background image

C

HAPTER 

12:

 

C

OMMAND 

L

INE 

I

NTERFACE

 103 

 

 

 

 

 

Configuring Logging and Alerts

 

As part of the security capabilities of the Dominion SX, facilities are provided to log data and to 
provide alerts based on activities between the users, Dominion SX and the target device. These 
facilities provide an audit trail allowing the authority responsible to review what has happened in 
the system and determine who implemented what action and when.  
Among the facilities provides are event logging and SNMP traps. Events may be logged locally 
using Syslog. Local events are maintained in a 256K per port buffer and can be stored, reviewed, 
cleared or sent periodically to an FTP server. 

Configuring Users and Groups

 

Users and groups are related. Dominion SX allows the administrator to define groups with 
common permissions and attributes. They can then add users to the groups and each user takes o 
the attributes and permissions of that group. By enabling groups, the permissions for each user do 
not have to be configured reducing the time to configure users. 

Command Language Interface Permissions 

Administrators

 can execute all commands.  

Operators and Observers

 can only execute the following commands: 

 

Connect 

 

Help 

 

Listports 

 

Logout. 

 

Password 

Target Connections and the CLI  

The purpose of the Dominion SX unit is to let authorized users establish connections to various 
targeted devices using the connect command. Before connecting to a target the terminal 
emulation and escape sequence must be configured. When a target is disconnected, the 
appropriate disconnect message is displayed. The Dominion SX unit also provides the ability to 
share ports among users. 

Set Emulation on Target 

To set emulation on the target: 

 

Ensure that the encoding in use on the host matches the encoding configured for the 
target device. For example, if the character-set setting on a SUN Solaris server is set to 
ISO8859-1, the target device should also be set to ISO8859-1. 

 

Ensure that the terminal emulation on the target host connected to the Dominion SX 
serial port is set to VT100, VT220, VT320 or ANSI. 

On most UNIX systems, export TERM=vt100 (or vt220|vt320|ansi)” sets the preferred  terminal 
emulation type on the UNIX target device. For example, if the terminal type setting on a HP-UX 
server is set to VT100, the Access Client should also be set to VT100. 
The setting for terminal emulation on the Dominion SX unit is a property associated with the port 
settings for a particular target device. Ensure that the settings for terminal emulation in the client 
software, for example, Telnet or SSH client, are capable of supporting the target device. 

Содержание DOMINION SX -

Страница 1: ...Dominion SX User Guide Release 3 1 Copyright 2007 Raritan Inc DSX 0M E April 2007 255 60 2000 00...

Страница 2: ...This page intentionally left blank...

Страница 3: ...e FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy an...

Страница 4: ...ines In Raritan products that require rack mounting follow these precautions Operation temperature in a closed rack environment may be greater than room temperature Do not exceed the rated maximum amb...

Страница 5: ...Network Configuration 13 Deployment 14 LAN Connection 14 Modem Connection Optional 14 Chapter 4 Network Settings and Services 15 Configuring the Basic Network Settings 15 Give the DSX a Name 15 Config...

Страница 6: ...Handling 60 Strong Password Settings 61 Configure Kerberos 61 Certificates 61 Generate a Certificate Signing Request 62 Install a User Key 63 Install a User Certificate 63 SSL Client Certificate 64 En...

Страница 7: ...ine Interface Overview 91 Accessing the Dominion SX Using CLI 94 SSH Connection to the Dominion SX 94 SSH Access from a Windows PC 94 SSH Access from a UNIX Workstation 94 Telnet Connection to the Dom...

Страница 8: ...rts Config Command 118 Ports Keywordadd Command 120 Ports Keyworddelete Command 120 Configuring Services 120 dpa Command 121 Encryption Command 123 HTTP Command 123 HTTPS Command 124 Logout Command 12...

Страница 9: ...wer Associations 157 Create a Port Power Association 157 Delete a Port Power Association 158 Power Strip Configuration 158 Power Association Groups 159 Power Control 159 Associations Power Control 160...

Страница 10: ...Explorer 182 Installing a Third Party Root Certificate to Netscape Navigator 183 Generate a CSR for a Third Party CA to sign 183 Install Third Party Certificate to SX 183 Install Client Root Certific...

Страница 11: ...Panel 29 Figure 27 Port Keywords Screen 31 Figure 28 Port Configuration Screen 32 Figure 29 Edit Port Screen 33 Figure 30 Direct Port Access Mode Field 34 Figure 31 Port Access Screen 35 Figure 34 Ja...

Страница 12: ...78 Figure 89 Event Log 79 Figure 90 Send Event Log Screen 80 Figure 91 Backup Screen 81 Figure 92 Restore Screen 82 Figure 93 Firmware Version 83 Figure 94 Firmware Upgrade Screen 84 Figure 95 Firmwa...

Страница 13: ...122 Network Connection Type 198 Figure 123 Device Selection 198 Figure 124 Phone Number to Dial 199 Figure 125 Connection Availability 199 Figure 128 Network Connection Type 200 Figure 129 Device Sel...

Страница 14: ...le 21 Routeadd Command 116 Table 22 Routedelete Command 116 Table 23 NFS Command 117 Table 24 Port Configuration Command 118 Table 25 Port Keywordadd Command 120 Table 26 Port Keyworddelete Command 12...

Страница 15: ...X Specifications 167 Table 72 Dominion SX Dimensions and Weight 168 Table 73 Dominion SX Requirements 169 Table 74 Browser Requirements 169 Table 75 Connectivity 170 Table 76 Dominion SX RJ 45 Serial...

Страница 16: ...Line Interface CSC Common Socket Connection DPA Direct Port Access HTTP Hypertext Transfer protocol HTTPS HTTP Secure over SSL LAN Local Area Network LDAP Lightweight Directory Access Protocol LDAP S...

Страница 17: ...ual Private Network Notices Important cautionary information that warns of possible affects on the users corruption risks and actions that may affect warranty and service coverage Note general informa...

Страница 18: ...This page intentionally left blank...

Страница 19: ...SX Provides a non intrusive solution for managing network elements and does not require any installation of software agents on the target device Connects to any networking device servers firewalls loa...

Страница 20: ...ers Three Levels of User Access o Administrator Has read and write access to the console window can modify the configuration of unit o Operator Has read and write access to the console window cannot m...

Страница 21: ...ome units 1 Raritan Dominion SX User Guide CD ROM which contains the installation and operations information for the Dominion SX 1 Printed Dominion SX Quick Setup Guide 1 Power cord 1 Release Notes 1...

Страница 22: ...4 DOMINION SX USER GUIDE This page intentionally left blank...

Страница 23: ...y 5000 Username admin all lowercase Password raritan all lowercase Pre Installation Ensure that you have the correct cabling ready to connect to the serial consoles of the target server s or other ser...

Страница 24: ...Connect the male end of the external power cord to the power supply outlet 7 Power ON the Dominion SX unit Note The unit will perform a hardware and firmware self test then start the software boot seq...

Страница 25: ...ESS Example route add 192 168 0 192 15 128 122 12 UNIX including Sun Solaris system route add 192 168 0 192 CLIENT_HOST IP ADDRESS interface Example route add 192 168 0 192 15 128 122 12 interface 3 T...

Страница 26: ...Service Agreement Screen appears Figure 5 Restricted Service Agreement Screen Note Once you click Accept after login the Dominion SX prompts you to change the default password A Change Password screen...

Страница 27: ...IP address 192 168 0 192 2 To check the route table in Windows type the command route print in a Command window on the installation computer If 192 168 0 192 is on the gateway list proceed to step 3...

Страница 28: ...re group name is the name of the group and class type is Op for operator Ob for observer n1 n2 n3 is a list of port numbers this group has access to separated by comas and no spaces You could configur...

Страница 29: ...ee Chapter 12 Command Line Interface for CLI information Dominion SX Initial Software Configuration 1 Log on to the Dominion SX using your new password A Port Access screen appears according to your u...

Страница 30: ...ddress of a Network Time Protocol NTP server in the Primary Time Server If you have a backup NTP server enter its IP address in the Secondary Time Server field 4 Type the Interface Name in the Interfa...

Страница 31: ...here this unit will reside Gateway IP Gateway Default gateway for this unit 3 Select the Mode from the Mode drop down menu 4 Type the Domain Name in the Domain field 5 Type your Unit Name in the Unit...

Страница 32: ...connection LAN 2 4 Perform a quick connectivity check by connecting to the device using the Web browser 5 Enter https IPAddress in the address line where IPAddress is the IP address of the unit as pre...

Страница 33: ...and then click Network The Network Basic Settings and Ports screen appears Figure 12 Figure 12 Network Basic Settings and Ports Screen Give the DSX a Name To give the DSX unit a name to help identify...

Страница 34: ...the various network access services Service Default Setting HTTP Enabled The default port is 80 This can be changed HTTPS redirect is enabled by default If HTTPS is also enabled all HTTP requests are...

Страница 35: ...7 To change any of these network service settings 1 Click the Setup tab and then click Services The Network Service Settings screen appears Figure 13 Network Service Settings 2 Make any necessary chan...

Страница 36: ...efault is 10 0 0 2 5 If you want to enable modem dialback click the Enable Modem Dial Back checkbox 6 Click OK Modem access is enabled Configuring IP Forwarding and Static Routes You can enable IP for...

Страница 37: ...ace field On a DSX with two LAN interfaces select the one you want from the drop down menu In the Interface field LAN1 eth0 LAN2 eth1 4 Type the IP address subnet mask and gateway of the destination h...

Страница 38: ...en click Static Routes The Static Routes screen appears It consists of an Enable IP Forwarding panel and a Static Routes List 2 Go the Static Routes List and click the checkbox next to the route you w...

Страница 39: ...many other user profiles as necessary You can create individual user profiles for each person who will be logging into the DSX or you can create a limited number of profiles and allow more than one p...

Страница 40: ...ne number in the Dialback field This field is optional 6 Type any comments about the user profile in the Information field This field is to help you identify the profile It is optional 7 Type the pass...

Страница 41: ...ot displayed To change the profile s password type a new password in the Password and Confirm Password fields If you leave these fields as is the password is unchanged 5 Click OK when finished The use...

Страница 42: ...ck User Group List The Group List screen appears Figure 20 2 Click Add New User Group The New Group screen appears Figure 21 New Group Screen 3 Type a group name in the Group Name field You can enter...

Страница 43: ...ick the User Management tab and then click User Group List The Group List screen appears Figure 20 2 Click the Group Name of the group you want to edit The Edit Group screen appears It looks exactly l...

Страница 44: ...26 DOMINION SX USER GUIDE...

Страница 45: ...d out or the DSX because you can always be authenticated locally Configuring RADIUS You can use Remote Dial In User Service RADIUS to authenticate DSX users instead of local authentication To configur...

Страница 46: ...ses Secret 5 Type the root point to bind to the server in the Base DN field This is the same as Directory Manager DN for example BaseDn cn Directory Manager 6 Type a string in the Query field Make sur...

Страница 47: ...e Remote Authentication screen appears It contains a TACACS panel Figure 24 TACACS Panel 2 In the TACACS panel click the TACACS button to enable TACACS authentication 3 Under Primary TACACS type the I...

Страница 48: ...30 DOMINION SX USER GUIDE...

Страница 49: ...ort keywords work as a filter If a keyword is detected then and only then will a corresponding message be logged in a local NFS port log A corresponding event will be sent via SMTP if configured and c...

Страница 50: ...rt Configuration screen appears Figure 26 Port Configuration Screen 2 Select the port s you want to configure You can select one port or several ports so long as the port configurations are all the sa...

Страница 51: ...s is 9600 Select the Parity Bits from the Parity Bits drop down menu Select the Flow Control from the Flow Control drop down menu 4 In the Detect field indicate whether you want the Dominion SX to det...

Страница 52: ...Mode Field 2 Go to the Direct Port Access Mode field The default is Normal which means disabled To enable DPA select either IP or TCP Port from the drop down menu 3 Click OK to save this information...

Страница 53: ...erver from the drop down menu in the Class field 7 Select the ports for which you want anonymous port access in the Port Access field 8 Click OK Important The Dominion SX unit must be rebooted to appl...

Страница 54: ...y recommends that Java Applet Caching be disabled and that you perform the following steps to make sure that Java does not create problems for the system s memory Java Applets and Memory Consideration...

Страница 55: ...reases the default size to 2M Append the letter m or M to indicate megabytes and k or K to indicate kilobytes Xmx Size in bytes Sets the maximum size to which the Java heap can grow 64M The server fla...

Страница 56: ...that provide the user with the ability to Modify emulation settings such as fonts and window size Manage the history of the session Request Write Access to the port Get a Write Lock on the port Send...

Страница 57: ...e Timeout setting 2 Click on the Emulator drop down menu to display a list of topics Figure 32 Emulator Drop Down Menu IMPORTANT You must change the default user Idle Timeout setting on the Dominion S...

Страница 58: ...2 Accept the Main Menu Shortcut default of None or choose one of the following from the Main Menu Shortcut drop down menu F10 Alt 3 Accept the Show Confirmation Dialog on Exit default or uncheck it 4...

Страница 59: ...ings Then click Ok to close the Display Settings window however if you want to change the settings perform the following steps 3 Accept the Terminal Font Properties default of Arial or choose a font f...

Страница 60: ...ollowing from the Encoding drop down menu US ASCII ISO 8859 1 ISO 8859 15 UTF 8 9 Choose one of the following from the Language drop down menu English Bulgarian Japanese Korean Chinese 10 Click Ok to...

Страница 61: ...ong users working in the Raritan Serial Client via the Get Write Access command 10 To enable Write Access click Get Write Access on the Emulator menu You now have Write Access to the target device Whe...

Страница 62: ...sers to view the connected users on the Emulator menu Figure 37 Connected Users Window 11 A check mark appears in the Write Access column after the name of the User who has Write Access to the console...

Страница 63: ...r at the location where you want to paste the text 4 Click once to make that location active 5 Click Paste on the Edit menu Note Here are keyboard shortcuts that you can use to highlight copy and past...

Страница 64: ...46 DOMINION SX USER GUIDE Tools 1 Click on the Tools drop down menu to display a list of topics Figure 39 Tools Menu...

Страница 65: ...ar indicates whether logging is on or off 1 On the Tools menu click Start Logging 2 Choose an existing file or provide a new file name in the Save RSC Log dialog box When an existing file is selected...

Страница 66: ...og box it sends whatever file you selected directly to the port If there is a loopback plug inserted you see the file displayed If there is currently no target connected then nothing will be visible o...

Страница 67: ...al Console and release information about Raritan Serial Console Help Topics To Access Help Topics 1 Click Help Topics on the Help menu 2 Use the navigation bar on the right side of Table of Contents w...

Страница 68: ...nd then is connected The steps in this section install the standalone Raritan Serial Client RSC Standalone Raritan Serial Client Requirements The following requirements must be met to support the Rari...

Страница 69: ...led The path information will be used later Setting Windows OS Variables 1 Open the Start menu and then open the Control Panel and choose System 2 Go to Advanced and open Environment Variables Figure...

Страница 70: ...lick OK Figure 45 Windows OS New System Variable 6 Select the PATH variable and click Edit 7 Add JAVA_HOME bin to the end of the current Variable value Ensure a semicolon separates the new value from...

Страница 71: ...ows OS Edit System Variable 9 Select the CLASSPATH variable and click Edit Ensure the CLASSPATH Variable value is configured properly that is its value must have a period in it If for any reason there...

Страница 72: ...ER The currently installed version of Java Runtime Environment JRE appears If your path variable is not set to where the java binaries have been installed you may not be able to see the JRE version To...

Страница 73: ...ndows machine 2 Download or copy from a known location the RSC installer jar installation file 3 Double click on the executable file to start the installer program The splash screen appears 4 Click Ne...

Страница 74: ...esired Program Group for the Shortcut 9 Click Next The installation finished screen appears 10 Click Done Launching RSC on Windows Systems 1 Double click on the shortcut or use Start Programs to launc...

Страница 75: ...support please try changing the font to Courier New Go to Emulator Settings Display and select Courier New for Terminal Font Properties or GUI Font Properties Installing RSC for Sun Solaris You must...

Страница 76: ...n is complete The final screen indicates where you will find an uninstaller program and allows the option of generating an automatic installation script e Click Done to close the Installation window L...

Страница 77: ...In some cases this data is required for compliance with governmental or company regulations Encryption of port data log sent to a remote nfs server Security profile Man in the Middle The Security fun...

Страница 78: ...pt the system defaults or type your own Login Handling 1 Go to the Login Handling panel and enter a value in the User Idle Timeout minutes field This is the length of inactive time after which the use...

Страница 79: ...field or click on the Browse drop down menu and select your file 3 Type the name of the file you want for your Kerberos Configuration File in the Kerberos Configuration File field or click on the Bro...

Страница 80: ...e 56 Certificate Signing Request 2 Click the checkbox labeled Generate a Certificate Signing Request 3 Click on the drop down menu in the Bits field Keep the 1024 default or change it to 512 4 Type th...

Страница 81: ...labeled Install User Key 3 Type the following information in the corresponding fields The IP address of the host with the key A login and password on the host The path and name of the file containing...

Страница 82: ...e certificate 4 Click OK SSL Client Certificate SSL Security certificates are used in browser access to ensure that the device that you are attached to is the device that is authorized to be connected...

Страница 83: ...CHAPTER 8 SECURITY 65 Figure 59 SSL Client Certificate Screen...

Страница 84: ...n the CA Name field type the name of the CA you want to view 3 Click OK to retrieve the list of CAs Managing the Client Certificate Revocation List CRL The DSX comes with VeriSign and Thawte CA certif...

Страница 85: ...onsent banner that forces the user to accept the stated conditions prior to advancing into operation of the console server Figure 60 Banner Screen 1 Check one of the following fields Display Restricte...

Страница 86: ...ges If a profile is disabled the features in the profile keep the states they had when the profile was enabled For example if the default TLS Required feature is unchecked and you enable the Secure pr...

Страница 87: ...he Edit Custom Security Profile screen appears Figure 62 Edit Custom Security Profile Screen 3 Check one or all of the following fields Telnet Access Strong Password Required Single Login Per User Tim...

Страница 88: ...between LAN interfaces Add an IPTables Rule To add an IPTables rule 1 Click the Security tab and then click Firewall The Firewall Screen appears The firewall screen displays the default IPTables rules...

Страница 89: ...aximum file size is reached Your choices are Wrap This causes the log file to circle around to the beginning when the end of the file is reached Flat This causes logging to stop when the end of the fi...

Страница 90: ...Prefix field 3 Type the maximum file size allowed in the Size field Once this size is reached a new file is created to store the port log data If you enter a value of 0 the DSX will not create a new f...

Страница 91: ...Name No Name 1 Port1 U 2 Port2 U 3 Port3 U 4 Port4 U 5 Port5 U 6 Port6 U 7 Port7 U 8 Port8 U 9 Port9 U 10 Port10 U 11 Port11 U 12 Port12 U 13 Port13 U 14 Port14 U 15 Port15 U 16 Port16 U 17 Port17 U 1...

Страница 92: ...r this checkbox Figure 68 Input Port Logging Panel 2 Type a directory for input in the In Directory field 3 Click OK Configuring Encryption To configure encryption 1 Go to the Encryption panel and cli...

Страница 93: ...the Enable SMTP Server checkbox to enable SMTP logging Figure 70 SMTP Settings Panel 2 Type the IP address of the SMTP server in the SMTP Server IP Address field 3 Type the username and password in t...

Страница 94: ...so that the Dominion SX unit can send messages using that SMTP server To verify that the information is correct and working 1 Send a test email by selecting an event such as event amp notice port con...

Страница 95: ...NFS Settings Screen 2 Click the Enable NFS checkbox to enable NFS logging 3 Type the IP address of the NFS server in the Primary IP field and then enter the path to the log file in the Primary Directo...

Страница 96: ...ty determines which SNMP management stations receive SNMP alerts 4 Click OK Create a New SNMP Destination SNMP destinations determine which SNMP management stations receive SNMP traps To create a new...

Страница 97: ...log is displayed Figure 75 shows a typical event log Figure 75 Event Log Note If the number of events in the log exceeds the size of one screen a Next link is added under Event Log at the top of the s...

Страница 98: ...FTP server 4 Enter the path to the location where the event log will be stored in the Remote Path field 5 Enter the name of the file to store the event log in the Remote File field 6 Click Send Displ...

Страница 99: ...then click Backup The Backup screen appears Figure 77 Backup Screen 2 In the IP Address field type the IP address of the target FTP server where the backup will be written 3 In the Login field type th...

Страница 100: ...which the restore data will be retrieved 3 In the Login field type the login name of the account on the system where the restore data will be stored 4 In the Password field type the password of the ac...

Страница 101: ...s For example cert_pact tgz on the FTP server 4 Obtain a user account Optional if anonymous access to the FTP server is not supported The Firmware Upgrade feature allows you to upgrade the Dominion SX...

Страница 102: ...e the upgrade is initiated the upgrade status message indicates the progress of the upgrade The files are copied and the unit is reset You receive the following message Upgrade is Complete The unit is...

Страница 103: ...hange your mind click No Note In case you are not aware of the administrative password to log in the DSX GUI to perform a factory reset you may want to try resetting from the DSX hardware To do so ins...

Страница 104: ...86 DOMINION SX USER GUIDE...

Страница 105: ...ure 82 Diagnostics Screen Network Infrastructure Tools Network infrastructure tools allow you to view the status of the active network interfaces and important network statistics You can also perform...

Страница 106: ...system displays network statistics Figure 84 Network Statistics 2 By default all statistics are shown To show specific statistics select an entry from the drop down menu in the Options field Your choi...

Страница 107: ...Ping The screen displays the results of the ping Trace Route to Host Figure 86 Trace Route to Host 1 Click Trace Route to Host on the Diagnostics screen The Trace Route to Host screen appears 2 Type...

Страница 108: ...SX USER GUIDE Administrator Tools Process Status 1 Click Process Status in the Diagnostics Screen The screen displays the results of your request Figure 87 Process Status 2 Click Refresh to update the...

Страница 109: ...hes Firewalls Power strips Other user equipment The Dominion SX allows an Administrator or User to access control and manage multiple serial devices You can use the Command Line Interface CLI to confi...

Страница 110: ...dem events smtp add delete dialback dialin ethernetfailover interface ipforwarding name cleareventlog eventlogfile eventsyslog portlog sendeventlog vieweventlog nfs config keywordadd keyworddelete dpa...

Страница 111: ...re sendeventlog upgrade upgradehistory reboot cleareventlog upgradestatus vieweventlog ipmi writelock writeunlock port sub menu reached using escape key sequence ipmidiscover ipmitool password banner...

Страница 112: ...ault Use any SSH client that supports SSHv2 to connect to it Note For security reasons SSH V1 connections are not supported by the DSX Specific information about configuring particular SSH clients is...

Страница 113: ...g the following command admin Config Services telnet enable true port preferred port number 2 Reboot the system Browser GUI Enable Telnet access in the Setup Services menu Accessing the DSX Unit Once...

Страница 114: ...e Stop bits 1 Flow Control None Connection To make a local port connection 1 Open a HyperTerminal application or equivalent 2 Ensure the HyperTerminal is configured to communicate with the port that i...

Страница 115: ...Current Time Wed Sep 20 16 17 15 2006 admin Figure 88 Sample Administrator Login 5 login as Janet 6 Password 7 Authentication successful 8 Welcome to the DominionSX Model SX4 UnitName DominionSX Firmw...

Страница 116: ...ditional text to make the entry unique and the Tab key to complete the entry CLI Syntax Tips and Shortcuts Tips Commands are listed in alphabetical order Commands are not case sensitive Parameter name...

Страница 117: ...tp lpa ssh telnet snmp ntp users groups idletimeout events all Command Example The following command shows the general settings of the SX unit admin show Dominion SX4 64Mb Serial WACEA00008 Current ti...

Страница 118: ...ttings Date 2006 09 20 23 20 24 Timezone 13 Use the following steps to set the user date and time 1 admin Config Time timezonelist 2 admin Config Time clock tz 21 datetime 2006 09 23 13 22 33 Setting...

Страница 119: ...ory settings firmware System command to display the versions of the firmware help Display an overview of the CLI syntax history Display the current session s command line history http Enable http conn...

Страница 120: ...led by default SSH and HTTPS by definition support 128 bit encryption of the traffic between the two ends of the link To accept unencrypted connections the user must manually enable the HTTP and Telne...

Страница 121: ...rts Logout Password Target Connections and the CLI The purpose of the Dominion SX unit is to let authorized users establish connections to various targeted devices using the connect command Before con...

Страница 122: ...or Access Client users to share ports with other authenticated and authorized users regardless of whether they are Access Client users RSC or SSH Telnet users Port sharing is used for training or for...

Страница 123: ...es Dominion SX supports LDAP Active Directory TACACS and Kerberos The Dominion SX server also supports an additional level of security services that further enhance protection of the console server Th...

Страница 124: ...display the following message in the banner after login Error Cannot get group information The port display will show all ports because there is no way for the client to know which port limitations e...

Страница 125: ...in Config Authentication radius primarytacacs Configuring Events The events menu provides access to commands used to configure SMTP events and servers Table 7 Configuration Events Commands COMMAND OPT...

Страница 126: ...l log file in bytes style wrap flat Specifies what action to take when the maximum size is reached wrap will cause the log to circle around when end is reached flat will cause logging to stop when the...

Страница 127: ...he key NFS is notoriously insecure It can be accessed easily and the data misused With Dominion SX the administrator has the ability to encrypt the data stored on the NFS server Consequently if the da...

Страница 128: ...ds between two updates to the remote log file The default interval is 30 The max value is 99999 inputlog true false Enable Disable logging of user input data on the port Input implies data sent to the...

Страница 129: ...162 187 login acy password pasraritansword path sxlogfile file log 32 Vieweventlog Command The vieweventlog command displays the local log file The syntax of the vieweventlog command is vieweventfile...

Страница 130: ...is 129 should have the following settings User Settings Login Modem Name Dialback Info SX Dialback 129 Group Admin Active 1 Dialin and Dialback should be enabled on the device used for modem communic...

Страница 131: ...ary Server Enabled true IP Address 10 0 0 188 Port 389 Secret root Base DN cn root o bianor Base Search o bianor Auth Query String rciusergroup Dialback Query String telephoneNumber The Remote LDAP Se...

Страница 132: ...interface command is used to configure the Dominion SX network interface When the command is accepted the unit will automatically reboot and drop the connection You must then reconnect using the new...

Страница 133: ...are described in Table 17 Table 17 Ipforwarding Command COMMAND OPTION DESCRIPTION Ipforwarding Command Example The following command enables the IP Forwarding admin Config Network ipforwarding Name C...

Страница 134: ...k route Routeadd Command The routeadd command is used to add a route to the kernel routing table The syntax of the command is routeadd The command options are described in Table 21 Table 21 Routeadd C...

Страница 135: ...MMAND OPTION DESCRIPTION enable true false Enable or disable NFS logging primaryip primaryip IP address of the primary NFS server secondaryip secondaryip IP address of the secondary NFS server primary...

Страница 136: ...owcontrol none hw sw detect true false escapemode none control escapechar char emulation type exitstring cmd delay dpaip ipaddress telnet port ssh port The command options are described in Table 24 Ta...

Страница 137: ...chooses DPA mode IP The IP Address is assigned for direct port access using the following command admin Config Port config port 1 dpaip 10 0 13 240 Port 1 Configuration Saved DPA changes will not be a...

Страница 138: ...ification is sent upon detecting this keyword in the data coming from the target connected to the port The syntax of the keywordadd command is keywordadd The command options are described in Table 25...

Страница 139: ...and COMMAND OPTION DESCRIPTION mode IP TCPPort Per port Direct Port Access type mode IP access target port directly by unique IP Address via ssh telnet http https TCPPort access target port directly b...

Страница 140: ...Access Settings Enable 1 Group Settings Name Anonymous Class Observer Ports To configure Anonymous group settings go to config user menu and execute the following command admin Config User editgroup...

Страница 141: ...following example sets SSL encryption for HTTPS admin Config Services encryption prot SSL HTTP Command The http command is used to control http access and redirection and define the port The syntax of...

Страница 142: ...The lpa command is used to display and set the local port access configuration Dominion SX units have one or two local ports depending on the model Insert reference to App B for the pinouts for DB9 M...

Страница 143: ...port 4 The system displays this message after entering the preceding command The system will need to be rebooted for changes to take effect Telnet Command The syntax of the telnet command is telnet e...

Страница 144: ...scribed in Table 33 Table 33 SNMP Add Command COMMAND OPTION DESCRIPTION dest ipaddress SNMP destination IP address port value SNMP destination port SNMP Add Command Example admin Config SNMP add 72 2...

Страница 145: ...ck Command The clock command lets the administrator set the time and date for the server The syntax of the clock command is clock tz tz datetime datetime timezonelist The clock command options are des...

Страница 146: ...rimaryntpip The NTP server to use first secondaryntpip The NTP server to use if the primary is not available Command Example The following example enables NTP admin Config Time ntp enable true primary...

Страница 147: ...a specified user The syntax of the adduser command is adduser user loginname fullname user s fullname group name dialback phonenumber password password info user information active true false The add...

Страница 148: ...in Table 41 Table 41 Deleteuser Command COMMAND OPTION DESCRIPTION user loginname Login Name Required Deleteuser Command Example The following example shows how to delete a user admin Config User dele...

Страница 149: ...ame group name Group to associate with user dialback phonenumber Dialback phone number for this user password password User s password info user information Miscellaneous user information active true...

Страница 150: ...reak Send a break to the connected target writelock Lock write access to this port writeunlock Unlock write access to this port Diagnostics Commands The diagnostic commands provide a means to gather i...

Страница 151: ...tIP endIP All discovered targets supporting IPMI version 2 0 will be listed allowing the user to select one and execute the IPMI operations The command options are described in Table 46 Table 46 IPMID...

Страница 152: ...address Remote server address can be IP address or hostname This option is required for lan and lanplus interfaces p port Remote server UDP port to connect to Default is 623 U username Remote server u...

Страница 153: ...er Configure Management Controller users channel Configure Management Controller channels session Print session information firewall Configure firmware firewall IPMIv2 0 sunoem OEM Commands for Sun se...

Страница 154: ...es are truncated to 22 characters with a sign at the end The letter after the port name describes the state of each port A Active B Busy D Down U Up Maintenance Commands The maintenance commands are u...

Страница 155: ...he path to the backup file file FILE Specifies the name of the file in which the backup will be saved Backup Command Example In this example the console server data is sent to a system at the IP addre...

Страница 156: ...es the versions of the firmware The syntax of the firmware command is firmware Firmware Command Example admin Maintenance firmware Version Information Firmware Version 3 0 0 1 15 Kernel Version 2 4 12...

Страница 157: ...he file to the Dominion SX server The syntax of the restore command is restore ip IP login LOGIN passwd PASSWD path PATH file FILE The restore command options are described in Table 49 Table 52 Restor...

Страница 158: ...nfig Log sendeventlog 72 236 162 187 login acy password pasraritansword path sxlogfile file log 32 Upgrade Command Note in order to perform an upgrade there should be a configured remote ftp server Th...

Страница 159: ...ged in their source IP Addresses and any ports to which they are connected The syntax of the userlist command is userlist Vieweventlog Command The vieweventlog command displays the local log file The...

Страница 160: ...ommand The ftpgetbanner command directs the DSX to go to this site to retrieve the welcome banner because the welcome banner and the audit statement are maintained on an external FTP site The syntax o...

Страница 161: ...er Certificate addcrl Install a CA s CRL clientcert Activate Client Side Certificate Verification delete Remove Client CA Certificate deletecrl Remove Client CA s CRL viewcacert View Client CA Certifi...

Страница 162: ...r IPv4 packet filtering and Network Address Translation NAT The iptables command provides an interface to the linux iptables The command parameters and options are the same as the linux system command...

Страница 163: ...ewall iptables A INPUT t filter j DROP s 192 168 1 100 Logging a message when IP Address connects To send a syslog message when an IP Address connects to the SX admin Security firewall iptables A INPU...

Страница 164: ...a k a private secret key cryptography can be achieved in the CLI and GUI of the DSX for remote user authentication See the MIT Kerberos website for information about Kerberos KDC Kadmind client machi...

Страница 165: ...ation Kerberos Command Example 1 admin Security Kerberos getkrbconfig ip 192 168 52 197 login vijay password vijayv path home vijay krb5 conf Success 2 kadmin addprinc host dsx 182 domain com REALM ka...

Страница 166: ...dloginretries Command The invalidloginretries command specifies the number of failed invalid login attempts before the account is deactivated The syntax of the invalidloginretries command is invalidlo...

Страница 167: ...admin Security LoginSettings singleloginperuser enable true Strongpassword Command The Dominion SX server supports both standard and strong passwords Standard passwords have no rules associated with...

Страница 168: ...allow to be repeated after 5 passwords have been set Until then there will be no repeats allowed Passwords must be at least 8 and not more than 16 characters admin Security LoginSettings strongpasswor...

Страница 169: ...rofiledata name Standard Secure Custom telnet true false strongpass true false timeout true false single true false redirect true false tls_required true false The profiledata command options are desc...

Страница 170: ...152 DOMINION SX USER GUIDE...

Страница 171: ...s To discover IPMI servers on the network 1 Click the IPMI tab and then click Discover IPMI Devices The Discover IPMI Devices screen appears Figure 91 Discover IPMI Devices Screen 2 You can leave the...

Страница 172: ...ostname Remote host name for LAN interface p port Remote RMCP port default 623 U username Remote session username f file Read remote session password from file S sdr Use local file for remote SDR cach...

Страница 173: ...ent Filtering PEF sol Configure and connect IPMIv2 0 Serial over LAN tsol Configure and connect with Tyan IPMIv1 5 Serial over LAN isol Configure IPMIv1 5 Serial over LAN user Configure Management Con...

Страница 174: ...156 DOMINION SX USER GUIDE...

Страница 175: ...ip connected to the DSX to specific DSX ports Create a Port Power Association To create a port power association 1 Click the Setup tab and then click Port Power Association List 2 Click Add The Port P...

Страница 176: ...Association list 4 Click Delete Power Strip Configuration To configure a power strip 1 Click the Setup tab and then click Power Strip Configuration 2 Click Add The Power Strip Configuration screen ap...

Страница 177: ...dd The Power Association Groups screen appears Figure 95 Power Association Group Screen 3 Type a name and description in the Group Name and Description fields 4 Select the number of outlets from the d...

Страница 178: ...to the configured sequential interval resulting in an operational delay time minimum amount of time to operate If power cycle is selected all associated outlets will be powered off sequentially and th...

Страница 179: ...CHAPTER 14 POWER CONTROL 161 Power Strip Power Control Click Power Strip Power Control on the Power Control menu to access the tool to manage power strips Figure 98 Power Strip Power Control...

Страница 180: ...162 DOMINION SX USER GUIDE Power Strip Status Click Power Strip Status on the Power Control menu to check power strip status Figure 99 Power Strip Status...

Страница 181: ...y to make sure Maintenance Firmware Upgrade History 6 Refer to Upgrading the DSX Firmware section in Chapter 10 for details Case 2 Configuring and Using Direct Port Access via SSH 1 Purpose To allow u...

Страница 182: ...SX port connected to the dual powered server device that you wish to associate outlets with from the drop down menu of Port and enter a description for it such as Internal Web Server Pronto see Port...

Страница 183: ...or details Case 8 Accessing Port Access on DSX via RSC 1 Purpose To access a DSX serial target through Raritan Serial Client RSC 2 Log in SX via a web browser with your login username and password suc...

Страница 184: ...ol and closed bracket key h To exit the target serial console session enter the letter q to quit You will be re directed back to the SX console and the port serial console session is now closed 3 SSH...

Страница 185: ...ODEM LOCAL PORTS ETHERNET PORTS POWER SUPPLY DSX4 4 No 2 1 Single AC DSXB 4 M 4 Yes 1 1 Single AC DSXB 4 DC 4 Yes 2 1 Single DC DSXB 4 DCM 4 Yes 1 1 Single DC DSX8 8 No 1 1 Single AC DSXA 8 8 Yes 1 1...

Страница 186: ...x 44mm 5 00 lbs 2 25kg DSX16 11 34 x 10 7 x 1 75 288 x 270 x 44mm 9 61 lbs 4 35kg DSXA 16 17 32 x 11 41 x 1 75 440 x 290 x 44mm 8 20 lbs 3 69kg DSXA 16 DC 17 32 x 11 41 x 1 75 440 x 290 x 44mm 7 8lbs...

Страница 187: ...Port many models Integrated 56K V 92 RJ11 port Protocols Optional TCP IP RADIUS SNMP SMTP PAP TACACS NFS HTTP HTTPS SSL SSH PPP NTP LDAP LDAP S and KerberosV5 Browser Requirements Supported The follow...

Страница 188: ...connecting a terminal port RJ 45 Connector type of Dominion SX 48 models that have this connector to another Dominion SX Cisco Router DB25F ASCSDB25M adapter and a CAT 5 cable Hewlett Packard UNIX Se...

Страница 189: ...ons The following tables list the RJ 45 pinouts for the RJ 45 connector which is on the back of the DSX Table 76 Dominion SX RJ 45 Serial Pinouts and Signals RJ 45 PIN SIGNAL 1 RTS 2 DTR 3 TxD 4 GND 5...

Страница 190: ...8 4 DB25M Nulling Serial Adapter Pinouts Table 80 DB25M Nulling Serial Adapter Pinouts RJ 45 FEMALE DB25 MALE 1 5 2 6 8 3 3 4 1 5 7 6 2 7 20 8 4 Dominion SX Terminal Ports All Dominion SX models exce...

Страница 191: ...disabled by default Models with two terminal ports support an external modem on only the port with the RI signal On models with only one serial port a modem is built in The externally accessible seria...

Страница 192: ...ation about the Dominion SX16 and SX32 Terminal Ports Pins 1 and 9 are used to factory reset units shipped after August 2004 Units shipped prior to August 2004 have the DB9M port labeled RESERVED not...

Страница 193: ...255 255 255 0 CSC Port Address TCP 5000 Port address for CC discovery UDP 5000 Factory default username admin Factory default password raritan GENERAL SETTINGS Direct Port Access DPA Normal Mode Off T...

Страница 194: ...TCP port 23 needs to be open Both RADIUS TCP port 1812 needs to be open Outgoing LDAP Port 389 needs to be open Outgoing SNMP Port 162 needs to be open Outgoing TACACS Port 49 needs to be open Outgoin...

Страница 195: ...certificates can be added into a browser as Trusted CA Default SX Certificate Authority Settings The Server Certificate generated in the Dominion SX unit must be installed in the browser in order for...

Страница 196: ...178 DOMINION SX USER GUIDE Install the Dominion SX Server Certificate section that follows...

Страница 197: ...or cancel the viewing of the certificate Select save and add the file extension cer e g CA_ROOT cer 6 Open the CA_ROOT cer file by double clicking on it This will open the certificate 7 Click on the...

Страница 198: ...certificate to be deleted The Certificate will normally be installed in the Other People tab and will be identified by the name which should be the IP address of the Dominion SX 4 Click Remove A mess...

Страница 199: ...Netscape Navigator 1 Launch Netscape Navigator and connect to the IP address of the Dominion SX unit The Web Site Certified by an Unknown Authority window appears 2 Select Accept this certificate per...

Страница 200: ...CA that provided you with a certificate will have a root certificate available for download Root certificates are available on the CA web site click on the links to download Some of the popular CAs a...

Страница 201: ...e as the certificate you are trying to install 10 Click Delete and then click OK 11 Return to the CA s Web site and try to download the root certificate again and follow steps 1 through 5 again Genera...

Страница 202: ...rtificate of the CA that signed the Client Certificates must be installed on the SX unit with the following steps 1 Retrieve CA s Root certificate used to sign the client certificates and place it on...

Страница 203: ...APPENDIX C CERTIFICATES 185...

Страница 204: ...186 DOMINION SX USER GUIDE...

Страница 205: ...tallation Note If the IAS setup already exists these instructions may not apply exactly as shown Enable IAS on the Server 1 On the IAS server go to the Control Panel and launch Add or Remove Programs...

Страница 206: ...ck Next The Profile dialog appears 9 Click the Edit Profile button 10 Select the Authentication tab Remove other checkmarks and add a checkmark to enable Unencrypted authentication PAP SPAP Note This...

Страница 207: ...he User Management tab on DSX screen 2 Go to the Configuration section 3 Select the User Group List 4 Click on Add New User Group You can define port access and user class operator or observer This us...

Страница 208: ...an G Admin D 1234567890 if using dial back feature where 1234567890 is the phone number for dial back The value Raritan G Admin must match with the local group on the Dominion SX unit The Dominion SX...

Страница 209: ...s the user group name that matches with local group on Dominion SX Group name specified for this attribute on TACACS Must exactly case sensitive match with group name on Dominion SX unit or else authe...

Страница 210: ...NION SX USER GUIDE 2 Select Interface Configuration Figure 101 Cisco ACS Interface Configuration 3 Select TACACS Cisco IOS 4 Add dominionsx service under the heading New Services Figure 102 TACACS Pro...

Страница 211: ...Custom Attributes check boxes Add the attributes user type and the appropriate values to the text box Note The value for the user group attribute is case sensitive so ensure that it matches exactly t...

Страница 212: ...194 DOMINION SX USER GUIDE...

Страница 213: ...ine PPP network as the Dominion SX After the dial up connection is established connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP Modem installation guidelines ar...

Страница 214: ...attached to the Dominion SX unit o Dial using Modem being used to connect to Dominion SX if there is no entry here there is no modem installed in your workstation 4 Click on the Security tab The Secu...

Страница 215: ...s 2000 Dial Up Networking Configuration 1 Select Start Programs Accessories Communications Network and Dial Up Connections 2 Double click on the Make New Connection icon when the Network and Dial Up C...

Страница 216: ...pe 5 Select the check box before the modem that you want to use to connect to the Dominion SX unit and then click Next Figure 108 Device Selection 6 Type the Area code and Phone number you wish to dia...

Страница 217: ...ty screen 2 Click Next Figure 110 Connection Availability The Network Connection has been created 3 Type the name of the Dial up connection 4 Click Finish 5 Click Dial to connect to the remote machine...

Страница 218: ...New Connection Wizard 2 Click Next and follow the steps in the New Connection Wizard to create custom dialup network profiles 3 Click the Connect to the Internet radio button and click Next Figure 111...

Страница 219: ...201 5 Click on the radio button before Connect using a dial up modem and click Next Figure 113 Internet Connection 6 Type a name to identify this particular connection in the ISP Name field and click...

Страница 220: ...the appropriate fields and retype the password to confirm it 9 Click on the checkbox before the appropriate option below the fields and click Next Figure 116 Internet Account Information 10 Click Fin...

Страница 221: ...perly connected to a network 3 Ping the unit from a computer on the same network to ensure that network communication with the unit occurs Should the ping fail contact your network administrator There...

Страница 222: ...ttp and 443 for https for the unit to operate through a firewall Contact your system administrator and request port 80 and 443 or other custom configured ports for access Login Failure Firewalls must...

Страница 223: ...t will not allow the user to log on until the unit receives the result of the authentication request from the RADIUS server Authentication may take up to 20 seconds Be patient and wait until either th...

Страница 224: ...not exist or if the contents of the file are not in the indicated places the File Not Found message will appear Verify that the upgrade package is in the correct directory and confirm the upgrade pat...

Страница 225: ...APPENDIX F TROUBLESHOOTING 207 255 60 2000 00...

Страница 226: ...a Rd Melbourne VIC3004 Australia Tel 61 3 9866 6887 Fax 61 3 9866 7706 Email sales au raritan com Web raritan com au Raritan Sydney Suite 1 Level 9 75 Miller Street North Sydney PO Box 591 North Sydne...

Отзывы: