GarrettCom DynaStar DS2000-TS страница 116 Скачать руководство пользователя

Страница: 116 / 122

PPENDIX

D -

Security Commands

Define Access Permissions

DS2000-TS Administrator’s Guide

D - 4

D.3

EFINE

CCESS

ERMISSIONS

To configure the Supervisor access permissions for different operators, from the Main Menu select

<4>

Security

then

<2> Access Security

. The

Operator Access

menu appears, as shown in

Figure D-4

Figure D-4. Operator Access Menu

The

Operator Access

screen provides a list of the defined users.

To change the access permissions for any given user, enter the number of the operator whose access
authorization you want to change. The

Operator Access Selections

menu for the selected operator appears,

as shown in

Figure D-5

*** Operator Access ***

Last changed: 7-14-04 12:33:29

1 - ROOT
2 - Operator_1
3 - Operator_2
4 - Operator_3
5 - Operator_4
6 - Operator_5

Enter command number:

__________[DynaStar_24]___________
Press ESC to return to previous menu

To edit, enter service # <RET>

Содержание DynaStar DS2000-TS

Страница 1: ...art Number 4 62 0111 00 Rev AA Guide GarrettCom Inc 25 Commerce Way 1 North Andover MA 01845 Phone 978 688 8807 Fax 978 688 8771 DynaStar 2000 DS2000 TS Secure Terminal Server Administrator s 25 00 US...

Страница 2: ......

Страница 3: ...it Rights Except as set forth in the Software License Agreement Dymec Inc makes no representation that software programs and practices described herein will not infringe on existing or future patent...

Страница 4: ...EXCLUSIVE AND IN LIEU OF ALL OTHER EXPRESS AND IMPLIED WARRANTIES EXCEPT WARRANTIES OF TITLE INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE LIM...

Страница 5: ...URN OF EQUIPMENT No equipment may be returned without purchaser first obtaining Dymec Inc s written Return Material Authorization RMA Equipment accepted for credit not involving a Dymec Inc error shal...

Страница 6: ...Digital Apparatus ICES 003 of the department of Communications Cet appareil num rique respecte les limites bruits radio lectriques applicables aux appareils num riques de Class A prescrites dans la no...

Страница 7: ...must also be installed using an acceptable method of connection The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations Repair...

Страница 8: ...Guide vi CONTACTING DYMEC By Mail Dymec Inc 25 Commerce Way 1 North Andover MA 01845 Telephone 978 688 8807 Fax 978 688 8771 Website www dymec com Email support dymec com Customer support representati...

Страница 9: ...ning v Conformit UL E U et Canada v Grounding v Contacting Dymec vi PREFACE About This Manual xi Conventions xii Related Documents xii Web Access xii Comments xii CHAPTER 1 DYNASTAR 2000 SECURE TERMIN...

Страница 10: ...Server 3 3 CHAPTER 4 TROUBLESHOOTING AND SOFTWARE MAINTENANCE 4 1 Troubleshooting 4 1 4 1 1 Port 4 1 4 1 2 Network 4 2 4 1 3 Buffer Usage 4 2 4 2 Boot Process 4 3 4 3 Initializing an IP Address 4 4 4...

Страница 11: ...atus B 10 B 2 6 DHCP B 11 B 2 7 Virtual Private Networks B 16 B 3 Terminal Server B 23 B 4 Async Services B 26 B 4 1 PAD Profiles B 26 B 4 2 Logon Screen B 32 APPENDIX C SYSTEM FUNCTIONS C 1 System Fu...

Страница 12: ...CONTENTS DS2000 TS Administrator s Guide x...

Страница 13: ...lso includes methods for navigating through the menus Login procedures and an overview of the Supervisor main subsections Chapter 3 Configuration Basics This chapter describes the basics of configurin...

Страница 14: ...te www dymec com COMMENTS If you find an error or have a helpful tip on the layout or informational content of this or any other Dymec manual please feel free to contact us via email with any problems...

Страница 15: ...systems The DS2000 TS operates effectively in extremely harsh environmental conditions such as those within power utility substations pumping stations treatment plants and transportation systems This...

Страница 16: ...that have an Async serial network interface see Figure 1 2 All communication is in IP format from the central host to from the remote site The DS2000 TS Terminal Server feature at the remote site disa...

Страница 17: ...the default IP Async Terminal Server as described above The principal variant of Terminal Server used with the DS2000 TS is the Local Terminal Server Configuration guidelines for this service are prov...

Страница 18: ...t or remotely via an IP network 1 4 2 LEDs and Alarms The DS2000 TS has a number of visual alarm and status indicators implemented as LEDs on the wiring panel of the device There is also an alarm port...

Страница 19: ...gure the DS2000 TS Through the supervisor application the user can configure ports services and features view statistics carry out maintenance activities and perform troubleshooting The Supervisor app...

Страница 20: ...move the cursor with the arrow keysor Tab key until it is in the field to be modified Pressing Enter toggles the parameter to the next option Pressing the Enter key repeatedly cycles through all the f...

Страница 21: ...nnected IP device using Telnet assuming that the DS2000 TS has a proper IP address assigned The user can manage multiple DS2000 TSs from a single workstation when usingTelnet All modes of access provi...

Страница 22: ...ock setting if a password fails unexpectedly Instructions for changing the default password and establishing multiple user levels and different passwords for each level are provided in Appendix D Secu...

Страница 23: ...structure is divided into four sections Port Network System and Security The figure gives only the top level view of the menu structure The following subsections provide high level descriptions of th...

Страница 24: ...MENU 1 Port Port Status Enter Security 4 Security Options 1 Access Security 2 3 Router 1 Network Terminal Server Async Services 3 2 2 System 3 System Parameters 5 Date Time 6 SNMP 7 Code Versions 1 Re...

Страница 25: ...shown in Figure 2 6 The advanced menu shows the current status of all ports and is reached by pressing Enter while in the Port Menu From the Port Status menu the user may either select the port number...

Страница 26: ...thernet SLOT 1 SLOT 2 Port number E0 S1 S16 S17 S32 Name Ethernet MUSART MUSART Interface IS Enet Protocol Ethernet State Enabled Status Link Down Sync Async HS WAN 1 HS WAN 2 Console Port number S0 C...

Страница 27: ...ilters TCP IP status OSPF Open Shortest Path First not operational in the DS2000 TS DHCP Dynamic Host Configuration Protocol VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol not ope...

Страница 28: ...tart active operations however they differ in the source used for the operating software and active configuration file during and after the restart operation Selecting 3 Event Log from the Systems Fun...

Страница 29: ...ng a given group of commands Read Only Access allows the operator to view parameters but not change them Write Access provides the ability to read and modify parameters The root user has Write Access...

Страница 30: ...mpts for a user name as well as the use of minimum length password and to use a mix of alpha and numeric characters when new passwords are entered To enable the Enforce Secure password policy select 3...

Страница 31: ...er an IP network To configure the DS2000 TS to act as a terminal server the user must do the following Configure the Router features Enter the IP address for the Ethernet port example in Figure 3 1 19...

Страница 32: ...ocket 10201 S1 192 168 1 2 255 255 255 0 DynaStar 2000 TS Ethernet 192 168 10 1 255 255 255 0 192 168 10 2 255 255 255 0 Management Device Serial Socket 10201 DynaStar Socket 10202 S2 B A Ethernet LAN...

Страница 33: ...ocol to be used based on the network usage Options are RIP default RIP II NONE and RIP RX 5 With the cursor at the bottom of the menu with a Y in the Process IP Addresses field press the Enter key 6 S...

Страница 34: ...on menu press CTRL O The Advanced Terminal Server Configuration menu will be shown as seen in Figure 3 5 Terminal Server Configuration Last changed 0 0 90 0 00 00 Port Name Type Local Tel Async Parity...

Страница 35: ...ng CTRL W Advanced Terminal Server Configuration Last changed 0 0 90 0 00 00 Port Name Type Local Remote Remote FR Fixed VRRP 14 Socket Socket IP Address Port DLCI V R ID S0 Sync Async IP ASY 10003 S1...

Страница 36: ...CHAPTER 3 Configuration Basics Terminal Server Configuration Example DS2000 TS Administrator s Guide 3 6...

Страница 37: ...to troubleshoot or verify proper operation The following sections discuss the above menu items and give menu path information to reach them along with cross references to descriptions 4 1 1 Port The...

Страница 38: ...somewhere in the network To reach theProtocol Monitor Menu press 1 Port in the Main Menu to enter the Port Menu Next enter the port number to view E0 CON for Console or S1 S32 for Serial and press Ent...

Страница 39: ...pses the system will boot automatically This completes the boot process and the screen will display the opening banner and login menu The current contents of the event log are the last part of the boo...

Страница 40: ...oot Process on page 4 3 The Boot process will pause for 20 seconds right after the following message appears Current IP address is 0 0 0 0 During this time the Console displays a prompt to enter an IP...

Страница 41: ...w Download bin file will not be allowed by the system The system renames the software load saved to the system to DOWNLOAD BIN The software file loaded is named alfload bin and when saved to the syste...

Страница 42: ...e server The server will then prompt the user for a user name and password ftp connection example c localdirectory user ftp IP Address of Dynastar host Connected to 10 0 0 1 220 Connected to DYMEC ftp...

Страница 43: ...ies the remote host i e 192 168 42 5 GET Retrieves the file source from the remote source and saves the file in the current local directory PUT Sends the file source on the local host to the file dest...

Страница 44: ...command Okay 150 File status okay 226 Data transfer complete ftp nnnn bytes received in n nSeconds n nnKbytes sec ftp 3 Verify that the cnfgload cmp file is present on the local system and quit the FT...

Страница 45: ...Start an FTP session on the DYNASTAR 2000 using the following example as a guide FTP to the IP address of the DYNASTAR 2000 and at the prompt enter the user name and user password c localdirectory use...

Страница 46: ...2000 using the following example as a guide ftp put alfload bin alfload bin secret 200 port command Okay 150 File status okay 226 Data transfer complete ftp nnnn bytes received in n nnSeconds n nnKby...

Страница 47: ...resent on the system and there is a fault or error using the newest build then you will be required to fall back to the previous version This will not be possible using the reinitialize feature as the...

Страница 48: ...teps describe deleting a file from the system using the Supervisor menu application 1 Open the Directory Management menu by selecting 3 System in the Main Menu and then 1 Code Versions The Directory M...

Страница 49: ...he hierarchy of Port functions is shown in Figure A 1 The remainder of this chapter describes Port submenus Figure A 1 Port Menu Hierarchy Configuration MAIN MENU E0 1 Configuration Configuration Sn S...

Страница 50: ...tus is selected is shown in Figure A 3 The display provides the Port Number Name Protocol State and Status of each port in the DS2000 TS The information is a snapshot of the port status when Port Stat...

Страница 51: ...signed State Either Enabled or Disabled Status Indicates the current status of the physical and logical connection to another device and is designated by either Up or Down If Spanning Tree protocols a...

Страница 52: ...t S1 1 Configuration Configure protocol and port parameters 2 Statistics Display port statistics 3 Disable Enable Disable enable initialize or busy 4 Protocol Monitor Display transmitted received data...

Страница 53: ...type E0 and press Enter From the Functions for Port E0 menu select 1 Configuration and press Enter The default parameter settings for the port are shown in Figure A 5 The only configurable parameters...

Страница 54: ...eters for the Async port This menu is accessed from the Async Port Configuration menu by pressing CTRL O and is shown in Figure A 7 and described in Table A 4 Table A 2 Ethernet Interface Parameters P...

Страница 55: ...Parity setting for Async port 7 EVEN Toggle values 7 auto even odd mark space 8 even odd mark space none Ignore DSS Allows the async port to ignore or not expect data set signals from the connected d...

Страница 56: ...used for dial up modems directly connected terminals and host computers that expect leased line signals DTR is always up so attached modems will always answer and attached terminals and computer ports...

Страница 57: ...logged off automatically 0 0 disable 1 30 min applies to both Tx and Rx traffic 31 255 min applies to Tx traffic only Forwarding Character Characters that indicate that data should be placed in a pac...

Страница 58: ...red for the console and is a fixed DTE interface Although this port is primarily used for access to the Supervisor Management system this port can also be used to host Telnet sessions using port 23 an...

Страница 59: ...even odd mark space 8 even odd mark space none Inactivity Timer Timer for inactivity after which the port will be logged off automatically Note that this is also the value used forTelnet sessions and...

Страница 60: ...when statistics were last cleared using the CTRL D option Current status Indicates whether a connection is Up or Down When Spanning Tree is active shows state in current spanning tree Frames The numbe...

Страница 61: ...ropped frames Number of frames dropped due to insufficient switch buffer resources Jabber Counts for when a device on the network continually transmits and does not release the carrier Transmitter fai...

Страница 62: ...flow control has been received Yes No or sent Yes No and shows the number of characters discarded after flow control is sent Flow control can be XON XOFF or data set signals Incoming Signals Status O...

Страница 63: ...there is more traffic than theDS2000 TS can process Check the Configuration and verify proper flow control operation With an active connection to the Serial Port the following fields will also be disp...

Страница 64: ...onous characters sent received Breaks The number of line breaks received Call Attempts Succeeded Failed The total number of call attempts to and from followed by the number of calls successfully recei...

Страница 65: ...information heading LCN The Logical Channel Number of the active virtual call Call From Port The address assigned to the local port and the physical port number Call To Port The destination s address...

Страница 66: ...w Supervisor connection will have to made through another port Initializing the port being used for a Supervisor session will cause a momentary interruption and the user will have to log back into the...

Страница 67: ...an IP header decode or filter to select only frames from a specific MAC address an IP address or IP address socket number This Port Monitor menu is accessible by entering CTRL O while in the protocol...

Страница 68: ...indicates whether to use frame numbering N N Y Packet Types Indicates the type of packets to display Data Only All Frames Data Only Control Start Channel End Channel Indicates the range of data to dis...

Страница 69: ...r s Guide A 21 MAC Address Filters traffic on the MAC address given None IP Address Filters IP traffic by the address given 0 0 0 0 0 0 0 0 255 255 255 255 TCP Socket Filters TCP IP traffic based on t...

Страница 70: ...APPENDIX A Port Functions Protocol Monitoring DS2000 TS Administrator s Guide A 22...

Страница 71: ...configure the Router functions Terminal Server and Async Services With these menus the user can configure the external connection requirements and assign protocol and interface information The hierar...

Страница 72: ...ration Async Configuration PAD Profiles 2 3 2 1 10 9 Advanced Terminal Server Configuration Logon Screen CTRL O IP Routes Display 4 IP Static Routes IP Filters UDP TCP Filter Table TCP IP Status DHCP...

Страница 73: ...the user to configure and monitor the network The following paragraphs describe the Network submenus shown in the figure below Figure B 2 Networking Setup And Status Menu Networking Setup and Status...

Страница 74: ...on page B 7 When Port based groups are used and you want these specific groups to participate in IP routing IP addresses must be assigned separately for each group as described below There are no defa...

Страница 75: ...status 6 OSPF Configuration Configure OSPF 7 DHCP Configure and display DHCP 8 VPN Configure and display VPNs 9 VRRP Configure and display VRRP groups 10 TCP Multicast Configure and display TCP Multic...

Страница 76: ...be flushed by pressing CTRL F Use caution when considering flushing the learned tables Immediately after flushing the tables the router will be unable to Route messages until the routing protocols re...

Страница 77: ...of hops in a dynamic route using RIP to the same IP network then the dynamic route will be used When you have completed your configuration enter Y in the Process Static Routes field and press Enter A...

Страница 78: ...fic IP destination address configured NetB Netboth filters both the source and destination network addresses based on the masks entered on the same line NetS Netsource filters the source network addre...

Страница 79: ...address according to the following sorting rules 1 Entries with specific addresses appear before entries with masks 2 Addresses and masks are sorted from low to high values 3 Actions are sorted in ord...

Страница 80: ...n in this screen can help assist the user in determining if connections are being made to the DS2000 TS as well as the port connections made and if traffic is passing Figure B 9 TCP Connection Status...

Страница 81: ...address and the BootP server s IP Address BootP sends its messages in UDP headers enclosed in IP datagrams In many cases BootP clients and their associated BootP server s do not reside on the same IP...

Страница 82: ...es the IP addresses that are held by the DS2000 TS DHCP Server and allocated upon request to the devices attached to the DS2000 TS NOTE The total number of IP Addresses that the DS2000 TS DHCP server...

Страница 83: ...d by entering 0 hours For each address or address range additional parameters can be provided to the requesting device These include One to three DNS server addresses A default router address A MAC ad...

Страница 84: ...n the IP addresses to new requests The forced release does not release the addresses within the attached devices The devices will either make a new DHCP request once the previously assigned IP address...

Страница 85: ...t assigned an IP from the DHCP server and is identified by the user when they make a request Status Free unassigned IP address Expired timed out Alloc Allocated Active and current IP address Time Hour...

Страница 86: ...y cryptographic keys required to provide the requested services IPSec can be used to protect one or more paths between a pair of hosts between a pair of security gateways or between a security gateway...

Страница 87: ...Last changed 0 0 90 0 00 00 Enter command number __________ DynaStar_24 ___________ To add entry just press RET Press ESC to return to previous menu To edit enter service RET Cursor up down for more e...

Страница 88: ...rements up to 9999 days If the initiator and responder Lifetime values are not the same the shortest duration will be adopted at both ends 0 unlimited 1 9999 days 0 default IKE Setup Main is a 6 step...

Страница 89: ...f the cryptographic algorithm although certain algorithm sets are specified as mandatory for support in the interest of interoperability The AH protocol defines methods of establishing the identity of...

Страница 90: ...Table B 4 Protocol The method of encapsulation AH authentication header ESP encapsulating security protocol SPI A unique identifier for each connection Usually a random number displayed in hexadecima...

Страница 91: ...ound under 2 Network 1 Router 10 TCP Multicast The Multicast Destinations screen is shown in Figure B 19 Table B 4 Phase 1 and Phase 2 Stat es State Description Phase 1 States VPN IDLE No setup attemp...

Страница 92: ...toggle to obtain the source name Note that destinations can be terminated on the same DS2000 TS as the source They can be converted to X 25 via X25 OUT or they can be routed to another device Multica...

Страница 93: ...fined by user up to 14 characters Type Fixed Not changeable in this menu see advanced menu to toggle IP ASY IP ASY ASY IP Local Socket Socket number assigned to port 10101 for Serial1 10102 for Serial...

Страница 94: ...ed or customer defined profile for the async connection 89 14 Refer to PAD profiles in Appendix B N etwork Commands Table B 5 Terminal Server Configuration Attributes Continued Parameter Description D...

Страница 95: ...n to the host in behalf of the attached async client IP ASY IP ASY ASY IP Local Socket Socket number assigned to port 10101 for Serial1 10102 for Serial2 etc 1 16959 Remote Socket This is the remote s...

Страница 96: ...r a LAN LAN and one set up for SCADA traffic 85 The remaining profiles are set to default values that match theCRT profile For convenience all profiles can be referenced by a second set of numbers fro...

Страница 97: ...priate parameter Press tab or Enter to go to the next field Invalid values will not be allowed 7 When necessary changes are completed enter Y in the Process Selections field and press Enter The X 3 pa...

Страница 98: ...CRT Enter value Permitted values 1 PAD recall 1 0 no escape 1 DLE 32 126 define char 2 PAD echo 1 0 no echo 1 echo 3 Data forwarding chars 2 0 1 2 4 8 16 32 64 128 3 255 4 Idle timer 0 0 disabled 1 2...

Страница 99: ...16 EXT EOT 18 EXT EOT CR 126 All chars DEL 127 Forward on every character 128 n Forward after n characters 4 Idle Timer Indicates that a partially filled packet will be forwarded if nothing is receive...

Страница 100: ...o seven NULLs as indicated 10 Line Folding Indicates the number of characters to have per line 0 No line folding 1 255 The number of characters per line 11 Baud Rate The terminal speed This is a read...

Страница 101: ...CAN 25 127 Specified character from IA5 18 Line Display Indicates which character is used for the line display function 0 17 Specified character from IA5 18 DC2 19 127 Specified character from IA5 19...

Страница 102: ...line The screen is shown in Figure B 25 Figure B 25 Logon Screen 22 Page Wait Indicates the number of LFs that constitute a page 0 No page wait 1 255 LFs used by the PAD for the page wait function Tab...

Страница 103: ...E TERMINAL SERVER view the event log monitor the buffer usage change the system name set the system time and date and set the SNMP parameters The System Functions hierarchy is shown in the figure belo...

Страница 104: ...ws an operator to delete unwanted copies of the file system to make space for new versions It also enables defragmentation of the file system Deleting a file simply marks the file as unusable defragme...

Страница 105: ...lections field and press Enter C 3 1 Cold Restart This option is used to reboot the DS2000 TS system The system will reboot using FACTORY DEFAULTS all pre configured options will be lost Use EXTREME C...

Страница 106: ...on the system C 3 3 Reinitialize This option is only available if there is a compressed configuration file present cnfgload cmp Selecting this option uses the cnfgload cmp file when booting Since thi...

Страница 107: ...0 pV 206 NUM 100 sub 6 2004 07 29 13 24 20 pV 207 NUM 100 sub 7 2004 07 29 13 24 20 pV 208 NUM 100 sub 8 2004 07 29 13 24 20 pV 215 NUM 100 sub 15 2004 07 29 13 24 21 pV 101 NUM 100 sub 1 2004 07 29 1...

Страница 108: ...the number of free buffers This information can be used by your DS2000 TS technical support representative for troubleshooting The Buffer Pool Status screen is shown in Figure C 6 Figure C 6 Buffer Po...

Страница 109: ...hanumeric characters appears at the bottom of DS2000 TS Supervisor screens as a navigation aid Spaces are not allowed in this name The Supervisor Console Herald appears as a greeting on the initial DS...

Страница 110: ...ed values Save the new values by exiting through the Process selections command in the bottom right of the screen The Real Time Clock is battery backed up Figure C 8 Change System Date Time Menu Chang...

Страница 111: ...sed to set the MIB II sysDescr variable DynaStar 2000 48 characters System Contact The name of a contact person for the DS2000 TS together with information on how to contact this person It is used by...

Страница 112: ...no authentication failure trap is issued null 48 characters Trap IP Address When a trap condition occurs the SNMP agent sends an SNMP trap PDU to this address s management station Addresses can be en...

Страница 113: ...ystem by controlling user names user passwords granting access to functional levels of the Supervisor and by enforcing controlled password usage The hierarchy of Security Commands is shown in the figu...

Страница 114: ...their access authorizations Only the Root user can change the names passwords and access capabilities of these operators By default Operator_1 through _5 do not have passwords assigned to them These...

Страница 115: ...nter After entering a new password a message to Re enter password will appear on the screen just enter the password and press Enter one more time As long as the password was typed in exactly the same...

Страница 116: ...ss Menu The Operator Access screen provides a list of the defined users To change the access permissions for any given user enter the number of the operator whose access authorization you want to chan...

Страница 117: ...ng Enter When you have finished configuring the operator access for the operator that was selected enter Y in the Process selections field and press Enter Repeat this process for each of the other ope...

Страница 118: ...a password of at least eight characters with at least one alphabetic and one numeric character as part of the password The Security Options menu is found in the Security Functions menu by selecting 3...

Страница 119: ...UserID if it can be determined of the user that caused the event The address if it can be determined of the user that caused the event The local DS2000 TS port over which the console session is transm...

Страница 120: ...ole 2005 06 06 9 25 57 Logon ROOT Console 2005 06 06 9 26 10 Logon ROOT Console 2005 06 06 9 55 02 PwdErr No User ID Console 2005 06 06 9 55 04 Logon ROOT Console 2005 06 06 9 57 25 Logon ROOT Console...

Страница 121: ...id UserID is used Y Log Max Failed UserID When enabled generates a log entry if the maximum permissible successive number of UserID failures occurs The maximum is fixed at 3 Y Alarm Logons When enable...

Страница 122: ...APPENDIX D Security Commands Security Options DS2000 TS Administrator s Guide D 10...

Результаты поиска

Содержание DynaStar DS2000-TS

Отзывы:

Похожие инструкции для DynaStar DS2000-TS

Бренды по названию

Популярные бренды

GarrettCom DynaStar DS2000-TS, Руководство администратора

Результаты поиска

Содержание DynaStar DS2000-TS

Отзывы:

Похожие инструкции для DynaStar DS2000-TS

Бренды по названию

Популярные бренды