Lantronix SecureLinx Console Manager Software Release Notes Version 5.4 December 18, 2009 Copyright 2009, Lantronix Release notes are also available on the Lantronix web site (www.lantronix.com) and via anonymous FTP from ftp.lantronix.com. Contact Lantronix or your reseller for more information. This document describes the Lantronix SLC/SLB firmware release to update 5.0 and any subsequent firmware release to release 5.4. For all releases prior to 5.0, please update your firmware first to 5.2a, then to 5.4. =============== RELEASE SUMMARY =============== Current release: 5.4 ============================= ADDITIONAL PRODUCTS SUPPORTED ============================= V5.4 supports the SLC8, SLC16, SLC32, and SLC48 SecureLinx Console Managers, and the SLB884 SecureLinx Branch Office Managers. ================= FIRMWARE RELEASES ================= file: slcupdate-db-5.4.tgz key: 2a990ad2212412e5841b5ab966ab4aff Firmware update file slcupdate-db-5.4.tgz can be used to update any single or dual boot SLC or SLB running 5.X to 5.4. Do not rename the firmware file - it must retain the same filename in order for the firmware upgrade to complete successfully. The firmware can be updated via either the 'Firmware & Configurations' web page, or with the 'admin ftp' and 'admin firmware' CLI commands. Updating firmware via tftp does not use the FTP login, password, or path settings. Note: During the firmware update process, the SLC will download the firmware, and reboot the SLC . At this point, the second phase of the installation will commence, and when it is complete, the SLC will reboot one more time. After the second reboot, the firmware update will be complete. ============ NEW FEATURES ============ 1407 Email Log A log of emails that have been sent has been added. 1444 RIP Routing Table The RIP Routing table can now be displayed. 1685 Multiple Connection Termination Multiple connections can be terminated simultaneously at the web and CLI. 2061 Arrow Key Functionality during Menu Creation During menu creation at the CLI, the up and down arrow keys can be used to cycle through previously entered menu commands and nicknames, and the left and right arrow keys can be used to move forward and backward within the current menu command or nickname. 2062 Menu Copy A command has been added to make a copy of an existing menu. 2368 LCD and PC Card added to Port Panel on the Web Interface The LCD and upper and lower PC Card slots have been added to the port panel at the top of the web interface, making their respective web pages quickly accessible. 2499 Granular SNMP Trap Selection The SNMP traps sent to the NMS can be enabled or disabled individually. 3169 Unix/Shell Editing Keys in the CLI A small set of Unix/Shell editing keys (control-a, control-e, etc.) are now supported in the CLI. See 'help command line' for a list of the keys. (case C-050623-66552) 3170 Message on Connection to Device Port via SSH or Telnet When a user connects to a Device Port via SSH or Telnet, a message indicating that they are connected is displayed. (case C-050623-66553) 4017 Multiple Sysadmin Logins to the Web Interface The web can be configured to allow multiple sysadmin users to login to the web simultaneously. 4192 Modem Firmware Version The firmware version of PC Card modems is displayed on the PC Card modem web page and by the "show pccard" CLI command. The modem must be configured for any dial type (i.e., not disabled). After the first time the initialization string is sent to the modem, the string "AT+GMR" will be sent to the modem. 4747 Telnet Out is Configurable The SLC can be configured to disallow Telnet Out connections. 6041 Interface and Batch Scripting The capability to create scripts for pattern detection and action generation on a Device Port has been added (Interface scripts). These scripts support a subset of Expect/Tcl scripting. Batch scripts, which are a series of CLI commands and may be used to run a series of CLI commands repeatedly, are also supported. Documentation of the script syntax can be found in the online help for Scripts in the web. 6850 Ethernet Bonding Redundancy and load balancing for Ethernet 1 and Ethernet 2 has been added. (case C-070104-89110) 6900 Connection Termination A user is allowed to terminate any connection associated with his login or associated with a Device Port for which the user has data, listen or clear port buffer permissions. The only exception to this is that the user is not allowed to terminate the connection associated with his current CLI session. (case C-071212-102748) 7020 Key Shortcut to View Port Log during Connect Direct A key shortcut has been added that will allow a user directly connected to a Device Port to view the most recent pages of the port log of any Device Port. 7022 SNMP Trap for PC Card Actions A SNMP trap can be sent for PC Card actions - card insertion and removal. 7329 Physical Location Attributes Three attributes have been added to describe the location of each SLC and SLB - rack row, rack cluster and rack. 7458 Displaying Attached Servers The IP Address and hostname of the server attached to each Device Port can be displayed. 7473 Configuration Saved prior to Firmware Update The current configuration is automatically saved prior to any firmware update. The configuration is saved to the default location, with the name "before_MMDDYY_HHMM". 7476 Configurable LCD Screens The screens displayed on the LCD can be enabled and disabled, as well as reordered. A new screen with user-configurable strings has been added. 7477 SecureLinx Network Web Page The SecureLinx Network web pages have been consolidated into one web page that shows all devices on the network along with their hostnames, IP Addresses, firmware revisions, and ports (if applicable). Sort capabilities have also been added. 7545 Custom User Menu and Dialback Number for Remote Users 8983 A custom user menu and dialback number can be specified for each remote user and each remote authentication method. 7550 Configurable Java Terminal Buffer Size The number of lines in the Java Terminal buffer is now configurable. 7676 Save/Restore Config via HTTPS A configuration can be saved and restored via HTTPS. (case C-07201-90238) 7682 Limit Sysadmin Access to Console The SLC can be configured to restrict sysadmin logins to the console only. 7683 Number of Lines for Show Lines The number of lines displayed upon connecting to the Console Port or a Device Port, if Show Lines on Connecting is enabled, is now configurable. 7684 Firmware Update via PC Card and NFS Firmware update via PC Card and NFS is now supported. 7685 Navigation of Logs The Local, NFS, and PC Card Device Port logs can be more easily navigated with head, tail and paging functions. (case C-050310-61375) 7700 Lock/Unlock account for Remote Users Locking (blocking login access) and unlock is supported for remote users. 7710 User Attributes from LDAP Schema Remote user attributes (group/permissions and port access) can be obtained from an Active Directory server's schema via the user attribute "secureLinxSLCPerms". This attribute is a set of parameter-value pairs. Each parameter and value is separated by a space, and a space separates each parameter-value pair. Whitespace is not supported in the value strings. The parameters that are supported are: rights User rights. The value string is a comma separated list of two letter user permissions. Example: "nt,wb,ra". data Data port access. The value string specifies the list of ports the user has "direct" access to. Example: "2,4-18,U,L". listen Listen port access. The value string specifes the list of ports the user has "listen" access to. clear Clear port access. The value string specifies the list of port buffers the user has the right to clear. outlet Outlet port access. The value string is the list of SLB outlet the user has rights for. group User group. Valid values for the value string are "default", "power" and "admin". escseq Escape sequence. The value string specifies the user's escape sequence. Use "\x" to specify non-printable characters. For example, "\x1bA" specifies the sequence "ESC-A". brkseq Break sequence. The value string specifies the user's break sequence. menu Custom user menu. The value string specifies the user's custom user menu. 7739 Capability to disable IPv6 IPv6 can be disabled. Enabling or disabling IPv6 requires the SLC to be rebooted. 7821 Email Sender The email sender is now configurable. (case C-080911-112500) 7835 SSH Pre-Authentication Banner A banner can be displayed prior to SSH authentication. This is for SSH v2 only; SSH v1 protocol does not support a banner. (case C-071109-101625) 7839 Internal SLC Temperature The internal temperature of the SLC can be displayed and monitored. If the temperature falls outside of a configurable range, a SNMP trap can be sent for notification. 7842 Device Port User Right separated into Configuration and Operations The Device Port user right has been separated into two separate user rights for device port configuration and device port operations. At the CLI, the existing "dp" user right will be for configuration, and a new "do" user right has been added for operations. (case C-080501-107838) 7843 Email Audit Log The audit log can be emailed. (case C-070430-93776) 7844 Log Email Failures Any errors that occur during the sending of an email will be saved in the system log. (case C-070430-93777) 8091 Import SSL Certificates via HTTPS SSL Certificates can now be imported via HTTPS. 8336 Extend LDAP Bind Name The LDAP Base and Bind Name now handle up to 256 characters. 8508 Gratuitous ARP on Link Up The SLC sends a gratuitous ARP when an Ethernet Port link goes up. 8516 LCD Screen Auto-Scroll The LCD can be configured to automatically scroll through the screens that are enabled for display. 8274 PPP Dialback PPP Dialback is now supported for external modems connected to a Device Port and all types of PC Card modems. This includes acting as a Callback Client Protocol (CBCP) server and client. CBCP is used by Microsoft PPP peers to negotiate callback options. For more information on CBCP, see http://technet.microsoft.com/en-us/library/cc957979.aspx. 8636 Modem Log A log of all modem activity is viewable at the CLI (with the 'show log modem' command), and from the Device Port Settings and PC Card Modem Settings web pages. 8663 LDAP Binding with Current Login Setting the "Bind with Login" option will cause all LDAP bindings to use the login and password that a user authenticated with. This requires the Bind Name to be configured with a "$login" token, which will be replaced with the current login. For example, if the Bind Name is configured as "uid=$login,ou=People,dc=lantronix,dc=com", and user "roberts" logs into the SLC, LDAP will bind with "uid=roberts,ou=People,dc=lantronix,dc=com" and the password that user "roberts" entered. 8881 Configuring DHCP from the LCD The Eth1 Ethernet Port can be configured for DHCP from the LCD by toggling the [D]/[N] setting on the Eth1 IP Address. 8898 SSH/Telnet Timeout for each Device Port Each Device Port has a separate timeout for incoming SSH and Telnet connections. 9238 Ethernet Port MTU The MTU for each Ethernet Port can now be configured. (case 090904-000017) ========= BUG FIXES ========= 2434 Console Port Connectivity The Console Port status shown on the Status/Reports web page and via the 'show sysstatus' CLI command accurately reflects the console port connectivity. 7574 Users with Local Users rights can change Local User passwords Any user with Local Users rights can now change the password of any Local User. (case C-080602-108939) 7597 Cardbus PC Cards Cardbus PC Cards are now supported. 8498 TCP Keepalive for Telnet In/Out and TCP Raw In/Out 8499 Telnet In/Out connections and TCP Raw In/Out connections now honor the TCP Keepalive settings. ========== KNOWN BUGS ========== 1. Changing Remote Authentication may require reboot Configuring server-related parameters (IP Address, domain, base, port,...) for any of the remote authentication methods (NIS, LDAP, etc.) may require a reboot of the SLC before the changes take affect. Changing any of the non-server parameters (custom menu, permissions, etc.) does not require a reboot. 2. SSH access to Device Ports via putty In the case where Putty is used to access Device Ports, the user will be prompted for login and password even if SSH authentication is disabled for the Device Port. 3. Best Data external modems Best Data external modems may exhibit problems. 4. SLC upgraded to 4.2 cannot use a browser to upload new upgrade patch SLC with firmware version 4.2 imaged at Lantronix manufacturing do not have this problem. SLC that had older firmware that used a patch to upgrade its firmwware to version 4.2, cannot use the browser to upload new patch - these versions can still use other methods (e.g. SFTP or TFTP) to upgrade. Once the SLC is updated to version 4.3, the problem will no longer exist. 5228 Remote LDAP users cannot use SSHv1 Remote LDAP users will be denied access to the SLC when using SSHv1. ==================== DOCUMENTATION ERRATA ==================== None