use • A port that is configured as a Slave Port in any Broadcast Group At most, one TCP socket may be open on a single TCP port. Examples master port async 5 6 8 master port tcp 1500 master port async An asynchronous port, or asynchronous ports, will be specified as the Master Port(s) for the Broadcast Group under configuration. tcp A TCP port, or TCP port(s), will be specified as the Master Port(s) of the Broadcast Group under configuration. The allowable values are 1024 - 65535. port_list Specifies the asynchronous port(s), or TCP port(s), that will be used as the Master Port(s) for the Broadcast Group under configuration. If more than one port is specified, they should be separated by blank spaces; for example, 2 3 5 6. Note: You cannot specify the DIAG port (port 0) as a Master Port. A maximum of 20 ports, including Masters and Slaves, can be configured for a Broadcast Group. A maximum of two TCP ports can be configured for a Broadcast Group. timestamp Specifies that a timestamp will be appended at the beginning of each new line of data. This option can only be applied after the Master Port has been created.451-0310E 539 Specifies the Telnet mode for the Broadcast Group under configuration. Syntax mode line|character Where Means Examples mode line mode character mode line The Broadcast Group will use Telnet line mode. character The Broadcast Group will use Telnet character mode.540 451-0310E Removes a Master Port, or Master Ports, from the Broadcast Group under configuration. Syntax no master port async|tcp Where Means Examples no master port async 5 no master port async 5 6 8 no master port tcp 1500 2500 no master port tcp 1500 2500 no master port async Remove asynchronous Master Port(s) from the Broadcast Group under configuration. tcp Remove TCP Master Port(s) from the Broadcast Group under configuration. The allowable values are 1024 - 65535. port_list Specifies the asynchronous port(s), or TCP port(s), that are being removed from the Broadcast Group under configuration. If more than one port is specified, they should be separated by blank spaces; for example, 2 3 5 6. 451-0310E 541 Removes a Slave Port, or Slave Ports, from the Broadcast Group under configuration. Syntax no slave port async|tcp Where Means Examples no slave port async 5 no slave port async 2 5 6 7 no slave port tcp 1500 no slave port tcp 1500 2500 no slave port async Remove asynchronous Slave Port(s) from the Broadcast Group under configuration. tcp Remove TCP Slave Port(s) from the Broadcast Group under configuration. port_list Specifies the asynchronous port(s), or TCP port(s), that are being removed from the Broadcast Group under configuration. If more than one port is specified, they should be separated by blank spaces; for example, 2 3 5 6. 542 451-0310E Removes the discard setting from a Slave Port, or Slave Ports, in the Broadcast Group under configuration. Syntax no slave port async|tcp discard Where Means Examples no slave port async 5 discard no slave port async 2 5 6 7 discard no slave port tcp 1500 discard no slave port tcp 1500 2500 discard no slave port discard async Remove the discard setting from asynchronous Slave Ports. tcp Remove the discard setting from TCP Slave Ports. port_list Specifies the asynchronous port(s), or TCP port(s), for which the discard setting is being removed. If more than one port is specified, they should be separated by blank spaces; for example, 2 3 5 6. 451-0310E 543 Removes the localecho setting from a Slave Port, or Slave Ports, in the Broadcast Group under configuration. Syntax no slave port async|tcp localecho Where Means Examples no slave port async 5 localecho no slave port async 2 5 6 7 localecho no slave port tcp 1500 localecho no slave port tcp 1500 2500 localecho no slave port localecho async Remove the localecho setting from asynchronous Slave Ports. tcp Remove the localecho setting from TCP Slave Ports. port_list Specifies the asynchronous port(s), or TCP port(s), for which the localecho setting is being removed. If more than one port is specified, they should be separated by blank spaces; for example, 2 3 5 6. 544 451-0310E Specifies the asynchronous port(s), or TCP port(s), that are to be used as Slave Port(s) for the Broadcast Group under configuration. The Slave Ports receive data from the Master Port and send all of their data to the Master Port. NOTE: To prevent data overruns, it is recommended that the Slave Port(s) and Master Port(s) in a Broadcast Group be set to the same port speed. Syntax slave port async|tcp discard|localecho Where Means Usage Guidelines The following cannot be specified as Slave Ports: • Any port that belongs to another Broadcast Group • A TCP port that is already in use • A port that is configured as a Master Port in any Broadcast Group At most, one TCP socket may be open on a single TCP port. Examples slave port async 5 discard slave port async An asynchronous port, or asynchronous ports, will be specified as the Slave Port(s) for the Broadcast Group under configuration. tcp A TCP port, or TCP port(s), will be specified as the Slave Port(s) of the Broadcast Group under configuration. The allowable values are 1024 - 65535. port_list Specifies the asynchronous port(s), or TCP port(s), that will be used as the Slave Port(s) for the Broadcast Group under configuration. If more than one port is specified, they should be separated by blank spaces; for example, 2 3 5 6. Note: You cannot specify the DIAG port (port 0) as a Slave Port. A maximum of 20 ports, including Masters and Slaves, can be configured for a Broadcast Group. A maximum of two TCP ports can be configured for a Broadcast Group. discard The port(s) specified in this command will discard any data that comes into them. localecho The port(s) specified in this command will echo any data that comes into them. 451-0310E 545 slave port async 2 5 6 7 discard slave port async 5 localecho slave port async 2 5 6 7 localecho slave port tcp 1500 discard slave port tcp 1500 2500 discard slave port tcp 1500 localecho slave port tcp 1500 2500 localecho slave port (continued)451-0310E 547 INDEX A access command 308 access console enable command 368 access port command 369 access power model command 309 access ssh enable command 370 access telnet enable command 371 access web enable command 372 accounting enable command 448 address command 276 apd enable command 310 apd retry command 311 apd signature command 312 apd timeout command 313 Async command mode 307 Async command prompt 307 Async mode exiting from Async mode 335, 336 asynchronous ports APD settings, defaulting 330 Asynchronous Protocol Detection (APD), enabling 310 autobaud, enabling 317 autodial, enabling 319 autohangup, enabling 320 bits per character, configuring 322 break enabling 323 break sequence, defining 324 configuring APD retries 311 configuring authentication 314 configuring autobaud retries 318 configuring the access method 308, 309 configuring the APD signature 312 configuring the APD timeout 313 connect commands, specifying 325 data buffer display options 326 data buffer size, configuring 327 data buffer size, defaulting 331 databuffer syslog, enabling 328 databuffer timestamp, enabling 329 description, specifying 340 flow control, specifying 337 login banners, creating 321 Modem Control, enabling 339 parity bit, specifying 343 port prompt, specifying 350 port speed, defaulting 334 port speed, specifying 355 settings, defaulting 332 stop bits, specifying 356 audit log enable command 373 authentication command 314, 449 authentication fallback enable command 277, 316 authentication local enable command 278 authentication none command 279 authentication radius enable command 280 authentication securid enable command 281 authentication tacacs+ enable command 282 Authentication, disabling 279 autobaud enable command 317 autobaud retry command 318 autodial enable command 319 autohangup enable command 320 B backward_switch command 374 banner command 321 bits command 322 boot configuration from flash command 160 boot configuration from name command 161 boot configuration from network command 162 break enable command 323 break special command 324 broadcast command 283 broadcast group command 163 Broadcast Group command mode 535 Broadcast Group command prompt 535 broadcast group enable command 164 Broadcast Group mode, exiting from Broadcast Group mode 536, 537 Broadcast Group settings Telnet mode, specifying 539 Broadcast Groups548 451-0310E discard setting, removing from a slave port 542 localecho setting, removing from a slave port 543 master port, removing 540 master port, specifying 538 slave port, removing 541 slave ports, specifying 544 C ccp enable command 450 clear command 34, 66 clock command 165 Clock. See System clock. Command Editing mode exiting from Command Editing mode 495 command log enable command 375 command syntax 22 configuration command 67 Configuration command mode 159 Configuration command mode, entering 67 Configuration command prompt 159 Configuration mode exiting from Configuration mode 175, 176 configuration, saving the 80 connect command command 325 contact command 410 control key command 488 copy port command 166 copy subscriber command 167 D databuffer display command 326 databuffer size command 327 databuffer syslog enable command 328 databuffer timestamp enable command 329 date command 168 Debug information displaying for ports 83, 90 displaying for subscribers 91 generating for asynchronous ports 68 generating for SNMP 69 generating for subscribers 70 debug port async ppp command 68 debug snmp command 69 debug subscriber command 70 dedicated service command 376 default access port command 377 default access remote command 378 default apd command 330 default authentication command 451 default backward_switch command 379 default boot command 169 default configuration command 170 default databuffer size command 331 default dialback retry command 380 default forward_switch command 381 default idletime command 382 default initstring command 438 default ipcp command 452 default lcp compression command 453 default lcp echo failure command 454 default lcp failure limit command 455 default lcp timeout command 456 default local_switch command 383 default log size command 171 default mode client username command 457 default mtu command 284, 458 default outlet group off time command 172 default port command 332 default power off time command 333 default remote address command 459 default rotary command 285 default speed command 334 default ssh keepalive command 286 default ssh log level command 384 default ssh port command 287 default telnet port command 288 default tftp command 173 default v3 client command 411 Defaulting the LX unit 170 delete command 480 description command 362 Device information displaying 92 dialback enable command 385 Dialback feature. See Subscriber settings, dialback. dialback number command 386 dialback retry command 387 dialout number command 439 disconnect command 35, 71 display command 489 Displays broadcast group information 85 command log 87451-0310E 549 configuration log 89 date and time 41, 86 device 92 device information 94 global system configuration 139 interface information 95, 97, 99, 100, 101 IP information 125 logged-in users 149 pattern-matching characteristics 111 port debug 90 ppciboot configured load settings 141 Radius information 120, 122, 124 SecurID information 126, 128, 129 SNMP information 132, 133 subscriber debug 91 Superuser-mode broadcast groups 84 Superuser-mode port 108, 109, 110, 112, 113, 114, 115, 116, 117, 119 Superuser-mode services display 130 Superuser-mode session display 131 Superuser-mode subscriber displays 137, 138 System configuration table 88 system status 142 User-mode port displays 42, 55, 137, 138 User-mode services display 53 User-mode session display 54 User-mode subscriber displays 55 User-mode versions display 61, 150 domain name command 174 domain name, specifying the 174 E enable command 36 end command 175, 289, 335, 363, 388, 412, 440, 460, 481, 490, 510, 536 entry command 491 entry command command 492 entry label command 493 entry menu command 494 Ethernet command mode 361 Ethernet command mode, entering 195 Ethernet command prompt 361 Ethernet mode, exiting from Ethernet mode 363, 364 Ethernet port description, removing 365 Ethernet ports duplex mode, specifying 366 port description, specifying 362 speed, specifying 366 exit command 37, 72, 176, 290, 336, 364, 389, 413, 441, 461, 482, 495, 511, 537 F Fallback feature, enabling 277, 316 Features, disabling Async Port command mode 341 in Superuser mode 74 Menu command mode 485 Modem command mode 443 PPP command mode 476, 515 Subscriber command mode 395 features, disabling Configuration command mode 185 Interface command mode 293 SNMP command mode 419 User-mode features 38 finger daemon. See fingerd. fingerd enable command 177 fingerd, enabling 177 flowcontrol command 337 forward_switch command 390 G gateway command 178 get client command 414 get client community command 415 get client version command 416 H header command 496 Help. See Online help. host name, configuring the 179 hostname command 179 how port async ppp command 112 I iboot file changing 160, 161, 162 resetting to default 169 idletime command 391 import command 483 initstring command 442 interface command 180 Interface command mode 275 Interface command prompt 275550 451-0310E Interface mode entering 180 exiting from Interface mode 289, 290 Interface parameters, setting Broadcast Address 283 Maximum Transmission Unit (MTU) size 292 MTU size 284 rotary parameters 285 SSH UDP port 287 subnet mask 291 Telnet UDP port 288 Interface parameters, setting IP Address 276 Interface parameters, SSH keepalive count, specifying 301 Interface parameters, SSH keepalive interval, specifying 302 Interface parameters, SSH keepalive settings, defaulting 286 IP parameters, setting gateway 227 gateway (default route) 178 Primary Domain Name Server (DNS) 204 Secondary DNS 229 static route 226 subnet mask 228 ipcp accept address enable command 462 ipcp compression enable command 463 ipcp failure limit command 464 ipcp timeout command 465 iptables command 181 L lcp compression enable command 466 lcp echo failure command 467 lcp echo interval command 468 lcp failure limit command 469 lcp timeout command 470 Linux shell, entering the 82 list command 484, 497 local address command 471 Local authentication, enabling 278 local_switch command 392 location command 182, 417 log enable command 418 log file sizes resetting to default 171 specifying 183 log size command 183 Logging out a device 73 Logging out a subscriber 73 Logging out an LX port 73 logout command 73 logs, resetting the 156 LX CLI, exiting the 37 LX software, updating 154 M mask command 291 master port command 538 maxsubscriber command 393 menu command 184, 498 Menu command mode 479 Menu command prompt 479 menu continue string command 499 Menu Editing command prompt 487 Menu Editing mode 487 exiting from Menu Editing mode 490 menu enable command 394 Menu mode exiting from Menu mode 481, 482 Menu mode, entering 184 menu prompt command 500 Menus accessing submenus 498 control keys, assigning 488 control keys, removing 501 creating a Menu header 496 creating entries 492, 493, 494 deleting 480 displaying 489 displaying an entry 491 listing the menus 484 listing the submenus 497 merging menus 483 modifying entries 491, 492, 493, 494 opening a menu 486, 506 removing continue strings 504 removing headers 503 removing prompts 505 resetting entries 502 saving menus 507 message facility command 512 message priority command 513 message string command 514 mode client command 472451-0310E 551 mode client username command 473 mode command 539 mode server command 474 modem command 338 Modem command mode 437 Modem command prompt 437 modem enable command 339 Modem mode exiting from Modem mode 440, 441 Modem mode, entering 338 Modem settings, configuring dialout retries, specifying 444 initialization string, specifying 442 timeout, specifying 445 type, specifying 446 mtu command 292, 475 N name command 340 Network Time Protocol (NTP) enabling 187 NTP server specifying 188 no command 38, 74, 185, 293, 341, 395, 419, 443, 476, 485, 515 no control key command 501 no description command 365 no entry command 502 no header command 503 no master port command 540 no menu continue string command 504 no menu prompt command 505 no slave port command 541 no slave port discard command 542 no slave port localecho command 543 notification command 186 Notification command mode 509 Notification command mode, entering 186 Notification command prompt 509 Notification mode exiting from Notification mode 510, 511 ntp enable command 187 ntp server address command 188 O off time resetting to default 172, 333 Online help, displaying 30 open command 486, 506 outlet command 75 outlet group command 76, 189 outlet group name command 190 outlet group off time command 191 outlet name command 342 P parity command 343 password command 192, 396 password enable command 193, 397 pattern match enable command 344 Pattern matching enabling 344 pattern string command 345 pause enable command 39, 77, 398 ping command 40, 78 pinging a host in Superuser mode 78 in User mode 40 Point-to-Point Protocol (PPP), configuring accounting, enabling 448 authentication retries, defaulting 451 authentication timeout, defaulting 451 authentication, enabling 449 CCP negotiation, enabling 450 CHAP secret, specifying 472 client mode 472 client mode username 473 IPCP address negotiation 462 IPCP compression, enabling 463 IPCP failure limit, specifying 464 IPCP options, defaulting 452 IPCP timeout, specifying 465 LCP compression, enabling 466 LCP echo failure, specifying 467 LCP echo interval, specifying 468 LCP failure limit, specifying 469 LCP options, defaulting 453, 454, 455, 456 LCP timeout, specifying 470 Local Address, specifying 471 Maximum Transmission Unit (MTU), defaulting 458 MTU size, specifying 475 PAP secret, specifying 472 PPP mode, specifying 474 remote address, specifying 477 port async command 194 Port Async mode, entering 194552 451-0310E port configuration, copying the 166 port ethernet command 195 power off time command 347 ppciboot address assignment option command 197 ppciboot address command 196 ppciboot Ethernet network link duplex mode, specifying 198 speed, specifying 198 ppciboot ethernet network link command 198 ppciboot file, updating 154 ppciboot gateway command 199 ppciboot image filename command 200 ppciboot image load from command 201 ppciboot mask command 202 ppciboot tftp server command 203 ppp command 348 PPP command mode 447 PPP command prompt 447 ppp enable command 349 PPP mode enabling 349 entering 348 exiting from PPP mode 460, 461 preferred service command 399 primary dns command 204 prompt command 350, 400 Q Quick Start Configurator. Se setup utility. R Radius Radius accounting, enabling 294, 351 Radius authentication, enabling 280 radius accounting enable command 294, 351 Radius parameters, setting primary accounting server parameters 206, 207, 208, 209, 210 primary authentication server parameters 211, 212, 213, 214, 215 secondary accounting server parameters 216, 217, 218, 219, 220 secondary authentication server parameters 221, 222, 223, 224, 225 Radius parameters, setting the Radius period 205 radius period command 205 radius primary accounting address command 206 radius primary accounting port command 207 radius primary accounting retransmit command 208 radius primary accounting secret command 209 radius primary accounting timeout command 210 radius primary server address command 211 radius primary server port command 212 radius primary server retransmit command 213 radius primary server secret command 214 radius primary server timeout command 215 radius secondary accounting address command 216 radius secondary accounting port command 217 radius secondary accounting retransmit command 218 radius secondary accounting secret command 219 radius secondary accounting timeout command 220 radius secondary server address command 221 radius secondary server port command 222 radius secondary server retransmit command 223 radius secondary server secret command 224 radius secondary server timeout command 225 Rebooting the LX. See Re-starting the LX. Related documents 31 reload command 79 remote address command 477 Restarting the LX 79 retry command 444 Rotaries assigning rotary ports 296 assigning SSH sockets 297 assigning TCP sockets 298 enabling 295 port-search method 299 rotary enable command 295 rotary port command 296 rotary ssh port command 297 rotary tcp port command 298 rotary type command 299 route address command 226 route gateway command 227 route mask command 228 S save command 507 save configuration command 80451-0310E 553 screen pause enabling in Superuser mode 77 enabling in User mode 39 screen, clearing the in Superuser mode 66 in User mode 34 secondary dns command 229 SecurID SecurID authentication, enabling 281 securid authentication encryption command 230 securid authentication port command 231 securid authentication retransmit command 232 securid authentication timeout command 233 securid authentication version command 234 securid master authentication server address command 235 securid master authentication server name command 236 SecurID parameters, setting authentication port 231 authentication version 234 encryption method 230 master authentication server parameters 235, 236 primary authentication server parameters 237, 238 retries 232 slave authentication server parameters 239, 240 timeout 233 securid primary authentication server address command 237 securid primary authentication server name command 238 securid slave authentication server address command 239 securid slave authentication server name command 240 security level superuser command 401 serial command 300 service command 241 serviceprofile async port command 516 serviceprofile bits command 517 serviceprofile driver command 518 serviceprofile file command 519 serviceprofile host command 520 serviceprofile modem port command 521 serviceprofile parity command 522 serviceprofile port command 523 serviceprofile protocol command 524, 527 serviceprofile smsc command 528 serviceprofile stopbits command 530 session disconnecting in Superuser mode 71 disconnecting in User mode 35 session command 402 set client command 420 set client community command 421 set client version command 422 setup command 81 Setup utility, entering the 81 shell command 82 shell enable command 403 show audit log command 83 show broadcast group characteristics command 84 show broadcast group summary command 85 show clock command 41, 86 show command log command 87 show config command 88 show configuration log command 89 show debug port async ppp command 90 show debug subscriber command 91 show device command 92 show device summary command 94 show interface characteristics command 95 show interface port mapping command 97 show interface rotary command 99 show interface status command 100 show interface summary command 101 show kernel log command 102 show log command 103 show notification message command 104 show notification serviceprofile command 105 show notification userprofile command 106 show outlet group status command 107 show port async apd command 108 show port async characteristics command 109 show port async modem command 110 show port async pattern match characteristics command 111 show port async ppp status command 113 show port async status command 114 show port async summary command 115 show port command 42 show port ethernet characteristics command 116554 451-0310E show port ethernet status command 117 show port ethernet summary command 119 show radius characteristics command 120 show radius status command 122 show radius summary command 124 show route command 125 show securid characteristics command 126 show securid status command 128 show securid summary command 129 show service command 53, 130 show session command 54, 131 show snmp characteristics command 132 show snmp client command 133 show snmp v3 command 134 show subscriber command 55, 137 show subscriber summary command 138 show system characteristics command 139 show system ppciboot command 141 show system status command 142 show users command 149 show version command 61, 150 signals syslog enable command 352 slave port command 544 snmp command 242 SNMP command mode 409 SNMP command prompt 409 snmp enable command 243 SNMP mode exiting from SNMP mode 412, 413 SNMP parameters, setting default v3 client 411 SNMP contact 410 SNMP get client 414 SNMP get client community 415 SNMP get client version 416 SNMP location 417 SNMP set client 420 SNMP set client community 421 SNMP set client version 422 SNMP trap client 423 SNMP trap client community 424 SNMP trap client version 425 special break enable command 353 special break string command 354 speed command 355, 366 ssh cipher command 404 ssh command 62, 151 SSH connection from Superuser Mode 151 from User Mode 62 ssh enable command 244 ssh keepalive count command 301 ssh keepalive interval command 302 ssh key command 405 ssh log level command 406 ssh port command 303 SSH sockets assigning to an interface 303 ssh v1 command 245 ssh v2 command 246 statistics data, zeroing the 155 stopbits command 356 subscriber command 247 Subscriber command mode 367 Subscriber command prompt 367 subscriber configuration, copying the 167 Subscriber mode entering 247 exiting from Subscriber mode 388, 389 Subscriber settings access method, specifying a 368, 369, 370, 371, 372 access port, defaulting 377 Backward Switch character, defaulting 379 Backward Switch character, specifying 374 command log, enabling 375 dedicated service, assigning a 376 Dialback retries, defaulting 380 dialback retries, specifying 387 dialback telephone number, specifying 386 dialback, enabling 385 dialout telephone number, specifying 439 Forward Switch character, defaulting 381 Forward Switch character, specifying 390 Inactivity Timeout, defaulting 382 Inactivity timeout, specifying 391 Local Switch character, defaulting 383 Local Switch character, specifying 392 maximum sessions, specifying 402 maximum simultaneous connections, specifying 393 Menu feature, enabling 394 password protection, enabling 397 password, specifying 396 port auditing, enabling 373 preferred service, specifying 399451-0310E 555 prompt, specifying 400 screen pause, enabling 398 shell mode, enabling 403 ssh encryption type, specifying 404 ssh key, specifying 405 SSH log level, defaulting 384 ssh log level, specifying 406 Superuser privileges, configuring 401 Telnet mode, specifying 407 terminal type, specifying 408 Superuser command mode 65 Superuser command prompt 65 Superuser mode entering 36 Superuser Mode, exiting 72 Superuser password, specifying 192, 193 System calendar setting the date 168 System clock setting the date and time 273 setting the time 165 T TACACS+ TACACS+ accounting, enabling 304, 357 TACACS+ authentication, enabling 282 tacacs+ accounting enable command 304, 357 TACACS+ parameters, setting primary accounting server parameters 249, 250, 251, 252, 253 primary authentication server parameters 254, 255, 256, 257, 258 secondary accounting server parameters 259, 260, 261, 262, 263 secondary authentication server parameters 264, 265, 266, 267, 268 superuser password request enable 269 TACACS+ parameters, setting the TACACS+ period 248 tacacs+ period command 248 tacacs+ primary accounting address command 249 tacacs+ primary accounting port command 250 tacacs+ primary accounting retransmit command 251 tacacs+ primary accounting secret command 252 tacacs+ primary accounting timeout command 253 tacacs+ primary server address command 254 tacacs+ primary server port command 255 tacacs+ primary server retransmit command 256 tacacs+ primary server secret command 257 tacacs+ primary server timeout command 258 tacacs+ secondary accounting address command 259 tacacs+ secondary accounting port command 260 tacacs+ secondary accounting retransmit command 261 tacacs+ secondary accounting secret command 262 tacacs+ secondary accounting timeout command 263 tacacs+ secondary server address command 264 tacacs+ secondary server port command 265 tacacs+ secondary server retransmit command 266 tacacs+ secondary server secret command 267 tacacs+ secondary server timeout command 268 tacacs+ superuser password request enable command 269 telnet break string command 358 telnet command 63, 152 Telnet connection from Superuser Mode 152 from User Mode 63 telnet enable command 270 telnet mode command 407 telnet negotiation enable command 359 telnet port command 305 Telnet sockets assigning to an interface 305 terminal command 64, 153, 408 Terminal type setting in Superuser mode 153 setting in User mode 64 tftp command 271 tftp retry resetting to default 173 tftp timeout resetting to default 173 Time Daemon. See timed timed enable command 272 timed, enabling 272 timeout command 445 timezone command 273 transparency enable command 360556 451-0310E trap client command 423 trap client community command 424 trap client version command 425 type command 446 typographical conventions 22 U update command 154 User command mode 33 User command prompt 33 userprofile contact command 531 userprofile facility command 532 userprofile priority command 533 userprofile serviceprofile command 534 V v3 client access context match command 426 v3 client access context prefix command 427 v3 client access read view command 428 v3 client access security command 429 v3 client access write view command 430 v3 client group security model command 431 v3 client name command 432 v3 client security community command 433 v3 client security source command 434 v3 client view command 435 v3 engine command 436 W web_server enable command 274 Z zero all command 155 zero log command 156 zero securid secret command 157 LX-Series Configuration Guide 451-0311B Corporate Headquarters MRV Communications, Inc. Corporate Center 20415 Nordhoff Street Chatsworth, CA 91311 Tel: 818-773-0900 Fax: 818-773-0906 www.mrv.com (Internet) Sales and Customer Support MRV Americas 295 Foster Street Littleton, MA 01460 Tel: 800-338-5316 (U.S.) Tel: +011 978-952-4888 (Outside U.S.) sales@mrv.com (email) www.mrv.com (Internet) MRV International Industrial Zone P.O. Box 614 Yokneam, Israel 20682 Tel: 972-4-993-6200 sales@mrv.com (email) www.mrv.com (Internet)2 451-0311B All rights reserved. No part of this publication may be reproduced without the prior written consent of MRV Communications, Inc. The information in this document is subject to change without notice and should not be construed as a commitment by MRV Communications, Inc. MRV Communications, Inc. reserves the right to revise this publication and to make changes in content from time to time, without obligation to provide notification of such revision or changes. MRV Communications, Inc. assumes no responsibility for errors that may appear in this document. Copyright © 2003 by MRV Communications, Inc. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptosoft.com). This product includes software written by Tim Hudson (tjh@cryptosoft.com). Service Information Should you experience trouble with this equipment, please contact one of the following support locations: • If you purchased your equipment in the Americas, contact MRV Americas Service and Support in the U.S. at 978-952-4888. (If you are calling from outside the U.S., call +011 978-952-4888.) • If you purchased your equipment outside the Americas (Europe, EU, Middle-East, Africa, Asia), contact MRV International Service and Support at 972-4-993-6200.451-0311B 3 Secure Shell Disclaimer THE SECURE SHELL SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.451-0311B 5 Table of Contents Preface ................................................................................................................ 13 How This Book is Organized ...................................................................................................... 13 Conventions ................................................................................................................................. 14 Using the Function Keys ............................................................................................................. 14 Online Help ................................................................................................................................. 15 Navigating the LX Command Line Interface (CLI) .................................................................... 16 User Command Mode ............................................................................................................ 17 Superuser Command Mode ...................................................................................................18 Configuration Command Mode .............................................................................................18 Asynchronous Command Mode ............................................................................................ 19 PPP Command Mode ............................................................................................................. 20 Modem Command Mode ....................................................................................................... 20 Ethernet Command Mode ...................................................................................................... 21 Subscriber Command Mode .................................................................................................. 21 SNMP Command Mode ........................................................................................................ 21 Interface Command Mode ..................................................................................................... 22 Menu Command Mode .......................................................................................................... 22 Menu Editing Command Mode .............................................................................................22 Notification Command Mode ................................................................................................ 23 Broadcast Group Command Mode ........................................................................................23 Disabling (Negating) Features and Settings ................................................................................ 24 Related Documents ..................................................................................................................... 25 Chapter 1 - Initial Setup of the LX Unit ............................................................ 27 Configuring TCP/IP ....................................................................................................................27 Obtaining TCP/IP Parameters from the Network .................................................................. 27 Configuring TCP/IP Parameters with the Quick Start Configurator .....................................27 Setting the TCP/IP Parameters in the IP Configuration Menu .............................................. 29 Creating and Loading a Default Configuration File .............................................................. 29 Setting Up Local (Onboard) Security for the LX Unit ................................................................ 31 Changing the Password Defaults ........................................................................................... 31 Setting Up RADIUS, SecurID, and TACACS+ for the LX Unit ................................................33 Setting Up RADIUS .............................................................................................................. 33 Setting Up TACACS+ ........................................................................................................... 38 Setting Up SecurID ................................................................................................................ 436 451-0311B Chapter 2 - Setting Up Remote Console Management .................................. 49 Connecting the Console Port to the Network Element ............................................................... 49 Making Straight-through Cables ........................................................................................... 50 Recommendations for Making Cables ..................................................................................50 Modular Adapters (RJ-45 to DB-25 and RJ-45 to DB-9) ..................................................... 51 Configuring Ports for Remote Console Management .................................................................51 Configuring Asynchronous Ports for Direct Serial Connections .......................................... 51 Setting Up Modem Ports for Remote Console Management ................................................53 Setting Up Security for a Console Port ................................................................................. 54 Creating Subscribers for Remote Console Management ............................................................ 58 Specifying Access Methods ...................................................................................................59 Chapter 3 - System Administration .................................................................. 61 Backup and Recovery .................................................................................................................. 61 Saving the Configuration File ................................................................................................ 61 Where the Configuration is Stored ........................................................................................61 Saving the Configuration Into the Flash ................................................................................ 62 Saving the Configuration to the Network .............................................................................. 62 Editing the Files on a Unix Host ........................................................................................... 62 Editing the Files in Windows ................................................................................................ 63 Recreating the Zip File in Order to Upload It Onto the LX .................................................. 64 Loading the Configuration ..................................................................................................... 64 Applying Default Configurations to Other Units ........................................................................ 65 Creating a Default Configuration File ................................................................................... 65 Restoring the Default Configuration File to a New Unit ....................................................... 65 Scripting On External Units ........................................................................................................ 66 How to Upgrade the Software ..................................................................................................... 66 Upgrading Software and ppciboot with the Command Line Interface ....................................... 66 ppciboot Factory Default Settings ............................................................................................... 68 Upgrading Software with the ppciboot Main Menu .................................................................... 69 Booting from the Network ..................................................................................................... 70 Saving the Boot Image to Flash .............................................................................................70 Booting from Flash ................................................................................................................ 70 Setting the Timeout in Seconds .............................................................................................71 IP Configuration Menu .......................................................................................................... 71 Updating the ppciboot Firmware ........................................................................................... 71 Setting the Speed and Duplex Mode of the Ethernet Network Link .....................................72 Resetting to System Defaults ................................................................................................. 72 Saving the Configuration ....................................................................................................... 73 Booting the System ................................................................................................................ 73451-0311B 7 Using the IP Configuration Menu ............................................................................................... 73 Choosing an IP Assignment Method ..................................................................................... 74 Changing the Unit IP Address ............................................................................................... 74 Changing the Network Mask ................................................................................................. 75 Changing the Gateway Address ............................................................................................ 75 Changing the TFTP Server IP Address ................................................................................. 75 Saving the Configuration ....................................................................................................... 76 Booting from Defaults ................................................................................................................. 76 Defaulting from CLI ..............................................................................................................76 Defaulting from the Main Menu ............................................................................................ 76 Acquiring the IP Configuration ...................................................................................................77 Chapter 4 - Setting Up the Notification Feature .............................................. 79 Overview of the Notification Feature .......................................................................................... 79 Configuring the Notification Feature .......................................................................................... 81 Service Profiles ...................................................................................................................... 81 Overview of User Profiles ..................................................................................................... 88 Displaying Information on the Notification Feature ................................................................... 89 Displaying Characteristics of Service Profiles ...................................................................... 89 Displaying Characteristics of User Profiles ........................................................................... 90 Configuration Examples ..............................................................................................................91 Localsyslog Example ............................................................................................................. 91 Outbound Asynchronous Port Example ................................................................................ 92 Remotesyslog Example .........................................................................................................92 SNPP Example ...................................................................................................................... 93 TAP Example ........................................................................................................................ 93 SNMP Example ..................................................................................................................... 94 Email Example ...................................................................................................................... 95 Web Example ........................................................................................................................ 95 Chapter 5 - Configuring the Data Broadcast Feature ..................................... 97 Setting Up Broadcast Groups ...................................................................................................... 97 Usage Guidelines ................................................................................................................... 99 Specifying Port Options .........................................................................................................99 Removing Ports from Broadcast Groups ............................................................................. 100 Disabling Broadcast Groups ...................................................................................................... 101 Displaying Broadcast Group Characteristics ............................................................................ 101 Displaying Broadcast Group Characteristics ....................................................................... 101 Displaying Broadcast Group Summaries ............................................................................ 1038 451-0311B Chapter 6 - Configuring IP Interfaces ............................................................ 105 Setting Up IP Interfaces ............................................................................................................106 Specifying SSH Keepalive Parameters ................................................................................107 Specifying Socket Numbers ................................................................................................ 108 Specifying Maximum Transmission Units (MTU) ............................................................. 109 Configuring Local Authentication on an IP Interface ......................................................... 110 Configuring RADIUS, TACACS+, or SecurID Authentication on an IP Interface ............110 Configuring Rotaries ................................................................................................................. 113 Disabling Rotaries ............................................................................................................... 115 Removing Ports from a Rotary ............................................................................................ 115 Displaying Interface Information .............................................................................................. 116 Displaying Interface Characteristics .................................................................................... 116 Displaying Interface Port Mapping ..................................................................................... 117 Displaying Interface Statuses .............................................................................................. 117 Displaying Interface Summaries ......................................................................................... 118 Displaying Rotary Information ............................................................................................ 118 Chapter 7 - Configuring Subscriber Accounts for the LX Unit ................... 121 Creating Subscriber Accounts and Entering Subscriber Command Mode ............................... 121 Creating Subscriber Accounts by Copying ............................................................................... 122 Deleting Subscriber Accounts ................................................................................................... 122 The User Profile ........................................................................................................................ 123 Specifying the Subscriber Access Methods ......................................................................... 123 Setting Up the Session and Terminal Parameters ................................................................ 128 Configuring the Subscriber Password ................................................................................. 132 Adding Superuser Privileges to a Subscriber Account ........................................................ 133 Specifying a Dedicated Service ...........................................................................................133 Specifying a Preferred Service ............................................................................................ 133 Enabling Audit Logging ...................................................................................................... 134 Enabling Login Menus ........................................................................................................ 134 Enabling Command Logging ............................................................................................... 134 Displaying Subscriber Information ...........................................................................................135 Displaying Subscriber Characteristics ................................................................................. 135 Displaying the Subscriber Status ......................................................................................... 136 Displaying the Subscriber TCP Information ....................................................................... 137 Displaying the Subscriber Summary Information ...............................................................138 Displaying the Audit Log for a Subscriber .......................................................................... 138 Displaying the Command Log for a Subscriber .................................................................. 139451-0311B 9 Chapter 8 - Configuring Ports for Temperature/Humidity Sensors ............ 141 Configuring Sensor Access for an LX Port ............................................................................... 141 Displaying the Temperature and Humidity ............................................................................... 141 Displaying Sensor Summaries .................................................................................................. 142 Chapter 9 - Configuring Power Control Units ............................................... 143 Configuring an LX Asynchronous Port as a Power Master ...................................................... 143 Default Name for a Power Control Relay ................................................................................. 144 Configuring Power Control Units ............................................................................................. 145 Assigning Power Control Relays to a Group ....................................................................... 145 Specifying the Off Time ...................................................................................................... 145 Naming a Power Control Relay ...........................................................................................146 Naming a Group of Power Control Relays .......................................................................... 147 Displaying Information on Power Control Units ...................................................................... 147 Displaying Status Information for Power Control Units ..................................................... 147 Displaying Status Information for Groups of Power Control Relays .................................. 148 Displaying Summary Information for Power Control Units ............................................... 149 Chapter 10 - Configuring Packet Filters with the iptables Command ........ 151 Adding a Rule to a Chain .......................................................................................................... 151 Example: Dropping Packets Based on the Source IP Address ............................................ 152 Example: Accepting Packets Based on the Destination IP Address ...................................153 Example: Ignoring Telnet Requests from a Specific IP Address ........................................ 153 Notes on the iptables Command Options ............................................................................ 154 Saving Changes in Rules ........................................................................................................... 155 Appendix A - Overview of RADIUS Authentication ...................................... 157 RADIUS Authentication Attributes .......................................................................................... 159 Appendix B - Overview of RADIUS and TACACS+ Accounting .................. 161 RADIUS Accounting Client Operation ..................................................................................... 161 RADIUS Accounting Attributes ............................................................................................... 162 TACACS+ Accounting Client Operation ................................................................................. 163 TACACS+ Accounting Attributes ............................................................................................ 164 Appendix C - Overview of TACACS+ Authentication ................................... 167 Example of TACACS+ Authentication ..................................................................................... 168 TACACS+ Authentication Attributes ....................................................................................... 16810 451-0311B Appendix D - Details of the iptables Command ............................................ 171 iptables man Pages .................................................................................................................... 171 Appendix 3 .......................................................................................................................... 190 Appendix 4 .......................................................................................................................... 191 Index ................................................................................................................. 193451-0311B 11 Figures Figure 1 - LX Command Modes ........................................................................16 Figure 2 - Straight-through Wiring Scheme ....................................................50 Figure 3 - Service Profile Display .....................................................................90 Figure 4 - User Profile Display .........................................................................91 Figure 5 - Broadcast Group Characteristics Display ....................................102 Figure 6 - Broadcast Group Summary Display .............................................103 Figure 7 - Rotary Connections on an IP Interface .........................................113 Figure 8 - Interface Characteristics Display .................................................116 Figure 9 - Interface Port Mapping Display ....................................................117 Figure 10 - Interface Status Display ..............................................................118 Figure 11 - Interface Summary Display ........................................................118 Figure 12 - Rotary Display .............................................................................119 Figure 13 - Subscriber Characteristics Display ............................................135 Figure 14 - Subscriber Status Display ...........................................................136 Figure 15 - Subscriber TCP Display ..............................................................137 Figure 16 - Subscriber Summary Display .....................................................138 Figure 17 - Audit Log Display ........................................................................139 Figure 18 - Command Log Display .................................................................139 Figure 19 - Device Status Display for a Sensor Port .....................................142 Figure 20 - Device Summary Display for Sensors .........................................142 Figure 21 - Device Status Display for an Alarm Master Port ......................148 Figure 22 - Device Status Display for a Power Control Relay Group ..........149 Figure 23 - Device Summary Display ............................................................149 Figure 24 - RADIUS Authentication Process ................................................158 Figure 25 - TACACS+ Authentication Process ..............................................169451-0311B 13 Preface This guide describes how to manage and configure the LX unit and provides background information on all of the configurable features of the LX unit. How This Book is Organized This guide is organized as follows: • Chapter 1 – Describes how to do the initial setup of the LX unit. • Chapter 2 – Describes how to set up remote console management on the LX unit. • Chapter 3 – Describes how to perform system administration on the LX unit. • Chapter 4 – Describes how to set up the Notification Feature. • Chapter 5 – Describes how to set up the Data Broadcast Feature. • Chapter 6 – Describes how to configure IP interfaces. • Chapter 7 – Describes how to configure subscriber accounts. • Chapter 8 – Describes how to configure ports for Temperature/Humidity sensors. • Chapter 9 – Describes how to configure ports for power management. • Chapter 10 – Describes how to use the iptables command to configure packet filters for the LX unit. • Appendix A – Provides an overview of the RADIUS authentication feature and describes the RADIUS authentication attributes. • Appendix B – Provides an overview of the RADIUS accounting feature and the TACACS+ accounting feature and describes the RADIUS and TACACS+ accounting attributes.Preface 14 451-0311B • Appendix C – Provides an overview of the TACACS+ authentication feature and describes the TACACS+ authentication attributes. • Appendix D – Lists the Linux man pages for the iptables command. Conventions The following conventions are used throughout this guide: • Command execution – Unless otherwise specified, commands are executed when you press . • Keyboard characters (keys) – Keyboard characters are represented using left and right angle brackets (< and >). For example, the notation refers to the CTRL key; refers to the letter A; and refers to the RETURN key. • Command syntax – Where command options or command syntax are shown, keywords and commands are shown in lowercase letters. • Typographical conventions – The following typographical conventions are used: Monospace Typeface – indicates text that can be displayed or typed at a terminal (i.e., displays, user input, messages, prompts, etc.). italics – are used to indicate variables in command syntax descriptions. Using the Function Keys The LX Command Line Interface (CLI) supports the following function keys: • Ctrl-F – Moves forward to the next session. • Ctrl-B – Moves back to the previous session. • Ctrl-L – Returns you to the Local Command Mode. NOTE: You must press the Enter key after you type Ctrl-F, Ctrl-B, or Ctrl-L. • Up arrow – Recalls the last command.451-0311B 15 Preface • Tab key – Autocompletes a partially typed command. For example, if you type the tab key after you type show ver at the Superuser command prompt, the show version command will be autocompleted. (Note: You must type the first three characters in a command keyword before you can autocomplete it with the Tab key.) Online Help The question mark character (?), and the Tab key, are used to display online help in the LX Command Line Interface (CLI). The following guidelines will help you to navigate the online help system: • Type the ? character (or press the Tab key) at the command prompt in any command mode, to display the first keyword of each command that can be executed in that command mode. For example, the following is displayed when you type the ? character at the User command prompt: InReach:0 > User Commands: clear Clear screen and reset terminal line disconnect Disconnect session enable Turn on privileged commands exit Exits and disconnects user no Negate a command pause Pause enable ping Send echo messages show Show running system information ssh Secure Shell (Triple-DES/Blowfish) telnet Open a telnet connection terminal Set the terminal type • Type the ? character (or press the Tab key) after the displayed keyword to list the options for that keyword. For example, type show? to list the options of the show keyword. You could then type show port? to list the next item in the syntax of the show port command.Preface 16 451-0311B Navigating the LX Command Line Interface (CLI) The LX CLI is structured as a set of nested command modes. Each command mode is used to implement a group of related features or functions. Figure 1 lists the command modes in the LX CLI. Figure 1 - LX Command Modes Each command mode has its own command prompt (e.g., Config:0 >>) and its own set of commands. Type a question mark (?) (or press the Tab key) at any of the LX CLI command prompts to display the commands that can be executed in the current command mode. For example, type a question mark at the Menu :0 >> prompt to display the commands that can be executed in the Menu command mode. Configuration Notification Interface Broadcast Group Subscriber SNMP Menu User Superuser Enter “enable” command and login to Superuser command mode Cconfiguration Nnotification Mmenu Ssnmp Ssubscriber Iinterface Ibroadcast group PPP Modem Ethernet Asynchronous Pppp Mmodem Pport ethernet Pport async Oopen Menu Editing451-0311B 17 Preface Except for the User command mode, each command mode is nested in a previous command mode. (The User command mode is the basic command mode of the LX CLI; you are in the User command mode when you log in to the LX unit.) For example, the Superuser command mode is nested in User command mode; the Configuration command mode is nested in the Superuser command mode, and so on. To enter a nested command mode, you must enter the appropriate command from the previous command mode. For example, to enter the Configuration command mode you must enter the configuration command from the Superuser command mode. You can use the exit command to return to the previous command mode. For example, you would enter the exit command in the Asynchronous command mode to return to the Configuration command mode. You can use the end command to return to the Superuser Command Mode from the Configuration Command Mode or from any command mode that is nested in the Configuration Command Mode. The rest of this section describes the LX command modes and the commands that are used to access each of them. User Command Mode When you log on to the LX unit, you are in the User command mode. This is indicated by the User command prompt (e.g., InReach:0 >). The User command mode includes commands for doing the following: • Managing your LX session and terminal. • Pinging remote hosts. • Connecting to remote hosts via SSH and Telnet. • Displaying your subscriber-specific information. • Displaying information about the LX port to which you are connected. • Accessing the Superuser command mode.Preface 18 451-0311B Refer to the “User Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the User Command Mode. Superuser Command Mode The Superuser command prompt (e.g., InReach:0 >>) is displayed when you are in the Superuser command mode. You can access the Superuser command mode by executing the enable command in the User command mode. When you execute the enable command, the Password: prompt is displayed. To enter Superuser mode, you must enter a Superuser password at the Password: prompt. In the Superuser command mode, you can perform all of the tasks that you can perform in User command mode, as well as the following: • Manage the LX unit. • Display global information for the LX unit. • Access the Linux shell. • Access the Configuration command mode. Refer to the “Superuser Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Superuser Command Mode. Configuration Command Mode The Configuration command prompt (e.g., Config:0 >>) is displayed when you are in the Configuration command mode. You can access the Configuration command mode by executing the configuration command in the Superuser command mode. In the Configuration command mode, you can perform such tasks as the following: • Specify the server-level configuration of the LX unit. The server-level configuration includes the Superuser password and settings for ppciboot, RADIUS, TACACS+, SecurID, and all other server-level features.451-0311B 19 Preface • Access the Asynchronous command mode. • Access the Ethernet command mode. • Access the Interface command mode. • Access the Menu command mode. • Access the Notification command mode. • Access the SNMP command mode. • Access the Subscriber command mode. • Access the Broadcast Group command mode. Refer to the “Configuration Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Configuration Command Mode. Asynchronous Command Mode The Asynchronous command prompt (e.g., Async 4-4:0 >>) is displayed when you are in the Asynchronous command mode. For example, the prompt Async 4-4:0 >> indicates that you are in the Asynchronous command mode for port 4. You can access the Asynchronous command mode by executing the port async command in the Configuration command mode with an LX port number as the command argument; for example: Config:0 >>port async 4 In the Asynchronous command mode, you can do the followng: • Configure asynchronous port settings such as access methods, APD settings, autobaud, autodial, flow control, and inbound and outbound authentication. • Access the PPP command mode. • Access the Modem command mode. Refer to the “Asynchronous Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Asynchronous Command Mode.Preface 20 451-0311B PPP Command Mode The PPP command prompt (e.g., PPP 4-4:0 >>) is displayed when you are in the PPP command mode. You can access the PPP command mode by executing the ppp command in the Asynchronous command mode. In the PPP command mode, you can configure the Point-to-Point Protocol (PPP) for asynchronous ports. Some of the settings that you can configure include accounting, authentication, IPCP parameters, and LCP parameters. Refer to the “PPP Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the PPP Command Mode. Modem Command Mode The Modem command prompt (e.g., Modem 4-4:0 >>) is displayed when you are in the Modem command mode. You can access the Modem command mode by executing the modem command in the Asynchronous command mode. In the Modem command mode, you can configure external modems for asynchronous ports. Some of the settings that you can configure include type, dialout number, modem retries, and the modem initialization string. Refer to the “Modem Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Modem Command Mode.451-0311B 21 Preface Ethernet Command Mode The Ethernet command prompt (e.g., Ether 1-1:0 >>) is displayed when you are in the Ethernet command mode. You can access the Ethernet command mode by executing the port ethernet command in the Configuration command mode with an LX port number as the command argument; for example: Config:0 >>port ethernet 1 In the Ethernet command mode, you can configure Ethernet port descriptions and the duplex mode and speed of Ethernet ports. Refer to the “Ethernet Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Ethernet Command Mode. Subscriber Command Mode The Subscriber command prompt (e.g., Subs_mark >>) is displayed when you are in the Subscriber command mode. You can access the Subscriber command mode by executing the subscriber command in the Configuration command mode. In the Subscriber command mode, you can provision subscribers of the LX unit. Some of the subscriber settings include function keys, Telnet settings, and security settings. Refer to the “Subscriber Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Subscriber Command Mode. SNMP Command Mode The SNMP command prompt (e.g., Snmp:0 >>) is displayed when you are in the SNMP command mode. You can access the SNMP command mode by executing the snmp command in the Configuration command mode. In the SNMP command mode, you can configure the SNMP settings for an LX unit.Preface 22 451-0311B Refer to the “SNMP Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the SNMP Command Mode. Interface Command Mode The Interface command prompt (e.g., Intf 1-1:0 >>) is displayed when you are in the Interface command mode. You can access the Interface command mode by executing the interface command in the Configuration command mode. In the Interface command mode, you can configure interfaces for the LX unit. Some of the settings that you can configure include the IP settings, MTU, and IP Rotaries for the interface, as well as SSH and Telnet settings. Refer to the “Interface Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Interface Command Mode. Menu Command Mode The Menu command prompt (e.g., Menu :0 >>) is displayed when you are in the Menu command mode. You can access the Menu command mode by executing the menu command in the Configuration command mode. In the Menu command mode, you can create, delete, import, and display menus and access the Menu Editing command mode by executing the open command. Refer to the “Menu Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Menu Command Mode. Menu Editing Command Mode The Menu Editing command prompt (e.g., mark-1:0 >>) is displayed when you are in the Menu Editing command mode. For example, the prompt mark-1:0 >> indicates that the menu mark is open in the Menu Editing command mode. You can access the Menu Editing command mode by executing the open command in the Menu command mode.451-0311B 23 Preface In the Menu Editing command mode, you can create and modify menus. Refer to the “Menu Editing Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Menu Editing Command Mode. Notification Command Mode The Notification command prompt (e.g., Notification:0 >>) is displayed when you are in the Notification command mode. You can access the Notification command mode by executing the notification command in the Configuration command mode. In the Notification command mode, you can configure the sending of accounting log messages to pagers, email addresses, SNMP trap clients, local files, remote hosts, syslogd, and asynchronous ports. Refer to the “Notification Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Notification Command Mode. Broadcast Group Command Mode The Broadcast Group command prompt (e.g., BrGroups 6:0 >>) is displayed when you are in the Broadcast Group command mode. You can access the Broadcast Group command mode by executing the broadcast group command in the Configuration command mode. In the Broadcast Group command mode, you can configure a Broadcast Group. A Broadcast Group consists of Slave Ports and Master Ports. The Slave Ports receive data broadcasts from the Master Ports. Refer to the “Broadcast Group Commands” chapter of the LX-Series Commands Reference Guide for detailed information on the commands that you can execute in the Broadcast Group Command Mode.Preface 24 451-0311B Disabling (Negating) Features and Settings In order to disable a feature or setting, you must execute the no command with one or more modifiers. The no command must be executed in the same Command Mode in which the feature or setting was specified. For example, you can disable Autobaud by executing the no command with the autobaud modifier in the Asynchronous command mode. The full command syntax would look like this: Async 6-6:0 >>no autobaud To display the features and settings that can be disabled or negated in any command mode, enter no?; for example: Async 6-6:0 >>no? apd authentication autobaud autodial The above example shows that you can disable the Autodial feature by executing the no autodial command in the Asynchronous command mode. In some instances, the no command may require more than one modifier. For example, to reset the dialout number in the Modem command mode, you need to execute the no command with the dialout modifier and the number modifier. Type the question mark (?) after the first modifier to determine if the no command requires additional modifiers to disable a feature or negate a setting; for example: Modem 6-6:0 >>no dialout? number Modem 6-6:0 >>no dialout number? 451-0311B 25 Preface Related Documents For detailed information on the LX commands, refer to the LX-Series Commands Reference Guide (P/N 451-0310E). For more information on the LX hardware, refer to Getting Started with the LX Series (P/N 451-0308E). The LX Quick Start Instructions (P/N 451-0312F) describes how to get the LX unit up and running.451-0311B 27 Chapter 1 Initial Setup of the LX Unit This section describes how to do the initial setup of the LX unit. Before you use the LX unit for network management, you must perform the tasks described in this chapter. You can do the tasks described in this chapter after you have installed and powered on the LX unit as described in Chapter 1 of Getting Started with the LX Series. Configuring TCP/IP You can allow the LX unit to obtain its TCP/IP parameters from the network, or you can explicitly configure TCP/IP parameters for the LX unit with the Quick Start Configurator or the IP Configuration Menu. (You can access the IP Configuration Menu from the ppciboot Main Menu.) Obtaining TCP/IP Parameters from the Network If the TCP/IP parameters for the LX unit have not been explicitly configured, the LX unit will attempt to load its TCP/IP parameters from the network when the LX unit boots. The LX unit can load its TCP/IP parameters from any LAN that runs DHCP, BOOTP, or RARP. Configuring TCP/IP Parameters with the Quick Start Configurator Do the following to configure TCP/IP parameters with the Quick Start Configurator: 1. Plug in the terminal at the DIAG port (port 0) on the LX unit. (The port values are 9600 bps, eight bits, one stop bit, no parity, and Xon/Xoff flow control.) The Run Initial Connectivity Setup? y/n message appears (when the LX first boots up on default parameters). 2. Press y (yes) and press . The Superuser Password prompt appears.Initial Setup of the LX Unit 28 451-0311B 3. Enter the password system. The Quick Configuration menu appears: 4. Press the number corresponding to the parameter you want to set. 5. Enter the appropriate information and press to return to the Quick Configuration menu. Once you enter a parameter value, a data entry line specific to that parameter appears on the Quick Configuration menu. 6. Continue in this way through the menu, configuring as many parameters as you want. You are not required to configure all parameters. NOTE: You should change the Superuser Password, since this is the first time you are configuring the LX unit (the default password is system). 7. Press 7 (Exit and Save) to save your changes. The Is this information correct? message appears. Quick Configuration menu 1 Unit IP address 2 Subnet mask 3 Default Gateway 4 Domain Name Server 5 Domain Name Suffix 6 Superuser Password 7 Exit and Save Enter your choice: CONFIGURATION SUMMARY 1 Unit IP address 10.80.1.5 2 Subnet mask 255.0.0.0 3 Default Gateway 4 Domain Name Server 5 Domain Name Suffix 6 Superuser Password Changed 7 Exit and Save Is this information correct? (y/n) : 451-0311B 29 Initial Setup of the LX Unit 8. Press y (yes) and press . The Save this information to flash? message appears. 9. Press y (yes) and press . The information is saved to flash. 10. Press several times to display the Login: prompt. 11. Enter your login name. The default is InReach. 12. Enter your password. The default is access. You can now use the LX unit. NOTE: The login username and password are case-sensitive. Setting the TCP/IP Parameters in the IP Configuration Menu You can use the IP Configuration Menu to set the TCP/IP parameters for the LX unit. For more information, refer to “Using the IP Configuration Menu” in Getting Started with the LX Series. Creating and Loading a Default Configuration File This section explains how to create a default configuration file with which you can load multiple units. Creating a Default Configuration File After your first LX unit is up and running, you can save the unit configuration to the network. For further information, refer to “Saving the Configuration to the Network” on page 30. You must rename this .zip file to lx last six digits of the mac address.prm (e.g. lx12ab9f.prm). Once this is complete, you can use this .prm file as a template to configure multiple units at one time by changing the last six digits of the mac address to reflect that of the specific unit.Initial Setup of the LX Unit 30 451-0311B Loading a Default Configuration File If loading via BOOTP and DHCP, you can load a default configuration file from a TFTP server that is located on the same server from which you obtained your IP address. If you are not loading via one of these, the unit looks on the TFTP server specified in ppciboot. If the configuration is defaulted, it is detected at startup and the unit checks that a TFTP server was passed by ppciboot. If a TFTP server is accessible, the LX unit connects to it and tries to download a default file named lx last six digits of the mac address.prm (e.g., lx12ab9f.prm). If this file exists, the LX unit loads it into its configuration table. If the default file does not exist, the Quick Start menu is displayed. You can use the .prm file as a template to configure multiple units at one time. After copying the .prm file, you would rename it to lx last six digits of the mac address.prm (e.g., lx12ab9f.prm). For more information, refer to “Saving the Configuration to the Network” on page 62. Saving the Configuration to the Network The TFTP protocol is used to perform the operation of saving the LX configuration to a network host. If the network host is a UNIX host, a configuration file must already exist on the TFTP server. The configuration file is a .zip file that contains everything previously described except for the SSH keys, since they belong to the unit itself and cannot be used on a different unit. Since the format is a .zip file, it is usable by WinZip or UNIX Unzip. To save the configuration to the network, execute the following command in the Superuser Command Mode: save configuration network filename tftp_server_address NOTE: The filename that you specify in the save configuration network command must not include the .zip extension.451-0311B 31 Initial Setup of the LX Unit Setting Up Local (Onboard) Security for the LX Unit Local security is the default security method for the LX unit. Under Local security, the user is authenticated against a username/password file that resides on the LX unit. NOTE: The LX unit also supports RADIUS, TACACS+, and SecurID security. Under RADIUS, TACACS+, and SecurID, the user is authenticated against a username/password file that resides on the authentication server. For more information, refer to “Setting Up RADIUS, SecurID, and TACACS+ for the LX Unit” on page 33. Changing the Password Defaults It is widely known that the default password for the InReach user is access. If an unauthorized user knew this username/password combination, he/she could log on to your LX unit. For this reason, you should change the InReach user’s password to something other than access. It is also widely known that the default Superuser password is system. To reduce the risk of an unauthorized user gaining access to the Superuser Command Mode, MRV recommends that you change this password to something other than system. Changing the Default Password for the InReach User Do the following to change the User-level password of the InReach User: 1. Access the Configuration Command Mode. (Refer to “Configuration Command Mode” on page 18 for information on accessing the Configuration Command Mode.) IMPORTANT! MRV Communications recommends that you change the default password for the user InReach before you put the LX unit on a network. For more information, refer to “Changing the Password Defaults” (below).Initial Setup of the LX Unit 32 451-0311B 2. Access the Subscriber Command Mode for the InReach subscriber. You do this by entering the subscriber command with InReach as the command argument; for example: Config:0 >>subscriber InReach 3. Enter the password command at the Subs_InReach >> prompt; for example: Subs_InReach >>password 4. Enter a new User password at the Enter your NEW password: prompt. The password will be displayed as asterisks, as in the following example: Enter your NEW password : *************** 5. Re-enter the new User password at the Re-Enter your NEW password: prompt. The password will be displayed as asterisks, as in the following example: Re-Enter your NEW password: *************** Changing the Default Superuser Password To change the Superuser password for the LX unit, do the following: 1. Access the Configuration Command Mode. (Refer to “Configuration Command Mode” on page 18 for information on accessing the Configuration Command Mode.) 2. Enter the password command at the Config:0 >> prompt; for example: Config:0 >>password 3. Enter a new Superuser password at the Enter your NEW password: prompt. The password will be displayed as asterisks, as in the following example: Enter your NEW password : ***************451-0311B 33 Initial Setup of the LX Unit 4. Re-enter the new Superuser password at the Re-Enter your NEW password: prompt. The password will be displayed as asterisks, as in the following example: Re-Enter your NEW password: *************** Setting Up RADIUS, SecurID, and TACACS+ for the LX Unit You can implement SecurID, RADIUS, or TACACS+ authentication on the LX unit. For more information, refer to the following: • “Setting Up RADIUS” (below) • “Setting Up TACACS+” on page 38 • “Setting Up SecurID” on page 43 Setting Up RADIUS The LX can implement RADIUS authentication and RADIUS accounting at the server level and for specific interfaces and asynchronous ports. You must configure RADIUS accounting and/or authentication at the server level before you can implement it on specific interfaces and asynchronous ports on the LX unit. The basic steps for configuring RADIUS authentication on the LX unit are: 1. Installing and configuring the RADIUS server on a Network-based Host (see page 34). 2. Specifying the RADIUS server settings on the LX (see page 34). 3. Specifying the RADIUS period on the LX (see page 38). For more information on RADIUS authentication, refer to “Overview of RADIUS Authentication” on page 157. For more information on RADIUS accounting, refer to “Overview of RADIUS and TACACS+ Accounting” on page 161.Initial Setup of the LX Unit 34 451-0311B Installing and Configuring the RADIUS Server on a Network-based Host Before you can authenticate with RADIUS on your LX unit, you must configure a RADIUS server on your network. In general, RADIUS server implementations are available on the Internet. These implementations generally use a daemon process that interacts with RADIUS clients (located on LX units and on other remote access devices). The daemon uses a list of clients and associated secrets that it shares with these clients. The per-client secret is used to encrypt and validate communications between the RADIUS server and the client. The file used to keep the client list and secrets is the “clients” file. Another file used by the daemon to store the users that are authenticated is the “users” file. The “users” file contains the RADIUS attributes associated with a particular user. As a minimum, this file must contain the user’s username, password (depending on the RADIUS server used), and Service-type. To configure the RADIUS server, refer to your RADIUS host documentation. MRV recommends that you use the Merit RADIUS server implementation. Information for the Merit RADIUS server can be found at http://www.merit.edu. Refer to the GOPHER SERVER and the MERIT Network Information Center for new releases. Specifying the RADIUS Server Settings on the LX Do the following to specify the RADIUS server settings on the LX unit: 1. Check the primary RADIUS Server host to ensure that the RADIUS server client database has been configured. 2. Access the Configuration Command Mode on the LX. (Refer to “Configuration Command Mode” on page 18 for information on accessing the Configuration Command Mode.)451-0311B 35 Initial Setup of the LX Unit 3. Use the radius primary authentication server address command to specify the IP address of the RADIUS primary authentication server; for example: Config:0 >>radius primary authentication server address 146.32.87.93 4. Use the radius primary authentication server secret command to specify the secret that will be shared between LX unit and the RADIUS primary authentication server; for example: Config:0 >>radius primary authentication server secret BfrureG 5. Use the radius primary authentication server port command to specify the socket your RADIUS server is listening to; for example: Config:0 >>radius primary authentication server port 1645 NOTE: The LX listens to port 1812 by default. 6. To verify the LX RADIUS configuration, exit from the Configuration command mode and execute the show radius characteristics command at the Superuser command prompt; for example: InReach:0 >>show radius characteristics Refer to Table 1 on page 36 for descriptions of all of the settings that you can specify for a RADIUS server. In order to use a RADIUS primary accounting server, or a RADIUS secondary server, you must specify an IP address and a secret for the respective RADIUS server. For examples of the commands that you would use, refer to the following sections: • “RADIUS Primary Accounting Server Commands” on page 37 • “RADIUS Secondary Authentication Server Commands” on page 37Initial Setup of the LX Unit 36 451-0311B • “RADIUS Secondary Accounting Server Commands” on page 37 NOTE: The use of a RADIUS primary accounting server, and the use of RADIUS secondary servers, is optional. After you have specified the RADIUS settings for the RADIUS primary authentication server, you can configure the RADIUS primary accounting server and the RADIUS secondary authentication and accounting servers. Table 1 - RADIUS Settings RADIUS Command Examples This section provides examples of all of the commands that are used to specify settings for the RADIUS servers. Refer to the “Configuration Commands” chapter of the LX-Series Commands Reference Guide for detailed descriptions of the commands in this chapter. RADIUS Primary Authentication Server Commands Config:0 >>radius primary authentication server address 152.34.65.33 RADIUS Settings Description address IP address of the RADIUS server 1 port 1. If you do not specify a UDP port, retransmit value, or timeout value for the RADIUS server, the LX unit will use the default values for these settings. For more information, refer to the applicable commands in the “Configuration Commands” chapter of the LX-Series Commands Reference Guide. UDP port of the RADIUS server 1 retransmit The maximum number of times that the LX unit will attempt to retransmit a message to the RADIUS server secret The RADIUS secret shared between the LX unit and the RADIUS server 1 timeout The length of time that the LX unit will wait for the RADIUS server to respond before retransmitting packets to it451-0311B 37 Initial Setup of the LX Unit Config:0 >>radius primary authentication server port 1645 Config:0 >>radius primary authentication server retransmit 3 Config:0 >>radius primary authentication server secret AaBbCc Config:0 >>radius primary authentication server timeout 7 RADIUS Primary Accounting Server Commands Config:0 >>radius primary accounting server address 181.28.68.56 Config:0 >>radius primary accounting server port 1646 Config:0 >>radius primary accounting server retransmit 3 Config:0 >>radius primary accounting server secret reuyyurew Config:0 >>radius primary accounting server timeout 7 RADIUS Secondary Authentication Server Commands Config:0 >>radius secondary authentication server address 178.67.82.78 Config:0 >>radius secondary authentication server port 1812 Config:0 >>radius secondary authentication server retransmit 3 Config:0 >>radius secondary authentication server secret AsJkirbg Config:0 >>radius secondary authentication server timeout 7 RADIUS Secondary Accounting Server Commands Config:0 >>radius secondary accounting server address 198.20.84.77 Config:0 >>radius secondary accounting server port 1813 Config:0 >>radius secondary accounting server retransmit 3 Config:0 >>radius secondary accounting server secret GgJjoreou Config:0 >>radius secondary accounting server timeout 7Initial Setup of the LX Unit 38 451-0311B Specifying the RADIUS Period on the LX The RADIUS period is the interval at which the LX unit will update the RADIUS accounting server with the status of each RADIUS user. The RADIUS period is specified in minutes. Do the following to specify the RADIUS period: 1. Access the Configuration Command Mode. (Refer to “Configuration Command Mode” on page 18 for information on accessing the Configuration Command Mode.) 2. Use the radius period command to specify the RADIUS period; for example: Config:0 >>radius period 10 Setting Up TACACS+ You can implement TACACS+ authentication and TACACS+ accounting at the server level and for specific interfaces and asynchronous ports on the LX unit. You must implement TACACS+ accounting and/or authentication at the server level before you can implement it on specific interfaces and asynchronous ports on the LX unit. The basic steps for configuring TACACS+ authentication on the LX unit are: 1. Installing and configuring the TACACS+ server on a Network-based Host (see page 38). 2. Specifying the TACACS+ server settings on the LX (see page 39). 3. Specifying the TACACS+ period on the LX (see page 42). For more information on TACACS+ authentication, refer to “Overview of TACACS+ Authentication” on page 167. For more information on TACACS+ accounting, refer to “Overview of RADIUS and TACACS+ Accounting” on page 161. Installing and Configuring the TACACS+ Server on a Network-based Host Before you can configure TACACS+ on your LX unit, you must configure a TACACS+ server on your network.451-0311B 39 Initial Setup of the LX Unit In general, TACACS+ server implementations are available on the Internet. These implementations generally use a daemon process that interacts with TACACS+ clients (located on LX units and on other remote access devices). The daemon uses a list of clients and associated secrets that it shares with these clients. The per-client secret is used to encrypt and validate communications between the TACACS+ server and the client. The file used to keep the client list and secrets is the “clients” file. Another file used by the daemon to store the users that are authenticated is the “users” file. The “users” file contains the TACACS+ attributes associated with a particular user. As a minimum, this file must contain the user’s username, password (depending on the TACACS+ server used), and Service-type. To configure the TACACS+ server, refer to your TACACS+ host documentation. Specifying the TACACS+ Server Settings on the LX Do the following to specify the TACACS+ server settings on the LX unit: 1. Check the primary TACACS+ Server host to ensure that the TACACS+ server client database has been configured. 2. Access the Configuration Command Mode on the LX. (Refer to “Configuration Command Mode” on page 18 for information on accessing the Configuration Command Mode.) 3. Use the tacacs+ primary authentication server address command to specify the IP address of the TACACS+ primary authentication server; for example: Config:0 >>tacacs+ primary authentication server address 149.19.87.89 4. Use the tacacs+ primary authentication server secret command to specify the secret that will be shared between LX unit and the TACACS+ primary authentication server; for example:Initial Setup of the LX Unit 40 451-0311B Config:0 >>tacacs+ primary authentication server secret Goitji 5. Use the tacacs+ primary authentication server port command to specify the socket your TACACS+ server is listening to; for example: Config:0 >>tacacs+ primary authentication server port 1687 NOTE: The LX listens to port 1812 by default. 6. To verify the LX TACACS+ configuration, exit from the Configuration command mode and execute the show tacacs+ characteristics command at the Superuser command prompt; for example: InReach:0 >>show tacacs+ characteristics Refer to Table 1 on page 36 for descriptions of all of the settings that you can specify for a TACACS+ server. In order to use a TACACS+ primary accounting server, or a TACACS+ secondary server, you must specify an IP address and a secret for the respective TACACS+ server. For examples of the commands that you would use, refer to the following sections: • “TACACS+ Primary Authentication Server Commands” on page 41 • “TACACS+ Secondary Authentication Server Commands” on page 42 • “TACACS+ Secondary Accounting Server Commands” on page 42 NOTE: The use of a TACACS+ primary accounting server, and the use of TACACS+ secondary servers, is optional. After you have specified the TACACS+ settings for the TACACS+ primary authentication server, you can configure the TACACS+ primary accounting server and the TACACS+ secondary authentication and accounting servers.451-0311B 41 Initial Setup of the LX Unit Table 2 - TACACS+ Settings TACACS+ Command Examples This section provides examples of all of the commands that are used to specify settings for the TACACS+ servers. Refer to the “Configuration Commands” chapter of the LX-Series Commands Reference Guide for detailed descriptions of the commands in this chapter. TACACS+ Primary Authentication Server Commands Config:0 >>tacacs+ primary authentication server address 182.36.98.33 Config:0 >>tacacs+ primary authentication server port 1687 Config:0 >>tacacs+ primary authentication server retransmit 3 Config:0 >>tacacs+ primary authentication server secret Gfsufsa Config:0 >>tacacs+ primary authentication server timeout 7 TACACS+ Settings Description address IP address of the TACACS+ server 1 port 1. If you do not specify a UDP port, retransmit value, or timeout value for the TACACS+ server, the LX unit will use the default values for these settings. For more information, refer to the applicable commands in the “Configuration Commands” chapter of the LX-Series Commands Reference Guide. UDP port of the TACACS+ server 1 retransmit The maximum number of times that the LX unit will attempt to retransmit a message to the TACACS+ server secret The TACACS+ secret shared between the LX unit and the TACACS+ server 1 timeout The length of time that the LX unit will wait for the TACACS+ server to respond before retransmitting packets to itInitial Setup of the LX Unit 42 451-0311B TACACS+ Primary Accounting Server Commands Config:0 >>tacacs+ primary accounting server address 182.28.86.56 Config:0 >>tacacs+ primary accounting server port 1664 Config:0 >>tacacs+ primary accounting server retransmit 3 Config:0 >>tacacs+ primary accounting server secret iuhgeuer Config:0 >>tacacs+ primary accounting server timeout 7 TACACS+ Secondary Authentication Server Commands Config:0 >>tacacs+ secondary authentication server address 182.57.32.58 Config:0 >>tacacs+ secondary authentication server port 1842 Config:0 >>tacacs+ secondary authentication server retransmit 3 Config:0 >>tacacs+ secondary authentication server secret L3498reiu Config:0 >>tacacs+ secondary authentication server timeout 7 TACACS+ Secondary Accounting Server Commands Config:0 >>tacacs+ secondary accounting server address 182.20.56.18 Config:0 >>tacacs+ secondary accounting server port 1819 Config:0 >>tacacs+ secondary accounting server retransmit 3 Config:0 >>tacacs+ secondary accounting server secret Geihuige2 Config:0 >>tacacs+ secondary accounting server timeout 7 Specifying the TACACS+ Period on the LX The TACACS+ period is the interval at which the LX unit will update the TACACS+ accounting server with the status of each TACACS+ user. This value is specified in minutes. Do the following to specify the TACACS+ period:451-0311B 43 Initial Setup of the LX Unit 1. Access the Configuration Command Mode. (Refer to “Configuration Command Mode” on page 18 for information on accessing the Configuration Command Mode.) 2. Use the tacacs+ period command to specify the TACACS+ period; for example: Config:0 >>tacacs+ period 10 Setting Up SecurID You can implement SecurID authentication at the server level and for specific interfaces and asynchronous ports on the LX unit. You must implement SecurID authentication at the server level before you can implement it on specific interfaces and asynchronous ports on the LX unit. Under SecurID authentication, the user is required to enter a user name and a PIN number plus the current token code from his or her SecurID server. The LX unit transmits the information to the RSA ACE/Server, which approves access when the information is validated. SecurID supports both DES and SDI encryption.Initial Setup of the LX Unit 44 451-0311B The basic steps for configuring SecurID authentication on the LX unit are: 1. Installing and configuring the SecurID server on a Network-based Host (see page 38). 2. Specifying the SecurID server settings on the LX (see page 39). For more information on SecurID authentication, go to the RSA SecurID website (http://www.rsasecurity.com/products/securid/index.html). Installing and Configuring the SecurID Server on a Network-based Host Before you can configure SecurID on your LX unit, you must configure a SecurID server on your network. To configure the SecurID server, refer to your SecurID host documentation. Specifying the SecurID Server Settings on the LX Do the following to specify the SecurID server settings on the LX unit: 1. Check the primary SecurID Server host to ensure that the SecurID application is running. 2. Access the Configuration Command Mode on the LX. (Refer to “Configuration Command Mode” on page 18 for information on accessing the Configuration Command Mode.) 3. Use the securid authentication version command to specify the SecurID authentication version for the LX unit. You can specify the authentication version as Version 5, or pre-Version 5 (legacy); for example: Config:0 >>securid authentication version version_5 Config:0 >>securid authentication version legacy 4. Use the securid authentication port command to specify the socket your SecurID server is listening to; for example: Config:0 >>securid authentication port 1687 NOTE: The LX listens to port 1812 by default.451-0311B 45 Initial Setup of the LX Unit 5. Use the securid primary authentication server address command to specify the IP address of the SecurID primary authentication server; for example: Config:0 >>securid primary authentication server address 149.19.87.89 NOTE: If the SecurID authentication version is “legacy”, you must specify a Master authentication server instead of a Primary authentication server. For more information, refer to the securid master authentication server address command in the LX-Series Commands Reference Guide. 6. Use the securid authentication encryption command to specify the SecurID encryption method for the LX unit. You can specify DES or SDI as the encryption method; for example: Config:0 >>securid authentication encryption des Config:0 >>securid authentication encryption sdi 7. To verify the LX SecurID configuration, exit from the Configuration command mode and execute the show securid characteristics command at the Superuser command prompt; for example: InReach:0 >>show securid characteristics SecurID Command Examples This section provides examples of all of the commands that are used to specify settings for the SecurID servers. Refer to the “Configuration Commands” chapter of the LX-Series Commands Reference Guide for detailed descriptions of the commands in this chapter. Config:0 >>securid primary authentication server address 138.30.65.34 Config:0 >>securid authentication port 4500 Config:0 >>securid primary authentication server name bigsky1.com Config:0 >>securid authentication encryption desInitial Setup of the LX Unit 46 451-0311B Config:0 >>securid authentication retransmit 7 Config:0 >>securid authentication timeout 3 Config:0 >>securid authentication version version_5 Refer to Table 3 (below) for descriptions of all of the settings that you can specify for a SecurID server. Table 3 - SecurID Settings NOTE: If the SecurID secret on the LX unit does not match the SecurID secret on the SecurID server, you will need to clear the secret from the LX unit. To clear the SecurID secret from the LX unit, refer to the zero securid secret command in the LX-Series Commands Reference Guide. SecurID Settings Description address IP address of the SecurID server 1 port 1. If you do not specify a UDP port, retransmit value, timeout, version, encryption, or name for the SecurID server, the LX unit will use the default values for these settings. For more information, refer to the applicable commands in the “Configuration Commands” chapter of the LX-Series Commands Reference Guide. UDP port of the SecurID server 1 retransmit The maximum number of times that the LX unit will attempt to retransmit a message to the SecurID server 1 encryption The encryption method for SecurID authentication on the LX unit 1 version The SecurID authentication version that will be used on the LX unit 1 name The host name of the SecurID authentication server for the LX unit 1 timeout The length of time that the LX unit will wait for the SecurID server to respond before retransmitting packets to it451-0311B 47 Initial Setup of the LX Unit Resetting the Unit to Factory Defaults If you believe you have misconfigured the unit, or you believe the configuration is somehow corrupt, you may wish to reset the unit to it’s factory defaults. This may be done in one of several ways: From an LX asynchronous port: 1. Access the Configuration Command Mode. (Refer to “Configuration Command Mode” on page 18 for information on accessing the Configuration Command Mode.) 2. Enter the default Configuration command to reset the LX unit to the factory defaults; for example: Config:0 >>default configuration NOTE: After you enter the above command, the LX will display a confirmation prompt warning you that the unit will be rebooted. The LX unit will be defaulted, and rebooted, if you answer “yes” to the confirmation prompt. From a web browser: 1. Browse to the LX unit’s IP address, log in to the LX unit, and bring up the console. 2. Click on the ‘Admin’ button on the menu bar of the client and entering the Superuser password. This activates a ‘Default’ button on the menu bar. 3. Click on the ‘Default’ button to display the options to default the unit or certain other parameters. 4. Select the option to default the unit. NOTE: After you select a default option, the LX will display a confirmation prompt warning you that the unit will be rebooted. The LX unit will be defaulted, and rebooted, if you answer “yes” to the confirmation prompt. Initial Setup of the LX Unit 48 451-0311B From the LX DIAG port: NOTE: This method is recommended if you no longer have network access, or if you are unable to make a serial connection to an LX asynchronous port. 1. Connect a terminal to the DIAG port of the LX unit. 2. Power-cycle the LX unit. When the unit is powered on, the ppciboot Main Menu is displayed. 3. Select the asterisk (*) from the menu to display the following options: [1] Reset ppciboot Configuration [2] Reset Linux System Configuration 4. Select [1] to reset the ppciboot configuration to system defaults. (Note: Although the ppciboot configuration will be reset to defaults, it will not be saved to flash. To save the configuration to flash, execute the save configuration flash command in the Superuser command mode.) 5. Select [2] to reset the Linux system configuration. You are prompted for the password, which is access. If you enter the password, the command erases all of the configurations you have saved, except for the ppciboot configuration. 6. Press B to Boot the system. Do this only after you have configured the ppciboot options and saved the configuration. Refer to “Booting from Defaults” on page 76 for further information on defaulting from ppciboot and defaulting from the CLI.451-0311B 49 Chapter 2 Setting Up Remote Console Management Network Elements can be managed via Telnet connections, or via SSH connections, to the LX asynchronous ports on which the network elements are attached. This method of managing network elements is known as remote console management. This chapter describes how to set up remote console management on an LX unit. Setting up remote console management involves doing the following: • Connecting the LX asynchronous port to the Network Element (see below). • Configuring the LX asynchronous port for the remote management of the connected Network Element (see page 51). • Setting up security for the LX asynchronous port to which the network element is connected (see page 54). • Creating the subscriber(s) that have remote access to the asynchronous port where the Network Element is connected (see page 58). Connecting the Console Port to the Network Element Network elements can be connected to LX asynchronous ports by a modem or by a direct serial line. The LX asynchronous-port connectors are female RJ-45 connectors. Use a crossover cable to connect a direct serial line from an LX console port to the serial management port on a network element. Use a straight-through cable to connect a console port to a modem. MRV Communications provides RJ-45 crossover cables. You can make the MRV-supplied RJ-45 crossover cables into straight-through cables. For more information, refer to “Making Straight-through Cables” on page 50.Setting Up Remote Console Management 50 451-0311B Making Straight-through Cables To make an MRV-supplied crossover cable into a straight-through cable, do the following: • Lay the modular cable on a table or on some other flat surface. (The modular cable should lie flat with no rolls or twists in it.) • Crimp the RJ-45 connector in opposite directions at both ends (see Figure 2). Figure 2 - Straight-through Wiring Scheme Recommendations for Making Cables Keep the following in mind when you make your own cables: • Before crimping the cables, make sure that the RJ-45 connector is fully inserted into the die-set cavity and that the wire is fully inserted into the RJ-45 connector. (The die set might be fragile, and it could break if the RJ-45 connector is not properly seated before you squeeze the handle.) • In order to keep track of the cable type, you should use different colored wires for straight-through and crossover cable. For example, MRV Communications recommends silver wire for making crossover cables and black wire for making straight-through cables. NOTE: MRV Communications recommends that you not use Ethernet Xbase-T crossover or straight-through cable for serial communications. RJ-4 Connectors RJ-45 Connectors Straight Through Cable451-0311B 51 Setting Up Remote Console Management Modular Adapters (RJ-45 to DB-25 and RJ-45 to DB-9) You can obtain adapters with male and female DB-25 and female connectors from MRV Communications. These adapters direct signals from the RJ-45 connectors on the cable to the correct pin on the DB-25, or DB-9, connector. For more information, refer to Getting Started with the LX Series. Configuring Ports for Remote Console Management This section describes how to configure LX asynchronous ports for remote console management. Configuring Asynchronous Ports for Direct Serial Connections The default settings for LX asynchronous ports will support direct serial connections to most Network Elements. However, when conditions warrant, you can explicitly set an asynchronous port to non-default values. NOTE: Autobaud must be disabled on ports that are used for remote console management. To disable autobaud on a port, execute the no autobaud command in the Asynchronous command mode. Explicitly Setting LX Asynchronous Port Characteristics It is recommended that you explicitly set the characteristics of an LX asynchronous port to match those of a directly connected Network Element. To explicitly set the characteristics of an LX asynchronous port, do the following: 1. Access the Asynchronous Command Mode for the asynchronous port that you want to configure. (Refer to “Asynchronous Command Mode” on page 19 for information on accessing the Asynchronous Command Mode.) 2. Use the access remote command in to set the access for the asynchronous port to Remote; for example: Async 6-6:0 >>access remoteSetting Up Remote Console Management 52 451-0311B 3. In the Asynchronous Command Mode, enter the appropriate command to set the speed, parity, data bits, stop bits, flow control, or autohangup setting for the asynchronous port. Table 4 lists the commands that you can use to set the port characteristics that pertain to remote console management of directly connected Network Elements. For the full syntax of each command listed in Table 4, refer to the LX-Series Commands Reference Guide. Table 4 - Commands for Setting Asynchronous Port Characteristics NOTE: MRV Communications recommends that you enable Autohangup on an LX asynchronous port that will be used to do remote console management. This ensures that the port will drop the connection, when the network element resets DTR at subscriber logout. Port Characteristics Allowable Values Command Examples autohangup enabled or disabled autohangup enable no autohangup data bits 5, 6, 7, or 8 bits 6 flow control xon or cts flowcontrol cts flowcontrol xon parity even, odd, or none parity even parity odd parity none speed 134, 200, 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200, or 230400 speed 115200 stop bits 1 or 2 stop bits 1 stop bits 2451-0311B 53 Setting Up Remote Console Management Setting Up Modem Ports for Remote Console Management Do the following to set up a Modem Port for remote console management: 1. Access the Asynchronous Command Mode for the asynchronous port that you want to set up for remote console management. (Refer to “Asynchronous Command Mode” on page 19 for information on accessing the Asynchronous Command Mode.) 2. Execute the access remote command to set the port access to REMOTE; for example: Async 5-5:0 >>access remote 3. Execute the modem enable command to enable modem control on the port; for example: Async 5-5:0 >>modem enable 4. Execute the flow control command to set the port flow control to CTS; for example: Async 5-5:0 >>flowcontrol cts 5. Ensure that the port is set to the same speed as the modem to which the port is attached. To set the port speed, use the speed command; for example: Async 5-5:0 >>speed 57600 6. Execute the modem command to access the Modem Command Mode for the port under configuration; for example: Async 5-5:0 >>modem 7. In the Modem Command Mode, execute the type command to set the Modem Type to DIALOUT; for example: Modem 5-5:0 >>type dialoutSetting Up Remote Console Management 54 451-0311B 8. In the Modem Command Mode, execute the dialout number command to specify the number that the modem will dial to connect with the Network Element on the Public Network; for example: Modem 5-5:0 >>dialout number 19785558371 9. In the Modem Command Mode, execute the initstring command to specify the initialization string for the modem; for example: Modem 5-5:0 >>initstring AT S7=45 S0=1 L1 V1 X4 &C1 &1 Q0 &S1 NOTE: The initialization string may vary between modem types. 10. In the Modem Command Mode, execute the retry command to specify the Retry value for the modem; for example: Modem 5-5:0 >>retry 6 11. In the Modem Command Mode, execute the timeout command to specify the Timeout value for the modem; for example: Modem 5-5:0 >>timeout 30 Setting Up Security for a Console Port You can use LOCAL authentication, RADIUS authentication, SecurID authentication, or TACACS+ authentication to protect a console port from unauthorized access. These methods of authentication require a user to enter a valid username/password combination to access the console port. Setting Up Local Authentication Under LOCAL authentication, a username/password combination is validated against the local security database. LOCAL authentication is enabled by default on console ports. (Other authentication options on console ports are NONE, RADIUS, TACACS+, and SecurID.) You can enable LOCAL authentication on a console port by doing the following: 1. Access the Asynchronous Command Mode for the asynchronous port that you want to configure. (Refer to “Asynchronous Command Mode” on page 19 for information on accessing the Asynchronous Command Mode.)451-0311B 55 Setting Up Remote Console Management 2. Execute the following command to enable LOCAL authentication on the port: Async 5-5:0 >>authentication outbound local enable Setting Up RADIUS Authentication Under RADIUS authentication, a username/password combination is validated against the RADIUS user and client database. The RADIUS security database is stored on the RADIUS server for the LX unit. In order to use RADIUS authentication on a port, you must have RADIUS set up for the LX unit. Refer to “Setting Up RADIUS” on page 33 for information on setting up RADIUS for the LX unit. RADIUS authentication is disabled by default on console ports. You can enable RADIUS authentication on a console port by doing the following: 1. Access the Asynchronous Command Mode for the asynchronous port that you want to configure. (Refer to “Asynchronous Command Mode” on page 19 for information on accessing the Asynchronous Command Mode.) 2. Execute the following command to enable RADIUS authentication on the port: Async 5-5:0 >>authentication outbound radius enable NOTE: If RADIUS authentication is enabled, you may want to implement a backup method (Fallback), which will be used if the RADIUS server is unreachable. Fallback switches to Local Authentication when there is no reply from the RADIUS server(s) after 3 attempts. For more information, refer to “Setting Up Fallback” on page 57.Setting Up Remote Console Management 56 451-0311B Setting Up TACACS+ Authentication Under TACACS+ authentication, a username/password combination is validated against the TACACS+ user and client database. The TACACS+ security database is stored on the TACACS+ server for the LX unit. In order to use TACACS+ authentication on a port, you must have TACACS+ set up for the LX unit. Refer to “Setting Up TACACS+” on page 38 for information on setting up TACACS+ on the LX unit. TACACS+ authentication is disabled by default on console ports. You can enable TACACS+ authentication on a console port by doing the following: 1. Access the Asynchronous Command Mode for the asynchronous port that you want to configure. (Refer to “Asynchronous Command Mode” on page 19 for information on accessing the Asynchronous Command Mode.) 2. Execute the following command to enable TACACS+ authentication on the port: Async 5-5:0 >>authentication outbound tacacs+ enable NOTE: If TACACS+ authentication is enabled, you may want to implement a backup method (Fallback), which will be used if the TACACS+ server is unreachable. Fallback switches to Local Authentication when there is no reply from the TACACS+ server(s) after 3 attempts. For more information, refer to “Setting Up Fallback” (below). Setting Up SecurID Authentication Under SecurID authentication, a username/password combination is validated against the SecurID user and client database. The SecurID security database is stored on the SecurID server for the LX unit. In order to use SecurID authentication on a port, you must have SecurID set up for the LX unit. Refer to “Setting Up SecurID” on page 43 for information on setting up SecurID on the LX unit.451-0311B 57 Setting Up Remote Console Management SecurID authentication is disabled by default on console ports. You can enable SecurID authentication on a console port by doing the following: 1. Access the Asynchronous Command Mode for the asynchronous port that you want to configure. (Refer to “Asynchronous Command Mode” on page 19 for information on accessing the Asynchronous Command Mode.) 2. Execute the following command to enable SecurID authentication on the port: Async 5-5:0 >>authentication outbound securid enable NOTE: If SecurID authentication is enabled, you may want to implement a backup method (Fallback), which will be used if the SecurID server is unreachable. Fallback switches to Local Authentication when there is no reply from the SecurID server(s) after 3 attempts. For more information, refer to “Setting Up Fallback” (below). Setting Up Fallback Fallback Authentication can be used as a mechanism for authenticating users when the configured authentication method (i.e., RADIUS, TACACS+, or SecurID) fails because the authentication server is unreachable. When a user logs in via Fallback, his or her username/password combination is validated against the LOCAL security database for the LX unit. The LX unit will make three attempts to log in the user via RADIUS, TACACS+, or SecurID before it implements Fallback. After the third attempt at logging in via the configured authentication method (RADIUS, TACACS+, or SecurID), the username/password combination will be validated against the LOCAL security database for the LX unit. RADIUS, TACACS+, or SecurID must be enabled on a port in order for Fallback to function on the port. When all three methods (i.e., RADIUS, TACACS+, or SecurID) are disabled on the port, Fallback is ignored by the port.Setting Up Remote Console Management 58 451-0311B Do the following to enable Fallback on a port: 1. Access the Asynchronous Command Mode for the asynchronous port on which you want to enable Fallback. (Refer to “Asynchronous Command Mode” on page 19 for information on accessing the Asynchronous Command Mode.) 2. Execute the following command to enable Fallback authentication on the port: Async 5-5:0 >>authentication fallback enable Creating Subscribers for Remote Console Management In order for a subscriber to do remote console management, he/she must have specific access rights. If RADIUS is the outbound authentication method, configure a Service-type of Outbound-User for the subscriber on the RADIUS server. If local authentication is used, do the following to set up the neccessary access rights for the subscriber: 1. Create, or access, the subscriber record of the subscriber that you want to configure for console-port access. (Refer to “Subscriber Command Mode” on page 21 for information on creating or accessing a subscriber record.) 2. In the Subscriber Command Mode, specify one or more access methods for the subscriber to use in connecting to the LX unit. For more information, refer to “Specifying Access Methods” on page 59. 3. Execute the access console enable command to specify that the subscriber will have console access to the LX unit; for example: Subs_mark >>access console enable 4. Execute the access port command to specify the console ports that the subscriber can access. In the following example, the access port command specifies that the subscriber mark can log on to ports 2, 3, 5, and 6: Subs_mark >>access port 2 3 5 6 451-0311B 59 Setting Up Remote Console Management 5. If you want the subscriber to create his or her own login password, execute the password enable command; for example: Subs_mark >>password enable When the subscriber logs in to the LX unit for the first time, he/she will be asked to enter, and confirm, his or her new password. 6. If you want to create a login password the subscriber, execute the password command; for example: Subs_mark >>password The following prompts are displayed: Enter your NEW password : Re-enter your NEW password: 7. Enter the new password at the Enter prompt, and re-enter it at the Re-enter prompt. (This is the password that the subscriber will be required to enter when he/she logs on to a console port.) Specifying Access Methods You can specify SSH, Telnet, or the Web (or any combination of SSH, Telnet, and the Web) as the method(s) that the subscriber can use to access LX asynchronous ports for remote console management. Because SSH includes data encryption capabilities, it is recommended as the access method for subscribers who will be sending sensitive data to the LX asynchronous ports. Specifying Telnet As an Access Method 1. Execute the access telnet enable command; for example: Subs_mark >>access telnet enable 2. Execute the telnet mode command to set the Telnet Mode. In the following example, the Telnet Mode is set to character: Subs_mark >>telnet mode character Setting Up Remote Console Management 60 451-0311B In the following example, the Telnet Mode is set to line: Subs_mark >>telnet mode line Specifying SSH As an Access Method 1. Execute the access ssh enable command; for example: Subs_mark >>access ssh enable 2. Execute the ssh cipher command to specify the SSH encryption type for the subscriber. In the following examples, the SSH encryption type is set to Triple-DES, ANY, and BLOWFISH respectively: Subs_mark >>ssh cipher triple-des Subs_mark >>ssh cipher any Subs_mark >>ssh cipher blowfish Refer to the ssh cipher command in the LX-Series Commands Reference Guide for more information on the Triple-DES, ANY, and BLOWFISH encryption types. Specifying the Web As an Access Method Execute the access web enable command; for example: Subs_mark >>access web enable 451-0311B 61 Chapter 3 System Administration This chapter explains how to upgrade the software, as well as some basic maintenance functions. Backup and Recovery This section explains how to save, edit, and load the configuration file. Saving the Configuration File The configuration file (Config.prm) is saved in a format that is readable in WordPad and the vi editor in UNIX. Because anyone can easily modify it, the file is signed with a digest using the SHA encryption algorithm. The SHA encryption lets the administrator know if a modified file is being loaded by issuing an alert message when a file not matching the original algorithm is being loaded. This way the administrator knows the file was modified and can take the appropriate action. The Config.prm file is created when you configure the LX unit. After the Config.prm file has been created on one unit, it can be copied to other units. When the Config.prm file resides on a new unit, you can copy its contents as appropriate for the new unit. For example, you can change the IP settings (i.e., IP Address, Subnet Mask, etc.) to the IP settings of the new unit. All other settings will be imported when the LX unit is rebooted. Where the Configuration is Stored All files related to the unit configuration are located in the directory /config. This directory contains the SSH keys, Menus, Configuration, a file to tell from where the configuration is to be taken (the ConfToBootFrom file), and the zone information directory (time and date).System Administration 62 451-0311B Saving the Configuration Into the Flash To save the configuration into the flash, execute the save configuration flash command in the Superuser command mode; for example: InReach:0 >>save configuration flash Saving the Configuration to the Network The TFTP protocol is used to save the LX configuration to a network host. Consequently, if you are saving to a UNIX host, a configuration file must already exist on the TFTP server. Use the touch command to create the configuration file as a .zip file. Windows-based workstations will automatically create the .zip file once the LX unit attempts the TFTP put process. The configuration format differs slightly from that described in “How the Configuration is Organized.” The .zip file contains everything previously described except for the SSH keys, since they belong to the unit itself and cannot be used on a different unit. Since the format is a .zip file, it is usable by WinZip or UNIX Unzip. Use the following command to save the configuration to the network: save configuration network filename tftp_server_address NOTE: The filename that you specify in the save configuration network command must not include a .zip extension. Editing the Files on a Unix Host You can edit the Config.prm file so that you can bring multiple units online at one time. To edit the files: 1. Open the .zip file into the directory by entering the following command: unzip filename.zip The Config.prm file appears. If you have configured menus, the Menu file also appears. 451-0311B 63 System Administration 2. Open the Config.prm file with any text editor (e.g., vi or emacs). 3. Select and copy the section of the Config.prm file that you want to modify: • Users that have access to all new LX units • PPP configurations • Broadcast Groups • Interface configurations • RADIUS, SecurID, or TACACS+ configurations • Specific Async Port configurations 4. If you are adding a new user to the Config.prm file, copy an existing user, paste it into the section directly below the last user, and make the necessary modifications to the copy. 5. Follow the same steps for any other changes you make to the Config.prm file. Editing the Files in Windows You can edit the Config.prm file so that you can bring multiple units online at one time. To edit the files: 1. Open the .zip file into the directory using winzip. The Config.prm file appears. If you have configured menus, the Menu file also appears. 2. Open the Config.prm file with the WordPad editor. 3. Select and copy the section of the Config.prm file that you want to modify: • Users that have access to all new LX units • PPP configurationsSystem Administration 64 451-0311B • Broadcast Groups • Interface configurations • RADIUS, SecurID, or TACACS+ configurations • Specific Async Port configurations 4. If you are adding a new user to the Config.prm file, copy an existing user, paste it into the section directly below the last user, and make the necessary modifications to the copy. 5. Follow the same steps for any other changes you make to the Config.prm file. Recreating the Zip File in Order to Upload It Onto the LX NOTE: To perform this procedure, you must be in the directory in which the files to be zipped reside. 1. To recreate the zip file, type the following command in UNIX: zip -o filename.zip file1 file2 file3 where filename.zip (you can name this whatever you want) is the archive you are writing the files to, and file1, file2, and file3 are the files you are adding to the archive. 2. In Windows, select the files you want to add to the zip file by clicking on them while holding down the Ctrl key. 3. Right click on the selected files and select Add to Zip. Loading the Configuration At the Config prompt, load the configuration as follows: Config:0:>>boot configuration from network tftp_server_address filename Config:0:>>end InReach:0:>>save configuration flash InReach:0:>>reload451-0311B 65 System Administration After the LX has reloaded, check the system status screen to make sure that the LX loaded from the proper place. Enter the following command: InReach:0:>>show system status Applying Default Configurations to Other Units This section explains how to create a default configuration file with which you can load multiple units. Creating a Default Configuration File After your first LX unit is up and running, you can save the unit configuration to the network. For further information, refer to “Saving the Configuration to the Network” on page 62. You must rename this .zip file to lx last six digits of the mac address.prm (e.g. lx12ab9f.prm). Once this is complete, you can use this .prm file as a template to configure multiple units at one time by changing the last six digits of the mac address to reflect that of the specific unit. Restoring the Default Configuration File to a New Unit The unit looks on the TFTP server specified in ppciboot. If the configuration is defaulted, it is detected at startup and the unit checks that a TFTP server was passed by ppciboot. If a TFTP server is accessible, the LX unit connects to it and tries to download a default file named lx last six digits of the mac address.prm (e.g., lx12ab9f.prm). If this file exists, the LX unit loads it into its configuration table. If the default file does not exist, the Quick Start menu is displayed.System Administration 66 451-0311B Scripting On External Units The LX unit supports Expect scripting. Expect is a common, simple, command line scripting language. You can use it to write simple scripts to automate interactive applications. For example, you can write an Expect script that can automatically log you in, modify the IP configuration, set up the configuration for any port, make the LX unit dial out, and establish a PPP configuration to a remote site, etc. For information on the LX commands, refer to the LX-Series Commands Reference Guide. How to Upgrade the Software You can upgrade the software and enter the IP information on your LX unit via two methods, depending upon your specific needs: • To upgrade software via the Command Line Interface, refer to “Upgrading Software with the Command Line Interface” for further instructions. • To upgrade software via the ppciboot Menu, refer to “Upgrading Software with the ppciboot Main Menu” and “Using the IP Configuration Menu” for further instructions. Upgrading Software and ppciboot with the Command Line Interface NOTE: The default filename for the software is linuxito.img. The ppciboot filename is ppciboot.img. NOTE: In superuser mode a check is performed to determine how much space is available before updating the software or ppciboot. Eight MB must be available to update software. One MB must be available to update ppciboot. Make sure you have a TFTP server up and running, containing the software image and the ppciboot image.451-0311B 67 System Administration To download the ppciboot from the command line interface (you must be in superuser mode), do the following: 1. Type the following and press : InReach:0>>update ppciboot tftp_server_ip_address/name NOTE: If the LX unit has a TFTP server address configured, you do not need to include the TFTP server IP Address or the TFTP server name in the update ppciboot command. By default, the software stores in memory the IP address of the TFTP server from which it has booted. If this occurs, this argument becomes optional. The “TFTP Download complete, verifying file integrity” message appears. The loaded file is checked for integrity. If the check is successful, the “File OK, copying boot image to flash” message appears (if the check finds a problem, the “Verify failed, Bad ppciboot file” message appears). You have upgraded ppciboot. You must reboot the unit for the new ppciboot to take effect. Now you must upgrade the software. 2. Type the following and press : InReach:0>>update software tftp_server_ip_address/name 3. Type the following and press to save your configuration locally: InReach:0>>save config flash This stores the parameters. 4. Type the following and press to save your configuration locally: InReach:0>>reload When the reload is complete, log in again. The new software is activated. NOTE: You can load a default configuration file from a TFTP server while the unit is at its default setting.System Administration 68 451-0311B ppciboot Factory Default Settings The following table lists the factory default settings. NOTE: For defaults on specific commands, refer to the LX-Series Commands Reference Guide. Each LX Series unit is configured at the factory to use a default set of initialization parameters that sets all ports to operate with asynchronous ASCII terminal devices. Main Menu Configuration Factory Default Setting Boot from Network yes Save boot image to flash no Boot from flash yes Time Out, in seconds 8 IP Configuration Menu Configuration Factory Default Setting IP Assignment method #1 DHCP IP Assignment method #2 BOOTP IP Assignment method #3 RARP IP Assignment method #4 User Defined451-0311B 69 System Administration Upgrading Software with the ppciboot Main Menu NOTE: At boot, the DIAG port (port 0) is used to configure the loading method (network or flash) of the Software image, ppciboot image, and the IP address assignment preferences. This section explains how to use the ppciboot Main menu to set up the boot configuration. Use it as a reference for how to use specific menu entries. You can access the ppciboot commands through the DIAG port (port 0), the graphic user interface (GUI), or in the Configuration Command Mode of the CLI. When you set ppciboot parameters, the software is not loaded on the unit yet. Use the ppciboot menu to set load parameters that allow you to get up and running. To access the menu, you need only connect a terminal using a console port cable to the DIAG port (port 0) and press one or two times. The Main Menu appears: If you want to accept the defaults, press B or wait eight seconds. Welcome to In-Reach ppciboot Version x.x Main Menu [1] Boot from network: yes [2] Save software image to flash: no [3] Boot from flash: yes [4] Time Out, in seconds (0=disabled): 8 [5] IP Configuration Menu [6] Update ppciboot Firmware [7] Ethernet Network Link [*] Reset to System Defaults [S] Save Configuration [B] Boot System Make a choice: __System Administration 70 451-0311B At the "Make a choice" prompt of the Main Menu, type the number corresponding to the configuration action you want to perform. The sections that follow describe each option in detail. Booting from the Network The Boot from network option lets you boot your software image file from the network. To boot from the network: 1. Press 1 to toggle between yes and no. To boot from the network, choose yes. 2. Press B to Boot the system. Do this only after you have made all configuration changes to the LX and saved the configuration. NOTE: MRV recommends that you leave Boot from flash on if you are booting from the network. By doing so, you provide a fallback method of booting in the event the network becomes unreachable. Saving the Boot Image to Flash The Saving the software image to Flash option lets you save the software image from the network to flash. To save the software image to flash: 1. Press 2 to toggle between yes and no. To save the software image to flash, choose yes. 2. Press B to Boot the system. Do this only after you have configured the ppciboot options and saved the configuration. Booting the system can take five or more minutes. Booting from Flash The Booting from Flash option lets you boot your software image from the flash. To boot from the flash: 1. Press 3 to toggle between yes and no. To boot from flash, choose yes. 2. Press B to Boot the system. Do this only after you have configured the LX and saved the configuration.451-0311B 71 System Administration Setting the Timeout in Seconds The Time Out, in seconds option lets you set the amount of time the system waits for you to press Boot before booting automatically. To set the timeout (the default is eight seconds): 1. Press the number 4 (Time Out, in seconds). 2. An Enter Time Out prompt appears. 3. Add a time in seconds and press . (Note: Entering 0 will disable the timeout. You should not enter 0, and thus disable the timeout, for remotely located units.) 4. Press S to save the configuration. IP Configuration Menu The IP Configuration Menu option lets you change addresses and settings if you do not want to accept the defaults. Refer to the “Using the IP Configuration Menu” section for details. Updating the ppciboot Firmware NOTE: Updating ppciboot firmware from the Main menu works only if you have already set up an ip address, ip mask, and TFTP server. The Update ppciboot Firmware option lets you update the firmware via the Main Menu. To update ppciboot firmware: 1. Press the number 6 (Update ppciboot Firmware). The ppciboot firmware begins loading from the TFTP server. 2. If the firmware loads successfully (taking only a few seconds), the Main menu reappears. A verification check of the firmware is performed. If an error message appears, the ppciboot image may be corrupt. 3. Press S to save the configuration. 4. Press B to boot the system.System Administration 72 451-0311B Setting the Speed and Duplex Mode of the Ethernet Network Link The Ethernet Network Link option lets you set the speed and duplex mode of the Ethernet Network Link. To set the speed or duplex mode of your Ethernet Network Link: 1. Press the number 7 (Ethernet Network Link). The following speed/duplex options are displayed: Auto, 100 half -for 100TX half duplex 100 full -for 100TX full duplex 10 half -for 10TX half duplex 10 full -for 10TX full duplex 2. Select one of the speed/duplex options from the above display. 3. Press S to save the configuration. Resetting to System Defaults The Reset to System Defaults option lets you reset the unit to system defaults. To reset to the system defaults: 1. Press the asterisk (*) (Reset to System Defaults). The following options appear: [1] Reset ppciboot Configuration [2] Reset Linux System Configuration 2. Select 1 or 2. If you select [1] Reset ppciboot Configuration, the command sets the ppciboot configuration to system defaults, but it does not save the configuration to flash. If you select [2] Reset Linux System Configuration, you are prompted for the password, which is access. If you enter the password, the command erases all of the configurations you have saved, except for the ppciboot configuration. 3. Press B to Boot the system. Do this only after you have configured the ppciboot options and saved the configuration. Refer to “Booting from Defaults” on page 76 for further information on defaulting from ppciboot and defaulting from the CLI.451-0311B 73 System Administration Saving the Configuration The Saving Configuration option lets you save the ppciboot configuration. When you are finished configuring the Main menu, press S to save the configuration. Booting the System The Boot System option lets you boot the system. Be sure to save the configuration and choose a boot method before you boot the system. Press B to boot the system. Do this only after you have configured all necessary ppciboot options and saved the configuration. Using the IP Configuration Menu The IP Configuration Menu option lets you change addresses and settings if you do not want to accept the defaults. To configure the IP settings: 1. At the Main menu, enter 5 to open the IP Configuration menu. 2. Choose the number of the field you want to change. See the following sections for specific details. Welcome to In-Reach ppciboot Version x.x IP Configuration Menu [1] IP Assignment method #1: DHCP [2] IP Assignment method #2: BOOTP [3] IP Assignment method #3: RARP [4] IP Assignment method #4: User Defined [5] Unit IP Address: [6] Network mask: [7] Gateway: [8] TFTP Server IP Address: [S] Save Configuration [R] Return to Main menu Make a choice:System Administration 74 451-0311B Choosing an IP Assignment Method The IP Assignment Method option lets you set the method by which you want to assign IPs. To configure an IP Assignment method: 1. Press 1, 2, 3, or 4 to see the options for IP Assignment method #1-4:. Select the IP Assignment method you want to change, and toggle the options (DHCP, BOOTP, RARP, User Defined, and None) by repeatedly pressing the option number. 2. When you reach the option you want, stop toggling the options for that IP Assignment method and go on to press the numbers corresponding (2 for IP Assignment method #2:, etc) to the other IP Assignment methods and make the changes you want in the same way. 3. If you are finished configuring the IP settings, press S to save the configuration. The IP Configuration menu reappears. Press R to return to the Main Menu. NOTE: If any of the four IP Assignment methods are set to “User Defined”, you will need to complete additional configuration. Changing the Unit IP Address The Unit IP Address option lets you change the unit IP address (this applies only to the user-defined IP method). To change an IP Address: 1. Press the number 5 (Unit IP Address). A Unit IP Address prompt appears. 2. Type the new address and press . 3. If you are finished configuring the IP settings, press S to save the configuration. The IP Configuration menu reappears. Press R to return to the Main Menu.451-0311B 75 System Administration Changing the Network Mask The Network Mask option lets you change the Network Mask (this applies only to the user-defined IP method). To change a Network Mask: 1. Press the number 6 (Network Mask). A Network Mask prompt appears. 2. Type the new network mask and press . 3. If you are finished configuring the IP settings, press S to save the configuration. The IP Configuration menu reappears. Press R to return to the Main Menu. Changing the Gateway Address The Gateway option lets you change the Gateway address (this applies only to the user-defined IP method). To change a Gateway address: 1. Press the number 7 (Gateway). A Gateway prompt appears. 2. Type the new Gateway address and press . 3. If you are finished configuring the IP settings, press S to save the configuration. The IP Configuration menu reappears. Press R to return to the Main Menu. Changing the TFTP Server IP Address The TFTP Server IP Address option lets you change the TFTP Server IP address (the address from where you load the boot image). This applies only to the user-defined IP method. To change the TFTP Server IP address: 1. Press the number 8 (TFTP Server IP address). A TFTP Server IP address prompt appears. 2. Type the new TFTP Server IP address and press . 3. If you are finished configuring the IP settings, press S to save the configuration. The IP Configuration menu reappears. Press R to return to the Main Menu.System Administration 76 451-0311B Saving the Configuration The Saving Configuration option lets you save the ppciboot configuration. To save the configuration: 1. When you are finished configuring using the IP Configuration menu, press S to save the configuration. 2. Press R to return to the Main Menu. NOTE: The IP Assignment method #1-4 has precedence over user defined assignment, but the user defined settings are used as soon as the User Defined method comes up. Booting from Defaults The first time you boot a unit takes longer because the system computes the SSH keys server and client. The process takes a few minutes. The keys are saved into the flash. You can default the configuration in two ways: • From the Main Menu. • From the Command Line Interface. Depending on where you default the configuration from, the effect is not the same. Defaulting from CLI When you default from the CLI, only the configuration (Config.prm) is erased. The SSH keys are preserved. To default from the CLI, enter the default configuration command in the Configuration command mode. Defaulting from the Main Menu When you default from the Main Menu the entire configuration, including the SSH keys, is erased. The next reboot must take the extra time needed to recompute the SSH keys.451-0311B 77 System Administration 1. Choose the (*) Reset to System Defaults option from the ppciboot menu. 2. Choose [2] Reset Linux System Configuration. The following display appears: 3. Enter the password, which is access. The Main Menu appears. 4. Press B to boot the unit. Various lines of data are displayed on the screen while the default ppciboot loads. This may take a few minutes. NOTE: This display is generated by the operational software. The system must be booted before this occurs. The default from ppciboot completes. Acquiring the IP Configuration The LX software gets its IP configuration from ppciboot or from the configuration. If the configuration is not loaded yet, the LX unit uses the IP configuration from ppciboot. Once the configuration file is found and loaded, the IP is modified according to the configuration. Therefore, if the configuration is already set, it always overrules the ppciboot configuration. You can use two commands to display interface information. The show interface 1 status command displays the actual setting of the interface. The show interface 1 characteristics command displays the configuration for the interface. Refer to the LX-Series Commands Reference Guide for details on how to use these commands. [2] Reset Linux system configuration WARNING: This will erase all configuration data in the system. Do not use unless the configuration is unusable.451-0311B 79 Chapter 4 Setting Up the Notification Feature The Notification Feature is used to send syslog messages of LX system events to pagers, email addresses, cell phones, SNMP trap clients, outbound asynchronous ports, and local or remote syslogd files. Overview of the Notification Feature The Notification Feature uses the syslog daemon (syslogd) to generate event messages. Event Messages can be generated for events that occur in any of the Linux facilities listed in Table 5. Table 5 - Sources of Event Messages The event messages that are sent to any given destination can be filtered according to the facility and priority (severity level) of the message. For example, a destination could be configured to receive only those messages that originate in a daemon and have a priority of crit. Facility Description all Generate messages for all system events. authpriv The Superuser authentication process. daemon A system daemon, such as in.ftpd. kern The Linux kernel. syslog The syslog daemon (syslogd). user User processes; This is the default facility.Setting Up the Notification Feature 80 451-0311B Table 6 lists the priorities that can be specified as filters for the Notification Feature. Table 6 - Supported Priorities Priority Description none No messages will be logged. This setting effectively disables syslog for this User Profile. info Normal, informational messages notice Conditions that are not errors, but which might require specific procedures to adjust them warning A warning message err A software error condition. This is the default priority. crit A critical condition, such as a hard device error alert A condition that the system administrator needs to correct immediately, such as a corrupted system database. emerg A severe condition. This is the kind of condition that can immediately affect the users’ ability to work on the LX. sigsnotice Indicates a state transition of the serial input signals CTS or DCD/DSR. Note: When this priority is specified, the facility for the User Profile must be set to kern. To set the facility for a User Profile to kern, refer to the userprofile facility command in the LX-Series Commands Reference Guide. 451-0311B 81 Setting Up the Notification Feature Configuring the Notification Feature In order to use the Notification Feature, you must do the following: • Create a Service Profile. A Service Profile defines a method for sending event messages to a destination. This method is typically a protocol (e.g., SMTP) or an on-board feature (e.g., outbound asynchronous ports). For most event notification processes, the Service Profile also defines the destination to which event messages will be sent. For more information, refer to “Creating Service Profiles” on page 82. • Create a User Profile. A User Profile specifies a facility/priority filter for a destination. A User Profile also specifies the destinations (i.e., addresses and telephone numbers) for event notification processes that send event messages by email, cell phones, and pagers. For more information on User Profiles, refer to “Overview of User Profiles” on page 88. Service Profiles A Service Profile must be created for each desired method of sending event messages to a destination. For example, to send event messages to pagers via the Telocator Alphanumeric Protocol (TAP), a Service Profile of the TAP type must first be created. A Service Profile must be fully configured, as described in “Creating Service Profiles” on page 82, before a User Profile can be associated with it. You can create more than one Service Profile for each method of sending event messages. For example, you can create several Service Profiles of the TAP type, with each Service Profile specifying a different Short Message Service Center (SMSC) for sending messages. In the Notification Command Mode, you can create Service Profiles of the following types: • SNPP – Used to send event messages to pagers with the Simple Network Pager Protocol (SNPP) (see “Configuring SNPP Service Profiles” on page 84).Setting Up the Notification Feature 82 451-0311B • WEB – Used to send event messages to pagers or cell phones via a Web Driver (see “Configuring WEB Service Profiles” on page 86). • TAP – Used to send event messages to pagers via TAP (see “Configuring TAP Service Profiles” on page 84). • SNMP – Used to send event messages to SNMP trap clients (see “Creating Service Profiles” on page 82). • LOCALSYSLOG – Used to send event messages to a local file on the LX unit (see “Configuring LOCALSYSLOG Service Profiles” on page 83). • REMOTESYSLOG – Used to send event messages to syslogd on a remote host (see “Configuring REMOTESYSLOG Service Profiles” on page 86). • ASYNC – Used to send event messages to outbound asynchronous ports on the LX unit (see “Configuring ASYNC Service Profiles” on page 85). Users can receive the event messages by logging in to the outbound asynchronous port. Under this method, syslog messages will be sent out the specified asynchronous port(s) as they occur. • SMTP – Used to send event messages to email addresses (see “Configuring SMTP Service Profiles” on page 87). Creating Service Profiles To create a Service Profile, do the following: 1. Access the Notification Command Mode. (Refer to “Notification Command Mode” on page 23 for information on accessing the Notification Command Mode.) 2. Use the serviceprofile protocol command to create a Service Profile. For example, the following command creates a Service Profile called Skytel, using the SNPP protocol: Notification:0 >>serviceprofile Skytel protocol snpp You can use the serviceprofile protocol command to create a Service Profile of any of the following types: SNPP, WEB, TAP, SNMP, LOCALSYSLOG, REMOTESYSLOG, ASYNC, or SMTP.451-0311B 83 Setting Up the Notification Feature 3. Configure the Service Profile. This step will vary, depending on the type of the Service Profile. For more information, refer to the following sections: • “Configuring LOCALSYSLOG Service Profiles” on page 83 • “Configuring SNPP Service Profiles” on page 84 • “Configuring TAP Service Profiles” on page 84 • “Configuring ASYNC Service Profiles” on page 85 • “Configuring REMOTESYSLOG Service Profiles” on page 86 • “Configuring WEB Service Profiles” on page 86 • “Configuring SMTP Service Profiles” on page 87 NOTE: SNMP Service Profiles do not require any configuration after they are created with the serviceprofile protocol command. However, in order for an SNMP trap client to receive event messages from an LX unit, it must be a Version 1 trap client with a community name of public. For more information, refer to the trap client version command, and the trap client community command, in the LX-Series Commands Reference Guide. Configuring LOCALSYSLOG Service Profiles After you have created a LOCALSYSLOG Service Profile, you can use the serviceprofile file command to specify the local file to which the event messages will be sent; for example: Notification:0 >>serviceprofile local file Build5 The local syslog writes event messages to the default directory /var/log. To read the contents of the file, go to /var/log/ in the shell. For example, you would go to /var/log/Build5 to read the contents of the local file specified in the above serviceprofile file command. You can create User Profiles to filter, by facility and priority, the event messages that will be sent to the local file. For more information, refer to “Creating a User Profile” on page 88.Setting Up the Notification Feature 84 451-0311B Configuring SNPP Service Profiles After you have created an SNPP Service Profile, you can configure it by doing the following: 1. Use the serviceprofile server command to specify the SNPP server to which syslogd will send the log messages. (The pager messages will be forwarded to the user by the service provider’s server.) The service provider’s server can be specified as an IP Address or as any symbolic name that can be resolved by DNS; for example: Notification:0 >>serviceprofile Skytel server snpp.Skytel.com NOTE: If you specify a symbolic name (e.g., snpp.Skytel.com) as the SNPP server, you must have a primary DNS server, and a domain name suffix, configured for the LX unit. For more information, refer to the primary dns command, and the domain name command, in the LX-Series Commands Reference Guide. 2. Use the serviceprofile port command to specify the LX TCP port that will be used to send messages to the SNPP server; for example: Notification:0 >>serviceprofile Skytel port 7777 In order to send messages to a pager, you must create a User Profile that specifies the pager pin number as its contact field. For more information, refer to “Creating a User Profile” on page 88. Configuring TAP Service Profiles After you have created a TAP Service Profile, you can configure it by doing the following: 1. Use the serviceprofile smsc command to specify the SMSC that will be used to send the event messages to the pager; for example: Notification:0 >>serviceprofile verizon smsc 18668230501 2. Use the serviceprofile parity command to specify the bit parity setting for the Service Profile; for example: Notification:0 >>serviceprofile verizon parity even451-0311B 85 Setting Up the Notification Feature 3. Use the serviceprofile bits command to specify the bits-per-byte setting for the Service Profile; for example: Notification:0 >>serviceprofile verizon bits 7 4. Use the serviceprofile stopbits command to specify the stop bits setting for the Service Profile; for example: Notification:0 >>serviceprofile verizon stopbits 2 NOTE: The bits-per-byte setting, and the stop bits setting, that you specify for a Service Profile, must match the bits-per-byte setting of any modem port specified in a User Profile based on this Service Profile. Refer to “Creating a User Profile” on page 88 for more information on specifying a modem port for a User Profile. In order to send event messages to a pager or cell phone via TAP, you must create a User Profile that specifies the cell phone number to which event messages will be sent, as well as the LX modem port that will be used to send the event messages to the SMSC. For more information, refer to “Creating a User Profile” on page 88. Configuring ASYNC Service Profiles After you have created an ASYNC Service Profile, you can use the serviceprofile async port command to specify the outbound asynchronous ports to which event messages will be sent; for example: Notification:0 >>serviceprofile serialport async port 5 7 You can create User Profiles to filter, by facility and priority, the event messages that will be sent to the outbound asynchronous ports. For more information, refer to “Creating a User Profile” on page 88.Setting Up the Notification Feature 86 451-0311B Configuring REMOTESYSLOG Service Profiles After you have created a REMOTESYSLOG Service Profile, you can use the serviceprofile host command to specify the remote UNIX host to which the event messages will be sent; for example: Notification:0 >>serviceprofile syslogvenus host 10.179.170.253 Do the following on the UNIX host that you specify in the serviceprofile host command: 1. Edit the file /etc/syslog.conf and add the following entry for user.warning: user.warning /tftpboot/test/user.warning.log 2. Create an empty log file as follows: #touch /tftpboot/test/user.warning.log #chmod 777 /tftpboot/test/user.warning.log 3. Restart the syslog daemon to make changes to the syslog.conf file take effect: # ps –ef|grep syslog # kill –HUP pid# You can create User Profiles to filter, by facility and priority, the event messages that will be sent to the remote host. For more information, refer to “Creating a User Profile” on page 88. Configuring WEB Service Profiles After you have created a WEB Service Profile, you can use the serviceprofile driver command to specify the web driver that will be used to send the event messages to the pager or cell phone; for example: Notification:0 >>serviceprofile freds driver VERIZON_WEB The supported web drivers are ATT_WEB, CELLNET_WEB, CINGULAR_WEB, ORANGE_WEB, PAGENET_WEB, PROXIMUS_WEB, and VERIZON_WEB.451-0311B 87 Setting Up the Notification Feature NOTE: You must set the date and time for the LX unit, or some wireless providers will reject event messages that are sent from it. To set the date and time for the LX unit, refer to the date command and the clock command in the LX-Series Commands Reference Guide. In order to send event messages to a pager or cell phone via a Web Driver, you must create a User Profile that specifies the pager number or cell phone number as its contact field. For more information, refer to “Creating a User Profile” on page 88. Configuring SMTP Service Profiles After you have created an SMTP Service Profile, you can use the serviceprofile server command to specify the SMTP server to which syslogd will send the log messages. (The messages will be forwarded by the server to a specific email address.) The server can be specified as an IP Address or as any symbolic name that can be resolved by DNS; for example: Notification:0 >>serviceprofile mrvemail server 10.179.176.21 NOTE: If you specify a symbolic name (e.g., mrv.com) as the SMTP server, you must have a DNS server configured for the LX unit. Refer to the primary dns command in the LX-Series Commands Reference Guide for more information on configuring a DNS server for the LX unit. (In addition, the LX unit will need to have a fully qualified domain name suffix.) In order to send messages to an email address, you must create a User Profile that specifies the email address as its contact field. For more information, refer to “Creating a User Profile” on page 88.Setting Up the Notification Feature 88 451-0311B Overview of User Profiles A User Profile filters event messages by the type (facility) and severity level (priority) of the event message. A User Profile also specifies the destinations (i.e., addresses and telephone numbers) for event notification processes that send event messages by email, cell phones, and pagers. The LX unit supports a maximum of 20 User Profiles. Creating a User Profile Do the following to create a User Profile: 1. Access the Notification Command Mode. (Refer to “Notification Command Mode” on page 23 for information on accessing the Notification Command Mode.) 2. Use the userprofile serviceprofile command to create a User Profile; for example: Notification:0 >>userprofile adminscell serviceprofile verizon NOTE: You must create, and link, a User Profile to an existing Service Profile. In the above example, the User Profile adminscell is created, and linked to, the Service Profile verizon. 3. If the User Profile is for a Service Profile of the SNPP, SMTP, TAP, or WEB type, you must use the userprofile contact command to specify the contact field for the User Profile; for example: Notification:0 >>userprofile adminscell contact 9785552222 The contact field specifies the destination (e.g., pager, cell phone, etc.) for User Profiles that are created for Service Profiles of the SNPP, SMTP, TAP, or WEB type. The allowable values for this field are the following: • Pager Pin Number (e.g., 8875551212) for User Profiles that are based on Service Profiles of the SNPP type. • Email Address (e.g., jstraw@mrv.com) for User Profiles that are based on Service Profiles of the SMTP type.451-0311B 89 Setting Up the Notification Feature • Pager Number or Telephone Number (e.g., 9785552222) for User Profiles that are based on Service Profiles of the TAP or WEB type. 4. Use the userprofile priority command to specify a priority characteristic for the User Profile; for example: Notification:0 >>userprofile adminscell priority warning The allowable values for the priority characteristic are info, notice, warning, err, crit, alert, emerg, and none. 5. Use the userprofile facility command to specify a facility characteristic for the User Profile; for example: Notification:0 >>userprofile adminscell facility user Event messages that originate from the specified facility, and have the specified priority (see step 4), will be sent to the destination. The allowable values for the facility characteristic are authpriv, daemon, kern, syslog, user, and all. 6. If the User Profile is for a Service Profile of the TAP type, you must use the userprofile modem port command to specify the modem port that the LX unit will use to send event messages to the SMSC; for example: Notification:0 >>userprofile adminscell modem port 17 Displaying Information on the Notification Feature This section describes how to display information about the Notification feature. The information that can be displayed includes the characteristics of Service Profiles and the characteristics of User Profiles. Displaying Characteristics of Service Profiles Use the show notification serviceprofile command, in the Superuser Command Mode, to display the characteristics of Service Profiles; for example: InReach:0 >>show notification serviceprofile jacklocalSetting Up the Notification Feature 90 451-0311B In the above example, the characteristics are displayed for the Service Profile jacklocal. Use the following syntax to display the characteristics of all Service Profiles on the LX unit: InReach:0 >>show notification serviceprofile all Figure 3 shows an example of the Service Profile display. Figure 3 - Service Profile Display Displaying Characteristics of User Profiles Use the show notification userprofile command, in the Superuser Command Mode, to display the characteristics of User Profiles; for example: InReach:0 >>show notification userprofile grogers In the above example, the characteristics are displayed for the User Profile grogers@mrv. Use the following syntax to display the characteristics of all User Profiles on the LX unit: InReach:0 >>show notification userprofile all ServiceProfile: syslog Protocol: localsyslog File: syslog ServiceProfile: messages Protocol: localsyslog File: messages ServiceProfile: jackremote Protocol: remotesyslog Remote Host: ServiceProfile: jackasync Protocol: async Async Port: 5 ServiceProfile: jack Protocol: tap SMSC: 18668230501 Bits/Parity/StopBits:8N1 Modem Port(s): 33 ServiceProfile: webjack Protocol: web Driver: verizon_web451-0311B 91 Setting Up the Notification Feature Figure 4 shows an example of the User Profile display. Figure 4 - User Profile Display Configuration Examples This section contains examples of each type of Service Profile. Each example includes the commands for creating the Service Profile, along with the commands for creating a User Profile based on the Service Profile. Localsyslog Example The following commands configure the logging of events to the local syslogd: Notification:0 >>serviceprofile local protocol localsyslog Notification:0 >>serviceprofile local file Build5 Notification:0 >>userprofile locallog service local Notification:0 >>userprofile locallog facility user Notification:0 >>userprofile locallog priority warning NOTE: In the above example, the locallog home directory is /var/log/Build5. UserProfile: messages ServiceProfile: messages Contact: Facility: all Priority: notice UserProfile: debug ServiceProfile: debug Contact: Facility: all Priority: debug UserProfile: grogers@mrv ServiceProfile: N/A Contact: Facility: kern Priority: emerg UserProfile: mark ServiceProfile: N/A Contact: Facility: kern Priority: emergSetting Up the Notification Feature 92 451-0311B Outbound Asynchronous Port Example The following commands forwards the logging of events to ports 5, 6, and 7: Notification:0 >>serviceprofile 3serialport protocol async Notification:0 >>serviceprofile 3serialport async port 5 6 7 Notification:0 >>userprofile serialport service 3serialport Notification:0 >>userprofile serialport facility user Notification:0 >>userprofile serialport priority warning Remotesyslog Example The following commands configure the logging of events to syslogd on a remote host: Notification:0 >>serviceprofile Rlogvenus protocol remotesyslog Notification:0 >>serviceprofile Rlogvenus host 10.179.170.253 Notification:0 >>userprofile venus service Rlogvenus Notification:0 >>userprofile venus facility user Notification:0 >>userprofile venus priority warning After you executed the above commands, you would do the following on the remote host: 1. Add the following entry to the /etc/syslog.conf file: user.warning /tftpboot/log/user.warning.log 2. Create an empty log file as follows: #touch /tftpboot/log/user.warning.log #chmod 777 /tftpboot/log/user.warning.log 3. Restart the syslog daemon, using the following commands, to make changes to the syslog.conf take effect. # ps –ef|grep syslog # kill –HUP pid#451-0311B 93 Setting Up the Notification Feature SNPP Example The following commands configure the logging of events to a text pager: Notification:0 >>serviceprofile Skytel protocol snpp Notification:0 >>serviceprofile Skytel server snpp.Skytel.com Notification:0 >>serviceprofile Skytel port 7777 Notification:0 >>userprofile johnpager service Skytel Notification:0 >>userprofile johnpager contact 8875551212 Notification:0 >>userprofile johnpager facility user Notification:0 >>userprofile johnpager priority warning NOTE: In order to resolve the provider’s address, DNS must be configured on the LX unit. TAP Example The following sequence of commands could be used to configure the logging of events via a wireless provider such as Verizon, Sprint, or AT&T: Notification:0 >>serviceprofile verizon protocol tap Notification:0 >>serviceprofile verizon SMSC 18668230501 (provider’s service phone #) Notification:0 >>serviceprofile verizon bits 7 Notification:0 >>serviceprofile verizon stopbit 1 Notification:0 >>serviceprofile verizon parity even Notification:0 >>userprofile gina’scell service verizon Notification:0 >>userprofile gina’scell contact 785551212 Notification:0 >>userprofile gina’scell facility user Notification:0 >>userprofile gina’scell priority warning Notification:0 >>userprofile gina’scell modem port 17 Notification:0 >>exit Now configure the modem port that will be used for sending messages: Config>>port async 17 Async 17-17:0 >>no apdSetting Up the Notification Feature 94 451-0311B Async 17-17:0 >>access remote Async 17-17:0 >>modem Modem>>modem enable Modem>>type dialout A list of wireless SMSC phone numbers is provided here for your convenience: NOTE: MRV Communications is not responsible for these SMSC phone numbers and cannot guarantee their service. Please contact your provider for a number near you. SNMP Example The following commands configure the logging of events to an SNMP trap client (the LX unit must first have a trap client configured): Snmp:0 >>trap client 0 10.179.170.57 Snmp:0 >>trap client 0 community public Snmp:0 >>trap client 0 version 1 The Service Profile and the User Profile can then be created in the Notification Command Mode: Notification:0 >>serviceprofile ricksnmp protocol snmp Notification:0 >>userprofile ricksnmp service ricksnmp Carrier SMSC Number Email Address SMSC Phone#@ AT&T 7, 1, e 800-841-8837 @mobile.att.net Cingular 7, 1, e 800-909-4602 @Cingular.com Nextel 7, 1, e 801-301-6683 @messaging.nextel.com Sprint 7, 1, e 888-656-1727 @sprintpcs.com Verizon 7, 1, e, 8, 1, n 866-823-0501 @vtext.com Skytel 8, 1, n 800-679-2778 pin@skytel.com451-0311B 95 Setting Up the Notification Feature Notification:0 >>userprofile ricksnmp facility user Notification:0 >>userprofile ricksnmp priority warning Email Example The following commands configure the logging of events to an email address: Notification:0 >>serviceprofile youremail protocol smtp Notification:0 >>serviceprofile youremail server 10.10.10.21 Notification:0 >>userprofile jsmith service youremail Notification:0 >>userprofile jsmith contact 785551111@vtext.com (verizon text phone) Notification:0 >>userprofile jsmith facility user Notification:0 >>userprofile jsmith priority warning NOTE: You may need to configure the LX with a Domain suffix, a DNS server address, and a primary gateway address. Web Example The following commands configure the logging of events to a web driver: Notification:0 >>serviceprofile cingular protocol web Notification:0 >>serviceprofile cingular driver cingular_web Notification:0 >>userprofile kevin service cingular Notification:0 >>userprofile kevin contact 9785551313 Notification:0 >>userprofile kevin facility user Notification:0 >>userprofile kevin priority warning NOTE: The date and time must be set for the LX unit. (If the date and the time are not set, some wireless providers will reject the message.) The date and time are set with the date and clock commands in the Configuration Command Mode. The supported web drivers can be retrieved from the CLI help.451-0311B 97 Chapter 5 Configuring the Data Broadcast Feature The Data Broadcast Feature allows you to specify ports as Slave Ports that receive data broadcasts from, and send data broadcasts to, Master Ports on the same LX unit. Any asynchronous port, or TCP port, on the LX unit can be configured as a Slave Port or a Master Port. The source of the data broadcast can be a direct serial connection, or a Telnet connection, to a Master Port. Users can receive data broadcasts by Telneting to a TCP port that is configured as a Slave Port. All Slave Ports and Master Ports belong to a Broadcast Group. The Slave Ports in a Broadcast Group can only receive data broadcasts from a Master Port in the same Broadcast Group. When a port is configured as a Slave Port, it can still receive data from sources other than the Master Ports in its Broadcast Group. By default, any data that a Slave Port receives is forwarded to the Master Ports in the Broadcast Group. The Master Ports then broadcast the data to the Slave Ports in the Broadcast Group. Setting Up Broadcast Groups Do the following to set up a Broadcast Group: 1. Access the Configuration Command Mode in the LX CLI. (For more information, refer to “Configuration Command Mode” on page 18.) 2. Use the broadcast group command to create a Broadcast Group; for example: Config:0 >>broadcast group 4 BrGroups 4:0 >>Configuring the Data Broadcast Feature 98 451-0311B This enters the Broadcast Group Command Mode. In the above example, the Broadcast Group Command prompt (BrGroups 4:0 >>) indicates that you are in the Broadcast Group Command Mode for Broadcast Group 4. 3. Use the master port command to specify the Master Ports for the Broadcast Group; for example: BrGroups 4:0 >>master port async 5 BrGroups 4:0 >>master port tcp 1500 In the above example, asynchronous port 5, and TCP port 1500, are specified as Master Ports for Broadcast Group 4. 4. Use the slave port command to specify the Slave Ports for the Broadcast Group; for example: BrGroups 4:0 >>slave port async 4 6 7 BrGroups 4:0 >>slave port tcp 2500 In the above example, asynchronous port 4, 6, and 7, and TCP port 2500, are specified as Slave Ports for Broadcast Group 4. 5. Use the mode command to specify the Telnet mode for the Broadcast Group; for example: BrGroups 4:0 >>mode line In the above example, the Telnet mode is specified as line; the Telnet mode can also be specified as character. 6. Use the exit command to return to the Configuration Command Mode; for example: BrGroups 4:0 >>exit Config:0 >> 7. Use the broadcast group enable command to enable the Broadcast Group that you just created; for example: Config:0 >>broadcast group 4 enable NOTE: In order to enable a Broadcast Group, the Broadcast Group must contain at least one Master Port and one Slave Port.451-0311B 99 Configuring the Data Broadcast Feature Usage Guidelines Keep the following in mind as you add Slave Ports and Master Ports to a Broadcast Group: • You cannot specify a the DIAG port (port 0) as a Slave Port or a Master Port. • A maximum of 20 ports, including Masters and Slaves, can be configured for a Broadcast Group. • You cannot add a port to a Broadcast Group if it is already a member of another Broadcast Group. • A TCP port that is already in use cannot be added to a Broadcast Group. • No more than one TCP socket may be open on a single TCP port. • A maximum of 16 TCP ports can be configured for a Broadcast Group. • To prevent data overruns, it is recommended that the Master Port(s) and Slave Port(s) in a Broadcast Group be set to the same port speed. Specifying Port Options You can specify that a timestamp will be appended to each line of data that is broadcast from a Master Port. You can also specify that non-broadcast data will be discarded by Slave Ports and that Slave Ports will echo any data that comes into them. This section describes how to configure these features. Appending a Timestamp Use the timestamp option of the master port command to specify that a timestamp will be appended to each line of data that is broadcast from a Master Port; for example: BrGroups 4:0 >>master port async 4 6 7 timestampConfiguring the Data Broadcast Feature 100 451-0311B Discarding Non-Broadcast Data By default, any data that a Slave Port receives is forwarded to the Master Port(s) in the Broadcast Group. This data is then broadcast to all of the Slave Ports in the Broadcast Group. However, you can configure Slave Port(s) to discard data without forwarding it to the Master Port(s). To do this, specify the discard option in the slave port command; for example: BrGroups 4:0 >>slave port async 5 7 discard BrGroups 4:0 >>slave port tcp 2500 discard In the above example, the discard option is specified for the asynchronous ports 5 and 7 and the TCP port 2500, in the Broadcast Group 4. Echoing Incoming Data at Slave Ports Use the localecho option in the slave port command to specify that Slave Ports will echo any data that comes into them; for example: BrGroups 4:0 >>slave port async 5 7 localecho Removing Ports from Broadcast Groups To remove Master Ports from a Broadcast Group, execute the no master port command in the Broadcast Group Command Mode; for example: BrGroups 4:0 >>no master port async 5 BrGroups 4:0 >>no master port tcp 1500 In the above examples, asynchronous port 5 and TCP port 1500 are removed from Broadcast Group 4. To remove Slave Ports from a Broadcast Group, execute the no slave port command in the Broadcast Group Command Mode; for example: BrGroups 4:0 >>no slave port async 7 BrGroups 4:0 >>no slave port tcp 2500 In the above examples, asynchronous port 7 and TCP port 2500 are removed from Broadcast Group 4.451-0311B 101 Configuring the Data Broadcast Feature To verify that Master Ports or Slave Ports have been deleted from a Broadcast Group, execute the show broadcast group characteristics command. (The deleted ports will not be listed in the Broadcast Group Characteristics Display.) For more information on the show broadcast group characteristics command, refer to “Displaying Broadcast Group Characteristics” on page 101. NOTE: You can not delete a Broadcast Group. In lieu of deleting a Broadcast Group, you can remove all of the ports from the Broadcast Group and then disable the broadcast Group. Disabling Broadcast Groups To disable a Broadcast Group, execute the no broadcast group command in the Configuration Command Mode; for example: Config:0 >>no broadcast group 4 In the above example, Broadcast Group 4 is disabled. Displaying Broadcast Group Characteristics This section describes how to display information about Broadcast Groups. The information includes Broadcast Group characteristics and Broadcast Group Summaries. Displaying Broadcast Group Characteristics Use the show broadcast group characteristics command to display the characteristics of Broadcast Groups; for example: InReach:0 >>show broadcast group 1 characteristics In the above example, the Broadcast Group characteristics are displayed for Broadcast Group 1. Use the following syntax to display the Broadcast Group characteristics of all Broadcast Groups on the LX unit: InReach:0 >>show broadcast group all characteristicsConfiguring the Data Broadcast Feature 102 451-0311B Figure 5 shows an example of the Broadcast Group Characteristics Display. Figure 5 - Broadcast Group Characteristics Display Time: 08 Nov 2002 16:29:26 US/EASTERN Broadcast Group Number: 1 Mode: Line Mode State: Disabled Async Master port(s) with Timestamp: Async Master port(s) without Timestamp: 1,4 TCP Master port(s) with Timestamp: TCP Master port(s) without Timestamp: Async Slave port(s) with Discard: Async Slave port(s) without Discard: 2-3,5-7 Async Slave port(s) with Local Echo: Async Slave port(s) without Local Echo: 2-3,5-7 TCP Slave port(s) with Discard: TCP Slave port(s) without Discard: TCP Slave port(s) with Local Echo: TCP Slave port(s) without Local Echo:451-0311B 103 Configuring the Data Broadcast Feature Displaying Broadcast Group Summaries Use the show broadcast group summary command, in the Superuser Command Mode, to display summary information for all Broadcast Groups on the LX unit; for example: InReach:0 >>show broadcast group summary Figure 6 shows an example of the Broadcast Group Summary Display. Figure 6 - Broadcast Group Summary Display Broadcast group number: State: 1 Enabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled451-0311B 105 Chapter 6 Configuring IP Interfaces An IP interface is a logical interface for accessing the LX unit from a network. You can configure up to 4 IP interfaces on an LX unit. Each IP interface has its own IP characteristics. You can access an LX unit via the Address of the IP interface, or by the ppciboot (server) Address of the LX unit. The network treats an IP interface as a network element that is no different from an actual server. For example, you could have an LX unit with an IP address of 117.19.23.5, a Broadcast address of 117.255.255.255, and the subnet mask of 255.0.0.0 in ppciboot. You could then create the IP interfaces shown in Table 7 for the LX unit. Table 7 - IP Interface Examples This would enable you to include the LX unit in three different networks (i.e., 119.20.112.0, 124.45.65.0, and 178.123.87.0). IP interfaces can be configured as rotaries. For more information, refer to “Configuring Rotaries” on page 113. Interface Number IP Address Broadcast Address Subnet Mask 1 119.20.112.3 119.255.255.255 255.0.0.0 2 124.45.65.23 119.255.255.255 255.0.0.0 3 178.123.87.123 119.255.255.255 255.0.0.0Configuring IP Interfaces 106 451-0311B An IP interface has the same subscriber database as the LX unit on which it was created. A subscriber can connect to asynchronous ports, or virtual ports, on the LX unit via an IP interface. IP interfaces support SSH and Telnet as methods for connecting subscribers to the LX unit. Refer to “Specifying the Subscriber Access Methods” on page 123 for more information. You can authenticate connections via IP interfaces with the same authentication methods that are configured for the LX unit (LOCAL, RADIUS, TACACS+, or SecurID). However, you must enable the authentication method on the IP interface before you can use it on the IP interface. (For more information, refer to “Configuring Local Authentication on an IP Interface” on page 110 and “Configuring RADIUS, TACACS+, or SecurID Authentication on an IP Interface” on page 110.) Setting Up IP Interfaces IP interfaces are created and configured in the Interface Command Mode. You can enter the Interface Command Mode by executing the interface command in the Configuration Command Mode. When you are in the Interface Command Mode, the Interface Command prompt (e.g., Intf 1-1:0 >>) is displayed. To configure an IP interface, do the following: 1. Execute the interface command in the Configuration Command Mode; for example: Config:0 >>interface 1 This enters the Interface command mode for the specified IP interface (IP interface 1 in the above example). 2. Use the address command to specify an IP Address, and Subnet Mask, for the interface; for example: Intf 1-1:0 >>address 119.20.112.3 mask 255.0.0.0 In the above example, the IP Address is specified as 119.20.112.3 and the subnet Mask is specified as 255.0.0.0.451-0311B 107 Configuring IP Interfaces 3. Use the broadcast command to specify the Broadcast Address for the IP interface; for example: Intf 1-1:0 >>broadcast 119.255.255.255 4. Configure an authentication method (LOCAL, RADIUS, TACACS+, or SecurID) for the IP interface. For more information, refer to the following sections: • “Configuring Local Authentication on an IP Interface” on page 110 • “Configuring RADIUS, TACACS+, or SecurID Authentication on an IP Interface” on page 110 Refer to the following sections to configure optional parameters for an IP interface: • “Specifying SSH Keepalive Parameters” on page 107 • “Specifying Socket Numbers” on page 108 • “Specifying Maximum Transmission Units (MTU)” on page 109 Specifying SSH Keepalive Parameters The SSH Keepalive Count is the number of times that an SSH client will attempt to make an SSH connection to an IP interface. The SSH Keepalive Interval is the length of time, in seconds, between attempts at making an SSH connection to the IP interface. Specifying the SSH Keepalive Count To specify the SSH Keepalive Count, execute the ssh keepalive count command; for example: Intf 1-1:0 >>ssh keepalive count 8 Specifying the SSH Keepalive Interval To specify the SSH Keepalive Count, execute the ssh keepalive interval command; for example: Intf 1-1:0 >>ssh keepalive interval 30Configuring IP Interfaces 108 451-0311B Specifying Socket Numbers IP interfaces have a default SSH Socket Number of 22 and a default Telnet Socket Number of 23. Table 8 lists the default SSH and Telnet Socket Numbers for LX serial ports. Table 8 - Default Socket Numbers for Serial Ports This section describes how to specify SSH Socket Numbers and Telnet socket Numbers for IP interfaces and LX (asynchronous) ports. This is typically done to prevent hackers from accessing LX ports via default SSH Socket Numbers or default Telnet Socket Numbers. Specifying a Telnet Socket Number for a Serial Port To specify a Telnet Socket Number for a serial port, execute the serial command with the telnet modifier; for example: Intf 1-1:0 >>serial 6 ssh 1297 In the above example, the Telnet Socket Number for serial port 6 is set to 1297. LX Serial Port Default Telnet Port Default SSH Port 0 0 0 1 2100 2122 2 2200 2222 3 2300 2322 4 2400 2422 5 2500 2522 6 2600 2622 7 2700 2722 8 2800 2822451-0311B 109 Configuring IP Interfaces Specifying an SSH Socket Number for a Serial Port To specify an SSH Socket Number for a serial port, execute the serial command with the ssh modifier; for example: Intf 1-1:0 >>serial 4 ssh 983 In the above example, the SSH Socket Number for serial port 4 is set to 983. Specifying a Virtual Port Socket Number for SSH To specify the Virtual Port Socket Number for making an SSH connection to the IP interface, execute the ssh port command; for example: Intf 1-1:0 >>ssh port 988 In the above example, the Virtual Port Socket Number for making an SSH connection to the IP interface is set to 988. Specifying a Virtual Port Socket Number for Telnet To specify the Virtual Port Socket Number for making a Telnet connection to the IP interface, execute the telnet port command; for example: Intf 1-1:0 >>telnet port 1743 In the above example, the Virtual Port Socket Number for making a Telnet connection to the IP interface is set to 1743. Specifying Maximum Transmission Units (MTU) The Maximum Transmission Units (MTU) is the maximum size (in bytes) of frames that can be transmitted on the IP interface. Frames that are larger than the designated MTU size are fragmented before transmission. (Note that the software fragments frames on the transmit side only.) Use the mtu command to specify the MTU for an IP interface; for example: Intf 1-1:0 >>mtu 1200 You can specify any number from 1000 through 1500 as the MTU size. The default MTU size is 1500.Configuring IP Interfaces 110 451-0311B Configuring Local Authentication on an IP Interface Local authentication can be used when a subscriber logs in to a specific asynchronous port via an IP interface. In order to use local authentication, it must be enabled as the method of inbound authentication for the asynchronous port. Then it must be enabled for the IP interface. Execute the authentication enable command, with the inbound and local modifiers, to enable local authentication for inbound asynchronous ports. The authentication enable command is executed in the Asynchronous Command Mode; for example: Async 4-4:0 >>authentication inbound local enable In the above example, local authentication is enabled as the method of inbound authentication for asynchronous port 4. Execute the authentication local enable command, in the Interface Command Mode, to enable local authentication on the IP interface; for example: Intf 1-1:0 >>authentication local enable Configuring RADIUS, TACACS+, or SecurID Authentication on an IP Interface Server-based authentication methods (i.e., RADIUS, TACACS+, or SecurID) can be used when a subscriber logs in to an asynchronous port via an IP interface. In order to enable server-based authentication for an IP interface, the authentication method must be configured for the LX unit and enabled as the method of inbound authentication for the asynchronous port. For more information, refer to “Setting Up RADIUS, SecurID, and TACACS+ for the LX Unit” on page 33 and the authentication enable command in the LX-Series Commands Reference Guide. To enable RADIUS authentication on the IP interface, execute the authentication radius enable command, in the Interface Command Mode; for example: Intf 1-1:0 >>authentication radius enable451-0311B 111 Configuring IP Interfaces To enable SecurID authentication on the IP interface, execute the authentication securid enable command, in the Interface Command Mode; for example: Intf 1-1:0 >>authentication securid enable To enable TACACS+ authentication on the IP interface, execute the authentication tacacs+ enable command, in the Interface Command Mode; for example: Intf 1-1:0 >>authentication tacacs+ enable Configuring RADIUS Accounting on an Interface RADIUS Accounting allows you to log user account information to a remote server in a per-client file. The file or record can contain information such as the user who logged in, the duration of the session, port number, Client IP address, and the number of bytes/packets that were processed by the LX unit. For more information on RADIUS accounting, refer to “Overview of RADIUS and TACACS+ Accounting” on page 161. RADIUS accounting can be used when a subscriber logs in to an asynchronous port via an IP interface. In order to enable RADIUS accounting for an IP interface, RADIUS accounting must be configured for the LX unit. For more information, refer to “Setting Up RADIUS” on page 33. Execute the radius accounting enable command, in the Interface Command Mode, to enable RADIUS accounting on the IP interface; for example: Intf 1-1:0 >>radius accounting enable Configuring TACACS+ Accounting on an Interface TACACS+ Accounting allows you to log user account information to a remote server in a per-client file. For more information on TACACS+ accounting, refer to “Overview of RADIUS and TACACS+ Accounting” on page 161.Configuring IP Interfaces 112 451-0311B Execute the tacacs+ accounting enable command, in the Interface Command Mode, to enable TACACS+ accounting on the IP interface; for example: Intf 1-1:0 >>tacacs+ accounting enable Configuring Fallback on an IP Interface Fallback Authentication can be used as a mechanism for authenticating users when the configured authentication method (i.e., RADIUS, TACACS+, or SecurID) fails because the authentication server is unreachable. When a user logs in via Fallback, his or her username/password combination is validated against the LOCAL security database for the LX unit. The LX unit will make three attempts to log in the user via RADIUS, TACACS+, or SecurID before it implements Fallback. After the third login attempt, the username/password combination will be validated against the LOCAL security database for the LX unit. RADIUS, TACACS+, or SecurID must be enabled on an IP interface in order for Fallback to function on the interface. (Refer to “Configuring RADIUS, TACACS+, or SecurID Authentication on an IP Interface” on page 110 for information on enabling RADIUS, TACACS+, or SecurID.) When all three methods (i.e., RADIUS, TACACS+, or SecurID) are disabled on the interface, Fallback is ignored by the interface. Execute the authentication fallback enable command, in the Interface Command Mode, to enable Fallback on the IP interface; for example: Intf 1-1:0 >>authentication fallback enable451-0311B 113 Configuring IP Interfaces Configuring Rotaries The term “rotary” refers to the assignment of an IP address to multiple destinations that offer the same type of service. On an LX unit, an IP interface can be configured as a rotary, with LX asynchronous ports as the multiple destinations of the rotary. A user can attempt to connect to an IP interface that is configured as a rotary. When a user attempts such a connection, he/she is connected to an available port that has been configured as one of the destinations of the rotary. Figure 7 illustrates a rotary on an LX unit. Figure 7 - Rotary Connections on an IP Interface The rotary is transparent to users. A user simply requests a connection to an IP address, and the LX unit sets up the connection with one of the available ports in the rotary group. Do the following to configure an IP interface as a rotary: 1. Create a new IP interface, or access an existing one, by executing the interface command in the Configuration Command Mode; for example: Config:0 >>interface 1 This enters the Interface Command Mode for the specified interface (i.e., Interface 1). The Interface Command prompt (e.g., Intf 1-1:0 >>) is displayed. The user initiates a Telnet connection, or an SSH connection, to the IP address of an IP interface that has been configured as a rotary. The user is connected to an available port in the rotary port list. LX UnitConfiguring IP Interfaces 114 451-0311B 2. Use the address command to configure a server IP address for the IP interface; for example: Intf 1-1:0 >>address 10.240.10.100 3. Use the rotary type command to specify the rotary type (Round Robin or First Available); for example: Intf 1-1:0 >>rotary type round robin The rotary type is identifies the port search method for the rotary. The allowable values are: first available An incoming call is connected to the First Available (non-busy) port in the rotary. round robin The LX unit will search the rotary for an available port, starting with the lowest-numbered port in the rotary. 4. Use the rotary port command to configure the IP interface as a rotary, and to assign LX asynchronous ports to the rotary; for example: Intf 1-1:0 >>rotary port 1 2 3 In the above example, the LX asynchronous ports 1, 2, and 3 are assigned to the rotary. 5. Use the rotary tcp port command to assign a TCP socket number to the rotary; for example: Intf 1-1:0 >>rotary tcp port 3000 In the above example, the TCP socket number for the rotary is specified as 3000. This identifies the socket that will be used to make Telnet connections to the rotary. NOTE: The default TCP socket is 1500.451-0311B 115 Configuring IP Interfaces 6. Use the rotary ssh port command to assign an SSH socket number to the rotary; for example: Intf 1-1:0 >>rotary ssh port 3022 In the above example, the SSH socket number for the rotary is specified as 3022. This identifies the socket that will be used to make SSH connections to the rotary. NOTE: The default SSH socket is 1522. 7. Use the rotary enable command to enable the rotary; for example: Intf 1-1:0 >>rotary enable Disabling Rotaries Execute the no rotary command in the Interface Command Mode to disable a rotary; for example: Intf 1-1:0 >>no rotary When a rotary is disabled, it no longer functions as a rotary. NOTE: Disabling a rotary does not delete the rotary; the configuration of the rotary still exists, and you can re-enable it by executing the rotary enable command in the Interface Command Mode. To verify that a rotary has been disabled, execute the show interface rotary command. If the rotary is in fact disabled, it will say “Disabled” in the “Rotary State” column of the display. For more information on the show interface rotary command, refer to “Displaying Rotary Information” on page 118. Removing Ports from a Rotary To remove asynchronous ports from a rotary, execute the no rotary port command in the Interface Command Mode; for example: Intf 1-1:0 >>no rotary port In the above example, the asynchronous ports are removed from the rotary on Interface 1.Configuring IP Interfaces 116 451-0311B To verify that asynchronous ports have been removed from a rotary, execute the show interface rotary command. If the asynchronous ports have in fact been removed, they will not appear in the “Serial Ports” column of the display. For more information on the show interface rotary command, refer to “Displaying Rotary Information” on page 118. Displaying Interface Information This section describes how to display information about IP interfaces and rotaries. The IP interface information includes characteristics, port mapping, statuses, and summaries. The rotary information includes the Rotary IP Address, the Rotary ports, the Rotary type, and the Rotary State. Displaying Interface Characteristics Use the show interface characteristics command, in the Superuser Command Mode, to display the characteristics of an IP interface; for example: InReach:0 >>show interface 1 characteristics In the above example, the interface characteristics are displayed for IP interface 1. Use the following syntax to display the interface characteristics of all IP interfaces on the LX unit: InReach:0 >>show interface all characteristics Figure 8 shows an example of the Interface Characteristics display. Figure 8 - Interface Characteristics Display Time: Mon, 22 Dec 1969 16:14:27 Interface Name: Interface_1 Bound to : eth0 IP MTU Size: 1500 IP Address : 0.0.0.0 Learned IP Address : 102.19.169.191 IP Mask : 0.0.0.0 Learned IP Mask : 255.255.255.0 IP Broadcast : 0.0.0.0 Learned IP Broadcast: 102.19.169.255 Interface Status: In Use Learned IP Gateway : 102.19.169.1 Rotary Feature: Disabled Learned IP DNS : 0.0.0.0 Authentication: Local Radius Accounting: Disabled Authentication FallBack: Disabled Tacacs+ Accounting: Disabled SSH port: 22 Telnet port: 23 SSH Keepalive Interval: 0 SSH Keepalive Count: 3451-0311B 117 Configuring IP Interfaces Displaying Interface Port Mapping Use the show interface characteristics command, in the Superuser Command Mode, to display the Telnet Socket Number, and the SSH Socket Number, associated with each serial port on the LX unit; for example: InReach:0 >>show interface 1 port mapping In the above example, the port mapping for IP interface 1 is displayed. Use the following syntax to display the port mapping for all IP interfaces on the LX unit: InReach:0 >>show interface all port mapping Figure 9 shows an example of the Interface Port Mapping display. Figure 9 - Interface Port Mapping Display Displaying Interface Statuses Use the show interface characteristics command, in the Superuser Command Mode, to display the status information for IP interfaces; for example: InReach:0 >>show interface 1 status In the above example, the status information for IP interface 1 is displayed. Use the following syntax to display the status information for all IP interfaces on the LX unit: InReach:0 >>show interface all status Serial Port Telnet Port SSH Port 0 0 0 1 2100 2122 2 2200 2222 3 2300 2322 4 2400 2422 5 2500 2522 6 2600 2622 7 2700 2722 8 2800 2822Configuring IP Interfaces 118 451-0311B Figure 10 shows an example of the Interface Status display. Figure 10 - Interface Status Display Displaying Interface Summaries Use the show interface summary command, in the Superuser Command Mode, to display summary information for all of the IP interfaces on the LX unit; for example: InReach:0 >>show interface summary Figure 11 shows an example of the Interface Summary display. Figure 11 - Interface Summary Display Displaying Rotary Information Use the show interface rotary command, in the Superuser Command Mode, to display information on rotaries; for example: InReach:0 >>show interface 1 rotary In the above example, the rotary information for IP interface 1 is displayed. Use the following syntax to display the rotary information for all IP interfaces on the LX unit: InReach:0 >>show interface all rotary Time: Mon, 22 Dec 1969 16:19:34 Interface Name: Interface_1 Bound to : eth0 IP Address: 102.19.169.191 IP Mask: 255.255.255.0 IP Broadcast Addr: 102.19.169.255 Name Address Broadcast Addr. Mask Bound to Interface_1 0.0.0.0 0.0.0.0 0.0.0.0 eth0 Interface_2 0.0.0.0 0.0.0.0 0.0.0.0 eth0:1451-0311B 119 Configuring IP Interfaces Figure 12 shows an example of the Rotary display. Figure 12 - Rotary Display Rotary Ip Address TCP/SSH Port Rotary Type Rotary State Serial Ports 147.132.145.16 1500/1522 First Available Disabled 2,3,4,7451-0311B 121 Chapter 7 Configuring Subscriber Accounts for the LX Unit In order for a user (subscriber) to use the LX unit, he/she must log in to the unit under a subscriber account. The subscriber account defines a User Profile that includes the subscriber’s username and password. The User Profile also defines the subscriber’s Security Level (User or Superuser) and contains all of the settings that affect the subscriber’s use of the LX unit. This chapter describes how to create and delete subscriber accounts, how to modify subscriber accounts, and how to display information on subscriber accounts. The LX-Series Commands Reference Guide provides a detailed syntax, and description, for each command mentioned in this chapter. Creating Subscriber Accounts and Entering Subscriber Command Mode To create a subscriber account, or to access an existing subscriber account, use the subscriber command in the Configuration Command Mode; for example: Config:0 >>subscriber jack where jack is an example of a subscriber name (user name). The subscriber name must contain at least 2 characters, and no more than 15 characters. The reserved words super and subscriber, and any variation of super and subscriber, cannot be used as subscriber names. (Variations of super and subscriber include su, sup, sub, subs, etc.)Configuring Subscriber Accounts for the LX Unit 122 451-0311B The maximum number of subscribers on an LX unit is equal to double the number of ports on the unit. For example, the maximum number of subscribers is 16 on an 8-port unit, 32 on a 16-port unit, 64 on a 32-port unit, and 96 on a 48-port unit. Executing the subscriber command puts you into the Subscriber Command Mode for the subscriber. The Subscriber Command prompt (e.g., Subs_jack >>) is displayed. Creating Subscriber Accounts by Copying You can also create subscriber accounts by executing the copy subscriber command in the Configuration Command Mode. The copy subscriber command creates new subscriber accounts by copying the configuration of an existing subscriber account; for example: Config:0 >>copy subscriber benw to jimk billj edw In the above example, the subscriber account configuration of benw is copied to jimk, billj, and edw. Deleting Subscriber Accounts Use the no subscriber command, in the Configuration Command Mode, to delete a subscriber account; for example: Config:0 >>no subscriber jack In the above example, the subscriber account jack is deleted. NOTE: You can not delete the subscriber InReach.451-0311B 123 Configuring Subscriber Accounts for the LX Unit The User Profile When you create a new subscriber account with the subscriber command, its User Profile is based on the default User Profile of the InReach subscriber. (The InReach subscriber is the default subscriber for the LX unit.) Refer to the following sections to specify new settings in a User Profile: • “Specifying the Subscriber Access Methods” on page 123 • “Setting Up the Session and Terminal Parameters” on page 128 • “Configuring the Subscriber Password” on page 132 • “Specifying a Preferred Service” on page 133 • “Specifying a Dedicated Service” on page 133 • “Enabling Login Menus” on page 134 • “Adding Superuser Privileges to a Subscriber Account” on page 133 • “Configuring the Subscriber Password” on page 132 • “Enabling Audit Logging” on page 134 • “Enabling Command Logging” on page 134 Specifying the Subscriber Access Methods You can specify up to four methods for the subscriber to access the LX unit. The methods include Telnet, SSH, Web Browser, and Console. For information on specifying each method, refer to the following: • “Telnet Access” (see below) • “SSH Access” (see page 124) • “Web Browser Access” (see page 126) • “Console Access” (see page 127) You can also provide subscribers with access via Dialback. For more information, refer to “Dialback Access” on page 127.Configuring Subscriber Accounts for the LX Unit 124 451-0311B Telnet Access In order to specify Telnet access for a subscriber, do the following: 1. Set the telnet access parameter to enabled; for example: Subs_jack >>access telnet enable 2. Set the telnet mode parameter to line or character; for example: Subs_jack >>telnet mode line Subs_jack >>telnet mode character After you have executed the above commands, the subscriber will have Telnet access to virtual ports on the LX unit. Refer to “Console Access” on page 127 to give the user access to asynchronous ports on the LX unit. SSH Access In order to specify SSH access for a subscriber, do the following: 1. Set the ssh access parameter to enabled; for example: Subs_jack >>access ssh enable 2. Set the ssh log level parameter to the class of SSH messages that will be logged to syslogd; for example: Subs_jack >>ssh log level debug The above example of the ssh log level command specifies that SSH messages of the debug class will be logged to syslogd for the subscriber. You can also specify SSH log levels of error, fatal, info, quiet, verbose. 3. Set the ssh cipher parameter to triple-des, any, or blowfish; for example: Subs_jack >>ssh cipher triple-des Subs_jack >>ssh cipher any Subs_jack >>ssh cipher blowfish451-0311B 125 Configuring Subscriber Accounts for the LX Unit Description of the Three Encryption Types After you have executed the above commands, the subscriber will have SSH access to virtual ports on the LX unit. Refer to “Console Access” on page 127 to give the subscriber access to asynchronous ports on the LX unit. You can specify a unique SSH key for the subscriber. Refer to “Specifying a Unique SSH Key for the Subscriber” on page 126 for more information. Overview of Triple-DES DES is a block cipher (i.e., it acts on a fixed-length block of plaintext and converts it into a block of ciphertext of the same size by using the secret key). In DES, the block size for plaintext is 64 bits. The length of the key is also 64 bits but 8 bits are used for parity. Hence the effective key length is only 56 bits. In Triple-DES, we apply 3 stages of DES with a separate key for each stage. The key length in Triple-DES is 168 bits. Decryption is done by applying the reverse transformation to the block of ciphertext using the same key. Since the same key is used both in encryption and decryption, DES is a symmetric key cipher. This method differs from algorithms like the RSA encryption which use different keys to encrypt and decrypt a message. triple-des Specifies that the Triple Data Encryption Standard (TripleDES) is the only SSH encryption type supported for this subscriber. any Specifies that any SSH encryption type is supported for this subscriber. blowfish Specifies that BLOWFISH is the only SSH encryption type supported for this subscriber. See “Usage Guidelines” (below) for more information on the BLOWFISH encryption type.Configuring Subscriber Accounts for the LX Unit 126 451-0311B Overview of Blowfish Blowfish is a variable-length key block cipher. It is only suitable for applications where the key does not change often, like a communications link or an automatic file encryptor. It is significantly faster than DES when implemented on 32-bit microprocessors with large data caches, such as the Pentium and the PowerPC. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Specifying a Unique SSH Key for the Subscriber You can specify a unique SSH key for the subscriber by executing the ssh key command; for example: Subs_jack >>ssh key When you execute the ssh key command, the following prompt is displayed: Please enter your key: Type an SSH key at the above prompt. The SSH key can be any random string of characters. As an alternative to typing the SSH key, you can paste a generated SSH key at the above prompt. (The SSH key must be generated on the host from which the subscriber will make SSH connections to the LX unit. Refer to your Linux documentation for more information on generating an SSH key.) When a subscriber has a unique SSH key, he/she can log on to the LX unit, via SSH, without entering a password. (The only requirement is that the user must log on from the host on which his or her SSH key was generated.) Web Browser Access In order to specify Web Browser access for the subscriber, set the access web parameter to enabled; for example: Subs_jack >>access web enable451-0311B 127 Configuring Subscriber Accounts for the LX Unit In order for the subscriber to have access to virtual ports on the LX, you must configure Telnet or SSH for the subscriber. For more information, refer to “Telnet Access” on page 124 and “SSH Access” on page 124. Refer to “Console Access” on page 127 to give the user access to asynchronous ports on the LX. Console Access By default, a user can only access virtual ports on the LX when his or her subscriber account has been configured for Telnet, SSH, or Web Browser access. In order for a subscriber to access asynchronous ports, the access to those ports must be configured in the subscriber account. To configure a subscriber account for access to asynchronous ports, do the following: 1. Execute the access console enable command to enable asynchronous port access for the subscriber; for example: Subs_jack >>access console enable 2. Execute the access port enable command to specify the asynchronous ports that the subscriber can access; for example: Subs_jack >>access port 2 4 6 enable In the above example, the subscriber is given access to asynchronous ports 2, 4, and 6. Dialback Access The LX unit supports Dialback as an access method for LX subscribers. Under Dialback, the subscriber dials in to the LX unit and logs in as he/she would if he/she were a dialin subscriber. The LX unit then validates the login and terminates the call. If the subscriber login is valid, the LX unit calls the subscriber back. The subscriber is then logged in to the LX unit. Dialback is used for security (the destination is recorded by the Telco for billing, and calls can be restricted to specific destinations) and to manage connection costs (central site billing).Configuring Subscriber Accounts for the LX Unit 128 451-0311B In order to specify Dialback access for a subscriber, do the following: 1. Set the dialback access parameter to enabled; for example: Subs_jack >>dialback enable 2. Specify a dialback number for the subscriber; for example: Subs_jack >>dialback number 19785551978 The dialback number is the telephone number that the LX modem will dial to call back the subscriber. 3. Specify the dialback retry parameter for the subscriber; for example: Subs_jack >>dialback retry 7 The dialback retry parameter is the number of times that the modem on the LX unit can attempt to answer a dialback call Setting Up the Session and Terminal Parameters The session and terminal parameters include all settings that affect the subscriber session and the operation of the subscriber terminal during a subscriber session. These settings include the session timeouts and limits, screen pause, user prompts, terminal type, Subscriber session mode, and function keys for switching between sessions. For more information, refer to the following: • Function Keys for Switching Between Sessions – Used to switch between subscriber sessions, including the Local Command Mode (see “Setting Up the Session Switch Characters” on page 131). • Terminal Type – Use the terminal command to set the terminal type for the subscriber. You can set the terminal type to ANSI or VT100; for example: Subs_jack >>terminal ansi Subs_jack >>terminal vt100451-0311B 129 Configuring Subscriber Accounts for the LX Unit • Maximum Length of a Subscriber Session – Use the session timeout command to set the maximum length (in seconds) of a subscriber session. The syntax of the session timeout command is as follows: Subs_jack >>session timeout 36000 The allowable values are 0 through 65535. A value of 0 means that there is no limit to the length of a subscriber session. • User Prompts – You can specify a custom user prompt of up to 8 ASCII characters to replace the username field of the default login prompt for a subscriber. To specify a custom user prompt, execute the prompt command; for example: Subs_jack >>prompt mxxxx9 In the above example, the subscriber’s default login prompt (e.g., jack:0 >) is changed to mxxxx9:0 >. • Subscriber Session Mode – When the Subscriber session mode is CLI, the subscriber is logged into the CLI when he/she accesses the LX unit; when the Subscriber session mode is Shell, the subscriber is logged into the Linux shell when he/she accesses the LX unit. Use the shell enable command to change the Subscriber session mode from CLI to Shell; for example: Subs_jack >>shell enable When the shell enable command is executed, the Maximum Subscriber Sessions is automatically set to 1. The Maximum Subscriber Sessions cannot be changed from 1 until the Subscriber Session Mode is disabled with the no shell command (see below). When the Subscriber session mode is Shell, the subscriber can only access the Linux shell and the GUI; the subscriber cannot access the CLI. Use the no shell command to change the Subscriber session mode from Shell to CLI; for example: Subs_jack >>no shellConfiguring Subscriber Accounts for the LX Unit 130 451-0311B When the no shell command is executed, the Maximum Subscriber Sessions is automatically set to 4. • Screen Pause – When this feature is enabled, the screen will pause after displaying the number of lines specified in the “lines/screen” value for the terminal. To enable this feature for a subscriber, use the pause enable command; for example: Subs_jack >>pause enable • Inactivity Timeout – The Inactivity Timeout is the length of time (in seconds) that the subscriber has to enter keyboard data. If the subscriber does not enter keyboard data before the expiration of the Inactivity Timeout, he/she is logged out. You can use the idletime command to set the Inactivity Timeout to any value from 0 through 65535; for example: Subs_jack >>idletime 1200 A value of 0 means that the Inactivity Timer is effectively disabled. • Maximum Simultaneous Connections – You can configure 1 through 255 simultaneous connections for a subscriber. Use the maxsubscriber command to set the maximum simultaneous connections for the subscriber; for example: Subs_jack >>maxsubscriber 10 • Maximum Subscriber Sessions – Use the session command to specify the maximum number of sessions for a subscriber. The allowable values are 0 through 4, where a value of 0 disables the subscriber’s access to the LX unit; for example: Subs_jack >>session 3451-0311B 131 Configuring Subscriber Accounts for the LX Unit Setting Up the Session Switch Characters The LX unit supports up to 4 sessions per subscriber. (Refer to “Setting Up the Session and Terminal Parameters” on page 128 to configure the number of sessions for a subscriber.) You can configure Control characters as function keys for switching to the previous, or next, session. You can also configure a Control character as a function key for switching to the Local Command Mode.) To configure Session Switch characters for a subscriber, use the following commands: • backward_switch – to specify the Function Key for switching (backwards) to the previous session; for example: Subs_jack >>backward_switch ^I • forward_switch – to specify the Forward Switch (i.e., Controlcharacter sequence for switching to the next session); for example: Subs_jack >>forward_switch ^J • local_switch – to specify the Local Switch (i.e., Control-character sequence for switching to the Local Command Mode); for example: Subs_jack >>local_switch ^K The Session Switch character can be specified as an uppercase alphabetical character with, or without, a caret (^) before it. When the Session Switch character is preceded by a caret, the LX command parser interprets it as a Control-character sequence. For example, ^I is interpreted as CTRL/I; ^J as CTRL/J; and ^M as CTRL/M. Be sure that there are no conflicting uses for the character you select (particularly with control characters that are used by applications programs, or with the character you set for the FORWARD SWITCH, the LOCAL SWITCH, or any Telnet command characters). If you specify a CTRL character, when the user types the character, it will be displayed as ^ (e.g., if the user types CTRL/I, the terminal will echo the characters: ^I).Configuring Subscriber Accounts for the LX Unit 132 451-0311B Configuring the Subscriber Password The default password for an LX subscriber account is access. It is recommended that you, or the subscriber, change the password from this default before the subscriber uses it to log in to the LX unit. This prevents unauthorized users (who might know the default password) from logging on to the LX unit. Changing the Subscriber Password To change the subscriber password, execute the password command; for example: Subs_jack >>password When the password command is executed, the following prompts are displayed: Enter your NEW password : Re-enter your NEW password: Enter the new password at the Enter prompt, and re-enter it at the Re-enter prompt. The password string can be up to 16 characters in length, and it will be masked when you enter it at the above prompts. Enabling the Subscriber to Change His or Her Own Password To enable the subscriber to change his or her own password, execute the password enable command; for example: Subs_jack >>password enable The subscriber will be prompted to enter, and verify, his or her new password the next time he/she logs in to the LX unit.451-0311B 133 Configuring Subscriber Accounts for the LX Unit Adding Superuser Privileges to a Subscriber Account By default, a subscriber password has user privileges on the LX unit. A subscriber with user privileges can only access the User Command Mode, or his or her assigned Login menu, when he/she logs in to the LX unit. You can add Superuser privileges to a subscriber account. With Superuser privileges, the subscriber can use the enable command in the User Command Mode to enter the Superuser Command Mode. Use the security level superuser command to add Superuser privileges to the subscriber account; for example: Subs_jack >>security level superuser Specifying a Dedicated Service If a dedicated service is specified for a subscriber, the subscriber will begin running the dedicated service whenever he/she logs in to the LX unit. Telnet must be enabled for the subscriber in order for him to run a dedicated service. Refer to “Specifying the Subscriber Access Methods” on page 123 to enable Telnet for a subscriber. Use the dedicated service command to specify a dedicated service for the subscriber; for example: Subs_jack >>dedicated service 192.173.56.10 Specifying a Preferred Service Use the preferred service command to assign a service to which the subscriber will be connected whenever he/she makes a connect request without specifying a service; for example: Subs_jack >>preferred service 178.87.42.19 Telnet must be enabled for the subscriber in order for him to run a preferred service. Refer to “Specifying the Subscriber Access Methods” on page 123 to enable Telnet for a subscriber.Configuring Subscriber Accounts for the LX Unit 134 451-0311B Enabling Audit Logging An audit log records all of the port activity for a subscriber. This includes the commands that the subscriber enters as well as the data that is output on the port for the subscriber. To enable audit logging for a subscriber, execute the audit log enable command; for example: Subs_jack >>audit log enable To display the contents of the audit log, execute the show audit log command in the Superuser Command Mode. For more information, refer to “Displaying the Audit Log for a Subscriber” on page 138. Enabling Login Menus A Subscriber Menu is a menu that displays for a subscriber when he/she logs in to the LX unit. In order for a menu to display for a subscriber, you must enable the Login Menu feature and specify a menu for the subscriber. Use the menu enable command to enable the Login Menu feature and to specify a menu that will be displayed for a subscriber when he/she logs in to the LX unit; for example: Subs_jack >>menu financegroup enable In the above example, the subscriber jack is enabled for the Login Menu feature, and the menu financegroup is specified for him. The financegroup menu will be displayed for the subscriber jack when he/she logs on to the LX unit. Enabling Command Logging Command logging creates an audit trail of subscriber input in a subscriber session. The audit trail is sent to the accounting log and to syslogd. To enable command logging for a subscriber, execute the command log enable command; for example: Subs_jack >>command log enable451-0311B 135 Configuring Subscriber Accounts for the LX Unit To display the contents of the command log, execute the show command log command in the Superuser Command Mode. For more information, refer to “Displaying the Command Log for a Subscriber” on page 139. Displaying Subscriber Information This section describes how to display subscriber characteristics, subscriber status and TCP information, subscriber summaries, and the audit log and command log for a subscriber. Displaying Subscriber Characteristics Use the show subscriber characteristics command, in the Superuser Command Mode, to display subscriber characteristics; for example: demo:0 >>show subscriber tim characteristics In the above example, the show subscriber characteristics command is used to display the characteristics for the subscriber tim. Use the following syntax to display the characteristics for all of the subscribers on the LX unit: demo:0 >>show subscriber all characteristics Figure 13 shows an example of the Subscriber Characteristics display. Figure 13 - Subscriber Characteristics Display Subscriber Name: tim Security: Super User Prompt: Demo Preferred Service: Dedicated Service: Command Logging: Disabled User Password: Disabled Maximum Connections: 50 Maximum Sessions: 4 Session Mode: Normal Screen Pause: Enabled Debug Feature: Disabled Debug File: /tmp/D_demo Idle Timeout: 0 Session Timeout: 0 Menu Feature: Disabled Menu Name: /config/M_demo Forward Switch: ^F Local Switch: ^L Backward Switch: ^B Dialback Feature: Disabled Dialback Retry: 4 Dialback Number: Dialback Timeout: 45 Audit Feature: Disabled Port Access list: 1-8 Remote Access list: Telnet Ssh Web_ServerConfiguring Subscriber Accounts for the LX Unit 136 451-0311B Refer to the show subscriber command in the LX-Series Commands Reference Guide for detailed descriptions of the fields in the Subscriber Characteristics display. Displaying the Subscriber Status Use the show subscriber status command, in the Superuser Command Mode, to display the status information for a subscriber; for example: demo:0 >>show subscriber tim status In the above command, the show subscriber status command is used to display the status information for the subscriber tim. Use the following syntax to display the status information for all of the subscribers on the LX unit: demo:0 >>show subscriber all status Figure 14 shows an example of the Subscriber Status display. Figure 14 - Subscriber Status Display Refer to the show subscriber command in the LX-Series Commands Reference Guide for detailed descriptions of the fields in the Subscriber Status display. Time: Fri, 03 Jan 2003 17:44:21 Subs. Name: tim Number of Connections: 0 Configured TermType: Ansi Session Mode: Normal451-0311B 137 Configuring Subscriber Accounts for the LX Unit Displaying the Subscriber TCP Information Use the show subscriber tcp command, in the Superuser Command Mode, to display the subscriber TCP information; for example: demo:0 >>show subscriber tim tcp In the above command, the show subscriber tcp command is used to display the TCP information for the subscriber tim. Use the following syntax to display the TCP information for all of the subscribers on the LX unit: demo:0 >>show subscriber all tcp Figure 15 shows an example of the Subscriber TCP display. Figure 15 - Subscriber TCP Display Refer to the show subscriber command in the LX-Series Commands Reference Guide for detailed descriptions of the fields in the Subscriber TCP display. Time: Fri, 03 Jan 2003 17:46:32 Subscriber Name: mark Telnet Line Mode: Character Mode SSH Name: mark SSH Encryption: Any SSH Port: 22 SSH Log Level: INFOConfiguring Subscriber Accounts for the LX Unit 138 451-0311B Displaying the Subscriber Summary Information Use the show subscriber summary command, in the Superuser Command Mode, to display a Subscriber Summary; for example: demo:0 >>show subscriber summary Figure 16 shows an example of the Subscriber Summary display. Figure 16 - Subscriber Summary Display Refer to the show subscriber summary command in the LX-Series Commands Reference Guide for detailed descriptions of the fields in the Subscriber Summary display. Displaying the Audit Log for a Subscriber An audit log records all of the port activity for a subscriber. This includes the commands that the subscriber enters as well as the data that is output on the port for the subscriber. Use the show audit log command, in the Superuser Command Mode, to display the audit log for a subscriber; for example: demo:0 >>show audit log tim In the above command, the show audit log command is used to display the audit log for the subscriber tim. Name Connections Terminal Type In-Reach 0 Ansi demo 1 Ansi jack 0 Ansi451-0311B 139 Configuring Subscriber Accounts for the LX Unit Figure 17 shows an example of the Audit Log. Figure 17 - Audit Log Display Displaying the Command Log for a Subscriber A command log is an audit trail of subscriber input in a subscriber session. Use the show command log command, in the Superuser Command Mode, to display the command log for a subscriber; for example: demo:0 >>show command log tim In the above command, the show command log command is used to display the command log for the subscriber tim. Figure 18 shows an example of the Command Log. Figure 18 - Command Log Display Nov 18 16:08:32 tim ttyGN0 0 Subs_tim >>end Nov 18 16:08:50 tim ttyGN0 1 tim:0 >> Nov 18 16:08:50 tim ttyGN0 2 tim:1 > Nov 18 16:08:50 tim ttyGN0 3 tim:2 > Nov 18 16:08:55 tim ttyGN0 3 tim:3 >sho session Nov 18 16:08:55 tim ttyGN0 3 Number Device Program Pid Time Status Nov 18 16:08:55 tim ttyGN0 3 0 /dev/pts/0 Superuser 477 98 - Nov 18 16:08:55 tim ttyGN0 3 1 /dev/pts/3 User 481 5 - Nov 18 16:08:55 tim ttyGN0 3 2 /dev/pts/4 User 482 5 - Nov 18 16:08:55 tim ttyGN0 3 3 /dev/pts/5 User 483 5 * Nov 11 12:47:30 tim 0 end Nov 11 12:47:33 tim 0 sho command log Nov 11 12:49:21 tim 23 modem Nov 11 12:49:29 tim 23 end Nov 11 12:49:39 tim 23 show command log tim451-0311B 141 Chapter 8 Configuring Ports for Temperature/Humidity Sensors You can configure ports to act as temperature and humidity monitors when connected to an In-Reach Temperature/Humidity Sensor. The Temperature/ Humidity Sensor provides an accurate measurement of the temperature and humidity in the area in which your LX Series unit is placed. Refer to Getting Started with the LX Series to connect a Temperature/ Humidity Sensor to an LX port. Configuring Sensor Access for an LX Port You must configure an LX port’s access as sensor before you can perform any temperature/humidity monitoring on the port. Use the access command, in the Asynchronous Command Mode, to do this; for example: Async 4-4:0>>access sensor NOTE: The DIAG port (port 0) cannot be configured as a Sensor port. Displaying the Temperature and Humidity Use the show device status command, in the Superuser Command Mode, to display the current temperature and humidity readings on a Sensor port; for example: InReach:0 >>show device 4 status In the above example, the temperature and humidity readings of the Sensor attached to port 4 are displayed. Use the following syntax to display the temperature and humidity readings for all Temperature/ Humidity Sensors on the LX unit: InReach:0 >>show device all statusConfiguring Ports for Temperature/Humidity Sensors 142 451-0311B Figure 19 shows an example of the Device Status display for a Sensor port. Figure 19 - Device Status Display for a Sensor Port Displaying Sensor Summaries Use the show device summary command, in the Superuser Command Mode, to display summary information for all of the Temperature/Humidity Sensors that are currently connected to the LX unit; for example: InReach:0 >>show device summary Figure 20 shows an example of the Device Summary display. Figure 20 - Device Summary Display for Sensors NOTE: If any of the ports on the LX unit are configured as Power outlets, the Device Summary Display will display information for the attached Power Management Device (IR-5100 or IR-5150). Time: 29 Aug 2002 17:35:17 US/EASTERN Device Number: 4 Device Type: Sensor Humidity Level(%): 39.00 Temperature (Celsius): 26.00 Temperature (Fahrenheit): 78.80 Device Number Device Type Model Name 1 Sensor N/A451-0311B 143 Chapter 9 Configuring Power Control Units The In-Reach Power Control Units (IR-5100 and IR-5150) can be managed remotely from asynchronous ports on an LX unit. The management tasks that can be performed remotely include rebooting Power Control Relays and turning Power Control Relays on and off. (For information on performing these tasks, refer to the outlet command, and the outlet group command in the “Superuser Commands” chapter of the LX-Series Commands Reference Guide.) NOTE: You can access the on-board CLI of an IR-5150 unit that is connected to a console port. To do this, Telnet to its LX console port, and log on to the IR-5150 unit. Power Control units are remotely managed from LX asynchronous ports that are configured as Power Masters. This chapter describes how to configure ports as Power Masters, how to configure Power Control units via Power Masters, and how to display information on Power Control units. Configuring an LX Asynchronous Port as a Power Master Use the access power model command, in the Asynchronous Command Mode, to configure an LX asynchronous port as a Power Master; for example: Async 5-5:0>>access power model ir5100 In the above example, port 5 is configured as a Power Master for an IR-5100 unit. Use the following syntax to configure an asynchronous port as a Power Master for an IR-5150 unit: Async 5-5:0>>access power model ir5150Configuring Power Control Units 144 451-0311B When a port has been configured as a Power Master, you can connect a Power Control unit to it. The connection to the Power Master port is made using the RJ-45 crossover cable that is supplied with the Power Control unit. You must power on the Power Control unit before you can configure it from the LX unit. For more information, refer to the Getting Started guide for the Power Control unit. Default Name for a Power Control Relay The default name for a Power Control Relay is derived from its Alarm Master and the number of the relay on the Power Control unit. For example, 5:7 is the default name of the 7th Power Control Relay on the Power Control Unit that is managed from Alarm Master port 5. You can specify a descriptive name for a Power Control Relay or a Power Control Relay group. A descriptive name is a unique text name of up to 15 alphanumeric characters. For more information, refer to “Naming a Power Control Relay” on page 146 and “Naming a Group of Power Control Relays” on page 147. You must specify the default name, or the descriptive name, of a Power Control Relay, in the outlet group command in the Configuration Command Mode. However, you only need to specify the number, or descriptive name, of the Power Control Relay in the outlet name command in the Asynchronous Command Mode. This is because the LX software “knows” that the Alarm Master is the current asynchronous port. Refer to the LX-Series Commands Reference Guide for more information on the outlet group command and the outlet name command.451-0311B 145 Configuring Power Control Units Configuring Power Control Units Power Control Relays can be assigned to a group and managed and configured as a group. The Off Time for Power Control Relays can be specified using the LX CLI. This section describes how to assign Power Control Relays to a group and how to specify the Off Time for Power Control Relays. Assigning Power Control Relays to a Group When Power Control Relays are assigned to a group, they can be configured and managed as a group. This can be more efficient than configuring and managing Power Control Relays individually. Use the outlet group command to assign Power Control Relays to a group; for example: Config:0 >>outlet group 2 2:5 3:7 4:2 4:3 4:5 In the above example, the Power Control Relays 2:5 3:7 4:2 4:3 4:5 are assigned to Group 2. Specifying the Off Time The Off Time is the length of time, in seconds, that Power Control Relays must remain off before they can be turned back on. This section describes how to specify the Off Time for a Power Control unit or for a group of Power Control Relays. Specifying the Off Time for a Group of Power Control Relays Use the outlet group off time command, in the Configuration Command Mode, to specify the Off Time for a group of Power Control Relays; for example: Config:0 >>outlet group 14 off time 20 In the above example, the Off Time for Outlet Group 14 is set to 20 seconds.Configuring Power Control Units 146 451-0311B Specifying the Off Time for a Power Control Unit Use the power off time command, in the Asynchronous Command Mode, to specify the Off Time for all of the Power Control Relays that are managed from an Alarm Master port; for example: Async 5-5:0>>power off time 15 In the above example, an Off Time of 15 seconds is specified for all of the Power Control Relays that are managed from asynchronous port 5. NOTE: The power off time command can only be executed on a port that is configured as a Master Alarm port and has a Power Control unit attached to it. Naming a Power Control Relay You can assign a descriptive name of up to 15 alphanumeric characters to a Power Control Relay. Use the outlet name command, in the Asynchronous Command Mode, to specify a descriptive name for a Power Control Relay; for example: Async 5-5:0>>outlet 2 name Build5NTserver In the above example, the descriptive name Build5NTserver is assigned to Power Control Relay 2 on the Power Control unit that is managed from Alarm Master port 5. NOTE: The Alarm Master number is not specified in the outlet name command (e.g., 5:2) because the Alarm Master port is implied to be the current port in the Asynchronous Command Mode. In the above example, the implied Alarm Master is port 5. (The CLI is in the Asynchronous Command Mode for port 5.)451-0311B 147 Configuring Power Control Units Naming a Group of Power Control Relays You can assign a descriptive name of up to 15 alphanumeric characters to a group of Power Control Relays. Use the outlet group name command, in the Configuration Command Mode, to specify a descriptive name for a group of Power Control Relays; for example: Config:0 >>outlet group 14 TestEquipment In the above example, the descriptive name TestEquipment is assigned to Power Control Relay Group 14. Displaying Information on Power Control Units This section describes how to display information on Power Control units and Power Control Relays. The information that can be displayed includes statuses and summaries for Power Control units, and statuses for groups of Power Control Relays. Displaying Status Information for Power Control Units Use the show device status command, in the Superuser Command Mode, to display status information for a particular Power Control unit; for example: InReach:0 >>show device 4 status In the above example, the status for the Power Control unit on port 4 is displayed. Use the following syntax to display the status for all of the Power Control units that are managed from the LX unit: InReach:0 >>show device all status NOTE: The show device status command displays the status of all Power Control units and Temperature/Humidity sensors that are connected to the LX unit. Refer to Figure 19 on page 142 for the status display for a Temperature/Humidity Sensor port.Configuring Power Control Units 148 451-0311B Figure 21 shows an example of the Device Status display for an Alarm Master port. Figure 21 - Device Status Display for an Alarm Master Port Displaying Status Information for Groups of Power Control Relays Use the show device status command, in the Superuser Command Mode, to display status information for groups of Power Control Relays; for example: InReach:0 >>show outlet group TestEquipment status In the above example, the status for the group TestEquipment is displayed. Use the following syntax to display the status for all groups of Power Control Relays that are managed from the LX unit: InReach:0 >>show outlet group all status Time: Tue, 17 Sep 2002 20:05:47 Device Number: 4 Device Type: IR5100 Model Name: IR-5100-126 Total Outlet Strip Load: 0.0 Outlet Minimum Off Time: 15 Outlet Name State Load Assigned Groups 1 plug1 Off 0.0 1 4 13 2 plug2 Off 0.0 1 6 10 3 plug3 Off 0.0 1 7 4 plug4 Off 0.0 1 5 plug5 Off 0.0 2 4 6 plug6 Off 0.0 2 7 plug7 Off 0.0 2 8 plug8 Off 0.0 2 9 plug9 Off 0.0 3 4 10 plug10 Off 0.0 3 11 plug11 Off 0.0 3 12 plug12 Off 0.0 3 13 plug13 Off 0.0 4 5 14 plug14 Off 0.0 4 5 15 plug15 Off 0.0 4 5 16 plug16 Off 0.0 5451-0311B 149 Configuring Power Control Units Figure 22 shows an example of the Device Status display for a Power Control Relay Group. Figure 22 - Device Status Display for a Power Control Relay Group Displaying Summary Information for Power Control Units Use the show device summary command, in the Superuser Command Mode, to display summary information for all of the Power Control units that are currently connected to the LX unit; for example: InReach:0 >>show device summary Figure 23 shows an example of the Device Summary display. Figure 23 - Device Summary Display NOTE: The show device summary command displays summary information for all Power Control units and Temperature/Humidity sensors that are connected to the LX unit. Refer to Figure 20 on page 142 for the Summary Display for a Temperature/Humidity Sensor port. Time: Mon, 16 Sep 2002 17:55:19 Group Number: 2 Group Name: TestEquipment Group Off Time: 4 Port Outlet State 2 1 Not configured 2 2 Not configured Device Number Device Type Model Name 4 IR5100 IR-5100-126 5 IR5100 IR-5100-255451-0311B 151 Chapter 10 Configuring Packet Filters with the iptables Command Packet Filters are used to allow certain IP packets to pass, or not pass, through an LX unit. Packet Filters can be applied to IP packets that originate from the LAN side of the LX, or from the LX unit itself. On the LX unit (as on all Linux-based systems), Packet Filters are known as chains. The INPUT chain filters packets coming from the LAN to the LX; the OUTPUT chain filters packets from the LX destined for the LAN. NOTE: The LX unit also supports the FORWARD chain, which filters packets that are to be forwarded to another network. The FORWARD chain is used primarily in routing environments rather than in console management environments. For this reason, the FORWARD chain is not covered in this chapter. A chain consists of a series of rules that specify the criteria for accepting, denying, or dropping a packet. The criteria for accepting, denying, or dropping a packet can include the source IP Address, the destination IP Address, and other characteristics. Adding a Rule to a Chain Use the iptables command to add a rule to a chain. The iptables command is executed in Linux shell. To access the Linux shell, execute the shell command in the Superuser Command Mode; for example: InReach:0 >>shell When you are in the Linux shell, you can display the chains for the LX unit by executing the iptables command with the -L option; for example: In-Reach:/# iptables -LConfiguring Packet Filters with the iptables Command 152 451-0311B The following sections provide examples of how to create rules using various options of the iptables command. For detailed information on the iptables command, refer to Appendix D (“Details of the iptables Command”) on page 151. Example: Dropping Packets Based on the Source IP Address The following iptables command creates a rule that will drop any packets coming to the LX from source address 10.240.10.240: In-Reach:/# iptables -A INPUT -s 10.240.10.240 -j DROP The options in the above command are the following: -A Specifies that the rule is to be appended to the specified chain (in this case, the INPUT chain). Refer to “Notes on the iptables Command Options” on page 154 for alternatives to the -A option. -s Specifies that the rule applies to the specified source IP Address (in this case, 10.240.10.240). -j Specifies the action that is to be taken when a packet matching this criteria is received. In this case, the packet is to be dropped. Refer to “Notes on the iptables Command Options” on page 154 for a description of all of the allowable values (i.e., ACCEPT, DENY, or DROP) of the -j option.451-0311B 153 Configuring Packet Filters with the iptables Command Example: Accepting Packets Based on the Destination IP Address The following iptables command creates a rule that will allow the LX unit to output packets to the destination IP address 123.146.17.129: In-Reach:/# iptables -A OUTPUT -d 123.146.17.129 -j ACCEPT The options in the above command are the following: Example: Ignoring Telnet Requests from a Specific IP Address The following iptables command creates a rule that ignores Telnet requests from the IP address 143.114.56.104: In-Reach:/# iptables -A INPUT -s 143.114.56.104 -p tcp --destination-port telnet -j DROP The options in the above command are the following: -A Specifies that the rule is to be appended to the specified chain (in this case, the OUTPUT chain). Refer to “Notes on the iptables Command Options” on page 154 for alternatives to the -A option. -d Specifies that the rule applies to the specified destination IP Address (in this case, 123.146.17.129). -j Specifies the action that is to be taken when a packet matching this criteria is received. In this case, the packet is to be accepted. Refer to “Notes on the iptables Command Options” on page 154 for a description of all of the allowable values (i.e., ACCEPT, DENY, or DROP) of the -j option. -A Specifies that the rule is to be appended to the specified chain (in this case, the INPUT chain). Refer to “Notes on the iptables Command Options” on page 154 for alternatives to the -A option.Configuring Packet Filters with the iptables Command 154 451-0311B Notes on the iptables Command Options • Alternatives to the -A Option – You can use the -I option or the -R option, instead of the -A option, to specify how the rule will be added to the chain. The -I option specifies that the rule will be inserted at a specified location before the end of the chain. The -R option specifies that the rule will replace a specific rule in the chain. In the following example, the -I option specifies that the rule is to be inserted as the 11th rule in the INPUT chain: iptables -I INPUT 11 -s 10.240.10.240 -j DROP The rules that follow the new rule will be bumped up by 1. In the following example, the -R option specifies that the rule is to replace the 8th rule in the OUTPUT chain: iptables -R OUTPUT 8 -s 89.247.112.93 -j DROP -s Specifies that the rule applies to the specified destination IP Address (in this case, 143.114.56.104). -p Specifies that the rule applies to a particular protocol (in this case, TCP). Refer to “Notes on the iptables Command Options” on page 154 for a description of the allowable values of the -p option. --destination-port Specifies the TCP destination port to which the rule applies. (In this case, the destination port is the Telnet port.) -j Specifies the action that is to be taken when a packet matching this criteria is received. In this case, the packet is to be dropped. Refer to “Notes on the iptables Command Options” on page 154 for a description of all of the allowable values (i.e., ACCEPT, DENY, or DROP) of the -j option.451-0311B 155 Configuring Packet Filters with the iptables Command • Allowable Values of the -j Option – You can specify the following values for the -j option: ACCEPT – The packet is allowed to pass through the specified chain (i.e., INPUT or OUTPUT). DENY – The packet is not allowed to pass through the specified chain (i.e., INPUT or OUTPUT). A message indicating that the LX is not accepting connections is sent back to the source IP Address. DROP – The packet is not allowed to pass through the specified chain (i.e., INPUT or OUTPUT). A message is not sent back to the source IP Address. • Allowable Values of the -p Option – You can specify TCP, UDP, or ICMP as the value of the -p option. Saving Changes in Rules The configuration is kept in the file /config/iptables.conf. This file is generated by the utility iptables-save upon reading the filter tables located in the Kernel. The configuration is dynamically applied when an iptables command is entered. The command iptables-save creates the new configuration file in /config/iptables.conf. To make this configuration persistent through the reboot, it is necessary to save the configuration to the flash or the network from the Superuser command line. Do the following to save the iptables configuration: 1. Execute the shell command, in the Superuser Command Mode, to access the Linux shell; for example: InReach:0 >>shell 2. Verify the Iptables configuration with the iptables -L command; for example: In-Reach:/# iptables -LConfiguring Packet Filters with the iptables Command 156 451-0311B 3. Save the Iptables changes to the /config/iptables.conf file; for example: In-Reach:/# iptables-save -f /config/iptables.conf 4. Execute the exit command to return to the Superuser Command Mode; for example: In-Reach:/# exit 5. Execute the save configuration command, in the Superuser Command Mode, to save the iptables.conf file to flash or the network; for example: InReach:0 >>save configuration flash NOTE: You can use the network option of the save configuration command to save the configuration to a network server. For more information, refer to the save configuration command in the LX-Series Commands Reference Guide.451-0311B 157 Appendix A Overview of RADIUS Authentication RADIUS authentication occurs through a series of communications between the LX unit and the RADIUS server. Once RADIUS has authenticated a user, the LX unit provides that user with access to the appropriate network services. The RADIUS server maintains a database that contains user authentication and network service access information. The following example describes the steps in the RADIUS authentication process. In this example, the user attempts to gain access to an LX asynchronous port. 1. The LX unit prompts the user for a username and password. 2. The LX unit takes the username and password and creates an accessrequest packet identifying the LX unit making the request, the username and password, and the port being used. The LX unit then sends the access-request packet to the designated RADIUS server for authentication. NOTE: The user password is encrypted to prevent it from being intercepted and reused by an unwanted user. This is done by generating a random vector and placing it in the request header. A copy of the random vector is MD5 encoded using the configured secret. The user’s password is then encrypted by XORing it with the encoded copy of the random vector. 3. The RADIUS server validates the request and then decrypts the password. 4. The username and password are authenticated by the RADIUS server.Overview of RADIUS Authentication 158 451-0311B 5. Upon successful authentication, the RADIUS server sends an accessaccept packet containing any specific configuration information associated with that user. 6. The LX unit then grants the user the services requested. If at any point in the authentication process conditions are not met, the RADIUS server sends an authentication rejection to the LX unit and the user is denied access to the network. Figure 24 shows an example of the RADIUS authentication process. Figure 24 - RADIUS Authentication Process Radius Server Host - authenticates the user. User attempts to gain access. LX unit sends access-request packet for authentication. Access to desired services is granted. Access-accept returned to LX unit.451-0311B 159 Overview of RADIUS Authentication The LX implementation of RADIUS supports the use of RADIUS secondary servers. The RADIUS secondary server is used when the RADIUS primary server cannot be accessed. RADIUS Authentication Attributes Table 9 lists the RADIUS Authentication Attributes that are supported on the LX unit. NOTE: Some attributes appear in start records, but the majority of attributes appear in stop records (a few also appear in acct-on and acct-off records). RADIUS allows most authentication and configuration attributes to be logged. Table 9 - Supported RADIUS Authentication Attributes Attribute Name Description 01 User-Name Name of the user to authenticate. 02 User-Password The password for the user to authenticate. 03 CHAP-Password Indicates the CHAP challenge value found in the CHAP-Challenge attribute. 06 Service-Type Type of service allowed for the connection. The supported types are the following: NAS-Prompt Allows local port access for interactive sessions. The user is prohibited from accessing the Superuser Command Mode. This is true for local port access, Interface virtual port access and access using the GUI. Authenticate-Only Allows local port access for interactive sessions, user is prohibited from accessing the Superuser Command Mode. This Service Type is allowed for local port access, Interface virtual port access and access using the GUI. In each case, the user is prohibited from Superuser access. No-Service-Type Allows local port access for interactive sessions, user is prohibited from accessing the Superuser Command Mode.Overview of RADIUS Authentication 160 451-0311B Administrative-User Allows local port access for interactive sessions. The user is allowed access to Superuser and Configuration Command Modes. This is true for local port access, Interface virtual port access and access using the GUI. Framed Allows local port access for a Dial-in PPP user. Outbound-User Allows only remote port access. If the asynchronous remote-accessed port is configured for outbound RADIUS authentication, the LX requires the user's service-type to be Outbound-User; otherwise the user’s access is rejected. NOTE: All remote access ports on the LX require a Service Type of Outbound-User. 07 Framed-Protocol Used with a framed service type. Indicates the type of framed access (e.g., PPP). 08 Framed-IP-Address The address to be configured for the user. 09 Framed-IP-Netmask The IP Netmask to be configured for the user when the user is a router to the network. 13 Framed-Compression The compression protocol for the circuit. 24 State (challenge/response) Sent by the server to the client in an Access-Challenge, and must be sent unmodified from the client to the server in any Access-Request reply. 60 CHAP-Challenge451-0311B 161 Appendix B Overview of RADIUS and TACACS+ Accounting RADIUS Accounting, and TACACS+ Accounting, are client/server account logging schemes that allow you to log user account information to a remote server in a per-client file. The file or record can contain information such as the user who logged in, the duration of the session, port number, Client IP address, and the number of bytes/packets that were processed by the LX unit. The use of RADIUS Accounting, or TACACS+ Accounting, solves the problems associated with local storage of large numbers of records. It also provides a method for billing customers for account usage. NOTE: RADIUS Accounting is a developing standard that is vendor extensible by design, including a provision for vendor-specific extensions. This allows for greater expandability of accounting information in the future. The following section describes RADIUS Accounting. Refer to “TACACS+ Accounting Client Operation” on page 163 for information about TACACS+ Accounting. RADIUS Accounting Client Operation If a user is validated under RADIUS, an accounting request (a start request) is sent to the RADIUS accounting server. As a result of the start request, a start record containing the following is created for each user session: • User-name • NAS-Identifier • NAS-IP-Address • NAS-PortOverview of RADIUS and TACACS+ Accounting 162 451-0311B • NAS-Port-Type • Acct-Status-Type • Acct-Session-ID • Acct-Input-Octets • Acct-Output-Octets • Acct-Input-Packets (PPP) • Acct-Output-Packets (PPP) The majority of the accounting record information appears in the stop record. The stop record is created when the port is logged out, provided that a matching start record was previously sent. The information in the stop record includes everything in the start record, and additional information, such as session time and bytes/packets transferred. There are two special records that are logged for RADIUS Accounting. • Accounting-on – This record is logged when the LX unit is first booted. • Accounting-off – This record is logged, if possible, when the LX unit is shut down. These records only contain the NAS-IP-Address. Since these accounting requests only relate to the LX unit using the protocol and not to accounting on a specific port, they are only attempted if the RADIUS protocol is enabled. RADIUS Accounting Attributes Table 10 lists the RADIUS Accounting Attributes that are supported on the LX unit. Table 10 - Supported RADIUS Accounting Attributes Attribute Name Description 01 User-Name Name of the user to authenticate. 04 NAS-IP-Address IP address associated with the LX unit.451-0311B 163 Overview of RADIUS and TACACS+ Accounting TACACS+ Accounting Client Operation If a user is validated under TACACS+, an accounting request (a start request) is sent to the TACACS+ accounting server. As a result of the start request, a start record containing the following is created for each user session: • Start-time • Bytes • Bytes-in • Bytes-out • Paks (for PPP connections) • Paks-in (for PPP connections) • Paks-out (for PPP connections) 05 NAS-Port Port or circuit number associated with the request. 32 NAS-Identifier The ID that identifies the LX unit to the RADIUS server. 40 Acct-Status-Type Indicates whether the session has started or stopped. The valid values are: 1 - Start 2 - Stop 42 Acct-Input-Octets A count of the input octets for the session. 43 Acct-Output-Octets A count of the output octets for the session. 44 Acct-Session-ID Session Identifier for the user login. 47 Acct-Input-Packets A count of the input packets for a PPP session. 48 Acct-Output-Packets A count of the output packets for a PPP session. 61 NAS-Port-Type The type of port being used. The valid values are: 0 - AsynchronousOverview of RADIUS and TACACS+ Accounting 164 451-0311B Depending on the Accounting Period Interval, an accounting update request will be sent which will contain the same fields with the newer information. The majority of the accounting record information appears in the stop record. The stop record is created when the port is logged out, provided that a matching start record was previously sent. The information in the stop record includes everything in the start record, and the following: • Stop-time • Elapsed-time TACACS+ Accounting Attributes Table 11 lists the TACACS+ Accounting Attributes that are supported on the LX unit. Table 11 - Supported TACACS+ Accounting Attributes Attribute Name Description Service Either "ppp" for PPP connection, otherwise equals "shell" Protocol Equals "ip" in PPP connections only Task_id Each set of start, update, and stop entries should have unique IDs. Start_time Time (in seconds since epoch) that the accounting started Stop_time Time (in seconds since epoch) that the accounting stopped Elapsed_time The number of seconds the user was logged on for Bytes The total number of bytes transferred Bytes_in The number of bytes received Bytes_out The number of bytes transmitted451-0311B 165 Overview of RADIUS and TACACS+ Accounting Paks The total number of packets transferred (for PPP connections) Paks_in The number of packets received (for PPP connections) Paks_out The number of packets transmitted (for PPP connections)451-0311B 167 Appendix C Overview of TACACS+ Authentication TACACS+ authentication occurs through a series of communications between the LX unit and the TACACS+ server. Once TACACS+ has authenticated a user, the LX unit provides that user with access to the appropriate network services. The TACACS+ server maintains a database that contains user authentication and network service access information. TACACS+ uses the Transport Control Protocol (TCP) on port 49 to ensure reliable transfer. The entire body of the packet is encrypted using a series of 16 byte MD5 hashes. The protocol is split up into 3 distinct categories: Authentication, Authorization, and Accounting. Authentication is the process of determining who the user is. Usually a user is required to enter in a user name and password to be granted access. Authorization is the process of determining what the user is able to do. The profile in the TACACS+ server should have a service of exec and a priv-lvl of 15 in order to access Superuser privileges, otherwise the user will only be able to be in user mode. Accounting records what the user has done and generally occurs after authentication and authorization. The TACACS+ superuser request attribute is independent from the TACACS+ login. The TACACS+ superuser request attribute is used to indicate which database to authenticate the superuser password against after a user is logged in. When a user types the enable command, and the TACACS+ superuser request is enabled, the enable password will be authenticated against the TACACS+ server database; otherwise it is checked against the LX database "system".Overview of TACACS+ Authentication 168 451-0311B Example of TACACS+ Authentication The following example describes the steps in the TACACS+ authentication process. In this example, the user attempts to gain access to an LX asynchronous port. 1. The LX unit prompts the user for a username and password. 2. The username is sent to the TACACS+ authentication start packet. 3. The server responds with an authentication reply packet, which will either allow the user access or require a password. 4. If a password is required, the user is prompted for one and the LX sends it to the server in an authentication continue packet. 5. The server responds with a packet that contains an authentication status pass or an authentication status fail. 6. If the request is successful, the user will be allowed to log in; otherwise the user will have two more chances to receive an authentication status pass back from the server. 7. The LX unit then grants the user the services requested. TACACS+ Authentication Attributes Table 12 lists the TACACS+ Authentication Attributes that are supported on the LX unit. Table 12 - Supported TACACS+ Authentication Attributes Attribute Name Description 01 User-Name Name of the user to authenticate. 02 User-Password The password for the user to authenticate. 451-0311B 169 Overview of TACACS+ Authentication If at any point in the authentication process conditions are not met, the TACACS+ server denies access to the network. Figure 25 shows an example of the TACACS+ authentication process. Figure 25 - TACACS+ Authentication Process The LX implementation of TACACS+ supports the use of TACACS+ secondary servers. The TACACS+ secondary server is used when the TACACS+ primary server cannot be accessed. TACACS+ Server - authenticates the user. User attempts to gain access. LX unit initiates the authentication process. Access to desired services is granted. Authentication server authenticates the user.451-0311B 171 Appendix D Details of the iptables Command This appendix contains the Linux man pages for the iptables command. Refer to the man pages in this appendix for detailed information on the iptables command, which is introduced in “Configuring Packet Filters with the iptables Command” on page 151. iptables man Pages IPTABLES(8) IPTABLES(8) NAME iptables - IP packet filter administration SYNOPSIS iptables -[ADC] chain rule-specification [options] iptables -[RI] chain rulenum rule-specification [options] iptables -D chain rulenum [options] iptables -[LFZ] [chain] [options] iptables -[NX] chain iptables -P chain target [options] iptables -E old-chain-name new-chain-name DESCRIPTION Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table con tains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packetDetails of the iptables Command 172 451-0311B that matches. This is called a `target', which may be a jump to a user-defined chain in the same table. TARGETS A firewall rule specifies criteria for a packet, and a target. If the packet does not match, the next rule in the chain is the examined; if it does match, then the next rule is specified by the value of the target, which can be the name of a user-defined chain or one of the special values ACCEPT, DROP, QUEUE, or RETURN. ACCEPT means to let the packet through. DROP means to drop the packet on the floor. QUEUE means to pass the packet to userspace (if supported by the kernel). RETURN means stop traversing this chain and resume at the next rule in the previous (calling) chain. If the end of a built-in chain is reached or a rule in a built-in chain with target RETURN is matched, the target specified by the chain policy determines the fate of the packet. TABLES There are current three independent tables (which tables are present at any time depends on the kernel configura tion options and which modules are present). -t, --table This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there. The tables are as follows: filter This is the default table. It contains the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). nat This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets451-0311B 173 Details of the iptables Command as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). mangle This table is used for special ized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally- generated packets before routing). OPTIONS The options that are recognized by iptables can be divided into several different groups. COMMANDS These options specify the specific action to perform. Only one of them can be specified on the command line unless otherwise specified below. For all the long ver sions of the command and option names, you need to use only enough letters to ensure that iptables can differen tiate it from all other options. -A, --append Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination. -D, --delete Delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match. -R, --replace Replace a rule in the selected chain. If the source and/or destination names resolve to multiple addresses, the command will fail. Rules are num bered starting at 1.Details of the iptables Command 174 451-0311B -I, --insert Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified. -L, --list List all rules in the selected chain. If no chain is selected, all chains are listed. It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atomically listed and zeroed. The exact output is affected by the other arguments given. -F, --flush Flush the selected chain. This is equivalent to deleting all the rules one by one. -Z, --zero Zero the packet and byte counters in all chains. It is legal to specify the -L, --list (list) option as well, to see the counters immediately before they are cleared. (See above.) -N, --new-chain Create a new user-defined chain by the given name. There must be no target of that name already. -X, --delete-chain Delete the specified user-defined chain. There must be no references to the chain. If there are, you must delete or replace the referring rules before the chain can be deleted. If no argument is given, it will attempt to delete every non-builtin chain in the table. -P, --policy Set the policy for the chain to the given target. See the section TARGETS for the legal targets.451-0311B 175 Details of the iptables Command Only non-user-defined chains can have policies, and neither built-in nor user-defined chains can be policy targets. -E, --rename-chain Rename the user specified chain to the user sup plied name. This is cosmetic, and has no effect on the structure of the table. -h Help. Give a (currently very brief) description of the command syntax. PARAMETERS The following parameters make up a rule specification (as used in the add, delete, insert, replace and append com mands). -p, --protocol [!] protocol The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, repre senting one of these protocols or a different one. A protocol name from /etc/protocols is also allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omit ted. -s, --source [!] address[/mask] Source specification. Address can be either a hostname, a network name, or a plain IP address. The mask can be either a network mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0. A "!" argument before the address specification inverts the sense of the address. The flag --src is a convenient alias for this option.Details of the iptables Command 176 451-0311B -d, --destination [!] address[/mask] Destination specification. See the description of the -s (source) flag for a detailed description of the syntax. The flag --dst is an alias for this option. -j, --jump target This specifies the target of the rule; i.e., what to do if the packet matches it. The target can be a user-defined chain (other than the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this option is omitted in a rule, then matching the rule will have no effect on the packet's fate, but the coun ters on the rule will be incremented. -i, --in-interface [!] [name] Optional name of an interface via which a packet is received (for packets entering the INPUT, FORWARD and PREROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, the string "+" is assumed, which will match with any interface name. -o, --out-interface [!] [name] Optional name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argu ment is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, the string "+" is assumed, which will match with any interface name. [!] -f, --fragment451-0311B 177 Details of the iptables Command This means that the rule only refers to second and further fragments of fragmented packets. Since there is no way to tell the source or destination ports of such a packet (or ICMP type), such a packet will not match any rules which specify them. When the "!" argument precedes the "-f" flag, the rule will only match head fragments, or unfrag mented packets. -c, --set-counters PKTS BYTES This enables the administrater to initialize the packet and byte counters of a rule (during INSERT, APPEND, REPLACE operations) OTHER OPTIONS The following additional options can be specified: -v, --verbose Verbose output. This option makes the list command show the interface address, the rule options (if any), and the TOS masks. The packet and byte coun ters are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipli ers respectively (but see the -x flag to change this). For appending, insertion, deletion and replacement, this causes detailed information on the rule or rules to be printed. -n, --numeric Numeric output. IP addresses and port numbers will be printed in numeric format. By default, the pro gram will try to display them as host names, net work names, or services (whenever applicable). -x, --exact Expand numbers. Display the exact value of the packet and byte counters, instead of only the rounded number in K's (multiples of 1000) M's (mul tiples of 1000K) or G's (multiples of 1000M). This option is only relevant for the -L command.Details of the iptables Command 178 451-0311B --line-numbers When listing rules, add line numbers to the begin ning of each rule, corresponding to that rule's position in the chain. --modprobe= When adding or inserting rules into a chain, use command to load any necessary modules (targets, match extensions, etc). MATCH EXTENSIONS iptables can use extended packet matching modules. These are loaded in two ways: implicitly, when -p or --protocol is specified, or with the -m or --match options, followed by the matching module name; after these, various extra command line options become available, depending on the specific module. You can specify multiple extended match modules in one line, and you can use the -h or --help options after the module has been specified to receive help specific to that module. The following are included in the base package, and most of these can be preceded by a ! to invert the sense of the match. tcp These extensions are loaded if `--protocol tcp' is speci fied. It provides the following options: --source-port [!] [port[:port]] Source port or port range specification. This can either be a service name or a port number. An inclusive range can also be specified, using the format port:port. If the first port is omitted, "0" is assumed; if the last is omitted, "65535" is assumed. If the second port greater then the first they will be swapped. The flag --sport is an alias for this option.451-0311B 179 Details of the iptables Command --destination-port [!] [port[:port]] Destination port or port range specification. The flag --dport is an alias for this option. --tcp-flags [!] mask comp Match when the TCP flags are as specified. The first argument is the flags which we should exam ine, written as a comma-separated list, and the second argument is a comma-separated list of flags which must be set. Flags are: SYN ACK FIN RST URG PSH ALL NONE. Hence the command iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN will only match packets with the SYN flag set, and the ACK, FIN and RST flags unset. [!] --syn Only match TCP packets with the SYN bit set and the ACK and FIN bits cleared. Such packets are used to request TCP connection initiation; for example, blocking such packets coming in an interface will prevent incoming TCP connections, but outgoing TCP connections will be unaffected. It is equivalent to --tcp-flags SYN,RST,ACK SYN. If the "!" flag precedes the "--syn", the sense of the option is inverted. --tcp-option [!] number Match if TCP option set. udp These extensions are loaded if `--protocol udp' is speci fied. It provides the following options: --source-port [!] [port[:port]] Source port or port range specification. See the description of the --source-port option of the TCP extension for details.Details of the iptables Command 180 451-0311B --destination-port [!] [port[:port]] Destination port or port range specification. See the description of the --destination-port option of the TCP extension for details. icmp This extension is loaded if `--protocol icmp' is speci fied. It provides the following option: --icmp-type [!] typename This allows specification of the ICMP type, which can be a numeric ICMP type, or one of the ICMP type names shown by the command iptables -p icmp -h mac --mac-source [!] address Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for packets entering the PREROUTING, FORWARD or INPUT chains for packets coming from an ethernet device. limit This module matches at a limited rate using a token bucket filter: it can be used in combination with the LOG target to give limited logging. A rule using this extension will match until this limit is reached (unless the `!' flag is used). --limit rate Maximum average matching rate: specified as a num ber, with an optional `/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour. --limit-burst number The maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5.451-0311B 181 Details of the iptables Command multiport This module matches a set of source or destination ports. Up to 15 ports can be specified. It can only be used in conjunction with -p tcp or -p udp. --source-port [port[,port]] Match if the source port is one of the given ports. --destination-port [port[,port]] Match if the destination port is one of the given ports. --port [port[,port]] Match if the both the source and destination ports are equal to each other and to one of the given ports. mark This module matches the netfilter mark field associated with a packet (which can be set using the MARK target below). --mark value[/mask] Matches packets with the given unsigned mark value (if a mask is specified, this is logically ANDed with the mark before the comparison). owner This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even this some packets (such as ICMP ping responses) may have no owner, and hence never match. --uid-owner userid Matches if the packet was created by a process with the given effective user id. --gid-owner groupid Matches if the packet was created by a process withDetails of the iptables Command 182 451-0311B the given effective group id. --pid-owner processid Matches if the packet was created by a process with the given process id. --sid-owner sessionid Matches if the packet was created by a process in the given session group. state This module, when combined with connection tracking, allows access to the connection tracking state for this packet. --state state Where state is a comma separated list of the con nection states to match. Possible states are INVALID meaning that the packet is associated with no known connection, ESTABLISHED meaning that the packet is associated with a connection which has seen packets in both directions, NEW meaning that the packet has started a new connection, or other wise associated with a connection which has not seen packets in both directions, and RELATED mean ing that the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error. unclean This module takes no options, but attempts to match pack ets which seem malformed or unusual. This is regarded as experimental. tos This module matches the 8 bits of Type of Service field in the IP header (ie. including the precedence bits). --tos tos The argument is either a standard name, (use451-0311B 183 Details of the iptables Command iptables -m tos -h to see the list), or a numeric value to match. TARGET EXTENSIONS iptables can use extended target modules: the following are included in the standard distribution. LOG Turn on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log (where it can be read with dmesg or syslogd(8)). --log-level level Level of logging (numeric or see syslog.conf(5)). --log-prefix prefix Prefix log messages with the specified prefix; up to 29 letters long, and useful for distinguishing messages in the logs. --log-tcp-sequence Log TCP sequence numbers. This is a security risk if the log is readable by users. --log-tcp-options Log options from the TCP packet header. --log-ip-options Log options from the IP packet header. MARK This is used to set the netfilter mark value associated with the packet. It is only valid in the mangle table. --set-mark markDetails of the iptables Command 184 451-0311B REJECT This is used to send back an error packet in response to the matched packet: otherwise it is equivalent to DROP. This target is only valid in the INPUT, FORWARD and OUTPUT chains, and user-defined chains which are only called from those chains. Several options control the nature of the error packet returned: --reject-with type The type given can be icmp-net-unreachable, icmp- host-unreachable, icmp-port-unreachable, icmp- proto-unreachable, icmp-net-prohibitedor icmp-host- prohibited, which return the appropriate ICMP error message (port-unreachable is the default). The option echo-reply is also allowed; it can only be used for rules which specify an ICMP ping packet, and generates a ping reply. Finally, the option tcp-reset can be used on rules which only match the TCP protocol: this causes a TCP RST packet to be sent back. This is mainly useful for blocking ident probes which frequently occur when sending mail to broken mail hosts (which won't accept your mail otherwise). TOS This is used to set the 8-bit Type of Service field in the IP header. It is only valid in the mangle table. --set-tos tos You can use a numeric TOS values, or use iptables -j TOS -h to see the list of valid TOS names. MIRROR This is an experimental demonstration target which inverts the source and destination fields in the IP header and retransmits the packet. It is only valid in the INPUT, FORWARD and PREROUTING chains, and user-defined chains which are only called from those chains. Note that the outgoing packets are NOT seen by any packet filtering451-0311B 185 Details of the iptables Command chains, connection tracking or NAT, to avoid loops and other problems. SNAT This target is only valid in the nat table, in the POSTROUTING chain. It specifies that the source address of the packet should be modified (and all future packets in this connection will also be mangled), and rules should cease being examined. It takes one option: --to-source [-][:port-port] which can specify a single new source IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also specifies -p tcp or -p udp). If no port range is specified, then source ports below 512 will be mapped to other ports below 512: those between 512 and 1023 inclusive will be mapped to ports below 1024, and other ports will be mapped to 1024 or above. Where possible, no port alteration will occur. DNAT This target is only valid in the nat table, in the PRE ROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It specifies that the destination address of the packet should be modified (and all future packets in this connection will also be man gled), and rules should cease being examined. It takes one option: --to-destination [-][:port-port] which can specify a single new destination IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also specifies -p tcp or -p udp). If no port range is specified, then the destination port will never be modified.Details of the iptables Command 186 451-0311B MASQUERADE This target is only valid in the nat table, in the POSTROUTING chain. It should only be used with dynami cally assigned IP (dialup) connections: if you have a static IP address, you should use the SNAT target. Mas querading is equivalent to specifying a mapping to the IP address of the interface the packet is going out, but also has the effect that connections are forgotten when the interface goes down. This is the correct behavior when the next dialup is unlikely to have the same interface address (and hence any established connections are lost anyway). It takes one option: --to-ports [-] This specifies a range of source ports to use, overriding the default SNAT source port-selection heuristics (see above). This is only valid with if the rule also specifies -p tcp or -p udp). REDIRECT This target is only valid in the nat table, in the PRE ROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It alters the destina tion IP address to send the packet to the machine itself (locally-generated packets are mapped to the 127.0.0.1 address). It takes one option: --to-ports [-] This specifies a destination port or range or ports to use: without this, the destination port is never altered. This is only valid with if the rule also specifies -p tcp or -p udp). EXTRA EXTENSIONS The following extensions are not included by default in the standard distribution. ttl This module matches the time to live field in the IP header.451-0311B 187 Details of the iptables Command --ttl ttl Matches the given TTL value. TTL This target is used to modify the time to live field in the IP header. It is only valid in the mangle table. --ttl-set ttl Set the TTL to the given value. --ttl-dec ttl Decrement the TTL by the given value. --ttl-inc ttl Increment the TTL by the given value. ULOG This target provides userspace logging of matching pack ets. When this target is set for a rule, the Linux kernel will multicast this packet through a netlink socket. One or more userspace processes may then subscribe to various multicast groups and receive the packets. --ulog-nlgroup This specifies the netlink group (1-32) to which the packet is sent. Default value is 1. --ulog-prefix Prefix log messages with the specified prefix; up to 32 characters long, and useful fro distinguish ing messages in the logs. --ulog-cprange Number of bytes to be copied to userspace. A value of 0 always copies the entire packet, regardless of its size. Default is 0 --ulog-qthreshold Number of packet to queue inside kernel. Setting this value to, e.g. 10 accumulates ten packetsDetails of the iptables Command 188 451-0311B inside the kernel and transmits them as one netlink multpart message to userspace. Default is 1 (for backwards compatibility) DIAGNOSTICS Various error messages are printed to standard error. The exit code is 0 for correct functioning. Errors which appear to be caused by invalid or abused command line parameters cause an exit code of 2, and other errors cause an exit code of 1. BUGS Check is not implemented (yet). COMPATIBILITY WITH IPCHAINS This iptables is very similar to ipchains by Rusty Rus sell. The main difference is that the chains INPUT and OUTPUT are only traversed for packets coming into the local host and originating from the local host respec tively. Hence every packet only passes through one of the three chains; previously a forwarded packet would pass through all three. The other main difference is that -i refers to the input interface; -o refers to the output interface, and both are available for packets entering the FORWARD chain. iptables is a pure packet filter when using the default `filter' table, with optional extension modules. This its size. Default is 0 --ulog-qthreshold Number of packet to queue inside kernel. Setting this value to, e.g. 10 accumulates ten packets inside the kernel and transmits them as one netlink multpart message to userspace. Default is 1 (for backwards compatibility)451-0311B 189 Details of the iptables Command DIAGNOSTICS Various error messages are printed to standard error. The exit code is 0 for correct functioning. Errors which appear to be caused by invalid or abused command line parameters cause an exit code of 2, and other errors cause an exit code of 1. BUGS Check is not implemented (yet). COMPATIBILITY WITH IPCHAINS This iptables is very similar to ipchains by Rusty Rus sell. The main difference is that the chains INPUT and OUTPUT are only traversed for packets coming into the local host and originating from the local host respec tively. Hence every packet only passes through one of the three chains; previously a forwarded packet would pass through all three. The other main difference is that -i refers to the input interface; -o refers to the output interface, and both are available for packets entering the FORWARD chain. iptables is a pure packet filter when using the default `filter' table, with optional extension modules. This should simplify much of the previous confusion over the combination of IP masquerading and packet filtering seen previously. So the following options are handled differ ently: -j MASQ -M -S -M -L There are several other changes in iptables. SEE ALSO The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which details NAT, and the netfilter-hacking- HOWTO which details the internals.Details of the iptables Command 190 451-0311B AUTHORS Rusty Russell wrote iptables, in early consultation with Michael Neuling. Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet selection framework in iptables, then wrote the mangle table, the owner match, the mark stuff, and ran around doing cool stuff everywhere. James Morris wrote the TOS target, and tos match. Jozsef Kadlecsik wrote the REJECT target. Harald Welte wrote the ULOG target, TTL match+target and libipulog. The Netfilter Core Team is: Marc Boucher, James Morris, Harald Welte and Rusty Russell. Appendix 3 IPTABLES-SAVE(8) IPTABLES-SAVE(8) NAME iptables-save - Save IP Tables SYNOPSIS iptables-save [-c] [-t table] DESCRIPTION iptables-save is used to dump the contents of an IP Table in easily parseable format to STDOUT. Use I/O-redirection provided by your shell to write to a file. -c, --counters include the current values of all packet and byte counters in the output451-0311B 191 Details of the iptables Command -t, --table tablename restrict output to only one table. If not specified, output includes all available tables. BUGS None known as of iptables-1.2.1 release AUTHOR Harald Welte SEE ALSO iptables-restore(8), iptables(8) The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which details NAT, and the netfilter-hacking- HOWTO which details the internals. Appendix 4 IPTABLES-RESTORE(8) IPTABLES-RESTORE(8) NAME iptables-restore - Restore IP Tables SYNOPSIS iptables-restore [-c] [-n] DESCRIPTION iptables-restore is used to restore IP Tables from data specified on STDIN. Use I/O redirection provided by your shell to read from a file -c, --counters restore the values of all packet and byte counters -n, --noflush don't flush the previous contents of the table. If not specified, iptables-restore flushes (deletes) all previous contents of the respective IP Table.Details of the iptables Command 192 451-0311B BUGS None known as of iptables-1.2.1 release AUTHOR Harald Welte SEE ALSO iptables-restore(8), iptables(8) The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which details NAT, and the netfilter-hacking- HOWTO which details the internals.451-0311B 193 INDEX Symbols . See IP interfaces A Asynchronous command mode, accessing 19 autocompletion 15 B backup 61 Broadcast Group command mode, accessing 23 Broadcast Groups 97 characteristics, displaying 101 summaries, displaying 103 Broadcast Groups. See Also Data Broadcast feature C cables crossover 49 straight-through 49 CLI defaulting from 76 navigating 16 Command Line Interface. See CLI. command syntax 14 configuration saving to flash 62 saving to the network 62 stored in 61 Configuration command mode, accessing 18 configuration file saving 61 creating a default configuration file 29, 65 D Data Broadcast feature 97 broadcast groups 97 broadcast groups, setting up 97 discard parameter 100 master ports 97 master ports. See master ports slave ports 97 slave ports. See slave ports timestamp parameter 99 default configuration file creating 29, 65 loading 30, 65 saving to the network 30 defaulting from CLI 76 defaults booting from 76 defaults, resetting to 47 disabling features and settings 24 E Editing the Files in Windows 63 Editing the Files on a Unix Host 62 Ethernet command mode, accessing 21 external units scripting on 66 F function keys, using in the CLI 14 H Help. See Online help. I Interface command mode, accessing 22 IP configuration acquiring 77 IP Configuration menu changing the gateway address 75 changing the network mask 75 changing the TFTP server IP address 75 changing the unit IP address 74 choosing an IP assignment method 74 IP configuration menu saving the configuration 76 using 73 IP interfaces 105 characteristics, displaying 116194 451-0311B Local authentication, configuring 110 port mapping, displaying 117 RADIUS authentication, configuring 110 Rotaries. See Rotaries setting up 106 SSH Keepalive parameters 107 SSH socket numbers 108 status, displaying 118 summaries, displaying 118 Telnet socket numbers 108 IR-5100 units. See Power control units. IR-5150 units. See Power control units. L loading a default configuration file 30, 65 loading the configuration 64 M Main Menu boot from flash 70 boot from network 70 configuring the IP configuration menu 71 saving the software image to flash 70 setting the timeout 71 updating the ppciboot firmware 71 Main menu booting the system 73 resetting to system defaults 72 saving the configuration 73 setting the duplex mode of the Ethernet link 72 setting the speed of the Ethernet link 72 Master ports 97 configuring 98 removing 100 timestamp option 99 Menu command mode, accessing 22 Menu Editing command mode, accessing 22 Modem command mode, accessing 20 modular adapters 51 N no command 24 Notification command mode, accessing 23 Notification Feature facility 79 priority 80 O Online help, displaying 15 P passwords, changing 31 Power Control Relays 144 grouping 145 naming 144, 146, 147 off time, specifying 145 status information, displaying 148 Power control units 143 off time, specifying 146 Power Master ports, configuring 143 status information, displaying 147 summary information, displaying 149 ppciboot factory default settings 68 ppciboot Main Menu upgrading software with 69 PPP command mode, accessing 20 R RADIUS accounting attributes 162 overview 161 setting up 33 RADIUS Accounting Client Operation 161 RADIUS authentication attributes 159 overview 157 setting up 33 recreating zip files 64 Related documents 25 remote console management security, setting up 54 subscriber creation 58 via direct serial connections 51 via modem ports 53 Rotaries 113 configuring 113 disabling 115 information, displaying 118 rotary ports, removing 115 type, specifying 114 S saving configuration to the network 62 scripting 66 SecurID authentication451-0311B 195 setting up 43 Sensors. See Temperature/Humidity sensors Service Profile types ASYNC 82, 85 LOCALSYSLOG 82, 83 REMOTESYSLOG 82, 86 SMTP 82, 87 SNMP 82 SNPP 81, 84 TAP 82, 84 WEB 82, 86 Service Profiles 81 characteristics, displaying 89 configuring 83 creating 82 Service Profiles. See Service Profiles. Slave ports 97 configuring 98 discard option 100 localecho option 100 removing 100 SNMP command mode, accessing 21 software upgrading 66 Subscriber accounts 121 audit log, displaying 138 characteristics, displaying 135 command log, displaying 139 creating 121 deleting 122 status, displaying 136 summary information, displaying 138 TCP information, displaying 137 Subscriber accounts. See also User Profiles Subscriber command mode, accessing 21 Superuser command mode, accessing 18 T TACACS+ accounting attributes 164 overview 161 setting up 38 TACACS+ accounting attributes 163 TACACS+ authentication attributes 168 overview 167 setting up 38 TCP/IP parameters obtaining from the network 27 setting in Quick Start 27 setting in the LX CLI 29 Temperature/Humidity sensor connecting the 141 Temperature/Humidity sensors 141 configuring 141 humidity, displaying 141 summary information, displaying 142 temperature, displaying 141 typographical conventions 14 U UNIX host editing files on 62 upgrading software upgrading software and ppciboot with the command line interface 67 User command mode, accessing 17 User Profiles 81, 88, 123 access methods 123 audit logging 134 characteristics, displaying 90 command logging 134 contact parameter 88 creating 88 dedicated service 133 facility parameter 89 menus 134 password 132 preferred service 133 priority parameter 89 session and terminal parameters 128 superuser privileges 133 User Profiles. See User Profiles. W Windows editing files in 63 451-0312G 1 LX Quick Start Instructions 451-0312G These instructions are intended to help you get your LX unit up and running quickly. They include basic hardware installation, POST test information, how to obtain IP information, and how to perform a first time quick software installation. If you prefer a more detailed explanation of these procedures, refer to the Getting Started with the LX Series manual. Rack-Mounting the Unit • Do not choose a location where the unit will be exposed to direct sunlight or subjected to vibration. • Unit must be installed in an environment with 20% to 80% humidity, noncondensing, 0° - 40° C (32°-113° F). • Do not place an object on the side(s) of the unit that might block airflow through the unit. • The unit may be front, rear, or center mounted. • There is no mounting difference between the 19” and 23” rack mount ears. • MRV provides the following mounting screws: Eight 6-32 x 5/16” flathead screws for attaching the ears to the unit, and four 10-32 screws to attach to the rack. Figure 1 - Mounting an LX Series in Rack The three bottom side screws hold the cover on the unit. To front-mount the unit, you must attaching the rack-mount brackets. Then insert the supplied screws through the brackets and into the same holes. remove the front and center top and bottom screws before If you reverse-mount the unit, remove the rear and center top and bottom screws, and insert the supplied screws through the rack-mount ears.LX Quick Start Instructions 2 451-0312G Connecting Power A grounded AC power outlet should be located within six feet of the back of the unit. Connect the power cord to rear of the unit (see Figure 2), then to an AC power outlet, and observe the front panel FLT and OK LEDs. You can use a UL-approved, 3-prong extension cord if necessary, provided it has sufficient current and voltage capacity. A line cord is supplied. Figure 2 - Connecting Power and Cabling Cabling the LX Unit Cable the LX unit as follows (see Figure 2): • Connect the 10/100 network cable to the 10/100 port on the rear of the unit. The LINK LED comes on steady if the cable is properly connected. • Connect the provided serial port cable to the DIAG port (port 0), and the other end to your terminal. In LX-4048 units, the DIAG port is on the front (see Figure 3). • Connect your serial network element devices (terminals, routers, etc.) to the async ports on the rear of the LX and power them on. Figure 3 - DIAG Port (Port 0) and Modem Port, LX-4048 Unit Front View 100-240VAC 1.0A 50/60Hz DIAG 1 0/1 0 0 E THNT 100 RCV 100 Mbps LED LINK RCV LINK TELCO LINE 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 10/100 Interface Modem Port DIAG Port (Port 0) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 DIAG Port (Port 0) Modem Port451-0312G 3 LX Quick Start Instructions Post Test The Power On Self Test (POST) runs immediately upon startup. The port status LEDs flicker and the FLT LED remains on while the test is running (this may take only a few seconds). If the unit passes the POST test, the FLT LED extinguishes, and the OK LED turns green. If there is a failure, the FLT LED stays on, and the port status LEDs begin flashing an error code. Refer to Getting Started with the LX Series for an explanation of the codes. Booting From Defaults The first time you boot an LX unit, it takes longer than usual. The system computes the server and client SSH keys. This process takes about two minutes. The keys are saved into the flash, which expedites the boot loading process for all future reboots. Obtaining IP Information The LX is an intelligent unit; by default the LX attempts to obtain IP information via the DHCP, BOOTP, or RARP loading methods. A DHCP, BOOTP, or RARP server must also be configured on the network to support the LX unit, as needed. You must first cable the unit according to the instructions in this document or in Getting Started with the LX Series. First Time Quick Configuration NOTE: Quick configuration runs only at default parameters on the DIAG port (port 0) on all models when booting from default parameters. NOTE: Display problems may occur during bootup when you attach a VT420 terminal to the DIAG port (port 0) and the VT420 display setup is configured to Smooth-2 Scroll. To avoid this, change the VT420 scroll setting to Jump Scroll. Use the following procedure to configure your LX unit for the first time. 1. Plug in the terminal at the DIAG port (port 0 - port values are 9600 bps, eight data bits, one stop bit, no parity, and Xon/Xoff flow control). The Main Menu appears. 2. Press b to boot the LX unit. The setup takes a minute or two. The The unit has loaded to factory defaults, would you like to run Initial Connectivity Setup? y/n message appears. 3. Press y (yes) and press Enter. The Superuser Password prompt appears.LX Quick Start Instructions 4 451-0312G 4. Enter the password system. The Quick Configuration menu appears: 5. Press the number corresponding to the parameter you want to set. 6. Enter the appropriate information and press Enter to return to the Quick Configuration menu. Once you enter a parameter value, a data entry line specific to that parameter appears on the Quick Configuration menu. 7. Continue in this way through the menu, configuring as many parameters as you want. You are not required to configure all parameters. NOTE: You should change the Superuser Password, since this is the first time you are configuring the LX unit (the default password is system). 8. Press 7 (Exit and Save) to save your changes. The Is this information correct? message appears. 9. Press y (yes) and press Enter. The Save this information to flash? message appears. 10. Press y (yes) and press Enter. The information is saved to flash. 11. Press Enter several times to display the Login: prompt. You can now use the LX unit. NOTE: Login username and password are case-sensitive. You can access the LX via the Graphical User Interface (GUI) by typing the unit’s IP address in your browser. Refer to Getting Started with the LX Series for more information on how to access and configure the GUI. Quick Configuration menu 1 Unit IP address 2 Subnet mask 3 Default Gateway 4 Domain Name Server 5 Domain Name Suffix 6 Superuser Password 7 Exit and Save Enter your choice: CONFIGURATION SUMMARY 1 Unit IP address 10.80.1.5 2 Subnet mask 255.0.0.0 3 Default Gateway 4 Domain Name Server 5 Domain Name Suffix 6 Superuser Password Not Changed 7 Exit and Save Is this information correct? (y/n) : 451-0312G 5 LX Quick Start Instructions Configuring Server Parameters The ports on the unit are set to factory defaults. For example, all async ports are set to 9600/8/1/None, with access remote, xon flow control, and terminal type ANSI. You can change them from the defaults if you want by connecting to the DIAG port (port 0). This port is set for local access. Changing the Defaults via the CLI To change the defaults via the CLI: 1. Enter the default login username (InReach). 2. Enter the default login password (access). 3. At the In-Reach:0> prompt, enter enable. The Password: prompt appears. 4. Enter system or your new Admin password that was set in the Quick Configuration menu. The Superuser In-Reach:>> prompt appears. 5. Enter config and press Enter. The Configuration prompt Config:0>> appears. 6. Enter port async 1. The Async 1-1:0>> prompt appears, so you can change port 1 parameters. 7. Press ? or . The Port Async Commands list appears. Here you can modify any of the default port parameters you want. 8. When you are finished making changes, enter end until you get to the In-Reach:>> prompt. 9. To save your configuration, enter the command save configuration flash. Changing the Defaults via the Graphical User Interface At the Configuration Console window, select Ports: Async. The Async window appears. Here you can modify any of the port default parameters you want. Refer to Getting Started with the LX Series for more information on the Graphic User Interface (GUI). Getting Started with MRV Communications LX Series MIBs Corporate Headquarters MRV Communications, Inc. Corporate Center 20415 Nordhoff Street Chatsworth, CA 91311 Tel: 818-773-0900 Fax: 818-773-0906 www.mrv.com (Internet) Sales and Customer Support MRV Americas 295 Foster Street Littleton, MA 01460 Tel: 800-338-5316 (U.S.) Tel: +011 978-952-4888 (Outside U.S.) sales@mrv.com (email) www.mrv.com (Internet) MRV International Industrial Zone P.O. Box 614 Yokneam, Israel 20682 Tel: 972-4-993-6200 sales@mrv.com (email) www.mrv.com (Internet) 451-0314CContents Introduction ................................................................................................................................... 1 Network Management System ..................................................................................................... 1 Example of an OID Structure:.......................................................................................... 3 Example of SNMPGet for SysObjectID on LX:................................................................ 6 MRV Communications - MIB Modules ........................................................................................ 6 Security .......................................................................................................................................... 6 Managing SNMP Clients and Communities in the LX CLI ....................................................... 7 Defining a Trap Client............................................................................................................ 7 Defining Get and Set SNMP Clients ..................................................................................... 7 Defining SNMP Communities................................................................................................ 8 Miscellaneous SNMP Settings ............................................................................................... 8 SNMP Contact ................................................................................................................... 8 Displaying the SNMP Characteristics................................................................................... 8 Displaying the SNMP Client.................................................................................................. 9 Displaying the SNMP V3 Settings......................................................................................... 10 Compiling MIBs............................................................................................................................. 10 LX MIBs ......................................................................................................................................... 11 LX Subscriber MIB ................................................................................................................. 11 LX Broadcast Group MIBs ..................................................................................................... 31 LX Series-Supported RFCs ........................................................................................................... 40 Standard MIBs........................................................................................................................ 41Getting Started with MRV Communications LX MIBs 0314 1 Introduction This guide provides end-users of MRV Communications’ LX units with basic information regarding the Network Management System (NMS), and procedures on how to use the Management Information Base (MIB) structure (as pointers to objects in the devices) to manage these units. This guide also provides the location of MRV Communications’ Proprietary and Standard MIBs, how they can be obtained, as well as instructions on downloading and compiling them to wherever their application specifies. Network Management System The following details the Network Management System and how the Management Information Base (MIB) is used with network management protocols in TCP/IP-based Internets. Network Management Systems execute management applications that monitor and control network elements. Network Elements (NE) are devices such as hosts, routers, terminal servers, etc., that are monitored and controlled through access to their management information. The Network Management System can potentially monitor several nodes, each with a processing entity termed an agent. An agent is a network management software module that resides in a managed device. It has local knowledge of management information and can translate that information into a form compatible with SNMP. Agents are entities that interface to the actual device being managed. These managed objects might be hardware, configuration parameters, performance statistics, and so on, directly relating to the current operation of the device in question. The agent has access to at least one management station and a management protocol used to convey management information between the agents and management stations. Operations of the protocol are carried out under an administrative framework that defines both primitive authentication and authorization policies in SNMPv1, SNMPv2C, and SNMPv3. Figure 1 - Typical Network Management System All SNMP managed devices contain a Management Information Base (MIB) database that stores management information for that device pertinent to network management. A MIB is a collection of information organized hierarchically. MANAGEMENT SYSTEM MANAGED ELEMENT MANAGER AGENT Human Network Manager Network Protocol Managers Management Database Management DatabaseGetting Started with MRV Communications LX MIBs 0314 2 The database is organized as a tree; branches of the tree name objects and the leaves of the tree contain the values manipulated to effect management. The values are comprised of managed objects and are identified by object identifiers. Objects in the MIB are defined using Abstract Syntax Notation One (ASN.1). The concepts of this tree are called out in STD 16/RFC 1155, “The Structure of Management Information” or SMI. The SMI defines the trunk of the tree and the types of objects used when defining the leaves. STD 16/RFC 1212, “Towards Concise MIB Definitions”, defines a more concise description mechanism that preserves all the principles of the SMI. A managed object, (sometimes called a MIB object, an object, or a MIB) is one of any number of characteristics of a managed device. Managed objects are comprised of one or more object instances, which are essentially variables. Each managed device has a unique address. Furthermore, each managed object per managed device also has a unique address. These unique addresses are known as Object Identifiers (OID). Each enterprise (company) subscribing to the SNMP System is provided with a unique OID, and the enterprise in turn, will allocate unique OIDs to each of its managed objects. OIDs are contained within SNMPs Management Information Base (MIB), which is a virtual blueprint of OIDs serving as the common dictionary for SNMP communications. Names are used to identify managed objects that use the Object Identifier concept to model this notation. An Object Identifier is a sequence of integers that traverse a global tree. The tree consists of a root connected to a number of labeled nodes via edges. Each node may, in turn, have children of its own which are labeled. In this case, we may term the node a subtree. This process may continue to an arbitrary level of depth. Central to the notion of the Object Identifier is the understanding that administrative control of the meanings assigned to the nodes may be delegated as one traverses the tree. A label is a pairing of a brief textual description and an integer.Getting Started with MRV Communications LX MIBs 0314 3 Example of an OID Structure: Internet OBJECT IDENTIFIER ::= {iso (1) org (3) dod (6) internet (1) 1} Internet=Name 1.3.6.1 (iso.org.dod.internet) =Object Identifier (OID) If read from the hierarchal tree structure, it would appear as follows: Root (unlabeled) CCITT (0) ISO (1) ISO-CCITT (2) org (3) dod (6) internet (1) Figure 2 - Hierarchical Tree Structure Core MIB definitions for the Internet suite of protocols can be found in RFC 1155, Management Information Base for Network Management of TCP/IP-based Internets. STD 17/RFC 1213 defines MIB-II, an evolution of MIB-I with changes to incorporate implementation experience and new operational requirements. STD 15/RFC 1157 defines the SNMP protocol itself. The protocol defines how to manipulate the objects in a remote MIB. NOTES: 1. The Simple Network Management Protocol (SNMP) is an Internet standard defined by the Internet Engineering Task Force (IETF) Request for Comment (RFC) 1157, which specifies how network management information is carried through a network. 2. MRV Communications’ devices support SNMP by implementing an SNMP Agent. The agent stores SNMP Management Information Base data and makes it available when requested via SNMP Get/Set requests. 3. In addition, these devices generate SNMP Trap messages, which are indications that specific events have occurred. The definition of an object in the MIB requires an object name and type. Object names and types are defined using the subset of Abstract Syntax Notation One (ASN.1), as defined in the SMI. Objects are named using object identifiers, administratively assigned names to specify object types. The object name, together with an optional object instance, uniquely identifies a specific instance of an object. A textual convention string, termed the OBJECT DESCRIPTOR, may be used to identify the object.Getting Started with MRV Communications LX MIBs 0314 4 Textual conventions enhance the readability of the specification and can ease comparison with other specifications if appropriate. It should be noted that the introduction of textual conventions has no effect on either the syntax or the semantics of any managed objects. These conventions are merely an artifact of the explanatory method used. Objects defined in terms of one of these methods are always encoded by the rules that define the primitive type. Hence, no changes to the SMI or the SNMP are necessary to accommodate these textual conventions, which are adopted for the convenience of readers and writers in pursuit of the elusive goal of clear, concise and unambiguous MIB documents. For example, an ASCII “DisplayString” is a textual convention defined in RFC 1213, and is built on ASN.1 data type “OctetString”, but with added refinement specific to ASCII display strings. Objects have a syntax that defines the abstract data structure corresponding to the object type. The ASN.1 language provides the primitives used for this purpose. The SMI purposely restricts the ASN.1 constructs, which may be used for simplicity and ease of implementation. The encoding of an object type, simply describes how to represent an object using ASN.1 encoding rules for purposes of dealing with the SNMP protocol. Management information is a collection of managed objects, residing in a virtual information store called the Management Information Base. Collections of related objects are defined in MIB modules and are written using a subset of ASN.1. The subset is defined by the SMI and is divided into three parts: 1. Module definitions are used when describing information modules. An ASN.1 macro MODULE-IDENTITY is used to convey the semantics of an information module. 2. Object definitions are used when describing managed objects. An ASN.1 macro OBJECT-TYPE is used to convey the syntax and semantics of a managed object. 3. Notification definitions are used when describing unsolicited transmissions of management information. An ASN.1 macro TRAP-TYPE is used to convey the syntax and semantics of a trap. MIBs are organized into MIB modules. A MIB module is a file defining all the MIB objects under a subtree. The foundation module is the standards-based MIB-II module defined by RFC 1213. (In addition to the Internet-standard MIB-II objects defined in RFC 1213, hardware vendors, such as MRV Communications, Hewlett-Packard, and Cisco Systems have developed MIB extensions for their own products. A MIB defined by a specific vendor is referred to as an enterprise-specific MIB). See the “MIB Classifications” section for a list of MRV enterprise-specific MIBs.Getting Started with MRV Communications LX MIBs 0314 5 As mentioned earlier, MIB objects are organized in a hierarchical tree structure. The root node itself is unlabeled, but has at least three children directly under it. One node is administered by the International Organization for Standards, with label ISO (1); another is administered by International Telegraph and Telephone Consultative Committee, with label CCITT (0); and the third is jointly administered by ISO and CCITT, Joint – ISO – CCITT (2) (see Figure 2). Each branch in the tree has a unique name and numeric identifier. Intermediate branches of the tree serve as a way to group related MIB objects together. iso (1) org (3) dod (6) internet (1) directory (1) mgmt (2) ! private (4) mib-2 (1) enterprises (1) !!! !!! system (1) interfaces (2) snmp (11) cisco (9) hp (11) mrvInReach (33) ProductDivision sysDescr (1) ! ! ! ! sysObjectID (2) Figure 3. MIB Organization The “leaves” of the tree represent the actual MIB object. A subtree refers to the entire group of branches and leaves under a particular intermediate branch. Figure 1-3 illustrates the tree and subtree structures. A MIB object is uniquely identified by its place in the tree. A full object identifier consists of the identifier of each branch along the path through the tree hierarchy, from the top of the tree “iso”, down to the leaf “sysObjectID” as illustrated in Figure 3. The object identifier is expressed in “dotted notation”, by separating each branch identifier along the path with a period.Getting Started with MRV Communications LX MIBs 0314 6 The “mib-2” subtree is iso.org.dod.internet.mgmt.mib-2 and its numeric identifier is 1.3.6.1.2.1. As another example, the full MIB object identifier for “sysObjectID” is iso.org.dod.internet.mgmt.mib-2.system.sysObjectID and its numeric identifier is 1.3.6.1.2.1.1.2. The instance identifier on a MIB object with only one instance is zero. The instance identifier on a MIB object with more than one instance is one or greater. MIB object notations follow the standard notation defined in ASN.1. The ASN.1 standard notation definition can be considered the ‘template’ for MIBs. To avoid conflicts of object IDs, each branch of the tree must be registered, that is, defined through a designated organization. For example, the Internet Activities Board (IAB), has authority over the internet subtree, which includes the MIB-II Internet standard registered under the “mib-2” subtree. In turn, the IAB gives vendors authority over enterprise-specific subtrees. Enterprise-specific MIB objects are registered under the designated authority for that enterprise. To clarify this point, MRV Communications would register its enterprise-specific MIBs under 1.3.6.1.4.1.33, having authority over the enterprises.mrv subtree. The sysObjectID is an important MIB object to management platforms, such as, HP OpenView. The sysObjectID is registered in the Internet-standard MIB-II module as iso.org.dod.internet.mgmt.mib-2.system.sysObjectID (1.3.6.1.2.1.1.2). The sysObjectID is used for administrative purposes to uniquely identify the type of agent software that is running on a given vendor’s hardware. This object is different from most other MIB objects. When queried, this object sends back an object identifier that describes the product. Example of SNMPGet for SysObjectID on LX: NOTE: The exact syntax of the SNMP Get request depends on the management platform. C:\SNMP>snmpget 140.179.xxx.xxx 1.3.6.1.2.1.1.2.0 SNMP++ GET to 140.179.xxx.xxx SNMPV1 Retries=1 Timeout=100m Community=Public Oid = 1.3.6.1.2.1.1.2.0 Value = 1.3.6.1.4.1.33.8.1.31 MRV Communications - MIB Modules LX units support the lx-subscriber-mib proprietary mib, which is listed in Appendix A. Security By default, MRV Communications’ network devices accept SNMP GET and SET requests from the Network Operations Center (NOC). SNMP access can be restricted to the device by specifying the SNMP Clients and Communities. A Community refers to one or more NOCs that specify the same Community string in their SNMP messages. A Client is a specific NOC, which is identified through an IP or Ethernet Address. This can be accomplished by the Command Line Interface (CLI) or via any SNMP package using the SET command.Getting Started with MRV Communications LX MIBs 0314 7 Managing SNMP Clients and Communities in the LX CLI This section describes how to define SNMP Clients and Communities, set miscellaneous SNMP values, and display SNMP-related information. The tasks in this section are performed in the LX Command Line Interface (CLI). Refer to the LX-Series Commands Reference Guide (451-0310) for more information on the commands that are used in this section. Defining a Trap Client Execute this command at the SNMP command mode. An LX will not generate an SNMP Trap message until a Trap Client is defined. A Trap Client is a specific NOC to which the Element Manager sends Trap messages. One of more Trap Clients can be defined through this command: Snmp:0 >>trap client number ip-address A number value is a number from 0 to 15. The ip-address identifies the NOC that should receive the Trap messages. For example: Snmp:0 >>trap client 1 140.179.12.3 SNMP SET Example If a new trap client is to be defined, add it to the trap client table as follows: 1. Walk the SNMP Trap Client Table looking for a client number with an address of zero. An example is SNMP NEXT ObjectID: 1.3.6.1.4.1.33.10.3.9.1.4. 2. Add the new address using SNMP SET. The exact command syntax will vary depending on the SNMP application in use. An example is SNMP SET objectID: 1.3.6.1.4.1.33.10.3.9.1.4.3 Type: OctetString value: 140.179.1.1. Defining Get and Set SNMP Clients Execute this command at the SNMP command mode. A GET Client is a specific NOC that is allowed to manage the In-Reach Element Manager through GET and GET_Next requests. A SET Client is a NOC that may issue SET Requests to the Element Manager. You can use the following commands to define up to four of each of these client types: Snmp:0 >>get client [number] ip-address Snmp:0 >>set client [number] ip-address A number value is a number from 0 to 15. Define a previously defined Get or Set client to 0.0.0.0 in order to remove it. Example Snmp:0 >>set client 1 123.223.123.1 SNMP SET Example Set client: SET 1.3.6.1.4.1.33.50.1.2.1.6 Integer 6 Get client: GET 1.3.6.1.4.1.33.50.1.2.1.6 Integer 6Getting Started with MRV Communications LX MIBs 0314 8 Defining SNMP Communities Execute the get/set/trap client command at the SNMP command mode. GET and SET Communities provide an additional level of security. If you do not define any GET Clients, the LX unit will accept GET and GET_Next requests from any NOC whose GET Requests include a Community name that matches the LX unit’s GET Community. If you do not define a GET Community, the LX unit will accept GET and GET_Next Requests from any NOC. Similarly, if you do not define any SET Clients, the LX unit will accept SET Requests from any NOC whose requests include a Community name that matches the LX unit’s SET Community. If you do not define a SET Community, the LX unit will accept SET Requests from any NOC. If a Trap Community is defined, the LX unit will include the Trap Community name in the Trap messages that it generates. Use the following commands to define GET, SET, and Trap Community names: Snmp:0 >>get client [number] community word A community can include up to 32 characters. Snmp:0 >>set client [number] community word Snmp:0 >>trap client [number] community word Examples Snmp:0 >>get client 1 community none Snmp:0 >>set client 2 community in-reach Miscellaneous SNMP Settings This section explains how to define SNMP Contact, Name, and Location strings. SNMP Contact Execute this command at the SNMP command mode. An SNMP Contact, or sysContact, identifies a person to contact when the LX unit needs attention. Use this command to define a contact: Snmp:0 >>contact “contact-string” The “contact-string” can include up to 60 characters, e.g., “John Smith, 800-555-1212” Example Snmp:0 >>contact bobby_jones Displaying the SNMP Characteristics Use the following command to display the system-wide SNMP characteristics for the LX unit: In-Reach:0 >>show snmp characteristicsGetting Started with MRV Communications LX MIBs 0314 9 Example In-Reach:0 >>show snmp characteristics Time: Wed, 10 Apr 2002 10:45:08 UTC Name: In-Reach Logging: Disabled Port: 161 Contact: Henry Smith Location: Upstairs Lab V3 Engine Boots: 1 V3 Engine ID: 6537303330653865313136323936336100000000 SNMP CHARACTERISTICS Display Displaying the SNMP Client Use the following command to display the Community status (public or private) and the Get, Set, and Trap versions of an SNMP client: In-Reach:0 >>show snmp client number A number value is any valid client number from 0 to 16. Example In-Reach:0 >>show snmp client 1 Client: 2 Get Client: 0.0.0.0 Get Community: public Get Version: 1 Set Client: 0.0.0.0 Set Community public Set Version: 1 Trap Client: 0.0.0.0 Trap Community private Trap Version: 1 IP SNMP Client DisplayGetting Started with MRV Communications LX MIBs 0314 10 Displaying the SNMP V3 Settings Use the following command to display the V3 settings for a Version-3 SNMP client: In-Reach:0 >>show snmp v3 number A number value is any valid SNMP V3 client number from 0 to 16. Example In-Reach:0 >>show snmp v3 1 Client: 4 Engine Boots: 8 Engine ID: e70303eeace2923a000000000000000000000000 V3 View OID Subtree: 0 V3 View OID Subtree Mask: 8000000000000000000000000000000000000000 V3 View Name: V3 View Type: Allow V3 Access Group Name: V3 Access Context Prefix: V3 Access Security Model: 3 V3 Access Security Level: 1 V3 Access Read View: view V3 Access Write View: view V3 Access Notify View: view V3 Access Cont. Match: none V3 Security Name: V3 Source IP: 0.0.0.0 V3 Secur. Community: public V3 Source Mask: 0.0.0.0 V3 Group Secur. Model: V3 Group Secur. Name: V3 Group Name: Compiling MIBs It may be a good practice to open the MIB prior to compiling it. Use the mib compiler associated with your NMS to compile the MIBs. For HP Openview, as the user clicks on the MIB file to add it to the database, the compiler checks it for errors. When individual MIBs are being added to the database, the order in which the MIBs are added is important, since one MIB often references objects in other MIBs. Some compilation errors can be fixed by commenting out a line or an entire objected with double-hyphens, or “—“ at the beginning of each unwanted line. Remove any (comment indications) “—“ later in that line. The user can do this if not interested in managing that particular object.Getting Started with MRV Communications LX MIBs 0314 11 Appendix A LX MIBs This MIB implements the objects related to the LX subscriber (or user) configuration and status. LX Subscriber MIB -- $Revision: 1.9 $ IN-REACH-Subscriber-mib DEFINITIONS ::= BEGIN -- -- -- Subscriber MIB Text File -- -- Date: Thurs. Feb 4, 2003 user: DA -- File created using EMACS -- By: DA -- -- FILE: lx-subscriber-mib.mib -- -- import modules IMPORTS Counter, Gauge, TimeTicks, IpAddress FROM RFC1155-SMI DisplayString FROM RFC1213-MIB OBJECT-TYPE FROM RFC-1212; -- mrvInReachProductDivision -- FROM MRV-IN-REACH-PRODUCT-DIVISION-MIB; -- -- DisplayString, sysLocation -- FROM RFC1213-MIB -- TRAP-TYPE -- FROM RFC-1215 -- iTouch, DateTime, AddressType -- FROM ITOUCH-MIB -- charPortIndex -- FROM RFC1316-MIB -- rs232InSigState, rs232OutSigState, rs232PortIndex -- FROM RFC1317-MIB; -- -- definition of object typesGetting Started with MRV Communications LX MIBs 0314 12 -- -- OBJECT-TYPE MACRO ::= -- BEGIN -- TYPE NOTATION ::= "SYNTAX" type (TYPE ObjectSyntax) -- "ACCESS" Access -- "STATUS" Status -- VALUE NOTATION ::= value (VALUE ObjectName) -- -- Access ::= "read-only" -- | "read-write" -- | "write-only" -- | "not-accessible" -- Status ::= "mandatory" -- | "optional" -- | "obsolete" -- END -- -- names of objects in the MIB -- -- ObjectName ::= OBJECT IDENTIFIER -- -- syntax of objects in the MIB -- -- ObjectSyntax ::= -- CHOICE { -- simple -- SimpleSyntax, -- -- note that simple SEQUENCEs are not directly -- mentioned here to keep things simple (i.e., -- prevent mis-use). However, application-wide -- types which are IMPLICITly encoded simple -- SEQUENCEs may appear in the following CHOICE -- -- application-wide -- ApplicationSyntax -- } -- -- SimpleSyntax ::= -- CHOICE { -- number INTEGER, -- string STRING, -- object OBJECT IDENTIFIER, -- empty NULL -- } -- -- ApplicationSyntax ::=Getting Started with MRV Communications LX MIBs 0314 13 -- CHOICE { -- address NetworkAddress, -- counter Counter, -- gauge Gauge, -- ticks TimeTicks, -- arbitrary Opaque -- -- other application-wide types, as they are -- defined, will be added here -- -- } -- -- -- application-wide types -- -- Counter ::= -- [APPLICATION 1] -- IMPLICIT INTEGER (0..4294967295) -- -- Gauge ::= -- [APPLICATION 2] -- IMPLICIT INTEGER (0..4294967295) -- -- TimeTicks ::= -- [APPLICATION 3] -- IMPLICIT INTEGER (0..4294967295) -- -- Opaque ::= -- [APPLICATION 4] -- IMPLICIT OCTET STRING -- -- Define OIDs -- ccitt OBJECT IDENTIFIER ::= { 0 } -- null OBJECT IDENTIFIER ::= { ccitt 0 } -- iso OBJECT IDENTIFIER ::= { 1 } -- org OBJECT IDENTIFIER ::= { iso 3 } -- dod OBJECT IDENTIFIER ::= { org 6 } -- internet OBJECT IDENTIFIER ::= { dod 1 } -- directory OBJECT IDENTIFIER ::= { internet 1 } -- mgmt OBJECT IDENTIFIER ::= { internet 2 } -- experimental OBJECT IDENTIFIER ::= { internet 3 } -- private OBJECT IDENTIFIER ::= { internet 4 } -- enterprises OBJECT IDENTIFIER ::= { private 1 }Getting Started with MRV Communications LX MIBs 0314 14 mrvInReachProductDivision OBJECT IDENTIFIER ::= {enterprises 33} lxagent OBJECT IDENTIFIER ::= {mrvInReachProductDivision 50} -- -- In-Reach OBJECT IDENTIFIER ::= { enterprises 33 } -- agent OBJECT IDENTIFIER ::= { In-Reach 8 } -- -- A In-Reach agent identifer has the following fields: -- -- In-Reach.agent.software.variant.version -- -- Where: -- -- In-Reach.agent is an ordinary OID prefix. -- Note that In-Reach's original form for -- such OID's used the value 1 for agent -- and had no variant or version. Later -- forms included variant and version in -- an inconsistent manner. -- -- software a value of the In-Reach SoftwareType -- textual convention. -- -- variant a variant within a software type, -- typically hardware dependent. If the -- software has no variants, it uses the -- value 1. -- -- version a version number within the variant, -- increased by one each time that -- variant's agent changes in a way that -- is significant to its MIB -- capabilities description -- -- Terminal Servers terminalServer OBJECT IDENTIFIER ::= { lxagent 1 } -- This is a MIB module for all IN-REACH LX systems. -- -- This MIB document is supplied "AS IS," and IN-REACH -- makes no warranty, either express orGetting Started with MRV Communications LX MIBs 0314 15 -- implied, as to the use operation, condition, or -- performance of the MIB. -- -- Textual Conventions sizeOfSubscriberTable OBJECT-TYPE SYNTAX INTEGER (1..65534) ACCESS not-accessible STATUS mandatory DESCRIPTION "The size of the subscriberTable." ::= { terminalServer 1 } subscriberTable OBJECT-TYPE SYNTAX SEQUENCE OF SubsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list (table) of subscriber entries." ::= { terminalServer 2 } subsEntry OBJECT-TYPE SYNTAX SubsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A subscriber entry containing objects for a particular subscriber." INDEX { index } ::= { subscriberTable 1 } SubsEntry ::= SEQUENCE { index INTEGER, name DisplayString, usePassword INTEGER, password DisplayString, securityLevel INTEGER, maxConnections INTEGER, currentConnections Gauge,Getting Started with MRV Communications LX MIBs 0314 16 activeUserIndex INTEGER, portSecurityList DisplayString, telnetAccess INTEGER, sshAccess INTEGER, guiAccess INTEGER, consoleAccess INTEGER, dialback INTEGER, dialbackNumber DisplayString, dialbackRetry INTEGER, useMenu INTEGER, menuName DisplayString, prompt DisplayString, termType DisplayString, -- sessionMode -- INTEGER, idleTimeout INTEGER, sessionTimeout INTEGER, localSwitch DisplayString, forwardSwitch DisplayString, backwardSwitch DisplayString, pause INTEGER, debugging INTEGER, logging INTEGER, preferredService DisplayString, dedicatedServiceGetting Started with MRV Communications LX MIBs 0314 17 DisplayString, telnetLineMode INTEGER, telnetEscapeChar OCTET STRING, telnetSendcrlf INTEGER, telnetReceivecrlf INTEGER, sshCipher INTEGER, remoteSshName DisplayString, sshPort INTEGER, sshLogLevel INTEGER } index OBJECT-TYPE SYNTAX INTEGER (1..65534) ACCESS read-only STATUS mandatory DESCRIPTION "A unique index value for each subscriber." ::= { subsEntry 1 } name OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "The Name of the subscriber entry." ::= { subsEntry 2 } usePassword OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The subscriber entry requires (enabled) or does not require (disabled) a login password." ::= { subsEntry 3 } password OBJECT-TYPEGetting Started with MRV Communications LX MIBs 0314 18 SYNTAX DisplayString (SIZE (0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "The login password string of the subscriber entry." ::= { subsEntry 4 } securityLevel OBJECT-TYPE SYNTAX INTEGER { user(1), super(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The security level of the subscriber determines what privilaged modes they can use." ::= { subsEntry 5 } maxConnections OBJECT-TYPE SYNTAX INTEGER (1..255) ACCESS read-write STATUS mandatory DESCRIPTION "The maximum number of the subscriber connections allowed for this subscriber entry." ::= { subsEntry 6 } currentConnections OBJECT-TYPE SYNTAX Gauge ACCESS read-only STATUS mandatory DESCRIPTION "The number of current connections for the subscriber entry." ::= { subsEntry 7 } activeUserIndex OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-only STATUS mandatory DESCRIPTION "The active index number of the subscriber entry (0 = none)." ::= { subsEntry 8 }Getting Started with MRV Communications LX MIBs 0314 19 portSecurityList OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-write STATUS mandatory DESCRIPTION "The list of port numbers the subscriber entry is allowed access to." ::= { subsEntry 9 } telnetAccess OBJECT-TYPE SYNTAX INTEGER { deny(1), allow(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The access of the subscriber entry via telnet is allowed or denied." ::= { subsEntry 10 } sshAccess OBJECT-TYPE SYNTAX INTEGER { deny(1), allow(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The access of the subscriber entry via SSH is allowed or denied." ::= { subsEntry 11 } guiAccess OBJECT-TYPE SYNTAX INTEGER { deny(1), allow(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The access of the subscriber entry via the GUI is allowed or denied." ::= { subsEntry 12 } consoleAccess OBJECT-TYPE SYNTAX INTEGER { deny(1), allow(2) } ACCESS read-write STATUS mandatoryGetting Started with MRV Communications LX MIBs 0314 20 DESCRIPTION "The access of the subscriber entry to a Console port is allowed or denied." ::= { subsEntry 13 } dialback OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The subscriber entry has the dialback feature enabled or disabled." ::= { subsEntry 14 } dialbackNumber OBJECT-TYPE SYNTAX DisplayString (SIZE (0..15)) ACCESS read-write STATUS mandatory DESCRIPTION "The phone number the subscriber entry will dial back if the dialback feature is enabled." ::= { subsEntry 15 } dialbackRetry OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "The number of times dialback will be tried for the subscriber entry." ::= { subsEntry 16 } useMenu OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The menu feature of the subscriber entry is enabled or disabled." ::= { subsEntry 17 }Getting Started with MRV Communications LX MIBs 0314 21 menuName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..31)) ACCESS read-write STATUS mandatory DESCRIPTION "The menu name for the subscriber entry." ::= { subsEntry 18 } prompt OBJECT-TYPE SYNTAX DisplayString (SIZE (0..15)) ACCESS read-write STATUS mandatory DESCRIPTION "The prompt text of the subscriber entry." ::= { subsEntry 19 } termType OBJECT-TYPE SYNTAX INTEGER {ansi(1), vt100(2)} ACCESS read-write STATUS mandatory DESCRIPTION "The terminal type of the subscriber entry." ::= { subsEntry 20 } -- sessionMode OBJECT-TYPE -- SYNTAX INTEGER {standard(1), vt5xx(2)} -- ACCESS read-write -- STATUS mandatory -- DESCRIPTION -- "The session mode of the subscriber entry." -- -- ::= { subsEntry 21 } idleTimeout OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "The number of minutes the subscriber entry can be idle before it is logged out (0 = no timeout)." ::= { subsEntry 21 }Getting Started with MRV Communications LX MIBs 0314 22 sessionTimeout OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "The number of minutes the subscriber entry session can be up before it is logged out." ::= { subsEntry 22 } localSwitch OBJECT-TYPE SYNTAX DisplayString (SIZE (0..2)) ACCESS read-write STATUS mandatory DESCRIPTION "The subscriber entry switch to return to the first session." ::= { subsEntry 23 } forwardSwitch OBJECT-TYPE SYNTAX DisplayString (SIZE (0..2)) ACCESS read-write STATUS mandatory DESCRIPTION "The subscriber entry switch to move to next session." ::= { subsEntry 24 } backwardSwitch OBJECT-TYPE SYNTAX DisplayString (SIZE (0..2)) ACCESS read-write STATUS mandatory DESCRIPTION "The subscriber entry switch to move to previous session." ::= { subsEntry 25 } pause OBJECT-TYPE SYNTAX INTEGER {disable(1),enable(2)} ACCESS read-write STATUS mandatory DESCRIPTION "The screen pause setting of the subscriber entry."Getting Started with MRV Communications LX MIBs 0314 23 ::= { subsEntry 26 } debugging OBJECT-TYPE SYNTAX INTEGER { disabled(1),enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The subscriber entry debug feature setting." ::= { subsEntry 27 } logging OBJECT-TYPE SYNTAX INTEGER { disabled(1),enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The logging feature setting of the subscriber entry." ::= { subsEntry 28 } preferredService OBJECT-TYPE SYNTAX DisplayString (SIZE (0..15)) ACCESS read-write STATUS mandatory DESCRIPTION "The prefered service of the subscriber entry." ::= { subsEntry 29 } dedicatedService OBJECT-TYPE SYNTAX DisplayString (SIZE (0..15)) ACCESS read-write STATUS mandatory DESCRIPTION "The dedicated service of the subscriber entry." ::= { subsEntry 30 } telnetLineMode OBJECT-TYPE SYNTAX INTEGER {line(1),char(2)} ACCESS read-write STATUS mandatory DESCRIPTION "The telnet line mode setting of the subscriber entry." ::= { subsEntry 31 }Getting Started with MRV Communications LX MIBs 0314 24 telnetEscapeChar OBJECT-TYPE SYNTAX OCTET STRING ACCESS read-write STATUS mandatory DESCRIPTION "The telnet escape character of the subscriber entry." ::= { subsEntry 32 } telnetSendcrlf OBJECT-TYPE SYNTAX INTEGER {cr(1),crlf(2)} ACCESS read-write STATUS mandatory DESCRIPTION "The telnet send newline setting of the subscriber entry." ::= { subsEntry 33 } telnetReceivecrlf OBJECT-TYPE SYNTAX INTEGER {cr(1),crlf(2)} ACCESS read-write STATUS mandatory DESCRIPTION "The telnet receive newline setting of the subscriber entry." ::= { subsEntry 34 } sshCipher OBJECT-TYPE SYNTAX INTEGER {any(1),blowfish(2),tripledes(3)} ACCESS read-write STATUS mandatory DESCRIPTION "The SSH cipher type of the subscriber entry." ::= { subsEntry 35 } remoteSshName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..63)) ACCESS read-write STATUS mandatory DESCRIPTION "The name sent to the remote SSH peer of the subscriber entry."Getting Started with MRV Communications LX MIBs 0314 25 ::= { subsEntry 36 } sshPort OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "The TCP port number used for SSH connections by the subscriber entry." ::= { subsEntry 37 } sshLogLevel OBJECT-TYPE SYNTAX INTEGER {quiet(1),info(2),fatal(3),error(4),verbose(5),debug(6)} ACCESS read-write STATUS mandatory DESCRIPTION "The SSH logging level of the subscriber entry." ::= { subsEntry 38 } ---- Dynamic Subscriber Table -- sizeOfDynSubscriberTable OBJECT-TYPE SYNTAX INTEGER (0..65534) ACCESS not-accessible STATUS mandatory DESCRIPTION "The size of the dynSubscriberTable." ::= { terminalServer 3 } dynSubscriberTable OBJECT-TYPE SYNTAX SEQUENCE OF DynSubsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of subscriber entries." ::= { terminalServer 4 } dynSubsEntry OBJECT-TYPE SYNTAX DynSubsEntry ACCESS not-accessible STATUS mandatory DESCRIPTIONGetting Started with MRV Communications LX MIBs 0314 26 "A dynamic subscriber entry containing objects for a particular dynamic subscriber." INDEX { dynindex } ::= { dynSubscriberTable 1 } DynSubsEntry ::= SEQUENCE { dynindex INTEGER, subName DisplayString, devName DisplayString, devType INTEGER, dynidleTimeout INTEGER, dynsessionTimeout INTEGER, ipAddr IpAddress, port INTEGER, protocol INTEGER, dynprompt DisplayString, dyntermType DisplayString, usePpp INTEGER, dyndialback INTEGER, remoteLogin INTEGER, sesActive Gauge, dynpause INTEGER, security INTEGER, totalTransmittedBytes Counter, totalReceivedBytes Counter, startTime TimeTicks,Getting Started with MRV Communications LX MIBs 0314 27 kill INTEGER } dynindex OBJECT-TYPE SYNTAX INTEGER (1..65534) ACCESS read-only STATUS mandatory DESCRIPTION "A unique index value for each dynamic subscriber." ::= { dynSubsEntry 1 } subName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "The name of the dynamic subscriber entry." ::= { dynSubsEntry 2 } devName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "The device name of the dynamic subscriber entry." ::= { dynSubsEntry 3 } devType OBJECT-TYPE SYNTAX INTEGER {physical(1),virtual(2)} ACCESS read-only STATUS mandatory DESCRIPTION "The device name of the dynamic subscriber entry." ::= { dynSubsEntry 4 } dynidleTimeout OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-only STATUS mandatory DESCRIPTION "The number of minutes the dynamic subscriber entry can be idle before it is logged out (0 = no timeout)."Getting Started with MRV Communications LX MIBs 0314 28 ::= { dynSubsEntry 5 } dynsessionTimeout OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-only STATUS mandatory DESCRIPTION "The number of minutes the dynamic subscriber entry session can be up before it is logged out." ::= { dynSubsEntry 6 } ipAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the dynamic subscriber entry." ::= { dynSubsEntry 7 } port OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-only STATUS mandatory DESCRIPTION "The prompt text of the dynamic subscriber entry." ::= { dynSubsEntry 8 } protocol OBJECT-TYPE SYNTAX INTEGER {console(1),serial(2),gui(3),udp(4),telnet(5),ssh(6)} ACCESS read-only STATUS mandatory DESCRIPTION "The prompt text of the dynamic subscriber entry." ::= { dynSubsEntry 9 } dynprompt OBJECT-TYPE SYNTAX DisplayString (SIZE (0..15)) ACCESS read-only STATUS mandatory DESCRIPTION "The prompt text of the dynamic subscriber entry."Getting Started with MRV Communications LX MIBs 0314 29 ::= { dynSubsEntry 10 } dyntermType OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "The terminal type of the dynamic subscriber entry." ::= { dynSubsEntry 11 } usePpp OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The dynamic subscriber entry uses PPP (enabled) or does not use PPP (disabled)." ::= { dynSubsEntry 12 } dyndialback OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The dynamic subscriber entry has the dialback feature enabled or disabled." ::= { dynSubsEntry 13 } remoteLogin OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The dynamic subscriber entry is a remote login." ::= { dynSubsEntry 14 } sesActive OBJECT-TYPE SYNTAX Gauge ACCESS read-only STATUS mandatory DESCRIPTION "The dynamic subscriber entry has active sessions."Getting Started with MRV Communications LX MIBs 0314 30 ::= { dynSubsEntry 15 } dynpause OBJECT-TYPE SYNTAX INTEGER {disable(1),enable(2)} ACCESS read-only STATUS mandatory DESCRIPTION "The screen pause setting of the dynamic subscriber entry." ::= { dynSubsEntry 16 } security OBJECT-TYPE SYNTAX INTEGER {user(1),super(2)} ACCESS read-only STATUS mandatory DESCRIPTION "The security setting of the dynamic subscriber entry." ::= { dynSubsEntry 17 } totalTransmittedBytes OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The total transmitted bytes of the dynamic subscriber entry." ::= { dynSubsEntry 18 } totalReceivedBytes OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The total received bytes of the dynamic subscriber entry." ::= { dynSubsEntry 19 } startTime OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTIONGetting Started with MRV Communications LX MIBs 0314 31 "The start time of the dynamic subscriber entry." ::= { dynSubsEntry 20 } kill OBJECT-TYPE SYNTAX INTEGER {kill(1)} ACCESS read-write STATUS mandatory DESCRIPTION "The dynamic subscriber entry is active or killed." ::= { dynSubsEntry 21 } END -- end of IN-REACH-Subscriber LX Broadcast Group MIBs -- $Revision: 1.3 $ MRV-LX-BROADCASTGROUP-MIB DEFINITIONS ::= BEGIN -- -- Broadcast Group MIB Text File -- -- Date: Wed. Feb.12, 2003 user: DA -- File created using EMACS -- By: DA -- -- FILE: LX-BR-GROUP-MIB.txt -- -- -- IMPORTS Counter, Gauge, TimeTicks, IpAddress FROM RFC1155-SMI DisplayString, sysLocation FROM RFC1213-MIB OBJECT-TYPE FROM RFC-1212; -- TRAP-TYPE -- FROM RFC-1215 -- charPortIndex -- FROM RFC1316-MIB -- rs232InSigState, rs232OutSigState, rs232PortIndex -- FROM RFC1317-MIB;Getting Started with MRV Communications LX MIBs 0314 32 -- Define OIDs -- ccitt OBJECT IDENTIFIER ::= { 0 } -- null OBJECT IDENTIFIER ::= { ccitt 0 } iso OBJECT IDENTIFIER ::= { 1 } org OBJECT IDENTIFIER ::= { iso 3 } dod OBJECT IDENTIFIER ::= { org 6 } internet OBJECT IDENTIFIER ::= { dod 1 } directory OBJECT IDENTIFIER ::= { internet 1 } mgmt OBJECT IDENTIFIER ::= { internet 2 } experimental OBJECT IDENTIFIER ::= { internet 3 } private OBJECT IDENTIFIER ::= { internet 4 } enterprises OBJECT IDENTIFIER ::= { private 1 } mrvInReachProductDivision OBJECT IDENTIFIER ::= {enterprises 33} lxagent OBJECT IDENTIFIER ::= {mrvInReachProductDivision 50} terminalServer OBJECT IDENTIFIER ::= { lxagent 1 } -- MRV In-Reach LX Broadcast Groups -- This is a MIB module for all MRV In-Reach LX systems that -- implement broadcast groups. -- -- NOTE: The broadcast groups are actually under the interface -- level, but are currently locked on interface 1. This may -- change at sometime in the future and require corresponding -- changes to this MIB as well. -- -- Copyright 2003 MRV Communications, Inc. All Rights Reserved. -- Reproduction of this document is authorized on -- condition that this copyright notice is included. -- This MIB document embodies MRV Communications, Inc.'s -- proprietary intellectual property. MRV Communications, Inc. -- retains all title and ownership in this MIB, including any -- revisions. -- -- It is MRV Communications, Inc.'s intent to encourage the -- widespread use of this MIB in connection with the management -- of MRV Communications, Inc. products. MRV Communications, -- Inc. grants vendors, end-users, and other interested parties -- a non-exclusive license to use this MIB in connection with -- the management of MRV Communications, Inc. products.Getting Started with MRV Communications LX MIBs 0314 33 -- -- This MIB document is supplied "AS IS," and MRV -- Communications, Inc. makes no warranty, either express -- or implied, as to the use operation, condition, or -- performance of the MIB. -- Implementation of this group is mandatory for all MRV -- In-Reach LX systems that implement broadcast groups. -- the lxBroadcastGroup table sizeOfBroadcastGroupTable OBJECT-TYPE SYNTAX INTEGER (1..65534) ACCESS not-accessible STATUS mandatory DESCRIPTION "The size of the subscriberTable." ::= { terminalServer 6 } lxBroadcastGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF LxBroadcastGroupEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of broadcast group parameters." ::= { terminalServer 7 } lxBroadcastGroupEntry OBJECT-TYPE SYNTAX LxBroadcastGroupEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Broadcast group information." INDEX { lxBroadcastGroupIndex } ::= { lxBroadcastGroupTable 1 } LxBroadcastGroupEntry ::= SEQUENCE { lxBroadcastGroupIndex INTEGER, lxBroadcastGroupMode INTEGER, lxBroadcastGroupState INTEGER, lxBroadcastGroupAsyncMasterTimestampList DisplayString, lxBroadcastGroupAsyncMasterNoTimestampListGetting Started with MRV Communications LX MIBs 0314 34 DisplayString, lxBroadcastGroupTcpMasterTimestampList DisplayString, lxBroadcastGroupTcpMasterNoTimestampList DisplayString, lxBroadcastGroupAsyncSlaveDiscardList DisplayString, lxBroadcastGroupAsyncSlaveNoDiscardList DisplayString, lxBroadcastGroupAsyncSlaveLocalEchoList DisplayString, lxBroadcastGroupAsyncSlaveNoLocalEchoList DisplayString, lxBroadcastGroupTcpSlaveDiscardList DisplayString, lxBroadcastGroupTcpSlaveNoDiscardList DisplayString, lxBroadcastGroupTcpSlaveLocalEchoList DisplayString, lxBroadcastGroupTcpSlaveNoLocalEchoList DisplayString, lxBroadcastGroupAsyncMasterTimestampPort INTEGER, lxBroadcastGroupAsyncMasterNoTimestampPort INTEGER, lxBroadcastGroupTcpMasterTimestampPort INTEGER, lxBroadcastGroupTcpMasterNoTimestampPort INTEGER, lxBroadcastGroupAsyncSlaveDiscardPort INTEGER, lxBroadcastGroupAsyncSlaveNoDiscardPort INTEGER, lxBroadcastGroupAsyncSlaveLocalEchoPort INTEGER, lxBroadcastGroupAsyncSlaveNoLocalEchoPort INTEGER, lxBroadcastGroupTcpSlaveDiscardPort INTEGER, lxBroadcastGroupTcpSlaveNoDiscardPort INTEGER, lxBroadcastGroupTcpSlaveLocalEchoPort INTEGER, lxBroadcastGroupTcpSlaveNoLocalEchoPort INTEGER }Getting Started with MRV Communications LX MIBs 0314 35 lxBroadcastGroupIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "An index value that uniquely identifies a broadcast group." ::= { lxBroadcastGroupEntry 1 } lxBroadcastGroupMode OBJECT-TYPE SYNTAX INTEGER { line(1), character(2) } ACCESS read-write STATUS mandatory DESCRIPTION "A mode value for the broadcast group. The value 'line' means that the group is active and broadcasting data in line mode whereas the value 'character' means that the group is active and broadcasting data in character mode." DEFVAL { line } ::= { lxBroadcastGroupEntry 2 } lxBroadcastGroupState OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "A state value for the broadcast group. The value 'enabled' means that the group is active and broadcasting data whereas 'disabled' means that the group is not active." DEFVAL { disabled } ::= { lxBroadcastGroupEntry 3 } -- -- object types to display the master & slave port lists in a -- specific broadcast group. -- lxBroadcastGroupAsyncMasterTimestampList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Async Master Broadcast Ports with timestamp enabled for this group." ::= { lxBroadcastGroupEntry 4 } lxBroadcastGroupAsyncMasterNoTimestampList OBJECT-TYPEGetting Started with MRV Communications LX MIBs 0314 36 SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Async Master Broadcast Ports without timestamp enabled for this group." ::= { lxBroadcastGroupEntry 5 } lxBroadcastGroupTcpMasterTimestampList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Tcp Master Broadcast Ports with timestamp enabled for this group." ::= { lxBroadcastGroupEntry 6 } lxBroadcastGroupTcpMasterNoTimestampList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Tcp Master Broadcast Ports without timestamp enabled for this group." ::= { lxBroadcastGroupEntry 7 } lxBroadcastGroupAsyncSlaveDiscardList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Async Slave Broadcast Ports with discard enabled for this group." ::= { lxBroadcastGroupEntry 8 } lxBroadcastGroupAsyncSlaveNoDiscardList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Async Slave Broadcast Ports without discard enabled for this group." ::= { lxBroadcastGroupEntry 9 } lxBroadcastGroupAsyncSlaveLocalEchoList OBJECT-TYPE SYNTAX DisplayString ACCESS read-onlyGetting Started with MRV Communications LX MIBs 0314 37 STATUS mandatory DESCRIPTION "A list of the Async Slave Broadcast Ports with local echo enabled for this group." ::= { lxBroadcastGroupEntry 10 } lxBroadcastGroupAsyncSlaveNoLocalEchoList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Async Slave Broadcast Ports without local echo enabled for this group." ::= { lxBroadcastGroupEntry 11 } lxBroadcastGroupTcpSlaveDiscardList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Tcp Slave Broadcast Ports with discard enabled for this group." ::= { lxBroadcastGroupEntry 12 } lxBroadcastGroupTcpSlaveNoDiscardList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Tcp Slave Broadcast Ports without discard enabled for this group." ::= { lxBroadcastGroupEntry 13 } lxBroadcastGroupTcpSlaveLocalEchoList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "A list of the Tcp Slave Broadcast Ports with local echo enabled for this group." ::= { lxBroadcastGroupEntry 14 } lxBroadcastGroupTcpSlaveNoLocalEchoList OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTIONGetting Started with MRV Communications LX MIBs 0314 38 "A list of the Tcp Slave Broadcast Ports without local echo enabled for this group." ::= { lxBroadcastGroupEntry 15 } -- -- object types to configure the master & slave ports in a -- specific broadcast group. -- lxBroadcastGroupAsyncMasterTimestampPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "An Async Master Broadcast Port with timestamp enabled for this group." ::= { lxBroadcastGroupEntry 16 } lxBroadcastGroupAsyncMasterNoTimestampPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "An Async Master Broadcast Port without timestamp enabled for this group." ::= { lxBroadcastGroupEntry 17 } lxBroadcastGroupTcpMasterTimestampPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "A Tcp Master Broadcast Port with timestamp enabled for this group." ::= { lxBroadcastGroupEntry 18 } lxBroadcastGroupTcpMasterNoTimestampPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "A Tcp Master Broadcast Port without timestamp enabled for this group." ::= { lxBroadcastGroupEntry 19 } lxBroadcastGroupAsyncSlaveDiscardPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatoryGetting Started with MRV Communications LX MIBs 0314 39 DESCRIPTION "An Async Slave Broadcast Port with discard enabled for this group." ::= { lxBroadcastGroupEntry 20 } lxBroadcastGroupAsyncSlaveNoDiscardPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "An Async Slave Broadcast Port without discard enabled for this group." ::= { lxBroadcastGroupEntry 21 } lxBroadcastGroupAsyncSlaveLocalEchoPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "An Async Slave Broadcast Port with local echo enabled for this group." ::= { lxBroadcastGroupEntry 22 } lxBroadcastGroupAsyncSlaveNoLocalEchoPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "An Async Slave Broadcast Port without local echo enabled for this group." ::= { lxBroadcastGroupEntry 23 } lxBroadcastGroupTcpSlaveDiscardPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "A Tcp Slave Broadcast Port with discard enabled for this group." ::= { lxBroadcastGroupEntry 24 } lxBroadcastGroupTcpSlaveNoDiscardPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "A Tcp Slave Broadcast Port without discardGetting Started with MRV Communications LX MIBs 0314 40 enabled for this group." ::= { lxBroadcastGroupEntry 25 } lxBroadcastGroupTcpSlaveLocalEchoPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "A Tcp Slave Broadcast Port with local echo enabled for this group." ::= { lxBroadcastGroupEntry 26 } lxBroadcastGroupTcpSlaveNoLocalEchoPort OBJECT-TYPE SYNTAX INTEGER ACCESS write-only STATUS mandatory DESCRIPTION "A Tcp Slave Broadcast Port without local echo enabled for this group." ::= { lxBroadcastGroupEntry 27 } -- -- -- END -- End of MRV-LX-BROADCASTGROUP-MIB LX Series-Supported RFCs The LX also implements the MIBs defined by the following RFCs: • 1213 - MIB2 • 1659 - RS232 • 1907 - SNMPv2 • 1696 - Modem MIB • 1658 - Character Device • 1472 - PPP Security Protocols • 1471 - PPP Link Control Protocol • 1473 - PPP IP Network Control Protocol • 2574 - User Based Security Model for SNMPv3 • 2575 - View-based Access Control Model for SNMPv3Getting Started with MRV Communications LX MIBs 0314 41 Standard MIBs These files are standard RFC documents, as defined by the Internet Engineering Task Force (IETF). They are provided as information only, because they are used by MRV Communications in building Concatenated MIBs. The RFCs listed here are used solely by MRV Communications. Note: This is not to be considered an official repository of Requests for Comments (RFCs). It is considered a living document, whereby it is subject to change at any time. RFC1155.SMI “Structure of Management Information” RFC1212.SMI “Concise MIB Format” RFC1213.MIB “MIB II” RFC1215.SMI “Concise Trap Format” RFC1215.TRP “Trap Definitions” RFC1229.MIB “Extensions to Generic Interface MIB” RFC1284.MIB “MIB for Ethernet-like objects” RFC1317.MIB “MIB for RS-232-like Hardware Devices” RFC1354.MIB “IP Forwarding Table MIB” RFC1398.MIB “Definitions of Managed Objects for Ethernet-like Interface Types” RFC1471.MIB “Link Control Protocol of PPP” RFC1472.MIB “Security Protocols of PPP” RFC1473.MIB “IP Network Control Protocol of PPP” RFC1573A.MIB “V2 evolution of MIB-II, part A” RFC1573B.MIB “V2 evolution of MIB-II, part B” 450-0143 1 Release Notes LX Series Version 3.0.1 April 2003 450-0143J Contents Introduction................................................................................................................................. 3 New Version of ppciboot ............................................................................................................. 3 New Features and Enhancements ............................................................................................. 4 LX-4048S Device Support .................................................................................................... 4 Notification Enhancements.................................................................................................. 4 Reporting State Transitions of DCD/DSR and CTS to syslogd.......................................... 6 Global Feature Control......................................................................................................... 6 Pattern Matching.................................................................................................................. 7 SSH Public Key/Trusted Keys ............................................................................................. 7 SecurID Authentication ....................................................................................................... 8 The iptables Commands..................................................................................................... 10 TACACS+ Authentication and Accounting....................................................................... 11 Telnet Performance ............................................................................................................ 14 Telnet Break String............................................................................................................ 15 Ethernet Port Enhancement.............................................................................................. 15 Broadcast Group Enhancement......................................................................................... 16 Authentication Fallback Enable Command...................................................................... 16 MIB-Related RFCs .................................................................................................................... 16 Upgrading Software and ppciboot with the Command Line Interface.................................. 17 LX Series Notes and Restrictions............................................................................................. 18 SSH Public Key................................................................................................................... 18 CPU Usage Field ................................................................................................................ 18 Global Feature Control....................................................................................................... 18 Rebooting Outlet Groups.................................................................................................... 18 GUI Outlet Wake-Up State for IR-5150............................................................................ 18 no outlet 1 name Command ........................................................................................ 18 Menu Item Label ................................................................................................................ 18 Menu Control Key .............................................................................................................. 18 Changing Notification Message Priority........................................................................... 18 Async Port Pattern Matching ............................................................................................ 18 IP Interfaces........................................................................................................................ 19 PCMCIA Port ...................................................................................................................... 19 Outlet Groups ..................................................................................................................... 19 Known External Limitations.................................................................................................... 19 Java Cache Issue ................................................................................................................ 19 Windows 2000 Server ......................................................................................................... 19 Java Runtime Environment............................................................................................... 19LX Software Release Notes Version 3.0.1 2 450-0143 Notification Web Driver Nextel, Skytel, and Sprint......................................................... 19 Issues Fixed in 3.0.1 .................................................................................................................. 19 Configuring the IP Address................................................................................................ 19 Issues Fixed in 3.0.0 .................................................................................................................. 20 ppciboot Updates................................................................................................................. 20 Menu File Names................................................................................................................ 20 Mail Commands in Multiple Packets................................................................................. 20 Default Modem Command.................................................................................................. 20 Show Interface Port Mapping Screen................................................................................ 20 Modem Init String............................................................................................................... 20 Notification Service Profiles and User Profiles................................................................. 20 3DES.................................................................................................................................... 20 Config IP Network Number ............................................................................................... 21 LX Broadcast Address ........................................................................................................ 21 SNMP Contact and Location.............................................................................................. 21 V3 Client View Mask .......................................................................................................... 21 V3 View Mask Error Message ............................................................................................ 21 10/100 Ethernet Port .......................................................................................................... 21 TFTP Issue .......................................................................................................................... 21LX Software Release Notes Version 3.0.1 450-0143 3 Introduction These release notes provide important information about the LX product line. They cite supported features as well as any notes and restrictions for the following software version: • Software Image Version 3.0.1 Earlier releases are documented in the Archives Directory on the LX Documentation CD. It is also possible to download release notes by doing the following: 1. Point your browser to the MRV Service and Support site (http://service.mrv.com/support/). 2. Select In-Reach (IR and LX) from the Product Type pulldown list. 3. Select any LX product from the Product pulldown list. 4. Select the Software Updates option below the Products pulldown list. 5. Click the Get Information button. This displays the Software Updates page. 6. Select a Release Notes filename from the Software Updates page. NOTE: You must supply a User Name and password to download the Release Notes. New Version of ppciboot IMPORTANT The LX-4048 must run on 3.0.1 or higher software and the latest ppciboot firmware. If you have an LX-4008S-xxx unit running software version V2.0.0 or above, and you are updating to Release V3.0.1, you must also update the ppciboot (V1.0.1) for the software to function properly. If you have a different model LX unit, MRV Communications recommends that you perform the same ppciboot update. Refer to “Upgrading Software and ppciboot with the Command Line Interface” for information on performing the upgrade. When you upgrade the software, use the DIAG port (port 0) as your management port. MRV Commun