manualshive.com logo in svg

Opengear ACM5000, Руководство пользователя

Opengear ACM5000 - устройство удаленного управления с возможностью скачать бесплатное руководство пользователя на нашем веб-сайте. Получите подробную информацию о настройке и использовании этого продукта, загрузив руководство прямо с manualshive.com. Ваш ключ к успешной установке и безопасному управлению с Opengear ACM5000.

Поделиться
Скачать
background image

Chapter 9: 

Authentication

 

 

 

196

 

Console Server & RIM Gateway User Manual 

If a local user logs in, they may be authenticated/ authorized from the remote AAA server, depending on the chosen 
priority of the remote AAA.  A local user's authorization is the union of local and remote privileges. 

Example 1: 

User Tim is locally added, and has access to ports 1 and 2.  He is also defined on a remote TACACS server, 
which says he has access to ports 3 and 4.  Tim may log in with either his local or TACACS password, and will 
have access to ports 1 through 4.  If TACACS is down, he will need to use his local password, and will only be 
able to access ports 1 and 2. 

Example 2: 

User Ben is only defined on the TACACS server, which says he has access to ports 5 and 6.  When he attempts 
to log in a new user will be created for him, and he will be able to access ports 5 and 6.  If the TACACS server is 
down he will have no access. 

Example 3: 

User Paul is defined on a RADIUS server only.  He has access to all serial ports and network hosts. 

Example 4: 

User Don is locally defined on an appliance using RADIUS for AAA.  Even if Don is also defined on the RADIUS 
server he will only have access to those serial ports and network hosts he has been authorized to use on the 
appliance. 

If a “no local AAA” option is selected, then root will still be authenticated locally.   

Remote users may be added to the admin group via either RADIUS or TACACS.  Users may have a set of authorizations 
set on the remote TACACS server.  Users automatically added by RADIUS will have authorization for all resources, 
whereas those added locally will still need their authorizations specified. 

LDAP has not been modified, and will still need locally defined users.   

Note

 

To interact with RADIUS,  and LDAP with 

console server

 firmware pre 2.4.2 you must also set up the 

user accounts on the local 

console server

.  All resource authorizations must be added to the local appliance. With 

this release if remote AAA is selected, it is used for password checking only.  Root is always authenticated locally.  
Any changes to PAM configurations will be destroyed next time the authentication configurator is run 

9.1.6 

Group support with remote authentication 

All 

console servers

 allow remote authentication via RADIUS, LDAP and . With Firmware V3.2 and later, 

RADIUS and LDAP can provide additional restrictions on user access based on group information or membership.   For 
example, with remote group support, RADIUS and LDAP users can belong to a local group that has been setup to have 
restricted access to serial ports, network hosts and managed devices. 

Remote authentication with group support works by matching a local group name with a remote group name provided by 
the authentication service. If the list of remote group names returned by the authentication service matches any local 
group names, the user is given permissions as configured in the local groups. 

To enable group support to be used by remote authentication services:  

  Select 

Serial & Network:

 

Authentication 

  Select the relevant 

Authentication Method 

  Check the 

Use Remote Groups 

button

 

Содержание ACM5000

Страница 1: ...Advanced Console Server RIM Gateway User Manual 1 User Manual ACM5000 ACM5500 RIM Gateways IM4000 IM4200 DCIM Managers CM4000 DCIM Console Servers SD4000 Secure Device Server Rev 4 5 April 16th 2012...

Страница 2: ...tective grounding conductor must be connected through to ground Always pull on the plug not the cable when disconnecting the power cord from the socket Do not connect or disconnect the console server...

Страница 3: ......

Страница 4: ...rial Port Connection 25 2 4 1 Opengear Classic RJ45 pinout option X0 26 2 4 2 Cisco Rolled Cyclades RJ45 pinout option X1 26 2 4 3 Cisco RJ45 pinout option X2 27 2 5 USB Port Connection 27 2 6 Fitting...

Страница 5: ...77 4 10 3 Windows OpenVPN Client and Server set up 80 4 11 PPTP VPN 84 4 11 1 Enable the PPTP VPN server 84 4 11 2 Add a PPTP user 86 4 11 3 Set up a remote PPTP client 86 4 12 Call Home 88 4 12 1 Set...

Страница 6: ...thentication 134 6 8 Setting up SDT for Remote Desktop access 134 6 8 1 Enable Remote Desktop on the target Windows computer to be accessed 134 6 8 2 Configure the Remote Desktop Connection client 136...

Страница 7: ...sors 186 8 3 4 Environmental alerts 188 8 3 5 Environmental status 188 8 4 Digital I O Ports 189 8 4 1 Digital I O Output Configuration 189 8 4 2 Digital I O Input Configuration 190 8 4 3 High Voltage...

Страница 8: ...ve Users 234 12 2 Statistics 234 12 3 Support Reports 235 12 4 Syslog 236 12 5 Dashboard 236 12 5 1 Configuring the Dashboard 237 12 5 2 Creating custom widgets for the Dashboard 238 MANAGEMENT 240 13...

Страница 9: ...tc config snmpd conf 284 15 5 5 Adding multiple remote SNMP managers 285 15 6 Secure Shell SSH Public Key Authentication 286 15 6 1 SSH Overview 286 15 6 2 Generating Public Keys Linux 286 15 6 3 Inst...

Страница 10: ...Table of Contents 10 Console Server RIM Gateway User Manual...

Страница 11: ......

Страница 12: ...that will be supported 4 Serial Network Covers configuring serial ports and connected network hosts and setting up users 5 Firewall Failover OoB Describes setting up the firewall router functions and...

Страница 13: ...n access serial or network connected devices and control these devices using the specified services e g Telnet HHTPS RDP IPMI Serial over LAN Power Control An authorized User also has a limited view t...

Страница 14: ...an action you should take as part of the procedure Bold text indicates text that you type or the name of a screen object e g a menu or button on the Management Console Italic text is also used to indi...

Страница 15: ...t could include technical inaccuracies or typographical errors Changes are periodically made to the information herein these changes may be incorporated in new editions of the publication Proper back...

Страница 16: ...02 2 1 1 Temp probes 02 Ext AC DC ACM5004 4 1 1 Temp probes 02 Ext AC DC ACM5004 2 4 2 2 Temp probes 02 Ext AC DC ACM5003 M 3 1 1 Internal Temp probes 02 Ext AC DC ACM5003 W 3 1 1 802 11 Temp probes 0...

Страница 17: ...The sections below show the components shipped with each of these models 2 1 1 IM4208 2 IM4216 2 IM4232 2 IM4248 2 and IM4216 34 kit components Part 509006 Part 509007 Part 509008 Part 509009 IM4216...

Страница 18: ...e parts shown above and that they all appear in good working order Proceed to connect your IM4004 5 to the network the serial ports USB ports and LAN ports of the controlled devices and to the AC powe...

Страница 19: ...e parts shown above and that they all appear in good working order Proceed to connect your CM4008 to the network the serial ports of the controlled servers and AC power as shown below 2 1 5 CM4001 and...

Страница 20: ...M5000 kit components Part 509054 Part 509055 Part 509056 Part 509057 Part 509058 Part 509059 Part 509000 Part 509073 ACM5002 Advanced Console Server ACM5003 M ACM5003 W ACM5004 ACM5004 2 ACM5004 G ACM...

Страница 21: ...34 DAC IM4208 2 DAC IM4216 2 DAC IM4232 2 DAC and IM4248 2 DAC power These standard IM42xx and IM4216 34 console servers all have dual universal AC power supplies with auto failover built in These pow...

Страница 22: ...in sequence 2 2 4 CM4001 SD4002 and SD4001 power The CM4001 SD4002 and SD4001 models are each supplied with an external DC wall mount power supply A specific power supply models for each region will...

Страница 23: ...ecting the DC power lines to a power plug that plugs into the 12VDC PWR jack Similarly the ACM5500 can be powered by connecting an external 9V AC to 24V AC power source to this jack The industrial ACM...

Страница 24: ...ower supply Turn on the DC power The safety covers are an integral part of the DDC product Do not operate the unit without the safety cover installed Any exposed wire lead from a DC input power source...

Страница 25: ...of an external device to the console server serial port confirm that the device does support the standard RS 232C EIA 232 The console servers come with one to forty eight serial connectors for the RS2...

Страница 26: ...ic RJ45 pinout option X0 The CM4000 CM4100 and IM4004 models have the Opengear Classic RJ45 pinout shown below The IM4200 console servers are also available with this RJ45 pinout as an option PIN SIGN...

Страница 27: ...X2 G and IM42xx 2 DAC X0 G models have one USB1 1 port on the front face and one USB 2 0 port at the rear face This USB2 0 port uses a micro AB USB connector so an adapter cable is also included Thes...

Страница 28: ...rear of the ACM5004 G GI Then place the unit and or aerial in a location that will ensure the best signal The ACM5504 5 G I ACM5004 G I and current revisions of the ACM5004 G GV all come with dual SMA...

Страница 29: ...cellular modems from Sierra Wireless The USB modem attaches to one of the rear USB 2 0 ports on the IM4200 DAC X2 via the modem s USB adapter cable Similarly external USB cellular modem can be attach...

Страница 30: ...address of 192 168 0 1 the console server and the computer are on the same LAN segment with no interposed router appliances 3 1 1 Connected computer set up To configure the console server with a brow...

Страница 31: ...s 192 168 100 23 00 13 C6 00 02 0F Type ping t 192 18 100 23 to start a continuous ping to the new IP Address Turn on the console server and wait for it to configure itself with the new IP address It...

Страница 32: ...m Firewall page Refer Chapter 5 Enable IP masquerading for cellular connection System Firewall page Refer Chapter 5 After completing each of the above steps you can return to the configuration list by...

Страница 33: ...which each can contain up to 254 characters However only the first eight Password characters are used to make the password hash The MOTD Banner can be used to display a message of the day text to auth...

Страница 34: ...it is to be connected to On the System IP menu select the Network Interface page then check DHCP or Static for the Configuration Method If you selected Static you must manually enter the new IP Addre...

Страница 35: ...re your computer so it has an IP address that is in the same network range as this new address as detailed in an earlier note in this chapter Click Apply You will need to reconnect the browser on the...

Страница 36: ...ny of the Ethernet or cellular network connections on the console server by default DDNS is disabled on all ports Select the DDNS service provider from the drop down Dynamic DNS list on the System IP...

Страница 37: ...02 11 wireless OoB Failover second Ethernet connections VPN IPSec or Open VPN connection over any network interface Check uncheck for each network which service access is to be enabled disabled In the...

Страница 38: ...d console server then enabling this service will set up default tftp and ftp server on the USB flash These servers are used to store config files maintain access and transaction logs etc Files transfe...

Страница 39: ...have appropriate communications software tools set up on the Administrator and User client s computer Opengear provides the SDT Connector as the recommended client software tool however other generic...

Страница 40: ...T Connector can be installed on Windows 2000 XP 2003 7 Vista PCs and on most Linux UNIX and Solaris 3 5 2 PuTTY Communications packages like PuTTY can be also used to connect to the Console server com...

Страница 41: ...your username and password from the remote system You will then be logged on to the console server 3 6 Management Network Configuration The IM4200 IM4004 5 ACM5500 and ACM5004 2 console servers have...

Страница 42: ...nfigured with an active Management LAN This can be a 4 port ETH1 4 Management LAN switch or a 3 port ETH2 4 switch with ETH 1 configured for OoB Failover The above Management LAN features are all disa...

Страница 43: ...the DHCP Server field or go to the System DHCP Server menu and check Enable DHCP Server Enter the Gateway address that is to be issued to the DHCP clients If this field is left blank the console serv...

Страница 44: ...llocated in the event of a reboot 3 6 3 Select Failover or broadband OoB The IM4200 family ACM5508 2 I M ACM5504 5 G I IM4004 5 and ACM5004 2 console servers provide a failover option so in the event...

Страница 45: ...N function on Network LAN 2 3 6 4 Aggregating the network ports By default the console server s Management LAN network ports can only be accessed using SSH tunneling port forwarding or by establishing...

Страница 46: ...nternal 802 11g wireless client LAN adapter The other ACM5000 models and IM4004 5 models can be fitted externally with a Opengear WUBR 101 802 11g USB dongle To configure the wireless LAN connection L...

Страница 47: ...omatically disables any static address The console server MAC address can be found on a label on the base plate The wireless LAN when enabled will operate as the main network connection to the console...

Страница 48: ...irmware 3 4 and later support static routes which provide a very quick way to route data from one subnet to different subnet So you can hard code a path that specifies to the console server router to...

Страница 49: ...address of a router that will route packets to the destination network Enter a value in the Metric field that represents the metric of this connection This generally only has to be set if two or more...

Страница 50: ...ks nominate specific IP addresses that trusted users access from Cascading and Redirection of Serial Console Ports Connecting to Power UPS PDU and IPMI and Environmental Monitoring EMD devices Serial...

Страница 51: ...protocol options for multiple serial ports at once click Edit Multiple Ports and select which ports you wish to configure as a group If the console server has been configured with distributed Nagios m...

Страница 52: ...ole Server Mode Select Console Server Mode to enable remote management access to the serial console that is attached to this serial port Logging Level This specifies the level of information to be log...

Страница 53: ...s a gateway then as a host and you enable Telnet service on Port 2000 serial port i e 2001 2048 Refer Chapter 6 for more details on using SDT Connector for Telnet and SSH access to devices that are at...

Страница 54: ...the console server serial ports you can use SDT Connector You configure SDT Connector with the console server as a gateway then as a host and you enable SSH service on Port 3000 serial port i e 3001 3...

Страница 55: ...cting Unauthenticated Telnet enables telnet access to the serial port without requiring the user to provide credentials When a user accesses the console server to telnet to a serial port they normally...

Страница 56: ...to computers which are locally connected to the console server by their serial COM port However such port forwarding requires a PPP link to be set up over this serial port For configuration details r...

Страница 57: ...ridging the serial data on a nominated serial port on one console server is encapsulated into network packets and then transported over a network to a second console server where is then represented a...

Страница 58: ...local values and the Priority to critical At this priority if the console server syslog server does receive a message it will automatically raise an alert Refer to Chapter 7 Alerts Logging 4 1 8 NMEA...

Страница 59: ...the IM4208 16 32 48 models However GPS support is not available for devices with an externally attached cellular modem 4 2 Add Edit Users The Administrator uses this menu selection to set up edit and...

Страница 60: ...Administrator access 2 Membership of the user group provides the user with limited access to the console server and connected Hosts and serial devices These Users can access only the Management sectio...

Страница 61: ...minate the Accessible Hosts Accessible Ports and Accessible RPC Outlet s that you wish any users in this new Group to be able to access Click Apply 4 2 1 Set up new Users To set up new users and to cl...

Страница 62: ...ng into this port Enter the Dial Back Phone Number with the phone number to call back when user logs in Click Apply The new user will now be able to access the Network Devices Ports and RPC Outlets yo...

Страница 63: ...ccess a locally networked computer or device referred to as a Host you must identify the Host and specify the TCP or UDP ports services that will be used to control that Host Selecting Serial Network...

Страница 64: ...The Administrator can then configure these devices and enable which users have permissions to remotely cycle power etc refer Chapter 8 Otherwise leave the Device Type set to None If the console serve...

Страница 65: ...permitted connection to the nominated port Host Subnet Address 204 15 5 128 Subnet Mask 255 255 255 224 Click Apply Note The above Trusted Networks will limit access by Users and Administrators to the...

Страница 66: ...ibuted locally on a LAN or remotely around the world 4 6 1 Automatically generate and upload SSH keys To set up public key authentication you must first generate an RSA or DSA key pair and upload them...

Страница 67: ...simply Click here to return and the keys will automatically be uploaded to the Master and connected Slaves 4 6 2 Manually generate and upload SSH keys Alternately if you have a RSA or DSA key pair you...

Страница 68: ...ized Key Click Apply The next step is to Fingerprint each new Slave Master connection This once off step will validate that you are establishing an SSH session to who you think you are On the first co...

Страница 69: ...first Slave added will be assigned port number 17 onwards Once you have added all the Slave console servers the Slave serial ports and the connected devices are configurable and accessible from the M...

Страница 70: ...ay need to write custom scripts to provide this view This is covered in Chapter 11 4 7 Serial Port Redirection PortShare Opengear s Port Share software delivers the virtual serial port technology your...

Страница 71: ...ected or USB if USB connected IP Address if network connected Power PDU outlet details if applicable and any UPS connections Devices such as servers will commonly have more than one power connections...

Страница 72: ...s the RPC UPS Host is not created until this connection step is completed refer Chapter8 Power and Environment Note The outlet names on this newly created PDU will by default be Outlet 1 Outlet 2 When...

Страница 73: ...etween advanced console serves distributed at remote sites and a VPN gateway such as Cisco router running IOS IPsec on their central office network Users and administrators at the central office can t...

Страница 74: ...unnel you are adding such as WestStOutlet VPN Select the Authentication Method to be used either RSA digital signatures or a Shared secret PSK o If you select RSA you will asked to click here to gener...

Страница 75: ...figured enter the private subnet details in Left Subnet Use the CIDR notation where the IP address number is followed by a slash and the number of one bits in the binary notation of the netmask For ex...

Страница 76: ...rver within a data center Configuration of OpenVPN can be complex so Opengear provides a simple GUI interface for basic set up as described below However for more detailed information on configuring O...

Страница 77: ...thority CA certificate and key which is used to sign each of the server and client certificates This Root CA Certificate will be a crt file type For a server you may also need dh1024 pem Diffie Hellma...

Страница 78: ...r Manual To enter authentication certificates and files Edit the OpenVPN tunnel Select the Manage OpenVPN Files tab Upload or browse to relevant authentication certificates and files Apply to save cha...

Страница 79: ...way User Manual 79 To enable OpenVPN Edit the OpenVPN tunnel Check the Enabled button Apply to save changes Note Please make sure that the console server system time is correct when working with OpenV...

Страница 80: ...is section outlines the installation and configuration of a Windows OpenVPN client or a Windows OpenVPN server and setting up a VPN connection to a console server Console servers with firmware V3 5 2...

Страница 81: ...le will need to be created Using a text editor create an xxxx ovpn file and save in C Program Files OpenVPN config For example C Program Files OpenVPN config client ovpn An example of an OpenVPN Windo...

Страница 82: ...ccess the server enter the proxy server DNS name or IP and port number ca file name Enter the CA certificate file name and location The same CA certificate file can be used by the server and all clien...

Страница 83: ...ying of the successful connection and assigned IP This information as well as the time the connection was established is available anytime by scrolling over the OpenVPN icon Note An alternate OpenVPN...

Страница 84: ...s clients If you take your portable computer on a business trip you can dial a local number to connect to your Internet access service provider ISP and then create a second connection tunnel into your...

Страница 85: ...e client password is transmitted unencrypted None Select the Required Encryption Level Access is denied to remote users attempting to connect not using this encryption level Strong 40 bit or 128 bit e...

Страница 86: ...client Ensure the remote VPN client PC has Internet connectivity To create a VPN connection across the Internet you must set up two networking connections One connection is for the ISP and the other c...

Страница 87: ...remote VPN clients to the local network you need to know the user name and password for the PPTP account you added as well as the Internet IP address of the Opengear appliance If your ISP has not all...

Страница 88: ...ach of its Managed Console Servers These connections are used for monitoring commanding and accessing the Managed Console Servers and the Managed Devices connected to the Managed Console Server To man...

Страница 89: ...4 12 2 Accept Call Home candidate as Managed Console Server on CMS This section gives an overview on configuring the CMS to monitor console servers that are connected via Call Home For more details r...

Страница 90: ...lick Add o Enter IP Address and SSH Port if these fields have not been auto completed and enter a Description and unique Name for the Managed Console Server you are adding o Enter the Remote Root Pass...

Страница 91: ...may create a Remote port forward from the Server to this unit or a Local port forward from this unit to the Server Specify a Listening Port to forward from leave this field blank to allocate an unused...

Страница 92: ...sole server All IM4200 models ACM5508 2 M and ACM5003 M come with an internal modem which can provide for OoB dial in access These models will display a Internal Modem Port tab under System Dial as we...

Страница 93: ...editing etc mgetty config files as described in the Chapter 14 Advanced Check the Enable Dial In Access box In the Remote Address field enter the IP address to be assigned to the dial in client You c...

Страница 94: ...Chapter 5 Firewall Failover and Out of Band 94 Console Server RIM Gateway User Manual...

Страница 95: ...line level 5 2 2 Using SDT Connector client Administrators can use their SDT Connector client to set up secure OoB dial in access to remote console servers The SDT Connector Java client software prov...

Страница 96: ...e console server can be set up either in Failover mode where a dial out connection is only established in event of a ping failure or with the dial out connection is always on In both of the above case...

Страница 97: ...connection However in firmware versions later than 3 0 2 HTTPS access is also enabled So the administrator can then SSH or HTTPS connect to the console server and fix the problem When configuring the...

Страница 98: ...e modem Note You can further configure the console modem port e g to include modem init strings by editing etc mgetty config files as described in the Chapter 13 Advanced Check the Enable Dial Out Acc...

Страница 99: ...r The failover state will be removed once the original state has been re established 5 4 OoB Broadband Ethernet Access The ACM5500 ACM5000 IM4004 5 and IM4200 family of advanced console servers have a...

Страница 100: ...0 ACM5000 IM4004 5 and IM4200 family of advanced console servers can also be configured for failover to ensure transparent high availability When configuring the principal network connection specify M...

Страница 101: ...priority and reestablished following three successful pings of the probe addresses during failover The failover state will be removed once the original state has been re established Note For firmware...

Страница 102: ...B 2 0 ports Before powering on the ACM5004 G I ACM55044 5 G I or IM4200 X2 G you must install the SIM card provided by your cellular carrier and attach the external aerial Note The ACM5004 G I and ACM...

Страница 103: ...o enable Override DNS check the Override returned DNS Servers box Enter the IP of the DNS servers into the spaces provided Check Apply and a radio connection will be established with your cellular car...

Страница 104: ...zon uses 22899 Telus uses 22886 Click Activate to initiate the OTASP call The process is successful if no errors are displayed and you no longer see the CDMA Modem Activation form If OTASP is unsucces...

Страница 105: ...k Activate If no errors occur you will see the new values entered into the NAM Profile at the Cellular page on Status Statistics Navigate to the Internal Cellular Modem tab on System Dial To connect t...

Страница 106: ...cellular modem connection on you can also see the connection status from the LEDs on top of unit Note The ACM5004 G I and ACM5504 5 G Ihas two cellular status LEDs The WWAN LED on top of unit is OFF w...

Страница 107: ...d the cellular modem connection is always on However to be directly accessed the console server needs to have a Public IP address and it must not have SSH access firewalled Almost all carriers offer c...

Страница 108: ...the principal network the 3G network connection is activated as the access path to the console server and its Managed Devices Only HTTPS and SSH access is enabled on the failover connection which sho...

Страница 109: ...8 5 7 4 Cellular CSD dial in setup Once you have configured carrier connection the cellular modem can be configured to receive Circuit Switched Data CSD calls Note CSD is a legacy form of data transm...

Страница 110: ...rver RIM Gateway User Manual 5 8 Firewall Forwarding Opengear console servers and cellular routers with Version 3 3 firmware and beyond have basic routing NAT Network Address Translation packet filter...

Страница 111: ...connections originating within the private network destined for the outside public network and each outbound connection is maintained by using a different source IP port number When using IP Masquerad...

Страница 112: ...work to enable Forwarding For example to configure a single Ethernet device such as an ACM5004 G as a cellular router The Source Network would the Network Interface and the Destination Network would b...

Страница 113: ...tatic gateway address being the address of the console server and set the DNS server address to be the same as used on the external network i e if the console server is acting as an internet gateway o...

Страница 114: ...the external network i e if the console server is acting as an internet gateway or a cellular router then use the ISP provided DNS server address Enter the Default Lease time and Maximum Lease time i...

Страница 115: ...m Firewall page and click on the Port Forwarding tab Click Add New Port Forward Fill in the following fields Name Name for the port forward This should describe the target and the service that the por...

Страница 116: ...rotocols For example to forward port 8443 to an internal HTTPS server on 192 168 10 2 the following settings would be used Input Interface Any Input Port Range 8443 Protocol TCP Output Address 192 168...

Страница 117: ...XX where XX are hex digits Source Address Range Specify the source IP address or address range to match IP address ranges use the format ip netmask where netmask is in bits 1 32 This may be left blank...

Страница 118: ...coming traffic on all interfaces from the SysAdmin To allow all incoming traffic from Tony To block all incoming traffic from the Network Interface Interface Any Any Network Interface Port Range Any A...

Страница 119: ......

Страница 120: ...ices in the secure network With one click SDT Connector sets up a secure SSH tunnel from the client to the selected console server then establishes a port forward connection to the target network conn...

Страница 121: ...sers can be authorized to access the console server ports and specified network attached hosts To simplify configuration the Administrator can first set up Groups with group access permissions then Us...

Страница 122: ...so supported however they must have Firefox installed SDT Connector can run on any system with Java 1 4 2 and above installed but it assumes the web browser is Firefox and that xterm e telnet opens a...

Страница 123: ...nstructions for a range of routers Also you can use the Open Port Check tool from http www canyouseeme org to check if port forwarding through local firewall NAT router devices has been properly confi...

Страница 124: ...redirected configure access to the console server itself this is shown as a Local Services host configure access with the enabled services for the serial port devices connected to the console server N...

Страница 125: ...ices support at least 10 simultaneous client tunnels ACM5000 ACM5500 IM4216 4248 and CM4116 4148 each support at least 50 such concurrent connections So for a site with a CM4116 gateway you can have a...

Страница 126: ...b Click Add Enter a Service Name and click Add Under the General tab enter the TCP Port that this service runs on e g 80 for HTTP Optionally select the client to use to access the local endpoint of th...

Страница 127: ...pecify Advanced port redirection options Enter the local address to bind to when creating the local endpoint of the redirection It is not usually necessary to change this from localhost Enter a local...

Страница 128: ...ation SDT Connector typically launches a client using command line arguments to point it at the local endpoint of the redirection There are three special keywords for specifying the command line forma...

Страница 129: ...ion If the client PC is dialing into Local Console port on the console server you will need to set up a dial in PPP link Configure the console server for dial in access following the steps in the Conf...

Страница 130: ...s to the gateway console you must configure the console server to allow port forwarded network access to itself With V3 3 firmware and later this can be done using the console server Management Consol...

Страница 131: ...erial console on the device attached to serial port 2 on the gateway To enable SDT Connector to access to devices connected to the gateway s serial ports you must also configure the Console server its...

Страница 132: ...ection may be achieved by initiating a dial up connection or adding an alternate route to the gateway SDT Connector allows for maximum flexibility is this regard by allowing you to provide your own sc...

Страница 133: ...you connect to a service on a host behind the gateway or to the console server gateway itself SDT Connector will initiate the OoB connection using the provided Start Command The OoB connection isn t...

Страница 134: ...You may have to restart SDT Connector to shut down any existing tunnels that were established using password authentication Also if you have a host behind the console server that you connect to by cl...

Страница 135: ...ess open User Accounts in the Control Panel and proceed through the steps to nominate the new user s name password and account type Administrator or Limited Note With Windows XP Professional and Vista...

Страница 136: ...then Communications and click Remote Desktop Connection In Computer enter the appropriate IP Address and Port Number Where there is a direct local or enterprise VPN connection enter the IP Address of...

Страница 137: ...s NT 4 0 and Windows 2000 When run this software allows these older Windows platforms to remotely connect to a computer running current Windows B On a Linux or UNIX client PC Launch the open source rd...

Страница 138: ...l Network Computing VNC Users and Administrators can securely access and control Windows Linux Macintosh Solaris and UNIX computers There s a range of popular VNC software available UltraVNC RealVNC T...

Страница 139: ...nt for cross platform and minimalist reasons UltraVNC runs under Windows operating systems 95 98 Me NT4 2000 XP 2003 Download UltraVNC from Sourceforge s UltraVNC file list B For Linux servers and cli...

Страница 140: ...ission on the Server or use a plain wallpaper Refer to http doc uvnc com for detailed configuration instructions To establish the VNC connection first configure the VNC Viewer entering the VNC Server...

Страница 141: ...ote access of a home network using SSH Remote Desktop and VNC for the home user http theillustratednetwork mvps org RemoteDesktop SSH RDP VNC RemoteDesktopVNCandSSH html Taking your desktop virtual wi...

Страница 142: ...ow to set up an advanced network connection between the Windows computer through its COM port to the console server Both Windows 2003 and Windows XP Professional allow you to create a simple dial in s...

Страница 143: ...addresses which are not used anywhere else on your network The From address will be assigned to the Windows XP 2003 computer and the To address will be used by the console server For simplicity use th...

Страница 144: ...it is a simply task to enable the null modem connection for the dial in configuration C For earlier version Windows computers again follow the steps in Section B above however to get to the Make New C...

Страница 145: ...have setup on the console server that has access to the desired port Next you need to add a New SDT Host In the Host address you need to put portxx where xx the port you are connecting to Example for...

Страница 146: ...in Add new forwarded port enter any high unused port number for the Source port e g 54321 Set the Destination IP details If your destination device is network connected to the console server and you a...

Страница 147: ...e Add button Click Open to SSH connect the Client PC to the console server You will now be prompted for the Username Password for the console server user If you are connecting as a User in the users g...

Страница 148: ...ypted So a malicious user could snoop your VNC session Also there are VNC scanning programs available which will scan a subnet looking for PCs which are listening on one of the ports which VNC uses Tu...

Страница 149: ......

Страница 150: ...models can maintain log records of all access and communications with the console server and with the attached serial devices A log of all system activity is also maintained as is a history of the sta...

Страница 151: ...eout for the time in seconds after resolution to delay before this Auto Response can be triggered again Check Repeat Trigger Actions to continue to repeat trigger action sequences until the check is r...

Страница 152: ...ition In the Environmental Check menu select the specific Environmental Sensor to be checked for the trigger Specify the Trigger value in C F for Temp and for Humidity that the check measurement must...

Страница 153: ...fore configuring Alarms Digital Inputs checks in Auto Response you first must configure the sensor DIO that is to be attached to your EMD or ACM5000 7 2 3 UPS Power Supply To use the properties of any...

Страница 154: ...ched UPS 7 2 5 Serial Login Logout To monitor serial ports and check for login logout or pattern matches for Auto Response triggers events Click on Serial Login Logout as the Check Condition Then in t...

Страница 155: ...resolve actions will not be run 7 2 6 ICMP Ping To use a ping result as the Auto Response trigger event Click on ICMP Ping as the Check Condition Specify which Address to Ping i e IP address or DNS n...

Страница 156: ...trigger check script file e g etc config test sh bin sh logger A test script logger Argument1 1 logger Argument2 2 logger Argument3 3 logger Argument4 4 if f etc config customscript 0 then rm etc conf...

Страница 157: ...Response Click on SMS Command as the Check Condition Specify which Phone Number in international format of the phone sending the SMS message Set the Incoming Message Pattern PCRE regular expression to...

Страница 158: ...us it could be online onbatt battlow AR_CHECK_DEV the device name of the device being checked e g for Alarm the alarm name TIMESTAMP the current timestamp HOSTNAME the hostname of the console server T...

Страница 159: ...Leave as 0 for unlimited Enter any Arguments that are to be passed to the script and click Save New Action 7 3 5 Send SNMP Trap Click on Send SNMP Trap as the Add Trigger Action Enter a unique Action...

Страница 160: ...on Delay Times set 7 5 Configure SMTP SMS SNMP and or Nagios service for alert notifications The Auto Response facility enables remote alerts to be sent as Trigger and Resolve Actions Before such aler...

Страница 161: ...ators who provide email to SMS forwarding to phones on any carriers Alternately if your console server has an embedded or externally attached cellular modem you will be given the option to send the SM...

Страница 162: ...P connection Note The option to directly send SMS alerts via the cellular modem was included in the Management GUI in V3 4 Advanced console servers have had the gateway software SMS Server Tools 3 emb...

Страница 163: ...s running SNMP belong It helps define where information is sent SNMP default communities are private for Write and public for Read Configure SNMP v3 if required For SNMP v3 messages the user s details...

Страница 164: ...y configure a Primary SNMP server from the Management Console Refer Chapter 15 5 for details on configuring the snmptrap daemon to send traps notifications to multiple remote SNMP servers 7 5 4 Send N...

Страница 165: ...d of all serial port activity To specify which serial ports are to have activities recorded and to what level data is to be logged Select Serial Network Serial Port and Edit the port to be logged Spec...

Страница 166: ...etwork attached Hosts For each Host when you set up the Permitted Services which are authorized to be used you also must set up the level of logging that is to be maintained for each service Specify t...

Страница 167: ...console server also logs access and communications with network attached hosts and maintain a history of the UPS and PDU power status To activate and set the desired levels of logging for each serial...

Страница 168: ...rly network attached PDUs can be controlled with a browser e g with SDT as detailed in Chapter 6 3 or an SNMP management package or using the vendor supplied control software Also servers and network...

Страница 169: ...responding Host Name Description that you set up for that connection will be entered as the Name and Description for the power device Alternately if you select to Connect Via a Serial connection then...

Страница 170: ...upported by the embedded PowerMan and Opengear s power manager Enter the Username and Password used to login into the RPC Note that these login credentials are not related the Users and access privile...

Страница 171: ...ure the RPC with the number of outlets specified in the selected RPC Type or will query the RPC itself for this information Note Opengear s console servers support the majority of the popular network...

Страница 172: ...strips and servers with embedded IPMI service processors or BMCs Select the Manage Power and the particular Target power device to be controlled and the Outlet to be controlled if the RPC supports out...

Страница 173: ...3 Click on View Log or select the RPCLogs menu and you will be presented with a table of the history and detailed graphical information on the selected RPC Click Manage to query or control the individ...

Страница 174: ...hapter 8 2 6 8 2 1 Managed UPS connections A Managed UPS is a UPS that is directly connected as a Managed Device to the console server It can be connected by serial or USB cable or by the network The...

Страница 175: ...S refer Chapter 4 1 1 Common Settings Then select UPS as the Device Type Similarly for each network connected UPS go to Serial Network Network Hosts menu and configure the UPS as a connected Host by s...

Страница 176: ...d in Serial Networks Users Groups Select the action to take when UPS battery power becomes critical i e Shut down the UPS or Shut down all Managed UPSes or simply Run until failure Note The shutdown s...

Страница 177: ...only run when then UPS reaches critical battery status Click Apply Note You can also customize the upsmon upsd and upsc settings for this UPS hardware directly from the command line 8 2 2 Remote UPS m...

Страница 178: ...to be logged These logs can then be viewed from the Status UPS Status screen Check Enable Shutdown Script if this remote UPS is the UPS providing power to the console server itself In the event the UP...

Страница 179: ...d computers and other equipment without them have a client running e g communications and surveillance gear Set up a UPS alert and using this to trigger a script which control a PDU to shut off the po...

Страница 180: ...configuration information on the select UPS System Select UPS Logs and you will be presented with the log table of the load battery charge level temperature and other status information from all the M...

Страница 181: ...ers server and clients The driver programs talk directly to the UPS equipment and run on the same host as the NUT network server upsd Drivers are provided for a wide assortment of equipment from most...

Страница 182: ...is embedded in Opengear console servers These NUT clients and servers all are embedded in each Opengear console server with a Management Console presentation layer added and they also are run remotel...

Страница 183: ...sensor and can optionally be configured to have up to four general purpose status sensor ports which can be connected smoke or water detector and vibration or open door sensors directly connected Usi...

Страница 184: ...le servers with 01 and 02 pinouts only support attaching a single sensor to each EMD The EMD can be used only with an Opengear console server and cannot be connected to standard RS232 serial ports on...

Страница 185: ...nd which is read as a TTL low or a digital 0 For custom applications a user can sense the state closed or open of non Opengear dry contact sensors through the UI or command line It is also possible to...

Страница 186: ...rnal EMD So go to the Serial Network Environmental page and enable the Internal EMD Then configure the attached sensors as alarms as covered in the next section 8 3 3 Adding EMDs and configuring the s...

Страница 187: ...ide Labels for each of the alarm sensors you will used e g Door Open or Smoke Alarm Check Log Status and specify the Log Rate minutes between samples if you wish the status from this EMD to be logged...

Страница 188: ...nmental status You can monitor the current status of all any configured external EMDs and their sensors and any internal or directly attached sensors Select the Status Environmental Status menu and a...

Страница 189: ...n be configured with a default direction and state Select the System I O Ports menu 8 4 1 Digital I O Output Configuration Each of the two digital I O ports DIO1 and DIO2 can be configured as an Input...

Страница 190: ...l page and edit and enable the Internal EMD Also the low voltage circuits in DIO1 and DIO2 should not be wired to voltages greater than 5V DC Alternately these input ports can be monitored using the i...

Страница 191: ......

Страница 192: ...tion method for the console server is Local Any authentication method that is configured will be used for authentication of any user who attempts to log in through Telnet SSH or the Web Manager to the...

Страница 193: ...tion and flexible administrative control over the authentication and authorization processes TACACS allows for a single access control server the TACACS daemon to provide authentication authorization...

Страница 194: ...was developed by Livingston Enterprises as an access server authentication and accounting protocol The RADIUS server can support a variety of methods to authenticate a user When it is provided with th...

Страница 195: ...ndard but significantly simpler and more readily adapted to meet custom needs The core LDAP specifications are all defined in RFCs LDAP is a protocol used to access information stored in an LDAP serve...

Страница 196: ...ns set on the remote TACACS server Users automatically added by RADIUS will have authorization for all resources whereas those added locally will still need their authorizations specified LDAP has not...

Страница 197: ...dded to the end of any existing content in the attribute in the following format group_name testgroup1 users The above example sets the remote user as a member of testgroup1 and users if groups with t...

Страница 198: ...ng which makes setting up remote groups easier The console server will retrieve a list of all the remote groups that the user is a direct member of and compare their names with local groups on the con...

Страница 199: ...tive Directory servers If required enter the group information for LDAP Console Server Group DN and or LDAP Administration Group DN A user must be a member of the LDAP Console Server Group DN group in...

Страница 200: ...etting is 20 minutes CLI Management Session Timeout specifies the ssh console session idle timeout in minutes The default setting is to never expire Console Server Session Timeout specifies the pmshel...

Страница 201: ...ating users Nowadays a number of new ways of authenticating users have become popular The challenge is that each time a new authentication scheme is developed it requires all the necessary programs lo...

Страница 202: ...Appliance and a port or networked host the user may access See the example configuration files below for example TACACS Example user tim service raccess priv lvl 11 port1 cm4001 port02 port2 192 168...

Страница 203: ...do this the console server must be enabled to generate a new cryptographic key and the associated Certificate Signing Request CSR that needs to be certified by a Certification Authority CA A certific...

Страница 204: ...th of this password is 4 characters Confirm Challenge Password Confirmation of the Challenge Password Key length This is the length of the generated key in bits 1024 Bits are supposed to be sufficient...

Страница 205: ......

Страница 206: ...Console servers and their attached network and serial hosts from a central location Note If you have an existing Nagios deployment you may wish to use the console server gateways in a distributed moni...

Страница 207: ...Typically a client PC laptop etc running Windows Linux or Mac OS X Runs SDT Connector client software 1 5 0 or later Possibly remote to the central Nagios server or distributed console servers i e a r...

Страница 208: ...the software from scratch The Nagios website http www nagios org has several Quick Start Guides that walk through this process Once you are able to browse to your Nagios server and see its web UI and...

Страница 209: ...g 192 168 1 10 and enter a Description e g Windows 2003 IIS Server Remove all Permitted Services This server will be accessible using Terminal Services so check TCP Port 3389 and log level 1 and click...

Страница 210: ...imary function of the wizard is to connect to each distributed Opengear console server and import configuration into the central Nagios server This effectively adds the hosts and service checks you se...

Страница 211: ...the clients The final step is to set up SDT Connector on each of the client PCs The client PCs use a web browser to view the Nagios web UI running on the central Nagios server This web UI links to SDT...

Страница 212: ...rial console port and the service check beginning with check_serial and click the link to Connect via SDT Note that these actions will also trigger the alert_login alerts that you added 10 3 Configuri...

Страница 213: ...or DNS name that the upstream Nagios server will use to reach the console server if unspecified this will default to the first network port s IP Network 1 as entered in System IP In Nagios Server Add...

Страница 214: ...nd check NRPE Enabled Enter the details the user connection to the upstream Nagios monitoring server and again refer the sample Nagios configuration example below for details of configuring specific N...

Страница 215: ...erver to be monitored must be configured for Nagios checks Refer Chapter 4 4 Network Host Configuration for details on enabling Nagios monitoring for Hosts that are network connected to the console se...

Страница 216: ...mitted TCP UDP to monitor a service that you have previously added as a Permitted Service Select Check TCP UDP to specify a service port that you wish to monitor but do not wish to allow external SDT...

Страница 217: ...ce over the period of the check interval If NRPE is enabled then the upstream server will be able to request status updates under its own scheduling 10 4 Advanced Distributed Monitoring Configuration...

Страница 218: ...atus host_name server use generic service check_command check_serial_status define service service_description serial signals server host_name server use generic service check_command check_serial_sta...

Страница 219: ...t_ping_ HOSTNAME define service service_description Host Ping host_name server use generic service check_command check_ping_via_opengear define service service_description host ping server host_name s...

Страница 220: ...r service This status is then communicated to the upstream Nagios server which uses the results to monitor the current status of the distributed network Each console server is preconfigured with a sel...

Страница 221: ...lug ins package can be downloaded from ftp opengear com There also are bash scripts which can be downloaded and run primarily check_log sh To configure additional checks the downloaded plug in program...

Страница 222: ...de and how often they are performed Access method will also play a part The table below shows the performance of three of the console server models 1 2 port 8 port and 16 48 port tabulating Time No en...

Страница 223: ...SCA checks are also batched So in the previous example the two checks per minute will be sent through in a single transaction 10 4 5 Distributed Monitoring Usage Scenarios Below are a number of distri...

Страница 224: ...be to upload check results through NSCA Another may be to provide an SSH tunnel to allow the Nagios server to run NRPE commands Remote site with no network access In this scenario the console server a...

Страница 225: ......

Страница 226: ...t reset is affected by Selecting Reboot in the System Administration menu and clicking Apply The console server reboots with all settings e g the assigned network IP address preserved However this sof...

Страница 227: ...p opengear com firmware For ACM5000 family download acm500x flash For CM4116 4148 download cm41xx flash For CM4008 download cm4008 flash For CM4001 download cm4001 flash For IM4216 34 and IM4208 16 32...

Страница 228: ...alidity period of the certificate Select the System Date Time menu option Manually set the Year Month Day Hour and Minute using the Date and Time selection boxes then click Set Time The gateway can sy...

Страница 229: ...adding new Users or Managed Devices or before performing a firmware upgrade Select the System Configuration Backup menu option or click the icon Note The configuration files can also be backed up from...

Страница 230: ...ation backup files you have stored onto the USB flash To restore a backup from the USB simply select Restore on the particular backup you wish to restore and click Apply After saving a local configura...

Страница 231: ...ic device For example changes to authentication methods or user accounts may be grouped and run once to minimize system downtime To enable Check the Delayed Config Commits button under System Administ...

Страница 232: ...ger be displayed in the top right hand corner of the screen and configurations will no longer be queued 11 6 FIPS Mode The ACM5500 ACM5000 IM4004 5 and IM4200 family of advanced console server familie...

Страница 233: ...l Select the System Administration menu option Check FIPS Mode to enable FIPS mode on boot and check Reboot to safely reboot the console server Click Apply and the console server will now reboot It wi...

Страница 234: ...8 2 RPC Status Chapter 8 1 Environmental Status Chapter 8 3 12 1 Port Access and Active Users The Administrator can see which Users have access privileges with which serial ports Select the Status Po...

Страница 235: ...to Also when you have successfully connected the SSID of this access point will then be shown in the Wireless ESSID filed of ra0 shows below as which is not connected 12 3 Support Reports The Support...

Страница 236: ...s and Syslog Server Port details and click Apply The console maintains a local Syslog To view the local Syslog file Select Status Syslog To make it easier to find information in the local Syslog file...

Страница 237: ...then you will see the dashboard for John on log in and each time you click on the Status Dashboard menu item If there is no dashboard layout configured for John but there is an admin group dashboard c...

Страница 238: ...t are also deleted To configure what is to be displayed by each widget Go to the Configure widgets panel and configure each selected widget e g specify which UPS status is to be displayed on the ups w...

Страница 239: ...e specific widget The best way to format the output would be to send HTML commands back to the browser by adding echo commands in the script echo table You can of course run any command and its output...

Страница 240: ...all configured Managed Devices whereas the User will only see the Managed Devices they or their Group has been given access privileges for Select Serial Network or Power for a view of the specific co...

Страница 241: ...vice using HTTP is unencrypted and not secure The Web Terminal connects to the command line or serial device using the same protocol that is being used to browse to the Opengear Management Console i e...

Страница 242: ...ich could be downloaded into your browser to connect to the console server and attached serial port devices However jcterm had some JRE compatibility issues and is no longer supported 13 3 2 SDT Conne...

Страница 243: ...ole server must be added as a gateway as detailed in Chapter 6 13 4 Power Management Administrators and Users can access and manage the connected power devices Select Manage Power This enables the use...

Страница 244: ...d stty powerman nut etc However without care these configurations may not withstand a power cycle reset or reconfigure So Opengear provides a number of custom command line utilities and scripts to mak...

Страница 245: ...xt for the config command type config h The config application resides in the bin directory The environmental variable called PATH contains a route to the bin directory This allows a user to simply ty...

Страница 246: ...to turn the config xml file into live config they will simply ignore this fruit node Administrators must make sure of the spelling when typing config commands Incorrect spelling for a node will not be...

Страница 247: ...manager mode config s config ports port5 mode portmanager To set the following optional config elements for this mode Data accumulation period 100 ms Escape character default is log level 2 default is...

Страница 248: ...a network connection to a remote serial port via RFC 2217 on port 5 config s config ports port5 mode bridge Optional configurations for the network address of RFC 2217 server of 192 168 3 3 and TCP p...

Страница 249: ...t To add this user to specific groups admin users config s config users user2 groups group1 groupname config s config users user2 groups group2 groupname2 etc To give this user access to a specific po...

Страница 250: ...have an RPC device connected to port 1 on the console manager and the RPC is configured To give this group access to RPC outlet number 3 on the RPC device run the two commands below config s config p...

Страница 251: ...s config auth radius acct_server comma separated list list of remote accounting servers If unset Authentication and Authorization Server Address will be used config s config auth radius password passw...

Страница 252: ...192 168 3 10 Host name OfficePC Description MyPC Allowed sevices ssh port 22 https port 443 log level for services 1 Issue the commands below If the Host is not a PDU or UPS power device or a server...

Страница 253: ...nfig s config portaccess rule2 address 192 168 5 0 config s config portaccess rule2 description foo bar config s config portaccess rule2 netmask 255 255 255 0 config s config portaccess rule2 port5 on...

Страница 254: ...s monitor1 username User2 config s config ups monitors monitor1 password secret config s config ups monitors monitor1 sdorder 2 config s config ups monitors monitor1 driver genericups config s config...

Страница 255: ...igured to run in device mode and that the device is set to rpc To add an RPC with the following values RPC type APC 7900 Connected via Port 2 UPS name MyRPC Description RPC in room 5 Login name for de...

Страница 256: ...onfig s config ports port3 enviro alarms alarm2 label window alarm config s config ports port3 enviro alarms total 2 config s config ports port3 enviro log enabled on config s config ports port3 envir...

Страница 257: ...s config eventlog server logpriority priority priority can be Info Alert Critical Debug Emergency Error Notice Warning Assume the remote log server needs a username name1 and password secret config s...

Страница 258: ...g s config alerts alert2 signal DSR config s config alerts alert2 type login Signal Alert To trigger an alert when a signal changes state on port 1 config s config alerts alert2 port1 on config s conf...

Страница 259: ...ert2 signal DSR config s config alerts alert2 type enviro Example2 To configure a load sensor alert for outlets 2 and 4 for an RPC called RPCInRoom20 config s config alerts alert2 outlet1 RPCname outl...

Страница 260: ...rd secret config s config system smtp subject SMTP alerts To set up an SMTP SMS server with the same details as above config s config system smtp server2 mail opengear com config s config system smtp...

Страница 261: ...ig s config interfaces wan address 192 168 0 23 config s config interfaces wan netmask 255 255 255 0 config s config interfaces wan gateway 192 168 0 1 config s config interfaces wan dns1 192 168 0 1...

Страница 262: ...ware clock time as the system time bin hwclock hctosys To change the timezone config s config system timezone US Eastern The following command will synchronize the live system with the new configurati...

Страница 263: ...me 300000 seconds DNS server1 192 168 2 3 DNS server2 192 168 2 4 Domain name company com Default gateway 192 168 0 1 IP pool 1 start address 192 168 0 20 IP pool 1 end address 192 168 0 100 Reserved...

Страница 264: ...s rfc2217 portbase port base number Default 5000 config s config services unauthtel portbase port base numberDefault 6000 The following command will synchronize the live system with the new configurat...

Страница 265: ...ERPENT GOST NSCA password secret NSCA check in interval 5 minutes NSCA port 5650 defaults to 5667 user to run as User1 defaults to nsca group to run as Group1 defaults to nobody config s config system...

Страница 266: ...atus information using SNMP and modifying SNMP with net snmpd public key authenticated SSH communications SSL configuring HTTPS and issuing certificates using pmpower for NUT and PowerMan power device...

Страница 267: ...anager pattern alert exists If either of these files exists the script calls the exec command on the first file that it finds and runs that custom file script instead As an example you can copy the et...

Страница 268: ...add the following lines below the existing lines export TOADDR emailaddress domain com bin sh etc scripts alert email suffix These two lines assign a new email address to TOADDR and invoke the alert...

Страница 269: ...eting e g 3 NEWTOTAL is the modified total i e TOTAL 1 CHECKTOTAL checks if TOTAL is the actual total items in xml LASTFIELD 1 ROOTNODE 1 NUMBER echo LASTFIELD sed s a zA Z g TOTALNODE echo 1 sed s 1...

Страница 270: ...e s LASTFIELDTEXT NUMBER COUNTER LASTFIELDTEXT NUMBER COUNTER 1 e s done let COUNTER done deleting last user config d ROOTNODE LASTFIELDTEXT TOTAL Modifying item total config s TOTALNODE NEWTOTAL ech...

Страница 271: ...ands pmpower and date will run The output from these commands is sent to the file tmp output log so that we have some kind of record The ping detect is also run in the background using the Remember th...

Страница 272: ...d any commands to the custom script and they will be invoked after the configurator runs The custom scripts must be in the correct location etc config scripts config post To create an alerts custom sc...

Страница 273: ...tmp is not a good location for the backup except as a temporary location before transferring it off box The tmp directory will not survive a reboot The etc config directory is not a good place either...

Страница 274: ...t pmshell Typing the character sequence will exit from pmshell Set RTS to 1 run the command pmshell rts 1 Show all signals pmshell signals DSR 1 DTR 1 CTS 1 RTS 1 DCD 0 Read a line of text from the se...

Страница 275: ...connected to the serial port If the script cannot be executed then portmanager will execute etc config scripts portXX chat via the chat command on the serial port When an alert occurs on a port When...

Страница 276: ...port Otherwise any setup you do with stty will get lost when the portmanager opens the port the reason that portmanager sets things back to its config rather than using whatever is on the port is so...

Страница 277: ...to build a specialized firewall This firewall script will be run whenever the LAN interface is brought up including initially and will override any automated system firewall settings Below is a simple...

Страница 278: ...cludes Serial port status Active users Remote Power Control RPC and Power Distribution Unit PDU status Environmental Monitoring Device EMD status Signal alert status Environmental alert status and UPS...

Страница 279: ...3 is susceptible to man in the middle attacks Recent IETF developments suggests tunnelling SNMP over widely accepted technologies such as SSH Secure Shell or TLS Transport Layer Security rather than r...

Страница 280: ...e Community field is used to specify the SNMPv1 or SNMPv2c community that will be allowed read write GET GETNEXT and SET access Configure SNMP v3 if required SNMP v3 provides secure SNMP operations th...

Страница 281: ...opy the mibs from etc snmp mibs on the Opengear product to a local directory using scp or Winscp For example scp root im4004 etc snmp mibs Using the snmpwalk and snmpget commands the status informatio...

Страница 282: ...th snmpwalk Oa v3 l noAuthNoPriv u readonlyusername M usr share snmp mibs im4004 OG STATUS MIB ogStatus auth snmpwalk Oa v3 l authNoPriv u readonlyusername a SHA A authpassword M usr share snmp mibs i...

Страница 283: ...ity Name or Read Only Username a Authentication Protocol SHA or MD5 A Authentication Password x Privacy Protocol DES or AES X Privacy Password A mib browser may be used to explore the Opengear enterpr...

Страница 284: ...ch as system contact name and location can be achieved by editing etc config snmpd conf file and locating the following lines sysdescr opengear syscontact root root localhost configure etc default snm...

Страница 285: ...field config set config system snmp community3 public To set the SNMP Manager v3 Engine ID field config set config system snmp engineid3 0x8000000001020304 replacing 0x8000000001020304 with the hex En...

Страница 286: ...penSSH is based on the last free version of Tatu Ylonen s sample implementation with all patent encumbered algorithms removed to external libraries all known security bugs fixed new features reintrodu...

Страница 287: ...can be simply uploaded through the web interface on the System Administration page This enables you to upload stored RSA or DSA Public Key pairs to the Master and apply the Authorized key to the slav...

Страница 288: ...the server will only have one client device then the authorized_keys file is simply a copy of the public key for that device If one or more devices will be clients of the server then the authorized_k...

Страница 289: ...generate and configure SSH keys using Windows First create a new user from the Opengear Management the following example uses a user called testuser making sure it is a member of the users group If y...

Страница 290: ...tc config users testuser ssh authorized_keys chown testuser etc config users testuser ssh authorized_keys Using WinSCP copy the attached sshd_config over etc config sshd_config on the server Makes sur...

Страница 291: ...in the middle attack It is also possible that the RSA host key has just been changed The fingerprint for the RSA key sent by the remote host is ab 7e 33 bd 85 50 5a 43 0b e0 bd 43 3f 1c a5 f8 Please...

Страница 292: ...need to balance the security of separate keys against the additional administration they bring Generated keys may be one of two types RSA or DSA and it is beyond the scope of this document to recomme...

Страница 293: ...rver and two sets of keys for the control_room and the plant_entrance ls home user keys control_room control_room pub plant_entrance plant_entrance pub cat home user keys control_room pub home user ke...

Страница 294: ...Hudson The OpenSSL toolkit is licensed under an Apache style licence which basically means that you are free to get and use it for commercial and non commercial purposes subject to some simple license...

Страница 295: ...asiest way to enable the HTTPS server is from the web Management Console Simply click the appropriate checkbox in Network Services HTTPS Server and the HTTPS server will be activated assuming the ssl_...

Страница 296: ...o a powerman daemon on non default host and optionally port V version Display the powerman version number and exit D device Displays RPC status information If targets are specified only RPC s matching...

Страница 297: ...g new RPC devices There are a number of simple paths to adding support for new RPC devices The first is to have scripts to support the particular RPC included in either the open source PowerMan projec...

Страница 298: ...nly it ensures interoperation with the port manager The final options speed charsize stop and parity define the recommended or default settings for the attached device 15 10 IPMItool The console serve...

Страница 299: ...absent or if password_file is empty the password will default to NULL h Get basic usage help from the command line H address Remote server address can be IP address or hostname This option is required...

Страница 300: ...0 the maximum password length is 20 characters longer passwords are truncated COMMANDS help This can be used to get command line help on ipmitool commands It may also be placed at the end of commands...

Страница 301: ...the Master is in control of the serial ports on the Slaves and the Master s Management Console provides a consolidated view of the settings for its own and all the Slave s serial ports However the Ma...

Страница 302: ...m can run other external programs or scripts after events like reception of a new message successful sending and also when the program detects a problem These programs can inspect the related text fil...

Страница 303: ......

Страница 304: ...he console server and monitor and manage attached serial console and host devices addgroup Add a group or add an user to a group adduser Add an user agetty alternative Linux getty arp Manipulate the s...

Страница 305: ...diagnostic command loopback1 Opengear loopback diagnostic command loopback2 Opengear loopback diagnostic command loopback8 Opengear loopback diagnostic command loopback16 Opengear loopback diagnostic...

Страница 306: ...d reports serial port configuration sh Shell showmac Shows MAC address sleep Delay for a specified amount of time smbmnt Helper utility for mounting SMB file systems smbmount Mount an SMBFS file syste...

Страница 307: ...line With config a new configuration can be activated by running the relevant configurator which performs the action necessary to make the configuration changes live portmanager which provides a buffe...

Страница 308: ...etary to Opengear however the code will be provided to customers under NDA Also inbuilt in the console server is a Port Manager application and Configuration tools as described in Chapters 14 and 15 T...

Страница 309: ...rg hash r p pathname name help s pattern history c d offset n or hi if COMMANDS then COMMANDS elif jobs lnprs jobspec or job kill s sigspec n signum si let arg arg unset f v name until COMMANDS do COM...

Страница 310: ...Power Consumption All less than 30W CPU ACM5002 3 4 M W G 2 Micrel KSZ8692 ARM9 Others Micrel KS8695P controller Memory ACM5002 3 4 M W G 2 32MB SDRAM 16MB Flash ACM5504 8 2 5 M G I 64MB SDRAM 16MB Fl...

Страница 311: ...B9 port 2400 to 115 200 bps Ethernet Connectors ACM5002 3 4 M W G One RJ 45 10 100Base T Ethernet ports ACM5004 2 ACM5504 2 and ACM5508 2 Two RJ 45 10 100Base T Ethernet ports IM4208 16 32 48 2 Two RJ...

Страница 312: ...ersonnel To avoid electric shock the power cord protective grounding conductor must be connected through to ground Always pull on the plug not the cable when disconnecting the power cord from the sock...

Страница 313: ......

Страница 314: ...d on the rear panel of the IM4004 5 and CM4008 on the front face of the ACM5000 and ACM5500 and on the front panel of the rack mount CM41xx and IM42xx The ACM5000 and ACM5500 models and the IM4216 34...

Страница 315: ...DEFINITION DIRECTION 1 RTS Request To Send Output 2 DTR Data Terminal Ready Output 3 TXD Transmit Data Output 4 GND Signal Ground NA 5 CTS Clear To Send Input 6 RXD Receive Data Input 7 DCD Data Carri...

Страница 316: ...eived Line Signal Detector 9 Reserved for data set testing 10 Reserved for data set testing 11 Unassigned 12 SCF Secondary Rcvd Line Signal Detector 13 SCB Secondary Clear to Send 14 SBA Secondary Tra...

Страница 317: ...d ship with cross over straight RJ45 DB9 connectors Part 319014 DB9F RJ45S straight connector Part 319015 DB9F RJ45S cross over connector The CM4008 4116 4148 IM4208 16 48 Classic and IM4004 5 all hav...

Страница 318: ...UTP Cat 5 cable For console servers with Opengear classic pinouts 319000 DB9F to RJ45 straight Console server with Opengear classic pinout to IP Power and other serial device 319001 DB9F to RJ45 cros...

Страница 319: ...h 1023 Registered Ports are those from 1024 through 49151 Dynamic and or Private Ports are those from 49152 through 65535 Well Known Ports are assigned by IANA and on most systems can only be used by...

Страница 320: ...upports by default two RS232 ports on Port 1 and Port 2 DB9 connectors Port 2 on the SD40X2 Can also be software selected to be an RS485 or RS422 port connected through the screw terminal block shown...

Страница 321: ...e SD4001 is configured in RS232 mode with a vertical jumper in place on the left hand SEL pins To set the port in RS422 or RS485 mode you must remove the SEL jumper and then configure the Signaling Pr...

Страница 322: ...uses a full duplex transmit on TX Transmit Data TX Transmit Data pair receive on RX Receive Data RX Receive Data pair RS 485 uses half duplex over single pair For RS 485 which is a 2 wire bus that dri...

Страница 323: ......

Страница 324: ...s verified that the entity is who it says it is Certificate Authority A Certificate Authority is a trusted third party which certifies public key s to truly belong to their claimed owners It is a key...

Страница 325: ...o it rather than somebody else in the local area It is a 48 bit number usually written as a series of 6 hexadecimal octets e g 00 d0 cf 00 5b da A console server has a MAC address listed on a label un...

Страница 326: ...racter stream from the baseboard universal asynchronous receiver transmitter UART to and from the remote client system over a LAN With SOL support and BIOS redirection to serial remote managers can vi...

Страница 327: ...a public telecommunication infrastructure and Internet to provide remote offices or individual users with secure access to their organization s network WAN Wide Area Network WINS Windows Internet Nami...

Страница 328: ...is protected by copyright laws international copyright treaties and other intellectual property laws and treaties Opengear and its suppliers retain all ownership of and intellectual property rights i...

Страница 329: ...Y FOR COSTS LOSS DAMAGES OR LOST OPPORTUNITY OF ANY TYPE WHATSOEVER INCLUDING BUT NOT LIMITED TO LOST OR ANTICIPATED PROFITS LOSS OF USE LOSS OF DATA OR ANY INCIDENTAL EXEMPLARY SPECIAL OR CONSEQUENTI...

Страница 330: ...terms of Section 1 above provided that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any chan...

Страница 331: ...tomatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients e...

Страница 332: ...NCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDE...

Страница 333: ...SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEO...

Страница 334: ...pair damage to the product if the serial number or seal or any part thereof has been altered defaced or removed If Opengear does not find the product to be defective the Purchaser will be invoiced for...

Страница 335: ...ction 2 715 of the Uniform Commercial Code Opengear waives the benefit of any rule that disclaimer of warranty shall be construed against Opengear and agrees that such disclaimers herein shall be cons...

Отзывы:

Нет отзывов

Похожие инструкции для ACM5000

ABB AWIN GW120 Quick Setup Manual preview
AWIN GW120
Бренд: ABB Страницы: 2
Panasonic KX-TDA0490 Programming Manual preview
KX-TDA0490
Бренд: Panasonic Страницы: 72
2N EasyGate IP Quick Manual preview
EasyGate IP
Бренд: 2N Страницы: 2
2N EasyGate Quick Start preview
EasyGate
Бренд: 2N Страницы: 2
2N stargate Quick Manual preview
stargate
Бренд: 2N Страницы: 4
RAKwireless RAK7249 Configuration Manual preview
RAK7249
Бренд: RAKwireless Страницы: 47
RAKwireless RAK7249 Quick Start Manual preview
RAK7249
Бренд: RAKwireless Страницы: 6
Advantech EDG-4508+ User Manual preview
EDG-4508+
Бренд: Advantech Страницы: 82
Comtrend Corporation CT-820C User Manual preview
CT-820C
Бренд: Comtrend Corporation Страницы: 84
AVM HP 3000 Administrator User Manual preview
HP 3000
Бренд: AVM Страницы: 12
Sony PWS-110MG1 Operation Manual preview
PWS-110MG1
Бренд: Sony Страницы: 70
Sony PWS-100MG1 Operation Manual preview
PWS-100MG1
Бренд: Sony Страницы: 76
Planet VIP-450 Reference Manual preview
VIP-450
Бренд: Planet Страницы: 8
Planet IMG-110T Quick Installation Manual preview
IMG-110T
Бренд: Planet Страницы: 16
Planet HAC-1000 Quick Installation Manual preview
HAC-1000
Бренд: Planet Страницы: 16
Planet WSG-401 User Manual preview
WSG-401
Бренд: Planet Страницы: 131
Kiloview RMG-300 Quick Start Manual preview
RMG-300
Бренд: Kiloview Страницы: 11
Wildix W02BRI Quick Installation Manual preview
W02BRI
Бренд: Wildix Страницы: 3

Бренды по названию

Популярные бренды

Загрузить еще бренды