manualshive.com logo in svg

Digi PortServer CM, User Manual, Page: 76 / 126

Share
Download
Digi PortServer CM User Manual Download Page 76

4-14

Packet Filtering using ipchains

DHCP server. The default option is to NOT set the host name of the host to the hostname parameter sent 
by the DHCP server.

R This option prevents dhcpcd from replacing the existing /etc/resolv.conf file.

The user should not modify the -c /sbin/handle_dhcp option.

Packet Filtering using ipchains

The PortServer CM uses the Linux utility ipchains to filter IP packets entering, leaving and passing through 
its interfaces. An ipchains tutorial is beyond the scope of this manual. For more information on ipchains, see 
the ipchains man page (not included with the PortServer CM) or the howto http://netfilter.filewatcher.org/
ipchains/HOWTO.html.

The syntax of the ipchains command is:

ipchains - command chain [-s source] [-d destination] [-p protocol] [-j target] 

[-i interface]

where 

command 

is one of the following:

A - Add a condition or rule to the end of the chain. Note that the order in which a condition appears in a 
chain can modify its application and the first rule added to a chain is processed first, etc.

D - Delete a condition from the chain. The condition must match exactly with the command’s arguments 
to be deleted.

R- Replace a condition in the chain.

I - Insert a condition in a specified location in the chain.

L - List all conditions in the chain.

F - Flush (remove) all conditions in the chain.

N - Create a new chain.

X - Deletes a user-created chain

Summary of Contents for PortServer CM

Page 1: ...90000252_B PortServer CM User Manual ...

Page 2: ...s product could include technical inaccuracies or typographical errors Changes are periodically made to the information herein these changes may be incorporated in new editions of the publication FCC Warning Statement The PortServer CM has been tested and found to comply with the limits for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable...

Page 3: ...et out in the Radio Interference Regulations of the Canadian Department of Communications Le PortServer CM n émete pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le règlement sur le brouillage radioélectrique edicté par le Min istère des Communications du Canada ...

Page 4: ...figuration Process 1 6 Chapter 2 Configuring the PortServer CM Discover Utility 2 2 Disabling the Discover Utility 2 3 Configuration Options 2 4 Configuring Terminal Parameters 2 4 Configuring System Files 2 5 Configuration File Parameters 2 6 Modifying Pslave conf Global Parameters 2 7 Modifying Port Parameter Files 2 9 Testing the Configuration 2 16 Updating the System Files 2 17 ...

Page 5: ...enu to simplify port connections 3 2 About Menus 3 4 Constructing Menus 3 7 Sample Menus 3 12 Keyword Monitoring and Notification System 3 16 XML Basics 3 24 Chapter 4 Linux Basics Introduction 4 2 Changing the root Password 4 2 Users and Passwords 4 4 Linux File Structure 4 5 Basic File Manipulation Commands 4 5 The vi Editor 4 7 The Routing Table 4 8 ssh The Secure Shell Session 4 9 ...

Page 6: ...lient 4 13 Packet Filtering using ipchains 4 14 Chapter 5 Hardware Specifications Introduction 5 2 The RS 232 Standard 5 2 Cable Length 5 3 Connectors 5 3 Straight Through vs Crossover Cables 5 4 Which Cable Should be Used 5 5 Cable Diagrams 5 6 Chapter 6 Sample pslave conf files Sample pslave conf File 6 2 Customization 6 20 ...

Page 7: ... the Password 7 4 Web Configuration Menus 7 6 Troubleshooting the Web Management Interface 7 9 Chapter 8 Upgrading and Troubleshooting Upgrading the Linux Kernel 8 2 Troubleshooting the PortServer CM 8 3 Hardware Test 8 5 Port Conversation 8 6 Test Signals Manually 8 7 ...

Page 8: ...duction 1 1 Chapter 1 Introduction How To Use This Manual 1 2 Safety Instructions 1 2 Working Inside the PortServer CM 1 3 What Is In the Box 1 4 LED Information 1 5 Summary of the Configuration Process 1 6 ...

Page 9: ...t you follow the steps in this installation manual before jumping in This manual should be read in the order written with exceptions given in the text Safety Instructions Use the following safety guidelines to protect yourself and your PortServer CM CAUTION Do not operate your PortServer CM with the cover removed In order to avoid shorting out your PortServer CM when disconnecting the network cabl...

Page 10: ...from Digi Technical Support personnel In such a case first perform the following actions Turn off the PortServer CM Ground yourself by touching an unpainted metal surface at the back of the equipment before touching anything inside your equipment Replacing the Battery A coin cell battery maintains date and time information If you have to repeatedly reset time and date information after turning on ...

Page 11: ... accessories included in the package and how cables should be connected The loop back connector is provided for convenience in case hardware tests are necessary The RJ 45M DB 9 F Crossover cable and the RJ 45M RJ 45 Sun Netra Crossover cable not shown in the figures are also included ...

Page 12: ...thernet bus Link This LED should be on continually indicating the unit is properly terminated on the network CPU This LED blinks at a rate of one second on one second off 100BT This light is on if the Ethernet link is connected to other 100Base T equip ment and is working at 100 Mbps If not the LED will be off RX Indicates the unit is receiving data This light should be blinking continually TX Ind...

Page 13: ...vided later in this manual Initial configuration steps are 1 Connect the PortServer CM to the network 2 Configure the IP settings by using the Discover Utility or the netconfig utility 3 Edit the pslave conf file from the command line interface or the Web Management Interface This is the main configuration file that concentrates most product parameters and defines the functionality of the PortServ...

Page 14: ...nfiguring Terminal Parameters 2 4 Configuring System Files 2 5 Configuration File Parameters 2 6 Modifying Pslave conf Global Parameters 2 7 Modifying Port Parameter Files 2 9 Testing the Configuration 2 16 Updating the System Files 2 17 Clustering PortServer CM Devices 2 18 Modifying Master Slave Configuration Files 2 19 Setting Serial Port Buffer Size 2 24 ...

Page 15: ...L in the address bar http cm digi com 2 A security warning will be displayed indicating that the applet is signed and asking if you want to install and run the Discover utility Choose Yes 3 Choose Discover to have the Discover utility detect the PortServer CM s on your network After completing the search a new window will open showing a listing of the PortServer CM terminal servers found the firmw...

Page 16: ...nt Interface and do the following 1 Login to the Web Management Interface with administrator rights root 2 From the navigation bar choose Configuration Edit Text File and enter etc config_files in the Filename cell and choose Submit 3 Scroll to the end of the list and add the following line in the text box etc inittab then choose Submit 4 From the navigation bar choose Configuration Edit Text File...

Page 17: ...cable If you are using a personal computer HyperTerminal can be used in the Windows operating system or Kermit in the UNIX operating system The terminal parameters should be set as follows Serial Speed 9600 bps Data Length 8 bits Parity None Stop Bits 1 stop bit Flow Control Hardware flow control or none Ansi emulation Note If your terminal does not have ansi emulation select vt100 then on the CM ...

Page 18: ...he chapter on Linux The first file is etc hostname The only entry should be the hostname of the PortServer CM An example is DigiPSCM The second file is etc hosts It should contain the IP address for the Ethernet interface and the same hostname entered in the etc hostname file It may also contain IP addresses and host names for other hosts in the network The third file that must be modified is etc ...

Page 19: ...upplied in the Linux file system It is called etc portslave pslave conf A listing of the pslave conf file with all possible parameters is provided in the chapter titled Sample Pslave conf files There are three basic types of parameters conf parameters are global or apply to the Ethernet interface all parameters are used to set default parameters for all ports s parameters change the default port p...

Page 20: ...alternative command netconfig to configure network parameters An example for this value is 200 200 200 1 conf eth_mask The mask for the Ethernet network You may use an alternative command netconfig to configure network parameters An example for this value is 255 255 255 0 conf eth_mtu The Maximum Transmission Unit size which determines whether or not packets should be broken up An example for this...

Page 21: ...ero since a zero value turns off data buffering commented conf lockdir The lock directory which is var lock for the PortServer CM It should not be changed unless the user decides to customize the operating system conf lockdir The lock directory which is var lock for the PortServer CM This file should not be changed unless the user decides to customize the operating system conf syslog The IP addres...

Page 22: ...eters can later be overridden for individual ports using the s port number syslog_level parameter An example for this value is 4 all console_level This variable determines which syslog messages will be sent to the PortServer CM console connected through the console interface See the previous parameter for a description of possible values An example for this value is 4 all speed The speed for all p...

Page 23: ...tication is tried only when the RADIUS server is down Note This parameter controls the authentication required by the PortServer CM The authentication required by the device to which the user is connecting is controlled separately An example for this value is radius radius all authhost1 This address indicates the location of the RADIUS authentication server and is only necessary if this option is ...

Page 24: ... query The first server authhost1 is tried radretries times and then the second if configured is contacted radretries times If the second also fails to respond RADIUS authentication fails An example for this value is 3 all radretries Defines the number of times each RADIUS server is tried before another is contacted The default if not configured is 5 An example for this value is 5 all secret This ...

Page 25: ...ection is made to the PortServer CM n represents a new line and r represents a carriage return An example of this value is r n PortServer CM 32 n r nWelcome to h port p n r n all prompt This text defines the format of the login prompt Expansion characters listed in Appendix C can be used here An example for this value is h login all flow This sets the flow control to hardware software or none hard...

Page 26: ...n zero value activates data buffering A file var run ttyS data is created on the PortServer CM and all data received from the port is captured The file contains a maximum size equal to this parameter which is overwritten each time the maximum is reached This file can be viewed using the normal UNIX tools cat vi more etc An example for this value is 0 all syslog_buffering When non zero the contents...

Page 27: ...on which is where a second connected user can see everything that a first connected user is doing on a given port The second user can also cancel the first user s session and take over Only two users can connect to the same port simultaneously This parameter is obligatory when authtype is not none to determine who can open a sniff session or cancel a previous session peter john s1 tty The device n...

Page 28: ...ture is activated whenever the protocol parameter is set to socket_ssh or socket_server An example for this value is out s1 tty The device name for the port is set to the value given in this parameter If a device name is not provided for a port it will not function An example for this value is ttyS1 s1 authtype Authtype must not be none for the sniff session feature to function with authentication...

Page 29: ...the modem cable provided with the product should be used Refer to the hardware specifications for pin out diagrams 4 Verify that the PortServer CM has been set for communication at 9600 bps 8N1 The device must also be configured to communicate on the serial console port with the same parameters 5 Verify that the computer is configured to route console data to the serial console port 6 From a serve...

Page 30: ...eshooting PortServer CM for a complete list of these files and what programs use which files 2 Enter the command saveconf this command reads the etc config_files file and copies all the files listed in the file etc config_files from the ramdisk to proc flash script The previous contents of the file proc flash script will be lost 3 Restart the digi_ras process by entering the command signal_ras hup...

Page 31: ...ach time the PortServer CM is booted Clustering allows the stringing of PortServer CMs so that one master PortServer CM can be used to access all PortServer CMs on a LAN The master PortServer CM can manage up to 512 serial ports or 15 slave PortServer CMs ...

Page 32: ...face IP address An example for this value is 20 20 20 1 conf eth_ip_alias Secondary IP address for the Ethernet Interface needed for clustering feature An example for this value is 209 81 55 110 conf eth_mask_alias Mask for secondary IP address above An example for this value is 255 255 255 0 all socket_port This value applies to both the local ports and ports on slave PortServer CMs An example fo...

Page 33: ... s33 socket_port is automatically set to 7033 by all socket_port above An example for this value is 20 20 20 2 7033 s33 serverfarm An alias for this port An example for this value is Server_on_slave1_serial_s1 s33 ipno This parameter must be created in the master CM file for every slave port unless configured using all ipno An example for this value is 0 0 0 0 s34 tty See s33 tty An example for th...

Page 34: ...ple for this value is 0 0 0 0 Note For s36 s64 use the same pattern as established in the previous examples S65 tty The format of this parameter is IP_of_Slave slave_socket_port for non master ports The value 7301 was chosen arbitrarily for this example An example for this value is 20 20 20 3 7301 S65 serverfarm An alias for this port An example for this value is Server_on_slave2_serial_s1 S65 ipn...

Page 35: ...302 S66 serverfarm An alias for this port An example for this value is Server_on_slave2_serial_s2 S66 ipno See s33 ipno An example for this value is 0 0 0 0 S67 tty See s65 tty An example for this value is 20 20 20 3 7303 S67 serverfarm An alias for this port An example for this value is Server_on_slave2_serial_s3 S67 ipno See s33 ipno An example for this value is 0 0 0 0 Note For s68 s96 use the ...

Page 36: ... To access the first port of Slave 1 enter telnet 209 81 55 110 7033 To access the first port of Slave 2 enter telnet 209 81 55 110 7065 Note Socket port 7065 is being used in the last example to access port 7301 in Slave 2 The ssh command can also be used from the remote management workstation To access the third port of Parameter Value for This Example all protocol socket_server all authtype non...

Page 37: ... of 2048 plus 2 For example to set the buffer sizes to 4M 1k x 4096 use the value 4098 To set the buffer sizes to 6M 1k x 6144 use the value 6146 Likewise to set 2M buffers the value to use is 2048 2 2050 Use the following procedure to set the desired buffer sizes After you do the following procedure go to page 6 14 pslave conf to enable buffering 1 Open the PortServer CM Web Management Interface ...

Page 38: ...hat you have changed only the numbers at the end of the two lines shown in Step 4 If you make an error while editing the text choose Reset to restore the file to its last saved state 7 Choose Submit to save the edited file 8 From the Administration section of the navigation bar on the left edge of your browser window choose Load Save Configuration 9 Choose Save to Flash 10 Reboot the PortServer CM...

Page 39: ... Filters 3 1 Chapter 3 Menus and Keyword Monitoring Filters Using digi_menu to simplify port connections 3 2 About Menus 3 4 Constructing Menus 3 7 Sample Menus 3 12 Keyword Monitoring and Notification System 3 16 XML Basics 3 24 ...

Page 40: ...ole Server Connection menu 1 Lucy 2 Snoopy 3 Chris 4 Ringo 5 ttyS5 6 ttyS6 7 ttyS7 8 ttyS8 Type q to quit a valid option 1 8 or anything else to refresh Selecting option 2 will telnet ssh to the server Snoopy If a name is present in the serverfarm parameter for a port that name will appear Otherwise ttySN is used where N is the port number The digi_menu script has the following command line option...

Page 41: ...re to name ports Open a web browser and access the Web Management Interface by entering the name or IP address of the PortServer CM in the address bar 1 Log in as root 2 In the Configuration section of the navigation bar choose Serial Ports 3 From the Logical Ports drop down box choose the port you wish to name then choose Submit 4 Enter the new name in the Server Farm parameter field near the bot...

Page 42: ...rkup Language see XML Basics on page 3 24 for help with XML tagging and may be created and edited with the text editor in the Web Management Interface For administrators that do not have access to a web browser a limited version of vi is included on the system to use for editing the files A sample menu with the filename menu xml and a default template with the filename defaultmenu xml are included...

Page 43: ... on the PortServer CM The default template provided with the product is ready to use after minimal editing Custom Menus Custom menus may be created for use by specific users or groups of users Some uses for custom menus include Administration menus may be set up to contain all of the operations required to perform common administrative tasks For example a menu for editing configuration files might...

Page 44: ...dding Users Use this procedure to set up a user so that they are required to use a menu and have no command line access 1 Open the Web Management Interface in a browser and log in as root 2 Choose System Users from the Configuration section of the navigation bar Note If there is already an entry for the user you wish to restrict you must delete the entry before con tinuing entries may not be edite...

Page 45: ...enu page Menu item tags which define individual menu items Menu Definition Tags Use these tags for defining menus on a PortServer CM terminal server Menu Tags Description menu indicates a complete menu all of the following tag pairs are contained within the menu menu pair define indicates a menu definition the define define tag pair contains the entire menu definition and is in turn wrapped by the...

Page 46: ...efined menu pages page indicates a complete menu page all of the following tag pairs are contained within the page page pair id defines a unique name for this menu page title title of the page as it is to be displayed on screen itemList list of all menu items on the page all item item constructs are contained within the itemList itemList pair Menu Item Tags Description item indicates a complete me...

Page 47: ... same item page page name to be linked may not be used if command command is used in the same item comment area for the administrator to insert comments not visible to user sortby defines how menu items are to be sorted when displayed on screen Legal values are none default do not sort use order as defined in file key sort by key alpha numeric type sort by type sub menus first connection items las...

Page 48: ...ding closing tag The example below shows the skeleton of a menu xml version 1 0 root xmlns cm digi com menu define pagelist page id page id id itemlist item id item id id label label to display label command command to execute command key key to press key item item id item id id label label to display label command command to execute command key key to press key item item id item id id label label...

Page 49: ...mmand to execute command key key to press key item itemlist page pagelist define menu root In this example item id is a unique name for each menu item label to display is what appears on the screen command to execute is a complete command line to be executed when this menu item is selected id of submenu to display points to another menu page identified by its id tags and key to press is the key th...

Page 50: ...he define define tag pair Instead the tag pair global global is used This is because it is not an active menu but a global parameter definition xml version 1 0 root xmlns cm digi com menu global version major 1 major minor 0 minor version defaultMenu defaultmenu defaultMenu This menu is used if no specific criteria are met key quit Q quit key define the key to exit the menu application label defin...

Page 51: ...nitoring Filters 3 13 userList user define user specific menus name root name menu defaultmenu menu user userList groupList group define group specific menus name nobody name menu defaultMenu menu group groupList menu root ...

Page 52: ...n omitted here The defaultmenu xml file contains the menu items for all 32 ports xml version 1 0 root xmlns cm digi com definition of the namespace menu define name defaultacme name name id of menu comment The Default Menu comment area for administrator to insert comments not visible to user startPage start startPage first page to start display auto display display type auto auto OR n the number o...

Page 53: ...s menu entry one char only item item define a menu entry id Port_2 id unique id label Port 2 label displayed text for menu entry command telnet 127 0 0 1 7002 command system command to execute key 2 key the key to access menu entry one char only item Port_3 through Port_32 Omitted for Brevity itemList page pageList define menu root ...

Page 54: ...Digi Keyword Monitoring and Notification is an alert system designed to send notification messages to an email address phone or pager using SNMP Filters created by the system administrator allow the PortServer CM to monitor for specific keywords or phrases in a serial port s data stream When a keyword or phrase such as Disk Full or Reboot are detected the PortServer CM will send an immediate alert...

Page 55: ...es Keyword Monitoring and Notification requires a minimum of three XML files one or more filter definition files which contain the words to search for and the message to send when a word or phrase is found one link file named link xml which defines which ports to monitor what filters to apply and whom to notify in case one of the filters detects the words it is looking for there may be only one fi...

Page 56: ...er active comment information on the filter grepParam the keyword or phrase to search for preceding the word or phrase with i makes the search case insen sitive can be defined more than once to link several grep filters together minSendDelay minimal delay in seconds to wait before sending another alert sendLocalLog boolean yes to send a syslog message messageTitle subject title of message messageT...

Page 57: ...systems has issued a panic message will be sent using the information in the Link and Notification files xml version 1 0 root xmlns cm digi com filter define name panic name comment A filter looking for a panic string sent by SUN servers comment enable Yes enable grepParam i panic grepParam minSendDelay 60 minSendDelay sendLocalLog Yes sendLocalLog messageTitle Server panic messageTitle messageTex...

Page 58: ... links within the link file The link file uses the following parameters Parameter Description link defines the parameters for a link multiple links may be defined by including multiple link link tag pairs snmpTrapIpAddress if defined an SNMP trap will be sent to this address you can have more than one sendEmail boolean yes to send an email if trigger happens emailTo if defined an email will be sen...

Page 59: ...more than one email address may be specified within a single link filter The filter tag has two meanings depending on context When it appears inside a link link tag pair it specifies name of the filter definition to apply to the specified ports Multiple filter tags may be used to monitor for several different keywords The filter tag also appears just inside the root root tag pair In this context i...

Page 60: ... port 15 port filter reboot filter filter panic filter filter surootfail filter filter linkdown filter emailTo nobody abc com emailTo link link for my Cisco routers port 1 port port 2 port port 3 port port 4 port port 5 port port 6 port port 7 port filter reboot filter emailTo nobody abc com emailTo link filter root ...

Page 61: ...il yahoo com as the mail server and sets cm32 abc com as the sender the From field of the email message No emailReplyTo field is provided so replies will be sent by default to cm32 abc com xml version 1 0 root xmlns cm digi com filter global version major 1 major minor 0 minor version emailFrom cm32 abc com emailFrom smtpServer smtp mail yahoo com smtpServer global filter root emailFrom the from a...

Page 62: ...he first except that it is preceded by a forward slash for example tag element tag Tag pairs may be nested within other tag pairs such as tag1 tag2 element tag2 tag1 Note that the entire tag2 tag2 construct must be contained within the tag1 tag1 pair and is in fact the element for tag1 To make XML code easier to read tagged items are often written one tag to a line and nested elements are indented...

Page 63: ... 4 4 Linux File Structure 4 5 Basic File Manipulation Commands 4 5 The vi Editor 4 7 The Routing Table 4 8 ssh The Secure Shell Session 4 9 The Process Table 4 11 NTP Client Functionality 4 11 The Crond Utility 4 12 The DHCP Dynamic Host Configuration Protocol Client 4 13 Packet Filtering using ipchains 4 14 ...

Page 64: ...g the crond utility Configuring DHCP Packet Filtering using ipchains Using digi_menu scripts Changing the root Password The PortServer CM has a single user mode when The name or password of the user with root privileges is lost or forgotten After an upgrade or downgrade which leaves the PortServer CM unstable After a configuration change which leaves the PortServer CM inoperative or unstable Type ...

Page 65: ...6827E 0024F814 relocated to 00E18000 00FFF596 avail ram 0030B270 00E18000 Linux PPC load root dev ram After displaying Linux PPC load root dev ram the PortServer CM waits approximately 10 seconds for user input This is where the user should type single When the boot process is complete the Linux prompt will appear on the console root none If the password or username was forgotten execute the follo...

Page 66: ...th values appropriate for your system If your ftp server is on the same network as the CM the gw and mask parameters are optional config_eth0 ip 200 200 200 1 mask 255 255 255 0 gw 200 200 200 5 At this point the DNS configuration in the file etc resolv conf should be checked Then download the kernel image using the ftp command Users and Passwords A username and password are necessary to log in to...

Page 67: ... and utilities used during system initialization dev Contains files for devices and ports etc Contains configuration files specific to the operating system lib Contains shared libraries proc Contains process information mnt Contains information about mounted disks opt Location where packages not supplied with the operating system are stored tmp Location where temporary files are stored usr Contain...

Page 68: ...the path indicated by destination Make Directory Command mkdir directory_name mkdir spot mkdir tmp snuggles Creates a directory named directory_name a creates the directory spot in the current directory b creates the directory snuggles in the directory tmp rmdir directory_name Removes the directory indicated by directory_name Other commands allow the user to change directories and see the contents...

Page 69: ...ion within the open file You enter command mode by pressing the ESC key editing mode for text editing See list of editing commands below for how to enter the editing mode line mode for file saving opening or closing vi From the command mode type the colon When entering the program the user is automatically in the command mode To navigate to the part of the file to be edited use the following keys ...

Page 70: ...r write wq save and close the file q is for quit q close the file without saving w file save the file with the name file e file opens the file named file The Routing Table The PortServer CM has a static routing table The table can be displayed using one of the following commands route or netstat rn The file etc network st_routes is the PortServer CM s method for configuring static routes See the t...

Page 71: ... socket_port or username ip_addr or net host net is for routes to a network and host is for routes to a single host target target is the IP address of the destination host or network netmask nt_msk the tag netmask and a mask are necessary only when subnetting is used Otherwise a mask appropriate to the target is assumed nt_msk must be specified in dot notation gw gt_way specifies a gateway when ap...

Page 72: ...e_server ttyS1 addressed by IP 10 0 0 1 or socket port 7001 The various ways to access the server connected to the port are ssh t root ttyS1 cm32 ssh t root 7001 cm32 ssh t root 192 168 160 1 cm32 ssh t root file_server cm32 ssh t l root 192 168 160 1 Note Either l or are used but not both For ssh2 the 2 flag is used ssh t 2 root 7001 cm32 To log in to a port that does not require authentication t...

Page 73: ... then sends the signal HUP to the process all in one step Note Never kill digi_ras with the signals 9 or SIGKILL NTP Client Functionality In order for the PortServer CM to work as a NTP Network Timer Protocol client the IP address and either hostname or domain name of the NTP server must be set in the file bin ex_ntpclient PID UID GID State Command 1 root root S sbin inetd 31 root root S sbin sshd...

Page 74: ...er who must be a valid local user source pathname of the crontab file When the etc crontab_files file contains the following line active root etc tst_cron src and the etc tst_cron src file contains the following line 0 59 etc test_cron sh crond will execute the script listed in tst_cron sh with root privileges each minute Example files are in the etc directory The next step is to update the system...

Page 75: ...If the IP addresses of the PortServer CM or the default gateway are changed the PortServer CM will adjust its routing table accordingly You may use an alternative command netconfig to configure network parameters To disable the DHCP client set the parameter conf dhcp_client to 0 Do not forget to uncomment the Ethernet parameters mentioned in the previous paragraph Two files are related to DHCP bin...

Page 76: ...ded with the PortServer CM or the howto http netfilter filewatcher org ipchains HOWTO html The syntax of the ipchains command is ipchains command chain s source d destination p protocol j target i interface where command is one of the following A Add a condition or rule to the end of the chain Note that the order in which a condition appears in a chain can modify its application and the first rule...

Page 77: ...ewise the forward chain controls which packets will be routed The input chain controls incoming packet filtering The packet is either destined for the router or for another omputer In the latter case the packet is processed by the forward chain Packets that pass through the forward chain will then be processed by the output chain source and destination have the following format address mask port p...

Page 78: ...previously saved using fwset will then be defined This command is executed at boot to invoke the last configuration saved Another option is to edit the file etc network firewall or another file directly following the syntax defined in the file itself If the file is edited in this way the command fwset cannot be used to save and restore the configuration Use ipchains save file_name to save the list...

Page 79: ...ipchains P output ACCEPT ipchains P forward ACCEPT ipchains A input p tcp s 200 200 200 4 d 0 0 0 0 0 23 j DENY ipchains A input p tcp s 200 200 200 4 d 200 200 200 1 7001 7032 j DENY ipchains A input p tcp s 200 200 200 4 d 0 0 0 0 0 22 j DENY ...

Page 80: ...cifications 5 1 Chapter 5 Hardware Specifications Introduction 5 2 The RS 232 Standard 5 2 Cable Length 5 3 Connectors 5 3 Straight Through vs Crossover Cables 5 4 Which Cable Should be Used 5 5 Cable Diagrams 5 6 ...

Page 81: ...ng tricks The relevant signals or wires in a RS 232 cable from the standpoint of the computer DTE are Receive Data RxD and Transmit Data TxD The actual data signals Signal Ground Gnd Electrical reference for both ends Data Terminal Ready DTR Indicates that the computer DTE is active Data Set Ready DSR Indicates that the modem DCE is active Data Carrier Ready DCD Indicates that the connection over ...

Page 82: ...red short haul modems available from suppliers such as Black Box can be used to increase the effective range of the RS 232 interface Short haul modems are similar to standard modems except that they are connected directly to each other via a cable instead of going through a telephone circuit Connectors The connector traditionally used with RS 232 is the 25 pin D shaped connector DB 25 Most analog ...

Page 83: ...corresponding signals on the other side one to one We can use RS 232 to connect two DTEs as is the case in most modern applications A crossover also known as a null modem cable is used to connect two DTEs directly without modems or RS 232 Signal Name Function Input Output DB 25 pins Standard DB 9 pins Standard RJ 45 pins PortServer CM Chassis Safety Ground 1 Shell Shell TxD Transmit Data O 2 3 3 R...

Page 84: ...d off the shelf cables from a computer store or cable vendor For custom cables refer to the cable diagrams to build your own cables or order them from Digi or a cable vendor To Connect To Use Cable Part Number DCE DB 25 Female standard Analog Modems ISDN Terminal Adapters Cable 1 RJ 45 to DB 25 M straight through Custom This custom cable can be ordered from Digi or other cable vendors A sample is ...

Page 85: ...ontrol signals and hardware flow control Applications that do not require such features have just to configure NO hardware flow control and NO DCD detection on their side Both ends should have the same configuration for better use of the complete version of the cables DTE DB 9 Male standard Newer PC COM ports Most Mice and pointing Devices Some automation devices Cable 3 RJ 45 to DB 9 F crossover ...

Page 86: ...Hardware Specifications 5 7 Cable 1 Digi CM RJ 45 to DB 25 Male Straight Through Application It connects Digi CM products serial ports to modems and other DCE RS 232 devices ...

Page 87: ...5 8 Cable Diagrams Cable 2 Digi CM RJ 45 to DB 25 Female Crossover P N 76000638 Application It connects the PortServer CM serial ports to console ports terminals printers and other DTE RS 232 devices ...

Page 88: ...rdware Specifications 5 9 Cable 3 Digi CM RJ 45 to DB 9 Female Crossover P N 76000637 Application It connects Digi CM products serial ports to console ports terminals printers and other DTE RS 232 devices ...

Page 89: ...5 10 Cable Diagrams Cable 4 Digi CM RJ 45 to Netra RJ 45 Crossover P N 76000636 Usually used in console management applications to connect Digi CM products to a Sun Netra server or to a Cisco product ...

Page 90: ...Sample pslave conf files 6 1 Chapter 6 Sample pslave conf files Sample pslave conf File 6 2 Customization 6 20 ...

Page 91: ...eters These parameters have the prefix conf Example of global parameters are ethernet ip address etc 2 Terminal Parameters These parameters have prefixes all s1 s2 etc The all entries are used as a template for all virtual terminals Setting all speed to 9600 will set all virtual terminal s1 s2 s3 etc speeds to 9600 Note that you can change the all settings one by one If the parameter s4 speed 1920...

Page 92: ...IP 3 third byte of remote IP 4 fourth LSB byte of remote IP c connect info m netmask t MTU r MRU I idle timeout T session timeout h hostname Generic SAMPLE all async ports at 9600 bps 8N1 no flow control Eth IP address 192 169 160 10 24 MTU 1500 protocol socket_server host IP 192 168 160 8 24 syslogd IP 192 168 160 1 Radius Server IP 192 168 160 3 authentication and accounting authentication none ...

Page 93: ...eth0 file with the values configured here The PortServer CM can request all of its ethernet parameters to a DHCP ser The administrator can activate the dhcp client with more options changing the file etc network dhcpcd_cmd Valid values 0 DHCP disabled default 1 DHCP active 2 DHCP active and the TS saves in flash the last ip assigned by the DHCP server This option requires changes in the files etc ...

Page 94: ...verfarm on the machines with IP address 192 168 160 11 The remote host must have NFS installed and the administrator must create export and allow reading writing to this directory The size of this file is not limited by the value of the parameter s1 data_buffering though the value cannot be zero since a zero value turns off data buffering conf nfs_data_buffering 192 168 160 11 tmp ts_data_buffer L...

Page 95: ... being performed for a port When set to one it is possible to log in to the Terminal Server directly by placing a before your login name then using your normal password This is useful if the Radius authentication server is down conf locallogins 1 Syslog server syslog is the IP address of a remote syslog daemon facility is a value from 0 to 7 which is sent to the syslog server to indicate in which ...

Page 96: ...ier The parameter s nn users that will be explained later can be configured using a combination of group names and user names conf group mkt paul sam conf group adm joe mark s1 users mkt joe s2 users adm sam Speed All ports are set to 9600 baud rate 8 bits No parity 1 stop bit These values can be changed port by port later in the file all speed 9600 all datasize 8 all stopbits 1 all parity none ...

Page 97: ...tor alike rs485_full_terminator all media rs232 Syslog server message level An integer between 0 and 7 Zero does not send syslog messages to the syslog server all syslog_level 4 Syslog Console message level An integer between 0 and 7 Zero does not send syslog messages to the console all console_level 4 Authentication type either local radius none remote local radius radius local or RadiusDownLocal...

Page 98: ... can be configured per port The first is tried radretries times before the second is tried If radretries is not configured 5 is used by default The parameter radtimeout sets the timeout per query in seconds all authhost1 192 168 160 3 all accthost1 192 168 160 3 all radtimeout 3 all radretries 5 all authhost2 192 168 160 4 all accthost2 192 168 160 4 The shared secret used by RADIUS all secret dig...

Page 99: ...et_client etc all host 192 168 160 8 IP Address assigned to the serial port The after the value causes the interfaces to have consecutive ip addresses Ex 192 168 1 101 192 168 1 107 etc The IP number of a port is used when the RADIUS server does not send an IP number or if it tells us to use a dynamic IP no all ipno 192 168 1 101 all netmask 255 255 255 255 Maximum reception transmission unit size...

Page 100: ...e Terminal Server to update the login records written to the var run utmp and or var log wtmp files set sysutmp syswtmp to 1 This is useful for tracking who has accessed the Terminal Server and what they did all sysutmp 1 all syswtmp 0 all utmpfrom p P 3 4 Use initchat to initialize the modem d delay 1 sec p pause 0 1 sec l toggle DTR r CR l LF all initchat TIMEOUT 10 d l dATZ OK r n ATZ OK r n ...

Page 101: ...y parameter CLOCAL Valid values are 0 or 1 In a socket session if all dcd 0 a connection request telnet or ssh will be accepted regardless of the DCD signal and the connection will not be closed if the DCD signal is set to DOWN In a socket connection if all dcd 1 a connection request will be accepted only if the DCD signal is UP and the connection telnet or ssh will be closed if the DCD signal is ...

Page 102: ...authenticated and service type is PPP all pppopt i j novj proxyarp modem asyncmap 000A0000 noipx noccp mtu t mru t netmask m idle I maxconnect T ms dns 192 168 160 5 ms dns 0 0 0 0 plugin usr lib libpsr so When not set to zero this parameter sets the wait for a TCP connection keep alive timer If no traffic passes through the Terminal Server for this period of time ms the Terminal Server will send ...

Page 103: ...inal Server ports This parameter is used by the protocols telnet socket_client and socket_server It is mandadory if the protocol is socket_server otherwise 23 will be used The after the numerical value causes the interfaces to be numbered consecutively Ex 7001 7002 7003 etc all socket_port 7001 Data buffering configuration A non zero value activates data buffering The number is equal to the buffer...

Page 104: ...y time a quantity of data equal to this parameter is collected 40 to 255 recomended all syslog_level should be greater than or equal to 5 and data_buffering non zero for syslog generation all syslog_buffering 0 Controls the presentation of the Data buffering menu MENU A non empty Data Buffering File was found Choose wich action should be performed I gnore D isplay E rase or S how and erase valid v...

Page 105: ...ser would only need to know that a particular username exists This does not affect Radius users registered with passwords all radnullpass 0 Automatic User Definition more useful when used to a specific port This parameter is only used if the port is configured as a Terminal Server login telnet rlogin ssh and ssh2 and authentication type none all userauto edson Port access restriction more useful w...

Page 106: ...o select a serial port that should be configured as socket_ssh The value entered here should be the same used in the ssh command Ex ssh t username server_connected_to_serial1 tsname or ssh t l username server_connected_to_serial1 tsname s1 serverfarm server_connected_to_serial1 Snif session mode in out i o With this parameter the user can select which data will be sent to the monitor The default i...

Page 107: ... all admin_users peter Port specific parameters s1 tty ttyS1 s2 tty ttyS2 s3 tty ttyS3 s4 tty ttyS4 s5 tty ttyS5 s6 tty ttyS6 s7 tty ttyS7 s8 tty ttyS8 s9 tty ttyS9 s10 tty ttyS10 s11 tty ttyS11 s12 tty ttyS12 s13 tty ttyS13 s14 tty ttyS14 s15 tty ttyS15 s16 tty ttyS16 s17 tty ttyS17 s18 tty ttyS18 s19 tty ttyS19 s20 tty ttyS20 s21 tty ttyS21 ...

Page 108: ...Sample pslave conf files 6 19 s22 tty ttyS22 s23 tty ttyS23 s24 tty ttyS24 s25 tty ttyS25 s26 tty ttyS26 s27 tty ttyS27 s28 tty ttyS28 s29 tty ttyS29 s30 tty ttyS30 s31 tty ttyS31 s32 tty ttyS32 ...

Page 109: ...sshd f etc ssh sshd_config once sbin ex_ntpclient wait sbin fwset restore To customize the PortServer CM change these lines or add others If the etc inittab file is changed edit the etc config_files file and add a line containing only etc inittab Save the file and exit the editor Save the new configuration by executing saveconf Then the PortServer CM should be turned off and then turned on again T...

Page 110: ...The Web Management Interface 7 1 Chapter 7 The Web Management Interface Introduction 7 2 Changing the Password 7 4 Web Configuration Menus 7 6 Troubleshooting the Web Management Interface 7 9 ...

Page 111: ... below will appear You may also user secure socket layer by replacing http with https in the web URL address section of your web browser Note You can find the IP address of the PortServer CM by running the Discover utility See Discover Utility on page 2 2 2 Enter root in the username field and dbps in the password field to use the Web Configuration Manager Change the root password as soon as possi...

Page 112: ...The Web Management Interface 7 3 Below is the login page for the PortServer CM The default login user is root and the password is dbps ...

Page 113: ...oot then select Change Password 3 Enter the new password twice and choose Submit 4 The next page will require a new login enter root and the new password 5 From the Web User Management section choose Load Save Configuration Save Configuration 6 Next go to Administration Load Save Configuration Save to Flash 7 To logout choose the Administration Log out ...

Page 114: ...The Web Management Interface 7 5 The General Configuration page of the Web Management Interface is shown below ...

Page 115: ...rvice Access Data Buffering Serial Ports Configuration for the Portslave package Host Table Table of hosts in etc hosts Static Routes Static routes defined in etc network st_routes IP Chains Static Firewall Chains in etc network ipchains Boot Configurations Configuration of parameters used in the boot process Edit Text File Tool to read and edit a configuration file System Users Management of syst...

Page 116: ...imits for specific URL s Load Save Configuration Load Save web user configuration in etc websum conf Administrative Section Link Name Description of Page Contents Logout Exits the Web Manager Reboot Resets the equipment Send Message Sends messages to users logged in to a serial port Port Conversation Enables a port conversation through a serial port Download Upload Image Use an FTP server to load ...

Page 117: ...us Shows the running processes and allows the adminsitrator to kill them Restart Processes Allows the administrator to start or stop some processes Information Section Link Name Description of Page Contents Interface Statistics Shows statistics for all active interfaces Serial Ports Shows the status of all serial ports Routing Table Shows the routing table and allows the administrator to add or de...

Page 118: ...ets If the PortServer CM is reachable see if the bin webs process is running by executing the command ps If it is not type bin webs to start it If the bin webs process is not being initialized during boot change the file etc inittab IP Rules Shows Firewall NAT and IP accounting rules IP Statistics Shows IP protocol statistics ICMP Statistics Shows ICMP protocol statistics TCP Statistics Shows TCP ...

Page 119: ...on file etc websum conf was damaged From a console or telnet session edit the file etc config_files Find the reference to etc websum conf and delete it Save the modified etc config_files file Execute the command saveconf Reboot the sys tem Enter into the Web Configuration Manager with the default username and password root dbps Edit the file etc config_files and insert the reference to etc websum ...

Page 120: ...rading and Troubleshooting 8 1 Chapter 8 Upgrading and Troubleshooting Upgrading the Linux Kernel 8 2 Troubleshooting the PortServer CM 8 3 Hardware Test 8 5 Port Conversation 8 6 Test Signals Manually 8 7 ...

Page 121: ...M configuration information is stored To upgrade the Linux kernel provided in the PortServer CM ftp the new zImage file on top of the zImage file in the proc flash directory root portserver_cm root cd proc flash root portserver_cm flash ftp ftp server name root portserver_cm flash cd directory containing zImage file root portserver_cm flash bin change to binary mode root portserver_cm flash get zI...

Page 122: ...re connected correctly As mentioned earlier the file etc config_files contains a list of files acted upon by saveconf and restoreconf If a file is missing it will not be loaded onto the ramdisk on boot The following table lists files that should be included in the etc config_files file and which programs use each File Program etc securetty telnet login su etc issue getty etc getty_ttyS0 login via ...

Page 123: ...tc ssh ssh_config ssh client etc ssh ssh_host_key sshd ssh1 etc ssh ssh_host_key pub sshd ssh1 etc ssh ssh_host_dsa_key sshd ssh2 etc ssh ssh_host_dsa_key pub sshd ssh2 etc snmp snmpd conf snmpd etc portslave pslave conf digi_ras portslave CM configuration information etc network ifcfg_eth0 ifconfig eth0 digi_ras rc sysconf etc network ifcfg ifconfig digi_ras rc sysinit File Program ...

Page 124: ...ted while in use as the test will deactivate all ports Port Test Either a cross cable or a loop back connector is necessary for this test The pinout diagrams are supplied in the chapter on hardware Connect the loop back connector to the modem cable and then connect the modem cable to the port to be tested or connect a cross cable between two ports to be tested When digitest senses the presence of ...

Page 125: ...ceives data on the selected port One way to run this test is to place a loop back con nector on the port to be tested and begin Enter the number of the port and a baud rate 9600 is a typical value Type some letters and if the letters appear on the screen the port is working If the letters do not appear on the screen the port is not functioning correctly A second method that can be used to test the...

Page 126: ...onse to its command the signals are being sent Another method to test the signals is to use a loop back connector Enter the number of the port with the loopback connector and start the test In this case when Ctrl D is typed the Xs in the first three columns will move as shown below This is because the test is receiving the DTR signal sent through the DCD and DSR channels When Ctrl R is typed the X...

Reviews:

No comments