Home
/
Cyclades
/
AlterPath ACS
/
Command Reference Manual

Cyclades AlterPath ACS, Command Reference Manual

Share

Page: 150 / 420

Page 150

Cyclades AlterPath ACS Command Reference Manual Download Page 150

134

Network

Road Warriors

The prototypical Road Warrior is a traveler connecting to the Console Server from a
laptop machine. For purposes of this document:

•

Anyone with a dynamic IP address is a Road Warrior.

•

Any machine doing IPsec processing is a gateway. Think of the single-user Road
Warrior machine as a gateway with a degenerate subnet (one machine: itself)
behind it.

These require a somewhat different setup than VPN gateways with static addresses and
with client systems behind them, but are basically not problematic. There are some
difficulties which appear for some Road Warrior connections:

•

Road Warriors who get their addresses via DHCP may have a problem. Openswan
can quite happily build and use a tunnel to such an address, but when the DHCP
lease expires, Openswan does not know that. The tunnel fails, and the only
recovery method is to tear it down and rebuild it.

•

If Network Address Translation (NAT) is applied between the two IPsec
Gateways, this breaks IPsec. IPsec authenticates packets on an end-to-end basis, to
ensure they are not altered en route. NAT rewrites packets as they go by.

In most situations, however, Openswan supports Road Warrior connections just fine.

Before you start

This is a quick guide to set up two common configurations: VPN and Road Warrior.
There are two examples: a Road Warrior using RSA signature and a VPN using RSA
signature. When listing the configuration of the remote side (the equipment the ACS will
create a tunnel with) these examples will assume the other end is also running the
Openswan. If it is not your case, make the appropriate conversions for your IPsec
software.

Setup and test networking.

Before trying to get Openswan working, you should

configure and test IP networking on the Console Server and on the other end. IPsec can
not function without a working IP network beneath it. Many reported Openswan
problems turn out to actually be problems with routing or firewalling. If any actual IPsec
problems turn up, you often cannot even recognize them (much less debug them) unless
the underlying network is right.

Enabling IPsec on your ACS.

The IPsec is disabled by default in the Console Server

family. To enable it you must edit the file

/etc/daemon.d/ipsec.sh

change

“ENABLE=NO” to “ENABLE=YES” and run the “

saveconf

” command. To start

IPSEC, type “

daemon.sh restart IPSEC

” <enter>. IPSEC will start automatically during

subsequent reboots if you have saved

/etc/daemon.d/ipsec.sh

with “

saveconf

”.

«
...
148
149
150
151
152
...
»

Summary of Contents for AlterPath ACS

Page 1: ...ce Guide Software Version 2 6 0 Cyclades Corporation 3541 Gateway Boulevard Fremont CA 94538 USA 1 888 CYCLADES 292 5233 1 510 771 6100 1 510 771 6200 fax http www cyclades com Release Date November 2...

Page 2: ...registered or registration pending trademarks of Cyclades Corporation in the United States and other countries Cyclades and AlterPath All trademarks trade names logos and service marks referenced here...

Page 3: ...s 10 Hypertext Links 10 Glossary Entries 10 Quick Steps 10 Parameter Syntax 10 Brackets and Hyphens dashes 11 Ellipses 11 Pipes 11 Greater than and Less than signs 11 Spacing and Separators 11 Caution...

Page 4: ...to your unit 27 CLI Mode ts_menu 27 Data Buffering 29 Ramdisks 29 Linear vs Circular Buffering 29 How to Configure 30 VI mode Parameters Involved and Passed Values 30 CLI Method Data Buffering 32 Men...

Page 5: ...n 61 nsswitch conf file format 62 Examples 63 Kerberos Authentication 64 Kerberos Server Authentication with Tickets support 64 How Kerberos Works 64 Configuring ACS to use Kerberos Tickets authentica...

Page 6: ...l Certificate 93 X 509 Certificate on SSH 94 To configure X 509 certificate for SSH 94 vi Mode 94 CLI Mode 95 Script Mode 95 To connect to ACS using SSH X 509 certificate 96 To connect to ACS s serial...

Page 7: ...bles 121 Table 121 Chain 121 Rule 122 Syntax 122 Command 123 Rule Specification 124 Match Extensions 126 TCP Extensions 127 UDP Extensions 128 ICMP Extension 128 Multiport Extension 128 Target Extensi...

Page 8: ...148 Chapter 5 Administration 151 SNMP 151 Configuration 153 VI Method Involved parameters and passed values 153 CLI Method SNMP 155 CronD 157 How to configure 157 Dual Power Management 160 Syslog ng 1...

Page 9: ...ized Configuration 194 Date Time and Timezone 195 Date and Time 195 CLI Method Date and Time 195 Setting Local Timezone 196 Configuring using set_timezone 196 Configuring Using CLI 198 NTP Network Tim...

Page 10: ...thorized Users firmware version prior to 2 2 0 238 Adding an user of the pmusers group 238 Changing the group of an already existing user 238 pm command 240 Turning the outlet off 242 Locking the outl...

Page 11: ...your ISDN PC Card 271 Establishing a Callback with your ISDN PC Card 2nd way 273 CLI Method ISDN PCMCIA 275 Media Cards 277 How it works 277 VI Method Configuration 278 CLI Method Media Cards PCMCIA...

Page 12: ...re 329 VI mode Parameters Involved and Passed Values 330 Server Commands 333 IPMI Configuration 335 How it works 335 IPMI ipmitool 335 Line Printer Daemon 339 CAS Port Pool 341 How to Configure it 341...

Page 13: ...sh Memory Loss 364 Hardware Test 365 Port Test 366 To start the Port test 366 Port Conversation 367 Test Signals Manually 367 Single User Mode 368 Using a different speed for the Serial Console 369 Se...

Page 14: ...ra Cable 383 Adapters 384 Loop Back Connector for Hardware Test 384 Cyclades Sun Netra Adapter 385 RJ 45 Female to DB 25 Male Adapter 385 RJ 45 Female to DB 25 Female Adapter 385 RJ 45 Female to DB 9...

Page 15: ...ss Server CAS 395 Console Port 395 Cluster 395 Flash 395 In band network management 395 IP packet filtering 396 KVM Switch KVM 396 Mainframe 396 MIBs 396 Out of band network management 396 Off line da...

Page 16: ...xvi Table of Contents...

Page 17: ...ntenance of the ACS It assumes that the reader understands networking basics and is familiar with the terms and concepts used in Local and Wide Area Networking UNIX and Linux users will find the confi...

Page 18: ...erPath ACS is based on an embedded Linux operating system Configurations are done using the vi text editor or the Command Line Interface CLI If you are f new to Linux it is advisable to refer to the A...

Page 19: ...e ACS prompt to change the hostname you can directly do root CAS root bin CLI config network hostsettings hostname host_name Both modes are oriented by keywords that allow the moving from one state to...

Page 20: ...ist fetching the next command same as down arrow key Ctrl p Move back through the history list fetching the previous command same as up arrow key The command history buffer is only available for the l...

Page 21: ...o type m for more b for back or q for quit show Display the configuration parameter s It s valid only in configuration state For example the following displays some configurations for port 1 cli confi...

Page 22: ...ay when they log into the ACS If user root is configured to have bin CLI as their default shell he she can still have access to the ACS shell prompt by executing the command shell from the CLI Any oth...

Page 23: ...onnection menu pm To access the ACS power management menu view To display the data buffer files for a serial port config administration bootconfig To configure boot configuration parameters date time...

Page 24: ...flash savetoflash To save the configuration changes to flash security To configure security profiles and authentication servers virtualports To cascade multiple AltherPath ACS console servers portStat...

Page 25: ...nistration and maintenance related features Power Management with AlterPath PM Integration involves features for those who have an IPDU being controlled by the ACS PCMCIA Cards Integration this chapte...

Page 26: ...ck on them in the PDF version of the manual you will be taken to that section Glossary Entries Terms that can be found in the glossary are underlined and slightly larger than the rest of the text Thes...

Page 27: ...ed by this character should be used in the command Example netstat statistics s tcp t udp u raw w When a configuration parameter is defined the Linux command syntax conventions will be also used with...

Page 28: ...tional or cautionary information that the reader especially needs to bear in mind There are three levels of information WARNING A very important type of tip or warning Do not ignore this information I...

Page 29: ...13 This page has been left intentionally blank...

Page 30: ...14 Preface...

Page 31: ...the basic network configuration to make AlterPath ACS available on the network In addition it provides procedures to login change the default password and setup the security profile Configuring networ...

Page 32: ...ord tslinux before setting up the ACS for secure access to the connected servers or devices Password Change the root password The default etc passwd file has the user root with password tslinux You sh...

Page 33: ...s follows Single password for ROOT All serial port DISABLED DHCP Telnet SSHv1 SSHv2 and HTTP HTTPS enabled Cyclades STRONGLY recommends 1 To change the ROOT password before setting up the box for secu...

Page 34: ...then ACS will default to 192 168 160 10 Step 5 Change the default static IP address see your network administrator to obtain a valid IP address C O N F I G U R A T I O N W I Z A R D Current configurat...

Page 35: ...nfiguration parameters appear Step 10 Enter y after the prompts shown in the following screen example Step 11 To confirm the configuration enter the ifconfig command Domain name cyclades com domain_na...

Page 36: ...Serial Ports ICMP and HTTP redirection to HTTPS Open Enables all services Telnet SSHv1 SSHv2 HTTP HTTPS SNMP RPC ICMP and Telnet SSH and Raw connections to Serial Ports Default Sets the profile to the...

Page 37: ...ollowing syntax custom protocol yes no To display the current configuration as shown in the following figure enter custom show custom show custom ftp no telnet no ssh ssh_x509 CA_file hostkey authoriz...

Page 38: ...ave root CAS portslave vi pslave conf Step 2 Navigate to Port specific parameters to uncomment the sxx tty and enable the serial ports Port specific parameters s1 tty ttyS1 s2 tty ttyS2 s3 tty ttyS3 s...

Page 39: ...uce all the possible ways to access the serial ports of the ACS From this point is considered that the unit is properly configured using one of the possible profiles CAS or TS More information about h...

Page 40: ...55 255 255 0 CAS configuration socket_server in all ports access method is Telnet 9600 bps 8N1 No Authentication Opening and closing a Telnet session to a serial port To open a Telnet session to a ser...

Page 41: ...HCP To close the SSH session press the hotkey defined for the SSH client followed by a The default is Make sure you enter the escape character followed by a at the beginning of a line to close the SSH...

Page 42: ...sage stating Read only mode is provided in case the user attempts to interact with that port Note however that a real sniff session the user isn t the first one to log to a certain port is only allowe...

Page 43: ...menu from a Telnet SSH session to your unit You have to be sure that a different escape character is used for exiting your Telnet SSH session otherwise if you were to exit from the session created thr...

Page 44: ...d only mode run the following command cli applications connect readonly consolename consolename The connection is made to the device and a Read only mode message is displayed To make a direct connecti...

Page 45: ...this file is not limited by the value of the parameter s1 data_buffering though the value cannot be zero since a zero value turns off data buffering The conf nfs_data_buffering parameter format is ser...

Page 46: ...the maximum file size is reached the oldest 10 of stored data is discarded releasing space for new data FIFO system circular file When remote data buffering is used there s no maximum file size other...

Page 47: ...on a line containing the time stamp the username the event itself connection disconnection and the type of session Read Write or Read Only will be added to the data buffering file every time a user co...

Page 48: ...a user connects to the port that is sending data syslog messages stop being generated all dont_show_DBmenu When zero a menu with data buffering options is shown when a user connects to a port with a n...

Page 49: ...is parameter must be greater than zero otherwise all parameters relating to data buffering are disregarded showmenu Controls the DB menu options Valid values are yes no noerase file syslogsize Maximum...

Page 50: ...will connect to the ACS using a serial terminal The user will then automatically receive a menu similar to that shown below The user selects the option required to connect to the desired server or to...

Page 51: ...new menu option Action can be telnet host_ip or ssh l username host_ip where host_ip is the IP address of the server to connect to Step 3 Save the changes Save the changes made by choosing the fifth o...

Page 52: ...where the serial terminal is attached must be configured for login with authentication local Configure the following lines s x protocol login s x authtype local Where x is the port number being config...

Page 53: ...o 192 168 100 3 terminalmenu add actionname Server1 command telnet 192 168 100 3 You can also open a SSH connection to the desired server to do that substitute the telnet host_ip by ssh l username hos...

Page 54: ...ster and two Slave is shown in the following figure Figure 2 1 An example using the Clustering feature How to Configure Clustering The Master ACS must contain references to the Slave ports The configu...

Page 55: ...r_ssh all authtype Depends on the application Radius local none remote TacacsPlus Ldap kerberos local Radius radius local local TacacsPlus TacacsPlus local RadiusDownLocal LdapDownLocal NIS s33 tty Th...

Page 56: ...of_Slave slave_socket_port for non Master ports The value 7301 was chosen arbitrarily for this example 20 20 20 3 7301 S65 alias An alias for this port server_on_slave2_ serial_s1 S65 ipno See s33 ipn...

Page 57: ...To activate the changes issue the command runconf To save the changes run the command saveconf Step 5 Accessing the ports To access ports from the remote management workstation use Telnet with the sec...

Page 58: ...7301 SSH can also be used from the remote management workstation To access the third port of Slave 2 ssh l username Server_on_slave2_serial_s3 209 81 55 110 To access the fifth port of Slave 2 ssh l u...

Page 59: ...le or disable the clustering via the NAT table This parameter should be configured with the IP address used to access the serial ports The NAT clustering will work regardless of the interface where th...

Page 60: ...issue an iptables command to view change at his own risk or delete the rules in the nat table If the administrator issues a fwset restore command he must also execute the command runconf to recover th...

Page 61: ...port The master_port will define at least the Slave box with which a connection is desired For example you may use the following commands ssh l username1 server1 p 7101 master_ip ssh l username2 serve...

Page 62: ...lustering ports with the SSH command option p port you must assign an IP address to the serial port Do not omit the parameter socket_port in the Master box General Configuration The configuration of c...

Page 63: ...the public IP conf eth_ip 64 186 161 108 conf eth_mask 255 255 255 0 conf eth_mtu 1500 Secondary ethernet IP address conf eth_ip_alias 192 168 170 1 conf eth_mask_alias 255 255 255 0 Local CAS serial...

Page 64: ...et_server ports s65 tty 192 168 170 3 7101 s66 tty 192 168 170 3 7102 s96 tty 192 168 170 3 7132 s65 socket_port 8001 s66 socket_port 8002 s96 socket_port 8032 Remote CAS serial ports slave 3 32 socke...

Page 65: ...otocol socket_ssh all authtype local s 1 32 tty ttyS 1 32 s 1 32 alias slave 1 port 1 32 Slave 2 box Configuration Primary ethernet IP address conf eth_ip 192 168 170 3 conf eth_mask 255 255 255 0 con...

Page 66: ...that no special connection is needed between the boxes All you need is to connect them in the same physical network To configure one ACS as master to control other ACS slave using the CLI just follow...

Page 67: ...setting the tcp port The value for the example is 7005 remoteip The IP address of the master box The value for this example is 172 22 65 2 firstremotetcpport Where tcp port numbering starts in the mas...

Page 68: ...52 Device Access...

Page 69: ...ying an individual usually based on a username and password In security systems authentication is distinct from authorization which is the process of giving individuals access to system objects based...

Page 70: ...is selected Local authentication is performed using the etc passwd file Remote This is for a terminal profile only The unit takes in a username but does not use it for authentication Instead it passe...

Page 71: ...erver is down TacacsPlusDownLocal local authentication is tried only when the TacacsPlus server is down Kerberos Local Kerberos authentication is tried first switching to Local if unsuccessful Kerbero...

Page 72: ...eters for each type of authentication server is stored in its own configuration file on ACS Step 3 Activating and saving the changes made To activate the changes issue the command runconf To save the...

Page 73: ...cli config physicalports access authtype value For physicalports specify a port number select a range or enter all For example physicalport 4 physicalports 1 8 or physicalports all Step 3 To see the...

Page 74: ...his options allows you to get the user s public key via scp The user must be enrolled in the local database of the unit You must specify the user name username and the url url The url must follow this...

Page 75: ...st of authentication server types from authentication press the tab to see the list of possible values The following list of authentication types appears nisserver radiussecret tacplusauthsvr1 radiust...

Page 76: ...sent by the radius server If the radius server does not send the NAS Port Id attribute no check is performed No configuration is needed for the ACS However the authentication type must be radius Authe...

Page 77: ...e etc nsswitch conf file System Databases and Name service Switch configuration file to include the NIS in the lookup order of the databases Step 4 Configure the parameter all sxx authype as local How...

Page 78: ...by uncommenting the line that performs a ypbind upon startup nsswitch conf file format The etc nsswitch conf file has the following format database service actions service where database available al...

Page 79: ...l database If the user is not found then use NIS passwd files nis shadow files nis group files nis 5 You wish to authenticate the user first using NIS If the user is not found then use the local datab...

Page 80: ...am so that it is transparent to the user or can be sent by the kinit program after the user logs in The KDC checks for the principal in its database If the principal is found the KDC creates a TGT enc...

Page 81: ...h the same name as the principal configured in the Kerberos server adduser john Step 5 Configure the krb5 conf file The etc krb5 conf file must be exactly the same as the one that is in the Kerberos s...

Page 82: ...ROS SERVICES klogin stream tcp nowait root usr sbin tcpd usr local sbin klogind ki telnet stream tcp nowait root usr sbin tcpd usr local sbin telnetd Step 2 Restart the inetd service by issuing the co...

Page 83: ...orwardable tickets to connect to the ACS ports using ts_menu rlogin l john acs48 2 cyclades com F Then run ts_menu to access the desired serial port Step 7 Connecting via Telnet to the ACS itself with...

Page 84: ...y all the changes needed in this file are related to the network domain Substitute all listed parameters that are configured with cyclades com with the correspondent domain of your network Below is an...

Page 85: ...sly configured in the Kerberos server In the ACS run the command w The response for this command will be something like this 1 03pm up 57 min 1 user load average 0 00 0 00 0 00 USER TTY FROM LOGIN IDL...

Page 86: ...70 Authentication Step 5 Saving changes To save the configuration run the command saveconf...

Page 87: ...o load these packages from your distribution CD ROM or via Internet Step 2 Go to the directory etc openldap or usr local etc openldap Change the directory running the following command cd usr local et...

Page 88: ...oto sn Fujimoto userPassword bithelio To list the entries include usr local etc openldap schema core schema include usr local etc openldap schema cosine schema pidfile usr local var slapd pid argsfile...

Page 89: ...slave pslave conf Step 2 Configure the etc ldap conf file Edit the following parameters Step 3 Activating and saving the changes made To activate the changes issue the command runconf To save the chan...

Page 90: ...is enabled users are denied access unless they have the proper authorization which must be set on the TACACS server itself Configuring Authorization with a TACACS Server CLI Step 1 In CLI mode enter t...

Page 91: ...he Linux Fedora Core 3 The location of this configuration file may be different on other Linux distributions Step 1 On the TACACS server open the file etc tacacs tac_plus cfg Step 2 Edit the following...

Page 92: ...used whether the user is allowed or denied access when the raccess parameter is set on the ACS Only users who have this parameter set to raccess will have authorization to access the specified ports r...

Page 93: ...acplus conf file authhost1 192 168 160 21 accthost1 192 168 160 21 secret secret encrypt 1 service ppp protocol lcp timeout 10 retries 2 authhost1 This address indicates the location of the TacacsPlus...

Page 94: ...entication fails Configuring the authorization on ACS to access the serial ports CLI In CLI mode enter the following string 1 cli config security authentication tacplusraccess yes 2 cli config physica...

Page 95: ...lades 3 5 You should configure both parametres auth1 and acct1 Multiple radius servers can be configured in this file The servers are tried in the order in which they appear If a server fails to respo...

Page 96: ...80 Authentication Save the configuration to flash 2 cli config savetoflash...

Page 97: ...e a user request via the locally available authentication modules The modules themselves will usually be located in the directory lib security and take the form of dynamically loadable object files Th...

Page 98: ...r in the configuration file These modules when called by Linux PAM perform the various authentication tasks for the application Textual information required from or offered to the user can be exchange...

Page 99: ...s The meaning of each of these tokens is explained below After the meaning of the above tokens is explained the method will be described Token Description File name The service name associated with th...

Page 100: ...e success or failure of the module it is associated with Since modules can be stacked modules of the same type execute in series one after another the control flags determine the relative importance o...

Page 101: ...ssword in a hostile environment Sufficient The success of this module is deemed sufficient to satisfy the Linux PAM library that this moduletype has succeeded in its purpose In the event that no previ...

Page 102: ...m_open_session function and completes it when pam_close_session is called This module can also display a line of information about the last login of the user If an application already performs these t...

Page 103: ...ncipally for logging information about a proposed authentication or application to update a password pam_krb5 The Kerberos module currently used is pam_krb5 This PAM module requires the MIT 1 1 releas...

Page 104: ...no_warn Instruct module to not give warning messages to the application use_first_pass The module should not prompt the user for a password Instead it should obtain the previously typed password from...

Page 105: ...r s full name when asking them for a password in a secured environment could also be called being friendly The expose_account argument is a standard module argument to encourage a module to be less di...

Page 106: ...soon as possible The AlterPath ACS has support for Shadow Passwords which enhances the security of the system authentication files For ACS release 2 6 Shadow Passwords are enabled by default If you a...

Page 107: ...quired The other requested information can be skipped The certificate signing request CSR generated by the command above contains some personal or corporate information and its public key Step 2 Submi...

Page 108: ...ll Cert cer for example purposes The certificate is also stored on a directory server The certificate must be installed in the GoAhead Web server by following these instructions Step 3 1 Open a Termin...

Page 109: ...eq_key file and update the user data with your organization specific data Step 2 Remove the files etc ca pem Step 3 Execute the following script bin firstkssl sh Step 4 Reboot ACS or restart theWeb Ma...

Page 110: ...icate and added to the AuthorizedKeyFile in sshd_config file Step 2 1 Use the following command to extract the client identification openssl x509 noout subject in cli_cert crt Step 2 2 Change subject...

Page 111: ...horized keys For example ssh_x509 CA_file etc ssh ca bundle crt ssh_x509 hostkey etc ssh hostkey ssh_x509 authorizedkeys etc ssh authorized_keys To check the configuration enter the following command...

Page 112: ...9 certificate Step 3 Copy the certificate files to ACS See Certificate for HTTP Security if needed To check if the file was copied run the following command at the prompt root acs48 root ls l etc ssh...

Page 113: ...AlterPath ACS Command Reference Guide 97 Authentication Step 4 Configure the serial ports for socket_ssh protocol and assign the IP address of the connected device...

Page 114: ...98 Authentication...

Page 115: ...Filters and Network Address Translation VPN Configuration 4 2 Basic Network Settings This section will show how to configure basic network parameters This includes configuration of ip addresses netma...

Page 116: ...tmask This section will show how to configure the IP address and network mask in the unit These settings can be made using both methods VI and CLI VI mode To set the IP address if DHCP client is disab...

Page 117: ...chine Using the Windows OS open a command prompt window type in the following and then press Enter ping IP assigned to the ACS by DHCP or you An example would be ping 192 168 160 10 If you receive a r...

Page 118: ...0 as IP address and 255 255 255 0 as mask To configure it follow the steps below Step 1 Open the CLI interface by issuing the command CLI Step 2 Configuring the unit s IP address cli config network ho...

Page 119: ...ction the ACS should take in case the DHCP Server does not answer the IP address request 1 No action is taken and no IP address is assigned to the Ethernet Interface most common configuration Step 1 I...

Page 120: ..._cmd already has such content Step 5 Add all other necessary options to the file etc network dhcpcd_cmd some options are described later in this section In both cases if the IP address of the ACS or t...

Page 121: ...md Contains a command that activates the DHCP client used by the cy_ras program Its factory contents are bin dhcpcd c bin handle_dhcp The options available that can be used on this command line are D...

Page 122: ...106 Network Step 4 Save the configuration cli config savetoflash Step 5 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cli quit...

Page 123: ...g syntax route add del net host target netmask mask gw gateway metric metric Action Option Description add del One of these tags must be present Routes can be either added or deleted net host Net is f...

Page 124: ...o the 192 168 0 1 IP address just ONE of the above commands must be inserted into the file etc network st_routes Step 3 Save the changes made To save the changes run the following command saveconf CLI...

Page 125: ...th ACS Command Reference Guide 109 Network Step 4 Save the configuration cli config savetoflash Step 5 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cl...

Page 126: ...edit this file to do this run the command vi etc resolv conf Step 2 Configure the etc resolv conf file The syntax of this file must be as the following example Step 3 Save the configuration To save a...

Page 127: ...ork hostsettings primdnsserver 192 168 0 2 NOTE This parameter is disregarded when DHCP is enabled Step 4 Activate the configuration cli config runconfig Step 5 Save the configuration cli config savet...

Page 128: ...ssions are kept up with no interruption VI mode To set the failover Ethernet bonding edit the etc bonding opts file To configure it follow the steps below Step 1 Open the etc bonding opts file It is n...

Page 129: ...abled yes To disabled fail over bonding type the following command bonding enabled no NOTE This parameter is disregarded when DHCP is enabled Step 4 Configure the interval in milliseconds in which the...

Page 130: ...ailover is enabled Step 9 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cli quit Step 10 Check the bonding configuration To check if the feature is act...

Page 131: ...ink encap Ethernet HWaddr 00 60 2E 00 4F 97 inet addr 172 20 0 131 Bcast 172 20 255 255 Mask 255 255 0 0 UP BROADCAST RUNNING SLAVE MULTICAST MTU 1500 Metric 1 RX packets 237695 errors 0 dropped 0 ove...

Page 132: ...interface For example There is a rule to drop the SSH packets to access the ACS box with no Bonding root CAS iptables A INPUT p tcp dport 22 i eth0 j REJECT If you activate Bonding you need to change...

Page 133: ...ld also contain IP addresses and host names for other hosts in the network The syntax of this file is the following Enter as many hosts as necessary following the above syntax Step 2 Saving the config...

Page 134: ...p 3 Activate the configuration cli config runconfig Step 4 Save the configuration cli config savetoflash Step 5 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following c...

Page 135: ...osed VI mode The configuration is done in the file bin init_proc_fs using the linux proc filesystem CLI Method TCP Keep Alive Step 1 Open the CLI interface by issuing the command CLI Enable TCP keepal...

Page 136: ...s pool interval cli config physicalports all other tcpkeepalive 50 Step 3 Activate the configuration cli config runconfig Step 4 Save the configuration cli config savetoflash Step 5 Exiting the CLI mo...

Page 137: ...ustering one Master Console server works as the interface between the global network and the slave Console servers The ACS uses the Linux utility iptables to set up maintain and inspect both the filte...

Page 138: ...n be accepted blocked logged or jumped to a user defined chain For the nat table the packet can also have its source IP address and source port altered for the POSTROUTING chain or have the destinatio...

Page 139: ...will fail Rules are numbered starting at 1 I insert Insert one or more rules in the selected chain as the given rule number Thus if the rule number is 1 the rule or rules are inserted at the head of t...

Page 140: ...ocols or a different one A protocol name from etc protocols is also allowed A argument before the protocol inverts the test The number zero is equivalent to all Protocol all will match with all protoc...

Page 141: ...the INPUT and FORWARD chains When the argument is used before the interface name the sense is inverted If the interface name ends in a then any interface which begins with this name will match If thi...

Page 142: ...but see the x flag to change this For appending insertion deletion and replacement this causes detailed information on the rule or rules to be printed n numeric Numeric output IP addresses and port n...

Page 143: ...n tcp flags mask comp Match when the TCP flags are as specified The first argument is the flags which we should examine written as a comma separated list and the second argument is a comma separated l...

Page 144: ...n of the TCP extension for details destination port port port Destination port or port range specification See the description of the destination port option of the TCP extension for details Table 4 6...

Page 145: ...P header fields via the kernel log where it can be read with syslog ng LOG extension Description log level level Level of logging numeric or see syslog conf 5 log prefix prefix Prefix log messages wit...

Page 146: ...eturn the appropriate ICMP error message port unreachable is the default The option echo reply is also allowed it can only be used for rules which specify an ICMP ping packet and generates a ping repl...

Page 147: ...P address of the interface the packet is going out on but also has the effect that connections are forgotten when the interface goes down This is the correct behavior when the next dialup is unlikely...

Page 148: ...mmand is executed at boot to invoke the last configuration saved VI method Step 1 Execute fwset restore This script will restore the IP Tables chains and rules configured in the etc network firewall f...

Page 149: ...spects this is the same thing as a VPN but here one or both sides have a degenerated subnet only one machine Applications of IPsec Because IPsec operates at the network layer it is remarkably flexible...

Page 150: ...ns however Openswan supports Road Warrior connections just fine Before you start This is a quick guide to set up two common configurations VPN and Road Warrior There are two examples a Road Warrior us...

Page 151: ...ystem s public key for RSA only The ID that system uses in IPsec negotiation To get system s public key in a format suitable for insertion directly into the Console Server s ipsec conf file issue this...

Page 152: ...n of the line All other lines after that line must be indented by 1 TAB This is MANDATORY pre configured link to Console Server conn us to acs information obtained from Console Server admin left 1 2 3...

Page 153: ...conn gate xy must start on the FIRST column of the line All other lines after that line must be indented by 1 TAB This is MANDATORY conn gate by left 1 2 3 4 leftid acs example com leftrsasigkey 0s1L...

Page 154: ...figure the left and right ipsec rsa keys Instead of typing copy paste the entire rsa key in the fields leftrsasigkey and rightrsasigkey inside the etc ipsec conf file the administrator can just type i...

Page 155: ...e authentication keys and how to exchange keys between systems Generating an RSA key pair The Console Server doesn t have an RSA key pair by default It will be generated on the first reboot after you...

Page 156: ...anage all tunnels and manage IPsec itself This section will show you a few commands that have proven to be useful when managing IPsec and IPsec connections The IPsec Daemon The IPsec daemon PLUTO is t...

Page 157: ...its negotiation as explained in the next section Starting and Stopping a Connection All the connections can be negotiated at boot time if these connections have the auto parameter set to start However...

Page 158: ...y the ipsec auto up command You can use this command if the up command doesn t show anything on the screen it can happen depending on the ACS syslog configuration The IPsec Configuration Files in Deta...

Page 159: ...name is an arbitrary name which distinguishes the section from others of the same type Names must start with a letter and may contain only letters digits periods underscores and hyphens All subsequen...

Page 160: ...types of sections a config section specifies general configuration information for IPsec while a conn section specifies an IPsec connection Conn Sections A conn section contains a connection specifica...

Page 161: ...that both left and leftnexthop are to be filled in by automatic keying from DNS data for left s client left local and right remote subnet Private subnet behind the left and right participants express...

Page 162: ...cessful negotiation to expiry Acceptable values are an integer optionally followed by s a time in seconds or a decimal number followed by m h or d a time in minutes hours or days respectively default...

Page 163: ...already on as IPsec is started and turn it off again if it was off as IPsec is stopped Acceptable values are yes and the default no klipsdebug How much KLIPS debugging output should be logged An empty...

Page 164: ...is PMTU estimate Acceptable values are yes the default and no packetdefault What should be done with a packet which reaches KLIPS via a route into a virtual interface but does not match any route Acce...

Page 165: ...ig runconfig Step 4 Save the configuration cli config savetoflash Step 5 Connection management Parameter Values connectionname name Edit mode only authprotocol esp ah authmethod rsa secret rightid id...

Page 166: ...to manage the VPN connections in the prompt shell The CLI does not provide management utilities Find more information on IPsec Management on page 140 Step 6 Exiting the CLI mode To exit the CLI mode...

Page 167: ...messages called protocol data units PDUs to different parts of a network SNMP compliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to...

Page 168: ...ead only to add the line rouser username eg rouser usersnmp If the user has permission to read and write to add the line rwuser username eg rwuser usersnmp a Include the following line in etc config_f...

Page 169: ...C2576 Coexistence between Version 1 Version 2 and Ver sion 3 of the Internet standard Network Management Frame work 4 Private UCD SNMP mib extensions enterprises 2021 Information about memory utilizat...

Page 170: ...file This is a read only access to the MIB Management Information Base values rocommunity public default hostname or network mask 1 2 Save the configuration changes in the snmp conf file root CAS roo...

Page 171: ...ermission ro read only source allowed host 192 168 0 200 a Configuring SNMP v3 cli config network snmp v3 add username john password john1234 oid 1 permission ro The command presented above will confi...

Page 172: ...nmpwalk v 3 u john l authpriv a MD5 A john1234 x DES X john1234 192 168 0 1 1 a Save the configuration cli config savetoflash a Exiting the CLI mode To exit the CLI mode and return to ACS s shell type...

Page 173: ...d by the source file explained above The following parameters are created in the etc crontab_files file status Active or inactive If this item is not active the script will not be executed user The pr...

Page 174: ...date time and their tasks If there s a match the command is executed The system crontab has an additional field User that tells cron with which user id the command should be executed The fields are Mi...

Page 175: ...igures which file contains information about which scripts are going to be run Activate the daemon by editing the etc crontab_files changing the line like below active root etc tst_cron src a Edit the...

Page 176: ...wdt_led sh and remove the keyword buzzer The buzzer won t sound if there is a power failure in any power supply This parameter does not affect the behavior of the command signal_ras buzzer on off To m...

Page 177: ...pager e mail or syslogs to remote servers There are five steps required for configuring syslog ng Step 1 Define Global Options Step 2 Define Sources Step 3 Define Filters Step 4 Define Actions Destina...

Page 178: ...log ng in the options statement options opt1 params opt2 params where optN can be any of the following Table 5 1 Global Options parameters Syslog ng configuration Option Description time_reopen n The...

Page 179: ...the threshold value for the garbage collector when syslog ng is idle GC phase starts when the number of allocated objects reach this number Default 100 gc_busy_threshold n Sets the threshold value for...

Page 180: ...t 10 tcp options and udp options These drivers let you receive messages from the network and as the name of the drivers show you can use both TCP and UDP None of tcp and udp drivers require positional...

Page 181: ...mple to listen to messages from one client IP address 10 0 0 1 on UDP port 999 source s_udp_10 udp ip 10 0 0 1 port 999 a Define filters To define filters use this statement filter identifier expressi...

Page 182: ...ter f_alert level alert 3 To filter by matching one string in the received message filter f_match match string Example to filter by matching the string named filter f_named match named 4 To filter ALA...

Page 183: ...vel info and match ALARM and match root login 5 To eliminate SSHD debug messages filter f_sshd_debug not program sshd or not level debug 6 To filter the syslog_buffering filter f_syslog_buf facility l...

Page 184: ...og ng It allows you to output log messages to the named file The destination filename may include mac ros by prefixing the macro name with a sign which gets expanded when the message is written Since...

Page 185: ...ptions log_fifo_size number The number of entries in the output file sync_freq number The file is synced when this number of messages has been written to it owner name group name perm mask Equals glob...

Page 186: ...age use this macro FULLDATE The complete date when the message was sent FACILITY The facility of the message PRIORITY or LEVEL The priority of the message udp ip address port number and tcp ip address...

Page 187: ...tion ident pipe dev cyc_alarm template sendsms pars where ident uniquely identify this destination pars d mobile phone number m message max size 160 characters u username to login on sms server p port...

Page 188: ...xt field it is a string message max size 250 characters Example to send a Link Down trap to server at 10 0 0 1 with message carrying the current date the hostname of this ACS and the message that was...

Page 189: ...message coming from one of the listed sources A match for each of the filters is sent to the listed destinations log source S1 source S2 filter F1 filter F2 destination D1 destination D2 where Sx Iden...

Page 190: ...o send e mail and pager if message received from local syslog client has the string root login log source sysl filter f_root destination d_mail1 destination d_pager 6 To send messages with facility ke...

Page 191: ...hod 1 Configure pslave conf parameters In the pslave conf file the facility parameter is configured as local syslog clients source src unix stream dev log destination d_buffering udp 10 0 0 1 filter f...

Page 192: ...00 200 1 You can repeat this step as many times as necessary depending on the quantity of remote servers you want to add local syslog clients source src unix stream dev log remote server 1 IP address...

Page 193: ...ference Guide 177 Administration a Activate the configuration cli config runconfig a Save the configuration cli config savetoflash a Exit the CLI mode To exit the CLI mode and return to ACS s shell is...

Page 194: ...e syslog messages are generated as a result of specific actions or conditions are as follows ACS generates syslog messages when the following conditions are met Table 5 5 ACS Syslog Messages Format Le...

Page 195: ...nt cur rent detected threshold threshold config ured alert PMD Serial Port p One or more IPDUs were removed from the chain This chain has now X IPDUs and Y out lets alert AUTH User xyz login failed al...

Page 196: ...se then to detected if the modem is still powered on and active The DCD signal will be monitored and a syslog message will be generated whenever the state of the signal changes The syslog message can...

Page 197: ...ages generated when DCD goes on off that is s_kernel You can follow the table on page 178 to create filters and or trigger alarms Examples To configure the examples given below edit the etc syslog ng...

Page 198: ...Generating messages and sending them to console if the DCD signal changes its state filter f_dcdchg level alert and match PORT DCD destination console usertty root log source s_kernel filter f_dcdchg...

Page 199: ...are conf DB_facility This value 0 7 is the Local facility sent to the syslog ng with data when syslog_buffering and or alarm is active all alarm When nonzero all data received from the port is cap tu...

Page 200: ...application Example 1 To send all messages received from local syslog clients to console Insert the lines below at the END of the file syslog ng conf file keeping all lines above commented Example 2...

Page 201: ...estination d_message file var log messages log source sysl source s_udp filter f_messages destination d_messages File Description 5 17 part of the etc syslog ng syslog ng conf file source sysl unix st...

Page 202: ...ion The CLI interface allows the configuration of alarm notifications when is an event is generated in any port of the ACS Generating alarms for the ACS itself is not customizable using the CLI interf...

Page 203: ...enable this option otherwise messages received in the ports will be ignored and not treated by Syslog ng cli config administration notifications alarm yes a Add the trigger string Here you need to con...

Page 204: ...188 Administration To exit the CLI mode and return to ACS s shell issue the command cli quit...

Page 205: ...e login banner that is issued when a connection is made to the ACS n represents a new line and r represents a carriage return Expansion characters can be used here Value for this Example r n Welcome t...

Page 206: ...r 1 3 from port 1 to 3 a Activate the configuration cli config runconfig a Save the configuration cli config savetoflash a Exit the CLI mode To exit the CLI mode and return to ACS s shell issue the co...

Page 207: ...e the common file that is placed in a management host This same file would be downloaded into all ACS boxes each of those boxes would include a tiny config file and that big common file In this applic...

Page 208: ...3 unit1 File Description 5 22 Unit 1 etc hostname file conf eth_ip 10 0 0 1 conf eth_mask 255 0 0 0 conf include etc portslave TScommon conf File Description 5 23 Unit 1 etc portslave portslave conf f...

Page 209: ...t_config unit3 and before conf host_config end conf eth_ip 10 0 0 3 conf eth_mask 255 0 0 0 conf include etc portslave TScommon conf File Description 5 27 Unit 3 etc portslave portslave conf file conf...

Page 210: ...Make sure to put it in the directory set in the pslave conf file etc portslave in the example a Execute the command runconf on each unit a Test each unit If everything works add the line etc portslav...

Page 211: ...s or sets the system date and time date MMDDhhmmYYYY where MM month DD day hh hour mm minute YYYY year For example date 101014452002 displays Thu Oct 10 14 45 00 timezone 2002 Note The time zone is co...

Page 212: ...tration date time time 09 00 00 4 Activate the configuration cli config runconfig 5 Save the configuration cli config savetoflash 6 Exit the CLI mode To exit the CLI mode and return to ACS s shell iss...

Page 213: ...e creates a new file called etc localtime which erases the old etc TIMEZONE Please choose the time zone where this machine is located 0 GMT 1 1h West GMT 2 10h West GMT 3 11h West GMT 4 12h West GMT 5...

Page 214: ...lues The following possible values display 3 Select the desired GMT zone and enter it at the prompt For example cli config administration timezone 2h_West_GMT 4 Activate the configuration cli config r...

Page 215: ...on d ntpclient conf and change the parameters according to the table below a Activate and save the changes made To activate the configuration issue the following command daemon sh NTP restart Table 5...

Page 216: ...administration ntp xxx xxx xxx xxx Where xxx xxx xxx xxx is the IP address of the NTP server Note NOTE To deactivate the NTP service you just need to configure date by issuing the command cli config...

Page 217: ...so be able to write to it If the user selects 2 Initiate a sniff session s he will start reading everything that is sent and or received by the serial port according to the parameter all sniff_mode or...

Page 218: ...cted to the very same port see parameter admin_users below can see of the session of the first connected user main session in shows data written to the port out shows data received from the port and i...

Page 219: ...mber of users x Where x is the current number of connected users The last user will know he she is alone again when x 1 CLI Method Session Sniffing To configure session sniffing using the CLI interfac...

Page 220: ...shows data received from the port in out shows both streams off disables sniffing a Activate the configuration cli config runconfig a Save the configuration cli config savetoflash a Exiting the CLI m...

Page 221: ...e Compact Flash or IDE The new media is storagedevice which has the two parameters default and replace The saveconf utility creates one file in the storage device to save the default and replace flags...

Page 222: ...on to the internal flash memory cli config savetoflash Saving the configuration to a PCMCIA storage device cli administration backupconfig saveto sd default replace Saving the configuration to a remot...

Page 223: ...ipts may have other shell variables not handled directly by daemon sh Such variables have the sole purpose of facilitating the configuration of command line parameters The mandatory shell variables de...

Page 224: ...and Data Buffering services and it will stop SSH and network timer client services daemon sh PMD stop SSH NTP restart DB NIS etc daemon d ypbind conf RPC etc daemon d portmap conf DB etc daemon d cy_...

Page 225: ...to stop the daemon daemon command line parameters NTPSERVER h 129 6 15 28 NTP server ip address NTPINTERVAL l 300 Time in seconds to ask server NTPCOUNT c 0 counter 0 means forever DPARM NTPCOUNT NTP...

Page 226: ...enabled services in each profile is designated with a check mark Note that the Default option will set the parameters to the same as Moderate and the Custom Profile allows for individual configuration...

Page 227: ...Enter the Security Profile menu cli config security profile a Type one of the pre defined Security Profiles and press Enter profile secured moderate open default a To view the details of the selected...

Page 228: ...a Enter the Custom Security Profile menu cli config security profile custom profile show profile open custom moderate custom secured custom custom ftp no telnet yes ssh sshv1 yes sshv2 yes sshd_port...

Page 229: ...meters are available under custom menu FTP ICMP IPSec RPC SNMP Telnet To enable or disable a parameter issue the following command custom parameter option Where possible values for option are yes to e...

Page 230: ...rt ID root_access Allow root access To enable or disable a parameter issue the following command ssh parameter option Where possible values for option are yes to enable and no to disable a parameter T...

Page 231: ...tp http_port http2https https https_port To enable or disable a parameter type the command web parameter option Where possible values for option are yes to enable and no to disable a parameter To assi...

Page 232: ...able and no to disable a parameter To see the ports configuration type the command show ports show a To activate the configuration type the following command cli config runconfig a To save the configu...

Page 233: ...the menu displayed in the session This chapter approaches all configuration that is integrated with the AlterPath ACS Below are the sections that are going to be presented in this chapter Power Manag...

Page 234: ...ed to power outlet ZZ on the AlterPath PM These port denominations will be used in the descriptions below Prerequisites for Power Management In order to control individual outlets or groups of outlets...

Page 235: ...r in order to allow users to access the IPDU port Valid values are none ssh telnet or ssh_telnet IMPORTANT By defining the sYY pmsessions parameter and making all other necessary configuration an user...

Page 236: ...able the serial port that the IPDU is connected to For example serial port 1 is being configured for IPDU cli config physicalports 1 enable yes Step 3 Configure the serial port that the IPDU is connec...

Page 237: ...ers test1 test2 The command above allows the users test1 and test2 to run power management commands into the IPDU connected to serial port 1 Step 6 Configuring the hotkey You also need to define a hot...

Page 238: ...o a Change the connection protocol on the serial port by editing the etc portslave pslave conf file For example change the serial port 1 protocol from ipdu to socket_ssh or socket_server s1 protocol s...

Page 239: ...follow the prompts to enter the new password pm passwd Password Re enter password Username password set for user admin pm b Save the new password by issuing the command pm save The system prompt the f...

Page 240: ...CS and PM a Execute the ps command to note the current pmd process root CAS root ps fe grep pmd 878 root 644 S bin pmd 1108 root 552 S grep pmd b Restart the pmd process by issuing the following comma...

Page 241: ...nu v1 0 Cyclades Power Management Menu 1 Exit 2 individual ipdus 3 multi outlet device 4 Info Please choose an option Table 6 1 Menu Options for PM Utility Command Description Exit Exits the PM Utilit...

Page 242: ...nfigured as IPDU command arguments are the PM command and its arguments See the list of commands in Table 6 2 Using the Power Management Utility You can use the Power Management Utility to control IPD...

Page 243: ...rn 9 Status 17 Factory Default 2 Help 10 Power Up Interval 18 Reboot 3 Who Am I 11 Name 19 Restore 4 On 12 Current 20 Save 5 Off 13 Temperature 21 Syslog 6 Cycle 14 Version 22 Alarm 7 Lock 15 Buzzer 8...

Page 244: ...t is equipped with a temperature sensor Version Displays the software and hardware version of the IPDU Buzzer Configures a buzzer to sound when a specified alarm threshold has reached Options are On t...

Page 245: ...me PM This option is applicable to devices with multiple power supplies Selecting option 3 for Multi outlet Devices from the PM menu invokes the following menu and prompt The following table explains...

Page 246: ...These are the status for these outlets in the IPDU attached to ttyS3 Outlet Name Status Users Interval s 1 Unlocked ON 0 50 4 Unlocked ON 0 50 5 Unlocked ON 0 50 Show Shows which outlets in which ipd...

Page 247: ...up interval is 1 7 then 2 2 s3 pmoutlet 1 7 2 2 s3 alias Sun Server To Manage Multiple IPDUs from the Command Line Step 1 Connect to the CONSOLE port of the ACS or use Telnet or SSH to access the ACS...

Page 248: ...shes and it necessary to change the power status Type the pre configured hot key If the user does not have permission to access any outlet the following message will appear and you will return to the...

Page 249: ...he user has permission to access the outlet s of this server these outlets will be managed by the PM session Step 3 Regular User Menu This is the AlterPath PM regular user menu Cyclades Power Manageme...

Page 250: ...the selected outlets Status Provides an overall status of the selected outlet Power Up Interval Set the time interval in seconds that the system waits between turning on the currently selected outlet...

Page 251: ...mber all for all for help m for main menu 1 3 Outlet Name Status Users Interval s 1 pm Unlocked ON 0 50 2 Unlocked ON 0 50 3 Unlocked ON 0 50 Cyclades Power Management Menu PowerPort PM 1 Return 6 Cyc...

Page 252: ...rm this procedure if you need to access other outlets Enter option 9 Status to view the Outlets you are authorized to manage and at the Outlent name or outlet number prompt type all Please choose an o...

Page 253: ...waiting for a menu option type the option 1 Exit Please choose an option 9 Outlet name or outlet number all for all for help m for main menu all Outlet Name Status Users Interval s 1 pm Unlocked ON 0...

Page 254: ...res more knowledge about the AlterPath PM commands Adding an user of the pmusers group Only the root user and users belonging to the pmusers group can do power management by using the pm or pmCommand...

Page 255: ...AlterPath ACS Command Reference Guide 239 Power Management with AlterPath PM Integration Step 3 Save the configuration To save the changes done run the command saveconf...

Page 256: ...240 Power Management with AlterPath PM Integration pm command The pm command provides a menu that can be reached by typing the following command from the prompt...

Page 257: ...xit Help Show this help Who Am I Display the username currently logged in On Turn on outlets Off Turn off outlets Cycle Power cycle outlets Lock Lock outlets in current state Unlock Unlock outlets Sta...

Page 258: ...e things which can be done through this command Turning the outlet off Cyclades Power Management Menu PowerPort pm10 1 Exit 9 Status 17 Factory Default 2 Help 10 Power Up Interval 18 Reboot 3 Who Am I...

Page 259: ...ff it cannot be turned on Cyclades Power Management Menu PowerPort pm10 1 Exit 9 Status 17 Factory Default 2 Help 10 Power Up Interval 18 Reboot 3 Who Am I 11 Name 19 Restore 4 On 12 Current 20 Save 5...

Page 260: ...5 Buzzer 8 Unlock 16 Current Protection Please choose an option 9 Outlet name or outlet number all for all for help m for main menu all Outlet Name Status Users Interval s 1 pm Locked ON 0 50 2 Unlock...

Page 261: ...nd Syntax pmCommand IPDU port command For example root CAS root pmCommand 1 Cyclades Corporation Power Management Command Prompt v1 1 Power Name PM PM The following are examples of some things which c...

Page 262: ...rm status Type help command to see details of command Cycling all the outlets Cyclades Power Management Prompt cycle 4 5 4 Outlet turned off 5 Outlet turned off 4 Outlet turned on 5 Outlet turned on U...

Page 263: ...AlterPath ACS Command Reference Guide 247 Power Management with AlterPath PM Integration Turning the outlet off Cyclades Power Management Prompt off 2 2 Outlet turned off...

Page 264: ...ended to download the new firmware to the tmp directory because files in this directory are deleted during the boot process Step 2 Run the pmfwupgrade application After downloading it is necessary to...

Page 265: ...ameter admPasswd with the correct password The pmfwupgrade application will try to stop all the process that are using the serial port Just type YES to proceed into the upgrade process Another message...

Page 266: ...ns in the SNMP section of Chapter 5 Administration The parameters and features that can be controlled in the remote IPDU are as follows The number AlterPath PM units connected to a given console serve...

Page 267: ...t or for units configured as daisy chain this time should be recalculated Examples This feature allows the user do these following SNMP requests 1 Get the number of ACS TS serial ports that has PM con...

Page 268: ...252 Power Management with AlterPath PM Integration...

Page 269: ...in response to card insertions and removals lsmod This command shows the modules loaded for the PCMCIA devices cardctl This command can be used to check the status of a socket or to see how it is conf...

Page 270: ...ct VI Method The factory default for the etc network interfaces file has the following lines Remove the in the beginning of the line and change the IPs to suit your network configuration For instance...

Page 271: ...hen delete the lines of the desired interface from the etc network interfaces file CLI Method Ethernet PCMCIA To configure an Ethernet PCMCIA card using the CLI follow the steps Step 1 Open the CLI in...

Page 272: ...racters between 0 9 a f will be accepted Check your PCMCIA card specifications There is a generic sample in the end of the wireless opts file that explains all possible settings For more details in wi...

Page 273: ...on not necessary to have a wireless network up but strongly recommended due to security issues To configure a wireless PCMCIA card using the CLI follow the steps Step 1 Plug the PCMCIA wireless device...

Page 274: ...CIA Cards Integration cli config runconfig Step 5 Save the configuration cli config savetoflash Step 6 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cl...

Page 275: ...nodeflate Step 2 Create a user name in etc ppp pap secrets If pap authentication was selected create a user name in etc ppp pap secrets For instance you may add the following line mary marypasswd Ste...

Page 276: ...Modem PC Card Setting up a callback system serves two purposes 1 Cost savings reversing line charges allows your company to call you back 2 Security makes sure users are who they pretend to be by cal...

Page 277: ...am and the others the login program call sbin callback S 12345 call2 sbin callback S 77777 bin login The example above will allow you to have the option whether or not you want to use the callback fun...

Page 278: ...llowing this format bin sh exec usr local sbin pppd ppp options Step B Make script executable Type chmod 755 etc ppp ppplogin Step C Save this file to flash Save this file to flash so the next time th...

Page 279: ...that the call has been dropped Otherwise Windows Dial up Networking will abort everything because it thinks the call was dropped with no reason From Win2000 Go to Windows control panel Phone and Modem...

Page 280: ...a 2 modem modem ppp yes modem enablecallback yes modem callbacknum 55552515 localip 10 0 0 1 remoteip 10 0 0 2 Step 4 Activating the configuration cli config runconfig Step 5 Save the configuration cl...

Page 281: ...M card needs a PIN edit etc pcmcia serial opts Uncomment the line INITCHAT d d d d d datz OK at cpin 1111 OK and replace 1111 by the PIN Step 3 Add etc mgetty mgetty config to etc config_files and cal...

Page 282: ...rk pcmcia 2 gsm localip cli config network pcmcia 2 gsm remoteip ENABLECALLBACK Configure it if you want to call back another GSM modem cli config network pcmcia 2 gsm enablecallback yes callbacknum 5...

Page 283: ...Description Local and Remote IP addresses optional IP addresses used by ppp connection and set in etc ppp options ttyXX file where XX is the serial port being configured The syntax is local_IP remote_...

Page 284: ...NAME sbin callback S PHONE PSEUDO_CB_NAME cbuser At the end of the login config file there is a line similar to the following bin login Enter the below command before the above mentioned line pseudo c...

Page 285: ...cia slot cdma remoteip ip_address To enable the callback option cli config network pcmcia slot cdma enablecallback yes callbacknum number To include additional initialization command cli config networ...

Page 286: ...Make sure that DIALIN is set to yes Set the desired authentication in DIALIN_AUTHENTICATION For instance pap for PAP chap for CHAP login auth or login pap for radius login auth or login pap for local...

Page 287: ...was already inserted you will need to restart the isdn script to reload any changed configuration To restart the script issue etc pcmcia isdn stop ippp0 etc pcmcia isdn start ippp0 Step 6 To dial out...

Page 288: ...matches DIALIN_REMOTENUMBER off accepts calls from any phone on will work only if your line has the caller id info Step 4 Make sure the CALLBACK is set to in in etc pcmcia isdn opts file CALLBACK in...

Page 289: ...lback is selected After any change in the Incoming Connection Properties it is recommended that the Windows is rebooted to apply the changes The Windows side is done Now you can dial from Windows to t...

Page 290: ...info Step C Set the desired IPs for local and remote machines Step D Set DIALIN to yes DIALIN yes yes if you want dial in no if you want dial out Step E Make sure the CALLBACK parameter is disabled C...

Page 291: ...Configuring ISDN parameters Depending the way you wish to use the ISDNISDN card some parameters do not need to be configured Here we will explain all configurable parameters LOCALIP REMOTEIP Just conf...

Page 292: ...276 PCMCIA Cards Integration Step 5 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cli quit...

Page 293: ...CIA hard drive is ideal data will not be lost on power loss crash reboot of the CAS no dependency on an NFS server that may fail How it works When inserting an adapter with a CF card or a PCMCIA hard...

Page 294: ...by default the parameter DO_MOUNT is set to YES in the etc pcmcia ide opts file Below is an example of the file These parameters can be changed DO_FSTAB If set to y an entry in etc fstab will be crea...

Page 295: ...n the etc pcmcia ide opts file PARTS A list of partitions to be mounted The conf file will be called again for each partition In the example above there is an entry only for partition 1 but you can eg...

Page 296: ...l type the following command cli quit WARNING Before removing the media pcmcia card from the ACS you MUST run cardctl eject from the shell prompt not possible using the CLI otherwise data might not be...

Page 297: ...MCIA mounted file system and will define the type of the configuration saved in the device The administrator can define the following types default the configuration in the storage device should be ap...

Page 298: ...n to connect from a central office to a remote location to inquire system status The remote system can then send asynchronous alarm notification to the application at the central office The connection...

Page 299: ...testApp inPort name InPort inPort device dev ttyS1 outPort name OutPort outPort pppcall wireless outPort remote_ip 200 246 93 87 outPort remote_port 7001 appl retry 7 end dial out The content of the f...

Page 300: ...arameter in etc portslave pslave conf For example s N protocol generic_dial where N is the port number Step 2 To enable dial out for the ports chosen in pslave conf configure the file etc generic dial...

Page 301: ...ds options from The file is located at etc ppp peers filename outPort remote_ip IP address IP address of remote work station to be connected to outPort remote_port port Remote TCP port for connections...

Page 302: ...11 with the PIN b To inactivate mgetty on the specified port so that the port will be directly controlled by the pppd application comment out the following line Step 5 Activate the function to automat...

Page 303: ...this by restarting the GDF daemon root CAS root daemon sh restart GDF A message similar to the following displays confirming the GDF daemon restart root CAS root Sep 23 18 06 10 src_dev_log CAS showlo...

Page 304: ...288 PCMCIA Cards Integration...

Page 305: ...product parameters and defines the functionality of the ACS There are three basic types of parameters in this file conf parameters are global or apply to the Ethernet interface all parameters are use...

Page 306: ...file usr local bin rlogin radius conf facility The local facility sent to syslog ng from PortSlave 7 conf group Used to group users to simplify the configuration of the parameter all users later on Th...

Page 307: ...to DOWN If all dcd 1 a connection request will be accepted only if the DCD signal is UP and the connection will be closed if the DCD signal is set to DOWN 0 all users Restricts access to ports by user...

Page 308: ...RS232 with RTS legacy half duplex rs232_half_cts RS232 with RTS legacy half duplex and CTS control Valid values for the ACS1 only rs485_half RS485 half duplex with out terminator rs485_half_terminator...

Page 309: ...d set the desired value off all sttyCmd The TTY is programmed to work as configured and this user specific configuration is applied over that serial port Parameters must be separated by a space The fo...

Page 310: ...authtype Configured in Chapter 2 Device Authentication on page 53 Type of authentication used There are several authentication type options none no authentication local authentication is performed usi...

Page 311: ...server is down NIS All authentication types but NIS follow the format all authtype Authentication DownLocal or Authentication e g all authtype radius or radiusDownLocal or ldap or ldapDownLocal etc NI...

Page 312: ...296 Profile Configuration all flow This sets the flow control to hardware software or none none Parameter Description Factory Configuration Table 8 1 etc portslave pslave conf common parameters...

Page 313: ...lient If the protocol is configured as Telnet or socket_client the socket_port parameter needs to be configured Bidirectional Telnet profile socket_server CAS and login TS RAS profile slip cslip ppp p...

Page 314: ...uncomment the parameter and set the desired value 0 all translation Defines whether or not to perform translation of Fn keys e g F8 key from one terminal type to VT UTF8 Currently only translation fro...

Page 315: ...o the local directory var run DB The directory tree to which the file will be written must be NFS mounted so the remote host must have NFS installed and the administrator must create export and allow...

Page 316: ...by default To activate uncomment the parameter and set the desired value 0 all netmask It defines the network mask for the serial port 255 255 255 255 all DTR_reset This parameter specifies the behav...

Page 317: ...feed suppression is active which will eliminate the extra prompt When set to 0 default line feed suppression is not active 0 all auto_answer_input This parameter works in conjunction with all auto_ans...

Page 318: ...ote server Note This parameter is inactive by default To activate uncomment the parameter and set the desired value null all poll_interval Valid only for protocols socket_server and raw_data When not...

Page 319: ...ameter conf nfs_data_buffering see Section 2 2 Data Buffering on page 29 in Chapter 1 If local data buffering a file is created on the ACS if remote a file is created through NFS in a remote server Al...

Page 320: ...on or XON is issued to resume data transmission Once exiting the session linear data buffering resumes If all flow or s n flow is set to none linear buffering is not possible as there is no way to st...

Page 321: ...rt sending data to the unit but resumes generation of syslog messages when there IS NOT a session to the port 0 all dont_show_DBmenu When zero a menu with data buffering options is shown when a non em...

Page 322: ...fter billing_records are received 60 all billing_eor Defines the character sequence that terminates each billing record Any character sequence is valid including r or M carriage return n or J new line...

Page 323: ...ers to open more than one common and sniff session on the same port The options are yes no RW_session or sniff_session Default is set to no Please see Section 5 11 Session Sniffing on page 201 for det...

Page 324: ...rver connected to the serial port Server_connected Note This parameter is inactive by default To activate uncomment the parameter and set the desired value null s1 pool_ipno This is the default IP of...

Page 325: ...the dev Note This parameter is inactive by default To activate uncomment the parameter disabled Parameter Description Factory Configuration Table 8 2 CAS specific parameters for the pslave conf Param...

Page 326: ...socket_port The socket_port is the TCP port number of the application that will accept connection requested by this serial port That application usually is Telnet 23 7001 all telnet_client_mode When...

Page 327: ...ameter and set the desired value null all autoppp all autoppp PPP options to auto detect a ppp session The cb script parameter defines the file used for callback and enables negotiation with the callb...

Page 328: ...Utility When the attached terminal is powered on and the keyboard s Enter key is pressed a login banner and a login prompt is displayed If the user does not login within a configurable time frame the...

Page 329: ...by issuing the command CLI Step 2 Activate bidirectional Telnet cli config physicalports all or range list 1 4 general protocol protocolname Step 3 To specify a login timeout cli config physicalports...

Page 330: ...n 3 Delete Menu Option 4 List Current Menu Settings 5 Save Configuration to Flash 6 Quit Using the CLI interface to configure common parameters You can configure some of the physical port parameters t...

Page 331: ...4 other Under this menu you can configure the following parameters authbio Configure if an AlterPath Bio authentication scanner is used banner This parameters sets the banner that will be issued when...

Page 332: ...al database Either Telnet or SSH can be used See Appendix A New User Background Information for more information about SSH This Chapter contains all the necessary information to configure a fully func...

Page 333: ...r this user by running passwd username Step 2 Confirm physical connection Make sure that the physical connection between the ACS and the servers is correct A cross cable not the modem cable provided w...

Page 334: ...ave the changes on page 102 listed in Chapter 4 Network NOTE It is possible to access the serial ports from Microsoft stations using some off the shelf packages Although Cyclades is not liable for tho...

Page 335: ...word test Step 2 Confirm that the server is reachable From the console ping 200 200 200 3 to make sure the server is reachable Step 3 Check physical connections Make sure that the physical connection...

Page 336: ...ines Cyclades recommends that a maximum of two ports be configured for this option Figure 8 4 Ports configured for dial in access After configuring the serial ports as described in this Chapter the fo...

Page 337: ...d to operate at the same speed on the DTE interface Step 5 Confirm routing Also make sure that the computer is configured to route console data to the serial console port Step 6 Perform a test dial in...

Page 338: ...322 Profile Configuration...

Page 339: ...erial port Besides the normal character mode output sent to the serial console Windows also sends xml tags Those tags can be captured and processed by the ACS so that the administrator can automate th...

Page 340: ...systems section of the Boot ini file to which the operating system load options are added The first line after the operating systems section header is 1 p password Specifies the password of the user a...

Page 341: ...on this server It is one of the following Windows Server 2003 Datacenter Edition Windows Server 2003 Embedded Windows Server 2003 Enterprise Edition Windows Server 2003 os service pack Is an alphanum...

Page 342: ...form and communicating via this active channel It is to be used to discern the different interaction modes During the Windows GUI mode Setup phase the following GUIDs identify the specific types of da...

Page 343: ...g normal Windows operations there is 1 GUID assigned to SAC and the remaining 9 to CMD These GUIDs are created a new for each instance of channels and should not be confused with the constant GUIDs pr...

Page 344: ...ype channel switch File Description 9 2 SAC channel tag example channel switch name Cmd0001 name description Command Prompt description type VT UTF8 type guid 970438d1 12bb 11d7 8a92 505054503030 guid...

Page 345: ...which indicates the system was halted prematurely It is represented by the CLASSNAME BLUESCREEN value machine info Is described above PROPERTY NAME Provides additional details such as error code of t...

Page 346: ...we have to define which actions we would like to take Syslog ng will create macros that can give easy access for the administrators to access the xml information If the administrator uses these macro...

Page 347: ...date service pack installed If none installed the string is None None tty ACS serial port tty or alias name S1 ttyS1 Macro Description Value to replace macro name Machine name MY_WIN_SERVER guid GUID...

Page 348: ...2003 Datacenter Edition Windows Server 2003 Embedded Windows Server 2003 Enterprise Edition or Windows Server 2003 Windows Server 2003 os service pack Alphanumeric string that identifies the most up t...

Page 349: ...subnet gateway Set network interface number IP address subnet and gateway id Display the computer identification information k pid Kill the given process l pid Lower the priority of a process to the...

Page 350: ...334 Additional Features and Applications shutdown Shut down the system immediately Command Set Description Table 9 6 Server Commands...

Page 351: ...se servers and also to obtain sensor readings such as CPU temperature s fan speed s etc The IPMI support in the ACS extends it s functionality so that the unit can be used for serial console access to...

Page 352: ...A v Increase verbose output level This option may be specified multiple times to increase the level of debug output N A V Display version information N A I interface Selects IPMI interface to use lan...

Page 353: ...s off Stay off after power is restored 1 6 power Performs a chassis control command to view and change the power state 1 6 1 status Show current chassis power status 1 6 2 on Power up chassis 1 6 3 of...

Page 354: ...name used to access the device password string password used to access the device 1 1 3 delete alias delete the IPMI device 1 2 physicalports port number s configure physical serial ports 1 2 1 power...

Page 355: ...tocol lpd Step 2 Create the printer definition Edit the etc printcap file and configure the printer The spool directory is created automatically by cy_ras process Example Step 3 Enable the printer dae...

Page 356: ...e the IP address of the request message to the host name check your resolv conf file Step 5 Restart the processes use the command runconf and daemon sh Step 6 Save the configuration in flash use the c...

Page 357: ...gured with the same value in these fields It is strongly recommended that you configure the same values in all parameters related to authentication for all serial ports belonging to a pool Some of the...

Page 358: ...or the pool s2 ipno 10 0 0 2 IP address for specific allocation s2 pool_ipno 10 1 0 1 IP address for the pool s2 alias serial 2 alias for specific allocation s2 pool_alias pool 1 alias for the pool Se...

Page 359: ...serial port ttyS1 by using TCP port 7001 IP address 10 0 0 1 or alias serial 1 If the ttyS1 is being used by somebody else the connection will be dropped if the user is not a admin_user Alternately y...

Page 360: ...configuration How to configure it The configuration for this feature is made in the etc portslave plsave conf file Billing parameters can be configured using the vi method and by using the wizard VI m...

Page 361: ...cant the user can use the alias name s1 alias in pslave conf to match their actual plant like PABX trunk9 The temporary file described above is closed and renamed to cycXXXXX YYMMDD hhmmss txt and a n...

Page 362: ...script configures the files etc billing_up conf etc billing_crontab and etc crontab_files To configure a port for billing Step 1 Execute the config_billing sh and enter the parameters to be configure...

Page 363: ...var run DB Remote server IP 192 168 1 101 Remote directory var billing User billing Password billing Upload Interval in minutes Instead of running the u option the etc billing_up conf can be configure...

Page 364: ...348 Additional Features and Applications...

Page 365: ...t A 1 User and Passwords A username and password is necessary to log in to the ACS The user root is predefined with a password tslinux The password should be changed as soon as possible to avoid unaut...

Page 366: ...he past 1 5 and 15 minutes The following entries are displayed for each user excluded the CAS users login name the tty name the remote host login time idle time JCPU time it is the time used by all pr...

Page 367: ...e robo php in the chap directory to the current directory and renames the copy excess php rm file_name Removes the file indicated by file_name mv file_name destination Moves the file indicated by file...

Page 368: ...llowing keys one dot Represents the current directory two dots Represents one directory above the current directory i e one directory closer to the base directory Mode What is done there How to get th...

Page 369: ...for configuring static routes Routes should be added to the file which is a script run when the ACS is initialized or at the prompt for temporary routes using the following syntax route add del net h...

Page 370: ...ure Shell Session SSH is a command interface and protocol often used by network administrators to connect securely to a remote computer SSH replaces its non secure counterpart rsh and rlogin There are...

Page 371: ...nal during a SSHv2 terminal session The implementation is defined by Session Channel Break Extension draft ietf secsh break 00 txt IETF Internet Draft document In the previous versions of ACS there wa...

Page 372: ...kinterval in milliseconds When the user types ssh escape B where ssh escape is or break_sequence the client sends a break request to ssh server When ACS calls the ssh client automatically it uses the...

Page 373: ...ted 2 6 10 1 771_FC2 EAX 00000000 EBX 00010809 ECX de0f3000 EDX 0baf3110 ESI 00099100 EDI c03dc120 EBP 00461007 DS 007b ES 007b CR0 8005003b CR2 b7ff2000 CR3 19b6a000 CR4 000006d0 c010108f cpu_idle 0x...

Page 374: ...options console port p Display Tcp port P Use the TCP port instead just IP i Display Local Ip assigned to the serial port u name Username to be used in ssh telnet command U Always ask for an username...

Page 375: ...presentation will follow a similar approach to the one used for local serial ports The ts_menu script has the following line options p Displays Ethernet IP Address and TCP port instead of server names...

Page 376: ...360 Appendix A New User Background Information...

Page 377: ...ed by Cyclades to the standard Linux files in the mnt flash directory when an upgrade is needed They are boot_alt alternate boot code boot_conf active boot code boot_ori original boot code config tgz...

Page 378: ...ownloaded file is not corrupted and to verify the zImage saved in flash run the following command md5sum mnt flash zImage The system responds with a message similar to the following 5bcc7d9b3c61502b5c...

Page 379: ...pgradefw ftpsite 192 168 100 111 username john password john1234 filepathname images zImage checksum no Step 3 Return to the main menu by issuing the command cli return Step 4 Activate the configurati...

Page 380: ...ep 4 When the Watch Dog Timer prompt appears press Enter Watchdog timer A ctive or I nactive I Step 5 Choose the option Network Boot when asked Firmware boot from F lash or N etwork N Step 6 Select th...

Page 381: ...mpt issue the command cat etc config_files to see the list of files that are available in the flash and are loaded into the RAMDisk at the boot time IMPORTANT If any of the files listed in etc config_...

Page 382: ...orts to be tested When tstest senses the presence of the cable or connector the following information is displayed on your screen HW Test Linux This tool is for internal use ONLY It should not be used...

Page 383: ...nals Manually This test confirms that signals are being sent and received on the selected port Neither the loop back connector nor the cross cable are necessary Enter the number of the port to be test...

Page 384: ...ted to 002FF120 002FF1D4 zimage at 00008100 0006827E relocated to 00DB7000 00E1717E initrd at 0006827E 0024F814 relocated to 00E18000 00FFF596 avail ram 0030B270 00E18000 Linux PPC load root dev ram A...

Page 385: ...ss First the network must be initialized in order to reach a FTP server Execute the following script replacing the parameters with values appropriate for your system The gw and mask parameters are opt...

Page 386: ...d the changes will be saved in flash Step 3 Logout and login again to use the console at the new speed Setting the Maximum Number of Bytes Received by the Interface You can avoid CPU overload due to t...

Page 387: ...this feature be triggered by the normal equipment traffic Step 4 When presented the following line Do you confirm these changes in flash Y es N o Q uit N Enter Y to save the changes in flash Current c...

Page 388: ...rnet with some LEDs that have the following functionality Ethernet Connector Col collision Shows collision on the LAN every time the unit tries to transmit an Ethernet packet DT LK data transaction li...

Page 389: ...where the unit will boot from Valid values are flash and network consolespeed To configure the console speed Valid values are 115200 57600 38400 19200 9600 and 4800 ethernetip Temporary IP address as...

Page 390: ...ration backupconfig The following options can be set up loadfrom When loading configuration from a server it is necessary to specify server IP address serverip username username password password path...

Page 391: ...umption and heat dissipation environmental conditions and physical specifications of the ACS are listed below Cyclades AlterPath ACS Products Power Consumption and Heat Dissipation Input 120Vac Input...

Page 392: ...0 C to 44 C 50F to 112F 10 C to 44 C 50F to 112F 10 C to 44 C Relative Humidity 10 90 non condensing 10 90 non condensing 10 90 non condensing 10 90 non condensing 10 90 non condensing 10 90 non conde...

Page 393: ...mmunication line is active CTS Clear to Send an input Flow control for data flowing from DTE to DCE RTS Request to Send an output Flow control for data flowing from DCE to DTE Not all signals are nece...

Page 394: ...feet If your application is outside the above limits high speed long distances you will need better quality low impedance low capacitance cables Successful RS 232 data transmission depends on many va...

Page 395: ...atible with the phone and Ethernet wiring systems present in most buildings and data centers Most networking equipment and new servers use RJ 45 connectors for serial communication Unfortunately there...

Page 396: ...he table below Next purchase standard off the shelf cables from a computer store or cable vendor For custom cables refer to the cable diagrams to build your own cables or order them from Cyclades or a...

Page 397: ...ications that do not require such features have just to configure NO hardware flow control and NO DCD detection on their side Both ends should have the same configuration for better use of the complet...

Page 398: ...devices If you are using Cable Package 1 after connecting the appropriate adapter to the RJ 45 straight through cable you will essentially have the cable shown in this picture If you are using Cable...

Page 399: ...rossover cable like the ones explained in Cable 2 or 3 for configuration or to connect to a server This cable is only included in Cable Package 1 Figure C 9 Cable 4 Cyclades RJ 45 to Cyclades RJ 45 st...

Page 400: ...re included in the product box A general diagram is provided below and then a detailed description is included for each adapter Loop Back Connector for Hardware Test The use of the following DB 25 con...

Page 401: ...ler box with a female RJ 45 terminus from which a 3 inch long black Sun Netra labeled cord extends terminating in an RJ 45 male connector This adapter is included in Cable Package 2 Figure C 12 Cyclad...

Page 402: ...ardware Information Figure C 14 RJ 45 Female to DB 25 Female Adapter RJ 45 Female to DB 9 Female Adapter The following adapter may be necessary This is included in Cable Package 1 Figure C 15 RJ 45 Fe...

Page 403: ...he termination In a network that uses the RS 485 standard the equipment is connected one to the other in a cascade arrangement A termination is required from the last equipment to set the end of this...

Page 404: ...devices with half duplex communication Figure C 17 Cable 1 for the ACS1 Terminal Block to Terminal Block crossover half duplex Cable 2 Terminal Block to Terminal Block crossover full duplex Applicati...

Page 405: ...le to DB 25 Female crossover This cable connects the ACS1to console ports terminals printers and other DTE RS 232 devices You will essentially have the cable shown in this picture Figure C 19 Cable 3...

Page 406: ...390 Appendix C Cabling and Hardware Information This page has been left intentionally blank...

Page 407: ...in some packets are placed in the COPYRIGHTS directory of the Cyclades AlterPath ACS Bash Bourne Again Shell version 2 0 5a Extracted from the HardHat Linux distribution http www gnu org software bash...

Page 408: ...ardHat Linux distribution http www netfilter org Linux Kernel Linux Kernel version 2 2 17 2 4 18 Extracted from the HardHat Linux distribution http www kernel org Net SNMP SourceForge Net SNMP project...

Page 409: ...on 0 75 http www kernel org pub linux libs pam Portslave SourceForge Portslave project version 2000 12 25 modified Includes pppd version 2 4 1 and rlogin version 8 10 http sourceforge net projects por...

Page 410: ...ppendix D Copyrights WEBS GoAhead WEBS version 2 1 modified http goahead com webserver webserver htm Copyright c 20xx GoAhead Software Inc All Rights Reserved ZLIB zlib version 1 2 3 http www gzip org...

Page 411: ...nitor mode Console Access Server CAS A CAS has an Ethernet LAN connection and many RS 232 serial ports It connects to the console ports of servers and networking equipment and allows convenient and se...

Page 412: ...tion Bases SNMP compliant devices called agents store data about themselves in MIBs and return this data to the SNMP requesters Out of band network management In a computer network when the management...

Page 413: ...ng in the same location see Cluster Shadow Password Normally each user s password is stored encrypted in the file etc passwd This file must be readable by all users so that certain system functions wi...

Page 414: ...net LAN port and many RS 232 serial ports It is used to connect many terminals to the network Because they have the same physical interfaces terminal servers are sometimes used as console access serve...

Page 415: ...uthentication Servers and File Path 56 9 NIS client requirements 60 10 etc pam d tokens description 83 11 etc pam d keywords description 84 12 Available PAM modules in the ACS 85 13 List of valid argu...

Page 416: ...Utility 225 38 Power Management Individual IPDUs Menu 227 39 Menu Options for Multi Outlet Control PM Utility 229 40 AlterPath PM regular user menu options 233 41 CDMA configuration parameters 267 42...

Page 417: ...LED Code Interpretation 372 59 ACS Products Power Consumption and Heat Dissipation 375 60 ACS environmental conditions 376 61 ACS physical information 376 62 ACS Safety Information 376 63 Cables and t...

Page 418: ...402 List of Tables...

Page 419: ...25 Male straight through 382 12 Cable 3 Cyclades RJ 45 to DB 9 Female crossover 383 13 Cable 4 Cyclades RJ 45 to Cyclades RJ 45 straight through 383 14 Cable 4 Cyclades RJ 45 to Cyclades RJ 45 straigh...

Page 420: ...404 List of Figures...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands