manualshive.com logo in svg

Opengear OM1200 Series, User Manual

The Opengear OM1200 Series is a versatile network device that ensures seamless connectivity and management. Access the comprehensive User Manual to optimize your device's potential. Download the manual for free at manualshive.com, empowering you to unlock all the features and functionalities effortlessly.

Share
Download
background image

Operations Manager

User Guide

20.Q4 November 2020

Summary of Contents for OM1200 Series

Page 1: ...Operations Manager User Guide 20 Q4 November 2020 ...

Page 2: ...k 11 Serial Connection 12 Cellular Connectivity 13 Reset and Erase 14 Initial System Configuration 15 Default Settings 16 Management Console Connection via CLI 19 Change the Root Password 20 Disable a Root User 22 MONITOR Menu 26 System Log 27 LLDP CDP Neighbors 28 Triggered Playbooks 29 ACCESS Menu 30 Local Terminal 31 Access Serial Ports 32 ...

Page 3: ...work Aggregates Bonds and Bridges 57 Spanning Tree Protocol 63 IPsec Tunnels 66 Network Resilience 70 OOB Failover 71 IP Passthrough 72 User Management 73 Groups 74 Local Users 77 Remote Authentication 82 RemoteLocal for AAA Server 88 Services 91 HTTPS Certificate 92 Network Discovery Protocols 94 Routing 95 SSH 96 Unauthenticated SSH to Console Ports 98 Syslog 104 Remote Syslog 106 ...

Page 4: ...tomatic Settings 126 System 127 Administration 130 Factory Reset 131 Reboot 133 System Upgrade 134 SNMP 135 SNMP Service 136 SNMP Alert Managers 137 Multiple SNMP Alert Managers 139 Advanced Options 142 Communicating With The Cellular Modem 143 OGCLI 145 Docker 155 Cron 156 Initial Provisioning via USB Key 158 EULA and GPL 160 UI Button Definitions 161 ...

Page 5: ...ied including but not limited to the implied warranties of fitness or merchantability for a particular purpose Opengear may make improvements and or changes in this manual or in the product s and or the program s described in this manual at any time This product could include technical inaccuracies or typographical errors Changes are periodically made to the information herein these changes may be...

Page 6: ...l on the plug not the cable when disconnecting the power cord from the socket Do not connect or disconnect the appliance during an electrical storm Also use a surge suppressor or UPS to protect the equipment from transients FCC Warning Statement This device complies with Part 15 of the FCC rules Operation of this device is sub ject to the following conditions 1 This device may not cause harmful in...

Page 7: ...ns made to this device without the explicit approval or consent of Opengear will void Opengear of any liability or responsibility of injury or loss caused by any malfunction This equipment is for indoor use and all the communication wiring are limited to inside of the building SAFETY FCC STATEMENT 7 ...

Page 8: ...4 Ethernet ports and the OM1200 family of small form factor appliances available with combinations up to 8 serial and 8 Ethernet ports This manual is up to date for the 20 Q4 November 2020 firmware release When using a minor release there may or may not be a specific version of the user guide for that release The current Operations Manager user guide can always be found here ABOUT THIS USER GUIDE ...

Page 9: ...Installation And Connection This section describes how to install the appliance hardware and connect it to con trolled devices INSTALLATION AND CONNECTION 9 ...

Page 10: ...plies each accept AC input voltage between 100 and 240 VAC with a fre quency of 50 or 60 Hz The OM2224 24E 10G L draws a maximum of 48W while non 24E are less than 30W Two IEC AC power sockets are located on the power side of the metal case and these IEC power inlets use conventional IEC AC power cords Note Country specific IEC power cords are not included with OM2200s OM1200s are shipped with a 1...

Page 11: ...P module The network connections on the OM2200 are located on the serial port side of the unit Connect the provided shielded CAT5 cable to the NET1 to a computer or into your network for initial configuration By default NET1 and NET2 are enabled You can use either 10 100 1000BaseT over Cat5 or fiber optical transceiver 1Gbps in the SFP slot for NET1 or NET2 on OM2200 non 10G and OM1208 8E INSTALLA...

Page 12: ... Connection The serial connections feature RS 232 with software selectable pin outs Cisco straight X2 or Cisco reversed X1 Connect serial devices with the appropriate STP cables INSTALLATION AND CONNECTION 12 ...

Page 13: ...ting most frequencies in use To activate the cellular interface you should contact your local cellular carrier and activate a data plan associated to the SIM installed For L models attach the 4G cellular antennas to the unit s SMA antenna sockets on the power face or to the extension RF cables before powering on Insert the 2FF SIM card on the power face with the contact facing up Use the left SIM ...

Page 14: ...n the port side panel twice with a bent paper clip while the unit is powered on This resets the appliance to its factory default settings Any modified configuration information is erased You will be prompted to log in and must enter the default administration username and administration password Username root Password default You will be required to change this password during the first log in INS...

Page 15: ...re enabled The unit can be managed via WebGUI or by command line interface CLI l Default Settings on the next page l Management Console Connection via CLI on page 19 l Change the Root Password on page 20 l Disable a Root User on page 22 l Change Network Settings on page 22 l For Configure Serial Ports see Serial Ports on page 36 INITIAL SYSTEM CONFIGURATION 15 ...

Page 16: ...255 0 The OM offers a WebGUI via web browser that supports HTML5 1 Type https 192 168 0 1 in the address bar HTTPS is enabled by default 2 Enter the default username and password Username root Password default 3 After the first successful log in you will be required to change the root pass word INITIAL SYSTEM CONFIGURATION 16 ...

Page 17: ...ch Using the WebUI The WebUI can switched between Light or Dark mode by adjusting the toggle on the bottom left Light mode changes the user interface to display mostly light colors This is the default UI setting Dark mode changes the user interface to display mostly dark col ors reducing the light emitted by device screens INITIAL SYSTEM CONFIGURATION 17 ...

Page 18: ... to generate a Technical Support Reportt that can be used by Opengear Support for troubleshooting It also contains a link to the latest Operations Manager User Manual The System menu presents the Current version REST API version Hostname Serial Number Model and Current user INITIAL SYSTEM CONFIGURATION 18 ...

Page 19: ...ng your preferred application to establish an SSH session 1 Input the default IP Address of 192 168 0 1 SSH port 22 is enabled by default 2 When prompted enter the log in and password in the CLI 3 After a successful log in you ll see a command line prompt INITIAL SYSTEM CONFIGURATION 19 ...

Page 20: ... reasons only the root user can initially log into the appliance Upon ini tial log in the default password must be changed To change the password at any time 1 Click CONFIGURE User Management Local Users 2 Click the Edit User icon under Actions INITIAL SYSTEM CONFIGURATION 20 ...

Page 21: ...3 Enter a new password in the Password field and enter it again in the Con firm Password field 4 Click Save User INITIAL SYSTEM CONFIGURATION 21 ...

Page 22: ...t to the root user 3 Click Yes in the Confirmation dialog To enable root user log in with another user that has the Administrator role and click the Enable User button in the Actions section next to the root user Change Network Settings CONFIGURE Network Connections Network Interfaces The interface supports both IPv4 and IPv6 networks The IP address of the unit can be setup for Static or DHCP The ...

Page 23: ...IGURE Network Connections Network Interfaces 2 Click the expand arrow to the right of the desired interface to view its details 3 Click the plus icon to open the New Connection page INITIAL SYSTEM CONFIGURATION 23 ...

Page 24: ...ons Network Interfaces page Note If you experience packet loss or poor network performance with the default auto negotiation setting try changing the Ethernet Media settings on the OPERATIONS MANAGER and the device it is connected to In most cases select 100 megabits full duplex Make sure both sides are set identically To change the Ethernet Media Type 1 Click CONFIGURE Network Connections Network...

Page 25: ...3 Click Enabled Automatic 4 Change the Media Setting as needed and click Apply INITIAL SYSTEM CONFIGURATION 25 ...

Page 26: ...ccess and communications events with the server and with attached serial network and power devices l LLDP CDP Neighbors l Details of the LLDP CDP Neighbors that are displayed when enabled for a connection l Triggered Playbooks l Monitoring current Playbooks and applying filters to view any Play books that have been triggered MONITOR MENU 26 ...

Page 27: ...he server and with attached serial network and power devices To view the System Log click MONITOR System Log The System Log page lets you change the Number of Log Lines displayed on the screen The newest items appear on the bottom of the list Click the Refresh button on the bottom right to see the latest entries MONITOR MENU 27 ...

Page 28: ...CDP Neighbors MONITOR LLDP CDP Neighbors The OPERATIONS MANAGER displays LLDP CDP Neighbors when enabled for a connection See CONFIGURE SERVICES Network Discovery Protocols to enable disable MONITOR MENU 28 ...

Page 29: ...d Playbooks For information on creating Playbooks see Playbooks To monitor current Playbooks click on Monitor Playbooks Choose the time period if desired and filter by Name of Playlist to view any that have been triggered MONITOR MENU 29 ...

Page 30: ...ACCESS Menu The ACCESS menu lets you access the OPERATIONS MANAGER via a built in Web Terminal It also provides SSH and Web Terminal access to specific ports ACCESS MENU 30 ...

Page 31: ...prompt enter a username and press Return 3 At the password prompt enter a password and press Return 4 A bash shell prompt appears This shell supports most standard bash commands and also supports copy and paste to and from the terminal To close a terminal session close the tab or type exit in the Web Terminal window The session will timeout after 60 seconds ACCESS MENU 31 ...

Page 32: ... Quick Search To find a specific port by its port label use the Quick Search form on the top of the ACCESS Serial Ports page Ports are given default numbered labels You can set the port label for a given serial port under CONFIGURE Serial Ports Click the edit button under Actions to open the EDIT SERIAL PORT page Access Using Web Terminal or SSH To access the console port via the Web Terminal or S...

Page 33: ...browser tab with the terminal l Choosing SSH opens an application you have previously associated with SSH connections from your browser Note Serial port logging is disabled by default Control the logging level for each serial port by changing Logging Settings in Configure Serial Ports Edit page The log will appear via the Port Log link on the Serial Ports expanded page ACCESS MENU 33 ...

Page 34: ...ACCESS MENU 34 ...

Page 35: ...CONFIGURE Menu This section provides step by step instructions for the menu items under the CONFIGURE menu CONFIGURE MENU 35 ...

Page 36: ... serial ports appears This page lets you select serial ports and Autodiscover Selected ports You can Schedule Autodiscover by clicking the button This opens a page that allows you to select the ports and specify a time and period for port detection to occur CONFIGURE MENU 36 ...

Page 37: ...From the Configure Serial Ports page click theEdit Serial Port button under Actions next to the Serial Port you wish to configure The Edit Serial Port page opens CONFIGURE MENU 37 ...

Page 38: ...sed to locate this port using the Quick Search form on the ACCESS Serial Ports page l Mode Disabled or Console Server l Pin out X1 Cisco Rolled or X2 Cisco Straight l Baud Rate 50 to 230 400 bps l Data Bits 5 6 7 8 l Parity None Odd Even Mark Space l Stop Bits 1 1 5 2 CONFIGURE MENU 38 ...

Page 39: ...l Logging Levels l Serial Port Aliases CONFIGURE MENU 39 ...

Page 40: ...nsole Cisco straight X2 pinout and the USB serial console needs user supplied micro USB to USB A cable To edit the settings of a local management console 1 Click CONFIGURE Local Management Consoles 2 Click on the Edit Management Console Port button under Actions next to the console you wish to disable CONFIGURE MENU 40 ...

Page 41: ...Messages l Enable or disable the selected Management Console Note Enabling Kernel Debug Messages can only be applied to a single serial management console To disable a local management console click CONFIGURE Local Management Consoles Click on the Disable Management Console Port button under Actions next to the console you wish to disable CONFIGURE MENU 41 ...

Page 42: ...f Opengear devices To enroll your OPERATIONS MANAGER to a Lighthouse instance you must have Lighthouse installed and have an enrollment token set in Lighthouse To set an enrollment token in Lighthouse click on CONFIGURE NODE ENROLLMENT Enrollment Settings page and enter an Enrollment Token To enroll your OPERATIONS MANAGER in this Lighthouse instance 1 Click CONFIGURE Lighthouse Enrollment CONFIGU...

Page 43: ...use instance and the Enrollment Token you created in Lighthouse Optionally enter a Port and an Enrollment Bundle see the Lighthouse User Guide for more information 4 Click Apply Note Enrollment can also be done directly via Lighthouse using the Add Node function See the Lighthouse User Guide for more instructions on enrolling Opengear devices into Lighthouse CONFIGURE MENU 43 ...

Page 44: ...ble systems that periodically check if a Trigger condition has been met They can be configured to perform a one or more specified Reaction To create a new Playbook select Configure Playbooks Click the Plus button to create a new Playbook CONFIGURE MENU 44 ...

Page 45: ...k after you have created it 4 Enter an Interval in seconds to control the frequency that the Trigger will be checked 5 Choose the type of Trigger to use from the Trigger Type drop down 6 In the Reaction section click the Plus and click on specific Reactions for this Play book CONFIGURE MENU 45 ...

Page 46: ...re finished click Apply After you have created Playbooks you can Edit orDelete them from the Configure Playbooks page To monitor current Playbooks click on Monitor Playbooks Choose the time period if desired and filter by Name of Playlist to view any that have been triggered CONFIGURE MENU 46 ...

Page 47: ...NFIGURE PDUs One or more Power Distribution Units PDUs both Local and Remote can be mon itored To add information for a PDU select Configure PDUs Click the Plus button to configure a new PDU CONFIGURE MENU 47 ...

Page 48: ...priate Driver from the drop down list 5 Select the Port 6 Add a Description 7 Under Access Settings enter a Username and Password to use when connecting to the device 8 When you are finished click Apply After you have created PDUs you can Edit orDelete them from the Configure PDUs page CONFIGURE MENU 48 ...

Page 49: ...add and delete SNMP alerts You can set triggers to send SNMP alerts for the following l Authentication when a user attempts to log in via SSH REST API or the device s serial ports An alert is sent regardless of whether the log in has suc ceeded or failed CONFIGURE MENU 49 ...

Page 50: ...ltage range l Networking based on the cell signal strength and each interface s link state Use the slider to adjust the upper and lower signal strength l Configuration when changes occur to the system configuration Note Manage the SNMP settings for these alerts on the CONFIGURE SNMP SNMP Alert Managers page CONFIGURE MENU 50 ...

Page 51: ...Network Connections CONFIGURE NETWORK CONNECTIONS The Network Connections menu contains the Network Interfaces and IPsec Tun nels settings CONFIGURE MENU 51 ...

Page 52: ...unit can be setup for Static or DHCP The following settings can be configured for network ports l IPv4 IPv6 l Static and or DHCP l Enabling or disabling network interfaces l Ethernet Media types For detailed information about Network Interface configuration and adding a new connection see Change Network Settings on page 22 CONFIGURE MENU 52 ...

Page 53: ...ee SNMP Alerts on page 49 1 Navigate to Configure Network Connections Network Interfaces 2 Click on the Cellular Interface LTE row 3 The information bar expands and the page shows the current status of the active and inactive SIM cards Note If the unit does not have a cell modem L then the cellular inter face will not be visible 4 The active SIM indicates the color of the signal strength based upo...

Page 54: ...reen if signal is above the higher threshold l Orange if signal is between lower and higher threshold l Red if signal is below the lower threshold l Grey for 0 or not active 5 Click the Refresh button to display the current signal strength of the active SIM CONFIGURE MENU 54 ...

Page 55: ...ally To switch the Active SIM 1 Navigate to CONFIGURE NETWORK CONNECTIONS Network Interfaces Cellular Interface LTE 2 Click the Settings cog this will display the MANAGE CELLULAR INTERFACE LTE page and the current status of both SIM slots including the current carrier name 3 On the right select the Make Active button of the new active SIM and apply the change by selecting Confirm 4 A pop up alert ...

Page 56: ...an monitor the interface during the changeover via the CLI with the command watch ip address show dev wwan0 You can also set the SIM settings by expanding the menu for each SIM to set the APN If no SIM is inserted you can still select a SIM slot If you insert a SIM it will not force it to become the active SIM CONFIGURE MENU 56 ...

Page 57: ...is topic This also includes other settings on bonds such as the mode or poll interval Note Editing the primary interface will not update its connections Operations Manager models with an integrated switch OM1204 4E OM1208 8E and OM2224 24E have a bridge configured by default that includes all of the switch ports which can be edited or deleted as required Definitions of the bridge details as in the...

Page 58: ...gle buttons 4 Change the bridge details as required in accordance with the Bridge Form Defin itions table below 5 Click the Update button to finalize the edit process Updating the bridge will temporarily interrupt network activity on this interface Edit Bridge Form Definitions New Bridge Field Definition Description The editable Description field allows you to add a descrip tion of the interface I...

Page 59: ...tions which exist on the Primary Interface will be attached to the Bond Bridge after it is initially created When a Bond Bridge is deleted any Network Connections which exist on the aggregate interface are handed over to the Primary Interface Inherited Connections When the Primary Interface is selected the connections inher ited by the new bridge are listed here Click to edit the details of an exi...

Page 60: ... located next to the Enable Disable toggle buttons 4 Change the bond details as required in accordance with the Edit Bond Form Defin itions table below 5 Click the Update button to finalize the edit process Updating the bond will temporarily interrupt network activity on this interface Edit Bond Form Definitions New Bond Field Definition Description The editable Description field allows you to add...

Page 61: ... Outgoing traffic is distributed depending on the current load on each secondary interface Incoming traffic is received by the current secondary inter face If the receiving secondary fails another secondary takes over the MAC address of the failed secondary Adaptive Load Balancing Includes transmit load bal ancing tlb and receive load balancing rlb for IPv4 traffic and does not require any special...

Page 62: ...o the Primary Interface Active Connections When the Primary Interface is created the connections inher ited by the new bond are listed here When edited Active Con nections on the aggregate will not be updated if the primary interface is changed Click to edit the details of an existing interface Updating a bridge will temporarily interrupt network activity on the inter face when you click the Updat...

Page 63: ...d for all Ethernet frames unless it fails in which case a non preferred redundant link is enabled Note STP Limitations If multiple bridges are created on the same switch they should not be used on the same network segment as they have the same MAC addresses therefore STP will likely not work correctly as they will have the same bridge id Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Pro...

Page 64: ... Create New Bridge button 2 Click to select the Enable Spanning Tree Protocol option Bridge With STP Enabled OGCLI admin om2248 ogcli get physif system_net_physifs 5 bridge_setting id system_net_physifs 5 bridge_setting stp_enabled true description Bridge device br0 enabled true id system_net_physifs 5 media bridge name init_br0 slaves 0 net2 3 CONFIGURE MENU 64 ...

Page 65: ...hysif system_net_physifs 5 bridge_setting stp_enabled false bridge_setting id system_net_physifs 5 bridge_setting stp_enabled false description Bridge device br0 enabled true id system_net_physifs 5 media bridge name init_br0 slaves 0 net2 3 CONFIGURE MENU 65 ...

Page 66: ...NS IPsec Tunnels On the IPsec Tunnels page you can create edit and delete IPsec tunnels To create an IPsec tunnel 1 Click CONFIGURE NETWORK CONNECTIONS IPsec Tunnels 2 Click CREATE TUNNEL This opens the EDIT IPSEC TUNNEL page CONFIGURE MENU 66 ...

Page 67: ...the pre shared key is exchanged unprotected 5 Select a Cipher Suite Proposal This is a set of algorithms used for nego tiation when attempting to establish the IPsec tunnel By default the device will attempt to negotiate the tunnel using a list of common algorithms which are considered safe Alternatively a set of default proposals that guarantee Perfect Forward Secrecy PFS can be selected 6 Click ...

Page 68: ...ss of the tunnel 8 Enter an Outer Remote Address the IP address or hostname of the remote end of the tunnel 9 Scroll down to the Traffic Selectors section of the page 10 Enter a Local Subnet and Remote Subnet 11 Scroll down to the third section AUTHENTICATION CONFIGURE MENU 68 ...

Page 69: ...12 Enter a PSK Shared Secret 13 Enter a Local ID and Remote ID 14 Click Save The new tunnel is now listed on the CONFIGURE NETWORK CONNECTIONS IPsec Tunnels page CONFIGURE MENU 69 ...

Page 70: ...Network Resilience CONFIGURE NETWORK RESILIENCE Under the NETWORK RESILIENCE menu you can manage Out of Band OOB and IP Passthrough settings CONFIGURE MENU 70 ...

Page 71: ...OOB Failover CONFIGURE NETWORK RESILIENCE OOB Failover To manage Out of Band failover click CONFIGURE NETWORK RESILIENCE OOB Failover CONFIGURE MENU 71 ...

Page 72: ...IP Passthrough CONFIGURE NETWORK RESILIENCE IP Passthrough To manage IP Passthrough settings clickCONFIGURE NETWORK RESILIENCE OOB Failover CONFIGURE MENU 72 ...

Page 73: ...gement CONFIGURE USER MANAGEMENT Under the User Management menu you can create edit and delete groups and users as well as assign users to groups You can also set up remote user authen tication CONFIGURE MENU 73 ...

Page 74: ...Groups CONFIGURE USER MANAGEMENT Groups To create a new group 1 Select CONFIGURE USER MANAGEMENT Groups 2 Click the Plus button The NEW GROUP page opens CONFIGURE MENU 74 ...

Page 75: ...3 Enter a Group Name Description and select a Role for the group 4 Choosing the Console User role allows you to select specific ports this group will be able to access CONFIGURE MENU 75 ...

Page 76: ...e group have full access to and control of all managed devices full system configuration privileges and full access to the command line shell To modify an existing group 1 Select CONFIGURE USER MANAGEMENT Groups 2 Click Edit in the Actions section of the group to be modified and make desired changes 3 Click Save Group The CONFIGURE User Management Groups page also allows administrators to delete a...

Page 77: ...Local Users CONFIGURE USER MANAGEMENT Local Users To create a new user 1 Navigate to the CONFIGURE USER MANAGEMENT Local Users tab 2 Click the button The New User dialog appears CONFIGURE MENU 77 ...

Page 78: ... without password which causes them to fall back to remote authentication 1 Select CONFIGURE User Management Remote Authentication 2 Select a Scheme 3 Enter Settings and click Apply 4 Select CONFIGURE USER MANAGEMENT Local Users 5 Click the button The New User dialog loads 6 Enter a Username Description 7 Select the Remote PasswordOnly checkbox CONFIGURE MENU 78 ...

Page 79: ...sired changes 3 Click Save User The Edit Users dialog allows the user s Description to be changed Group Mem berships modified and the user s Password to be reset The username cannot be changed To disable a user uncheck the Enabled checkbox Disabled users cannot log in to the OPERATIONS MANAGER using either the Web based interface or via shell based logins To manage SSH authorized keys for a user C...

Page 80: ...he Plus button to add a new key This opens the NEW AUTHORIZED KEY page for this user 4 Enter the key and click Apply You can also click on Add Authorized Key and disable password for SSH for this user from this page 5 To delete a key click CONFIGURE USER MANAGEMENT Local Users and click the Authorized Key button for the user CONFIGURE MENU 80 ...

Page 81: ...o the key you wish to remove To delete a user 1 Select CONFIGURE USER MANAGEMENT Local Users 2 Click the Delete User button in the Actions section next to the user to be deleted 3 Click Yes in the Confirmation dialog CONFIGURE MENU 81 ...

Page 82: ...rts three AAA systems l LDAP Active Directory and OpenLDAP l RADIUS l TACACS To begin select CONFIGURE USER MANAGEMENT Remote Authentication To configure LDAP authentication for example 1 Under CONFIGURE User Management Remote Authentication select LDAP from the Mode drop down menu CONFIGURE MENU 82 ...

Page 83: ... s distinguished name is cn John Doe d c Users dc ACME dc com the Base DN is dc ACME dc com 4 Add the Bind DN This is the distinguished name of a user with privileges on the LDAP system to perform the lookups required for retrieving the username of the users and a list of the groups they are members of 5 Add the password for the binding user CONFIGURE MENU 83 ...

Page 84: ...check Ignore referrals option When checked LDAP will not follow referrals to other remote authentication servers when logging users in If mul tiple remote authentication servers exist on the network checking this option may improve log in times Note Multiple servers can be added The LDAP subsystem queries them in a round robin fashion To configure RADIUS 1 Under CONFIGURE User Management Remote Au...

Page 85: ...n a round robin fashion To provide group membership RADIUS needs to be configured to provide a list of group names via the Framed Filter Id attribute The following configuration snippet shows how this can be configured for FreeRADIUS operator1 Auth Type System Framed Filter ID group_name west_coast_admin east_coast_user Note The Framed Filter ID attribute must be delimited by the colon character T...

Page 86: ...ncrypted passwords select Login 3 Add and confirm the Server password also known as the TACACS Secret 4 Add the Service This determines the set of attributes sent back by the TACACS server Note Multiple servers can be added The TACACS subsystem queries them in a round robin fashion user operator1 service raccess groupname west_coast_admin east_cost_user CONFIGURE MENU 86 ...

Page 87: ...To do this with Cisco ACS see Setting up permissions with Cisco ACS 5 and TACACS on the Opengear Help Desk CONFIGURE MENU 87 ...

Page 88: ...red to be accessed A RemoteLocal alert banner ensures all users are made aware that if the RemoteLocal policy is selected their local users will not be accessible If a RemoteDownLocal policy is selected and the AAA server is contactable then local authentication won t be used Note This feature is backwards compatible with previous versions of software the rest api version is unchanged Change Authe...

Page 89: ...tion banner Authentication Scenarios The following example shows RADIUS protocol mode but the behavior is the same for other protocols such as TACACS or LDAP l User does not exist l When using RemoteLocal authentication for all types of remote servers if remote authentication fails because the user does not exist on the remote AAA server the OM device will attempt to authenticate the user using a ...

Page 90: ... is unreachable or down the OM device tries to authenticate the user using a local account as per a regular local log in l Remote server is up but incorrect credentials l The user is denied access Warnings indicate that RemoteLocal is enabled CONFIGURE MENU 90 ...

Page 91: ...Services CONFIGURE SERVICES The CONFIGURE SERVICES menu lets you manage services that work with the OPERATIONS MANAGER CONFIGURE MENU 91 ...

Page 92: ...munications between it and the browser To examine this certificate or generate a new Certificate Signing Request select CONFIGURE SERVICES HTTPS Certificate The details of the Current SSL Certificate appear Below this listing is a Certificate Signing Request form which can be used to gen erate a new SSL certificate CONFIGURE MENU 92 ...

Page 93: ...CONFIGURE MENU 93 ...

Page 94: ...is service by clicking the Enable check box You can set a System Description that overrides the default system description sent by the network discovery protocol daemon The default description is the ker nel name the node name the kernel version the build date and the architecture You can also enter a value in the CDP Platform Override to override the CDP plat form name The default name is the ker...

Page 95: ...his page Select CONFIGURE SERVICES Routing page Select any of the following and click the Apply button l BGP Border Gateway Protocol l OSPF Open Shortest Path First Protocol l IS IS Intermediate System to System Protocol l RIPD Routing Information Protocol CONFIGURE MENU 95 ...

Page 96: ... username with port selection information The default delimiter is a plus sign For example username port address You can change more values on this page l Max Startups Start the number of unauthenticated connections before they are refused l Max Startups Rate is a percentage that represents the rate of unau thenticated connections refused This percentage is a probability that CONFIGURE MENU 96 ...

Page 97: ...increases linearly until the unauthenticated connections reach full l Max Startups Full is the number of unauthenticated connections allowed CONFIGURE MENU 97 ...

Page 98: ... to via the serial port When unauthenticated access is enabled SSH is available to all serial ports on the device without requiring a password Note Unauthenticated access can be used with or without IP aliases for serial ports Caution For security Unauthenticated SSH should only be used when oper ating within a trusted closed network for example within a lab There is a security risk in allowing an...

Page 99: ... to all serial ports will be available through SSH on TCP port 3000 or Serial Port IP aliases Enable Disable Enabling or disabling this feature is done in the user interface To enable the feature click on the Enabled button then click the Apply button The feature is enabled immediately and a pop up will confirm that the feature is enabled Note Clicking the Apply button saves any changes you have m...

Page 100: ...e Use a network client to con nect to the service network Base Port serial port num ber In this example the SSH base port is TCP port 3000 so SSH to TCP port 3001 directly con nects you to serial port 1 SSH to the Opengear device log in adding portXX to your username e g root port01 or operator port01 SSH to the Opengear device log in adding the port label to your username e g root Router or oper ...

Page 101: ... active console session after closing pmshell connecting to the device again will resume the session and you are not prompted for the device pass word Properties and Settings Property Definition Range Serial Port Delimiter A character that separates the User name and port selection information The default value is the character Default is maximum length is 1 The prohibited characters are and Sourc...

Page 102: ... sshd_config else if isprint v 0 valid 0 else valid 1 Port Number for Direct SSH Links This port number will be used for direct SSH links on the serial ports page Set this option if you have configured SSH to be reachable on a non standard port Max Startups Start The number of connections pending authen tication before new connections begin to be refused Required start int minimum 1 default 10 CON...

Page 103: ...ups value is reached The rate is increased to 100 at Max Startup Full Required rate int minimum 1 maximum 100 default 30 The rate at which connections are refused ran domly begins at max startup rate and increases linearly until the number of connections pending authentication reach max startups full in which case 100 of new connections are refused Unauthenticated Access to Serial Ports This is th...

Page 104: ... multiple external servers to export the syslog to via TCP or UDP This page lists any previously added external syslog servers To add a new one 1 Navigate to CONFIGURE SERVICES Syslog 2 Click the Plus button The External Syslog Servers form appears CONFIGURE MENU 104 ...

Page 105: ... If no port is entered UDP defaults to port 514 and TCP defaults to 601 5 Click Apply To edit an existing syslog server click the Edit button under Actions Delete a server by clicking the Delete button or the checkbox next to multiple servers and the Delete Selected button CONFIGURE MENU 105 ...

Page 106: ...activity When remote logs are being received local logs continue to be recorded Devices in a network can produce thousands of log entries due to the number of logs occurring each hour users demand the ability to configure the facility and severity for console port logs The Remote Syslog collector can be configured so as to categorize and prioritize the logs appropriately thus allowing you to easil...

Page 107: ...Actions column 3 Navigate to Logging Settings and select the required logging level 4 Click the Apply button The change will be applied within a few seconds Set Global Serial Port Settings Navigate to Configure Services Syslog Global Serial Port Settings 1 In the Global Serial Ports tab i Select the required Facility ii Select the required Severity Note See the tables below for definitions of Faci...

Page 108: ...ver Field Definition Description Unique familiar text description or name given to this sys log server that users will recognize Server Address The IP address of the remote syslog server you are using for logging Protocol Click to select the required protocol for data transmission to the syslog server Port The Remote Syslog Server IP address Minimum Log Sever ity Level Log entries with a value equ...

Page 109: ...em Daemon System daemons Auth Security authentication messages Syslog Messages generated internally by syslogd lpr Line printer subsystem News Network news subsystem uucp UUCP subsystem Cron Clock daemon Authpriv Security authentication messages ftp FTP daemon Local Locally used facilities CONFIGURE MENU 109 ...

Page 110: ...stem is unusable 1 Alert Action must be taken immediately 2 Critical Critical conditions 3 Error Error conditions 4 Warning Warning conditions 5 Notice Normal but significant conditions 6 Info Informational messages 7 Debug Debug level messages CONFIGURE MENU 110 ...

Page 111: ...e to the SETTINGS Services Session Settings page l Web Session Timeout This value can be set from 1 to 1440 minutes l CLI Session Timeout This value can be set from 1 to 1440 minutes or set it to 0 to disable the timeout Changes take effect the next time a user logs in via the CLI CONFIGURE MENU 111 ...

Page 112: ...Firewall CONFIGURE FIREWALL The CONFIGURE FIREWALL menu lets you configure Firewall Management Interzone Policies and Services CONFIGURE MENU 112 ...

Page 113: ...nt To change firewall management settings navigate to CONFIGURE FIREWALL Management You can expand each zone by clicking the Expand arrow on the right Once expan ded you can click Edit Zone to change settings for a particular zone CONFIGURE MENU 113 ...

Page 114: ...Add a Description for this zone l Permit all Traffic l Masquerade Traffic l Select Physical Interfaces l Manage Permitted Services by clicking on Plus or Minus next to each Note You can use the Filter Interfaces and Filter Available Services text boxes to navigate through the lists CONFIGURE MENU 114 ...

Page 115: ...u are editing The third tab MANAGE CUSTOM RULES allows you to add edit and delete cus tom firewall rules for the zone you are editing These custom rules continue to exist after reboots upgrades and power cycles These rules are prioritized by the order they are added To add a new custom rule CONFIGURE MENU 115 ...

Page 116: ...ditional menu options under CONFIGURE FIREWALL are Rules Services and Zones The mainFIREWALL MANAGEMENT page also contains quick links to Add Fire wall Service shield icon on upper right Add Firewall Zone plus icon on upper right and Edit Zones pages pencil icon in expanded view for the currently selec ted zone Manage Firewall Rules Click CONFIGURE FIREWALL Services This opens the SERVICES page wi...

Page 117: ...o the bottom of the page to access the Plus button to add a new service Enter a Service description and a Zone for the new rule Manage Firewall Zones Click CONFIGURE FIREWALL MANAGEMENT This opens the ZONES page with a list of all firewall zones CONFIGURE MENU 117 ...

Page 118: ...Zones can be added deleted or edited from this page Click the PLUS symbol on the top right of the page to add a new zone CONFIGURE MENU 118 ...

Page 119: ...The NEW FIREWALL ZONE page allows you to l Name the zone l Add a Description for this zone l Permit all Traffic l Masquerade Traffic l Select Physical Interfaces CONFIGURE MENU 119 ...

Page 120: ...Interzone Polices CONFIGURE FIREWALL Interzone Policies Click CONFIGURE FIREWALL Interzone Policies This opens the INTERZONE POLICIES CONFIGURE MENU 120 ...

Page 121: ...s Click CONFIGURE FIREWALL Services This opens the SERVICES page with a long list of predefined firewall services Services can be added deleted or edited from this page Note Predefined services cannot be edited Click the Plus button to add a new service CONFIGURE MENU 121 ...

Page 122: ...Enter a Name Label Port and Protocol Select a Protocol TCP or UDP from the Plus button menu Add more Ports and Protocols as desired and click Apply CONFIGURE MENU 122 ...

Page 123: ...Time CONFIGURE DATE TIME The Date Time section of the navigation bar provides a means to l Set the time zone l Manually set the correct time and date l Automatically set the date and time CONFIGURE MENU 123 ...

Page 124: ... Zone CONFIGURE DATE TIME Time Zone To set the time zone 1 Click CONFIGURE DATE TIME Time Zone 2 Select the OPERATIONS MANAGER s time zone from the Time Zone drop down list 3 Click Apply CONFIGURE MENU 124 ...

Page 125: ...anual Settings CONFIGURE DATE TIME Manual Settings To manually set the correct time and date 1 Click CONFIGURE DATE TIME Manual Settings 2 Enter the current Date and Time 3 Click Apply CONFIGURE MENU 125 ...

Page 126: ...ME Automatic Settings Automatic Setting of the date and time 1 Click CONFIGURE DATE TIME Automatic Settings 2 Click the Enabled checkbox 3 Enter a working NTP Server address in the NTP Server Address field 4 Click Apply CONFIGURE MENU 126 ...

Page 127: ... is released After specifying the location of the firmware and beginning the process the system will unavailable for several minutes and then reboot Unlike a factory reset users and other con figuration data is maintained To perform a system upgrade 1 Select CONFIGURE System System Upgrade 2 Select the Upgrade Method either Fetch image from HTTP HTTPS Server or Upload Image CONFIGURE MENU 127 ...

Page 128: ...erform Upgrade Or if upgrading via Upload Image 1 Click the Choose file button 2 Navigate to the directory containing the file 3 Select the file and press Return 4 Click Perform Upgrade Note The Advanced Options section should only be used if a system upgrade is being performed as part of an Opengear Support call CONFIGURE MENU 128 ...

Page 129: ...Once the upgrade has started the System Upgrade page displays feedback as to the state of the process CONFIGURE MENU 129 ...

Page 130: ... CONFIGURE SYSTEM Administration To set the hostname add a contact email or set a location for the OPERATIONS MANAGER 1 Click CONFIGURE SYSTEM Administration 2 Edit the Hostname field 3 Click Apply CONFIGURE MENU 130 ...

Page 131: ...IONS MANAGER to its factory settings 1 Select CONFIGURE SYSTEM Factory Reset 2 Select the Proceed with the factory reset checkbox 3 Click Reset Note This performs the same operation as the hard factory erase button This resets the appliance to its factory default settings Any modified configuration information is erased You will be prompted to log in and must enter the default CONFIGURE MENU 131 ...

Page 132: ...administration username and administration password Username root Pass word default You will be required to change this password during the first log in CONFIGURE MENU 132 ...

Page 133: ...Reboot CONFIGURE SYSTEM Reboot To reboot the OPERATIONS MANAGER Select CONFIGURE SYSTEM Reboot SelectProceed with the reboot and click Reboot CONFIGURE MENU 133 ...

Page 134: ...are and beginning the process the system will unavailable for several minutes and then reboot Unlike a factory reset users and other con figuration data is maintained To perform a system upgrade 1 Navigate to the CONFIGURE System System Upgrade page 2 Select the Upgrade Method either Fetch image from HTTP HTTPS Server or Upload Image CONFIGURE MENU 134 ...

Page 135: ...SNMP CONFIGURE SNMP The CONFIGURE SNMP menu has two options SNMP Service and SNMP Alert Managers CONFIGURE MENU 135 ...

Page 136: ... Ser vice page This page allows you to specify which SNMP services to enable When you click on ENABLED for SNMP V1 V2 or SNMP V3 a detail form appears where you can add service specific settings You can also specify the SNMP Service Port and choose between UDP or TCP for the Protocol CONFIGURE MENU 136 ...

Page 137: ...he following Manager Protocol The transport protocol used to deliver traps to the SNMP Man ager The default value is UDP Manager Address The IPv4 Address or domain name of the computer acting as the SNMP Manager Manager Port The listening port used by the SNMP Manager The default value is 162 Version The version of SNMP to use The default is v2c CONFIGURE MENU 137 ...

Page 138: ...it if required The TRAP option does not expect acknowledgments For SNMP V1 V2C you can specify a Community This is a group name author ized to send traps by the SNMP manager configuration for SNMP versions 1 and 2c This must match the information that is setup in the SNMP Manager Examples of commonly used values are log execute net and public CONFIGURE MENU 138 ...

Page 139: ...r 1 Navigate to Configure SNMP SNMP Alert Managers 2 Click the Add New SNMP Manager button a plus character in the top right of the win dow 3 Complete the new SNMP Alert Manager Form as per the Definitions table below 4 Click the Submit button A banner appears confirming that the new SNMP Manager has been successfully created 5 The new manager appears in the list of SNMP Alert Managers 6 To delete...

Page 140: ...iption field allows you to add a description of the SNMP Alert Man ager Server Address The IPv4 IPv6 address or domain name of the computer acting as the SNMP Alert Manager Port The listening port used by the SNMP Alert Manager The default value is 162 Protocol The transport protocol used to deliver traps or informs for SNMP v3 UDP Speeds up transmissions by enabling the transfer of data before an...

Page 141: ...1 V2C Community A group name authorized to send traps by the SNMP alert manager configuration for SNMP versions 1 and 2c This will need to match what is setup in the SNMP alert manager Examples of commonly used values are log execute net and public Click the Submit button to finalize the New SNMP Manger process Click the bin widget to Delete an SNMP Manager in the Edit SNMP Manager page CONFIGURE ...

Page 142: ...rimary Lighthouse address to enroll with api_port Optional port to use for the primary address when requesting enroll ment external_endpoints List of additional address port endpoints to fall back to when enrolling password LH global or bundle enrollment password bundle Name of LH enrollment bundle ADVANCED OPTIONS 142 ...

Page 143: ...help Show help options help all Show all help options help manager Show manager options help common Show common options help modem Show modem options help 3gpp Show 3GPP related options help cdma Show CDMA related options help simple Show Simple options help location Show Location options help messaging Show Messaging options help voice Show Voice options ADVANCED OPTIONS 143 ...

Page 144: ...Show OMA options help sim Show SIM options help bearer Show bearer options help sms Show SMS options help call Show call options Application Options v verbose Run action with verbose logs V version Print version a async Use asynchronous methods timeout SECONDS Timeout for the operation ADVANCED OPTIONS 144 ...

Page 145: ...age examples and exit l d increase debugging up to 2 times l j use JSON instead of simple notation pass twice to pretty print output l u USERNAME username USERNAME l authenticate as a different user l p PASSWORD password PASSWORD l authenticate with the supplied password l n NEW_PASSWORD new password NEW_PASSWORD l authenticate with the supplied new password l sub commands l operation l get g fetc...

Page 146: ...ll list of available endpoints that can be used with the ogcli sub com mands ENDPOINT OPERATIONS ARGS alerts authentication get replace alerts config_change get replace alerts networking get replace alerts system get replace auth get replace auto_response beacons get merge delete auto_response beacon create get replace delete id auto_response reactions get merge delete ADVANCED OPTIONS 146 ...

Page 147: ...eacons get id cellfw info get conns get merge conn create get replace delete id export get failover settings get replace failover status get firewall policies get merge firewall policy create get replace delete id firewall predefined_services get firewall rules get merge delete firewall rule create get replace delete id ADVANCED OPTIONS 147 ...

Page 148: ...roups get merge replace group create get replace delete id ip_passthrough get replace ip_passthrough status get ipsec_tunnels get merge ipsec_tunnel create get replace delete id lighthouse_enrollments get lighthouse_enrollment create get delete id logs portlog get id managementports get merge managementport get replace id ADVANCED OPTIONS 148 ...

Page 149: ...te id physifs get merge physif create get replace delete id ports get merge port get replace id port_power replace id port_sessions get delete port_session get delete idpid ports auto_discover schedule get replace ports fields get search ports get services https get replace ADVANCED OPTIONS 149 ...

Page 150: ...ssh get replace services syslog_servers get merge services syslog_server create get replace delete syslog_ server_id ssh authorized_keys get merge ssh authorized_key create delete user idkey id static_routes get merge replace delete static_route create get replace delete id system admin_info get replace system banner get replace ADVANCED OPTIONS 150 ...

Page 151: ...odel_name get system serial_number get system ssh_port get replace system system_authorized_keys get merge system system_authorized_key create delete key id system time get replace system timezone get replace system version get system webui_session_timeout get replace users get merge replace user create get replace delete user id ADVANCED OPTIONS 151 ...

Page 152: ...s ogcli set users record_list ogcli set user users 1 record Modify items ogcli update user users 1 partial_record ogcli update user users 1 field value Create items ogcli create user record Delete items ogcli delete user users 1 Merge items in a list ogcli merge syslog list of records Export all config ogcli export path to file Import config ogcli import path to file ogcli import path to file ADVA...

Page 153: ...from the shell ogcli create user username root description superuser Merge items in a list ogcli merge syslog list of records Export all config ogcli export path to file Import config ogcli import path to file ogcli import path to file ogcli takes records from stdin so a variety of options are available when passing records ogcli create user record ogcli create user END username root description s...

Page 154: ...Note Double quotes around strings should be protected from the shell ADVANCED OPTIONS 154 ...

Page 155: ...pers can use containers to package up an application with all of the parts it needs like libraries and dependencies and then ship it out as one package Docker is running by default on the OPERATIONS MANAGER You can access commands by typing docker in the Local Terminal or SSH To find out more enter docker help ADVANCED OPTIONS 155 ...

Page 156: ...ntab options file crontab options crontab n hostname Options u user define user e edit user s crontab l list user s crontab r delete user s crontab i prompt before deleting n host set host in cluster to run users crontabs c get host in cluster to run users crontabs x mask enable debugging To perform start stop restart on crond service etc init d crond start ADVANCED OPTIONS 156 ...

Page 157: ...bs running with the following command to list all crontabs crontab l To edit or create a custom crontab file crontab e This opens a personal cron configuration file Each line can be defined as one com mand to run The following format is used minute hour day of month month day of week command For example append the following entry to run a script every day at 3 am 0 3 etc config backup sh Save and ...

Page 158: ...er power is applied to the unit and as long as the unit is unconfigured the ZTP over USB process will be triggered Here unconfigured has the same meaning as for ZTP no changes made to the ogconfig data store Note Setting the root password on first log in counts as a config change The following manifest og keys are implemented This provides image installation Lighthouse enrollment and arbitrary scr...

Page 159: ... external_endpoints List of additional address port endpoints to fall back to when enrolling password LH global or bundle enrollment password bundle Name of LH enrollment bundle ADVANCED OPTIONS 159 ...

Page 160: ...EULA and GPL The current Opengear End User License Agreement and the GPL can be found at http opengear com eula ADVANCED OPTIONS 160 ...

Page 161: ...finition Edit button Add item eg SNMP Manager VLAN interface or create VLAN interface Bonded interfaces or create new bond Bridged interfaces or create new bridge Standard network interface Cellular interface Interface with bridge Interface with bond Bin widget Delete selected object UI BUTTON DEFINITIONS 161 ...

Page 162: ...UI BUTTON DEFINITIONS 162 ...

Reviews:

No comments

Related manuals for OM1200 Series

D-Link DWR-112 Technical Support Setup Procedure preview
DWR-112
Brand: D-Link Pages: 11
D-Link DSR-250 Cli Reference Manual preview
DSR-250
Brand: D-Link Pages: 83
D-Link DSR-150 Reference Manual preview
DSR-150
Brand: D-Link Pages: 129
D-Link DSL-G804V Manual preview
DSL-G804V
Brand: D-Link Pages: 10
D-Link DSL-G804V Quick Information Manual preview
DSL-G804V
Brand: D-Link Pages: 21
D-Link DSL-2750E Quick Start Manual preview
DSL-2750E
Brand: D-Link Pages: 6
D-Link DSL-2750E Technical Support Setup Procedure preview
DSL-2750E
Brand: D-Link Pages: 17
D-Link DSL-2740U Setup Manual preview
DSL-2740U
Brand: D-Link Pages: 4
D-Link DSL-2730B How To Set Up preview
DSL-2730B
Brand: D-Link Pages: 6
D-Link DSL-520T Quick Installation Manual preview
DSL-520T
Brand: D-Link Pages: 86
D-Link DSL-502T Installing Usb Drivers preview
DSL-502T
Brand: D-Link Pages: 3
D-Link DSL-3900 Quick Start Manual preview
DSL-3900
Brand: D-Link Pages: 4
D-Link DWR-921 How To Set Up preview
DWR-921
Brand: D-Link Pages: 4
D-Link DSL-3580L Series Quick Installation Manual preview
DSL-3580L Series
Brand: D-Link Pages: 20
D-Link DSL-3785 Quick Installation Manual preview
DSL-3785
Brand: D-Link Pages: 64
D-Link DSL-224 User Manual preview
DSL-224
Brand: D-Link Pages: 73
GE MDS 4710M Setup Manual preview
MDS 4710M
Brand: GE Pages: 6
Acconeer A111 User Manual preview
A111
Brand: Acconeer Pages: 32

Brands by name

Popular brands

Load more brands