Cyclades AlterPath ACS Скачать руководство пользователя страница 80 | Manualshive

Страница: 80 / 420

Page 80

background image

64

Authentication

3.2 Kerberos Authentication

Kerberos is a computer network authentication protocol designed for use on insecure
networks, based on the key distribution model. It allows individuals communicating
over a network to prove their identity to each other while also preventing eavesdropping
or replay attacks, and provides for detection of modification and the prevention of
unauthorized reading

Kerberos Server Authentication with Tickets support

The ACS has support to interact on a kerberized network. You can find in the next lines
a brief explanation about how kerberos works. Later in this section, a practical a step by
step example will be presented.

How Kerberos Works

On a kerberized network, the Kerberos database contains principals and their keys (for
users, their keys are derived from their passwords). The Kerberos database also contains
keys for all of the network services.

When a user on a kerberized network logs in to their workstation, their

principal

is sent

to the Key Distribution Center (

KDC

) as a request for a Ticket Granting Ticket (

TGT

).

This request can be sent by the login program (so that it is transparent to the user) or can
be sent by the kinit program after the user logs in.

The KDC checks for the

principal

in its database. If the principal is found, the KDC

creates a TGT, encrypts it using the user's key, and sends it back to the user.

The login program or

kinit

decrypts the

TGT

using the user's key (which it computes

from the user's password). The

TGT

, which is set to expire after a certain period of time,

is stored in your credentials cache. An expiration time is set so that a compromised

TGT

can only be used for a certain period of time, usually eight hours (unlike a compromised
password, which could be used until changed). The user will not have to re-enter their
password until the

TGT

expires or they logout and login again.

When the user needs access to a network service, the client uses the

TGT

to request a

ticket for the service from the Ticket Granting Service (

TGS

), which runs on the

KDC

.

The

TGS

issues a ticket for the desired service, which is used to authenticate the user.

Configuring ACS to use Kerberos Tickets authentication

For this example we will consider that a kerberos server with ticket support is properly
configured in the network. The manual will only approach the ACS configuration.

Here we will assume that the kerberos server has the following configuration:

«
...
78
79
80
81
82
...
»

Содержание AlterPath ACS

Страница 1: ...ce Guide Software Version 2 6 0 Cyclades Corporation 3541 Gateway Boulevard Fremont CA 94538 USA 1 888 CYCLADES 292 5233 1 510 771 6100 1 510 771 6200 fax http www cyclades com Release Date November 2...

Страница 2: ...registered or registration pending trademarks of Cyclades Corporation in the United States and other countries Cyclades and AlterPath All trademarks trade names logos and service marks referenced here...

Страница 3: ...s 10 Hypertext Links 10 Glossary Entries 10 Quick Steps 10 Parameter Syntax 10 Brackets and Hyphens dashes 11 Ellipses 11 Pipes 11 Greater than and Less than signs 11 Spacing and Separators 11 Caution...

Страница 4: ...to your unit 27 CLI Mode ts_menu 27 Data Buffering 29 Ramdisks 29 Linear vs Circular Buffering 29 How to Configure 30 VI mode Parameters Involved and Passed Values 30 CLI Method Data Buffering 32 Men...

Страница 5: ...n 61 nsswitch conf file format 62 Examples 63 Kerberos Authentication 64 Kerberos Server Authentication with Tickets support 64 How Kerberos Works 64 Configuring ACS to use Kerberos Tickets authentica...

Страница 6: ...l Certificate 93 X 509 Certificate on SSH 94 To configure X 509 certificate for SSH 94 vi Mode 94 CLI Mode 95 Script Mode 95 To connect to ACS using SSH X 509 certificate 96 To connect to ACS s serial...

Страница 7: ...bles 121 Table 121 Chain 121 Rule 122 Syntax 122 Command 123 Rule Specification 124 Match Extensions 126 TCP Extensions 127 UDP Extensions 128 ICMP Extension 128 Multiport Extension 128 Target Extensi...

Страница 8: ...148 Chapter 5 Administration 151 SNMP 151 Configuration 153 VI Method Involved parameters and passed values 153 CLI Method SNMP 155 CronD 157 How to configure 157 Dual Power Management 160 Syslog ng 1...

Страница 9: ...ized Configuration 194 Date Time and Timezone 195 Date and Time 195 CLI Method Date and Time 195 Setting Local Timezone 196 Configuring using set_timezone 196 Configuring Using CLI 198 NTP Network Tim...

Страница 10: ...thorized Users firmware version prior to 2 2 0 238 Adding an user of the pmusers group 238 Changing the group of an already existing user 238 pm command 240 Turning the outlet off 242 Locking the outl...

Страница 11: ...your ISDN PC Card 271 Establishing a Callback with your ISDN PC Card 2nd way 273 CLI Method ISDN PCMCIA 275 Media Cards 277 How it works 277 VI Method Configuration 278 CLI Method Media Cards PCMCIA...

Страница 12: ...re 329 VI mode Parameters Involved and Passed Values 330 Server Commands 333 IPMI Configuration 335 How it works 335 IPMI ipmitool 335 Line Printer Daemon 339 CAS Port Pool 341 How to Configure it 341...

Страница 13: ...sh Memory Loss 364 Hardware Test 365 Port Test 366 To start the Port test 366 Port Conversation 367 Test Signals Manually 367 Single User Mode 368 Using a different speed for the Serial Console 369 Se...

Страница 14: ...ra Cable 383 Adapters 384 Loop Back Connector for Hardware Test 384 Cyclades Sun Netra Adapter 385 RJ 45 Female to DB 25 Male Adapter 385 RJ 45 Female to DB 25 Female Adapter 385 RJ 45 Female to DB 9...

Страница 15: ...ss Server CAS 395 Console Port 395 Cluster 395 Flash 395 In band network management 395 IP packet filtering 396 KVM Switch KVM 396 Mainframe 396 MIBs 396 Out of band network management 396 Off line da...

Страница 16: ...xvi Table of Contents...

Страница 17: ...ntenance of the ACS It assumes that the reader understands networking basics and is familiar with the terms and concepts used in Local and Wide Area Networking UNIX and Linux users will find the confi...

Страница 18: ...erPath ACS is based on an embedded Linux operating system Configurations are done using the vi text editor or the Command Line Interface CLI If you are f new to Linux it is advisable to refer to the A...

Страница 19: ...e ACS prompt to change the hostname you can directly do root CAS root bin CLI config network hostsettings hostname host_name Both modes are oriented by keywords that allow the moving from one state to...

Страница 20: ...ist fetching the next command same as down arrow key Ctrl p Move back through the history list fetching the previous command same as up arrow key The command history buffer is only available for the l...

Страница 21: ...o type m for more b for back or q for quit show Display the configuration parameter s It s valid only in configuration state For example the following displays some configurations for port 1 cli confi...

Страница 22: ...ay when they log into the ACS If user root is configured to have bin CLI as their default shell he she can still have access to the ACS shell prompt by executing the command shell from the CLI Any oth...

Страница 23: ...onnection menu pm To access the ACS power management menu view To display the data buffer files for a serial port config administration bootconfig To configure boot configuration parameters date time...

Страница 24: ...flash savetoflash To save the configuration changes to flash security To configure security profiles and authentication servers virtualports To cascade multiple AltherPath ACS console servers portStat...

Страница 25: ...nistration and maintenance related features Power Management with AlterPath PM Integration involves features for those who have an IPDU being controlled by the ACS PCMCIA Cards Integration this chapte...

Страница 26: ...ck on them in the PDF version of the manual you will be taken to that section Glossary Entries Terms that can be found in the glossary are underlined and slightly larger than the rest of the text Thes...

Страница 27: ...ed by this character should be used in the command Example netstat statistics s tcp t udp u raw w When a configuration parameter is defined the Linux command syntax conventions will be also used with...

Страница 28: ...tional or cautionary information that the reader especially needs to bear in mind There are three levels of information WARNING A very important type of tip or warning Do not ignore this information I...

Страница 29: ...13 This page has been left intentionally blank...

Страница 30: ...14 Preface...

Страница 31: ...the basic network configuration to make AlterPath ACS available on the network In addition it provides procedures to login change the default password and setup the security profile Configuring networ...

Страница 32: ...ord tslinux before setting up the ACS for secure access to the connected servers or devices Password Change the root password The default etc passwd file has the user root with password tslinux You sh...

Страница 33: ...s follows Single password for ROOT All serial port DISABLED DHCP Telnet SSHv1 SSHv2 and HTTP HTTPS enabled Cyclades STRONGLY recommends 1 To change the ROOT password before setting up the box for secu...

Страница 34: ...then ACS will default to 192 168 160 10 Step 5 Change the default static IP address see your network administrator to obtain a valid IP address C O N F I G U R A T I O N W I Z A R D Current configurat...

Страница 35: ...nfiguration parameters appear Step 10 Enter y after the prompts shown in the following screen example Step 11 To confirm the configuration enter the ifconfig command Domain name cyclades com domain_na...

Страница 36: ...Serial Ports ICMP and HTTP redirection to HTTPS Open Enables all services Telnet SSHv1 SSHv2 HTTP HTTPS SNMP RPC ICMP and Telnet SSH and Raw connections to Serial Ports Default Sets the profile to the...

Страница 37: ...ollowing syntax custom protocol yes no To display the current configuration as shown in the following figure enter custom show custom show custom ftp no telnet no ssh ssh_x509 CA_file hostkey authoriz...

Страница 38: ...ave root CAS portslave vi pslave conf Step 2 Navigate to Port specific parameters to uncomment the sxx tty and enable the serial ports Port specific parameters s1 tty ttyS1 s2 tty ttyS2 s3 tty ttyS3 s...

Страница 39: ...uce all the possible ways to access the serial ports of the ACS From this point is considered that the unit is properly configured using one of the possible profiles CAS or TS More information about h...

Страница 40: ...55 255 255 0 CAS configuration socket_server in all ports access method is Telnet 9600 bps 8N1 No Authentication Opening and closing a Telnet session to a serial port To open a Telnet session to a ser...

Страница 41: ...HCP To close the SSH session press the hotkey defined for the SSH client followed by a The default is Make sure you enter the escape character followed by a at the beginning of a line to close the SSH...

Страница 42: ...sage stating Read only mode is provided in case the user attempts to interact with that port Note however that a real sniff session the user isn t the first one to log to a certain port is only allowe...

Страница 43: ...menu from a Telnet SSH session to your unit You have to be sure that a different escape character is used for exiting your Telnet SSH session otherwise if you were to exit from the session created thr...

Страница 44: ...d only mode run the following command cli applications connect readonly consolename consolename The connection is made to the device and a Read only mode message is displayed To make a direct connecti...

Страница 45: ...this file is not limited by the value of the parameter s1 data_buffering though the value cannot be zero since a zero value turns off data buffering The conf nfs_data_buffering parameter format is ser...

Страница 46: ...the maximum file size is reached the oldest 10 of stored data is discarded releasing space for new data FIFO system circular file When remote data buffering is used there s no maximum file size other...

Страница 47: ...on a line containing the time stamp the username the event itself connection disconnection and the type of session Read Write or Read Only will be added to the data buffering file every time a user co...

Страница 48: ...a user connects to the port that is sending data syslog messages stop being generated all dont_show_DBmenu When zero a menu with data buffering options is shown when a user connects to a port with a n...

Страница 49: ...is parameter must be greater than zero otherwise all parameters relating to data buffering are disregarded showmenu Controls the DB menu options Valid values are yes no noerase file syslogsize Maximum...

Страница 50: ...will connect to the ACS using a serial terminal The user will then automatically receive a menu similar to that shown below The user selects the option required to connect to the desired server or to...

Страница 51: ...new menu option Action can be telnet host_ip or ssh l username host_ip where host_ip is the IP address of the server to connect to Step 3 Save the changes Save the changes made by choosing the fifth o...

Страница 52: ...where the serial terminal is attached must be configured for login with authentication local Configure the following lines s x protocol login s x authtype local Where x is the port number being config...

Страница 53: ...o 192 168 100 3 terminalmenu add actionname Server1 command telnet 192 168 100 3 You can also open a SSH connection to the desired server to do that substitute the telnet host_ip by ssh l username hos...

Страница 54: ...ster and two Slave is shown in the following figure Figure 2 1 An example using the Clustering feature How to Configure Clustering The Master ACS must contain references to the Slave ports The configu...

Страница 55: ...r_ssh all authtype Depends on the application Radius local none remote TacacsPlus Ldap kerberos local Radius radius local local TacacsPlus TacacsPlus local RadiusDownLocal LdapDownLocal NIS s33 tty Th...

Страница 56: ...of_Slave slave_socket_port for non Master ports The value 7301 was chosen arbitrarily for this example 20 20 20 3 7301 S65 alias An alias for this port server_on_slave2_ serial_s1 S65 ipno See s33 ipn...

Страница 57: ...To activate the changes issue the command runconf To save the changes run the command saveconf Step 5 Accessing the ports To access ports from the remote management workstation use Telnet with the sec...

Страница 58: ...7301 SSH can also be used from the remote management workstation To access the third port of Slave 2 ssh l username Server_on_slave2_serial_s3 209 81 55 110 To access the fifth port of Slave 2 ssh l u...

Страница 59: ...le or disable the clustering via the NAT table This parameter should be configured with the IP address used to access the serial ports The NAT clustering will work regardless of the interface where th...

Страница 60: ...issue an iptables command to view change at his own risk or delete the rules in the nat table If the administrator issues a fwset restore command he must also execute the command runconf to recover th...

Страница 61: ...port The master_port will define at least the Slave box with which a connection is desired For example you may use the following commands ssh l username1 server1 p 7101 master_ip ssh l username2 serve...

Страница 62: ...lustering ports with the SSH command option p port you must assign an IP address to the serial port Do not omit the parameter socket_port in the Master box General Configuration The configuration of c...

Страница 63: ...the public IP conf eth_ip 64 186 161 108 conf eth_mask 255 255 255 0 conf eth_mtu 1500 Secondary ethernet IP address conf eth_ip_alias 192 168 170 1 conf eth_mask_alias 255 255 255 0 Local CAS serial...

Страница 64: ...et_server ports s65 tty 192 168 170 3 7101 s66 tty 192 168 170 3 7102 s96 tty 192 168 170 3 7132 s65 socket_port 8001 s66 socket_port 8002 s96 socket_port 8032 Remote CAS serial ports slave 3 32 socke...

Страница 65: ...otocol socket_ssh all authtype local s 1 32 tty ttyS 1 32 s 1 32 alias slave 1 port 1 32 Slave 2 box Configuration Primary ethernet IP address conf eth_ip 192 168 170 3 conf eth_mask 255 255 255 0 con...

Страница 66: ...that no special connection is needed between the boxes All you need is to connect them in the same physical network To configure one ACS as master to control other ACS slave using the CLI just follow...

Страница 67: ...setting the tcp port The value for the example is 7005 remoteip The IP address of the master box The value for this example is 172 22 65 2 firstremotetcpport Where tcp port numbering starts in the mas...

Страница 68: ...52 Device Access...

Страница 69: ...ying an individual usually based on a username and password In security systems authentication is distinct from authorization which is the process of giving individuals access to system objects based...

Страница 70: ...is selected Local authentication is performed using the etc passwd file Remote This is for a terminal profile only The unit takes in a username but does not use it for authentication Instead it passe...

Страница 71: ...erver is down TacacsPlusDownLocal local authentication is tried only when the TacacsPlus server is down Kerberos Local Kerberos authentication is tried first switching to Local if unsuccessful Kerbero...

Страница 72: ...eters for each type of authentication server is stored in its own configuration file on ACS Step 3 Activating and saving the changes made To activate the changes issue the command runconf To save the...

Страница 73: ...cli config physicalports access authtype value For physicalports specify a port number select a range or enter all For example physicalport 4 physicalports 1 8 or physicalports all Step 3 To see the...

Страница 74: ...his options allows you to get the user s public key via scp The user must be enrolled in the local database of the unit You must specify the user name username and the url url The url must follow this...

Страница 75: ...st of authentication server types from authentication press the tab to see the list of possible values The following list of authentication types appears nisserver radiussecret tacplusauthsvr1 radiust...

Страница 76: ...sent by the radius server If the radius server does not send the NAS Port Id attribute no check is performed No configuration is needed for the ACS However the authentication type must be radius Authe...

Страница 77: ...e etc nsswitch conf file System Databases and Name service Switch configuration file to include the NIS in the lookup order of the databases Step 4 Configure the parameter all sxx authype as local How...

Страница 78: ...by uncommenting the line that performs a ypbind upon startup nsswitch conf file format The etc nsswitch conf file has the following format database service actions service where database available al...

Страница 79: ...l database If the user is not found then use NIS passwd files nis shadow files nis group files nis 5 You wish to authenticate the user first using NIS If the user is not found then use the local datab...

Страница 80: ...am so that it is transparent to the user or can be sent by the kinit program after the user logs in The KDC checks for the principal in its database If the principal is found the KDC creates a TGT enc...

Страница 81: ...h the same name as the principal configured in the Kerberos server adduser john Step 5 Configure the krb5 conf file The etc krb5 conf file must be exactly the same as the one that is in the Kerberos s...

Страница 82: ...ROS SERVICES klogin stream tcp nowait root usr sbin tcpd usr local sbin klogind ki telnet stream tcp nowait root usr sbin tcpd usr local sbin telnetd Step 2 Restart the inetd service by issuing the co...

Страница 83: ...orwardable tickets to connect to the ACS ports using ts_menu rlogin l john acs48 2 cyclades com F Then run ts_menu to access the desired serial port Step 7 Connecting via Telnet to the ACS itself with...

Страница 84: ...y all the changes needed in this file are related to the network domain Substitute all listed parameters that are configured with cyclades com with the correspondent domain of your network Below is an...

Страница 85: ...sly configured in the Kerberos server In the ACS run the command w The response for this command will be something like this 1 03pm up 57 min 1 user load average 0 00 0 00 0 00 USER TTY FROM LOGIN IDL...

Страница 86: ...70 Authentication Step 5 Saving changes To save the configuration run the command saveconf...

Страница 87: ...o load these packages from your distribution CD ROM or via Internet Step 2 Go to the directory etc openldap or usr local etc openldap Change the directory running the following command cd usr local et...

Страница 88: ...oto sn Fujimoto userPassword bithelio To list the entries include usr local etc openldap schema core schema include usr local etc openldap schema cosine schema pidfile usr local var slapd pid argsfile...

Страница 89: ...slave pslave conf Step 2 Configure the etc ldap conf file Edit the following parameters Step 3 Activating and saving the changes made To activate the changes issue the command runconf To save the chan...

Страница 90: ...is enabled users are denied access unless they have the proper authorization which must be set on the TACACS server itself Configuring Authorization with a TACACS Server CLI Step 1 In CLI mode enter t...

Страница 91: ...he Linux Fedora Core 3 The location of this configuration file may be different on other Linux distributions Step 1 On the TACACS server open the file etc tacacs tac_plus cfg Step 2 Edit the following...

Страница 92: ...used whether the user is allowed or denied access when the raccess parameter is set on the ACS Only users who have this parameter set to raccess will have authorization to access the specified ports r...

Страница 93: ...acplus conf file authhost1 192 168 160 21 accthost1 192 168 160 21 secret secret encrypt 1 service ppp protocol lcp timeout 10 retries 2 authhost1 This address indicates the location of the TacacsPlus...

Страница 94: ...entication fails Configuring the authorization on ACS to access the serial ports CLI In CLI mode enter the following string 1 cli config security authentication tacplusraccess yes 2 cli config physica...

Страница 95: ...lades 3 5 You should configure both parametres auth1 and acct1 Multiple radius servers can be configured in this file The servers are tried in the order in which they appear If a server fails to respo...

Страница 96: ...80 Authentication Save the configuration to flash 2 cli config savetoflash...

Страница 97: ...e a user request via the locally available authentication modules The modules themselves will usually be located in the directory lib security and take the form of dynamically loadable object files Th...

Страница 98: ...r in the configuration file These modules when called by Linux PAM perform the various authentication tasks for the application Textual information required from or offered to the user can be exchange...

Страница 99: ...s The meaning of each of these tokens is explained below After the meaning of the above tokens is explained the method will be described Token Description File name The service name associated with th...

Страница 100: ...e success or failure of the module it is associated with Since modules can be stacked modules of the same type execute in series one after another the control flags determine the relative importance o...

Страница 101: ...ssword in a hostile environment Sufficient The success of this module is deemed sufficient to satisfy the Linux PAM library that this moduletype has succeeded in its purpose In the event that no previ...

Страница 102: ...m_open_session function and completes it when pam_close_session is called This module can also display a line of information about the last login of the user If an application already performs these t...

Страница 103: ...ncipally for logging information about a proposed authentication or application to update a password pam_krb5 The Kerberos module currently used is pam_krb5 This PAM module requires the MIT 1 1 releas...

Страница 104: ...no_warn Instruct module to not give warning messages to the application use_first_pass The module should not prompt the user for a password Instead it should obtain the previously typed password from...

Страница 105: ...r s full name when asking them for a password in a secured environment could also be called being friendly The expose_account argument is a standard module argument to encourage a module to be less di...

Страница 106: ...soon as possible The AlterPath ACS has support for Shadow Passwords which enhances the security of the system authentication files For ACS release 2 6 Shadow Passwords are enabled by default If you a...

Страница 107: ...quired The other requested information can be skipped The certificate signing request CSR generated by the command above contains some personal or corporate information and its public key Step 2 Submi...

Страница 108: ...ll Cert cer for example purposes The certificate is also stored on a directory server The certificate must be installed in the GoAhead Web server by following these instructions Step 3 1 Open a Termin...

Страница 109: ...eq_key file and update the user data with your organization specific data Step 2 Remove the files etc ca pem Step 3 Execute the following script bin firstkssl sh Step 4 Reboot ACS or restart theWeb Ma...

Страница 110: ...icate and added to the AuthorizedKeyFile in sshd_config file Step 2 1 Use the following command to extract the client identification openssl x509 noout subject in cli_cert crt Step 2 2 Change subject...

Страница 111: ...horized keys For example ssh_x509 CA_file etc ssh ca bundle crt ssh_x509 hostkey etc ssh hostkey ssh_x509 authorizedkeys etc ssh authorized_keys To check the configuration enter the following command...

Страница 112: ...9 certificate Step 3 Copy the certificate files to ACS See Certificate for HTTP Security if needed To check if the file was copied run the following command at the prompt root acs48 root ls l etc ssh...

Страница 113: ...AlterPath ACS Command Reference Guide 97 Authentication Step 4 Configure the serial ports for socket_ssh protocol and assign the IP address of the connected device...

Страница 114: ...98 Authentication...

Страница 115: ...Filters and Network Address Translation VPN Configuration 4 2 Basic Network Settings This section will show how to configure basic network parameters This includes configuration of ip addresses netma...

Страница 116: ...tmask This section will show how to configure the IP address and network mask in the unit These settings can be made using both methods VI and CLI VI mode To set the IP address if DHCP client is disab...

Страница 117: ...chine Using the Windows OS open a command prompt window type in the following and then press Enter ping IP assigned to the ACS by DHCP or you An example would be ping 192 168 160 10 If you receive a r...

Страница 118: ...0 as IP address and 255 255 255 0 as mask To configure it follow the steps below Step 1 Open the CLI interface by issuing the command CLI Step 2 Configuring the unit s IP address cli config network ho...

Страница 119: ...ction the ACS should take in case the DHCP Server does not answer the IP address request 1 No action is taken and no IP address is assigned to the Ethernet Interface most common configuration Step 1 I...

Страница 120: ..._cmd already has such content Step 5 Add all other necessary options to the file etc network dhcpcd_cmd some options are described later in this section In both cases if the IP address of the ACS or t...

Страница 121: ...md Contains a command that activates the DHCP client used by the cy_ras program Its factory contents are bin dhcpcd c bin handle_dhcp The options available that can be used on this command line are D...

Страница 122: ...106 Network Step 4 Save the configuration cli config savetoflash Step 5 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cli quit...

Страница 123: ...g syntax route add del net host target netmask mask gw gateway metric metric Action Option Description add del One of these tags must be present Routes can be either added or deleted net host Net is f...

Страница 124: ...o the 192 168 0 1 IP address just ONE of the above commands must be inserted into the file etc network st_routes Step 3 Save the changes made To save the changes run the following command saveconf CLI...

Страница 125: ...th ACS Command Reference Guide 109 Network Step 4 Save the configuration cli config savetoflash Step 5 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cl...

Страница 126: ...edit this file to do this run the command vi etc resolv conf Step 2 Configure the etc resolv conf file The syntax of this file must be as the following example Step 3 Save the configuration To save a...

Страница 127: ...ork hostsettings primdnsserver 192 168 0 2 NOTE This parameter is disregarded when DHCP is enabled Step 4 Activate the configuration cli config runconfig Step 5 Save the configuration cli config savet...

Страница 128: ...ssions are kept up with no interruption VI mode To set the failover Ethernet bonding edit the etc bonding opts file To configure it follow the steps below Step 1 Open the etc bonding opts file It is n...

Страница 129: ...abled yes To disabled fail over bonding type the following command bonding enabled no NOTE This parameter is disregarded when DHCP is enabled Step 4 Configure the interval in milliseconds in which the...

Страница 130: ...ailover is enabled Step 9 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cli quit Step 10 Check the bonding configuration To check if the feature is act...

Страница 131: ...ink encap Ethernet HWaddr 00 60 2E 00 4F 97 inet addr 172 20 0 131 Bcast 172 20 255 255 Mask 255 255 0 0 UP BROADCAST RUNNING SLAVE MULTICAST MTU 1500 Metric 1 RX packets 237695 errors 0 dropped 0 ove...

Страница 132: ...interface For example There is a rule to drop the SSH packets to access the ACS box with no Bonding root CAS iptables A INPUT p tcp dport 22 i eth0 j REJECT If you activate Bonding you need to change...

Страница 133: ...ld also contain IP addresses and host names for other hosts in the network The syntax of this file is the following Enter as many hosts as necessary following the above syntax Step 2 Saving the config...

Страница 134: ...p 3 Activate the configuration cli config runconfig Step 4 Save the configuration cli config savetoflash Step 5 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following c...

Страница 135: ...osed VI mode The configuration is done in the file bin init_proc_fs using the linux proc filesystem CLI Method TCP Keep Alive Step 1 Open the CLI interface by issuing the command CLI Enable TCP keepal...

Страница 136: ...s pool interval cli config physicalports all other tcpkeepalive 50 Step 3 Activate the configuration cli config runconfig Step 4 Save the configuration cli config savetoflash Step 5 Exiting the CLI mo...

Страница 137: ...ustering one Master Console server works as the interface between the global network and the slave Console servers The ACS uses the Linux utility iptables to set up maintain and inspect both the filte...

Страница 138: ...n be accepted blocked logged or jumped to a user defined chain For the nat table the packet can also have its source IP address and source port altered for the POSTROUTING chain or have the destinatio...

Страница 139: ...will fail Rules are numbered starting at 1 I insert Insert one or more rules in the selected chain as the given rule number Thus if the rule number is 1 the rule or rules are inserted at the head of t...

Страница 140: ...ocols or a different one A protocol name from etc protocols is also allowed A argument before the protocol inverts the test The number zero is equivalent to all Protocol all will match with all protoc...

Страница 141: ...the INPUT and FORWARD chains When the argument is used before the interface name the sense is inverted If the interface name ends in a then any interface which begins with this name will match If thi...

Страница 142: ...but see the x flag to change this For appending insertion deletion and replacement this causes detailed information on the rule or rules to be printed n numeric Numeric output IP addresses and port n...

Страница 143: ...n tcp flags mask comp Match when the TCP flags are as specified The first argument is the flags which we should examine written as a comma separated list and the second argument is a comma separated l...

Страница 144: ...n of the TCP extension for details destination port port port Destination port or port range specification See the description of the destination port option of the TCP extension for details Table 4 6...

Страница 145: ...P header fields via the kernel log where it can be read with syslog ng LOG extension Description log level level Level of logging numeric or see syslog conf 5 log prefix prefix Prefix log messages wit...

Страница 146: ...eturn the appropriate ICMP error message port unreachable is the default The option echo reply is also allowed it can only be used for rules which specify an ICMP ping packet and generates a ping repl...

Страница 147: ...P address of the interface the packet is going out on but also has the effect that connections are forgotten when the interface goes down This is the correct behavior when the next dialup is unlikely...

Страница 148: ...mmand is executed at boot to invoke the last configuration saved VI method Step 1 Execute fwset restore This script will restore the IP Tables chains and rules configured in the etc network firewall f...

Страница 149: ...spects this is the same thing as a VPN but here one or both sides have a degenerated subnet only one machine Applications of IPsec Because IPsec operates at the network layer it is remarkably flexible...

Страница 150: ...ns however Openswan supports Road Warrior connections just fine Before you start This is a quick guide to set up two common configurations VPN and Road Warrior There are two examples a Road Warrior us...

Страница 151: ...ystem s public key for RSA only The ID that system uses in IPsec negotiation To get system s public key in a format suitable for insertion directly into the Console Server s ipsec conf file issue this...

Страница 152: ...n of the line All other lines after that line must be indented by 1 TAB This is MANDATORY pre configured link to Console Server conn us to acs information obtained from Console Server admin left 1 2 3...

Страница 153: ...conn gate xy must start on the FIRST column of the line All other lines after that line must be indented by 1 TAB This is MANDATORY conn gate by left 1 2 3 4 leftid acs example com leftrsasigkey 0s1L...

Страница 154: ...figure the left and right ipsec rsa keys Instead of typing copy paste the entire rsa key in the fields leftrsasigkey and rightrsasigkey inside the etc ipsec conf file the administrator can just type i...

Страница 155: ...e authentication keys and how to exchange keys between systems Generating an RSA key pair The Console Server doesn t have an RSA key pair by default It will be generated on the first reboot after you...

Страница 156: ...anage all tunnels and manage IPsec itself This section will show you a few commands that have proven to be useful when managing IPsec and IPsec connections The IPsec Daemon The IPsec daemon PLUTO is t...

Страница 157: ...its negotiation as explained in the next section Starting and Stopping a Connection All the connections can be negotiated at boot time if these connections have the auto parameter set to start However...

Страница 158: ...y the ipsec auto up command You can use this command if the up command doesn t show anything on the screen it can happen depending on the ACS syslog configuration The IPsec Configuration Files in Deta...

Страница 159: ...name is an arbitrary name which distinguishes the section from others of the same type Names must start with a letter and may contain only letters digits periods underscores and hyphens All subsequen...

Страница 160: ...types of sections a config section specifies general configuration information for IPsec while a conn section specifies an IPsec connection Conn Sections A conn section contains a connection specifica...

Страница 161: ...that both left and leftnexthop are to be filled in by automatic keying from DNS data for left s client left local and right remote subnet Private subnet behind the left and right participants express...

Страница 162: ...cessful negotiation to expiry Acceptable values are an integer optionally followed by s a time in seconds or a decimal number followed by m h or d a time in minutes hours or days respectively default...

Страница 163: ...already on as IPsec is started and turn it off again if it was off as IPsec is stopped Acceptable values are yes and the default no klipsdebug How much KLIPS debugging output should be logged An empty...

Страница 164: ...is PMTU estimate Acceptable values are yes the default and no packetdefault What should be done with a packet which reaches KLIPS via a route into a virtual interface but does not match any route Acce...

Страница 165: ...ig runconfig Step 4 Save the configuration cli config savetoflash Step 5 Connection management Parameter Values connectionname name Edit mode only authprotocol esp ah authmethod rsa secret rightid id...

Страница 166: ...to manage the VPN connections in the prompt shell The CLI does not provide management utilities Find more information on IPsec Management on page 140 Step 6 Exiting the CLI mode To exit the CLI mode...

Страница 167: ...messages called protocol data units PDUs to different parts of a network SNMP compliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to...

Страница 168: ...ead only to add the line rouser username eg rouser usersnmp If the user has permission to read and write to add the line rwuser username eg rwuser usersnmp a Include the following line in etc config_f...

Страница 169: ...C2576 Coexistence between Version 1 Version 2 and Ver sion 3 of the Internet standard Network Management Frame work 4 Private UCD SNMP mib extensions enterprises 2021 Information about memory utilizat...

Страница 170: ...file This is a read only access to the MIB Management Information Base values rocommunity public default hostname or network mask 1 2 Save the configuration changes in the snmp conf file root CAS roo...

Страница 171: ...ermission ro read only source allowed host 192 168 0 200 a Configuring SNMP v3 cli config network snmp v3 add username john password john1234 oid 1 permission ro The command presented above will confi...

Страница 172: ...nmpwalk v 3 u john l authpriv a MD5 A john1234 x DES X john1234 192 168 0 1 1 a Save the configuration cli config savetoflash a Exiting the CLI mode To exit the CLI mode and return to ACS s shell type...

Страница 173: ...d by the source file explained above The following parameters are created in the etc crontab_files file status Active or inactive If this item is not active the script will not be executed user The pr...

Страница 174: ...date time and their tasks If there s a match the command is executed The system crontab has an additional field User that tells cron with which user id the command should be executed The fields are Mi...

Страница 175: ...igures which file contains information about which scripts are going to be run Activate the daemon by editing the etc crontab_files changing the line like below active root etc tst_cron src a Edit the...

Страница 176: ...wdt_led sh and remove the keyword buzzer The buzzer won t sound if there is a power failure in any power supply This parameter does not affect the behavior of the command signal_ras buzzer on off To m...

Страница 177: ...pager e mail or syslogs to remote servers There are five steps required for configuring syslog ng Step 1 Define Global Options Step 2 Define Sources Step 3 Define Filters Step 4 Define Actions Destina...

Страница 178: ...log ng in the options statement options opt1 params opt2 params where optN can be any of the following Table 5 1 Global Options parameters Syslog ng configuration Option Description time_reopen n The...

Страница 179: ...the threshold value for the garbage collector when syslog ng is idle GC phase starts when the number of allocated objects reach this number Default 100 gc_busy_threshold n Sets the threshold value for...

Страница 180: ...t 10 tcp options and udp options These drivers let you receive messages from the network and as the name of the drivers show you can use both TCP and UDP None of tcp and udp drivers require positional...

Страница 181: ...mple to listen to messages from one client IP address 10 0 0 1 on UDP port 999 source s_udp_10 udp ip 10 0 0 1 port 999 a Define filters To define filters use this statement filter identifier expressi...

Страница 182: ...ter f_alert level alert 3 To filter by matching one string in the received message filter f_match match string Example to filter by matching the string named filter f_named match named 4 To filter ALA...

Страница 183: ...vel info and match ALARM and match root login 5 To eliminate SSHD debug messages filter f_sshd_debug not program sshd or not level debug 6 To filter the syslog_buffering filter f_syslog_buf facility l...

Страница 184: ...og ng It allows you to output log messages to the named file The destination filename may include mac ros by prefixing the macro name with a sign which gets expanded when the message is written Since...

Страница 185: ...ptions log_fifo_size number The number of entries in the output file sync_freq number The file is synced when this number of messages has been written to it owner name group name perm mask Equals glob...

Страница 186: ...age use this macro FULLDATE The complete date when the message was sent FACILITY The facility of the message PRIORITY or LEVEL The priority of the message udp ip address port number and tcp ip address...

Страница 187: ...tion ident pipe dev cyc_alarm template sendsms pars where ident uniquely identify this destination pars d mobile phone number m message max size 160 characters u username to login on sms server p port...

Страница 188: ...xt field it is a string message max size 250 characters Example to send a Link Down trap to server at 10 0 0 1 with message carrying the current date the hostname of this ACS and the message that was...

Страница 189: ...message coming from one of the listed sources A match for each of the filters is sent to the listed destinations log source S1 source S2 filter F1 filter F2 destination D1 destination D2 where Sx Iden...

Страница 190: ...o send e mail and pager if message received from local syslog client has the string root login log source sysl filter f_root destination d_mail1 destination d_pager 6 To send messages with facility ke...

Страница 191: ...hod 1 Configure pslave conf parameters In the pslave conf file the facility parameter is configured as local syslog clients source src unix stream dev log destination d_buffering udp 10 0 0 1 filter f...

Страница 192: ...00 200 1 You can repeat this step as many times as necessary depending on the quantity of remote servers you want to add local syslog clients source src unix stream dev log remote server 1 IP address...

Страница 193: ...ference Guide 177 Administration a Activate the configuration cli config runconfig a Save the configuration cli config savetoflash a Exit the CLI mode To exit the CLI mode and return to ACS s shell is...

Страница 194: ...e syslog messages are generated as a result of specific actions or conditions are as follows ACS generates syslog messages when the following conditions are met Table 5 5 ACS Syslog Messages Format Le...

Страница 195: ...nt cur rent detected threshold threshold config ured alert PMD Serial Port p One or more IPDUs were removed from the chain This chain has now X IPDUs and Y out lets alert AUTH User xyz login failed al...

Страница 196: ...se then to detected if the modem is still powered on and active The DCD signal will be monitored and a syslog message will be generated whenever the state of the signal changes The syslog message can...

Страница 197: ...ages generated when DCD goes on off that is s_kernel You can follow the table on page 178 to create filters and or trigger alarms Examples To configure the examples given below edit the etc syslog ng...

Страница 198: ...Generating messages and sending them to console if the DCD signal changes its state filter f_dcdchg level alert and match PORT DCD destination console usertty root log source s_kernel filter f_dcdchg...

Страница 199: ...are conf DB_facility This value 0 7 is the Local facility sent to the syslog ng with data when syslog_buffering and or alarm is active all alarm When nonzero all data received from the port is cap tu...

Страница 200: ...application Example 1 To send all messages received from local syslog clients to console Insert the lines below at the END of the file syslog ng conf file keeping all lines above commented Example 2...

Страница 201: ...estination d_message file var log messages log source sysl source s_udp filter f_messages destination d_messages File Description 5 17 part of the etc syslog ng syslog ng conf file source sysl unix st...

Страница 202: ...ion The CLI interface allows the configuration of alarm notifications when is an event is generated in any port of the ACS Generating alarms for the ACS itself is not customizable using the CLI interf...

Страница 203: ...enable this option otherwise messages received in the ports will be ignored and not treated by Syslog ng cli config administration notifications alarm yes a Add the trigger string Here you need to con...

Страница 204: ...188 Administration To exit the CLI mode and return to ACS s shell issue the command cli quit...

Страница 205: ...e login banner that is issued when a connection is made to the ACS n represents a new line and r represents a carriage return Expansion characters can be used here Value for this Example r n Welcome t...

Страница 206: ...r 1 3 from port 1 to 3 a Activate the configuration cli config runconfig a Save the configuration cli config savetoflash a Exit the CLI mode To exit the CLI mode and return to ACS s shell issue the co...

Страница 207: ...e the common file that is placed in a management host This same file would be downloaded into all ACS boxes each of those boxes would include a tiny config file and that big common file In this applic...

Страница 208: ...3 unit1 File Description 5 22 Unit 1 etc hostname file conf eth_ip 10 0 0 1 conf eth_mask 255 0 0 0 conf include etc portslave TScommon conf File Description 5 23 Unit 1 etc portslave portslave conf f...

Страница 209: ...t_config unit3 and before conf host_config end conf eth_ip 10 0 0 3 conf eth_mask 255 0 0 0 conf include etc portslave TScommon conf File Description 5 27 Unit 3 etc portslave portslave conf file conf...

Страница 210: ...Make sure to put it in the directory set in the pslave conf file etc portslave in the example a Execute the command runconf on each unit a Test each unit If everything works add the line etc portslav...

Страница 211: ...s or sets the system date and time date MMDDhhmmYYYY where MM month DD day hh hour mm minute YYYY year For example date 101014452002 displays Thu Oct 10 14 45 00 timezone 2002 Note The time zone is co...

Страница 212: ...tration date time time 09 00 00 4 Activate the configuration cli config runconfig 5 Save the configuration cli config savetoflash 6 Exit the CLI mode To exit the CLI mode and return to ACS s shell iss...

Страница 213: ...e creates a new file called etc localtime which erases the old etc TIMEZONE Please choose the time zone where this machine is located 0 GMT 1 1h West GMT 2 10h West GMT 3 11h West GMT 4 12h West GMT 5...

Страница 214: ...lues The following possible values display 3 Select the desired GMT zone and enter it at the prompt For example cli config administration timezone 2h_West_GMT 4 Activate the configuration cli config r...

Страница 215: ...on d ntpclient conf and change the parameters according to the table below a Activate and save the changes made To activate the configuration issue the following command daemon sh NTP restart Table 5...

Страница 216: ...administration ntp xxx xxx xxx xxx Where xxx xxx xxx xxx is the IP address of the NTP server Note NOTE To deactivate the NTP service you just need to configure date by issuing the command cli config...

Страница 217: ...so be able to write to it If the user selects 2 Initiate a sniff session s he will start reading everything that is sent and or received by the serial port according to the parameter all sniff_mode or...

Страница 218: ...cted to the very same port see parameter admin_users below can see of the session of the first connected user main session in shows data written to the port out shows data received from the port and i...

Страница 219: ...mber of users x Where x is the current number of connected users The last user will know he she is alone again when x 1 CLI Method Session Sniffing To configure session sniffing using the CLI interfac...

Страница 220: ...shows data received from the port in out shows both streams off disables sniffing a Activate the configuration cli config runconfig a Save the configuration cli config savetoflash a Exiting the CLI m...

Страница 221: ...e Compact Flash or IDE The new media is storagedevice which has the two parameters default and replace The saveconf utility creates one file in the storage device to save the default and replace flags...

Страница 222: ...on to the internal flash memory cli config savetoflash Saving the configuration to a PCMCIA storage device cli administration backupconfig saveto sd default replace Saving the configuration to a remot...

Страница 223: ...ipts may have other shell variables not handled directly by daemon sh Such variables have the sole purpose of facilitating the configuration of command line parameters The mandatory shell variables de...

Страница 224: ...and Data Buffering services and it will stop SSH and network timer client services daemon sh PMD stop SSH NTP restart DB NIS etc daemon d ypbind conf RPC etc daemon d portmap conf DB etc daemon d cy_...

Страница 225: ...to stop the daemon daemon command line parameters NTPSERVER h 129 6 15 28 NTP server ip address NTPINTERVAL l 300 Time in seconds to ask server NTPCOUNT c 0 counter 0 means forever DPARM NTPCOUNT NTP...

Страница 226: ...enabled services in each profile is designated with a check mark Note that the Default option will set the parameters to the same as Moderate and the Custom Profile allows for individual configuration...

Страница 227: ...Enter the Security Profile menu cli config security profile a Type one of the pre defined Security Profiles and press Enter profile secured moderate open default a To view the details of the selected...

Страница 228: ...a Enter the Custom Security Profile menu cli config security profile custom profile show profile open custom moderate custom secured custom custom ftp no telnet yes ssh sshv1 yes sshv2 yes sshd_port...

Страница 229: ...meters are available under custom menu FTP ICMP IPSec RPC SNMP Telnet To enable or disable a parameter issue the following command custom parameter option Where possible values for option are yes to e...

Страница 230: ...rt ID root_access Allow root access To enable or disable a parameter issue the following command ssh parameter option Where possible values for option are yes to enable and no to disable a parameter T...

Страница 231: ...tp http_port http2https https https_port To enable or disable a parameter type the command web parameter option Where possible values for option are yes to enable and no to disable a parameter To assi...

Страница 232: ...able and no to disable a parameter To see the ports configuration type the command show ports show a To activate the configuration type the following command cli config runconfig a To save the configu...

Страница 233: ...the menu displayed in the session This chapter approaches all configuration that is integrated with the AlterPath ACS Below are the sections that are going to be presented in this chapter Power Manag...

Страница 234: ...ed to power outlet ZZ on the AlterPath PM These port denominations will be used in the descriptions below Prerequisites for Power Management In order to control individual outlets or groups of outlets...

Страница 235: ...r in order to allow users to access the IPDU port Valid values are none ssh telnet or ssh_telnet IMPORTANT By defining the sYY pmsessions parameter and making all other necessary configuration an user...

Страница 236: ...able the serial port that the IPDU is connected to For example serial port 1 is being configured for IPDU cli config physicalports 1 enable yes Step 3 Configure the serial port that the IPDU is connec...

Страница 237: ...ers test1 test2 The command above allows the users test1 and test2 to run power management commands into the IPDU connected to serial port 1 Step 6 Configuring the hotkey You also need to define a hot...

Страница 238: ...o a Change the connection protocol on the serial port by editing the etc portslave pslave conf file For example change the serial port 1 protocol from ipdu to socket_ssh or socket_server s1 protocol s...

Страница 239: ...follow the prompts to enter the new password pm passwd Password Re enter password Username password set for user admin pm b Save the new password by issuing the command pm save The system prompt the f...

Страница 240: ...CS and PM a Execute the ps command to note the current pmd process root CAS root ps fe grep pmd 878 root 644 S bin pmd 1108 root 552 S grep pmd b Restart the pmd process by issuing the following comma...

Страница 241: ...nu v1 0 Cyclades Power Management Menu 1 Exit 2 individual ipdus 3 multi outlet device 4 Info Please choose an option Table 6 1 Menu Options for PM Utility Command Description Exit Exits the PM Utilit...

Страница 242: ...nfigured as IPDU command arguments are the PM command and its arguments See the list of commands in Table 6 2 Using the Power Management Utility You can use the Power Management Utility to control IPD...

Страница 243: ...rn 9 Status 17 Factory Default 2 Help 10 Power Up Interval 18 Reboot 3 Who Am I 11 Name 19 Restore 4 On 12 Current 20 Save 5 Off 13 Temperature 21 Syslog 6 Cycle 14 Version 22 Alarm 7 Lock 15 Buzzer 8...

Страница 244: ...t is equipped with a temperature sensor Version Displays the software and hardware version of the IPDU Buzzer Configures a buzzer to sound when a specified alarm threshold has reached Options are On t...

Страница 245: ...me PM This option is applicable to devices with multiple power supplies Selecting option 3 for Multi outlet Devices from the PM menu invokes the following menu and prompt The following table explains...

Страница 246: ...These are the status for these outlets in the IPDU attached to ttyS3 Outlet Name Status Users Interval s 1 Unlocked ON 0 50 4 Unlocked ON 0 50 5 Unlocked ON 0 50 Show Shows which outlets in which ipd...

Страница 247: ...up interval is 1 7 then 2 2 s3 pmoutlet 1 7 2 2 s3 alias Sun Server To Manage Multiple IPDUs from the Command Line Step 1 Connect to the CONSOLE port of the ACS or use Telnet or SSH to access the ACS...

Страница 248: ...shes and it necessary to change the power status Type the pre configured hot key If the user does not have permission to access any outlet the following message will appear and you will return to the...

Страница 249: ...he user has permission to access the outlet s of this server these outlets will be managed by the PM session Step 3 Regular User Menu This is the AlterPath PM regular user menu Cyclades Power Manageme...

Страница 250: ...the selected outlets Status Provides an overall status of the selected outlet Power Up Interval Set the time interval in seconds that the system waits between turning on the currently selected outlet...

Страница 251: ...mber all for all for help m for main menu 1 3 Outlet Name Status Users Interval s 1 pm Unlocked ON 0 50 2 Unlocked ON 0 50 3 Unlocked ON 0 50 Cyclades Power Management Menu PowerPort PM 1 Return 6 Cyc...

Страница 252: ...rm this procedure if you need to access other outlets Enter option 9 Status to view the Outlets you are authorized to manage and at the Outlent name or outlet number prompt type all Please choose an o...

Страница 253: ...waiting for a menu option type the option 1 Exit Please choose an option 9 Outlet name or outlet number all for all for help m for main menu all Outlet Name Status Users Interval s 1 pm Unlocked ON 0...

Страница 254: ...res more knowledge about the AlterPath PM commands Adding an user of the pmusers group Only the root user and users belonging to the pmusers group can do power management by using the pm or pmCommand...

Страница 255: ...AlterPath ACS Command Reference Guide 239 Power Management with AlterPath PM Integration Step 3 Save the configuration To save the changes done run the command saveconf...

Страница 256: ...240 Power Management with AlterPath PM Integration pm command The pm command provides a menu that can be reached by typing the following command from the prompt...

Страница 257: ...xit Help Show this help Who Am I Display the username currently logged in On Turn on outlets Off Turn off outlets Cycle Power cycle outlets Lock Lock outlets in current state Unlock Unlock outlets Sta...

Страница 258: ...e things which can be done through this command Turning the outlet off Cyclades Power Management Menu PowerPort pm10 1 Exit 9 Status 17 Factory Default 2 Help 10 Power Up Interval 18 Reboot 3 Who Am I...

Страница 259: ...ff it cannot be turned on Cyclades Power Management Menu PowerPort pm10 1 Exit 9 Status 17 Factory Default 2 Help 10 Power Up Interval 18 Reboot 3 Who Am I 11 Name 19 Restore 4 On 12 Current 20 Save 5...

Страница 260: ...5 Buzzer 8 Unlock 16 Current Protection Please choose an option 9 Outlet name or outlet number all for all for help m for main menu all Outlet Name Status Users Interval s 1 pm Locked ON 0 50 2 Unlock...

Страница 261: ...nd Syntax pmCommand IPDU port command For example root CAS root pmCommand 1 Cyclades Corporation Power Management Command Prompt v1 1 Power Name PM PM The following are examples of some things which c...

Страница 262: ...rm status Type help command to see details of command Cycling all the outlets Cyclades Power Management Prompt cycle 4 5 4 Outlet turned off 5 Outlet turned off 4 Outlet turned on 5 Outlet turned on U...

Страница 263: ...AlterPath ACS Command Reference Guide 247 Power Management with AlterPath PM Integration Turning the outlet off Cyclades Power Management Prompt off 2 2 Outlet turned off...

Страница 264: ...ended to download the new firmware to the tmp directory because files in this directory are deleted during the boot process Step 2 Run the pmfwupgrade application After downloading it is necessary to...

Страница 265: ...ameter admPasswd with the correct password The pmfwupgrade application will try to stop all the process that are using the serial port Just type YES to proceed into the upgrade process Another message...

Страница 266: ...ns in the SNMP section of Chapter 5 Administration The parameters and features that can be controlled in the remote IPDU are as follows The number AlterPath PM units connected to a given console serve...

Страница 267: ...t or for units configured as daisy chain this time should be recalculated Examples This feature allows the user do these following SNMP requests 1 Get the number of ACS TS serial ports that has PM con...

Страница 268: ...252 Power Management with AlterPath PM Integration...

Страница 269: ...in response to card insertions and removals lsmod This command shows the modules loaded for the PCMCIA devices cardctl This command can be used to check the status of a socket or to see how it is conf...

Страница 270: ...ct VI Method The factory default for the etc network interfaces file has the following lines Remove the in the beginning of the line and change the IPs to suit your network configuration For instance...

Страница 271: ...hen delete the lines of the desired interface from the etc network interfaces file CLI Method Ethernet PCMCIA To configure an Ethernet PCMCIA card using the CLI follow the steps Step 1 Open the CLI in...

Страница 272: ...racters between 0 9 a f will be accepted Check your PCMCIA card specifications There is a generic sample in the end of the wireless opts file that explains all possible settings For more details in wi...

Страница 273: ...on not necessary to have a wireless network up but strongly recommended due to security issues To configure a wireless PCMCIA card using the CLI follow the steps Step 1 Plug the PCMCIA wireless device...

Страница 274: ...CIA Cards Integration cli config runconfig Step 5 Save the configuration cli config savetoflash Step 6 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cl...

Страница 275: ...nodeflate Step 2 Create a user name in etc ppp pap secrets If pap authentication was selected create a user name in etc ppp pap secrets For instance you may add the following line mary marypasswd Ste...

Страница 276: ...Modem PC Card Setting up a callback system serves two purposes 1 Cost savings reversing line charges allows your company to call you back 2 Security makes sure users are who they pretend to be by cal...

Страница 277: ...am and the others the login program call sbin callback S 12345 call2 sbin callback S 77777 bin login The example above will allow you to have the option whether or not you want to use the callback fun...

Страница 278: ...llowing this format bin sh exec usr local sbin pppd ppp options Step B Make script executable Type chmod 755 etc ppp ppplogin Step C Save this file to flash Save this file to flash so the next time th...

Страница 279: ...that the call has been dropped Otherwise Windows Dial up Networking will abort everything because it thinks the call was dropped with no reason From Win2000 Go to Windows control panel Phone and Modem...

Страница 280: ...a 2 modem modem ppp yes modem enablecallback yes modem callbacknum 55552515 localip 10 0 0 1 remoteip 10 0 0 2 Step 4 Activating the configuration cli config runconfig Step 5 Save the configuration cl...

Страница 281: ...M card needs a PIN edit etc pcmcia serial opts Uncomment the line INITCHAT d d d d d datz OK at cpin 1111 OK and replace 1111 by the PIN Step 3 Add etc mgetty mgetty config to etc config_files and cal...

Страница 282: ...rk pcmcia 2 gsm localip cli config network pcmcia 2 gsm remoteip ENABLECALLBACK Configure it if you want to call back another GSM modem cli config network pcmcia 2 gsm enablecallback yes callbacknum 5...

Страница 283: ...Description Local and Remote IP addresses optional IP addresses used by ppp connection and set in etc ppp options ttyXX file where XX is the serial port being configured The syntax is local_IP remote_...

Страница 284: ...NAME sbin callback S PHONE PSEUDO_CB_NAME cbuser At the end of the login config file there is a line similar to the following bin login Enter the below command before the above mentioned line pseudo c...

Страница 285: ...cia slot cdma remoteip ip_address To enable the callback option cli config network pcmcia slot cdma enablecallback yes callbacknum number To include additional initialization command cli config networ...

Страница 286: ...Make sure that DIALIN is set to yes Set the desired authentication in DIALIN_AUTHENTICATION For instance pap for PAP chap for CHAP login auth or login pap for radius login auth or login pap for local...

Страница 287: ...was already inserted you will need to restart the isdn script to reload any changed configuration To restart the script issue etc pcmcia isdn stop ippp0 etc pcmcia isdn start ippp0 Step 6 To dial out...

Страница 288: ...matches DIALIN_REMOTENUMBER off accepts calls from any phone on will work only if your line has the caller id info Step 4 Make sure the CALLBACK is set to in in etc pcmcia isdn opts file CALLBACK in...

Страница 289: ...lback is selected After any change in the Incoming Connection Properties it is recommended that the Windows is rebooted to apply the changes The Windows side is done Now you can dial from Windows to t...

Страница 290: ...info Step C Set the desired IPs for local and remote machines Step D Set DIALIN to yes DIALIN yes yes if you want dial in no if you want dial out Step E Make sure the CALLBACK parameter is disabled C...

Страница 291: ...Configuring ISDN parameters Depending the way you wish to use the ISDNISDN card some parameters do not need to be configured Here we will explain all configurable parameters LOCALIP REMOTEIP Just conf...

Страница 292: ...276 PCMCIA Cards Integration Step 5 Exiting the CLI mode To exit the CLI mode and return to ACS s shell type the following command cli quit...

Страница 293: ...CIA hard drive is ideal data will not be lost on power loss crash reboot of the CAS no dependency on an NFS server that may fail How it works When inserting an adapter with a CF card or a PCMCIA hard...

Страница 294: ...by default the parameter DO_MOUNT is set to YES in the etc pcmcia ide opts file Below is an example of the file These parameters can be changed DO_FSTAB If set to y an entry in etc fstab will be crea...

Страница 295: ...n the etc pcmcia ide opts file PARTS A list of partitions to be mounted The conf file will be called again for each partition In the example above there is an entry only for partition 1 but you can eg...

Страница 296: ...l type the following command cli quit WARNING Before removing the media pcmcia card from the ACS you MUST run cardctl eject from the shell prompt not possible using the CLI otherwise data might not be...

Страница 297: ...MCIA mounted file system and will define the type of the configuration saved in the device The administrator can define the following types default the configuration in the storage device should be ap...

Страница 298: ...n to connect from a central office to a remote location to inquire system status The remote system can then send asynchronous alarm notification to the application at the central office The connection...

Страница 299: ...testApp inPort name InPort inPort device dev ttyS1 outPort name OutPort outPort pppcall wireless outPort remote_ip 200 246 93 87 outPort remote_port 7001 appl retry 7 end dial out The content of the f...

Страница 300: ...arameter in etc portslave pslave conf For example s N protocol generic_dial where N is the port number Step 2 To enable dial out for the ports chosen in pslave conf configure the file etc generic dial...

Страница 301: ...ds options from The file is located at etc ppp peers filename outPort remote_ip IP address IP address of remote work station to be connected to outPort remote_port port Remote TCP port for connections...

Страница 302: ...11 with the PIN b To inactivate mgetty on the specified port so that the port will be directly controlled by the pppd application comment out the following line Step 5 Activate the function to automat...

Страница 303: ...this by restarting the GDF daemon root CAS root daemon sh restart GDF A message similar to the following displays confirming the GDF daemon restart root CAS root Sep 23 18 06 10 src_dev_log CAS showlo...

Страница 304: ...288 PCMCIA Cards Integration...

Страница 305: ...product parameters and defines the functionality of the ACS There are three basic types of parameters in this file conf parameters are global or apply to the Ethernet interface all parameters are use...

Страница 306: ...file usr local bin rlogin radius conf facility The local facility sent to syslog ng from PortSlave 7 conf group Used to group users to simplify the configuration of the parameter all users later on Th...

Страница 307: ...to DOWN If all dcd 1 a connection request will be accepted only if the DCD signal is UP and the connection will be closed if the DCD signal is set to DOWN 0 all users Restricts access to ports by user...

Страница 308: ...RS232 with RTS legacy half duplex rs232_half_cts RS232 with RTS legacy half duplex and CTS control Valid values for the ACS1 only rs485_half RS485 half duplex with out terminator rs485_half_terminator...

Страница 309: ...d set the desired value off all sttyCmd The TTY is programmed to work as configured and this user specific configuration is applied over that serial port Parameters must be separated by a space The fo...

Страница 310: ...authtype Configured in Chapter 2 Device Authentication on page 53 Type of authentication used There are several authentication type options none no authentication local authentication is performed usi...

Страница 311: ...server is down NIS All authentication types but NIS follow the format all authtype Authentication DownLocal or Authentication e g all authtype radius or radiusDownLocal or ldap or ldapDownLocal etc NI...

Страница 312: ...296 Profile Configuration all flow This sets the flow control to hardware software or none none Parameter Description Factory Configuration Table 8 1 etc portslave pslave conf common parameters...

Страница 313: ...lient If the protocol is configured as Telnet or socket_client the socket_port parameter needs to be configured Bidirectional Telnet profile socket_server CAS and login TS RAS profile slip cslip ppp p...

Страница 314: ...uncomment the parameter and set the desired value 0 all translation Defines whether or not to perform translation of Fn keys e g F8 key from one terminal type to VT UTF8 Currently only translation fro...

Страница 315: ...o the local directory var run DB The directory tree to which the file will be written must be NFS mounted so the remote host must have NFS installed and the administrator must create export and allow...

Страница 316: ...by default To activate uncomment the parameter and set the desired value 0 all netmask It defines the network mask for the serial port 255 255 255 255 all DTR_reset This parameter specifies the behav...

Страница 317: ...feed suppression is active which will eliminate the extra prompt When set to 0 default line feed suppression is not active 0 all auto_answer_input This parameter works in conjunction with all auto_ans...

Страница 318: ...ote server Note This parameter is inactive by default To activate uncomment the parameter and set the desired value null all poll_interval Valid only for protocols socket_server and raw_data When not...

Страница 319: ...ameter conf nfs_data_buffering see Section 2 2 Data Buffering on page 29 in Chapter 1 If local data buffering a file is created on the ACS if remote a file is created through NFS in a remote server Al...

Страница 320: ...on or XON is issued to resume data transmission Once exiting the session linear data buffering resumes If all flow or s n flow is set to none linear buffering is not possible as there is no way to st...

Страница 321: ...rt sending data to the unit but resumes generation of syslog messages when there IS NOT a session to the port 0 all dont_show_DBmenu When zero a menu with data buffering options is shown when a non em...

Страница 322: ...fter billing_records are received 60 all billing_eor Defines the character sequence that terminates each billing record Any character sequence is valid including r or M carriage return n or J new line...

Страница 323: ...ers to open more than one common and sniff session on the same port The options are yes no RW_session or sniff_session Default is set to no Please see Section 5 11 Session Sniffing on page 201 for det...

Страница 324: ...rver connected to the serial port Server_connected Note This parameter is inactive by default To activate uncomment the parameter and set the desired value null s1 pool_ipno This is the default IP of...

Страница 325: ...the dev Note This parameter is inactive by default To activate uncomment the parameter disabled Parameter Description Factory Configuration Table 8 2 CAS specific parameters for the pslave conf Param...

Страница 326: ...socket_port The socket_port is the TCP port number of the application that will accept connection requested by this serial port That application usually is Telnet 23 7001 all telnet_client_mode When...

Страница 327: ...ameter and set the desired value null all autoppp all autoppp PPP options to auto detect a ppp session The cb script parameter defines the file used for callback and enables negotiation with the callb...

Страница 328: ...Utility When the attached terminal is powered on and the keyboard s Enter key is pressed a login banner and a login prompt is displayed If the user does not login within a configurable time frame the...

Страница 329: ...by issuing the command CLI Step 2 Activate bidirectional Telnet cli config physicalports all or range list 1 4 general protocol protocolname Step 3 To specify a login timeout cli config physicalports...

Страница 330: ...n 3 Delete Menu Option 4 List Current Menu Settings 5 Save Configuration to Flash 6 Quit Using the CLI interface to configure common parameters You can configure some of the physical port parameters t...

Страница 331: ...4 other Under this menu you can configure the following parameters authbio Configure if an AlterPath Bio authentication scanner is used banner This parameters sets the banner that will be issued when...

Страница 332: ...al database Either Telnet or SSH can be used See Appendix A New User Background Information for more information about SSH This Chapter contains all the necessary information to configure a fully func...

Страница 333: ...r this user by running passwd username Step 2 Confirm physical connection Make sure that the physical connection between the ACS and the servers is correct A cross cable not the modem cable provided w...

Страница 334: ...ave the changes on page 102 listed in Chapter 4 Network NOTE It is possible to access the serial ports from Microsoft stations using some off the shelf packages Although Cyclades is not liable for tho...

Страница 335: ...word test Step 2 Confirm that the server is reachable From the console ping 200 200 200 3 to make sure the server is reachable Step 3 Check physical connections Make sure that the physical connection...

Страница 336: ...ines Cyclades recommends that a maximum of two ports be configured for this option Figure 8 4 Ports configured for dial in access After configuring the serial ports as described in this Chapter the fo...

Страница 337: ...d to operate at the same speed on the DTE interface Step 5 Confirm routing Also make sure that the computer is configured to route console data to the serial console port Step 6 Perform a test dial in...

Страница 338: ...322 Profile Configuration...

Страница 339: ...erial port Besides the normal character mode output sent to the serial console Windows also sends xml tags Those tags can be captured and processed by the ACS so that the administrator can automate th...

Страница 340: ...systems section of the Boot ini file to which the operating system load options are added The first line after the operating systems section header is 1 p password Specifies the password of the user a...

Страница 341: ...on this server It is one of the following Windows Server 2003 Datacenter Edition Windows Server 2003 Embedded Windows Server 2003 Enterprise Edition Windows Server 2003 os service pack Is an alphanum...

Страница 342: ...form and communicating via this active channel It is to be used to discern the different interaction modes During the Windows GUI mode Setup phase the following GUIDs identify the specific types of da...

Страница 343: ...g normal Windows operations there is 1 GUID assigned to SAC and the remaining 9 to CMD These GUIDs are created a new for each instance of channels and should not be confused with the constant GUIDs pr...

Страница 344: ...ype channel switch File Description 9 2 SAC channel tag example channel switch name Cmd0001 name description Command Prompt description type VT UTF8 type guid 970438d1 12bb 11d7 8a92 505054503030 guid...

Страница 345: ...which indicates the system was halted prematurely It is represented by the CLASSNAME BLUESCREEN value machine info Is described above PROPERTY NAME Provides additional details such as error code of t...

Страница 346: ...we have to define which actions we would like to take Syslog ng will create macros that can give easy access for the administrators to access the xml information If the administrator uses these macro...

Страница 347: ...date service pack installed If none installed the string is None None tty ACS serial port tty or alias name S1 ttyS1 Macro Description Value to replace macro name Machine name MY_WIN_SERVER guid GUID...

Страница 348: ...2003 Datacenter Edition Windows Server 2003 Embedded Windows Server 2003 Enterprise Edition or Windows Server 2003 Windows Server 2003 os service pack Alphanumeric string that identifies the most up t...

Страница 349: ...subnet gateway Set network interface number IP address subnet and gateway id Display the computer identification information k pid Kill the given process l pid Lower the priority of a process to the...

Страница 350: ...334 Additional Features and Applications shutdown Shut down the system immediately Command Set Description Table 9 6 Server Commands...

Страница 351: ...se servers and also to obtain sensor readings such as CPU temperature s fan speed s etc The IPMI support in the ACS extends it s functionality so that the unit can be used for serial console access to...

Страница 352: ...A v Increase verbose output level This option may be specified multiple times to increase the level of debug output N A V Display version information N A I interface Selects IPMI interface to use lan...

Страница 353: ...s off Stay off after power is restored 1 6 power Performs a chassis control command to view and change the power state 1 6 1 status Show current chassis power status 1 6 2 on Power up chassis 1 6 3 of...

Страница 354: ...name used to access the device password string password used to access the device 1 1 3 delete alias delete the IPMI device 1 2 physicalports port number s configure physical serial ports 1 2 1 power...

Страница 355: ...tocol lpd Step 2 Create the printer definition Edit the etc printcap file and configure the printer The spool directory is created automatically by cy_ras process Example Step 3 Enable the printer dae...

Страница 356: ...e the IP address of the request message to the host name check your resolv conf file Step 5 Restart the processes use the command runconf and daemon sh Step 6 Save the configuration in flash use the c...

Страница 357: ...gured with the same value in these fields It is strongly recommended that you configure the same values in all parameters related to authentication for all serial ports belonging to a pool Some of the...

Страница 358: ...or the pool s2 ipno 10 0 0 2 IP address for specific allocation s2 pool_ipno 10 1 0 1 IP address for the pool s2 alias serial 2 alias for specific allocation s2 pool_alias pool 1 alias for the pool Se...

Страница 359: ...serial port ttyS1 by using TCP port 7001 IP address 10 0 0 1 or alias serial 1 If the ttyS1 is being used by somebody else the connection will be dropped if the user is not a admin_user Alternately y...

Страница 360: ...configuration How to configure it The configuration for this feature is made in the etc portslave plsave conf file Billing parameters can be configured using the vi method and by using the wizard VI m...

Страница 361: ...cant the user can use the alias name s1 alias in pslave conf to match their actual plant like PABX trunk9 The temporary file described above is closed and renamed to cycXXXXX YYMMDD hhmmss txt and a n...

Страница 362: ...script configures the files etc billing_up conf etc billing_crontab and etc crontab_files To configure a port for billing Step 1 Execute the config_billing sh and enter the parameters to be configure...

Страница 363: ...var run DB Remote server IP 192 168 1 101 Remote directory var billing User billing Password billing Upload Interval in minutes Instead of running the u option the etc billing_up conf can be configure...

Страница 364: ...348 Additional Features and Applications...

Страница 365: ...t A 1 User and Passwords A username and password is necessary to log in to the ACS The user root is predefined with a password tslinux The password should be changed as soon as possible to avoid unaut...

Страница 366: ...he past 1 5 and 15 minutes The following entries are displayed for each user excluded the CAS users login name the tty name the remote host login time idle time JCPU time it is the time used by all pr...

Страница 367: ...e robo php in the chap directory to the current directory and renames the copy excess php rm file_name Removes the file indicated by file_name mv file_name destination Moves the file indicated by file...

Страница 368: ...llowing keys one dot Represents the current directory two dots Represents one directory above the current directory i e one directory closer to the base directory Mode What is done there How to get th...

Страница 369: ...for configuring static routes Routes should be added to the file which is a script run when the ACS is initialized or at the prompt for temporary routes using the following syntax route add del net h...

Страница 370: ...ure Shell Session SSH is a command interface and protocol often used by network administrators to connect securely to a remote computer SSH replaces its non secure counterpart rsh and rlogin There are...

Страница 371: ...nal during a SSHv2 terminal session The implementation is defined by Session Channel Break Extension draft ietf secsh break 00 txt IETF Internet Draft document In the previous versions of ACS there wa...

Страница 372: ...kinterval in milliseconds When the user types ssh escape B where ssh escape is or break_sequence the client sends a break request to ssh server When ACS calls the ssh client automatically it uses the...

Страница 373: ...ted 2 6 10 1 771_FC2 EAX 00000000 EBX 00010809 ECX de0f3000 EDX 0baf3110 ESI 00099100 EDI c03dc120 EBP 00461007 DS 007b ES 007b CR0 8005003b CR2 b7ff2000 CR3 19b6a000 CR4 000006d0 c010108f cpu_idle 0x...

Страница 374: ...options console port p Display Tcp port P Use the TCP port instead just IP i Display Local Ip assigned to the serial port u name Username to be used in ssh telnet command U Always ask for an username...

Страница 375: ...presentation will follow a similar approach to the one used for local serial ports The ts_menu script has the following line options p Displays Ethernet IP Address and TCP port instead of server names...

Страница 376: ...360 Appendix A New User Background Information...

Страница 377: ...ed by Cyclades to the standard Linux files in the mnt flash directory when an upgrade is needed They are boot_alt alternate boot code boot_conf active boot code boot_ori original boot code config tgz...

Страница 378: ...ownloaded file is not corrupted and to verify the zImage saved in flash run the following command md5sum mnt flash zImage The system responds with a message similar to the following 5bcc7d9b3c61502b5c...

Страница 379: ...pgradefw ftpsite 192 168 100 111 username john password john1234 filepathname images zImage checksum no Step 3 Return to the main menu by issuing the command cli return Step 4 Activate the configurati...

Страница 380: ...ep 4 When the Watch Dog Timer prompt appears press Enter Watchdog timer A ctive or I nactive I Step 5 Choose the option Network Boot when asked Firmware boot from F lash or N etwork N Step 6 Select th...

Страница 381: ...mpt issue the command cat etc config_files to see the list of files that are available in the flash and are loaded into the RAMDisk at the boot time IMPORTANT If any of the files listed in etc config_...

Страница 382: ...orts to be tested When tstest senses the presence of the cable or connector the following information is displayed on your screen HW Test Linux This tool is for internal use ONLY It should not be used...

Страница 383: ...nals Manually This test confirms that signals are being sent and received on the selected port Neither the loop back connector nor the cross cable are necessary Enter the number of the port to be test...

Страница 384: ...ted to 002FF120 002FF1D4 zimage at 00008100 0006827E relocated to 00DB7000 00E1717E initrd at 0006827E 0024F814 relocated to 00E18000 00FFF596 avail ram 0030B270 00E18000 Linux PPC load root dev ram A...

Страница 385: ...ss First the network must be initialized in order to reach a FTP server Execute the following script replacing the parameters with values appropriate for your system The gw and mask parameters are opt...

Страница 386: ...d the changes will be saved in flash Step 3 Logout and login again to use the console at the new speed Setting the Maximum Number of Bytes Received by the Interface You can avoid CPU overload due to t...

Страница 387: ...this feature be triggered by the normal equipment traffic Step 4 When presented the following line Do you confirm these changes in flash Y es N o Q uit N Enter Y to save the changes in flash Current c...

Страница 388: ...rnet with some LEDs that have the following functionality Ethernet Connector Col collision Shows collision on the LAN every time the unit tries to transmit an Ethernet packet DT LK data transaction li...

Страница 389: ...where the unit will boot from Valid values are flash and network consolespeed To configure the console speed Valid values are 115200 57600 38400 19200 9600 and 4800 ethernetip Temporary IP address as...

Страница 390: ...ration backupconfig The following options can be set up loadfrom When loading configuration from a server it is necessary to specify server IP address serverip username username password password path...

Страница 391: ...umption and heat dissipation environmental conditions and physical specifications of the ACS are listed below Cyclades AlterPath ACS Products Power Consumption and Heat Dissipation Input 120Vac Input...

Страница 392: ...0 C to 44 C 50F to 112F 10 C to 44 C 50F to 112F 10 C to 44 C Relative Humidity 10 90 non condensing 10 90 non condensing 10 90 non condensing 10 90 non condensing 10 90 non condensing 10 90 non conde...

Страница 393: ...mmunication line is active CTS Clear to Send an input Flow control for data flowing from DTE to DCE RTS Request to Send an output Flow control for data flowing from DCE to DTE Not all signals are nece...

Страница 394: ...feet If your application is outside the above limits high speed long distances you will need better quality low impedance low capacitance cables Successful RS 232 data transmission depends on many va...

Страница 395: ...atible with the phone and Ethernet wiring systems present in most buildings and data centers Most networking equipment and new servers use RJ 45 connectors for serial communication Unfortunately there...

Страница 396: ...he table below Next purchase standard off the shelf cables from a computer store or cable vendor For custom cables refer to the cable diagrams to build your own cables or order them from Cyclades or a...

Страница 397: ...ications that do not require such features have just to configure NO hardware flow control and NO DCD detection on their side Both ends should have the same configuration for better use of the complet...

Страница 398: ...devices If you are using Cable Package 1 after connecting the appropriate adapter to the RJ 45 straight through cable you will essentially have the cable shown in this picture If you are using Cable...

Страница 399: ...rossover cable like the ones explained in Cable 2 or 3 for configuration or to connect to a server This cable is only included in Cable Package 1 Figure C 9 Cable 4 Cyclades RJ 45 to Cyclades RJ 45 st...

Страница 400: ...re included in the product box A general diagram is provided below and then a detailed description is included for each adapter Loop Back Connector for Hardware Test The use of the following DB 25 con...

Страница 401: ...ler box with a female RJ 45 terminus from which a 3 inch long black Sun Netra labeled cord extends terminating in an RJ 45 male connector This adapter is included in Cable Package 2 Figure C 12 Cyclad...

Страница 402: ...ardware Information Figure C 14 RJ 45 Female to DB 25 Female Adapter RJ 45 Female to DB 9 Female Adapter The following adapter may be necessary This is included in Cable Package 1 Figure C 15 RJ 45 Fe...

Страница 403: ...he termination In a network that uses the RS 485 standard the equipment is connected one to the other in a cascade arrangement A termination is required from the last equipment to set the end of this...

Страница 404: ...devices with half duplex communication Figure C 17 Cable 1 for the ACS1 Terminal Block to Terminal Block crossover half duplex Cable 2 Terminal Block to Terminal Block crossover full duplex Applicati...

Страница 405: ...le to DB 25 Female crossover This cable connects the ACS1to console ports terminals printers and other DTE RS 232 devices You will essentially have the cable shown in this picture Figure C 19 Cable 3...

Страница 406: ...390 Appendix C Cabling and Hardware Information This page has been left intentionally blank...

Страница 407: ...in some packets are placed in the COPYRIGHTS directory of the Cyclades AlterPath ACS Bash Bourne Again Shell version 2 0 5a Extracted from the HardHat Linux distribution http www gnu org software bash...

Страница 408: ...ardHat Linux distribution http www netfilter org Linux Kernel Linux Kernel version 2 2 17 2 4 18 Extracted from the HardHat Linux distribution http www kernel org Net SNMP SourceForge Net SNMP project...

Страница 409: ...on 0 75 http www kernel org pub linux libs pam Portslave SourceForge Portslave project version 2000 12 25 modified Includes pppd version 2 4 1 and rlogin version 8 10 http sourceforge net projects por...

Страница 410: ...ppendix D Copyrights WEBS GoAhead WEBS version 2 1 modified http goahead com webserver webserver htm Copyright c 20xx GoAhead Software Inc All Rights Reserved ZLIB zlib version 1 2 3 http www gzip org...

Страница 411: ...nitor mode Console Access Server CAS A CAS has an Ethernet LAN connection and many RS 232 serial ports It connects to the console ports of servers and networking equipment and allows convenient and se...

Страница 412: ...tion Bases SNMP compliant devices called agents store data about themselves in MIBs and return this data to the SNMP requesters Out of band network management In a computer network when the management...

Страница 413: ...ng in the same location see Cluster Shadow Password Normally each user s password is stored encrypted in the file etc passwd This file must be readable by all users so that certain system functions wi...

Страница 414: ...net LAN port and many RS 232 serial ports It is used to connect many terminals to the network Because they have the same physical interfaces terminal servers are sometimes used as console access serve...

Страница 415: ...uthentication Servers and File Path 56 9 NIS client requirements 60 10 etc pam d tokens description 83 11 etc pam d keywords description 84 12 Available PAM modules in the ACS 85 13 List of valid argu...

Страница 416: ...Utility 225 38 Power Management Individual IPDUs Menu 227 39 Menu Options for Multi Outlet Control PM Utility 229 40 AlterPath PM regular user menu options 233 41 CDMA configuration parameters 267 42...

Страница 417: ...LED Code Interpretation 372 59 ACS Products Power Consumption and Heat Dissipation 375 60 ACS environmental conditions 376 61 ACS physical information 376 62 ACS Safety Information 376 63 Cables and t...

Страница 418: ...402 List of Tables...

Страница 419: ...25 Male straight through 382 12 Cable 3 Cyclades RJ 45 to DB 9 Female crossover 383 13 Cable 4 Cyclades RJ 45 to Cyclades RJ 45 straight through 383 14 Cable 4 Cyclades RJ 45 to Cyclades RJ 45 straigh...

Страница 420: ...404 List of Figures...

Отзывы:

Нет отзывов

Похожие инструкции для AlterPath ACS

Бренд: M-Audio Страницы: 10

Бренд: Makita Страницы: 2

TokenLink Velocity 3C319

Бренд: 3Com Страницы: 2

Бренд: Lab.gruppen Страницы: 35

Бренд: X-Micro Страницы: 74

Бренд: NEC Страницы: 6

Бренд: Lorex Страницы: 186

Бренд: Amplifier Tech Страницы: 36

Бренд: H3C Страницы: 26

Бренд: SUNRICH TECHNOLOGY Страницы: 5

EdgeLens INT10G8LR56

Бренд: Garland Страницы: 30

Бренд: APARIAN Страницы: 2

Бренд: E-LINX Страницы: 24

Бренд: Z-Wave Страницы: 6

Бренд: Mitsubishi Страницы: 874

Бренд: Mellanox Technologies Страницы: 57

Бренд: ActionTec Страницы: 115

iCE40 SPRAM Series

Бренд: Lattice Semiconductor Страницы: 12

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды