Best Practices¶

This document contains best practices, tips, and tricks for the Lantronix product family.

User Management¶

If you have more than 20 users, consider offloading Authentication to TACACS or RADIUS
Create groups and add users to groups (may be multiple groups per user)
Add email address to user account for alerting and reporting
Disable users instead of deleting
Use lowercase for all usernames unless required by TACACS/RADIUS; usernames are case-sensitive

Disable the "admin" user
Disable the "administrator" user
Assign privileges to groups, not to individual users
Keep the default "deny use system auth" permission to ensure users authenticate with managed devices.
When creating roles, subtract permissions from the default "admin" role instead of building a new role from scratch
If using third-party AAA:
- Cache passwords
- Enable failover to local passwords when the network is down
If forwarding Auditing information, use stop-only.

Change emsadmin's password
- Changing the root password is NOT recommended. It cannot be recovered if it is lost / forgotten. (The root user is not allowed to log in via SSH.)
Configure NTP
Enable echo service

Verify serial communication using the terminal command prior to initializing port
Ensure IOS and ROMMON baud rates are the same
Create a functional account for Local Managers to use when managing devices
Make use of advanced drivers where possible
Enable all passive monitoring
Allow LM to clear device log on managed device

Subscribe to the "no heartbeat" report to stay informed of LMs that have gone offline
Subscribe to the "Failed Logins" report; this will show you if someone is trying to break into your Local Managers.