Opengear ACM7000 Скачать руководство пользователя страница 1

Страница: 1 / 246

User Manual

ACM7000 Remote Site Gateway
ACM7000-L Resilience Gateway
IM7200 Infrastructure Manager
CM7100 Console Servers

Version 4.6

2019-09-11

Содержание ACM7000

Страница 1: ...User Manual ACM7000 Remote Site Gateway ACM7000 L Resilience Gateway IM7200 Infrastructure Manager CM7100 Console Servers Version 4 6 2019 09 11...

Страница 2: ...nts FCC Warning Statement This device complies with Part 15 of the FCC rules Operation of this device is subject to the following conditions 1 This device may not cause harmful interference and 2 this...

Страница 3: ...ed or implied including but not limited to the implied warranties of fitness or merchantability for a particular purpose Opengear may make improvements and or changes in this manual or in the product...

Страница 4: ...73 3 15 ENROLLMENT INTO LIGHTHOUSE 75 4 FIREWALL FAILOVER OOB ACCESS 76 4 1 DIALUP MODEM CONNECTION 76 4 2 OOB DIAL IN ACCESS 76 4 3 DIAL OUT ACCESS 79 4 4 OOB BROADBAND ETHERNET ACCESS 83 4 5 BROADBA...

Страница 5: ...OVERVIEW 193 9 2 CONFIGURING NAGIOS DISTRIBUTED MONITORING 194 9 3 ADVANCED DISTRIBUTED MONITORING CONFIGURATION 199 10 SYSTEM MANAGEMENT 207 10 1 SYSTEM ADMINISTRATION AND RESET 207 10 2 UPGRADE FIR...

Страница 6: ...d devices Users when authorized can access and control serial or network connected devices using specified services e g Telnet HHTPS RDP IPMI Serial over LAN Power Control Remote users are users who a...

Страница 7: ...p to date information on what s included with your console server visit the What s included section for your particular product Quick Start Guide This guide that shipped with your console server takes...

Страница 8: ...up steps make sure that There are no other devices on the LAN with an address of 192 168 0 1 The console server and the computer are on the same LAN segment with no interposed router appliances 2 1 1...

Страница 9: ...as a cellular modem you will be given the steps to configure the cellular router features Configure the cellular modem connection System Dial page See Chapter 4 Allow forwarding to the cellular destin...

Страница 10: ...d in the Password and Confirm fields NOTE Checking Save Password across firmware erases saves the password so it does not get erased when the firmware is reset If this password is lost the device will...

Страница 11: ...e used to display a message of the day text to users It appears on the upper left of the screen below the Opengear logo 4 Click Apply 2 3 Network Configuration Enter an IP address for the principal Et...

Страница 12: ...dress The console server MAC address can be found on a label on the base plate 5 You may enter a secondary address or comma separated list of addresses in CIDR notation e g 192 168 1 1 24 as an IP Ali...

Страница 13: ...dia Auto config interfaces wan mode static config interfaces wan mtu 1380 config interfaces wan netmask 255 255 255 0 2 3 1 IPv6 configuration NOTE IPv6 passthrough is not supported with this release...

Страница 14: ...console server 1 Click System IP and scroll down the Dynamic DNS section Select your DDNS service provider from the drop down Dynamic DNS list You can also set the DDNS information under the Cellular...

Страница 15: ...the console server is accessed remotely over the Internet Alternate HTTP lets you to configure an alternate HTTP port to listen on The HTTP service will continue listening on TCP port 80 for CMS and...

Страница 16: ...config files maintain access and transaction logs etc Files transferred using tftp and ftp will be stored under var mnt storage usb tftpboot or var mnt storage nvlog tftpboot on ACM7000 series devices...

Страница 17: ...e server s network interfaces Depending on the particular console server model the interfaces displayed may include Network interface for the principal Ethernet connection Management LAN OOB Failover...

Страница 18: ...default once protection is enabled 3 or more failed connection attempts within 60 seconds from a specific source IP trigger it to be banned from connecting for a configurable time period Attempt limi...

Страница 19: ...o hosts that are network connected to the console server can be found in Chapter 5 SDT Connector can be installed on Windows PCs Mac OS X and on most Linux UNIX and Solaris systems 2 6 Management Netw...

Страница 20: ...eave the DNS fields blank 3 Click Apply The management gateway function is enabled with default firewall and router rules configured so the Management LAN is only accessible by SSH port forwarding Thi...

Страница 21: ...n seconds This is the amount of time that a dynamically assigned IP address is valid before the client must request it again 7 Click Apply The DHCP server issues IP addresses from specified address po...

Страница 22: ...sing the console server an alternate access path is used To enable failover 1 Select the Network Interface page on the System IP menu 2 Select the Failover Interface to be used in the event of an outa...

Страница 23: ...y retain their unique MAC addresses o With bonding the network traffic is carried between the ports but present with one MAC address Both modes remove all the Management LAN Interface and Out of Band...

Страница 24: ...s Select a country from the Country list or if it isn t there select the World Regulatory Domain Select a unique SSID for the network Broadcast SSID Tick this to broadcast the SSID Network Channel Sel...

Страница 25: ...f that hardware mode is selected WPA Password The password that clients use to connect to the AP 3 Once the Wireless AP Settings have been filled out click Apply Wait for the page to refresh The next...

Страница 26: ...he appropriate SSID Set Service Identifier of the wireless access point to connect to o Select the Wireless Network Type where Infrastructure is used to connect to an access point and Ad hoc to connec...

Страница 27: ...uter that will routes packets to the destination network This may be left blank 7 Select the Interface to use to reach the destination may be left as None 8 Enter a value in the Metric field that repr...

Страница 28: ...hapter 8 Network Hosts configuring access to local network connected computers or appliances hosts Configuring Trusted Networks nominate IP addresses that trusted users access from Cascading and Redir...

Страница 29: ...mode Click Edit next to the port to be reconfigured Or click Edit Multiple Ports and select which ports you wish to configure as a group 3 When you have reconfigured the common settings and the mode f...

Страница 30: ...lled Set the DTR mode This allows you to choose if DTR is always asserted or only asserted when there is an active user session Before proceeding with further serial port configuration you should conn...

Страница 31: ...on the console server SDT Connector can be installed on Windows PCs and most Linux platforms and it enables secure Telnet connections to be selected with point and click To use SDT Connector to acces...

Страница 32: ...RAW TCP also enables the serial port to be tunneled to a remote console server so two serial port devices can transparently interconnect over a network see Chapter 3 1 6 Serial Bridging RFC2217 Selec...

Страница 33: ...to the serial port using a specific IP address specified in CIDR format Each serial port can be assigned one or more IP aliases configured on a per network interface basis A serial port can for examp...

Страница 34: ...ted before being sent as a packet over the network Escape Character Change the character used for sending escape characters The default is Replace Backspace Substitute the default backspace value of C...

Страница 35: ...Select the desired Device Type UPS RPC or Environmental 2 Proceed to the appropriate device configuration page Serial Network UPS Connections RPC Connection or Environmental as detailed in Chapter 7 3...

Страница 36: ...fy the IP address of the Server console server and the TCP port address of the remote serial port for RFC2217 bridging this will be 5001 5048 By default the bridging client uses RAW TCP Select RFC2217...

Страница 37: ...1 8 NMEA Streaming The ACM7000 L can provide GPS NMEA data streaming from the internal GPS cellular modem This data stream presents as a serial data stream on port 5 on the ACM models The Common Sett...

Страница 38: ...12 USB If the particular ACM7008 2 is a cellular model port 13 for the GPS will also be listed The 7216 24U has 16 RJ45 serial ports and 24 USB ports on its rear face as well as two front facing USB p...

Страница 39: ...Services They can also access any of the connected Hosts or serial port devices using any of the services that have been enabled for these connections Only trusted users should have administrator acc...

Страница 40: ...ers 3 2 1 Set up new group To set up new groups and new users and to classify users as members of particular groups 1 Select Serial Network Users Groups to display all groups and users 2 Click Add Gro...

Страница 41: ...ublic key authentication for this user when using SSH 8 Check Enable Dial Back in the Dial in Options menu to allow an out going dial back connection to be triggered by logging into this port Enter th...

Страница 42: ...sers and groups be kept under 250 The administrator can also edit the access settings for any existing users Select Serial Network Users Groups and click Edit to modify the user access privileges Clic...

Страница 43: ...vice or a server with IPMI power control specify RPC for IPMI and PDU or UPS and the Device Type The administrator can configure these devices and enable which users have permission to remotely cycle...

Страница 44: ...tering a Network Mask for that permitted IP range e g To permit all the users located with a particular Class C network connection to the nominated port add the following Trusted Network New Rule Netw...

Страница 45: ...s clustering connects each Slave to the Master with an SSH connection This is done using public key authentication so the Master can access each Slave using the SSH key pair rather than using passwor...

Страница 46: ...ether to generate keys using RSA and or DSA if unsure select only RSA Generating each set of keys require two minutes and the new keys destroy old keys of that type While the new generation is underwa...

Страница 47: ...tem Administration on the Master s Management Console 2 Browse to the location you have stored RSA or DSA Public Key and upload it to SSH RSA DSA Public Key 3 Browse to the stored RSA or DSA Private K...

Страница 48: ...sole server 1 Select Serial Network Cascaded Ports on the Master s Management Console 2 To add clustering support select Add Slave You can t add Slaves until you have generated SSH keys To define and...

Страница 49: ...rial port such as alter the baud rates These changes are overwritten next time the Master sends out a configuration file update While the Master is in control of all Slave serial port related function...

Страница 50: ...ded from the ftp site This PortShare serial port redirector allows you to use a serial device connected to the remote console server as if it were connected to your local serial port The portshare ser...

Страница 51: ...device connections by selecting Manage Devices Administrators can also edit and add delete these managed devices and their connections To edit an existing device and add a new connection 1 Select Edi...

Страница 52: ...o add a UPS RPC power connection or network connection or another serial connection click Add Connection 6 Click Apply NOTE To set up a serially connected RPC UPS or EMD device configure the serial po...

Страница 53: ...urely connected to the serially controlled devices at the remote sites The road warrior administrator can use a VPN IPsec software client to remotely access the console server and every machine on the...

Страница 54: ...nsole server the Left Public Key Locate the key to be used on the remote gateway cut and paste it into the Right Public Key o If you select Shared secret enter a Pre shared secret PSK The PSK must mat...

Страница 55: ...e server end This can only be initiated from the VPN gateway Left if the remote end is configured with a static or dyndns IP address 12 Click Apply to save changes NOTE Configuration details set up on...

Страница 56: ...the server and client certificates This Root CA Certificate is a crt file type For a server you may also need dh1024 pem Diffie Hellman parameters See http openvpn net easyrsa html for a guide to basi...

Страница 57: ...Client has been selected the Primary Server Address is the address of the OpenVPN Server o If Server has been selected enter the IP Pool Network address and the IP Pool Network mask for the IP Pool Th...

Страница 58: ...tion certificates and files select the Manage OpenVPN Files tab Upload or browse to relevant authentication certificates and files 4 Apply to save changes Saved files are displayed in red on the right...

Страница 59: ...button 7 Apply to save changes NOTE Make sure that the console server system time is correct when working with OpenVPN to avoid authentication issues 8 Select Statistics on the Status menu to verify...

Страница 60: ...GUI for Windows software which includes the standard OpenVPN package plus a Windows GUI can be downloaded from http openvpn net Once installed on the Windows machine an OpenVPN icon is added to the N...

Страница 61: ...client server configuration file options are Options Description description This is a comment describing the configuration Comment lines start with and are ignored by OpenVPN Client server Specify wh...

Страница 62: ...d location of the client s or server s key Each client should have its own certificate and key files Note Ensure each in the directory path is replaced with dh file name This is used by the server onl...

Страница 63: ...n traffic being sent across the tunnel PPTP establishes a tunnel between the physical PPP endpoints and securely transports data across the tunnel The strength of PPTP is its ease of configuration and...

Страница 64: ...1 Enable the PPTP VPN server 1 Select PPTP VPN on the Serial Networks menu 2 Select the Enable check box to enable the PPTP Server 3 Select the Minimum Authentication Required Access is denied to remo...

Страница 65: ...Opengear appliance 7 Enter the desired value of the Maximum Transmission Unit MTU for the PPTP interfaces into the MTU field defaults to 1400 8 In the DNS Server field enter the IP address of the DNS...

Страница 66: ...n is for the VPN tunnel to the Opengear appliance NOTE This procedure sets up a PPTP client in the Windows 7 Professional operating system The steps may vary slightly depending on your network access...

Страница 67: ...local network you need to know the username and password for the PPTP account you added as well as the Internet IP address of the Opengear appliance If your ISP has not allocated you a static IP addr...

Страница 68: ...accessing the Managed Console Servers and the managed devices connected to the Managed Console Server To manage Local Console Servers or console servers that are reachable from the CMS the SSH connect...

Страница 69: ...ole servers that are connected via Call Home For more details see the Lighthouse CMS User Manual 1 Enter a new Call Home Password on the CMS This password is used for accepting Call Home connections f...

Страница 70: ...nter the Remote Root Password i e System Password that has been set on this Managed Console server This password is used by the CMS to propagate auto generated SSH keys and is not stored Click Apply T...

Страница 71: ...have two or more WAN interfaces NOTE Failover in IP Passthrough context is performed by the downstream router and the built in out of band failover logic on the Opengear is not available while in IP P...

Страница 72: ...passed through to the downstream router For the required service of HTTP HTTPS or SSH check Enable Optionally modify the Intercept Port to an alternate port e g 8443 for HTTPS this is useful if you wa...

Страница 73: ...Save Backup A backup configuration file model name_iso format date_config opg is downloaded from the Opengear device to the local system You can save the configuration as an xml file 1 Select System C...

Страница 74: ...e USB flash drive to the Opengear device Generate an X 509 certificate for the Opengear device Concatenate the certificate and its private key into a single file named client pem Copy client pem onto...

Страница 75: ...e Wed Dec 13 22 22 27 UTC 2017 5127 notice odhcp6c eth0 NTP skipped no server Wed Dec 13 22 22 27 UTC 2017 5127 info odhcp6c eth0 vendorspec 1 http fd07 2218 1350 44 1 tftpboot config sh Wed Dec 13 22...

Страница 76: ...Dialup Modem Connection To enable dial in or dial out you must first ensure there is a modem attached to the console server Models with an internal modem allow OOB dial in access These models display...

Страница 77: ...dress It must be in the same network range as the Local IP Address e g 200 100 1 12 and 200 100 1 67 5 In the Local Address field enter the IP address for the Dial In PPP Server This is the IP address...

Страница 78: ...t type of authentication to use this is the recommended option Weakly Encrypted Authentication CHAP This is the weakest type of encrypted password authentication to use It is not recommended that clie...

Страница 79: ...ct Set up my connection manually and click Next 4 On the Internet Connection screen select Connect using a dial up modem and click Next 5 Enter a Connection Name any name you choose and the dial up Ph...

Страница 80: ...such as modems Override DNS allows the use of alternate DNS servers from those provided by your ISP For example an alternative DNS may be required for OpenDNS used for content filtering To enable Over...

Страница 81: ...l Console or Internal Modem Port 4 Select the Baud Rate and Flow Control that will communicate with the modem 5 Check the Enable Dial Out Access box and enter the access details for the remote PPP ser...

Страница 82: ...ses while in original and failover states The original state is automatically set as a priority and reestablished following three successful pings of the probe addresses during failover The failover s...

Страница 83: ...ink Ensure when configuring the principal Network Interface connection the Failover Interface is set to None 4 5 Broadband Ethernet Failover The second Ethernet port can also be configured for failove...

Страница 84: ...r continually pings probe addresses whilst in original and failover states The original state is set as a priority and reestablished following three successful pings of the probe addresses during fail...

Страница 85: ...the other fields blank 3 Enter the carrier s APN e g for AT T USA enter i2gold for T Mobile USA enter epc tmobile com for InterNode Aust enter internode and for Telstra Aust enter telstra internet 4 I...

Страница 86: ...rier 4 6 2 Connecting to a CDMA EV DO carrier network GV and GS models have an internal CDMA modem Both connect to the Verizon network in North America After creating an account with the CDMA carrier...

Страница 87: ...rrors are displayed and you no longer see the CDMA Modem Activation form If OTASP is unsuccessful you can consult the System Logs for clues to what went wrong at Status Syslog 4 When OTASP has complet...

Страница 88: ...n Status Statistics 4 Navigate to the Internal Cellular Modem tab on System Dial To connect to your carrier s 3G network enter the appropriate phone number usually 777 and a Username and Password if d...

Страница 89: ...Servers box Enter the IP of the DNS servers into the spaces provided 7 Check Apply A radio connection is established with your cellular carrier 4 6 4 Verifying the cellular connection Out of band acc...

Страница 90: ...You can also see the connection status from the LEDs on top of unit 4 6 5 Cellular modem watchdog Select Enable Dial Out on the System Dial menu under Internal Cellular Modem to configure a cellular...

Страница 91: ...for the timeout period The timeout period is either the default value of 600 seconds or the number of seconds you have specified in the Failback Timeout field 4 Configure each SIM connection with as m...

Страница 92: ...lti carrier capable models ship with cellular modem firmware for each supported carrier pre loaded onto internal non volatile or USB storage Periodically new cellular modem firmware becomes available...

Страница 93: ...completed the System Firmware page displays the status of the firmware update 7 To automate this operation enable the Automatic Cellular Modem Firmware Check and Upgrade option This allows the user to...

Страница 94: ...work This mode is used for out of band access to remote sites This OOB mode is the default for IM7200 appliances with internal cellular modems Out of Band access is enabled by default and the cellular...

Страница 95: ...r state If the primary and secondary probe addresses are not available it brings up the cellular connection and connects back to the cellular carrier 1 Navigate back to the Network Interface on the Sy...

Страница 96: ...squerading as detailed in Chapter 4 8 4 7 4 Cellular CSD dial in setup Once you have configured carrier connection the cellular modem can be configured to receive Circuit Switched Data CSD calls a leg...

Страница 97: ...external interface of the console server and be redirected to a specified internal address for a device on the internal network With Firewall Rules packet filtering inspects each packet passing throu...

Страница 98: ...behind the console server IP Masquerading performs Source Network Address Translation SNAT on outgoing packets to make them appear like they ve come from the console server rather than devices on the...

Страница 99: ...e DNS server address to be the same as used on the external network i e if the console server is acting as an internet gateway or a cellular router Use the ISP provided DNS server address DHCP Configu...

Страница 100: ...ernet gateway or a cellular router Use the ISP provided DNS server address 7 Enter the Default Lease time and Maximum Lease time in seconds The lease time is the time that a dynamically assigned IP ad...

Страница 101: ...the external interface of the console server cellular router and have the console server cellular router redirect the data to a specified internal address and port range To setup a port protocol forw...

Страница 102: ...ce on the input port range are sent Output Port Range The port or range of ports that the packets will be redirected to on the Output Address Ranges use the format start finish Only valid for TCP and...

Страница 103: ...to be matched This may be left blank for any MAC addresses use the format XX XX XX XX XX XX where XX are hex digits Source Address Range Specifies the source IP address or address range to match IP ad...

Страница 104: ...e processed in a set order from top to bottom For example with the following rules all traffic coming in over the Network Interface is blocked except when it comes from two nominated IP addresses SysA...

Страница 105: ...l your users with point and click access to all the systems and devices in the secure network SDT Connector sets up a secure SSH tunnel from the client to the selected console server establishes a por...

Страница 106: ...or can first set up groups with group access permissions users can be classified as members of particular groups 5 2 SDT Connector Client Configuration The SDT Connector client works with all Opengear...

Страница 107: ...nects the console server to the Internet as assigned by the ISP One way to find the public IP address is to access or from a computer on the same network as the console server and note the reported IP...

Страница 108: ...ervices TCP UDP ports are blocked 5 2 2 Auto configure SDT Connector client with the user s access privileges Each user on the console server has an access profile which has been configured with those...

Страница 109: ...ctor client can be configured with unlimited number of Gateways Each Gateway can be configured to port forward to an unlimited number of locally networked Hosts There is no limit on the number of SDT...

Страница 110: ...on Adding a new service and return here 4 Optionally enter a Descriptive Name for the host to display instead of the IP or DNS address and Notes or a Description of this host 5 Click OK 5 2 5 Manually...

Страница 111: ...ists of a single SSH port redirection and a local client to access it It may consist of several redirections some or all of with clients associated with them An example is the Dell RAC service The fir...

Страница 112: ...of the redirection If this is left blank a random port is selected NOTE SDT Connector can also tunnel UDP services SDT Connector tunnels the UDP traffic through the TCP SSH redirection so in effect i...

Страница 113: ...ng the command line format When launching the client SDT Connector substitutes these keywords with the appropriate values path is path to the executable file i e the previous field host is the local a...

Страница 114: ...ration If the client PC is dialing into Local Console port on the console server here is how to set up a dial in PPP link 1 Configure the console server for dial in access following the steps in the C...

Страница 115: ...access the gateway command line console NOTE To enable SDT access to the gateway console you must configure the console server to allow port forwarded network access to itself Browse to the console se...

Страница 116: ...1 Browse to the Console server and select Serial Port from Serial Network 2 Click Edit next to selected Port e g Port 2 if the target device is attached to the second serial port Ensure the port s ser...

Страница 117: ...ction Starting an OOB connection may be achieved by initiating a dial up connection or adding an alternate route to the gateway SDT Connector allows for maximum flexibility is this regard by allowing...

Страница 118: ...a pre configured dial up connection under Linux use the following Stop Command poff network_connection To make the OOB connection using SDT Connector select the gateway and click Out Of Band The stat...

Страница 119: ...l OpenSSH http www openssh org OpenSSH Windows http sshwindows sourceforge net download 3 Upload the public part of your SSH key pair this file is named id_rsa pub or id_dsa pub to the SSH gateway or...

Страница 120: ...to Windows XP and later computers and to Windows 2000 Terminal Servers and to have access to all of the applications files and network resources with full graphical interface as though they were in f...

Страница 121: ...ote client PC and point it to the SDT Secure Tunnel port in the console server 5 9 SDT SSH Tunnel for VNC Users can securely access and control Windows Linux Macintosh Solaris and UNIX computers with...

Страница 122: ...al in connection and the VNC Host computer is serially connected to the console server enter the IP address of the console server unit with the TCP port that the SDT tunnel uses The TCP port is 7900 p...

Страница 123: ...This step is only necessary for serially connected computers First physically connect the COM port on the host computer that is to be accessed to the serial port on the console server Next For non Wi...

Страница 124: ...on the Windows computer should be configured to its maximum baud rate Click Next 5 On the Incoming VPN Connection Options screen select Do not allow virtual private connections and click Next 6 Specif...

Страница 125: ...s user permission to use the advance connection to access the Windows computer The console server default Username is portXX where XX is the serial port number on the console server The default Passwo...

Страница 126: ...ode which enables port forwarding and SSH tunneling and enter a Username and User Password If you leave the Username and User Password fields blank they default to portXX and portXX where XX is the se...

Страница 127: ...r Internet or local VPN connections connections this is the public IP address of the console server 2 Select the SSH Protocol The Port is set to 22 3 Go to the SSH Tunnels menu and in Add new forwarde...

Страница 128: ...t the Client PC to the console server You are prompted for the Username Password for the console server user If you are connecting as a user in the users group you can only SSH tunnel to Hosts and Ser...

Страница 129: ...ed serial devices A log of all system activity is also maintained as is a history of the status of any attached environmental monitors Some models can also log access and communications with network a...

Страница 130: ...r the time in seconds after resolution to delay before this Auto Response can be triggered again 4 Check Repeat Trigger Actions to continue to repeat trigger action sequences until the check is resolv...

Страница 131: ...to be configured as the trigger for this new Auto Response in the Auto Response Settings menu 6 2 1 Environmental Before configuring Environmental Checks as the trigger in Auto Response configure the...

Страница 132: ...ysteresis of 4 the trigger condition won t be resolved until the temp reading is below 45 C 6 Check Save Auto Response 6 2 2 Alarms and Digital Inputs Before configuring Alarms Digital Inputs checks i...

Страница 133: ...ntil the battery charge is above 25 6 Check Save Auto Response 6 2 4 UPS Status Before configuring UPS state checks in Auto Response you first must configure the attached UPS To use the alert state of...

Страница 134: ...t of a successful pattern match NOTE For devices with a cellular modem with GPS enabled the GPS is displayed as an additional port and can be monitored for trigger events 4 Check Save Auto Response 6...

Страница 135: ...New Action button 6 2 7 ICMP Ping To use a ping result as the Auto Response trigger event 1 Click on ICMP Ping as the Check Condition 2 Specify which Address to Ping i e IP address or DNS name to send...

Страница 136: ...c config which is writeable The default lldpd configuration file lldpd conf is stored in etc config It is not a safe location to store custom configuration details There are circumstances in which thi...

Страница 137: ...script 0 exit 7 fi touch etc config customscript 0 exit 1 See online FAQ for a sample web page html check and other script file templates 3 Enter the Script Executable file name e g etc config test sh...

Страница 138: ...g SMS command from a nominated caller can trigger an Auto Response 1 Click on SMS Command as the Check Condition 2 Specify which Phone Number in international format of the phone sending the SMS messa...

Страница 139: ...out of the CLI 3 Check Trigger on Authentication Error to trigger when a user fails to authenticate to the CLI This check is not resolvable so Resolve actions are not run 6 2 13 Web UI Log In Out Che...

Страница 140: ...Interface Ethernet Failover OOB Interface or Modem or VPN to monitor 3 Check what type of network interface Event to trigger on interface Down Starting Up or Stopping This check is not resolvable so...

Страница 141: ...onitor An optional Source MAC IP Address to monitor traffic from a host Data Limit threshold the Auto Response triggers when this is reached in the specified Time Period The Auto Response resolves if...

Страница 142: ...existing action click the Modify or Delete icon in the Scheduled Trigger Action table A message text can be sent with Email SMS and Nagios actions This configurable message can include selected values...

Страница 143: ...S alert can only be sent if there is an internal cellular modem 1 Click on Send SMS as the Add Trigger Action Enter a unique Action Name and set the Action Delay Time 2 Specify the Phone number that t...

Страница 144: ...Send Nagios Event 1 Click on Send Nagios Event as the Add Trigger Action Enter a unique Action Name and set the Action Delay Time 2 Edit the Nagios Event Message text to display on the Nagios status...

Страница 145: ...se with a defined trigger Check Condition click on Add Resolve Action e g Send Email or Run Custom Script to select the action type to take 6 5 Configure SMTP SMS SNMP and or Nagios service for alert...

Страница 146: ...bject Line for the email 7 Click Apply to activate SMTP 6 5 2 Send SMS alerts You can use email to SMS services to send SMS alert notifications to mobile devices Almost all mobile phone carriers provi...

Страница 147: ...only forward email to SMS when the email has been received from authorized senders 5 Enter a Username and Password as some SMS gateway service providers use SMTP servers which require authentication 6...

Страница 148: ...agement Protocol SNMP agent that resides on the console server to send SNMP trap alerts to an NMS management application 1 Select Alerts Logging SNMP 2 Select Primary SNMP Manager tab The Primary and...

Страница 149: ...hich devices and management stations running SNMP belong and defines where information is sent SNMP default communities are private for Write and public for Read 8 Configure SNMP v3 if required For SN...

Страница 150: ...on to work 9 Click Apply 6 5 4 Send Nagios Event alerts To notify the central Nagios server of Alerts NSCA must be enabled under System Nagios and Nagios must be enabled for each applicable host or po...

Страница 151: ...erial ports are to have activities recorded and to what level of data to log 1 Select Serial Network Serial Port and Edit the port to log 2 Specify the Logging Level of for each port as Level 0 Turns...

Страница 152: ...tions with network attached Hosts 1 For each Host when you set up the Permitted Services are authorized you also must set up the logging level for each service 2 Specify the logging level that for tha...

Страница 153: ...dor This generally runs on a remote Windows PC and you could configure the console server serial port to operate with a serial COM port redirector in the PC Network attached PDUs can be controlled wit...

Страница 154: ...specific RPC device If you select Connect Via for a Network RPC connection enter the Host Name Description that you set up for that connection as the Name and Description for the power device If you s...

Страница 155: ...ed PowerMan and Opengear s power manager 7 Enter the Username and Password used to login into the RPC These login credentials are not related the users and access privileges you configured in Serial N...

Страница 156: ...erver will configure the RPC with the number of outlets specified in the selected RPC Type or will query the RPC for this information NOTE Opengear s console servers support the majority of the popula...

Страница 157: ...s Select the Manage Power and the particular Target power device to be controlled and the Outlet to be controlled if the RPC supports outlet level control The outlet status is displayed Initiate the d...

Страница 158: ...u to the Manage Power screen 7 2 Uninterruptible Power Supply UPS Control All Opengear console servers can be configured to manage locally and remotely connected UPS hardware using Network UPS Tools N...

Страница 159: ...wn in event of low UPS battery The console server may or may not be drawing power itself through the Managed UPS When the UPS s battery power reaches critical the console server signals and waits for...

Страница 160: ...clicking Apply No such configuration is required for USB connected UPS hardware 3 Select the Serial Network UPS Connections menu The Managed UPSes section will display all the UPS connections that hav...

Страница 161: ...S or Shut down all Managed UPSes or Run until failure NOTE The shutdown script etc scripts ups shutdown can be customized so in the event of a critical power failure when the UPS battery runs out you...

Страница 162: ...at is connected as a managed device to some remote console server which is being monitored but not managed by your console server The upsc and upslog clients in the Opengear console server can configu...

Страница 163: ...ging their UPS This will set the conditions that will be used to initiate a power down of the computer Non critical servers may be powered down some second after the UPS starts running on battery wher...

Страница 164: ...lect UPS System appears 3 Click on any particular All Data for any UPS System in the table for more status and configuration information on the select UPS System 4 Select UPS Logs The log table of the...

Страница 165: ...NUT You can find full documentation at http www networkupstools org documentation NUT is built on a networked model with a layered scheme of drivers server and clients The driver programs talk to the...

Страница 166: ...o Powerman open source software from Livermore Labs that also is embedded in Opengear console servers These NUT clients and servers all are embedded in each Opengear console server with a Management C...

Страница 167: ...ration sensors or open door sensors Using the Management Console administrators can view the ambient temperature in C or F and humidity percentage and configure alerts to monitor the status and sensor...

Страница 168: ...to each EMD The EMD can only be used with an Opengear console server and cannot be connected to standard RS232 serial ports on other appliances 1 Select Environmental as the Device Type in the Serial...

Страница 169: ...en close status sensors into the SENSOR or DIO terminals on the green connector block 3 When configured as Inputs the SENSOR and DIO ports are notionally attached to the internal EMD Go to the Serial...

Страница 170: ...onmental menu This will display any external EMDs or any internal EMD i e sensors that may be attached to an ACM that have already been configured 2 To add a new EMD click Add and configure an externa...

Страница 171: ...us 4 Provide Labels for each of the alarm sensors e g Door Open or Smoke Alarm 5 Check Log Status and specify the Log Rate minutes between samples if you wish the status from this EMD to be logged The...

Страница 172: ...lect the Status Environmental Status menu and a table with the summary status of all connected EMD hardware will be displayed 2 Click on View Log or select the Environmental Logs menu A table and grap...

Страница 173: ...ystem I O Ports menu page The DIO1 and DIO2 pins are current limited by the chip to 20mA and accept 5V levels so they cannot drive a relay etc Alternately you can change the output states using the io...

Страница 174: ...ine state change For example to light a 12v LED using the high voltage outputs connect the positive leg of the LED to the 12v reference and the negative leg to output pin 4 Due to the way that the I O...

Страница 175: ...erver platform is a dedicated Linux computer and it embodies a myriad of popular and proven Linux software modules for networking secure access OpenSSH and communications OpenSSL and sophisticated use...

Страница 176: ...first falling back to local if remote fails TACACS RADIUS LDAP Kerberos Down Local Tries remote authentication first falling back to local if the remote authentication returns an error condition e g...

Страница 177: ...ve as an admin user There is a special case where a user with a priv lvl of 15 is also given access to all configured serial ports When the Ignore Privilege Level option is enabled i e checked in the...

Страница 178: ...server AD or OpenLDAP is straightforward as they both follow the common LDAP standards and protocols The harder part is configuring how to get the extra data about the users the groups they are in etc...

Страница 179: ...follows LDAP Username Attribute The LDAP attribute that corresponds to the login name of the user commonly sAMAccountName for Active Directory and uid for OpenLDAP LDAP Group Membership Attribute The...

Страница 180: ...Opengear device to only accept LDAP over SSL If LDAP over SSL fails only the root account will be able to log in to the console server o LDAP no SSL only this setting will configure the Opengear devi...

Страница 181: ...will only be able to access ports 1 and 2 Example 2 User Lynn is only defined on the TACACS server which says she has access to ports 5 and 6 When she attempts to log in a new user will be created for...

Страница 182: ...3 Edit the Radius user s file to include group information and restart the Radius server When using RADIUS authentication group names are provided to the console server using the Framed Filter Id attr...

Страница 183: ...d serial port access but limited console access Default groups available on the console server include admin for administrator access and users for general user access TomFraser AmandaJones FredWhite...

Страница 184: ...1 connected to the router and another group UPS_Admin with access to port 2 connected to the UPS Once LDAP is setup users that are members of each group will have the appropriate permissions to acces...

Страница 185: ...Click Apply 5 Ensure the LDAP service is operational and group names are correct within the Active Directory NOTE When you are using remote groups with LDAP remote auth you need to have corresponding...

Страница 186: ...e provided to the console server using the groupname custom attribute of the raccess service An example Linux tac plus config snippet might look like user myuser service raccess groupname users groupn...

Страница 187: ...er expire 8 1 11 Kerberos authentication The Kerberos authentication can be used with UNIX and Windows Active Directory Kerberos servers This form of authentication does not provide group information...

Страница 188: ...for remote authentication RADIUS pam_radius_auth http www freeradius org pam_radius_auth TACACS pam_tacplus http echelon pl pubs pam_tacplus html LDAP pam_ldap http www padl com OSS pam_ldap html Fur...

Страница 189: ...connected user During the connection establishment the console server has to expose its identity to the user s browser using a cryptographic certificate The default certificate that comes with the con...

Страница 190: ...differ the browser will pop up a security warning when the console server is accessed using HTTPS Organizational Unit This field is used for specifying to which department within an organization the c...

Страница 191: ...ersions will give warnings if this is not done 2 Once this is done click on the button Generate CSR which will initiate the Certificate Signing Request generation The CSR can be downloaded to your adm...

Страница 192: ...DOR Opengear ATTRIBUTE Opengear MappedGroups 1 string END VENDOR Opengear Edit etc freeradius VERSION dictionary to include that file INCLUDE dictionary opengear Add the following update reply block t...

Страница 193: ...e console server gateways in a distributed monitoring server capacity only If this case and you are already familiar with Nagios skip ahead to section 9 3 9 1 Nagios Overview Nagios provides central m...

Страница 194: ...e hosts Each of the Serial Ports and each of the Hosts connected to the console server which are to be monitored must have Nagios enabled and any specific Nagios checks configured Lastly the central u...

Страница 195: ...bling NRPE allows you to execute plug ins such as check_tcp and check_ping on the remote Console server to monitor serial or network attached remote servers This will offload CPU load from the upstrea...

Страница 196: ...own list and enter a Secret password and specify a check Interval 3 See the sample Nagios configuration section below for some examples of configuring specific NSCA checks 9 2 4 Configure selected Ser...

Страница 197: ...e monitored must also be configured for Nagios checks 1 Select Serial Network Network Port and click Edit on the Network Host to be monitored 2 Select Enable Nagios specify the name of the device as i...

Страница 198: ...documentation http www nagios org documentation for configuring the upstream server The section entitled Distributed Monitoring steps through what you need to do to configure NSCA on the upstream ser...

Страница 199: ...gear Console server define host use generic host host_name opengear alias Console server address 192 168 254 147 Managed Host define host use generic host host_name server alias server address 192 168...

Страница 200: ...efine service service_description Port Log host_name server use generic service check_command check_port_log define service service_description port log server host_name server use generic service che...

Страница 201: ...mmand_name check_conn_via_opengear command_line USER1 check_nrpe H 192 168 254 147 p 5666 c host_ HOSTNAME _ ARG1 _ ARG2 define service service_description SSH Port host_name server use generic servic...

Страница 202: ...e is used to execute arbitrary plug ins in other devices Each console server is preconfigured with two checks check_serial_signals is used to monitor the handshaking lines on the serial ports check_po...

Страница 203: ...the plug in in a Perl script it must be rewritten as the console server does not support Perl However if you do require Perl support make a feature request to support opengear com Individual compiled...

Страница 204: ...rity When the console server submits NSCA results it staggers them over a certain time period e g 20 checks over 10 minutes will result in two check results every minute Staggering the results like th...

Страница 205: ...o be configured to service NRPE commands to perform checks on demand In this situation the console server will perform checks based on both serial and network access Remote site with restrictive firew...

Страница 206: ...e with no network access In this scenario the console server allows dial in access for the Nagios server Periodically the Nagios server establishes a connection to the console server and execute any N...

Страница 207: ...en you switch OFF power from the console server and switch the power back ON However if you cycle the power and the unit is writing to flash you could corrupt or lose data so the software reboot is th...

Страница 208: ...re to return to the Management Console Your Opengear device will have retained all its pre upgrade configuration information 10 3 Configure Date and Time It is important to set the local Date and Time...

Страница 209: ...once Internet connection has been established 1 Select the Enable NTP checkbox in the Network Time Protocol section of the System Date Time page 2 Enter the IP address of the remote NTP Server 3 If yo...

Страница 210: ...d date to be maintained across reboots or when the appliance has been powered down for longer periods of time NOTE With the NTP peering model the Opengear appliance can share its time information with...

Страница 211: ...al USB flash drive installed To backup and restore using USB 1 Ensure the USB flash is the only USB device attached to the console server 2 Select the Local Backup tab and click here to proceed This w...

Страница 212: ...G_DEFAULT o Insert this USB storage device into an external USB port on the console server and reset to factory defaults as per section 10 1 After recovering your console server ensure the problematic...

Страница 213: ...Connector access to all services on the console servers will use the embedded FIPS compliant cryptographic module To connect you must also be using cryptographic algorithms that are FIPs approved in...

Страница 214: ...Access Administrators can also see the current status of users who have active sessions on those ports Select the Status Active Users The Status Active Users menu enables administrators to selectively...

Страница 215: ...sers and all connected ports that allow the user to choose who do disconnect If you wish to disconnect the user tester from all ports choose tester in the user s box and All ports in the Ports box and...

Страница 216: ...a record of all system messages and errors select Status Syslog 11 4 1 Global System Logging The Global System Logging setting lets you specify the level of detail of the timestamp and domain name in...

Страница 217: ...to 10 seconds emit syslog PSU xxx power down When both PSU 1 and 2 are on the syslog reports it For example 14 May 7 16 57 37 psmon 2508 INFO psmon Internal Voltage PSU 1 status OPERATIONAL value 12...

Страница 218: ...can reconfigure the default dashboard The Status Dashboard screen is the first screen displayed when admin users other than root log into the console manager If you log in as John are in the admin gro...

Страница 219: ...a new screen that shows the current alerts status When an alert gets triggered a corresponding XML file is created in var run alerts The dashboard scans all these files and displays a summary status...

Страница 220: ...he dashboard choose widget name sh in the drop down list The dashboard will run the script and display the output of the script commands on the screen inside the widget The best way to format the outp...

Страница 221: ...or click the Manage Devices icon in the top right of the UI Admin group users are presented with a list of all configured managed devices and their constituent connections user group users only see th...

Страница 222: ...r The Web Terminal service uses AJAX to enable the web browser to connect to the console server using HTTP or HTTPS as a terminal without the need for additional client installation on the user s PC T...

Страница 223: ...rminal service for each serial port you want to access 1 Select Serial Network Serial Port and click Edit Ensure the serial port is in Console server Mode 2 Check Web Terminal and click Apply 12 3 2 S...

Страница 224: ...to the command line or serial port using SSH NOTE SDT Connector must be installed on the computer you are browsing from and the console server must be added as a gateway 12 4 Power Management Users ca...

Страница 225: ...88F6W11 ACM7000 800MHz ARM SoC Marvell 88F6W11 Others Micrel KS8695P controller Memory ACM7004 ACM7004 2 L V A R MA MV MCR MCT 254MB SDRAM 256MB 4GB Flash IM7216 32 48 256MB SDRAM 64MB 16 GB Flash CM...

Страница 226: ...AWS 1700 2100 MHz 850 MHz 900 MHz Cellular 800 MHz PCS 1900 MHz Secondary 800 MHz Infrastructure Manager IM7200 Cellular Modem LTE UMTS HSDPA HSUPA HSPA CDMA GSM EGSM DCS PCS IM72xx 2 LR Sierra MC730...

Страница 227: ...ns 1 This device may not cause harmful interference and 2 this device must accept any interference that may cause undesired operation WEEE Statement The symbol on the product or its packaging indicate...

Страница 228: ...CM7000 models have Cisco Straight serial pinouts on its RJ45 connectors The IM7200 has software selectable Cisco Straight or Cisco Rolled RJ45 Cisco Straight RJ45 pinout option X2 Straight through RJ...

Страница 229: ...Carrier Detect Input 8 DSR Data Set Ready Input Local Console Port Console servers with a dedicated LOCAL console modem port use a standard DB9 connector for this port To connect to the LOCAL modem c...

Страница 230: ...tector 9 Reserved for data set testing 10 Reserved for data set testing 11 Unassigned 12 SCF Secondary Rcvd Line Signal Detector 13 SCB Secondary Clear to Send 14 SBA Secondary Transmitted Data 15 DB...

Страница 231: ...and network appliances More detailed information can be found online at http www opengear com cabling html For Local Console connection These adapters connect the console server LOCAL Console port via...

Страница 232: ...Opengear classic pinout to Netscreen and Dell and OOB modem connection 319005 DB25F to RJ45 crossover DCE adapter Console server with Opengear classic pinout to Cisco 7200 AUX 440016 5ft Cat5 RJ 45 to...

Страница 233: ...n Protocol UDP 49 TACACS TACACS UDP 53 DNS UDP 67 BOOTP server UDP 68 BOOTP client UDP v69 TFTP UDP 70 Gopher TCP 79 Finger TCP 80 HTTP TCP 110 POP3 TCP 119 NNTP Network News Transfer Protocol TCP 161...

Страница 234: ...g or Failover is the ability to detect communication failure transparently and switch from one LAN connection to another BOOTP Bootstrap Protocol A protocol that allows a network user to automatically...

Страница 235: ...A network device that allows more than one computer to be connected as a LAN usually using UTP cabling Internet A worldwide system of computer networks a public cooperative and self sustaining networ...

Страница 236: ...nected to a dedicated management network that is not used to carry customer traffic or to a BMC service processor Any management done over the same channels and interfaces used for user customer data...

Страница 237: ...oller Access Control System TACACS security protocol is a more recent protocol developed by Cisco It provides detailed accounting information and flexible administrative control over the authenticatio...

Страница 238: ...lecommunication infrastructure and Internet to provide remote offices or individual users with secure access to their organization s network WAN Wide Area Network WINS Windows Internet Naming Service...

Страница 239: ...copies of the electronic documentation accompanying the Software for each Software license you acquire provided that you must reproduce and include all copyright notices and any other proprietary rig...

Страница 240: ...ill be uninterrupted or error free or that all defects in the Software will be corrected OPENGEAR DISCLAIMS ANY AND ALL OTHER WARRANTIES WHETHER EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION ANY IMP...

Страница 241: ...d by this License they are outside its scope The act of running the Program is not restricted and the output from the Program is covered only if its contents constitute a work based on the Program ind...

Страница 242: ...bove The source code for a work means the preferred form of the work for making modifications to it For an executable work complete source code means all the source code for all modules it contains pl...

Страница 243: ...se from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version numb...

Страница 244: ...import offer to sell and sell Utilize this software but solely to the extent that any such patent is necessary to Utilize the software alone or in combination with an operating system licensed under a...

Страница 245: ...if the serial number or seal or any part thereof has been altered defaced or removed If Opengear does not find the product to be defective the Purchaser will be invoiced for said inspection and testin...

Страница 246: ...15 of the Uniform Commercial Code Opengear waives the benefit of any rule that disclaimer of warranty shall be construed against Opengear and agrees that such disclaimers herein shall be construed lib...

Результаты поиска

Содержание ACM7000

Отзывы:

Похожие инструкции для ACM7000

Бренды по названию

Популярные бренды

Opengear ACM7000, Руководство пользователя

Результаты поиска

Содержание ACM7000

Отзывы:

Похожие инструкции для ACM7000

Бренды по названию

Популярные бренды