manualshive.com logo in svg

Black Box LS1016A, Руководство пользователя

Поделиться
Скачать
Black Box LS1016A Скачать руководство пользователя страница 374

Appendix G - IPSEC

374

BLACK BOX 

®

Advanced Console Server

Using IPsec to create a VPN

A VPN, or Virtual Private Network lets two networks communicate securely when the only 
connection between them is over a third network which they do not trust. 

The method is to put a security gateway machine between each of the communicating net-
works and the untrusted network. The gateway machines encrypt packets entering the 
untrusted net and decrypt packets leaving it, creating a secure tunnel through it.

The Authentication

A complication, which applies to any type of connection, is that a secure connection cannot 
be created magically. There must be some mechanism which enables the gateways to reliably 
identify each other. Without this, they cannot sensibly trust each other and cannot create a 
genuinely secure link.

In the BLACK BOX 

®

Advanced Console Server  IPsec implementation there are two methods 

of authentication:

1.

A shared secret provides authentication. If Alice and Bob are the only ones who know a 
secret and Alice receives a message which could not have been created without that 
secret, then Alice can safely believe the message came from Bob. 

2.

A public key or RSA authentication can also provide authentication. If Alice receives a 
message signed with Bob's private key (which of course only he should know) and she 
has a trustworthy copy of his public key (so that she can verify the signature), then she 
can safely believe the message came from Bob. 

The Encryption

In a tunnel, the two system must have a common key that they will use to encrypt and 
decrypt the packages. The key for the encryption can be provided in two ways:

Maual keying

The two ends share a secret key to encrypt their message. Of 
course, if an enemy gets the key, all is lost. The BLACK BOX 

®

Advanced Console Server  IPsec implementation does not 
support manual keying.

Automatic keying

The two systems authenticate each other and negotiate their 
own secret key. The key are automatically changed periodically.

Содержание LS1016A

Страница 1: ...Guide CUSTOMER Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 SUPPORT Tech Support and Ordering 724 746 5500 1 877 877 BBOX Fax 724 746 0746 INFORMATION To contact us about Black Box products or services info blackbox com SEPTEMBER 2003 LS1016A LS1032A ...

Страница 2: ...t names mentioned in this publication are trademarks or registered trademarks of their respective holders Black Box BLACK BOX Advanced Console Server LS1032A LS1016A are registered trademark of Black Box Corporation Microsoft Windows 95 98 XP ME NT and 2K are trademarks of Microsoft Corporation UNIX is a trademark of UNIX System Laboratories Inc Linux is a registered trademark of Linus Torvalds Th...

Страница 3: ...rver 19 What s in the box 20 Safety Instructions 23 Battery 25 FCC Warning Statement 26 Aviso de Precaución S Mark Argentina 26 Trabajar dentro del BLACK BOX Advanced Console Server 28 Batería 29 Chapter 2 Installation Configuration and Usage Introduction 31 System Requirements 31 Default Configuration Parameters 32 Pre Install Checklist 33 Task List 34 The Wizard 34 Quick Start 36 Configuration u...

Страница 4: ...essing Serial Ports using ts_menu 63 Accessing Serial Ports using the Web Interface 64 Chapter 3 Additional Features Introduction 65 Configuration Wizard Basic Wizard 66 Using the Wizard through your Browser 72 Access Method 73 Configuration for CAS 73 Configuration for TS 88 Configuration for Dial in Access 96 Authentication 100 Parameters Involved and Passed Values 100 Configuration for CAS TS a...

Страница 5: ...56 Syntax 157 Parameters Involved and Passed Values 166 Configuration for CAS TS and Dial in Access 166 Generating Alarms 172 Port Slave Parameters Involved with Generating Alarms 172 Configuration for CAS TS and Dial in Access 172 Syslog ng Configuration to use with Alarm Feature 179 Alarm Sendmail Sendsms and Snmptrap 181 Help 188 Help Wizard Information 188 Help Command Line Interface Informati...

Страница 6: ...lues 237 Configuration for CAS 238 SNMP 246 Configuration for CAS TS and Dial in Access 248 Syslog 249 Port Slave Parameters Involved with syslog ng 250 Configuration for CAS TS and Dial in Access 250 The Syslog Functions 256 Terminal Appearance 271 Parameters Involved and Passed Values 271 Configuration for CAS TS and Dial in Access 272 Time Zone 280 How to set Date and Time 281 Appendix A New Us...

Страница 7: ...s Crossover Cables 303 Which cable should be used 303 Cable Diagrams 304 Appendix C The pslave Configuration File Introduction 311 Configuration Parameters 311 CAS TS and Dial in Common Parameters 311 CAS Parameters 321 TS Parameters 331 Dial in Access Parameters 333 Appendix D Linux PAM Introduction 337 The Linux PAM Configuration File 339 Configuration File Syntax 339 Newest Syntax 342 Module Pa...

Страница 8: ...Default Configuration of the Web Configuration Manager 366 Using a different speed for the Serial Console 366 CPU LED 368 Appendix F Certificate for HTTP Security Introduction 369 Procedure 369 Appendix G IPSEC Introduction 373 Basic IPsec Knowledge 373 Using IPsec to create a VPN 374 The Authentication 374 The Encryption 374 The software parts 375 IPSec Configuration 375 The configuration file 37...

Страница 9: ...ications of IPsec 389 Configuration 390 Before you Start 390 Set up and test networking 390 Enabling IPsec 390 Quick Start 390 Road Warrior remote access 390 BLACK BOX Advanced Console Server to network VPN 393 Setting up RSA authentication keys 394 Generating an RSA key pair 395 Exchanging authentication keys 395 The Configuration File 396 Description 396 Conn Sections 398 Config Sections 402 Rec...

Страница 10: ... Started 408 Changing the Root Password 409 Adding and Deleting Users 409 Adding a User 409 Deleting a User 410 Adding and Deleting User Groups 411 Adding a group 411 Deleting a group 411 Adding and Deleting Access Limits 412 Adding an Access Limit 412 Deleting an access limit 413 Appendix I Connect to Serial Ports from Web Introduction 415 Tested Environment 415 On Windows 416 From Internet Explo...

Страница 11: ... wiz auth 428 Data Buffering Parameters wiz db 429 Power Management Parameters wiz pm 429 Serial Settings Parameters wiz sset type 430 Sniffing Parameters wiz snf 431 Syslog Parameters wiz sl 431 Terminal Appearance Parameters wiz tl 431 Terminal Server Profile Other Parameters wiz tso 432 Appendix L Copyrights References 433 List of Figures 437 List of Tables 441 Glossary 443 Index 447 ...

Страница 12: ...Table of Contents 12 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 13: ...cess very familiar It is not necessary to be a UNIX expert however to get the BLACK BOX Advanced Console Server up and running There are two audiences or user levels for this manual New Users These are users new to Linux and or UNIX with a primarily PC Microsoft background You might want to brush up on such things as common Linux UNIX commands and how to use the vi editor prior to attempting insta...

Страница 14: ...le fea tures of the BLACK BOX Advanced Console Server It provides configuration instruc tions for syslog data buffers authentication filters DHCP NTP SNMP clustering and sniffing Appendix A New User Background Information contains information for those who are new to Linux UNIX Appendix B Cabling Hardware and Electrical Specifications has detailed information and pinout diagrams for cables used wi...

Страница 15: ... incorporated into the product The Glossary provides definitions for commonly used terms in this manual Conventions and Symbols This section explains the significance of each of the various fonts formatting and icons that appear throughout this guide Fonts This guide uses a regular text font for most of the body text and Courier for data that you would input such as a command line instruction or d...

Страница 16: ... You will modify four Linux files to let the BLACK BOX Advanced Console Server know about its local environment Step A Modify pslave conf Open the file plsave conf and add the following lines Parameter Syntax This manual uses standard Linux command syntaxes and conventions for the parameters described within it Brackets and Hyphens dashes The brackets indicate that the parameter inside them is opt...

Страница 17: ...ng of the text will be considered not the literal text When the text is not encapsulated the literal text will be considered Spacing and Separators The list of users in the following example must be separated by semicolons the outlets should be separated by commas to indicate a list or with dashes to indicate range there should not be any spaces between the values sXX pmusers The user access list ...

Страница 18: ... that explains and or expedites the use of the BLACK BOX Advanced Console Server Important An important tip that should be read Review all of these notes for critical information Warning A very important type of tip or warning Do not ignore this information DANGER Indicates a direct danger which if not avoided may result in personal injury or damage to the sys tem Security Issue Indicates security...

Страница 19: ...ly connected to the BLACK BOX Advanced Console Server Telnet ssh over a network A browser And configure it with any of the following four options vi Wizard Browser Command Line Interface CLI only for certain configuration parameters With the BLACK BOX Advanced Console Server set up as a Console Access Server you can access a server connected to the BLACK BOX Advanced Console Server through the ser...

Страница 20: ... current availability Figure 1 Cable Package 1 Figure 2 Cable Package 2 The following figures show the main units and accessories included in package RJ 45 to DB 25 Black Box Sun Netra adapter Female adapter RJ 45 to DB 9 F RJ 45 straight through cable adapter RJ 45 to DB 25 Male adapter Black Box Sun Netra cable RJ 45 to DB 25 Female crossover cable RJ 45 to DB 9 Female crossover cable RJ 45 to D...

Страница 21: ...supply The single power units will have just one power cable Manual Loop back Connector Modem Cable Cable Package 1 OR Cable Package 2 Manual Back View of the 32 Port BLACK BOX Advanced Console Server Version 2 1 4 Revision 1a User Guide CUSTOMER Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 SUPPORT Tech Support and Ordering 724 746 5500 1 877 877 BBOX Fax 724 746 0746 INFORMATION T...

Страница 22: ...able Package 1 OR Cable Package 2 Manual Back View of the 16 Port BLACK BOX Advanced Console Server Version 2 1 4 Revision 1a User Guide CUSTOMER Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 SUPPORT Tech Support and Ordering 724 746 5500 1 877 877 BBOX Fax 724 746 0746 INFORMATION To contact us about Black Box products or services info blackbox com SEPTEMBER 2003 LS1016A LS1032A ...

Страница 23: ...en into the Important To help protect the BLACK BOX Advanced Console Server from electrical power fluctuations use a surge suppressor line conditioner or uninterruptible power supply Important Be sure that nothing rests on the cables of the BLACK BOX Advanced Console Server and that they are not located where they can be stepped on or tripped over Important Do not spill food or liquids on the BLAC...

Страница 24: ...pment before touching anything inside it Important Keep your BLACK BOX Advanced Console Server away from heat sources and do not block cooling vents Important The BLACK BOX Advanced Console Server product DC version is only intended to be installed in restricted access areas Dedicated Equipment Rooms Equipment Closets or the like in accordance with Articles 110 18 110 26 and 110 27 of the National...

Страница 25: ...ame or equivalent type recommended by the manufacturer Dispose of used batteries according to the manufacturer s instructions WARNUNG Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr Ersetzen Sie die Batterie nur durch den gleichen oder vom Hersteller empfohlenen Batterietyp Entsorgen Sie die benutzten Batterien nach den Anweisungen des Herstellers ...

Страница 26: ...LACK BOX Advanced Console Server does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le BLACK BOX Advanced Console Server n émete pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le règlement sur le brouil...

Страница 27: ...nte Para proteger al BLACK BOX Advanced Console Server de fluc tuaciones en corriente eléctrica utilice una fuente eléctrica de respaldo Importante Asegurarse de que nada descanse sobre los cables del BLACK BOX Advanced Console Server y que los cables no obstruyan el paso Importante Asegurarse de no dejar caer alimentos o bebidas en el BLACK BOX Advanced Console Server Si esto ocurre avise a Black...

Страница 28: ...ntenga el BLACK BOX Advanced Console Server fuera del alcancé de calentadores y asegurarse de no tapar la ventilación del equipo Importante El BLACK BOX Advanced Console Server con alimentación de corriente directa CD solo debe ser instalado en áreas con restricción y de acu erdo a los artículos 110 18 110 26 y 110 27 del National Electrical Code ANSI NFPA 701 Edición 1999 Para conectar la corrien...

Страница 29: ...a batería nueva puede explotar si no esta instalada correctamente Remplace la batería cuando sea necesario solo con el mismo tipo recomendado por el fabricante de la batería Deshacerse de la batería de acuerdo a las instruc ciones del fabricante de la batería ...

Страница 30: ...Introduction and Overview 30 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 31: ...want to brush up prior to proceeding with this chapter with the essential background information presented in Appendix A New User Background Informa tion Even if you are a UNIX user and find the tools and files familiar do not configure this product as you would a regular Linux server The chapter is divided into the following sections System Requirements Default Configuration Parameters Pre Instal...

Страница 32: ...the screen flow and input values needed for this configuration mode If you choose the CLI Command Line Interface method this allows you to configure certain parameters for a specified serial port or some network related parameters Specifics of this method are discussed under the appropriate option title in Chapter 3 Additional Features Default Configuration Parameters DHCP enabled if there is no D...

Страница 33: ...em If you have a UNIX operating system you will be using Kermit or Minicom IP Address of PC or terminal BLACK BOX Advanced Console Server NameServer and Gateway You will need to locate the IP address of your PC or workstation the BLACK BOX Advanced Console Server and the machine that resolves names on your network Your Network Administrator can supply you with these If there is outside access to t...

Страница 34: ...ction and Log In Task 3 Modify the System Files Task 4 Edit the pslave conf file Task 5 Activate the changes Task 6 Test the configuration Task 7 Save the changes Task 8 Reboot the BLACK BOX Advanced Console Server The Wizard The eight key tasks can also be done through a wizard in the 2 1 plus versions of the BLACK BOX Advanced Console Server Basic Wizard The Basic Wizard will configure the follo...

Страница 35: ...Wizard Further configuration of the BLACK BOX Advanced Console Server can be done through one of several customized wizards These procedures are explained under their respective topic heading in Chapter 3 Additional Features There are custom wizards for the following optional configurations Access Method Generating Alarms Authentication Data Buffering Help Serial Settings Session Sniffing Syslog T...

Страница 36: ...four methods Console Browser Telnet CLI Command Line Interface If you have a serial port that you can use as a console port use the Console method If you have access to telnet you can use this method while New Users may prefer the Browser method for its user friendliness Configuration using a Console Step 1 Connect the console cable Connect the console cable created from the RJ 45 straight through...

Страница 37: ...A T I O N W I Z A R D INSTRUCTIONS for using the Wizard You can 1 Enter the appropriate information for your system and press ENTER or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you mu...

Страница 38: ...y After you confirm and save the basic parameters you will be presented with the shell prompt From there either select to continue configuration using the vi editor or use the browser or CLI method if appropriate The BLACK BOX Advanced Console Server is now configured as a CAS with its new IP address with no authentication and accepting telnet to the serial ports You can telnet the CAS IP serial p...

Страница 39: ... do not have a DHCP Server in your LAN add a route pointing to the BLACK BOX Advanced Console Server IP From the workstation issue a command to add a route pointing to the network IP address of the BLACK BOX Advanced Console Server 192 168 160 0 accessed through the workstation s Ethernet interface For Linux the command would be route add net 192 168 160 0 24 gw IP address assigned to the workstat...

Страница 40: ...tion Manager Step 4 Enter root as login name and tslinux as password Step 5 Click the Submit button This will take you to the Configuration Administration Menu page shown in the following figure Figure 6 Configuration Administration Menu page Need new screen shot with new product in Red LS1032A Link for changing password ...

Страница 41: ...Information Section Step 6 Click on the General link Figure 7 General page Step 7 Configure parameters presented in the fields Step 8 Click on the Submit button Step 9 Make the changes effective Security Issue Change the password of the Web root user as soon as possible The user database for the Web Configuration Manager is different than the sys tem user database so the root password can be diffe...

Страница 42: ...r or you IP address with no authentication and accept ing telnet to the serial ports You can telnet the CAS IP serial port 1 with the fol lowing command telnet IP assigned 7001 To explore the BLACK BOX Advanced Console Server features either continue configuration using browser use the vi editor from the console or use CLI if appro priate A description of each of the links on the five sections of ...

Страница 43: ...rts Configuration of Portslave package Serial Port Groups Configuration of User Groups for Serial Ports Host Table Table of hosts in etc hosts Static Routes Static routes defined in etc network st_routes IPsec IPsec connections configuration IP Tables Static IPTables Filter in etc network firewall Boot Configuration Configuration of parameters used in the boot process Edit Text File Tool to edit a...

Страница 44: ...t the BLACK BOX Advanced Console Server s date and time Active Sessions Shows the active sessions CAS Sessions Shows the CAS sessions Process Status Shows the running processes and allows the administrator to kill them Restart Processes Allows the administrator to start or stop some specific processes PCMCIA Allows the administrator to insert and eject PCMCIA cards Table 5 Web User Management Sect...

Страница 45: ... to add or delete routes ARP Cache Shows the ARP cache IP Statistics Shows IP protocol statistics ICMP Statistics Shows ICMP protocol statistics TCP Statistics Shows TCP protocol statistics UDP Statistics Shows UDP protocol statistics RAM Disk Usage Shows the BLACK BOX Advanced Console Server File System status System Information Shows information about the kernel time CPU and memory Note The link...

Страница 46: ...he workstation used to manage the servers Step 2 If you do not have a DHCP Server in your LAN add a route pointing to the BLACK BOX Advanced Console Server IP From the workstation issue a command to add a route pointing to the network IP address of the BLACK BOX Advanced Console Server 192 168 160 0 accessed through the workstation s Ethernet interface For Linux the command would be route add net ...

Страница 47: ...nt to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue After yo...

Страница 48: ...IP address Don t worry The new configuration will be valid The BLACK BOX Advanced Console Server is now configured as a CAS with its assigned by DHCP or you IP address with no authentication and accepting telnet to the serial ports You can telnet the CAS IP serial port 1 with the following command telnet IP assigned 7001 After you confirm the basic parameters you will be presented with the shell p...

Страница 49: ...ar Log in as root default password is linux A new password should be created as soon as possible The terminal parameters should be set as follows Serial Speed 9600 bps Data Length 8 bits Parity None Stop Bits 1 stop bit Flow Control none ANSI emulation You may now skip to Task 4 Edit the pslave conf file Important Any configuration change must be saved in flash once validated To save in Flash run ...

Страница 50: ... terminal to the BLACK BOX Advanced Console Server via an Ethernet connection in order to manage the BLACK BOX Advanced Console Server The workstation used to access the BLACK BOX Advanced Console Server through telnet or ssh uses a LAN connection These events can be summarized as follows PC Hyper terminal COM port connects via serial cable to the BLACK BOX Advanced Console Server s console port P...

Страница 51: ...al Specifications Step 3 Connect Hub to PC and the BLACK BOX Advanced Console Server Your workstation and BLACK BOX Advanced Console Server must be on the same physical LAN Connect one RJ 45 cable from the Ethernet port of the BLACK BOX Advanced Console Server to the hub and another from the hub to the workstation used to manage the servers Step 4 Install and launch HyperTerminal Kermit or Minicom...

Страница 52: ...t File Properties and click the Connect To tab Select the available COM port number from the Connection dropdown Figure 8 Choose a free COM port Step 2 Configure COM port Click the Configure button hidden by the dropdown menu in the above figure Your PC considered here to be a dumb terminal should be configured to use 9600 bps 8 data bits no parity 1 stop bit and no flow control as shown in the fo...

Страница 53: ... 53 Figure 9 Port Settings Step 3 Power on the BLACK BOX Advanced Console Server Step 4 Click OK on the Properties window You will see the BLACK BOX Advanced Console Server booting on your screen After it finishes booting you will see a login prompt 9600 ...

Страница 54: ...nux a UNIX like operating system and those not familiar with it will want to refer to Appendix A Step 1 Type root and press Enter Step 2 At the password prompt type tslinux Press Enter Step 3 Modify etc hostname In HyperTerminal type vi etc hostname without the quotes and press Enter Arrow over the existing text in the file type r for replace and type the first number of the model of your BLACK BO...

Страница 55: ...n the network Modify the file using the vi as you did in Step 1 Figure 11 Contents of the etc hosts file Step 5 Modify etc resolv conf This file must contain the domain name and nameserver information for the network Obtain the nameserver IP address from your Network Administrator The default contents of this file are domain mycompany com nameserver 200 200 200 2 LES2800A 16 Replace to match hostn...

Страница 56: ...tc passwd file has the user root with password tslinux You should change the password for user root as soon as possible Before changing any password or adding new users you should also activate shadow password if it is needed The BLACK BOX Advanced Console Server has support for shadow password but it is not active by default To activate shadow password follow the steps listed below Step A Create ...

Страница 57: ... parameters need to be modified or confirmed for a basic configuration conf eth_ip if you disabled DHCP all authtype all protocol A listing of the pslave conf file with all possible parameters as well as the files used to create other configurations from parameters in this file is provided in Appendix C The pslave Con figuration File Additional optional modifications made to this file will depend ...

Страница 58: ...arameter can be overridden by a s parameter appearing later in the pslave conf file or vice versa Power Users To find out what to input for these three parameters so that you can configure what you need go the appropriate appendix where you will find a complete table with an explanation for each parameter You can use the templates from that same Appendix pslave conf cas etc as reference conf eth_i...

Страница 59: ...cation is performed using a Radius authentication server TacacsPlus authentication is performed using a TacacsPlus authenti cation server ldap authentication is performed against an ldap database using an ldap server The IP address and other details of the ldap server are defined in the file etc ldap conf local radius authentication is performed locally first switching to Radius if unsuccessful ra...

Страница 60: ...dvanced Console Server by DHCP or you An example would be ping 192 168 160 10 If you receive a reply your BLACK BOX Advanced Console Server connection is OK If there is no reply see Appendix E Software Upgrades and Troubleshooting Step 2 Telnet to the server connected to the first port of the BLACK BOX Advanced Console Server This will only work if you selected socket_server as your all protocol p...

Страница 61: ...uration follow the above steps again and check Appendix E Software Upgrades and Troubleshooting Task 7 Save the changes Execute the following command in HyperTerminal to save the configuration saveconf Task 8 Reboot the BLACK BOX Advanced Console Server After rebooting the initial configuration is complete Note restoreconf does the opposite of saveconf copying the contents of the proc flash script...

Страница 62: ...port belonging to a pool of serial ports issue the command telnet CAS hostname TCP port number CAS hostname is the hostname configured in the workstation where the telnet client will run through etc hosts or DNS table It can also be just the IP address of the BLACK BOX Advanced Console Server Ethernet s interface configured by the user or learned from DHCP TCP port number is the number associated ...

Страница 63: ...rt Server Accessing Serial Ports using ts_menu To access the serial port telnet or ssh using ts_menu login to the CAS unit and after receiv ing the shell prompt run ts_menu The servers aliases or serial ports will be shown as option to start a connection telnet ssh After typing ts_menu you will see something similar to the following Serial Console Server Connection Menu for your Master Terminal Se...

Страница 64: ... the e option So for example to set Ctrl as the escape character type telnet e 192 168 160 10 To exit from the session created through the ts_menu just follow Step 1 from above To exit from the entire telnet session to your unit type the escape character you had set Accessing Serial Ports using the Web Interface From the Web there s a Connect to Serial Port option that has to be selected A serial ...

Страница 65: ...zard when available browser where appropriate and the Command Line Interface CLI when available This chapter contains the following sections Configuration Wizard Basic Wizard Access Method Authentication CAS Port Pool Clustering CronD Data Buffering DHCP Dual Power Management Filters and Network Address Translation Generating Alarms Help NTP PCMCIAPorts Configured as Terminal ServersSerial Setting...

Страница 66: ...using any browser or by editing system files with the vi editor What follows are the basic parameters to get you quickly started The files that will be eventually modified if you decide to save to flash at the end of this application are 1 etc hostname 2 etc hosts 3 etc resolv conf 4 etc network st_routes 5 etc network ifcfg_eth0 6 etc portslave pslave conf Step 1 Enter the command wiz At the comm...

Страница 67: ...gurations and have the choice of setting them to default values or not C O N F I G U R A T I O N W I Z A R D Current configuration Hostname CAS DHCP enabled Domain name Primary DNS Server Gateway IP eth0 Set to defaults y n n Step 3 Press Enter or type n or y The default answer or value to any question is in the brackets You can take one of three actions Either just press the ENTER key to execute ...

Страница 68: ...P for your system y n y Tip On most of the following configuration screens the default or current value of the parameter is displayed inside brackets Just press the ENTER key if you are satisfied with the value in the brackets If not enter the appropriate parameter and press ENTER If at any time after choosing whether to set your configurations to default or not you want to exit the wizard or skip...

Страница 69: ...abetical so that it is easier to remember Every time you see the domain name it is actually being translated into an IP address by the domain name server See your network administrator to obtain this IP address for the domain name server Domain Name Server 192 168 160 200 Step 9 Enter Gateway IP address and press Enter The Gateway is a node on a network that serves as an entrance point into anothe...

Страница 70: ... 160 10 Domain name mycompany com Primary DNS Server 192 168 160 200 Gateway IP 192 168 160 1 Network Mask 255 255 255 0 Are all these parameters correct y n y Step 12 Type y or n or press Enter Type y if all parameters are correct Type n or just press ENTER if not all the param eters are correct and you want to go back and redo them Step 13 If you typed n in Step 11 type c or q As directed by the...

Страница 71: ...d on again the saved information can be recovered If y is entered the screen will display an explanation of what saving to flash means Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of t...

Страница 72: ...ections and the exact screen flow begins with To summarize the process the wizard configuration is started by first selecting the desired port s on the Port Selection page Figure 13 Port Selection page clicking Submit and then selecting either the CAS TS or RAS profile buttons on the subsequent Serial Port Configura tion Page Change the appropriate parameters and then click the Submit button on th...

Страница 73: ...ADIUS TacacsPlus Authentication Server First Accounting Server RADIUS TacacsPlus secret Remote IP Address keep the Incremented option on Access Method Access method is how a user accesses a server connected to one of the serial ports on the BLACK BOX Advanced Console Server CAS profile or how a user connected to one of the serial ports accesses a server in the network TS profile or Dial In profile...

Страница 74: ...et_ssh and the port value 7001 7002 etc if supplied by the ssh client like username port value the ssh client will be directly connected with the serial interface all protocol The possible protocols are telnet ssh1 ssh2 or raw data socket_server telnet protocol socket_ssh ssh1 ssh2 protocol raw_data used to exchange data in transparent mode Raw_data is similar to socket_server mode but without tel...

Страница 75: ...the unit for this parameter is ms If set to zero line status messages will not be sent to the socket client all tx_interval Valid for protocols socket_server and raw_data Defines the delay in milliseconds before transmission to the Ethernet of data received through a serial port If not configured 100ms is assumed If set to zero or a value above 1000 no buffering will take place all idletimeout Val...

Страница 76: ...ation page Step 3 Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page Figure 13 Port Selection page Step 4 Select port s On the Port Selection page choose all ports or an individual port from the dropdown menu This will take you to the Serial Port Configuratio...

Страница 77: ...ameter all users here under Access Restriction on Users Step 8 Scroll to Console Access Server Section You can configure the following parameters here all sttyCmd all poll_interval all tx_interval all idletimeout Step 9 Configure s n serverfarm This parameter will not appear on the configuration page when All ports is selected Scroll to the SSH section Each port can be named after the server or de...

Страница 78: ...the group Step 13 Click the Submit button At this point the configuration file is written in the RAMdisk Step 14 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 15 Save it in the flash Go to the link Administration Load Save Configuration and click the Save to Flash b...

Страница 79: ...tisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration T...

Страница 80: ...irst port should be addressed as 192 168 1 101 and the following ports should have consecutive values Any host can access a port using its IP address as long as a path to the address exists in the host s routing table all ipno ALL SOCKET_PORT This defines an alternative labeling system for the system ports The after the numerical value causes the interfaces or ports to be numbered consecutively e ...

Страница 81: ...comma and spaces tabs may be used between names A comma may NOT appear between the and the first user name The users may be local Radius or TacacsPlus User groups defined with the parameter conf group can be used in combination with user names in the parameter list Notice that these are common users not administrators e g joe mark grp1 the users Joe Mark and members of grp1 cannot access the port ...

Страница 82: ... serial port If not configured 100ms is assumed If set to 0 or a value above 1000 no buffering will take place all tx_interval Screen 6 C O N F I G U R A T I O N W I Z A R D ALL IDLETIMEOUT This parameter specifies how long in minutes a connection can remain inactive before it is cut off If set to 0 the default the connection will not time out all idletimeout CONF GROUP Used to combine users into ...

Страница 83: ...T Typing c repeats the application typing q exits the entire wiz application If you type y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 8 typing q leads to Screen 9 Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured fo...

Страница 84: ... the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Note The number of available ports depends on the system you are on Typing in a valid port number repeats this program except t...

Страница 85: ...ather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n ...

Страница 86: ...e line serial port number ipno string To configure the socket_port config configure line serial port number socket number To configure the protocol string is the type of protocol desired config configure line serial port number protocol string To configure modbus_smode config configure line serial port number modbus string To configure users config configure line serial port number users string To...

Страница 87: ...e To activate your new configurations and save them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt Tip You can configure all the parameters for a serial port in one line config configure line serial port number tty string ipno string socket number protocol string modbus string users string pollinterval number txinterval number idle...

Страница 88: ...t ssh ssh2 or socket_client If the protocol is configured as telnet or socket_client the parameter socket_port needs to be configured all socket_port This parameter is valid only if all protocol is configured as socket_client or telnet The socket_port is the TCP port number of the application that will accept connections requested by this serial port all telnet_client_mode When the protocol is TEL...

Страница 89: ...tion Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 5 Save it in the flash Go to the link Administration Load Save Configuration and click the Save to Flash button Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the Access Method custom wizard wiz ac ts This will bring up Scr...

Страница 90: ...in the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s...

Страница 91: ...s defines the port s to be used by the protocols telnet and socket_client For these two protocols a default value of 23 is used when no value is configured all socket_port 23 Screen 4 C O N F I G U R A T I O N W I Z A R D ALL TELNET_CLIENT_MODE This parameter only applies if the current protocol configured is telnet Configuring as binary 1 causes an attempt to negotiate the TELNET BINARY option on...

Страница 92: ...on The ones with the means it s not activated all protocol rlogin all socket_port 23 all telnet_client_mode 0 all userauto Are these configuration s all correct y n n If you type n Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type y Discard previous port specific parameters y n n Note all host is confi...

Страница 93: ...ering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance if you are currently configuring parameter all x and there was a specific port s2 x configured then answering yes to this question will discard s2 x Note The number of available ports depends on the system you are on Typing ...

Страница 94: ...sh Do you want to activate your configurations now y n y Screen 8 C O N F I G U R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot...

Страница 95: ...ng To configure the socket_port config configure line serial port number socket number To configure the telnet_client_mode config configure line serial port number telnetclientmode number To configure userauto config configure line serial port number userauto string Step 2 Activate and Save To activate your new configurations and save them to flash type config write This is essentially typing sign...

Страница 96: ...ould be addressed as 192 168 1 101 and the following ports should have consecutive values all initchat Modem initialization string Example value TIMEOUT 10 d l dATZ OK r n ATZ OK r n ATMO OK R N TIMEOUT 3600 RING STATUS Incoming p I HANDSHAKE ATA TIMEOUT 60 CONNECT STATUS Connected p I HANDSHAKE all autoppp Options to auto detect a ppp session The cb script parameter defines the file used for call...

Страница 97: ... Step 2 Click the Dial in Profile button in the Wizard section Example value j novj proxyarp modem asyncmap 000A0000 noipx noccp login auth require pap refusechap mtu t mru t cb script etc portslave cb_script plugin usr lib libpsr so all pppopt PPP options when user has already been authenticated Example value i j novj proxyarp modem asyncmap 000A0000 noipx noccp mtu t mru t netmask m idle I maxco...

Страница 98: ...he PPP Section You can configure the parameter all autoppp and all pppopt here Step 6 Click the Submit button At this point the configuration file is written in the RAMdisk Step 7 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 8 Save it in the flash Go to the link Ad...

Страница 99: ...o configure the protocol string is the type of protocol desired config configure line serial port number protocol string To configure ipno config configure line serial port number ipno string Step 2 Activate and Save To activate your new configurations and save them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt Tip You can configu...

Страница 100: ... or kerberos Parameters Involved and Passed Values The authentication feature utilizes the following parameters all authtype Type of authentication used There are several authentication type options none no authentication local authentication is performed using the etc passwd file remote This is for a terminal profile only The unit takes in a user name but does not use it for authentication Instea...

Страница 101: ... The authentication required by the device to which the user is connecting is controlled separately all authhost1 all authhost2 This address indicates the location of the Radius TacacsPlus authentication server and is only necessary if this option is chosen in the previous parameter A second Radius TacacsPlus authentication server can be configured with the parameter all authhost2 all accthost1 al...

Страница 102: ...r is tried before another is contacted The first server authhost1 is tried radretries times and then the second authhost2 if configured is contacted radretries times If the second also fails to respond Radius TacacsPlus authentication fails all secret This is the shared secret password necessary for communication between the BLACK BOX Advanced Console Server and the Radius TacacsPlus servers Note ...

Страница 103: ...written in the RAMdisk Step 4 Make changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 5 Save it in the flash Go to the link Administration Load Save Configuration and click the Save to Flash button ...

Страница 104: ...zard You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must e...

Страница 105: ... 4 all accthost2 192 168 160 4 all radtimeout 3 all radretries 5 all secret secret Set to defaults y n n Screen 3 C O N F I G U R A T I O N W I Z A R D ALL AUTHTYPE This parameter controls the authentication required by the system Users access to the server through the serial port is granted through the check of username and password locally or remotely e g none local TacacsPlus note the capital T...

Страница 106: ...ow long users are connected after being authorized by the authentication server all accthost1 200 200 200 3 ALL AUTHHOST2 This IP address indicates where the SECOND Radius or TacacsPlus authentication server is located all authhost2 200 200 200 2 Note If authtype is configured as none local ldap or kerberos the applica tion will skip immediately to the summary screen because the rest of the parame...

Страница 107: ...MEOUT This is the timeout in seconds for a Radius or TacacsPlus authentication query to be answered all radtimeout 3 Screen 6 C O N F I G U R A T I O N W I Z A R D ALL RADRETRIES This defines the number of times each Radius or TacacsPlus server is tried before another is contacted all radretries 5 ALL SECRET This is the shared secret necessary for communication between the system and the Radius or...

Страница 108: ...pe n Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats application typing q exits the entire wiz application If you type y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ports or q to QUIT Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configur...

Страница 109: ...unit through a console and you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Note The number of available ports depends on the system you are on Typing...

Страница 110: ... all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n CLI Method To configure certain parameters for a specific serial port Step 1 At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ttyS serial port number config configure line seria...

Страница 111: ...ure radretries config configure line serial port number retries number To configure secret config configure line serial port number secret string Step 2 Activate and Save To activate your new configurations and save them to flash type config write Tip You can configure all the parameters for a serial port in one line config configure line serial port number tty string authtype string authhost1 str...

Страница 112: ... sure that you have the NIS domain name set Command domainname NIS domain name show or set the system s NIS YP domain name Ex domainname cyclades nis Step 2 Edit the etc yp conf file etc yp conf This file contains the configuration used by ypbind etc domainname conf This file contains the NIS domain name set by the command domainname usr sbin ypbind Finds the server for NIS domains and maintains t...

Страница 113: ...e as local How to Test the Configuration To test the configuration do the following Step 1 Start up the following command usr sbin ypbind Step 2 Display the NIS server name Display the name of NIS server by running the following command usr bin ypwhich Step 3 Display the all users entry Displays the all users entry in the NIS database by running the following command usr bin ypcat t passwd byname ...

Страница 114: ... process works fine but the needed value was not found The default action for this status is continue UNAVAIL The service is permanently unavailable TRYAGAIN The service is temporarily unavailable To use NIS only to authenticate users you need to change the lines in etc nsswitch conf that reference passwd shadow and group Examples 1 You wish to authenticate the user first in the local database If ...

Страница 115: ...scheme protocol pool_ipno pool_serverfarm and pool_socket_port The three new parameters pool_ipno pool_serverfarm and pool_socket_port have the same meaning as ipno serverfarm and socket_port respectively Ports belonging to the same pool MUST be configured with the same value in these fields It is strongly recommended that you configure the same values in all parameters related to authentication f...

Страница 116: ...ias for specific allocation s1 pool_serverfarm pool 1 alias for the pool s2 tty ttyS2 s2 protocol socket_server s2 socket_port 7002 TCP port for specific allocation s2 pool_socket_port 3000 TCP port for the pool s2 ipno 10 0 0 2 IP address for specific allocation s2 pool_ipno 10 1 0 1 IP address for the pool s2 serverfarm serial 2 alias for specific allocation s2 pool_serverfarm pool 1 alias for t...

Страница 117: ...rt 3000 IP 10 1 0 1 and alias pool 1 pool 2 identified by Protocol socket_ssh TCP port 4000 IP 10 2 0 1 and alias pool 2 The serial ports ttyS1 and ttyS2 belong to the pool 1 The serial ports ttyS3 and ttyS4 belong to the pool 2 You can access specifically serial port ttyS1 by using TCP port 7001 IP address 10 0 0 1 or alias serial 1 If the ttyS1 is being used by somebody else the connection will ...

Страница 118: ... Advanced Console Servers on a LAN The Master BLACK BOX Advanced Console Server can manage up to 1024 serial ports so that the fol lowing can be clustered 1 Master 16 Port 31 Slave16 Ports or 1 Master 32 Port 15 Slave 32 Ports An example with one Master BLACK BOX Advanced Console Serverand two Slave BLACK BOX Advanced Console Servers is shown in the following figure Figure 16 An example of the clu...

Страница 119: ...ace needed for clustering feature conf eth_mask_alias Mask for secondary IP address above 255 255 255 0 all socket_port This value applies to both the local ports and ports on Slave BLACK BOX Advanced Console Server 7001 all protocol Depends on the application Socket_ssh or socket_server all authtype Depends on the application Radius or local or none s33 tty This parameter must be created in the M...

Страница 120: ...r_on_slave1_ serial_s3 s35 ipno See s33 ipno 0 0 0 0 etc for s36 s64 S65 tty The format of this parameter is IP_of_Slave slave_socket_port for non Master ports The value 7301 was chosen arbitrarily for this example 20 20 20 3 7301 S65 serverfarm An alias for this port Server_on_slave2_ serial_s1 S65 ipno See s33 ipno 0 0 0 0 S66 tty See s65 tty 20 20 20 3 7302 S66 serverfarm An alias for this port...

Страница 121: ...erial_s3 S67 ipno See s33 ipno 0 0 0 0 etc for s68 s96 Table8 BLACKBOX AdvancedConsoleServerconfigurationforSlave1 where it differs from the CAS standard Parameter Value for this example all protocol socket_server all authtype none conf eth_ip 20 20 20 2 all socket_port 7033 all authtype none Table9 BLACKBOX AdvancedConsoleServerconfigurationforSlave2 where it differs from the CAS standard Paramet...

Страница 122: ...209 81 55 110 to access the fifth port of Slave 2 Centralized Management the Include File The BLACK BOX Advanced Console Server allows centralized management through the use of a Master pslave conf file Administrators should consider this approach to configure multiple BLACK BOX Advanced Console Server Using this feature each unit has a simpli fied pslave conf file where a Master include file is c...

Страница 123: ... Server Figure 17 Example of Centralized Management The abbreviated pslave conf and etc hostname files in each unit for the example are For the etc hostname file in unit 1 unit1 For the plsave conf file in unit 1 conf eth_ip 10 0 0 1 conf eth_mask 255 0 0 0 conf include etc portslave Scommon conf For the etc hostname file in unit 2 unit2 For the plsave conf file in unit 2 conf eth_ip 10 0 0 2 conf...

Страница 124: ...for pslave conf conf host_config unit3 parameters for unit3 following the rules for pslave conf conf host_config end When this file is included unit1 would read only the information between conf host_config unit1 and conf host_config unit2 Unit2 would use only the information between conf host_config unit2 and conf host_config unit3 and unit3 would use information after conf host_config unit3 and ...

Страница 125: ...on available Authentication is performed in the Slave and not in the Master anymore Additionally the Master no longer needs to be the default gateway for all Slave boxes Enhanced clustering is available on implementations running Linux 2 4 x versions or newer This new implementation is based on iptables nat which is only available in these higher versions of Linux Enhanced Clustering has improved ...

Страница 126: ...ll be created post_nat_cluster to change the source IP address and pre_nat_cluster to change the destination IP address The BLACK BOX Advanced Console Server administrator must enable clustering via NAT in pslave conf conf nat_clustering_ip clustering_ip iptables D PREROUTING t nat p tcp j pre_nat_cluster iptables D POSTROUTING t nat p tcp j post_nat_cluster clustering_ip IP address of any BLACK B...

Страница 127: ...or can issue an iptables command to view change at his own risk or delete the rules in the nat table If the adminis trator issues a fwset restore command he must also execute the command signal_ras hup to recover the nat table BLACK BOX Advanced Console Server clustering was primarily designed to allow a large number of serial ports in more than one box to be accessed using just one single public ...

Страница 128: ...ent session must have the following command line option p master_port The master_port will define at least the Slave box with which a connection is desired For example you may use the following commands ssh l username1 server1 p 7101 master_ip ssh l username2 server2 p 7101 master_ip The above commands will respectively have the same result as the following commands issued from a local workstation...

Страница 129: ...examples looking like s 1 32 tty ttyS 1 32 must be seen as 32 lines For example s1 tty ttyS1 s2 tty ttyS2 s32 tty ttyS32 Master box Configuration Enable Clustering via NAT conf nat_clustering_ip 64 186 161 108 Primary ethernet IP address must be the public IP Note In the old clustering implementation username and server must be valid in the Master box In the new clustering they must be valid in th...

Страница 130: ..._ip_alias 192 168 170 1 conf eth_mask_alias 255 255 255 0 Local CAS serial ports 32 socket_ssh ports all protocol socket_ssh all authtype local all socket_port 7001 s 1 32 tty ttyS 1 32 Remote CAS serial ports slave 1 32 socket_ssh ports This kind of configuration can be used for ssh only just one entry is neces sary s33 tty 192 168 170 2 s33 socket_port 7000 ...

Страница 131: ...001 s66 socket_port 8002 s96 socket_port 8032 Remote CAS serial ports slave 3 32 socket_ssh ports s 97 128 tty 192 168 170 101 132 Slave 1 box Configuration Primary ethernet IP address conf eth_ip 192 168 170 2 conf eth_mask 255 255 255 0 conf eth_mtu 1500 Local CAS serial ports 32 socket_ssh ports all protocol socket_ssh all authtype local s 1 32 tty ttyS 1 32 s 1 32 serverfarm slave 1 port 1 32 ...

Страница 132: ...AS serial ports 32 socket_server ports all protocol socket_server all authtype local all socket_port 7101 s 1 32 tty ttyS 1 32 Slave 3 box Configuration Primary ethernet IP address conf eth_ip 192 168 170 4 conf eth_mask 255 255 255 0 conf eth_mtu 1500 Local CAS serial ports 32 socket_ssh ports all protocol socket_ssh all authtype local all ipno 192 168 170 101 s 1 32 tty ttyS 1 32 ...

Страница 133: ...st be provided to select which serial port is to be con nected to in the Slave box 1 ssh l username slave 1 port 1 32 p 7000 64 186 161 108 The master_port socket_port in the Master will select which serial port is to be connected to in the Slave boxes 1 and 2 telnet 64 186 161 108 80 01 32 ssh l p 7097 7128 64 186 161 108 ...

Страница 134: ...w line in the etc crontab_files active root etc crontab_tst Result CronD will execute the shell script teste_cron sh with root privileges each minute status Active or inactive If this item is not active the script will not be executed user The process will be run with the privileges of this user who must be a valid local user source Pathname of the crontab file that specifies frequency of executio...

Страница 135: ...ved to flash Step 4 Run saveconf The command saveconf which reads the etc config_files file should then be run saveconf copies all the files listed in the file etc config_files from the ramdisk to proc flash script Step 5 Reboot the BLACK BOX Advanced Console Server Browser Method To configure CronD with your browser Step 1 Point your browser to the Console Server In the address or location field ...

Страница 136: ... the Web root password configured by the Web server This will take you to the Configuration and Administration page Step 3 Click on the Edit Text File link Click on this link on the Link Panel You can then pull up the appropriate file and edit it Figure 18 Edit Text File page ...

Страница 137: ...ost must have NFS installed and the administra tor must create export and allow reading writing to this directory The size of this file is not limited by the value of the parameter s1 data_buffering though the value cannot be zero since a zero value turns off data buffering The conf nfs_data_buffering parameter format is server name or IP address remote pathname If data buffering is turned on for ...

Страница 138: ...s the following parameters all data_buffering A non zero value activates data buffering local or remote according to what was configured in the parameter conf nfs_data_buffering If local data buffering a file is created on the BLACK BOX Advanced Console Server if remote a file is created through NFS in a remote server All data received from the port is captured in this file If local data buffering...

Страница 139: ...verwritten whenever the limit of the buffer size as configured in all data_buffering or s n data_buffering is reached When configured as lin for linear format once 4k bytes of the Rx buffer in the ker nel is reached a flow control stop RTS off or XOFF depending on how all flow or s n flow is set is issued to prevent the serial port from receiving further data from the remote Then when a session is...

Страница 140: ...the port that is sending data syslog messages won t be generated all dont_show_DBmenu When zero a menu with data buffering options is shown when a nonempty data buffering file is found When 1 the data buffering menu is not shown When 2 the data buffering menu is not shown but the data buffering file is shown if not empty When 3 the data buffering menu is shown but without the erase and show and er...

Страница 141: ...on and Administration page Step 3 Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page Step 4 Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the S...

Страница 142: ...re Figure 20 Data Buffering section of the General page Step 9 Click the Submit button Step 10 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ether net Static Routes box and click on the Activate Configuration button Step 11 Click on the link Administration Load Save Configuration Step 12 Click the Save Configuration to Flash button Wizard Meth...

Страница 143: ... the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s not activated conf nfs_data_bufferi...

Страница 144: ...o either activate any value greater than 0 or deactivate data buffering all data_buffering 0 Screen 4 C O N F I G U R A T I O N W I Z A R D ALL DB_MODE For local data buffering this parameter allow users to buffer data in either a circular or linear fashion Circular format cir is a revolving buffer file that is overwritten whenever the limit of the buffer size set by all data_buffering is reached ...

Страница 145: ...R and LF from the serial port or the accumu lated data reaches 256 characters Either way the accumu lated data will be recorded in the data buffering file along with the current time The parameter all data_buf fering has to be nonzero in order for this parameter to work all DB_timestamp 0 ALL SYSLOG_BUFFERING This parameter is another option to data buffering Users can also have syslog perform thi...

Страница 146: ...hether or not there is a connection to the port that is sending data to your unit When set to 1 syslog messages are NOT generated when there IS a connection to the port that is sending data It is only generated when there isn t a session to the port that is sending data to your unit all syslog_sess 0 Screen 7 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s ...

Страница 147: ...g c leads to Screen 8 typing q leads to Screen 9 Screen 8 C O N F I G U R A T I O N W I Z A R D You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything else to refresh Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance if you are...

Страница 148: ... R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your ne...

Страница 149: ...ig configure line serial port number tty string To configure nfs_data_buffering config configure conf nfsdb string To configure data_buffering config configure line serial port number databuffering number To configure DB_mode config configure line serial port number dbmode string To configure dont_show_DBmenu config configure line serial port number dbmenu number To configure DB_timestamp config c...

Страница 150: ...of a fixed time period during which the assigned IP address is valid for the device it was assigned for This lease time can vary for each device A short lease time can be used when there are more devices than available IP numbers For more information see RFC 2131 Parameter Involved and Passed Values The DHCP client on the Ethernet Interface can be configured in two different ways depend ing on the...

Страница 151: ...Ethernet Interface conf eth_ip etc Add the following lines to the file etc config_files etc network dhcpcd_cmd from factory file already present in etc config_files etc dhcpcd eth0 save From the factory the file is already present in etc config_files Add the option x to the factory default content of the file etc network dhcpcd_cmd sbin dhcpcd l 3600 x c sbin handle_dhcp From the factory etc netwo...

Страница 152: ...etwork dhcpcd_cmd Contains a command that activates the DHCP client used by the cy_ras program Its factory contents are bin dhcpcd c bin handle_dhcp D This option forces dhcpcd to set the domain name of the host to the domain name parameter sent by the DHCP Server The default option is to NOT set the domain name of the host to the domain name parameter sent by the DHCP Server H This option forces ...

Страница 153: ...rt section You can choose the DHCP Client option in this section Select the radio button and click the Submit button at the bottom of the page Figure 21 DHCP client section Step 5 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ether net Static Routes box and click on the Activate Configuration button Step 6 Click on the link Administration Load...

Страница 154: ... there is a power failure in any power supply This parameter does not affect the behavior of the command signal_ras buzzer on off To make this change effective even after future reboots create a line with bin ex_wdt_led sh in etc config_files save and quit that file and run saveconf Parameters Involved and Passed Values There are no parameters to be configured However if you want to generate alarm...

Страница 155: ...Chapter 3 Additional Features User Guide 155 Configuration for TS vi Method Same as for CAS Configuration for Dial in Access vi Method Same as for CAS ...

Страница 156: ...local network than available as global IP addresses In the BLACK BOX Advanced Console Server this feature will be used mainly for clustering one Master Console server works as the interface between the global network and the slave Console servers The BLACK BOX Advanced Console Server uses the Linux utility iptables to set up main tain and inspect both the filter and the NAT tables of IP packet rul...

Страница 157: ...ain are reviewed one by one until the packet matches one rule If no rule is found the default action for that chain will be taken Syntax An iptables tutorial is beyond the scope of this manual For more information on iptables see the iptables man page not included with the BLACK BOX Advanced Console Server or the how to http www netfilter org or http www iptables org The syntax of the iptables com...

Страница 158: ...le address combination D delete Delete one or more rules from the selected chain There are two versions of this command The rule can be specified as a number in the chain starting at 1 for the first rule or as a rule to match R replace Replace a rule in the selected chain If the source and or destination names resolve to multiple addresses the command will fail Rules are numbered starting at 1 I i...

Страница 159: ...must be no references to the chain If there are you must delete or replace the referring rules before the chain can be deleted If no argument is given it will attempt to delete every non built in chain in the table P policy Set the policy for the chain to the given target Only non user defined chains can have policies and neither built in nor user defined chains can be policy targets E rename chai...

Страница 160: ...nse of the address The flag src is a convenient alias for this option d destination address mask Destination specification See the description of the s source flag for a detailed description of the syntax The flag dst is an alias for this option j jump target This specifies the target of the rule i e what to do if the packet matches it The target can be a user defined chain other than the one this...

Страница 161: ... only refers to second and further fragments of frag mented packets Since there is no way to tell the source or destination ports of such a packet or ICMP type such a packet will not match any rules which specify them When the argument precedes the f flag the rule will only match head fragments or unfragmented packets c set counters PKTS BYTES This enables the administrater to initialize the packe...

Страница 162: ...beginning of each rule corre sponding to that rule s position in the chain source port port port Source port or port range specification This can either be a service name or a port number Inclusive range can also be specified using the format port port If the first port is omitted 0 is assumed if the last is omitted 65535 is assumed If the second port is greater then the first they will be swapped...

Страница 163: ... TCP connection initiation for example block ing such packets coming in an interface will prevent incoming TCP connections but outgoing TCP con nections will be unaffected It is equivalent to tcp flags SYN RST ACK SYN If the flag precedes the syn the sense of the option is inverted tcp option number Match if TCP option set source port port port Source port or port range specification See the descr...

Страница 164: ...NAT nat table only This target is only valid in the nat table in the POSTROUTING chain It specifies that the source address of the packet should be modified and all future packets in this connection will also be mangled and rules should cease being examined It takes one option source port port port Match if the source port is one of the given ports destination port port port Match if the destinati...

Страница 165: ... correct behavior when the next dialup is unlikely to have the same interface address and hence any established connections are lost anyway It takes one option REDIRECT nat table only This target is only valid in the nat table in the PREROUTING and OUTPUT chains and user defined chains which are only called from those chains It alters the destination IP address to to source ipaddr ipaddr port port...

Страница 166: ...d Step 1 Execute fwset restore This script will restore the IP Tables chains and rules configured in the etc network firewall file This script can be called in the process whenever the user wants to restore the original configuration Step 2 Add the chains and rules using the command line See details of the iptables syntax earlier in this chapter Step 3 Execute iptables save etc network firewall Th...

Страница 167: ...ck the List Table button A table with all the chains of the table and the number of bytes packets which used each chain will appear The available options are Figure 23 IP Tables Chains Table table filter List Chains List all the chains of the table selected Save in File Save the all the IP tables rules chains and tables to the file etc network firewall Restore from File Reads the file etc network ...

Страница 168: ...ck the List Rules button A table with all the rules related to the chain selected will appear in the page containing the rule configuration and the accounting number of bytes and packets which used the rule In the beginning there are no rules in the chain in this case the only option is to Append Rule When there are rules in the chain the page will appear like the picture below The options are Fig...

Страница 169: ...translating the source or the destination IP address port in the nat table or send the packet to another user defined chain All the options are in the target list Source Destination IP Indicates how the source destination IP address should be When a network should be included in the rule the network mask must be configured too Input Output interface Indicates the interface where the IP packet shou...

Страница 170: ...ates if the fragments will be checked The IP Tables can either check for head fragments and unfragmented packets or for the subsequent fragments TCP options This section will appear only when TCP protocol is selected The source destination ports can be configured in this section as well as the TCP flags UDP options This section will appear only when UDP protocol is selected The source destination ...

Страница 171: ...network firewall file Step 13 Click on the link Administration Load Save Configuration and click the Save to Flash button This will save the rules and chains in the flash memory DNAT SNAT options This section will appear only when the target selected is DNAT and SNAT respectively The parameters of these sections will determine how the packets matched by the rule will be translated DNAT translates ...

Страница 172: ...ethod Files to be modified pslave conf syslog ng conf Browser Method To configure PortSlave parameters involved with syslog ng and the syslog ng configuration file with your browser Step 1 Point your browser to the Console Server In the address or location field of your browser type the Console Access Server s IP address For example http 10 0 0 0 Step 2 Log in as root and type the Web root passwor...

Страница 173: ... or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page Step 7 Scroll down to the Data Buffering section You can change the Alarm for Data Buffering alarm value Click the Submit button Step 8 Select the Syslog link Click on the Syslog link on the Link Panel to the left of the page in the Configuration section This ...

Страница 174: ...ow will appear Screen 1 C O N F I G U R A T I O N W I Z A R D ALL ALARM When non zero all data received from the port are captured and sent to syslog ng with INFO level and LOCAL 0 conf DB_facility facility The syslog ng conf file should be set accordingly for the syslog ng to take some action Please see the Syslog ng Configuration to use with Alarm Feature section under Generating Alarms in Chapt...

Страница 175: ... non zero all data received from the port are captured and sent to syslog ng with DAEMON facility and ALERT level The syslog ng conf file should be set accordingly for the syslog ng to take some action Please see the Syslog ng Configuration to use with Alarm Feature section under Generating Alarms in Chapter 3 of the system s manual for the syslog ng configuration file all alarm 0 Note conf DB_fac...

Страница 176: ...e entire wiz application If you type y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 5 typing q leads to Screen 6 Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance...

Страница 177: ...you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Note The number of available ports depends on the system you are on Typing in a valid port number rep...

Страница 178: ...igurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n CLI Method To configure certain parameters for a specific serial port Step 1 At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ttyS serial port number config configure line serial port number tty ...

Страница 179: ... the alarm feature are configured as all alarm 1 conf DB_facility 2 Step 2 Add lines to syslog ng conf The syslog ng conf file needs these lines local syslog clients source sysl unix stream dev log To filter ALARM message with the string kernel panic filter f_kpanic facility local2 and level info and match ALARM and match kernel panic To filter ALARM message with the string root login filter f_roo...

Страница 180: ...is BLACK BOX Advanced Console Server and the message that was received from the source destination d_pager pipe dev cyc_alarm template sendsms d 123 m FULLDATE HOST MSG 10 0 0 1 Example to send a Link Down trap to server at 10 0 0 1 with message carrying the current date the hostname of this unit and the message that received from the source destination d_trap pipe dev cyc_alarm template snmptrap ...

Страница 181: ...slave configuration file Parameter all alarm 0 inactive or 0 active Step 2 Configure filters in the syslog ng configuration file filter f_alarm facility local 0 conf DB_facility and level info and match ALARM and match your string Example to filter the ALARM message with the string kernel panic conf DB_facility is configured with value 1 filter f_kpanic facility local1 and level info and match ALA...

Страница 182: ...p 4 Connect filters and actions in the syslog ng configuration file Example alarm is active and if the serial port receives the string kernel panic one message will be sent to the pager log source sysl filter f_kpanic destination d_trap destination d_pager Sendmail Sendmail sends a message to a SMTP server It is not intended as a user interface routine it is used only to send pre formatted message...

Страница 183: ...xpanded as explained below c name name Cc Optional Multi part allowed multiple names are sepa rated by commas b name name Bcc Optional Multi part allowed multiple names are sepa rated by commas r name Reply To Optional Use the Reply To field to make sure the destination user can send a reply to a regular mailbox f name From Required s text Subject Required m text body The message body h SMTP serve...

Страница 184: ...arsed a value of will be returned g Turns debugging on Will output the entire dialog with the server on stderr and more h Displays a short help message and exits v Displays version information and exits d dest Required The GSM network address i e phone number of the mobile phone the message is to be sent to Supported format is int prefix country code area code phone number The international prefix...

Страница 185: ...ead from This file can contain multiple lines of text they will be concatenated but its total length can t exceed 160 characters A longer text will be truncated you will be warned about it but the message will still be sent The special file means that input will be read from stdin At the present time only 7 bit ASCII is supported for the message text u user Optional The server module requires the ...

Страница 186: ...n the format specified If any of the required version 1 parameters enterprise oid agent and uptime are specified as empty it defaults to 1 3 6 1 4 1 3 1 1 hostname and host uptime respectively Synopsis snmptrap v 1 Ci common arguments enterprise oid agent generic trap specific trap uptime objectID type value snmptrap v 2c 3 Ci common arguments uptime trap oid objectID type value server Required Th...

Страница 187: ...6 1 2 1 2 2 1 2 1 s BLACK BOX Advanced Console Server serial port number 1 is down Ci Optional It sends INFORM PDU common arguments Required They are c community name SNMP server IP address enterprise oid Required but it can be empty agent Required but it can be empty The agent name generic trap The generic trap number 2 link down 3 link up 4 authentication failure specific trap Required The speci...

Страница 188: ... are two hyphens before any of the options listed on the following table Table 10 General Options for the Help Wizard Option Description ac cas or ts Configuration of access method parameters al Configuration of alarm parameter all cas or ts Configuration of all parameters auth Configuration of authentication parameters db Configuration of data buffering parameters help Print this help message pm ...

Страница 189: ... and the actual parameter modified for Synopsis 1 sl Configuration of syslog parameters snf Configuration of sniffing parameters sset cas or ts Configuration of serial setting parameters tl Configuration of terminal login display parameters tso Configuration of other parameters specific to the TS profile Note To enter into CLI mode type config at the terminal prompt You will then get a CLI prompt ...

Страница 190: ...host1 authhost2 string authhost2 authtype string authtype auto_input string auto_answer_input auto_output string auto_answer_output break string break_sequence datasize number datasize databuffering number data_buffering dbmenu number dont_show_DBmenu dbmode string DB_mode dbtimestamp number DB_timestamp dcd number dcd dtr_reset number DTR_reset escape string escape_char flow string flow host stri...

Страница 191: ...pmNumOfOutlets pmoutlet string pmoutlet pmtype string pmtype pmusers string pmusers pollinterval number poll_interval prompt string prompt protocol string protocol retries number timeout secret string secret sniffmode string sniff_mode socket number socket_port speed number speed stopbits number stopbits sttycmd string sttyCmd syslogdb number syslog_buffering Table 11 Help CLI Options Synopsis 1 O...

Страница 192: ...string term timeout number timeout tty string tty txinterval number tx_interval userauto string userauto users string users Table 12 Help CLI Options Synopsis 2 Option Description Actual Parameters Modified ip string Configuration of the IP of the Ethernet interface conf eth_ip mask string Configuration of the mask for the Ethernet network conf eth_mask mtu number Configuration of the Maximum Tran...

Страница 193: ...onfig configure conf options or in CLI mode configure conf options Refer to Appendix C for more info on the parameters Table 13 Help CLI Options Synopsis 3 Option Actual Parameter Modified dbfacility number conf DB_facility facility number conf facility group string conf group locallogins number conf locallogins nfsdb string conf nfs_data_buffering ...

Страница 194: ...able through CLI type config configure line serial port number Note To include spaces within the string you are configuring encapsulate the string within single or double quotes For instance to configure s2 sttyCmd igncr onlcr type do not put a space after a comma config configure line 2 sttycmd igncr onlcr Tip You can specify the range or list of serial ports if you wish to configure the same par...

Страница 195: ...es The file etc ntpclient conf has the value of two parameters The data and time will be update from the NPT server according to the parameter options The ntpclient program has this syntax ntpclient options Options NTPSERVER The IP address of the NTP server INTERVAL Check time every interval seconds default 300 c count Stop after count time measurements default 0 means go forever d Print diagnosti...

Страница 196: ...ation field of your browser type the Console Access Server s IP address For example http 10 0 0 0 Step 2 Log in as root and type the Web root password configured by the Web server This will take you to the Configuration and Administration page Step 3 Click on the Edit Text File link Click on this link on the Link Panel or on the Configuration section of the Configuration and Administration page Se...

Страница 197: ...evel scripts in response to card insertions and removals Ejecting Cards You can insert the card anytime and the drivers should be loaded automatically But you will need to run cardctl eject before ejecting the card to stop the application using the card Oth erwise the BLACK BOX Advanced Console Server may hang during the card removal You must specify the slot number when using the cardctl command ...

Страница 198: ...e eth1 inet static address 192 168 0 42 network 192 168 0 0 netmask 255 255 255 0 broadcast 192 168 0 255 gateway 192 168 0 1 Note Due to a known problem in the current release the I O ports used by the card cannot be re used after card re insertion In each card insertion the card gets a different I O port This limits the number of times the card can be ejected and inserted When all the I O ports ...

Страница 199: ...k drivers with the new configuration Wireless LAN PC Cards First do the appropriate PCMCIA network configuration Additionally the configuration of the wireless driver is done in the following file etc pcmcia wireless opts For instance to configure the network name as MyPrivateNet and the WEP encryption key as secul the following settings could be added to the default entry INFO This is a test ESSI...

Страница 200: ...to list frequencies bit rates encryption etc The usage is iwlist eth1 frequency iwlist eth1 channel iwlist eth1 ap iwlist eth1 accesspoints iwlist eth1 bitrate iwlist eth1 rate iwlist eth1 encryption iwlist eth1 key iwlist eth1 power iwlist eth1 txpower iwlist eth1 retry Modem PC Cards The modem device gets the dev ttySn name where n is the number of embedded serial devices plus 1 For instance if ...

Страница 201: ...the Radius server If the login option was used create the user either locally by running adduser or create the user in the Radius server for Radius authentication When the login option is used etc pam conf may also need to be changed By default etc pam conf has the ppp and login services configured for local authentication You will have to change them if you want Radius authentication More informa...

Страница 202: ...CK BOX Advanced Console Server From the remote system use pppd to dial and establish a PPP connection with the BLACK BOX Advanced Console Server The remote system should have the login user name set in their etc ppp pap secrets to have a successful login in the BLACK BOX Advanced Con sole Server Establishing a Callback with your Modem PC Card Setting up a callback system serves two purposes 1 Cost...

Страница 203: ...re the line bin login at the end of the file pseudo callback name sbin callback S phone number of the client ie call sbin callback S 12345 call is the pseudo callback name 123456 is the number to dial back Step 3 If you plan to login through PPP with PAP authentication create pap user name in etc ppp pap secrets Add a line similar to the following include the quotes and the two asterisks myUserNam...

Страница 204: ...d Step 5b create the ppp login script Step A Create a script called etc ppp ppplogin following this format bin sh exec usr local sbin pppd ppp options Step B Make script executable Type chmod 755 etc ppp ppplogin Step C Save this file to flash Save this file to flash so the next time the BLACK BOX Advanced Console Server gets rebooted you won t lose the new file Add etc ppp ppplogin into etc confi...

Страница 205: ...dem init string It is very important that before callback hangs the call the modem in the Windows box does not tell Windows that the call has been dropped Otherwise Windows Dial up Networking will abort everything because it thinks the call was dropped with no reason From Win2000 Go to Windows control panel Phone and Modem Modems choose your modem Properties Advanced add c0s0 1 to Extra Settings S...

Страница 206: ...n case you don t want to repeat all the user database from the radius server an option is to use as the user in etc ppp pap secrets Step 2 Change the options in etc pcmcia isdn opts to fit your environment Make sure that DIALIN is set to yes Set the desired authentication in DIALIN_AUTHENTICATION For instance pap for PAP chap for CHAP login auth or login pap for radius login auth or login pap for ...

Страница 207: ...ou want PAP or CHAP authentication Step 2 Change options Change the options in etc pcmcia isdn opts to fit your environment Make sure that DIALIN is set to no Set USERNAME to the user name provided by your ISP Step 3 Run saveconf to save your changes to the flash Step 4 If the ISDN card is not inserted it is time to insert the card ipppd is started automatically Go to step 6 Step 5 Restart script ...

Страница 208: ...e Server Setup as callback server Part Two is the configuration of a Windows 2000 Professional computer as callback client BLACK BOX Advanced Console Server setup Callback Server Step 1 Change the parameters in etc pcmcia isdn opts to fit your environment Step 2 Set the callback number in DIALOUT_REMOTENUMBER DIALOUT_REMOTENUMBER 8358662 Remote phone that you want to dial to Step 3 If your isdn li...

Страница 209: ... and Dial up Connections Make New Connection select I want to set up my Internet connection manually or I want to connect through a local area network select I connect through a phone line and a modem select the AVM ISDN Internet PPP over ISDN modem type the phone number you dial to connect to the BLACK BOX Advanced Console Server and enter mary as User name and marypasswd as password After creati...

Страница 210: ...ack with your ISDN PC Card 2nd way The previous section explained how to do callback at D Channel level The advantages of hav ing callback at D Channel level is that it works independent of the Operating System on the client side But a big disadvantage is that the callback call happens before the authentication phase in PPP The only security is by that only calls from predefined phone numbers are ...

Страница 211: ...Set the desired IPs for local and remote machines Step 1 4 Set DIALIN to yes DIALIN yes yes if you want dial in no if you want dial out Step 1 5 Make sure the CALLBACK parameter is disabled CALLBACK off off callback disabled Step 1 6 Add the user that will callback the client in DIALIN_AUTHENTICATION DIALIN_AUTHENTICATION auth login user mary Step 2 Make sure etc pam conf has the configuration you...

Страница 212: ... ippp0 etc pcmcia isdn start ippp0 Linux Callback Client Step 1 Configure the ipppd to have user mary and pap authentication Step 2 Dial to the BLACK BOX Advanced Console Server isdnctrl dial ippp0 Step 3 As soon the BLACK BOX Advanced Console Server authenticates the user mary the BLACK BOX Advanced Console Server will disconnect and callback ...

Страница 213: ...c parameters TSO stands for TS Other other parameters specific to the TS profile Step 1 At the command line interface type the following wiz tso Screen 1 C O N F I G U R A T I O N W I Z A R D INSTRUCTIONS for using the Wizard You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the valu...

Страница 214: ...ts y n n Screen 3 C O N F I G U R A T I O N W I Z A R D ALL HOST The IP address of the host to which the terminals will connect all host 192 168 160 8 ALL TERM This parameter defines the terminal type assumed when performing rlogin or telnet to other hosts all term vt100 Screen 4 C O N F I G U R A T I O N W I Z A R D CONF LOCALLOGINS This parameter is only necessary when authentication is being pe...

Страница 215: ...th the means it s not activated all host 192 168 160 8 all term vt100 conf locallogins 0 Are these configuration s all correct y n n If you type n Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ...

Страница 216: ... a console and you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n n Tip The number of available ports depends on the system you are on Typing in a valid p...

Страница 217: ...ather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n ...

Страница 218: ...configure host config configure line serial port number host string To configure term config configure line serial port number term string To configure conf locallogins config configure conf locallogins number Step 2 Activate and Save To activate your new configurations and save them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt T...

Страница 219: ... value 9600 all datasize The data size for all ports Default value 8 all stopbits The number of stop bits for all ports Default value 1 all parity The parity for all ports Default value none all flow This sets the flow control to hardware software or none Default value none all dcd DCD signal sets the tty parameter CLOCAL Valid values are 0 or 1 If all dcd 0 a connection request will be accepted r...

Страница 220: ...ample sets igncr This tells the terminal not to ignore the carriage return on input onlcr Do not map newline character to a carriage return or newline character sequence on output opost Post process output icrnl Do not map carriage return to a newline character on input all sttyCmd igncr onlcr opost icrnl DTR_reset for CAS only This parameter specifies the behavior of the DTR signal in the serial ...

Страница 221: ...n Step 6 Scroll down to the Physical section You can change the settings for Speed Data Size Stop Bit Parity Flow Control and DCD sensitivity here Step 7 Click on the Submit button Step 8 Make the changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 9 Click on the link Administrati...

Страница 222: ...in the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s...

Страница 223: ...SPEED The data speed in bits per second bps of all ports all speed 9600 ALL DATASIZE The data size in bits per character of all ports all datasize 8 Screen 4 C O N F I G U R A T I O N W I Z A R D ALL STOPBITS The number of stop bits for all ports all stopbits 1 ALL PARITY The parity for all ports e g none odd even all parity none ...

Страница 224: ...tion if all dcd 1 a connection request will be accepted only if the DCD signal is UP and the connection telnet or ssh will be closed if the DCD signal is set to DOWN all dcd 0 Screen 6 C O N F I G U R A T I O N W I Z A R D ALL DTR_RESET This parameter specifies the behavior of the DTR signal in the serial port If set to 0 the DTR signal will be ON if there is a connection to the serial port oth er...

Страница 225: ...ge return newline character sequence on output opost represents post process output icrnl means do not map carriage return to a newline character on input all sttyCmd Screen 7 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s not activated all speed 9600 all datasize 8 all stopbits 1 all parity none all flow none all dcd 0 all DTR_reset 100 all sttyCmd Are th...

Страница 226: ... Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance if you are currently configuring parameter all x and there was a specific port s2 x configured then answering yes to this question will discard s2 x Note The number of available ports depends on the system you are on Ty...

Страница 227: ...o you want to activate your configurations now y n n Screen 10 C O N F I G U R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it...

Страница 228: ...re line serial port number speed number To configure datasize config configure line serial port number datasize number To configure stopbits config configure line serial port number stopbits number To configure parity config configure line serial port number parity string To configure flow config configure line serial port number flow string To configure dcd config configure line serial port numbe...

Страница 229: ...1 Bring up the wizard At the command prompt type the following to bring up the TS Terminal Settings custom wizard wiz sset ts Tip You can configure all the parameters for a serial port in one line config configure line serial port number tty string speed number datasize number stopbits number par ity string flow string dcd number dtr_reset num ber sttycmd string Note Screens 1 5 are the same as th...

Страница 230: ...e 8 all stopbits 1 all parity none all flow none all dcd 0 Are these configuration s all correct y n n If you type n Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type y Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 7 typing q leads to Screen 8 ...

Страница 231: ...you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Note The number of available ports depends on the system you are on Typing in a valid port number rep...

Страница 232: ... system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n CLI Method To configure line parameters for a specific serial port Step 1 At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ttyS serial port number config configure line s...

Страница 233: ...them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt Configuration for Dial in Access Browser Method See the browser method for the CAS earlier in this section The only difference for Dial in is that the Dial in Profile button should be clicked in Step 5 Tip You can configure all the parameters for a serial port in one line config c...

Страница 234: ...o configure desired parameters To activate the serial port string should be ttyS serial port number config configure line serial port number tty string To configure speed config configure line serial port number speed number To conf igure datasize config configure line serial port number datasize number To conf igure stopbits config configure line serial port number stopbits number ...

Страница 235: ...d and the sniffer menu won t be presented Default value no sN multiple_sessions Valid only for port N If it is not defined it will assume the value of all multiple_sessions all escape_char Valid for all the serial ports this parameter will be used to present the menus below to the user Only characters from a to z i e CTRL A to CTRL Z will be accepted The default value is z CTRL Z sN escape_char Va...

Страница 236: ...ther user the BLACK BOX Advanced Con sole Server will send the user s messages to all the sessions but not to the tty port Everyone connected to that port will see all the conversation that s going on as if they were physi cally in front of the console in the same room These messages will be formatted as Message from user PID message text goes here by the To inform theBLACK BOX Advanced Console Se...

Страница 237: ... none User groups defined with the parameter conf group can be used in combination with user names in the parameter list Example values peter john user_group all sniff_mode This parameter determines what other users connected to the very same port see parameter admin_users below can see of the session of the first connected user main session in shows data written to the port out shows data receive...

Страница 238: ...ort Selection page Step 4 Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page all multiple_sessions If it is configured as no only two users can connect to the same port simultaneously If it is configured as yes more than two simultaneous users can connec...

Страница 239: ...ke the changes effective Click on the Administration Run Configuration link check the Serial Ports Ethernet Static Routes box and click on the Activate Configuration button Step 8 Click on the link Administration Load Save Configuration Step 9 Click the Save Configuration to Flash button The configuration was saved in flash Wizard Method Step 1 Bring up the wizard At the command prompt type the fo...

Страница 240: ...thin the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it...

Страница 241: ...o users can connect to the same port simultaneously If it is configured as yes more simultaneous users can sniff the session or have read write permissions Please see details in Session Sniffing in Chapter 3 of the system s manual all admin_users ALL SNIFF_MODE This parameter determines what other users connected to the very same port can see of the session of the first connected user main session...

Страница 242: ...rver or socket_ssh Represent the CRTL character with Default value is z all escape_char z ALL MULTIPLE_SESSIONS Allows users to open multiple common and sniff sessions on the same port The options are yes no RW_session or sniff_session Default is set to no all multiple_sessions no Screen 5 C O N F I G U R A T I O N W I Z A R D Current configuration The ones with the means it s not activated all ad...

Страница 243: ...vailable ports on this system Type q to quit a valid port number 1 8 or anything else to refresh Note Answering yes to this question will discard only the parameter s which you are currently configuring if they were configured for a specific port in a previous session For instance if you are currently configuring parameter all x and there was a specific port s2 x configured then answering yes to t...

Страница 244: ...lash Do you want to activate your configurations now y n y Screen 8 C O N F I G U R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you rebo...

Страница 245: ...ial port number adminusers string To configure sniff_mode config configure line serial port number sniffmode string To configure escape_char config configure line serial port number escape string To configure multiple_sessions config configure line serial port number multiplesess string Step 2 Activate and Save To activate your new configurations and save them to flash type config write Tip You ca...

Страница 246: ...ersion 1 2 and 3 To use SNMP version 3 username pass word perform the following steps Step 1 Create a file etc snmp snmpd local conf with the following line createUser username MD5 password DES Step 2 Include the following line in etc snmp snmpd conf if the user has permission to read only rouser username Step 3 Include the following line in etc config_files etc snmp snmpd local conf Important Che...

Страница 247: ...Describing SNMP Management Frameworks RFC2572 Message Processing and Dispatching for the Simple Network Manage ment Protocol SNMP RFC2573 SNMP Applications RFC2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 RFC2575 View based Access Control Model VACM for the Simple Network Man agement Protocol SNMP RFC2576 Coexistence between Version 1 Version 2 a...

Страница 248: ...e Server In the address or location field of your browser type the Console Access Server s IP address For example http 10 0 0 0 Step 2 Log in as root and type the Web root password configured by the Web server This will take you to the Configuration and Administration page Step 3 Click on the SNMP link Select the SNMP link The SNMP configuration file will appear in text mode Step 4 Edit the config...

Страница 249: ...iguration The configuration file default syslog ng conf is read at startup and is reread after reception of a hangup HUP signal When reloading the configuration file all destination files are closed and reopened as appropriate The syslog ng reads from sources files TCP UDP con nections syslogd clients filters the messages and takes an action writes in files sends snmptrap pager e mail or syslogs t...

Страница 250: ...ke you to the Configuration and Administration page conf facility This value 0 7 is the Local facility sent to the syslog ng from PortSlave conf DB_facility This value 0 7 is the Local facility sent to the syslog ng with data when syslog_buffering and or alarm is active When nonzero the contents of the data buffer are sent to the syslogng every time a quantity of data equal to this parameter is co...

Страница 251: ...e Submit button Step 5 Make changes effective Click on the Administration Run Configuration link Check the Syslog ng box and click on the Activate Configuration button Step 6 Click on the Administration Load Save Configuration and click on the Save to Flash button This will save the file in the flash Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the ...

Страница 252: ...satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Screen 2 C O N F I G U R A T I O N W I Z A R D Current configuration...

Страница 253: ...Alarms in Chapter 3 the system s manual for the syslog ng configuration file conf facility 7 CONF DB_FACILITY This value 0 7 is the Local facility sent to the syslog with the data when syslog_buffering is active The file etc syslog ng syslog ng conf contains a mapping between the facility number and the action Please see the Syslog ng Configuration to use with Syslog Buffering Feature section unde...

Страница 254: ...ng c repeats the application typing q exits the entire wiz application If you type y it leads to Screen 5 Screen 5 C O N F I G U R A T I O N W I Z A R D Note If you are NOT connected to this unit through a console and you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and ...

Страница 255: ... save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash y n n CLI Method To configure certain parameters for a specific serial port Step 1 At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ...

Страница 256: ...Server It is divided into three parts 1 Syslog ng and its Configuration 2 Syslog ng Configuration to use with Syslog Buffering Feature 3 Syslog ng Configuration to use with Multiple Remote Syslog Servers Syslog ng and its Configuration The five tasks previously mentioned are detailed below Task 1 Specify Global Options You can specify several global options to syslog ng in the options statement op...

Страница 257: ...ge is received instead of the one specified in the message use_dns yes no Enable or disable DNS usage syslog ng blocks on DNS queries so enabling DNS may lead to a Denial of Service attach gc_idle_threshold n Sets the threshold value for the garbage collector when syslog ng is idle GC phase starts when the number of allocated objects reach this number Default 100 gc_busy_threshold n Sets the thres...

Страница 258: ...ers Some of them are required some of them are optional a internal Messages are generated internally in syslog ng b unix stream filename options and unix dgram filename options They open the given AF_UNIX socket and start listening for mes sages Options owner name group name perm mask are equal glo bal options keep alive yes no Selects whether to keep connections opened when syslog ng is restarted...

Страница 259: ...dp ip 0 0 0 0 port 514 c tcp options and udp options These drivers let you receive messages from the network and as the name of the drivers show you can use both TCP and UDP None of tcp and udp drivers require positional parameters By default they bind to 0 0 0 0 514 which means that syslog ng will listen on all available interfaces Options ip ip address The IP address to bind to Default 0 0 0 0 p...

Страница 260: ...acilty facility facility name identifier Has to uniquely identify this given filter expression Boolean expression using internal functions which has to evaluate to true for the message to pass a facility facility code Selects messages based on their facility code b level level code or priority level code Selects messages based on their priority c program string Tries to match the string to the pro...

Страница 261: ...atch string Example to filter by matching the string named filter f_named match named 4 To filter ALARM messages note that the following three examples should be one line filter f_alarm facility local 0 conf DB_facility and level info and match ALARM and match your string Example to filter ALARM message with the string kernel panic filter f_kpanic facility local 0 conf DB_facility and level info a...

Страница 262: ...ify this given destination destination driver Is a method of outputting a given message params Each destination driver may take parameters Some of them required some of them are optional a file filename options This is one of the most important destination drivers in syslog ng It allows you to output log messages to the named file The destination filename may include macros by prefixing the macro ...

Страница 263: ...ced when this number of messages has been written to it owner name group name perm mask Equals global options template string Syslog ng writes the string in the file You can use the MACROS in the string encrypt yes no Encrypts the resulting file compress yes no Compresses the resulting file using zlib b pipe filename options This driver sends messages to a named pipe Available options owner name g...

Страница 264: ...xecutes the given program with the arguments and sends messages down to the stdin of the child t name name To address c name name CC address b name name Bcc address r name name Reply to address f name From address s text Subject m text message Message h IP address or name SMTP server p port Port used default 25 FULLDATE The complete date when the message was sent FACILITY The facility of the messa...

Страница 265: ...ATE HOST MSG h 10 0 0 2 2 To send to pager server sms server destination ident pipe dev cyc_alarm template sendsms pars where ident uniquely identify this destination pars d mobile phone number m message max size 160 characters u username to login on sms server p port sms default 6701 server IP address or name Example to send a pager to phone number 123 Pager server at 10 0 0 1 with message carry ...

Страница 266: ... community enterprise oid agent hostname trap number 2 Link Down 3 Link Up 4 Authentication Failure 0 specific trap host uptime 1 3 6 1 2 1 2 2 1 2 1 interfaces iftable ifentry ifdescr 1 s the type of the next field it is a string message max size 250 characters Example to send a Link Down trap to server at 10 0 0 1 with message carrying the current date the hostname of this BLACK BOX Advanced Con...

Страница 267: ...estination d_user usertty username Example to send message to all sessions with root user logged destination d_userroot usertty root 6 To send a message to a remote syslogd server destination d_udp udp remote IP address port 514 Example to send syslogs to syslogd located at 10 0 0 1 destination d_udp1 udp 10 0 0 1 port 514 Task 5 Connect all of the above To connect the sources filters and actions ...

Страница 268: ...te to var log messages file log source sysl source s_udp filter f_messages destina tion d_messages 4 To send e mail if message received from local syslog client has the string kernel panic log source sysl filter f_kpanic destination d_mail1 5 To send e mail and pager if message received from local syslog client has the string root login log source sysl filter f_root destination d_mail1 destina tio...

Страница 269: ...yslog ng conf Add the following lines by vi or browser to the file local syslog clients source src unix stream dev log destination d_buffering udp 10 0 0 1 filter f_buffering facility local1 and level notice send only syslog_buffering messages to remote server log source src filter f_buffering destina tion d_buffering Syslog ng Configuration to use with Multiple Remote Syslog Servers This configur...

Страница 270: ...ilter messages from facility local1 and level info to warning filter f_local1 facility local1 and level info warn filter messages from facility local 1 and level err to alert filter f_critic facility local1 and level err alert send info notice and warning messages to remote server udp1 log source src filter f_local1 destination d_udp1 send error critical and alert messages to remote server udp2 lo...

Страница 271: ...ver n represents a new line and r represents a carriage return Expansion characters can be used here Value for this Example r n Welcome to terminal server h port S p n r n all lf_suppress This activates line feed suppression When configured as 0 line feed suppression will not be performed When 1 extra line feed will be suppressed all auto_answer _input This parameter is used in conjunction with th...

Страница 272: ... page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page Step 5 Scroll down to the Terminal Server section You can change the settings for Banner Field issue and Login Prompt field here Step 6 Click on the Submit button Step 7 Make the changes effective Click on the Administration Run Configura...

Страница 273: ...ll appear Screen 1 C O N F I G U R A T I O N W I Z A R D INSTRUCTIONS for using the Wizard You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is n...

Страница 274: ...rompt h login all lf_suppress 0 all auto_answer_input all auto_answer_output Set to defaults y n n Screen 3 C O N F I G U R A T I O N W I Z A R D ALL ISSUE This text determines the format of the login banner that is issued when a connection is made to the system n represents a new line and r respresents a carriage return all issue r n Welcome to terminal server h port S p n r n ALL PROMPT This tex...

Страница 275: ...ed and matched up to the string of bytes coming in remotely from the server If a match is found the string configured in auto_answer_output is sent back to the server To repre sent the ESC character as part of this string use the control character all auto_answer_input Screen 5 C O N F I G U R A T I O N W I Z A R D ALL AUTO_ANSWER_OUTPUT This parameter is used in conjunc tion with the previous par...

Страница 276: ...se parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Discard previous port specific parameters y n n Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 7 typing q leads to Screen 8 Note Answering yes to this question will discard only the parameter s which you are currently configuring i...

Страница 277: ... IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y Screen 9 C O N F I G U R A T I O N W I Z A R D Flash refers to a type of memory that can be erased and reprogrammed in units of mem...

Страница 278: ...At the command prompt type in the appropriate command to configure desired parameters To activate the serial port string should be ttyS serial port number config configure line serial port number tty string To configure issue config configure line serial port number issue string To configure prompt config configure line serial port number prompt string To configure lf_suppress config configure lin...

Страница 279: ... them to flash type config write This is essentially typing signal_ras hup and saveconf from the normal terminal prompt Tip You can configure all the parameters for a serial port in one line config configure line serial port number tty string issue string prompt string lf number auto_input string auto_output string ...

Страница 280: ...ecification The initial std and offset specify the Standard Time zone as described above The dst string and offset specify the name and offset for the corre sponding daylight savings time zone If the offset is omitted it defaults to one hour ahead of Standard Time The start field specifies when daylight savings time goes into effect and the end field specifies when the change is made back to Stand...

Страница 281: ...April at 2 30 p m and it ends on the last Saturday of October at 10 00 a m How to set Date and Time The date command prints or sets the system date and time Format of the command date MMDDhhmm CC YY year century minute hour day month For example date 101014452002 produces Thu Oct 10 14 45 00 DST 2002 The DST is because it was specified in etc TIMEZONE ...

Страница 282: ...Time Zone 282 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 283: ...o commands w_ori and w_cas The w_ori is the new name of the origi nal command w and the w_cas shows the CAS sessions information The header of w_ori shows in this order the current time how long the system has been running how many users are currently logged on excluded the CAS users and the system load averages for the past 1 5 and 15 minutes The following entries are displayed for each user excl...

Страница 284: ...e Contains the work directories of system users bin Contains applications and utilities used during system initialization dev Contains files for devices and ports etc Contains configuration files specific to the operating system lib Contains shared libraries proc Contains process information mnt Contains information about mounted disks opt Location where packages not supplied with the operating sy...

Страница 285: ...dicated by file_name mv file_name destination Moves the file indicated by file_name to the path indicated by destination mkdir directory_name a mkdir spot b mkdir tmp snuggles Creates a directory named directory_name a creates the directory spot in the current directory b creates the directory snuggles in the directory tmp rmdir directory_name Removes the directory indicated by directory_name pwd ...

Страница 286: ...u enter the vi program you are automatically in command mode To navigate to the part of the file you wish to edit use the following keys one dot Represents the current directory two dots Represents one directory above the current directory i e one directory closer to the base directory Table 14 vi modes Mode What is done there How to get there Command mode Navigation within the open file Press the...

Страница 287: ...sor to the left left arrow j Moves the cursor to the next line down arrow k Moves the cursor to the previous line up arrow l Moves the cursor to the right right arrow Table 16 vi file modification commands i Inserts text before the cursor position everything to the right of the cursor is shifted right o Creates a new line below the current line and insert text all lines are shifted down dd Removes...

Страница 288: ... net host target netmask nt_msk gw gt_way interf add del One of these tags must be present Routes can be either added or deleted net host Net is for routes to a network and host is for routes to a single host target Target is the IP address of the destination host or network netmask nt_msk The tag netmask and nt_mask are necessary only when subnetting is used otherwise a mask appropriate to the ta...

Страница 289: ...ssion from a UNIX workstation is ssh t user hostname where user username ttySnn or username socket_port or username ip_addr or username serverfarm Note serverfarm is a physical port alias It can be configured in the file pslave conf An example username mycompany 16 port IP address 192 168 160 1 host name 16 port servername for port 1 file_server ttyS1 is addressed by IP 10 0 0 1 or socket port 700...

Страница 290: ... 3 1p1 or later BLACK BOX Advanced Console Server version 2 1 0 or later ssh2 will be used ssh t 1 mycompany 7001 16 port openssh 3 1p1 or later BLACK BOX Advanced Console Server version 2 1 0 or later ssh1 will be used To log in to a port that does not require authentication the username is not necessary ssh t 2 ttyS1 16 port Note In this case the file sshd_config must be changed in the following...

Страница 291: ...ion s database In this case the user name indicated would have to be a username present in the BLACK BOX Advanced Console Server s database Step 2 Only RhostsRSAAuthentication yes in sshd_config One of the RhostsAuthentication settings described in Step 1 Client machine s host key ETC ssh_host_key pub copied into the TS tmp known_hosts file The client hostname plus the information inside this file...

Страница 292: ...known_hosts and authorized_keys files Client startup command ssh t l username BLACK BOX Advanced Console Server_ip or Serial_port_ip or ssh t l username alias BLACK BOX Advanced Console Server_ip Configuring sshd s client authentication using SSH Protocol version 2 Only PasswdAuthentication yes in sshd_config DSA Authentication is the default Make sure the parameter PubkeyAuthentication is enabled...

Страница 293: ...en sends the signal hup to the process all in one step Never kill cy_ras with the signals 9 or SIGKILL Note All files or ssh must be owned by the user and readable only by others All files created or updated must have their full path and file name inside the file config_files and the command saveconf must be executed before rebooting the BLACK BOX Advanced Console Server Table 18 Process table PID...

Страница 294: ...ocket_ssh will be presented To start having familiarity with this application run ts_menu h ts_menu h USAGE ts_menu options p Display Ethernet Ip and Tcp port i Display local Ip assigned to the serial port u name Username to be used in ssh telnet command U Allows choosing of different usernames for different ports h print this help message ts_menu Master and Slaves Console Server Connection Menu 1...

Страница 295: ...tyS N is used instead Once the serial port is selected the username and password for that port in case there is a per user access to the port and U is passed as parameter will be pre sented and access is granted To access remote serial ports the presentation will follow a similar approach to the one used for local serial ports The ts_menu script has the following line options p Displays Ethernet I...

Страница 296: ... 192 168 1 102 3 192 168 1 103 4 192 168 1 104 5 192 168 1 105 6 192 168 1 106 Type q to quit a valid option 1 6 or anything else to refresh u name Username to be used in the ssh telnet command The default username is that used to log onto the BLACK BOX Advanced Console Server h Lists script options ...

Страница 297: ...power requirements Power Specifications LS1016A LS10132A Input Voltage Range Internal 100 240VAC autorange 48VDC option available Internal 100 240VAC autorange 48VDC option available Input Frequency Range 50 60H 50 60H Power 120VAC 22 W max 26 W max Power 220 VAC 28 W max 37 W max Table 21 BLACK BOX Advanced Console Server environmental conditions Environmental Information LS1016A LS1032A Operatin...

Страница 298: ...tion related to the RS 232 interface which applies not only to the Advanced Secure Console Port Server but also to any RS 232 cabling Table 22 BLACK BOX Advanced Console Server physical conditions Physical Information LS1016A LS1032A External Dimensions 17 in x 8 5 in x 1 75 in 17 in x 8 5 in x 1 75 in Weight 6 lb 6 2 lb Table 23 BLACK BOX Advanced Console Server safety specifications Safety Infor...

Страница 299: ...it an Ethernet packet DT LK data transaction link state DT flashes when there s data transmitted to or received from the LAN It s hardware controlled LK keeps steady if the LAN is active The green LED is Data Transaction activity and the yellow one is LinK state 100 If 100BT is detected the LED lights on If 10BT is detected it turns off CP CPU activity It flashes at roughly 1 second intervals P1 P...

Страница 300: ...ignals are necessary for every application so the RS 232 cable may not need all 7 wires The RS 232 interface defines communication parameters such as parity number of bits per character number of stop bits and the baud rate Both sides must be configured with the same parameters That is the first thing to verify if you think you have the correct cable and things still do not work The most common co...

Страница 301: ...32 inter faces can drive signals faster and through longer cables As a general rule consider If the speed is lower than 38 4 kbps you are safe with any cable up to 30 meters 100 feet If the speed is 38 4 kbps or higher cables should be shorter than 10 meters 30 feet If your application is outside the above limits high speed long distances you will need better quality low impedance low capacitance ...

Страница 302: ...y compact inexpensive and compati ble with the phone and Ethernet wiring systems present in most buildings and data centers Most networking equipment and new servers use RJ 45 connectors for serial communication Unfortunately there is no standard RS 232 pin assignment for RJ 45 connectors Every equip ment vendor has its own pin assignment Most connectors have two versions The ones with pins are sa...

Страница 303: ...ariations on how the other control signals are wired A complete crossover cable would connect TxD with RxD DTR with DCD DSR and RTS with CTS on both sides A simplified crossover cable would cross TxD and RxD and locally short circuit DTR with DCD DSR and RTS with CTS Which cable should be used First look up the proper cable for your application in the table below Next purchase stan dard off the sh...

Страница 304: ...version of the crossover cables with support for modem control signals and hardware flow control Applications that do not require such features have just to configure NO hardware flow control and NO DCD detec tion on their side Both ends should have the same configuration for better use of the com plete version of the cables These cables appear in Cable Package 1 and or Cable Package 2 You may or ...

Страница 305: ...ight through Cable 2 Black Box RJ 45 to DB 25 Female Male crossover This cable connects Black Box products serial ports to console ports terminals printers and other DTE RS 232 devices If you are using Cable Package 1 after connecting the appro priate adapter to the RJ 45 straight through cable you will essentially have the cable shown in this picture If you are using Cable Package 2 no assembly i...

Страница 306: ...this picture If you are using Cable Package 2 no assembly is required You will have the cable shown below Figure 30 Cable 3 Black Box RJ 45 to DB 9 Female crossover Cable 4 Black Box RJ 45 to Black Box RJ 45 straight through This cable is the main cable that you will use Along with one of the adapters provided RJ 45 to DB 9 or RJ 45 to DB 25 you can create a crossover cable like the ones explained...

Страница 307: ...his cable is included in Cable Package 2 Figure 32 Cable 5 Black Box Sun Netra Cable Adapters The following four adapters are included in the product box A general diagram is provided below and then a detailed description is included for each adapter Loop Back Connector for Hardware Test The use of the following DB 25 connector is explained in the Troubleshooting chapter It is included in both Cab...

Страница 308: ...r or to a Cisco product At one end of the adapter is the black CAT 5e Inline Coupler box with a female RJ 45 termi nus from which a 3 inch long black Sun Netra labeled cord extends terminating in an RJ 45 male connector This adapter is included in Cable Package 2 Figure 34 Black Box Sun Netra Adapter RJ 45 Female to DB 25 Male Adapter The following adapter may be necessary It is included in Cable ...

Страница 309: ...following adapter may be necessary It is included in Cable Package 1 Figure 36 RJ 45 Female to DB 25 Female Adapter RJ 45 Female to DB 9 Female Adapter The following adapter may be necessary This is included in Cable Package 1 Figure 37 RJ 45 Female to DB 9 Female Adapter RJ 45 DB 25F RJ 45 DB 9F ...

Страница 310: ...Appendix B Cabling Hardware Electrical 310 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 311: ...ameters on the following table are common to all three profiles Table 26 Parameters Common to CAS TS Dial in Access Parameter Description Value for this Example conf dhcp_client It defines the dhcp client operation mode Valid values 0 DHCP disabled 1 DHCP active 2 DHCP active and the unit saves in flash the last IP assigned by the DHCP server default 1 Also see Description column conf eth_ip_alias...

Страница 312: ... two is used by the cy_ras program to OVERWRITE the file etc network ifcfg_eth0 as soon as the command signal_ras hup is executed The file etc network ifcfg_eth0 should not be edited by the user unless the cy_ras configuration is not going to be used 200 200 200 1 conf eth_mask The mask for the Ethernet network 255 255 255 0 conf eth_mtu The Maximum Transmission Unit size which determines whether ...

Страница 313: ... ports by user name only the users listed can access the port or using the character all but the users listed can access the port In this example the users joe mark and members of user_group cannot access the port A single comma and spaces tabs may be used between names A comma may not appear between the and the first user name The users may be local Radius or TacacsPlus User groups defined with t...

Страница 314: ... prompt Expansion characters can be used here h login all media It defines media type RS232 RS484 and operation mode half full duplex Valid values for all products rs232 RS232 default value rs232_half RS232 with RTS legcy half duplex rs232_half_cts RS232 with RTS legacy half duplex and CTS control See Description column all netmask It defines the network mask for the serial port 255 255 255 255 al...

Страница 315: ...ters must be separated by a space The following example sets igncr This tells the terminal not to ignore the car riage return on input onlcr Do not map newline character to a carriage return or newline character sequence on output opost Post process output icrnl Do not map carriage return to a newline character on input all sttyCmd igncr onlcr opost icrnl commented Table 26 Parameters Common to CA...

Страница 316: ...s to users with null password in the radius server must be granted or not yes no all speed The speed for all ports 9600 all datasize The data size for all ports 8 all stopbits The number of stop bits for all ports 1 all parity The parity for all ports none all authhost1 This address indicates the location of the Radius TacacsPlus authentication server and is only necessary if this option is chosen...

Страница 317: ...y the authentication server Its use is optional If this parameter is not used accounting will not be performed If the same server is used for authentication and accounting both parameters must be filled with the same address A second Radius TacacsPlus accounting server can be configured with the parameter all accthost2 200 200 200 2 Table 26 Parameters Common to CAS TS Dial in Access Parameter Des...

Страница 318: ...stead it passes it to the remote server where it is then used for authentica tion radius authentication is performed using a Radius authentication server TacacsPlus authentication is performed using a TacacsPlus authentication server ldap authentication is performed against an ldap database using an ldap server The IP address and other details of the ldap server are defined in the file etc ldap co...

Страница 319: ...ti cation is tried only when the TacacsPlus server is down Note that this parameter controls the authentication required by the BLACK BOX Advanced Console Server The authentication required by the device to which the user is connecting is controlled separately all radtimeout This is the timeout in seconds for a Radius TacacsPlus authentication query to be answered The first server authhost1 is tri...

Страница 320: ...conf file The TS configuration settings are in Table 28 TS Parameters on page 331 The Dial in configuration settings are in Table 29 Dial in configuration Parameters on page 333 For Power Management see the section Appendix J Power Management on page 451 socket_server sX pmoutlet sX indicates the serial port number to which the PM hardware is connected The pmout let part of the parameter indicates...

Страница 321: ...k File System where data captured from the serial port will be written instead of being written to the local directory var run DB The directory tree to which the file will be written must be NFS mounted so the remote host must have NFS installed and the administrator must create export and allow reading writing to this directory The size of this file is not limited by the value of the parameter al...

Страница 322: ...in the host s routing table 192 168 170 1 01 all netmask It defines the network mask for the serial port 255 255 255 2 55 all DTR_reset This parameter specifies the behavior of the DTR signal in the serial port If set to zero the DTR signal will be ON if there is a connection to the serial port otherwise OFF If set from 1 to 99 the DTR signal will be always ON A value greater or equal 100 specifie...

Страница 323: ...answer_output It allows you to con figure a string that will be matched against all data coming in from the tty remote server If there is a match the configured output string auto_answer_output will then be send back to the tty This parameter works only when there is no session to the port If uncom mented and a string of bytes is set matching occurs whenever there is not session estab lished to th...

Страница 324: ...also uncommented then the string configured will be sent back to the remote server See more on the usage of this parameter in Terminal Appearance in Chapter 3 commented all poll_interval Valid only for protocols socket_server and raw_data When not set to zero this parameter sets the wait for a TCP connection keep alive timer If no traffic passes through the BLACK BOX Advanced Console Server for th...

Страница 325: ...igned the port value 7002 etc One example on how this could be used is in the case of all protocol or s n protocol socket_ssh and the port value 7001 7002 etc if supplied by the ssh client like username port value the ssh client will be directly connected with the serial interface For TS this parameter is valid only all protocol is configured as socket_cliente or telnet It is the TCP port number o...

Страница 326: ... data buffering this parameter means the maximum file size in bytes If remote this parameter is just a flag to activate greater than zero or deactivate data buffering When local data buffering is used each time the maximum is reached the oldest 10 of stored data is discarded releasing space for new data FIFO system circular file When remote data buffering is used there s no maximum file size other...

Страница 327: ..._show_DBmenu parameter assumed to be 2 cleared and a flow control start RTS on or XON is issued to resume data transmission Once exiting the session linear data buffering resumes If all flow or s n flow is set to none linear buffering is not possible as there is no way to stop recep tion through the serial line Default is cir cir all DB_ timestamp Records the time stamp in the data buffering file ...

Страница 328: ...d for the fol lowing to work When 0 syslog messages are always generated whether or not there is a ses sion to the port sending data to the unit When 1 syslog messages are NOT generated when there IS a session to the port sending data to the unit but resumes generation of syslog mes sages when there ISN T a session to the port 0 all dont_show_ DBmenu When zero a menu with data buffering options is...

Страница 329: ...e parameter admin_users below can see of the session of the first connected user main session in shows data written to the port out shows data received from the port and i o shows both streams The second and later sessions are called sniff sessions and this feature is activated whenever the protocol parameter is set to socket_ssh or socket_server out all admin_users This parameter determines which...

Страница 330: ...cket_server and raw_data Defines the delay in milliseconds before transmission to the Ethernet of data received through a serial port If not configured 100ms is assumed If set to zero or a value above 1000 no buffering will take place 100 all idletimeout Specifies how long in minutes a connection can remain inactive before it is cut off If it set to zero the connection will not time out 0 s1 serve...

Страница 331: ...to a different pool of ports One serial interface can belong to just one pool of ports Each pool of ports can have any number of serial interfaces 3000 s1 pool_ serverfarm Alias name given to the pool where this serial interface belong to pool_1 s2 tty It defines the physical device name associated to the serial port without the dev ttyS2 s8 tty It defines the physical device name associated to th...

Страница 332: ...r defines the terminal type assumed when performing rlogin or telnet to other hosts vt100 all userauto Username used when connected to a UNIX server from the user s serial terminal all protocol for TS For the terminal server configuration the possible protocols are login which requests username and password rlogin receives username from the BLACK BOX Advanced Console Server and requests a password...

Страница 333: ...e telnet client in binary mode The acceptable values are 0 or 1 where 0 is text mode default and 1 is a binary mode s16 tty TS It defines the physical device name associated to the serial port without the dev ttyS16 Table 29 Dial in configuration Parameters Parameter Description Value for this Example conf pppd Location of the ppp daemon with Radius usr local sbin pppd all netmask It defines the n...

Страница 334: ...ver Callback is available in combination with Radius Server authentication When a registered user calls the BLACK BOX Advanced Console Server it will disconnect the user then call the user back The following three parameters must be configured in the Radius Server attribute Service_type 6 Callback Framed attribute Framed_Protocol 7 PPP attribute Callback_Number 19 the dial number example 50903300 ...

Страница 335: ...xyarp modem asyncmap 000A0000 noipx noccp mtu t mru t netmask m idle I maxconnect T plugin usr lib libpsr so all protocol For the Dial in configuration the available protocols are PPP SLIP and CSLIP ppp s32 tty See the s1 tty entry in the CAS section ttyS32 Table 29 Dial in configuration Parameters Parameter Description Value for this Example ...

Страница 336: ...Appendix C The pslave Configuration File 336 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 337: ...n etc pam d to authenticate a user request via the locally available authentication modules The modules themselves will usually be located in the directory lib security and take the form of dynamically loadable object files The Linux PAM authentication mechanism gives to the system administrator the freedom to stipulate which authentication scheme is to be used S he has the freedom to set the sche...

Страница 338: ...library in the center consults the contents of the PAM configura tion file and loads the modules that are appropriate for Application X These modules fall into one of four management groups lower center and are stacked in the order they appear in the configuration file These modules when called by Linux PAM perform the various authentication tasks for the application Textual information required f...

Страница 339: ...s however are case sensitive since they indicate a file s name and reflect the case dependence of typical Linux file systems The case sensitivity of the arguments to any given module is defined for each module in turn In addition to the lines described below there are two special characters provided for the convenience of the system administrator A general configuration line of the etc pam conf fi...

Страница 340: ... a password or other means of identification Second the module can grant group membership independently of the etc groups or other privileges through its credential granting properties Account This module performs non authentication based account management It is typically used to restrict or permit access to a service based on the time of day currently available system resources maximum number of...

Страница 341: ...nt and optional Required This indicates that the success of the module is required for the module type facility to succeed Failure of this module will not be apparent to the user until all of the remaining modules of the same module type have been executed Requisite This is similar to required However in the case that such a module returns a failure control is directly returned to the application ...

Страница 342: ...efined The action can be a positive integer or one of the following tokens ignore ok done bad die and reset Optional As its name suggests this control flag marks the module as not being critical to the success or failure of the user s application for service In general Linux PAM ignores such a module when determining if the module stack will succeed or fail However in the absence of any definite s...

Страница 343: ...with the side effect of terminating the module stack and PAM immediately returning to the application OK This tells PAM that the administrator thinks this return code should contribute directly to the return code of the full stack of modules In other words if the former state of the stack would lead to a return of PAM_SUCCESS the module s return code will override this value Note if the former sta...

Страница 344: ...rompting for a username pam_lastlog This session module maintains the var log lastlog file It adds an open entry when called via the pam_open_session function and completes it when pam_close_session is called This module can also display a line of information about the last login of the user If an application already performs these tasks it is not necessary to use this module pam_limits This modul...

Страница 345: ...red to deny access to individual users based on their name the time of day the day of week the service they are applying for and their terminal from which they are making their request pam_tacplus Provides TacacsPlus Server authentication authorization account management and accounting session management pam_unix This is the standard UNIX authentication module It uses standard calls from the syste...

Страница 346: ...s for the ldap client configuration file ldap conf in etc Here s an example of the ldap conf file partial file name ldap conf This is the configuration file for the LDAP nameservice switch library and the LDAP PAM module Your LDAP server Must be resolvable without using LDAP host 127 0 0 1 The distinguished name of the search base base dc padl dc com debug Use the syslog 3 call to log debugging in...

Страница 347: ...ord This option is intended for auth modules only use_mapped_ pass This argument is not currently supported by any of the modules in the Linux PAM distribution because of possible consequences associated with U S encryption exporting restrictions expose_account In general the leakage of some information about user accounts is not a secure policy for modules to adopt Sometimes information such as u...

Страница 348: ...ny so OTHER password required pam_deny so OTHER session required pam_deny so While fundamentally a secure default this is not very sympathetic to a misconfigured system For example such a system is vulnerable to locking everyone out should the rest of the file become badly written The module pam_deny not very sophisticated For example it logs no information when it is invoked so unless the users o...

Страница 349: ...n so auth required pam_deny so account required pam_deny so password required pam_warn so password required pam_deny so session required pam_deny so On a less sensitive computer the following selection of lines in etc pam conf is likely to mimic the historically familiar Linux setup default standard UNIX access OTHER auth required pam_unix_auth so OTHER account required pam_unix_acct so OTHER pass...

Страница 350: ...used etc pam conf Last modified by Andrew G Morgan morgan kernel org Id pam conf v 1 9 2003 06 12 20 34 13 regina Exp serv module ctrl module path args nametype flag WARNING The services tacacs s_tacacs radius s_radius local s_local and remote are used by the Cyclades applications portslave socket_server socket_ssh and raw_data and should not be changed by the administrators unless he knows what h...

Страница 351: ...o_unavail ignore default die pam_krb5 so no_ccache kerberosdownlocal account requiredpam_unix2 so kerberosdownlocal session success done new_authtok_reqd done authinfo_unavail ignore default die pam_krb5 so no_ccache kerberosdownlocal session requiredpam_unix2 so The PAM configuration file for the ldap service ldapauth sufficientpam_ldap so ldapaccount required pam_ldap so ldapsession required pam...

Страница 352: ...te pam_securetty so tacplus auth required pam_tacplus so encrypt tacplus auth optional pam_auth_srv so tacplus account required pam_tacplus so encrypt service ppp protocol lcp tacplus session required pam_tacplus so encrypt service ppp protocol lcp s_tacplus auth requisite pam_securetty so s_tacplus auth required pam_tacplus so encrypt use_first_pass s_tacplus account required pam_tacplus so encry...

Страница 353: ...ecuretty so local auth required pam_unix2 so local account required pam_unix2 so local password required pam_unix2 so md5 use_authtok local session required pam_unix2 so s_local auth requisite pam_securetty so s_local auth required pam_unix2 so use_first_pass s_local account required pam_unix2 so s_local password required pam_unix2 so md5 use_authtok s_local session required pam_unix2 so The PAM c...

Страница 354: ...use_authtok loginsession required pam_unix2 so login session required pam_limits so The PAM configuration file for the xsh service sshdauth required pam_unix2 so sshdauth optional pam_group so sshdaccount requisite pam_time so sshdaccount required pam_unix2 so sshdpassword required pam_unix2 so md5 use_authtok sshdsession required pam_unix2 so sshd session required pam_limits so The PAM configurat...

Страница 355: ...on for the PPPD process with the login option ppp auth required pam_nologin so ppp auth required pam_unix2 so ppp account required pam_unix2 so ppp session required pam_unix2 so Information for the ipppd process with the login option local authent ippp auth required pam_nologin so ippp auth required pam_unix2 so ippp account required pam_unix2 so ippp session required pam_unix2 so Information for ...

Страница 356: ... etc raddb server The PAM configuration file for the other service otherauth required pam_warn so otherauth required pam_deny so otheraccount required pam_deny so otherpassword required pam_warn so otherpassword required pam_deny so othersession required pam_deny so Reference The Linux PAM System Administrators Guide Copyright c Andrew G Morgan 1996 9 All rights reserved Email morgan linux kernel ...

Страница 357: ...ux kernel image script file where all BLACK BOX Advanced Console Server configuration information is stored The Upgrade Process To upgrade the BLACK BOX Advanced Console Server follow these steps Step 1 Log in to the BLACK BOX Advanced Console Server as root Provide the root password if requested Step 2 Go to the proc flash directory using the following command cd proc flash Step 3 FTP to the host...

Страница 358: ... present in the text file saved in the Black Box site e g zImage 134 md5sum If the numbers match the downloaded file is not corrupted Step 6 Issue the command reboot reboot Step 7 Confirm that the new Linux kernel has taken over After rebooting the new Linux kernel will take over This can be confirmed by typing cat proc version to see the Linux kernel version Note Due to space limitations the new ...

Страница 359: ...rnet test Step 4 When the Watch Dog Timer prompt appears press Enter Step 5 Choose the option Network Boot when asked Step 6 Enter the IP address of the Ethernet interface Step 7 Enter the IP address of the host where the new zImage file is located Step 8 Enter the file name of the zImage file on the host Step 9 Select the TFTP option instead of BOOTP The host must be running TFTPD and the new zIm...

Страница 360: ... it will not be loaded onto the ramdisk on boot The following table lists files that should be included in the etc config_files file and which programs use each Note Possible causes for the loss of flash memory may include downloaded wrong zImage file downloaded as ASCII instead of binary problems with flash memory Table 30 Files to be included in etc config_file and the program to use File Progra...

Страница 361: ...config cy_ras rc sysinit etc network ifcfg_lo ifconfig lo cy_ras rc sysinit var run radsession id radinit radius authentication process home adduser passwd etc network st_routes ifconfig cy_ras rc sysinit etc syslog ng syslog ng conf syslog ng Important If any of the files listed in etc config_files is modified the BLACK BOX Advanced Console Server administrator must execute the command saveconf b...

Страница 362: ...ctor is necessary for this test Their pinout diagrams are supplied in Appendix B Cabling Hardware and Electrical Specifications Connect the loop back connector to the modem cable and then connect the modem cable to the port to be tested or connect a cross cable between two ports to be tested When tstest senses the presence of the cable or connector the test will be run automatically and the result...

Страница 363: ...he port to be tested and begin Enter the number of the port and a baud rate 9600 is a typical value Type some letters and if the letters appear on the screen the port is working If the letters do not appear on the screen which also occurs if the loop back connector is removed the port is not functioning correctly A second method that can be used to test the port is to connect it to a modem with a ...

Страница 364: ...R is typed the Xs in the RTS and CTS columns should move together If the Xs change position as described the signals are being sent and received correctly Single User Mode The BLACK BOX Advanced Console Server has a single user mode used when The name or password of the user with root privileges is lost or forgotten After an upgrade or downgrade which leaves the BLACK BOX Advanced Console Server u...

Страница 365: ...s complete the Linux prompt will appear on the console root none If the password or username was forgotten execute the following commands passwd saveconf reboot For configuration problems you have two options Step 1 Edit the file s causing the problem with vi then execute the commands saveconf reboot Step 2 Reset the configuration by executing the commands echo 0 proc flash script reboot If the pr...

Страница 366: ...it is not type bin webs to start it If the bin webs process is not being initialized during boot change the file etc inittab How to restore the Default Configuration of the Web Configuration Manager This would be required only when the root password was lost or the configuration file etc websum conf was damaged From a console or telnet session edit the file etc config_files Find the reference to e...

Страница 367: ...rm or S kip Flash test P S kip Q uick or F ull RAM test F Fast Ethernet A uto Neg 1 00 BtH 100 Bt F 10 B t F 10 Bt H A Fast Ethernet Maximum Interrupt Events 0 Type Enter for all fields but the Console Speed When presented the following line Do you confirm these changes in flash Y es N o Q uit N Step 2 Enter Y and the changes will be saved in flash Step 3 Logout and login again to use the console ...

Страница 368: ...e Interpretation Event CPU LED Morse code Normal Operation S short short short Flash Memory Error Code L long long long Flash Memory Error Configuration S L Ethernet Error S S L No Interface Card Detected S S S L Network Boot Error S S S S L Real Time Clock Error S S S S S L Note The Ethernet error mentioned in the above table will occur automati cally if the Fast Ethernet link is not connected to...

Страница 369: ...OpenSSL package through the following command openssl req new nodes keyout private key out public csr If this command is used the following information is required Table 32 Required information for the OpenSSL package Parameter Description Country Name 2 letter code AU The country code consisting of two letters State or Province Name full name Some State Provide the full name not the code of the s...

Страница 370: ...n receipt install certificate After the approval the CA will send a certificate file to the origin which we will call Cert cer for example purposes The certificate is also stored on a directory server The certificate must be installed in the GoAhead Web server by following these instructions Step A Open a Black Box Terminal Server session and do the login Step B Join the certificate with the priva...

Страница 371: ...Appendix F Certificate for HTTP Security User Guide 371 Step E Save the configuration in flash saveconf Step F The certification will be effective in the next reboot ...

Страница 372: ...Appendix F Certificate for HTTP Security 372 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 373: ...nerally protects only a particular higher level protocol PGP for mail SSH for login SSL for Web work and so on IPsec can be used on any machine which does IP networking Dedicated IPsec gateway machines can be installed wherever required to protect traffic IPsec can also run on routers on firewall machines on various application servers and on end user desktop or laptop machines IPsec is used mainl...

Страница 374: ...thods of authentication 1 A shared secret provides authentication If Alice and Bob are the only ones who know a secret and Alice receives a message which could not have been created without that secret then Alice can safely believe the message came from Bob 2 A public key or RSA authentication can also provide authentication If Alice receives a message signed with Bob s private key which of course...

Страница 375: ...on using auto matic keying with RSA authentication of the gateways General comments on ipsec conf The ipsec conf file is divided into sections and the following rules apply 1 The character marks a comment 2 The first uncommented line of a section must be at the margin and must not be indented KLIPS kernel IPsec Implements the IPsec code in the Linux kernel PLUTO The user space IPsec It negotiate c...

Страница 376: ... and which is right is entirely up to you The setup section of ipsec conf The first section of ipsec conf contains overall setup parameters for IPsec which apply to all connections In our example file this would be basic configuration config setup THIS SETTING MUST BE CORRECT or almost nothing will work defaultroute is okay for most simple cases interfaces defaultroute Debug logging controls none ...

Страница 377: ...the output from netstat rn to get a more complete picture In other cases you can name one or more specific interfaces to be used by IPsec For example interfaces ipsec0 eth0 or interfaces ipsec0 eth0 ipsec1 ppp0 Both tell IPsec to use eth0 as ipsec0 The second one also supports IPsec over PPP Note that multiple tunnels do not require multiple interfaces It is possible and even common to have one IP...

Страница 378: ...ated when Pluto starts plutoload and plutostart can be quoted lists of connection names but are often set to search as in our example Any con nection with auto add in its connection definition is then loaded and any connection with auto start is started In most cases you want plutostart search here and auto start in your connection descriptions That way when a connection is broken for example if o...

Страница 379: ... machine resources are for so if a connection is down you might as well waste resources retry ing rather than waste them by sitting idle Of course some cau tion should be exercised with this since it can waste network resources as well authby rsasig Authenticate gateways using RSA signatures This is the preferred method and is what we will use in this section s examples An alternate method is to u...

Страница 380: ...168 0 0 24 auto start We are omitting the variables we have shown as set in the default connection above All of them could also be set here If they are set in both places settings here take precedence Defaults are used only if the specific connection description has no value set Many of the variables in this file come in pairs such as leftsubnet and rightsubnet one for each end of the connection T...

Страница 381: ... directly linked packets can go from one to the other without IP routing by any intermediate device then you need not set either leftnexthop or right nexthop A connection with left defaultroute or right defaultroute must not have the corresponding nexthop parameter set However in all other cases you must provide nexthop information KLIPS bypasses the normal routing machin ery so you must give KLIP...

Страница 382: ...nsole Server interface e f g h left interface e f g i leftnexthop router interface we don t know INTERNET interface we don t know router interface j k l m rightnexthop interface j k l n right right gateway machine interface 192 168 0 something branch office uses private IP addresses subnet 192 168 0 0 24 rightsubnet The ipsec conf file for the above network would look like this with RSA keys short...

Страница 383: ...ys authby rsasign VPN connection for head office and branch office conn head branch identity we use in authentication exchanges leftid head example com leftrsasigkey 0x175cffc641f left security gateway public network address left e f g h next hop to reach right leftnexthop e f g i right s g subnet behind it and next hop to reach left rightid branch example com rightrsasigkey 0xfc641fd6d9a24 right ...

Страница 384: ...ines regarding the IPsec on the etc rc sysinit script Adding and Removing a Connection All the connections can be loaded to the IPsec database at boot time if these connections have the auto parameter set to add However if a certain connection doesn t have this option set and you wish to add this connection manually you can use the following command usr local sbin ipsec auto add connection name Si...

Страница 385: ...ou use the command usr local sbin ipsec auto up connection name Below you can see the output of a successful up operation root henrique root ipsec auto up teste 104 teste 5 STATE_MAIN_I1 initiate 106 teste 5 STATE_MAIN_I2 sent MI2 expecting MR2 108 teste 5 STATE_MAIN_I3 sent MI3 expecting MR3 004 teste 5 STATE_MAIN_I4 ISAKMP SA established 112 teste 6 STATE_QUICK_I1 initiate 004 teste 6 STATE_QUIC...

Страница 386: ...next step is to send your public key to every one you need to set up connections with and collect their public keys You need to extract the public part in a suitable format This is done with the ipsec_showhostkey command ipsec showhostkey left ipsec showhostkey right These two produce the key formatted for insertion in an ipsec conf file Public keys need not be protected as fanatically as private ...

Страница 387: ... 186 161 128 IPIP dir out src 64 186 161 96 life c s h addtime 4 0 0 Destination Gateway Genmask Flags MSS Window irtt Iface 0 0 0 0 64 186 161 1 0 0 0 0 UG 40 0 0 eth0 64 186 161 0 0 0 0 0 255 255 255 0 U 40 0 0 eth0 64 186 161 0 0 0 0 0 255 255 255 0 U 40 0 0 ipsec0 64 186 161 128 64 186 161 128 255 255 255 255 UGH 40 0 0 ipsec0 In this output you can see that there is an activated tunnel betwee...

Страница 388: ...A_REPLACE in 3019s newest ISAKMP As you can see it shows almost the same information shown by the ipsec auto up command You can use this command if the up command doesn t show anything on the screen it can happen depending on the BLACK BOX Advanced Console Server syslog configuration IPsec and Road Warriors IPsec Security for the Internet Protocol FreeS WAN is a Linux implementation of the IPsec I...

Страница 389: ...ity gateway machine in the network and create a security tunnel between the Console Server and this gateway The gateway machine and the Console Server encrypt packets entering the untrusted net and decrypt packets leaving it creating a secure tunnel through it Road Warriors The prototypical Road Warrior is a traveler connecting to the Console Server from a laptop machine For purposes of this docum...

Страница 390: ...n cannot even recognize them much less debug them unless the underlying network is right Enabling IPsec The IPsec is disabled by default in the Console Server family To enable it you must edit the file etc inittab and etc config_files and uncomment the lines regarding the IPsec After per forming these changes you must save the configuration using the saveconf tool and reboot the equipment Quick St...

Страница 391: ...mat suitable for insertion directly into the Console Server s ipsec conf file issue this command on the warrior machine usr local sbin ipsec showhostkey right The output should look like this with the key shortened for easy reading rightrsasigkey 0s1LgR7 oUM The Road Warrior needs to know The Console Server s public key or the secret and The ID the Console Server uses in IPsec negotiation which ca...

Страница 392: ... 1 2 3 4 Console Server IP address leftid acs example com real keys are much longer than shown here leftrsasigkey 0s1LgR7 oUM warrior stuff right defaultroute rightid xy example com rightrsasigkey 0s1LgR7 oUM Road warrior support on the Console Server Adding Road Warrior support so people can connect remotely to your Console Server is straightforward conn gate xy left 1 2 3 4 leftid acs example co...

Страница 393: ... in this case have a fixed IP address To do it just insert this connection description in your ipsec conf file with the variables that fit your environment sample tunnel The network here looks like BLACK BOX Advanced Console Server acsnexthop right nexthop right rightsubnet If BLACK BOX Advanced Console Server and right are on the same Ethernet omit leftnexthop and rightnexthop conn sample BLACK B...

Страница 394: ...f using local remote parameters If you give an explicit IP address for left and left and right are not directly connected then you must specify leftnexthop the router which Console Server sends packets to in order to get them delivered to right Similarly you may need to specify rightnexthop vice versa The nexthop parameters are needed because of an unfortunate interaction between FreeS WAN and the...

Страница 395: ... to set up connections with and collect their public keys The other players will be For a VPN each BLACK BOX Advanced Console Server administrator needs public keys for all gateways his or her BLACK BOX Advanced Console Server talks to For a Road Warrior the BLACK BOX Advanced Console Server needs public keys for all Warriors that connect to it and each Warrior needs the BLACK BOX Advanced Con sol...

Страница 396: ...ull path name it is considered to be relative to the directory containing the including file Such inclu sions can be nested Only a single filename may be supplied and it may not contain white space but it may include shell wildcards for example include ipsec conf The intention of the include facility is mostly to permit keeping information on connections or sets of connections separate from the ma...

Страница 397: ... any type of section A section with name default specifies defaults for sections of the same type For each parameter in it any section of that type which does not have a parameter of the same name gets a copy of the one from the default section There may be multiple default sections of a given type but only one default may be supplied for any specific parameter name and all default sections of a g...

Страница 398: ... local and remote Which participant is considered left or right is arbitrary IPsec figures out which one it is being run on based on internal information This permits using identical connection specifications on both ends Many of the parameters relate to one participant or the other only the ones for left are listed here but every parameter whose name begins with left has a right counterpart whose...

Страница 399: ...ed in the config setup section left will be filled in automatically with the local address of the default route interface as determined at IPsec star tup time This also overrides any value supplied for leftnexthop Either left or right may be defaultroute but not both The magic value any signifies an address to be filled in by automatic keying during negotia tion the magic value opportunistic signi...

Страница 400: ...dress or a fully qualified domain name preceded by which is used as a literal string and not resolved leftrsasigkey The left participant s public key for RSA signature authentication in RFC 2537 format The magic value none means the same as not specifying a value useful to override a default The value dnsondemand means the key is to be fetched from DNS at the time it is needed The value dnson load...

Страница 401: ...eying channel expiry should attempts to negotiate a replacement begin Acceptable values as for key life default 9m rekeyfuzz Maximum percentage by which rekeymargin should be randomly increased to randomize rekeying intervals important for hosts with many connections Acceptable values are an integer which may exceed 100 followed by a keyingtries How many attempts an integer should be made to negot...

Страница 402: ...tion key espauthkey ESP authentication key espreplay_window ESP replay window setting An integer from 0 to 64 Relevant only if ESP authentication is being used leftespspi SPI to be used for the leftward ESP SA overriding automatic assign ment using spi or spibase Typically a hexadecimal number begin ning with 0x ah AH authentication algorithm to be used for the connection e g hmac md5 96 Default i...

Страница 403: ...tarted automatically Recommended conn parameters mostly for automatic keying as manual keying seldom sees much use are IPsec Usage This section will teach you How to start and stop the IPsec daemon How to add and remove an IPsec connection from the IPsec database How to start and stop a connection keyingtries 0 Unlimited retries are normally appropriate for VPN connec tions Finite values may be ne...

Страница 404: ...r local sbin ipsec auto manual add connection name You must use auto or manual depending on your connection keying type manual auto Sim ilarly to take a connection out of the IPsec database you can use the command usr local sbin ipsec auto manual delete connection name Once a connection descriptor is in the IPsec internal database IPsec will accept the other end to start the security connection ne...

Страница 405: ...the logic used for manag ing permissions is also different The Web s user database is stored in the etc websum conf file and it has basically three lists users user groups and access limits Default Configuration for Web User Management The following three screen shots show the default configuration for User List User Group List and Access Limit List pages respectively Figure 41 User List default p...

Страница 406: ...Appendix H Web User Management 406 BLACK BOX Advanced Console Server Figure 43 Access Limit List default page ...

Страница 407: ...ill be available Accessibility When configured as FULL ACCESS the URL can be accessed without any authentication otherwise the user can authenticate with BASIC DIGEST or COOKIE authentication The last type is recommended because it allows the user to log out in the end of the session The page will not be accessible when the accessibility is configured as NO ACCESS Security When set to be secure th...

Страница 408: ...ccess limits In the default configuration The access limits have privileges based on the functionality of the Web page There are four different groups root monitor admin and user each one with a specific privilege There is one root user username is root and password is linux Enabled The username must be enabled to be authenticated Encrypted password The password passed by the browser must match th...

Страница 409: ...nt Load Save Web Configuration The Login page will appear Step 5 Type the username root and the password that was configured then click on the Login button Step 6 After the authentication click on the Save Configuration button Step 7 Click on the link Administration Load Save Configuration Step 8 Click on the Save to Flash button Adding and Deleting Users Adding a User Step 1 Click on the link Web...

Страница 410: ...urrent user Go to the link Application Logout and log in again with the new user Deleting a User The root user is delete protected and because of that it cannot be removed from the user list The other users can be deleted Step 1 Click on the link Web User Management Users Step 2 Select the user to be deleted and click on the Delete User button A confirmation message will appear Step 3 If there are...

Страница 411: ...ked Step 4 Click on the Submit button A confirmation message will appear Step 5 If there are more groups to be added repeat the steps 1 to 4 Step 6 Click on the link Web User Management Load Save Web Configuration Step 7 Click on the Save Configuration button This will save the users added in the file etc websum conf Step 8 Click on the link Administration Load Save Configuration Step 9 Click on t...

Страница 412: ...eb page Pages or forms which causes the configuration to change will have FULL privilege only high privileged users will have access to it Pages which change the status of the board without changing the configuration will have ADMINISTRATOR privilege Pages with the system information will have MONITOR privilege Only application pages will have USER privilege Changing access limits is not recommend...

Страница 413: ...uration button This will save the users added in the file etc websum conf Step 8 Click on the link Administration Load Save Configuration Step 9 Click on the Save to Flash button Deleting an access limit Step 1 Click on the link Web User Management Access Limits Step 2 Select the access limit to be deleted and click on the Delete Access Limit button A confirmation message will appear Step 3 If the...

Страница 414: ...Appendix H Web User Management 414 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 415: ...on Any Web user config ured in the Web User Management section of the WMI will be able to use this application Tested Environment Requirements Java 2 Runtime Environment JRE SE v1 4 0_01 or v1 4 0_02 which can be found at http java sun com installed on your PC with your browser acknowledged to use it You can first check if the browser you are using acknowledges the Java version by follow ing the p...

Страница 416: ...n the browser s you want to activate to use the Java Plug in Now repeat the check to see if your browser will now use the correct Java Plug in From Netscape or Mozilla Check to see if Java is enabled Go to Edit Preferences Advanced Check on Enable Java To see what version of JRE Plug in is used go to Help About Plug ins Scroll down to Java Plug in section Check if the Java Plug in is the version y...

Страница 417: ... the Connect to Serial Ports link on the Link Panel to the left of the page in the Configuration section This will take you to the Port Selection page The ports will be listed by their server farm name if it were configured Figure 44 Serial Port Connection page Step 4 Select port On the Port Selection page choose a port to connect to from the dropdown menu and click the Connect button This will op...

Страница 418: ... entering commands Step 7 To send a break to the terminal Click on the SendBreak button Step 8 Disconnect connection Click on the Disconnect button Make sure the Status bar shows an Offline status Closing the popup window will also disconnect you from the server Step 9 Reconnect to port Refresh the current page by clicking on the refresh icon at the upper right hand corner of the window ...

Страница 419: ... LAN or WAN There is no authentication by default but the system can be configured for authentication to be performed by a Radius server a TacacsPlus server or even by a local database Either telnet or ssh can be used See Appendix A New User Background Information for more information about ssh The instructions in Chapter 2 Installation Configuration and Usage will set up a fully functional defaul...

Страница 420: ...ess Figure 46 CAS diagram with various authentication methods As shown in the above figure our CAS with local authentication scenario has either telnet or ssh a secure shell session being used After configuring the serial ports as described in Chapter 3 Additional Features or in Appendix C The pslave Configuration File the follow ing step by step check list can be used to test the configuration BL...

Страница 421: ...00 bps 8N1 The server must also be configured to communicate on the serial console port with the same parameters Step 4 Confirm routing Also make sure that the computer is configured to route console data to its serial console port Console Redirection Step 5 Telnet to the server connected to port 1 From a server on the LAN not from the console try to telnet to the server connected to the first por...

Страница 422: ...r to access a server on the LAN Figure 47 Terminal Server diagram The terminal can be either a dumb terminal or a terminal emulation program on a PC Note It is possible to access the serial ports from Microsoft stations using some off the shelf packages Although Black Box is not liable for those packages successful tests were done using at least one of them From the application s viewpoint running...

Страница 423: ...rver is reachable Step 3 Check physical connections Make sure that the physical connection between the BLACK BOX Advanced Console Server and the terminals is correct A cross cable not the modem cable provided with the product should be used Please see the Appendix B Cabling Hardware and Electrical Specifications for pin out diagrams Step 4 Confirm that terminals are set to same parameters as the B...

Страница 424: ...as the protocol on the serial dial up lines Black Box recommends that a maximum of two ports be configured for this option Figure 48 Ports configured for Dial in Access After configuring the serial ports as described in Chapter 3 Additional Features or in Appen dix C The pslave Configuration File the following step by step check list can be used to test the configuration Step 1 Create a new user S...

Страница 425: ...set for communication at 57600 bps 8N1 The modems should be programmed to operate at the same speed on the DTE interface Step 5 Confirm routing Also make sure that the computer is configured to route console data to the serial console port Step 6 Perform a test dial in Try to dial in to the BLACK BOX Advanced Console Server from a remote computer using the username and password configured in step ...

Страница 426: ...Appendix J Examples for Config Testing 426 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 427: ...arameters Basic Parameters wiz Hostname System IP Domain Name DNS Server Gateway IP Network Mask Access Method Parameters wiz ac type CAS profile Ipno Socket_port Protocol Users Poll_interval Tx_interval Idletimeout Conf group sN serverfarm pool_ipno pool_socket_port pool_serverfarm ...

Страница 428: ...Advanced Console Server web_WinEMS translation TS profile Protocol Socket_port Userauto Telnet_client_mode Alarm Parameter wiz al Alarm xml_monitor Authentication Parameters wiz auth Authtype Authhost1 Accthost1 Authhost2 Accthost2 Radtimeout Radretries ...

Страница 429: ...User Guide 429 Secret Data Buffering Parameters wiz db Data_buffering Conf nfs_data_buffering Syslog_buffering Dont_show_DBmenu DB_timestamp DB_mode Syslog_sess Power Management Parameters wiz pm pmkey pmNumOfOutlets pmoutlet pmtype pmusers ...

Страница 430: ...lication Parameters 430 BLACK BOX Advanced Console Server Serial Settings Parameters wiz sset type CAS profile Speed Datasize Stopbits Parity Flow Dcd SttyCmd DTR_reset TS profile Speed Datasize Stopbits Parity Flow Dcd ...

Страница 431: ...uide 431 Sniffing Parameters wiz snf Admin_users Sniff_mode Escape_char Multiple_sessions Syslog Parameters wiz sl Conf facility Conf DB_facility Terminal Appearance Parameters wiz tl Issue Prompt Lf_suppress Auto_answer_input Auto_answer_output ...

Страница 432: ...Appendix K Wiz Application Parameters 432 BLACK BOX Advanced Console Server Terminal Server Profile Other Parameters wiz tso Host Term Conf locallogins ...

Страница 433: ...re Console Port Server and a reference to their maintainers The copyrights notices required in some packets are placed in the COPYRIGHTS directory of the Advanced Secure Console Port Server image Bash Bourne Again Shell version 2 0 5a Extracted from the HardHat Linux distribution http www gnu org software bash Bootparamd NetKit Bootparamd version 0 17 ftp ftp uk linux org pub linux Networking netk...

Страница 434: ...ersion 2 1 http www montavista com IPSec The Linux FreeS WAN IPsec version 1 9 8 http www freeswan org COPYRIGHT This product includes software developed by Eric Young eay cryptsoft com IPtables Netfilter IPtables version 1 2 2 Extracted from the HardHat Linux distribution http www netfilter org Linux Kernel Linux Kernel version 2 4 18 Extracted from the HardHat Linux distribution http www kernel ...

Страница 435: ...ware developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org COPYRIGHT This product includes cryptographic software written by Eric Young eay cryptsoft com PAM Linux PAM version 0 75 http www kernel org pub linux libs pam Portslave SourceForge Portslave project version 2000 12 25 modified Includes pppd version 2 4 1 and rlogin version 8 10 http sourceforge net projects...

Страница 436: ...erver Tinylogin TinyLogin version 0 80 ftp ftp lineo com pub tinylogin WEBS GoAhead WEBS version 2 1 modified http goahead com webserver webserver htm Copyright c 20xx GoAhead Software Inc All Rights Reserved ZLIB zlib version 1 1 4 http www gzip org zlib ...

Страница 437: ...8 Choose a free COM port 52 9 Port Settings 53 10 The etc hostname file with hostname typed in 55 11 Contents of the etc hosts file 55 12 Configuration and Administration page 76 13 Port Selection page 76 14 Profile Section of Serial Port Configuration page 77 15 Serial Ports Users Group Table Entry page 78 16 An example of the clustering feature 118 17 Example of Centralized Management 123 18 Edi...

Страница 438: ...le crossover 306 31 Cable 4 Black Box RJ 45 to Black Box RJ 45 straight through 306 32 Cable 5 Black Box Sun Netra Cable 307 33 Loop Back Connector 307 34 Black Box Sun Netra Adapter 308 35 RJ 45 Female to DB 25 Male Adapter 308 36 RJ 45 Female to DB 25 Female Adapter 309 37 RJ 45 Female to DB 9 Female Adapter 309 38 Data flow diagram of Linux PAM 338 39 Initial test 363 40 Second screen showing c...

Страница 439: ...List of Figures User Guide 439 47 Terminal Server diagram 422 48 Ports configured for Dial in Access 424 ...

Страница 440: ...List of Figures 440 BLACK BOX Advanced Console Server This page has been left intentionally blank ...

Страница 441: ...onfiguration for Slave 2 where it differs from the CAS standard 121 10 General Options for the Help Wizard 188 11 Help CLI Options Synopsis 1 190 12 Help CLI Options Synopsis 2 192 13 Help CLI Options Synopsis 3 193 14 vi modes 286 15 vi navigation commands 287 16 vi file modification commands 287 17 vi line mode commands 287 18 Process table 293 19 BLACK BOX Advanced Console Server power requirem...

Страница 442: ...Dial in Access 311 26 Mostly CAS specific Parameters 321 27 TS Parameters 331 28 Dial in configuration Parameters 333 29 Files to be included in etc config_file and the program to use 360 30 CPU LED Code Interpretation 368 31 Required information for the OpenSSL package 369 32 Windows XP JREv1 4 0_01 or 02 415 ...

Страница 443: ...ch to monitor mode Console Access Server CAS A CAS has an Ethernet LAN connection and many RS 232 serial ports It connects to the con sole ports of servers and networking equipment and allows convenient and secure access from a single location Console Port Most of the equipment in a data center servers routers switches UPS PBX etc has a serial console port for out of band management purposes Clust...

Страница 444: ... Bases SNMP compliant devices called agents store data about themselves in MIBs and return this data to the SNMP requesters Out of band network management In a computer network when the management data is accessed through a network that is independent of the network used to carry data this is called out of band network manage ment Off line data buffering This is a CAS feature that allows capture o...

Страница 445: ...a set of protocols for managing complex networks The first versions of SNMP were developed in the early 80s SNMP works by send ing messages called protocol data units PDUs to different parts of a network SNMP com pliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to the SNMP requesters Source Webopedia Telnet Telnet is the standard se...

Страница 446: ...work Because they have the same physical interfaces terminal servers are sometimes used as console access servers TTY The UNIX name for the COM Microsoft port U Rack height unit A standard computer rack has an internal width of 17 inches Rack space on a standard rack is measured in units of height U One U is 1 75 inches A device that has a height of 3 5 inches takes 2U of rack space ...

Страница 447: ...onnectors 302 CronD 134 Custom Wizard 35 D Data Buffers 137 Default Configuration Parameters 32 DHCP 150 DNS Server 34 Domain 35 E Ethernet 33 F Filters 156 Flash Memory Loss 359 G Gateway 33 default 34 Generating Alarms 172 H Hardware Specifications 297 Hardware Test 362 HyperTerminal 33 I IP Address 34 IPsec 373 K Kerberos 101 106 318 Kermit 33 L Linux File Structure 284 Linux PAM 337 M Minicom ...

Страница 448: ...st 362 R Radius authentication 424 Routing Table 288 RS 232 Standard 300 S Secure Shell Session 289 Sendmail 181 Sendsms 181 Snmptrap 181 Syslog n 256 System Requirements 31 T Terminal Appearance 271 Time Zone 280 U Upgrades 357 Using 72 Using the Wizard through your Browser 72 W Wizard 34 ...

Страница 449: ...This page has been left intentionally blank ...

Страница 450: ... Copyright 2002 Black Box Corporation All rights reserved 1000 Park Drive l Lawrence PA 15055 1018 l 724 746 5500 l Fax 724 746 0746 ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды