Raritan DOMINION SX - User Manual Download Page 207 | Manualshive

Page: 207 / 226

background image

A

PPENDIX

D:

S

ERVER

C

ONFIGURATION

189

15.

Move the new policy so it appears as the first (top) policy in the Policy List.

Note: If required, create a policy to allow dialup access to all users that are members of a
group (Windows may already have a default Policy in place to permit access by any user
with Dial In enabled, so this new policy would be optional. If you want to use a new Policy,
ensure that it appears above the default policy).

16.

Ensure that the service is started.

17.

Ensure that the

Active Directory / Local

account for the user has Dial In access enabled

in their user profile. If the Windows 2000 Domain server is in

Native Mode

and IAS is

registered with the Active Directory, you can set the

User Profile -> Dial In

setting to

use Remote Access Policies.

Cisco ACS RADIUS Server

The Cisco Access Control Server (ACS) is another authentication solution supported by the
Dominion SX unit. For the Dominion SX to support RADIUS, both the unit and the user
information must be added into the RADIUS configuration.

Configure the Dominion SX to use a Cisco ACS Server

The following procedure configures the Dominion SX unit to work with a Cisco Radius Server.

1.

Select the

User Management

tab on DSX screen.

2.

Go to the

Configuration

section.

3.

Select the

User Group List

.

4.

Click on

Add New User Group

.

You can define port access and user class (operator or observer). This user group will be used
later as a value to the Filter-Id attribute on the Cisco Radius Server. The Dominion SX comes
with factory default group

Admin

that will be used as an example in this section; however, any

local group can be used as value to the Filter-Id attribute on the Cisco ACS Server.

Notes: Group names are case sensitive and must match exactly those defined in the
Filter-Id attribute on the Radius server.

Only Version 3.1 of the Cisco Radius Server has been tested; however, other versions of the
RADIUS server should operate with the DSX.

Configure the Cisco ACS Server

1.

Log on to Cisco ACS Server using the browser.

2.

Type your

Username

and

Password.

3.

Click

Login

.

4.

Click

Network Configuration

in the left panel of the screen and select

Add Entry

to

add/edit an AAA Client. This must be done for each unit that is going to be accessed via
RADIUS.

5.

Click on the

Authenticate

Using

drop-down menu and select

RADIUS (IETF)

.

6.

Click

Submit.

7.

Click

Interface Configuration

in the left panel of the screen.

8.

Click on the

RADIUS (IETF)

link to edit properties.

9.

Under the

User

and

Group

columns, place a checkmark in the check boxes before

Filter-Id

.

10.

Click

Submit.

«
...
205
206
207
208
209
...
»

Summary of Contents for DOMINION SX -

Page 1: ...Dominion SX User Guide Release 3 1 Copyright 2007 Raritan Inc DSX 0M E April 2007 255 60 2000 00...

Page 2: ...This page intentionally left blank...

Page 3: ...e FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy an...

Page 4: ...ines In Raritan products that require rack mounting follow these precautions Operation temperature in a closed rack environment may be greater than room temperature Do not exceed the rated maximum amb...

Page 5: ...Network Configuration 13 Deployment 14 LAN Connection 14 Modem Connection Optional 14 Chapter 4 Network Settings and Services 15 Configuring the Basic Network Settings 15 Give the DSX a Name 15 Config...

Page 6: ...Handling 60 Strong Password Settings 61 Configure Kerberos 61 Certificates 61 Generate a Certificate Signing Request 62 Install a User Key 63 Install a User Certificate 63 SSL Client Certificate 64 En...

Page 7: ...ine Interface Overview 91 Accessing the Dominion SX Using CLI 94 SSH Connection to the Dominion SX 94 SSH Access from a Windows PC 94 SSH Access from a UNIX Workstation 94 Telnet Connection to the Dom...

Page 8: ...rts Config Command 118 Ports Keywordadd Command 120 Ports Keyworddelete Command 120 Configuring Services 120 dpa Command 121 Encryption Command 123 HTTP Command 123 HTTPS Command 124 Logout Command 12...

Page 9: ...wer Associations 157 Create a Port Power Association 157 Delete a Port Power Association 158 Power Strip Configuration 158 Power Association Groups 159 Power Control 159 Associations Power Control 160...

Page 10: ...Explorer 182 Installing a Third Party Root Certificate to Netscape Navigator 183 Generate a CSR for a Third Party CA to sign 183 Install Third Party Certificate to SX 183 Install Client Root Certific...

Page 11: ...Panel 29 Figure 27 Port Keywords Screen 31 Figure 28 Port Configuration Screen 32 Figure 29 Edit Port Screen 33 Figure 30 Direct Port Access Mode Field 34 Figure 31 Port Access Screen 35 Figure 34 Ja...

Page 12: ...78 Figure 89 Event Log 79 Figure 90 Send Event Log Screen 80 Figure 91 Backup Screen 81 Figure 92 Restore Screen 82 Figure 93 Firmware Version 83 Figure 94 Firmware Upgrade Screen 84 Figure 95 Firmwa...

Page 13: ...122 Network Connection Type 198 Figure 123 Device Selection 198 Figure 124 Phone Number to Dial 199 Figure 125 Connection Availability 199 Figure 128 Network Connection Type 200 Figure 129 Device Sel...

Page 14: ...le 21 Routeadd Command 116 Table 22 Routedelete Command 116 Table 23 NFS Command 117 Table 24 Port Configuration Command 118 Table 25 Port Keywordadd Command 120 Table 26 Port Keyworddelete Command 12...

Page 15: ...X Specifications 167 Table 72 Dominion SX Dimensions and Weight 168 Table 73 Dominion SX Requirements 169 Table 74 Browser Requirements 169 Table 75 Connectivity 170 Table 76 Dominion SX RJ 45 Serial...

Page 16: ...Line Interface CSC Common Socket Connection DPA Direct Port Access HTTP Hypertext Transfer protocol HTTPS HTTP Secure over SSL LAN Local Area Network LDAP Lightweight Directory Access Protocol LDAP S...

Page 17: ...ual Private Network Notices Important cautionary information that warns of possible affects on the users corruption risks and actions that may affect warranty and service coverage Note general informa...

Page 18: ...This page intentionally left blank...

Page 19: ...SX Provides a non intrusive solution for managing network elements and does not require any installation of software agents on the target device Connects to any networking device servers firewalls loa...

Page 20: ...ers Three Levels of User Access o Administrator Has read and write access to the console window can modify the configuration of unit o Operator Has read and write access to the console window cannot m...

Page 21: ...ome units 1 Raritan Dominion SX User Guide CD ROM which contains the installation and operations information for the Dominion SX 1 Printed Dominion SX Quick Setup Guide 1 Power cord 1 Release Notes 1...

Page 22: ...4 DOMINION SX USER GUIDE This page intentionally left blank...

Page 23: ...y 5000 Username admin all lowercase Password raritan all lowercase Pre Installation Ensure that you have the correct cabling ready to connect to the serial consoles of the target server s or other ser...

Page 24: ...Connect the male end of the external power cord to the power supply outlet 7 Power ON the Dominion SX unit Note The unit will perform a hardware and firmware self test then start the software boot seq...

Page 25: ...ESS Example route add 192 168 0 192 15 128 122 12 UNIX including Sun Solaris system route add 192 168 0 192 CLIENT_HOST IP ADDRESS interface Example route add 192 168 0 192 15 128 122 12 interface 3 T...

Page 26: ...Service Agreement Screen appears Figure 5 Restricted Service Agreement Screen Note Once you click Accept after login the Dominion SX prompts you to change the default password A Change Password screen...

Page 27: ...IP address 192 168 0 192 2 To check the route table in Windows type the command route print in a Command window on the installation computer If 192 168 0 192 is on the gateway list proceed to step 3...

Page 28: ...re group name is the name of the group and class type is Op for operator Ob for observer n1 n2 n3 is a list of port numbers this group has access to separated by comas and no spaces You could configur...

Page 29: ...ee Chapter 12 Command Line Interface for CLI information Dominion SX Initial Software Configuration 1 Log on to the Dominion SX using your new password A Port Access screen appears according to your u...

Page 30: ...ddress of a Network Time Protocol NTP server in the Primary Time Server If you have a backup NTP server enter its IP address in the Secondary Time Server field 4 Type the Interface Name in the Interfa...

Page 31: ...here this unit will reside Gateway IP Gateway Default gateway for this unit 3 Select the Mode from the Mode drop down menu 4 Type the Domain Name in the Domain field 5 Type your Unit Name in the Unit...

Page 32: ...connection LAN 2 4 Perform a quick connectivity check by connecting to the device using the Web browser 5 Enter https IPAddress in the address line where IPAddress is the IP address of the unit as pre...

Page 33: ...and then click Network The Network Basic Settings and Ports screen appears Figure 12 Figure 12 Network Basic Settings and Ports Screen Give the DSX a Name To give the DSX unit a name to help identify...

Page 34: ...the various network access services Service Default Setting HTTP Enabled The default port is 80 This can be changed HTTPS redirect is enabled by default If HTTPS is also enabled all HTTP requests are...

Page 35: ...7 To change any of these network service settings 1 Click the Setup tab and then click Services The Network Service Settings screen appears Figure 13 Network Service Settings 2 Make any necessary chan...

Page 36: ...efault is 10 0 0 2 5 If you want to enable modem dialback click the Enable Modem Dial Back checkbox 6 Click OK Modem access is enabled Configuring IP Forwarding and Static Routes You can enable IP for...

Page 37: ...ace field On a DSX with two LAN interfaces select the one you want from the drop down menu In the Interface field LAN1 eth0 LAN2 eth1 4 Type the IP address subnet mask and gateway of the destination h...

Page 38: ...en click Static Routes The Static Routes screen appears It consists of an Enable IP Forwarding panel and a Static Routes List 2 Go the Static Routes List and click the checkbox next to the route you w...

Page 39: ...many other user profiles as necessary You can create individual user profiles for each person who will be logging into the DSX or you can create a limited number of profiles and allow more than one p...

Page 40: ...ne number in the Dialback field This field is optional 6 Type any comments about the user profile in the Information field This field is to help you identify the profile It is optional 7 Type the pass...

Page 41: ...ot displayed To change the profile s password type a new password in the Password and Confirm Password fields If you leave these fields as is the password is unchanged 5 Click OK when finished The use...

Page 42: ...ck User Group List The Group List screen appears Figure 20 2 Click Add New User Group The New Group screen appears Figure 21 New Group Screen 3 Type a group name in the Group Name field You can enter...

Page 43: ...ick the User Management tab and then click User Group List The Group List screen appears Figure 20 2 Click the Group Name of the group you want to edit The Edit Group screen appears It looks exactly l...

Page 44: ...26 DOMINION SX USER GUIDE...

Page 45: ...d out or the DSX because you can always be authenticated locally Configuring RADIUS You can use Remote Dial In User Service RADIUS to authenticate DSX users instead of local authentication To configur...

Page 46: ...ses Secret 5 Type the root point to bind to the server in the Base DN field This is the same as Directory Manager DN for example BaseDn cn Directory Manager 6 Type a string in the Query field Make sur...

Page 47: ...e Remote Authentication screen appears It contains a TACACS panel Figure 24 TACACS Panel 2 In the TACACS panel click the TACACS button to enable TACACS authentication 3 Under Primary TACACS type the I...

Page 48: ...30 DOMINION SX USER GUIDE...

Page 49: ...ort keywords work as a filter If a keyword is detected then and only then will a corresponding message be logged in a local NFS port log A corresponding event will be sent via SMTP if configured and c...

Page 50: ...rt Configuration screen appears Figure 26 Port Configuration Screen 2 Select the port s you want to configure You can select one port or several ports so long as the port configurations are all the sa...

Page 51: ...s is 9600 Select the Parity Bits from the Parity Bits drop down menu Select the Flow Control from the Flow Control drop down menu 4 In the Detect field indicate whether you want the Dominion SX to det...

Page 52: ...Mode Field 2 Go to the Direct Port Access Mode field The default is Normal which means disabled To enable DPA select either IP or TCP Port from the drop down menu 3 Click OK to save this information...

Page 53: ...erver from the drop down menu in the Class field 7 Select the ports for which you want anonymous port access in the Port Access field 8 Click OK Important The Dominion SX unit must be rebooted to appl...

Page 54: ...y recommends that Java Applet Caching be disabled and that you perform the following steps to make sure that Java does not create problems for the system s memory Java Applets and Memory Consideration...

Page 55: ...reases the default size to 2M Append the letter m or M to indicate megabytes and k or K to indicate kilobytes Xmx Size in bytes Sets the maximum size to which the Java heap can grow 64M The server fla...

Page 56: ...that provide the user with the ability to Modify emulation settings such as fonts and window size Manage the history of the session Request Write Access to the port Get a Write Lock on the port Send...

Page 57: ...e Timeout setting 2 Click on the Emulator drop down menu to display a list of topics Figure 32 Emulator Drop Down Menu IMPORTANT You must change the default user Idle Timeout setting on the Dominion S...

Page 58: ...2 Accept the Main Menu Shortcut default of None or choose one of the following from the Main Menu Shortcut drop down menu F10 Alt 3 Accept the Show Confirmation Dialog on Exit default or uncheck it 4...

Page 59: ...ings Then click Ok to close the Display Settings window however if you want to change the settings perform the following steps 3 Accept the Terminal Font Properties default of Arial or choose a font f...

Page 60: ...ollowing from the Encoding drop down menu US ASCII ISO 8859 1 ISO 8859 15 UTF 8 9 Choose one of the following from the Language drop down menu English Bulgarian Japanese Korean Chinese 10 Click Ok to...

Page 61: ...ong users working in the Raritan Serial Client via the Get Write Access command 10 To enable Write Access click Get Write Access on the Emulator menu You now have Write Access to the target device Whe...

Page 62: ...sers to view the connected users on the Emulator menu Figure 37 Connected Users Window 11 A check mark appears in the Write Access column after the name of the User who has Write Access to the console...

Page 63: ...r at the location where you want to paste the text 4 Click once to make that location active 5 Click Paste on the Edit menu Note Here are keyboard shortcuts that you can use to highlight copy and past...

Page 64: ...46 DOMINION SX USER GUIDE Tools 1 Click on the Tools drop down menu to display a list of topics Figure 39 Tools Menu...

Page 65: ...ar indicates whether logging is on or off 1 On the Tools menu click Start Logging 2 Choose an existing file or provide a new file name in the Save RSC Log dialog box When an existing file is selected...

Page 66: ...og box it sends whatever file you selected directly to the port If there is a loopback plug inserted you see the file displayed If there is currently no target connected then nothing will be visible o...

Page 67: ...al Console and release information about Raritan Serial Console Help Topics To Access Help Topics 1 Click Help Topics on the Help menu 2 Use the navigation bar on the right side of Table of Contents w...

Page 68: ...nd then is connected The steps in this section install the standalone Raritan Serial Client RSC Standalone Raritan Serial Client Requirements The following requirements must be met to support the Rari...

Page 69: ...led The path information will be used later Setting Windows OS Variables 1 Open the Start menu and then open the Control Panel and choose System 2 Go to Advanced and open Environment Variables Figure...

Page 70: ...lick OK Figure 45 Windows OS New System Variable 6 Select the PATH variable and click Edit 7 Add JAVA_HOME bin to the end of the current Variable value Ensure a semicolon separates the new value from...

Page 71: ...ows OS Edit System Variable 9 Select the CLASSPATH variable and click Edit Ensure the CLASSPATH Variable value is configured properly that is its value must have a period in it If for any reason there...

Page 72: ...ER The currently installed version of Java Runtime Environment JRE appears If your path variable is not set to where the java binaries have been installed you may not be able to see the JRE version To...

Page 73: ...ndows machine 2 Download or copy from a known location the RSC installer jar installation file 3 Double click on the executable file to start the installer program The splash screen appears 4 Click Ne...

Page 74: ...esired Program Group for the Shortcut 9 Click Next The installation finished screen appears 10 Click Done Launching RSC on Windows Systems 1 Double click on the shortcut or use Start Programs to launc...

Page 75: ...support please try changing the font to Courier New Go to Emulator Settings Display and select Courier New for Terminal Font Properties or GUI Font Properties Installing RSC for Sun Solaris You must...

Page 76: ...n is complete The final screen indicates where you will find an uninstaller program and allows the option of generating an automatic installation script e Click Done to close the Installation window L...

Page 77: ...In some cases this data is required for compliance with governmental or company regulations Encryption of port data log sent to a remote nfs server Security profile Man in the Middle The Security fun...

Page 78: ...pt the system defaults or type your own Login Handling 1 Go to the Login Handling panel and enter a value in the User Idle Timeout minutes field This is the length of inactive time after which the use...

Page 79: ...field or click on the Browse drop down menu and select your file 3 Type the name of the file you want for your Kerberos Configuration File in the Kerberos Configuration File field or click on the Bro...

Page 80: ...e 56 Certificate Signing Request 2 Click the checkbox labeled Generate a Certificate Signing Request 3 Click on the drop down menu in the Bits field Keep the 1024 default or change it to 512 4 Type th...

Page 81: ...labeled Install User Key 3 Type the following information in the corresponding fields The IP address of the host with the key A login and password on the host The path and name of the file containing...

Page 82: ...e certificate 4 Click OK SSL Client Certificate SSL Security certificates are used in browser access to ensure that the device that you are attached to is the device that is authorized to be connected...

Page 83: ...CHAPTER 8 SECURITY 65 Figure 59 SSL Client Certificate Screen...

Page 84: ...n the CA Name field type the name of the CA you want to view 3 Click OK to retrieve the list of CAs Managing the Client Certificate Revocation List CRL The DSX comes with VeriSign and Thawte CA certif...

Page 85: ...onsent banner that forces the user to accept the stated conditions prior to advancing into operation of the console server Figure 60 Banner Screen 1 Check one of the following fields Display Restricte...

Page 86: ...ges If a profile is disabled the features in the profile keep the states they had when the profile was enabled For example if the default TLS Required feature is unchecked and you enable the Secure pr...

Page 87: ...he Edit Custom Security Profile screen appears Figure 62 Edit Custom Security Profile Screen 3 Check one or all of the following fields Telnet Access Strong Password Required Single Login Per User Tim...

Page 88: ...between LAN interfaces Add an IPTables Rule To add an IPTables rule 1 Click the Security tab and then click Firewall The Firewall Screen appears The firewall screen displays the default IPTables rules...

Page 89: ...aximum file size is reached Your choices are Wrap This causes the log file to circle around to the beginning when the end of the file is reached Flat This causes logging to stop when the end of the fi...

Page 90: ...Prefix field 3 Type the maximum file size allowed in the Size field Once this size is reached a new file is created to store the port log data If you enter a value of 0 the DSX will not create a new f...

Page 91: ...Name No Name 1 Port1 U 2 Port2 U 3 Port3 U 4 Port4 U 5 Port5 U 6 Port6 U 7 Port7 U 8 Port8 U 9 Port9 U 10 Port10 U 11 Port11 U 12 Port12 U 13 Port13 U 14 Port14 U 15 Port15 U 16 Port16 U 17 Port17 U 1...

Page 92: ...r this checkbox Figure 68 Input Port Logging Panel 2 Type a directory for input in the In Directory field 3 Click OK Configuring Encryption To configure encryption 1 Go to the Encryption panel and cli...

Page 93: ...the Enable SMTP Server checkbox to enable SMTP logging Figure 70 SMTP Settings Panel 2 Type the IP address of the SMTP server in the SMTP Server IP Address field 3 Type the username and password in t...

Page 94: ...so that the Dominion SX unit can send messages using that SMTP server To verify that the information is correct and working 1 Send a test email by selecting an event such as event amp notice port con...

Page 95: ...NFS Settings Screen 2 Click the Enable NFS checkbox to enable NFS logging 3 Type the IP address of the NFS server in the Primary IP field and then enter the path to the log file in the Primary Directo...

Page 96: ...ty determines which SNMP management stations receive SNMP alerts 4 Click OK Create a New SNMP Destination SNMP destinations determine which SNMP management stations receive SNMP traps To create a new...

Page 97: ...log is displayed Figure 75 shows a typical event log Figure 75 Event Log Note If the number of events in the log exceeds the size of one screen a Next link is added under Event Log at the top of the s...

Page 98: ...FTP server 4 Enter the path to the location where the event log will be stored in the Remote Path field 5 Enter the name of the file to store the event log in the Remote File field 6 Click Send Displ...

Page 99: ...then click Backup The Backup screen appears Figure 77 Backup Screen 2 In the IP Address field type the IP address of the target FTP server where the backup will be written 3 In the Login field type th...

Page 100: ...which the restore data will be retrieved 3 In the Login field type the login name of the account on the system where the restore data will be stored 4 In the Password field type the password of the ac...

Page 101: ...s For example cert_pact tgz on the FTP server 4 Obtain a user account Optional if anonymous access to the FTP server is not supported The Firmware Upgrade feature allows you to upgrade the Dominion SX...

Page 102: ...e the upgrade is initiated the upgrade status message indicates the progress of the upgrade The files are copied and the unit is reset You receive the following message Upgrade is Complete The unit is...

Page 103: ...hange your mind click No Note In case you are not aware of the administrative password to log in the DSX GUI to perform a factory reset you may want to try resetting from the DSX hardware To do so ins...

Page 104: ...86 DOMINION SX USER GUIDE...

Page 105: ...ure 82 Diagnostics Screen Network Infrastructure Tools Network infrastructure tools allow you to view the status of the active network interfaces and important network statistics You can also perform...

Page 106: ...system displays network statistics Figure 84 Network Statistics 2 By default all statistics are shown To show specific statistics select an entry from the drop down menu in the Options field Your choi...

Page 107: ...Ping The screen displays the results of the ping Trace Route to Host Figure 86 Trace Route to Host 1 Click Trace Route to Host on the Diagnostics screen The Trace Route to Host screen appears 2 Type...

Page 108: ...SX USER GUIDE Administrator Tools Process Status 1 Click Process Status in the Diagnostics Screen The screen displays the results of your request Figure 87 Process Status 2 Click Refresh to update the...

Page 109: ...hes Firewalls Power strips Other user equipment The Dominion SX allows an Administrator or User to access control and manage multiple serial devices You can use the Command Line Interface CLI to confi...

Page 110: ...dem events smtp add delete dialback dialin ethernetfailover interface ipforwarding name cleareventlog eventlogfile eventsyslog portlog sendeventlog vieweventlog nfs config keywordadd keyworddelete dpa...

Page 111: ...re sendeventlog upgrade upgradehistory reboot cleareventlog upgradestatus vieweventlog ipmi writelock writeunlock port sub menu reached using escape key sequence ipmidiscover ipmitool password banner...

Page 112: ...ault Use any SSH client that supports SSHv2 to connect to it Note For security reasons SSH V1 connections are not supported by the DSX Specific information about configuring particular SSH clients is...

Page 113: ...g the following command admin Config Services telnet enable true port preferred port number 2 Reboot the system Browser GUI Enable Telnet access in the Setup Services menu Accessing the DSX Unit Once...

Page 114: ...e Stop bits 1 Flow Control None Connection To make a local port connection 1 Open a HyperTerminal application or equivalent 2 Ensure the HyperTerminal is configured to communicate with the port that i...

Page 115: ...Current Time Wed Sep 20 16 17 15 2006 admin Figure 88 Sample Administrator Login 5 login as Janet 6 Password 7 Authentication successful 8 Welcome to the DominionSX Model SX4 UnitName DominionSX Firmw...

Page 116: ...ditional text to make the entry unique and the Tab key to complete the entry CLI Syntax Tips and Shortcuts Tips Commands are listed in alphabetical order Commands are not case sensitive Parameter name...

Page 117: ...tp lpa ssh telnet snmp ntp users groups idletimeout events all Command Example The following command shows the general settings of the SX unit admin show Dominion SX4 64Mb Serial WACEA00008 Current ti...

Page 118: ...ttings Date 2006 09 20 23 20 24 Timezone 13 Use the following steps to set the user date and time 1 admin Config Time timezonelist 2 admin Config Time clock tz 21 datetime 2006 09 23 13 22 33 Setting...

Page 119: ...ory settings firmware System command to display the versions of the firmware help Display an overview of the CLI syntax history Display the current session s command line history http Enable http conn...

Page 120: ...led by default SSH and HTTPS by definition support 128 bit encryption of the traffic between the two ends of the link To accept unencrypted connections the user must manually enable the HTTP and Telne...

Page 121: ...rts Logout Password Target Connections and the CLI The purpose of the Dominion SX unit is to let authorized users establish connections to various targeted devices using the connect command Before con...

Page 122: ...or Access Client users to share ports with other authenticated and authorized users regardless of whether they are Access Client users RSC or SSH Telnet users Port sharing is used for training or for...

Page 123: ...es Dominion SX supports LDAP Active Directory TACACS and Kerberos The Dominion SX server also supports an additional level of security services that further enhance protection of the console server Th...

Page 124: ...display the following message in the banner after login Error Cannot get group information The port display will show all ports because there is no way for the client to know which port limitations e...

Page 125: ...in Config Authentication radius primarytacacs Configuring Events The events menu provides access to commands used to configure SMTP events and servers Table 7 Configuration Events Commands COMMAND OPT...

Page 126: ...l log file in bytes style wrap flat Specifies what action to take when the maximum size is reached wrap will cause the log to circle around when end is reached flat will cause logging to stop when the...

Page 127: ...he key NFS is notoriously insecure It can be accessed easily and the data misused With Dominion SX the administrator has the ability to encrypt the data stored on the NFS server Consequently if the da...

Page 128: ...ds between two updates to the remote log file The default interval is 30 The max value is 99999 inputlog true false Enable Disable logging of user input data on the port Input implies data sent to the...

Page 129: ...162 187 login acy password pasraritansword path sxlogfile file log 32 Vieweventlog Command The vieweventlog command displays the local log file The syntax of the vieweventlog command is vieweventfile...

Page 130: ...is 129 should have the following settings User Settings Login Modem Name Dialback Info SX Dialback 129 Group Admin Active 1 Dialin and Dialback should be enabled on the device used for modem communic...

Page 131: ...ary Server Enabled true IP Address 10 0 0 188 Port 389 Secret root Base DN cn root o bianor Base Search o bianor Auth Query String rciusergroup Dialback Query String telephoneNumber The Remote LDAP Se...

Page 132: ...interface command is used to configure the Dominion SX network interface When the command is accepted the unit will automatically reboot and drop the connection You must then reconnect using the new...

Page 133: ...are described in Table 17 Table 17 Ipforwarding Command COMMAND OPTION DESCRIPTION Ipforwarding Command Example The following command enables the IP Forwarding admin Config Network ipforwarding Name C...

Page 134: ...k route Routeadd Command The routeadd command is used to add a route to the kernel routing table The syntax of the command is routeadd The command options are described in Table 21 Table 21 Routeadd C...

Page 135: ...MMAND OPTION DESCRIPTION enable true false Enable or disable NFS logging primaryip primaryip IP address of the primary NFS server secondaryip secondaryip IP address of the secondary NFS server primary...

Page 136: ...owcontrol none hw sw detect true false escapemode none control escapechar char emulation type exitstring cmd delay dpaip ipaddress telnet port ssh port The command options are described in Table 24 Ta...

Page 137: ...chooses DPA mode IP The IP Address is assigned for direct port access using the following command admin Config Port config port 1 dpaip 10 0 13 240 Port 1 Configuration Saved DPA changes will not be a...

Page 138: ...ification is sent upon detecting this keyword in the data coming from the target connected to the port The syntax of the keywordadd command is keywordadd The command options are described in Table 25...

Page 139: ...and COMMAND OPTION DESCRIPTION mode IP TCPPort Per port Direct Port Access type mode IP access target port directly by unique IP Address via ssh telnet http https TCPPort access target port directly b...

Page 140: ...Access Settings Enable 1 Group Settings Name Anonymous Class Observer Ports To configure Anonymous group settings go to config user menu and execute the following command admin Config User editgroup...

Page 141: ...following example sets SSL encryption for HTTPS admin Config Services encryption prot SSL HTTP Command The http command is used to control http access and redirection and define the port The syntax of...

Page 142: ...The lpa command is used to display and set the local port access configuration Dominion SX units have one or two local ports depending on the model Insert reference to App B for the pinouts for DB9 M...

Page 143: ...port 4 The system displays this message after entering the preceding command The system will need to be rebooted for changes to take effect Telnet Command The syntax of the telnet command is telnet e...

Page 144: ...scribed in Table 33 Table 33 SNMP Add Command COMMAND OPTION DESCRIPTION dest ipaddress SNMP destination IP address port value SNMP destination port SNMP Add Command Example admin Config SNMP add 72 2...

Page 145: ...ck Command The clock command lets the administrator set the time and date for the server The syntax of the clock command is clock tz tz datetime datetime timezonelist The clock command options are des...

Page 146: ...rimaryntpip The NTP server to use first secondaryntpip The NTP server to use if the primary is not available Command Example The following example enables NTP admin Config Time ntp enable true primary...

Page 147: ...a specified user The syntax of the adduser command is adduser user loginname fullname user s fullname group name dialback phonenumber password password info user information active true false The add...

Page 148: ...in Table 41 Table 41 Deleteuser Command COMMAND OPTION DESCRIPTION user loginname Login Name Required Deleteuser Command Example The following example shows how to delete a user admin Config User dele...

Page 149: ...ame group name Group to associate with user dialback phonenumber Dialback phone number for this user password password User s password info user information Miscellaneous user information active true...

Page 150: ...reak Send a break to the connected target writelock Lock write access to this port writeunlock Unlock write access to this port Diagnostics Commands The diagnostic commands provide a means to gather i...

Page 151: ...tIP endIP All discovered targets supporting IPMI version 2 0 will be listed allowing the user to select one and execute the IPMI operations The command options are described in Table 46 Table 46 IPMID...

Page 152: ...address Remote server address can be IP address or hostname This option is required for lan and lanplus interfaces p port Remote server UDP port to connect to Default is 623 U username Remote server u...

Page 153: ...er Configure Management Controller users channel Configure Management Controller channels session Print session information firewall Configure firmware firewall IPMIv2 0 sunoem OEM Commands for Sun se...

Page 154: ...es are truncated to 22 characters with a sign at the end The letter after the port name describes the state of each port A Active B Busy D Down U Up Maintenance Commands The maintenance commands are u...

Page 155: ...he path to the backup file file FILE Specifies the name of the file in which the backup will be saved Backup Command Example In this example the console server data is sent to a system at the IP addre...

Page 156: ...es the versions of the firmware The syntax of the firmware command is firmware Firmware Command Example admin Maintenance firmware Version Information Firmware Version 3 0 0 1 15 Kernel Version 2 4 12...

Page 157: ...he file to the Dominion SX server The syntax of the restore command is restore ip IP login LOGIN passwd PASSWD path PATH file FILE The restore command options are described in Table 49 Table 52 Restor...

Page 158: ...nfig Log sendeventlog 72 236 162 187 login acy password pasraritansword path sxlogfile file log 32 Upgrade Command Note in order to perform an upgrade there should be a configured remote ftp server Th...

Page 159: ...ged in their source IP Addresses and any ports to which they are connected The syntax of the userlist command is userlist Vieweventlog Command The vieweventlog command displays the local log file The...

Page 160: ...ommand The ftpgetbanner command directs the DSX to go to this site to retrieve the welcome banner because the welcome banner and the audit statement are maintained on an external FTP site The syntax o...

Page 161: ...er Certificate addcrl Install a CA s CRL clientcert Activate Client Side Certificate Verification delete Remove Client CA Certificate deletecrl Remove Client CA s CRL viewcacert View Client CA Certifi...

Page 162: ...r IPv4 packet filtering and Network Address Translation NAT The iptables command provides an interface to the linux iptables The command parameters and options are the same as the linux system command...

Page 163: ...ewall iptables A INPUT t filter j DROP s 192 168 1 100 Logging a message when IP Address connects To send a syslog message when an IP Address connects to the SX admin Security firewall iptables A INPU...

Page 164: ...a k a private secret key cryptography can be achieved in the CLI and GUI of the DSX for remote user authentication See the MIT Kerberos website for information about Kerberos KDC Kadmind client machi...

Page 165: ...ation Kerberos Command Example 1 admin Security Kerberos getkrbconfig ip 192 168 52 197 login vijay password vijayv path home vijay krb5 conf Success 2 kadmin addprinc host dsx 182 domain com REALM ka...

Page 166: ...dloginretries Command The invalidloginretries command specifies the number of failed invalid login attempts before the account is deactivated The syntax of the invalidloginretries command is invalidlo...

Page 167: ...admin Security LoginSettings singleloginperuser enable true Strongpassword Command The Dominion SX server supports both standard and strong passwords Standard passwords have no rules associated with...

Page 168: ...allow to be repeated after 5 passwords have been set Until then there will be no repeats allowed Passwords must be at least 8 and not more than 16 characters admin Security LoginSettings strongpasswor...

Page 169: ...rofiledata name Standard Secure Custom telnet true false strongpass true false timeout true false single true false redirect true false tls_required true false The profiledata command options are desc...

Page 170: ...152 DOMINION SX USER GUIDE...

Page 171: ...s To discover IPMI servers on the network 1 Click the IPMI tab and then click Discover IPMI Devices The Discover IPMI Devices screen appears Figure 91 Discover IPMI Devices Screen 2 You can leave the...

Page 172: ...ostname Remote host name for LAN interface p port Remote RMCP port default 623 U username Remote session username f file Read remote session password from file S sdr Use local file for remote SDR cach...

Page 173: ...ent Filtering PEF sol Configure and connect IPMIv2 0 Serial over LAN tsol Configure and connect with Tyan IPMIv1 5 Serial over LAN isol Configure IPMIv1 5 Serial over LAN user Configure Management Con...

Page 174: ...156 DOMINION SX USER GUIDE...

Page 175: ...ip connected to the DSX to specific DSX ports Create a Port Power Association To create a port power association 1 Click the Setup tab and then click Port Power Association List 2 Click Add The Port P...

Page 176: ...Association list 4 Click Delete Power Strip Configuration To configure a power strip 1 Click the Setup tab and then click Power Strip Configuration 2 Click Add The Power Strip Configuration screen ap...

Page 177: ...dd The Power Association Groups screen appears Figure 95 Power Association Group Screen 3 Type a name and description in the Group Name and Description fields 4 Select the number of outlets from the d...

Page 178: ...to the configured sequential interval resulting in an operational delay time minimum amount of time to operate If power cycle is selected all associated outlets will be powered off sequentially and th...

Page 179: ...CHAPTER 14 POWER CONTROL 161 Power Strip Power Control Click Power Strip Power Control on the Power Control menu to access the tool to manage power strips Figure 98 Power Strip Power Control...

Page 180: ...162 DOMINION SX USER GUIDE Power Strip Status Click Power Strip Status on the Power Control menu to check power strip status Figure 99 Power Strip Status...

Page 181: ...y to make sure Maintenance Firmware Upgrade History 6 Refer to Upgrading the DSX Firmware section in Chapter 10 for details Case 2 Configuring and Using Direct Port Access via SSH 1 Purpose To allow u...

Page 182: ...SX port connected to the dual powered server device that you wish to associate outlets with from the drop down menu of Port and enter a description for it such as Internal Web Server Pronto see Port...

Page 183: ...or details Case 8 Accessing Port Access on DSX via RSC 1 Purpose To access a DSX serial target through Raritan Serial Client RSC 2 Log in SX via a web browser with your login username and password suc...

Page 184: ...ol and closed bracket key h To exit the target serial console session enter the letter q to quit You will be re directed back to the SX console and the port serial console session is now closed 3 SSH...

Page 185: ...ODEM LOCAL PORTS ETHERNET PORTS POWER SUPPLY DSX4 4 No 2 1 Single AC DSXB 4 M 4 Yes 1 1 Single AC DSXB 4 DC 4 Yes 2 1 Single DC DSXB 4 DCM 4 Yes 1 1 Single DC DSX8 8 No 1 1 Single AC DSXA 8 8 Yes 1 1...

Page 186: ...x 44mm 5 00 lbs 2 25kg DSX16 11 34 x 10 7 x 1 75 288 x 270 x 44mm 9 61 lbs 4 35kg DSXA 16 17 32 x 11 41 x 1 75 440 x 290 x 44mm 8 20 lbs 3 69kg DSXA 16 DC 17 32 x 11 41 x 1 75 440 x 290 x 44mm 7 8lbs...

Page 187: ...Port many models Integrated 56K V 92 RJ11 port Protocols Optional TCP IP RADIUS SNMP SMTP PAP TACACS NFS HTTP HTTPS SSL SSH PPP NTP LDAP LDAP S and KerberosV5 Browser Requirements Supported The follow...

Page 188: ...connecting a terminal port RJ 45 Connector type of Dominion SX 48 models that have this connector to another Dominion SX Cisco Router DB25F ASCSDB25M adapter and a CAT 5 cable Hewlett Packard UNIX Se...

Page 189: ...ons The following tables list the RJ 45 pinouts for the RJ 45 connector which is on the back of the DSX Table 76 Dominion SX RJ 45 Serial Pinouts and Signals RJ 45 PIN SIGNAL 1 RTS 2 DTR 3 TxD 4 GND 5...

Page 190: ...8 4 DB25M Nulling Serial Adapter Pinouts Table 80 DB25M Nulling Serial Adapter Pinouts RJ 45 FEMALE DB25 MALE 1 5 2 6 8 3 3 4 1 5 7 6 2 7 20 8 4 Dominion SX Terminal Ports All Dominion SX models exce...

Page 191: ...disabled by default Models with two terminal ports support an external modem on only the port with the RI signal On models with only one serial port a modem is built in The externally accessible seria...

Page 192: ...ation about the Dominion SX16 and SX32 Terminal Ports Pins 1 and 9 are used to factory reset units shipped after August 2004 Units shipped prior to August 2004 have the DB9M port labeled RESERVED not...

Page 193: ...255 255 255 0 CSC Port Address TCP 5000 Port address for CC discovery UDP 5000 Factory default username admin Factory default password raritan GENERAL SETTINGS Direct Port Access DPA Normal Mode Off T...

Page 194: ...TCP port 23 needs to be open Both RADIUS TCP port 1812 needs to be open Outgoing LDAP Port 389 needs to be open Outgoing SNMP Port 162 needs to be open Outgoing TACACS Port 49 needs to be open Outgoin...

Page 195: ...certificates can be added into a browser as Trusted CA Default SX Certificate Authority Settings The Server Certificate generated in the Dominion SX unit must be installed in the browser in order for...

Page 196: ...178 DOMINION SX USER GUIDE Install the Dominion SX Server Certificate section that follows...

Page 197: ...or cancel the viewing of the certificate Select save and add the file extension cer e g CA_ROOT cer 6 Open the CA_ROOT cer file by double clicking on it This will open the certificate 7 Click on the...

Page 198: ...certificate to be deleted The Certificate will normally be installed in the Other People tab and will be identified by the name which should be the IP address of the Dominion SX 4 Click Remove A mess...

Page 199: ...Netscape Navigator 1 Launch Netscape Navigator and connect to the IP address of the Dominion SX unit The Web Site Certified by an Unknown Authority window appears 2 Select Accept this certificate per...

Page 200: ...CA that provided you with a certificate will have a root certificate available for download Root certificates are available on the CA web site click on the links to download Some of the popular CAs a...

Page 201: ...e as the certificate you are trying to install 10 Click Delete and then click OK 11 Return to the CA s Web site and try to download the root certificate again and follow steps 1 through 5 again Genera...

Page 202: ...rtificate of the CA that signed the Client Certificates must be installed on the SX unit with the following steps 1 Retrieve CA s Root certificate used to sign the client certificates and place it on...

Page 203: ...APPENDIX C CERTIFICATES 185...

Page 204: ...186 DOMINION SX USER GUIDE...

Page 205: ...tallation Note If the IAS setup already exists these instructions may not apply exactly as shown Enable IAS on the Server 1 On the IAS server go to the Control Panel and launch Add or Remove Programs...

Page 206: ...ck Next The Profile dialog appears 9 Click the Edit Profile button 10 Select the Authentication tab Remove other checkmarks and add a checkmark to enable Unencrypted authentication PAP SPAP Note This...

Page 207: ...he User Management tab on DSX screen 2 Go to the Configuration section 3 Select the User Group List 4 Click on Add New User Group You can define port access and user class operator or observer This us...

Page 208: ...an G Admin D 1234567890 if using dial back feature where 1234567890 is the phone number for dial back The value Raritan G Admin must match with the local group on the Dominion SX unit The Dominion SX...

Page 209: ...s the user group name that matches with local group on Dominion SX Group name specified for this attribute on TACACS Must exactly case sensitive match with group name on Dominion SX unit or else authe...

Page 210: ...NION SX USER GUIDE 2 Select Interface Configuration Figure 101 Cisco ACS Interface Configuration 3 Select TACACS Cisco IOS 4 Add dominionsx service under the heading New Services Figure 102 TACACS Pro...

Page 211: ...Custom Attributes check boxes Add the attributes user type and the appropriate values to the text box Note The value for the user group attribute is case sensitive so ensure that it matches exactly t...

Page 212: ...194 DOMINION SX USER GUIDE...

Page 213: ...ine PPP network as the Dominion SX After the dial up connection is established connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP Modem installation guidelines ar...

Page 214: ...attached to the Dominion SX unit o Dial using Modem being used to connect to Dominion SX if there is no entry here there is no modem installed in your workstation 4 Click on the Security tab The Secu...

Page 215: ...s 2000 Dial Up Networking Configuration 1 Select Start Programs Accessories Communications Network and Dial Up Connections 2 Double click on the Make New Connection icon when the Network and Dial Up C...

Page 216: ...pe 5 Select the check box before the modem that you want to use to connect to the Dominion SX unit and then click Next Figure 108 Device Selection 6 Type the Area code and Phone number you wish to dia...

Page 217: ...ty screen 2 Click Next Figure 110 Connection Availability The Network Connection has been created 3 Type the name of the Dial up connection 4 Click Finish 5 Click Dial to connect to the remote machine...

Page 218: ...New Connection Wizard 2 Click Next and follow the steps in the New Connection Wizard to create custom dialup network profiles 3 Click the Connect to the Internet radio button and click Next Figure 111...

Page 219: ...201 5 Click on the radio button before Connect using a dial up modem and click Next Figure 113 Internet Connection 6 Type a name to identify this particular connection in the ISP Name field and click...

Page 220: ...the appropriate fields and retype the password to confirm it 9 Click on the checkbox before the appropriate option below the fields and click Next Figure 116 Internet Account Information 10 Click Fin...

Page 221: ...perly connected to a network 3 Ping the unit from a computer on the same network to ensure that network communication with the unit occurs Should the ping fail contact your network administrator There...

Page 222: ...ttp and 443 for https for the unit to operate through a firewall Contact your system administrator and request port 80 and 443 or other custom configured ports for access Login Failure Firewalls must...

Page 223: ...t will not allow the user to log on until the unit receives the result of the authentication request from the RADIUS server Authentication may take up to 20 seconds Be patient and wait until either th...

Page 224: ...not exist or if the contents of the file are not in the indicated places the File Not Found message will appear Verify that the upgrade package is in the correct directory and confirm the upgrade pat...

Page 225: ...APPENDIX F TROUBLESHOOTING 207 255 60 2000 00...

Page 226: ...a Rd Melbourne VIC3004 Australia Tel 61 3 9866 6887 Fax 61 3 9866 7706 Email sales au raritan com Web raritan com au Raritan Sydney Suite 1 Level 9 75 Miller Street North Sydney PO Box 591 North Sydne...

Reviews:

No comments

Related manuals for DOMINION SX -

Brand: Ubiquiti Pages: 24

Brand: F-SECURE Pages: 19

Brand: National Instruments Pages: 9

Brand: National Instruments Pages: 24

Brand: National Instruments Pages: 32

FIELDPOINT FP-1600

Brand: National Instruments Pages: 8

Brand: Delta Tau Pages: 74

PARTNER Voice Messaging PC Card Release 2

Brand: Lucent Technologies Pages: 67

Brand: Phytec Pages: 53

Brand: ZyXEL Communications Pages: 2

Brand: Dahua Pages: 24

EdgeLens INT10G8LR56

Brand: Garland Pages: 30

Brand: Hama Pages: 6

IMACS Network Device

Brand: Zhone Pages: 114

Brand: Moxa Technologies Pages: 2

Brand: ETAS Pages: 82

Brand: Comelit Pages: 19

LIQMAX III ELC-LMT120-ARGB

Brand: ENERMAX Pages: 32

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands