manualshive.com logo in svg

Black Box LS1016A, User Manual

Share
Download
Black Box LS1016A User Manual Download Page 374

Appendix G - IPSEC

374

BLACK BOX 

®

Advanced Console Server

Using IPsec to create a VPN

A VPN, or Virtual Private Network lets two networks communicate securely when the only 
connection between them is over a third network which they do not trust. 

The method is to put a security gateway machine between each of the communicating net-
works and the untrusted network. The gateway machines encrypt packets entering the 
untrusted net and decrypt packets leaving it, creating a secure tunnel through it.

The Authentication

A complication, which applies to any type of connection, is that a secure connection cannot 
be created magically. There must be some mechanism which enables the gateways to reliably 
identify each other. Without this, they cannot sensibly trust each other and cannot create a 
genuinely secure link.

In the BLACK BOX 

®

Advanced Console Server  IPsec implementation there are two methods 

of authentication:

1.

A shared secret provides authentication. If Alice and Bob are the only ones who know a 
secret and Alice receives a message which could not have been created without that 
secret, then Alice can safely believe the message came from Bob. 

2.

A public key or RSA authentication can also provide authentication. If Alice receives a 
message signed with Bob's private key (which of course only he should know) and she 
has a trustworthy copy of his public key (so that she can verify the signature), then she 
can safely believe the message came from Bob. 

The Encryption

In a tunnel, the two system must have a common key that they will use to encrypt and 
decrypt the packages. The key for the encryption can be provided in two ways:

Maual keying

The two ends share a secret key to encrypt their message. Of 
course, if an enemy gets the key, all is lost. The BLACK BOX 

®

Advanced Console Server  IPsec implementation does not 
support manual keying.

Automatic keying

The two systems authenticate each other and negotiate their 
own secret key. The key are automatically changed periodically.

Summary of Contents for LS1016A

Page 1: ...Guide CUSTOMER Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 SUPPORT Tech Support and Ordering 724 746 5500 1 877 877 BBOX Fax 724 746 0746 INFORMATION To contact us about Black Box products or services info blackbox com SEPTEMBER 2003 LS1016A LS1032A ...

Page 2: ...t names mentioned in this publication are trademarks or registered trademarks of their respective holders Black Box BLACK BOX Advanced Console Server LS1032A LS1016A are registered trademark of Black Box Corporation Microsoft Windows 95 98 XP ME NT and 2K are trademarks of Microsoft Corporation UNIX is a trademark of UNIX System Laboratories Inc Linux is a registered trademark of Linus Torvalds Th...

Page 3: ...rver 19 What s in the box 20 Safety Instructions 23 Battery 25 FCC Warning Statement 26 Aviso de Precaución S Mark Argentina 26 Trabajar dentro del BLACK BOX Advanced Console Server 28 Batería 29 Chapter 2 Installation Configuration and Usage Introduction 31 System Requirements 31 Default Configuration Parameters 32 Pre Install Checklist 33 Task List 34 The Wizard 34 Quick Start 36 Configuration u...

Page 4: ...essing Serial Ports using ts_menu 63 Accessing Serial Ports using the Web Interface 64 Chapter 3 Additional Features Introduction 65 Configuration Wizard Basic Wizard 66 Using the Wizard through your Browser 72 Access Method 73 Configuration for CAS 73 Configuration for TS 88 Configuration for Dial in Access 96 Authentication 100 Parameters Involved and Passed Values 100 Configuration for CAS TS a...

Page 5: ...56 Syntax 157 Parameters Involved and Passed Values 166 Configuration for CAS TS and Dial in Access 166 Generating Alarms 172 Port Slave Parameters Involved with Generating Alarms 172 Configuration for CAS TS and Dial in Access 172 Syslog ng Configuration to use with Alarm Feature 179 Alarm Sendmail Sendsms and Snmptrap 181 Help 188 Help Wizard Information 188 Help Command Line Interface Informati...

Page 6: ...lues 237 Configuration for CAS 238 SNMP 246 Configuration for CAS TS and Dial in Access 248 Syslog 249 Port Slave Parameters Involved with syslog ng 250 Configuration for CAS TS and Dial in Access 250 The Syslog Functions 256 Terminal Appearance 271 Parameters Involved and Passed Values 271 Configuration for CAS TS and Dial in Access 272 Time Zone 280 How to set Date and Time 281 Appendix A New Us...

Page 7: ...s Crossover Cables 303 Which cable should be used 303 Cable Diagrams 304 Appendix C The pslave Configuration File Introduction 311 Configuration Parameters 311 CAS TS and Dial in Common Parameters 311 CAS Parameters 321 TS Parameters 331 Dial in Access Parameters 333 Appendix D Linux PAM Introduction 337 The Linux PAM Configuration File 339 Configuration File Syntax 339 Newest Syntax 342 Module Pa...

Page 8: ...Default Configuration of the Web Configuration Manager 366 Using a different speed for the Serial Console 366 CPU LED 368 Appendix F Certificate for HTTP Security Introduction 369 Procedure 369 Appendix G IPSEC Introduction 373 Basic IPsec Knowledge 373 Using IPsec to create a VPN 374 The Authentication 374 The Encryption 374 The software parts 375 IPSec Configuration 375 The configuration file 37...

Page 9: ...ications of IPsec 389 Configuration 390 Before you Start 390 Set up and test networking 390 Enabling IPsec 390 Quick Start 390 Road Warrior remote access 390 BLACK BOX Advanced Console Server to network VPN 393 Setting up RSA authentication keys 394 Generating an RSA key pair 395 Exchanging authentication keys 395 The Configuration File 396 Description 396 Conn Sections 398 Config Sections 402 Rec...

Page 10: ... Started 408 Changing the Root Password 409 Adding and Deleting Users 409 Adding a User 409 Deleting a User 410 Adding and Deleting User Groups 411 Adding a group 411 Deleting a group 411 Adding and Deleting Access Limits 412 Adding an Access Limit 412 Deleting an access limit 413 Appendix I Connect to Serial Ports from Web Introduction 415 Tested Environment 415 On Windows 416 From Internet Explo...

Page 11: ... wiz auth 428 Data Buffering Parameters wiz db 429 Power Management Parameters wiz pm 429 Serial Settings Parameters wiz sset type 430 Sniffing Parameters wiz snf 431 Syslog Parameters wiz sl 431 Terminal Appearance Parameters wiz tl 431 Terminal Server Profile Other Parameters wiz tso 432 Appendix L Copyrights References 433 List of Figures 437 List of Tables 441 Glossary 443 Index 447 ...

Page 12: ...Table of Contents 12 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 13: ...cess very familiar It is not necessary to be a UNIX expert however to get the BLACK BOX Advanced Console Server up and running There are two audiences or user levels for this manual New Users These are users new to Linux and or UNIX with a primarily PC Microsoft background You might want to brush up on such things as common Linux UNIX commands and how to use the vi editor prior to attempting insta...

Page 14: ...le fea tures of the BLACK BOX Advanced Console Server It provides configuration instruc tions for syslog data buffers authentication filters DHCP NTP SNMP clustering and sniffing Appendix A New User Background Information contains information for those who are new to Linux UNIX Appendix B Cabling Hardware and Electrical Specifications has detailed information and pinout diagrams for cables used wi...

Page 15: ... incorporated into the product The Glossary provides definitions for commonly used terms in this manual Conventions and Symbols This section explains the significance of each of the various fonts formatting and icons that appear throughout this guide Fonts This guide uses a regular text font for most of the body text and Courier for data that you would input such as a command line instruction or d...

Page 16: ... You will modify four Linux files to let the BLACK BOX Advanced Console Server know about its local environment Step A Modify pslave conf Open the file plsave conf and add the following lines Parameter Syntax This manual uses standard Linux command syntaxes and conventions for the parameters described within it Brackets and Hyphens dashes The brackets indicate that the parameter inside them is opt...

Page 17: ...ng of the text will be considered not the literal text When the text is not encapsulated the literal text will be considered Spacing and Separators The list of users in the following example must be separated by semicolons the outlets should be separated by commas to indicate a list or with dashes to indicate range there should not be any spaces between the values sXX pmusers The user access list ...

Page 18: ... that explains and or expedites the use of the BLACK BOX Advanced Console Server Important An important tip that should be read Review all of these notes for critical information Warning A very important type of tip or warning Do not ignore this information DANGER Indicates a direct danger which if not avoided may result in personal injury or damage to the sys tem Security Issue Indicates security...

Page 19: ...ly connected to the BLACK BOX Advanced Console Server Telnet ssh over a network A browser And configure it with any of the following four options vi Wizard Browser Command Line Interface CLI only for certain configuration parameters With the BLACK BOX Advanced Console Server set up as a Console Access Server you can access a server connected to the BLACK BOX Advanced Console Server through the ser...

Page 20: ... current availability Figure 1 Cable Package 1 Figure 2 Cable Package 2 The following figures show the main units and accessories included in package RJ 45 to DB 25 Black Box Sun Netra adapter Female adapter RJ 45 to DB 9 F RJ 45 straight through cable adapter RJ 45 to DB 25 Male adapter Black Box Sun Netra cable RJ 45 to DB 25 Female crossover cable RJ 45 to DB 9 Female crossover cable RJ 45 to D...

Page 21: ...supply The single power units will have just one power cable Manual Loop back Connector Modem Cable Cable Package 1 OR Cable Package 2 Manual Back View of the 32 Port BLACK BOX Advanced Console Server Version 2 1 4 Revision 1a User Guide CUSTOMER Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 SUPPORT Tech Support and Ordering 724 746 5500 1 877 877 BBOX Fax 724 746 0746 INFORMATION T...

Page 22: ...able Package 1 OR Cable Package 2 Manual Back View of the 16 Port BLACK BOX Advanced Console Server Version 2 1 4 Revision 1a User Guide CUSTOMER Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 SUPPORT Tech Support and Ordering 724 746 5500 1 877 877 BBOX Fax 724 746 0746 INFORMATION To contact us about Black Box products or services info blackbox com SEPTEMBER 2003 LS1016A LS1032A ...

Page 23: ...en into the Important To help protect the BLACK BOX Advanced Console Server from electrical power fluctuations use a surge suppressor line conditioner or uninterruptible power supply Important Be sure that nothing rests on the cables of the BLACK BOX Advanced Console Server and that they are not located where they can be stepped on or tripped over Important Do not spill food or liquids on the BLAC...

Page 24: ...pment before touching anything inside it Important Keep your BLACK BOX Advanced Console Server away from heat sources and do not block cooling vents Important The BLACK BOX Advanced Console Server product DC version is only intended to be installed in restricted access areas Dedicated Equipment Rooms Equipment Closets or the like in accordance with Articles 110 18 110 26 and 110 27 of the National...

Page 25: ...ame or equivalent type recommended by the manufacturer Dispose of used batteries according to the manufacturer s instructions WARNUNG Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr Ersetzen Sie die Batterie nur durch den gleichen oder vom Hersteller empfohlenen Batterietyp Entsorgen Sie die benutzten Batterien nach den Anweisungen des Herstellers ...

Page 26: ...LACK BOX Advanced Console Server does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le BLACK BOX Advanced Console Server n émete pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le règlement sur le brouil...

Page 27: ...nte Para proteger al BLACK BOX Advanced Console Server de fluc tuaciones en corriente eléctrica utilice una fuente eléctrica de respaldo Importante Asegurarse de que nada descanse sobre los cables del BLACK BOX Advanced Console Server y que los cables no obstruyan el paso Importante Asegurarse de no dejar caer alimentos o bebidas en el BLACK BOX Advanced Console Server Si esto ocurre avise a Black...

Page 28: ...ntenga el BLACK BOX Advanced Console Server fuera del alcancé de calentadores y asegurarse de no tapar la ventilación del equipo Importante El BLACK BOX Advanced Console Server con alimentación de corriente directa CD solo debe ser instalado en áreas con restricción y de acu erdo a los artículos 110 18 110 26 y 110 27 del National Electrical Code ANSI NFPA 701 Edición 1999 Para conectar la corrien...

Page 29: ...a batería nueva puede explotar si no esta instalada correctamente Remplace la batería cuando sea necesario solo con el mismo tipo recomendado por el fabricante de la batería Deshacerse de la batería de acuerdo a las instruc ciones del fabricante de la batería ...

Page 30: ...Introduction and Overview 30 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 31: ...want to brush up prior to proceeding with this chapter with the essential background information presented in Appendix A New User Background Informa tion Even if you are a UNIX user and find the tools and files familiar do not configure this product as you would a regular Linux server The chapter is divided into the following sections System Requirements Default Configuration Parameters Pre Instal...

Page 32: ...the screen flow and input values needed for this configuration mode If you choose the CLI Command Line Interface method this allows you to configure certain parameters for a specified serial port or some network related parameters Specifics of this method are discussed under the appropriate option title in Chapter 3 Additional Features Default Configuration Parameters DHCP enabled if there is no D...

Page 33: ...em If you have a UNIX operating system you will be using Kermit or Minicom IP Address of PC or terminal BLACK BOX Advanced Console Server NameServer and Gateway You will need to locate the IP address of your PC or workstation the BLACK BOX Advanced Console Server and the machine that resolves names on your network Your Network Administrator can supply you with these If there is outside access to t...

Page 34: ...ction and Log In Task 3 Modify the System Files Task 4 Edit the pslave conf file Task 5 Activate the changes Task 6 Test the configuration Task 7 Save the changes Task 8 Reboot the BLACK BOX Advanced Console Server The Wizard The eight key tasks can also be done through a wizard in the 2 1 plus versions of the BLACK BOX Advanced Console Server Basic Wizard The Basic Wizard will configure the follo...

Page 35: ...Wizard Further configuration of the BLACK BOX Advanced Console Server can be done through one of several customized wizards These procedures are explained under their respective topic heading in Chapter 3 Additional Features There are custom wizards for the following optional configurations Access Method Generating Alarms Authentication Data Buffering Help Serial Settings Session Sniffing Syslog T...

Page 36: ...four methods Console Browser Telnet CLI Command Line Interface If you have a serial port that you can use as a console port use the Console method If you have access to telnet you can use this method while New Users may prefer the Browser method for its user friendliness Configuration using a Console Step 1 Connect the console cable Connect the console cable created from the RJ 45 straight through...

Page 37: ...A T I O N W I Z A R D INSTRUCTIONS for using the Wizard You can 1 Enter the appropriate information for your system and press ENTER or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you mu...

Page 38: ...y After you confirm and save the basic parameters you will be presented with the shell prompt From there either select to continue configuration using the vi editor or use the browser or CLI method if appropriate The BLACK BOX Advanced Console Server is now configured as a CAS with its new IP address with no authentication and accepting telnet to the serial ports You can telnet the CAS IP serial p...

Page 39: ... do not have a DHCP Server in your LAN add a route pointing to the BLACK BOX Advanced Console Server IP From the workstation issue a command to add a route pointing to the network IP address of the BLACK BOX Advanced Console Server 192 168 160 0 accessed through the workstation s Ethernet interface For Linux the command would be route add net 192 168 160 0 24 gw IP address assigned to the workstat...

Page 40: ...tion Manager Step 4 Enter root as login name and tslinux as password Step 5 Click the Submit button This will take you to the Configuration Administration Menu page shown in the following figure Figure 6 Configuration Administration Menu page Need new screen shot with new product in Red LS1032A Link for changing password ...

Page 41: ...Information Section Step 6 Click on the General link Figure 7 General page Step 7 Configure parameters presented in the fields Step 8 Click on the Submit button Step 9 Make the changes effective Security Issue Change the password of the Web root user as soon as possible The user database for the Web Configuration Manager is different than the sys tem user database so the root password can be diffe...

Page 42: ...r or you IP address with no authentication and accept ing telnet to the serial ports You can telnet the CAS IP serial port 1 with the fol lowing command telnet IP assigned 7001 To explore the BLACK BOX Advanced Console Server features either continue configuration using browser use the vi editor from the console or use CLI if appro priate A description of each of the links on the five sections of ...

Page 43: ...rts Configuration of Portslave package Serial Port Groups Configuration of User Groups for Serial Ports Host Table Table of hosts in etc hosts Static Routes Static routes defined in etc network st_routes IPsec IPsec connections configuration IP Tables Static IPTables Filter in etc network firewall Boot Configuration Configuration of parameters used in the boot process Edit Text File Tool to edit a...

Page 44: ...t the BLACK BOX Advanced Console Server s date and time Active Sessions Shows the active sessions CAS Sessions Shows the CAS sessions Process Status Shows the running processes and allows the administrator to kill them Restart Processes Allows the administrator to start or stop some specific processes PCMCIA Allows the administrator to insert and eject PCMCIA cards Table 5 Web User Management Sect...

Page 45: ... to add or delete routes ARP Cache Shows the ARP cache IP Statistics Shows IP protocol statistics ICMP Statistics Shows ICMP protocol statistics TCP Statistics Shows TCP protocol statistics UDP Statistics Shows UDP protocol statistics RAM Disk Usage Shows the BLACK BOX Advanced Console Server File System status System Information Shows information about the kernel time CPU and memory Note The link...

Page 46: ...he workstation used to manage the servers Step 2 If you do not have a DHCP Server in your LAN add a route pointing to the BLACK BOX Advanced Console Server IP From the workstation issue a command to add a route pointing to the network IP address of the BLACK BOX Advanced Console Server 192 168 160 0 accessed through the workstation s Ethernet interface For Linux the command would be route add net ...

Page 47: ...nt to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue After yo...

Page 48: ...IP address Don t worry The new configuration will be valid The BLACK BOX Advanced Console Server is now configured as a CAS with its assigned by DHCP or you IP address with no authentication and accepting telnet to the serial ports You can telnet the CAS IP serial port 1 with the following command telnet IP assigned 7001 After you confirm the basic parameters you will be presented with the shell p...

Page 49: ...ar Log in as root default password is linux A new password should be created as soon as possible The terminal parameters should be set as follows Serial Speed 9600 bps Data Length 8 bits Parity None Stop Bits 1 stop bit Flow Control none ANSI emulation You may now skip to Task 4 Edit the pslave conf file Important Any configuration change must be saved in flash once validated To save in Flash run ...

Page 50: ... terminal to the BLACK BOX Advanced Console Server via an Ethernet connection in order to manage the BLACK BOX Advanced Console Server The workstation used to access the BLACK BOX Advanced Console Server through telnet or ssh uses a LAN connection These events can be summarized as follows PC Hyper terminal COM port connects via serial cable to the BLACK BOX Advanced Console Server s console port P...

Page 51: ...al Specifications Step 3 Connect Hub to PC and the BLACK BOX Advanced Console Server Your workstation and BLACK BOX Advanced Console Server must be on the same physical LAN Connect one RJ 45 cable from the Ethernet port of the BLACK BOX Advanced Console Server to the hub and another from the hub to the workstation used to manage the servers Step 4 Install and launch HyperTerminal Kermit or Minicom...

Page 52: ...t File Properties and click the Connect To tab Select the available COM port number from the Connection dropdown Figure 8 Choose a free COM port Step 2 Configure COM port Click the Configure button hidden by the dropdown menu in the above figure Your PC considered here to be a dumb terminal should be configured to use 9600 bps 8 data bits no parity 1 stop bit and no flow control as shown in the fo...

Page 53: ... 53 Figure 9 Port Settings Step 3 Power on the BLACK BOX Advanced Console Server Step 4 Click OK on the Properties window You will see the BLACK BOX Advanced Console Server booting on your screen After it finishes booting you will see a login prompt 9600 ...

Page 54: ...nux a UNIX like operating system and those not familiar with it will want to refer to Appendix A Step 1 Type root and press Enter Step 2 At the password prompt type tslinux Press Enter Step 3 Modify etc hostname In HyperTerminal type vi etc hostname without the quotes and press Enter Arrow over the existing text in the file type r for replace and type the first number of the model of your BLACK BO...

Page 55: ...n the network Modify the file using the vi as you did in Step 1 Figure 11 Contents of the etc hosts file Step 5 Modify etc resolv conf This file must contain the domain name and nameserver information for the network Obtain the nameserver IP address from your Network Administrator The default contents of this file are domain mycompany com nameserver 200 200 200 2 LES2800A 16 Replace to match hostn...

Page 56: ...tc passwd file has the user root with password tslinux You should change the password for user root as soon as possible Before changing any password or adding new users you should also activate shadow password if it is needed The BLACK BOX Advanced Console Server has support for shadow password but it is not active by default To activate shadow password follow the steps listed below Step A Create ...

Page 57: ... parameters need to be modified or confirmed for a basic configuration conf eth_ip if you disabled DHCP all authtype all protocol A listing of the pslave conf file with all possible parameters as well as the files used to create other configurations from parameters in this file is provided in Appendix C The pslave Con figuration File Additional optional modifications made to this file will depend ...

Page 58: ...arameter can be overridden by a s parameter appearing later in the pslave conf file or vice versa Power Users To find out what to input for these three parameters so that you can configure what you need go the appropriate appendix where you will find a complete table with an explanation for each parameter You can use the templates from that same Appendix pslave conf cas etc as reference conf eth_i...

Page 59: ...cation is performed using a Radius authentication server TacacsPlus authentication is performed using a TacacsPlus authenti cation server ldap authentication is performed against an ldap database using an ldap server The IP address and other details of the ldap server are defined in the file etc ldap conf local radius authentication is performed locally first switching to Radius if unsuccessful ra...

Page 60: ...dvanced Console Server by DHCP or you An example would be ping 192 168 160 10 If you receive a reply your BLACK BOX Advanced Console Server connection is OK If there is no reply see Appendix E Software Upgrades and Troubleshooting Step 2 Telnet to the server connected to the first port of the BLACK BOX Advanced Console Server This will only work if you selected socket_server as your all protocol p...

Page 61: ...uration follow the above steps again and check Appendix E Software Upgrades and Troubleshooting Task 7 Save the changes Execute the following command in HyperTerminal to save the configuration saveconf Task 8 Reboot the BLACK BOX Advanced Console Server After rebooting the initial configuration is complete Note restoreconf does the opposite of saveconf copying the contents of the proc flash script...

Page 62: ...port belonging to a pool of serial ports issue the command telnet CAS hostname TCP port number CAS hostname is the hostname configured in the workstation where the telnet client will run through etc hosts or DNS table It can also be just the IP address of the BLACK BOX Advanced Console Server Ethernet s interface configured by the user or learned from DHCP TCP port number is the number associated ...

Page 63: ...rt Server Accessing Serial Ports using ts_menu To access the serial port telnet or ssh using ts_menu login to the CAS unit and after receiv ing the shell prompt run ts_menu The servers aliases or serial ports will be shown as option to start a connection telnet ssh After typing ts_menu you will see something similar to the following Serial Console Server Connection Menu for your Master Terminal Se...

Page 64: ... the e option So for example to set Ctrl as the escape character type telnet e 192 168 160 10 To exit from the session created through the ts_menu just follow Step 1 from above To exit from the entire telnet session to your unit type the escape character you had set Accessing Serial Ports using the Web Interface From the Web there s a Connect to Serial Port option that has to be selected A serial ...

Page 65: ...zard when available browser where appropriate and the Command Line Interface CLI when available This chapter contains the following sections Configuration Wizard Basic Wizard Access Method Authentication CAS Port Pool Clustering CronD Data Buffering DHCP Dual Power Management Filters and Network Address Translation Generating Alarms Help NTP PCMCIAPorts Configured as Terminal ServersSerial Setting...

Page 66: ...using any browser or by editing system files with the vi editor What follows are the basic parameters to get you quickly started The files that will be eventually modified if you decide to save to flash at the end of this application are 1 etc hostname 2 etc hosts 3 etc resolv conf 4 etc network st_routes 5 etc network ifcfg_eth0 6 etc portslave pslave conf Step 1 Enter the command wiz At the comm...

Page 67: ...gurations and have the choice of setting them to default values or not C O N F I G U R A T I O N W I Z A R D Current configuration Hostname CAS DHCP enabled Domain name Primary DNS Server Gateway IP eth0 Set to defaults y n n Step 3 Press Enter or type n or y The default answer or value to any question is in the brackets You can take one of three actions Either just press the ENTER key to execute ...

Page 68: ...P for your system y n y Tip On most of the following configuration screens the default or current value of the parameter is displayed inside brackets Just press the ENTER key if you are satisfied with the value in the brackets If not enter the appropriate parameter and press ENTER If at any time after choosing whether to set your configurations to default or not you want to exit the wizard or skip...

Page 69: ...abetical so that it is easier to remember Every time you see the domain name it is actually being translated into an IP address by the domain name server See your network administrator to obtain this IP address for the domain name server Domain Name Server 192 168 160 200 Step 9 Enter Gateway IP address and press Enter The Gateway is a node on a network that serves as an entrance point into anothe...

Page 70: ... 160 10 Domain name mycompany com Primary DNS Server 192 168 160 200 Gateway IP 192 168 160 1 Network Mask 255 255 255 0 Are all these parameters correct y n y Step 12 Type y or n or press Enter Type y if all parameters are correct Type n or just press ENTER if not all the param eters are correct and you want to go back and redo them Step 13 If you typed n in Step 11 type c or q As directed by the...

Page 71: ...d on again the saved information can be recovered If y is entered the screen will display an explanation of what saving to flash means Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of t...

Page 72: ...ections and the exact screen flow begins with To summarize the process the wizard configuration is started by first selecting the desired port s on the Port Selection page Figure 13 Port Selection page clicking Submit and then selecting either the CAS TS or RAS profile buttons on the subsequent Serial Port Configura tion Page Change the appropriate parameters and then click the Submit button on th...

Page 73: ...ADIUS TacacsPlus Authentication Server First Accounting Server RADIUS TacacsPlus secret Remote IP Address keep the Incremented option on Access Method Access method is how a user accesses a server connected to one of the serial ports on the BLACK BOX Advanced Console Server CAS profile or how a user connected to one of the serial ports accesses a server in the network TS profile or Dial In profile...

Page 74: ...et_ssh and the port value 7001 7002 etc if supplied by the ssh client like username port value the ssh client will be directly connected with the serial interface all protocol The possible protocols are telnet ssh1 ssh2 or raw data socket_server telnet protocol socket_ssh ssh1 ssh2 protocol raw_data used to exchange data in transparent mode Raw_data is similar to socket_server mode but without tel...

Page 75: ...the unit for this parameter is ms If set to zero line status messages will not be sent to the socket client all tx_interval Valid for protocols socket_server and raw_data Defines the delay in milliseconds before transmission to the Ethernet of data received through a serial port If not configured 100ms is assumed If set to zero or a value above 1000 no buffering will take place all idletimeout Val...

Page 76: ...ation page Step 3 Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page Figure 13 Port Selection page Step 4 Select port s On the Port Selection page choose all ports or an individual port from the dropdown menu This will take you to the Serial Port Configuratio...

Page 77: ...ameter all users here under Access Restriction on Users Step 8 Scroll to Console Access Server Section You can configure the following parameters here all sttyCmd all poll_interval all tx_interval all idletimeout Step 9 Configure s n serverfarm This parameter will not appear on the configuration page when All ports is selected Scroll to the SSH section Each port can be named after the server or de...

Page 78: ...the group Step 13 Click the Submit button At this point the configuration file is written in the RAMdisk Step 14 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 15 Save it in the flash Go to the link Administration Load Save Configuration and click the Save to Flash b...

Page 79: ...tisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration T...

Page 80: ...irst port should be addressed as 192 168 1 101 and the following ports should have consecutive values Any host can access a port using its IP address as long as a path to the address exists in the host s routing table all ipno ALL SOCKET_PORT This defines an alternative labeling system for the system ports The after the numerical value causes the interfaces or ports to be numbered consecutively e ...

Page 81: ...comma and spaces tabs may be used between names A comma may NOT appear between the and the first user name The users may be local Radius or TacacsPlus User groups defined with the parameter conf group can be used in combination with user names in the parameter list Notice that these are common users not administrators e g joe mark grp1 the users Joe Mark and members of grp1 cannot access the port ...

Page 82: ... serial port If not configured 100ms is assumed If set to 0 or a value above 1000 no buffering will take place all tx_interval Screen 6 C O N F I G U R A T I O N W I Z A R D ALL IDLETIMEOUT This parameter specifies how long in minutes a connection can remain inactive before it is cut off If set to 0 the default the connection will not time out all idletimeout CONF GROUP Used to combine users into ...

Page 83: ...T Typing c repeats the application typing q exits the entire wiz application If you type y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 8 typing q leads to Screen 9 Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured fo...

Page 84: ... the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Note The number of available ports depends on the system you are on Typing in a valid port number repeats this program except t...

Page 85: ...ather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n ...

Page 86: ...e line serial port number ipno string To configure the socket_port config configure line serial port number socket number To configure the protocol string is the type of protocol desired config configure line serial port number protocol string To configure modbus_smode config configure line serial port number modbus string To configure users config configure line serial port number users string To...

Page 87: ...e To activate your new configurations and save them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt Tip You can configure all the parameters for a serial port in one line config configure line serial port number tty string ipno string socket number protocol string modbus string users string pollinterval number txinterval number idle...

Page 88: ...t ssh ssh2 or socket_client If the protocol is configured as telnet or socket_client the parameter socket_port needs to be configured all socket_port This parameter is valid only if all protocol is configured as socket_client or telnet The socket_port is the TCP port number of the application that will accept connections requested by this serial port all telnet_client_mode When the protocol is TEL...

Page 89: ...tion Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 5 Save it in the flash Go to the link Administration Load Save Configuration and click the Save to Flash button Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the Access Method custom wizard wiz ac ts This will bring up Scr...

Page 90: ...in the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s...

Page 91: ...s defines the port s to be used by the protocols telnet and socket_client For these two protocols a default value of 23 is used when no value is configured all socket_port 23 Screen 4 C O N F I G U R A T I O N W I Z A R D ALL TELNET_CLIENT_MODE This parameter only applies if the current protocol configured is telnet Configuring as binary 1 causes an attempt to negotiate the TELNET BINARY option on...

Page 92: ...on The ones with the means it s not activated all protocol rlogin all socket_port 23 all telnet_client_mode 0 all userauto Are these configuration s all correct y n n If you type n Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type y Discard previous port specific parameters y n n Note all host is confi...

Page 93: ...ering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance if you are currently configuring parameter all x and there was a specific port s2 x configured then answering yes to this question will discard s2 x Note The number of available ports depends on the system you are on Typing ...

Page 94: ...sh Do you want to activate your configurations now y n y Screen 8 C O N F I G U R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot...

Page 95: ...ng To configure the socket_port config configure line serial port number socket number To configure the telnet_client_mode config configure line serial port number telnetclientmode number To configure userauto config configure line serial port number userauto string Step 2 Activate and Save To activate your new configurations and save them to flash type config write This is essentially typing sign...

Page 96: ...ould be addressed as 192 168 1 101 and the following ports should have consecutive values all initchat Modem initialization string Example value TIMEOUT 10 d l dATZ OK r n ATZ OK r n ATMO OK R N TIMEOUT 3600 RING STATUS Incoming p I HANDSHAKE ATA TIMEOUT 60 CONNECT STATUS Connected p I HANDSHAKE all autoppp Options to auto detect a ppp session The cb script parameter defines the file used for call...

Page 97: ... Step 2 Click the Dial in Profile button in the Wizard section Example value j novj proxyarp modem asyncmap 000A0000 noipx noccp login auth require pap refusechap mtu t mru t cb script etc portslave cb_script plugin usr lib libpsr so all pppopt PPP options when user has already been authenticated Example value i j novj proxyarp modem asyncmap 000A0000 noipx noccp mtu t mru t netmask m idle I maxco...

Page 98: ...he PPP Section You can configure the parameter all autoppp and all pppopt here Step 6 Click the Submit button At this point the configuration file is written in the RAMdisk Step 7 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 8 Save it in the flash Go to the link Ad...

Page 99: ...o configure the protocol string is the type of protocol desired config configure line serial port number protocol string To configure ipno config configure line serial port number ipno string Step 2 Activate and Save To activate your new configurations and save them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt Tip You can configu...

Page 100: ... or kerberos Parameters Involved and Passed Values The authentication feature utilizes the following parameters all authtype Type of authentication used There are several authentication type options none no authentication local authentication is performed using the etc passwd file remote This is for a terminal profile only The unit takes in a user name but does not use it for authentication Instea...

Page 101: ... The authentication required by the device to which the user is connecting is controlled separately all authhost1 all authhost2 This address indicates the location of the Radius TacacsPlus authentication server and is only necessary if this option is chosen in the previous parameter A second Radius TacacsPlus authentication server can be configured with the parameter all authhost2 all accthost1 al...

Page 102: ...r is tried before another is contacted The first server authhost1 is tried radretries times and then the second authhost2 if configured is contacted radretries times If the second also fails to respond Radius TacacsPlus authentication fails all secret This is the shared secret password necessary for communication between the BLACK BOX Advanced Console Server and the Radius TacacsPlus servers Note ...

Page 103: ...written in the RAMdisk Step 4 Make changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 5 Save it in the flash Go to the link Administration Load Save Configuration and click the Save to Flash button ...

Page 104: ...zard You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must e...

Page 105: ... 4 all accthost2 192 168 160 4 all radtimeout 3 all radretries 5 all secret secret Set to defaults y n n Screen 3 C O N F I G U R A T I O N W I Z A R D ALL AUTHTYPE This parameter controls the authentication required by the system Users access to the server through the serial port is granted through the check of username and password locally or remotely e g none local TacacsPlus note the capital T...

Page 106: ...ow long users are connected after being authorized by the authentication server all accthost1 200 200 200 3 ALL AUTHHOST2 This IP address indicates where the SECOND Radius or TacacsPlus authentication server is located all authhost2 200 200 200 2 Note If authtype is configured as none local ldap or kerberos the applica tion will skip immediately to the summary screen because the rest of the parame...

Page 107: ...MEOUT This is the timeout in seconds for a Radius or TacacsPlus authentication query to be answered all radtimeout 3 Screen 6 C O N F I G U R A T I O N W I Z A R D ALL RADRETRIES This defines the number of times each Radius or TacacsPlus server is tried before another is contacted all radretries 5 ALL SECRET This is the shared secret necessary for communication between the system and the Radius or...

Page 108: ...pe n Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats application typing q exits the entire wiz application If you type y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ports or q to QUIT Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configur...

Page 109: ...unit through a console and you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Note The number of available ports depends on the system you are on Typing...

Page 110: ... all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n CLI Method To configure certain parameters for a specific serial port Step 1 At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ttyS serial port number config configure line seria...

Page 111: ...ure radretries config configure line serial port number retries number To configure secret config configure line serial port number secret string Step 2 Activate and Save To activate your new configurations and save them to flash type config write Tip You can configure all the parameters for a serial port in one line config configure line serial port number tty string authtype string authhost1 str...

Page 112: ... sure that you have the NIS domain name set Command domainname NIS domain name show or set the system s NIS YP domain name Ex domainname cyclades nis Step 2 Edit the etc yp conf file etc yp conf This file contains the configuration used by ypbind etc domainname conf This file contains the NIS domain name set by the command domainname usr sbin ypbind Finds the server for NIS domains and maintains t...

Page 113: ...e as local How to Test the Configuration To test the configuration do the following Step 1 Start up the following command usr sbin ypbind Step 2 Display the NIS server name Display the name of NIS server by running the following command usr bin ypwhich Step 3 Display the all users entry Displays the all users entry in the NIS database by running the following command usr bin ypcat t passwd byname ...

Page 114: ... process works fine but the needed value was not found The default action for this status is continue UNAVAIL The service is permanently unavailable TRYAGAIN The service is temporarily unavailable To use NIS only to authenticate users you need to change the lines in etc nsswitch conf that reference passwd shadow and group Examples 1 You wish to authenticate the user first in the local database If ...

Page 115: ...scheme protocol pool_ipno pool_serverfarm and pool_socket_port The three new parameters pool_ipno pool_serverfarm and pool_socket_port have the same meaning as ipno serverfarm and socket_port respectively Ports belonging to the same pool MUST be configured with the same value in these fields It is strongly recommended that you configure the same values in all parameters related to authentication f...

Page 116: ...ias for specific allocation s1 pool_serverfarm pool 1 alias for the pool s2 tty ttyS2 s2 protocol socket_server s2 socket_port 7002 TCP port for specific allocation s2 pool_socket_port 3000 TCP port for the pool s2 ipno 10 0 0 2 IP address for specific allocation s2 pool_ipno 10 1 0 1 IP address for the pool s2 serverfarm serial 2 alias for specific allocation s2 pool_serverfarm pool 1 alias for t...

Page 117: ...rt 3000 IP 10 1 0 1 and alias pool 1 pool 2 identified by Protocol socket_ssh TCP port 4000 IP 10 2 0 1 and alias pool 2 The serial ports ttyS1 and ttyS2 belong to the pool 1 The serial ports ttyS3 and ttyS4 belong to the pool 2 You can access specifically serial port ttyS1 by using TCP port 7001 IP address 10 0 0 1 or alias serial 1 If the ttyS1 is being used by somebody else the connection will ...

Page 118: ... Advanced Console Servers on a LAN The Master BLACK BOX Advanced Console Server can manage up to 1024 serial ports so that the fol lowing can be clustered 1 Master 16 Port 31 Slave16 Ports or 1 Master 32 Port 15 Slave 32 Ports An example with one Master BLACK BOX Advanced Console Serverand two Slave BLACK BOX Advanced Console Servers is shown in the following figure Figure 16 An example of the clu...

Page 119: ...ace needed for clustering feature conf eth_mask_alias Mask for secondary IP address above 255 255 255 0 all socket_port This value applies to both the local ports and ports on Slave BLACK BOX Advanced Console Server 7001 all protocol Depends on the application Socket_ssh or socket_server all authtype Depends on the application Radius or local or none s33 tty This parameter must be created in the M...

Page 120: ...r_on_slave1_ serial_s3 s35 ipno See s33 ipno 0 0 0 0 etc for s36 s64 S65 tty The format of this parameter is IP_of_Slave slave_socket_port for non Master ports The value 7301 was chosen arbitrarily for this example 20 20 20 3 7301 S65 serverfarm An alias for this port Server_on_slave2_ serial_s1 S65 ipno See s33 ipno 0 0 0 0 S66 tty See s65 tty 20 20 20 3 7302 S66 serverfarm An alias for this port...

Page 121: ...erial_s3 S67 ipno See s33 ipno 0 0 0 0 etc for s68 s96 Table8 BLACKBOX AdvancedConsoleServerconfigurationforSlave1 where it differs from the CAS standard Parameter Value for this example all protocol socket_server all authtype none conf eth_ip 20 20 20 2 all socket_port 7033 all authtype none Table9 BLACKBOX AdvancedConsoleServerconfigurationforSlave2 where it differs from the CAS standard Paramet...

Page 122: ...209 81 55 110 to access the fifth port of Slave 2 Centralized Management the Include File The BLACK BOX Advanced Console Server allows centralized management through the use of a Master pslave conf file Administrators should consider this approach to configure multiple BLACK BOX Advanced Console Server Using this feature each unit has a simpli fied pslave conf file where a Master include file is c...

Page 123: ... Server Figure 17 Example of Centralized Management The abbreviated pslave conf and etc hostname files in each unit for the example are For the etc hostname file in unit 1 unit1 For the plsave conf file in unit 1 conf eth_ip 10 0 0 1 conf eth_mask 255 0 0 0 conf include etc portslave Scommon conf For the etc hostname file in unit 2 unit2 For the plsave conf file in unit 2 conf eth_ip 10 0 0 2 conf...

Page 124: ...for pslave conf conf host_config unit3 parameters for unit3 following the rules for pslave conf conf host_config end When this file is included unit1 would read only the information between conf host_config unit1 and conf host_config unit2 Unit2 would use only the information between conf host_config unit2 and conf host_config unit3 and unit3 would use information after conf host_config unit3 and ...

Page 125: ...on available Authentication is performed in the Slave and not in the Master anymore Additionally the Master no longer needs to be the default gateway for all Slave boxes Enhanced clustering is available on implementations running Linux 2 4 x versions or newer This new implementation is based on iptables nat which is only available in these higher versions of Linux Enhanced Clustering has improved ...

Page 126: ...ll be created post_nat_cluster to change the source IP address and pre_nat_cluster to change the destination IP address The BLACK BOX Advanced Console Server administrator must enable clustering via NAT in pslave conf conf nat_clustering_ip clustering_ip iptables D PREROUTING t nat p tcp j pre_nat_cluster iptables D POSTROUTING t nat p tcp j post_nat_cluster clustering_ip IP address of any BLACK B...

Page 127: ...or can issue an iptables command to view change at his own risk or delete the rules in the nat table If the adminis trator issues a fwset restore command he must also execute the command signal_ras hup to recover the nat table BLACK BOX Advanced Console Server clustering was primarily designed to allow a large number of serial ports in more than one box to be accessed using just one single public ...

Page 128: ...ent session must have the following command line option p master_port The master_port will define at least the Slave box with which a connection is desired For example you may use the following commands ssh l username1 server1 p 7101 master_ip ssh l username2 server2 p 7101 master_ip The above commands will respectively have the same result as the following commands issued from a local workstation...

Page 129: ...examples looking like s 1 32 tty ttyS 1 32 must be seen as 32 lines For example s1 tty ttyS1 s2 tty ttyS2 s32 tty ttyS32 Master box Configuration Enable Clustering via NAT conf nat_clustering_ip 64 186 161 108 Primary ethernet IP address must be the public IP Note In the old clustering implementation username and server must be valid in the Master box In the new clustering they must be valid in th...

Page 130: ..._ip_alias 192 168 170 1 conf eth_mask_alias 255 255 255 0 Local CAS serial ports 32 socket_ssh ports all protocol socket_ssh all authtype local all socket_port 7001 s 1 32 tty ttyS 1 32 Remote CAS serial ports slave 1 32 socket_ssh ports This kind of configuration can be used for ssh only just one entry is neces sary s33 tty 192 168 170 2 s33 socket_port 7000 ...

Page 131: ...001 s66 socket_port 8002 s96 socket_port 8032 Remote CAS serial ports slave 3 32 socket_ssh ports s 97 128 tty 192 168 170 101 132 Slave 1 box Configuration Primary ethernet IP address conf eth_ip 192 168 170 2 conf eth_mask 255 255 255 0 conf eth_mtu 1500 Local CAS serial ports 32 socket_ssh ports all protocol socket_ssh all authtype local s 1 32 tty ttyS 1 32 s 1 32 serverfarm slave 1 port 1 32 ...

Page 132: ...AS serial ports 32 socket_server ports all protocol socket_server all authtype local all socket_port 7101 s 1 32 tty ttyS 1 32 Slave 3 box Configuration Primary ethernet IP address conf eth_ip 192 168 170 4 conf eth_mask 255 255 255 0 conf eth_mtu 1500 Local CAS serial ports 32 socket_ssh ports all protocol socket_ssh all authtype local all ipno 192 168 170 101 s 1 32 tty ttyS 1 32 ...

Page 133: ...st be provided to select which serial port is to be con nected to in the Slave box 1 ssh l username slave 1 port 1 32 p 7000 64 186 161 108 The master_port socket_port in the Master will select which serial port is to be connected to in the Slave boxes 1 and 2 telnet 64 186 161 108 80 01 32 ssh l p 7097 7128 64 186 161 108 ...

Page 134: ...w line in the etc crontab_files active root etc crontab_tst Result CronD will execute the shell script teste_cron sh with root privileges each minute status Active or inactive If this item is not active the script will not be executed user The process will be run with the privileges of this user who must be a valid local user source Pathname of the crontab file that specifies frequency of executio...

Page 135: ...ved to flash Step 4 Run saveconf The command saveconf which reads the etc config_files file should then be run saveconf copies all the files listed in the file etc config_files from the ramdisk to proc flash script Step 5 Reboot the BLACK BOX Advanced Console Server Browser Method To configure CronD with your browser Step 1 Point your browser to the Console Server In the address or location field ...

Page 136: ... the Web root password configured by the Web server This will take you to the Configuration and Administration page Step 3 Click on the Edit Text File link Click on this link on the Link Panel You can then pull up the appropriate file and edit it Figure 18 Edit Text File page ...

Page 137: ...ost must have NFS installed and the administra tor must create export and allow reading writing to this directory The size of this file is not limited by the value of the parameter s1 data_buffering though the value cannot be zero since a zero value turns off data buffering The conf nfs_data_buffering parameter format is server name or IP address remote pathname If data buffering is turned on for ...

Page 138: ...s the following parameters all data_buffering A non zero value activates data buffering local or remote according to what was configured in the parameter conf nfs_data_buffering If local data buffering a file is created on the BLACK BOX Advanced Console Server if remote a file is created through NFS in a remote server All data received from the port is captured in this file If local data buffering...

Page 139: ...verwritten whenever the limit of the buffer size as configured in all data_buffering or s n data_buffering is reached When configured as lin for linear format once 4k bytes of the Rx buffer in the ker nel is reached a flow control stop RTS off or XOFF depending on how all flow or s n flow is set is issued to prevent the serial port from receiving further data from the remote Then when a session is...

Page 140: ...the port that is sending data syslog messages won t be generated all dont_show_DBmenu When zero a menu with data buffering options is shown when a nonempty data buffering file is found When 1 the data buffering menu is not shown When 2 the data buffering menu is not shown but the data buffering file is shown if not empty When 3 the data buffering menu is shown but without the erase and show and er...

Page 141: ...on and Administration page Step 3 Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page Step 4 Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the S...

Page 142: ...re Figure 20 Data Buffering section of the General page Step 9 Click the Submit button Step 10 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ether net Static Routes box and click on the Activate Configuration button Step 11 Click on the link Administration Load Save Configuration Step 12 Click the Save Configuration to Flash button Wizard Meth...

Page 143: ... the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s not activated conf nfs_data_bufferi...

Page 144: ...o either activate any value greater than 0 or deactivate data buffering all data_buffering 0 Screen 4 C O N F I G U R A T I O N W I Z A R D ALL DB_MODE For local data buffering this parameter allow users to buffer data in either a circular or linear fashion Circular format cir is a revolving buffer file that is overwritten whenever the limit of the buffer size set by all data_buffering is reached ...

Page 145: ...R and LF from the serial port or the accumu lated data reaches 256 characters Either way the accumu lated data will be recorded in the data buffering file along with the current time The parameter all data_buf fering has to be nonzero in order for this parameter to work all DB_timestamp 0 ALL SYSLOG_BUFFERING This parameter is another option to data buffering Users can also have syslog perform thi...

Page 146: ...hether or not there is a connection to the port that is sending data to your unit When set to 1 syslog messages are NOT generated when there IS a connection to the port that is sending data It is only generated when there isn t a session to the port that is sending data to your unit all syslog_sess 0 Screen 7 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s ...

Page 147: ...g c leads to Screen 8 typing q leads to Screen 9 Screen 8 C O N F I G U R A T I O N W I Z A R D You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything else to refresh Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance if you are...

Page 148: ... R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your ne...

Page 149: ...ig configure line serial port number tty string To configure nfs_data_buffering config configure conf nfsdb string To configure data_buffering config configure line serial port number databuffering number To configure DB_mode config configure line serial port number dbmode string To configure dont_show_DBmenu config configure line serial port number dbmenu number To configure DB_timestamp config c...

Page 150: ...of a fixed time period during which the assigned IP address is valid for the device it was assigned for This lease time can vary for each device A short lease time can be used when there are more devices than available IP numbers For more information see RFC 2131 Parameter Involved and Passed Values The DHCP client on the Ethernet Interface can be configured in two different ways depend ing on the...

Page 151: ...Ethernet Interface conf eth_ip etc Add the following lines to the file etc config_files etc network dhcpcd_cmd from factory file already present in etc config_files etc dhcpcd eth0 save From the factory the file is already present in etc config_files Add the option x to the factory default content of the file etc network dhcpcd_cmd sbin dhcpcd l 3600 x c sbin handle_dhcp From the factory etc netwo...

Page 152: ...etwork dhcpcd_cmd Contains a command that activates the DHCP client used by the cy_ras program Its factory contents are bin dhcpcd c bin handle_dhcp D This option forces dhcpcd to set the domain name of the host to the domain name parameter sent by the DHCP Server The default option is to NOT set the domain name of the host to the domain name parameter sent by the DHCP Server H This option forces ...

Page 153: ...rt section You can choose the DHCP Client option in this section Select the radio button and click the Submit button at the bottom of the page Figure 21 DHCP client section Step 5 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ether net Static Routes box and click on the Activate Configuration button Step 6 Click on the link Administration Load...

Page 154: ... there is a power failure in any power supply This parameter does not affect the behavior of the command signal_ras buzzer on off To make this change effective even after future reboots create a line with bin ex_wdt_led sh in etc config_files save and quit that file and run saveconf Parameters Involved and Passed Values There are no parameters to be configured However if you want to generate alarm...

Page 155: ...Chapter 3 Additional Features User Guide 155 Configuration for TS vi Method Same as for CAS Configuration for Dial in Access vi Method Same as for CAS ...

Page 156: ...local network than available as global IP addresses In the BLACK BOX Advanced Console Server this feature will be used mainly for clustering one Master Console server works as the interface between the global network and the slave Console servers The BLACK BOX Advanced Console Server uses the Linux utility iptables to set up main tain and inspect both the filter and the NAT tables of IP packet rul...

Page 157: ...ain are reviewed one by one until the packet matches one rule If no rule is found the default action for that chain will be taken Syntax An iptables tutorial is beyond the scope of this manual For more information on iptables see the iptables man page not included with the BLACK BOX Advanced Console Server or the how to http www netfilter org or http www iptables org The syntax of the iptables com...

Page 158: ...le address combination D delete Delete one or more rules from the selected chain There are two versions of this command The rule can be specified as a number in the chain starting at 1 for the first rule or as a rule to match R replace Replace a rule in the selected chain If the source and or destination names resolve to multiple addresses the command will fail Rules are numbered starting at 1 I i...

Page 159: ...must be no references to the chain If there are you must delete or replace the referring rules before the chain can be deleted If no argument is given it will attempt to delete every non built in chain in the table P policy Set the policy for the chain to the given target Only non user defined chains can have policies and neither built in nor user defined chains can be policy targets E rename chai...

Page 160: ...nse of the address The flag src is a convenient alias for this option d destination address mask Destination specification See the description of the s source flag for a detailed description of the syntax The flag dst is an alias for this option j jump target This specifies the target of the rule i e what to do if the packet matches it The target can be a user defined chain other than the one this...

Page 161: ... only refers to second and further fragments of frag mented packets Since there is no way to tell the source or destination ports of such a packet or ICMP type such a packet will not match any rules which specify them When the argument precedes the f flag the rule will only match head fragments or unfragmented packets c set counters PKTS BYTES This enables the administrater to initialize the packe...

Page 162: ...beginning of each rule corre sponding to that rule s position in the chain source port port port Source port or port range specification This can either be a service name or a port number Inclusive range can also be specified using the format port port If the first port is omitted 0 is assumed if the last is omitted 65535 is assumed If the second port is greater then the first they will be swapped...

Page 163: ... TCP connection initiation for example block ing such packets coming in an interface will prevent incoming TCP connections but outgoing TCP con nections will be unaffected It is equivalent to tcp flags SYN RST ACK SYN If the flag precedes the syn the sense of the option is inverted tcp option number Match if TCP option set source port port port Source port or port range specification See the descr...

Page 164: ...NAT nat table only This target is only valid in the nat table in the POSTROUTING chain It specifies that the source address of the packet should be modified and all future packets in this connection will also be mangled and rules should cease being examined It takes one option source port port port Match if the source port is one of the given ports destination port port port Match if the destinati...

Page 165: ... correct behavior when the next dialup is unlikely to have the same interface address and hence any established connections are lost anyway It takes one option REDIRECT nat table only This target is only valid in the nat table in the PREROUTING and OUTPUT chains and user defined chains which are only called from those chains It alters the destination IP address to to source ipaddr ipaddr port port...

Page 166: ...d Step 1 Execute fwset restore This script will restore the IP Tables chains and rules configured in the etc network firewall file This script can be called in the process whenever the user wants to restore the original configuration Step 2 Add the chains and rules using the command line See details of the iptables syntax earlier in this chapter Step 3 Execute iptables save etc network firewall Th...

Page 167: ...ck the List Table button A table with all the chains of the table and the number of bytes packets which used each chain will appear The available options are Figure 23 IP Tables Chains Table table filter List Chains List all the chains of the table selected Save in File Save the all the IP tables rules chains and tables to the file etc network firewall Restore from File Reads the file etc network ...

Page 168: ...ck the List Rules button A table with all the rules related to the chain selected will appear in the page containing the rule configuration and the accounting number of bytes and packets which used the rule In the beginning there are no rules in the chain in this case the only option is to Append Rule When there are rules in the chain the page will appear like the picture below The options are Fig...

Page 169: ...translating the source or the destination IP address port in the nat table or send the packet to another user defined chain All the options are in the target list Source Destination IP Indicates how the source destination IP address should be When a network should be included in the rule the network mask must be configured too Input Output interface Indicates the interface where the IP packet shou...

Page 170: ...ates if the fragments will be checked The IP Tables can either check for head fragments and unfragmented packets or for the subsequent fragments TCP options This section will appear only when TCP protocol is selected The source destination ports can be configured in this section as well as the TCP flags UDP options This section will appear only when UDP protocol is selected The source destination ...

Page 171: ...network firewall file Step 13 Click on the link Administration Load Save Configuration and click the Save to Flash button This will save the rules and chains in the flash memory DNAT SNAT options This section will appear only when the target selected is DNAT and SNAT respectively The parameters of these sections will determine how the packets matched by the rule will be translated DNAT translates ...

Page 172: ...ethod Files to be modified pslave conf syslog ng conf Browser Method To configure PortSlave parameters involved with syslog ng and the syslog ng configuration file with your browser Step 1 Point your browser to the Console Server In the address or location field of your browser type the Console Access Server s IP address For example http 10 0 0 0 Step 2 Log in as root and type the Web root passwor...

Page 173: ... or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page Step 7 Scroll down to the Data Buffering section You can change the Alarm for Data Buffering alarm value Click the Submit button Step 8 Select the Syslog link Click on the Syslog link on the Link Panel to the left of the page in the Configuration section This ...

Page 174: ...ow will appear Screen 1 C O N F I G U R A T I O N W I Z A R D ALL ALARM When non zero all data received from the port are captured and sent to syslog ng with INFO level and LOCAL 0 conf DB_facility facility The syslog ng conf file should be set accordingly for the syslog ng to take some action Please see the Syslog ng Configuration to use with Alarm Feature section under Generating Alarms in Chapt...

Page 175: ... non zero all data received from the port are captured and sent to syslog ng with DAEMON facility and ALERT level The syslog ng conf file should be set accordingly for the syslog ng to take some action Please see the Syslog ng Configuration to use with Alarm Feature section under Generating Alarms in Chapter 3 of the system s manual for the syslog ng configuration file all alarm 0 Note conf DB_fac...

Page 176: ...e entire wiz application If you type y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 5 typing q leads to Screen 6 Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance...

Page 177: ...you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Note The number of available ports depends on the system you are on Typing in a valid port number rep...

Page 178: ...igurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n CLI Method To configure certain parameters for a specific serial port Step 1 At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ttyS serial port number config configure line serial port number tty ...

Page 179: ... the alarm feature are configured as all alarm 1 conf DB_facility 2 Step 2 Add lines to syslog ng conf The syslog ng conf file needs these lines local syslog clients source sysl unix stream dev log To filter ALARM message with the string kernel panic filter f_kpanic facility local2 and level info and match ALARM and match kernel panic To filter ALARM message with the string root login filter f_roo...

Page 180: ...is BLACK BOX Advanced Console Server and the message that was received from the source destination d_pager pipe dev cyc_alarm template sendsms d 123 m FULLDATE HOST MSG 10 0 0 1 Example to send a Link Down trap to server at 10 0 0 1 with message carrying the current date the hostname of this unit and the message that received from the source destination d_trap pipe dev cyc_alarm template snmptrap ...

Page 181: ...slave configuration file Parameter all alarm 0 inactive or 0 active Step 2 Configure filters in the syslog ng configuration file filter f_alarm facility local 0 conf DB_facility and level info and match ALARM and match your string Example to filter the ALARM message with the string kernel panic conf DB_facility is configured with value 1 filter f_kpanic facility local1 and level info and match ALA...

Page 182: ...p 4 Connect filters and actions in the syslog ng configuration file Example alarm is active and if the serial port receives the string kernel panic one message will be sent to the pager log source sysl filter f_kpanic destination d_trap destination d_pager Sendmail Sendmail sends a message to a SMTP server It is not intended as a user interface routine it is used only to send pre formatted message...

Page 183: ...xpanded as explained below c name name Cc Optional Multi part allowed multiple names are sepa rated by commas b name name Bcc Optional Multi part allowed multiple names are sepa rated by commas r name Reply To Optional Use the Reply To field to make sure the destination user can send a reply to a regular mailbox f name From Required s text Subject Required m text body The message body h SMTP serve...

Page 184: ...arsed a value of will be returned g Turns debugging on Will output the entire dialog with the server on stderr and more h Displays a short help message and exits v Displays version information and exits d dest Required The GSM network address i e phone number of the mobile phone the message is to be sent to Supported format is int prefix country code area code phone number The international prefix...

Page 185: ...ead from This file can contain multiple lines of text they will be concatenated but its total length can t exceed 160 characters A longer text will be truncated you will be warned about it but the message will still be sent The special file means that input will be read from stdin At the present time only 7 bit ASCII is supported for the message text u user Optional The server module requires the ...

Page 186: ...n the format specified If any of the required version 1 parameters enterprise oid agent and uptime are specified as empty it defaults to 1 3 6 1 4 1 3 1 1 hostname and host uptime respectively Synopsis snmptrap v 1 Ci common arguments enterprise oid agent generic trap specific trap uptime objectID type value snmptrap v 2c 3 Ci common arguments uptime trap oid objectID type value server Required Th...

Page 187: ...6 1 2 1 2 2 1 2 1 s BLACK BOX Advanced Console Server serial port number 1 is down Ci Optional It sends INFORM PDU common arguments Required They are c community name SNMP server IP address enterprise oid Required but it can be empty agent Required but it can be empty The agent name generic trap The generic trap number 2 link down 3 link up 4 authentication failure specific trap Required The speci...

Page 188: ... are two hyphens before any of the options listed on the following table Table 10 General Options for the Help Wizard Option Description ac cas or ts Configuration of access method parameters al Configuration of alarm parameter all cas or ts Configuration of all parameters auth Configuration of authentication parameters db Configuration of data buffering parameters help Print this help message pm ...

Page 189: ... and the actual parameter modified for Synopsis 1 sl Configuration of syslog parameters snf Configuration of sniffing parameters sset cas or ts Configuration of serial setting parameters tl Configuration of terminal login display parameters tso Configuration of other parameters specific to the TS profile Note To enter into CLI mode type config at the terminal prompt You will then get a CLI prompt ...

Page 190: ...host1 authhost2 string authhost2 authtype string authtype auto_input string auto_answer_input auto_output string auto_answer_output break string break_sequence datasize number datasize databuffering number data_buffering dbmenu number dont_show_DBmenu dbmode string DB_mode dbtimestamp number DB_timestamp dcd number dcd dtr_reset number DTR_reset escape string escape_char flow string flow host stri...

Page 191: ...pmNumOfOutlets pmoutlet string pmoutlet pmtype string pmtype pmusers string pmusers pollinterval number poll_interval prompt string prompt protocol string protocol retries number timeout secret string secret sniffmode string sniff_mode socket number socket_port speed number speed stopbits number stopbits sttycmd string sttyCmd syslogdb number syslog_buffering Table 11 Help CLI Options Synopsis 1 O...

Page 192: ...string term timeout number timeout tty string tty txinterval number tx_interval userauto string userauto users string users Table 12 Help CLI Options Synopsis 2 Option Description Actual Parameters Modified ip string Configuration of the IP of the Ethernet interface conf eth_ip mask string Configuration of the mask for the Ethernet network conf eth_mask mtu number Configuration of the Maximum Tran...

Page 193: ...onfig configure conf options or in CLI mode configure conf options Refer to Appendix C for more info on the parameters Table 13 Help CLI Options Synopsis 3 Option Actual Parameter Modified dbfacility number conf DB_facility facility number conf facility group string conf group locallogins number conf locallogins nfsdb string conf nfs_data_buffering ...

Page 194: ...able through CLI type config configure line serial port number Note To include spaces within the string you are configuring encapsulate the string within single or double quotes For instance to configure s2 sttyCmd igncr onlcr type do not put a space after a comma config configure line 2 sttycmd igncr onlcr Tip You can specify the range or list of serial ports if you wish to configure the same par...

Page 195: ...es The file etc ntpclient conf has the value of two parameters The data and time will be update from the NPT server according to the parameter options The ntpclient program has this syntax ntpclient options Options NTPSERVER The IP address of the NTP server INTERVAL Check time every interval seconds default 300 c count Stop after count time measurements default 0 means go forever d Print diagnosti...

Page 196: ...ation field of your browser type the Console Access Server s IP address For example http 10 0 0 0 Step 2 Log in as root and type the Web root password configured by the Web server This will take you to the Configuration and Administration page Step 3 Click on the Edit Text File link Click on this link on the Link Panel or on the Configuration section of the Configuration and Administration page Se...

Page 197: ...evel scripts in response to card insertions and removals Ejecting Cards You can insert the card anytime and the drivers should be loaded automatically But you will need to run cardctl eject before ejecting the card to stop the application using the card Oth erwise the BLACK BOX Advanced Console Server may hang during the card removal You must specify the slot number when using the cardctl command ...

Page 198: ...e eth1 inet static address 192 168 0 42 network 192 168 0 0 netmask 255 255 255 0 broadcast 192 168 0 255 gateway 192 168 0 1 Note Due to a known problem in the current release the I O ports used by the card cannot be re used after card re insertion In each card insertion the card gets a different I O port This limits the number of times the card can be ejected and inserted When all the I O ports ...

Page 199: ...k drivers with the new configuration Wireless LAN PC Cards First do the appropriate PCMCIA network configuration Additionally the configuration of the wireless driver is done in the following file etc pcmcia wireless opts For instance to configure the network name as MyPrivateNet and the WEP encryption key as secul the following settings could be added to the default entry INFO This is a test ESSI...

Page 200: ...to list frequencies bit rates encryption etc The usage is iwlist eth1 frequency iwlist eth1 channel iwlist eth1 ap iwlist eth1 accesspoints iwlist eth1 bitrate iwlist eth1 rate iwlist eth1 encryption iwlist eth1 key iwlist eth1 power iwlist eth1 txpower iwlist eth1 retry Modem PC Cards The modem device gets the dev ttySn name where n is the number of embedded serial devices plus 1 For instance if ...

Page 201: ...the Radius server If the login option was used create the user either locally by running adduser or create the user in the Radius server for Radius authentication When the login option is used etc pam conf may also need to be changed By default etc pam conf has the ppp and login services configured for local authentication You will have to change them if you want Radius authentication More informa...

Page 202: ...CK BOX Advanced Console Server From the remote system use pppd to dial and establish a PPP connection with the BLACK BOX Advanced Console Server The remote system should have the login user name set in their etc ppp pap secrets to have a successful login in the BLACK BOX Advanced Con sole Server Establishing a Callback with your Modem PC Card Setting up a callback system serves two purposes 1 Cost...

Page 203: ...re the line bin login at the end of the file pseudo callback name sbin callback S phone number of the client ie call sbin callback S 12345 call is the pseudo callback name 123456 is the number to dial back Step 3 If you plan to login through PPP with PAP authentication create pap user name in etc ppp pap secrets Add a line similar to the following include the quotes and the two asterisks myUserNam...

Page 204: ...d Step 5b create the ppp login script Step A Create a script called etc ppp ppplogin following this format bin sh exec usr local sbin pppd ppp options Step B Make script executable Type chmod 755 etc ppp ppplogin Step C Save this file to flash Save this file to flash so the next time the BLACK BOX Advanced Console Server gets rebooted you won t lose the new file Add etc ppp ppplogin into etc confi...

Page 205: ...dem init string It is very important that before callback hangs the call the modem in the Windows box does not tell Windows that the call has been dropped Otherwise Windows Dial up Networking will abort everything because it thinks the call was dropped with no reason From Win2000 Go to Windows control panel Phone and Modem Modems choose your modem Properties Advanced add c0s0 1 to Extra Settings S...

Page 206: ...n case you don t want to repeat all the user database from the radius server an option is to use as the user in etc ppp pap secrets Step 2 Change the options in etc pcmcia isdn opts to fit your environment Make sure that DIALIN is set to yes Set the desired authentication in DIALIN_AUTHENTICATION For instance pap for PAP chap for CHAP login auth or login pap for radius login auth or login pap for ...

Page 207: ...ou want PAP or CHAP authentication Step 2 Change options Change the options in etc pcmcia isdn opts to fit your environment Make sure that DIALIN is set to no Set USERNAME to the user name provided by your ISP Step 3 Run saveconf to save your changes to the flash Step 4 If the ISDN card is not inserted it is time to insert the card ipppd is started automatically Go to step 6 Step 5 Restart script ...

Page 208: ...e Server Setup as callback server Part Two is the configuration of a Windows 2000 Professional computer as callback client BLACK BOX Advanced Console Server setup Callback Server Step 1 Change the parameters in etc pcmcia isdn opts to fit your environment Step 2 Set the callback number in DIALOUT_REMOTENUMBER DIALOUT_REMOTENUMBER 8358662 Remote phone that you want to dial to Step 3 If your isdn li...

Page 209: ... and Dial up Connections Make New Connection select I want to set up my Internet connection manually or I want to connect through a local area network select I connect through a phone line and a modem select the AVM ISDN Internet PPP over ISDN modem type the phone number you dial to connect to the BLACK BOX Advanced Console Server and enter mary as User name and marypasswd as password After creati...

Page 210: ...ack with your ISDN PC Card 2nd way The previous section explained how to do callback at D Channel level The advantages of hav ing callback at D Channel level is that it works independent of the Operating System on the client side But a big disadvantage is that the callback call happens before the authentication phase in PPP The only security is by that only calls from predefined phone numbers are ...

Page 211: ...Set the desired IPs for local and remote machines Step 1 4 Set DIALIN to yes DIALIN yes yes if you want dial in no if you want dial out Step 1 5 Make sure the CALLBACK parameter is disabled CALLBACK off off callback disabled Step 1 6 Add the user that will callback the client in DIALIN_AUTHENTICATION DIALIN_AUTHENTICATION auth login user mary Step 2 Make sure etc pam conf has the configuration you...

Page 212: ... ippp0 etc pcmcia isdn start ippp0 Linux Callback Client Step 1 Configure the ipppd to have user mary and pap authentication Step 2 Dial to the BLACK BOX Advanced Console Server isdnctrl dial ippp0 Step 3 As soon the BLACK BOX Advanced Console Server authenticates the user mary the BLACK BOX Advanced Console Server will disconnect and callback ...

Page 213: ...c parameters TSO stands for TS Other other parameters specific to the TS profile Step 1 At the command line interface type the following wiz tso Screen 1 C O N F I G U R A T I O N W I Z A R D INSTRUCTIONS for using the Wizard You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the valu...

Page 214: ...ts y n n Screen 3 C O N F I G U R A T I O N W I Z A R D ALL HOST The IP address of the host to which the terminals will connect all host 192 168 160 8 ALL TERM This parameter defines the terminal type assumed when performing rlogin or telnet to other hosts all term vt100 Screen 4 C O N F I G U R A T I O N W I Z A R D CONF LOCALLOGINS This parameter is only necessary when authentication is being pe...

Page 215: ...th the means it s not activated all host 192 168 160 8 all term vt100 conf locallogins 0 Are these configuration s all correct y n n If you type n Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ...

Page 216: ... a console and you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n n Tip The number of available ports depends on the system you are on Typing in a valid p...

Page 217: ...ather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n ...

Page 218: ...configure host config configure line serial port number host string To configure term config configure line serial port number term string To configure conf locallogins config configure conf locallogins number Step 2 Activate and Save To activate your new configurations and save them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt T...

Page 219: ... value 9600 all datasize The data size for all ports Default value 8 all stopbits The number of stop bits for all ports Default value 1 all parity The parity for all ports Default value none all flow This sets the flow control to hardware software or none Default value none all dcd DCD signal sets the tty parameter CLOCAL Valid values are 0 or 1 If all dcd 0 a connection request will be accepted r...

Page 220: ...ample sets igncr This tells the terminal not to ignore the carriage return on input onlcr Do not map newline character to a carriage return or newline character sequence on output opost Post process output icrnl Do not map carriage return to a newline character on input all sttyCmd igncr onlcr opost icrnl DTR_reset for CAS only This parameter specifies the behavior of the DTR signal in the serial ...

Page 221: ...n Step 6 Scroll down to the Physical section You can change the settings for Speed Data Size Stop Bit Parity Flow Control and DCD sensitivity here Step 7 Click on the Submit button Step 8 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 9 Click on the link Administrati...

Page 222: ...in the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s...

Page 223: ...SPEED The data speed in bits per second bps of all ports all speed 9600 ALL DATASIZE The data size in bits per character of all ports all datasize 8 Screen 4 C O N F I G U R A T I O N W I Z A R D ALL STOPBITS The number of stop bits for all ports all stopbits 1 ALL PARITY The parity for all ports e g none odd even all parity none ...

Page 224: ...tion if all dcd 1 a connection request will be accepted only if the DCD signal is UP and the connection telnet or ssh will be closed if the DCD signal is set to DOWN all dcd 0 Screen 6 C O N F I G U R A T I O N W I Z A R D ALL DTR_RESET This parameter specifies the behavior of the DTR signal in the serial port If set to 0 the DTR signal will be ON if there is a connection to the serial port oth er...

Page 225: ...ge return newline character sequence on output opost represents post process output icrnl means do not map carriage return to a newline character on input all sttyCmd Screen 7 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s not activated all speed 9600 all datasize 8 all stopbits 1 all parity none all flow none all dcd 0 all DTR_reset 100 all sttyCmd Are th...

Page 226: ... Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance if you are currently configuring parameter all x and there was a specific port s2 x configured then answering yes to this question will discard s2 x Note The number of available ports depends on the system you are on Ty...

Page 227: ...o you want to activate your configurations now y n n Screen 10 C O N F I G U R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it...

Page 228: ...re line serial port number speed number To configure datasize config configure line serial port number datasize number To configure stopbits config configure line serial port number stopbits number To configure parity config configure line serial port number parity string To configure flow config configure line serial port number flow string To configure dcd config configure line serial port numbe...

Page 229: ...1 Bring up the wizard At the command prompt type the following to bring up the TS Terminal Settings custom wizard wiz sset ts Tip You can configure all the parameters for a serial port in one line config configure line serial port number tty string speed number datasize number stopbits number par ity string flow string dcd number dtr_reset num ber sttycmd string Note Screens 1 5 are the same as th...

Page 230: ...e 8 all stopbits 1 all parity none all flow none all dcd 0 Are these configuration s all correct y n n If you type n Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type y Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 7 typing q leads to Screen 8 ...

Page 231: ...you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Note The number of available ports depends on the system you are on Typing in a valid port number rep...

Page 232: ... system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n CLI Method To configure line parameters for a specific serial port Step 1 At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ttyS serial port number config configure line s...

Page 233: ...them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt Configuration for Dial in Access Browser Method See the browser method for the CAS earlier in this section The only difference for Dial in is that the Dial in Profile button should be clicked in Step 5 Tip You can configure all the parameters for a serial port in one line config c...

Page 234: ...o configure desired parameters To activate the serial port string should be ttyS serial port number config configure line serial port number tty string To configure speed config configure line serial port number speed number To conf igure datasize config configure line serial port number datasize number To conf igure stopbits config configure line serial port number stopbits number ...

Page 235: ...d and the sniffer menu won t be presented Default value no sN multiple_sessions Valid only for port N If it is not defined it will assume the value of all multiple_sessions all escape_char Valid for all the serial ports this parameter will be used to present the menus below to the user Only characters from a to z i e CTRL A to CTRL Z will be accepted The default value is z CTRL Z sN escape_char Va...

Page 236: ...ther user the BLACK BOX Advanced Con sole Server will send the user s messages to all the sessions but not to the tty port Everyone connected to that port will see all the conversation that s going on as if they were physi cally in front of the console in the same room These messages will be formatted as Message from user PID message text goes here by the To inform theBLACK BOX Advanced Console Se...

Page 237: ... none User groups defined with the parameter conf group can be used in combination with user names in the parameter list Example values peter john user_group all sniff_mode This parameter determines what other users connected to the very same port see parameter admin_users below can see of the session of the first connected user main session in shows data written to the port out shows data receive...

Page 238: ...ort Selection page Step 4 Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page all multiple_sessions If it is configured as no only two users can connect to the same port simultaneously If it is configured as yes more than two simultaneous users can connec...

Page 239: ...ke the changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 8 Click on the link Administration Load Save Configuration Step 9 Click the Save Configuration to Flash button The configuration was saved in flash Wizard Method Step 1 Bring up the wizard At the command prompt type the fo...

Page 240: ...thin the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it...

Page 241: ...o users can connect to the same port simultaneously If it is configured as yes more simultaneous users can sniff the session or have read write permissions Please see details in Session Sniffing in Chapter 3 of the system s manual all admin_users ALL SNIFF_MODE This parameter determines what other users connected to the very same port can see of the session of the first connected user main session...

Page 242: ...rver or socket_ssh Represent the CRTL character with Default value is z all escape_char z ALL MULTIPLE_SESSIONS Allows users to open multiple common and sniff sessions on the same port The options are yes no RW_session or sniff_session Default is set to no all multiple_sessions no Screen 5 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s not activated all ad...

Page 243: ...vailable ports on this system Type q to quit a valid port number 1 8 or anything else to refresh Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance if you are currently configuring parameter all x and there was a specific port s2 x configured then answering yes to t...

Page 244: ...lash Do you want to activate your configurations now y n y Screen 8 C O N F I G U R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you rebo...

Page 245: ...ial port number adminusers string To configure sniff_mode config configure line serial port number sniffmode string To configure escape_char config configure line serial port number escape string To configure multiple_sessions config configure line serial port number multiplesess string Step 2 Activate and Save To activate your new configurations and save them to flash type config write Tip You ca...

Page 246: ...ersion 1 2 and 3 To use SNMP version 3 username pass word perform the following steps Step 1 Create a file etc snmp snmpd local conf with the following line createUser username MD5 password DES Step 2 Include the following line in etc snmp snmpd conf if the user has permission to read only rouser username Step 3 Include the following line in etc config_files etc snmp snmpd local conf Important Che...

Page 247: ...Describing SNMP Management Frameworks RFC2572 Message Processing and Dispatching for the Simple Network Manage ment Protocol SNMP RFC2573 SNMP Applications RFC2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 RFC2575 View based Access Control Model VACM for the Simple Network Man agement Protocol SNMP RFC2576 Coexistence between Version 1 Version 2 a...

Page 248: ...e Server In the address or location field of your browser type the Console Access Server s IP address For example http 10 0 0 0 Step 2 Log in as root and type the Web root password configured by the Web server This will take you to the Configuration and Administration page Step 3 Click on the SNMP link Select the SNMP link The SNMP configuration file will appear in text mode Step 4 Edit the config...

Page 249: ...iguration The configuration file default syslog ng conf is read at startup and is reread after reception of a hangup HUP signal When reloading the configuration file all destination files are closed and reopened as appropriate The syslog ng reads from sources files TCP UDP con nections syslogd clients filters the messages and takes an action writes in files sends snmptrap pager e mail or syslogs t...

Page 250: ...ke you to the Configuration and Administration page conf facility This value 0 7 is the Local facility sent to the syslog ng from PortSlave conf DB_facility This value 0 7 is the Local facility sent to the syslog ng with data when syslog_buffering and or alarm is active When nonzero the contents of the data buffer are sent to the syslogng every time a quantity of data equal to this parameter is co...

Page 251: ...e Submit button Step 5 Make changes effective Click on the Administration Run Configuration link Check the Syslog ng box and click on the Activate Configuration button Step 6 Click on the Administration Load Save Configuration and click on the Save to Flash button This will save the file in the flash Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the ...

Page 252: ...satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration...

Page 253: ...Alarms in Chapter 3 the system s manual for the syslog ng configuration file conf facility 7 CONF DB_FACILITY This value 0 7 is the Local facility sent to the syslog with the data when syslog_buffering is active The file etc syslog ng syslog ng conf contains a mapping between the facility number and the action Please see the Syslog ng Configuration to use with Syslog Buffering Feature section unde...

Page 254: ...ng c repeats the application typing q exits the entire wiz application If you type y it leads to Screen 5 Screen 5 C O N F I G U R A T I O N W I Z A R D Note If you are NOT connected to this unit through a console and you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and ...

Page 255: ... save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n CLI Method To configure certain parameters for a specific serial port Step 1 At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ...

Page 256: ...Server It is divided into three parts 1 Syslog ng and its Configuration 2 Syslog ng Configuration to use with Syslog Buffering Feature 3 Syslog ng Configuration to use with Multiple Remote Syslog Servers Syslog ng and its Configuration The five tasks previously mentioned are detailed below Task 1 Specify Global Options You can specify several global options to syslog ng in the options statement op...

Page 257: ...ge is received instead of the one specified in the message use_dns yes no Enable or disable DNS usage syslog ng blocks on DNS queries so enabling DNS may lead to a Denial of Service attach gc_idle_threshold n Sets the threshold value for the garbage collector when syslog ng is idle GC phase starts when the number of allocated objects reach this number Default 100 gc_busy_threshold n Sets the thres...

Page 258: ...ers Some of them are required some of them are optional a internal Messages are generated internally in syslog ng b unix stream filename options and unix dgram filename options They open the given AF_UNIX socket and start listening for mes sages Options owner name group name perm mask are equal glo bal options keep alive yes no Selects whether to keep connections opened when syslog ng is restarted...

Page 259: ...dp ip 0 0 0 0 port 514 c tcp options and udp options These drivers let you receive messages from the network and as the name of the drivers show you can use both TCP and UDP None of tcp and udp drivers require positional parameters By default they bind to 0 0 0 0 514 which means that syslog ng will listen on all available interfaces Options ip ip address The IP address to bind to Default 0 0 0 0 p...

Page 260: ...acilty facility facility name identifier Has to uniquely identify this given filter expression Boolean expression using internal functions which has to evaluate to true for the message to pass a facility facility code Selects messages based on their facility code b level level code or priority level code Selects messages based on their priority c program string Tries to match the string to the pro...

Page 261: ...atch string Example to filter by matching the string named filter f_named match named 4 To filter ALARM messages note that the following three examples should be one line filter f_alarm facility local 0 conf DB_facility and level info and match ALARM and match your string Example to filter ALARM message with the string kernel panic filter f_kpanic facility local 0 conf DB_facility and level info a...

Page 262: ...ify this given destination destination driver Is a method of outputting a given message params Each destination driver may take parameters Some of them required some of them are optional a file filename options This is one of the most important destination drivers in syslog ng It allows you to output log messages to the named file The destination filename may include macros by prefixing the macro ...

Page 263: ...ced when this number of messages has been written to it owner name group name perm mask Equals global options template string Syslog ng writes the string in the file You can use the MACROS in the string encrypt yes no Encrypts the resulting file compress yes no Compresses the resulting file using zlib b pipe filename options This driver sends messages to a named pipe Available options owner name g...

Page 264: ...xecutes the given program with the arguments and sends messages down to the stdin of the child t name name To address c name name CC address b name name Bcc address r name name Reply to address f name From address s text Subject m text message Message h IP address or name SMTP server p port Port used default 25 FULLDATE The complete date when the message was sent FACILITY The facility of the messa...

Page 265: ...ATE HOST MSG h 10 0 0 2 2 To send to pager server sms server destination ident pipe dev cyc_alarm template sendsms pars where ident uniquely identify this destination pars d mobile phone number m message max size 160 characters u username to login on sms server p port sms default 6701 server IP address or name Example to send a pager to phone number 123 Pager server at 10 0 0 1 with message carry ...

Page 266: ... community enterprise oid agent hostname trap number 2 Link Down 3 Link Up 4 Authentication Failure 0 specific trap host uptime 1 3 6 1 2 1 2 2 1 2 1 interfaces iftable ifentry ifdescr 1 s the type of the next field it is a string message max size 250 characters Example to send a Link Down trap to server at 10 0 0 1 with message carrying the current date the hostname of this BLACK BOX Advanced Con...

Page 267: ...estination d_user usertty username Example to send message to all sessions with root user logged destination d_userroot usertty root 6 To send a message to a remote syslogd server destination d_udp udp remote IP address port 514 Example to send syslogs to syslogd located at 10 0 0 1 destination d_udp1 udp 10 0 0 1 port 514 Task 5 Connect all of the above To connect the sources filters and actions ...

Page 268: ...te to var log messages file log source sysl source s_udp filter f_messages destina tion d_messages 4 To send e mail if message received from local syslog client has the string kernel panic log source sysl filter f_kpanic destination d_mail1 5 To send e mail and pager if message received from local syslog client has the string root login log source sysl filter f_root destination d_mail1 destina tio...

Page 269: ...yslog ng conf Add the following lines by vi or browser to the file local syslog clients source src unix stream dev log destination d_buffering udp 10 0 0 1 filter f_buffering facility local1 and level notice send only syslog_buffering messages to remote server log source src filter f_buffering destina tion d_buffering Syslog ng Configuration to use with Multiple Remote Syslog Servers This configur...

Page 270: ...ilter messages from facility local1 and level info to warning filter f_local1 facility local1 and level info warn filter messages from facility local 1 and level err to alert filter f_critic facility local1 and level err alert send info notice and warning messages to remote server udp1 log source src filter f_local1 destination d_udp1 send error critical and alert messages to remote server udp2 lo...

Page 271: ...ver n represents a new line and r represents a carriage return Expansion characters can be used here Value for this Example r n Welcome to terminal server h port S p n r n all lf_suppress This activates line feed suppression When configured as 0 line feed suppression will not be performed When 1 extra line feed will be suppressed all auto_answer _input This parameter is used in conjunction with th...

Page 272: ... page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page Step 5 Scroll down to the Terminal Server section You can change the settings for Banner Field issue and Login Prompt field here Step 6 Click on the Submit button Step 7 Make the changes effective Click on the Administration Run Configura...

Page 273: ...ll appear Screen 1 C O N F I G U R A T I O N W I Z A R D INSTRUCTIONS for using the Wizard You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is n...

Page 274: ...rompt h login all lf_suppress 0 all auto_answer_input all auto_answer_output Set to defaults y n n Screen 3 C O N F I G U R A T I O N W I Z A R D ALL ISSUE This text determines the format of the login banner that is issued when a connection is made to the system n represents a new line and r respresents a carriage return all issue r n Welcome to terminal server h port S p n r n ALL PROMPT This tex...

Page 275: ...ed and matched up to the string of bytes coming in remotely from the server If a match is found the string configured in auto_answer_output is sent back to the server To repre sent the ESC character as part of this string use the control character all auto_answer_input Screen 5 C O N F I G U R A T I O N W I Z A R D ALL AUTO_ANSWER_OUTPUT This parameter is used in conjunc tion with the previous par...

Page 276: ...se parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 7 typing q leads to Screen 8 Note Answering yes to this question will discard only the parameter s which you are currently configuring i...

Page 277: ... IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Screen 9 C O N F I G U R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of mem...

Page 278: ...At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ttyS serial port number config configure line serial port number tty string To configure issue config configure line serial port number issue string To configure prompt config configure line serial port number prompt string To configure lf_suppress config configure lin...

Page 279: ... them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt Tip You can configure all the parameters for a serial port in one line config configure line serial port number tty string issue string prompt string lf number auto_input string auto_output string ...

Page 280: ...ecification The initial std and offset specify the Standard Time zone as described above The dst string and offset specify the name and offset for the corre sponding daylight savings time zone If the offset is omitted it defaults to one hour ahead of Standard Time The start field specifies when daylight savings time goes into effect and the end field specifies when the change is made back to Stand...

Page 281: ...April at 2 30 p m and it ends on the last Saturday of October at 10 00 a m How to set Date and Time The date command prints or sets the system date and time Format of the command date MMDDhhmm CC YY year century minute hour day month For example date 101014452002 produces Thu Oct 10 14 45 00 DST 2002 The DST is because it was specified in etc TIMEZONE ...

Page 282: ...Time Zone 282 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 283: ...o commands w_ori and w_cas The w_ori is the new name of the origi nal command w and the w_cas shows the CAS sessions information The header of w_ori shows in this order the current time how long the system has been running how many users are currently logged on excluded the CAS users and the system load averages for the past 1 5 and 15 minutes The following entries are displayed for each user excl...

Page 284: ...e Contains the work directories of system users bin Contains applications and utilities used during system initialization dev Contains files for devices and ports etc Contains configuration files specific to the operating system lib Contains shared libraries proc Contains process information mnt Contains information about mounted disks opt Location where packages not supplied with the operating sy...

Page 285: ...dicated by file_name mv file_name destination Moves the file indicated by file_name to the path indicated by destination mkdir directory_name a mkdir spot b mkdir tmp snuggles Creates a directory named directory_name a creates the directory spot in the current directory b creates the directory snuggles in the directory tmp rmdir directory_name Removes the directory indicated by directory_name pwd ...

Page 286: ...u enter the vi program you are automatically in command mode To navigate to the part of the file you wish to edit use the following keys one dot Represents the current directory two dots Represents one directory above the current directory i e one directory closer to the base directory Table 14 vi modes Mode What is done there How to get there Command mode Navigation within the open file Press the...

Page 287: ...sor to the left left arrow j Moves the cursor to the next line down arrow k Moves the cursor to the previous line up arrow l Moves the cursor to the right right arrow Table 16 vi file modification commands i Inserts text before the cursor position everything to the right of the cursor is shifted right o Creates a new line below the current line and insert text all lines are shifted down dd Removes...

Page 288: ... net host target netmask nt_msk gw gt_way interf add del One of these tags must be present Routes can be either added or deleted net host Net is for routes to a network and host is for routes to a single host target Target is the IP address of the destination host or network netmask nt_msk The tag netmask and nt_mask are necessary only when subnetting is used otherwise a mask appropriate to the ta...

Page 289: ...ssion from a UNIX workstation is ssh t user hostname where user username ttySnn or username socket_port or username ip_addr or username serverfarm Note serverfarm is a physical port alias It can be configured in the file pslave conf An example username mycompany 16 port IP address 192 168 160 1 host name 16 port servername for port 1 file_server ttyS1 is addressed by IP 10 0 0 1 or socket port 700...

Page 290: ... 3 1p1 or later BLACK BOX Advanced Console Server version 2 1 0 or later ssh2 will be used ssh t 1 mycompany 7001 16 port openssh 3 1p1 or later BLACK BOX Advanced Console Server version 2 1 0 or later ssh1 will be used To log in to a port that does not require authentication the username is not necessary ssh t 2 ttyS1 16 port Note In this case the file sshd_config must be changed in the following...

Page 291: ...ion s database In this case the user name indicated would have to be a username present in the BLACK BOX Advanced Console Server s database Step 2 Only RhostsRSAAuthentication yes in sshd_config One of the RhostsAuthentication settings described in Step 1 Client machine s host key ETC ssh_host_key pub copied into the TS tmp known_hosts file The client hostname plus the information inside this file...

Page 292: ...known_hosts and authorized_keys files Client startup command ssh t l username BLACK BOX Advanced Console Server_ip or Serial_port_ip or ssh t l username alias BLACK BOX Advanced Console Server_ip Configuring sshd s client authentication using SSH Protocol version 2 Only PasswdAuthentication yes in sshd_config DSA Authentication is the default Make sure the parameter PubkeyAuthentication is enabled...

Page 293: ...en sends the signal hup to the process all in one step Never kill cy_ras with the signals 9 or SIGKILL Note All files or ssh must be owned by the user and readable only by others All files created or updated must have their full path and file name inside the file config_files and the command saveconf must be executed before rebooting the BLACK BOX Advanced Console Server Table 18 Process table PID...

Page 294: ...ocket_ssh will be presented To start having familiarity with this application run ts_menu h ts_menu h USAGE ts_menu options p Display Ethernet Ip and Tcp port i Display local Ip assigned to the serial port u name Username to be used in ssh telnet command U Allows choosing of different usernames for different ports h print this help message ts_menu Master and Slaves Console Server Connection Menu 1...

Page 295: ...tyS N is used instead Once the serial port is selected the username and password for that port in case there is a per user access to the port and U is passed as parameter will be pre sented and access is granted To access remote serial ports the presentation will follow a similar approach to the one used for local serial ports The ts_menu script has the following line options p Displays Ethernet I...

Page 296: ... 192 168 1 102 3 192 168 1 103 4 192 168 1 104 5 192 168 1 105 6 192 168 1 106 Type q to quit a valid option 1 6 or anything else to refresh u name Username to be used in the ssh telnet command The default username is that used to log onto the BLACK BOX Advanced Console Server h Lists script options ...

Page 297: ...power requirements Power Specifications LS1016A LS10132A Input Voltage Range Internal 100 240VAC autorange 48VDC option available Internal 100 240VAC autorange 48VDC option available Input Frequency Range 50 60H 50 60H Power 120VAC 22 W max 26 W max Power 220 VAC 28 W max 37 W max Table 21 BLACK BOX Advanced Console Server environmental conditions Environmental Information LS1016A LS1032A Operatin...

Page 298: ...tion related to the RS 232 interface which applies not only to the Advanced Secure Console Port Server but also to any RS 232 cabling Table 22 BLACK BOX Advanced Console Server physical conditions Physical Information LS1016A LS1032A External Dimensions 17 in x 8 5 in x 1 75 in 17 in x 8 5 in x 1 75 in Weight 6 lb 6 2 lb Table 23 BLACK BOX Advanced Console Server safety specifications Safety Infor...

Page 299: ...it an Ethernet packet DT LK data transaction link state DT flashes when there s data transmitted to or received from the LAN It s hardware controlled LK keeps steady if the LAN is active The green LED is Data Transaction activity and the yellow one is LinK state 100 If 100BT is detected the LED lights on If 10BT is detected it turns off CP CPU activity It flashes at roughly 1 second intervals P1 P...

Page 300: ...ignals are necessary for every application so the RS 232 cable may not need all 7 wires The RS 232 interface defines communication parameters such as parity number of bits per character number of stop bits and the baud rate Both sides must be configured with the same parameters That is the first thing to verify if you think you have the correct cable and things still do not work The most common co...

Page 301: ...32 inter faces can drive signals faster and through longer cables As a general rule consider If the speed is lower than 38 4 kbps you are safe with any cable up to 30 meters 100 feet If the speed is 38 4 kbps or higher cables should be shorter than 10 meters 30 feet If your application is outside the above limits high speed long distances you will need better quality low impedance low capacitance ...

Page 302: ...y compact inexpensive and compati ble with the phone and Ethernet wiring systems present in most buildings and data centers Most networking equipment and new servers use RJ 45 connectors for serial communication Unfortunately there is no standard RS 232 pin assignment for RJ 45 connectors Every equip ment vendor has its own pin assignment Most connectors have two versions The ones with pins are sa...

Page 303: ...ariations on how the other control signals are wired A complete crossover cable would connect TxD with RxD DTR with DCD DSR and RTS with CTS on both sides A simplified crossover cable would cross TxD and RxD and locally short circuit DTR with DCD DSR and RTS with CTS Which cable should be used First look up the proper cable for your application in the table below Next purchase stan dard off the sh...

Page 304: ...version of the crossover cables with support for modem control signals and hardware flow control Applications that do not require such features have just to configure NO hardware flow control and NO DCD detec tion on their side Both ends should have the same configuration for better use of the com plete version of the cables These cables appear in Cable Package 1 and or Cable Package 2 You may or ...

Page 305: ...ight through Cable 2 Black Box RJ 45 to DB 25 Female Male crossover This cable connects Black Box products serial ports to console ports terminals printers and other DTE RS 232 devices If you are using Cable Package 1 after connecting the appro priate adapter to the RJ 45 straight through cable you will essentially have the cable shown in this picture If you are using Cable Package 2 no assembly i...

Page 306: ...this picture If you are using Cable Package 2 no assembly is required You will have the cable shown below Figure 30 Cable 3 Black Box RJ 45 to DB 9 Female crossover Cable 4 Black Box RJ 45 to Black Box RJ 45 straight through This cable is the main cable that you will use Along with one of the adapters provided RJ 45 to DB 9 or RJ 45 to DB 25 you can create a crossover cable like the ones explained...

Page 307: ...his cable is included in Cable Package 2 Figure 32 Cable 5 Black Box Sun Netra Cable Adapters The following four adapters are included in the product box A general diagram is provided below and then a detailed description is included for each adapter Loop Back Connector for Hardware Test The use of the following DB 25 connector is explained in the Troubleshooting chapter It is included in both Cab...

Page 308: ...r or to a Cisco product At one end of the adapter is the black CAT 5e Inline Coupler box with a female RJ 45 termi nus from which a 3 inch long black Sun Netra labeled cord extends terminating in an RJ 45 male connector This adapter is included in Cable Package 2 Figure 34 Black Box Sun Netra Adapter RJ 45 Female to DB 25 Male Adapter The following adapter may be necessary It is included in Cable ...

Page 309: ...following adapter may be necessary It is included in Cable Package 1 Figure 36 RJ 45 Female to DB 25 Female Adapter RJ 45 Female to DB 9 Female Adapter The following adapter may be necessary This is included in Cable Package 1 Figure 37 RJ 45 Female to DB 9 Female Adapter RJ 45 DB 25F RJ 45 DB 9F ...

Page 310: ...Appendix B Cabling Hardware Electrical 310 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 311: ...ameters on the following table are common to all three profiles Table 26 Parameters Common to CAS TS Dial in Access Parameter Description Value for this Example conf dhcp_client It defines the dhcp client operation mode Valid values 0 DHCP disabled 1 DHCP active 2 DHCP active and the unit saves in flash the last IP assigned by the DHCP server default 1 Also see Description column conf eth_ip_alias...

Page 312: ... two is used by the cy_ras program to OVERWRITE the file etc network ifcfg_eth0 as soon as the command signal_ras hup is executed The file etc network ifcfg_eth0 should not be edited by the user unless the cy_ras configuration is not going to be used 200 200 200 1 conf eth_mask The mask for the Ethernet network 255 255 255 0 conf eth_mtu The Maximum Transmission Unit size which determines whether ...

Page 313: ... ports by user name only the users listed can access the port or using the character all but the users listed can access the port In this example the users joe mark and members of user_group cannot access the port A single comma and spaces tabs may be used between names A comma may not appear between the and the first user name The users may be local Radius or TacacsPlus User groups defined with t...

Page 314: ... prompt Expansion characters can be used here h login all media It defines media type RS232 RS484 and operation mode half full duplex Valid values for all products rs232 RS232 default value rs232_half RS232 with RTS legcy half duplex rs232_half_cts RS232 with RTS legacy half duplex and CTS control See Description column all netmask It defines the network mask for the serial port 255 255 255 255 al...

Page 315: ...ters must be separated by a space The following example sets igncr This tells the terminal not to ignore the car riage return on input onlcr Do not map newline character to a carriage return or newline character sequence on output opost Post process output icrnl Do not map carriage return to a newline character on input all sttyCmd igncr onlcr opost icrnl commented Table 26 Parameters Common to CA...

Page 316: ...s to users with null password in the radius server must be granted or not yes no all speed The speed for all ports 9600 all datasize The data size for all ports 8 all stopbits The number of stop bits for all ports 1 all parity The parity for all ports none all authhost1 This address indicates the location of the Radius TacacsPlus authentication server and is only necessary if this option is chosen...

Page 317: ...y the authentication server Its use is optional If this parameter is not used accounting will not be performed If the same server is used for authentication and accounting both parameters must be filled with the same address A second Radius TacacsPlus accounting server can be configured with the parameter all accthost2 200 200 200 2 Table 26 Parameters Common to CAS TS Dial in Access Parameter Des...

Page 318: ...stead it passes it to the remote server where it is then used for authentica tion radius authentication is performed using a Radius authentication server TacacsPlus authentication is performed using a TacacsPlus authentication server ldap authentication is performed against an ldap database using an ldap server The IP address and other details of the ldap server are defined in the file etc ldap co...

Page 319: ...ti cation is tried only when the TacacsPlus server is down Note that this parameter controls the authentication required by the BLACK BOX Advanced Console Server The authentication required by the device to which the user is connecting is controlled separately all radtimeout This is the timeout in seconds for a Radius TacacsPlus authentication query to be answered The first server authhost1 is tri...

Page 320: ...conf file The TS configuration settings are in Table 28 TS Parameters on page 331 The Dial in configuration settings are in Table 29 Dial in configuration Parameters on page 333 For Power Management see the section Appendix J Power Management on page 451 socket_server sX pmoutlet sX indicates the serial port number to which the PM hardware is connected The pmout let part of the parameter indicates...

Page 321: ...k File System where data captured from the serial port will be written instead of being written to the local directory var run DB The directory tree to which the file will be written must be NFS mounted so the remote host must have NFS installed and the administrator must create export and allow reading writing to this directory The size of this file is not limited by the value of the parameter al...

Page 322: ...in the host s routing table 192 168 170 1 01 all netmask It defines the network mask for the serial port 255 255 255 2 55 all DTR_reset This parameter specifies the behavior of the DTR signal in the serial port If set to zero the DTR signal will be ON if there is a connection to the serial port otherwise OFF If set from 1 to 99 the DTR signal will be always ON A value greater or equal 100 specifie...

Page 323: ...answer_output It allows you to con figure a string that will be matched against all data coming in from the tty remote server If there is a match the configured output string auto_answer_output will then be send back to the tty This parameter works only when there is no session to the port If uncom mented and a string of bytes is set matching occurs whenever there is not session estab lished to th...

Page 324: ...also uncommented then the string configured will be sent back to the remote server See more on the usage of this parameter in Terminal Appearance in Chapter 3 commented all poll_interval Valid only for protocols socket_server and raw_data When not set to zero this parameter sets the wait for a TCP connection keep alive timer If no traffic passes through the BLACK BOX Advanced Console Server for th...

Page 325: ...igned the port value 7002 etc One example on how this could be used is in the case of all protocol or s n protocol socket_ssh and the port value 7001 7002 etc if supplied by the ssh client like username port value the ssh client will be directly connected with the serial interface For TS this parameter is valid only all protocol is configured as socket_cliente or telnet It is the TCP port number o...

Page 326: ... data buffering this parameter means the maximum file size in bytes If remote this parameter is just a flag to activate greater than zero or deactivate data buffering When local data buffering is used each time the maximum is reached the oldest 10 of stored data is discarded releasing space for new data FIFO system circular file When remote data buffering is used there s no maximum file size other...

Page 327: ..._show_DBmenu parameter assumed to be 2 cleared and a flow control start RTS on or XON is issued to resume data transmission Once exiting the session linear data buffering resumes If all flow or s n flow is set to none linear buffering is not possible as there is no way to stop recep tion through the serial line Default is cir cir all DB_ timestamp Records the time stamp in the data buffering file ...

Page 328: ...d for the fol lowing to work When 0 syslog messages are always generated whether or not there is a ses sion to the port sending data to the unit When 1 syslog messages are NOT generated when there IS a session to the port sending data to the unit but resumes generation of syslog mes sages when there ISN T a session to the port 0 all dont_show_ DBmenu When zero a menu with data buffering options is...

Page 329: ...e parameter admin_users below can see of the session of the first connected user main session in shows data written to the port out shows data received from the port and i o shows both streams The second and later sessions are called sniff sessions and this feature is activated whenever the protocol parameter is set to socket_ssh or socket_server out all admin_users This parameter determines which...

Page 330: ...cket_server and raw_data Defines the delay in milliseconds before transmission to the Ethernet of data received through a serial port If not configured 100ms is assumed If set to zero or a value above 1000 no buffering will take place 100 all idletimeout Specifies how long in minutes a connection can remain inactive before it is cut off If it set to zero the connection will not time out 0 s1 serve...

Page 331: ...to a different pool of ports One serial interface can belong to just one pool of ports Each pool of ports can have any number of serial interfaces 3000 s1 pool_ serverfarm Alias name given to the pool where this serial interface belong to pool_1 s2 tty It defines the physical device name associated to the serial port without the dev ttyS2 s8 tty It defines the physical device name associated to th...

Page 332: ...r defines the terminal type assumed when performing rlogin or telnet to other hosts vt100 all userauto Username used when connected to a UNIX server from the user s serial terminal all protocol for TS For the terminal server configuration the possible protocols are login which requests username and password rlogin receives username from the BLACK BOX Advanced Console Server and requests a password...

Page 333: ...e telnet client in binary mode The acceptable values are 0 or 1 where 0 is text mode default and 1 is a binary mode s16 tty TS It defines the physical device name associated to the serial port without the dev ttyS16 Table 29 Dial in configuration Parameters Parameter Description Value for this Example conf pppd Location of the ppp daemon with Radius usr local sbin pppd all netmask It defines the n...

Page 334: ...ver Callback is available in combination with Radius Server authentication When a registered user calls the BLACK BOX Advanced Console Server it will disconnect the user then call the user back The following three parameters must be configured in the Radius Server attribute Service_type 6 Callback Framed attribute Framed_Protocol 7 PPP attribute Callback_Number 19 the dial number example 50903300 ...

Page 335: ...xyarp modem asyncmap 000A0000 noipx noccp mtu t mru t netmask m idle I maxconnect T plugin usr lib libpsr so all protocol For the Dial in configuration the available protocols are PPP SLIP and CSLIP ppp s32 tty See the s1 tty entry in the CAS section ttyS32 Table 29 Dial in configuration Parameters Parameter Description Value for this Example ...

Page 336: ...Appendix C The pslave Configuration File 336 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 337: ...n etc pam d to authenticate a user request via the locally available authentication modules The modules themselves will usually be located in the directory lib security and take the form of dynamically loadable object files The Linux PAM authentication mechanism gives to the system administrator the freedom to stipulate which authentication scheme is to be used S he has the freedom to set the sche...

Page 338: ...library in the center consults the contents of the PAM configura tion file and loads the modules that are appropriate for Application X These modules fall into one of four management groups lower center and are stacked in the order they appear in the configuration file These modules when called by Linux PAM perform the various authentication tasks for the application Textual information required f...

Page 339: ...s however are case sensitive since they indicate a file s name and reflect the case dependence of typical Linux file systems The case sensitivity of the arguments to any given module is defined for each module in turn In addition to the lines described below there are two special characters provided for the convenience of the system administrator A general configuration line of the etc pam conf fi...

Page 340: ... a password or other means of identification Second the module can grant group membership independently of the etc groups or other privileges through its credential granting properties Account This module performs non authentication based account management It is typically used to restrict or permit access to a service based on the time of day currently available system resources maximum number of...

Page 341: ...nt and optional Required This indicates that the success of the module is required for the module type facility to succeed Failure of this module will not be apparent to the user until all of the remaining modules of the same module type have been executed Requisite This is similar to required However in the case that such a module returns a failure control is directly returned to the application ...

Page 342: ...efined The action can be a positive integer or one of the following tokens ignore ok done bad die and reset Optional As its name suggests this control flag marks the module as not being critical to the success or failure of the user s application for service In general Linux PAM ignores such a module when determining if the module stack will succeed or fail However in the absence of any definite s...

Page 343: ...with the side effect of terminating the module stack and PAM immediately returning to the application OK This tells PAM that the administrator thinks this return code should contribute directly to the return code of the full stack of modules In other words if the former state of the stack would lead to a return of PAM_SUCCESS the module s return code will override this value Note if the former sta...

Page 344: ...rompting for a username pam_lastlog This session module maintains the var log lastlog file It adds an open entry when called via the pam_open_session function and completes it when pam_close_session is called This module can also display a line of information about the last login of the user If an application already performs these tasks it is not necessary to use this module pam_limits This modul...

Page 345: ...red to deny access to individual users based on their name the time of day the day of week the service they are applying for and their terminal from which they are making their request pam_tacplus Provides TacacsPlus Server authentication authorization account management and accounting session management pam_unix This is the standard UNIX authentication module It uses standard calls from the syste...

Page 346: ...s for the ldap client configuration file ldap conf in etc Here s an example of the ldap conf file partial file name ldap conf This is the configuration file for the LDAP nameservice switch library and the LDAP PAM module Your LDAP server Must be resolvable without using LDAP host 127 0 0 1 The distinguished name of the search base base dc padl dc com debug Use the syslog 3 call to log debugging in...

Page 347: ...ord This option is intended for auth modules only use_mapped_ pass This argument is not currently supported by any of the modules in the Linux PAM distribution because of possible consequences associated with U S encryption exporting restrictions expose_account In general the leakage of some information about user accounts is not a secure policy for modules to adopt Sometimes information such as u...

Page 348: ...ny so OTHER password required pam_deny so OTHER session required pam_deny so While fundamentally a secure default this is not very sympathetic to a misconfigured system For example such a system is vulnerable to locking everyone out should the rest of the file become badly written The module pam_deny not very sophisticated For example it logs no information when it is invoked so unless the users o...

Page 349: ...n so auth required pam_deny so account required pam_deny so password required pam_warn so password required pam_deny so session required pam_deny so On a less sensitive computer the following selection of lines in etc pam conf is likely to mimic the historically familiar Linux setup default standard UNIX access OTHER auth required pam_unix_auth so OTHER account required pam_unix_acct so OTHER pass...

Page 350: ...used etc pam conf Last modified by Andrew G Morgan morgan kernel org Id pam conf v 1 9 2003 06 12 20 34 13 regina Exp serv module ctrl module path args nametype flag WARNING The services tacacs s_tacacs radius s_radius local s_local and remote are used by the Cyclades applications portslave socket_server socket_ssh and raw_data and should not be changed by the administrators unless he knows what h...

Page 351: ...o_unavail ignore default die pam_krb5 so no_ccache kerberosdownlocal account requiredpam_unix2 so kerberosdownlocal session success done new_authtok_reqd done authinfo_unavail ignore default die pam_krb5 so no_ccache kerberosdownlocal session requiredpam_unix2 so The PAM configuration file for the ldap service ldapauth sufficientpam_ldap so ldapaccount required pam_ldap so ldapsession required pam...

Page 352: ...te pam_securetty so tacplus auth required pam_tacplus so encrypt tacplus auth optional pam_auth_srv so tacplus account required pam_tacplus so encrypt service ppp protocol lcp tacplus session required pam_tacplus so encrypt service ppp protocol lcp s_tacplus auth requisite pam_securetty so s_tacplus auth required pam_tacplus so encrypt use_first_pass s_tacplus account required pam_tacplus so encry...

Page 353: ...ecuretty so local auth required pam_unix2 so local account required pam_unix2 so local password required pam_unix2 so md5 use_authtok local session required pam_unix2 so s_local auth requisite pam_securetty so s_local auth required pam_unix2 so use_first_pass s_local account required pam_unix2 so s_local password required pam_unix2 so md5 use_authtok s_local session required pam_unix2 so The PAM c...

Page 354: ...use_authtok loginsession required pam_unix2 so login session required pam_limits so The PAM configuration file for the xsh service sshdauth required pam_unix2 so sshdauth optional pam_group so sshdaccount requisite pam_time so sshdaccount required pam_unix2 so sshdpassword required pam_unix2 so md5 use_authtok sshdsession required pam_unix2 so sshd session required pam_limits so The PAM configurat...

Page 355: ...on for the PPPD process with the login option ppp auth required pam_nologin so ppp auth required pam_unix2 so ppp account required pam_unix2 so ppp session required pam_unix2 so Information for the ipppd process with the login option local authent ippp auth required pam_nologin so ippp auth required pam_unix2 so ippp account required pam_unix2 so ippp session required pam_unix2 so Information for ...

Page 356: ... etc raddb server The PAM configuration file for the other service otherauth required pam_warn so otherauth required pam_deny so otheraccount required pam_deny so otherpassword required pam_warn so otherpassword required pam_deny so othersession required pam_deny so Reference The Linux PAM System Administrators Guide Copyright c Andrew G Morgan 1996 9 All rights reserved Email morgan linux kernel ...

Page 357: ...ux kernel image script file where all BLACK BOX Advanced Console Server configuration information is stored The Upgrade Process To upgrade the BLACK BOX Advanced Console Server follow these steps Step 1 Log in to the BLACK BOX Advanced Console Server as root Provide the root password if requested Step 2 Go to the proc flash directory using the following command cd proc flash Step 3 FTP to the host...

Page 358: ... present in the text file saved in the Black Box site e g zImage 134 md5sum If the numbers match the downloaded file is not corrupted Step 6 Issue the command reboot reboot Step 7 Confirm that the new Linux kernel has taken over After rebooting the new Linux kernel will take over This can be confirmed by typing cat proc version to see the Linux kernel version Note Due to space limitations the new ...

Page 359: ...rnet test Step 4 When the Watch Dog Timer prompt appears press Enter Step 5 Choose the option Network Boot when asked Step 6 Enter the IP address of the Ethernet interface Step 7 Enter the IP address of the host where the new zImage file is located Step 8 Enter the file name of the zImage file on the host Step 9 Select the TFTP option instead of BOOTP The host must be running TFTPD and the new zIm...

Page 360: ... it will not be loaded onto the ramdisk on boot The following table lists files that should be included in the etc config_files file and which programs use each Note Possible causes for the loss of flash memory may include downloaded wrong zImage file downloaded as ASCII instead of binary problems with flash memory Table 30 Files to be included in etc config_file and the program to use File Progra...

Page 361: ...config cy_ras rc sysinit etc network ifcfg_lo ifconfig lo cy_ras rc sysinit var run radsession id radinit radius authentication process home adduser passwd etc network st_routes ifconfig cy_ras rc sysinit etc syslog ng syslog ng conf syslog ng Important If any of the files listed in etc config_files is modified the BLACK BOX Advanced Console Server administrator must execute the command saveconf b...

Page 362: ...ctor is necessary for this test Their pinout diagrams are supplied in Appendix B Cabling Hardware and Electrical Specifications Connect the loop back connector to the modem cable and then connect the modem cable to the port to be tested or connect a cross cable between two ports to be tested When tstest senses the presence of the cable or connector the test will be run automatically and the result...

Page 363: ...he port to be tested and begin Enter the number of the port and a baud rate 9600 is a typical value Type some letters and if the letters appear on the screen the port is working If the letters do not appear on the screen which also occurs if the loop back connector is removed the port is not functioning correctly A second method that can be used to test the port is to connect it to a modem with a ...

Page 364: ...R is typed the Xs in the RTS and CTS columns should move together If the Xs change position as described the signals are being sent and received correctly Single User Mode The BLACK BOX Advanced Console Server has a single user mode used when The name or password of the user with root privileges is lost or forgotten After an upgrade or downgrade which leaves the BLACK BOX Advanced Console Server u...

Page 365: ...s complete the Linux prompt will appear on the console root none If the password or username was forgotten execute the following commands passwd saveconf reboot For configuration problems you have two options Step 1 Edit the file s causing the problem with vi then execute the commands saveconf reboot Step 2 Reset the configuration by executing the commands echo 0 proc flash script reboot If the pr...

Page 366: ...it is not type bin webs to start it If the bin webs process is not being initialized during boot change the file etc inittab How to restore the Default Configuration of the Web Configuration Manager This would be required only when the root password was lost or the configuration file etc websum conf was damaged From a console or telnet session edit the file etc config_files Find the reference to e...

Page 367: ...rm or S kip Flash test P S kip Q uick or F ull RAM test F Fast Ethernet A uto Neg 1 00 BtH 100 Bt F 10 B t F 10 Bt H A Fast Ethernet Maximum Interrupt Events 0 Type Enter for all fields but the Console Speed When presented the following line Do you confirm these changes in flash Y es N o Q uit N Step 2 Enter Y and the changes will be saved in flash Step 3 Logout and login again to use the console ...

Page 368: ...e Interpretation Event CPU LED Morse code Normal Operation S short short short Flash Memory Error Code L long long long Flash Memory Error Configuration S L Ethernet Error S S L No Interface Card Detected S S S L Network Boot Error S S S S L Real Time Clock Error S S S S S L Note The Ethernet error mentioned in the above table will occur automati cally if the Fast Ethernet link is not connected to...

Page 369: ...OpenSSL package through the following command openssl req new nodes keyout private key out public csr If this command is used the following information is required Table 32 Required information for the OpenSSL package Parameter Description Country Name 2 letter code AU The country code consisting of two letters State or Province Name full name Some State Provide the full name not the code of the s...

Page 370: ...n receipt install certificate After the approval the CA will send a certificate file to the origin which we will call Cert cer for example purposes The certificate is also stored on a directory server The certificate must be installed in the GoAhead Web server by following these instructions Step A Open a Black Box Terminal Server session and do the login Step B Join the certificate with the priva...

Page 371: ...Appendix F Certificate for HTTP Security User Guide 371 Step E Save the configuration in flash saveconf Step F The certification will be effective in the next reboot ...

Page 372: ...Appendix F Certificate for HTTP Security 372 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 373: ...nerally protects only a particular higher level protocol PGP for mail SSH for login SSL for Web work and so on IPsec can be used on any machine which does IP networking Dedicated IPsec gateway machines can be installed wherever required to protect traffic IPsec can also run on routers on firewall machines on various application servers and on end user desktop or laptop machines IPsec is used mainl...

Page 374: ...thods of authentication 1 A shared secret provides authentication If Alice and Bob are the only ones who know a secret and Alice receives a message which could not have been created without that secret then Alice can safely believe the message came from Bob 2 A public key or RSA authentication can also provide authentication If Alice receives a message signed with Bob s private key which of course...

Page 375: ...on using auto matic keying with RSA authentication of the gateways General comments on ipsec conf The ipsec conf file is divided into sections and the following rules apply 1 The character marks a comment 2 The first uncommented line of a section must be at the margin and must not be indented KLIPS kernel IPsec Implements the IPsec code in the Linux kernel PLUTO The user space IPsec It negotiate c...

Page 376: ... and which is right is entirely up to you The setup section of ipsec conf The first section of ipsec conf contains overall setup parameters for IPsec which apply to all connections In our example file this would be basic configuration config setup THIS SETTING MUST BE CORRECT or almost nothing will work defaultroute is okay for most simple cases interfaces defaultroute Debug logging controls none ...

Page 377: ...the output from netstat rn to get a more complete picture In other cases you can name one or more specific interfaces to be used by IPsec For example interfaces ipsec0 eth0 or interfaces ipsec0 eth0 ipsec1 ppp0 Both tell IPsec to use eth0 as ipsec0 The second one also supports IPsec over PPP Note that multiple tunnels do not require multiple interfaces It is possible and even common to have one IP...

Page 378: ...ated when Pluto starts plutoload and plutostart can be quoted lists of connection names but are often set to search as in our example Any con nection with auto add in its connection definition is then loaded and any connection with auto start is started In most cases you want plutostart search here and auto start in your connection descriptions That way when a connection is broken for example if o...

Page 379: ... machine resources are for so if a connection is down you might as well waste resources retry ing rather than waste them by sitting idle Of course some cau tion should be exercised with this since it can waste network resources as well authby rsasig Authenticate gateways using RSA signatures This is the preferred method and is what we will use in this section s examples An alternate method is to u...

Page 380: ...168 0 0 24 auto start We are omitting the variables we have shown as set in the default connection above All of them could also be set here If they are set in both places settings here take precedence Defaults are used only if the specific connection description has no value set Many of the variables in this file come in pairs such as leftsubnet and rightsubnet one for each end of the connection T...

Page 381: ... directly linked packets can go from one to the other without IP routing by any intermediate device then you need not set either leftnexthop or right nexthop A connection with left defaultroute or right defaultroute must not have the corresponding nexthop parameter set However in all other cases you must provide nexthop information KLIPS bypasses the normal routing machin ery so you must give KLIP...

Page 382: ...nsole Server interface e f g h left interface e f g i leftnexthop router interface we don t know INTERNET interface we don t know router interface j k l m rightnexthop interface j k l n right right gateway machine interface 192 168 0 something branch office uses private IP addresses subnet 192 168 0 0 24 rightsubnet The ipsec conf file for the above network would look like this with RSA keys short...

Page 383: ...ys authby rsasign VPN connection for head office and branch office conn head branch identity we use in authentication exchanges leftid head example com leftrsasigkey 0x175cffc641f left security gateway public network address left e f g h next hop to reach right leftnexthop e f g i right s g subnet behind it and next hop to reach left rightid branch example com rightrsasigkey 0xfc641fd6d9a24 right ...

Page 384: ...ines regarding the IPsec on the etc rc sysinit script Adding and Removing a Connection All the connections can be loaded to the IPsec database at boot time if these connections have the auto parameter set to add However if a certain connection doesn t have this option set and you wish to add this connection manually you can use the following command usr local sbin ipsec auto add connection name Si...

Page 385: ...ou use the command usr local sbin ipsec auto up connection name Below you can see the output of a successful up operation root henrique root ipsec auto up teste 104 teste 5 STATE_MAIN_I1 initiate 106 teste 5 STATE_MAIN_I2 sent MI2 expecting MR2 108 teste 5 STATE_MAIN_I3 sent MI3 expecting MR3 004 teste 5 STATE_MAIN_I4 ISAKMP SA established 112 teste 6 STATE_QUICK_I1 initiate 004 teste 6 STATE_QUIC...

Page 386: ...next step is to send your public key to every one you need to set up connections with and collect their public keys You need to extract the public part in a suitable format This is done with the ipsec_showhostkey command ipsec showhostkey left ipsec showhostkey right These two produce the key formatted for insertion in an ipsec conf file Public keys need not be protected as fanatically as private ...

Page 387: ... 186 161 128 IPIP dir out src 64 186 161 96 life c s h addtime 4 0 0 Destination Gateway Genmask Flags MSS Window irtt Iface 0 0 0 0 64 186 161 1 0 0 0 0 UG 40 0 0 eth0 64 186 161 0 0 0 0 0 255 255 255 0 U 40 0 0 eth0 64 186 161 0 0 0 0 0 255 255 255 0 U 40 0 0 ipsec0 64 186 161 128 64 186 161 128 255 255 255 255 UGH 40 0 0 ipsec0 In this output you can see that there is an activated tunnel betwee...

Page 388: ...A_REPLACE in 3019s newest ISAKMP As you can see it shows almost the same information shown by the ipsec auto up command You can use this command if the up command doesn t show anything on the screen it can happen depending on the BLACK BOX Advanced Console Server syslog configuration IPsec and Road Warriors IPsec Security for the Internet Protocol FreeS WAN is a Linux implementation of the IPsec I...

Page 389: ...ity gateway machine in the network and create a security tunnel between the Console Server and this gateway The gateway machine and the Console Server encrypt packets entering the untrusted net and decrypt packets leaving it creating a secure tunnel through it Road Warriors The prototypical Road Warrior is a traveler connecting to the Console Server from a laptop machine For purposes of this docum...

Page 390: ...n cannot even recognize them much less debug them unless the underlying network is right Enabling IPsec The IPsec is disabled by default in the Console Server family To enable it you must edit the file etc inittab and etc config_files and uncomment the lines regarding the IPsec After per forming these changes you must save the configuration using the saveconf tool and reboot the equipment Quick St...

Page 391: ...mat suitable for insertion directly into the Console Server s ipsec conf file issue this command on the warrior machine usr local sbin ipsec showhostkey right The output should look like this with the key shortened for easy reading rightrsasigkey 0s1LgR7 oUM The Road Warrior needs to know The Console Server s public key or the secret and The ID the Console Server uses in IPsec negotiation which ca...

Page 392: ... 1 2 3 4 Console Server IP address leftid acs example com real keys are much longer than shown here leftrsasigkey 0s1LgR7 oUM warrior stuff right defaultroute rightid xy example com rightrsasigkey 0s1LgR7 oUM Road warrior support on the Console Server Adding Road Warrior support so people can connect remotely to your Console Server is straightforward conn gate xy left 1 2 3 4 leftid acs example co...

Page 393: ... in this case have a fixed IP address To do it just insert this connection description in your ipsec conf file with the variables that fit your environment sample tunnel The network here looks like BLACK BOX Advanced Console Server acsnexthop right nexthop right rightsubnet If BLACK BOX Advanced Console Server and right are on the same Ethernet omit leftnexthop and rightnexthop conn sample BLACK B...

Page 394: ...f using local remote parameters If you give an explicit IP address for left and left and right are not directly connected then you must specify leftnexthop the router which Console Server sends packets to in order to get them delivered to right Similarly you may need to specify rightnexthop vice versa The nexthop parameters are needed because of an unfortunate interaction between FreeS WAN and the...

Page 395: ... to set up connections with and collect their public keys The other players will be For a VPN each BLACK BOX Advanced Console Server administrator needs public keys for all gateways his or her BLACK BOX Advanced Console Server talks to For a Road Warrior the BLACK BOX Advanced Console Server needs public keys for all Warriors that connect to it and each Warrior needs the BLACK BOX Advanced Con sol...

Page 396: ...ull path name it is considered to be relative to the directory containing the including file Such inclu sions can be nested Only a single filename may be supplied and it may not contain white space but it may include shell wildcards for example include ipsec conf The intention of the include facility is mostly to permit keeping information on connections or sets of connections separate from the ma...

Page 397: ... any type of section A section with name default specifies defaults for sections of the same type For each parameter in it any section of that type which does not have a parameter of the same name gets a copy of the one from the default section There may be multiple default sections of a given type but only one default may be supplied for any specific parameter name and all default sections of a g...

Page 398: ... local and remote Which participant is considered left or right is arbitrary IPsec figures out which one it is being run on based on internal information This permits using identical connection specifications on both ends Many of the parameters relate to one participant or the other only the ones for left are listed here but every parameter whose name begins with left has a right counterpart whose...

Page 399: ...ed in the config setup section left will be filled in automatically with the local address of the default route interface as determined at IPsec star tup time This also overrides any value supplied for leftnexthop Either left or right may be defaultroute but not both The magic value any signifies an address to be filled in by automatic keying during negotia tion the magic value opportunistic signi...

Page 400: ...dress or a fully qualified domain name preceded by which is used as a literal string and not resolved leftrsasigkey The left participant s public key for RSA signature authentication in RFC 2537 format The magic value none means the same as not specifying a value useful to override a default The value dnsondemand means the key is to be fetched from DNS at the time it is needed The value dnson load...

Page 401: ...eying channel expiry should attempts to negotiate a replacement begin Acceptable values as for key life default 9m rekeyfuzz Maximum percentage by which rekeymargin should be randomly increased to randomize rekeying intervals important for hosts with many connections Acceptable values are an integer which may exceed 100 followed by a keyingtries How many attempts an integer should be made to negot...

Page 402: ...tion key espauthkey ESP authentication key espreplay_window ESP replay window setting An integer from 0 to 64 Relevant only if ESP authentication is being used leftespspi SPI to be used for the leftward ESP SA overriding automatic assign ment using spi or spibase Typically a hexadecimal number begin ning with 0x ah AH authentication algorithm to be used for the connection e g hmac md5 96 Default i...

Page 403: ...tarted automatically Recommended conn parameters mostly for automatic keying as manual keying seldom sees much use are IPsec Usage This section will teach you How to start and stop the IPsec daemon How to add and remove an IPsec connection from the IPsec database How to start and stop a connection keyingtries 0 Unlimited retries are normally appropriate for VPN connec tions Finite values may be ne...

Page 404: ...r local sbin ipsec auto manual add connection name You must use auto or manual depending on your connection keying type manual auto Sim ilarly to take a connection out of the IPsec database you can use the command usr local sbin ipsec auto manual delete connection name Once a connection descriptor is in the IPsec internal database IPsec will accept the other end to start the security connection ne...

Page 405: ...the logic used for manag ing permissions is also different The Web s user database is stored in the etc websum conf file and it has basically three lists users user groups and access limits Default Configuration for Web User Management The following three screen shots show the default configuration for User List User Group List and Access Limit List pages respectively Figure 41 User List default p...

Page 406: ...Appendix H Web User Management 406 BLACK BOX Advanced Console Server Figure 43 Access Limit List default page ...

Page 407: ...ill be available Accessibility When configured as FULL ACCESS the URL can be accessed without any authentication otherwise the user can authenticate with BASIC DIGEST or COOKIE authentication The last type is recommended because it allows the user to log out in the end of the session The page will not be accessible when the accessibility is configured as NO ACCESS Security When set to be secure th...

Page 408: ...ccess limits In the default configuration The access limits have privileges based on the functionality of the Web page There are four different groups root monitor admin and user each one with a specific privilege There is one root user username is root and password is linux Enabled The username must be enabled to be authenticated Encrypted password The password passed by the browser must match th...

Page 409: ...nt Load Save Web Configuration The Login page will appear Step 5 Type the username root and the password that was configured then click on the Login button Step 6 After the authentication click on the Save Configuration button Step 7 Click on the link Administration Load Save Configuration Step 8 Click on the Save to Flash button Adding and Deleting Users Adding a User Step 1 Click on the link Web...

Page 410: ...urrent user Go to the link Application Logout and log in again with the new user Deleting a User The root user is delete protected and because of that it cannot be removed from the user list The other users can be deleted Step 1 Click on the link Web User Management Users Step 2 Select the user to be deleted and click on the Delete User button A confirmation message will appear Step 3 If there are...

Page 411: ...ked Step 4 Click on the Submit button A confirmation message will appear Step 5 If there are more groups to be added repeat the steps 1 to 4 Step 6 Click on the link Web User Management Load Save Web Configuration Step 7 Click on the Save Configuration button This will save the users added in the file etc websum conf Step 8 Click on the link Administration Load Save Configuration Step 9 Click on t...

Page 412: ...eb page Pages or forms which causes the configuration to change will have FULL privilege only high privileged users will have access to it Pages which change the status of the board without changing the configuration will have ADMINISTRATOR privilege Pages with the system information will have MONITOR privilege Only application pages will have USER privilege Changing access limits is not recommend...

Page 413: ...uration button This will save the users added in the file etc websum conf Step 8 Click on the link Administration Load Save Configuration Step 9 Click on the Save to Flash button Deleting an access limit Step 1 Click on the link Web User Management Access Limits Step 2 Select the access limit to be deleted and click on the Delete Access Limit button A confirmation message will appear Step 3 If the...

Page 414: ...Appendix H Web User Management 414 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 415: ...on Any Web user config ured in the Web User Management section of the WMI will be able to use this application Tested Environment Requirements Java 2 Runtime Environment JRE SE v1 4 0_01 or v1 4 0_02 which can be found at http java sun com installed on your PC with your browser acknowledged to use it You can first check if the browser you are using acknowledges the Java version by follow ing the p...

Page 416: ...n the browser s you want to activate to use the Java Plug in Now repeat the check to see if your browser will now use the correct Java Plug in From Netscape or Mozilla Check to see if Java is enabled Go to Edit Preferences Advanced Check on Enable Java To see what version of JRE Plug in is used go to Help About Plug ins Scroll down to Java Plug in section Check if the Java Plug in is the version y...

Page 417: ... the Connect to Serial Ports link on the Link Panel to the left of the page in the Configuration section This will take you to the Port Selection page The ports will be listed by their server farm name if it were configured Figure 44 Serial Port Connection page Step 4 Select port On the Port Selection page choose a port to connect to from the dropdown menu and click the Connect button This will op...

Page 418: ... entering commands Step 7 To send a break to the terminal Click on the SendBreak button Step 8 Disconnect connection Click on the Disconnect button Make sure the Status bar shows an Offline status Closing the popup window will also disconnect you from the server Step 9 Reconnect to port Refresh the current page by clicking on the refresh icon at the upper right hand corner of the window ...

Page 419: ... LAN or WAN There is no authentication by default but the system can be configured for authentication to be performed by a Radius server a TacacsPlus server or even by a local database Either telnet or ssh can be used See Appendix A New User Background Information for more information about ssh The instructions in Chapter 2 Installation Configuration and Usage will set up a fully functional defaul...

Page 420: ...ess Figure 46 CAS diagram with various authentication methods As shown in the above figure our CAS with local authentication scenario has either telnet or ssh a secure shell session being used After configuring the serial ports as described in Chapter 3 Additional Features or in Appendix C The pslave Configuration File the follow ing step by step check list can be used to test the configuration BL...

Page 421: ...00 bps 8N1 The server must also be configured to communicate on the serial console port with the same parameters Step 4 Confirm routing Also make sure that the computer is configured to route console data to its serial console port Console Redirection Step 5 Telnet to the server connected to port 1 From a server on the LAN not from the console try to telnet to the server connected to the first por...

Page 422: ...r to access a server on the LAN Figure 47 Terminal Server diagram The terminal can be either a dumb terminal or a terminal emulation program on a PC Note It is possible to access the serial ports from Microsoft stations using some off the shelf packages Although Black Box is not liable for those packages successful tests were done using at least one of them From the application s viewpoint running...

Page 423: ...rver is reachable Step 3 Check physical connections Make sure that the physical connection between the BLACK BOX Advanced Console Server and the terminals is correct A cross cable not the modem cable provided with the product should be used Please see the Appendix B Cabling Hardware and Electrical Specifications for pin out diagrams Step 4 Confirm that terminals are set to same parameters as the B...

Page 424: ...as the protocol on the serial dial up lines Black Box recommends that a maximum of two ports be configured for this option Figure 48 Ports configured for Dial in Access After configuring the serial ports as described in Chapter 3 Additional Features or in Appen dix C The pslave Configuration File the following step by step check list can be used to test the configuration Step 1 Create a new user S...

Page 425: ...set for communication at 57600 bps 8N1 The modems should be programmed to operate at the same speed on the DTE interface Step 5 Confirm routing Also make sure that the computer is configured to route console data to the serial console port Step 6 Perform a test dial in Try to dial in to the BLACK BOX Advanced Console Server from a remote computer using the username and password configured in step ...

Page 426: ...Appendix J Examples for Config Testing 426 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 427: ...arameters Basic Parameters wiz Hostname System IP Domain Name DNS Server Gateway IP Network Mask Access Method Parameters wiz ac type CAS profile Ipno Socket_port Protocol Users Poll_interval Tx_interval Idletimeout Conf group sN serverfarm pool_ipno pool_socket_port pool_serverfarm ...

Page 428: ...Advanced Console Server web_WinEMS translation TS profile Protocol Socket_port Userauto Telnet_client_mode Alarm Parameter wiz al Alarm xml_monitor Authentication Parameters wiz auth Authtype Authhost1 Accthost1 Authhost2 Accthost2 Radtimeout Radretries ...

Page 429: ...User Guide 429 Secret Data Buffering Parameters wiz db Data_buffering Conf nfs_data_buffering Syslog_buffering Dont_show_DBmenu DB_timestamp DB_mode Syslog_sess Power Management Parameters wiz pm pmkey pmNumOfOutlets pmoutlet pmtype pmusers ...

Page 430: ...lication Parameters 430 BLACK BOX Advanced Console Server Serial Settings Parameters wiz sset type CAS profile Speed Datasize Stopbits Parity Flow Dcd SttyCmd DTR_reset TS profile Speed Datasize Stopbits Parity Flow Dcd ...

Page 431: ...uide 431 Sniffing Parameters wiz snf Admin_users Sniff_mode Escape_char Multiple_sessions Syslog Parameters wiz sl Conf facility Conf DB_facility Terminal Appearance Parameters wiz tl Issue Prompt Lf_suppress Auto_answer_input Auto_answer_output ...

Page 432: ...Appendix K Wiz Application Parameters 432 BLACK BOX Advanced Console Server Terminal Server Profile Other Parameters wiz tso Host Term Conf locallogins ...

Page 433: ...re Console Port Server and a reference to their maintainers The copyrights notices required in some packets are placed in the COPYRIGHTS directory of the Advanced Secure Console Port Server image Bash Bourne Again Shell version 2 0 5a Extracted from the HardHat Linux distribution http www gnu org software bash Bootparamd NetKit Bootparamd version 0 17 ftp ftp uk linux org pub linux Networking netk...

Page 434: ...ersion 2 1 http www montavista com IPSec The Linux FreeS WAN IPsec version 1 9 8 http www freeswan org COPYRIGHT This product includes software developed by Eric Young eay cryptsoft com IPtables Netfilter IPtables version 1 2 2 Extracted from the HardHat Linux distribution http www netfilter org Linux Kernel Linux Kernel version 2 4 18 Extracted from the HardHat Linux distribution http www kernel ...

Page 435: ...ware developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org COPYRIGHT This product includes cryptographic software written by Eric Young eay cryptsoft com PAM Linux PAM version 0 75 http www kernel org pub linux libs pam Portslave SourceForge Portslave project version 2000 12 25 modified Includes pppd version 2 4 1 and rlogin version 8 10 http sourceforge net projects...

Page 436: ...erver Tinylogin TinyLogin version 0 80 ftp ftp lineo com pub tinylogin WEBS GoAhead WEBS version 2 1 modified http goahead com webserver webserver htm Copyright c 20xx GoAhead Software Inc All Rights Reserved ZLIB zlib version 1 1 4 http www gzip org zlib ...

Page 437: ...8 Choose a free COM port 52 9 Port Settings 53 10 The etc hostname file with hostname typed in 55 11 Contents of the etc hosts file 55 12 Configuration and Administration page 76 13 Port Selection page 76 14 Profile Section of Serial Port Configuration page 77 15 Serial Ports Users Group Table Entry page 78 16 An example of the clustering feature 118 17 Example of Centralized Management 123 18 Edi...

Page 438: ...le crossover 306 31 Cable 4 Black Box RJ 45 to Black Box RJ 45 straight through 306 32 Cable 5 Black Box Sun Netra Cable 307 33 Loop Back Connector 307 34 Black Box Sun Netra Adapter 308 35 RJ 45 Female to DB 25 Male Adapter 308 36 RJ 45 Female to DB 25 Female Adapter 309 37 RJ 45 Female to DB 9 Female Adapter 309 38 Data flow diagram of Linux PAM 338 39 Initial test 363 40 Second screen showing c...

Page 439: ...List of Figures User Guide 439 47 Terminal Server diagram 422 48 Ports configured for Dial in Access 424 ...

Page 440: ...List of Figures 440 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Page 441: ...onfiguration for Slave 2 where it differs from the CAS standard 121 10 General Options for the Help Wizard 188 11 Help CLI Options Synopsis 1 190 12 Help CLI Options Synopsis 2 192 13 Help CLI Options Synopsis 3 193 14 vi modes 286 15 vi navigation commands 287 16 vi file modification commands 287 17 vi line mode commands 287 18 Process table 293 19 BLACK BOX Advanced Console Server power requirem...

Page 442: ...Dial in Access 311 26 Mostly CAS specific Parameters 321 27 TS Parameters 331 28 Dial in configuration Parameters 333 29 Files to be included in etc config_file and the program to use 360 30 CPU LED Code Interpretation 368 31 Required information for the OpenSSL package 369 32 Windows XP JREv1 4 0_01 or 02 415 ...

Page 443: ...ch to monitor mode Console Access Server CAS A CAS has an Ethernet LAN connection and many RS 232 serial ports It connects to the con sole ports of servers and networking equipment and allows convenient and secure access from a single location Console Port Most of the equipment in a data center servers routers switches UPS PBX etc has a serial console port for out of band management purposes Clust...

Page 444: ... Bases SNMP compliant devices called agents store data about themselves in MIBs and return this data to the SNMP requesters Out of band network management In a computer network when the management data is accessed through a network that is independent of the network used to carry data this is called out of band network manage ment Off line data buffering This is a CAS feature that allows capture o...

Page 445: ...a set of protocols for managing complex networks The first versions of SNMP were developed in the early 80s SNMP works by send ing messages called protocol data units PDUs to different parts of a network SNMP com pliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to the SNMP requesters Source Webopedia Telnet Telnet is the standard se...

Page 446: ...work Because they have the same physical interfaces terminal servers are sometimes used as console access servers TTY The UNIX name for the COM Microsoft port U Rack height unit A standard computer rack has an internal width of 17 inches Rack space on a standard rack is measured in units of height U One U is 1 75 inches A device that has a height of 3 5 inches takes 2U of rack space ...

Page 447: ...onnectors 302 CronD 134 Custom Wizard 35 D Data Buffers 137 Default Configuration Parameters 32 DHCP 150 DNS Server 34 Domain 35 E Ethernet 33 F Filters 156 Flash Memory Loss 359 G Gateway 33 default 34 Generating Alarms 172 H Hardware Specifications 297 Hardware Test 362 HyperTerminal 33 I IP Address 34 IPsec 373 K Kerberos 101 106 318 Kermit 33 L Linux File Structure 284 Linux PAM 337 M Minicom ...

Page 448: ...st 362 R Radius authentication 424 Routing Table 288 RS 232 Standard 300 S Secure Shell Session 289 Sendmail 181 Sendsms 181 Snmptrap 181 Syslog n 256 System Requirements 31 T Terminal Appearance 271 Time Zone 280 U Upgrades 357 Using 72 Using the Wizard through your Browser 72 W Wizard 34 ...

Page 449: ...This page has been left intentionally blank ...

Page 450: ... Copyright 2002 Black Box Corporation All rights reserved 1000 Park Drive l Lawrence PA 15055 1018 l 724 746 5500 l Fax 724 746 0746 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands