Black Box LES1516A Скачать руководство пользователя страница 313 | Manualshive

Страница: 313 / 348

background image

313

1.877.877.2269

BLACKBOX.COM

NEED HELP?

LEAVE THE TECH TO US

LIVE 24/7

TECHNICAL

SUPPORT

1.877.877.2269

CHAPTER 16: ADVANCED CONFIGURATION

The OpenSSL project itself ‘highly recommends’ Ivan Ristić’s OpenSSL Cookbook, available as a free download from https://
feistyduck.com/books/openssl-cookbook/.

16.8 HTTPS

The Management Console UI is served using HTTPS by the built in cherokee webserver.
If your default network address is changed or the unit is to be accessed via a known Domain Name you can use the following steps
to replace the default SSL Certificate and Private Key with ones tailored for your new address.

16.8.1 GENERATING AN ENCRYPTION KEY

To create a 1024 bit RSA key with a password issue the following command on the command line of a linux host with the openssl
utility installed:

# openssl genrsa -des3 -out ssl_key.pem 1024

16.8.2 GENERATING A SELF-SIGNED CERTIFICATE WITH OPENSSL

This example shows how to use OpenSSL to create a self-signed certificate on a Linux- or Unix-based system. OpenSSL ships as
part of macOS and is available for most Linux distributions via the default package management mechanism.
The OpenSSL project ‘does not distribute any code in binary form, and does not officially recommend any specific binary
distributions.’ The project does, however, maintain a page on its community wiki: https://wiki.openssl.org/index.php/Binaries.
This page lists 3rd-party binaries that are ‘stable and can provide continued support for OpenSSL’. Windows users should check
here for a suitable binary.
To create a 1024-bit RSA key and a self-signed certificate, issue the following command from the host you have openssl installed
on:

# openssl req -x509 -nodes -days 1000 -newkey rsa:1024 -keyout \

ssl_key.pem -out ssl_cert.pem

You will be prompted to enter a lot of information. Most of it doesn't matter, but the Common Name should be the domain name of
your computer (for example, test.Black Box.com).
When you have entered everything, the certificate will be created in a file called ssl_cert.pem.

16.8.3 INSTALLING THE KEY AND CERTIFICATE

The recommended method for copying files securely to the console server unit is with a Secure Copying Protocol client (for
example, the shell-based tool: scp).
The scp utility ships with macOS and ships with OpenSSH for most Linux distributions. Windows users can use something like the
PSCP command line utility available with PuTTY.
The files created in the steps above can be installed remotely with the scp utility as follows:

# scp ssl_key.pem root@<address of unit>:/etc/config/

# scp ssl_cert.pem root@<address of unit>:/etc/config/

«
...
311
312
313
314
315
...
»

Содержание LES1516A

Страница 1: ...24 7 TECHNICAL SUPPORT AT 1 877 877 2269 OR VISIT BLACKBOX COM PWR OK BACK H B SER NET WIFI WIFI MAIN WIFI AUX SD CARD USB PORTS V 92 MODEM CONSOLE ERASE LES SERIES CONSOLE SERVERS LES1500 LES1600 LES...

Страница 2: ...VIEW 23 2 1 Available Models Comparison Charts 23 2 2 What s Included 24 2 2 1 LES1500 Series LES1516A LES1532A LES1548A 24 2 2 2 LES1600 Series 24 2 2 3 LES1700 Series 24 2 3 Hardware Description 25...

Страница 3: ...lover or Broadband OOP 52 4 6 4 Aggregating the Network Ports 53 4 6 5 Wi Fi Wireless LAN 54 4 6 6 Static Routes 56 4 7 Configuration Over DHCP ZTP 57 4 7 1 Ensuring the Console Server is Unconfigured...

Страница 4: ...the VPN Gateway 88 5 10 Open VPN 90 5 10 1 Enable the OpenVPN 90 5 10 2 Configure as Server or Client 92 5 10 3 Windows OpenVPN Client and Server Setup 93 5 11 PPTP VPN 97 5 11 1 Enable the PPTP VPN S...

Страница 5: ...orwarding 130 6 8 1 Configuring Network Forwarding and IP Masquerading 131 6 8 2 Configuring Client Devices 132 6 8 3 Port and Protocol Forwarding 134 6 8 4 Firewall Rules 135 6 8 5 Packet State Match...

Страница 6: ...ing Using Other SSH Clients for example PuTTY 164 7 12 VNC Security 165 8 ALERTS AUTO RESPONSE AND LOGGING 166 8 1 Configure Auto Response 166 8 2 Check Conditions 168 8 2 1 Environmental 168 8 2 2 Al...

Страница 7: ...2 4 UPS Alerts 200 9 2 5 UPS Status 201 9 2 6 Overview of Nework UPS Tools NUT 202 9 3 Digital I O Ports 203 9 3 1 Digital I O Output Configuration 203 9 3 2 Digital I O Input Configuration 204 9 3 3...

Страница 8: ...Configuration 226 11 3 2 Basic Nagios Plug ins 230 11 3 3 Additional Plug ins 231 11 3 4 Number of Supported Devices 232 11 3 5 Distributed Monitoring Usage Scenarios 233 12 SYSTEM MANAGEMENT 235 12 1...

Страница 9: ...20 Services 279 15 1 21 Nagios 281 16 ADVANCED CONFIGURATION 283 16 1 Custom Scripting 283 16 1 1 Custom Script to Run when Booting 283 16 1 2 Running Custom Scripts when Alerts are Triggered 284 16...

Страница 10: ...yption Key 313 16 8 2 Generating a Self Signed Certificate with OpenSSL 313 16 8 3 Installing the Key and Certificate 313 16 8 4 Launching the HTTPS Server 314 16 9 Power Strip Control 314 16 9 1 The...

Страница 11: ...Statement 336 B 2 NOM Statement 337 APPENDIX C CONNECTIVITY TCP PORTS AND SERIAL I O 338 C 1 Serial Port Pinouts 338 C 2 Local Console Port 339 C 3 RS 232 Standard Pinouts 339 C 4 Console Server Conn...

Страница 12: ...12 1 877 877 2269 BLACKBOX COM NEED HELP LEAVE THE TECH TO US LIVE 24 7 TECHNICAL SUPPORT 1 877 877 2269 REVISION HISTORY RELEASE V6 38 REVISION HISTORY...

Страница 13: ...hen disconnecting the power cord from the socket Do not connect or disconnect the console server during an electrical storm We recommend that you use a surge suppressor or UPS to protect the equipment...

Страница 14: ...ion Physical installation of the console server and the interconnecting of managed devices 4 System configuration Initial installation and configuration of the console server and the supported service...

Страница 15: ...access authorized configured devices and review port logs In this manual when the term user lower case is used it is referring to both classes of users above This document also uses the term remote u...

Страница 16: ...877 2269 BLACKBOX COM NEED HELP LEAVE THE TECH TO US LIVE 24 7 TECHNICAL SUPPORT 1 877 877 2269 ABOUT THIS MANUAL WHERE TO FIND ADDITIONAL INFORMATION The Quick Start Guide that came with your consol...

Страница 17: ...Management Built in web terminal SSH direct to consoles optional console keystroke logging alert on cable disconnects text pattern match and more inline power control multiple concurrent sessions Powe...

Страница 18: ...B Class A ICES 003 Issue 4 February 2004 AS NZS CISPR 22 2004 Class A EN 55022 Emissions Class A 2009 A1 2010 EN 61000 3 2 Harmonics Current Emissions 2014 EN 61000 3 3 Voltage Fluctuation and Flicke...

Страница 19: ...gh voltage digital outputs HVDO 5 30 VDC 100 mA drives relays alarms etc Console Management Built in web terminal SSH direct to consoles optional console keystroke logging alert on cable disconnects i...

Страница 20: ...TP Certifications Emissions FCC Part 15 Subpart B 2015 EN55022 2010 CISPR 22 2008 ICES 003 Issue 5 2014 AS NZS CISPR 22 2009 A1 2010 EN 61000 3 2 2006 A2 2009 EN 61000 3 3 2008 Immunity EN 55024 2010...

Страница 21: ...al Ethernet aggregation and redundancy remote access automatic network failover easy browser UI IPv6 Console Management Built in web terminal SSH direct to consoles optional console keystroke logging...

Страница 22: ...Part 15 Subpart B Class A ICES 003 Issue 4 February 2004 AS NZS CISPR 22 2004 Class A EN 55022 Emissions Class A 2009 A1 2010 EN 61000 3 2 Harmonics Current Emissions 2014 EN 61000 3 3 Voltage Fluctu...

Страница 23: ...ngle AC LES1604A R 4 4 2 256 32 MB 4 GB cellular 4G WiFi Single AC LES1608A 8 4 2 256 32 MB 4 GB Single AC LES1708A 8 2 2 256 64 MB 16 GB POTS WiFi Dual AC LES1716A 16 2 2 256 64 MB 16 GB POTS WiFi Du...

Страница 24: ...S1548A 1 Console Server 2 CAT5 UTP cables 1 DB9F to RJ 45 straight through adapter 1 DB9F to RJ 45 crossover adapter 1 IEC AC power cord 1 Quick Start Guide 2 2 2 LES1600 SERIES 1 Console Server 1 Ext...

Страница 25: ...S1548A FRONT PANEL 9 10 11 12 8 FIGURE 2 2 LES1548A BACK PANEL TABLE 2 3 LES1548A CONSOLE SERVER COMPONENTS NUMBER IN FIGURE 2 1 OR 2 2 COMPONENT DESCRIPTION 1 1 PWR LED Lights when power is on 2 1 H...

Страница 26: ...BACK PANEL TABLE 2 4 LES1604A CONSOLE SERVER COMPONENTS NUMBER IN FIGURE 2 3 OR 2 4 COMPONENT DESCRIPTION 1 H B LED Heartbeat LED lights when firmware is running 1 Serial LED Active serial communicati...

Страница 27: ...OK button Confirm selection 3 BACK button Go back to previous selection 4 PWR LED Lights when power is on 5 H B LED Heartbeat LED lights when firmware is running 6 Serial LED Active serial communicati...

Страница 28: ...ION All Black Box console servers ship with Ethernet ports These ports are located on the rear panel of the rackmount LES1516A LES1532A LES1548A units and on the front of the smaller LES1600 units All...

Страница 29: ...nnections Black Box supplies a range of cables and adapters that may be required to connect to the more popular servers and network appliances Before connecting the console port of an external device...

Страница 30: ...al Ground n a 5 CTS Clear To Send Input 6 RXD Receive Data Input 7 DCD Data Carrier Detect Input 8 DSR Data Set Ready Input 3 3 2 CISCO RJ 45 PINOUT The LES1600 LES1516A LES1532A and LES1548A models h...

Страница 31: ...ires at least one external WiFi antenna to be attached 3 5 1 LES1604A V T R MODELS LES1600s come with internal 4G LTE modems and dual mini SIM card slots LES1604A V T R The T models work with AT T USA...

Страница 32: ...S1700 MODELS The LES1700 models have an internal 802 11 WiFi adapter and come with an external WiFi antenna Before powering on the LES1700 Screw wireless antenna on to the WIFI MAIN SMA connector The...

Страница 33: ...ddress and subnet mask IP address 192 168 0 1 Subnet mask 255 255 255 0 For initial configuration we recommend that you connect the console server directly to a single computer If you choose to connec...

Страница 34: ...y to the ARP table and ping the console server to assign the IP address to the console server In the example below a console server has the MAC Address 00 13 C6 00 02 0F designated on the label on the...

Страница 35: ...ent versions of the popular browsers Internet Explorer Firefox Chrome Safari and more You will be prompted to log in Enter the default administration username and administration password Username root...

Страница 36: ...nto a console server So only those people who know the root password can access and reconfigure the console server itself The corollary is that anyone who correctly guesses the root password can gain...

Страница 37: ...ld be set up and this new user should be used for ongoing console server administration rather than relying on the root user This new user can be configured in the admin group with full access privile...

Страница 38: ...w IP Address Subnet Mask Gateway and DNS server details This selection automatically disables the DHCP client By default the console server LAN port auto detects the Ethernet connection speed To lock...

Страница 39: ...as detailed earlier in this chapter Click Apply Reconnect the browser on the computer that is connected to the console server by entering https new ip address here 4 3 1 IPV6 CONFIGURATION By default...

Страница 40: ...erly operated as 3322 org NOTE Two previously supported DDNS providers are ODS which is no longer operating and TZO which was bought by Dyn and is no longer operating independently Upon registering wi...

Страница 41: ...as changed Specify the Maximum attempts per update that is the number of times to attempt an update before giving up By default this is set to 3 4 4 SERVICES AND SERVICE ACCESS The Administrator can a...

Страница 42: ...where the Administrator connects to the console server over the Internet or any other public network This will provide authenticated communications between the SSH client program on the remote compute...

Страница 43: ...to configuration succeeded The Services Access settings can now be set to allow or block access This specifies which enabled services the Administrator can use over each network interface to connect t...

Страница 44: ...hile remote administrators using Dial In or Cellular have no telnet access unless they set up a VPN FIGURE 4 13 SERVICE ACCESS EXAMPLE The Respond to ICMP echos that is ping service access options can...

Страница 45: ...connecting for the next 60 seconds Active Bans are also listed and may be refreshed by reloading the page NOTE When a Black Box device is running on an untrusted network we recommend that you use a va...

Страница 46: ...database servers Web server Desktop PCs Network appliance LAN FIGURE 4 15 SDT CONNECTOR APPLICATION EXAMPLE SDT Connector is a Java client program that couples the trusted SSH tunneling protocol with...

Страница 47: ...erminal session from a Windows client you enter the console server s IP address as the Host Name or IP address To access the console server command line you select SSH as the protocol and use the defa...

Страница 48: ...e system will prompt you for a username and password Enter these to login to the console server 4 6 MANAGEMENT NETWORK CONFIGURATION The LES1700 LES1516A LES1532A LES1548A LES1508A and LES1600 console...

Страница 49: ...consoles Management network FIGURE 4 18 MANAGEMENT LAN ENABLED NOTE The second ethernet port Network LAN2 on the LES1700 LES1516A LES1532A LES1548A or LES1600 can be configured as either a Management...

Страница 50: ...er Eth 1 32 or 2 4 Management LAN Serially connected consoles FIGURE 4 19 CONFIGURE AS MANAGEMENT LAN OR OOB FAILOVER PORT Management LAN features are disabled by default To configure a Management LAN...

Страница 51: ...to devices on the Management LAN that are running DHCP clients To enable the DHCP server Navigate to System IP Select the Management LAN Interface tab Check the Enable DHCP Server checkbox Enter the...

Страница 52: ...hese into the pre assigned list so the same IP address will be reallocated in the event of a reboot FIGURE 4 22 PRE ASSIGN IP ADDRESSES 4 6 3 SELECT FAILOVER OR BROADBAND OOB The LES1700 LES1516A LES1...

Страница 53: ...or by establishing an IPsec VPN tunnel to the console server All the wired network ports on the console servers can be aggregated by being bridged or bonded Navigate to System IP Click the General Se...

Страница 54: ...rrect country is not listed select the World Regulatory Domain Select an SSID for the network This should be unique Check the Broadcast SSID check box This should in general be done Not broadcasting a...

Страница 55: ...hat will serve as the main network connection to the console server Select the correct country from the Country list If the correct country is not listed select the World Regulatory Domain Enter the S...

Страница 56: ...Enter a value in the Destination netmask field that identifies the destination network or host Any number between 0 and 32 A subnet mask of 32 identifies a host route Fill the Route Gateway field wit...

Страница 57: ...ocument paste the copied data into the empty document and save the file Whatever file name you choose it must include the xml filename suffix Copy the saved opg or xml file to a public facing director...

Страница 58: ...the file server and a to be configured Black Box device includes an untrusted network a two handed approach can mitigate the issue NOTE This approach introduces two physical steps where trust can be...

Страница 59: ...nssl req new key client key out client csr subj CN ExampleClient openssl ca days 365 in client csr out client crt keyfile ca key policy policy_anything batch notext cat client key client crt client pe...

Страница 60: ...tails 4 7 6 USING UNCONFIGURED CONSOLE SERVER ON FIRST BOOT TO UPDATE FIRMWARE This process requires three things a console server running firmware 3 16 6 or later a file containing the current config...

Страница 61: ...les1700 version the firmware s version number 4 1 0u3 Once downloaded a configuration file is checked if it is a opg file its header is checked for compatibility with the current device if it is a xml...

Страница 62: ...is whichever one of the following files is found first client AABBCCDDEEFF pem AABBCCDDEEFF is the MAC address of the console server s primary network interface client MODEL pem MODEL is the vendor c...

Страница 63: ...Windows UNIX BSD servers VoIP PBX Switch Router Firewall Power strip UPS FIGURE 5 1 This chapter covers each of the steps in configuring network connected and serially attached devices TABLE 5 1 STEPS...

Страница 64: ...hical console access with RDP VNC HTTPS etc to hosts that are serially connected Terminal server Sets the serial port to await an incoming terminal login session Serial bridge Enables the transparent...

Страница 65: ...the port Select the appropriate Baud Rate Parity Data Bits Stop Bits and Flow Control for each port Set the Signaling Protocol This menu item only presents in ports with RS 422 485 options all ports o...

Страница 66: ...r 8 Enable or disable Telnet access When the Telnet service is enabled on the console server a Telnet client on a User s or Administrator s computer can connect to a serial device attached to this ser...

Страница 67: ...rators can use SDT Connector to set up secure Telnet connections that are SSH tunneled from their client computers to the serial port on the console server SDT Connector can be installed on Windows PC...

Страница 68: ...Administrator connects to the console server or connects through the console server to the attached serial consoles over the Internet or any other public network This will provide authenticated SSH co...

Страница 69: ...ently interconnect over a network see Section 5 1 6 Enable or disable RFC 2217 access Enabling RFC 2217 access enables serial port redirection on that port For RFC 2217 the default port address is IP...

Страница 70: ...sible using the standard protocol TCP port numbers of the console server services For example SSH on serial port 3 would be accessible on port 22 of a serial port IP alias whereas on the console serve...

Страница 71: ...ng escape characters The default is Enable or disable the Power Menu 5 1 3 SDT MODE This Secure Tunneling setting allows port forwarding of RDP VNC HTPP HTTPS SSH Telnet and other LAN protocols throug...

Страница 72: ...ironmental as detailed in Chapter 9 5 1 5 TERMINAL SERVER MODE Enable Terminal Server Mode and set the Terminal Type vt220 vt102 vt100 Linux or ANSI to enable a getty on the selected serial port FIGUR...

Страница 73: ...is set in Console Server mode with either RFC2217 or RAW enabled as described in Section 5 1 2 Local Ethernet LAN Serially connected device e g security appliance COM port connected control PC FIGURE...

Страница 74: ...slog Priority to critical At this priority if the console server syslog server does receive a message it will automatically raise an alert See Chapter 8 for more 5 1 8 NMEA STREAMING The LES1600 can p...

Страница 75: ...Moreover and aside from their utility as USB connections all the USB ports on these console servers can function as plain RS 232 serial ports when a USB to serial adapter is connected These USB ports...

Страница 76: ...configures the running LLDP service Persistent custom configuration changes can be added to the system through configuration files placed in etc config lldpd d Custom configuration files which must ha...

Страница 77: ...they can reconfigure the console server settings e g to enabled HTTP Telnet for future access They can also access any of the connected Hosts or serial port devices using any of the services that hav...

Страница 78: ...he Accessible Hosts Accessible Ports and Accessible RPC Outlet s that you wish any users in this new Group to be able to access Click Apply The Administrator can Edit or Delete any added group 5 2 2 S...

Страница 79: ...plus if the user is a Group member they can also access any other device port outlet that was set up as accessible to the Group NOTE There are no specific limits on user number nor on the number of us...

Страница 80: ...be logged and monitored for each Host access See Chapter 8 for more information If the Host is a PDU or UPS power device or a server with IPMI power control specify RPC for IPMI and PDU or UPS and the...

Страница 81: ...applied to FIGURE 5 19 SERIAL NETWORK TRUSTED NETWORKS SCREEN Enter the Network Address of the subnet to be permitted access Specify the range of addresses that are to be permitted by entering a Netw...

Страница 82: ...essed through one IP address and managed through the one Management Console One console server the Master controls other console servers as Slave units and all the serial ports on the Slave units appe...

Страница 83: ...ually upload the key public and private key pair to the Master console server Select System Administration on the master s Management Console Browse to the location you have stored RSA or DSA Public K...

Страница 84: ...e any need to supply a password 5 6 3 CONFIGURE THE SLAVES AND THEIR SERIAL PORTS You can now begin setting up the slaves and configuring slave serial ports from the master console server Select Seria...

Страница 85: ...rt setting on the master the updated configuration files will be sent out to each slave in parallel Each slave will then automatically make changes to their local configurations and only make those ch...

Страница 86: ...pseudo tty port receives data from the pseudo tty port transmits it to the console server through network and receives data from the console server through network and transmits it to the pseudo tty p...

Страница 87: ...the name of the powered Managed Device To add a new serially connected Managed Device Configure the serial port using the Serial Network Serial Port menu see Section 5 1 Select Serial Network Managed...

Страница 88: ...w net to remotely access the advanced console server and every machine on the Management LAN subnet at the remote location Configuration of IPsec is quite complex so Black Box provides a simple GUI in...

Страница 89: ...mask For example 192 168 0 0 24 indicates an IP address where the first 24 bits are used as the network address This is the same as 255 255 255 0 If the VPN access is only to the console server itself...

Страница 90: ...o allows the use of Dynamic IP addresses by both the server and client thus providing client mobility For example an OpenVPN tunnel may be established between a roaming windows client and an Black Box...

Страница 91: ...tp openvpn net index php documentation howto html auth For more information also see http openvpn net howto html Select the Device Driver to be used either Tun IP or Tap Ethernet The TUN network tunne...

Страница 92: ...LS SCREEN If Server is selected enter the IP Pool Network address and the IP Pool Network mask for the IP Pool The IP Pool Network provides addresses for connecting clients Click Apply To enter authen...

Страница 93: ...ng up a VPN connection to a console server Console servers with firmware V3 5 2 and later will generate Windows client config automatically from the GUI for Pre shared Secret Static Key File configura...

Страница 94: ...Program Files OpenVPN config client ovpn An example OpenVPN Windows client configuration file description LES1416A_client client proto udp verb 3 dev tun remote 192 168 250 152 port 1194 ca c openvpn...

Страница 95: ...ur verb level Set log file verbosity Values range from 0 15 0 silent except for fatal errors 3 medium output logging Good for general use 5 helps with debugging connection problems 9 extremely verbose...

Страница 96: ...CBC Triple DES Sets the cryptographic cipher BF CBC Blowfish is the default if no cipher is explicitly set The client and server must use the same settings comp lzo Enables compression on the OpenVPN...

Страница 97: ...lly used for connecting single remote Windows clients If you take your portable computer on a business trip you can dial a local number to connect to your Internet access service provider ISP and then...

Страница 98: ...nable to encrypt traffic Unencrypted Authentication PAP This is plain text password authentication When using this type of authentication the client password is transmitted unencrypted None No encrypt...

Страница 99: ...ord stored in clear text Note the username and password for when you connect to the VPN connection Click Apply 5 11 3 SETUP A REMOTE PPTP CLIENT Ensure the remote VPN client PC has Internet connectivi...

Страница 100: ...ss is available even when the remote console server is behind a third party firewall or has a private IP addresses which is often the case when the console server is connected via a cellular modem con...

Страница 101: ...lick Apply FIGURE 5 39 CALL HOME CONNECTION This initiates the Call Home connection from the console server to the VCMS creating an SSH listening port on the VCMS and setting the console server up as...

Страница 102: ...ected Console Servers section shows the Local Console Servers drop down list which lists all the console servers which are on the same subnet as the VCMS but are not currently being monitored and the...

Страница 103: ...dem IP address and DNS details to the downstream device over DHCP and transparently passes network traffic to and from the modem and router While IP Passthrough essentially turns an Black Box into a m...

Страница 104: ...r the other interfaces configure as you would normally on the local network For both interfaces leave Gateway blank Configure the modem in Always On Out of band mode For a cellular connection click Sy...

Страница 105: ...ring a Routed Data Usage Check under Alerts Logging Auto Response 5 13 6 CAVEATS Some downstream routers may be incompatible with the gateway route This may happen when IP Passthrough is bridging a 3G...

Страница 106: ...nt broadband failover Models with an internal cellular modem can be configured for OOB cellular access or for cellular transparent failover or can be configured as a cellular router 6 1 DIAL UP MODEM...

Страница 107: ...u change the Serial Settings to 38400 Baud Rate with Hardware Flow Control NOTE You can further configure the console modem port e g to include modem init strings by editing etc mgetty config files as...

Страница 108: ...up Earlier firmware only supports one PPP dial in account Chapter 16 has Linux command examples to control modem port operation at the shell 6 2 2 USING SDT CONNECTOR CLIENT Administrators can use the...

Страница 109: ...ible distributions This configures the scripts ifup and ifdown to start and stop a PPP connection Using the Gnome control panel configuration tool Using WVDIAL and the Redhat Dialup configuration tool...

Страница 110: ...nter the access details for the remote PPP server to be called The Override DNS section is available for PPP Devices such as modems Override DNS allows the use of alternate DNS servers from those prov...

Страница 111: ...blished the administrator can connect to the console server via SSH or HTTPS on console servers running firmware 3 0 2 or later and fix the problem When configuring the principal network connection in...

Страница 112: ...for OpenDNS used for content filtering To enable Override DNS Check the Override returned DNS Servers checkbox Enter the IP address of the alternative DNS servers in the DNS Server 1 and DNS Server 2...

Страница 113: ...wo active broadband access paths to these advanced console servers in the event you are unable to access through the primary management network LAN1 Network or Network1 you can still access it through...

Страница 114: ...6 6 SYSTEM IP NETWORK INTERFACE TAB Select Management LAN from the Failover Interface pop up menu Enter the Primary Probe Address and the Secondary Probe Address These are the IP addresses or hostnam...

Страница 115: ...3 1 0 and later the advanced console server by default supports automatic failure recovery back to the state prior to the failover The advanced console server continually pings probe addresses while i...

Страница 116: ...ion in Always on cellular router or OOB mode or in Failover mode as documented in Section 6 7 6 6 1 CONNECTING TO A GSM HSUPA UMTS CARRIER NETWORK Console server models denoted with R have an internal...

Страница 117: ...P LEAVE THE TECH TO US LIVE 24 7 TECHNICAL SUPPORT 1 877 877 2269 FIGURE 6 8 INTERNAL CELLULAR MODEM TAB Check the Enable Dial Out radio button in the Internal Cellular Modem Dial Settings section CHA...

Страница 118: ...E APNS CARRIER APN AT T USA i2gold T Mobile USA epc tmobile com Internode Australia internode Telstra Australia telstra internet NOTE The APN is in most cases the only value needed The other fields ca...

Страница 119: ...and an activated device are required In this case an activated device is a Black Box console server which has had its ESN Electronic Serial Number registered with an appropriate plan on your carrier s...

Страница 120: ...c to your carrier and for manual activation you will have to learn what values your carrier uses in each field Verizon for example has been known to use an MSL of 000000 and the phone number assigned...

Страница 121: ...le server install the SIM card provided by your cellular carrier and attach the external aerial Navigate to System Dial Click the Internal Cellular Modem tab Check the Enable Dial Out radio button in...

Страница 122: ...equired to unlock the Card You may also need to use Override DNS to set alternate DNS servers from those provided by your carrier If this is necessary On System Dial Internal Cellular Modem check the...

Страница 123: ...0 dBm medium to strong 69 dBm very strong RSSI is a measure of the Radio Frequency RF power present in a received radio signal It is generally expressed in decibel milliwatts dBm The best throughput c...

Страница 124: ...SIM to the Primary SIM There are two options On Disconnect With this option the console server will failback to the Primary SIM only after the connection on the failover SIM has failed its ping test...

Страница 125: ...navailable During this time the page periodically refreshes with status information Upon successful completion the page displays the message Cellular Firmware carrier change completed Multi carrier ca...

Страница 126: ...utput is the remote fingerprint followed by the list of actions that would be taken by cell fw update d Download latest firmware for all carriers supported by the modem etc scripts cell fw update d Fl...

Страница 127: ...IP address plan you can try accessing the console server using the Public IP Address provided by the carrier By default only HTTPS and SSH access is enabled on the OOB connection you can browse to the...

Страница 128: ...ites the console server pings to determine if the principal network is operational If the principal network fails the cellular network connection is activated as the access path to the console server...

Страница 129: ...etailed in Section 6 8 6 7 4 CELLULAR CSD DIAL IN CSD is a legacy form of data transmission developed for TDMA based mobile phone systems like GSM CSD uses a single radio time slot to deliver 9 6 kbps...

Страница 130: ...network This type of translation is only used for connections originating within the private network destined for the outside public network and each outbound connection is maintained by using a diffe...

Страница 131: ...on is only used for connections originating within the private network destined for the outside public network and each outbound connection is maintained by using a different source IP port number Nav...

Страница 132: ...be the same as used on the external network That is if the console server is acting as an internet gateway or a cellular router use the ISP provided DNS server address DHCP configuration Navigate to...

Страница 133: ...times are the number of seconds a dynamically assigned IP address is valid before the client must request it again Click Apply The DHCP server issue IP addresses sequentially from a specified address...

Страница 134: ...e port from a specific interface In most cases this should be left as Any Source Address Address Range This allows the user to restrict access to a port forward to a specific source IP address or IP a...

Страница 135: ...e to System Firewall Click the Firewall Rules tab NOTE Prior to firmware v3 4 this tab was labeled Port Rules and fewer firewall rules could be configured Click New Firewall Rule Fill in the following...

Страница 136: ...ULE EXAMPLE 1 FIELD PURPOSE Name Administrator s choice Interface Dialout Cellular Port Range 22 Source MAC Address Left blank Source Address Range Left blank Any Destination Range Left blank Protocol...

Страница 137: ...he firewall rule is to apply to a particular destination address or address range enter this address or address range in the Destination Address Address Range field As with the Source Address Address...

Страница 138: ...Rule it is the equivalent of running one of the following at a shell prompt ip6tables m state state NEW ip6tables m state state ESTABLISHED RELATED For example ip6tables I INPUT p tcp dport 23 m state...

Страница 139: ...ware on the User s or Administrator s PC Black Box recommends that you use the SDT Connector client software that is supplied with the console server for this SDT Connector is simple to install and au...

Страница 140: ...4 Only these permitted services will be forwarded through by SSH to the host All other services TCP UDP ports will be blocked Following are some of the TCP Ports used by SDT in the console server TAB...

Страница 141: ...ernate OOB access It can also access the console server itself and devices connected to the console server s serial ports 7 2 1 SDT CONNECTOR CLIENT INSTALLATION SDT Connector s set up tool SDTConnect...

Страница 142: ...GURING A NEW GATEWAY IN THE SDT CONNECTOR CLIENT To create a secure SSH tunnel to a new console server Select File New Gateway or click the New Gateway icon FIGURE 7 5 Enter the IP address or hostname...

Страница 143: ...user on the console server has an access profile which has been configured with those specific connected hosts and serial port devices the user has authority to access and a specific set of the enable...

Страница 144: ...to be used in accessing that host The SSH tunnel to the gateway is established the appropriate ports redirected through to the host and the appropriate local client application is launched pointing a...

Страница 145: ...that will be accessed through that console server and for each host specify the services that will used in communicating with the host Select File New Host or select a gateway and click the Host icon...

Страница 146: ...the General tab enter the TCP Port that this service runs on for example port 80 for HTTP Optionally select the client to use to access the local endpoint of the redirection Select which client applic...

Страница 147: ...port redirections and associated clients FIGURE 7 12 EDIT SERVICE SCREEN You may also specify Advanced port redirection options Enter the local address to bind to when creating the local endpoint of t...

Страница 148: ...of the redirection Three keywords specify the command line format When launching the client SDT Connector substitutes these keywords with appropriate values TABLE 7 2 KEYWORDS KEYWORD DESCRIPTION path...

Страница 149: ...e SSH tunnel from the remote computer to the console server 7 3 SDT CONNECTOR TO MANAGEMENT CONSOLE SDT Connector can also be configured for browser access to the gateway s Management Console and for...

Страница 150: ...firmware versions prior to v3 3 do the following Navigate to Serial Network Network Hosts Click Add Host In the IP Address DNS Name field enter 127 0 0 1 This is the loopback address Enter Loopback in...

Страница 151: ...as the Host Address Optionally add details in the Descriptive Name and Description Notes fields Click OK Click the Serial Port 2 icon for Telnet access to the serial console on the device attached to...

Страница 152: ...gateway and telling SDT Connector how to start and stop the OOB connection Starting an OOB connection may be achieved by initiating a dial up connection or adding an alternate route to the console se...

Страница 153: ...f Band under Gateway Actions is clicked off at which point the status bar will return to its normal color 7 6 IMPORTING AND EXPORTING PREFERENCES To enable the distribution of pre configured client co...

Страница 154: ...tication Essentially what you are using is SSH over SSH and the two SSH connections are entirely separate 7 8 SETTING UP SDT FOR REMOTE DESKTOP ACCESS Microsoft s Remote Desktop Protocol RDP enables t...

Страница 155: ...FIGURE 7 18 REMOTE DESKTOP USERS SCREEN Click the Add button to add users to the list of those allowed to remotely access the system using the RDP protocol Click OK to close the Remote Desktop Users...

Страница 156: ...appropriate IP address and port number in Computer Where there is a local connection or enterprise VPN connection enter the IP Address of the console server and the port number of the SDT Secure Tunne...

Страница 157: ...k Computing VNC Users and Administrators can securely access and control computers running Windows Linux macOS Solaris and UNIX To set up a secure VNC connection you must Install if necessary and conf...

Страница 158: ...k the Computer Settings button Check the VNC viewers may control screen with password checkbox Create and enter the password said VNC viewer applications will need to supply Click OK 7 9 2 INSTALL CON...

Страница 159: ...it with the TCP port that the SDT tunnel will use The TCP port will be 7900 plus the physical serial port number that is 7901 to 7948 All traffic directed to port 79xx on the console server is tunnele...

Страница 160: ...o the console server To do this you must Establish a PPP connection between the host and the gateway See Section 7 10 1 Set up Secure Tunneling Ports on the console server See Section 7 10 2 Configure...

Страница 161: ...ion This should be the same users given Remote Desktop access privileges in the earlier step Click Next Select TCP IP in the Network Connections window Click Properties Select Specify TCP IP addresses...

Страница 162: ...ar The above notes describe setting up an incoming connection for Windows XP The steps are similar for later versions of Windows although the setup screens present slightly differently If an Incoming...

Страница 163: ...s COM port Click Apply RDP and VNC forwarding over serial ports is enabled on a per Port basis You can add Users who can have access to these ports or reconfigure User profiles by navigating to Seria...

Страница 164: ...you assigned to the console server when you set it up as the Dial In PPP Server For Internet or local VPN connections this will be the public IP address of the console server Leave the port number as...

Страница 165: ...than port 3389 used for RDP in the Destination IP field To set up the secure SSH tunnel from the Client PC to the console server for VNC configure the VNC port redirection by specifying port 5900 in t...

Страница 166: ...tus of any attached environmental monitors Some models can also log access and communications with network attached hosts and maintain a history of the UPS and PDU power status If port logs are to be...

Страница 167: ...esponse can be triggered again Check Repeat Trigger Actions to repeat trigger actions until the check is resolved Enter any required delay time before repeating trigger actions in Repeat Trigger Actio...

Страница 168: ...U TEMPERATURE SELECTED Specify the Trigger value in C or F for temperature and for humidity that the check measurement must exceed or drop below to trigger the AutoResponse Select Comparison type as b...

Страница 169: ...e sensor DIO that is to be attached to your EMD or LES1200 8 2 3 UPS AND POWER SUPPLY To use the properties of any attached UPS as the trigger event Select UPS Power Supply as the Check Condition Sele...

Страница 170: ...IN SIGNAL OR PATTERN To monitor serial ports and check for login logout or pattern matches for Auto Response triggers events Click on Serial Login Logout as the Check Condition In the Serial Login Lo...

Страница 171: ...the USB port labels printed on a console server with two exceptions Some console servers include discrete pairs of USB ports that do not have printed labels In this case the Web interface denotes them...

Страница 172: ...xample the Management LAN or Wireless network Set the Check Frequency This is the time in seconds between checks Set the Number of ICMP Ping packets to send Check Save Auto Response 8 2 8 CELLULAR DAT...

Страница 173: ...ple etc config test sh Set the Check Frequency This is the time in seconds between re running the script Set the Script Timeout This is the maximum run time for the script Specify the Successful Retur...

Страница 174: ...ger on Authentication Error checkbox sets the Auto Response to run when the console s shell returns an authentication error An Auto Response can be set to trigger on one two or all three of these even...

Страница 175: ...9 Check Trigger on Authentication Error to trigger when Web UI user authentication fails NOTE This check is not resolvable Resolve actions will not as a consequence run Click Save Auto Response 8 2 1...

Страница 176: ...specified Time Period The Auto Response will trigger when the limit is reached in the specified time The Auto Response will resolve if no matching data is routed for the Resolve Period 8 3 TRIGGER AC...

Страница 177: ...VAL 8 3 1 SEND E MAIL Select Send Email as the Add Trigger Action Enter a unique Action Name Set the Action Delay Time Specify the Recipient Email Address to send this email to For multiple recipients...

Страница 178: ...is the maximum run time for the script Set this at 0 for unlimited time Enter any Arguments that are to be passed to the script Click Save New Action 8 3 5 SEND SNMP TRAP Select Send SNMP Trap as the...

Страница 179: ...ed the same way as Trigger Actions except the designated Resolve Actions are all executed on resolution of the trigger condition and there are no Action Delay Times to set 8 5 CONFIGURE SMTP SMS SNMP...

Страница 180: ...e phones on their networks There s also a wide selection of SMS gateway aggregators that provide email to SMS forwarding to phones on any carriers Alternately if your console server has an embedded or...

Страница 181: ...er requires authentication enter the required Username and Password Optionally enter a Subject Line that will be sent with all notifications NOTE Generally the email subject will contain a truncated v...

Страница 182: ...bs are used to configure where and how outgoing SNMP alerts and notifications are sent If you require your console server to send alerts via SNMP a Primary SNMP Manager must be configured Optionally a...

Страница 183: ...equired Security Level is authNoPriv or authPrive select an Authentication Protocol either SHA or MD5 and an Authentication Password The password must contain at least 8 characters If the required Sec...

Страница 184: ...ter 11 NOTE In a VCMS centrally managed environment you can check the Nagios alert option On the trigger condition for matched patterns logins power events and signal changes an NSCA check warning res...

Страница 185: ...and to what level data is to be logged Navigate to Serial Network Serial Port Click Edit for the port to be logged Specify the Logging Level for each port TABLE 8 3 LOGGING LEVEL OPTIONS LEVEL USER CO...

Страница 186: ...Specify the logging level that is to be maintained for that particular TCP UDP port service on that particular Host TABLE 8 4 LOGGING LEVEL OPTIONS LOGGING LEVEL DESCRIPTION 0 Turns off logging for th...

Страница 187: ...BOX COM NEED HELP LEAVE THE TECH TO US LIVE 24 7 TECHNICAL SUPPORT 1 877 877 2269 CHAPTER 8 ALERTS AUTO RESPONSE AND LOGGING FIGURE 8 18 To activate and set the desired levels of logging for UPS and P...

Страница 188: ...configure the console server serial port to operate with a serial COM port redirector in the PC as detailed in Chapter 5 Similarly network attached PDUs can be controlled with a browser with SDT as de...

Страница 189: ...he RPC connections that have already been configured will present FIGURE 9 2 Click Add RPC Connected Via presents a list of serial ports and network Host connections that you have set up with device t...

Страница 190: ...u will be presented with the IPMI protocol options and the SNMP RPC Types currently supported by the embedded Network UPS Tools If you are connecting to the RPC by a serial port you will be presented...

Страница 191: ...given to the RPC will be created The console server will then configure the RPC with the number of outlets specified in the selected RPC Type or will query the RPC itself for this information NOTE Bla...

Страница 192: ...ets on each RPC via Serial Network User Groups see Chapter 5 9 1 3 USER POWER MANAGEMENT The Power Manager allows users and administrators to access and control configured serial and network attached...

Страница 193: ...you have selected Turn ON Turn OFF Cycle Status FIGURE 9 8 9 1 4 RPC STATUS You can monitor the current status of your network and serially connected PDUs and IPMI RPCs Select Status RPC Status A tabl...

Страница 194: ...ith a layered scheme of drivers server and clients It is covered in some detail in Section 9 2 6 9 2 1 MANAGED UPS CONNECTIONS A Managed UPS is a UPS that is directly connected as a Managed Device to...

Страница 195: ...GURE 9 12 Serial and network connected UPSes must first be connected to and configured to communicate with the console server For serial UPSes attach the UPS to the selected serial port on the console...

Страница 196: ...ion that you set up for that connection will be entered as the Name and Description for the power device Alternatively if you select to Connect Via a USB or serial connection you will need to enter a...

Страница 197: ...last gasp actions by triggering Auto Response on the UPS pressing batt or lowbatt See Chapter 8 If you have multiple UPSes and require them to be shut down in a specific order specify the Shutdown Or...

Страница 198: ...hardware directly from the command line 9 2 2 REMOTE UPS MANAGEMENT A Remote UPS is a UPS that is connected as a Managed Device to some remote console server that is being monitored but not managed by...

Страница 199: ...ame must be the name that the remote UPS was configured with on the remote console server as the remote console server may itself have multiple UPSes attached that it is managing locally with NUT Opti...

Страница 200: ...own of the computer For example non critical servers may be powered down some seconds after the UPS starts running on battery where more critical servers may not be shut down until a low battery warni...

Страница 201: ...UPS Status A table with the summary status of all connected UPS hardware will display FIGURE 9 21 Click on any given UPS System name in the table More detailed graphical information on the select UPS...

Страница 202: ...n cache the status from multiple UPSes and then serve this status data to many clients upsd also contains access control features to limit the abilities of the clients for example so only authorized h...

Страница 203: ...the unit DIO1 and DIO2 are two TTL level digital I O ports 5V max 20mA OUT1 and OUT2 are two High Voltage digital output ports 5V to 30V 100mA LES1600 models ship with a built in black spring cage I...

Страница 204: ...n 4 Due to the way that the I O port is connected internally the output has to be set high to pull the output to ground The following command will switch on the led ioc p 4 d 0 v 1 OUT1 and OUT2 trans...

Страница 205: ...ATUS MIB ogDioStatusCounter 1 Counter64 0 OG STATUS MIB ogDioStatusCounter 2 Counter64 0 OG STATUS MIB ogDioStatusCounter 3 Counter64 0 OG STATUS MIB ogDioStatusCounter 4 Counter64 0 OG STATUS MIB ogD...

Страница 206: ...entication can be performed locally or remotely using an LDAP Radius Kerberos or TACACS authentication server The default authentication method for the console server is Local Any authentication metho...

Страница 207: ...on server Multiple remote servers may be specified in a comma separated list Each server is tried in succession Session accounting is on by default If session accounting information is not wanted chec...

Страница 208: ...ntrol System TACACS security protocol is a protocol developed by Cisco It provides detailed accounting information and flexible administrative control over the authentication and authorization process...

Страница 209: ...ser and group definitions Performing simple authentication against any LDAP server AD or OpenLDAP is straight forward as they both follow the common LDAP standards and protocols The harder part is con...

Страница 210: ...r what parameters to use the descriptions for these fields have been updated to prompt the user for common or likely attributes For example the two configuration fields have descriptions as follows LD...

Страница 211: ...ificate signed using the certificate myCA crt NOTE The certificate must be in CRT format and myCA crt must be installed onto the console server at etc config ldaps_ca crt The filename must be ldaps_ca...

Страница 212: ...ified and will still need locally defined users NOTE To interact with RADIUS TACACS and LDAP with console server firmware v2 4 2 and earlier user accounts on the local console server must also be set...

Страница 213: ...nformation and restart the Radius server When using RADIUS authentication group names are provided to the console server using the Framed Filter Id attribute This is a standard RADIUS attribute and ma...

Страница 214: ...or access and users for general user access TomFraser Cleartext Password FraTom70 Framed Filter Id group_name admin AmandaJones Cleartext Password JonAma83 FredWhite Cleartext Password WhiFre62 Framed...

Страница 215: ...er Complete the fields for standard LDAP authentication including LDAP Server Address Server Password LDAP Base DN LDAP Bind DN and LDAP User Name Attribute Enter memberOf for LDAP Group Membership At...

Страница 216: ...motely authenticated user privileges The first is to set the priv lvl and port attributes of the raccess service to 12 See Section 10 2 for more information Additionally or alternatively group names c...

Страница 217: ...f authentication does not provide group information so a local user with the same username must be created and permissions set NOTE Kerberos is sensitive to time differences between the Key Distributi...

Страница 218: ...nijhof pam_tacplus LDAP pam_ldap http padl com OSS pam_ldap html Further modules can be added as required Changes made to files in etc config pam d will persist even if the authentication configurator...

Страница 219: ...ommend that you generate and install a new base64 X 509 certificate that is unique for each particular console server To generate a new base64 X 509 certificate the console server must be enabled to g...

Страница 220: ...igning Request CSR generation is initiated Click Download to copy the CSR to your administration machine Send the saved CSR string to a Certification Authority CA for certification You will get the ne...

Страница 221: ...gios forms the core of many leading commercial system management solutions such as GroundWork https gwos com Nagios does take some time to install and configure Once it is up and running it provides a...

Страница 222: ...gios monitoring server Check the Disable SDT Nagios Extensions option to disable SDT Connector integration with your Nagios server at the head end Only check to run vanilla Nagios monitoring If not en...

Страница 223: ...server and the NRPE server with SSL encryption without SSL or tunneled through SSH The security for the connection is configured at the Nagios server 11 2 3 ENABLE NSCA MONITORING NSCA is the mechani...

Страница 224: ...red for Nagios checks See Section 5 4 for details on enabling Nagios monitoring for Hosts that are network connected to the console server To enable Nagios to monitor on a device connected to the cons...

Страница 225: ...eck which will be run on this host Select Check Permitted TCP or Check Permitted UDP to monitor a service that you have previously added as a permitted service Alternatively select Check TCP or Check...

Страница 226: ...executed once over the period of the check interval If NRPE is enabled then the upstream server will be able to request status updates under its own scheduling 11 3 ADVANCED DISTRIBUTED MONITORING CO...

Страница 227: ...USER1 check_nrpe H 192 168 254 147 p 5666 c check_serial_ HOSTNAME define service service_description Serial Status host_name server use generic service check_command check_serial_status define servic...

Страница 228: ...ce service_description port log server host_name server use generic service check_command check_port_log active_checks_enabled 0 passive_checks_enabled 1 define servicedependency name Black Box_nrpe_d...

Страница 229: ...dependent_host_name server dependent_service_description Host Ping service_description NRPE Daemon execution_failure_criteria w u c SSH Port define command command_name check_conn_via_Black Box comma...

Страница 230: ...ck a connected host or service This status is communicated to the Nagios server which uses the results to monitor the status of the network Console servers are preconfigured with a selection of checks...

Страница 231: ...mp check_spop check_ssh check_ssmtp check_swap check_tcp check_time check_udp check_ups check_users To get these plug ins from the Nagios plug ins package contact Black Box Technical Support at 877 87...

Страница 232: ...OUS CHECKS BEFORE TIMEOUTS NO ENCRYPTION 3DES SSH TUNNEL 1 port and 2 port 30 20 25 8 port 30 20 25 16 port and 48 port 30 25 35 The results were from running tests 5 times in succession with no timeo...

Страница 233: ...atch The console server may be augmented at the local office site by one or more Intelligent Power Distribution Units IPDUs to remotely control the power supply to the managed devices REMOTE SITE In t...

Страница 234: ...hrough NSCA NAGIOS Internet SSH travel initiated for remote site NRPE Server at branch server s request Console Server FIGURE 11 9 Another may be to provide an SSH tunnel to allow the Nagios server to...

Страница 235: ...lt settings To effect a soft reset Navigate to System Administration Select Reboot Click Apply The console server reboots with all settings for example the assigned network IP address preserved This s...

Страница 236: ...com to get the latest firmware For LES1600 family you will need LES1600 flash For LES1500 family you will need LES1516A LES1532A LES1548A flash For LES1708A 16 32 48 you will need LES1700 flash Save t...

Страница 237: ...x and click Set Time NOTE With firmware v3 2 0 and later the Time Zone can also be set to UTC which replaced Greenwich Mean Time as the World standard for time in 1986 Configuring NTP ensures the Blac...

Страница 238: ...BACKUP CONFIGURATION We recommend that you back up the console server configuration whenever you make significant changes such as adding new Users or Managed Devices or before performing a firmware up...

Страница 239: ...onsole server Navigate to System Configuration Backup Select the Local Backup tab Click click here to proceed This will set a Volume Label on the USB storage device This preparation step is only neces...

Страница 240: ...storage device This specially prepared USB storage device Must be formatted with a Windows FAT32 VFAT file system on the first partition or the entire disk Most USB thumb drives are sold already form...

Страница 241: ...e OpenVPN tunnel or modify system time Click the Commit Config button This will generate the System Commit Configuration screen displaying all the configurators to be run FIGURE 12 10 Click Apply All...

Страница 242: ...d by NIST for use government wide NIST develops FIPS when there are government requirements such as for security and interoperability and no acceptable industry options Black Box advanced console serv...

Страница 243: ...m the command line login and run these commands config s config system fips on touch etc config FIPS chmod 444 etc config FIPS flatfsd b The final command saves to flash and reboots the unit The unit...

Страница 244: ...e v3 11 and later the Status Active Users menu has been extended to enable Administrators to selectively terminate serial sessions Connection types telnet SSH raw TCP and unauthenticated telnet can be...

Страница 245: ...all ports choose tester in the Users box and All ports in the Ports box then click Disconnect Sessions NOTE You can also disconnect serial sessions from the command line using the disconnect option wi...

Страница 246: ...erial number can be retrieved there is now a Feature Set section displaying the serial number LES1200 LES1508A LES1600 LES1516A LES1532A LES1548A and LES1700 can display their serial number For device...

Страница 247: ...only those entries that include the specified pattern 13 5 DASHBOARD The Dashboard provides the administrator with a summary of the status of the console server and its Managed Devices Custom dashboa...

Страница 248: ...onfigure which of these widgets is to be displayed where Go to the Dashboard layout panel and select the widgets to display in each Widget Slot Click Apply NOTE Dashboard configuration is stored in et...

Страница 249: ...evices or click the Manage Devices icon in the top right of the UI admin group users are presented with a list of all configured Managed Devices and their constituent connections user group users only...

Страница 250: ...browser The Web Terminal service uses AJAX to enable the browser to connect to the console server using HTTP or HTTPS as a terminal without additional client installation on the user s PC Browser acc...

Страница 251: ...ply Administrators can now communicate with the console server shell from their browser Select Manage Terminal to display the Web Terminal from which you can log in to the console server command line...

Страница 252: ...Terminal feature was introduced in firmware v3 3 Earlier releases had an open source jcterm java terminal applet that could be downloaded into your browser to connect to the console server and attach...

Страница 253: ...or serial port using SSH NOTE SDT Connector must be installed on the computer you are browsing from and the console server must be added as a gateway as detailed in Chapter 7 14 4 POWER MANAGEMENT Adm...

Страница 254: ...to configure the console server and ensure the changes are stored in the console server s flash memory etc In particular the config utility allows manipulation of the system configuration from the com...

Страница 255: ...path TABLE 15 1 CONFIG OPTIONS OPTION DESCRIPTION a run all Run all registered configurators This performs every configuration synchronization action pushing all changes to the live system h help Disp...

Страница 256: ...ing config commands Incorrect spelling for a node will not be flagged Most configurations made to the XML file will be immediately active To make sure that all configuration changes are active especia...

Страница 257: ...bridge mode All these modes are mutually exclusive CONSOLE SERVER MODE The command to set the port in portmanager mode config s config ports port5 mode portmanager To set the following optional confi...

Страница 258: ...rts port5 mode sdt config s config ports port5 sdt ssh on To configure a username and password when accessing this port with Username user1 and Password secret config s config ports port sdt username...

Страница 259: ...u see config users total this means you have 0 Users configured Your new User will be the existing total plus 1 So if the previous command gave you 0 then you start with user number 1 if you already h...

Страница 260: ...ers user1 John config s config sdt hosts host5 users total 1 The last command sets the total number of users having access to host To give another user called Peter access to the same host config s co...

Страница 261: ...groups total 1 The second command sets the total number of groups with access to host To give another group called Group8 access to the same host config s config sdt hosts host5 groups group2 Group8...

Страница 262: ...entiction and authorization servers In the second command comma separated list is a list of remote accounting servers If unset Authentication and Authorization Server Address will be used To configure...

Страница 263: ...config s config sdt hosts host4 device type ups config s config sdt hosts host4 tcpports tcpport1 22 config s config sdt hosts host4 tcpports tcpport1 loglevel 0 config s config sdt hosts host4 udppor...

Страница 264: ...168 3 10 config s config devices device2 connections connection1 type Host config s config devices device2 name OfficePC config s config devices device2 description MyPC config s config devices total...

Страница 265: ...config s config cascade slaves slave1 address 192 168 0 153 config s config cascade slaves slave1 description Office 42 config s config cascade slaves slave1 label cm7116 5 config s config cascade sl...

Страница 266: ...iption Room 5 UPS config s config ups monitors monitor1 username user2 config s config ups monitors monitor1 password A secret for 2 config s config ups monitors monitor1 sdorder 2 config s config ups...

Страница 267: ...en deleting a managed UPS REMOTE UPSES To add a remote UPS with the following details assuming this is our first remote UPS TABLE 15 8 REMOTE UPSES SETTING VALUE UPS name oldUPS Description Room 2 UPS...

Страница 268: ...ion Driver argument argument Logging enabled Log interval 600 seconds Number of power outlets 4 Run the following commands config s config ports port2 power type APC 7900 config s config ports port2 p...

Страница 269: ...ections connection1 type type config s config devices total 8 type can be serial Host UPS or RPC To delete the above managed device config d config devices device8 NOTE The config devices total total...

Страница 270: ...eps below THE GENERAL SETTING FOR ALL ALERTS Assume this is our second alert and we want to send email alerts to john Black Box com and sms alerts to peter Black Box com config s config alerts alert2...

Страница 271: ...tream config s config alerts alert2 pattern 0 0 id config s config alerts alert2 port10 on config s config alerts alert2 sensor temp config s config alerts alert2 signal DSR config s config alerts ale...

Страница 272: ...alarmrange mon until min 30 config s config alerts alert2 description description config s config alerts alert2 sensor temp config s config alerts alert2 signal DSR config s config alerts alert2 type...

Страница 273: ...config s config system smtp password2 A little secret for 2 config s config system smtp subject2 SMTP alerts In both setups the value for encryption can be SSL TLS or None The following command will s...

Страница 274: ...eter will prompt the user for a password Enter the desired string and press Return config will accept and encrypt the string NOTE Any config element value can be encrypted using the P parameter Only e...

Страница 275: ...v6 enabled on To enable the management LAN interface run the following command config d config interfaces lan disabled config r ipconfig NOTE Not all devices have a management LAN interface To configu...

Страница 276: ...olumn in the Gregorian Year are theoretically optional it is strongly recommended that these values be set explicitly The second command saves this new system time to the hardware clock Alternatively...

Страница 277: ...lback phone number 0800223665 User to dial as user1 Password for user A little secret for 2 Run the following commands config s config console ppp localip 172 24 1 1 config s config console ppp remote...

Страница 278: ...you do not wish to use out of band dial in access the procedure for enabling start up messages on the console port is documented in chapter 14 3 2 The following command will synchronize the live syste...

Страница 279: ...s lan dhcpd pools pool1 end 192 168 0 100 config s config interfaces lan dhcpd pools total 1 config s config interfaces lan dhcpd staticips staticip1 ip 192 168 0 50 config s config interfaces lan dhc...

Страница 280: ...s TABLE 15 18 DEFAULT PORT NUMBERS SERVICE DEFAULT PORT NUMBER Telnet 2000 SSH 3000 TCP 4000 RFC2217 5000 unauthtel Unauthorized Telnet 6000 To set secondary port ranges for any service the following...

Страница 281: ...system nagios name cm7116 config s config system nagios address 192 168 0 1 config s config system nagios server address 192 168 0 10 config s config system nagios sdt disabled on config s config syst...

Страница 282: ...nterval 2 minutes NSCA port 5650 Defaults to 5667 User to run as user1 Defaults to nsca Group to run as group1 Defaults to nobody Run the following commands config s config system nagios nsca enabled...

Страница 283: ...anagement raw data access to the ports and modems iptables modifications and updating IP filtering rules retrieving status information using SNMP and modifying SNMP with net snmpd public key authentic...

Страница 284: ...failover alert All these scripts do a check to see whether you have created a custom script to run instead The code that does this check is shown below an extract from the file etc scripts portmanage...

Страница 285: ...cript from the new script to prevent an infinite loop The pmpower utility is used to send power commands to RPC device in order to power cycle our telecom device pmpower l port01 o 3 cycle The RPC is...

Страница 286: ...e script to delete user 3 then user 4 will become user 3 and user 5 will become user 4 This creates an obvious complication as this script does not check for any other dependencies that the node being...

Страница 287: ...in xml LASTFIELD 1 ROOTNODE 1 NUMBER echo LASTFIELD sed s a zA Z g TOTALNODE echo 1 sed s 1 total TOTAL config g TOTALNODE sed s NEWTOTAL TOTAL 1 Make backup copy of config file cp etc config config...

Страница 288: ...echo WARNING TOTALNODE greater than number of items fi COUNTER 1 while COUNTER TOTAL NUMBER 1 do config g ROOTNODE LASTFIELDTEXT NUMBER COUNTER while read LINE do config s echo LINE sed e s LASTFIELDT...

Страница 289: ...tc config rc local using vi or another text editor Add the following line to rc local etc config scripts ping detect 192 168 22 2 bin bash c pmpower l port01 o 3 cycle date tmp output log The above co...

Страница 290: ...nineteen configurators each one responsible for a specific group of config For example the users configurator makes the user configurations in the config xml file live To see all the available config...

Страница 291: ...c Set volume label save file Save configuration to USB delete file Delete a configuration tarball from USB list List available config backups on USB load file Load a specific config from USB load defa...

Страница 292: ...a restore Backup and restore should be done by the root user to ensure correct file permissions are set The config command is used to create a backup tarball config e Output File The tarball will be s...

Страница 293: ...Generates a BREAK on the connected to serial port h h Generates a history on the connected to serial port Depends on port logging being enabled p p Opens the power menu for the connected to serial por...

Страница 294: ...ort session see the control codes table immediately below The second command killall HUP portmanager tells portmanager to reload the configuration so that the new control code will take effect Rebooti...

Страница 295: ...orts If users are connected it will respond with a sorted list of usernames per active port For example Port 1 user1 user2 Port 2 user1 Port 8 user2 The above output indicates that a user named user1...

Страница 296: ...robertw u pchunt n 4 n 6 Disconnect users robertw pchunt from ports 4 6 y n y 10 sessions were disconnected pmusers disconnect u tester no prompt No sessions were disconnected portmanager d mon There...

Страница 297: ...the serial port If you wish to communicate with the port use pmshell or pmchat from within the script If the script cannot be executed the alert will be mailed to the address configured in the system...

Страница 298: ...t things are done to the serial port outside of portmanager 16 3 2 ACCESSING THE CONSOLE MODEM PORT Console dial in is handled by mgetty with automatic PPP login extensions mgetty is a smart getty rep...

Страница 299: ...cripts firewall post containing iptables commands to amend the firewall policy Thorough documentation regarding iptables is available at the Linux netfilter website at https netfilter org documentatio...

Страница 300: ...heckbox for the required interface This allows SNMP requests through the specified interface s firewall 16 5 3 CHECK FIREWALL RULES Console servers support different SNMP versions including SNMPv1 SNM...

Страница 301: ...ation of the Black Box and will be used in response to requests for the SNMPv2 MIB sysLocation 0 of the device The Contact field refers to the person responsible for the Black Box such as the System A...

Страница 302: ...Level of auth set the Auth Protocol SHA or MD5 and the Auth Password A password of at least 8 characters is required For a Security Level of priv set the Privacy Protocol DES or AES and the Privacy P...

Страница 303: ...ell as root or an admin user Set the SNMP Manager Address field config set config system snmp address3 w x y z replacing w x y z with the IP address or hostname Set the Manager Trap Port field config...

Страница 304: ...pload the keys to the master and to each slave console server fingerprint each connection to validate 16 6 1 SSH OVERVIEW Popular TCP IP applications such as telnet rlogin ftp and others transmit thei...

Страница 305: ...r identification has been saved in home user ssh id_ r dsa Your public key has been saved in home user ssh id_ r dsa pub The key fingerprint is 28 aa 29 38 ba 40 f4 11 5e 3f d4 fa e5 36 14 d6 user ser...

Страница 306: ...or UNIX based system in ssh id_dsa pub Given this run the following command from the Linux or UNIX based system scp ssh id_dsa pub root 192 168 0 1 etc config users fred ssh authorized_keys This copie...

Страница 307: ...ich includes the key generator PuTTYgen exe is used in the following procedure Before beginning make sure you have the most recent PuTTYgen release installed PuTTYgen is available for download from ht...

Страница 308: ...o StrictHostKeyChecking no testuser server ip This will run the tunnel redirecting local port 9001 to the server port 4001 16 6 6 FINGERPRINTING Fingerprints are used to ensure you are establishing an...

Страница 309: ...ed If the host key has legitimately changed it can be removed from the ssh known_hosts file and the new fingerprint added If it has not changed legitimately this indicates a serious problem that shoul...

Страница 310: ...o your situation keys may be generated on the console servers themselves It is possible to generate only one set of keys and reuse them for every SSH session While this is not recommended each organiz...

Страница 311: ...ating public private rsa key pair Enter file in which to save the key keys control_room Enter passphrase empty for no passphrase Enter same passphrase again Your identification has been saved in keys...

Страница 312: ...shut down any existing tunnels that were established using password authentication If you have a host behind the console server that you connect to by clicking the SSH button in SDT Connector you can...

Страница 313: ...y form and does not officially recommend any specific binary distributions The project does however maintain a page on its community wiki https wiki openssl org index php Binaries This page lists 3rd...

Страница 314: ...t as follows Edit the inetd configuration file From the unit command line vi etc config inetd conf Append a line 443 stream tcp nowait root sslwrap cert etc config ssl_cert pem key etc config ssl_key...

Страница 315: ...ot interpreted by powerman and is reported as received from the RPC on one line per target prefixed by target name h help Display option summary L license Show powerman license information d destinati...

Страница 316: ...utlet u username p password action TABLE 16 10 PMPOWER OPTIONS OPTION NOTES h This help message The serial port to use o The outlet on the power target to apply to r The remote host address for the po...

Страница 317: ...l This file can be created on a host system and copied to the Management Console device using scp Alternatively login to the Management Console and use ftp or wget to transfer files Here is a brief de...

Страница 318: ...d and set LAN configuration parameters and perform remote chassis power control The ipmitools man page is not shipped with Black Box hardware It is reproduced below Synopsis ipmitool c h v V I open co...

Страница 319: ...lves minor hacks in place in the code to work around quirks in various BMCs from various manufacturers Use o list to see a list of current supported OEM types p port Remote server UDP port to connect...

Страница 320: ...placed at the end of commands to get option usage help raw Send a RAW IPMI request and print response lan Configure LAN Channels chassis Get chassis status and set power state event Send pre defined...

Страница 321: ...ance you are working with from ftp ftp Black Box com cdk Further information is avalable at http Black Box com faq284 html 16 12 SCRIPTS FOR MANAGING SLAVES When the console servers are cascaded the M...

Страница 322: ...e to a WAP or MMS capable mobile phone The program can be run as an SMS daemon which can be started automatically when the operating system starts High availability can be ensured by using multiple GS...

Страница 323: ...b drive Login via the CLI to complete configuration using setup wizard Optional On VCMS use enrollment wizard to automatically place appliances under management This may be local routable appliances o...

Страница 324: ...pem Set up a HTTPS server that restricts access to the opg or xml file for HTTPS connections providing the client certificate Put a copy of the CA cert that signed the HTTP server s certificate onto t...

Страница 325: ...t section Each URL in the list obtained from option 43 sub option 1 is tried in sequence until one succeeds the URL undergoes substring replacement from the following table TABLE 16 14 URL SUB STRING...

Страница 326: ...t 16 17 INTERNAL STORAGE Some models have an internal USB flash drive a non volatile NAND flash partition or both which can be used by portmanager for log storage and the TFTP FTP server for file stor...

Страница 327: ...eady exist 16 17 4 MOUNTING A PREFERRED USB DISK BY LABEL Currently the first USB storage device is mounted at var mnt storage usb by detecting the lowest numbered disk partition for example dev sda1...

Страница 328: ...standard uCLinux commands ucl Busybox commands bb and some custom Black Box commands og included in the default build tree The shorthand immediately right of each listed command shows which source is...

Страница 329: ...attern gunzip bb Compress or expand files gzip bb Compress or expand files hd ucl ASCII decimal hexadecimal octal dump hostname bb Get or set hostname or DNS domain name httpd ucl Listen for incoming...

Страница 330: ...ns routing tables interface statistics etc ntpd ucl Network Time Protocol NTP d mon pgrep ucl Display process es selected by regex pattern pidof ucl Find the process ID of a running program ping ucl S...

Страница 331: ...rial port redirector ssh ucl OpenSSH SSH client remote login program ssh keygen ucl Authentication kkey generation management and conversion sshd ucl OpenSSH SSH d mon stty ucl Change and print termin...

Страница 332: ...tivated by running the relevant configurator which performs the action necessary to make the configuration changes live portmanager which provides a buffered interface to each serial port It is suppor...

Страница 333: ...name complete pr DE name continue n declare aAfFgilnrtux p name value dirs clpv N N disown ar h jobspec pid echo neE arg enable a dnps f filename name eval arguments exec cl a name command arguments...

Страница 334: ...ile commands do commands done while test commands do consequent commands done A 2 SOURCE CODE Many console server software components are licensed under the GNU General Public License Version 2 A copy...

Страница 335: ...e code openly available from http denx de wiki U Boot The console server CGIs the html code xml code and web config tools for the Management Console are proprietary to Black Box The code will be provi...

Страница 336: ...ed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference i...

Страница 337: ...tes que impidan el flujo de aire por los orificios de ventilaci n 10 El equipo el ctrico deber ser situado fuera del alcance de fuentes de calor como radiadores registros de calor estufas u otros apar...

Страница 338: ...A and LES1600 models have Cisco Straight serial pinouts on their RJ 45 connectors The LES1700 has software selectable Cisco Straight or Cisco Rolled RJ 45 CISCO STRAIGHT RJ 45 PINOUT Straight through...

Страница 339: ...Black Box console server is supplied with UTP CAT5 cables C 3 RS 232 STANDARD PINOUTS The RS 232 pinout standards for the DB9 and DB25 connectors are listed in the table below TABLE C 3 RS 232 STANDA...

Страница 340: ..._______________________________________________________________ C 5 TCP AND UDP PORT NUMBERS Port numbers are divided into three ranges Well Known Ports Registered Ports and Dynamic Private Ports Well...

Страница 341: ...NDIX C CONNECTIVITY TCP PORTS AND SERIAL I O TABLE C 5 CONTINUED TCP AND UDP PORT NUMBERS PORT NUMBER PROTOCOL TCP UDP 53 DNS UDP 67 BootP server UDP 68 BootP client UDP 69 TFTP UDP 70 Gopher TCP 79 F...

Страница 342: ...nformation about an entity and the entity s public key thus binding these two pieces of information together A certificate is issued by a trusted organization or entity called a Certification Authorit...

Страница 343: ...s The MAC address is used by the local Internet router in order to direct console server traffic to it rather than something else in the local area It is a 48 bit number usually written as a series of...

Страница 344: ...redirection to serial remote managers can view the BIOS POST output during power on and reconfigured SSH Secure Shell is secure transport protocol based on public key cryptography SSL ecure Sockets La...

Страница 345: ...e consequential or cost of cover damages resulting from any errors in the product information or specifications set forth in this document and Black Box Corporation may revise this document at any tim...

Страница 346: ..._________________________________________________________ __________________________________________________________________________________________________ ___________________________________________...

Страница 347: ...________ __________________________________________________________________________________________________ ____________________________________________________________________________________________...

Страница 348: ...COPYRIGHT 2016 BLACK BOX CORPORATION ALL RIGHTS RESERVED NEED HELP LEAVE THE TECH TO US LIVE 24 7 TECHNICAL SUPPORT 1 877 877 2269...

Отзывы:

Нет отзывов

Похожие инструкции для LES1516A

Бренд: XMG Страницы: 5

Бренд: Habitat Страницы: 48

Бренд: NAD Страницы: 2

BB-HGW700A - Network Camera Router

Бренд: Panasonic Страницы: 10

SAFETank Series

Бренд: Raidon Страницы: 49

Бренд: N.A.T. Страницы: 32

Бренд: hilscher Страницы: 154

Enterasys Matrix 2G4082-25

Бренд: Enterasys Страницы: 58

Бренд: Infoblox Страницы: 13

Бренд: IBM Страницы: 34

D-NVR4108HS-4KS2/L

Бренд: Dahua Страницы: 33

Бренд: Cypress Semiconductor Страницы: 33

Бренд: TP-Link Страницы: 131

Бренд: Omron Страницы: 6

Бренд: TP-Link Страницы: 37

Бренд: Wyse Страницы: 8

Бренд: CAME Страницы: 32

Бренд: Omron Страницы: 432

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды