manualshive.com logo in svg

Raritan SX32, Installation And Operation Manual, Page: 58 / 178

Share
Download
Raritan SX32 Installation And Operation Manual Download Page 58

48 D

OMINION 

SX

 

I

NSTALLATION AND 

O

PERATIONS 

M

ANUAL

 

Certificate  

Overview 

The Certificate configuration screen provides an area for Administrators to define security parameters. 
Dominion SX supports certificate-based server authentication to establish an encrypted SSL session and to 
assure the user that they are dealing with a correct web site. The encrypted SSL session, always through 
HTTPS connection, ensures that personal information sent over the network is secure. Dominion SX 
supports SSL 128-bit encryption, and will negotiate with the client only at the specified security strength. 
The unit can act as a Certifying Authority and generate both self-signed CA Certificate and the Server 
Certificate. The certificate generated uses a 1024-bit public key. 

 

Figure 49 Certificate Tab Display 

Configuration 

When the user powers up the unit for the first time, an SSL certificate associated with the default IP address 

192.168.0.192

 is generated. When the user tries to connect to the unit, a Security Alert is displayed because 

the CA root certificate is not installed in the browser. Click on the [

Yes

] button to continue the 

Configuration process, and configure the unit. Please refer to 

Appendix C: Certificates 

for more 

information on how to install the certificate into the browser to prevent the security alert window from 
appearing. After the configuration is completed, the unit reboots. The server certificate is generated once 
again, this time for the new IP address assigned to the unit. 

  

Certificate Generation 

Dominion SX provides different methods of generating certificates. 

 

Default (or Self-Signed) Certificate

: By default, the unit ships with a self-signed certificate signed by 

Raritan Computer. The certificate strength is 1024-bits and the certificate is valid for one year. 

 

User Certificate

: This method allows the installation of a user-generated certificate, which can be in 

one the following forms: 

 

User certificate generated from the CSR (Certificate Signing request) form.  Clicking the 
“Generate CSR” button generates a CSR.  In this case, only the certificate is installed into the unit.  
The certificate is compared with the private key (already generated) before it is installed into the 
unit. 

 

User Certificate and private key (without pass-phrase) generated by a trusted third-party are 
installed into the unit. 

Once the certificates are installed, the unit will automatically reboot so that the certificates take effect.  
There is an option that allows users to select either the self-generated or user-installed certificate at any 
time. Once installed, certificates are maintained in the unit. A status indicator at the top of the Certificate 
screen indicates the unit’s Certificate status, which might be: 

 

Active default certificate. 

 

Active user certificate. 

Summary of Contents for SX32

Page 1: ... 8919 1338 E mail sales asia raritan com http www raritan com tw Raritan Computer France 120 Rue Jean Jaurès 92300 Levallois Perret France Tel 33 14 756 2039 Fax 33 14 756 2061 E mail sales france raritan com http www raritan fr Raritan Computer Deutschland GmbH Lichtstraße 2 D 45127 Essen Germany Tel 49 201 747 9820 Fax 49 201 747 9850 E mail sales germany raritan com http www raritan de Raritan ...

Page 2: ...This page intentionally left blank ...

Page 3: ... of Netscape Communication Corporation Mozilla is a registered trademark of the Mozilla Foundation RC4 is a registered trademark of RSA Corporation All other trademarks or registered trademarks are the property of their respective holders EXPORT NOTICE Dominion SX models contain 128 bit encryption software Export of this product is restricted under U S law Information is available from the U S Dep...

Page 4: ...This page intentionally left blank ...

Page 5: ... Break Null 14 Chapter 4 Console Features 15 Emulator 15 Settings 15 History 16 Write Access 17 Sending a Break Null 18 User List 19 Close 20 Edit 21 Tools 22 Start Logging 22 Stop Logging 23 Script 24 SecureChat 25 Help 26 Help Topics 26 About RaritanConsole 27 Direct Port Access 28 URL with Password and Username and Port 28 URL with Port Number 29 Exit the Application 30 Dominion SX Management 3...

Page 6: ...ppendix A Specifications 93 Dominion SX Connectivity and Serial Pin Out Guides 94 Connectivity Table 94 Dominion SX Serial Pinouts 95 Appendix B System Defaults 97 Appendix C Certificates 99 Certificate 99 Certificate Contents 99 Certificate Authority 100 Installing Dominion SX CA Root Certificate to a Browser 101 Installing CA Root for IE Browsers 102 Accept a Certificate Session Based 102 Instal...

Page 7: ...ory Structure 141 File System API through TCL 141 TCL Commands 142 Accessing TCL Window 143 Resetting TCL Interpreter 143 Editing TCL Scripts 143 Executing TCL Scripts 143 Automatic Execution of a TCL Script upon Power Up 144 Generating a User Event 145 Extensions to TCL 146 Basic TCL Server Example 155 Basic CPU Utilization Monitoring Example 156 TCL Server designed to interact with a TCL user 15...

Page 8: ...Text 21 Figure 25 Start Logging Command and Select File Window 22 Figure 26 Stop Logging Command 23 Figure 27 Script Shell Command 24 Figure 28 SecureChat Command and User Chat Window 25 Figure 29 Help Topics Command and Help File Window 26 Figure 30 Sample of About RaritanConsole Command and About Window 27 Figure 31 Direct Port Access Initial Display 28 Figure 32 Security Warning Display 28 Figu...

Page 9: ...ager Import Wizard 103 Figure 78 Import Wizard Select a Certificate Page 104 Figure 79 Certificate Manager Import Wizard Completion Page 104 Figure 80 Internet Options Display 105 Figure 81 Certificate Manager Display 105 Figure 82 Netscape New Site Certificate Window 106 Figure 83 Netscape New Site Certificate Acceptance Window 106 Figure 84 Viewing the Certificate 107 Figure 85 Netscape New Type...

Page 10: ...onnection Connection Name 133 Figure 113 Make New Connection Complete 134 Figure 114 Connect to Window 134 Figure 115 Windows 2000 Network and Dialup Connections 135 Figure 116 Welcome to the Network Connection Wizard 135 Figure 117 Network Connection Type 136 Figure 118 Device Selection 136 Figure 119 Phone Number to Dial 137 Figure 120 Connection Availability 137 Figure 121 Network Connection Wi...

Page 11: ...r administer and troubleshoot up to 48 target devices depending on model from any SSH client Web browser while consuming only one IP address Scripting Create store and execute scripts either on demand or on a continuous basis Notification Create notification messages via email alerts Collaborative Management and Training Access ports simultaneously up to 10 users per port at any time SecureChat In...

Page 12: ... scheme serial port adapters are available from Raritan Local Access for crash cart applications Simplified User Experience SSH Browser based Interface Graphical User Interface provides intuitive access to target devices click on the appropriate button to select the desired target device Upgrades Built in firmware upgrade capability via FTP Internet Ability to load specific applications per consol...

Page 13: ...work environment Dominion SX Deployment describes how to install a Dominion SX unit on the network once the Initial Software Configuration is complete Pre Configuration Notes The following list includes information that you will be required to supply to complete the configuration of the Dominion SX Obtain all required configuration information prior to performing the configuration steps outlined b...

Page 14: ...es and remains on 6 Each unit comes with a certain set of configuration defaults henceforth referred to as Factory Reset Mode The default network settings for this mode are Internet Address IP 192 168 0 192 Gateway Address 192 168 0 192 Subnet Mask 255 255 255 0 Port Address 51000 Username admin Password raritan Figure 3 Default Settings for Factory Reset Mode 7 Ensure that your installation compu...

Page 15: ...p to 50 user accounts with at least one administrator for each Dominion SX unit User Name 32 characters maximum one character minimum spaces permitted Login Name 255 characters maximum one character minimum no spaces User Type Administrator Can modify configuration of the unit has read write access to the console window Operator Cannot modify configuration of the unit except own password has read ...

Page 16: ...er Use no Proxies or temporarily add 192 168 0 192 to the list of URLs for which no proxy is configured 2 Enable Java Applet Execution in the installation computer Web browser 3 Access the unit through your installation computer Web browser on the same subnet by typing the URL https 192 168 0 192 into the address location field ...

Page 17: ...mputer that is on the same subnet by typing the URL https 192 168 0 192 Figure 5 Change Password Screen 2 Type the new password in the New Password field The default password is raritan 3 Retype to confirm the password in the Re enter Password field and click Change to register the new password The Dominion SX user window appears Please note that if this password is lost the unit must be reset to ...

Page 18: ... on the Enable Network Time Protocol check box and type a valid IP addresses for the Primary Time Server and if required Secondary Time Server 7 Click on the Update button 8 Click on the Network tab to view the Network Configuration screen Figure 8 Network Configuration Screen 9 A network administrator typically assigns the values for these parameters Please enter the following data note that all ...

Page 19: ...ill appear click OK to reboot the SX or click Cancel to return to the Configuration screens Figure 10 Confirm Reboot Screen 13 Dominion SX will automatically disconnect to update the configuration A confirmation window will appear click OK Figure 11 Confirm Disconnection Screen Figure 12 Logged off Dominion SX Screen 14 Dominion SX will restart once you see the Login screen log into the unit and b...

Page 20: ...he modem port Remember to write down the phone number for this line as it will be necessary later when the user configures a client for dialup networking 7 Connect the male end of the external power cord to the power supply outlet and power ON the Dominion SX unit Note The unit will perform a hardware and firmware self test and then start the software boot sequence The boot sequence takes a short ...

Page 21: ...r as a user based remote device access method or used for application programs to access the target device programmatically Browser Based Access 1 In the address line of a browser on your client desktop type the IP address of the unit A security alert window appears Figure 11 Security Alert Display The unit is always SSL enabled When you try to connect to the Dominion SX unit a Security Alert appe...

Page 22: ...d Password and click on the Login button Please note that multiple logins using the same Login Name are permitted Figure 12 Login Display 4 When the main display page appears click on the desired Port button to launch that port s console display Figure 13 Main Display with Available Ports 32 port unit shown ...

Page 23: ...ity of the signer Raritan has been verified by VeriSign Inc and it specifies the permissions requested from the user Figure 14 Security Dialog in Internet Explorer Click on the Yes button to accept all requested permissions These permissions will not be requested again in the same session Check the Always trust content from checkbox to avoid being asked for permissions at the start of every new se...

Page 24: ... being asked for permissions every new session Once the Security screens are completed the console window appears and the user can begin working with the remote target system Figure 17 Console Window Sending a Break Null From a Browser Some target systems such as Sun Servers require a null character Break to be sent from the console To send a break null verify that you have write access If not use...

Page 25: ...e window The unit supports Terminal Type VT100 ANSI which cannot be changed The Cursor Type can be either Line or Block depending on your preference The default cursor is Line type but can be changed by clicking on the appropriate radio button To View Settings 1 Click on Emulator in the main menu 2 Select Settings from the drop down menu Figure 18 Settings Command and Settings Window 3 Adjust sett...

Page 26: ...message history allowing a user to see target device events over time When the size limit is reached the text will wrap overwriting the oldest data with the newest History information can be useful when debugging troubleshooting or administering a target device Note History data is displayed only to the user who requested the history To View Session History 1 Click on Emulator in the main menu 2 S...

Page 27: ...ain menu 2 Select Get Write Access from the drop down menu Figure 20 Get Write Access Command 3 You now have Write Access to the target device as indicated by the green block located before Write Access in the status bar 4 When another user assumes Write Access from you loss of Write Access is indicated by a red block before Write Access in the status bar A message alerting the user who currently ...

Page 28: ...un keyboard Only users with Operator and Administrator privileges can send a break users who are Observers cannot send a break To send an intentional break to a Sun Solaris server 1 Verify that you have the Write Access If not please follow the instructions in the previous section to obtain write access 2 Click on Emulator in the main menu 3 Select Send Break from the drop down menu to send a null...

Page 29: ...are accessing the same port An asterisk appears before the user who has Write Access to the console To View the User List 1 Click on Emulator in the main menu 2 Select User List from the drop down menu Figure 22 User List Command and User List Window 3 Click on the Close button to close the User List window ...

Page 30: ...20 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Close To Close RaritanConsole 1 Click on Emulator in the main menu 2 Select Close from the drop down menu Figure 23 Close Command ...

Page 31: ... to make that location active 6 Click on Edit in the main menu 7 Select Paste from the drop down menu Note There are keyboard shortcuts that you can use to highlight copy and paste all or partial lines of text Click and drag your mouse over the text you wish to copy Press CTRL and tap the C key to copy Position the cursor where you wish to paste the text and click in that location to make it activ...

Page 32: ...n the main menu 2 Select Start Logging from the drop down menu 3 Choose an existing file or provide a new file name in the File Dialog box When an existing file is selected for logging data gets appended to the contents Providing a new file name creates a brand new file Click on the OK button after you have selected or created a file Figure 25 Start Logging Command and Select File Window Logging i...

Page 33: ...TER 4 CONSOLE FEATURES 23 Stop Logging 1 Click on Tools in the main menu 2 Select Stop Logging from the drop down menu Figure 26 Stop Logging Command Logging is On until the Stop Logging command is executed ...

Page 34: ...itanConsole also comes with User Definable Events that can be generated by TCL scripts Raritan has introduced an extension library to provide an API to the RaritanConsole s functions Additionally the unit comes with an extensive list of notification events that can be used to audit track and trace the conditions of and modifications to the unit itself To Invoke the Script Shell 1 Click on Script i...

Page 35: ...of a chat message is 80 characters To use SecureChat 1 Click on Chat in the main menu 2 Select User Chat from the drop down menu Figure 28 SecureChat Command and User Chat Window 3 Type a message in the Message text field 4 Click on the Send button or press Enter to send the message click on the Clear button to delete the typed text or click on the Close button to exit and close the Message window...

Page 36: ...elease information about RaritanConsole Help Topics To Access Help Topics 1 Click on Help in the main menu 2 Select Help Topics from the drop down menu Figure 29 Help Topics Command and Help File Window 3 Use the navigation bar on the right side of the window to scroll to the topic you need or click on the links Close this window when you are finished ...

Page 37: ...yright information When contacting Raritan for technical support when performing a software upgrade etc you may be asked for this information To Access About Information 1 Click on Help in the main menu 2 Select About RaritanConsole from the drop down menu Figure 30 Sample of About RaritanConsole Command and About Window 3 Click OK to close the About RaritanConsole window ...

Page 38: ... Port number for which a console is required Example For Internet Explorer and Mozilla 1 6 with supported Java version the following command line or entry into the URL field will connect the user to Port 1 in this example the username is tanaka with the password tokyo678 https 192 168 32 20 dpa htm username tanaka password tokyo678 port 1 1 The Direct Port Access display will appear 2 When the sec...

Page 39: ...ick on the Login button 4 When the security warning appears only once for the session click on the Yes button 5 The console display will appear Figure 33 Direct Port Access Display To exit the application from direct port access close the Raritan Console window and close the browser window by selecting File Æ Close or by clicking on the X in the top right hand column Error Conditions If the user n...

Page 40: ...n made but not saved a screen will prompt you to save changes and log out of the unit Click on the Yes button to save changes and exit or click on the Cancel button to return to the configuration Figure 35 Save the Changed Configuration Window If changes have been saved already the unit will confirm the request to exit Click on the OK button to log out of the unit Figure 36 Exit Confirmation Displ...

Page 41: ...CHAPTER 4 CONSOLE FEATURES 31 A confirmation screen will indicate disconnection from the unit Figure 37 Unit Disconnection Display ...

Page 42: ... Perform a soft reset on the application In each case dedicated displays are provided to allow the adjustment and configuration of the various parameters Display The display structure is divided into a number of key operational areas Figure 38 Display Overview Operational Command Buttons Used to modify operation of Dominion SX Port Access Connects and displays the remote target device to be manage...

Page 43: ...e Update Many of the Configuration tab screens feature an Update button A user would click on the Update button to notify the system that changes have been made in that Configuration screen The configuration changes do not take effect until they are saved This offers two convenient advantages The user can make as many changes as intended in any number of tabs and just keep the changes updated All ...

Page 44: ... button in the left panel 2 Click on the tab s for the screens in which you want to make configuration changes 3 When the status bar displays the Configuration locked message other users cannot modify the unit s configuration 4 Modify data in the screen and click on the Update button 5 The status bar will display the message Configuration changes not saved 6 Click on the Reload button to erase any...

Page 45: ...0 FDX Network failover and domain name Port configuration for CommandCenter discovery and SX communication port address Global session timeout Power supply status for dual power supply models status of both power supplies is displayed an unconnected or failed power supply shows as Failed Time configuration Number and information of user accounts configured IP ACL configuration RADIUS LDAP NTP conf...

Page 46: ... hyphens and spaces 4 The dial up networking software on the user s personal computer must be configured to establish a PPP connection from the client computer to the unit Configure Network Parameters IP address IP address for the unit IP subnet mask Subnet mask to be used when deployed in the network IP gateway Gateway that the unit uses to communicate with other systems that are not on the same ...

Page 47: ... IP address used by the client to access Dominion SX once the modem connection is established 3 Type the PPP Client IP address assigned by Dominion SX to the client in order for the connection to be established 4 Click Update 5 Click Save 6 Optionally enable modem dial back and type the phone number for dial back using the CLI SSH telnet Using modem dial back can potentially enhance security and i...

Page 48: ...r based dial up access is supported with connection speeds of 28 8 Kbps or higher with 56Kbps highly recommended For dial up access using the Command Line Interface CLI using SSH Telnet connection speed of 9600bps or higher is recommended Figure 41 Modem Connection to a Dominion SX unit Ports Overview The Ports configuration screen allows Administrators to define the serial console port settings i...

Page 49: ...arity Data bits Parity Data of the serial port should match the setting of the target device valid choices are None 8 Even 7 Odd 7 Parity check Enabling or disabling of the Parity function of the serial port should also match the target device s setting Xon Xoff Can be enabled if the target system supports this feature will allow the unit to control the data flow and reduce the chance of data loss...

Page 50: ... their own passwords through CLI see SSH Telnet Command Line Interface CLI User Interface later in this chapter Observers have read only rights to the console window USER TYPE CONFIGURATION CONTROL REMOTE TARGET UPGRADE RESET Administrator All Yes Yes Yes Operator Edit own user record Yes No No Observer Edit own user record No No No Figure 44 Users Tab Display Local Users The unit can be configure...

Page 51: ... NO timeout We recommend using the shortest reasonable timeout value Add a New User Only an Administrator can create a new Administrator Operator or Observer New users records are valid only after the configuration is saved and users can change their passwords after the first time they log on Figure 45 New User Creation To Add a New User 1 Click on the New button 2 Enter the User Name Login Name U...

Page 52: ...ed Figure 46 Sample User Modification Screen To Edit Existing Information 1 Click on the User Name to modify that user s information 2 Click on the Edit button 3 Update the desired fields 4 Click on the Update button 5 Click on the Save button Delete a User To Delete an Existing User 1 Click on the User Name of the user to be deleted 2 Click on the Remove button 3 Click on the Save button Note If ...

Page 53: ...dge of the concepts of Access Control Lists ACL is a prerequisite for configuring and administering the Dominion SX IP ACL feature Explaining IPTables is beyond the scope of this document Please refer to IPTables documentation for more specific details on creation and management of the IP ACL rule lists We also suggest the following link http iptables tutorial frozentux net iptables tutorial html ...

Page 54: ...The Dominion SX GUI provides a front end to the IPTables Figure 47 Inserting a rule into the browser based IP ACL configuration screen Figure 48 GUI User Interface We recommend the following link for learning more about IP tables http iptables tutorial frozentux net iptables tutorial html ...

Page 55: ...uration to the non volatile memory of the Dominion SX This rule allows connections from this address and attempts to connect from all other IP addresses will be denied Please note warnings in the Overview section above Example To Allow access to the Dominion SX from only one IP address or a range of IP addresses see rules below Administrator goal to allow access to the Dominion SX unit from only I...

Page 56: ... status DESCRIPTION Enable disable IP Access Control lists ipacl status Display the enable disable status Display all configured IPACL rules ipacl enable disable Depending on the parameter enable or disable ipacl USAGE EXAMPLE admin Command ipacl status ipacl Status Enabled 0 No ipacl List Count 3 ipacl Rules startip endip Allow Deny Log 0 1 1 1 1 1 1 1 1 Deny Yes 1 2 2 2 2 2 2 2 2 Allow No 2 192 ...

Page 57: ... the Syslog facility If you wish to allow or deny a specific IP address just set the starting and ending IP to that particular address USAGE EXAMPLE admin Command aclcfg add 1 2 3 4 1 2 3 4 0 0 add a rule allowing IP 1 2 3 4 to connect do not log connections admin Command aclcfg add 1 2 3 11 2 3 255 1 1 add a rule denying and logging any connection attempt from the IP range 1 2 3 1 to 1 2 3 255 ad...

Page 58: ...owser to prevent the security alert window from appearing After the configuration is completed the unit reboots The server certificate is generated once again this time for the new IP address assigned to the unit Certificate Generation Dominion SX provides different methods of generating certificates Default or Self Signed Certificate By default the unit ships with a self signed certificate signed...

Page 59: ...ailable at the bottom of the Certificate screen 1 Generate Default Certificate Click on this button to regenerate the certificate provided by Raritan Please note that generating the certificate will cause the unit to reboot 2 View Certificate Click on this button to view the currently installed default certificate This option can also be used to copy the certificate generated by Raritan and instal...

Page 60: ...e Certificate generated may not be valid 3 The unit will reboot Note If you factory reset the unit and there is no user installed certificate in the unit the server Certificate is regenerated for the IP address 192 168 0 192 If the user installed certificate is active it will remain active after a factory reset Figure 51 Generate Certificate Display View Certificate This function enables the CA Ro...

Page 61: ...in a user certificate to be installed in the unit from a trusted third party source Bit strengths of 512 1024 and 2048 are supported If a user installed certificate is active a CSR cannot be generated The default certificate from Raritan must be active in order to generate a CSR To Generate a CSR Request First click on the Certificate Signing Request radio button and then click on the Generate CSR...

Page 62: ... 0 3 65 Country name State province name Locality Organization Organization unit Email address Click on the Generate CSR button to generate and display the request Cut and paste the result into a text file and use the file to obtain a valid certificate from a third party When you receive the new certificate install it in the unit To View the Certificate Signing Request Click on the View CSR button...

Page 63: ... V commands to copy the certificate and the private key as applicable into the respective window 4 Click on the Install User Certificate button 5 If the installation is successful the unit will reboot and the next time a user logs into the unit the User Installed Certificate will appear Figure 57 User Certificate When a user connects to the unit the Server Certificate is downloaded The browser tru...

Page 64: ...n Mechanism RADIUS Authentication occurs when a user tries to log on to the RADIUS client After prompting the user for login name and password the client checks to see if the user is already present in the local list If not the client sends this information in an authentication request to the RADIUS server The RADIUS server checks the validity of the request then checks its database of user names ...

Page 65: ... There is no limit to the number of users it can store as many users as its disk storage permits If you are using many Dominion SX units you do not have to configure all users on each of the units Configure a user once on your RADIUS server then allow all Dominion SX units authenticate their login requests from the same place RADIUS Configuration Configure the unit for RADIUS as described in the E...

Page 66: ...gned default port number for RADIUS is 1812 6 The Information for the Secondary RADIUS Server is optional This is a mirrored image of the Primary RADIUS Server and it is used only in case the Primary RADIUS Server fails to respond 7 Click on the Update button 8 Click on the Save button Note When you factory reset your box all the RADIUS parameters will be lost RADIUS users are not cached in the me...

Page 67: ...ged in to the unit Figure 62 Current Users List If you have Administrator privileges you can add new users or edit an existing user From this stage onwards there is no difference in behavior between a local user and a RADIUS user Only non RADIUS users are listed in the user list on the Users configuration screen under the Users tab This is because every time a RADIUS user logs in authentication co...

Page 68: ...e time zone and NTP server address in the Dominion SX unit Some features in Dominion SX for example Certificate generation depend on the correct Timestamp which is used to check the validity period of the certificate Figure 63 Time Configuration Display Configuration 1 Set the Current Date and Current Time 2 Click Update 3 Click Save ...

Page 69: ...er defined events sent out as email messages User defined events are defined using the scripting capability Figure 64 Notification Display Configurable Parameters Mail SMTP Server Type the IP address of the SMTP server Please ensure that a valid domain name has been set in the Network configuration e g mycompany com otherwise SMTP messages may be rejected by certain mail servers including Microsof...

Page 70: ...ains events predefined by Raritan To subscribe to a user defined event type the user defined event name Note This name must match exactly with the event name that has been used when the script was generated 3 Specify the Destination s as name domain 4 Click on the Add button to add this event to the list or click on the Cancel button to discard the changes 5 Click on the Save button Figure 65 New ...

Page 71: ... entry in the fields that appear in the lower portion of the screen 4 Click on the Update button 5 Click on the Save button Figure 66 Edit Notification Destination Delete a Notification Entry 1 Select the entry to be deleted 2 Click on the Remove button 3 Click on the Save button Note Click on the Reload button to recover the deleted item ...

Page 72: ...g users User configuration has been modified event amp notice config ipacl IP address based access control list has been modified event amp notice config notif Notification configuration has been modified event amp notice directaccesslockout Enable Disable local access via CommandCenter event amp notice port connection Target connected to the port has changed state changed from Offline to Online o...

Page 73: ...e and a pop up window will notify the user once the upgrade procedure is complete Figure 67 Upgrade Display Upgrades can be done of the complete software AmpAdmin package and the various applications AmpApp package supplied by Raritan The upgrade steps are similar for both cases To Perform a Complete Software Upgrade 1 Click on the Upgrade button in the left panel 2 Enter the IP Address where the ...

Page 74: ...e the software application package is located 3 Specify the Path to the software package for example pub Dominion AmpApp 4 Enter the Username and Password if required 5 Click on the Upgrade button 6 The unit will access the FTP server and download and install the files into the unit 7 Repeat the above steps for each custom application that has to be installed into the unit 8 After all applications...

Page 75: ...ged in users who will be logged out upon reset will be displayed The soft reset is useful when an Administrator wishes to disconnect all users from the unit Figure 68 Confirmation for Reset Figure 69 Confirmation on Users to be Disconnected To Perform a Soft Reset 1 Click on the Reset button on the left panel 2 A list of logged in users if there are any is displayed Click on the OK button to conti...

Page 76: ...ry reset adaptor or a reset switch Both methods are outlined below When resetting using a factory adaptor or reset switch it is not necessary to remove the device from all networks an Administrator should make this decision To factory reset via CLI use the following commands dominion Diagnostics factory_reset Factory Reset Network Settings Name DominionSX Domain raritan com System Port 51000 Disco...

Page 77: ...lug the Factory Reset Connector Note It is advisable to remove the unit from the main network while performing a factory reset Should another device on the network have the IP address of 192 168 0 192 these two devices will be in conflict For SX4 SX8 and other models with a RESET switch on the rear panel using a ball point pen please do not use a graphite pencil while the unit is powered ON push i...

Page 78: ...68 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 79: ... ISO8859 1 then the SSH client should also be set to ISO8859 1 4 Ensure that the default Escape sequence set on the Dominion SSH server does not conflict with a key sequence required by either the SSH client or the host operating system The Escape key sequence is user configurable A Secure Shell hereinafter SSH session can be initiated in two ways 1 Interactive session During interactive session t...

Page 80: ...s assigned by the user to the port and the application associated with it 3 change_escape used to change the escape character used to exit from the serial target session For example if the user has connected to a serial target at port 2 using console_cmd 2 then the escape character can be used to come back to menu prompt RaritanCommand Default Escape Character is CTRL i e Press CTRL key The escape...

Page 81: ...e SSH client Some of the usage scenarios using command line SSH client dominion Command network dominion Network help etherspeed Force the network speed auto 100FDX failover Enable Disable network failover enable disable interval network Get Set network parameters name NAME domain NAME ip IP mask MASK gw GATEWAY port PORT discover PORT help Display help for all commands or one in particular COMMAN...

Page 82: ...ATH file FILE backup example dominion Command backup ip 192 168 51 220 login guest passwd guest_password path file backup_file1 OK dominion Command restore example dominion Command restore ip 192 168 51 220 login guest passwd guest_password path file backup_file1 Restoring the config settings requires a system restart Do you wish to proceed yes no default yes Transfer command is part of diagnostic...

Page 83: ...commands port commands network commands user config commands ipacl enable disable status aclcfg list clear move pos1 pos2 del pos1 pos2 add ip1 ip2 denyflag logflag backup ip IP login LOGIN passwd PASSWD path PATH file FILE restore ip IP login LOGIN passwd PASSWD path PATH file FILE logoff user NAME port PORT quit Command Command list_ports User Name admin Total Number Of Ports Available 6 Port1 P...

Page 84: ...able BPS diagnostics commands modem commands port commands network commands user config commands ipacl enable disable status aclcfg list clear move pos1 pos2 del pos1 pos2 add ip1 ip2 denyflag logflag backup ip IP login LOGIN passwd PASSWD path PATH file FILE restore ip IP login LOGIN passwd PASSWD path PATH file FILE logoff user NAME port PORT quit test Command Inactivity timer logoff of a user t...

Page 85: ...et Reset the unit to default settings netstat Display current network connections Run help netstat for more detail ping See if a host is reachable via IP address Run help ping for more detail traceroute Trace the network route to a host dnrv m max_ttl p port q nqueries s src_addr t tos w wait host data size log Display the system log one screen at a time transfer Upload the log to a remote FTP ser...

Page 86: ... 50 66 192 168 50 66 0 852 ms 1 661 ms 0 843 ms Netstat command example test Diagnostics netstat Active Internet connections w o servers Proto Recv Q Send Q Local Address Foreign Address State tcp 0 0 192 168 50 228 51000 192 168 50 191 2804 ESTABLISHED tcp 0 0 192 168 50 228 51000 192 168 50 191 2813 ESTABLISHED tcp 0 13447 192 168 50 228 443 192 168 50 191 2814 ESTABLISHED tcp 0 0 localhost 5100...

Page 87: ...Display help for all commands or one in particular COMMAND quit Leave the current command context test Modem admin Command network admin Network etherspeed Force the network speed auto 100FDX failover Enable Disable network failover enable disable interval network Get Set network parameters name NAME domain NAME ip IP mask MASK gw GATEWAY port PORT discover PORT help Display help for all commands ...

Page 88: ...one in particular COMMAND quit Leave the current command context Command Line Arguments Session Syntax for initiating a Command Line Session SSH l dominion t IP Address of Dominion SX sconsole u username a password p port An example of using this command with the following parameters Dominion IP Address 192 168 51 225 Username admin Password frst256 Port 2 SSH l dominion t 192 168 51 225 sconsole ...

Page 89: ... Session Screen Port Sharing Using SSH It is possible for SSH users to share ports with other authenticated and authorized users regardless of whether they are SSH users or SSL GUI users This capability is used for training or for troubleshooting applications SSH users are notified in real time if they have Write access or Read Only access at any point during the port sharing session and can reque...

Page 90: ...80 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 91: ...LDAP uses TCP port 389 and LDAP S uses TCP port 636 Secret This is the root password to access the directory server manager The name for this field depends on the Directory Server The SUN iPlanet directory server uses Secret Microsoft Windows Active Directory refers to it as the password Base DN This is the root point to bind to the server this is same as Directory Manager DN e g BaseDn cn Directo...

Page 92: ...f Dominion SX user Currently Administrator Operator and Observer For Dominion SX both per port Authentication and Authorization are possible with TACACS Cisco Freeware Daemon This daemon is freely available from Cisco at http www cisco com Many other TACACS implementations are also based on the Cisco server No special steps are required to add the new service or parameters Simply place them in the...

Page 93: ...9 html 12231 1 Allow new services a Select Interface Configuration b Select TACACS Cisco IOS c Add dominionsx service under the heading New Services 2 When adding or editing a user or group the dominionsx service will appear under the heading TACACS Settings It can be enabled per user or per group by selecting the dominionsx and Custom Attributes check boxes Add the attributes port list and user t...

Page 94: ...84 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 95: ...repended to each of the port log files SIZE the maximum size for a log file before a new file is created IP1 the IP address of the NFS shared directory DIR1 the directory on the NFS server to write to IP2 Optional secondary NFS server to write to DIR2 Optional secondary NFS server s directory to write to The Per port log filename follows the following pattern PREFIX PortName Timestamp When the log...

Page 96: ...e port log files Example etc exports entry nfs domlogging 192 168 0 0 16 rw no_root_squash 2 Force all accesses to a certain UID GID Example etc exports entry nfs domlogging 192 168 0 0 16 rw all_squash anonuid 700 anongid 700 Make certain that the GID UID pair has write permission to the particular directory Explaining these concepts or providing other information about NFS is beyond the scope of...

Page 97: ...n IP address with an optional space separated port number If a recipient with a port number is to be removed include the port number in the delete command Traps may be sent to multiple ports with the same IP address NOTE At this time the Dominion SX system must be rebooted for configuration changes other than disabling SNMP to take effect Example in this example the username is TANAKA TANAKA Comma...

Page 98: ...ation changes require rebooting to take effect TANAKA Command snmp Enabled N Community public Trap Destinations 10 0 0 125 6 6 6 6 TANAKA Command snmp enable Any SNMP configuration changes require rebooting to take effect TANAKA Command snmp Enabled Y Community public Trap Destinations 10 0 0 125 6 6 6 6 ...

Page 99: ...ODEM has to be shared between modem and local port access usage The modem must be disabled before LPA can be enabled and vice versa Newer SX 4 and SX 8 units may have two serial ports with firmware release 2 2 the port labeled MODEM has to be used for connecting a local VT100 terminal or PC workstation laptop with HyperTerminal or other VT100 terminal emulation program Valid port speeds are 4800 9...

Page 100: ...abling Telnet For Dominion SX units that are already running firmware version 2 2 4 or higher the default port is 51000 and telnet can be enabled at any time Note The Dominion SX system must be restarted for changes to the service configuration to take effect To check what port the unit is currently installed on please log into the unit using a browser and click on the Configuration button on the ...

Page 101: ...led No SSH Enabled Yes TANAKA Command service telnet enable The system will need to be rebooted for changes to take effect TANAKA Command service ssh disable The system will need to be rebooted for changes to take effect TANAKA Command service Telnet Enabled Yes SSH Enabled No ...

Page 102: ...92 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 103: ... 60 Hz SX 16 DC 17 25 x 11 41 x 1 75 438 x 290 x 44mm 8 2 lbs 3 75 kg SX32 17 25 x 11 34 x 1 75 438 x 288 x 44mm 10 lbs 4 53 kg 110 220V auto switching 50 60 Hz DSXA 32 AC 17 25 x 11 34 x 1 75 438 x 288 x 44mm 10 lbs 4 53 kg DSXA 32 DC 17 25 x 11 34 x 1 75 438 x 288 x 44mm 10 0 lbs 4 53 kg SX48 11 41 x 17 32 x 1 75 290 x 440 x 44mm 8 77 lbs 3 98 kg 110 220V auto switching 50 60 Hz DSXA 48 DC 17 32...

Page 104: ...es Connectivity Table This table lists the necessary Dominion SX hardware adapters and or cables for connecting Dominion SX to common Vendor Model combinations VENDOR MODELS CONSOLE CONNECTOR SERIAL CONNECTION Checkpoint Firewall DB9M ASCSDB9F adapter and CAT5 cable Cisco PIX Firewall DB9M ASCSDB9F adapter and CAT5 cable Cisco Catalyst RJ45 CRLVR 15 cable or CRLVR 1 adapter cable Cisco Router DB25...

Page 105: ...APPENDIX A SPECIFICATIONS 95 Dominion SX Serial Pinouts The RJ45 connector on the rear of the unit has the following pinout RJ45 PIN SIGNAL 1 RTS 2 DTR 3 TxD 4 GND 5 Signal GND 6 RxD 7 DSR 8 CTS ...

Page 106: ...96 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 107: ...isabled Logging to NFS Disabled SERIAL PORTS Baud Rate 9600 Parity None Flow Control None To initiate access using http Ports 80 443 and 51000 can be configured must be kept open in the firewall in order for the unit to be operational When using https SSL S only TCP port 443 needs to be open port 80 can be closed For SSH access TCP port 22 needs to be open for Telnet access port 23 needs to be ope...

Page 108: ...98 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 109: ... public key with the real identity of an individual server or other entity It contains information identifying data and a public key a distinguishing name The certificate also contains the identification and signature of the certificate authority that issued the certificate and holds administrative information for the CA s use such as version number serial number issuer name etc To View the Certif...

Page 110: ...Certificate Authority signs all certificates that it issues with its private key and the CA certificate contains the corresponding public key A browser must contain this CA Certificate in its Trusted Root Library in order to trust certificates signed by the CA s private key For additional information please see http www cren net ca Figure 73 Hierarchies of Certificate Authorities Root CA USA CA IN...

Page 111: ... in its CA list which indicates signed Server Certificates If the verification is successful the Security Alert will not appear Figure 74 Schematic Diagram of Certificate Authentication Scheme Dominion SX Unit CA Root Certificate Self Signed Server Certificate Signed by CA Root s private Key This is downloaded when the user connects to the unit Install this in the Browser Browser CA Root Certifica...

Page 112: ...unit s IP address The Security Alert window will appear 2 Click on the View Certificate button and the Certificate window will appear Figure 75 Install Session Based Certificate 3 Click on the Install Certificate button This will install the certificate for the current session When the session closes this certificate will expire and will have to be reloaded upon with the next connection Install th...

Page 113: ... file by double clicking on it This will open the certificate Figure 76 View of CA_ROOT cer 7 Click on the Install Certificate button to start the Certificate Manager Import wizard Figure 77 Certificate Manager Import Wizard 8 Click on the Next button ...

Page 114: ... the following store radio button and click on the Browse button to choose a file you prefer Figure 78 Import Wizard Select a Certificate Page 10 Click on the Next button 11 Click on the Finish button Figure 79 Certificate Manager Import Wizard Completion Page 12 After installing the certificate close all IE Browsers and open a new IE Browser to continue working The next time you connect to the un...

Page 115: ...pen IE and select ToolsÆInternet Options from the main menu The Internet Options window will appear Figure 80 Internet Options Display 2 Click on the Content tab and click on the Certificates button The Certificates Manager window will appear Figure 81 Certificate Manager Display 3 Scroll through the list of certificates and click on the certificate to be deleted 4 Click on the Remove button 5 Cli...

Page 116: ...each Dominion SX unit you wish to access To eliminate the appearance of this window for every Dominion SX unit with a particular certificate you must install the root certificate in your browser described in the Install the Dominion SX Root Certificate section that follows 1 Open Netscape Navigator and connect to the IP address of the Dominion SX unit The New Site Certificate window will appear Fi...

Page 117: ...in the Certificate text field 4 Select the text in the Base64 Certificate field and copy it by selecting EditÆCopy from the main menu 5 Open Notepad or another text editor and paste the text you have copied into the editor by selecting EditÆPaste from the main menu 6 Save this file using the file name of your choice onto your desktop making certain to save it with the cacert extension for example ...

Page 118: ...saved in Step 6 and drag it into an open Netscape Navigator window The New Certificate Authority window should appear 11 Click on the Next button 12 Click on the Next button once more 13 The Certificate Fingerprint should be displayed Next to Signed by should appear Security Appliance CA Click on the Next button 14 Click on the first Accept this Certificate Authority for Certifying network sites c...

Page 119: ...cape Navigator and click on either the Security button or on the lock icon in the lower left of the window The Security Info window will appear 2 On the left side of this window locate Certificates and click on Web Sites Figure 87 Netscape Web Site Certificates Window 3 In the displayed list select the IP address of the Dominion SX unit from which the certificate was accepted 4 Click on the Delete...

Page 120: ...f this occurs select the root certificate code copy it and follow the steps outlined in the section Install the Raritan Root Certificate then follow the steps outlined below If the root certificate has already been installed the following error will appear Figure 88 Certificate Already Exists Alert Window for Netscape If the error message does not appear please skip ahead to Step 6 If the error me...

Page 121: ...en 7 The Certificate Fingerprint will appear providing information about the CA and the root certificate you are downloading It will look similar to the window below Record the Signed by information and click on the Next button Figure 90 New Certificate Authority Window in Netscape 8 Check the Accept this Certificate Authority for Certifying network sites checkbox The second and third boxes are op...

Page 122: ...112 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 123: ...o add users Information about the user is stored as a list of RADIUS protocol attributes and associated values These translate directly into the authentication reply the server will send back to the client 3 Reply items used by Dominion SX Products The following attributes are used by Dominion SX products Vendor Specific This Attribute is available to allow Raritan to support more detailed resourc...

Page 124: ... Authentication Service check box and click on the OK button 5 Click on the Next button B Configure IAS Port Information 1 To configure a remote IAS server you must have administrative privileges on the remote server 2 Open IAS select Start Programs Administrative Tools Internet Authentication Service 3 Right click on Internet Authentication Service and select Properties from the drop down menu 4 ...

Page 125: ... or MS CHAP do not click this option Notes If IAS receives an access request from a RADIUS proxy server IAS cannot detect the manufacturer of the NAS that originated the request This can cause problems if you plan to use authorization conditions based on the client vendor and have at least one client defined as a RADIUS proxy server Passwords shared secrets are case sensitive Be sure that the clie...

Page 126: ...tring following the format outlined above must be provided for every Dominion SX box contacting the RADIUS server or else the box will take a default value If the RADIUS Server is not configured for Vendor Specific type or if it fails to follow the above specifications the value specified for the Service Type will determine the privileges to be given to the user In this case the user will be given...

Page 127: ...icies Right click the policy for which interim accounting requests are to be generated and select Properties from the drop down menu On the Settings tab click Edit profile On the Advanced tab click Add In the Add Attributes dialog box select Acct Interim Interval and click on the Add button In the Attribute Information dialog box type the interval for generating interim accounting requests in the ...

Page 128: ... Routing and Remote Access 2 Right click on the server name for which you want to configure RADIUS authentication and select Properties from the drop down menu 3 Click on the Security tab and under Authentication Provider select RADIUS Authentication 4 Click on the Apply button 5 Click on the OK button J Enable the IAS Server to Read User Objects in Active Directory 1 Log on to the IAS server with...

Page 129: ...does not automatically assume the permissions and memberships of the previously deleted account because the security descriptor for each account is unique All permissions and memberships must be manually recreated to duplicate a deleted user account L Create Groups in Active Directory and Add User Accounts This procedure provides guidelines to assign different roles Administrative Operator and Obs...

Page 130: ...he Add button h Click on the appropriate group and click on the OK button After these steps are executed a new user can connect to the NAS device and IAS will look at the user name find the group in which it is a member and use the policy associated with that group ...

Page 131: ...validated however other versions of the RADIUS server should operate with the unit Only the user s role can be controlled on the unit using the RADIUS IETF option Note Access restrictions to specific ports on the unit cannot be controlled 1 Log on to Cisco ACS Server using the browser Figure 91 Cisco ACS Main Display 2 Click on the Network Configuration button in the left panel of the screen and s...

Page 132: ... Click on the RADIUS IETF link to edit properties Under the User heading click on the check boxes before Service Type and Framed Protocol Click on the Submit button Figure 94 RADIUS Properties Display 5 To add new users and configure RADIUS IETF attributes click on the User Setup button in the left panel of the screen Enter the user s name and click on the Add Edit button ...

Page 133: ... RADIUS IETF section Figure 96 User Properties Display 8 Click on the Service Type check box and select the appropriate service type from the drop down menu Administrative User with this Service type will have Administrative privileges on the unit and access to all the ports NAS Prompt User with this Service Type will have Operator privileges on the unit and access to all the ports Login User with...

Page 134: ...124 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 135: ...edures for the ACE server but assumes that the administrator is familiar with the ACE server and has the ability to set up and configure the application Guidelines are provided to allow SecureID to be used with the Dominion SX units These steps must be performed on the RADIUS server in order to use SecureID 1 Configure all the units define them in the RADIUS server database 2 Establish profiles 3 ...

Page 136: ... option for Dominion SX units e Encryption Type Select DES radio button for Dominion SX units f Open to All Locally Known Users Checking this box makes the Agent Host an open Agent Host which needs no specific user or group activations Any valid user in the local Server database can authenticate on an open Agent Host g Assign Change Encryption Key If RADIUS is installed and enabled on your system ...

Page 137: ...vice Type Profiles and corresponding user roles are as follows Administrative User Users with this profile will have Administrator privileges on the unit they will have read write access to all ports and will be able to edit the unit s configuration NAS Prompt Users with this profile will have Operator privileges on the unit they will have read write access to all ports but will not be able to edi...

Page 138: ...o return to the main menu Figure 103 Add Attribute Display Note Only the user s Role can be controlled on the Dominion SX units using specific Service Type profiles Access restriction to specific ports on cannot be controlled 8 Select User Add User Edit User in the main menu to add a user and assign the appropriate profile Figure 104 Add User Display ...

Page 139: ...nit Selection Display per User 11 To configure the Dominion SX device to use RSA ACE Server as the RADIUS authentication server log on to the unit with the local administrative account click on the Configuration button in the left panel and select the RADIUS tab Configure the appropriate RADIUS Server IP address Shared Secret encryption key and Port The unit is now ready to authenticate the user u...

Page 140: ...municate with it check with your LDAP server administrator We recommend you obtain this information before you start configuring LDAP on the Dominion SX 3 Click on the Enable LDAP check box to enable LDAP 4 Type a valid IP address in the Primary Server field 5 The default TCP Port is 389 for LDAP For LDAP S type 636 in the Port field 6 Type the secret password in the Secret field 7 Re type the sec...

Page 141: ...twork as the Dominion SX After the dial up connection is established connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP Modem installation guidelines are provided for the following client based systems Windows NT Windows 98 Windows 2000 Windows NT Dialup Networking Configuration 1 Select Start Programs Accessories Dial Up Networking 2 Click on the New button F...

Page 142: ... modem installed in your workstation Figure 109 New Phone Entry Display 4 Click on the Security tab The Security section allows you to specify the level of security to use with the modem connection When connecting to the Dominion SX unit security is provided by SSL with RC4 encryption therefore no dialup security is required a Click on the Accept any authentication including clear text radio butto...

Page 143: ...1 Configuring Windows 98 Dialup Networking Figure 112 Make New Connection Connection Name 3 In the Make New Connection window enter a Name Name for the Dominion SX unit you are dialing b Device Device you wish to use to connect to the Dominion SX unit from the drop down list this will be the Modem c Click on the Next button d Area code and phone number The full number of the phone line connected t...

Page 144: ...icon and in the Connect To window that appears click on the Connect button to establish the connection with the Dominion SX unit No username or password is required for connection as the security is provided by the Dominion SX unit authentication protocol Figure 114 Connect to Window 5 Once logged in you may connect to the Dominion SX unit with a supported Java enabled browser Or for getting acces...

Page 145: ...Up Connections 2 When the Network and Dial Up Connections window appears double click on the Make New Connection icon Figure 115 Windows 2000 Network and Dialup Connections 3 Follow the steps in the Network Connection Wizard window to create custom dialup network profiles Click on the Next button Figure 116 Welcome to the Network Connection Wizard ...

Page 146: ...e Dial up to private network radio button and click on the Next button Figure 117 Network Connection Type 5 Click on the check box before the modem that you want to use to connect to the Dominion SX unit and then click on the Next button Figure 118 Device Selection ...

Page 147: ... box and enter the Area code and Phone number you wish to dial in the fields Click on the Next button Figure 119 Phone Number to Dial 7 In the Connection Availability screen click on the Only for myself radio button Click on the Next button Figure 120 Connection Availability ...

Page 148: ...f the Dial up connection Figure 121 Network Connection Wizard Completion 9 Click on the Finish button 10 To connect to the remote machine when the Dial Window appears click on the Dial button A window indicating that a successful connection has been established will appear If you get any errors during this phase please consult your Windows 2000 Dial up Networking Help ...

Page 149: ...e used to audit track and trace the conditions of and modifications to the unit itself This appendix describes the architecture and features of the TCL script engine and provides information to help you develop scripts to manage multiple remote target devices TCL Architecture with Target System The following diagram illustrates the TCL Engine architecture GUI Target Write Module Target Read Module...

Page 150: ...t should be affected amplock ampunlock port TCL engine locks the write access for this port GUI users using the Java Console cannot supersede TCL and force TCL unlock by the issuing the Get Write Access or F8 key An administrator may only force a TCL unlock by issuing a Reset from the Script Shell window or main GUI The TCL user must lock the write access in order for the TCL Engine to write to th...

Page 151: ...boot scr The boot script can access the RS 232 ports but the user must insure that the write locks are released otherwise no user will be able to get write access to the console of the remote target device In case a write lock is not released the user has to change the boot script appropriately and perform a soft reset File System Dominion SX includes a general purpose flash file system which can ...

Page 152: ...porated supports TCL 7 0 All built in TCL commands for TCL 7 0 are supported except exec interp library and TCLvars The following TCL commands are supported append glob pwd array global read break history regexp case if regsub catch incr rename cd info return close join scan concat lappend seek continue lindex set eof linsert source error list split eval llength string exit lrange switch expr lrep...

Page 153: ...t button Therefore full software reset from the GUI may be necessary to restart the interpreter When a Reset has been issued to the TCL Interpreter the BOOT SCR will NOT be executed This will prevent errors in the boot script from incapacitating the interpreter Not all conditions are recoverable by Reset The user may have to execute a factory reset to remove the error condition When factory reset ...

Page 154: ...take input if the script is designed to accept them Automatic Execution of a TCL Script upon Power Up For a TCL script to be executed automatically upon each reboot or power cycle of the unit the script needs to be named boot scr and placed in the ata usr directory Important Using ampreset ampformatfs or ampupgrade in a boot script may lead to unknown state ...

Page 155: ...r port_num 1 ampclear port_num amplock port_num set output pstat httpd port_num ampunlock port_num if output 0 puts HTTP_SERVER_OK port_num amptriggerevent event user httpProcess HTTP service is up and running on port_num else puts HTTP_SERVER_ERROR port_num amptriggerevent event user httpProcess HTTP service down on port_num In the Notification tab of the unit the user can subscribe to either of ...

Page 156: ...ion ampgetconfiguration network modem datacom smtp radius If a specific category is specified then the data for that category will be displayed Usage ampgetconfiguration category port_number Category can be network datacom smtp and radius Port_number valid port number applies only to datacom category otherwise not used ampgetconfiguration network Hostname RaritanConsole_C3200 IP 10 0 1 41 SubnetMa...

Page 157: ... listing all the currently configured users and their user account parameters Usage ampgetuser ampgetuser Users Steve Gaumer John Smith Michael White Fredrick Jones Note The names are not shown with any delimiters If a specific user is specified only that user s account information is listed If the user name contains spaces the name needs to be entered in quotes Usage ampgetuser user_name ampgetus...

Page 158: ... Wright pass1285 1 2 3 4 Unix System Administrator in Training user pwright set ampsave save complete ampgetuser Users Steve Gaumer John Smith Michael White Fredrick Jones Patrick Wright ampgetuser Patrick Wright userid 1 loginname pwright capability observer username Patrick Wright userinfo Unix System Administrator in Training Ports 1 2 3 4 amprmuser Deletes the named user account Usage amprmuse...

Page 159: ...e ampupgrade ip_address file_path login password port_number Ip_address location of the files that are to be used in the upgrade File_path location where the files are stored Login optional ampgetversion Returns a string containing a version report Usage ampgetversion ampgetversion Kernel version K 02 00 000 Software version K 02 00 000 GUI version K 02 00 000 ampgetipacl Returns a string containi...

Page 160: ...ipacl Either turns on or turns off access based on source IP address Usage ampsetipacl enable disable Enable turns on ip acl Disable turns off ip acl ampsetipacl enable set IP acl successful ampsave save complete ampgetipacl IP acl enabled acl entries 1 10 0 1 120 255 255 0 0 amprmipacl Removes an IP address from the IP ACL list Usage amprmipacl ip_address or amprmipacl all ip_address ip address t...

Page 161: ...ring representing the next chunk of console data up to and including the terminator or the end of the data stream when a timeout occurs in seconds whichever comes first Note Issue an ampclear command to clear old data before starting any new operations The terminator can be a multi character up to 32 string specified in quotes ampwrite string port Writes the string to the console the script must f...

Page 162: ... to be read by the interpreter calls exec on the input and returns the resulting string to the client ampsave Saves any changes to the system configuration In order for changes network to take effect the system will be rebooted ampreload Reloads the previous configuration before changes were made amppermission on off In order for observers and operators to access a user programmed TCL Script Serve...

Page 163: ... 0 TCL_OK No message returned 1 TCL_ERROR wrong args should be ampwritesocket socketDescriptor message Command failed Invalid Socket Descriptor s write socket failed ampclosesocket socket_id Closes the socket represented by the socket ID If the command fails or the arguments are invalid the command will return an error with an error message Command Return Messages 0 TCL_OK No message returned 1 TC...

Page 164: ...fore starting any new operations ampgetmacaddress Returns the Ethernet MAC address of the unit ampsetconfig datacom checkparity value Enables the parity bit if value is 1 disables the parity bit if value is 0 An administrator operator user will not have write access in a console window when a TCL script is running and has executed amplock for that port Issuing an F8 or Get Write Access will not re...

Page 165: ...ints amplisten checks to see if there is a new command from any client Puts will push back the response to the output buffer ampresponse will push the previous response back to the EXACT client who sent the command Due to security the TCL scripting feature is not normally accessible by Operators or Observers However for the TCL Server to be general Operators and Observers need access to the TCL sc...

Page 166: ...nterval Interval at which the TCL script has to do checking To quit out of the script type QUIT and hit enter Default threshold is 2 set thr 2 Default interval is 10 seconds set intr 10 change this mail id to your own set mailid mailto xyz xyz com initalize events proc initEvents global mailid add subscriptions to events ampaddsubscription event alarm cpu mailid save subscription ampsave delete ev...

Page 167: ...ent if user process utilization has gone beyond threshold if us thr amptriggerevent event alarm cpu User Process CPU utilization goes beyond threshold thr on port port listen to command inputs from user QUIT THR INTR proc ListenCmds global thr incr set cmd amplisten if string compare cmd QUIT 0 puts Quitting ampresponse return 1 elseif string match THR cmd scan cmd s d c thr puts Threshold is thr ...

Page 168: ... points Use ampclear to remove all history information for a port Use ampread with n as terminator since the script has to read each line to find out the user process utilization that is on the 10th line Use amptriggerevent to trigger a user defined event event alarm cpu The event may not begin with amp as that namespace is reserved for system generated events A user may subscribe to events relate...

Page 169: ...elay 10 amplock 1 puts Lock Acquired ampresponse elseif s QUIT amppermission on ampunlock 1 puts Exiting script ampresponse break else Allow observers and operators to issue commands to this TCL Service Lock the console for this TCL service to use Clear old data in the TCL internal buffer so that there is no confusion when data is gathered upon user request Initializing variables Read in user comm...

Page 170: ...X INSTALLATION AND OPERATIONS MANUAL puts A TCL script is running rInputs accepted are DATA READ1 READ2 READ3 CONSOLE QUIT ampresponse Input received is not as per expectation Remind user what the expected inputs are ...

Page 171: ...g to connect to the Dominion SX URL using Microsoft IE a web page may appear indicating a DNS error and reading that the server is unreachable Remove any installed Dominion SX certificates and restart the browser Unsupported Encryption The unit supports only 128 bit SSL encryption In Internet Explorer view Help About Internet Explorer and determine the maximum SSL bit strength for the browser If i...

Page 172: ... security warning This is normal behavior The warning message does not affect operation of the unit Login PROBLEM SOLUTION Login Failure To provide additional security the unit login screen expires after 20 minutes therefore all login attempts after this time period will fail Reload the browser to reset this timer Hold down the Shift key and click on the Reload button in your browser This will ref...

Page 173: ...or until a timeout occurs Please wait and allow the FTP Server Unreachable message to appear FTP File Not Found The unit requires a package of upgrade files to be in the directory specified by the upgrade path This package must have all included files and an upgrade cnf file Should this file not exist or if the contents of the file are not in the indicated places the File Not Found message will ap...

Page 174: ...164 DOMINION SX INSTALLATION AND OPERATIONS MANUAL ...

Page 175: ...ory default reset sequence consists of the following A solid green light for about 5 seconds then no light for about 15 20 seconds then another solid green light for about 5 seconds and then 3 green flashes about 1 second each The total time for this sequence is generally about 40 seconds The IP address for the unit will be reset to 192 168 0 192 Important Performing a hard reset as described abov...

Page 176: ...en click Upgrade and then follow the prompts You will need to enter the IP Address and File Path to perform the upgrade What if I forget or lose my password Any Administrator can assign any user Administrator Operator or Observer a new password if it is forgotten or lost Important If there is only one Administrator and he she forgets his her password then the unit must be factory reset and re conf...

Page 177: ...APPENDIX J TECHNICAL FAQS 167 ...

Page 178: ...168 DOMINION SX INSTALLATION AND OPERATIONS MANUAL 255 60 2000 ...

Reviews:

No comments