[AT] - How to set up a Lantronix SLC Console Server

Contents

These notes describe how to configure a new out-of-the-box Lantronix SLC unit located at AT so that it can be used in conjunction with the School's conserver infrastructure. The general idea is that the SLC should be configured as minimally as possible: we want to drive it as a dumb terminal server which has minimal knowledge both of the machines which it serves, and of our network.

Important: These instructions apply to AT only; there are separate instructions for configuring a Lantronix box at either the Informatics Forum or KB.

The SLC can be configured in four ways:

  1. via the LCD front panel; or
  2. via a command line interface using a direct console connection cabled to the front panel; or
  3. via a command line interface via ssh (after basic networking has been set up); or
  4. via a web interface (again, after basic networking has been set up).

Generally, use the front panel to get the SLC networked; thereafter, use either the web or ssh interfaces. All configuration is necessarily by hand: there are no useful SNMP hooks.

1. Configuring basic networking

To configure basic networking, first add the SLC to the DNS and set up DHCP service in the usual way:

  1. Choose a hostname and IP address for the new SLC; set it up in dns/inf. The IP address should be on the (non-routed) 'ATSOL' subnet 192.168.93.0/24.
  2. Set up and compile an appropriate LCFG profile for the SLC. (The profile 'lcfg/srslc00' could be used as a template; the MAC address of the SLC is printed on the base of the unit.)

When the above set-ups have propagated:

  1. Connect the SLC to the network using the first of its ethernet ports, eth1.
  2. Power up the SLC. After it's initialised, press the right arrow on the front panel to display 'Network Settings'.
  3. Confirm that DHCP service is working:
    • If the correct IP address has been acquired via DHCP, it will be displayed on the panel followed by the characters '[D]'.
    • If the correct IP address has not been acquired, reset the SLC by pressing the right arrow repeatedly to move to the last option 'Release', press the down arrow to move to 'Restore Factory Defaults', press 'Enter' to enter edit mode, enter the default password (it is 999999) by using the arrow keys to navigate, press 'Enter', and select 'Yes'. The SLC will reboot, and will again attempt to acquire an address via DHCP.

Once the correct IP address has been acquired, proceed as follows:.

2. Final configuration via ssh over the network.

Login to atconsoles (the conserver server which is used to front-end all SLC's in AT) and connect to the SLC as the administrator user sysadmin via ssh:

  ssh <SLC hostname> -l sysadmin

On delivery, the sysadmin password is 'PASS': this will be changed directly.

The first time you log in to the SLC, the 'Quick Setup' script runs. Either confirm or select the following options:

  • Configure Eth1: (3) static IP Address
  • IP Address: (as appropriate)
  • Subnet Mask: 255.255.255.0
  • Gateway IP Address: none
  • Hostname: (whatever has been chosen)
  • Domain: at.net.inf.ed.ac.uk
  • Time zone: UTC
  • Change current time: n
  • Sysadmin password: (the usual one)

That completes the 'Quick Setup' dialogue and you should now be presented with the SLC's command line interface in which the following commands should be entered:

Date & Time

Enable NTP:

  set ntp localserver1 192.168.93.250
  set ntp poll local
  set ntp sync poll
  set ntp state enable

(Comment: 192.168.93.250 is the address of atconsoles 's interface on the ATSOL subnet.)

SNMP

Disable SNMP:

  set services snmp disable

(Comment: at the current firmware release, SNMP is disabled by default anyway, so this setting is a belt-and-braces one for security. In general, the SLC's SNMP facility doesn't seem to offer us much.)

DNS

Configure a DNS server:

  set network dns 1 ipaddr 192.168.93.250

(Comment: 192.168.93.250 is the address of atconsoles 's interface on the ATSOL subnet.)

Device Ports

Configure all device ports to run at 9600,8,n,1:

  set deviceport port ALL baud 9600
  set deviceport port ALL databits 8
  set deviceport port ALL parity none
  set deviceport port ALL stopbits 1

(Comment: at the current firmware release, these are the default settings for all device ports.)

Configure all device ports to accept ssh in without a timeout, and not to do local logging:

  set deviceport port ALL sshin enable
  set deviceport port ALL sshtimeout disable
  set deviceport port ALL locallogging disable

(Comments:

  1. The most recent release of the SLC firmware has introduced a ten minute timeout for ssh connections to all device ports, by default, We don't want that, since we use ssh to make all the permanent console connections between conserver and the SLC's.
  2. 'locallogging' means that the SLC itself maintains a local log (a circular buffer, of length 256 kB) of I/O activity for each console. Whilst in certain circumstances this could be useful, it isn't necessary for us since we're doing console logging via conserver. So we disable it in order to avoid continual writes to the Lantronix box's internal CompactFlash card.)

Allow the maximum (10) number of simultaneous incoming connections on each device port:

  set deviceport port ALL maxdirect 10

(Comment: The default number of simultaneous incoming connections per device port is one, and integration of the SLC with conserver in fact requires only one connection per device port. But again, as a belt-and-braces measure, it's useful to set this figure higher in case access to any of the SLC's device ports is ever wanted outside of the framework provided by conserver.)

User Authentication

Allow 'Local User' authentication only and add the necessary conserver user:

  set auth localusers 1
  set localusers state enable
  set localusers add conserver group default

Set the conserver user's password to something suitably secret. (Note that this password doesn't have to be remembered, nor will it ever be used to access the SLC as the conserver user.):

  set localusers password conserver
  New password: <something secret>
  Reenter password: <something secret>

Import the conserver user's SSH public key (which can be found on atconsoles, the conserver server which is to be used to front-end all SLC's in AT):

  set sshkey import scp \ 
    keyhost atconsoles.inf.ed.ac.uk \ 
    keyuser conserver \ 
    path /etc/conserver/slckeys \ 
    file conserver_rsa.pub \ 
    host <Canonical FQDN of the AT console server 'atconsoles'> \ 
    login <your DICE username> 

(Note: a raw IP address cannot be used for the host parameter in the above command: the scp command doesn't seem to like that; and the resulting call will simply hang.)

Finally, exit the command-line interface session:

  logout

3. Testing the final configuration

Login to atconsoles (the conserver server which is used to front-end all SLC's in AT), nsu to root, and enter the command:

  ssh -x -l conserver -i /etc/conserver/slckeys/conserver_rsa <FQDN of SLC>

When prompted whether or not to accept the SLC's host public-key, do so - it will be stored in the file atconsoles:/root/.ssh/known_hosts. (If this key transfer isn't considered sufficiently secure, the SLC's host public key could alternatively be stored in known_hosts either by using the SLC's web interface, or its command line interface.)

If you're connected without being prompted for a password, then the set-up of the conserver user has been successful - so logout from the SLC's command-line interface.

Now, check you can directly attach to a device port on the SLC:

  ssh -x -l conserver -i /etc/conserver/slckeys/conserver_rsa -p 3001 <FQDN of SLC>

This command should execute with no warnings or any other output. If so, it's successful: escape using the sequence ~~..

That concludes the configuration of the SLC and it should now be in a state to be front-ended by conserver. What remains is to physically attach serial consoles to the SLC, to configure conserver via its appropriate resources, and to then test that the console command works as expected for the newly attached consoles.

4. Upgrade the firmware

Login to atconsoles (the conserver server which is used to front-end all SLC's in AT) and connect to the SLC as the administrator user sysadmin via ssh:

  ssh <SLC hostname> -l sysadmin

then upgrade the firmware to the current revision in use here (at January 2011, this is v5.4) as follows:

  [srslcnn] admin ftp server 192.168.93.250
  Server settings successfully updated.
 
  [srslcnn] admin firmware update tftp file slcupdate-db-5.4.tgz key 2a990ad2212412e5841b5ab966ab4aff
  The SLC is currently using Bank 2, firmware update will be applied to Bank 1.
  Do you want to continue? [no] yes
  Copy configuration from Bank 2 to Bank 1 during firmware update? [yes] yes
  ...[snip]...

  [srslcnn] admin reboot

After the SLC has rebooted, confirm that the upgrade has been successful by again ssh'ing to it as sysadmin and running:

  admin version
  admin firmware show

Comments:

  1. The TFTP server to which the firmware upgrades will have been downloaded is atconsoles; 192.168.93.250 is the address of atconsoles 's interface on the ATSOL subnet.
  2. Each firmware update is associated with a key which needs to be specified in the upgrade process, as above. The above key is correct for 5.4; keys for any future firmware updates should be retrieved from the Lantronix download site at the same time as the firmware itself is downloaded.
  3. It is important to answer 'yes' to the 'copy configuration' question in the above dialogue: this is what saves the existing SLC configuration. See the Lantronix SLC firmware upgrade note.
  4. In the (unlikely) event of upgrading the firmware of an SLC that is currently running firmware older than 5.0, also refer to the pre-v5.0 upgrade note.

5. Comments

  1. All of the set-up commands in section 2 could be entered via the SLC's web admininstration interface - if that were considered more convenient.
  2. It would be possible to automate the commands given in section 2 using Expect scripts. This effort hasn't been made yet, and may be more trouble than it's worth.
  3. It would also be possible to automate updates to the SLC's configuration (eg altering baud rates of selected device ports) using Expect scripts triggered via rfe maps. This would provide a workaround for the lack of SNMP hooks, and would end up with a similar management interface to that presented by our network switches. Since the SLC's configuration is not expected to change much - if at all - it's questionable if this is worth the effort.

6. Reference

  1. SecureLinx Console Manager User Guide
  2. Lantronix SLC home page

-- IanDurkacz - 02 Feb 2010

Topic revision: r11 - 07 Sep 2016 - 13:53:36 - IanDurkacz
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies